CN110198213B - System based on secret shared random number consensus algorithm - Google Patents
System based on secret shared random number consensus algorithm Download PDFInfo
- Publication number
- CN110198213B CN110198213B CN201910256248.7A CN201910256248A CN110198213B CN 110198213 B CN110198213 B CN 110198213B CN 201910256248 A CN201910256248 A CN 201910256248A CN 110198213 B CN110198213 B CN 110198213B
- Authority
- CN
- China
- Prior art keywords
- signature
- consensus
- participant
- block
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a system based on secret shared random number consensus algorithm, which comprises a random number generation step and a random number-based consensus algorithm; the generation step of the random number comprises the periodic signature of a block high block, secret sharing with a central mechanism and the generation of the random number; the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the system based on the secret shared random number consensus algorithm introduces a random selection consensus node and a Byzantine consensus based on a verifiable random function on the basis of the rights and interests certification consensus algorithm, and ensures the rapidness, the efficiency and the safety consistency of the consensus algorithm.
Description
Technical Field
The invention relates to the application field of block chains, in particular to a system based on a secret shared random number consensus algorithm.
Background
The block chain is a novel system of computer technologies such as consensus algorithm, distributed storage, point-to-point transmission, encryption algorithm and the like. The method is widely applied to many fields of security trading, electronic commerce, intelligent contracts, Internet of things, social communication, file storage and the like. Current blockchain techniques consist of a string of cryptographically generated data blocks, each block containing a hash value (hash) of the previous block and being guaranteed to be generated after the previous block in time order, starting with a starting block (genetics block) and connecting to the current block, forming a chain of blocks. The consensus algorithm is the core technology of the blockchain. It determines the efficiency and partial security of the blockchain.
The consensus algorithm is a key for ensuring the consistency of the ledger data of each node of the block chain platform, and the common consensus algorithms at present include RAFT, P Byzantine, PoW, right certificate, D right certificate and the like. The RAFT algorithm is a consistent mature solution step of a traditional distributed system, has high performance and low resource consumption, but does not have the fault tolerance of Byzantine. The P-Byzantine algorithm is a consensus mechanism which permits voting and is subject to majority in a minority, has the capacity of tolerating Byzantine errors, and is not perfect in flexibility and reliability; the PoW algorithm relies on the computing power of the machine to obtain the accounting right, and the resource consumption is large and the speed is slow. The equity certificate consensus algorithm obtains the accounting right by a node with the highest equity but not the highest calculation power in the system, wherein the equity is embodied as the ownership of a node for a specific number of goods and public link certificates, and is called the public link certificate age or the number of days of the public link certificates; the equity certification algorithm solves the problem of computing power waste of the PoW algorithm to a certain extent; but still has the problem of poor supervision; PoW, equity certificate and D equity certificate all need reward mechanism to encourage the node to participate in accounting, and there are weak problems such as supervision simultaneously.
Disclosure of Invention
In view of the above, the present invention provides a system based on secret shared random number consensus algorithm that solves or partially solves the above-mentioned problems;
in order to achieve the effect of the technical steps, the technical steps of the invention are as follows: a system based on a secret shared random number consensus algorithm system is characterized by comprising a random number generation device and a consensus algorithm module, wherein the consensus algorithm module is used for outputting a consensus algorithm based on random numbers; the consensus algorithm based on the random number comprises randomly selecting a consensus node, a rights and interests certification algorithm and Byzantine consensus;
generating means of random numbers comprising means for generating a periodic signature of a block high block; a secret sharing computing device with a central authority; and also can generate a unique, definite, random, verifiable random number seed by random generationhigh;
Wherein the means for generating a periodic signature of the block high block is adapted to generate a periodic signature of the block high block; the periodic signature of the block high block in the device for generating the periodic signature of the block high block is calculated based on a bilinear mapping cryptographic algorithm, and comprises the steps of generating a secret key, signing and verifying a signature; in the periodic signature of the block high block, the means for generating the periodic signature of the block high block set a central authority and n participants, wherein n participants are marked with p1,p2,...,pnAnd let P ═ P1,P2...PnThe central organization generates a group public and private key pair which comprises a group public key pk and a group private key sk ∈ [1, P-1 }]Wherein n and p are integers,
the group public key pk g is calculated by the group private key skskG × G → G ', e is a non-degenerated bilinear mapping, G, G' is a prime number p factorial group, G is a generator of the group G;
each participant signs a message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a fragment signature sigmaiAnd sign the slice σiBroadcast, participant PiGenerated fragmentation signature σi:Participant PiSk is a public and private key pairi=f(i)modp,pki=gf(i)mod p;
WhereinBy inputting into the group public key pk, message m and subset of all members S: S ∈ P, let | S | ═ t, and the slice signature σiThe output is a threshold group signature sigma; where the message m is the seed of one block height before the current block height highhighAnd a threshold set signature of a block height that is one block height before the current block height high; threshold set signature σ is signed by the shards of participants in SiAnd generating a threshold group signature by the index of the participant in S, wherein the indexes of the participants in S are respectively set to be l1,l2,...,lt;
Participant PiGathering signatures σ broadcast by other participants1,σ2,...,σnAnd use its corresponding public key pkiTest label, e (sigma)i,g)=e(h(m),pki);
Participant PiSignature generation of a fragmented signature σ for a message mi:t is an integer, and the signature is broadcast; the central authority collects the signatures of the participants for generating messages, if t participants in the n participants send effective signatures, the set of the t participants is marked as S, and t is an integer;
the central authority generates a threshold set signature by a formula according to the slice signature and the index, j is 1.
And broadcasting the threshold group signature; each participant can verify the threshold set signature, e (σ, g) ═ e (h (m), pk), if equal, the threshold set signature verifies;
after the threshold group signature is generated, a random number seed of the current block height high is generated through a hash algorithmhigh=h(σhigh),h(σhigh) Is to sign σ for the threshold set of current block height highhighPerforming hash algorithm, seedhighIs uniquely determined by a verifiable threshold set signature; any participant passing the group public keyVerifying the threshold group signature, and checking the seed by using a hash algorithmhighAccuracy of (1), seedhighSeed dependent on one block height before the current block heighthigh-1And a threshold group signature of one block height before the current block height high; this allows the generation of a nearly indelible, unmanageable, unpredictable random number seed in a network with a sufficient number of participantshigh;
The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein x is an integer from 1 to n for constructing a function;
wherein a is0=sk,a1...at-1Respectively, randomly generated integers, for use as coefficients of a polynomial, and then making commitments to the coefficients of the polynomial:
wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, i 1, 2.., n, and sends f (i) secretly to the participant Pi(ii) a Participant PiAfter f (i) is received, whether the second formula is satisfied is verified:
if satisfied, accepting, ensuring that f (i) is calculated from a polynomial, where j is also an integer and ranges from an integer, AjIs one of the polynomial coefficients to be verified;
secret sharing with a central mechanism in a secret sharing computing device with the central mechanism in a random number generating device is a secret sharing step with the central mechanism, the secret sharing computing device with the central mechanism is used for processing that the central mechanism shares a secret s to n participants, and finally the secret sharing computing step of the central mechanism can be calculated as long as the number of the participants reaches a threshold value t by executing a secret sharing protocol, wherein s is an abbreviation of the secret and is used as a secret number in a system, and the secret shared by the central mechanism can be calculated;
the secret sharing protocol comprises the following specific steps: each participant Pi'In [1, p-1 ]]Randomly selecting one of the highest degree as t-1 and constructing a polynomial fi'(y):fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1Where y is an integer from 1 to n for constructing the function; and wherein: (a)i'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1All are generated randomly; participant Pi'Making a commitment to the polynomial coefficients selected by the user:and broadcasting the committed value; in addition to definition of si'j'=fi'(j')modp,j'∈[1,n](ii) a Participant Pi'Computing shares by sijDetermining; and sends the calculated sharing secret to the participant Pj'(ii) a Shared participant Pj'The member in (1) is marked as j', and the member j collects s sent by other members to the member1j',s2j',...,snj'The procedure is set to index, i.e.
index:j'=(s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn(j'))
Final definition of Si'j'shareCollecting all participants who correctly execute the secret sharing protocol; the secret sharing group public key is:
each participant PjThe secret sharing private key of (1) is:
each shared participant Pj'The corresponding public keys of (a) are:any participant cannot independently calculate the secret sharing group private key;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called byzantine; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine are good points; the consensus achieved in a system where byzantine nodes exist is called byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the method comprises the following steps that a certain amount of public link certificates need to be locked by a billing node of a rights and interests certification algorithm, and a billing node proposal and voting block generation are carried out, wherein the voting weight of the voting node depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust among nodes in an untrusted network; the byzantine consensus may be completed without exceeding 1/3 false nodes; after a plurality of reserve consensus nodes (lists are dynamically adjusted along with time and the number of the common chain certificates) are selected according to the number of the common chain certificates of the nodes, a part of the reserve nodes are randomly selected as the consensus nodes, and the nodes are randomly selected as the consensus nodes.
Detailed Description
In order to make the technical problems, technical steps and advantageous effects of the present invention more apparent, the present invention will be described in detail with reference to the following embodiments. It should be noted that the specific embodiments described herein are only for illustrating the present invention and are not to be construed as limiting the present invention, and products that can achieve the same functions are included in the scope of the present invention. The specific method comprises the following steps:
example 1: the following application scenario of the system based on the secret shared random number consensus algorithm is as follows: comprises the following steps:
the system based on secret shared random number consensus algorithm comprises a random number generation step and a random number-based consensus algorithm; the periodic signature of the block high block in the step of generating the random number is based on a bilinear mapping cryptographic algorithm and comprises the steps of generating a secret key, signing and verifying a signature;
g × G → G 'is a non-degenerate bilinear map, G, G' is a prime number p-factorial group, and the bilinear property is as follows:the secret key comprises a private key and a public key, and x ∈ [1, p-1 is randomly selected]As the private key, sk is x, and the public key pk is gxG is the generator of group G; the signature of the message m is sigma hxH ═ hash (m); the verifier verifies whether e (sigma, g) is equal to e (hash (m)) according to pk, m, sigma, hash, and if so, the signature passes;
the secret sharing with the central mechanism in the step of generating the random number is that one central mechanism shares one secret s to n participants, and finally, the secret shared by the central mechanism can be calculated as long as the number of the participants reaches a threshold value t by executing a set of protocols; by combining the periodic group signature of the block high block, t participants can provide respective signature fragments to recover a new signature;
having a central authority and n participants, P ═ P1,P2,...,PnThe central authority generates a group public and private key pair including a group private key and a group public key, sk ∈ [1, p-1 ]]As the group private key, a group public key pk ═ g is calculatedsk(ii) a The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein a is0Sk; commitment is made to polynomial coefficients:wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, i 1, 2.., n, and sends f (i) secret to participant Pi(ii) a Participant PiAfter receiving f (i), the equation is verified:whether equal, and if equal, accept, ensure that f (i) is calculated from a polynomial;
participant PiSk is a public and private key pairi=f(i)mod p,pki=gf(i)mod p, i ═ 1,2,. ang, n; participant PiSigning the message m:the central organization collects the signatures of the participants, if t participants in the n participants send effective signatures, the set of the t participants is marked as S, S ∈ P, | S | ═ t, the index of the participant in S is l1,l2,...,lt(ii) a The central authority generates a group signature:and broadcasting the group signature; each participant can verify the group signature, e (σ, g) ═ e (h (m), pk), if equal, the group signature verifies;
if n participants are used as the central authorities to execute a secret sharing protocol, namely the secret sharing protocol, and a block high block period signature step (T block high block period) with a threshold is combined, a unique, determined, random and verifiable random number can be generated:
secret sharing protocol: each participant PiIn [1, p-1 ]]Randomly selecting a polynomial with the highest degree of t-1: f. ofi(x)=ai0+ai1x+...+ai(t-1)xt-1Wherein: (a)i0,ai1,...,ai(t-1))∈[1,p-1]t-1(ii) a Participant PiMaking a commitment to the polynomial coefficients selected by the user:and broadcasting the commitment value; participant PiAnd (3) calculating shares: sij=fi(j)modp,j∈[1,n](ii) a And sends the calculated shared shares secret to the participant Pj(ii) a Member j gathers s sent to him by other members1j,s2j,...,snjI.e. by
index j:(s1j,s2j,...,sjj,...,snj)=(f1(j),f2(j),...,fj(j),...,fn(j))
And verifyWherein i ∈ [1, n](ii) a Finally defining P as a set of all participants who correctly execute the secret sharing protocol; the group public key is: PK ═ Πi∈PAi0modp; each participant PjThe private key of (A) is: skj=∑i∈Psij=∑i∈Pfi(j) mod p; each participant PjThe corresponding public keys of (a) are:any participant cannot independently calculate the group private key;
Share-Sign(ski,m):each participant signs a message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a signature fragment sigmaiAnd broadcasts the signature fragment, participant PiGenerated signature fragmentation:Share-Verify(PK,pki,m,σi): participant PiGathering signatures σ broadcast by other participants1,σ2,...,σnAnd using the corresponding public key pkiTest label, e (sigma)i,g)=e(H(m),pki); recover(PK,pki,m,σiI ∈ S) is input as a subset of the group public key, message m, and all members:such that | S | ═ t, and signature σiThe output is a threshold group signature sigma; wherein m is the union of the seed of h-1 height and the threshold set signature of h-1 height; after the group signature is generated, a random number seed is generated through a hash algorithmh=H(σh) Seed is uniquely determined by a verifiable group signature; verifying the group signature by any participant through the group public key, and verifying the correctness of the seed by using a hash algorithm, wherein the seed depends on the seed with the h-1 height and the threshold group signature with the h-1 height; thus, random numbers which are hardly breakable, unmanageable and unpredictable can be generated in a network with enough participants;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called byzantine; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine are good points; the agreement being reached in a system where byzantine nodes exist is called a byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the method comprises the following steps that a certain amount of public link certificates need to be locked by a billing node of a rights and interests certification algorithm, and a billing node proposal and voting block generation are carried out, wherein the voting weight of the voting node depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust among nodes in an untrusted network; the byzantine consensus may be completed without exceeding 1/3 false nodes; after a plurality of reserve consensus nodes (a list is dynamically adjusted along with time and the number of the common chain certificates) are selected according to the number of the common chain certificates held by the nodes, randomly selecting a part of the reserve nodes as the consensus nodes, namely the randomly selected consensus nodes;
the beneficial results of the invention are as follows: the invention provides a system based on a secret sharing random number consensus algorithm, wherein the generation step of the random number comprises block high block periodic signature, secret sharing with a central mechanism and random number generation; the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the Byzantine consensus can be completed under the condition that the number of wrong nodes does not exceed 1/3, the consistency of blocks is guaranteed, and the consensus speed and the safety are greatly improved.
The above description is only for the preferred embodiment of the present invention, and should not be used to limit the scope of the claims of the present invention. While the foregoing description will be understood and appreciated by those skilled in the relevant art, other equivalents may be made thereto without departing from the scope of the claims.
Claims (1)
1. The system based on the secret shared random number consensus algorithm is characterized by comprising a random number generation device and a consensus algorithm module, wherein the consensus algorithm module is used for outputting a result based on the consensus algorithm moduleConsensus algorithm of random numbers; the consensus algorithm based on the random number comprises a random selection consensus node, a rights and interests certification algorithm and a Byzantine consensus; the random number generating device comprises a device for generating a periodic signature of a block high block; a secret sharing computing device with a central authority; and also can generate a unique, determined, verifiable random number seed by random generationhigh;
Wherein the means for generating a periodic signature of the block high block is configured to generate a periodic signature of the block high block; the periodic signature of the block high block in the device for generating the periodic signature of the block high block is calculated based on a bilinear mapping cryptographic algorithm, and comprises generation, signature and signature verification of a secret key; in the periodic signature of the high block, the device for generating the periodic signature of the high block sets a central mechanism and n participants, wherein the n participants are marked as p1,p2,...,pnAnd let P ═ P1,p2…pnThe central organization generates a group public and private key pair which comprises a group public key pk and a group private key sk ∈ [1, P-1 }]Wherein n and p are integers,
the group public key pk g is calculated by the group private key skskG × G → G ', e is a non-degenerated bilinear mapping, G, G' is a prime number p factorial group, G is a generator of the group G;
message m is the seed of one block height before the current block height highhigh-1And a threshold set signature of a block height that is one block height before the current block height high; each participant signs the message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a fragment signature sigmaiAnd signing the fragments by sigmaiBroadcast, participant PiThe generated slice signature σi:Participant PiSk is a public and private key pairi=f(i)mod p,pki=gf(i)mod p;
Wherein S ∈ P is input as a group public key pk, the message m and a subset of all members S, such that | S | ═ t, t is an integer, and a slice signature σiThe output is a threshold group signature sigma; threshold set signature σ is signed by the shards of participants in SiAnd generating indexes of participants in S, wherein the indexes of the participants in S are respectively set to be l1,l2,...,lt;
Participant PiGathering signatures σ broadcast by other participants1,σ2,...,σnAnd use its corresponding public key pkiTest label, e (sigma)i,g)=e(h(m),pki);
Participant PiGenerating a fragment signature σ for the message m signaturei:And broadcasting the signature; the central authority collects the signatures of the participants for generating the message m, if t participants in the n participants send valid signatures, the set of the t participants is marked as S, and t is an integer;
the central authority generates a threshold set signature by a formula according to the slice signature and the index, j is 0.
And broadcasting the threshold group signature; each participant can verify the threshold set signature, e (σ, g) ═ e (h (m), pk), if equal, the threshold set signature verifies;
after the threshold group signature is generated, a random number seed of the current block height high is generated through a hash algorithmhigh=h(σhigh),h(σhigh) Is to sign σ for the threshold set of current block height highhighPerforming hash algorithm, seedhighIs uniquely determined by a verifiable threshold set signature; any participant verifies the threshold group signature through the group public key and then verifies the seed through a hash algorithmhighAccuracy of (1), seedhighDependent on the height of the current block beforeSeed of one block heighthigh-1And a threshold group signature of one block height before the current block height high; this allows the generation of a nearly indelible, unmanageable, unpredictable random number seed in a network with a sufficient number of participantshigh;
The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein x is an integer from 1 to n for constructing a function;
wherein a is0Sk and a1...at-1Respectively, randomly generated integers, for use as coefficients of the polynomial, and then making commitments to the coefficients of the polynomial:
wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, and sending f (i) secretly to the participant Pi(ii) a Participant PiAfter f (i) is received, whether the second formula is satisfied is verified:
if satisfied, it is accepted that f (i) is calculated from a polynomial, where j is also an integer, AjIs one of the commitment values to be verified;
secret sharing in a secret sharing computing device with a central mechanism is a secret sharing step with the central mechanism, the secret sharing computing device with the central mechanism is used for processing that the central mechanism shares a secret s with n participants, finally, the secret sharing computing step is carried out as long as the number of the participants reaches a threshold value t ', wherein s is an abbreviation of the secret and is used as a secret number in a system, the secret shared by the central mechanism can be computed, and the secret sharing computing device can realize that t' participants provide respective slicing signatures in secret sharing by combining the periodic signatures of the block high blocks, and recover a threshold group signature;
the secret sharing protocol comprises the following specific steps: each participant Pi'In [1, p-1 ]]Randomly selecting one of the highest degree as t-1 and constructing a polynomial fi'(y):fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1Where y is an integer from 1 to n for constructing the function; and wherein: (a)i'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1All are generated randomly; participant Pi'Making a commitment to the polynomial coefficients selected by the user:
and broadcasting the committed value; in addition to definition of si'j'=fi'(j') mod p; participant Pi'Computing a share, said share being given by si'j'Determining; and sending the calculated sharing secret to the participant Pj'(ii) a Shared participant Pj'Is marked as j ', member j' gathers other members and sends s to it1j',s2j',...,snj'The procedure is set to index, i.e.
J' is(s)1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn(j')) and verifiedWherein the integer k, i ', j' ∈ [0, t-1 ]];
Final definition of Si'j'shareCollecting all participants who correctly execute the secret sharing protocol; the secret sharing group public key is:
pkj'=Πi'∈PAi'0mod p;
each participant Pj'The secret sharing private key of (1) is:
each shared participant Pj'The corresponding public keys of (a) are:mod p; any participant cannot independently calculate the secret sharing group private key;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called a byzantine node; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine nodes are good points; the agreement being reached in a system where byzantine nodes exist is called a byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the accounting node of the equity certification algorithm needs to lock a certain amount of public link certificates, and the accounting node proposes and generates voting blocks, wherein the voting weight depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust between nodes in an untrusted network; the Byzantine consensus may be completed without exceeding 1/3 of wrong nodes; and after the lists of the plurality of reserved common identification nodes are dynamically adjusted along with time and the number of the common chain certificates, randomly selecting a part of the reserved nodes as common identification nodes, namely the randomly selected common identification nodes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910256248.7A CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910256248.7A CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110198213A CN110198213A (en) | 2019-09-03 |
CN110198213B true CN110198213B (en) | 2020-07-03 |
Family
ID=67751897
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910256248.7A Active CN110198213B (en) | 2019-04-01 | 2019-04-01 | System based on secret shared random number consensus algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110198213B (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110599173B (en) * | 2019-09-20 | 2021-08-17 | 腾讯科技(深圳)有限公司 | Block chain consensus node determination method, device, equipment and storage medium |
CN110601834B (en) * | 2019-09-30 | 2023-02-10 | 深圳市迅雷网络技术有限公司 | Consensus method, device, equipment and readable storage medium |
CN111049644B (en) * | 2019-10-22 | 2021-03-23 | 贵州财经大学 | Rational and fair secret information sharing method based on confusion incentive mechanism |
CN110825349B (en) * | 2019-11-14 | 2023-03-28 | 深圳市迅雷网络技术有限公司 | Random number generation method, block chain node, system and medium |
CN111539016B (en) * | 2020-04-14 | 2023-04-07 | 浙江浙燃能源有限公司 | Distributed computing method, system, block chain node and computer medium |
CA3158874C (en) | 2020-07-30 | 2023-02-07 | Tarek Ben Youssef | Systems and methods providing specialized proof of confidential knowledge |
CN112329051B (en) * | 2020-10-23 | 2023-09-19 | 中国科学院数据与通信保护研究教育中心 | Safe and efficient consensus mechanism implementation method and system |
CN112541821B (en) * | 2020-11-18 | 2023-02-28 | 齐鲁工业大学 | Entrusting equity certification consensus algorithm with dynamic trust |
CN116260645A (en) * | 2020-11-18 | 2023-06-13 | 北京数码视讯科技股份有限公司 | Node admittance method, consensus method, device, electronic equipment and storage medium |
CN112799636B (en) * | 2021-04-14 | 2021-08-27 | 北京百度网讯科技有限公司 | Random number generation method, device, equipment and storage medium |
CN113111373B (en) * | 2021-05-13 | 2022-06-07 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
CN114553407A (en) * | 2022-02-16 | 2022-05-27 | 淘宝(中国)软件有限公司 | Data processing method and device based on secret sharing |
CN114866233A (en) * | 2022-04-14 | 2022-08-05 | 上海阵方科技有限公司 | Method for ensuring correct trunk under secret sharing |
CN114826592B (en) * | 2022-06-22 | 2022-10-14 | 腾讯科技(深圳)有限公司 | Key generation method and device based on block chain, electronic equipment and readable medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109146484A (en) * | 2018-08-31 | 2019-01-04 | 深圳付贝科技有限公司 | Common recognition verification method, digging mine machine and block catenary system based on block chain |
CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2961095A1 (en) * | 2014-06-27 | 2015-12-30 | Thomson Licensing | Threshold cryptosystem, corresponding electronic devices and computer program products |
CN112541757A (en) * | 2016-05-04 | 2021-03-23 | 阿尔戈兰德有限责任公司 | Method for enabling a first entity of a blockchain system to prove to other entities |
CN107465505B (en) * | 2017-08-28 | 2021-07-09 | 创新先进技术有限公司 | Key data processing method and device and server |
CN108711052B (en) * | 2018-05-18 | 2021-04-30 | 电子科技大学 | Information verification system based on block chain |
CN109104286B (en) * | 2018-07-26 | 2021-08-17 | 杭州安恒信息技术股份有限公司 | Method for generating consensus new block based on threshold digital signature |
CN109067522B (en) * | 2018-07-27 | 2023-07-25 | 深圳市汇尊区块链技术有限公司 | Random number verifiable secret sharing method |
CN109377360B (en) * | 2018-08-31 | 2021-07-06 | 西安电子科技大学 | Block chain asset transaction transfer method based on weighted threshold signature algorithm |
-
2019
- 2019-04-01 CN CN201910256248.7A patent/CN110198213B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109146484A (en) * | 2018-08-31 | 2019-01-04 | 深圳付贝科技有限公司 | Common recognition verification method, digging mine machine and block catenary system based on block chain |
CN109544331A (en) * | 2018-10-12 | 2019-03-29 | 深圳壹账通智能科技有限公司 | Supply chain financial application method, apparatus and terminal device based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN110198213A (en) | 2019-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110198213B (en) | System based on secret shared random number consensus algorithm | |
US11232478B2 (en) | Methods and system for collecting statistics against distributed private data | |
WO2020133326A1 (en) | Blockchain generation method and system, and computer storage medium and electronic device | |
CN113111373B (en) | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system | |
Nguyen et al. | An online public auction protocol protecting bidder privacy | |
CN112651830B (en) | Block chain consensus method applied to power resource sharing network | |
CN113612604B (en) | Asynchronous network-oriented safe distributed random number generation method and device | |
CN101267308A (en) | Democratic signature method with threshold tracking | |
Liu et al. | Solutions to key exposure problem in ring signature | |
CN113783700B (en) | Authority and interest proving method and system capable of monitoring safety under fragmented block chain | |
CN113783697B (en) | Committee-based data broadcast service certification consensus protocol application method | |
CN104754570A (en) | Key distribution and reconstruction method and device based on mobile internet | |
CN114463009B (en) | Method for improving transaction security of large-scale energy nodes | |
EP1571778B1 (en) | Method and apparatuses for generating fair blind signatures | |
CN115174570A (en) | Cross-chain consensus method and system based on dynamic committee | |
Dharani et al. | A privacy-preserving framework for endorsement process in hyperledger fabric | |
CN115051985A (en) | Data consensus method of Byzantine fault-tolerant consensus protocol based on dynamic nodes | |
CN109766716A (en) | A kind of anonymous bidirectional authentication method based on trust computing | |
Fan et al. | Fairness electronic payment protocol | |
Wang et al. | Simulatable and secure certificate‐based threshold signature without pairings | |
Peng | Efficient VSS free of computational assumption | |
Tian et al. | A short non-delegatable strong designated verifier signature | |
Peng | Efficient proof of bid validity with untrusted verifier in homomorphic e‐auction | |
Tian et al. | A short non-delegatable strong designated verifier signature | |
Pasupathinathan et al. | A fair e-tendering Protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 200,135 Building C3, No. 101, Eshan Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai Patentee after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd. Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120 Patentee before: NENG LIAN TECH. LTD. |