CN110233733A - Undetachable digital signatures general construction method towards block chain intelligence contract - Google Patents

Undetachable digital signatures general construction method towards block chain intelligence contract Download PDF

Info

Publication number
CN110233733A
CN110233733A CN201910487516.6A CN201910487516A CN110233733A CN 110233733 A CN110233733 A CN 110233733A CN 201910487516 A CN201910487516 A CN 201910487516A CN 110233733 A CN110233733 A CN 110233733A
Authority
CN
China
Prior art keywords
algorithm
signature
transaction
block chain
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910487516.6A
Other languages
Chinese (zh)
Other versions
CN110233733B (en
Inventor
史扬
李晔
韩秋月
马致远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN201910487516.6A priority Critical patent/CN110233733B/en
Publication of CN110233733A publication Critical patent/CN110233733A/en
Application granted granted Critical
Publication of CN110233733B publication Critical patent/CN110233733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses the undetachable digital signatures general construction methods towards block chain intelligence contract, belong to cryptography and block chain technical field.Including following algorithm: (1) Setup: the algorithm is used to generate the public system parameter of scheme.(2) KGen: the algorithm is used to generate the public key and private key of user, and wherein private key is for signing, and public key is for verifying.(3) SignFuncGen: the algorithm is used to generate undetachable digital signatures algorithm in client, and binds with the content of intelligent contract.(4) UndSign: the algorithm be used for generates trade can not be split signature value, input to can not be split signature algorithm fSigned(x), transaction t to be signed.(5) UndVerify: the algorithm is used to verify the signature that can not be split of intelligent contract transaction, output " effective " or engineering noise.The present invention is in the white-box attack context, it can be achieved that the intelligent contract for being suitable for any digital signature acts on behalf of undetachable digital signatures.

Description

Undetachable digital signatures general construction method towards block chain intelligence contract
Technical field
The invention belongs to cryptographies and block chain technical field, and in particular to ellipse curve signature algorithm is applied to block The relevant signature algorithm of chain intelligence contract.
Background technique
In recent years, the development of block chain technology is swift and violent, has been come at present with intelligent contract when be the block chain 2.0 indicated Generation.It is also that block chain is brought in the publicly-owned chain of global most active block chain 2.0, the appearance in ether mill at present into that ether mill, which is first, Intelligent contract epoch.
Ether mill is positioned at block chain application platform, on this platform, can issue various intelligent contracts, and can and its He carries out data interaction at external system, to realize various industries application.There are two kinds of accounts, a kind of external accounts in ether mill Family is controlled by the private key of user, and one is contract accounts, is controlled by intelligent contract code.Row on all ether mill block chains Dynamic is all the transaction activation sent by each account.Contract account receives a transaction, and included parameter of trading can all become intelligence The input value of contract code is run, and then storage inside is read or is written, and sends messages to other accounts, or creation is new Intelligent contract.
It trades for existing ether mill, main safety precautions is to ensure that the body of transaction using digital signature Part verifying, integrality, non-repudiation.Signature process is generally executed by the external account for holding private key, when external account receives When one message, external account signs to the cryptographic Hash of message with the private key of oneself, and then signature value and message itself are sent out Give other side.Verification process is generally executed by contract account, and after receiving the message and signature that other side sends, contract account can pass through Its internal intelligent contract code verification signature.There is also some miner's nodes in block chain network, they are by solving tool There are the proof of work mechanism problem of certain workload, Lai Guanli block chain network.Its detailed process is, when network node is to net When network carries out broadcast transaction, miner's node can verify these transaction, then prove that result carrys out table using the work of oneself Up to confirmation, the trade fair after confirmation is packaged into data block, and data block can string together to form continuous data block chain.Not yet really The trade fair recognized is collected by block chain link point, and is collected into a data block.Miner's node can add a random adjustment number, And calculate the hash operations value of previous data block.It digs mine node constantly to repeat to attempt, until the random adjustment that it finds Number is so that the hashed value generated is lower than some specific target.
It is well known that digital signature technology is the core technology for guaranteeing block chain transaction security, account is created on block chain Family just needs to generate key pair, and without actual registered anywhere.In addition, the every transaction executed on block chain all by Sender is digitally signed using its private key.This signature ensures that only fund could be produced account by account owner.Ether For mill, the digital signature procedure of transaction is generally all executed by the external account for holding private key.There is also intelligent conjunctions in ether mill About, it is functionally similar to an anonymous agency, always exist in the performing environment of block chain network and is deployed in block chain In client, one section of specific code is always executed when being called by transaction.
Generally speaking, if without digital signature, block chain is impossible to exist.Digital signature, which provides a method, to be come Ensure that All Activity is only carried out by rightful holder, it is ensured that block chain is not destroyed.
Digital Signature Algorithm in existing block chain is all Elliptic Curve Cryptography based on Elliptic Curve Cryptography The very scabrous common recognition of the discrete logarithm problem being all based on elliptic curve.Although these discrete logarithm problems are considered to have Exponential complexity shows that they can not be solved in polynomial time currently without evidence.Because such evidence mean P ≠ NP, and this is the matter of opening in a famous computer science.So far, only a kind of special to be defined on binary system Elliptic curve on domain is thought to need time exponential run time by some experts.
Current research shows the secp256k1 elliptic curve for Digital Signature Algorithm used in existing block chain, main There are following security breaches:
Pure mathematics loophole: the rho method of Pollard, the judgement of the domain CM.Realize relevant vulnerability: ladder, distortion safety is rigid, Indistinguishability.The loophole of ECDSA signature scheme: randomness.
In traditional mobile agent electronic signature schemes, agency can generally carry private key for user and sign, and exist in this way It may be subjected to attack during signature and reveal private key for user, using Y.Shi, Q.Zhao, and Q.Liu, " Secure mobile agents in ecommerce with forward-secure undetachable digital signatures,"Etri Journal,vol.37,no.3,pp.573–583,2015.;Y.Shi,J.Lin,G.Xiong,and H.Fan,“Key-insulated undetachable digital signature scheme and solution for secure mobile agents in electronic commerce,”Mobile Information Systems, Vol.2016, no.2, pp.1-18,2016. and Y.Shi and G.Xiong, " An undetachable threshold digital signature scheme based on conic curves,”Applied Mathematics& Three documents of Information Sciences, vol.7, no.2, pp.823-828,2013. provide any one is non-disconnectable Divide electronic signature, the leakage of signature key or endorsement method can be controlled to a certain extent.Attacker can be prevented white Signature algorithm is cracked from agent side under box attack context, obtains user key.
Summary of the invention
It is an object of the present invention to make up its security breaches to promote the security level of signature algorithm, protection block chain is used Family property safety provides a kind of undetachable digital signatures general construction method towards block chain intelligence contract.
For this purpose, the technical solution that the present invention provides are as follows:
A kind of undetachable digital signatures general construction method towards block chain intelligence contract, includes the following steps:
(needs are inputted under the security level provided on the computer that step 1. runs block chain client at each Safety index k) run algorithm 1, algorithm is defined as follows:
1. system initialization algorithm of algorithm: Setup (1k), the k ∈ N (N is natural number) of input is a security parameter, is calculated Method exports common parameter setting
In common parameter Ω,It is a cyclic group, referred to as " group", order is prime number q, and G is " group" life Cheng Yuan, order are prime number q, meet qG=O, and O represents " group" null element, H () is a cryptographic Hash function, SigG,q,H,xIt is an arbitrary digital signature function, VerG,q,H,YIt is the corresponding SigG,q,H,xThe verifying function of signature function, this Place embodies the versatility of this method.
Step 2. algorithm 1 has obtained system parameter Ω after executing, and all clients user can obtain in block chain To the parameter, each subsequent client's local runtime algorithm 2 is defined as follows:
Algorithm 2.KGen ()
(1) Sig is calledG,q,H,xPublic, private key generating algorithm, generate private key x and public key Y.
After having run algorithm 2, each user obtains private key x and public key Y.User respectively keeps properly the private key x of oneself, Its public key Y can be disclosed in block chain network.
Step 3. client is in local by private key x, requirement description character string c, signature algorithm SigG,q,H,xIt is transported as input Row algorithm 3, c are a kind of restriction of the client to transaction.The algorithm 3, which will generate one, can not be split signature function fsigned(x)。
Algorithm 3. can not be split signature algorithm generating algorithm SignFuncGen (x, c, SigG,q,H,x)
(1)ZqIn an element x randomly selectingc, xcFunction as an interim private key.
(2) Y is calculatedc←xcG, YcCorrespond to temporary private xcTemporary public key.
(3) Σ is calculatedc←SigG,q,H,x(Yc| | c), ΣcIt is to YcWith the signature value of qualifications c splicing character string.
(4) f is exportedsigned(x)=< xc,Ycc>
It has executed client after the algorithm 3 and will export one and can not be split signature function fsigned(x)=< xc,Ycc >.The function, which corresponds to c and private key x, unique < xc,Ycc> value.
Step 4. client call allograph intelligence contract, and signature function f will be can not be splitsigned(x) and wait sign Name transaction t passes to intelligent contract, and intelligent contract executes algorithm 4 after receiving parameter, and proxy user signs to the transaction.
Algorithm 4. can not be split signature generating algorithm UndSign (fsigned(x),t).Input can not be split signature function fsigned(x), transaction t to be signed, algorithm steps execute as follows in order:
(1) e=H (t) is calculated, wherein H () is cryptographic Hash function, and e is the corresponding integer value of cryptographic Hash of t;
(2) it randomly selectsZqWith the Z in algorithm 3qIt is identical;
(3) the point R=(r of elliptic curve is calculatedx,ry)=kG, rx,ryIt is the abscissa and ordinate of point R;
(4) r is calculatedc=rxModq, rcIt is rxIn ZqIn corresponding element, if rc=0, return step (2);
(5) from fSigned(x) x is extracted inc
(6) s is calculatedc=k-1·(e+rc·xc) modq, if sc=0, return step (2);
(7) from fSigned(x) Y is extracted inc,∑c
(8) signature value UndSig (t)=< r is exportedc,sc,Ycc>.
Step 5. intelligence contract by after the signature transaction t and its signature value UndSig (t) be broadcast to block chain network In.
Transaction after step 6. signature is added into the trading pit that miner's node is safeguarded in block chain, and miner presses later The legitimacy of sequence checking transaction, runs algorithm 5, verifies the signature of the transaction.
5. signature verification algorithm UndVerify (Y, t, c, < r of algorithmc,sc,Ycc>,VerG,q,H,Y).Public key Y is inputted, is handed over Easy t, requirement description character string c, signature value < rc,sc,Ycc>, signature verification algorithm VerG,q,H,Y.Algorithm steps are held in order Row is as follows:
(1) Y is examinedcIt whether is " group" in element, it is invalid if not then signature, otherwise perform the next step;
(2) Ver is utilizedG,q,H,YAlgorithm checks ∑cIt whether is Yc| | the legitimate signature of c if it is performs the next step, no Then signature is invalid;
(3) e=H (t) is calculated, wherein H () is cryptographic Hash function, is supplied to step (5);
(4) w=s is calculatedc -1Modq is supplied to step (5);
(5) u is calculated1=ewmodq and u2=rc·wmodq;It is supplied to step (6);
(6) calculated curve point (x1,y1)=u1·G+u2·YcIf (x1,y1)=O then signs in vain, otherwise calculates z= x1modq。
(7) if rcEffectively, otherwise in vain=z then signs.
If effectively, the transaction is legal for signature, complete to trade and the transaction is added in next block, such as Fruit signature is invalid, then shows that the transaction is illegal or correspondent contract is illegal, then the transaction invalid, can't be by block link network Network is approved.
So far, the step of entire scheme terminates.
The application establishes in block chain on the basis of common ellipse curve signature algorithm.Its safety is dependent on ellipse The intractability of curve discrete logarithm problem (ECDLP).Wherein most basic conception belongs to the mark of Abstract Algebra such as group, domain Quasi- concept.
Compared with prior art, the beneficial effects of the present invention are:
(1) user selects arbitrary Digital Signature Algorithm (such as EdDSA algorithm) to construct undetachable digital signatures.(2) User calls intelligent contract to sign for the transaction of oneself.In the present invention program, user be free to selection signature Algorithm can choose the higher signature algorithm of security level to avoid the security breaches of ECDSA signature algorithm, improve transaction Safety.User also can choose the higher signature algorithm of performance, save signature and the verification time of transaction, improving performance.This Outside, since user is that intelligent contract is called to come to trading signature, so user can hand under any unsafe environment Easily, it can guarantee that the malicious node in block chain can not forge label by the way that malicious code is communicated and sent between client Name does not include real signature process, really signed because the operation in client is to generate to can not be split signature function Journey is executed in intelligent contract.Even if intelligent contract has received attack, the private key of user will not be revealed, because intelligence is closed It about carries out signature and uses the signature algorithm that can not be split not comprising private key for user data, therefore can guarantee the signature process Be in the white-box attack context it is safe, the private key of user will not maliciously be stolen.The signature, which also has, can not be split signature Characteristic, agency does not carry signature key when representing original signer and generating digital signature, therefore key is calling intelligent contract When can be protected.Furthermore it can guarantee that user's original demands are not tampered, i.e., it can not be in modification user demand constraint condition In the case where create new effective signature.
Detailed description of the invention
Fig. 1 is the undetachable digital signatures general construction method provided by the invention towards the protection of block chain intelligence contract Implementation diagram;
Fig. 2 is the flow diagram in comparison with Fig. 1.
Specific embodiment
Fig. 1 is the undetachable digital signatures general construction method provided by the invention towards the protection of block chain intelligence contract Implementation diagram;Fig. 2 is the flow diagram in comparison with Fig. 1.
As depicted in figs. 1 and 2, a kind of undetachable digital signatures general construction side towards the protection of block chain intelligence contract Case includes the following steps:
On the computer that step 1. runs block chain client at each, under the security level provided, that is, input The security parameter k needed runs Setup.
Setup has obtained system parameter Ω after executing in step 2. client, and all users are ok in block chain The parameter is obtained, subsequent each client's local runtime KGen.
Step 3. client is in local by private key x, requirement description character string Q, signature algorithm SignG,q,H,xIt is transported as input Row SignFuncGen, which, which will generate one, can not be split signature function fSigned(x)。
Step 4. client call allograph intelligence contract, and signature function f will be can not be splitSigned(x) and wait sign Name transaction t passes to intelligent contract, and intelligent contract executes UndSign after receiving parameter, and proxy user signs to the transaction.
Step 5. intelligence contract by after the signature transaction and its signature value be broadcast in block chain network.
Transaction after step 6. signature is added into the trading pit that miner's node is safeguarded in block chain, and miner presses later The legitimacy of sequence checking transaction, runs UndVerify, verifies the signature of the transaction.
If effectively, the agency business is legal for signature, complete to trade and be added to the transaction in next block i.e. Can, if signature is invalid, show that the transaction is illegal or correspondent contract is illegal, then the transaction invalid, it can't be by area Block chain network is approved.So far, the step of entire scheme terminates.
The above process contains following five algorithms:
(1) Setup: the algorithm is used to generate the public system parameter of scheme.Inputting security parameter k, a k ∈ N, (N is Natural number).Algorithm output system parameter Ω.
(2) KGen: the correspondence signature algorithm Sign of user is generatedG,q,H,xThe private key for signature and public affairs for verifying Key.
(3) SignFuncGen: the algorithm is used to can not be split signature function in client generation, which needs user Demand constraint Q, private key for user x and signature algorithm SignG,q,H,x, one function f of algorithm outputSigned(x)
(4) UndSign: the algorithm is used to generate the signature value of corresponding transaction, needs can not be split signature function fSigned(x) With transaction t to be signed as input.The algorithm exports a digital signature that can not be split.
(5) UndVerify: the algorithm can not be split signature for signature verification transaction, input public key Y, and trade t, test Demonstrate,prove algorithm VerG,q,H,Y, requirement description character string Q, signature value < rc,sc,Ycc>, and export " effective " or engineering noise.
Technical solution of the present invention is described further with reference to embodiments.
The present embodiment is the signature (Sign for having used Eddsa algorithmG,q,H,x) and verifying function (VerG,q,H,Y) construct not Detachable signature.
The working principle of this method is as follows.
The client node and miner's node of installation block chain clients all first constitute a block chain network, generation The intelligent contract of reason signature is just deployed in block chain client.Firstly, running the computer of block chain client at each On, under the security level provided, that is, the security parameter k of needs is inputted, runs Setup function, generates global common parameter, The common parameter of each client is all consistent.By taking EdDSA as an example, global parameter Ω is increased newly*=(b, encoding, H1, c,n,a,d,B,l).The wherein number of bits of b public key length, encoding are by finite field FqOn element be encoded to length and be The coding function of b-1.H1It is a hash function, exports as 2b character strings.C is an integer, default value 3.N is one Integer, default value b-2.A is a finite field FqOn element, default value be -1.D is a finite field FqOn element, write from memory It is element on an Edwards curve that recognize value, which be 121665/121666, B, and coordinate meets E={ (x, y) ∈ Fq×Fq:ax2 +y2=1+dx2y2, l is an odd prime, meets lB=O and 2cElement number in l=#E, that is, Edwards curve.
The KGEN algorithm of each subsequent client's local runtime EdDSA algorithm generates the public and private key of signature, the private key of EdDSA It is b character string k, cryptographic Hash H1(k)=(h0,h1,L,h2b-1) it can determine an integer valueIt calculates again The public key of A=sB, corresponding EdDSA are exactly the coding of AA
Each user respectively keeps properly the private key of oneself later, and public key can be disclosed in block chain network, corresponding The public key generates the block chain address of the user.Then client in local by private key k, requirement description character string Q, EdDSA label Name algorithm SignG,q,H,xSignFuncGen is run as input.Signature step of the EdDSA for information M at private key k public key A It is as follows:
(1) r=H is defined1(hb,hb+1,L,h2b-1,M)∈{0,1,L,22b- 1 } (H here1Output be 2b characters Its small end sequence is decoded as>an integer of=0 and<2^2b by string.H inside hash functionb,hb+1,L,h2b-1From private key Hash H1(k))。
(2) R=rB is defined
(3) S=(r+H is defined1(R,A, M) and s) (R is the element on curve to mod l, becomes a b character strings after coding R, and A is public key and a b character strings.H1The character string of output 2b, is resolved to an integer;S is an integer, r It is also an integer, the S that modl is obtained after operation is the integer for being less than l)
(4) signature ultimately produced is (R, S) (R is the position the b character string of R coding, and S is the position the b character string of S coding).
Generating one after operation SignFuncGen can not be split signature function fSigned(x).After generating the function, visitor Allograph intelligence contract is called at family end, and will can not be split signature function fSigned(x) and transaction t to be signed passes to intelligence Energy contract, intelligent contract execute UndSign algorithm after receiving parameter, and proxy user signs to the transaction.Intelligent contract will Transaction and its signature value after the signature are broadcast in block chain network.Transaction after signature is added into block chain chats In the trading pit that work node is safeguarded, miner examines the legitimacy of transaction in order later, runs UndVerify algorithm, verifying The signature of the transaction.By taking EdDSA as an example, the verification algorithm Ver of the signatureG,q,H,YSteps are as follows:
(1) verifier parses public keyAA is obtained, A is a bit on curve;
(2) R that verifier parses in signature obtains R, and parsing S obtains S, and R is a bit on curve, and S is the whole of a < l Number;
(3) verifier calculate H (R,A, M), and check whether following equation is true: 2cSB=2cR+2cH(R,A, M) and A, such as Effectively, then the agency business is legal for fruit signature, completes to trade and the transaction is added in next block, if signature In vain, then show that the transaction is illegal or correspondent contract is illegal, then the transaction invalid, can't be recognized by block chain network It can.
Foregoing description is only the description to the application preferred embodiment, is not any restriction to the application range.Appoint Any change or modification what those skilled in the art makes according to the technology contents of the disclosure above should all regard For equivalent effective embodiment, the range of technical scheme protection is belonged to.

Claims (1)

1. a kind of undetachable digital signatures general construction method towards block chain intelligence contract, which is characterized in that including such as Lower step:
On the computer that step 1. runs block chain client at each, under the security level provided, needs are inputted Safety index k runs algorithm 1, and algorithm is defined as follows:
1. system initialization algorithm of algorithm: Setup (1k), the k ∈ N (N is natural number) of input is a security parameter, and algorithm is defeated Common parameter is arranged out
In common parameter Ω,It is a cyclic group, referred to as " group", order is prime number q, and G is " group" generation member, Its order is prime number q, meets qG=O, and O represents " group" null element, H () is a cryptographic Hash function, SigG,q,H,x It is an arbitrary digital signature function, VerG,q,H,YIt is the corresponding SigG,q,H,xThe verifying function of signature function;
Step 2. algorithm 1 has obtained system parameter Ω after executing, and all clients user can be somebody's turn to do in block chain Parameter, each subsequent client's local runtime algorithm 2, is defined as follows:
Algorithm 2.KGen ()
(1) Sig is calledG,q,H,xPublic, private key generating algorithm, generate private key x and public key Y;
After having run algorithm 2, each user obtains private key x and public key Y;User respectively keeps properly the private key x of oneself, public Key Y can be disclosed in block chain network;
Step 3. client is in local by private key x, requirement description character string c, signature algorithm SigG,q,H,xAlgorithm is run as input 3, c be a kind of restriction of the client to transaction;The algorithm 3, which will generate one, can not be split signature function fsigned(x);
Algorithm 3. can not be split signature algorithm generating algorithm SignFuncGen (x, c, SigG,q,H,x)
(1)ZqIn an element x randomly selectingc, xcFunction as an interim private key;
(2) Y is calculatedc←xcG, YcCorrespond to temporary private xcTemporary public key;
(3) Σ is calculatedc←SigG,q,H,x(Yc| | c), ΣcIt is to YcWith the signature value of qualifications c splicing character string;
(4) f is exportedsigned(x)=< xc,Ycc>;
It has executed client after the algorithm 3 and will export one and can not be split signature function fsigned(x)=< xc,Ycc>;It should Function, which corresponds to c and private key x, unique < xc,Ycc> value;
Step 4. client call allograph intelligence contract, and signature function f will be can not be splitsigned(x) and friendship to be signed Easy t passes to intelligent contract, and intelligent contract executes algorithm 4 after receiving parameter, and proxy user signs to the transaction;
Algorithm 4. can not be split signature generating algorithm UndSign (fsigned(x),t);Input can not be split signature function fsigned (x), transaction t to be signed, algorithm steps execute as follows in order:
(1) e=H (t) is calculated, wherein H () is cryptographic Hash function, and e is the corresponding integer value of cryptographic Hash of t;
(2) it randomly selectsZqWith the Z in algorithm 3qIt is identical;
(3) the point R=(r of elliptic curve is calculatedx,ry)=kG, rx,ryIt is the abscissa and ordinate of point R;
(4) r is calculatedc=rxModq, rcIt is rxIn ZqIn corresponding element, if rc=0, return step (2);
(5) from fSigned(x) x is extracted inc
(6) s is calculatedc=k-1·(e+rc·xc) modq, if sc=0, return step (2);
(7) from fSigned(x) Y is extracted inc,∑c
(8) signature value UndSig (t)=< r is exportedc,sc,Ycc>;
Step 5. intelligence contract by after the signature transaction t and its signature value UndSig (t) be broadcast in block chain network;
Transaction after step 6. signature is added into the trading pit that miner's node is safeguarded in block chain, and miner is in order later The legitimacy of transaction is examined, algorithm 5 is run, verifies the signature of the transaction;
Algorithm 5. signature verification algorithm UndVerify (Y, t, c, < rc,sc,Ycc>,VerG,q,H,Y);Public key Y is inputted, trade t, Requirement description character string c, signature value < rc,sc,Ycc>, signature verification algorithm VerG,q,H,Y;Algorithm steps execute such as in order Under:
(1) Y is examinedcIt whether is " group" in element, it is invalid if not then signature, otherwise perform the next step;
(2) Ver is utilizedG,q,H,YAlgorithm checks ∑cIt whether is Yc| | the legitimate signature of c is if it is performed the next step, is otherwise signed Name is invalid;
(3) e=H (t) is calculated, wherein H () is cryptographic Hash function, is supplied to step (5);
(4) w=s is calculatedc -1Modq is supplied to step (5);
(5) u is calculated1=ewmod q and u2=rc·wmod q;It is supplied to step (6);
(6) calculated curve point (x1,y1)=u1·G+u2·YcIf (x1,y1)=O then signs in vain, otherwise calculates z= x1modq;
(7) if rcEffectively, otherwise in vain=z then signs;
If effectively, the transaction is legal for signature, complete to trade and the transaction is added in next block, if label Name is invalid, then shows that the transaction is illegal or correspondent contract is illegal, then the transaction invalid, can't be by block chain network institute Approve;
So far, the step of entire scheme terminates.
CN201910487516.6A 2019-06-05 2019-06-05 Block chain intelligent contract-oriented universal construction method for non-separable digital signature Active CN110233733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910487516.6A CN110233733B (en) 2019-06-05 2019-06-05 Block chain intelligent contract-oriented universal construction method for non-separable digital signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910487516.6A CN110233733B (en) 2019-06-05 2019-06-05 Block chain intelligent contract-oriented universal construction method for non-separable digital signature

Publications (2)

Publication Number Publication Date
CN110233733A true CN110233733A (en) 2019-09-13
CN110233733B CN110233733B (en) 2022-02-01

Family

ID=67858645

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910487516.6A Active CN110233733B (en) 2019-06-05 2019-06-05 Block chain intelligent contract-oriented universal construction method for non-separable digital signature

Country Status (1)

Country Link
CN (1) CN110233733B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112199736A (en) * 2020-10-12 2021-01-08 南京邮电大学 Ordered multi-signature method based on block chain
CN113132110A (en) * 2019-12-31 2021-07-16 上海证锘信息科技有限公司 Elliptic curve digital signature scheme for resisting attack on block chain user private key white box
CN114024687A (en) * 2021-11-11 2022-02-08 上海证章信息科技有限公司 Method for realizing NFT detachable and interchangeable through locking reissue
CN115865362A (en) * 2022-11-22 2023-03-28 北京航空航天大学 Cross-chain-oriented universal digital signature system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002229451A (en) * 2001-02-02 2002-08-14 Casio Comput Co Ltd System, method, and program for guaranteeing date and hour of creation of data
CN104168115A (en) * 2014-08-19 2014-11-26 同济大学 Forward-secure undetachable digital signature method
CN104184588A (en) * 2014-08-15 2014-12-03 同济大学 Undetachable digital signature method based on identity
CN105049453A (en) * 2015-08-26 2015-11-11 同济大学 Signature verification method
CN108011723A (en) * 2017-12-13 2018-05-08 同济大学 Invade the undetachable digital signatures method of rebound
CN109768866A (en) * 2019-03-05 2019-05-17 同济大学 Block chain intelligence contract based on digital signature of elliptic curve can not be split endorsement method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002229451A (en) * 2001-02-02 2002-08-14 Casio Comput Co Ltd System, method, and program for guaranteeing date and hour of creation of data
CN104184588A (en) * 2014-08-15 2014-12-03 同济大学 Undetachable digital signature method based on identity
CN104168115A (en) * 2014-08-19 2014-11-26 同济大学 Forward-secure undetachable digital signature method
CN105049453A (en) * 2015-08-26 2015-11-11 同济大学 Signature verification method
CN108011723A (en) * 2017-12-13 2018-05-08 同济大学 Invade the undetachable digital signatures method of rebound
CN109768866A (en) * 2019-03-05 2019-05-17 同济大学 Block chain intelligence contract based on digital signature of elliptic curve can not be split endorsement method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YANG SHI: "Intrusion-Resilient Undetachable Digital Signature for Mobile-Agent-Based Collaborative Business Systems", 《 2018 IEEE 22ND INTERNATIONAL CONFERENCE ON COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN ((CSCWD))》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132110A (en) * 2019-12-31 2021-07-16 上海证锘信息科技有限公司 Elliptic curve digital signature scheme for resisting attack on block chain user private key white box
CN112199736A (en) * 2020-10-12 2021-01-08 南京邮电大学 Ordered multi-signature method based on block chain
CN112199736B (en) * 2020-10-12 2022-12-02 南京邮电大学 Ordered multi-signature method based on block chain
CN114024687A (en) * 2021-11-11 2022-02-08 上海证章信息科技有限公司 Method for realizing NFT detachable and interchangeable through locking reissue
CN115865362A (en) * 2022-11-22 2023-03-28 北京航空航天大学 Cross-chain-oriented universal digital signature system and method
CN115865362B (en) * 2022-11-22 2024-07-30 北京航空航天大学 Cross-chain-oriented universal digital signature system and method

Also Published As

Publication number Publication date
CN110233733B (en) 2022-02-01

Similar Documents

Publication Publication Date Title
CN111316595B (en) System for protecting a verification key from alteration and verifying validity of a proof of correctness
CN110233733A (en) Undetachable digital signatures general construction method towards block chain intelligence contract
CN109951296B (en) Remote data integrity verification method based on short signature
US10015019B2 (en) Production of cryptographic signatures
CN109768866B (en) Block chain intelligent contract non-detachable signature method based on elliptic curve digital signature
CN112560091B (en) Digital signature method, signature information verification method, related device and electronic equipment
CN113098691B (en) Digital signature method, signature information verification method, related device and electronic equipment
CN113301022B (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
US20160352525A1 (en) Signature protocol
CN103733564A (en) Digital signatures with implicit certificate chains
US20100169644A1 (en) Message authentication code with elliptic polynomial hopping
CN103765809A (en) Implicitly certified public keys
US20200119918A1 (en) Elliptic curve point multiplication device and method in a white-box context
CN107566360B (en) A kind of generation method of data authentication code
JP6041864B2 (en) Method, computer program, and apparatus for data encryption
Aggarwal et al. Digital signatures
Bhandari et al. Enhancement of MD5 Algorithm for Secured Web Development.
CN110034936B (en) Pierceable digital signature method
CN101296076A (en) Digital signature scheme based on ECC
Na et al. Comparative analysis of schnorr digital signature and ecdsa for efficiency using private ethereum network
CN101420304B (en) Security protection method for electronic document digital signature based on discrete logarithm
CN113132110B (en) Elliptic curve digital signature scheme for resisting white box attack on private key of block chain user
JP4848957B2 (en) Signature and verification method and signature and verification apparatus
Chen et al. An efficient threshold group signature scheme
Saeed et al. Famous Digital Signatures Used In Smart Contracts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant