CN109981293B - Member revocation processing method, device, equipment and storage medium - Google Patents

Member revocation processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN109981293B
CN109981293B CN201910243345.2A CN201910243345A CN109981293B CN 109981293 B CN109981293 B CN 109981293B CN 201910243345 A CN201910243345 A CN 201910243345A CN 109981293 B CN109981293 B CN 109981293B
Authority
CN
China
Prior art keywords
private key
random number
secret
effective
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910243345.2A
Other languages
Chinese (zh)
Other versions
CN109981293A (en
Inventor
程亚歌
胡明生
贾志娟
王利朋
崔文军
雷艳芳
张家蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Normal University
Original Assignee
Zhengzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Normal University filed Critical Zhengzhou Normal University
Priority to CN201910243345.2A priority Critical patent/CN109981293B/en
Publication of CN109981293A publication Critical patent/CN109981293A/en
Application granted granted Critical
Publication of CN109981293B publication Critical patent/CN109981293B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The member revocation processing method provided by the invention is based on a digital signature scheme, and generates the secret share of each member by using the historical private key and the random number of each member by each effective member in the control system, and each effective member generates a new private key by using other members and each secret share obtained by the effective member, so that the group public key and the group private key are still kept unchanged in the whole process when the member exits, the group public key and the group private key can be used for signature and verification, and the updating cost of the system is reduced; meanwhile, if the current private key is lost, the historical private key and the private key in the subsequent period cannot be obtained, so that the safety of the historical signature and the subsequent signature is also ensured. The invention also discloses a member revocation processing device, equipment and a readable storage medium, which have the beneficial effects.

Description

Member revocation processing method, device, equipment and storage medium
Technical Field
The present invention relates to the field of digital signature technologies, and in particular, to a member revocation processing method, apparatus, device, and readable storage medium.
Background
During the period of explosive development of the internet, network and information security become important factors for the development and stability of the current society. The network brings convenience to people, and meanwhile, the conditions of privacy disclosure and information tampering exist. This situation has prompted the rapid development of digital signature technology. The digital signature technology has a very important position in network platforms such as electronic contracts, electronic payments, electronic signatures and the like, and is widely applied to insurance, banks, governments, enterprises and public institutions and the like.
In order to ensure the flexibility of the system, member revocation may occur in the current digital signature system, and the member revocation needs to reconstruct the secret shares of other members, update the private keys thereof, and invalidate the secret shares and the private keys of the deleted members, so that all subsequent signatures cannot be participated. In the later updating and signing stage, other members do not accept the information distributed by the deleted member any more, and do not distribute the information for the deleted member any more.
The traditional member revocation processing mode is that the effective member in the system removes the share of the member to be withdrawn in a division calculation mode on the basis of the original private key to obtain a new private key of the effective member, and a group public key is obtained in the same way, so that the group public key is changed in the process, the group public key has periodicity, only the signature in the current period can be checked, but the subsequent signature cannot be normally checked, and the normal data check is influenced; meanwhile, the method has the advantages that the new private key is easy to decipher after the historical private key is lost, the safety is low, and the updating process cost is high.
Therefore, how to reduce the cost of system update and simultaneously guarantee the security of the signature is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a member revocation processing method, wherein a group public key and a group private key are not changed in the implementation process, so that the updating cost of a system is reduced, and the safety of a historical signature and the safety of a subsequent signature are ensured; another object of the present invention is to provide a member revocation processing apparatus, a device, and a readable storage medium, which have the above-mentioned advantageous effects.
In order to solve the above technical problem, the present invention provides a member revocation processing method, which is based on a digital signature scheme, and includes:
when the first member receives the revocation notice of the second member, determining a random number for each effective member; wherein the active member refers to a member of the system other than the second member;
acquiring a historical private key of each effective member in a neighboring period;
combining and calculating the random number corresponding to each effective member and the historical private key to obtain a combined value;
sending the merged value as a secret share to a corresponding system member;
after secret shares sent by the effective members are obtained, counting the secret shares to obtain a statistical result;
and taking the statistical result as a new private key for data signature.
Optionally, the determining a random number for each valid member includes:
determining three arbitrary numbers
Figure GDA0003649847360000021
q and p;
substituting the selected three random numbers into a random number calculation formula, and taking the obtained result as a random number determined by a member; wherein the random number formula is:
Figure GDA0003649847360000022
optionally, performing a merged calculation on the random number corresponding to each valid member and the history private key, including:
and summing the random number corresponding to each effective member with the historical private key.
Optionally, the member revocation processing method further includes:
distributing verification information corresponding to the secret share for each effective member, and broadcasting the verification information; wherein the verification information is generated from the corresponding secret shares;
correspondingly, sending the merged value as a secret share to a corresponding system member specifically includes: sending the secret share and the verification information to a corresponding system member;
before the counting secret shares, further comprising: after obtaining verification information and secret shares, verifying the correctness of the secret shares according to the verification information;
and when the secret shares are successfully verified, counting the secret shares.
Optionally, the allocating, to each valid member, verification information of the secret share includes:
and distributing the verification information of the corresponding secret share for each effective member according to an Asmuth-Bloom secret sharing calculation formula.
Optionally, performing data signing on the statistical result as a new private key, including:
and performing data threshold signature according to the new private key based on the Chinese remainder theorem.
The invention discloses a member revocation processing device, comprising:
the random number determining unit is used for determining a random number for each effective member when receiving the revocation notification of the second member; wherein the active member refers to a member of the system other than the second member;
a history private key obtaining unit, configured to obtain a history private key of each valid member in a neighboring period;
the merging unit is used for merging and calculating the random number corresponding to each effective member and the historical private key to obtain a merged value;
the member sending unit is used for sending the combined value serving as a secret share to a corresponding system member;
the secret share counting unit is used for counting the secret shares sent by the effective members to obtain a counting result;
and the data signature unit is used for performing data signature by taking the statistical result as a new private key.
Optionally, the random number determining unit includes:
an arbitrary number determination subunit for determining three arbitrary numbers
Figure GDA0003649847360000031
q and p;
the calculating subunit is used for substituting the selected three random numbers into a random number calculating formula, and taking the obtained result as the random number determined by the member; wherein the random number formula is:
Figure GDA0003649847360000032
the invention discloses a member revocation processing device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the member-based revocation processing method when executing the computer program.
The invention discloses a readable storage medium, on which a program is stored, which when executed by a processor implements the steps of the member revocation processing method.
The member revocation processing method provided by the invention has the advantages that the secret shares of each member are generated by each effective member in the control system by using the historical private key of each member and the random number, each effective member generates a new private key by using other members and each secret share obtained by the effective member, the whole process ensures that the group public key and the group private key are still kept unchanged when the member quits, and the group public key and the group private key can still be used for signature and verification, so that the updating cost of the system is reduced; meanwhile, if the current private key is lost, the historical private key and the private key in the subsequent period cannot be obtained, so that the safety of the historical signature and the subsequent signature is also ensured.
The invention also discloses a member revocation processing device, equipment and a readable storage medium, which have the beneficial effects and are not described again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a member revocation processing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system threshold signature process based on the chinese remainder theorem according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a member revocation processing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a member revocation processing apparatus according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a member revocation processing method, the method has no change in both the group public key and the group private key in the implementation process, thus reducing the updating cost of the system and ensuring the safety of the historical signature and the subsequent signature; another core of the present invention is to provide a member revocation-based processing apparatus, a device and a readable storage medium, which have the above-mentioned advantages.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
referring to fig. 1, fig. 1 is a flowchart of a member revocation processing method according to an embodiment of the present invention, where the method mainly includes the following steps:
and step s110, when the first member receives the revocation notice of the second member, determining a random number for each effective member.
Wherein the first member refers to any active member within the system. And active members refer to system members other than the second member, i.e., system members that have not been deleted. Suppose there is a member Q in the Tth cycle k Deciding to leave, the other n-1 members reconstruct their secret shares.
The revocation of the member follows that under the premise of keeping the group public key and the group private key unchanged, the secret shares of other members are reconstructed, the private key of the members is updated, the secret shares and the private key of the deleted members are invalid, and all the signatures cannot participate.
The manner of determining the random number is not limited herein, and reference may be made to an acquisition algorithm of the random number in the related art. Wherein, the determination of the random number for each effective member may specifically refer to the following two steps:
the method comprises the following steps: determining three arbitrary numbers
Figure GDA0003649847360000051
q and p;
step two: substituting the selected three random numbers into a random number calculation formula, and taking the obtained result as a random number determined by a member; wherein, the random number formula is:
Figure GDA0003649847360000052
the method for determining the random number can ensure the randomness of the data, thereby further ensuring the privacy of the private key and ensuring the reducibility of the random number.
And step s120, acquiring a historical private key of each effective member in the adjacent period.
It should be noted that, while receiving the member revocation notification, since a new private key needs to be determined for each member, the private key used by the received notification is used as the historical private key in the proximity cycle. The historical private keys in the adjacent period in this embodiment refer to the private keys in the period closest to the current period.
Step s120 and step s110 may be executed simultaneously, or the historical private key may be determined first and then the random number is determined, in this embodiment, the execution sequence of determining the historical private key and determining the random number is not limited, and only the random number is determined first and then the historical private key is determined as an example.
And step s130, merging and calculating the random number corresponding to each effective member and the historical private key to obtain a merged value.
And performing combined calculation on the generated random numbers corresponding to the members and the historical private keys, for example, when the first member refers to the member 1, and the effective members refer to the members 1, 2 and 3. The member 1 determines random numbers A, B and C for three effective members respectively, obtains the nearest private key of the member a, the adjacent private key of the member 2 b and the adjacent private key of the member 3C, and combines the A and the a to be used as the secret share calculated by the member 1 for the member; combining B and B as a secret share calculated by the member 1 as the member 2; c is merged with C as the secret share calculated by member 1 for member 3.
The combination algorithm of the random number and the historical private key is not limited herein, and may be, for example, summing, differencing, multiplying, and the like. The random number corresponding to each effective member and the historical private key can be summed and calculated, the operation process is simple, the digit is easy to control, and the calculation correctness of the system can be conveniently judged.
Step s140, sending the combined value as a secret share to the corresponding system member.
And the first member reserves the secret share obtained by self calculation, and sends the secret shares obtained by calculating other members to each member, so that each effective member can calculate the self private key according to the received secret share.
And step s150, after the secret shares sent by the effective members are obtained, counting the secret shares to obtain a counting result.
To this end, the private keys of the other n-1 members have been reconstructed, Q for the second member to be revoked k This process is no longer performed, its secret share fails, and a second member Q k Is deleted. And the group public key and the group private key are not changed in the updating process, so that the signature before updating is still valid.
And step s160, performing data signature by taking the statistical result as a new private key.
The secret shares sent by other members may be received at any time after the first member receives the revocation notification of the second member, but since the statistics of the secret shares of all valid members requires that the node calculates itself to obtain its share, the example of obtaining the secret shares of the first member by other members after calculating and sending the secret shares of the first member to all valid members is taken here, and other cases are not described herein again.
It should be noted that, in this embodiment, a process of performing digital signature processing according to a member private key is not limited, and reference may be specifically made to the description in the related art. Preferably, the data threshold signature can be performed according to the member private key based on the Chinese remainder theorem. As shown in fig. 2, a system threshold signature flow diagram based on the chinese remainder theorem is shown, without a trusted center, solving authoritative fraud and other behaviors of the trusted center, and designing a member joining and member quitting algorithm, so that the scheme has stronger practicability, regularly updates a private key, and ensures strong forward security of the system. The signature scheme based on the Chinese remainder theorem has smaller calculation amount, and the efficiency of the system is improved. Other digital signature schemes will not be described in detail herein, and reference can be made to the above description.
It should be noted that the member revocation processing method provided in this embodiment is based on a digital signature scheme, and is applicable to various member revocation scenarios in a digital signature scenario.
Based on the technical scheme, the member revocation processing method provided by the invention has the advantages that the secret shares of each member are generated by each effective member in the control system by using the historical private key and the random number of each member, each effective member generates a new private key by using other members and each secret share obtained by the effective member, the group public key and the group private key are still kept unchanged in the whole process when the member quits, the group public key and the group private key can still be used for signature and verification, and the updating cost of the system is reduced; meanwhile, if the current private key is lost, the historical private key and the private key in the subsequent period cannot be obtained, so that the safety of the historical signature and the subsequent signature is also ensured. The method can be applied to application scenes of electronic payment, electronic commerce, electronic signature and the like, and has certain application value to electronic government affairs of banks, insurance, governments, enterprises and public institutions and the like.
The second embodiment:
in the above embodiment, each member directly transmits the secret shares after generating the secret shares of each member, and in order to avoid secret leakage caused by illegal tampering of the secret shares before being received by the corresponding member and ensure the security of the private key, preferably, each node may further generate verification information of the secret shares and broadcast the verification information; correspondingly, sending the merged value as a secret share to the corresponding system member specifically includes: sending the secret share and the verification information to the corresponding system member; before counting secret shares, the method further comprises the following steps: after the verification information and the secret share are obtained, verifying the correctness of the secret share according to the verification information; and when the secret shares are successfully verified, counting the secret shares.
The verification information is generated according to the secret shares, after each member receives the secret shares sent by other members and the corresponding verification information, the safety of the secret shares is verified according to the verification information, if the verification is successful, the secret shares are indicated to be not tampered, if the verification is failed, the secret shares are indicated to be possibly tampered, and in order to guarantee the safety of the private key, the secret shares which are failed in verification are avoided as much as possible.
The process of generating the verification information of the secret share by each member may refer to the generation method of the verification information in the prior art, wherein, to implement the recovery after the verification information is lost, preferably, each member may assign the verification information of the corresponding secret share to each valid member according to the Asmuth-Bloom secret sharing calculation formula. Please refer to the description in the related art for the Asmuth-Bloom secret sharing scheme, which is not described herein again, and of course, other verification information generating methods may be used, which are not limited herein.
Example three:
in order to deepen understanding of the member revocation processing method provided by the present invention, in this embodiment, an introduction is introduced to an overall digital signature process, which mainly includes four parts, namely, generation of a signature, private key update, member joining, and member revocation, as shown in fig. 2, a dynamic threshold signature based on the chinese remainder theorem is adopted in the signature process in this embodiment, an Asmuth-Bloom secret sharing principle is adopted in private key update, and other ways may refer to the introduction in this embodiment.
Firstly, the method comprises the following steps: generating signatures
1. System initialization
Q={Q 1 ,Q 2 ,…,Q n Is a set of n members, p, q are two large prime numbers, satisfy
Figure GDA0003649847360000081
d={d 1 ,d 2 ,…,d n Is a set of strictly monotonically increasingA positive integer sequence, q and d satisfy the Asmuth-Bloom secret sharing scheme, t is a threshold value, a generator on a finite field GF (p) is g, a message to be signed is M,
Figure GDA0003649847360000082
is a minimum of t d i The product of (a) and (b), discloses n, t, g, p, q, D and D.
2. Generating secret shares:
member Q i Randomly selecting a sub-secret
Figure GDA0003649847360000083
And integer of
Figure GDA0003649847360000084
The following conditions are satisfied:
Figure GDA0003649847360000085
Figure GDA0003649847360000086
member Q i Secret shares are calculated for other members:
Figure GDA0003649847360000087
retention
Figure GDA0003649847360000088
Broadcasting
Figure GDA0003649847360000089
And will be
Figure GDA00036498473600000810
Is sent to Q j While Q is i Computing authentication information
Figure GDA00036498473600000811
And
Figure GDA00036498473600000812
Figure GDA00036498473600000813
Figure GDA00036498473600000814
Figure GDA00036498473600000815
and broadcast
Figure GDA00036498473600000816
3. Generating member private keys
Q j Receiving other t-1 sent secret shares
Figure GDA00036498473600000817
According to the message broadcast by it
Figure GDA00036498473600000818
Verifying the correctness of the received message to ensure that the information has not been tampered:
Figure GDA00036498473600000819
Figure GDA00036498473600000820
if the above two equations are true, then the received message is proven to be correct and not tampered, at which point Q j Calculating a personal private key:
Figure GDA0003649847360000091
at this time, member Q j The personal public key of (a) is:
Figure GDA0003649847360000092
4. generating a group key:
according to the sub-secret selected by each member
Figure GDA0003649847360000093
Generating a group key:
the group public key is:
Figure GDA0003649847360000094
the group private key is:
Figure GDA0003649847360000095
5. any t members collaborate to generate a signature. The partial signature is first generated by each member and then the signature of the composite message M is signed by the t partial signatures. First, each member Q i Selecting a random number x i ∈Z p And (3) calculating:
Figure GDA0003649847360000096
broadcast information
Figure GDA0003649847360000097
Second, when Q j Receive z i After that, calculate:
Figure GDA0003649847360000098
finally, each member Q i And (3) calculating:
Figure GDA0003649847360000099
6.Q i computing partial signatures
Figure GDA00036498473600000910
Figure GDA00036498473600000911
Then signing the t parts
Figure GDA00036498473600000912
To the signature composer.
7. After the signature synthesizer receives the partial signatures of the t members, synthesizing a signature R:
Figure GDA0003649847360000101
the signature of message M is (M, z, R).
8. Verifying signatures
When the verifier receives the signature (M, z, R) of the message M, it verifies whether the signature is valid according to the group public key PK. g is a radical of formula R ≡z M·z ·PKmodp。
If the equation holds, the signature (M, z, R) for message M is valid.
Second, updating private key
If the member private key is fixed once generated, an attacker can steal the member private key as long as enough time is available, and t member private keys are obtained until the signature is forged, which is called mobile attack. To prevent mobile attacks, members need to update their private keys periodically. The updating of the private key must ensure that the previous signature is still valid, and therefore it must be ensured that the updating process does not affect the group public key, i.e. the group public key does not change.
Private key updates ensure that even if an attacker gains time TThe member private key cannot obtain the private key at the moment of T-1 and cannot forge T + Private key at time 1. Even if knowing the private key of the member at the time T, an attacker cannot modify the previous signature and cannot forge the subsequent signature. Therefore, the updating of the private key can ensure that the scheme has strong forward security, effectively prevents the malicious attack of an attacker, and has higher security.
If the update period is T, the detailed update algorithm steps are as follows:
1. member Q i Randomly selecting integers
Figure GDA0003649847360000102
Initial conditions are met;
2. member Q i Calculating an update factor:
Figure GDA0003649847360000103
and will update the factor
Figure GDA0003649847360000104
To member Q j Broadcasting, broadcasting
Figure GDA0003649847360000105
3. Member Q i Computing authentication information
Figure GDA0003649847360000106
Figure GDA0003649847360000107
Figure GDA0003649847360000111
Figure GDA0003649847360000112
Broadcasting
Figure GDA0003649847360000113
4. Member Q j Receive Q i Transmitted information
Figure GDA0003649847360000114
And
Figure GDA0003649847360000115
according to the broadcast message
Figure GDA0003649847360000116
Verified by the following two equations
Figure GDA0003649847360000117
And
Figure GDA0003649847360000118
the correctness of (2):
Figure GDA0003649847360000119
Figure GDA00036498473600001110
5.Q j the private key in the period of T-2 is
Figure GDA00036498473600001111
The private key of the T period is:
Figure GDA00036498473600001112
the generated new private key is updated, and the signature and verification can still be carried out according to the signature process. The group public key is not changed in the updating process, so the signature before updating is still valid.
Third, the members join
When a new member is added, any t old members cooperate with each other to generate a pseudo private key and send the pseudo private key to the new member, and the new member calculates the private key after receiving t pseudo private keys. Suppose that there is a new member Q at a certain time n+1 Adding, wherein the algorithm of the adding process is as follows:
1. selection modulus d n+1
New member Q n+1 Choosing modulus d n+1 And discloses that it satisfies the Asmuth-Bloom secret sharing scheme.
2. A pseudo private key is computed.
Any t old members Q i Assisting newly joining member Q n+1 A pseudo private key is computed. Q i Randomly selecting t random numbers lambda ij ∈Z p (j=1,2,…,t),Q i Computing
Figure GDA00036498473600001113
And will be ij Is sent to Q j ,Q j Receive lambda ij λ 'is then calculated from the following equation' j
Figure GDA00036498473600001114
Then by each old member Q j Calculating a pseudo private key:
Figure GDA0003649847360000121
and is prepared from H' j Is sent to Q n+1
3. The new member computes its own private key.
When Q is n+1 Receipt of pseudo private key H 'from other t old members' i Then, calculating the private key of the user:
Figure GDA0003649847360000122
the group public key, the group private key and the private keys of other members are not changed in the process, so that the whole signature process is not influenced.
Fourth, member revocation
Suppose there is a member Q in the Tth cycle k Decide to leave, other n-1 members reconstruct their secret shares:
1. member Q i (i ≠ k) random selection
Figure GDA0003649847360000123
And computing secret shares for the other n-2 members
Figure GDA0003649847360000124
Figure GDA0003649847360000125
Retention
Figure GDA0003649847360000126
And will be
Figure GDA0003649847360000127
Is sent to Q j (j ≠ k), simulcast
Figure GDA0003649847360000128
And
Figure GDA0003649847360000129
2.Q i the information is calculated and verified. According to received secret shares sent by other members
Figure GDA00036498473600001210
And broadcast information
Figure GDA00036498473600001211
Q i The calculation verifies the correctness of the received information sent by other members.
Figure GDA00036498473600001212
Figure GDA00036498473600001213
Figure GDA00036498473600001214
And broadcast
Figure GDA00036498473600001215
3. The other members calculate their new private keys.
Q j Receive a
Figure GDA00036498473600001216
Posterior prior certificate
Figure GDA00036498473600001217
And
Figure GDA00036498473600001218
correctness with the corresponding secret share:
Figure GDA00036498473600001219
Figure GDA00036498473600001220
the verification mode can realize supervision on members, prevent the untrusted behavior among the members, verify whether the data is falsified or forged in the transmission process, ensure the credibility of the members and ensure the credibility of the data.
If the equation is true, Q j Recalculating its new private key:
Figure GDA0003649847360000131
the overall signature scheme provided by the embodiment ensures that the group public key and the group private key are still unchanged when the member exits without a trusted center, and can be used for signature and verification, thereby reducing the updating cost of the system. Private key updates ensure the security of the historical signatures and subsequent signatures.
Example four:
referring to fig. 3, fig. 3 is a block diagram of a member revocation processing apparatus according to an embodiment of the present invention; the device mainly comprises: a random number determination unit 110, a history private key acquisition unit 120, a merging unit 130, a member transmission unit 140, a secret share statistics unit 150, and a data signature unit 160.
The random number determining unit 110 is mainly configured to determine a random number for each valid member when receiving a revocation notification of a second member; wherein an active member refers to a member of the system other than the second member;
the historical private key obtaining unit 120 is mainly configured to obtain the historical private keys of the valid members in the adjacent period;
the merging unit 130 is mainly configured to perform merging calculation on the random number corresponding to each valid member and the historical private key to obtain a merged value;
the member sending unit 140 is mainly configured to send the merged value as a secret share to a corresponding system member;
the secret share counting unit 150 is mainly used for counting secret shares sent by the effective members to obtain a counting result;
the data signing unit 160 is mainly configured to sign data with the statistical result as a new private key.
The member revocation processing device provided by the embodiment can reduce the cost of system updating, and simultaneously ensure the security of the historical signature and the subsequent signature.
It should be noted that the member revocation processing apparatus provided in this embodiment may be contrasted with the member revocation processing method described in the foregoing embodiment, and details thereof are not repeated herein.
The random number determining unit may specifically further include:
an arbitrary number determination subunit for determining three arbitrary numbers
Figure GDA0003649847360000132
q and p;
the calculating subunit is used for substituting the selected three random numbers into a random number calculating formula, and taking the obtained result as the random number determined by the member; wherein, the random number formula is:
Figure GDA0003649847360000141
optionally, the merging unit may specifically be a summing unit, configured to sum the random number corresponding to each valid member with the historical private key.
Optionally, the member revocation processing apparatus provided in this embodiment may further include: a verification generation unit; the input end of the verification generation unit is connected with the output end of the merging unit, and the output end of the verification generation unit is connected with the member sending unit.
The verification generation unit is mainly used for distributing verification information corresponding to the secret share for each effective member and broadcasting the verification information; wherein the verification information is generated from the corresponding secret share.
Accordingly, the member sending unit is mainly configured to: sending the secret share and the verification information to the corresponding system member;
correspondingly, an information verification subunit and a statistic subunit are further arranged in the secret share statistic unit; the information verification subunit is mainly used for verifying the correctness of the secret shares according to the verification information before counting the secret shares and after the verification information and the secret shares are obtained; and the statistic subunit is used for counting the secret shares when the secret shares are successfully verified.
Optionally, the verification generating unit may specifically be: and the shared verification generating unit is used for distributing verification information of corresponding secret shares for each effective member according to an Asmuth-Bloom secret sharing calculation formula.
Optionally, the data signing unit in this embodiment may further be: and the threshold signature unit is used for carrying out data threshold signature according to the new private key based on the Chinese remainder theorem.
Example five:
the member revocation processing device provided by the present invention is described below, and the description of the member revocation processing device may refer to the member revocation processing method and apparatus; the apparatus mainly comprises:
a memory for storing a computer program;
and the processor is used for realizing the steps of the member revocation processing method when executing the computer program.
The member revocation processing equipment provided by the invention can reduce the cost of system updating and ensure the safety of historical signatures and subsequent signatures.
Referring to fig. 4, an embodiment of the present invention provides a schematic structural diagram of a member revocation processing apparatus, which may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing applications 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330, and execute a series of instruction operations in the storage medium 330 on the member revocation processing apparatus 301.
Member revocation processing apparatus 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth.
The steps in the member revocation processing method described above may be implemented by the structure of the member revocation processing apparatus.
Example six:
in the following, the readable storage medium provided by the embodiment of the present invention is introduced, and the readable storage medium described below and the member revocation processing method described above may be referred to correspondingly.
A readable storage medium is disclosed, having a program stored thereon, which when executed by a processor, performs the steps of a member revocation processing method.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The member revocation processing method, apparatus, device and readable storage medium provided in the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, without departing from the principle of the present application, the present application can also make several improvements and modifications, and those improvements and modifications also fall into the protection scope of the claims of the present application.

Claims (10)

1. A member revocation processing method based on a digital signature scheme is characterized by comprising the following steps:
when the first member receives the revocation notice of the second member, determining a random number for each effective member; wherein the active member refers to a member of the system other than the second member;
acquiring a historical private key of each effective member in a neighboring period;
combining and calculating the random number corresponding to each effective member and the historical private key to obtain a combined value;
sending the merged value as a secret share to a corresponding system member;
after secret shares sent by the effective members are obtained, counting the secret shares to obtain a statistical result;
and taking the statistical result as a new private key to carry out data signature.
2. The member revocation processing method according to claim 1, wherein the determining a random number for each valid member includes:
determining three arbitrary numbers N i T' Q and p;
substituting the selected three random numbers into a random number calculation formula, and taking the obtained result as a random number determined by a member; wherein the random number formula is:
Figure FDA0003772196120000011
wherein i is the serial number of the total T members, T is the update period, N is an integer, N is the number of the total T members i T' And q and p are both large prime numbers which are random integers of the ith member in the Tth updating period of the member revocation phase.
3. The method for revocation processing of a member according to claim 1, wherein performing a merged calculation of the random number corresponding to each of the valid members and the history private key includes:
and summing the random number corresponding to each effective member with the historical private key.
4. The member revocation processing method according to claim 1, further comprising:
distributing verification information corresponding to the secret share for each effective member, and broadcasting the verification information; wherein the verification information is generated from the corresponding secret shares;
correspondingly, sending the merged value as a secret share to a corresponding system member specifically includes: sending the secret share and the verification information to a corresponding system member;
before the counting of the secret shares, the method further includes: after obtaining verification information and secret shares, verifying the correctness of the secret shares according to the verification information;
when the secret shares are successfully verified, the secret shares are counted.
5. The member revocation processing method according to claim 4, wherein the allocating the authentication information of the secret share to each valid member includes:
and distributing the verification information of the corresponding secret share for each effective member according to an Asmuth-Bloom secret sharing calculation formula.
6. The member revocation processing method according to claim 1, wherein data signing the statistical result as a new private key includes:
and performing data threshold signature according to the new private key based on the Chinese remainder theorem.
7. A member revocation processing apparatus, characterized by comprising:
the random number determining unit is used for determining a random number for each effective member when receiving the revocation notification of the second member; wherein the active member refers to a system member other than the second member;
a history private key obtaining unit, configured to obtain a history private key of each valid member in a neighboring period;
the merging unit is used for merging and calculating the random number corresponding to each effective member and the historical private key to obtain a merged value;
the member sending unit is used for sending the combined value serving as a secret share to a corresponding system member;
the secret share counting unit is used for counting the secret shares sent by the effective members to obtain a counting result;
and the data signature unit is used for carrying out data signature by taking the statistical result as a new private key.
8. The member revocation processing apparatus according to claim 7, wherein the random number determination unit includes:
an arbitrary number determination subunit for determining three arbitrary numbers
Figure FDA0003772196120000021
q and p;
the calculating subunit is used for substituting the selected three random numbers into a random number calculating formula, and taking the obtained result as the random number determined by the member; wherein the random number formula is:
Figure FDA0003772196120000022
wherein i is the member serial number of the total T members, T is the updating period, N is an integer,
Figure FDA0003772196120000023
in the T updating period of the member revocation phase, q and p are large prime numbers.
9. A member revocation processing apparatus, characterized by comprising:
a memory for storing a computer program;
a processor for implementing the steps of the member revocation handling method according to any of claims 1 to 6 when executing the computer program.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when executed by a processor, carries out the steps of the member revocation processing method according to any of claims 1 to 6.
CN201910243345.2A 2019-03-28 2019-03-28 Member revocation processing method, device, equipment and storage medium Active CN109981293B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910243345.2A CN109981293B (en) 2019-03-28 2019-03-28 Member revocation processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910243345.2A CN109981293B (en) 2019-03-28 2019-03-28 Member revocation processing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109981293A CN109981293A (en) 2019-07-05
CN109981293B true CN109981293B (en) 2022-09-27

Family

ID=67081280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910243345.2A Active CN109981293B (en) 2019-03-28 2019-03-28 Member revocation processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109981293B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2554368A1 (en) * 2004-01-23 2005-08-04 Nec Corporation Group signature system, method, device, and program
CN102156835A (en) * 2010-04-16 2011-08-17 微软公司 Safely and partially updating of content management software

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8689000B2 (en) * 2003-05-21 2014-04-01 Hewlett-Packard Development Company, L.P. Use of certified secrets in communication
CN101321053B (en) * 2007-06-08 2011-09-14 华为技术有限公司 Group cipher key generating method, system and apparatus
CN103209413A (en) * 2013-01-29 2013-07-17 无锡南理工科技发展有限公司 Threshold tracking Ad Hoc network anonymous authentication method free of trusted center
CN103281175B (en) * 2013-05-14 2015-11-04 电子科技大学 A kind of LKH key management tree dynamical balancing method
CN104780050B (en) * 2015-04-23 2018-03-13 北京航空航天大学 A kind of member of the forward secrecy based on elliptic curve is revocable without certificate group signature method
GB2556902A (en) * 2016-11-24 2018-06-13 Payfont Ltd Method and system for securely storing data using a secret sharing scheme

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2554368A1 (en) * 2004-01-23 2005-08-04 Nec Corporation Group signature system, method, device, and program
CN102156835A (en) * 2010-04-16 2011-08-17 微软公司 Safely and partially updating of content management software

Also Published As

Publication number Publication date
CN109981293A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
US20230120742A1 (en) Quantumproof blockchain
EP3619884B1 (en) Secure dynamic threshold signature scheme employing trusted hardware
CN109905247B (en) Block chain based digital signature method, device, equipment and storage medium
US11979507B2 (en) Computer implemented method and system for transferring access to a digital asset
JP2023109981A (en) Computer-implemented system and method for authorizing blockchain transaction with low-entropy password
EP3563553A1 (en) Method for signing a new block in a decentralized blockchain consensus network
CN110177124B (en) Identity authentication method based on block chain and related equipment
CN110830244A (en) Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain
CN111865595B (en) Block chain consensus method and device
JP2002529778A (en) Incorporating shared randomness into distributed encryption
CN114463009A (en) Method for improving transaction security of large-scale energy node
CN116208345B (en) Group authentication method based on secret sharing and related equipment
CN109981293B (en) Member revocation processing method, device, equipment and storage medium
CN115796861B (en) Cross-chain transaction method, system, equipment and storage medium on blockchain
CN112565201B (en) Private key processing method and device in block chain and computer storage medium
CN112751675B (en) Information monitoring method, system, equipment and storage medium based on block chain
US20220067727A1 (en) Method for operating a distributed database system, distributed database system, and industrial automation system
CN111106938A (en) Information processing method, system and equipment
CN115664714B (en) Anonymous selection committee method, system and medium based on TEE (terminal equipment) on blockchain
Geng et al. A Multi-secret Sharing Scheme with Combiner Identification Authentication
CN116915416B (en) Certificate signing method and device and certificate obtaining method and device
CN117914466A (en) Block chain uplink authentication method, device, computer equipment and storage medium
CN116886259A (en) Quantum attack-resistant block chain broadcast multiple signature based data storage method
CN118211965A (en) Transaction verification method, device and storage medium
CN115296788A (en) Meta universe block chain cross-chain method based on BLS threshold signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant