CN114389821B - Signature supervision method, device, equipment and storage medium based on block chain - Google Patents
Signature supervision method, device, equipment and storage medium based on block chain Download PDFInfo
- Publication number
- CN114389821B CN114389821B CN202210280203.5A CN202210280203A CN114389821B CN 114389821 B CN114389821 B CN 114389821B CN 202210280203 A CN202210280203 A CN 202210280203A CN 114389821 B CN114389821 B CN 114389821B
- Authority
- CN
- China
- Prior art keywords
- signer
- ring
- identity
- members
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000003860 storage Methods 0.000 title claims abstract description 17
- 230000002776 aggregation Effects 0.000 claims abstract description 98
- 238000004220 aggregation Methods 0.000 claims abstract description 98
- 125000004122 cyclic group Chemical group 0.000 claims description 48
- 238000012545 processing Methods 0.000 claims description 31
- 238000012544 monitoring process Methods 0.000 claims description 19
- JLQUFIHWVLZVTJ-UHFFFAOYSA-N carbosulfan Chemical compound CCCCN(CCCC)SN(C)C(=O)OC1=CC=CC2=C1OC(C)(C)C2 JLQUFIHWVLZVTJ-UHFFFAOYSA-N 0.000 claims description 18
- 230000004931 aggregating effect Effects 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 13
- 238000013507 mapping Methods 0.000 description 12
- 238000012795 verification Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000004422 calculation algorithm Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000006116 polymerization reaction Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Collating Specific Patterns (AREA)
Abstract
The disclosure provides a signature supervision method, a signature supervision device, signature supervision equipment and a storage medium based on a block chain, relates to the field of computers, particularly relates to a block chain technology, and can be applied to digital collections. The specific implementation scheme is as follows: acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list; extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result; according to the real identity mark of the signer, determining the real identity information of the signer and the ring serial number of the signer in the ring member list; and carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer. The signature result in the embodiment of the disclosure has the supervision.
Description
Technical Field
The present disclosure relates to the field of computers, and in particular, to a blockchain technique applicable to digital collections, and more particularly, to a method, an apparatus, a device, and a storage medium for signature supervision based on blockchains.
Background
The digital signature is a section of digital string which can be generated only by a sender of information and cannot be forged by others, and the digital signature can provide effective proof for the authenticity of information transmission. In a blockchain network, different transaction parties can verify the authenticity of transaction information through digital signatures.
With the continuous development of the technology of the blockchain network and the continuous expansion of the application field, the blockchain network puts new requirements on signature processing.
Disclosure of Invention
The present disclosure provides a method, apparatus, device and storage medium for block chain based signature policing.
According to an aspect of the present disclosure, there is provided a signature supervision method based on a block chain, including:
acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
according to the real identity mark of the signer, determining the real identity information of the signer and the ring serial number of the signer in the ring member list;
and carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer.
According to another aspect of the present disclosure, there is provided a signature verification apparatus based on a blockchain, including:
the supervision request module is used for acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
the extraction module is used for extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
the real identity module is used for determining the real identity information of the signer and the ring serial number of the signer in the ring member list according to the real identity mark of the signer;
and the accuracy supervision module is used for carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer.
According to still another aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a block chain based signature policing method provided by any embodiment of the disclosure.
According to yet another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform a signature supervision method based on a blockchain provided by any embodiment of the present disclosure.
According to yet another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements a block chain based signature policing method provided by any of the embodiments of the present disclosure.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1a is a schematic diagram of a block chain-based signature supervision method according to an embodiment of the present disclosure;
FIG. 1b is a schematic diagram of a blockchain-based signature processing system provided in accordance with an embodiment of the present disclosure;
fig. 2 is a schematic diagram of another block chain-based signature supervision method provided in accordance with an embodiment of the present disclosure;
fig. 3 is a schematic diagram of another block chain-based signature monitoring method provided in accordance with an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a block chain-based signature monitoring apparatus provided in accordance with an embodiment of the present disclosure;
fig. 5 is a block diagram of an electronic device for implementing a block chain based signature policing method according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The embodiment of the disclosure provides a new signature supervision algorithm for a new ring signature algorithm, which is used for supervising a signer of the new ring signature algorithm, wherein the new ring signature algorithm and the new signature supervision algorithm are determined based on a new mathematical system constructed by elliptic curve bilinear mapping. Three cyclic groups are involved in the disclosed embodiments: the first cyclic group, the second cyclic group and the third cyclic group satisfy elliptic curve bilinear mapping, namely, points of the first cyclic group and points of the second cyclic group can be mapped to the third cyclic group through elliptic curve bilinear processing. The first cyclic group and the second cyclic group are both addition cyclic groups of N-th order, and the third cyclic group is a multiplication cyclic group of N-th order. Each point of the cyclic group is a power of a generator of the cyclic group, which may also be referred to as a base point.
The signature result has homomorphic hiding characteristics of elliptic curve bilinear mapping, anonymity requirements of a ring signature technology can be met, a signer can be anonymous in a ring identity list, the signature result cannot be disclosed and issued by which ring member, and the signature result is suitable for different signature scenes and has universality. Moreover, the signature result can also have other characteristics, can meet new requirements on the signature technology, for example, can also have supervision, and support a supervisor to inquire the real identity information of a signer to which illegal contents belong under the condition that the illegal contents appear on the block chain network; there may also be associability, enabling identification of whether different signatures are issued by the same signer. The signature verification algorithm provided by the embodiment of the disclosure is used for verifying the signature of the signature result, and the reliability of the signature verification can be improved.
The scheme provided by the embodiment of the disclosure is described in detail below with reference to the accompanying drawings.
Fig. 1a is a schematic diagram of a signature monitoring method based on a block chain according to an embodiment of the present disclosure, which is applicable to a situation of performing accuracy monitoring on real identity information of a signer to which a signature result belongs. The method can be executed by a signature verification device based on a block chain, which can be implemented in a hardware and/or software manner and can be configured in an electronic device of a supervisor, that is, the signature supervision method based on a block chain provided by the embodiment can be executed by a centralized key management service held by the supervisor. Referring to fig. 1a, the method specifically includes the following:
s110, acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
s120, extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
s130, determining the real identity information of the signer and the ring serial number of the signer in the ring member list according to the real identity mark of the signer;
s140, according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer, carrying out accuracy supervision on the real identity information of the signer.
Fig. 1b is a schematic diagram of a block chain based signature processing system provided according to an embodiment of the present disclosure, and referring to fig. 1b, the signature processing system includes a centralized key management service and a block chain network, the block chain network includes at least two parties, and different parties can be selected to form a ring in a ring signature process to obtain a ring member list, and the ring member list includes a signer and other members except the signer. The centralized key management service may belong to a supervisor of the blockchain network. The centralized key management service is provided with a main private key, a first main public key, a second main public key and a third main public key, wherein the main private key can be a large integer smaller than the order number N and is not publicized by a supervisor. The first master public key, the second master public key and the third master public key can be public and used for a signer to generate a signature result, verify a signature of the signature result or a supervisor to disclose the real identity information of the signer and the like.
In the embodiment of the present disclosure, the first master public key and the second master public key are both points of the first cyclic group; and the third master public key is determined from the master private key and a second generator of the second cyclic group. That is, the first and second master public keys may be points of the first cyclic group, and the third master public key may be points of the second cyclic group.
Specifically, the first master public key, the second master public key, and the third master public key may be respectively determined by the following formulas:
pubMasterG1 = privMaster * g1;
pubMasterSquareG1 = (privMaster^2) * g1;
pubMasterG2 = privMaster * g2;
the privMaster is a main private key, the pubMasterG1, the pubMasterSquare G1 and the pubMasterG2 are a first main public key, a second main public key and a third main public key in sequence, g1 and g2 are a first generating element and a second generating element respectively, a multiplying operator and a square operator are ^ 2.
In the case of non-compliant content in a blockchain network, the supervisor needs to determine the true identity information of the person to which the non-compliant content belongs. In the event that the supervisor needs to determine the true identity information of any one of the signed results, a supervision request including that signed result may be initiated. The signature result is constructed based on a ring signature technology and corresponds to a ring signature list, and the ring member list comprises a plurality of ring members. It should be noted that the concept of ring members in the ring signature list does not distinguish between signers and other members, and hereinafter, ring members include both signers and other members indiscriminately, and the other members are ring members other than signers in the ring member list.
Wherein the signature result can be constructed in advance by the signer based on the ring signature technology. The signature result can comprise signature information, the real identity identification of the signer, the first ring identity identification point and the first ring identity aggregation point of the ring member and the like. The signature information may be information that the signer needs to transmit in the blockchain network, may be service data of the signer, and may be a digital collection of the signer, for example. The digital collection is a unique digital certificate generated by using a block chain technology for specific works and artworks, and realizes real and credible digital distribution, purchase, collection and use on the basis of protecting the digital copyright of the digital certificate.
The true identity of the signer is unique, and the true identity of the signer is associated with the true identity information of the signer. In the disclosed embodiments, the authentic identity of the signer may be issued by a centralized key management service during the signer registration process. The real identity of the signer is used for uniquely characterizing the signer, and the real identity of the signer is associated with the real identity information of the signer.
Specifically, in the process of signer registration, a registration request carrying the real identity information of the signer may be sent to the centralized key management service, and the centralized key management service may determine the real identity of the signer and establish an association relationship between the real identity information of the signer and the real identity of the signer. The true identity information of the signer can comprise the name, identification number and other information of the signer. The signature result carries the real identity of the signer, so that the signature result has relevance, and whether different signature results are issued by the same signer or not can be determined through the real identity of the signer. In addition, the real identity identification of the signer is associated with the real identity information of the signer, so that the supervisor can also determine the real identity information of the signer according to the real identity identification of the signer and can reversely reveal the real identity information of the signer. The supervisor can also determine the ring serial number of the signer according to the real identity information of the signer and the user public key of the signer, so that the supervisor can distinguish the signer from other members in the ring member list.
The first ring identity identification point is used for distinguishing the identities of the ring members in the ring member list, and the first ring identity aggregation point can be used for verifying the signature of the signature result and also can be used for carrying out accuracy supervision on the real identity information of the signer.
In the embodiment of the disclosure, in response to a supervision request for a signature result, the centralized key management service determines the real identity information of the signer and the ring number of the signer in the ring member list according to the real identity of the signer, and can locate the signer by using the ring number of the signer, that is, can identify whether the ring member is the signer or another member. And moreover, the accuracy of the real identity information of the signer is monitored according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer, so that whether the real identity information of the signer is accurate or not can be verified, namely whether the ring number of the signer is accurate or not can be verified, and the monitoring reliability is further improved.
According to the technical scheme provided by the embodiment of the disclosure, the signature result has associability and monitorability according to the real identity of the signer in the signature result. Moreover, the accuracy of the real identity information of the signer can be monitored according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer, and the monitoring reliability can be improved.
Fig. 2 is a schematic diagram of another block chain-based signature supervision method provided in accordance with an embodiment of the present disclosure. The present embodiment is an alternative proposed on the basis of the above-described embodiments. Referring to fig. 2, a signature monitoring method based on a block chain according to this embodiment includes:
s210, acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
s220, extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
s230, matching the real identity identification of the signer with the registration information of the participants in the block chain network to obtain the real identity information of the signer and the user public key of the signer;
s240, determining a ring serial number of the signer in a ring member list according to the user public key of the signer;
s250, according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer, carrying out accuracy supervision on the real identity information of the signer.
In the embodiment of the disclosure, a participant in the blockchain network may join the blockchain network by registering with a centralized key management service, and the centralized key management service allocates user account information such as a user public key, a user private key, a real identity identifier, and the like to the participant, where the centralized key management service belongs to a monitoring party. The user public key may be a random point on the first cyclic group and may be unique. Specifically, the centralized key management service may randomly select a point from the first cyclic group as the user public key of the participant, collide with the user public key of the registered participant in the blockchain network, and determine whether the generated user public key is unique according to a collision result; if not, the user public key is re-allocated to the participant. The user private key of the participant may be determined from the master private key and the user public key of the participant. The true identity of the participant can be determined from the master private key, the third master public key, and the user public key of the participant. And, the centralized key management service may establish an association between the user account information of the participant and the real identity information of the participant.
During the supervision process, the centralized key management service may match the true identity of the signer with the registration information of the participants in the blockchain. Specifically, the real identity of the signer can be matched with the association relationship between the real identity of the participant and the real identity information of the participant, so as to obtain the real identity information of the signer. Moreover, the user public key of the signer can also be determined by using the real identity information of the signer, for example, if an association relationship between the user public key of any one of the participants and the real identity information of the signer is constructed in advance, the user public key of the participant is the user public key of the signer. And, according to the user public key of the signer, the ring number of the signer in the ring member list can also be determined by adopting the user public key set of the ring member list. Wherein, the user public key set of the ring member list can also be carried in the signature result. The real identity information of the signer can be inquired through the real identity mark of the signer, and the ring number of the signer can be positioned, so that whether the ring number of the signer is accurate or not can be verified subsequently, and the accuracy monitoring result of the real identity information of the signer can be obtained. Compared with the method for verifying each ring member, the method can improve the verification efficiency, thereby improving the accuracy supervision efficiency of the signature result.
In an alternative embodiment, the true identity of the signer is identified as an associable identity of the signer; the associable identity of the signer is determined according to the associable value of the signer and a second generator of a second cyclic group; the associable numerical value of the signer is determined according to the main private key and the user public key of the signer; or the true identity of the signer is a second associable identity of the signer; the second associable identification of the signer is determined according to the associable numerical value of the signer and the third master public key; the associable value of the signer is determined according to the master private key and the user public key of the signer.
In an embodiment of the present disclosure, the associable identity of the signer, the second associable identity of the signer may be determined by:
linkKey(k) = L(k) * g2;
linkKeyMasterG2(k) = L(k) * pubMasterG2;
and, the associable value and the first associable identity of the signer may also be determined by the following formula:
L(k) = HashtoInt( privMaster || Marshal(idG1(k)) );
linkKeyMasterG1(k)= L(k) * pubMasterG1;
wherein k is a ring number of the signer, l (k), linkkey master g1(k) and linkkey master g2(k) are respectively an associable numerical value, an associable identity, a first associable identifier and a second associable identifier of the signer, privMaster g1 and pubmaster g2 are sequentially a main private key, a first main public key and a third main public key, g2 is a second generator, Marshal () is a point-to-point string process, | | | is a splice, and hashtont () is a string-to-integer numerical process. Wherein the first associable identification can be used to determine the first ring identity aggregation point, for ease of understanding.
The associable identity of the signer and the second associable identity are both points of the second cyclic group. By adopting the points of the second cyclic group as the real identity marks of the signers and distinguishing the points from the user public key, the user private key, the first ring identity mark points and the like belonging to the first cyclic group, the accuracy supervision of the real identity information of the signers is facilitated by utilizing the homomorphic hiding characteristic between the first cyclic group and the second cyclic group.
In an alternative embodiment, the first ring identity identification point of the ring member is generated from the ring random number of the ring member and the first generator of the first cyclic group; the first ring identity aggregation point is generated according to a first main public key, signature information, a ring random number of a signer, ring random numbers of other members, user public keys of the other members and first ring identity identification points of the other members; wherein the other members are ring members in the ring member list except for the signer.
In an embodiment of the present disclosure, the first ring identity identification point is used to distinguish the identities of the ring members in the ring member list. The first ring identity identification point of the ring member may be generated from the ring random number of the ring member and the first generator, that is, the first ring identity identification point of the ring member is also a point of the first cyclic group. Specifically, in the previous ring signature process, the product between the ring random number of the ring member and the first generator may be used as the first ring identity identification point of the ring member.
And, the first ring identity aggregation point may be determined according to the first master public key, the signature information, the ring random number of the signer, the ring random numbers of other members, the user public keys of other members, and the first ring identity identification points of other members. The first ring identity mark point and the first ring identity aggregation point are points of a first cycle group. The first ring identity aggregation point is irrelevant to the user private key of the signer, so that the first ring identity aggregation point can be used for verifying the signature content of the signer. Moreover, the first ring identity aggregation point contains the user private key information of the signer, and the user private key of the signer can be reversely solved through the main private key, so that the first ring identity aggregation point can also be used for revealing the real identity information of the signer.
According to the technical scheme provided by the embodiment of the disclosure, the real identity information of the signer can be inquired through the real identity mark of the signer, the ring number of the signer can be positioned, and the accuracy supervision efficiency of the signature result can be improved.
In an alternative embodiment, obtaining the first ring identity polymerization point comprises: determining second ring identification points of other members according to the first main public key and ring random numbers of the other members in the ring member list; determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer, the signature information, the first ring identity identification points of other members and the user public keys of other members in the ring member list; and aggregating the second ring identification points of the other members and the second ring identification points of the signers to obtain a first ring identification aggregation point.
The second ring identification point is also used for distinguishing the identities of the ring members in the ring member list, and has uniqueness. The first associable identity of the signer belongs to the user account information of the signer, which is predetermined during the registration process of the signer.
In an alternative embodiment, the obtaining of the second ring identification point of the signer comprises: determining the ring identity values of other members according to the signature information and the first ring identity identification points of other members; processing the user public keys of other members according to the ring identity scores of the other members to obtain auxiliary public keys of the other members, and aggregating the auxiliary public keys of the other members to obtain aggregated auxiliary public keys of the other members; and determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer and the aggregation auxiliary public key of the other members.
In the disclosed embodiment, the first ring identity aggregation point may be obtained by the following formula:
v(i)= HashtoInt( M || Marshal(u(i)) );
u'(i) =r(i) * pubMasterG1;
u'(k) = r(k) * linkKeyMasterG1 - sumExceptIndexK( v(i) * idG1(i) );
mk1 = sumExceptIndexK (u '(i)) + u' (k); the formula is developed to obtain:
mk1=sumExceptIndexK(r(i) * pubMasterG1) + r(k) * linkKeyMasterG1 - sumExceptIndexK(v(i) * idG1(i));
v (i) is a ring identity value of other members, u '(i) and u' (k) are second ring identity identification points of other members and a signer respectively, mk1 is a first ring identity aggregation point, M is signature information, u (i) is a first ring identity identification point of other members, | | | is a splice symbol, Marshal () is point-to-string processing, hashtolint () is string-to-integer numerical processing, and pubMasterG1 is a first master public key; r (i) and r (k) are ring random numbers of other members and signers respectively, linkKeyMasterG1 is the first associable identity of the signer, sumexceptedindexk () is the aggregation process for other members, idG1(i) is the user public key of other members, v (i) is the ring identity value of other members. The other members and the signer determine the second ring identity identification points by adopting different logics, and aggregate the second ring identity identification points of the other members and the signer to obtain a first ring identity aggregation point, so that the first ring identity aggregation point can be adopted to accurately supervise the real identity information of the signer, and the real identity information of the signer can be revealed.
Fig. 3 is a schematic diagram of another block chain-based signature monitoring method provided in accordance with an embodiment of the present disclosure. The present embodiment is an alternative proposed on the basis of the above-described embodiments. Referring to fig. 3, a signature monitoring method based on a block chain according to this embodiment includes:
s310, acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
s320, extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
s330, determining the real identity information of the signer and the ring serial number of the signer in the ring member list according to the real identity mark of the signer;
s340, extracting the first identity identification point of the signer and the first identity identification points of other members from the first identity identification points of the ring members according to the ring serial number of the signer;
s350, determining a second ring identity aggregation point according to the signature information, the first identity identification point of the signer and the first identity identification points of other members;
s360, according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of other members, the user public key of the signer and the associable identity of the signer, carrying out accuracy supervision on the real identity information of the signer.
Specifically, the ring number of the signer and the ring numbers of the other members may be denoted by k and i, respectively. From the ring number of the signer, the first identity u (k) of the signer and the first identity u (i) of the other members may be extracted.
In the embodiment of the present disclosure, a second ring identity aggregation point may be determined according to the signature information, the first ring identity identification point of the signer, and the first ring identity identification points of other members, where the second ring identity aggregation point is used to cooperate with the first ring identity aggregation point to perform accuracy supervision. It should be noted that the first ring identity aggregation point and the second ring identity aggregation point are both points of the first cyclic group, but the determination logics of the first ring identity aggregation point and the second ring identity aggregation point are different. The first ring identity aggregation point is determined by the issuer, and the signer and other members can be distinguished in the determination process, namely different processing can be carried out on the data of the signer and the data of other members. However, the second ring identity aggregation point is determined by the supervisor, and the signer and other members cannot be distinguished before the supervisor determines the true identity information of the signer, so the signer and other members are treated the same in the determination process.
Specifically, whether the ring number of the signer is accurate or not can be determined according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of other members, the user public key of the signer and the associable identity of the signer. For example, a mathematical puzzle can be constructed, the true identity information of the signer can be accurately supervised by a mathematical means, that is, powerful evidence can be provided for the supervision result by the mathematical means, and the reliability of the supervision result can be further improved.
In an optional embodiment, the accuracy supervision of the true identity information of the signer comprises: determining a first auxiliary item according to the third main public key and the first identity identification point of other members; determining a second auxiliary item according to the master private key, the associable identity of the signer and a second identity identification point of the signer; determining a third auxiliary item according to a second generator of the second cyclic group, the first ring identity aggregation point and the second ring identity aggregation point; determining a fourth auxiliary item according to the second generator, the signature information in the signature result, the first ring identity identification point of the signer and the user public key of the signer; and according to the first auxiliary item, the second auxiliary item, the third auxiliary item and the fourth auxiliary item, carrying out accuracy supervision on the true identity information of the signer.
In this embodiment, the third master public key is a point of the second cyclic group, and the first identity point of the other member is a point of the first cyclic group, so that the first auxiliary item may be constructed by using a bilinear mapping relationship among the first cyclic group, the second cyclic group, and the third cyclic group. Similarly, the second auxiliary item, the third auxiliary item and the fourth auxiliary item also respectively comprise the point of the first cyclic group and the point of the second cyclic group, and also conform to the bilinear mapping relationship. The true identity information of the signer is accurately supervised through the bilinear mapping relation based on the elliptic curve, so that the supervision result has a mathematical theory as a basis, and the reliability of the supervision result can be improved.
In an alternative embodiment, the accuracy supervision of the true identity information of the signer comprises: determining whether the following equation holds:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2)) = e(g2, - v(k) * idG1(k));
wherein, v (k) = hashtoxint (M | | Marshal u (k));
wherein e () is an elliptic curve bilinear mapper, M is signature information, privMaster, pubmaster g2, g2, mk1 and mk2 are sequentially a main private key, a third main public key, a second generator, a first ring identity aggregation point and a second ring identity aggregation point, idG1(k) and u (k) are first identity identification points of the signer, u (i) is first identity identification points of other members, | | | is a splicer, Marshal () is point-to-character string processing, hashtonint () is character string-to-integer processing, sumexcpteexk (u) (i)) is aggregated for the first identity identification points of other members;
and determining that the supervision result of the real identity information is accurate under the condition that the equation is established.
In the embodiment of the present disclosure, the above equation may be used as a mathematical puzzle for performing accuracy supervision on the true identity information of the signer. And a strong mathematical theoretical basis is provided for the accuracy supervision, and the reliability of the supervision result can be improved.
In the case that the true identity information is accurate, the following mathematical derivation can be made to the left of the above equation:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2))
= e(privMaster * g2, sumExceptIndexK(u(i)) ) * e(privMaster * L(k) * g2, u(k)) *e(g2, - mk1 - mk2)
= e(g2, privMaster * sumExceptIndexK(u(i)) ) * e(g2, privMaster * L(k) * u(k)) * e(g2, - mk1 - mk2)
= e(g2, privMaster * sumExceptIndexK(u(i)) + privMaster * L(k) * u(k) - mk1 - mk2)
= e(g2, privMaster * sumExceptIndexK(u(i)) + privMaster * L(k) * u(k) - sumAll( u'(i) ) - sumAll( v(i) * idG1(i)))
= e(g2, privMaster * sumExceptIndexK(u(i) ) + privMaster * L(k) * r(k) * g1 - (sumExceptIndexK( u(i) * privMaster ) + r(k) * L(k) * privMaster * g1) - sumExceptIndexK( v(i) * idG1(i)) - sumAll( v(i) * idG1(i)) )
= e(g2, sumExceptIndexK( v(i) * idG1(i)) - sumAll( v(i) * idG1(i)) )
= e(g2, - v(k) * idG1(k));
since the equation holds true in the case where the supervision result is that the true identity information of the signer is accurate (pubmaster g2, sumexceptlndexk (u (i))) e (privMaster) linkkey (k), u (k)) = e (g2, - (mk1 + mk2)) = e (g2, -v (k)) = idG1(k)), the equation does not hold in the case where the true identity information of the signer is inaccurate. The accuracy supervision result of the real identity information can be obtained by judging whether the equation is established or not, and if the real identity information of the signer is objected, the accuracy supervision result can be used as a supervision basis through a mathematical means, and the reliability of the real identity information of the signer is improved due to the specific provability characteristic.
The technical scheme provided by the embodiment of the disclosure provides a supervision mode for the real identity information of the signer based on bilinear mapping of the elliptic curve, and can improve the reliability of the real identity information of the signer, namely the reliability of signature supervision.
In an alternative embodiment, the authentication credentials for the ring member list are extracted from the signature result; the authentication certificate of the ring member list is obtained by signing the user public key of the ring member by adopting a main private key; determining whether the authentication certificate is legal or not according to a third main public key, a user public key of a ring member and the second generator; and stopping monitoring the signature result under the condition that the authentication certificate is illegal, and determining that the monitoring result of the real identity information is abnormal.
In the disclosed embodiment, it may be determined whether or not e (g2, C) is true by the following equation e (pubMasterG2, HashtoG1(idG1(i) list)) = e (g2, C);
wherein e () is a bilinear mapper, pubMasterG2 is a third master public key, g2 is a second generator of the second cyclic group, C is an authentication credential, idG1(i) is a list of user public keys of ring members, and HashtoG1() is a mapping of user public keys to the first cyclic group.
Specifically, under the condition that the equation is established, the authentication certificate is determined to be legal, and the true identity information of the signer is allowed to be continuously monitored for accuracy; and under the condition that the equation is not satisfied, determining that the authentication certificate is illegal, and refusing to further process the true identity information of the signer. Before the accuracy supervision, the illegal authentication voucher is filtered by verifying whether the authentication voucher in the signature result is legal or not, so that the calculation force can be saved. Therefore, the authentication certificate can be used as a gateway for monitoring the real identity information, and the stability of the block chain network is improved.
The embodiment of the disclosure specifically provides a signature processing example based on elliptic curve bilinear mapping. In the embodiment of the present disclosure, the centralized key management service holds a master private key, and may respectively determine the first master public key, the second master public key, and the third master public key by the following formulas:
pubMasterG1 = privMaster * g1;
pubMasterSquareG1 = (privMaster^2) * g1;
pubMasterG2 = privMaster * g2;
the privMaster is a main private key, the pubMasterG1, the pubMasterSquare G1 and the pubMasterG2 are a first main public key, a second main public key and a third main public key in sequence, g1 and g2 are a first generating element and a second generating element respectively, a multiplication operator and a square operator 2.
In the process of applying for joining the blockchain network, the participant can send a registration request to the centralized key management service, and the registration request can carry the real identity information of the participant. The centralized key management service, in response to a registration request by a participant, may determine the following user account information for the participant, respectively:
idG1(x) = Rx * g1;
privKey(x) = privMaster * idG1(x);
L(x) = HashtoInt( privMaster || Marshal(idG1(x)) );
linkKey(x) = L(x) * g2;
linkKeyMasterG1(x) = L(x) * pubMasterG1;
linkKeyMasterG2(x) = L(x) * pubMasterG2;
idG1(x), privkey (x), l (x), linkkey master g1(x) and linkkey master g2(x) are the user public key, the user private key, the associable numerical value, the associable identity, the first associable identity and the second associable identity of the xth party in the block chain network in sequence; rx is a random number, g1 and g2 are a first generator and a second generator respectively; privMaster, pubmaster g1, and pubmaster g2 are the master private key, the first master public key, and the third master public key, respectively; and | | l is a splicer, Marshal () is the point-to-string processing, and HashtoInt is the string-to-integer numerical processing. It should be noted that the centralized key management service may also establish an association relationship between the real identity information of the participant and the user account information of the participant.
In the case that the participant needs to sign, the participant as a signer can construct a ring to obtain a ring member list, where the ring member list includes the signer and other members, and for convenience of distinction, ring numbers of the signer and other members in the ring member list can be respectively represented by i and k. The following features can be generated separately for the signer and other members during the signing process:
u(i) = r(i) * g1;
v(i)= HashtoInt( M || Marshal(u(i)) );
u(k) = r(k) * g1;
v(k)= HashtoInt( M || Marshal(u(k)) );
u '(i) = r (i) × pubMasterG1, corresponding in practice to u' (i) = r (i) × privMaster × g1;
u'(k) = r(k) * linkKeyMasterG1 - sumExceptIndexK( v(i) * idG1(i) );
wherein u (i), v (i) and u' (i) are the first ring identity identification point, the ring identity value and the second ring identity identification point of other members respectively; u (k), v (k) and u' (k) are respectively a first ring identity identification point, a ring identity value and a second ring identity identification point of the signer; r (i) and r (k) are the ring random numbers of the other members and signers, respectively; m is signature information, the pubMasterG1 is a first master public key, the privMaster is a master private key, and the linkKeyMasterG1 is a first associable identity of the signer; sumExceptIndexK () is a process for data of other members.
And, the signature contents of the first ring identity aggregation point and the signer can be respectively determined by the following formulas:
mk1 = sumExceptIndexK( u'(i) ) + u'(k);
mk1= sumExceptIndexK(r(i) * pubMasterG1) + r(k) * linkKeyMasterG1 - sumExceptIndexK(v(i) * idG1(i));
wherein mk1 is the first ring moiety polymerization point;
S = v(k) * privKey(k) + (sumExceptIndexK(r(i)) + r(k) * L(k)) * pubMasterSquareG1;
wherein, S is the signature content of the signer, privkey (k), l (k), r (k), v (k) are the user private key, associable numerical value, ring random number and ring identity numerical value of the signer respectively; sumExceptionIndexK (r (i)) is the aggregation of other member ring random numbers, and pubMasterSquareG1 is the second master public key.
And, the signature result may be as follows:
Signature = (Members, M, u(0), u(1), ..., u(k) , ..., u(W-1), mk1, S, linkTag);
wherein, Signature is a Signature result, Members are a user public key set of ring Members, M is Signature information, and W is the number of the ring Members; the linkTag is the real identity of the signer and has uniqueness. Further, the value of linkTag can be set as the associable identity of the signer; the value of the linkTag may also be set as a second associable identity of the signer.
In the process of signature verification of the receiver, the receiver may determine the second ring identity aggregation point by the following formula:
v(j)= HashtoInt( M || Marshal u(j) );
mk2= sumAll( v(j) * idG1(j));
wherein j is the ring number of the ring member, and the values can be i and k; m, u (j) and idG1(j) can be extracted from the signature result, and mk2 is the second ring identity aggregation point; sumAll () is processing data of all ring members, | | is a concatenation character, hashtolt () is a string integer value.
The receiver can determine the signature verification validity of the signature result by verifying whether the following equation is satisfied:
e(g2, S) = e(pubMasterG2, mk1 + mk2);
wherein S is the signature content of the signer, mk1 is the first ring identity aggregation point, and both S and mk1 can be extracted from the signature result; e () is elliptic curve bilinear mapping process, g2 is the second generator, and pubMasterG2 is the third master public key.
Determining that the signature verification result of the signature result is valid under the condition that the receiver determines that the equation is established; in the case where the receiver determines that the above equation is not satisfied, it determines that the signature result of the signature result is invalid.
In the disclosed embodiments, the supervisory party may generate a supervisory request for the signed result and send the supervisory request to the centralized key management service. The centralized key management service can extract the real identity identification of the signer from the signature result, and determine the real identity information of the signer according to the pre-established incidence relation between the real identity information of the participant and the user account information of the participant. The ring number k of the signer can be determined from the user public key set of the ring members in the signature result according to the user public key of the signer, and the user public key idG1(k) of the signer is obtained, and the user private key privkey (k), the associable value l (k) and the associable identity linkkey (k) of the signer can be determined by the following formulas:
privKey(k) = privMaster * idG1(k);
L(k) = HashtoInt( privMaster || idG1(k) );
linkKey(k) = L(k) * g2。
in the accuracy supervision process, the second ring identity aggregation point may be determined by the following formula:
v(j)= HashtoInt( M || Marshal u(j) );
mk2= sumAll( v(j) * idG1(j));
wherein j is the ring number of the ring member, and the values can be i and k; m, u (j) and idG1(j) can be extracted from the signature result, and mk2 is the second ring identity aggregation point; sumAll () is processing data of all ring members, | | is a concatenation character, hashtolt () is a string integer value.
And, by determining whether the following equation is true or not, the supervision result of the true identity information of the signer is obtained:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2)) = e(g2, - v(k) * idG1(k))
under the condition that the equation is established, the true identity information of the signer is determined to be accurate; in the case where the above equation does not hold, the true identity information of the signer is determined to be inaccurate.
The technical scheme of the embodiment of the disclosure specifically provides a new ring signature technology based on a mathematical system constructed by elliptic curve bilinear mapping, and the signature result has relevance and supervision. And, also provide new signature verification technique and new signature supervision technique based on new mathematical system.
Fig. 4 is a schematic diagram of a signature verification apparatus based on a block chain according to an embodiment of the present disclosure, which is applicable to a situation of performing accuracy supervision on real identity information of a signer to which a signature result belongs, and the apparatus is configured in an electronic device of a supervising party, so that a signature supervising method based on a block chain according to any embodiment of the present disclosure can be implemented. Referring to fig. 4, the block chain-based signature monitoring apparatus 400 specifically includes the following:
a supervision request module 410, configured to obtain a signed supervision request; the signature supervision request comprises a signature result of a ring member list;
an extracting module 420, configured to extract signature information, a real identity of a signer, a first ring identity identification point of a ring member, and a first ring identity aggregation point from the signature result;
a real identity module 430, configured to determine, according to the real identity identifier of the signer, real identity information of the signer and a ring sequence number of the signer in a ring member list;
and an accuracy monitoring module 440, configured to monitor accuracy of the real identity information of the signer according to the signature information, the first ring identity identifier point of the ring member, the first ring identity aggregation point, and the ring number of the signer.
In an alternative embodiment, the real identity module 430 comprises:
the identity information matching unit is used for matching the real identity identifier of the signer with the registration information of the participants in the block chain network to obtain the real identity information of the signer and the user public key of the signer;
and the ring sequence number unit is used for determining the ring sequence number of the signer in the ring member list according to the user public key of the signer.
In an alternative embodiment, the true identity of the signer is identified as an associable identity of the signer; the associable identity of the signer is determined according to the associable value of the signer and a second generator of a second cyclic group; the associable numerical value of the signer is determined according to the main private key and the user public key of the signer; or,
the true identity of the signer is a second associable identity of the signer; the second associable identification of the signer is determined according to the associable numerical value of the signer and the third master public key; the associable value of the signer is determined according to the master private key and the user public key of the signer.
In an alternative embodiment, the first ring identity identification point of the ring member is generated from the ring random number of the ring member and the first generator of the first cyclic group;
the first ring identity aggregation point is generated according to a first main public key, signature information, a ring random number of a signer, ring random numbers of other members, user public keys of the other members and first ring identity identification points of the other members;
wherein the other members are ring members in the ring member list except for the signer.
In an alternative embodiment, the accuracy supervision module 440 includes:
a first extraction unit, configured to extract a first identity identification point of a signer and first identity identification points of other members from first identity identification points of ring members according to the ring number of the signer;
the second ring identity aggregation unit is used for determining a second ring identity aggregation point according to the signature information, the first identity identification point of the signer and the first identity identification points of other members;
and the accuracy supervision unit is used for carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of other members, the user public key of the signer and the associable identity of the signer.
In an alternative embodiment, the accuracy supervision unit comprises:
the first auxiliary subunit is used for determining a first auxiliary item according to the third main public key and the first identity identification points of other members;
the second auxiliary subunit is used for determining a second auxiliary item according to the main private key, the associable identity of the signer and a second identity identification point of the signer;
the third auxiliary subunit is used for determining a third auxiliary item according to the second generating element, the first ring identity aggregation point and the second ring identity aggregation point of the second cyclic group;
the fourth auxiliary subunit is used for determining a fourth auxiliary item according to the second generator, the signature information in the signature result, the first ring identity identification point of the signer and the user public key of the signer;
and the accuracy supervision subunit is used for carrying out accuracy supervision on the real identity information of the signer according to the first auxiliary item, the second auxiliary item, the third auxiliary item and the fourth auxiliary item.
In an alternative embodiment, the accuracy supervision unit is specifically configured to:
determining whether the following equation holds:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2)) = e(g2, - v(k) * idG1(k));
wherein, v (k) = hashtoxint (M | | Marshal u (k));
wherein e () is an elliptic curve bilinear mapper, M is signature information, privMaster, pubmaster g2, g2, mk1 and mk2 are sequentially a main private key, a third main public key, a second generator, a first ring identity aggregation point and a second ring identity aggregation point, idG1(k) and u (k) are first identity identification points of the signer, u (i) is first identity identification points of other members, | | | is a splicer, Marshal () is point-to-character string processing, hashtonint () is character string-to-integer processing, sumexcpteexk (u) (i)) is aggregated for the first identity identification points of other members;
and determining that the supervision result of the real identity information is accurate under the condition that the equation is established.
In an alternative embodiment, the apparatus 400 further comprises an authentication credential validation module; the authentication credential validation module comprises:
an authentication credential extracting unit configured to extract an authentication credential of the ring member list from the signature result; the authentication certificate of the ring member list is obtained by signing the user public key of the ring member by adopting a main private key;
a validity determining unit, configured to determine whether the authentication credential is valid according to a third master public key, a user public key of a ring member, and the second generator;
and the supervision stopping unit is used for stopping supervising the signature result under the condition that the authentication voucher is illegal and determining that the supervision result of the real identity information is abnormal.
In an alternative embodiment, obtaining the first ring identity aggregation point comprises:
determining second ring identification points of other members according to the first main public key and ring random numbers of other members in the ring member list;
determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer, the signature information, the first ring identity identification points of other members and the user public keys of other members in the ring member list;
and aggregating the second ring identification points of the other members and the second ring identification points of the signers to obtain a first ring identification aggregation point.
In an alternative embodiment, the obtaining of the second ring identification point of the signer comprises:
determining the ring identity values of other members according to the signature information and the first ring identity identification points of other members;
processing the user public keys of other members according to the ring identity scores of the other members to obtain auxiliary public keys of the other members, and aggregating the auxiliary public keys of the other members to obtain aggregated auxiliary public keys of the other members;
and determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer and the aggregation auxiliary public key of the other members.
According to the technical scheme of the embodiment, a new ring signature technology is specifically provided based on elliptic curve bilinear mapping, and signature results have associability and monitorability.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 5 illustrates a schematic block diagram of an example electronic device 500 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the device 500 comprises a computing unit 501 which may perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the device 500 can also be stored. The calculation unit 501, the ROM 502, and the RAM 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A number of components in the device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, or the like; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508, such as a magnetic disk, optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general-purpose and/or special-purpose processing components having processing and computing capabilities. Some examples of the computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units that perform machine learning model algorithms, a digital information processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 501 performs the various methods and processes described above, such as a block chain based signature policing method. For example, in some embodiments, a blockchain-based signature policing method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 500 via ROM 502 and/or communications unit 505. When the computer program is loaded into the RAM 503 and executed by the computing unit 501, one or more steps of a block chain based signature policing method described above may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to perform a block chain based signature policing method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs executing on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (20)
1. A method for signature policing based on blockchain, performed by a policer of a blockchain network, the method comprising:
acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
according to the real identity mark of the signer, determining the real identity information of the signer and the ring serial number of the signer in the ring member list;
according to the signature information, a first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer, carrying out accuracy supervision on the real identity information of the signer;
wherein, the first ring identity identification point of the ring member is generated according to the ring random number of the ring member and the first generator of the first cyclic group;
the first ring identity aggregation point is generated according to a first main public key, signature information, a ring random number of a signer, ring random numbers of other members, user public keys of the other members and first ring identity identification points of the other members;
wherein the other members are ring members in the ring member list except for the signer.
2. The method of claim 1, wherein the determining the true identity information of the signer and the ring number of the signer in the ring member list according to the true identity of the signer comprises:
matching the real identity identification of the signer with the registration information of the participants in the block chain network to obtain the real identity information of the signer and the user public key of the signer;
and determining the ring serial number of the signer in the ring member list according to the user public key of the signer.
3. The method of claim 1, wherein the authentic identity of the signer is identified as an associable identity of the signer; the associable identity of the signer is determined according to the associable value of the signer and a second generator of a second cyclic group; the associable numerical value of the signer is determined according to the main private key and the user public key of the signer; or,
the true identity of the signer is a second associable identity of the signer; the second associable identification of the signer is determined according to the associable numerical value of the signer and the third master public key; the associable value of the signer is determined according to the master private key and the user public key of the signer.
4. The method of claim 1, wherein said supervising the accuracy of the signer's true identity information according to the signature information, the first ring identity identification point of the ring members, the first ring identity aggregation point, and the signer's ring number comprises:
extracting the first identity identification point of the signer and the first identity identification points of other members from the first identity identification points of the ring members according to the ring serial number of the signer;
determining a second ring identity aggregation point according to the signature information, the first identity identification point of the signer and the first identity identification points of other members;
and carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of other members, the user public key of the signer and the associable identity of the signer.
5. The method of claim 4, wherein said supervising the accuracy of the authentic identity information of the signer according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of the other members, the user public key of the signer, and the associable identity of the signer comprises:
determining a first auxiliary item according to the third main public key and the first identity identification point of other members;
determining a second auxiliary item according to the master private key, the associable identity of the signer and a second identity identification point of the signer;
determining a third auxiliary item according to a second generator of a second cyclic group, the first ring identity aggregation point and the second ring identity aggregation point;
determining a fourth auxiliary item according to the second generator, the signature information in the signature result, the first ring identity identification point of the signer and the user public key of the signer;
and according to the first auxiliary item, the second auxiliary item, the third auxiliary item and the fourth auxiliary item, carrying out accuracy supervision on the true identity information of the signer.
6. The method of claim 5, wherein said accuracy monitoring of said signer's true identity information comprises:
determining whether the following equation holds:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2)) = e(g2, - v(k) * idG1(k));
wherein v (k) = hashtont (M | | Marshal u (k));
wherein e () is an elliptic curve bilinear mapper, M is signature information, privMaster, pubmaster g2, g2, mk1 and mk2 are sequentially a main private key, a third main public key, a second generator, a first ring identity aggregation point and a second ring identity aggregation point, idG1(k) and u (k) are first identity identification points of the signer, u (i) is first identity identification points of other members, | | | is a splicer, Marshal () is point-to-character string processing, hashtonint () is character string-to-integer processing, sumexcpteexk (u) (i)) is aggregated for the first identity identification points of other members;
and determining that the supervision result of the real identity information is accurate under the condition that the equation is established.
7. The method of any of claims 1-6, further comprising:
extracting authentication credentials of the ring member list from the signature result; the authentication certificate of the ring member list is obtained by signing the user public key of the ring member by using a main private key;
determining whether the authentication certificate is legal or not according to the third main public key, the user public key of the ring member and the second generator;
and stopping monitoring the signature result under the condition that the authentication certificate is illegal, and determining that the monitoring result of the real identity information is abnormal.
8. The method of claim 1, wherein the obtaining of the first ring identity aggregation point comprises:
determining second ring identification points of other members according to the first main public key and ring random numbers of the other members in the ring member list;
determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer, the signature information, the first ring identity identification points of other members and the user public keys of other members in the ring member list;
and aggregating the second ring identification points of the other members and the second ring identification points of the signers to obtain a first ring identification aggregation point.
9. The method of claim 8, wherein the obtaining of the signer's second ring identification point comprises:
determining the ring identity values of other members according to the signature information and the first ring identity identification points of other members;
processing the user public keys of other members according to the ring identity scores of the other members to obtain auxiliary public keys of the other members, and aggregating the auxiliary public keys of the other members to obtain aggregated auxiliary public keys of the other members;
and determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer and the aggregated auxiliary public key of the other members.
10. The signature supervising device based on the block chain is configured on a supervising party of a block chain network, and the device comprises:
the supervision request module is used for acquiring a signature supervision request; the signature supervision request comprises a signature result of a ring member list;
the extraction module is used for extracting signature information, the real identity identification of a signer, a first ring identity identification point and a first ring identity aggregation point of a ring member from the signature result;
the real identity module is used for determining the real identity information of the signer and the ring serial number of the signer in the ring member list according to the real identity mark of the signer;
the accuracy supervision module is used for carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity identification point of the ring member, the first ring identity aggregation point and the ring number of the signer;
the first ring identity identification point of the ring member is generated according to the ring random number of the ring member and the first generating element of the first cyclic group;
the first ring identity aggregation point is generated according to a first main public key, signature information, a ring random number of a signer, ring random numbers of other members, user public keys of the other members and first ring identity identification points of the other members;
wherein the other members are ring members in the ring member list except for the signer.
11. The apparatus of claim 10, wherein the true identity module comprises:
the identity information matching unit is used for matching the real identity identifier of the signer with the registration information of the participants in the block chain network to obtain the real identity information of the signer and the user public key of the signer;
and the ring sequence number unit is used for determining the ring sequence number of the signer in the ring member list according to the user public key of the signer.
12. The apparatus of claim 10, wherein the authentic identity of the signer is identified as an associable identity of the signer; the associable identity of the signer is determined according to the associable value of the signer and a second generator of a second cyclic group; the associable numerical value of the signer is determined according to the main private key and the user public key of the signer; or,
the true identity of the signer is a second associable identity of the signer; the second associable identification of the signer is determined according to the associable numerical value of the signer and the third master public key; the associable value of the signer is determined according to the master private key and the user public key of the signer.
13. The apparatus of claim 10, wherein the accuracy supervision module comprises:
a first extraction unit, configured to extract a first identity identification point of a signer and first identity identification points of other members from first identity identification points of ring members according to the ring number of the signer;
a second ring identity aggregation unit, configured to determine a second ring identity aggregation point according to the signature information, the first identity identification point of the signer, and the first identity identification points of other members;
and the accuracy supervision unit is used for carrying out accuracy supervision on the real identity information of the signer according to the signature information, the first ring identity aggregation point, the second ring identity aggregation point, the first identity identification point of the signer, the first identity identification points of other members, the user public key of the signer and the associable identity of the signer.
14. The apparatus of claim 13, wherein the accuracy supervision unit comprises:
the first auxiliary subunit is used for determining a first auxiliary item according to the third main public key and the first identity identification point of other members;
the second auxiliary subunit is used for determining a second auxiliary item according to the main private key, the associable identity of the signer and a second identity identification point of the signer;
the third auxiliary subunit is used for determining a third auxiliary item according to the second generating element, the first ring identity aggregation point and the second ring identity aggregation point of the second cyclic group;
the fourth auxiliary subunit is used for determining a fourth auxiliary item according to the second generator, the signature information in the signature result, the first ring identity identification point of the signer and the user public key of the signer;
and the accuracy supervision subunit is used for carrying out accuracy supervision on the real identity information of the signer according to the first auxiliary item, the second auxiliary item, the third auxiliary item and the fourth auxiliary item.
15. The apparatus of claim 14, wherein the accuracy supervision unit is specifically configured to:
determining whether the following equation holds:
e(pubMasterG2, sumExceptIndexK(u(i)) ) * e(privMaster*linkKey(k), u(k)) * e(g2, - (mk1 + mk2)) = e(g2, - v(k) * idG1(k));
wherein, v (k) = hashtoxint (M | | Marshal u (k));
wherein e () is an elliptic curve bilinear mapper, M is signature information, privMaster, pubmaster g2, g2, mk1 and mk2 are sequentially a main private key, a third main public key, a second generator, a first ring identity aggregation point and a second ring identity aggregation point, idG1(k) and u (k) are first identity identification points of the signer, u (i) is first identity identification points of other members, | | | is a splicer, Marshal () is point-to-character string processing, hashtonint () is character string-to-integer processing, sumexcpteexk (u) (i)) is aggregated for the first identity identification points of other members;
and determining that the supervision result of the real identity information is accurate under the condition that the equation is established.
16. The apparatus of any one of claims 10-15, the apparatus further comprising the authentication credential validation module; the authentication credential validation module comprises:
an authentication credential extracting unit configured to extract an authentication credential of the ring member list from the signature result; the authentication certificate of the ring member list is obtained by signing the user public key of the ring member by adopting a main private key;
the legality determining unit is used for determining whether the authentication certificate is legal or not according to the third main public key, the user public key of the ring member and the second generating element;
and the supervision stopping unit is used for stopping supervising the signature result under the condition that the authentication voucher is illegal and determining that the supervision result of the real identity information is abnormal.
17. The apparatus of claim 10, wherein the obtaining of the first ring identity aggregation point comprises:
determining second ring identification points of other members according to the first main public key and ring random numbers of other members in the ring member list;
determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer, the signature information, the first ring identity identification points of other members and the user public keys of other members in the ring member list;
and aggregating the second ring identification points of the other members and the second ring identification points of the signers to obtain a first ring identity aggregation point.
18. The apparatus of claim 17, wherein the obtaining of the signer's second ring identification point comprises:
determining the ring identity values of other members according to the signature information and the first ring identity identification points of other members;
processing the user public keys of other members according to the ring identity scores of the other members to obtain auxiliary public keys of the other members, and aggregating the auxiliary public keys of the other members to obtain aggregated auxiliary public keys of the other members;
and determining a second ring identity identification point of the signer according to the first associable identity identification of the signer, the ring random number of the signer and the aggregation auxiliary public key of the other members.
19. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-9.
20. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210280203.5A CN114389821B (en) | 2022-03-22 | 2022-03-22 | Signature supervision method, device, equipment and storage medium based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210280203.5A CN114389821B (en) | 2022-03-22 | 2022-03-22 | Signature supervision method, device, equipment and storage medium based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114389821A CN114389821A (en) | 2022-04-22 |
| CN114389821B true CN114389821B (en) | 2022-06-17 |
Family
ID=81205173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210280203.5A Active CN114389821B (en) | 2022-03-22 | 2022-03-22 | Signature supervision method, device, equipment and storage medium based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114389821B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115996120B (en) * | 2023-03-22 | 2023-09-29 | 江西经济管理干部学院 | Computer data encryption and decryption method and system based on mobile storage device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010280A (en) * | 2019-12-09 | 2020-04-14 | 中山大学 | Group signature-based construction method for monitorable block chain |
| AU2020102455A4 (en) * | 2020-09-28 | 2020-11-12 | Shenzhen Polytechnic | A Kind of Anti-quantum Ring Signature Algorithm and Application of Block Chain |
| CN112132578A (en) * | 2020-09-16 | 2020-12-25 | 建信金融科技有限责任公司 | Efficient transaction processing method, tracking method and device based on block chain |
| CN113591128A (en) * | 2021-08-17 | 2021-11-02 | 东北大学秦皇岛分校 | Block chain illegal address supervision system based on group signature and tracing method |
| CN113626852A (en) * | 2021-07-02 | 2021-11-09 | 西安电子科技大学 | Safe and efficient method, system and application for anonymizing chain elements of unlicensed blocks |
| CN113761582A (en) * | 2021-09-29 | 2021-12-07 | 山东省计算中心(国家超级计算济南中心) | Group signature based method and system for protecting privacy of block chain transaction under supervision |
| CN113935065A (en) * | 2021-10-11 | 2022-01-14 | 浙江大学 | Ring signature-based federation chain identity privacy protection and supervision method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101040588B1 (en) * | 2010-12-13 | 2011-06-10 | 한국기초과학지원연구원 | An efficient identity-based ring signature scheme with anonymity and system thereof |
| CN109257184B (en) * | 2018-11-08 | 2021-02-26 | 西安电子科技大学 | Linkable ring signature method based on anonymous broadcast encryption |
| CN112861189B (en) * | 2021-02-04 | 2024-02-06 | 北京百度网讯科技有限公司 | Signature generation method, signature verification method, signature generation device, signature verification device and signature verification medium |
| CN113360943A (en) * | 2021-06-23 | 2021-09-07 | 京东数科海益信息科技有限公司 | Block chain private data protection method and device |
-
2022
- 2022-03-22 CN CN202210280203.5A patent/CN114389821B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010280A (en) * | 2019-12-09 | 2020-04-14 | 中山大学 | Group signature-based construction method for monitorable block chain |
| CN112132578A (en) * | 2020-09-16 | 2020-12-25 | 建信金融科技有限责任公司 | Efficient transaction processing method, tracking method and device based on block chain |
| AU2020102455A4 (en) * | 2020-09-28 | 2020-11-12 | Shenzhen Polytechnic | A Kind of Anti-quantum Ring Signature Algorithm and Application of Block Chain |
| CN113626852A (en) * | 2021-07-02 | 2021-11-09 | 西安电子科技大学 | Safe and efficient method, system and application for anonymizing chain elements of unlicensed blocks |
| CN113591128A (en) * | 2021-08-17 | 2021-11-02 | 东北大学秦皇岛分校 | Block chain illegal address supervision system based on group signature and tracing method |
| CN113761582A (en) * | 2021-09-29 | 2021-12-07 | 山东省计算中心(国家超级计算济南中心) | Group signature based method and system for protecting privacy of block chain transaction under supervision |
| CN113935065A (en) * | 2021-10-11 | 2022-01-14 | 浙江大学 | Ring signature-based federation chain identity privacy protection and supervision method |
Non-Patent Citations (2)
| Title |
|---|
| A Survey on Privacy Protection of Blockchain: The Technology and Application;Dan Wang ET AL;《IEEE Access》;20200514;全文 * |
| 区块链隐私保护与监管技术研究进展;李佩丽等;《信息安全学报》;20210515;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114389821A (en) | 2022-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021046668A1 (en) | Blockchain system, information transmission method, system and apparatus, and computer medium | |
| WO2021036086A1 (en) | Transaction data processing method, apparatus and system, and computer-readable storage medium | |
| CN109818730B (en) | Blind signature acquisition method and device and server | |
| WO2021135504A1 (en) | Digital signing method, apparatus and device, medium, and system | |
| CN103532721A (en) | Digital signature method, signature verification method, and method of distinguishing transaction signature and common signature | |
| CN110505061B (en) | Digital signature algorithm and system | |
| CN111478772A (en) | Assembly line friendly signature and signature verification method, device and storage medium | |
| CN114389821B (en) | Signature supervision method, device, equipment and storage medium based on block chain | |
| CN114389820B (en) | Block chain based signature verification method, device, equipment and storage medium | |
| CN114389822B (en) | Block chain based signature generation method, device, equipment and storage medium | |
| CN112184245B (en) | Transaction identity confirmation method and device for cross-region block chain | |
| CN116261139B (en) | Online data security transmission method and system based on 5G message and electronic equipment | |
| KR102085466B1 (en) | Method and apparatus for validating the identity of an entity | |
| CN112751667B (en) | Key generation method, signature and signature verification method, device, equipment and medium | |
| CN112861189B (en) | Signature generation method, signature verification method, signature generation device, signature verification device and signature verification medium | |
| CN115580489A (en) | Data transmission method, device, equipment and storage medium | |
| CN115204993A (en) | Public resource electronic transaction management method and system based on electronic visa | |
| CN113055178B (en) | Block chain system, and method, system, device and medium for transmitting numerical information | |
| CN117081744B (en) | Signature processing method and device based on elliptic curve and electronic equipment | |
| CN111106931B (en) | Authentication method, authentication device, terminal and computer-readable storage medium | |
| CN113505348A (en) | Data watermark embedding method, data watermark verifying method and data watermark verifying device | |
| CN111683070A (en) | Data transmission method and device based on identity encryption and storage medium | |
| CN113886493B (en) | System log security query method, device, equipment and storage medium | |
| CN118194332B (en) | Privacy intersection method, device, equipment and medium | |
| CN111064581B (en) | Privacy protection method and system with connection capability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |