CN110198213B - System based on secret shared random number consensus algorithm - Google Patents

System based on secret shared random number consensus algorithm Download PDF

Info

Publication number
CN110198213B
CN110198213B CN201910256248.7A CN201910256248A CN110198213B CN 110198213 B CN110198213 B CN 110198213B CN 201910256248 A CN201910256248 A CN 201910256248A CN 110198213 B CN110198213 B CN 110198213B
Authority
CN
China
Prior art keywords
signature
consensus
participant
block
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910256248.7A
Other languages
Chinese (zh)
Other versions
CN110198213A (en
Inventor
林乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Lingshuzhonghe Information Technology Co ltd
Original Assignee
Neng Lian Tech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neng Lian Tech Ltd filed Critical Neng Lian Tech Ltd
Priority to CN201910256248.7A priority Critical patent/CN110198213B/en
Publication of CN110198213A publication Critical patent/CN110198213A/en
Application granted granted Critical
Publication of CN110198213B publication Critical patent/CN110198213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a system based on secret shared random number consensus algorithm, which comprises a random number generation step and a random number-based consensus algorithm; the generation step of the random number comprises the periodic signature of a block high block, secret sharing with a central mechanism and the generation of the random number; the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the system based on the secret shared random number consensus algorithm introduces a random selection consensus node and a Byzantine consensus based on a verifiable random function on the basis of the rights and interests certification consensus algorithm, and ensures the rapidness, the efficiency and the safety consistency of the consensus algorithm.

Description

System based on secret shared random number consensus algorithm
Technical Field
The invention relates to the application field of block chains, in particular to a system based on a secret shared random number consensus algorithm.
Background
The block chain is a novel system of computer technologies such as consensus algorithm, distributed storage, point-to-point transmission, encryption algorithm and the like. The method is widely applied to many fields of security trading, electronic commerce, intelligent contracts, Internet of things, social communication, file storage and the like. Current blockchain techniques consist of a string of cryptographically generated data blocks, each block containing a hash value (hash) of the previous block and being guaranteed to be generated after the previous block in time order, starting with a starting block (genetics block) and connecting to the current block, forming a chain of blocks. The consensus algorithm is the core technology of the blockchain. It determines the efficiency and partial security of the blockchain.
The consensus algorithm is a key for ensuring the consistency of the ledger data of each node of the block chain platform, and the common consensus algorithms at present include RAFT, P Byzantine, PoW, right certificate, D right certificate and the like. The RAFT algorithm is a consistent mature solution step of a traditional distributed system, has high performance and low resource consumption, but does not have the fault tolerance of Byzantine. The P-Byzantine algorithm is a consensus mechanism which permits voting and is subject to majority in a minority, has the capacity of tolerating Byzantine errors, and is not perfect in flexibility and reliability; the PoW algorithm relies on the computing power of the machine to obtain the accounting right, and the resource consumption is large and the speed is slow. The equity certificate consensus algorithm obtains the accounting right by a node with the highest equity but not the highest calculation power in the system, wherein the equity is embodied as the ownership of a node for a specific number of goods and public link certificates, and is called the public link certificate age or the number of days of the public link certificates; the equity certification algorithm solves the problem of computing power waste of the PoW algorithm to a certain extent; but still has the problem of poor supervision; PoW, equity certificate and D equity certificate all need reward mechanism to encourage the node to participate in accounting, and there are weak problems such as supervision simultaneously.
Disclosure of Invention
In view of the above, the present invention provides a system based on secret shared random number consensus algorithm that solves or partially solves the above-mentioned problems;
in order to achieve the effect of the technical steps, the technical steps of the invention are as follows: a system based on a secret shared random number consensus algorithm system is characterized by comprising a random number generation device and a consensus algorithm module, wherein the consensus algorithm module is used for outputting a consensus algorithm based on random numbers; the consensus algorithm based on the random number comprises randomly selecting a consensus node, a rights and interests certification algorithm and Byzantine consensus;
generating means of random numbers comprising means for generating a periodic signature of a block high block; a secret sharing computing device with a central authority; and also can generate a unique, definite, random, verifiable random number seed by random generationhigh
Wherein the means for generating a periodic signature of the block high block is adapted to generate a periodic signature of the block high block; the periodic signature of the block high block in the device for generating the periodic signature of the block high block is calculated based on a bilinear mapping cryptographic algorithm, and comprises the steps of generating a secret key, signing and verifying a signature; in the periodic signature of the block high block, the means for generating the periodic signature of the block high block set a central authority and n participants, wherein n participants are marked with p1,p2,...,pnAnd let P ═ P1,P2...PnThe central organization generates a group public and private key pair which comprises a group public key pk and a group private key sk ∈ [1, P-1 }]Wherein n and p are integers,
the group public key pk g is calculated by the group private key skskG × G → G ', e is a non-degenerated bilinear mapping, G, G' is a prime number p factorial group, G is a generator of the group G;
each participant signs a message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a fragment signature sigmaiAnd sign the slice σiBroadcast, participant PiGenerated fragmentation signature σi
Figure RE-GDA0002135711120000021
Participant PiSk is a public and private key pairi=f(i)modp,pki=gf(i)mod p;
WhereinBy inputting into the group public key pk, message m and subset of all members S: S ∈ P, let | S | ═ t, and the slice signature σiThe output is a threshold group signature sigma; where the message m is the seed of one block height before the current block height highhighAnd a threshold set signature of a block height that is one block height before the current block height high; threshold set signature σ is signed by the shards of participants in SiAnd generating a threshold group signature by the index of the participant in S, wherein the indexes of the participants in S are respectively set to be l1,l2,...,lt
Participant PiGathering signatures σ broadcast by other participants12,...,σnAnd use its corresponding public key pkiTest label, e (sigma)i,g)=e(h(m),pki);
Participant PiSignature generation of a fragmented signature σ for a message mi:
Figure RE-GDA0002135711120000033
t is an integer, and the signature is broadcast; the central authority collects the signatures of the participants for generating messages, if t participants in the n participants send effective signatures, the set of the t participants is marked as S, and t is an integer;
the central authority generates a threshold set signature by a formula according to the slice signature and the index, j is 1.
Figure RE-GDA0002135711120000031
And broadcasting the threshold group signature; each participant can verify the threshold set signature, e (σ, g) ═ e (h (m), pk), if equal, the threshold set signature verifies;
after the threshold group signature is generated, a random number seed of the current block height high is generated through a hash algorithmhigh=h(σhigh),h(σhigh) Is to sign σ for the threshold set of current block height highhighPerforming hash algorithm, seedhighIs uniquely determined by a verifiable threshold set signature; any participant passing the group public keyVerifying the threshold group signature, and checking the seed by using a hash algorithmhighAccuracy of (1), seedhighSeed dependent on one block height before the current block heighthigh-1And a threshold group signature of one block height before the current block height high; this allows the generation of a nearly indelible, unmanageable, unpredictable random number seed in a network with a sufficient number of participantshigh
The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein x is an integer from 1 to n for constructing a function;
wherein a is0=sk,a1...at-1Respectively, randomly generated integers, for use as coefficients of a polynomial, and then making commitments to the coefficients of the polynomial:
Figure RE-GDA0002135711120000032
wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, i 1, 2.., n, and sends f (i) secretly to the participant Pi(ii) a Participant PiAfter f (i) is received, whether the second formula is satisfied is verified:
Figure RE-GDA0002135711120000041
if satisfied, accepting, ensuring that f (i) is calculated from a polynomial, where j is also an integer and ranges from an integer, AjIs one of the polynomial coefficients to be verified;
secret sharing with a central mechanism in a secret sharing computing device with the central mechanism in a random number generating device is a secret sharing step with the central mechanism, the secret sharing computing device with the central mechanism is used for processing that the central mechanism shares a secret s to n participants, and finally the secret sharing computing step of the central mechanism can be calculated as long as the number of the participants reaches a threshold value t by executing a secret sharing protocol, wherein s is an abbreviation of the secret and is used as a secret number in a system, and the secret shared by the central mechanism can be calculated;
the secret sharing protocol comprises the following specific steps: each participant Pi'In [1, p-1 ]]Randomly selecting one of the highest degree as t-1 and constructing a polynomial fi'(y):fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1Where y is an integer from 1 to n for constructing the function; and wherein: (a)i'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1All are generated randomly; participant Pi'Making a commitment to the polynomial coefficients selected by the user:
Figure RE-GDA0002135711120000042
and broadcasting the committed value; in addition to definition of si'j'=fi'(j')modp,j'∈[1,n](ii) a Participant Pi'Computing shares by sijDetermining; and sends the calculated sharing secret to the participant Pj'(ii) a Shared participant Pj'The member in (1) is marked as j', and the member j collects s sent by other members to the member1j',s2j',...,snj'The procedure is set to index, i.e.
index:j'=(s1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn(j'))
And verify
Figure RE-GDA0002135711120000051
Wherein the integer k, i ', j' ∈ [1, n ]];
Final definition of Si'j'shareCollecting all participants who correctly execute the secret sharing protocol; the secret sharing group public key is:
Figure RE-GDA0002135711120000052
each participant PjThe secret sharing private key of (1) is:
Figure RE-GDA0002135711120000053
each shared participant Pj'The corresponding public keys of (a) are:
Figure RE-GDA0002135711120000054
any participant cannot independently calculate the secret sharing group private key;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called byzantine; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine are good points; the consensus achieved in a system where byzantine nodes exist is called byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the method comprises the following steps that a certain amount of public link certificates need to be locked by a billing node of a rights and interests certification algorithm, and a billing node proposal and voting block generation are carried out, wherein the voting weight of the voting node depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust among nodes in an untrusted network; the byzantine consensus may be completed without exceeding 1/3 false nodes; after a plurality of reserve consensus nodes (lists are dynamically adjusted along with time and the number of the common chain certificates) are selected according to the number of the common chain certificates of the nodes, a part of the reserve nodes are randomly selected as the consensus nodes, and the nodes are randomly selected as the consensus nodes.
Detailed Description
In order to make the technical problems, technical steps and advantageous effects of the present invention more apparent, the present invention will be described in detail with reference to the following embodiments. It should be noted that the specific embodiments described herein are only for illustrating the present invention and are not to be construed as limiting the present invention, and products that can achieve the same functions are included in the scope of the present invention. The specific method comprises the following steps:
example 1: the following application scenario of the system based on the secret shared random number consensus algorithm is as follows: comprises the following steps:
the system based on secret shared random number consensus algorithm comprises a random number generation step and a random number-based consensus algorithm; the periodic signature of the block high block in the step of generating the random number is based on a bilinear mapping cryptographic algorithm and comprises the steps of generating a secret key, signing and verifying a signature;
g × G → G 'is a non-degenerate bilinear map, G, G' is a prime number p-factorial group, and the bilinear property is as follows:
Figure RE-GDA0002135711120000061
the secret key comprises a private key and a public key, and x ∈ [1, p-1 is randomly selected]As the private key, sk is x, and the public key pk is gxG is the generator of group G; the signature of the message m is sigma hxH ═ hash (m); the verifier verifies whether e (sigma, g) is equal to e (hash (m)) according to pk, m, sigma, hash, and if so, the signature passes;
the secret sharing with the central mechanism in the step of generating the random number is that one central mechanism shares one secret s to n participants, and finally, the secret shared by the central mechanism can be calculated as long as the number of the participants reaches a threshold value t by executing a set of protocols; by combining the periodic group signature of the block high block, t participants can provide respective signature fragments to recover a new signature;
having a central authority and n participants, P ═ P1,P2,...,PnThe central authority generates a group public and private key pair including a group private key and a group public key, sk ∈ [1, p-1 ]]As the group private key, a group public key pk ═ g is calculatedsk(ii) a The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein a is0Sk; commitment is made to polynomial coefficients:
Figure RE-GDA0002135711120000062
wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, i 1, 2.., n, and sends f (i) secret to participant Pi(ii) a Participant PiAfter receiving f (i), the equation is verified:
Figure RE-GDA0002135711120000071
whether equal, and if equal, accept, ensure that f (i) is calculated from a polynomial;
participant PiSk is a public and private key pairi=f(i)mod p,pki=gf(i)mod p, i ═ 1,2,. ang, n; participant PiSigning the message m:
Figure RE-GDA0002135711120000072
the central organization collects the signatures of the participants, if t participants in the n participants send effective signatures, the set of the t participants is marked as S, S ∈ P, | S | ═ t, the index of the participant in S is l1,l2,...,lt(ii) a The central authority generates a group signature:
Figure RE-GDA0002135711120000073
and broadcasting the group signature; each participant can verify the group signature, e (σ, g) ═ e (h (m), pk), if equal, the group signature verifies;
if n participants are used as the central authorities to execute a secret sharing protocol, namely the secret sharing protocol, and a block high block period signature step (T block high block period) with a threshold is combined, a unique, determined, random and verifiable random number can be generated:
secret sharing protocol: each participant PiIn [1, p-1 ]]Randomly selecting a polynomial with the highest degree of t-1: f. ofi(x)=ai0+ai1x+...+ai(t-1)xt-1Wherein: (a)i0,ai1,...,ai(t-1))∈[1,p-1]t-1(ii) a Participant PiMaking a commitment to the polynomial coefficients selected by the user:
Figure RE-GDA0002135711120000074
and broadcasting the commitment value; participant PiAnd (3) calculating shares: sij=fi(j)modp,j∈[1,n](ii) a And sends the calculated shared shares secret to the participant Pj(ii) a Member j gathers s sent to him by other members1j,s2j,...,snjI.e. by
index j:(s1j,s2j,...,sjj,...,snj)=(f1(j),f2(j),...,fj(j),...,fn(j))
And verify
Figure RE-GDA0002135711120000075
Wherein i ∈ [1, n](ii) a Finally defining P as a set of all participants who correctly execute the secret sharing protocol; the group public key is: PK ═ Πi∈PAi0modp; each participant PjThe private key of (A) is: skj=∑i∈Psij=∑i∈Pfi(j) mod p; each participant PjThe corresponding public keys of (a) are:
Figure RE-GDA0002135711120000076
any participant cannot independently calculate the group private key;
Share-Sign(ski,m):each participant signs a message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a signature fragment sigmaiAnd broadcasts the signature fragment, participant PiGenerated signature fragmentation:
Figure RE-GDA0002135711120000081
Share-Verify(PK,pki,m,σi): participant PiGathering signatures σ broadcast by other participants12,...,σnAnd using the corresponding public key pkiTest label, e (sigma)i,g)=e(H(m),pki); recover(PK,pki,m,σiI ∈ S) is input as a subset of the group public key, message m, and all members:
Figure RE-GDA0002135711120000082
such that | S | ═ t, and signature σiThe output is a threshold group signature sigma; wherein m is the union of the seed of h-1 height and the threshold set signature of h-1 height; after the group signature is generated, a random number seed is generated through a hash algorithmh=H(σh) Seed is uniquely determined by a verifiable group signature; verifying the group signature by any participant through the group public key, and verifying the correctness of the seed by using a hash algorithm, wherein the seed depends on the seed with the h-1 height and the threshold group signature with the h-1 height; thus, random numbers which are hardly breakable, unmanageable and unpredictable can be generated in a network with enough participants;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called byzantine; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine are good points; the agreement being reached in a system where byzantine nodes exist is called a byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the method comprises the following steps that a certain amount of public link certificates need to be locked by a billing node of a rights and interests certification algorithm, and a billing node proposal and voting block generation are carried out, wherein the voting weight of the voting node depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust among nodes in an untrusted network; the byzantine consensus may be completed without exceeding 1/3 false nodes; after a plurality of reserve consensus nodes (a list is dynamically adjusted along with time and the number of the common chain certificates) are selected according to the number of the common chain certificates held by the nodes, randomly selecting a part of the reserve nodes as the consensus nodes, namely the randomly selected consensus nodes;
the beneficial results of the invention are as follows: the invention provides a system based on a secret sharing random number consensus algorithm, wherein the generation step of the random number comprises block high block periodic signature, secret sharing with a central mechanism and random number generation; the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the Byzantine consensus can be completed under the condition that the number of wrong nodes does not exceed 1/3, the consistency of blocks is guaranteed, and the consensus speed and the safety are greatly improved.
The above description is only for the preferred embodiment of the present invention, and should not be used to limit the scope of the claims of the present invention. While the foregoing description will be understood and appreciated by those skilled in the relevant art, other equivalents may be made thereto without departing from the scope of the claims.

Claims (1)

1. The system based on the secret shared random number consensus algorithm is characterized by comprising a random number generation device and a consensus algorithm module, wherein the consensus algorithm module is used for outputting a result based on the consensus algorithm moduleConsensus algorithm of random numbers; the consensus algorithm based on the random number comprises a random selection consensus node, a rights and interests certification algorithm and a Byzantine consensus; the random number generating device comprises a device for generating a periodic signature of a block high block; a secret sharing computing device with a central authority; and also can generate a unique, determined, verifiable random number seed by random generationhigh
Wherein the means for generating a periodic signature of the block high block is configured to generate a periodic signature of the block high block; the periodic signature of the block high block in the device for generating the periodic signature of the block high block is calculated based on a bilinear mapping cryptographic algorithm, and comprises generation, signature and signature verification of a secret key; in the periodic signature of the high block, the device for generating the periodic signature of the high block sets a central mechanism and n participants, wherein the n participants are marked as p1,p2,...,pnAnd let P ═ P1,p2…pnThe central organization generates a group public and private key pair which comprises a group public key pk and a group private key sk ∈ [1, P-1 }]Wherein n and p are integers,
the group public key pk g is calculated by the group private key skskG × G → G ', e is a non-degenerated bilinear mapping, G, G' is a prime number p factorial group, G is a generator of the group G;
message m is the seed of one block height before the current block height highhigh-1And a threshold set signature of a block height that is one block height before the current block height high; each participant signs the message m by using a block high block periodic signature algorithm and a private key thereof, and outputs a fragment signature sigmaiAnd signing the fragments by sigmaiBroadcast, participant PiThe generated slice signature σi
Figure FDA0002493639870000011
Participant PiSk is a public and private key pairi=f(i)mod p,pki=gf(i)mod p;
Wherein S ∈ P is input as a group public key pk, the message m and a subset of all members S, such that | S | ═ t, t is an integer, and a slice signature σiThe output is a threshold group signature sigma; threshold set signature σ is signed by the shards of participants in SiAnd generating indexes of participants in S, wherein the indexes of the participants in S are respectively set to be l1,l2,...,lt
Participant PiGathering signatures σ broadcast by other participants12,...,σnAnd use its corresponding public key pkiTest label, e (sigma)i,g)=e(h(m),pki);
Participant PiGenerating a fragment signature σ for the message m signaturei:
Figure FDA0002493639870000021
And broadcasting the signature; the central authority collects the signatures of the participants for generating the message m, if t participants in the n participants send valid signatures, the set of the t participants is marked as S, and t is an integer;
the central authority generates a threshold set signature by a formula according to the slice signature and the index, j is 0.
Figure FDA0002493639870000022
And broadcasting the threshold group signature; each participant can verify the threshold set signature, e (σ, g) ═ e (h (m), pk), if equal, the threshold set signature verifies;
after the threshold group signature is generated, a random number seed of the current block height high is generated through a hash algorithmhigh=h(σhigh),h(σhigh) Is to sign σ for the threshold set of current block height highhighPerforming hash algorithm, seedhighIs uniquely determined by a verifiable threshold set signature; any participant verifies the threshold group signature through the group public key and then verifies the seed through a hash algorithmhighAccuracy of (1), seedhighDependent on the height of the current block beforeSeed of one block heighthigh-1And a threshold group signature of one block height before the current block height high; this allows the generation of a nearly indelible, unmanageable, unpredictable random number seed in a network with a sufficient number of participantshigh
The central mechanism randomly selects polynomial coefficients to construct a polynomial f (x) a0+a1x+...+at-1xt-1Wherein x is an integer from 1 to n for constructing a function;
wherein a is0Sk and a1...at-1Respectively, randomly generated integers, for use as coefficients of the polynomial, and then making commitments to the coefficients of the polynomial:
Figure FDA0002493639870000031
wherein A is0P k, and A0,A1,...,At-1Broadcasting; the central mechanism calculates: f (i) modp, and sending f (i) secretly to the participant Pi(ii) a Participant PiAfter f (i) is received, whether the second formula is satisfied is verified:
Figure FDA0002493639870000032
if satisfied, it is accepted that f (i) is calculated from a polynomial, where j is also an integer, AjIs one of the commitment values to be verified;
secret sharing in a secret sharing computing device with a central mechanism is a secret sharing step with the central mechanism, the secret sharing computing device with the central mechanism is used for processing that the central mechanism shares a secret s with n participants, finally, the secret sharing computing step is carried out as long as the number of the participants reaches a threshold value t ', wherein s is an abbreviation of the secret and is used as a secret number in a system, the secret shared by the central mechanism can be computed, and the secret sharing computing device can realize that t' participants provide respective slicing signatures in secret sharing by combining the periodic signatures of the block high blocks, and recover a threshold group signature;
the secret sharing protocol comprises the following specific steps: each participant Pi'In [1, p-1 ]]Randomly selecting one of the highest degree as t-1 and constructing a polynomial fi'(y):fi'(y)=ai'0+ai'1y+...+ai'(t-1)yt-1Where y is an integer from 1 to n for constructing the function; and wherein: (a)i'0,ai'1,...,ai'(t-1))∈[1,p-1]t-1All are generated randomly; participant Pi'Making a commitment to the polynomial coefficients selected by the user:
Figure FDA0002493639870000033
and broadcasting the committed value; in addition to definition of si'j'=fi'(j') mod p; participant Pi'Computing a share, said share being given by si'j'Determining; and sending the calculated sharing secret to the participant Pj'(ii) a Shared participant Pj'Is marked as j ', member j' gathers other members and sends s to it1j',s2j',...,snj'The procedure is set to index, i.e.
J' is(s)1j',s2j',...,sj'j',...,snj')=(f1(j'),f2(j'),...,fj(j'),...,fn(j')) and verified
Figure FDA0002493639870000041
Wherein the integer k, i ', j' ∈ [0, t-1 ]];
Final definition of Si'j'shareCollecting all participants who correctly execute the secret sharing protocol; the secret sharing group public key is:
pkj'=Πi'∈PAi'0mod p;
each participant Pj'The secret sharing private key of (1) is:
Figure FDA0002493639870000042
each shared participant Pj'The corresponding public keys of (a) are:
Figure FDA0002493639870000043
mod p; any participant cannot independently calculate the secret sharing group private key;
the consensus algorithm based on the random number comprises a rights and interests certification algorithm, Byzantine consensus and random selection consensus nodes; the consistency of consensus is that the decision values of all good nodes must be the same; the termination of consensus means that all good nodes end the decision process within a limited time; the effectiveness of consensus is that the selected decision value must be the input value of a certain node; a node that may exhibit arbitrary behavior, meaning all imaginable things, is called a byzantine node; the Byzantine behavior also comprises collusion, all Byzantine nodes are controlled by the same attacker, namely all nodes which are not Byzantine nodes are good points; the agreement being reached in a system where byzantine nodes exist is called a byzantine agreement; the Byzantine node must control over 51% of computing power and over 51% of rights and interests at the same time, and then can successfully implement 51% of attacks;
the equity proving algorithm does not need to obtain the node accounting right through consuming computing power; the accounting node of the equity certification algorithm needs to lock a certain amount of public link certificates, and the accounting node proposes and generates voting blocks, wherein the voting weight depends on the number of the held public link certificates; that is, each network node is linked to an address, and the more the address has a public link certificate, the greater the probability that it obtains the next block; the purpose of the Byzantine consensus is to establish trust between nodes in an untrusted network; the Byzantine consensus may be completed without exceeding 1/3 of wrong nodes; and after the lists of the plurality of reserved common identification nodes are dynamically adjusted along with time and the number of the common chain certificates, randomly selecting a part of the reserved nodes as common identification nodes, namely the randomly selected common identification nodes.
CN201910256248.7A 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm Active CN110198213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910256248.7A CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910256248.7A CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Publications (2)

Publication Number Publication Date
CN110198213A CN110198213A (en) 2019-09-03
CN110198213B true CN110198213B (en) 2020-07-03

Family

ID=67751897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910256248.7A Active CN110198213B (en) 2019-04-01 2019-04-01 System based on secret shared random number consensus algorithm

Country Status (1)

Country Link
CN (1) CN110198213B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110599173B (en) * 2019-09-20 2021-08-17 腾讯科技(深圳)有限公司 Block chain consensus node determination method, device, equipment and storage medium
CN110601834B (en) * 2019-09-30 2023-02-10 深圳市迅雷网络技术有限公司 Consensus method, device, equipment and readable storage medium
CN111049644B (en) * 2019-10-22 2021-03-23 贵州财经大学 Rational and fair secret information sharing method based on confusion incentive mechanism
CN110825349B (en) * 2019-11-14 2023-03-28 深圳市迅雷网络技术有限公司 Random number generation method, block chain node, system and medium
CN111539016B (en) * 2020-04-14 2023-04-07 浙江浙燃能源有限公司 Distributed computing method, system, block chain node and computer medium
CA3158874C (en) 2020-07-30 2023-02-07 Tarek Ben Youssef Systems and methods providing specialized proof of confidential knowledge
CN112329051B (en) * 2020-10-23 2023-09-19 中国科学院数据与通信保护研究教育中心 Safe and efficient consensus mechanism implementation method and system
CN112541821B (en) * 2020-11-18 2023-02-28 齐鲁工业大学 Entrusting equity certification consensus algorithm with dynamic trust
CN116260645A (en) * 2020-11-18 2023-06-13 北京数码视讯科技股份有限公司 Node admittance method, consensus method, device, electronic equipment and storage medium
CN112799636B (en) * 2021-04-14 2021-08-27 北京百度网讯科技有限公司 Random number generation method, device, equipment and storage medium
CN113111373B (en) * 2021-05-13 2022-06-07 北京邮电大学 Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
CN114553407A (en) * 2022-02-16 2022-05-27 淘宝(中国)软件有限公司 Data processing method and device based on secret sharing
CN114866233A (en) * 2022-04-14 2022-08-05 上海阵方科技有限公司 Method for ensuring correct trunk under secret sharing
CN114826592B (en) * 2022-06-22 2022-10-14 腾讯科技(深圳)有限公司 Key generation method and device based on block chain, electronic equipment and readable medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109146484A (en) * 2018-08-31 2019-01-04 深圳付贝科技有限公司 Common recognition verification method, digging mine machine and block catenary system based on block chain
CN109544331A (en) * 2018-10-12 2019-03-29 深圳壹账通智能科技有限公司 Supply chain financial application method, apparatus and terminal device based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2961095A1 (en) * 2014-06-27 2015-12-30 Thomson Licensing Threshold cryptosystem, corresponding electronic devices and computer program products
CN112541757A (en) * 2016-05-04 2021-03-23 阿尔戈兰德有限责任公司 Method for enabling a first entity of a blockchain system to prove to other entities
CN107465505B (en) * 2017-08-28 2021-07-09 创新先进技术有限公司 Key data processing method and device and server
CN108711052B (en) * 2018-05-18 2021-04-30 电子科技大学 Information verification system based on block chain
CN109104286B (en) * 2018-07-26 2021-08-17 杭州安恒信息技术股份有限公司 Method for generating consensus new block based on threshold digital signature
CN109067522B (en) * 2018-07-27 2023-07-25 深圳市汇尊区块链技术有限公司 Random number verifiable secret sharing method
CN109377360B (en) * 2018-08-31 2021-07-06 西安电子科技大学 Block chain asset transaction transfer method based on weighted threshold signature algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109003083A (en) * 2018-07-27 2018-12-14 山东渔翁信息技术股份有限公司 A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN109146484A (en) * 2018-08-31 2019-01-04 深圳付贝科技有限公司 Common recognition verification method, digging mine machine and block catenary system based on block chain
CN109544331A (en) * 2018-10-12 2019-03-29 深圳壹账通智能科技有限公司 Supply chain financial application method, apparatus and terminal device based on block chain

Also Published As

Publication number Publication date
CN110198213A (en) 2019-09-03

Similar Documents

Publication Publication Date Title
CN110198213B (en) System based on secret shared random number consensus algorithm
US11232478B2 (en) Methods and system for collecting statistics against distributed private data
WO2020133326A1 (en) Blockchain generation method and system, and computer storage medium and electronic device
CN113111373B (en) Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system
Nguyen et al. An online public auction protocol protecting bidder privacy
CN112651830B (en) Block chain consensus method applied to power resource sharing network
CN113612604B (en) Asynchronous network-oriented safe distributed random number generation method and device
CN101267308A (en) Democratic signature method with threshold tracking
Liu et al. Solutions to key exposure problem in ring signature
CN113783700B (en) Authority and interest proving method and system capable of monitoring safety under fragmented block chain
CN113783697B (en) Committee-based data broadcast service certification consensus protocol application method
CN104754570A (en) Key distribution and reconstruction method and device based on mobile internet
CN114463009B (en) Method for improving transaction security of large-scale energy nodes
EP1571778B1 (en) Method and apparatuses for generating fair blind signatures
CN115174570A (en) Cross-chain consensus method and system based on dynamic committee
Dharani et al. A privacy-preserving framework for endorsement process in hyperledger fabric
CN115051985A (en) Data consensus method of Byzantine fault-tolerant consensus protocol based on dynamic nodes
CN109766716A (en) A kind of anonymous bidirectional authentication method based on trust computing
Fan et al. Fairness electronic payment protocol
Wang et al. Simulatable and secure certificate‐based threshold signature without pairings
Peng Efficient VSS free of computational assumption
Tian et al. A short non-delegatable strong designated verifier signature
Peng Efficient proof of bid validity with untrusted verifier in homomorphic e‐auction
Tian et al. A short non-delegatable strong designated verifier signature
Pasupathinathan et al. A fair e-tendering Protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 200,135 Building C3, No. 101, Eshan Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai

Patentee after: Shanghai Lingshuzhonghe Information Technology Co.,Ltd.

Address before: 18ef, China Resources Times Plaza, 500 Zhangyang Road, Pudong New Area, Shanghai, 200120

Patentee before: NENG LIAN TECH. LTD.