CN113112268A - Anonymous multiple signature method, computer device, and storage medium - Google Patents
Anonymous multiple signature method, computer device, and storage medium Download PDFInfo
- Publication number
- CN113112268A CN113112268A CN202110297995.2A CN202110297995A CN113112268A CN 113112268 A CN113112268 A CN 113112268A CN 202110297995 A CN202110297995 A CN 202110297995A CN 113112268 A CN113112268 A CN 113112268A
- Authority
- CN
- China
- Prior art keywords
- signature
- anonymous
- verification
- identification information
- target data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 76
- 238000004590 computer program Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- ONIBWKKTOPOVIA-UHFFFAOYSA-M prolinate Chemical compound [O-]C(=O)C1CCCN1 ONIBWKKTOPOVIA-UHFFFAOYSA-M 0.000 description 2
- GASSMURBTFATAP-ZULHOKSMSA-N PA-PI Chemical compound CCCCCCCCCCCCCCCC(=O)OC[C@H](COP(O)(=O)OC1C(O)C(O)C(O)[C@@H](O)C1O)OC(=O)CCCCCCCC(O)=O GASSMURBTFATAP-ZULHOKSMSA-N 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an anonymous multiple signature method, a computer device and a storage medium, wherein the method comprises the following steps: respectively acquiring each first signature data, a corresponding first public key and a corresponding first elliptic curve random number; generating signature identification information for identifying whether each user authorized to participate in the multiple signatures participates in the multiple signatures or not according to each first public key; generating first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number; and generating a first anonymous multi-signature transaction comprising first target data and first certification information, and sending the first anonymous multi-signature transaction to a block chain network for execution through an anonymous multi-signature contract, and inputting the first target data, the first certification information and a verification parameter into a zero-knowledge proof circuit for anonymous multi-signature verification. The invention realizes anonymous multiple signatures on the block chain.
Description
Technical Field
The application relates to the technical field of internet, in particular to an anonymous multiple signature method, a computer device and a storage medium.
Background
The current block chain multiple signature schemes are all public signature schemes:
the users participating in the multiple signatures sign and generate transactions through private keys held by the users and send the transactions to the block chain network;
the block chain node executes the transaction through a multiple signature contract, and the signature is verified through the public key of the user: if the verification is successful, recording the signature of the user in the contract;
when the number of the signature users recorded in the contract exceeds the number of the users required by the multiple signatures, for example 2/3 of the total number of the users, the verification of the multiple signatures is successful.
The above scheme exposes very clearly which users are participating in multiple signatures and which users are not.
When some users wish to participate in the multiple signatures and do not wish to expose the information participating in the multiple signatures, the scheme can not meet the requirements of the users.
Zero Knowledge Proof (Zero-Knowledge Proof) was proposed by s.goldwasser, s.micali and c.rackoff in the beginning of the 80 th 20 th century. It means that the prover can convince the verifier that some assertion is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.
Disclosure of Invention
In view of the above-described deficiencies or inadequacies in the prior art, it would be desirable to provide an anonymous multi-signature method, computer device, and storage medium that enables anonymous multi-signatures over blockchains.
In a first aspect, the present invention provides an anonymous multiple signature method, where an anonymous multiple signature contract is configured on a block chain, a zero-knowledge proof circuit for verifying the anonymous multiple signature is configured in the anonymous multiple signature contract, and a verification parameter is generated according to the zero-knowledge proof circuit, the method includes:
respectively acquiring first signature data generated by signing the first target data by each first user participating in the multi-signature, and a corresponding first public key and a first elliptic curve random number;
generating signature identification information for identifying whether each user authorized to participate in the multiple signatures participates in the multiple signatures or not according to each first public key;
generating first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number;
generating a first anonymous multi-signature transaction comprising first target data and first certification information, sending the first anonymous multi-signature transaction to a block chain network, enabling a block chain node to execute the first anonymous multi-signature transaction through an anonymous multi-signature contract, and inputting the first target data, the first certification information and verification parameters into a zero-knowledge certification circuit for anonymous multi-signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the verification fails, the anonymous multiple signature verification fails;
and if the two verification items are successful, the anonymous multiple signature verification is successful.
In a second aspect, the present invention provides an anonymous multiple signature method applicable to a blockchain node, where an anonymous multiple signature contract is configured on a blockchain, a zero-knowledge proof circuit for verifying the anonymous multiple signature is configured in the anonymous multiple signature contract, and a verification parameter is generated according to the zero-knowledge proof circuit, the method including:
executing a first anonymous multiple signature transaction through an anonymous multiple signature contract, and inputting first target data, first certification information and verification parameters into a zero-knowledge certification circuit for anonymous multiple signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the verification fails, the anonymous multiple signature verification fails;
and if the two verification items are successful, the anonymous multiple signature verification is successful.
The first anonymous multiple signature transaction comprises first target data and first certification information and is generated by a first user end;
the first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number;
the signature identification information is used for identifying whether each user authorized to participate in the multiple signature participates in the multiple signature, and is generated by the first user end according to each first public key.
In a third aspect, the present invention also provides a computer device comprising one or more processors and memory, wherein the memory contains instructions executable by the one or more processors to cause the one or more processors to perform an anonymous multiple signature method provided according to embodiments of the present invention.
In a fourth aspect, the present invention also provides a storage medium storing a computer program that causes a computer to execute the anonymous multi-signature method provided according to the embodiments of the present invention.
The anonymous multiple signature method, the computer device and the storage medium provided by the embodiments of the invention configure the zero-knowledge proof circuit for simultaneously verifying whether the number of signatures is enough and whether each signature can pass the verification in the intelligent contract, and configure the verification parameters generated according to the circuit, so that the anonymous multiple signature transaction which is publicly submitted to the block chain can only include the target data and the proof information generated according to the information such as the signature data, and the like, and does not need to include any information which may expose the identity of the user, such as a public key, and the like, thereby realizing the anonymous multiple signature on the block chain.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
fig. 1 is a flowchart of an anonymous multiple signature method according to an embodiment of the present invention.
Fig. 2 is a flowchart of another anonymous multiple signature method according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 is a flowchart of an anonymous multiple signature method according to an embodiment of the present invention.
As shown in fig. 1, in the present embodiment, the present invention provides an anonymous multiple signature method, where an anonymous multiple signature contract is configured on a block chain, a zero-knowledge proof circuit for verifying the anonymous multiple signature is configured in the anonymous multiple signature contract, and a verification parameter is generated according to the zero-knowledge proof circuit, the method includes:
s11: respectively acquiring first signature data generated by signing the first target data by each first user participating in the multi-signature, and a corresponding first public key and a first elliptic curve random number;
s13: generating signature identification information for identifying whether each user authorized to participate in the multiple signatures participates in the multiple signatures or not according to each first public key;
s15: generating first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number;
s17: generating a first anonymous multi-signature transaction comprising first target data and first certification information, sending the first anonymous multi-signature transaction to a block chain network, enabling a block chain node to execute the first anonymous multi-signature transaction through an anonymous multi-signature contract, and inputting the first target data, the first certification information and verification parameters into a zero-knowledge certification circuit for anonymous multi-signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the verification fails, the anonymous multiple signature verification fails;
and if the two verification items are successful, the anonymous multiple signature verification is successful.
In this embodiment, the signature algorithm adopts a schnorr signature algorithm, and the signature data generation algorithm is as follows:
s=r+ke,e=hash(P||R||m);
wherein s is signature data, R is a random number, k is a private key, P is a public key, R is an elliptic curve random number generated according to R, and m is signature target data.
The verification algorithm of the signature data is as follows:
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
wherein G is an elliptic curve base point.
In the present embodiment, the zero-knowledge proof circuit configured in the anonymous multiple signature contract is generated according to the algorithms described above.
Specifically, those skilled in the art can understand how to generate a zero knowledge proof circuit according to an algorithm in a zero knowledge proof architecture, the zero knowledge proof circuit including at least a generation algorithm Setup (), a proof algorithm pro (), and a verification algorithm Verify (). The detailed process is not described herein.
In further embodiments, the signature algorithm may be configured as other signature algorithms commonly used in the art according to actual requirements, and the same technical effect may be achieved as long as the verification algorithm of the signature algorithm can meet the requirement of zero-knowledge proof, that is, the public inputs and proofs submitted by the anonymous multiple signature exchange do not expose the information related to the user identity.
The method shown in fig. 1 is applicable to both client and auxiliary centralized servers, and is specifically described with reference to the following examples.
The method is exemplarily described below by taking an example of anonymous multiple signatures registered in a contract, wherein 9 users all have signature authority and at least 6 signatures of the 9 users are required to pass through.
First, when anonymous multiple signature registration is performed, it is necessary to use the public key P of 9 usersA-PIOr address addrA-addrIAnd the above generation algorithm Setup () generates the verification parameter ver _ key1, namely:
Setup(PA-PI) → verification parameter ver _ key 1; or the like, or, alternatively,
Setup(addrA-addrI) → verification parameter ver _ key 1;
ver _ key1 is then submitted onto the blockchain through anonymous multi-signed registration transactions, deploying ver _ key1 into anonymous multi-signed contracts for subsequent verification.
After successful registration, when the user A, C, D, F, G, H needs to perform anonymous multiple signature on the target data1, the public key of each user, the signature data of the data1 and the elliptic curve random number corresponding to the signature need to be summarized to generate certification information and generate anonymous multiple signature transaction, that is, a device is needed to execute the method shown in fig. 1.
In this embodiment, the method executed by the user side of the user a is taken as an example for exemplary explanation; in other embodiments, the user end of each user may submit the elliptic curve random numbers corresponding to the public key, the signature data and the signature to a secondary centralized server with a secret credit, and the centralized server executes the method shown in fig. 1; in further embodiments, the method shown in fig. 1 may also be executed by other different devices as will be understood by those skilled in the art, and the same technical effect may be achieved as long as the device can acquire the data provided by each user terminal, can generate a transaction, and sends the transaction to the blockchain network.
In step S11, the user side of user a acquires the following data:
the user end of the user A passes the private key pAAnd signature data s generated by signing data1 with random number r1APublic key P of user AAAn elliptic curve random number R1 generated from R1;
the user end of the user C passes the private key pCAnd signature data s generated by signing data1 with random number r2CPublic key P of user CCAn elliptic curve random number R2 generated from R2;
the user end of the user D passes the private key pDAnd signature data s generated by signing data1 with random number r3DPublic key P of user DDAn elliptic curve random number R3 generated from R3;
the user end of the user F passes the private key pFAnd signature data s generated by signing data1 with random number r4FPublic key P of user FFAn elliptic curve random number R4 generated from R4;
the user end of the user G passes the private key pGAnd signature data s generated by signing data1 with random number r5GPublic key P of user GGAn elliptic curve random number R5 generated from R5;
the user end of the user H passes the private key pHAnd signature data s generated by signing data1 with random number r6HPublic key P of user HHAn elliptic curve random number R6 generated from R6.
In step S13, the user end of user a is based on each first public key PA、PC、PD、PF、PG、PHSignature identification information 101101110 is generated to identify whether each user authorized to participate in the multiple signatures participates in the multiple signatures (or 0 may identify participation, and 1 may identify non-participation, then the signature identification information is 010010001; or may be identified in other ways as will be appreciated by those skilled in the art).
In step (b)In step S15, the user end of the user a uses the first target data1 as public input, and the signature data S acquired in step S11A-sHPublic key PA-PHAnd elliptic curve random numbers R1-R6 are used as private inputs, the certification algorithm pro () is input, and first certification information pro 1 is generated, namely:
Prove(data1,sA-sH、PA-PH、R1-R6)→prove1。
in step S17, the user end of the user a generates an anonymous multi-signature transaction tx1 including the first target data1 and the first proof information pro 1 by packaging, and transmits tx1 to the blockchain network.
The block chain node receives, broadcasts, packages and executes tx1 through an anonymous multiple signature contract, and inputs the first target data1, the first proof information prov 1 and the verification parameter ver _ key1 into a verification algorithm Verify () of the zero-knowledge proof circuit to perform anonymous multiple signature verification, namely:
Verify(data1,prove1,ver_key1)→Yes/No。
specifically, the verification algorithm Verify () ensures that the following two verifications are simultaneously performed inside the zero knowledge proof circuit:
verifying that the number (6) of signed users identified by the signature identification information 101101110 is not less than the number (6) of signatures required for multiple signatures;
and verifying whether the signature of each first user identified by the signature identification information passes verification.
If any one of the two verifications fails, the output result of the verification algorithm Verify () is No, and the anonymous multi-signature verification fails;
if the two items of verification are successful, the output result of the verification algorithm Verify () is Yes, and the anonymous multiple signature verification is successful.
In the above example, the information disclosed by the execution results of tx1 and tx1 on the block chain only includes the target data1, and only the proof information pro 1 that can be verified and cannot be resolved, and the verification result is success or failure without disclosing any information that would reveal the identity of the signing user.
The above-mentioned embodiment implements the anonymous multiple signature on the blockchain by configuring the zero-knowledge proof circuit for simultaneously verifying whether the number of signatures is sufficient and whether each signature can pass the verification in the smart contract, and configuring the verification parameters generated according to the circuit, so that the anonymous multiple signature transaction which is openly submitted to the blockchain can only include the target data and the proof information generated according to the signature data and other information, and does not need to include any information which may expose the identity of the user, such as a public key.
Fig. 2 is a flowchart of another anonymous multiple signature method according to an embodiment of the present invention. The method illustrated in fig. 2 may be performed in conjunction with the method illustrated in fig. 1.
As shown in fig. 2, in this embodiment, the present invention further provides an anonymous multiple signature method applicable to a blockchain node, where an anonymous multiple signature contract is configured on a blockchain, a zero-knowledge proof circuit for verifying the anonymous multiple signature is configured in the anonymous multiple signature contract, and a verification parameter generated by the zero-knowledge proof circuit, and the method includes:
s21: executing a first anonymous multiple signature transaction through an anonymous multiple signature contract, and inputting first target data, first certification information and verification parameters into a zero-knowledge certification circuit for anonymous multiple signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the verification fails, the anonymous multiple signature verification fails;
and if the two verification items are successful, the anonymous multiple signature verification is successful.
The first anonymous multiple signature transaction comprises first target data and first certification information and is generated by a first user end;
the first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number;
the signature identification information is used for identifying whether each user authorized to participate in the multiple signature participates in the multiple signature, and is generated by the first user end according to each first public key.
Preferably, the zero knowledge proof circuit is generated according to the following algorithm:
s=r+ke;
e=hash(P||R||m);
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
wherein s is signature data, R is a random number, k is a private key, P is a public key, R is an elliptic curve random number generated according to R, m is signature target data, and G is an elliptic curve base point.
The anonymous multi-signature principle of the method shown in fig. 2 can refer to the method shown in fig. 1, and is not described herein again.
Fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
As shown in fig. 3, as another aspect, the present application also provides a computer apparatus 300 including one or more Central Processing Units (CPUs) 301 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data necessary for the operation of the apparatus 300 are also stored. The CPU301, ROM302, and RAM303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input portion 306 including a keyboard, a mouse, and the like; an output section 307 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 308 including a hard disk and the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. A drive 310 is also connected to the I/O interface 305 as needed. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 310 as necessary, so that a computer program read out therefrom is mounted into the storage section 308 as necessary.
In particular, according to an embodiment of the present disclosure, the method described in any of the above embodiments may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing any of the methods described above. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 309, and/or installed from the removable medium 311.
As yet another aspect, the present application also provides a computer-readable storage medium, which may be the computer-readable storage medium included in the apparatus of the above-described embodiment; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present application.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present application may be implemented by software or hardware. The described units or modules may also be provided in a processor, for example, each unit may be a software program provided in a computer or a mobile intelligent device, or may be a separately configured hardware device. Wherein the designation of a unit or module does not in some way constitute a limitation of the unit or module itself.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the present application. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (6)
1. An anonymous multi-signature method, wherein a blockchain is configured with an anonymous multi-signature contract, the anonymous multi-signature contract is configured with a zero-knowledge proof circuit for verifying the anonymous multi-signature, and a verification parameter generated by the zero-knowledge proof circuit, the method comprising:
respectively acquiring first signature data generated by signing the first target data by each first user participating in the multi-signature, and a corresponding first public key and a first elliptic curve random number;
generating signature identification information for identifying whether each user authorized to participate in the multiple signatures participates in the multiple signatures or not according to the first public keys;
generating first certification information according to the first target data, the signature identification information, each first signature data, a corresponding first public key and a corresponding first elliptic curve random number;
generating a first anonymous multi-signature transaction comprising the first target data and the first certification information and sending the first anonymous multi-signature transaction to a blockchain network, so that blockchain nodes execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and inputting the first target data, the first certification information and the verification parameters into the zero-knowledge proof circuit for anonymous multi-signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the above verification fails, the anonymous multi-signature verification fails;
and if the two verification items are successful, the anonymous multiple signature verification is successful.
2. The method of claim 1, wherein the zero-knowledge proof circuit is generated according to the following algorithm:
s=r+ke;
e=hash(P||R||m);
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
wherein s is signature data, R is a random number, k is a private key, P is a public key, R is an elliptic curve random number generated according to R, m is signature target data, and G is an elliptic curve base point.
3. An anonymous multiple signature method, wherein an anonymous multiple signature contract is configured on a block chain, a zero-knowledge proof circuit for verifying the anonymous multiple signature is configured in the anonymous multiple signature contract, and a verification parameter generated by the zero-knowledge proof circuit is used for the block chain node, and the method comprises:
executing a first anonymous multi-signature transaction through the anonymous multi-signature contract, and inputting first target data, first certification information and the verification parameters into the zero-knowledge certification circuit for anonymous multi-signature verification:
verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required by multiple signatures; and the number of the first and second groups,
verifying whether the signature of each first user identified by the signature identification information passes verification:
if any one of the above verification fails, the anonymous multi-signature verification fails;
if both verification items are successful, the anonymous multiple signature verification is successful;
wherein the first anonymous multi-signature transaction comprises the first target data and the first attestation information, generated by a first user;
the first certification information is generated by the first user side according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the corresponding first elliptic curve random number;
the signature identification information is used for identifying whether each user authorized to participate in the multiple signatures participates in the multiple signatures, and the first user end generates the signature identification information according to the first public key.
4. The method of claim 3, wherein the zero-knowledge proof circuit is generated according to the following algorithm:
s=r+ke;
e=hash(P||R||m);
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
wherein s is signature data, R is a random number, k is a private key, P is a public key, R is an elliptic curve random number generated according to R, m is signature target data, and G is an elliptic curve base point.
5. A computer device, the device comprising:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in any of claims 1-4.
6. A storage medium storing a computer program, characterized in that the program, when executed by a processor, implements the method according to any one of claims 1-4.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110297995.2A CN113112268A (en) | 2021-03-19 | 2021-03-19 | Anonymous multiple signature method, computer device, and storage medium |
| PCT/CN2021/143838 WO2022193789A1 (en) | 2021-03-19 | 2021-12-31 | Anonymous multi-signature method, computer device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110297995.2A CN113112268A (en) | 2021-03-19 | 2021-03-19 | Anonymous multiple signature method, computer device, and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113112268A true CN113112268A (en) | 2021-07-13 |
Family
ID=76711833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110297995.2A Pending CN113112268A (en) | 2021-03-19 | 2021-03-19 | Anonymous multiple signature method, computer device, and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113112268A (en) |
| WO (1) | WO2022193789A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022161108A1 (en) * | 2021-02-01 | 2022-08-04 | 杭州复杂美科技有限公司 | Anonymous multi-signature method, computer device and storage medium |
| WO2022193789A1 (en) * | 2021-03-19 | 2022-09-22 | 杭州复杂美科技有限公司 | Anonymous multi-signature method, computer device, and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000221882A (en) * | 1999-02-02 | 2000-08-11 | Nippon Telegr & Teleph Corp <Ntt> | Multiple digital signature method, system therefor, device therefor and program recording medium therefor |
| JP2007006441A (en) * | 2005-05-24 | 2007-01-11 | Nippon Telegr & Teleph Corp <Ntt> | Method for electronic signature with threshold, verification method, device using these methods and program |
| JP2011029783A (en) * | 2009-07-22 | 2011-02-10 | Kddi Corp | Multiple signature system, verification system, multiple signature method and multiple signature program |
| CN109934593A (en) * | 2019-03-26 | 2019-06-25 | 众安信息技术服务有限公司 | For realizing the design method and equipment of the block catenary system for supporting multi-signature |
| CN110505064A (en) * | 2019-07-26 | 2019-11-26 | 深圳市网心科技有限公司 | Thresholding voting method, system and relevant device based on EC-Schnoor signature algorithm |
| WO2019235095A1 (en) * | 2018-06-06 | 2019-12-12 | 日本電信電話株式会社 | Anonymous signature system, signature generation device, anonymous signature generation device, verification device, anonymous signature method and program |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4764447B2 (en) * | 2008-03-19 | 2011-09-07 | 株式会社東芝 | Group signature system, apparatus and program |
| WO2011144247A1 (en) * | 2010-05-20 | 2011-11-24 | Hewlett-Packard Development Company, L.P. | Digital signature method and apparatus |
| US10735205B1 (en) * | 2019-03-08 | 2020-08-04 | Ares Technologies, Inc. | Methods and systems for implementing an anonymized attestation chain |
| GB201905198D0 (en) * | 2019-04-12 | 2019-05-29 | Nchain Holdings Ltd | Computer implemented method and system for knowledge proof in blockchain transactions |
| CN113112268A (en) * | 2021-03-19 | 2021-07-13 | 杭州复杂美科技有限公司 | Anonymous multiple signature method, computer device, and storage medium |
-
2021
- 2021-03-19 CN CN202110297995.2A patent/CN113112268A/en active Pending
- 2021-12-31 WO PCT/CN2021/143838 patent/WO2022193789A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000221882A (en) * | 1999-02-02 | 2000-08-11 | Nippon Telegr & Teleph Corp <Ntt> | Multiple digital signature method, system therefor, device therefor and program recording medium therefor |
| JP2007006441A (en) * | 2005-05-24 | 2007-01-11 | Nippon Telegr & Teleph Corp <Ntt> | Method for electronic signature with threshold, verification method, device using these methods and program |
| JP2011029783A (en) * | 2009-07-22 | 2011-02-10 | Kddi Corp | Multiple signature system, verification system, multiple signature method and multiple signature program |
| WO2019235095A1 (en) * | 2018-06-06 | 2019-12-12 | 日本電信電話株式会社 | Anonymous signature system, signature generation device, anonymous signature generation device, verification device, anonymous signature method and program |
| CN109934593A (en) * | 2019-03-26 | 2019-06-25 | 众安信息技术服务有限公司 | For realizing the design method and equipment of the block catenary system for supporting multi-signature |
| CN110505064A (en) * | 2019-07-26 | 2019-11-26 | 深圳市网心科技有限公司 | Thresholding voting method, system and relevant device based on EC-Schnoor signature algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 电子发烧友: "Schnorr签名与比特币多签详细介绍", pages 3 - 5, Retrieved from the Internet <URL:http://www.elecfans.com/blockchain/922948.html> * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022161108A1 (en) * | 2021-02-01 | 2022-08-04 | 杭州复杂美科技有限公司 | Anonymous multi-signature method, computer device and storage medium |
| WO2022193789A1 (en) * | 2021-03-19 | 2022-09-22 | 杭州复杂美科技有限公司 | Anonymous multi-signature method, computer device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022193789A1 (en) | 2022-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110391911B (en) | System and method for anonymously voting block chain | |
| Zhou et al. | Efficient certificateless multi-copy integrity auditing scheme supporting data dynamics | |
| Li et al. | Privacy preserving cloud data auditing with efficient key update | |
| Bagherzandi et al. | Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma | |
| US11429967B2 (en) | Mechanism for efficient validation of finality proof in lightweight distributed ledger clients | |
| Brickell et al. | Enhanced privacy ID from bilinear pairing for hardware authentication and attestation | |
| Li et al. | Universal accumulators with efficient nonmembership proofs | |
| JP4932168B2 (en) | New fair blind signing process | |
| Hohenberger et al. | ANONIZE: A large-scale anonymous survey system | |
| US9882890B2 (en) | Reissue of cryptographic credentials | |
| CN113095827B (en) | Anonymous multiple signature method, computer device, and storage medium | |
| CN112968881B (en) | Block chain anonymous voting method, computer device and storage medium | |
| WO2022161108A1 (en) | Anonymous multi-signature method, computer device and storage medium | |
| WO2019047418A1 (en) | Digital signature method, device and system | |
| WO2022193789A1 (en) | Anonymous multi-signature method, computer device, and storage medium | |
| CN109104410B (en) | Information matching method and device | |
| Shen et al. | Efficient identity-based data integrity auditing with key-exposure resistance for cloud storage | |
| Cui et al. | Escrow free attribute-based signature with self-revealability | |
| Kim et al. | Practical dynamic group signature with efficient concurrent joins and batch verifications | |
| JP2012516603A (en) | Method, apparatus, computer program, and data processing system for managing a dynamic set of cryptographic credentials within a data processing system (management of cryptographic credentials within a data processing system) | |
| Le et al. | A new multisignature scheme with public key aggregation for blockchain | |
| CN113112269B (en) | Multiple signature method, computer device, and storage medium | |
| Zheng et al. | [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature | |
| JP2001308851A (en) | User authenticating method, storage medium, device and system | |
| Dodis et al. | Time capsule signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210713 |