CN110198213A - A kind of system based on privacy sharing random number common recognition algorithm - Google Patents
A kind of system based on privacy sharing random number common recognition algorithm Download PDFInfo
- Publication number
- CN110198213A CN110198213A CN201910256248.7A CN201910256248A CN110198213A CN 110198213 A CN110198213 A CN 110198213A CN 201910256248 A CN201910256248 A CN 201910256248A CN 110198213 A CN110198213 A CN 110198213A
- Authority
- CN
- China
- Prior art keywords
- participant
- common recognition
- signature
- block
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the system based on privacy sharing random number common recognition algorithm, the generation step including random number and the common recognition algorithm based on random number;The generation step of random number includes the generation of the period signature of the high block of block, the secret sharing with central authority and random number;Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;System based on privacy sharing random number common recognition algorithm is on the basis of equity proves that equity proves common recognition algorithm, it introduces based on the random selection common recognition node and Byzantium's common recognition that can verify that random function, guarantees rapidly and efficiently property and the safety compliance of common recognition algorithm.
Description
Technical field
The present invention relates to the application fields of block chain, for the system based on privacy sharing random number common recognition algorithm.
Background technique
Block chain is the novel system of the computer technologies such as common recognition algorithm, distributed storage, point-to-point transmission, Encryption Algorithm
System.It is widely used in numerous necks such as securities trading, e-commerce, intelligent contract, Internet of Things, social communication and file storage
Domain.Current block chain technology be the data chunk that is generated by a string using cryptography methods at, each block includes
The cryptographic Hash (hash) of a upper block, and ensure to generate after a upper block sequentially in time, from original area
Block (genesis block) is initially connected to current block, forms block chain.Common recognition algorithm is the core technology of block chain.It determines
Determine the efficiency and Partial security of block chain.
Common recognition algorithm is to guarantee each consistent key of node account book data of block platform chain, and common recognition algorithm common at present has
RAFT, P Byzantium, PoW, equity prove, D equity proves etc..RAFT algorithm is the consistent sexal maturity solution of traditional distributed system
Certainly step, performance is high, low in resources consumption, but does not have to the fault-tolerant of Byzantium.P Byzantium algorithm is a kind of license ballot, few
Number obeys most common recognition mechanism, the ability with tolerable Byzantine fault, but flexibility and reliability are incomplete;PoW
Algorithm relies on the computing capability of machine to obtain book keeping operation power, and resource consumption is big and speed is slow.Equity proves that equity proves that common recognition is calculated
Method is by having highest equity rather than the node acquisition book keeping operation power of highest calculation power in system, wherein equity is presented as node to certain number
The ownership of the logical card of goods public affairs chain is measured, referred to as public chain logical card age or the logical card number of days of public chain;Equity proves that algorithm solves to a certain extent
Determined PoW algorithm calculation power waste problem;But still remain supervisory weak problem;PoW, equity prove and D equity proves all
Reward mechanism is needed to motivate node to participate in book keeping operation, exists simultaneously can be supervisory weak the problems such as.
Summary of the invention
In view of this, the present invention provide it is a kind of solution or part solve the above problems based on privacy sharing random number know together
The system of algorithm;
To achieve the effect that above-mentioned technical step, technical step of the invention are as follows: one kind is total based on privacy sharing random number
Know the system of the system of algorithm, which is characterized in that generating means and common recognition algoritic module including random number, algoritic module of knowing together
For exporting the common recognition algorithm based on random number;Common recognition algorithm based on random number, including random selection common recognition node, equity card
Bright algorithm, Byzantium's common recognition;
The generating means of random number, the device including the period signature for generating the high block of block;With central authority
Secret sharing computing device;And can also generate at random just can produce one it is unique, determining, random, can verify that
Random number seedhigh;
The device for wherein generating the period signature of the high block of block, the period for generating the high block of block sign;Generate block
Period cryptographic algorithm of the signature based on bilinear map of the high block of block in the device of the period signature of high block is calculated,
Generation, signature and sign test including key;In the period signature of the high block of block, the device of the period signature of the high block of block is generated
A central authority and n participant are set, wherein n participant is labeled as, p1,p2,...,pnAnd remember P={ P1,
P2...Pn, P is participant's set;Central authority generation group public private key pair, including group public key pk and group private key sk, sk ∈
[1, p-1], wherein n, p are integer,
By a group private key sk, to calculate a group public key: pk=gsk;Remember that e:G × G → G', e are that a nonsingular bilinearity is reflected
It penetrates, G, G' is prime number p rank multiplicative group, and g is the generation member of crowd G;
Each participant uses the period signature algorithm of the high block of block and the private key of oneself to sign message m, output point
Piece signature sigmai, and by fragment signature sigmaiBroadcast, participant PiThe fragment signature sigma of generationi:Participant PiIt is public and private
Key pair: ski=f (i) modp, pki=gf(i)mod p;
It is wherein group public key pk by input, the subset S:S ∈ P of message m and all members, so that | S |=t, Yi Jifen
Piece signature sigmai, export as sets of threshold values signature sigma;A block height before wherein message m is current block height high
seedhighThe spelling knot signed with the sets of threshold values of a block height before current block height high;Sets of threshold values is signed by S
The fragment signature sigma of participantiSets of threshold values signature is generated with the index of participant in S, the index of participant is respectively set as l in S1,
l2,...,lt;
Participant PiCollect the signature sigma of other participant's broadcast1,σ2,...,σn, and with the corresponding public key pk of oneselfiIt tests
Label, e (σi, g) and=e (h (m), pki);
Participant PiIt signs to message m and generates fragment signature sigmai:T is integer,
And signature is broadcasted;Central authority collects the signature of participant for generating message, if there is t participant in n participant
Effective signature is had sent, the set of this t participant is denoted as S, and t is integer;
Then central authority, which is signed and indexed according to fragment, generates sets of threshold values signature, j=1 ..., t by formula one:
And sets of threshold values is signed and is broadcasted;Each participant can verify that sets of threshold values is signed: e (σ, g)=e (h (m), pk), if phase
Pass through Deng then sets of threshold values signature verification;
After sets of threshold values signature generates, the random number seed of current block height high is generated by hash algorithmhigh=h
(σhigh), h (σhigh) it is exactly sets of threshold values signature sigma to current block height highhighCarry out hash algorithm, seedhighBe by
What the sets of threshold values signature that can verify that uniquely determined;Any participant verifies sets of threshold values signature by group public key, then uses
Hash algorithm verifies seedhighCorrectness, seedhighDependent on a block height before current block height
seedhigh-1It signs with the sets of threshold values of a block height before current block height high;It in this way can be in a participant
Generated in enough networks can hardly break through, can not manipulate, uncertain random number seedhigh;
Central authority randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein x be
Integer from 1 to n is used for constructed fuction;
Wherein a0=sk, a1...at-1The integer for being randomly generated out respectively, for being used as polynomial coefficient, then
Promise is made to polynomial coefficient:
Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i) modp, i=1,2 ..., n, and
F (i) is sent to participant P in confidencei;Participant PiAfter receiving f (i), whether verifying formula two meets:
Receive if meeting, it is ensured that f (i) is come out by polynomial computation, and wherein j is also integer, and value range is
Integer, AjIt is one of them multinomial coefficient to be verified;
In the secret sharing computing device with central authority in the generating means of random number with central authority
Secret sharing is the secret sharing step with a central authority, and the secret sharing computing device with central authority is used for
It handles a central authority and shares a secret s to n participant, by executing secret sharing agreement, as long as final participant
The secret sharing that quantity reaches a threshold value t calculates step, and wherein s is secret abbreviation, in system as secret
Number, can calculate the secret that central authority is shared, and sign, may be implemented in secret sharing in conjunction with the period of the high block of block
Respective fragment signature is provided by t' participant, recovers a sets of threshold values signature;
Secret sharing agreement specific steps are as follows: each participant Pi'One highest number of random selection is in [1, p-1]
T-1 simultaneously constructs polynomial fi'(y): fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1, wherein y is the integer from 1 to n, is used for structure
Make function;And wherein: (ai'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1, it is random generation;Participant Pi'Oneself is selected
The multinomial coefficient selected is promised to undertake:And it broadcasts
The value of promise;In addition s is definedi'j'=fi'(j')modp,j'∈[1,n];Participant Pi'It calculates and shares, share by sijIt determines;
And calculated sharing is sent to participant P in confidencej';The participant P sharedj'In member be labeled as j', member j
Collect the s that other members are sent to him1j',s2j',...,snj', this process setting is index, i.e.,
Index:j'=(s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn
(j'))
And it verifiesWherein integer k, i', j' ∈ [1, n];
It is final to define Si'j'shareFor all correct participant's set for executing secret sharing agreement;Secret sharing group public key
Are as follows:
Each participant PjSecret sharing private key are as follows:
Each participant P sharedj'Correspondence public key are as follows:Any one is participated in
Person can not independently calculate secret sharing group private key;
Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether
The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited
Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility
The node that arbitrary act is presented is referred to as Byzantium, and arbitrary act means all things that can be imagined;Byzantium's behavior
Comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium is better;One
It is a that there are the common recognitions reached in the system of Byzantium's node to be known as Byzantium's agreement;Byzantium's node have to simultaneously control 51% with
On calculation power and 51% or more equity, could successful implementation 51% attack;
Equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;Equity proves that the accounting nodes of algorithm need
The a certain amount of logical card of public chain is locked, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds the logical card of public chain
Quantity;I.e. each network node is linked to an address, and it is more that the logical card of public chain is held in this address, it obtain generate it is next
The probability of block is bigger;The purpose of Byzantium's common recognition is to establish between node in untrusted network to trust;Byzantium's common recognition
Common recognition can be completed in the case where being no more than 1/3 error node;Several are selected holding the logical card quantity of public chain according to node
After deposit common recognition node (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection a portion lays in node
It is to randomly choose common recognition node as common recognition node.
Specific embodiment
In order to which the technical problems to be solved by the invention, technical step and beneficial effect is more clearly understood, tie below
Embodiment is closed, the present invention will be described in detail.It should be noted that specific embodiment described herein is only to explain
The present invention is not intended to limit the present invention, and the product for being able to achieve said function belongs to equivalent replacement and improvement, is all contained in this hair
Within bright protection scope.The specific method is as follows:
Embodiment 1: the systematic difference scene based on privacy sharing random number common recognition algorithm will be exemplified below below: packet
Containing following steps:
Based on the system of privacy sharing random number common recognition algorithm, the generation step including random number and being total to based on random number
Know algorithm;The period signature of the high block of block in the generation step of random number is the cryptographic algorithm based on bilinear map, packet
Include generation, signature and the sign test of key;
Remember e:G × G → G', is a nonsingular bilinear map, G, G' are prime number p rank multiplicative group, according to bilinearity
Property has:Key includes private key and public key;X ∈ [1, p-1] is randomly selected as private key, sk=
X calculates public key pk=gx, g is the generation member of crowd G;The signature of message m is σ=hx, h=hash (m);Verifier according to pk, m,
σ, hash, whether verifying e (σ, g)=e (hash (m), pk) is equal, and sign test passes through if equal;
The secret sharing with central authority in the generation step of random number is that a central authority divides to n participant
A secret s is enjoyed, by executing a set of agreement, as long as soon as final participant's quantity reaches a threshold value t, center machine can be calculated
The secret that structure is shared;It signs in conjunction with the periodic groups of the high block of block, may be implemented to provide respective signature point by t participant
Piece recovers a new signature;
There are a central authority and n participant, remembers P={ P1,P2,...,PnIt is that participant gathers;Central authority generates
Group public private key pair includes group private key and group public key, sk ∈ [1, p-1], as a group private key, calculating group public key: pk=gsk;Center machine
Structure randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein a0=sk;To multinomial coefficient
Make promise:Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i)
Modp, i=1,2 ..., n, and f (i) secret is sent to participant Pi;Participant PiAfter receiving f (i), verification expression
Son:It is whether equal, receive if equal, it is ensured that f (i) is come out by polynomial computation;
Participant PiPublic private key pair: ski=f (i) mod p, pki=gf(i)Mod p, i=1,2 ..., n;Participant Pi
It signs to message m:And signature is broadcasted;Central authority collects the signature of participant, if n
There is t participant to have sent effective signature in participant, the set of this t participant is denoted as S, S ∈ P, | S | it is participated in in=t, S
The index of person is l1,l2,...,lt;Then central authority generation group is signed:And it will
Group signature broadcast;Each participant can verify that a group signature: e (σ, g)=e (H (m), pk) organizes signature verification if equal and passes through;
The secret sharing with central authority in the generation step of random number is the secret point with a central authority
Enjoy step, if by n participant all centered on mechanism execute secret sharing agreement, i.e. secret sharing agreement, and junction belt threshold
The period signature step (period of the high block of T block) of the high block of the block of value, so that it may generate one it is unique, determining, random,
The random number that can verify that:
Secret sharing agreement: each participant PiOne highest number of random selection is the multinomial of t-1 in [1, p-1]
Formula: fi(x)=ai0+ai1x+...+ai(t-1)xt-1, wherein: (ai0,ai1,...,ai(t-1))∈[1,p-1]t-1;Participant PiTo certainly
Oneself promises to undertake at the multinomial coefficient of selection:And broadcast commitment value;Participant
PiCalculate shares:sij=fi(j)modp,j∈[1,n];And calculated sharing shares is sent to participant in confidence
Pj;Member j collects the s that other members are sent to him1j,s2j,...,snj, i.e.,
index j:(s1j,s2j,...,sjj,...,snj)=(f1(j),f2(j),...,fj(j),...,fn(j))
And it verifiesWherein [1, n] i ∈;The final P that defines is secret point of all correct execution
The participant's set for enjoying agreement;Group public key are as follows: PK=Πi∈PAi0modp;Each participant PjPrivate key are as follows: skj=∑i∈Psij
=∑i∈Pfi(j)mod p;Each participant PjCorrespondence public key are as follows:Any one participant all without
Method independently calculates a group private key;
Share-Sign(ski, m): each participant uses the period signature algorithm and the private key of oneself of the high block of block
It signs to message m, output signature fragment σi, and signature fragment is broadcasted, participant PiThe signature fragment of generation:
Share-Verify(PK,pki,m,σi): participant PiCollect the signature sigma of other participant's broadcast1,σ2,...,σn, and with correspond to
Public key pkiSign test, e (σi, g) and=e (H (m), pki); recover(PK,pki,m,σi, i ∈ S): it inputs as a group public key, message
The subset of m and all members:So that | S |=t and signature sigmai, export as sets of threshold values signature sigma;Wherein m is h-1 high
The spelling knot of the sets of threshold values signature of the seed and h-1 height of degree;After group signature generates, random number seed is generated by hash algorithmh
=H (σh), seed is uniquely determined by the group signature that can verify that;Any participant tests a group signature by group public key
It demonstrate,proves, then verifies the correctness of seed, sets of threshold values signature of the seed dependent on seed the and h-1 height of h-1 height with hash algorithm;
Can generate in the enough networks of a participant in this way can hardly break through, can not manipulate, uncertain random number;
Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether
The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited
Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility
The node that arbitrary act is presented is referred to as Byzantium, and arbitrary act means all things that can be imagined;Byzantium's behavior
Comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium is better;One
It is a that there are reach the common recognition in the system of Byzantium's node to be known as Byzantium's agreement;Byzantium's node has to simultaneously control
The equity of 51% or more calculation power and 51% or more, could the attack of successful implementation 51%;
Equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;Equity proves that the accounting nodes of algorithm need
The a certain amount of logical card of public chain is locked, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds the logical card of public chain
Quantity;I.e. each network node is linked to an address, and it is more that the logical card of public chain is held in this address, it obtain generate it is next
The probability of block is bigger;The purpose of Byzantium's common recognition is to establish between node in untrusted network to trust;Byzantium's common recognition
Common recognition can be completed in the case where being no more than 1/3 error node;Several are selected holding the logical card quantity of public chain according to node
After deposit common recognition node (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection a portion lays in node
It is the random selection common recognition node as common recognition node;
Beneficial achievement of the invention are as follows: the present invention provides the systems based on privacy sharing random number common recognition algorithm, at random
Several generation steps includes the generation of the period signature of the high block of block, the secret sharing with central authority and random number;It is based on
The common recognition algorithm of random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Byzantium's common recognition can be with
Be no more than 1/3 error node in the case where complete common recognition, guarantee the consistency of block, and substantially increase common recognition speed and
Safety.
The foregoing is merely the preferred embodiments of the invention, the claims that are not intended to limit the invention.
Simultaneously it is described above, for those skilled in the technology concerned it would be appreciated that and implement, therefore other be based on institute of the present invention
The equivalent change that disclosure is completed, should be included in the covering scope of the claims.
Claims (1)
1. a kind of system based on privacy sharing random number common recognition algorithm, which is characterized in that generating means including random number and
Common recognition algoritic module, the common recognition algoritic module is for exporting the common recognition algorithm based on random number;Being total to based on random number
Know algorithm, including random selection common recognition node, equity prove algorithm, Byzantium's common recognition;The generating means of the random number, including
The device that period for generating the high block of block signs;Secret sharing computing device with central authority;And it can also be with
Machine, which generates, just can produce a random number seed that is unique, determining, random, can verify thathigh;
The wherein device of the period signature of the high block of generation area block, the period for generating the high block of block sign;The generation
Period cryptographic algorithm of the signature based on bilinear map of the high block of the block in the device of the period signature of the high block of block
It is calculated, generation, signature and sign test including key;In the period signature of the high block of the block, the generation block is high
The device of the period signature of block sets a central authority and n participant, and wherein n participant is labeled as, p1,p2,...,pn
And remember P={ P1,P2...Pn, P is participant's set;The central authority generation group public private key pair, including a group public key
Pk and group private key sk, sk ∈ [1, p-1], wherein n, p are integer,
By a group private key sk, to calculate a group public key: pk=gsk;Remember that e:G × G → G', e are a nonsingular bilinear map,
G, G' are prime number p rank multiplicative group, and g is the generation member of crowd G;
Each participant uses the period signature algorithm of the high block of block and the private key of oneself to sign the message m, output point
Piece signature sigmai, and by the fragment signature sigmaiBroadcast, participant PiThe fragment signature sigma generatedi:Participant
PiPublic private key pair: ski=f (i) mod p, pki=gf(i)mod p;
It is wherein group public key pk by input, the subset S:S ∈ P of the message m and all members, so that | S |=t, t are whole
Several and fragment signature sigmai, export as sets of threshold values signature sigma;One before wherein the message m is current block height high
The seed of block heighthighThe spelling knot signed with the sets of threshold values of a block height before current block height high;Threshold value
The fragment signature sigma that group is signed by participant in SiSets of threshold values signature is generated with the index of participant in S, the index of participant in S
It is respectively set as l1,l2,...,lt;
Participant PiCollect the signature sigma of other participant's broadcast1,σ2,...,σn, and with the corresponding public key pk of oneselfiSign test, e
(σi, g) and=e (h (m), pki);
Participant PiIt signs to the message m and generates fragment signature sigmai:I=0 ..., t-1, and will signature
Broadcast;Central authority collects the signature of participant for generating the message, if there is t participant to send in n participant
Effective signature, the set of this t participant are denoted as S, and t is integer;
Then central authority, which is signed and indexed according to fragment, generates sets of threshold values signature, j=0 ..., t-1 by formula one:
And sets of threshold values is signed and is broadcasted;Each participant can verify that sets of threshold values is signed: e (σ, g)=e (h (m), pk), if equal
Sets of threshold values signature verification passes through;
After sets of threshold values signature generates, the random number seed of current block height high is generated by hash algorithmhigh=h (σhigh),
h(σhigh) it is exactly sets of threshold values signature sigma to current block height highhighCarry out hash algorithm, seedhighIt is by can verify that
Sets of threshold values signature uniquely determines;Any participant verifies sets of threshold values signature by group public key, then with hash algorithm school
Test seedhighCorrectness, seedhighSeed dependent on a block height before current block heighthigh-1With it is current
The sets of threshold values of a block height before block height high is signed;It in this way can be in the enough networks of a participant
Generation can hardly break through, can not manipulate, uncertain random number seedhigh;
The central authority randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein x be from
1 arrives the integer of n, is used for constructed fuction;
Wherein a0=sk, a1...at-1The integer for being randomly generated out respectively, for being used as the polynomial coefficient, then
Promise is made to polynomial coefficient:
Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i) modp, and f (i) is sent in confidence
Give participant Pi;Participant PiAfter receiving f (i), whether verifying formula two meets:
Receiving if meeting, it is ensured that f (i) is come out by polynomial computation, and wherein j is also integer, and value range is integer,
AjIt is one of them multinomial coefficient to be verified;
It is described with center machine in the secret sharing computing device with central authority in the generating means of the random number
The secret sharing of structure is the secret sharing step with a central authority, and the secret sharing with central authority calculates dress
It sets, shares a secret s to n participant for handling a central authority, by executing secret sharing agreement, as long as final
The secret sharing that participant's quantity reaches a threshold value t calculates step, and wherein s is secret abbreviation, is used for the conduct in system
Secret number, can calculate the secret that central authority is shared, and sign, may be implemented in conjunction with the period of the high block of the block
Respective fragment is provided by t' participant in secret sharing to sign, and recovers a sets of threshold values signature;
The secret sharing agreement specific steps are as follows: each participant Pi'One highest number of random selection is in [1, p-1]
T-1 simultaneously constructs polynomial fi'(y): fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1, wherein y is the integer from 1 to n, is used for structure
Make function;And wherein: (ai'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1, it is random generation;Participant Pi'Oneself is selected
The multinomial coefficient selected is promised to undertake:
And broadcast the value of promise;In addition it defines
si'j'=fi'(j')modp;Participant Pi'It calculates and shares, the sharing is by sijIt determines;And it is the calculated sharing is secret
Ground is sent to participant Pj';The participant P sharedj'In member be labeled as j', member j collects other members and is sent to him
S1j',s2j',...,snj', this process setting is index, i.e.,
Index:j'=(the s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn
(j'))
And it verifiesWherein integer k, i', j' ∈ [0, t-1];
It is final to define Si'j'shareFor all correct participant's set for executing secret sharing agreement;Secret sharing group public key are as follows:
pkj'=Πi'∈PAi'0mod p;
Each participant PjSecret sharing private key are as follows:
Each participant P sharedj'Correspondence public key are as follows:Any one participant all without
Method independently calculates secret sharing group private key;
The common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether
The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited
Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility
The node that arbitrary act is presented is referred to as Byzantium's node, and arbitrary act means all things that can be imagined;Byzantium's row
For also comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium's nodes is
It is better;It is known as Byzantium's agreement there are the common recognition is reached in the system of Byzantium's node at one;Byzantium's node is necessary
The equity of calculation power and 51% of 51% or more control or more simultaneously, could the attack of successful implementation 51%;
The equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;The equity proves the accounting nodes of algorithm
Need to lock a certain amount of logical card of public chain, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds public chain
Logical card quantity;I.e. each network node is linked to an address, this address holds that the logical card of public chain is more, it is generated down
The probability of one block is bigger;The purpose of described Byzantium common recognition is to establish between node in untrusted network to trust;Institute
Common recognition can be completed in the case where being no more than 1/3 error node by stating Byzantium's common recognition;The logical card number of public chain is being held according to node
After amount selection several deposit common recognition nodes (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection wherein one
Fractional reserve node is the random selection common recognition node as common recognition node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910256248.7A CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910256248.7A CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110198213A true CN110198213A (en) | 2019-09-03 |
CN110198213B CN110198213B (en) | 2020-07-03 |
Family
ID=67751897
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910256248.7A Active CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110198213B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110601834A (en) * | 2019-09-30 | 2019-12-20 | 深圳市网心科技有限公司 | Consensus method, device, equipment and readable storage medium |
CN110599173A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain consensus node determination method, device, equipment and storage medium |
CN110825349A (en) * | 2019-11-14 | 2020-02-21 | 深圳市网心科技有限公司 | Random number generation method, block chain node, system and medium |
CN111049644A (en) * | 2019-10-22 | 2020-04-21 | 贵州财经大学 | Rational and fair secret information sharing method based on confusion incentive mechanism |
CN111539016A (en) * | 2020-04-14 | 2020-08-14 | 浙江浙燃能源有限公司 | Distributed computing method, system, block chain node and computer medium |
CN112329051A (en) * | 2020-10-23 | 2021-02-05 | 中国科学院数据与通信保护研究教育中心 | Safe and efficient consensus mechanism implementation method and system |
CN112491845A (en) * | 2020-11-18 | 2021-03-12 | 北京数码视讯科技股份有限公司 | Node admission method, consensus method, device, electronic equipment and storage medium |
CN112541821A (en) * | 2020-11-18 | 2021-03-23 | 齐鲁工业大学 | Delegation rights and interests certification consensus algorithm with dynamic trust |
CN112799636A (en) * | 2021-04-14 | 2021-05-14 | 北京百度网讯科技有限公司 | Random number generation method, device, equipment and storage medium |
CN113111373A (en) * | 2021-05-13 | 2021-07-13 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
CN114553407A (en) * | 2022-02-16 | 2022-05-27 | 淘宝(中国)软件有限公司 | Data processing method and device based on secret sharing |
CN114826592A (en) * | 2022-06-22 | 2022-07-29 | 腾讯科技(深圳)有限公司 | Key generation method and device based on block chain, electronic equipment and readable medium |
CN115152177A (en) * | 2020-07-30 | 2022-10-04 | 戴普实验室有限公司 | System and method for providing specialized proofs of confidential knowledge |
WO2023197468A1 (en) * | 2022-04-14 | 2023-10-19 | 上海阵方科技有限公司 | Method for ensuring correct truncation under secret sharing |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150381350A1 (en) * | 2014-06-27 | 2015-12-31 | Thomson Licensing | Threshold cryptosystem, corresponding electronic devices and computer program products |
WO2017192837A1 (en) * | 2016-05-04 | 2017-11-09 | Silvio Micali | Distributed transaction propagation and verification system |
CN108711052A (en) * | 2018-05-18 | 2018-10-26 | 电子科技大学 | A kind of information authentication system based on block chain |
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109067522A (en) * | 2018-07-27 | 2018-12-21 | 深圳市汇尊区块链技术有限公司 | A kind of random number Verified secret sharing method |
CN109104286A (en) * | 2018-07-26 | 2018-12-28 | 杭州安恒信息技术股份有限公司 | A kind of new block generation method of the common recognition based on threshold digital signature |
CN109146484A (en) * | 2018-08-31 | 2019-01-04 | 深圳付贝科技有限公司 | Common recognition verification method, digging mine machine and block catenary system based on block chain |
CN109377360A (en) * | 2018-08-31 | 2019-02-22 | 西安电子科技大学 | Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm |
WO2019046317A1 (en) * | 2017-08-28 | 2019-03-07 | (N)Alibaba Group Holding Limited | Key data processing method and apparatus, and server |
CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
-
2019
- 2019-04-01 CN CN201910256248.7A patent/CN110198213B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150381350A1 (en) * | 2014-06-27 | 2015-12-31 | Thomson Licensing | Threshold cryptosystem, corresponding electronic devices and computer program products |
WO2017192837A1 (en) * | 2016-05-04 | 2017-11-09 | Silvio Micali | Distributed transaction propagation and verification system |
WO2019046317A1 (en) * | 2017-08-28 | 2019-03-07 | (N)Alibaba Group Holding Limited | Key data processing method and apparatus, and server |
CN108711052A (en) * | 2018-05-18 | 2018-10-26 | 电子科技大学 | A kind of information authentication system based on block chain |
CN109104286A (en) * | 2018-07-26 | 2018-12-28 | 杭州安恒信息技术股份有限公司 | A kind of new block generation method of the common recognition based on threshold digital signature |
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109067522A (en) * | 2018-07-27 | 2018-12-21 | 深圳市汇尊区块链技术有限公司 | A kind of random number Verified secret sharing method |
CN109146484A (en) * | 2018-08-31 | 2019-01-04 | 深圳付贝科技有限公司 | Common recognition verification method, digging mine machine and block catenary system based on block chain |
CN109377360A (en) * | 2018-08-31 | 2019-02-22 | 西安电子科技大学 | Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm |
CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
Non-Patent Citations (2)
Title |
---|
ABBOUD HUSAM: "H/Rindex The Hashing Power and Robustness Index, Computational Power-weighted Benchmark for Global Blockchain and Crypto Market", 《SSRN》 * |
王化群: "区块链中的密码学技术", 《南京邮电大学学报》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110599173A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Block chain consensus node determination method, device, equipment and storage medium |
CN110599173B (en) * | 2019-09-20 | 2021-08-17 | 腾讯科技(深圳)有限公司 | Block chain consensus node determination method, device, equipment and storage medium |
CN110601834A (en) * | 2019-09-30 | 2019-12-20 | 深圳市网心科技有限公司 | Consensus method, device, equipment and readable storage medium |
CN111049644A (en) * | 2019-10-22 | 2020-04-21 | 贵州财经大学 | Rational and fair secret information sharing method based on confusion incentive mechanism |
CN111049644B (en) * | 2019-10-22 | 2021-03-23 | 贵州财经大学 | Rational and fair secret information sharing method based on confusion incentive mechanism |
WO2021093244A1 (en) * | 2019-11-14 | 2021-05-20 | 深圳市网心科技有限公司 | Random number generation method, blockchain node, system and medium |
CN110825349A (en) * | 2019-11-14 | 2020-02-21 | 深圳市网心科技有限公司 | Random number generation method, block chain node, system and medium |
CN110825349B (en) * | 2019-11-14 | 2023-03-28 | 深圳市迅雷网络技术有限公司 | Random number generation method, block chain node, system and medium |
CN111539016A (en) * | 2020-04-14 | 2020-08-14 | 浙江浙燃能源有限公司 | Distributed computing method, system, block chain node and computer medium |
CN111539016B (en) * | 2020-04-14 | 2023-04-07 | 浙江浙燃能源有限公司 | Distributed computing method, system, block chain node and computer medium |
CN115152177A (en) * | 2020-07-30 | 2022-10-04 | 戴普实验室有限公司 | System and method for providing specialized proofs of confidential knowledge |
US11824990B2 (en) | 2020-07-30 | 2023-11-21 | Dapper Labs, Inc. | Systems and methods providing specialized proof of confidential knowledge |
CN115152177B (en) * | 2020-07-30 | 2023-11-21 | 戴普实验室有限公司 | System and method for providing specialized proof of confidential knowledge |
CN112329051A (en) * | 2020-10-23 | 2021-02-05 | 中国科学院数据与通信保护研究教育中心 | Safe and efficient consensus mechanism implementation method and system |
CN112329051B (en) * | 2020-10-23 | 2023-09-19 | 中国科学院数据与通信保护研究教育中心 | Safe and efficient consensus mechanism implementation method and system |
CN112491845A (en) * | 2020-11-18 | 2021-03-12 | 北京数码视讯科技股份有限公司 | Node admission method, consensus method, device, electronic equipment and storage medium |
CN112541821B (en) * | 2020-11-18 | 2023-02-28 | 齐鲁工业大学 | Entrusting equity certification consensus algorithm with dynamic trust |
CN112491845B (en) * | 2020-11-18 | 2023-04-25 | 北京数码视讯科技股份有限公司 | Ordinary node admittance method, device, electronic equipment and readable storage medium |
CN112541821A (en) * | 2020-11-18 | 2021-03-23 | 齐鲁工业大学 | Delegation rights and interests certification consensus algorithm with dynamic trust |
CN112799636A (en) * | 2021-04-14 | 2021-05-14 | 北京百度网讯科技有限公司 | Random number generation method, device, equipment and storage medium |
CN113111373B (en) * | 2021-05-13 | 2022-06-07 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
CN113111373A (en) * | 2021-05-13 | 2021-07-13 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
CN114553407A (en) * | 2022-02-16 | 2022-05-27 | 淘宝(中国)软件有限公司 | Data processing method and device based on secret sharing |
WO2023197468A1 (en) * | 2022-04-14 | 2023-10-19 | 上海阵方科技有限公司 | Method for ensuring correct truncation under secret sharing |
CN114826592A (en) * | 2022-06-22 | 2022-07-29 | 腾讯科技(深圳)有限公司 | Key generation method and device based on block chain, electronic equipment and readable medium |
CN114826592B (en) * | 2022-06-22 | 2022-10-14 | 腾讯科技(深圳)有限公司 | Key generation method and device based on block chain, electronic equipment and readable medium |
Also Published As
Publication number | Publication date |
---|---|
CN110198213B (en) | 2020-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110198213A (en) | A kind of system based on privacy sharing random number common recognition algorithm | |
Choudhuri et al. | Fairness in an unfair world: Fair multiparty computation from public bulletin boards | |
Syta et al. | Scalable bias-resistant distributed randomness | |
Li et al. | Synchronized provable data possession based on blockchain for digital twin | |
Chen et al. | Blockchain-based key management scheme in fog-enabled IoT systems | |
CN113612604B (en) | Asynchronous network-oriented safe distributed random number generation method and device | |
Freitag et al. | Non-malleable time-lock puzzles and applications | |
CN113489681A (en) | Block link point data consistency consensus method, device, equipment and storage medium | |
Andrychowicz et al. | Distributed cryptography based on the proofs of work | |
CN112600675B (en) | Electronic voting method and device based on group signature, electronic equipment and storage medium | |
CN111047316A (en) | Tamper-resistant intelligent block chain system and implementation method | |
Wang et al. | VOSA: Verifiable and oblivious secure aggregation for privacy-preserving federated learning | |
Šimunić et al. | Verifiable computing applications in blockchain | |
CN109104410B (en) | Information matching method and device | |
CN112613601A (en) | Neural network model updating method, device and computer storage medium | |
Srinivasan et al. | Transparent batchable time-lock puzzles and applications to byzantine consensus | |
CN114463009B (en) | Method for improving transaction security of large-scale energy nodes | |
Mashhadi et al. | Provably secure verifiable multi‐stage secret sharing scheme based on monotone span program | |
Yang et al. | A survey and comparison of post-quantum and quantum blockchains | |
Cerulli et al. | vetkeys: How a blockchain can keep many secrets | |
US11782758B2 (en) | Distributed computing system and method of operation thereof | |
Sakho et al. | Privacy protection issues in blockchain technology | |
Bu et al. | RepShardChain: A reputation-based sharding blockchain system in smart city | |
US20220075668A1 (en) | Distributed computing system and method of operation thereof | |
Li et al. | A forward-secure certificate-based signature scheme in the standard model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 200,135 Building C3, No. 101, Eshan Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai Patentee after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd. Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120 Patentee before: NENG LIAN TECH. LTD. |