CN110198213A - A kind of system based on privacy sharing random number common recognition algorithm - Google Patents

A kind of system based on privacy sharing random number common recognition algorithm Download PDF

Info

Publication number
CN110198213A
CN110198213A CN201910256248.7A CN201910256248A CN110198213A CN 110198213 A CN110198213 A CN 110198213A CN 201910256248 A CN201910256248 A CN 201910256248A CN 110198213 A CN110198213 A CN 110198213A
Authority
CN
China
Prior art keywords
participant
common recognition
signature
block
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910256248.7A
Other languages
Chinese (zh)
Other versions
CN110198213B (en
Inventor
林乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Lingshuzhonghe Information Technology Co ltd
Original Assignee
Shanghai Energy Chain Zhonghe Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Energy Chain Zhonghe Technology Co Ltd filed Critical Shanghai Energy Chain Zhonghe Technology Co Ltd
Priority to CN201910256248.7A priority Critical patent/CN110198213B/en
Publication of CN110198213A publication Critical patent/CN110198213A/en
Application granted granted Critical
Publication of CN110198213B publication Critical patent/CN110198213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the system based on privacy sharing random number common recognition algorithm, the generation step including random number and the common recognition algorithm based on random number;The generation step of random number includes the generation of the period signature of the high block of block, the secret sharing with central authority and random number;Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;System based on privacy sharing random number common recognition algorithm is on the basis of equity proves that equity proves common recognition algorithm, it introduces based on the random selection common recognition node and Byzantium's common recognition that can verify that random function, guarantees rapidly and efficiently property and the safety compliance of common recognition algorithm.

Description

A kind of system based on privacy sharing random number common recognition algorithm
Technical field
The present invention relates to the application fields of block chain, for the system based on privacy sharing random number common recognition algorithm.
Background technique
Block chain is the novel system of the computer technologies such as common recognition algorithm, distributed storage, point-to-point transmission, Encryption Algorithm System.It is widely used in numerous necks such as securities trading, e-commerce, intelligent contract, Internet of Things, social communication and file storage Domain.Current block chain technology be the data chunk that is generated by a string using cryptography methods at, each block includes The cryptographic Hash (hash) of a upper block, and ensure to generate after a upper block sequentially in time, from original area Block (genesis block) is initially connected to current block, forms block chain.Common recognition algorithm is the core technology of block chain.It determines Determine the efficiency and Partial security of block chain.
Common recognition algorithm is to guarantee each consistent key of node account book data of block platform chain, and common recognition algorithm common at present has RAFT, P Byzantium, PoW, equity prove, D equity proves etc..RAFT algorithm is the consistent sexal maturity solution of traditional distributed system Certainly step, performance is high, low in resources consumption, but does not have to the fault-tolerant of Byzantium.P Byzantium algorithm is a kind of license ballot, few Number obeys most common recognition mechanism, the ability with tolerable Byzantine fault, but flexibility and reliability are incomplete;PoW Algorithm relies on the computing capability of machine to obtain book keeping operation power, and resource consumption is big and speed is slow.Equity proves that equity proves that common recognition is calculated Method is by having highest equity rather than the node acquisition book keeping operation power of highest calculation power in system, wherein equity is presented as node to certain number The ownership of the logical card of goods public affairs chain is measured, referred to as public chain logical card age or the logical card number of days of public chain;Equity proves that algorithm solves to a certain extent Determined PoW algorithm calculation power waste problem;But still remain supervisory weak problem;PoW, equity prove and D equity proves all Reward mechanism is needed to motivate node to participate in book keeping operation, exists simultaneously can be supervisory weak the problems such as.
Summary of the invention
In view of this, the present invention provide it is a kind of solution or part solve the above problems based on privacy sharing random number know together The system of algorithm;
To achieve the effect that above-mentioned technical step, technical step of the invention are as follows: one kind is total based on privacy sharing random number Know the system of the system of algorithm, which is characterized in that generating means and common recognition algoritic module including random number, algoritic module of knowing together For exporting the common recognition algorithm based on random number;Common recognition algorithm based on random number, including random selection common recognition node, equity card Bright algorithm, Byzantium's common recognition;
The generating means of random number, the device including the period signature for generating the high block of block;With central authority Secret sharing computing device;And can also generate at random just can produce one it is unique, determining, random, can verify that Random number seedhigh
The device for wherein generating the period signature of the high block of block, the period for generating the high block of block sign;Generate block Period cryptographic algorithm of the signature based on bilinear map of the high block of block in the device of the period signature of high block is calculated, Generation, signature and sign test including key;In the period signature of the high block of block, the device of the period signature of the high block of block is generated A central authority and n participant are set, wherein n participant is labeled as, p1,p2,...,pnAnd remember P={ P1, P2...Pn, P is participant's set;Central authority generation group public private key pair, including group public key pk and group private key sk, sk ∈ [1, p-1], wherein n, p are integer,
By a group private key sk, to calculate a group public key: pk=gsk;Remember that e:G × G → G', e are that a nonsingular bilinearity is reflected It penetrates, G, G' is prime number p rank multiplicative group, and g is the generation member of crowd G;
Each participant uses the period signature algorithm of the high block of block and the private key of oneself to sign message m, output point Piece signature sigmai, and by fragment signature sigmaiBroadcast, participant PiThe fragment signature sigma of generationi:Participant PiIt is public and private Key pair: ski=f (i) modp, pki=gf(i)mod p;
It is wherein group public key pk by input, the subset S:S ∈ P of message m and all members, so that | S |=t, Yi Jifen Piece signature sigmai, export as sets of threshold values signature sigma;A block height before wherein message m is current block height high seedhighThe spelling knot signed with the sets of threshold values of a block height before current block height high;Sets of threshold values is signed by S The fragment signature sigma of participantiSets of threshold values signature is generated with the index of participant in S, the index of participant is respectively set as l in S1, l2,...,lt
Participant PiCollect the signature sigma of other participant's broadcast12,...,σn, and with the corresponding public key pk of oneselfiIt tests Label, e (σi, g) and=e (h (m), pki);
Participant PiIt signs to message m and generates fragment signature sigmai:T is integer, And signature is broadcasted;Central authority collects the signature of participant for generating message, if there is t participant in n participant Effective signature is had sent, the set of this t participant is denoted as S, and t is integer;
Then central authority, which is signed and indexed according to fragment, generates sets of threshold values signature, j=1 ..., t by formula one:
And sets of threshold values is signed and is broadcasted;Each participant can verify that sets of threshold values is signed: e (σ, g)=e (h (m), pk), if phase Pass through Deng then sets of threshold values signature verification;
After sets of threshold values signature generates, the random number seed of current block height high is generated by hash algorithmhigh=h (σhigh), h (σhigh) it is exactly sets of threshold values signature sigma to current block height highhighCarry out hash algorithm, seedhighBe by What the sets of threshold values signature that can verify that uniquely determined;Any participant verifies sets of threshold values signature by group public key, then uses Hash algorithm verifies seedhighCorrectness, seedhighDependent on a block height before current block height seedhigh-1It signs with the sets of threshold values of a block height before current block height high;It in this way can be in a participant Generated in enough networks can hardly break through, can not manipulate, uncertain random number seedhigh
Central authority randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein x be Integer from 1 to n is used for constructed fuction;
Wherein a0=sk, a1...at-1The integer for being randomly generated out respectively, for being used as polynomial coefficient, then Promise is made to polynomial coefficient:
Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i) modp, i=1,2 ..., n, and F (i) is sent to participant P in confidencei;Participant PiAfter receiving f (i), whether verifying formula two meets:
Receive if meeting, it is ensured that f (i) is come out by polynomial computation, and wherein j is also integer, and value range is Integer, AjIt is one of them multinomial coefficient to be verified;
In the secret sharing computing device with central authority in the generating means of random number with central authority Secret sharing is the secret sharing step with a central authority, and the secret sharing computing device with central authority is used for It handles a central authority and shares a secret s to n participant, by executing secret sharing agreement, as long as final participant The secret sharing that quantity reaches a threshold value t calculates step, and wherein s is secret abbreviation, in system as secret Number, can calculate the secret that central authority is shared, and sign, may be implemented in secret sharing in conjunction with the period of the high block of block Respective fragment signature is provided by t' participant, recovers a sets of threshold values signature;
Secret sharing agreement specific steps are as follows: each participant Pi'One highest number of random selection is in [1, p-1] T-1 simultaneously constructs polynomial fi'(y): fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1, wherein y is the integer from 1 to n, is used for structure Make function;And wherein: (ai'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1, it is random generation;Participant Pi'Oneself is selected The multinomial coefficient selected is promised to undertake:And it broadcasts The value of promise;In addition s is definedi'j'=fi'(j')modp,j'∈[1,n];Participant Pi'It calculates and shares, share by sijIt determines; And calculated sharing is sent to participant P in confidencej';The participant P sharedj'In member be labeled as j', member j Collect the s that other members are sent to him1j',s2j',...,snj', this process setting is index, i.e.,
Index:j'=(s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn (j'))
And it verifiesWherein integer k, i', j' ∈ [1, n];
It is final to define Si'j'shareFor all correct participant's set for executing secret sharing agreement;Secret sharing group public key Are as follows:
Each participant PjSecret sharing private key are as follows:
Each participant P sharedj'Correspondence public key are as follows:Any one is participated in Person can not independently calculate secret sharing group private key;
Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility The node that arbitrary act is presented is referred to as Byzantium, and arbitrary act means all things that can be imagined;Byzantium's behavior Comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium is better;One It is a that there are the common recognitions reached in the system of Byzantium's node to be known as Byzantium's agreement;Byzantium's node have to simultaneously control 51% with On calculation power and 51% or more equity, could successful implementation 51% attack;
Equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;Equity proves that the accounting nodes of algorithm need The a certain amount of logical card of public chain is locked, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds the logical card of public chain Quantity;I.e. each network node is linked to an address, and it is more that the logical card of public chain is held in this address, it obtain generate it is next The probability of block is bigger;The purpose of Byzantium's common recognition is to establish between node in untrusted network to trust;Byzantium's common recognition Common recognition can be completed in the case where being no more than 1/3 error node;Several are selected holding the logical card quantity of public chain according to node After deposit common recognition node (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection a portion lays in node It is to randomly choose common recognition node as common recognition node.
Specific embodiment
In order to which the technical problems to be solved by the invention, technical step and beneficial effect is more clearly understood, tie below Embodiment is closed, the present invention will be described in detail.It should be noted that specific embodiment described herein is only to explain The present invention is not intended to limit the present invention, and the product for being able to achieve said function belongs to equivalent replacement and improvement, is all contained in this hair Within bright protection scope.The specific method is as follows:
Embodiment 1: the systematic difference scene based on privacy sharing random number common recognition algorithm will be exemplified below below: packet Containing following steps:
Based on the system of privacy sharing random number common recognition algorithm, the generation step including random number and being total to based on random number Know algorithm;The period signature of the high block of block in the generation step of random number is the cryptographic algorithm based on bilinear map, packet Include generation, signature and the sign test of key;
Remember e:G × G → G', is a nonsingular bilinear map, G, G' are prime number p rank multiplicative group, according to bilinearity Property has:Key includes private key and public key;X ∈ [1, p-1] is randomly selected as private key, sk= X calculates public key pk=gx, g is the generation member of crowd G;The signature of message m is σ=hx, h=hash (m);Verifier according to pk, m, σ, hash, whether verifying e (σ, g)=e (hash (m), pk) is equal, and sign test passes through if equal;
The secret sharing with central authority in the generation step of random number is that a central authority divides to n participant A secret s is enjoyed, by executing a set of agreement, as long as soon as final participant's quantity reaches a threshold value t, center machine can be calculated The secret that structure is shared;It signs in conjunction with the periodic groups of the high block of block, may be implemented to provide respective signature point by t participant Piece recovers a new signature;
There are a central authority and n participant, remembers P={ P1,P2,...,PnIt is that participant gathers;Central authority generates Group public private key pair includes group private key and group public key, sk ∈ [1, p-1], as a group private key, calculating group public key: pk=gsk;Center machine Structure randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein a0=sk;To multinomial coefficient Make promise:Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i) Modp, i=1,2 ..., n, and f (i) secret is sent to participant Pi;Participant PiAfter receiving f (i), verification expression Son:It is whether equal, receive if equal, it is ensured that f (i) is come out by polynomial computation;
Participant PiPublic private key pair: ski=f (i) mod p, pki=gf(i)Mod p, i=1,2 ..., n;Participant Pi It signs to message m:And signature is broadcasted;Central authority collects the signature of participant, if n There is t participant to have sent effective signature in participant, the set of this t participant is denoted as S, S ∈ P, | S | it is participated in in=t, S The index of person is l1,l2,...,lt;Then central authority generation group is signed:And it will Group signature broadcast;Each participant can verify that a group signature: e (σ, g)=e (H (m), pk) organizes signature verification if equal and passes through;
The secret sharing with central authority in the generation step of random number is the secret point with a central authority Enjoy step, if by n participant all centered on mechanism execute secret sharing agreement, i.e. secret sharing agreement, and junction belt threshold The period signature step (period of the high block of T block) of the high block of the block of value, so that it may generate one it is unique, determining, random, The random number that can verify that:
Secret sharing agreement: each participant PiOne highest number of random selection is the multinomial of t-1 in [1, p-1] Formula: fi(x)=ai0+ai1x+...+ai(t-1)xt-1, wherein: (ai0,ai1,...,ai(t-1))∈[1,p-1]t-1;Participant PiTo certainly Oneself promises to undertake at the multinomial coefficient of selection:And broadcast commitment value;Participant PiCalculate shares:sij=fi(j)modp,j∈[1,n];And calculated sharing shares is sent to participant in confidence Pj;Member j collects the s that other members are sent to him1j,s2j,...,snj, i.e.,
index j:(s1j,s2j,...,sjj,...,snj)=(f1(j),f2(j),...,fj(j),...,fn(j))
And it verifiesWherein [1, n] i ∈;The final P that defines is secret point of all correct execution The participant's set for enjoying agreement;Group public key are as follows: PK=Πi∈PAi0modp;Each participant PjPrivate key are as follows: skj=∑i∈Psij =∑i∈Pfi(j)mod p;Each participant PjCorrespondence public key are as follows:Any one participant all without Method independently calculates a group private key;
Share-Sign(ski, m): each participant uses the period signature algorithm and the private key of oneself of the high block of block It signs to message m, output signature fragment σi, and signature fragment is broadcasted, participant PiThe signature fragment of generation: Share-Verify(PK,pki,m,σi): participant PiCollect the signature sigma of other participant's broadcast12,...,σn, and with correspond to Public key pkiSign test, e (σi, g) and=e (H (m), pki); recover(PK,pki,m,σi, i ∈ S): it inputs as a group public key, message The subset of m and all members:So that | S |=t and signature sigmai, export as sets of threshold values signature sigma;Wherein m is h-1 high The spelling knot of the sets of threshold values signature of the seed and h-1 height of degree;After group signature generates, random number seed is generated by hash algorithmh =H (σh), seed is uniquely determined by the group signature that can verify that;Any participant tests a group signature by group public key It demonstrate,proves, then verifies the correctness of seed, sets of threshold values signature of the seed dependent on seed the and h-1 height of h-1 height with hash algorithm; Can generate in the enough networks of a participant in this way can hardly break through, can not manipulate, uncertain random number;
Common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility The node that arbitrary act is presented is referred to as Byzantium, and arbitrary act means all things that can be imagined;Byzantium's behavior Comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium is better;One It is a that there are reach the common recognition in the system of Byzantium's node to be known as Byzantium's agreement;Byzantium's node has to simultaneously control The equity of 51% or more calculation power and 51% or more, could the attack of successful implementation 51%;
Equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;Equity proves that the accounting nodes of algorithm need The a certain amount of logical card of public chain is locked, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds the logical card of public chain Quantity;I.e. each network node is linked to an address, and it is more that the logical card of public chain is held in this address, it obtain generate it is next The probability of block is bigger;The purpose of Byzantium's common recognition is to establish between node in untrusted network to trust;Byzantium's common recognition Common recognition can be completed in the case where being no more than 1/3 error node;Several are selected holding the logical card quantity of public chain according to node After deposit common recognition node (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection a portion lays in node It is the random selection common recognition node as common recognition node;
Beneficial achievement of the invention are as follows: the present invention provides the systems based on privacy sharing random number common recognition algorithm, at random Several generation steps includes the generation of the period signature of the high block of block, the secret sharing with central authority and random number;It is based on The common recognition algorithm of random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Byzantium's common recognition can be with Be no more than 1/3 error node in the case where complete common recognition, guarantee the consistency of block, and substantially increase common recognition speed and Safety.
The foregoing is merely the preferred embodiments of the invention, the claims that are not intended to limit the invention. Simultaneously it is described above, for those skilled in the technology concerned it would be appreciated that and implement, therefore other be based on institute of the present invention The equivalent change that disclosure is completed, should be included in the covering scope of the claims.

Claims (1)

1. a kind of system based on privacy sharing random number common recognition algorithm, which is characterized in that generating means including random number and Common recognition algoritic module, the common recognition algoritic module is for exporting the common recognition algorithm based on random number;Being total to based on random number Know algorithm, including random selection common recognition node, equity prove algorithm, Byzantium's common recognition;The generating means of the random number, including The device that period for generating the high block of block signs;Secret sharing computing device with central authority;And it can also be with Machine, which generates, just can produce a random number seed that is unique, determining, random, can verify thathigh
The wherein device of the period signature of the high block of generation area block, the period for generating the high block of block sign;The generation Period cryptographic algorithm of the signature based on bilinear map of the high block of the block in the device of the period signature of the high block of block It is calculated, generation, signature and sign test including key;In the period signature of the high block of the block, the generation block is high The device of the period signature of block sets a central authority and n participant, and wherein n participant is labeled as, p1,p2,...,pn And remember P={ P1,P2...Pn, P is participant's set;The central authority generation group public private key pair, including a group public key Pk and group private key sk, sk ∈ [1, p-1], wherein n, p are integer,
By a group private key sk, to calculate a group public key: pk=gsk;Remember that e:G × G → G', e are a nonsingular bilinear map, G, G' are prime number p rank multiplicative group, and g is the generation member of crowd G;
Each participant uses the period signature algorithm of the high block of block and the private key of oneself to sign the message m, output point Piece signature sigmai, and by the fragment signature sigmaiBroadcast, participant PiThe fragment signature sigma generatedi:Participant PiPublic private key pair: ski=f (i) mod p, pki=gf(i)mod p;
It is wherein group public key pk by input, the subset S:S ∈ P of the message m and all members, so that | S |=t, t are whole Several and fragment signature sigmai, export as sets of threshold values signature sigma;One before wherein the message m is current block height high The seed of block heighthighThe spelling knot signed with the sets of threshold values of a block height before current block height high;Threshold value The fragment signature sigma that group is signed by participant in SiSets of threshold values signature is generated with the index of participant in S, the index of participant in S It is respectively set as l1,l2,...,lt
Participant PiCollect the signature sigma of other participant's broadcast12,...,σn, and with the corresponding public key pk of oneselfiSign test, e (σi, g) and=e (h (m), pki);
Participant PiIt signs to the message m and generates fragment signature sigmai:I=0 ..., t-1, and will signature Broadcast;Central authority collects the signature of participant for generating the message, if there is t participant to send in n participant Effective signature, the set of this t participant are denoted as S, and t is integer;
Then central authority, which is signed and indexed according to fragment, generates sets of threshold values signature, j=0 ..., t-1 by formula one:
And sets of threshold values is signed and is broadcasted;Each participant can verify that sets of threshold values is signed: e (σ, g)=e (h (m), pk), if equal Sets of threshold values signature verification passes through;
After sets of threshold values signature generates, the random number seed of current block height high is generated by hash algorithmhigh=h (σhigh), h(σhigh) it is exactly sets of threshold values signature sigma to current block height highhighCarry out hash algorithm, seedhighIt is by can verify that Sets of threshold values signature uniquely determines;Any participant verifies sets of threshold values signature by group public key, then with hash algorithm school Test seedhighCorrectness, seedhighSeed dependent on a block height before current block heighthigh-1With it is current The sets of threshold values of a block height before block height high is signed;It in this way can be in the enough networks of a participant Generation can hardly break through, can not manipulate, uncertain random number seedhigh
The central authority randomly chooses multinomial coefficient, constructs polynomial f (x)=a0+a1x+...+at-1xt-1, wherein x be from 1 arrives the integer of n, is used for constructed fuction;
Wherein a0=sk, a1...at-1The integer for being randomly generated out respectively, for being used as the polynomial coefficient, then Promise is made to polynomial coefficient:
Wherein A0=pk, and by A0,A1,...,At-1Broadcast;Central authority calculates: f (i) modp, and f (i) is sent in confidence Give participant Pi;Participant PiAfter receiving f (i), whether verifying formula two meets:
Receiving if meeting, it is ensured that f (i) is come out by polynomial computation, and wherein j is also integer, and value range is integer, AjIt is one of them multinomial coefficient to be verified;
It is described with center machine in the secret sharing computing device with central authority in the generating means of the random number The secret sharing of structure is the secret sharing step with a central authority, and the secret sharing with central authority calculates dress It sets, shares a secret s to n participant for handling a central authority, by executing secret sharing agreement, as long as final The secret sharing that participant's quantity reaches a threshold value t calculates step, and wherein s is secret abbreviation, is used for the conduct in system Secret number, can calculate the secret that central authority is shared, and sign, may be implemented in conjunction with the period of the high block of the block Respective fragment is provided by t' participant in secret sharing to sign, and recovers a sets of threshold values signature;
The secret sharing agreement specific steps are as follows: each participant Pi'One highest number of random selection is in [1, p-1] T-1 simultaneously constructs polynomial fi'(y): fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1, wherein y is the integer from 1 to n, is used for structure Make function;And wherein: (ai'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1, it is random generation;Participant Pi'Oneself is selected The multinomial coefficient selected is promised to undertake:
And broadcast the value of promise;In addition it defines si'j'=fi'(j')modp;Participant Pi'It calculates and shares, the sharing is by sijIt determines;And it is the calculated sharing is secret Ground is sent to participant Pj';The participant P sharedj'In member be labeled as j', member j collects other members and is sent to him S1j',s2j',...,snj', this process setting is index, i.e.,
Index:j'=(the s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn (j'))
And it verifiesWherein integer k, i', j' ∈ [0, t-1];
It is final to define Si'j'shareFor all correct participant's set for executing secret sharing agreement;Secret sharing group public key are as follows:
pkj'i'∈PAi'0mod p;
Each participant PjSecret sharing private key are as follows:
Each participant P sharedj'Correspondence public key are as follows:Any one participant all without Method independently calculates secret sharing group private key;
The common recognition algorithm based on random number includes that equity proves algorithm, Byzantium's common recognition and random selection common recognition node;Altogether The consistency of knowledge is that the decision value of all good nodes must be identical;The terminability of common recognition indicates all good nodes when limited Interior end decision process;The validity of common recognition is that the decision value selected must be the input value of some node;One possibility The node that arbitrary act is presented is referred to as Byzantium's node, and arbitrary act means all things that can be imagined;Byzantium's row For also comprising collusion, all Byzantium's nodes are controlled by the same attacker, i.e., the node of all non-Byzantium's nodes is It is better;It is known as Byzantium's agreement there are the common recognition is reached in the system of Byzantium's node at one;Byzantium's node is necessary The equity of calculation power and 51% of 51% or more control or more simultaneously, could the attack of successful implementation 51%;
The equity proves that algorithm need not be calculated power by consumption and obtain node book keeping operation power;The equity proves the accounting nodes of algorithm Need to lock a certain amount of logical card of public chain, accounting nodes are proposed and ballot block generates, and ballot weight depends on it and holds public chain Logical card quantity;I.e. each network node is linked to an address, this address holds that the logical card of public chain is more, it is generated down The probability of one block is bigger;The purpose of described Byzantium common recognition is to establish between node in untrusted network to trust;Institute Common recognition can be completed in the case where being no more than 1/3 error node by stating Byzantium's common recognition;The logical card number of public chain is being held according to node After amount selection several deposit common recognition nodes (at any time and hold the logical card Number dynamics adjustment list of public chain), random selection wherein one Fractional reserve node is the random selection common recognition node as common recognition node.
CN201910256248.7A 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm Active CN110198213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910256248.7A CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910256248.7A CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Publications (2)

Publication Number Publication Date
CN110198213A true CN110198213A (en) 2019-09-03
CN110198213B CN110198213B (en) 2020-07-03

Family

ID=67751897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910256248.7A Active CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Country Status (1)

Country Link
CN (1) CN110198213B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110601834A (en) * 2019-09-30 2019-12-20 深圳市网心科技有限公司 Consensus method, device, equipment and readable storage medium
CN110599173A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Block chain consensus node determination method, device, equipment and storage medium
CN110825349A (en) * 2019-11-14 2020-02-21 深圳市网心科技有限公司 Random number generation method, block chain node, system and medium
CN111049644A (en) * 2019-10-22 2020-04-21 贵州财经大学 Rational and fair secret information sharing method based on confusion incentive mechanism
CN111539016A (en) * 2020-04-14 2020-08-14 浙江浙燃能源有限公司 Distributed computing method, system, block chain node and computer medium
CN112329051A (en) * 2020-10-23 2021-02-05 中国科学院数据与通信保护研究教育中心 Safe and efficient consensus mechanism implementation method and system
CN112491845A (en) * 2020-11-18 2021-03-12 北京数码视讯科技股份有限公司 Node admission method, consensus method, device, electronic equipment and storage medium
CN112541821A (en) * 2020-11-18 2021-03-23 齐鲁工业大学 Delegation rights and interests certification consensus algorithm with dynamic trust
CN112799636A (en) * 2021-04-14 2021-05-14 北京百度网讯科技有限公司 Random number generation method, device, equipment and storage medium
CN113111373A (en) * 2021-05-13 2021-07-13 北京邮电大学 Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
CN114553407A (en) * 2022-02-16 2022-05-27 淘宝(中国)软件有限公司 Data processing method and device based on secret sharing
CN114826592A (en) * 2022-06-22 2022-07-29 腾讯科技(深圳)有限公司 Key generation method and device based on block chain, electronic equipment and readable medium
CN115152177A (en) * 2020-07-30 2022-10-04 戴普实验室有限公司 System and method for providing specialized proofs of confidential knowledge
WO2023197468A1 (en) * 2022-04-14 2023-10-19 上海阵方科技有限公司 Method for ensuring correct truncation under secret sharing

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150381350A1 (en) * 2014-06-27 2015-12-31 Thomson Licensing Threshold cryptosystem, corresponding electronic devices and computer program products
WO2017192837A1 (en) * 2016-05-04 2017-11-09 Silvio Micali Distributed transaction propagation and verification system
CN108711052A (en) * 2018-05-18 2018-10-26 电子科技大学 A kind of information authentication system based on block chain
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109067522A (en) * 2018-07-27 2018-12-21 深圳市汇尊区块链技术有限公司 A kind of random number Verified secret sharing method
CN109104286A (en) * 2018-07-26 2018-12-28 杭州安恒信息技术股份有限公司 A kind of new block generation method of the common recognition based on threshold digital signature
CN109146484A (en) * 2018-08-31 2019-01-04 深圳付贝科技有限公司 Common recognition verification method, digging mine machine and block catenary system based on block chain
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm
WO2019046317A1 (en) * 2017-08-28 2019-03-07 (N)Alibaba Group Holding Limited Key data processing method and apparatus, and server
CN109544331A (en) * 2018-10-12 2019-03-29 深圳壹账通智能科技有限公司 Supply chain financial application method, apparatus and terminal device based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150381350A1 (en) * 2014-06-27 2015-12-31 Thomson Licensing Threshold cryptosystem, corresponding electronic devices and computer program products
WO2017192837A1 (en) * 2016-05-04 2017-11-09 Silvio Micali Distributed transaction propagation and verification system
WO2019046317A1 (en) * 2017-08-28 2019-03-07 (N)Alibaba Group Holding Limited Key data processing method and apparatus, and server
CN108711052A (en) * 2018-05-18 2018-10-26 电子科技大学 A kind of information authentication system based on block chain
CN109104286A (en) * 2018-07-26 2018-12-28 杭州安恒信息技术股份有限公司 A kind of new block generation method of the common recognition based on threshold digital signature
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109067522A (en) * 2018-07-27 2018-12-21 深圳市汇尊区块链技术有限公司 A kind of random number Verified secret sharing method
CN109146484A (en) * 2018-08-31 2019-01-04 深圳付贝科技有限公司 Common recognition verification method, digging mine machine and block catenary system based on block chain
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm
CN109544331A (en) * 2018-10-12 2019-03-29 深圳壹账通智能科技有限公司 Supply chain financial application method, apparatus and terminal device based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ABBOUD HUSAM: "H/Rindex The Hashing Power and Robustness Index, Computational Power-weighted Benchmark for Global Blockchain and Crypto Market", 《SSRN》 *
王化群: "区块链中的密码学技术", 《南京邮电大学学报》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110599173A (en) * 2019-09-20 2019-12-20 腾讯科技(深圳)有限公司 Block chain consensus node determination method, device, equipment and storage medium
CN110599173B (en) * 2019-09-20 2021-08-17 腾讯科技(深圳)有限公司 Block chain consensus node determination method, device, equipment and storage medium
CN110601834A (en) * 2019-09-30 2019-12-20 深圳市网心科技有限公司 Consensus method, device, equipment and readable storage medium
CN111049644A (en) * 2019-10-22 2020-04-21 贵州财经大学 Rational and fair secret information sharing method based on confusion incentive mechanism
CN111049644B (en) * 2019-10-22 2021-03-23 贵州财经大学 Rational and fair secret information sharing method based on confusion incentive mechanism
WO2021093244A1 (en) * 2019-11-14 2021-05-20 深圳市网心科技有限公司 Random number generation method, blockchain node, system and medium
CN110825349A (en) * 2019-11-14 2020-02-21 深圳市网心科技有限公司 Random number generation method, block chain node, system and medium
CN110825349B (en) * 2019-11-14 2023-03-28 深圳市迅雷网络技术有限公司 Random number generation method, block chain node, system and medium
CN111539016A (en) * 2020-04-14 2020-08-14 浙江浙燃能源有限公司 Distributed computing method, system, block chain node and computer medium
CN111539016B (en) * 2020-04-14 2023-04-07 浙江浙燃能源有限公司 Distributed computing method, system, block chain node and computer medium
CN115152177A (en) * 2020-07-30 2022-10-04 戴普实验室有限公司 System and method for providing specialized proofs of confidential knowledge
US11824990B2 (en) 2020-07-30 2023-11-21 Dapper Labs, Inc. Systems and methods providing specialized proof of confidential knowledge
CN115152177B (en) * 2020-07-30 2023-11-21 戴普实验室有限公司 System and method for providing specialized proof of confidential knowledge
CN112329051A (en) * 2020-10-23 2021-02-05 中国科学院数据与通信保护研究教育中心 Safe and efficient consensus mechanism implementation method and system
CN112329051B (en) * 2020-10-23 2023-09-19 中国科学院数据与通信保护研究教育中心 Safe and efficient consensus mechanism implementation method and system
CN112491845A (en) * 2020-11-18 2021-03-12 北京数码视讯科技股份有限公司 Node admission method, consensus method, device, electronic equipment and storage medium
CN112541821B (en) * 2020-11-18 2023-02-28 齐鲁工业大学 Entrusting equity certification consensus algorithm with dynamic trust
CN112491845B (en) * 2020-11-18 2023-04-25 北京数码视讯科技股份有限公司 Ordinary node admittance method, device, electronic equipment and readable storage medium
CN112541821A (en) * 2020-11-18 2021-03-23 齐鲁工业大学 Delegation rights and interests certification consensus algorithm with dynamic trust
CN112799636A (en) * 2021-04-14 2021-05-14 北京百度网讯科技有限公司 Random number generation method, device, equipment and storage medium
CN113111373B (en) * 2021-05-13 2022-06-07 北京邮电大学 Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
CN113111373A (en) * 2021-05-13 2021-07-13 北京邮电大学 Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
CN114553407A (en) * 2022-02-16 2022-05-27 淘宝(中国)软件有限公司 Data processing method and device based on secret sharing
WO2023197468A1 (en) * 2022-04-14 2023-10-19 上海阵方科技有限公司 Method for ensuring correct truncation under secret sharing
CN114826592A (en) * 2022-06-22 2022-07-29 腾讯科技(深圳)有限公司 Key generation method and device based on block chain, electronic equipment and readable medium
CN114826592B (en) * 2022-06-22 2022-10-14 腾讯科技(深圳)有限公司 Key generation method and device based on block chain, electronic equipment and readable medium

Also Published As

Publication number Publication date
CN110198213B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
CN110198213A (en) A kind of system based on privacy sharing random number common recognition algorithm
Choudhuri et al. Fairness in an unfair world: Fair multiparty computation from public bulletin boards
Syta et al. Scalable bias-resistant distributed randomness
Li et al. Synchronized provable data possession based on blockchain for digital twin
Chen et al. Blockchain-based key management scheme in fog-enabled IoT systems
CN113612604B (en) Asynchronous network-oriented safe distributed random number generation method and device
Freitag et al. Non-malleable time-lock puzzles and applications
CN113489681A (en) Block link point data consistency consensus method, device, equipment and storage medium
Andrychowicz et al. Distributed cryptography based on the proofs of work
CN112600675B (en) Electronic voting method and device based on group signature, electronic equipment and storage medium
CN111047316A (en) Tamper-resistant intelligent block chain system and implementation method
Wang et al. VOSA: Verifiable and oblivious secure aggregation for privacy-preserving federated learning
Šimunić et al. Verifiable computing applications in blockchain
CN109104410B (en) Information matching method and device
CN112613601A (en) Neural network model updating method, device and computer storage medium
Srinivasan et al. Transparent batchable time-lock puzzles and applications to byzantine consensus
CN114463009B (en) Method for improving transaction security of large-scale energy nodes
Mashhadi et al. Provably secure verifiable multi‐stage secret sharing scheme based on monotone span program
Yang et al. A survey and comparison of post-quantum and quantum blockchains
Cerulli et al. vetkeys: How a blockchain can keep many secrets
US11782758B2 (en) Distributed computing system and method of operation thereof
Sakho et al. Privacy protection issues in blockchain technology
Bu et al. RepShardChain: A reputation-based sharding blockchain system in smart city
US20220075668A1 (en) Distributed computing system and method of operation thereof
Li et al. A forward-secure certificate-based signature scheme in the standard model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 200,135 Building C3, No. 101, Eshan Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai

Patentee after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd.

Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120

Patentee before: NENG LIAN TECH. LTD.