CN110851859A - Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof - Google Patents
Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof Download PDFInfo
- Publication number
- CN110851859A CN110851859A CN201911004459.8A CN201911004459A CN110851859A CN 110851859 A CN110851859 A CN 110851859A CN 201911004459 A CN201911004459 A CN 201911004459A CN 110851859 A CN110851859 A CN 110851859A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- transaction
- authentication
- proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a distributed authoritative node block chain system with (n, t) thresholds and an authentication method thereof, which is characterized in that the system consists of n authoritative nodes with a CA threshold framework, each authoritative node plays a role of an authentication Center (CA), and the authentication comprises the following steps: system initialization, secret sharing, blockchain node initialization, proxy key request, proxy key recovery, wallet generation, authentication, verification, transaction signing, and transaction verification. Compared with the prior art, the method is simple and feasible, the efficiency is high, the user can avoid public key replacement attack by carrying out public key authentication on the user, the address is periodically updated by the user, effective privacy protection is provided for transaction, the method is particularly suitable for application of all alliance chains, the enemy cannot acquire user privacy data by analyzing the conventional transaction data in the public account book, and the requirements of high efficiency and privacy are met.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a distributed authoritative node block chain system with (n, t) thresholds and an authentication method thereof.
Background
In recent years, the block chain technology has been rapidly advanced, and has received wide attention from the industrial and academic circles. The blockchain is just a cryptographically verifiable data list, but the place where the blockchain is different from the traditional database is that the integrity of the data stored in the blockchain is guaranteed by using the cryptographic theory, namely the data stored in the blockchain is not worried about being tampered with maliciously. In addition to guaranteeing data integrity, another favored feature of blockchains is their distributed and public nature, where all data is stored in a public, distributed stored book, and therefore blockchains are also used as technical carriers for various electronic currencies, but the use of distributed book technology also buries an accident end for blockchains, i.e. users are exposed to the risk of privacy disclosure.
In the bitcoin proposed by the inventor in 2009, each blockchain user has one or more blockchain addresses as a pseudonym of the user in the blockchain network, so as to achieve anonymity in cryptography. However, since anyone has stored the relationship of a complete account book, there has been a corresponding study that the identity information of the holder of a certain blockchain address can be determined by analyzing the transaction records of the address, and thus the anonymity of the blockchain does not provide a good privacy protection for the user. Furthermore, existing block-chain structures are vulnerable to 51% computational attacks, i.e. once a network node or nodes have been colluded to have 51% of the computational power of the entire network, this node can control the entire block-chain network. The blockchain may also diverge, i.e., the lists of data stored by multiple nodes differ at some point in time, resulting in subsequent data all being different. The architecture of the blockchain without authentication also makes it very vulnerable to address replacement, and existing solutions either use inefficient authentication mechanisms or attempt to join a single point of online Certificate Authority (CA) to authenticate all network nodes, which requires frequent interactions between the CA and the network nodes in real time to issue public key certificates, which results in a significant computational and communication load. Moreover, in a distributed trust blockchain system, a single-point CA often means that the trust is not enough, and therefore, when an enterprise builds its own blockchain service, an enterprise often adopts a federation chain structure. The alliance chain is one of block chains, different from the most widely used public chain, the alliance chain has one or more administrators, a new node is added into a network and needs to be authenticated by the administrators, the blocks are generated by the administrators, and once loss caused by malicious operation occurs, the administrators can stop the loss in time. Therefore, the blockchain service created by the enterprise itself at present, including the distributed transaction system, often adopts the architecture of the alliance chain. However, the structure of the alliance chain does not solve the pain of block chain privacy protection, and as an enterprise-oriented block chain type, the alliance chain does not provide an effective tracing means, and cannot find out a malicious user who destroys the system.
In summary, the block chain in the prior art has a risk of privacy disclosure, and the large-scale application of the block chain system is severely restricted.
Disclosure of Invention
The invention aims to provide a distributed threshold lightweight CA authentication method aiming at the defects of the prior art, which adopts a multi-mechanism distributed CA structure to enable a CA to issue an agent key to a user, so that a trust model of the CA is distributed, the authority of a single CA is dispersed, the user can avoid public key replacement attack by authenticating the public key of the user, the user can update the address periodically, effective privacy protection is provided for transaction, the method is particularly suitable for application of all alliances, an adversary can not obtain user privacy data by analyzing the past transaction data in a public ledger book, and the requirements of high efficiency and privacy are met.
The purpose of the invention is realized as follows: a distributed authoritative node blockchain system with (n, t) thresholds is characterized in that the blockchain system is composed of n authoritative nodes with a certificate authority CA threshold framework, and each authoritative node plays a role of a certificate authority; the authentication center is composed of an account pool and a block pool which are connected by a transaction controller.
An authentication method of a blockchain system with (n, t) threshold distributed authoritative nodes is characterized in that a CA issues an agent key to a user, the user authenticates the public key of the user through the agent key and carries out privacy protection of periodically updated addresses, and the authentication process specifically comprises the following steps:
system initialization
The system generates a master public key on the premise of giving security parameters;
secret sharing
The system generates a secret sharing polynomial and distributes part of generated private keys to the distributed CA;
(III) Block Link Point initialization
Generating a block chain node in the network and generating a long-term public and private key pair for the block chain node, wherein the public key is used as a certificate of the identity of the public key stored at a CA;
(IV) proxy Key request
The user requests the agent key from the CA, and the CA respectively calculates a part of the agent keys and sends the part of the agent keys to the user;
(IV) proxy Key recovery
After the user receives partial proxy keys sent by threshold CA, the complete proxy key can be calculated by secret recovery means;
(VI) wallet generation
A user generates a periodically updated short-term public and private key pair, wherein the short-term public key is used as an address of the wallet;
(VII) wallet authentication
The user authenticates the wallet address through the proxy authentication key;
(eighth) authentication verification
Others can verify the authentication of the wallet address through the master public key and the public key of the user;
(nine) transaction signatures
A user carries out digital signature on the transaction through a short-term public and private key;
(Ten) transaction verification
All the persons can verify the transaction through the short-term public key of the sender, if the verification is passed, the transaction is established, and the transaction can be stored into the block chain by the CA.
The system initialization process of the step (I) specifically comprises the following steps:
a) input 1λWherein λ is a security parameter;
b) the system selects two safety prime numbers p with the length of lambda0,q0And satisfies the following formula (I).
q0=2q′0+1,p0=2p′0+1 (wherein p'0,q′0Is prime number) (I)
Then calculate n0=p0·q0,m0=p′0·q′0. Select e0,d0So that e0·d0≡1(modφ(m0) Then n credible nodes are selected as distributed CA ((n, t) threshold, wherein n > t) and a common CA master public key pk is setCA=(n0,e0) A hash function is disclosed
The secret sharing process in the step (two) specifically comprises the following steps:
a) the system will d0Private key d dispersed into n partsi(i-1, 2, …, n), i.e. one selected according to the following formula (II)T-1 order polynomial of (1):
for each CAj(j ∈ 1,2, …, n), calculating djF (j) and sends to the corresponding CAjAfter the step is finished, the system destroys p0,q0And d0;
b) Define operator Δ ═ n! A subset of any t CA' S is defined as S, and for any i ∈ {0, …, n } \ S, j ∈ S, and is defined by the following formula (III):
then obtaining the following formula (IV) according to a Lagrange interpolation method:
the block link point initialization process in the step (three) specifically includes the following steps:
a) when a new user u joins the network, a block link point and a node identifier are created, and then 1 is inputλWherein λ is a safety parameter;
b) selecting two large prime numbers pu,quLength k, and n is calculated according to the formula (I)u=pu·quAnd selecting eu,duSatisfies eudu=1(modφ(nu) And let pk)u=(nu,eu),sku=(du)。
The proxy key request process of the step (four) specifically includes the following steps:
a) the user calculates the request body x by the public hash function h (-) according to the following formula (V):
x=h(nu,eu)(V)
and sends request information (u, pk) to all CAsuX), wherein: u represents the true identity of the user; pkuIs the public key of the user, i.e. the identifier of the block chain node;
b) when CA is injAfter receiving the request sent by the user u, the CA verifies whether the u is a legal user, namely the user who purchases the block chain service, and if the u is legal, the CAjThe identity information pair (u, pku) is deposited into an account pool and a partial proxy key is calculated as follows (VI):
and v is to beu,jAnd sending the data to the user u.
The proxy key recovery process of the step (five) specifically includes the following steps:
a) when the user u receives not less than t partial proxy keys and records asThen, the intermediate variable w is calculated by the following formula (VII):
wherein: w is a middle variable generated in the calculation process, and the right side of the equation is Lagrange interpolation performed on an index;
b) obtaining intermediate variables from formulas (IV) and (VII)
Wherein: e.g. of the type0And 4 Delta2A pair of (a, b) can be found such that 4 Δ2.a+e0b=-1。
c) Calculating a proxy key v of a user according to the following equation (IX)u:
vu=waxb(IX)
If COR ≡ 1(mod m)0) If yes, the proxy key is correct; otherwise the proxy key is wrong, the user submits an error message to the CA, and the previous user u is now represented by the parties a, b of the transaction, in order to indicate both parties to the transaction.
The wallet generating process of the step (six) specifically comprises the following steps:
a) input 1λWherein, the input is a safety parameter;
b) selecting two large prime numbers pb,i,qb,iWith a length of k, calculating nb,i=Pb,i·qb,iAnd selecting eb,i,db,iSatisfies eb,idb,i=1(modφ(nb,i) Let pk)b,i=(nb,i,eb,i),skb,iLet wallet address be pk ═ db, ib,iWherein i represents the ith update; b is a trading party; u represents all users.
The wallet authentication process of the step (seven) specifically comprises the following steps:
a) when the user a wants to receive the account transfer of other people, the user a firstly carries out the account transfer to the own address pkb,iAuthentication is performed, input 1λ,vb,pkb,i,pkCA,skb,pkbIn aRandom selection on domainThe intermediate variable r is calculated by the following formula (XI)i,ki:
The intermediate variable g is calculated according to the following formula (XII)i,yi:
b) Address pk of user bb,iIs Certb,i=(yi,gi)。
The authentication verification process in the step (eight) specifically includes the following steps:
a) input 1λ,pkb=(nb,eb),pkb,i=(nb,i,eb,i),Certb,i=(yi,gi),pkCA=(n0,e0) The intermediate variable k 'is calculated by the following formula (XIII)'iAnd r'i:
b) User a checks h (r 'according to the following formula (XIV)'i,nb,i,eb,i)=k′jIf so, verifying the address correctly, otherwise, possibly replacing the address;
therefore, the temperature of the molten metal is controlled,
h(r′i,nb,i,eb,i)=h(ri,nb,i,eb,i)=ki=k′i。
the transaction signature of the step (nine) is signed by a transaction generator a, and the process specifically comprises the following steps:
a) input 1λ,T,ska,i′,pka,i′Wherein i 'is the ith' updated address of the user a, and a random number r is selectedi′∈R{0,1}λCalculated according to the following formula (XV):
wherein: sigmaa,T,i′Is a signature on the transaction; and | represents a connection symbol.
The transaction verification process of the step (ten) specifically includes the following steps:
a) input 1λ,σa,T,1′,pka,i′And (5) firstly verifying the validity of the public key according to the method in the step (eight), and then calculating according to the following formula (XVI):
will yi′Is converted into wi′||si′;
And checking whether the following formula (XVII) holds:
if yes, the verification is passed, otherwise, the verification is not passed.
Compared with the prior art, the invention has the following advantages:
1) a distributed CA structure, which distributes the trust model of the CA and distributes the authority of the single CA; preventing single point attack; the decentralized trust structure of the block chain is matched, and the address replacement attack is effectively prevented by adding the CA.
2) By adopting the agent CA structure, the CA issues an agent key to the user, and the user does not need to perform complicated interaction with the CA every time the user performs authentication, thereby achieving high efficiency.
3) The address is periodically updated by the user, and the enemy cannot acquire the user privacy data by analyzing the past transaction data in the public ledger.
Drawings
FIG. 1 is a schematic diagram of a network architecture according to the present invention;
FIG. 2 is a schematic diagram of a CA structure;
FIG. 3 is a schematic diagram of an embodiment;
FIG. 4 is a schematic view of the flow structure of the present invention.
Detailed Description
Firstly, the mathematical theory applied by the invention is explained as follows:
1. hash function
The Hash function maps a variable length message to a fixed length Hash value or message digest. The hashing algorithm has many ways, and the methods commonly adopted at present are MD2, MD4, MD5 and secure hashing algorithm (SHA-1). For a Hash function (a string composed of 0 and 1) whose input and output are both bit strings, the length of the bit string x is denoted as an "at", and the bit strings x and y are denoted as x | | y. Setting compression: {0,1}m+t→{0,1}mIs a compression function (where t ≧ 1). Constructing an iterative Hash function based on the compression function compressThe evaluation of the iterative Hash function h consists essentially of the following three steps.
1) Pretreatment: given an input bit string x, where | x | ≧ m + t +1, a string y is constructed with a disclosed algorithm such that | y | ≡ 0(mod t). Is recorded as y ═ y1||y2||…||yrWherein for 1. ltoreq. i. ltoreq. r, there is yi|=t。
2) And (3) treatment: assuming that IV is a public initial value bit string of length m, then calculate:
z0←IV,
z1←compress(z0||y1),
z2←compress(z1||y2),
zr←compress(zr-1||yr),
3) and (3) output conversion: setting g: {0,1}m→ 0, 1 is a public function. Definition of h (x) ═ g (z)r)。
2. Proxy signature algorithm
The signatory can issue a proxy-key to some other user, and the user who acquires the proxy key can sign the message instead of the signatory.
The specific algorithm is as follows:
1) and (3) proxy generation: for an original signer p0And a proxy signer piWherein p is0Has a public key of (n)0,e0) The private key is (n)0,e0)piIs IDiThe public key is (n)i,ei)。p0Computing
And will ui,mw,wiIs sent to pi
2) And (3) recovering the proxy key: p is a radical ofiUpon receiving p0U of transmissioni,mw,wiThen, can calculate
To derive a proxy key vi
3) Proxy signature: p is a radical ofiMessage m is signed using the proxy key:
randomly selecting t epsilon [1, n ∈ ]0]Calculating
Wherein the signature is (y, u).
4) Signature verification: the message recipient can verify the signature (y, u):
And checking whether h (m, r') is satisfied or not, if so, the signature is correct, and if not, the signature is wrong.
3. Shamir secret sharing
The Shamir (k, n) secret sharing algorithm divides the secret S into n sub-secrets, any k of which can recover S, but any k-1 of which cannot.
Secret sharing process:
assuming a secret S, arbitrarily taking the random number a1,…,ak-1. Let a0S, the following polynomial is constructed:
f(x)=a0+a1x+a2x2+…ak-1xk-1(mod p)
taking n random numbers xiRespectively carry in f (x), calculate yi=f(xi)。
Secret recovery process:
let k data be (x)1,y1),...,(xk,yk) Carry in and calculate
The present invention is further illustrated by the following specific examples, which include the following entities: the sender, the evaluator and the receiver, and only the legal receiver is allowed to have the decryption key to decrypt the final calculation result.
Example 1
Referring to fig. 1, the present invention is composed of n authoritative nodes 1 with a CA threshold architecture, and each authoritative node 1 plays a role of a Certificate Authority (CA) 2. In the off-line stage, if and only if not less than the threshold t authentication Centers (CA)2 issue partial authentication keys for the user, the user can recover the correct overall authentication key for proving the legal identity of the user to other users in the transaction. When the user periodically updates the identity information in the online stage and authenticates the updated identity information to other users in the transaction, the user does not need to interact with the distributed CA any more, and self-authentication can be realized by the integral authentication key recovered in the offline stage. Therefore, the system structure greatly reduces the local computing overhead and communication overhead of the resource-limited user terminal. The invention disperses the trust model of CA, weakens the centralized power of single CA to a certain extent, and effectively prevents the damage of malicious CA single point failure to the block chain system. On the other hand, the invention adopts the CA structure with the (n, t) threshold structure, so that the identity authentication in the block chain system is more flexible, and the threshold t can be respectively set according to the requirements of the safety and the availability of different network application environments. Finally, in the present invention, the CA and CA communicate with each other, and the CA is responsible for verifying the transaction generated between users and logging into the block chain, so that the block chain structure keeps the data stored by each CA synchronized and consistent.
Referring to fig. 2, each authority node 1 plays a role of a Certificate Authority (CA) 2; the Certification Authority (CA)2 is composed of an account pool 22 and a block pool 23 to which a transaction controller 21 is connected.
Referring to fig. 3 to 4, the CA authentication method of the present invention comprises the following steps:
the method comprises the following steps: system initialization
a) Input 1λWherein λ is a safety parameter, and λ is 512;
b) two 512-bit large prime numbers p'0,q′0Obtained according to formula (I):
q0=2q′0+1,p0=2p′0+1 (wherein p'0,q′0Is prime number) (I)
p′0=502685947109675170232331548873580302627339221691414046222112209314972 96784397,
q′0=446799484190953087660487404120419512904906144081084900190881149623176 15599097,
P is obtained by calculation0,q0,n0=p0·q0:
p0=100537189421935034046466309774716060525467844338282809244422441862994 593568793;
q0=893598968381906175320974808240839025809812288162169800381762299246352 31198193;
n0=898399287514574364766187335084138121105839112868955405208801629784250 3447278245065186363664333852060585694749885884592135277741138062217981517429 362791049;
Selecting an integer e065537 and phi (n)0)=4p′0q′0Are relatively prime, and e0Less than phi (n)0) Calculating d0:d0·e0≡1mod(φ(n0) Obtained by
d02011278262113590045294947980584169936503787397044923280776284772295729291521791132129403529602305823351353400022384315959037981553462846552517747513952257. Wherein, the CA master public key is pkCA=(n0,e0)。
Step two: secret sharing
a) According to the secret sharing principle, the system will d0Private key d dispersed into n partsi(i ═ 1,2, …, n) and sent to n CAs, respectively, i.e. one selected according to the following formula (II)T-1 order polynomial of (1):
for each CAj(j ∈ 1,2, …, n), calculating djF (j) and sends to the corresponding CAjAfter the step is finished, the system destroys p0,q0And d0;
In this embodiment, n is selected to be 5 and t is selected to be 3.
a1=111868139482427763033413840861771967448222506008169586182543367613992 623427261;
a2=102086987004631591958852232552663001368244520618222043795905559992876 750911991;
a3=105509764525196833675959783501653247049903558926667050080341953994783 283325233;
d1=201127826211359004529494798058416993650378739704492328077628477229572 9291522110597020415785790974049208269488238250686544591040233521637434119400 171616744;
d2=201127826211359004529494798058416993650378739704492328077628477229572 9291522110597020415785790974049208269488238250686544591040233521637434119400 171616748;
d3=201127826211359004529494798058416993650378739704492328077628477229572 9291522110597020415785790974049208269488238250686544591040233521637434119400 171616754;
d4=201127826211359004529494798058416993650378739704492328077628477229572 9291522110597020415785790974049208269488238250686544591040233521637434119400 171616762;
d5=201127826211359004529494798058416993650378739704492328077628477229572 9291522110597020415785790974049208269488238250686544591040233521637434119400 171616772。
Step three: block chain node initialization
When a new user u joins the network, a block link point and a node identifier are created, and then 1 is inputλWherein λ is a safety parameter; two large prime numbers p of 512 bits are selectedu,quAnd calculate nu=pu·qu。
pu=107513213546145434094281653760010721386161376807556788679865009269593 320778641;
qu=856753065403156487199857648705898757902222166363120155636892236131585 59234427;
nu=921122752770042690968634494968463881232136417575438137154187800448919 1550387403678276985477281435782877772667199637422197936885437097898642226948 493473707。
Selecting an integer eu65537 and phi (n)u) Relatively prime, and e is less than phi (n)u) And calculating d: d.e.ident.1 mod (phi (n)u) To obtain:
du=213846875557260777012798477820852006545111243929540431463157718293945 4803227816464007373217136305085031521835655529619945486690694857543833074018 515858273。
step four: proxy key request
a) The user calculates x ═ h (n) by means of a public hash function h (·)u,eu) And transmits request information (u, pk) to all CAsuX), u represents the true identity of the user, pkuThe public key of the user, namely the identifier of the block chain node, calculates the request body x according to the following formula (V):
x=h(nu,eu)(V)
b) when CA is injAfter receiving the request sent by the user u, the CA verifies whether the u is a legal user (a user who purchases the block chain service), and if the u is legal, the CA verifies that the u is a legal userjThe identity information pair (u, pk)u) The account pool is credited with, and a portion of the proxy key is calculated as follows (VI):
x is 34229368949702775535486670805532819702848175206385354385109072861246234918113; the proxy keys are respectively:
vu,1=31074695685836099634753164556607619078945865204692427848513033028639 7371634139810045085958163147355200949602839252561445553784762980435190261947 1099787719;
vu,2=73789566422831300153459151766666862968798825534917250574384403964839 8016604382400221458528595557606480626019611344299217247246845903200889801675 2529795660;
vu,3=79939733556509559718474148249558799268480130412002087949811008434838 9034565483606294715813919305141288812938700508237978582984365162267613696796 3095940626;
vu,4=17221895236855057993585343781187480750423600929136000867758831151949 13909026068409530825457737667638306771151013515936407379793411551124861042234 097874372;
vu,5=47608928782128537215600559876428998911173597436942960323938497341927 0691522980304038671020408825092622271272175404599574927450423445513920533875 7314947857。
step five: proxy key recovery
a) When the user u receives not less than t partial proxy keys and records asThen, the intermediate variable w is calculated by the following formula (VII):
wherein: w is a middle variable generated in the calculation process, and the right side of the equation is Lagrange interpolation performed on an index;
Wherein: e.g. of the type0And 4 Delta2A pair of (a, b) can be found such that 4 Δ2.a+e0b=-1。
c) Calculating a proxy key v of a user according to the following equation (IX)u:
vu=waxb(IX)
w=5448008741470273527977346493550158516483005928174925115284777271631864 5276470828129108627910296196097991084467636059807715380081018390301564660138 91149424;
vu4712691729553089439760273523066311877826260038654936923475248469170827356264825506588103938269937795419054495282278965753252223481661059251418397543505956 verified vuAnd (4) correct.
Step six: wallet generation
a) Input 1λWherein: λ is a safety parameter.
b) Selecting two large prime numbers pb,i,qb,iLength k, calculating nb,i=pb,i·qb,iAnd selecting eb,i,db,iSatisfy eb,idb,i=1(modφ(nb,i)). Let pkb,i=(nb,i,eb,i),skb,i=(db,i) (ii) a Let wallet address be pkb,i(ii) a The wallet address needs to be updated periodically, i denotes the ith update.
pu,i=98905411631433183413607147068875624006656974845456685657046402584491 734670889;
qu,i=72730738245982562336422357343086698203136123108136595248092083835528 635746699;
nu,i=71934636044769260093995329713239506247969832130470478253745193385689 9130506945641885189730589476195707523528053059103992724064025091447357445419 3533145411;
Selecting an integer eu,i65537 and phi (n)u,i) Relatively prime and e is smallIn phi (n)u,i) And calculating d: d.e.ident.1 mod (phi (n)u,i) To obtain:
du,i=13270209954396148046697339460656814174252029700129515877867149671681 5089000545726876218655830907051290616375356118420547425241310812842915016453 5354645153。
step seven: wallet authentication
a) In order to prevent public key replacement attack, when a user a wants to receive the transfer of others, the user a firstly needs to address pk of the user ab,iAuthentication is performed, input 1λ,vb,pkb,i,pkCA,skb,pkb. In thatRandom selection on domainThe intermediate variable r is calculated by the following formula (XI)i,ki:
The intermediate variable g is calculated according to the following formula (XII)i,yi:
b) Address pk of user bb,iIs Certb,i=(yi,gi) Obtaining:
ti=7377853991639920693270177433470989967622853179914631740065118262053887 4941715049719741369767163189980493422634343343983686792659548032085219493930 69401389;
ri=4759149528279737629950452887827267383269268578610334060880301554450520 5274665359284511768356431340465717240196877947375822388984867405413951979581 09081923;
ki=7446901942716709609768648643136422722018005928006405900707411968380378 9573252862826059520378472568990735673744661207596598569759916733197063216483 52959654;
gi=5934957782677915040975265171998683088387466645141307370265579950722329 5419254028474043401717148768628917625173772679615073505349650437207510116864 87922359;
yi=6197268909245805163825572692399037393703611513936488943462969002309231 06242858989778175566762176507111710878607248621661671553397220734028113691322 8866397。
step eight: verification of authentication
a) Input 1λ,pkb=(nb,eb),pkb,i=(nb,i,eb,i),Certb,i=(yi,gi),pkCA=(n0,e0) The intermediate variable k 'is calculated by the following formula (XIII)'iAnd r'i:
b) User a checks h (r 'according to the following formula (XIV)'i,nb,i,eb,i)=k′jIf so, verifying the address correctly, otherwise, possibly replacing the address;
thus, h (r'i,nb,i,eb,i)=h(ri,nb,i,eb,i)=ki=k′i(ii) a Obtaining:
k′i=7446901942716709609768648643136422722018005928006405900707411968380378 9573252862826059520378472568990735673744661207596598569759916733197063216483 52959654;
r′iat 4759149528279737629950452887827267383269268578610334060880301554450520527466535928451176835643134046571724019687794737582238898486740541395197958109081923, the signature was found to be correct by empirical calculation.
Step nine: transaction signatures
a) Input 1λ,T,ska,i′,pka,i′Wherein i 'is the ith' updated address of the user a, and a random number r is selectedj′∈R{0,1}λCalculated according to the following formula (XIV):
wherein: sigmaa,T,iIs a signature on the transaction; | | represents a connection symbol;
and calculating to obtain:
wi′=642594131613360864268557952175729557884346946736788458689331267123217 8055740243311716175315457731090228336036213248675490550041374780874470257701 551528412;
si′=649078488826320808016511405352022573128350889809076138102819090894148 81808616824156711317142122570503580868038222362954724557139511511817286534246 25726065;
yi′=876302786523043390228772324678370078170883092845252914250675446971938 0895006891602696361364369441141142861812013529386417964928664794239558824637 148205589;
σa,T,i′=471269172955308943976027352306631187782626003865493692347524846917 0827356264825506588103938269937795419054495282278965753252223481661059251418 397543505956。
step ten: verification of transactions
a) Input 1λ,σa,T,i′,pka,i′And (5) firstly verifying the validity of the public key according to the method in the step (eight), and then calculating according to the following formula (XVI):
obtaining:
yi′=87630278652304339022877232467837007817088309284525291425067544697193 8089500689160269636136436944114114286181201352938641796492866479423955882463 7148205589。
will yi′Is converted into wi′||si′Obtaining:
wi′=64259413161336086426855795217572955788434694673678845868933126712321 7805574024331171617531545773109022833603621324867549055004137478087447025770 1551528412;
si′=649078488826320808016511405352022573128350889809076138102819090894148 81808616824156711317142122570503580868038222362954724557139511511817286534246 25726065。
and checking whether the following formula (XVII) holds:
obtaining:
g(wi′) 6490784888263208080165114053520225731283508898090761381028190908941488180861682415671131714212257050358086803822236295472455713951151181728653424625726065 byAnd (5) verifying and calculating to obtain correct signature.
The invention has been described in further detail in order to avoid limiting the scope of the invention, and it is intended that all such equivalent embodiments be included within the scope of the following claims. The present invention is not limited to the above embodiments, and variations and advantages that can be realized by those skilled in the art are included in the present invention without departing from the spirit and scope of the inventive concept, and the scope of the present invention is defined by the appended claims.
Claims (12)
1. A blockchain system with (n, t) threshold distributed authority nodes, wherein the blockchain system is composed of n authority nodes with certificate authority CA threshold architecture, and each authority node plays a role of a certificate authority; the authentication center is composed of an account pool and a block pool which are connected by a transaction controller.
2. The method for authenticating the blockchain system with the (n, t) threshold distributed authoritative nodes according to claim 1, wherein the CA issues a proxy key to the user, and the user authenticates the public key of the user through the proxy key to perform privacy protection of periodically updating the address, wherein the authentication process specifically includes the following steps:
system initialization
The system generates a master public key on the premise of giving security parameters;
secret sharing
The system generates a secret sharing polynomial and distributes part of generated private keys to the distributed CA;
(III) Block Link Point initialization
Generating a block chain node in the network and generating a long-term public and private key pair for the block chain node, wherein the public key is used as a certificate of the identity of the public key stored at a CA;
(IV) proxy Key request
The user requests the agent key from the CA, and the CA respectively calculates a part of the agent keys and sends the part of the agent keys to the user;
(IV) proxy Key recovery
After the user receives partial proxy keys sent by threshold CA, the complete proxy key can be calculated by secret recovery means;
(VI) wallet generation
A user generates a periodically updated short-term public and private key pair, wherein the short-term public key is used as an address of the wallet;
(VII) wallet authentication
The user authenticates the wallet address through the proxy authentication key;
(eighth) authentication verification
Others can verify the authentication of the wallet address through the master public key and the public key of the user;
(nine) transaction signatures
A user carries out digital signature on the transaction through a short-term public and private key;
(Ten) transaction verification
All the persons can verify the transaction through the short-term public key of the sender, if the verification is passed, the transaction is established, and the transaction can be stored into the block chain by the CA.
3. The method according to claim 2, wherein the system initialization procedure of step (a) includes the following steps:
a) input 1λWherein λ is a security parameter;
b) the system selects two safety prime numbers p with the length of lambda0,q0And satisfies the following formula (I).
q0=2q′0+1,p0=2p′0+1 (wherein p'0,q′0Is prime number) (I)
4. The method for authenticating a blockchain system with (n, t) threshold distributed authoritative nodes according to claim 2, wherein the secret sharing process of the step (two) specifically includes the following steps:
a) the system will d0Private key d dispersed into n partsi(i ═ 1,2, …, n) and sent to n CAs, respectively, i.e. one selected according to the following formula (II)T-1 order polynomial of (1):
f(x)=at-1xt-1+…+a2x2+a1x+d0(mod m0)
For each CAj(j ∈ 1,2, …, n), calculating djF (j) and sends to the corresponding CAjAfter the step is finished, the system destroys p0,q0And d0;
b) Define operator Δ ═ n! A subset of any t CA' S is defined as S, and for any i ∈ {0, …, n } \ S, j ∈ S, and is defined by the following formula (III):
then obtaining the following formula (IV) according to a Lagrange interpolation method:
5. the method for authenticating a blockchain system with (n, t) threshold distributed authoritative nodes according to claim 2, wherein the blockchain node initialization procedure of the step (three) specifically includes the following steps:
a) when a new user u joins the network, a block link point and a node identifier are created, and then 1 is inputλWherein λ is a safety parameter;
b) selecting two large prime numbers pu,quLength k, and calculate nu=pu·quAnd selecting eu,duSatisfies eudu=1(modφ(nu) And let pk)u=(nu,eu),sku=(du)。
6. The method according to claim 2, wherein the proxy key request procedure in step (iv) includes the following steps:
a) the user calculates the request body x by the public hash function h (-) according to the following formula (V):
x=h(nu,eu) (V)
and sends request information (u, pk) to all CAsuX), wherein: u represents the true identity of the user; pkuIs the public key of the user, i.e. the identifier of the block chain node;
b) when CA is injAfter receiving the request sent by the user u, the CA verifies whether the u is a legal user, namely the user who purchases the block chain service, and if the u is legal, the CAjThe identity information pair (u, pk)u) The account pool is credited with, and a portion of the proxy key is calculated as follows (VI):
and v is to beu,jAnd sending the data to the user u.
7. The method according to claim 2, wherein the proxy key recovery procedure of step (five) comprises the following steps:
a) when the user u receives not less than t partial proxy keys and records as) Then, the intermediate variable w is calculated by the following formula (VII):
wherein: w is a middle variable generated in the calculation process, and the right side of the equation is Lagrange interpolation performed on an index;
Wherein: e.g. of the type0And 4 Delta2A pair of (a, b) can be found such that 4 Δ2·a+e0b=-1。
c) Calculating a proxy key v of a user according to the following equation (IX)u:
vu=waxb(IX)
If COR ≡ 1(mod m)0) If yes, the proxy key is correct; whether or notThe proxy key is wrong and the user submits an error message to the CA, the previous user u now being represented by the parties a, b of the transaction in order to indicate the parties to the transaction.
8. The method for authenticating a blockchain system with (n, t) threshold distributed authoritative nodes according to claim 2, wherein the wallet generating process of the step (six) specifically comprises the following steps:
a) input 1λWherein λ is a safety parameter;
b) selecting two large prime numbers pb,i,qb,iWith a length of k, calculating nb,i=pb,i·qb,iAnd selecting eb,i,db,iSatisfies eb,idb,i=1(modφ(nb,i) Let pk)b,i=(nb,i,eb,i),skb,i=(db,i) Let wallet address be pkb,iWherein i represents the ith update; b is a trading party; u represents all users.
9. The method for authenticating a blockchain system with (n, t) threshold distributed authoritative nodes according to claim 2, wherein the wallet authentication procedure of the step (seven) specifically comprises the following steps:
a) when the user a wants to receive the account transfer of other people, the user a firstly carries out the account transfer to the own address pkb,iAuthentication is performed, input 1λ,vb,pkb,i,pkCA,skb,pkbIn aRandom selection on domainThe intermediate variable r is calculated by the following formula (XI)i,ki:
The intermediate variable g is calculated according to the following formula (XII)i,yi:
b) Address pk of user bb,iIs Certb,i=(yi,gi)。
10. The method according to claim 2, wherein the authentication verification process of step (eight) comprises the following steps:
a) input 1λ,pkb=(nb,eb),pkb,i=(nb,i,eb,i),Certb,i=(yi,gi),pkCA=(n0,e0) The intermediate variable k 'is calculated by the following formula (XIII)'iAnd r'i:
b) User a checks h (r 'according to the following formula (XIV)'i,nb,i,eb,i)=k′jIf so, verifying the address correctly, otherwise, possibly replacing the address;
therefore, the temperature of the molten metal is controlled,
h(r′i,nb,i,eb,i)=h(ri,nb,i,eb,i)=ki=k′i。
11. the method for authenticating a blockchain system with (n, T) threshold distributed authority nodes according to claim 2, wherein the transaction signature of the step (nine) is signed by the transaction generator a for T, and the process specifically includes the following steps:
a) input 1λ,T,ska,i′,pka,i′Wherein i 'is the ith' updated address of the user a, and a random number r is selectedi′∈R{0,1}λCalculated according to the following formula (XV):
wi′←g(H(T)||ri′),si′←g(wi′)⊕wi′
wherein: sigmaa,T,i′Is a signature on the transaction; and | represents a connection symbol.
12. The method according to claim 2, wherein the transaction verification process of step (ten) comprises the following steps:
a) input 1λ,σa,T,i′,pka,i′And (5) firstly verifying the validity of the public key according to the method in the step (eight), and then calculating according to the following formula (XVI):
will yi′Is converted into wi′||si′;
And checking whether the following formula (XVII) holds:
si′⊕wi′=g(wi′) (XVII)
if yes, the verification is passed, otherwise, the verification is not passed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911004459.8A CN110851859B (en) | 2019-10-22 | 2019-10-22 | Authentication method of distributed authority node block chain system with (n, t) threshold |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911004459.8A CN110851859B (en) | 2019-10-22 | 2019-10-22 | Authentication method of distributed authority node block chain system with (n, t) threshold |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110851859A true CN110851859A (en) | 2020-02-28 |
CN110851859B CN110851859B (en) | 2023-09-29 |
Family
ID=69596758
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911004459.8A Active CN110851859B (en) | 2019-10-22 | 2019-10-22 | Authentication method of distributed authority node block chain system with (n, t) threshold |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110851859B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
CN112686672A (en) * | 2021-01-08 | 2021-04-20 | 新晨科技股份有限公司 | Block chain endorsement signature compression method, electronic device and storage medium |
CN116384999A (en) * | 2023-04-19 | 2023-07-04 | 北方工业大学 | Lightweight hierarchical deterministic wallet model supporting invisible addresses and method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109150968A (en) * | 2018-07-13 | 2019-01-04 | 上海大学 | A kind of block chain distributed storage method based on privacy sharing |
WO2019034951A1 (en) * | 2017-08-15 | 2019-02-21 | nChain Holdings Limited | Threshold digital signature method and system |
CN109684878A (en) * | 2018-12-17 | 2019-04-26 | 杭州安恒信息技术股份有限公司 | One kind being based on block chain technology privacy information tamper resistant method and system |
CN110197081A (en) * | 2019-05-30 | 2019-09-03 | 北京理工大学 | A kind of cloud data sharing secret protection scheme based on block chain |
CN110289951A (en) * | 2019-06-03 | 2019-09-27 | 杭州电子科技大学 | A kind of shared content monitoring method based on Threshold key sharing and block chain |
-
2019
- 2019-10-22 CN CN201911004459.8A patent/CN110851859B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
WO2019034951A1 (en) * | 2017-08-15 | 2019-02-21 | nChain Holdings Limited | Threshold digital signature method and system |
CN107395349A (en) * | 2017-08-16 | 2017-11-24 | 深圳国微技术有限公司 | A kind of block chain network cryptographic key distribution method based on self-certified public key system |
CN109150968A (en) * | 2018-07-13 | 2019-01-04 | 上海大学 | A kind of block chain distributed storage method based on privacy sharing |
CN109003083A (en) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | A kind of ca authentication method, apparatus and electronic equipment based on block chain |
CN109684878A (en) * | 2018-12-17 | 2019-04-26 | 杭州安恒信息技术股份有限公司 | One kind being based on block chain technology privacy information tamper resistant method and system |
CN110197081A (en) * | 2019-05-30 | 2019-09-03 | 北京理工大学 | A kind of cloud data sharing secret protection scheme based on block chain |
CN110289951A (en) * | 2019-06-03 | 2019-09-27 | 杭州电子科技大学 | A kind of shared content monitoring method based on Threshold key sharing and block chain |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
CN111371790B (en) * | 2020-03-05 | 2022-06-17 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
CN112686672A (en) * | 2021-01-08 | 2021-04-20 | 新晨科技股份有限公司 | Block chain endorsement signature compression method, electronic device and storage medium |
CN116384999A (en) * | 2023-04-19 | 2023-07-04 | 北方工业大学 | Lightweight hierarchical deterministic wallet model supporting invisible addresses and method |
Also Published As
Publication number | Publication date |
---|---|
CN110851859B (en) | 2023-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10211981B2 (en) | System and method for generating a server-assisted strong password from a weak secret | |
CN106972931B (en) | Method for transparentizing certificate in PKI | |
WO2021042685A1 (en) | Transaction method, device, and system employing blockchain | |
JP4527358B2 (en) | An authenticated individual cryptographic system that does not use key escrow | |
CN114730420A (en) | System and method for generating signatures | |
JP2019507510A (en) | Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys | |
JP2023024499A (en) | System and method for enabling secure storage of large block chain over multiple storage nodes, which are implemented by computer | |
JP2008545353A (en) | Establishing a reliable relationship between unknown communicating parties | |
CN110851859B (en) | Authentication method of distributed authority node block chain system with (n, t) threshold | |
US20190356496A1 (en) | Public Key Infrastructure & Method of Distribution | |
Xi et al. | ZAMA: A ZKP-based anonymous mutual authentication scheme for the IoV | |
CN116418560A (en) | System and method for online quick identity authentication based on blockchain intelligent contract | |
CN114866259B (en) | Block chain controlled traceable identity privacy method based on secret sharing | |
WO2022089865A1 (en) | Identifying denial-of-service attacks | |
CN111181718A (en) | Anti-quantum computing IKE system based on alliance chain and negotiation communication method | |
Hossain et al. | ICAS: Two-factor identity-concealed authentication scheme for remote-servers | |
CN112529573A (en) | Combined block chain threshold signature method and system | |
Yin et al. | Two‐Round Password‐Based Authenticated Key Exchange from Lattices | |
CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
CN116827584B (en) | Method for certificateless anonymous cross-domain authentication of Internet of things equipment based on blockchain | |
CN112039837A (en) | Electronic evidence preservation method based on block chain and secret sharing | |
CN111147240A (en) | Privacy protection method and system with traceability | |
CN110740034A (en) | Method and system for generating QKD network authentication key based on alliance chain | |
CN113014376B (en) | Method for safety authentication between user and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |