CN113609499A - Electronic notarization document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures - Google Patents

Electronic notarization document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures Download PDF

Info

Publication number
CN113609499A
CN113609499A CN202110857911.6A CN202110857911A CN113609499A CN 113609499 A CN113609499 A CN 113609499A CN 202110857911 A CN202110857911 A CN 202110857911A CN 113609499 A CN113609499 A CN 113609499A
Authority
CN
China
Prior art keywords
signature
user
notarization
public
service end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110857911.6A
Other languages
Chinese (zh)
Other versions
CN113609499B (en
Inventor
韩金广
曹容端
陈曙光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Weslink Network Technology Co ltd
Original Assignee
Jiangsu Weslink Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Weslink Network Technology Co ltd filed Critical Jiangsu Weslink Network Technology Co ltd
Priority to CN202110857911.6A priority Critical patent/CN113609499B/en
Publication of CN113609499A publication Critical patent/CN113609499A/en
Application granted granted Critical
Publication of CN113609499B publication Critical patent/CN113609499B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention provides an electronic notarization document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures, the method is communicated among a notarization service end node IDS, a user client node and a service end node BS, and the notarization service end node IDS is configured in a credible third-party notarization institution; the method and the system break the power concentration of the centralized server and eliminate the fake making capability of the server; the number of nodes calculated by multiple parties can be flexibly configured according to needs, so that the needs of customers are better met; the authenticity of the signature behavior can be directly and visually proved based on the credible third party notarization as one of the operation participating nodes; by constructing a decentralized online reliable electronic signature system, the trust cost is reduced, a user can safely sign an online remote electronic document without trusting the system unconditionally, and the authenticity of the signing behavior can be directly proved.

Description

Electronic notarization document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures
Technical Field
The invention relates to the field of electronic signature service for electronic documents, in particular to a method and a system for realizing reliable electronic signature through online network service, and specifically relates to an electronic notary document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures.
Background
The online electronic signing service of electronic documents is an increasingly wide application requirement in the electronic commerce environment; in order to meet the requirements of digital business production on electronic signature services, more and more electronic signature services (electronic contract services) of the SaaS platform continuously appear, but because the network platform type services mostly adopt a centralized technical architecture, a central server of the platform completely controls all elements of the electronic signature, so that the platform can have the capability of forging the signature technically, the trust cost of a user in selecting the platform services is greatly improved, and a barrier is caused to the promotion of the online electronic document signing services.
Disclosure of Invention
The invention aims to provide an electronic certificate document bookmark deployment method and system based on decentralized multi-party secure computation and multiple signatures, aiming at the problems of multiple centralized technical architectures and low security of network platform type services
The technical scheme of the invention is as follows:
the invention provides an electronic notarization document bookmark deployment method based on decentralized multi-party secure computation and multiple signatures, which is characterized in that a notarization service end node IDS, a user client node and a service end node BS are communicated; the method comprises the following steps:
s1, system initialization step: configuring the system security parameter level l, generating the common parameter Setup (1) of the systeml)→(e,p,G1,G2,Gt,g1,g2,H0,H1,H2) (ii) a Wherein: (e, p, G)1,G2,Gt) Is a bilinear group of prime order p, g1,g2Are each G1,G2Is generated from0,H1,H2Are all hash functions, where H0:{0,1}*→G1,H1:{0,1}*→Zp,H2:{0,1}*→Zp
S2, key generation step:
2.1, the public certificate service end node IDS calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny);
2.2, the service end node BS calls a public and private key generation algorithm to generate a public and private key pair (sk) of the BSbs,pkbs);
2.3, the user end inputs pin code through the client end, and calls the public and private key generation algorithm to generate the public and private key pair (sk) of the useru,pku);
2.4, calling a public key aggregation algorithm by the notarization service end node IDS to generate a complete public key apk after all the nodes are aggregated;
s3, user identity authentication:
3.1, user U inputs identity information id through clientuAnd collecting facial recognition feature f of user U by using client camerau
3.2, the client side calls a hash function to calculate the hash value M of the useridu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
3.3 notarization service end node IDS sends user identity information iduAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; the alignment is carried out by 3.4;
3.4 notarization service end node IDS according to user identity information iduCalling a hash functionHash value M of number calculation useriduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiduFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
s4, signature step: user iduThe notarization service end node IDS and the service end node BS respectively sign the electronic file M, and the steps are as follows;
4.1 the user calculates the Hash value H of the electronic file M through the client node0(M) based on the user private key skuAnd electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuThe M is sent to a service end node;
4.2, the business server calculates the Hash value H of the electronic file M0(M) and according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, continuing to 4.3;
4.3, the service end bases on the private key sk of the service endbsAnd electronic file hash value H0(M) calling a signature algorithm to calculate a service node signature value sigmabs(ii) a Will sigmau、σbsSending the M to a notarization server;
4.4, the notarization server side calculates the Hash value H of the electronic file M0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the task continues to 4.5;
4.5, the notarization service end bases on the public key pk of the service endbsAnd electronic file hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the task continues to 4.6;
4.6, the notarization service end is private according to the notarization service endKey sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny
4.7, the notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
s5, verification step:
bilinear mapping function value e (sigma, g) of elliptic curve calculated by notarization server side2) And e (H)0(M, apk), comparison
Figure BDA0003184715420000031
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
Further, the security parameter level is l, and l is 1024 bits.
Further, identity information iduIncluding the name and identification number.
Further, the service end node BS is one or more.
Further, the notarization service end node IDS is configured in a trusted third party notarization institution.
An electronic notary document signing system based on decentralized multi-party secure computation and multiple signatures, the system comprising;
a system initialization module: configuring the system security parameter level l, generating the common parameter Setup (1) of the systeml)→(e,p,G1,G2,Gt,g1,g2,H0,H1,H2) (ii) a Wherein: (e, p, G)1,G2,Gt) Is a bilinear group of prime order p, g1,g2Are each G1,G2Is generated from0,H1,H2Are all hash functions, where H0:{0,1}*→G1,H1:{0,1}*→Zp,H2:{0,1}*→Zp
A key generation module:
the public certificate service end node IDS calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny);
The service end node BS calls a public and private key generation algorithm to generate a public and private key pair (sk) of the BSbs,pkbs);
The client receives the pin code input by the user, and calls the public and private key generation algorithm to generate the public and private key pair (sk) of the useru,pku);
The notarization service end node IDS calls a public key aggregation algorithm to generate a complete public key apk after all the nodes are aggregated;
a user identity authentication module:
the client receives the identity information id input by the user UuAnd collecting facial recognition feature f of user U by using client camerau
Client calls hash function to calculate hash value M of useridu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
user identity information id is transmitted by notarization service end node IDSuAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; if the comparison is passed, according to the user identity information iduCalculating hash value M of user by calling hash functioniduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiduFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
a signature module: user iduThe notarization service end node IDS and the service end node BS respectively sign the electronic file M;
user client computing electronic filesHash value of M H0(M) based on the user private key skuAnd electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuThe M is sent to a service end node;
the business server calculates the Hash value H of the electronic file M0(M) and according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the service server side private key sk is used for verifying the signaturebsAnd electronic file hash value H0(M) calling a signature algorithm to calculate a service node signature value sigmabs(ii) a Will sigmau、σbsSending the M to a notarization server;
the notarization server calculates the Hash value H of the electronic file M0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to the public key pk of the service sidebsAnd electronic file hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to a notarization server side private key sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny(ii) a The notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
a verification module: bilinear mapping function value e (sigma, g) of elliptic curve calculated by notarization server side2) And e (H)0(M, apk), comparison
Figure BDA0003184715420000061
If the equality is not satisfied, the signature is failed, and if the equality is satisfied, the user U is indicated to pass through the multiple nodesIn cooperation, a valid signature of the file M is completed.
A service server based on decentralized multi-party secure computing and multiple signature system,
the service server configures system parameters;
the service end node BS responds to the key generation task and calls a public-private key generation algorithm to generate a public-private key pair (sk) of the BSbs,pkbs) And sent to the notarization service end node IDS;
the service server end node BS responds to the signature task, and the service server end receives the electronic file M and the user signature value sigma sent by the user clientu(ii) a Calculating the Hash value H of the electronic file M0(M) and according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the service server side private key sk is used for verifying the signaturebsAnd electronic file hash value H0(M) calling a signature algorithm to calculate a service node signature value sigmabs(ii) a Will sigmau、σbsAnd M is sent to the notarization server side.
A user client based on decentralized multi-party secure computing and multiple signature systems,
the user client configures system parameters;
the client responds to the key generation task, receives a pin code input by a user, and calls a public and private key generation algorithm to generate a public and private key pair (sk) of the useru,pku) And sent to the notarization service end node IDS;
the client responds to the user identity authentication task and receives identity information id input by a user UuAnd collecting facial recognition feature f of user U by using client camerau(ii) a Calculating hash value M of user by calling hash functionidu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
client response labelA name task, namely calculating the Hash value H of the electronic file M by a user client0(M) based on the user private key skuAnd electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuAnd M is sent to the service end node.
A notarization server based on decentralized multi-party secure computation and multiple signature system,
the notarization server side is configured with system parameters;
the public certificate service end node IDS responds to the key generation task and calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny) (ii) a Receiving a public-private key pair (sk) of a service end node BSbs,pkbs) And public and private key pair (sk) of useru,pku) Calling a public key aggregation algorithm to generate a complete public key apk after all nodes are aggregated;
the ID of the user sent by the client is received by the ID of the notarization service end node responding to the task of user identity authenticationuThe signature value sigmaiduAnd face recognition feature fu(ii) a User identity information iduAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; if the comparison is passed, according to the user identity information iduCalculating hash value M of user by calling hash functioniduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiduFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
the notarization service end node IDS responds to the signature task, and receives the user signature value sigma sent by the service end node BSuService node signature value sigmabsAnd the electronic file M is used for calculating the hash value H of the electronic file M by the notarization server0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if it is testedIf the certificate signing is successful, the notarization server side is according to the public key pk of the service server sidebsAnd electronic file hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to a notarization server side private key sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny(ii) a The notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
the notarization service end node IDS responds to the verification task, and the notarization service end calculates bilinear mapping function value e (sigma, g) of the elliptic curve2) And e (H)0(M, apk), comparison
Figure BDA0003184715420000071
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
The invention has the beneficial effects that:
the invention relates to a multi-party safety calculation method, which is a decentralized operation mode. In a multi-party safety calculation model based on multiple signatures, one complete signature can be completed only by the joint participation of any plurality of configured operation nodes, each operation node is respectively provided with different entities for control management, and no node has centralized power, so that the possibility of centralized fake making is avoided; since the user (i.e. the signer who needs to perform the electronic signature) is one of the necessary nodes in all the nodes, if the participation of the user is lacked, the complete signature cannot be completed once, otherwise, if the complete signature is completed once, the user is necessarily indicated to perform the signature, thereby realizing the non-repudiation of the electronic signature of the user and ensuring the reliability of the signature.
The method of the invention can take the credible third party notarization as one of the nodes of the multi-party security calculation to participate in the node calculation, thereby realizing the notarization participation to each user signature, thereby providing a foundation for a notarization institution as a prover to provide a proving service for the authenticity of the user electronic signature, and better meeting the actual requirements for the electronic signature service in social production.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a schematic diagram of the system architecture of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
The invention is composed of a notarization service end node IDS, a service end node BS and a user client end node, wherein the notarization service end node IDS is controlled by a credible third party notarization mechanism for use, the user client end node is controlled by a user for use, and the number of the service end node BS can be 1 or more. The notarization service end node, the service end node and the user client node are preset with the same algorithm and parameters, and the method specifically comprises the following steps:
1. description of the Algorithm
1.1 System initialization Algorithm Setup (1)l) → PP, common parameters required for the system are generated.
1.2, setting H0,H1,H2Three hash functions.
1.3 public-private Key Generation Algorithm, KG (1)l) → (sk, pk) for generating the private key as well as the public key.
1.4 public key aggregationAlgorithm Agg (pk)1,pk2,…,pkn) → apk, for generating the aggregation public key.
1.5 signature Algorithm Sign (PP, sk)i,M)→σiFor generating a signature of the ith signer.
1.6 signature Synthesis Algorithm Agg-Sign (PP, σ)1,σ2,…,σn) → σ, for generating an aggregated signature.
1.7 signature verification algorithm Verify (PP, σ, M, apk) → true/false, for signature verification of the validity of the signature σ.
1.8, e is a bilinear mapping function of the elliptic curve.
2. System initialization
System Call Setup (1)l)→(e,p,G1,G2,Gt,g1,g2,H0,H1,H2) Wherein (e, p, G)1,G2,Gt) Is a bilinear group of prime order p, g1,g2Are each G1,G2Is generated from0,H1,H2Is three hash functions, where H0:{0,1}*→G1,H1:{0,1}*→Zp,H2:(0,1}*→Zp
3. Key generation phase
3.1 notarization service end node IDS calling KG (1)l)→(skny,pkny) Generating a public-private key pair for an IDS, wherein
Figure BDA0003184715420000091
3.2 service end node BS calls KG (1)l)→(skbs,pkbs) Generating a public and private key pair of the BS, wherein
Figure BDA0003184715420000101
3.3, the user end inputs pin through the client end and calls KG (1)l)→(sku,pku) Generating a public and private key pair of a user, wherein sku=xu=H2(pin),
Figure BDA0003184715420000102
3.4 notarization service end node IDS Call Agg (pk)u,pkny,pkbs) → apk, generating a complete public key apk after all nodes are aggregated;
4. user identity authentication
4.1 user U inputs related identity information id using client nodeu(name, ID card) and using a client camera to collect facial recognition features f of the user Uu
4.2 client invocation H0(idu)→MiduCall Sign (PP, sk)u,Midu)→σiduWill idu、σidu、fuSending the information to a notarization service end node;
4.3 notarization service end node IDS sends user identity information iduAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; the alignment is carried out by 4.4;
4.4 notarization service end node invocation H0(idu)→MiduCall Verify (PP, σ)idu,Midu,pku) Checking the signature on the wafer → true/false, if the result is false, indicating that the signature fails to be verified, and terminating the task; if the result is true, the signature verification is successful, and the identity authentication is finished;
5. signature
The user, the business service end node and the notarization service end node sign the electronic file M, and the steps are as follows;
5.1, calling Sign (PP, sk) by the user through the client nodeu,H0(M))→σuGenerating a user signature value sigmauWherein
Figure BDA0003184715420000103
au=H1(pku,pkny,pkbs,pku),xu=skuWill σuThe M is sent to a service end node;
5.2, calling Verify (PP, sigma) by the service endu,H0(M),pku) → true/false verifies the user signature, if the result is false, the verification of the signature fails, and the task is terminated; if the result is true, the signature verification is successful, and 5.3 is continued;
5.3, calling Sign (PP, sk) by the service endbs,H0(M))→σbsGenerating a service node signature value sigmabsWherein
Figure BDA0003184715420000111
abs=H1(pkbs,pku,pkny,pkbs),xbs=skbsB, carrying out the following steps of; will sigmau、σbsSending the M to a notarization server;
5.4, calling Verify (PP, sigma) by notarization service terminalu,H0(M),pku) → true/false verifies the user signature, if the result is false, the verification of the signature fails, and the task is terminated; if the result is true, the signature verification is successful, and the task continues to be 5.5;
5.5, calling Verify (PP, sigma) by the notarization service terminalbs,H0(M),pkbs) → true/false verifies the signature of the service end, if the result is false, the verification of the signature fails, and the task is terminated; if the result is true, the signature verification is successful, and the task continues to be 5.6;
5.6 notarization service terminal calls Sign (PP, sk)ny,H0(M))→σnyGenerating a notarization node signature value σnyWherein, in the step (A),
Figure BDA0003184715420000112
any=H1(pkny,pku,pkny,pkbs),xny=skny
5.7, calling Agg-Sign (PP, sigma) by notarization terminalu,σny,σbs) → σ, generate an aggregate signature value σ with all nodes intact, where
Figure BDA0003184715420000113
6. Authentication
Computing function e (σ, g)2) And function e (H)0Values of (M), apk), comparison
Figure BDA0003184715420000114
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
The method and the system break the power concentration of the centralized server and eliminate the fake making capability of the server; the number of nodes calculated by multiple parties can be flexibly configured according to needs, so that the needs of customers are better met; the authenticity of the signature behavior can be directly and visually proved based on the credible third party notarization as one of the operation participating nodes; by constructing a decentralized online reliable electronic signature system, the trust cost is reduced, a user can safely sign an online remote electronic document without trusting the system unconditionally, and the authenticity of the signing behavior can be directly proved.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.

Claims (9)

1. A is based on that the many kinds of security of decentralization calculate and electronic notarization of multiple signature document book sign method, this method is by carrying on the communication between notarization service end node IDS, user client node and business service end node BS; the method is characterized by comprising the following steps:
s1, system initialization step: configuring the system security parameter level l, generating the common parameter Setup (1) of the systeml)→(e,p,G1,G2,Gt,g1,g2,H0,H1,H2) (ii) a Wherein: (e, p, G)1,G2,Gt) Is a bilinear group of prime order p, g1,g2Are each G1,G2Is generated from0,H1,H2Are all hash functions, where H0:{0,1}*→G1,H1:{0,1}*→Zp,H2:{0,1}*→Zp
S2, key generation step:
2.1, the public certificate service end node IDS calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny);
2.2, the service end node BS calls a public and private key generation algorithm to generate a public and private key pair (sk) of the BSbs,pkbs);
2.3, the user end inputs pin code through the client end, and calls the public and private key generation algorithm to generate the public and private key pair (sk) of the useru,pku);
2.4, calling a public key aggregation algorithm by the notarization service end node IDS to generate a complete public key apk after all the nodes are aggregated;
s3, user identity authentication:
3.1, user U inputs identity information id through clientuAnd collecting facial recognition feature f of user U by using client camerau
3.2, the client side calls a hash function to calculate the hash value M of the useridu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
3.3 notarization service end node IDS associates user withShare information iduAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; the alignment is carried out by 3.4;
3.4 notarization service end node IDS according to user identity information iduCalculating hash value M of user by calling hash functioniduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiduFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
s4, signature step: user iduThe notarization service end node IDS and the service end node BS respectively sign the electronic file M, and the steps are as follows;
4.1 the user calculates the Hash value H of the electronic file M through the client node0(M) based on the user private key sku and the electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuThe M is sent to a service end node;
4.2, the business server calculates the Hash value H of the electronic file M0(M) and according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, continuing to 4.3;
4.3, the service end bases on the private key sk of the service endbsAnd electronic file hash value H0(M) calling a signature algorithm to calculate a service node signature value sigmabs(ii) a Will sigmau、σbsSending the M to a notarization server;
4.4, the notarization server side calculates the Hash value H of the electronic file M0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the task continues to 4.5;
4.5, the notarization service end bases on the public key pk of the service endbsAnd electricitySubfile hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the task continues to 4.6;
4.6, the notarization service terminal bases on the notarization service terminal private key sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny
4.7, the notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
s5, verification step:
bilinear mapping function value e (sigma, g) of elliptic curve calculated by notarization server side2) And e (H)0(M, apk), comparison
Figure FDA0003184715410000031
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
2. The method for signing an electronic notary document based on decentralized multi-party security computing and multiple signatures as claimed in claim 1, wherein the security parameter level is l, and l is 1024 bits.
3. The method for signing an electronic notary document based on decentralized multi-party secure computation and multiple signatures as claimed in claim 1, wherein the identity information id isuIncluding the name and identification number.
4. The decentralized multi-party secure computing and multi-signature based electronic notary document bookmarking method according to claim 1, characterized in that said service end node BS is one or more.
5. The decentralized multi-party secure computing and multi-signature based electronic notarization document deployment method as claimed in claim 1, characterized in that said notarization service end node IDS is configured at a trusted third party notarization authority.
6. An electronic notary document signing system based on decentralized multi-party secure computation and multiple signatures, characterized in that: the system comprises;
a system initialization module: configuring the system security parameter level l, generating the common parameter Setup (1) of the systeml)→(e,p,G1,G2,Gt,g1,g2,H0,H1,H2) (ii) a Wherein: (e, p, G)1,G2,Gt) Is a bilinear group of prime order p, g1,g2Are each G1,G2Is generated from0,H1,H2Are all hash functions, where H0:{0,1}*→G1,H1:{0,1}*→Zp,H2:{0,1}*→Zp
A key generation module:
the public certificate service end node IDS calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny);
The service end node BS calls a public and private key generation algorithm to generate a public and private key pair (sk) of the BSbs,pkbs);
The client receives the pin code input by the user, and calls the public and private key generation algorithm to generate the public and private key pair (sk) of the useru,pku);
The notarization service end node IDS calls a public key aggregation algorithm to generate a complete public key apk after all the nodes are aggregated;
a user identity authentication module:
the client receives the identity information id input by the user UuAnd collecting facial recognition feature f of user U by using client camerau
Client-side computation user for calling hash functionHash value M ofidu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
user identity information id is transmitted by notarization service end node IDSuAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; if the comparison is passed, according to the user identity information iduCalculating hash value M of user by calling hash functioniduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiduFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
a signature module: user iduThe notarization service end node IDS and the service end node BS respectively sign the electronic file M;
user client calculates hash value H of electronic file M0(M) based on the user private key skuAnd electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuThe M is sent to a service end node;
the business server calculates the Hash value H of the electronic file M0(M) and according to user public keys pku and H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the service server side private key sk is used for verifying the signaturebsAnd electronic file hash value H0(M) calling a signature algorithm to calculate a service node signature value sigmabs(ii) a Will sigmau、σbsSending the M to a notarization server;
the notarization server calculates the Hash value H of the electronic file M0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server sideAccording to the public key pk of the service endbsAnd electronic file hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to a notarization server side private key sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny(ii) a The notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
a verification module: bilinear mapping function value e (sigma, g) of elliptic curve calculated by notarization server side2) And e (H)0(M, apk), comparison
Figure FDA0003184715410000051
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
7. A service end based on decentralized multi-party secure computing and multiple signature systems is characterized in that:
the service server configures system parameters;
the service end node BS responds to the key generation task and calls a public-private key generation algorithm to generate a public-private key pair (sk) of the BSbs,pkbs) And sent to the notarization service end node IDS;
the service server end node BS responds to the signature task, and the service server end receives the electronic file M and the user signature value sigma sent by the user clientu(ii) a Calculating the Hash value H of the electronic file M0(M) and according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the service server side private key sk is used for verifying the signaturebsAnd electronic file hash value H0(M) callingSignature algorithm calculation service node signature value sigmabs(ii) a Will sigmau、σbsAnd M is sent to the notarization server side.
8. A user client based on decentralized multi-party secure computing and multiple signature systems, comprising:
the user client configures system parameters;
the client responds to the key generation task, receives a pin code input by a user, and calls a public and private key generation algorithm to generate a public and private key pair (sk) of the useru,pku) And sent to the notarization service end node IDS;
the client responds to the user identity authentication task and receives identity information id input by a user UuAnd collecting facial recognition feature f of user U by using client camerau(ii) a Calculating hash value M of user by calling hash functionidu(ii) a Method for acquiring signature value sigma of user by signature algorithmidu(ii) a User identity information iduThe signature value sigmaiduAnd face recognition feature fuSending the information to a notarization service end node;
the client end responds to the signature task, and the user client end calculates the hash value H of the electronic file M0(M) based on the user private key skuAnd electronic file hash value H0(M) signing the electronic document to produce a user signature value σuWill σuAnd M is sent to the service end node.
9. A notarization server based on decentralized multi-party secure computing and multiple signature system is characterized in that:
the notarization server side is configured with system parameters;
the public certificate service end node IDS responds to the key generation task and calls a public and private key generation algorithm to generate an IDS public and private key pair (sk)ny,pkny) (ii) a Receiving a public-private key pair (sk) of a service end node BSbs,pkbs) And public and private key pair (sk) of useru,pku) Calling a public key aggregation algorithm to generate a complete public key a after all nodes are aggregatedpk;
The ID of the user sent by the client is received by the ID of the notarization service end node responding to the task of user identity authenticationuThe signature value sigmaiduAnd face recognition feature fu(ii) a User identity information iduAnd face recognition feature fuComparing the information with a public security citizen identity information database, failing to pass the comparison, failing to authenticate the identity, and terminating the task; if the comparison is passed, according to the user identity information iduCalculating hash value M of user by calling hash functioniduAccording to the user public key pk by adopting signature verification algorithmuAnd a hash value MiauFor signature value sigmaiduChecking the signature, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the identity authentication is completed;
the notarization service end node IDS responds to the signature task, and receives the user signature value sigma sent by the service end node BSuService node signature value sigmabsAnd the electronic file M is used for calculating the hash value H of the electronic file M by the notarization server0(M) according to the user public key pkuAnd H0(M) calling a signature verification algorithm to sign the user with the value sigmauVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to the public key pk of the service sidebsAnd electronic file hash value H0(M) calling a signature verification algorithm to sign the service node with the value sigmabsVerifying, and if the signature fails to be verified, terminating the task; if the signature is successfully verified, the notarization server side verifies the signature according to a notarization server side private key sknyAnd electronic file hash value H0(M) invoking a signature algorithm to generate a notary node signature value σny(ii) a The notarization service terminal according to the user signature value sigmauNotarization node signature value sigmanyAnd a service node signature value sigmabsCalling a signature synthesis algorithm to generate a complete aggregate signature value sigma of all nodes;
the notarization service end node IDS responds to the verification task, and the notarization service end calculates bilinear mapping function value e (sigma, g) of the elliptic curve2) And e (H)0(M, apk), comparison
Figure FDA0003184715410000071
If the equality is not established, the signature is failed, and if the equality is established, the signature is effectively signed by the user U through multi-node cooperation.
CN202110857911.6A 2021-07-28 2021-07-28 Electronic notarization document signing method and system based on decentralization multiparty security calculation and multiple signatures Active CN113609499B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110857911.6A CN113609499B (en) 2021-07-28 2021-07-28 Electronic notarization document signing method and system based on decentralization multiparty security calculation and multiple signatures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110857911.6A CN113609499B (en) 2021-07-28 2021-07-28 Electronic notarization document signing method and system based on decentralization multiparty security calculation and multiple signatures

Publications (2)

Publication Number Publication Date
CN113609499A true CN113609499A (en) 2021-11-05
CN113609499B CN113609499B (en) 2024-03-01

Family

ID=78305805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110857911.6A Active CN113609499B (en) 2021-07-28 2021-07-28 Electronic notarization document signing method and system based on decentralization multiparty security calculation and multiple signatures

Country Status (1)

Country Link
CN (1) CN113609499B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785518A (en) * 2022-04-11 2022-07-22 江苏慧世联网络科技有限公司 Decentralized electronic notarization signature method, system and node
CN117692152A (en) * 2024-02-04 2024-03-12 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN110097362A (en) * 2019-04-11 2019-08-06 南京信息工程大学 The method of block chain size is compressed based on the orderly aggregate signature of Designated-Verifier
CN110098932A (en) * 2019-05-16 2019-08-06 江苏慧世联网络科技有限公司 A kind of electronic document signature method based on safe electronic notarization technology
CN110912711A (en) * 2019-12-11 2020-03-24 江苏慧世联网络科技有限公司 Cross-internal and external network domain electronic document signing method based on electronic notarization technology
CN111245625A (en) * 2020-01-20 2020-06-05 陕西师范大学 Digital signature method without certificate aggregation
CN111817857A (en) * 2020-07-03 2020-10-23 江苏慧世联网络科技有限公司 Electronic document signing method based on electronic notarization and SM2 collaborative signature and server adopted by same
CN111898968A (en) * 2020-06-22 2020-11-06 国家电网有限公司 Intranet electronic document signing method and system based on electronic notarization system
CN112446052A (en) * 2021-01-29 2021-03-05 东方微电科技(武汉)有限公司 Aggregated signature method and system suitable for secret-related information system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN110097362A (en) * 2019-04-11 2019-08-06 南京信息工程大学 The method of block chain size is compressed based on the orderly aggregate signature of Designated-Verifier
CN110098932A (en) * 2019-05-16 2019-08-06 江苏慧世联网络科技有限公司 A kind of electronic document signature method based on safe electronic notarization technology
CN110912711A (en) * 2019-12-11 2020-03-24 江苏慧世联网络科技有限公司 Cross-internal and external network domain electronic document signing method based on electronic notarization technology
CN111245625A (en) * 2020-01-20 2020-06-05 陕西师范大学 Digital signature method without certificate aggregation
CN111898968A (en) * 2020-06-22 2020-11-06 国家电网有限公司 Intranet electronic document signing method and system based on electronic notarization system
CN111817857A (en) * 2020-07-03 2020-10-23 江苏慧世联网络科技有限公司 Electronic document signing method based on electronic notarization and SM2 collaborative signature and server adopted by same
CN112446052A (en) * 2021-01-29 2021-03-05 东方微电科技(武汉)有限公司 Aggregated signature method and system suitable for secret-related information system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785518A (en) * 2022-04-11 2022-07-22 江苏慧世联网络科技有限公司 Decentralized electronic notarization signature method, system and node
CN117692152A (en) * 2024-02-04 2024-03-12 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method

Also Published As

Publication number Publication date
CN113609499B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
KR0146437B1 (en) Identification scheme, digital signature giving message recovery scheme, digital signature with appendix schemie, key exchange scheme,..
CN111682938B (en) Three-party authenticatable key agreement method facing centralized mobile positioning system
CN111342973B (en) Safe bidirectional heterogeneous digital signature method between PKI and IBC
JP5907830B2 (en) Signature generation verification system and signature verification apparatus
CN111480315A (en) Computer-implemented system and method for authorizing blockchain transactions using low-entropy ciphers
CN109583893B (en) Traceable block chain-based digital currency transaction system
CN112583596B (en) Complete cross-domain identity authentication method based on block chain technology
CN113609499B (en) Electronic notarization document signing method and system based on decentralization multiparty security calculation and multiple signatures
EP3659060B1 (en) Consensus protocol for permissioned ledgers
CN112000744A (en) Signature method and related equipment
CN113360943A (en) Block chain private data protection method and device
CN115001721B (en) Safety certification method and system for smart power grid based on block chain
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
KR0146438B1 (en) The method for identification scheme, digital signature giving message recovery and digital signature with appendix
KR20120091618A (en) Digital signing system and method using chained hash
JP3905907B2 (en) Electronic value exchange system and electronic value exchange method
CN111741008A (en) Two-way anonymous authentication system and method based on mimicry defense principle
CN112989436B (en) Multi-signature method based on block chain platform
CN111654366A (en) Secure bidirectional heterogeneous strong-designation verifier signature method between PKI and IBC
CN111130758A (en) Lightweight anonymous authentication method suitable for resource-constrained equipment
CN114499883A (en) Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN112184245B (en) Transaction identity confirmation method and device for cross-region block chain
CN109257381A (en) A kind of key management method, system and electronic equipment
CN111353780B (en) Authorization verification method, device and storage medium
CN112434281A (en) Multi-factor identity authentication method oriented to alliance chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant