CN116633540A - Distributed key generation recovery method, system and equipment - Google Patents
Distributed key generation recovery method, system and equipment Download PDFInfo
- Publication number
- CN116633540A CN116633540A CN202310855029.7A CN202310855029A CN116633540A CN 116633540 A CN116633540 A CN 116633540A CN 202310855029 A CN202310855029 A CN 202310855029A CN 116633540 A CN116633540 A CN 116633540A
- Authority
- CN
- China
- Prior art keywords
- key
- distributed
- algorithm
- private
- participant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000011084 recovery Methods 0.000 title claims abstract description 39
- 230000011218 segmentation Effects 0.000 claims abstract description 27
- 239000012634 fragment Substances 0.000 claims abstract description 24
- 238000003860 storage Methods 0.000 claims description 21
- 230000006870 function Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 4
- 230000006378 damage Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000013467 fragmentation Methods 0.000 description 2
- 238000006062 fragmentation reaction Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Abstract
The application provides a distributed key generation and recovery method, a system and equipment. The method comprises the following steps: randomly generating a private key and a public key according to a distributed key negotiation algorithm; the private keys are segmented and stored in a distributed mode by using a threshold key segmentation algorithm; and recovering the respective private keys according to the private key fragments stored in a distributed manner by using a Bayesian consensus algorithm. The distributed key generation and recovery method, the system and the equipment provided by the application can avoid the problem that the account security cannot be ensured due to the introduction of excessive third parties in the key slicing recovery process.
Description
Technical Field
The application relates to the technical field of blockchain, in particular to a distributed key generation and recovery method, a system and equipment.
Background
In the context of the current chinese digital economic transformation, digital assets have become a critical production element, while private keys represent ownership of digital assets as a necessary condition for accessing digital assets. Therefore, the security of the private key is critical to the security of the digital asset. Taking the example of the cryptocurrency assets in the blockchain, each user has a wallet account through which the user manages his digital assets. The wallet account essentially corresponds to a pair of keys, namely a public key and a private key. The public key is disclosed to the outside, a third party can verify the transaction submitted by the user according to the public key, and meanwhile, the address of the wallet is calculated based on the public key. The user's use of the account is based primarily on private keys, such as transfers, buying and selling cryptocurrency, etc. Once the user loses the private key of the account, meaning that control over the account is lost, digital assets in the account are also lost, including cryptocurrency, presence certificates (Proof of Attendance Protocol, POAP), non-homogeneous tokens (NFT), and the like.
Aiming at the problem that private key protection in the current digital asset management system faces single-point faults, the main scheme at present is to solve the problem by utilizing a distributed key generation technology. The distributed key generation (Distributed Key Generation, DKG) does not rely on any trusted third party to compute the shared public and private key sets by way of multiparty participation. The public key is disclosed externally, and the address of the wallet can be calculated according to the public key. In the process, a complete private key does not appear, each participant only has the corresponding fragments of the complete private key, and each participant realizes the management of the account through own private key fragments, so that the security of the account is ensured. And, DKG is often combined with a threshold signature in practical use. For example, n is the number of participants in the (t, n) -DKG, t is a threshold, and the common public key and the respective private keys are generated by the common negotiation of n nodes, but any subset of nodes greater than the threshold t can operate the account when in use.
Disadvantages of the prior art:
the distributed key generation technique generates a common public key and respective private keys by multiple parties negotiating with each other, and then the parties use a threshold signature technique to use the wallet account. This solution solves the single point of failure problem in digital assets, since the complete private key corresponding to the wallet account does not appear in this process. However, this solution still runs the risk of losing the participant private key resulting in a loss of control of the wallet account.
Taking (2, 2) -DKG as an example, party P 1 And P 2 Co-negotiation to generate a public key P k And the respective private key S k1 And S is k2 If the participator P 1 Lost its own private key S k1 Then only by party P 2 The signature of the transaction cannot be completed, i.e., control over the wallet account is lost. The root cause of this problem is that the protection of the private key should extend through the whole life cycle of the private key, including the generation phase and the use phase of the private key. However, DKG only acts on the generation stage of the private key, and the risk faced in the private key use process cannot be solved.
The existing scheme mainly aims at coping with the participant private key S by introducing a third party k1 And S is k2 A problem of loss. Taking the representative ZenGo wallet in the field of cryptocurrency as an example, it is explained that it introduces a third party to solve the client (equivalent to party P 2 ) Risk of losing private key. ZenGo to recover client' S private key S k2 Will S k2 The encrypted ciphertext is stored on the ZenGo server, and the private key for decryption is stored in the cloud disk of the client. That is, zenGo borrows third party "Yun Pan" to recover the private key of the client. If an attacker steals the decryption private key in the cloud disk or the cloud disk is attacked to stop running, the private key of the client cannot be recovered, so that the private key of the wallet cannot be recovered, and finally the control right of the account is lost. ZenGo introduces Escrow and trust for third parties to provide hosting and listening services, respectively, in order to recover the private key of the server.
In summary, in the prior art, the public key and the corresponding private key fragment of the account are generated by using the DKG technology, so that the appearance of the complete private key of the account is avoided, the security of the account is enhanced to a certain extent, the corresponding digital asset of the account is ensured, but the problem of private key fragment loss still exists in the use stage. To this end, existing solutions introduce third parties to assist in the recovery of private key fragments. However, the third party is not trusted, so that too many third parties are introduced for recovering the private key fragments, the risk of revealing the private key is increased, and the security of the account cannot be really ensured.
Disclosure of Invention
The application provides a distributed key generation and recovery method, a system and equipment, which can avoid the problem that account security cannot be ensured due to the introduction of excessive third parties in the key slicing recovery process.
In view of the above problems, the application provides a distributed key generation recovery method, a system and equipment.
In a first aspect, the present application provides a distributed key generation recovery method applied to each party distributed on a network, the method comprising:
randomly generating a private key and a public key according to a distributed key negotiation algorithm;
the private keys are segmented and stored in a distributed mode by using a threshold key segmentation algorithm;
and recovering the respective private keys according to the private key fragments stored in a distributed manner by using a Bayesian consensus algorithm.
In a second aspect, the present application provides a distributed key generation recovery system integrated with respective parties distributed over a network, the system comprising:
the distributed key generation module is arranged for randomly generating a private key and a public key according to a distributed key negotiation algorithm;
the threshold key segmentation module is used for carrying out slicing and distributed storage on the private keys by using a threshold key segmentation algorithm;
and the distributed key storage and recovery module is used for recovering the respective private keys according to the private key fragments stored in a distributed manner by using a Bayesian family consensus algorithm.
In a third aspect, the present application provides an electronic device, including:
a memory for storing executable instructions;
and the processor is used for realizing the distributed key generation and recovery method when executing the executable instructions stored in the memory.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
a solution for private key recovery of individual parties in distributed key generation is proposed, which has the advantage that:
(1) The DKG generates a shared public key and a private key of each party by negotiating each other, so that the corresponding complete private key of the account never appears, and the safety of the digital asset is ensured to a certain extent. But still risk losing the participant's private key resulting in account loss. Therefore, the application proposes to divide the private key of the participant by a threshold key to recover the private key of the participant;
(2) In order to ensure normal recovery of the private key of the participant, the application adopts a distributed mode to store the fragments of the private key of the participant after being divided in different nodes. Meanwhile, a consensus mechanism is adopted to enable the private key recovery of the participants, so that the private key recovery module has certain fault tolerance, partial nodes are allowed to downtime or malicious behaviors are implemented, and the safety of the digital asset is greatly improved.
Drawings
FIG. 1 is a flow chart of a distributed key generation recovery method provided by the present application;
fig. 2 is a schematic flow chart of a distributed key generation recovery method provided by the present application;
FIG. 3 is a flow chart of a key agreement applying elliptic curve Difei-Huffman algorithm provided by the present application;
FIG. 4 is a schematic diagram of a key agreement procedure using elliptic curve Difei-Huffman algorithm according to the present application;
FIG. 5 is a block diagram of a distributed key generation recovery system provided by the present application;
fig. 6 is a block diagram of an electronic device provided by the present application.
Detailed Description
The application provides a distributed key generation and recovery method, a system and equipment. In an embodiment of the application, a logic topology design of private key security enhancement oriented to distributed key generation is provided. Based on distributed key generation, a threshold key segmentation technology is used for segmenting the private key of the participant into a plurality of parts, and then a distributed node cluster is used for storing the private key fragments after the private key segmentation of the participant. The method also provides an algorithm design of Bayesian fault tolerance in distributed key recovery, and provides a certain fault tolerance capability while ensuring normal recovery of the private key of the participator, so that the condition of malicious nodes and downtime in the distributed cluster is allowed.
Fig. 1 is a flowchart of a distributed key generation recovery method according to an embodiment of the present application. The distributed key generation restoration method shown in fig. 1 is performed by each party distributed over the network. The various participants have equal status on the network and there is no distinction between server and client. Thus, the distributed key generation and recovery method provided by the embodiment of the application is implemented in a decentralised network architecture.
Referring to fig. 1, the distributed key generation restoration method includes the steps of:
s11, randomly generating a private key and a public key according to a distributed key negotiation algorithm.
Digital assets often correspond to an account, followed by public and private keys. Public key pair is disclosed outside, facilitating verification of the signature by a third party, and private key is used to manage assets in the account. In this case there is a single point of failure and a problem of key loss. The distributed key generation (Distributed Key Generation, DKG) does not rely on any trusted third party, and solves the above problem by multiple parties negotiating a shared public key and private key set. Therefore, there is a need for a key agreement algorithm that completes the negotiation of public keys without revealing the party's private data, including but not limited to Diffie-Hellman (DH) algorithm, elliptic curve Diffie-Hellman algorithm (Elliptic Curve Diffie-Hellman key Exchange, ECDH), and the like.
It should be noted that, the key negotiation algorithm referred to in the present application is a distributed key negotiation algorithm. The application environment is a network in which all the participants in the network are peer-to-peer and the center is removed. Through the key negotiation algorithm, each party distributed on the network can negotiate with other parties in the network which are also in the decentralization mode to obtain respective public keys and private keys.
The DH algorithm and the ECDH algorithm described above both belong to distributed key agreement algorithms.
The result of the key agreement is the public and private keys of the respective participants. It should be noted that, the private key negotiated by each participant is randomly and temporarily generated. Moreover, the private key is difficult to calculate through a specific algorithm, so that the corresponding complete private key of the account never appears, and the safety of the digital asset is ensured to a certain extent.
S12, the private keys are segmented and stored in a distributed mode by using a threshold key segmentation algorithm.
In order to avoid potential safety hazards caused by introducing a third party in the process of generating and using the secret key, the embodiment of the application adopts a storage scheme of threshold fragmentation and distributed storage for the private key obtained through negotiation.
Specifically, a threshold key segmentation algorithm is adopted to segment the private key obtained by key agreement of each participant, and then the segmented private key fragments are stored in a distributed manner, namely, the private key fragments are distributed to each participant and are stored by each participant respectively.
This has the advantage that the account key is actually managed jointly by a plurality of different parties. Even if a single point of failure occurs, or the key is lost, the account key can be recovered by invoking the key shards stored on the other participants. By the distributed management and the distributed storage management mode, the actual security of the account key is higher.
Specifically, the key slicing algorithm, that is, the threshold key slicing algorithm, may be Shamir's Secret Sharing (SSS), or verifiable key Sharing (Verifiable Secret Sharing, VSS).
The embodiment of the application briefly outlines the principle and flow of dividing the private key of each participant by Shamir threshold key division. The Shamir threshold key segmentation scheme has two parameters (t, n). Where n represents the number of nodes involved in key splitting and t represents a threshold value, i.e. at least t nodes need to be aggregated together to recover the original private key. The implementation principle of the Shamir threshold key segmentation scheme is thatAnd (3) any t-1 degree polynomial function is determined by utilizing a Lagrange interpolation method after t points on a polynomial corresponding curve are needed to be obtained. As shown in fig. 1, party P is partitioned using a (3, 4) -Shamir threshold key 2 Is a private key S of (2) k2 . First, a polynomial is set as:
f(x)=a 2 x 2 +a 1 x 1 +a 0
wherein f (0) =a 0 =S k2 Is a secret to be protected, split. The private key segmentation process is as follows:
participant P 2 Randomly generating 2 random numbers a 1 ,a 2 At the same time randomly select 4 mutually different integers x 1 ,x 2 ,x 3 ,x 4 。
Bringing 4 integers into polynomial function, calculating to obtain 4 values
The calculated 4 values are respectively sent to 4 nodes, namely the ith node willFragmentation as a party private key.
Destroying f (x).
To this end, party P 2 Is divided into 4 shares and fragments of at least 3 participants are aggregated together to recover party P 2 Is a private key S of (2) k2 。
S13, recovering the respective private keys according to the distributed stored private key fragments by using a Bayesian consensus algorithm.
Because the key storage adopts a distributed mode, each party distributed on the network respectively stores the key fragments, once nodes in the parties have single-point faults or the original key is lost, the private key of the account can be recovered by calling a consensus algorithm.
In the embodiment of the application, the consensus algorithm refers to a Bayesian family consensus algorithm. Typically, such consensus algorithms include: utility Bayer-Bettting algorithm (Practical Byzantine Fault Tolerant, PBFT), istamb Bayer-Bettting algorithm (Istanbul Byzantine Fault Tolerant, IBFT).
The Bayesian consensus algorithm can ensure that consensus can still be achieved when nodes in the distributed system fail or act maliciously. Assuming that the total node number of the distributed system is n, the number of fault or malicious nodes does not exceed f, and the number of the fault or malicious nodes and the total node number of the distributed system are not more than or equal to 3f+1, namely at least 3f+1 nodes are needed to participate in the consensus process, and the tolerance of the system is 33%. The following illustrates party P 2 Private key S k2 And (5) carrying out a recovery flow. First, S is split using (3, 4) threshold key k2 Divided into 4 private key slices. Then, the distributed system composed of 4 nodes respectively storesAnd->Suppose that the private key S of the party k2 For 2, the f (x) of the construction is as follows:
f(x)=2x 2 +5x+2
from the function, where t=3, x is taken as the other 1 =1,x 2 =2,x 3 =3,x 4 =4, the carry-in function is availableAs shown in FIG. 1, assume that +.>The first three sets of data (1, 9), (2, 20) and (3, 35) are selected and recovered using the lagrangian interpolation co-formulation:
successful recovery of party P by the above calculation 2 Is a private key S of (2) k2 2.
Due to the adoption of the key segmentation, the distributed storage and the decentralization mode of the recovery of the consensus algorithm, if one of the network or part of the account keys of the participants are lost, the lost account keys can be recovered by calling the key fragments stored by other participants. The whole process from key negotiation to key fragment distribution and then to key recovery does not need to introduce a third party except a participant, so that potential safety hazards caused by the introduction of the third party are avoided, and the overall safety of the key storage, distribution and recovery processes is improved.
Referring to fig. 2, the distributed key generation and recovery method provided by the embodiment of the present application generally includes three stages of distributed key generation, threshold key segmentation, and distributed key storage and recovery.
In the distributed key generation stage, each participant distributed on the network obtains each public key and each private key through distributed key negotiation.
In the threshold key segmentation stage, the private keys of all the participants are segmented by using a threshold key segmentation algorithm to obtain key segments, and then all the key segments are distributed to all the nodes on the network for distributed storage.
And in the distributed key storage and recovery stage, key fragments stored by all nodes on the network are called, and the key of the lost party is recovered by using a Bayesian consensus algorithm.
Through the above process, the private key of the participant is stored in a distributed manner on each participant on the network in the form of private key fragments. Once a single point of failure, or loss of a key, occurs, the problematic key can be recovered by a private key fragment stored on a different party. Moreover, no third party participates in the whole process, and the safety problem caused by the introduction of the third party is avoided.
Fig. 3 is a flowchart of a key negotiation process provided in an embodiment of the present application. Also, the key negotiation process shown by fig. 3 is a key negotiation process to which elliptic curve diffie-hellman algorithm is applied. Referring to fig. 3, the key negotiation process using elliptic curve diffie-hellman algorithm described above includes:
s31, party P 1 And P 2 The negotiation determines the kind of elliptic curve to be used and the base point G of the corresponding curve.
The elliptic curve may be of the kind: wills' curve, montgomery curve, and distorted Edwardsier curve.
S32, party P 1 And P 2 Respectively generating a random number S k1 And S is k2 As the respective private key and multiplied by the base point G to obtain the respective public key P k1 And P k2
S33, party P 1 And P 2 In turn transmitting its own public key P to the other party k1 And P k2 Both sides respectively calculate S k2 ×P k1 And S is k1 ×P k2 。
Since the operations on the elliptic curve satisfy the multiplicative exchange law and the conjunctive law, both result in the same result P k I.e. S k1 ×S k2 ×G。
Fig. 4 also shows the key agreement procedure based on elliptic curve diffie-hellman algorithm described above. Referring to fig. 4, in the process of generating the public key by distributed key negotiation, private keys of both parties are generated randomly and temporarily and are not disclosed externally. Meanwhile, based on the public information elliptic curve, the public key and the base point G, the private key is difficult to calculate. Meanwhile, in order to ensure the safety of the communication of both parties and the credibility of the communication content, a zero knowledge proof and homomorphic encryption technology is often used in the negotiation process. The two parties then use the respective private keys to collectively manage the digital assets of the corresponding accounts. In the context of cryptocurrency, the public key P is also obtained according to negotiations k And generating a wallet address corresponding to the account.
In addition to the above-described key negotiation process based on elliptic curve diffie-hellman algorithm, the key negotiation process provided by the embodiment of the present application may also be a key negotiation process based on classical diffie-hellman algorithm.
Typically, the key negotiation process based on the classical diffie-hellman algorithm specifically comprises: participant P 1 Selecting a large prime number P and primitive root g of the large prime number P, and then transmitting P and g to the party P 2 The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 Selecting and secretly storing a random number x 1 ∈{0,1} n Participant P 2 Selecting and secretly storing a random number x 2 ∈{0,1} n The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 Calculation ofAnd send to party P 2 Participant P 2 Calculate->And send to party P 1 The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 According to party P 2 Transmitted value y 2 Computing key->Participant P 2 According to party P 1 Calculated value y 1 Computing key->
Fig. 5 is a block diagram of a distributed key generation and recovery system according to an embodiment of the present application. Referring to fig. 5, the distributed key generation recovery system includes: a distributed key generation module 51, a threshold key segmentation module 52, and a distributed key storage and recovery module 53.
The distributed key generation module 51 is configured to randomly generate a private key and a public key according to a distributed key negotiation algorithm.
The threshold key segmentation module 52 is configured to segment and store the respective keys in a distributed manner using a threshold key segmentation algorithm.
The distributed key storage and recovery module 53 is configured to recover the respective private keys according to the distributed stored private key fragments using a bayer pattern consensus algorithm.
In some implementations, the distributed key generation module 51 includes: and a distributed key generation unit.
The distributed key generation unit is specifically configured to: the private key and the public key are randomly generated according to the diffie-hellman algorithm, or elliptic curve diffie-hellman algorithm.
In some embodiments, randomly generating the private key and the public key according to an elliptic curve diffie-hellman algorithm includes: participant P 1 And P 2 Negotiating to determine the kind of the elliptic curve and the base point G of the corresponding curve; participant P 1 And P 2 Respectively generating a random number S k1 And S is k2 As the respective private key and multiplied by the base point G to obtain the respective public key P k1 And P k2 The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 And P 2 In turn transmitting its own public key P to the other party k1 And P k2 Both sides respectively calculate S k2 ×P k1 And S is k1 ×P k2 。
In some embodiments, randomly generating the private key and the public key according to a diffie-hellman algorithm includes: participant P 1 Selecting a large prime number P and primitive root g of the large prime number P, and then transmitting P and g to the party P 2 The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 Selecting and secretly storing a random number x 1 ∈{0,1} n Participant P 2 Selecting and secretly storing a random number x 2 ∈{0,1} n The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 Calculation ofAnd send to party P 2 Participant P 2 Calculate->And send to party P 1 The method comprises the steps of carrying out a first treatment on the surface of the Participant P 1 According to party P 2 Transmitted value y 2 Computing key->Participant P 2 According to party P 1 Calculated value y 1 Computing key->
In some embodiments, the threshold key segmentation module 52 includes: a threshold key segmentation unit.
The threshold key segmentation unit is used for using a Shamir key sharing algorithm or a verifiable key sharing algorithm to segment and store the private keys of the respective keys in a distributed manner.
In some embodiments, using Shamir key sharing algorithms, slicing and distributed storage of respective private keys includes: setting a polynomial function f (x) for performing private key slicing; participant p 2 Randomly generating 2 random numbers a 1 ,a 2 At the same time randomly select 4 mutually different integers x 1 ,x 2 ,x 3 ,x 4 The method comprises the steps of carrying out a first treatment on the surface of the 4 integers are brought into the polynomial function f (x), and 4 values are calculated The calculated 4 values are sent to 4 nodes respectively, i.e. the i-th node will +.>Fragmenting as a party private key; the destruction polynomial function f (x).
In some embodiments, the consensus algorithm of the bayer class comprises: the practical Bayer-Bezier algorithm and the Istamb-Bezier algorithm.
In some embodiments, the bayer pattern consensus algorithm is fault tolerant.
Fig. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application, and shows a block diagram of an exemplary electronic device suitable for implementing an embodiment of the present application. The electronic device shown in fig. 6 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the present application. As shown in fig. 6, the electronic apparatus includes a processor 61, a memory 62, an input device 63, and an output device 64; the number of processors 61 in the electronic device may be one or more, in fig. 6, one processor 61 is taken as an example, and the processors 61, the memory 62, the input device 63 and the output device 64 in the electronic device may be connected by a bus or other means, in fig. 6, by bus connection is taken as an example.
The memory 62 is used as a computer readable storage medium for storing a software program, a computer executable program, and modules, such as program instructions/modules corresponding to a distributed key generation restoration method in an embodiment of the present application. The processor 61 executes various functional applications of the computer device and data processing by running software programs, instructions and modules stored in the memory 62, i.e., implements one of the distributed key generation restoration methods described above.
Note that the above is only a preferred embodiment of the present application and the technical principle applied. It will be understood by those skilled in the art that the present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the application. Therefore, while the application has been described in connection with the above embodiments, the application is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the application, which is set forth in the following claims.
Claims (8)
1. A distributed key generation and restoration method applied to each party distributed on a network, comprising:
randomly generating a private key and a public key according to a distributed key negotiation algorithm;
the private keys are segmented and stored in a distributed mode by using a threshold key segmentation algorithm;
recovering the respective private keys according to the private key fragments stored in a distributed manner by using a Bayesian consensus algorithm;
the method for slicing and distributed storage of the private keys by using a threshold key segmentation algorithm comprises the following steps:
the method comprises the steps that a Shamir key sharing algorithm or a verifiable key sharing algorithm is used, and respective private keys are subjected to slicing and distributed storage;
the Shamir key sharing algorithm is used for carrying out slicing and distributed storage on the private keys, and the method comprises the following steps:
setting a polynomial function f (x) for performing private key slicing;
participant p 2 Randomly generating 2 random numbers a 1 ,a 2 At the same time randomly select 4 mutually different integers x 1 ,x 2 ,x 3 ,x 4 ;
4 integers are brought into the polynomial function f (x), and 4 values are calculated
The calculated 4 values are respectively sent to 4 nodes, namely the ith node willFragmenting as a party private key;
the destruction polynomial function f (x).
2. The method of claim 1, wherein randomly generating the private key and the public key in accordance with a distributed key agreement algorithm comprises:
the private key and the public key are randomly generated according to the diffie-hellman algorithm, or elliptic curve diffie-hellman algorithm.
3. The method of claim 2, wherein randomly generating the private key and the public key according to the elliptic curve diffie-hellman algorithm comprises:
participant P 1 And P 2 Negotiating to determine the kind of the elliptic curve and the base point G of the corresponding curve;
participant P 1 And P 2 Respectively generating a random number S k1 And S is k2 As the respective private key and multiplied by the base point G to obtain the respective public key P k1 And P k2 ;
Participant P 1 And P 2 In turn transmitting its own public key P to the other party k1 And P k2 Both sides respectively calculate S k2 ×P k1 And S is k1 ×P k2 。
4. The method of claim 2, wherein randomly generating the private key and the public key according to the diffie-hellman algorithm comprises:
participant P 1 Selecting a large prime number P and primitive root g of the large prime number P, and then transmitting P and g to the party P 2 ;
Participant P 1 Selecting and secretly storing a random number x 1 ∈{0,1} n Participant P 2 Selecting and secretly storing a random number x 2 ∈{0,1} n ;
Participant P 1 Calculation ofAnd send to party P 2 Participant P 2 Calculate->And send to party P 1 ;
Participant P 1 According to party P 2 Transmitted value y 2 Computing keysParticipant P 2 According toParticipant P 1 Calculated value y 1 Computing key->
5. The method according to claim 1, characterized in that the consensus algorithm of the bayer family comprises: the practical Bayer-Bezier algorithm and the Istamb-Bezier algorithm.
6. The method according to claim 1, characterized in that the consensus algorithm of the bayer class is fault tolerant.
7. A distributed key generation and restoration system integrated with each party distributed over a network, comprising:
the distributed key generation module is arranged for randomly generating a private key and a public key according to a distributed key negotiation algorithm;
the threshold key segmentation module is used for carrying out slicing and distributed storage on the private keys by using a threshold key segmentation algorithm;
the distributed key storage and recovery module is arranged to recover the respective private keys according to the private key fragments stored in a distributed manner by using a Bayesian family consensus algorithm;
the threshold key segmentation module comprises: a threshold key dividing unit;
the threshold key segmentation unit is used for using a Shamir key sharing algorithm or a verifiable key sharing algorithm to segment and store the private keys of the respective keys in a distributed manner;
the Shamir key sharing algorithm is used for carrying out slicing and distributed storage on the private keys, and the method comprises the following steps: setting a polynomial function f (x) for performing private key slicing; participant p 2 Randomly generating 2 random numbers a 1 ,a 2 At the same time randomly select 4 mutually different integers x 1 ,x 2 ,x 3 ,x 4 The method comprises the steps of carrying out a first treatment on the surface of the 4 integers are brought into the polynomial function f (x), and 4 values are calculated The calculated 4 values are sent to 4 nodes respectively, i.e. the i-th node will +.>Fragmenting as a party private key; the destruction polynomial function f (x).
8. An electronic device, the electronic device comprising:
a memory for storing executable instructions;
a processor configured to implement the distributed key generation restoration method of any one of claims 1 to 6 when executing executable instructions stored in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310855029.7A CN116633540A (en) | 2023-07-12 | 2023-07-12 | Distributed key generation recovery method, system and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310855029.7A CN116633540A (en) | 2023-07-12 | 2023-07-12 | Distributed key generation recovery method, system and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116633540A true CN116633540A (en) | 2023-08-22 |
Family
ID=87602814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310855029.7A Pending CN116633540A (en) | 2023-07-12 | 2023-07-12 | Distributed key generation recovery method, system and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116633540A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190356481A1 (en) * | 2018-05-18 | 2019-11-21 | Qredo Ltd. | System and method for securing digital assets |
| US20200127813A1 (en) * | 2017-04-24 | 2020-04-23 | Blocksettle Ab | Method and system for creating a user identity |
| CN111314067A (en) * | 2020-02-05 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Block storage method and device, computer equipment and storage medium |
| CN111404950A (en) * | 2020-03-23 | 2020-07-10 | 腾讯科技(深圳)有限公司 | Information sharing method and device based on block chain network and related equipment |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
| CN114281893A (en) * | 2021-12-22 | 2022-04-05 | 蚂蚁区块链科技(上海)有限公司 | Processing method, device and equipment for block chain transaction |
-
2023
- 2023-07-12 CN CN202310855029.7A patent/CN116633540A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200127813A1 (en) * | 2017-04-24 | 2020-04-23 | Blocksettle Ab | Method and system for creating a user identity |
| US20190356481A1 (en) * | 2018-05-18 | 2019-11-21 | Qredo Ltd. | System and method for securing digital assets |
| CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
| CN111314067A (en) * | 2020-02-05 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Block storage method and device, computer equipment and storage medium |
| CN111404950A (en) * | 2020-03-23 | 2020-07-10 | 腾讯科技(深圳)有限公司 | Information sharing method and device based on block chain network and related equipment |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN114281893A (en) * | 2021-12-22 | 2022-04-05 | 蚂蚁区块链科技(上海)有限公司 | Processing method, device and equipment for block chain transaction |
Non-Patent Citations (3)
| Title |
|---|
| HENRIQUE MONIZ: "The Istanbul BFT Consensus Algorithm", 《ARXIV》, pages 178 - 24 * |
| 周俊杰: "Istanbul BFT解读", pages 1 - 3, Retrieved from the Internet <URL:https://learnblockchain.cn/article/1040> * |
| 朱建明: "《深入浅出隐私计算技术解析与应用实践》", 机械工业出版社, pages: 45 - 47 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11641283B2 (en) | Computer implemented method and system for transferring access to a digital asset | |
| JP7202358B2 (en) | A computer-implemented method of generating a threshold vault | |
| JP7301039B2 (en) | Threshold digital signature method and system | |
| JP2020515087A5 (en) | ||
| TWI821248B (en) | Computer implemented method and system for transferring control of a digital asset | |
| CN111066285A (en) | Method for recovering public key based on SM2 signature | |
| CN112751673B (en) | Supervision-capable data privacy sharing method based on end side cloud cooperation | |
| CN110784320A (en) | Distributed key implementation method and system and user identity management method and system | |
| JP7316283B2 (en) | Computer-implemented method and system for obtaining digitally signed data | |
| Gupta et al. | Single secret image sharing scheme using neural cryptography | |
| CN112953700B (en) | Method, system and storage medium for improving safe multiparty computing efficiency | |
| CN113676333A (en) | Method for generating SM2 blind signature through cooperation of two parties | |
| Li et al. | Privacy-aware secure anonymous communication protocol in CPSS cloud computing | |
| CN114139197A (en) | Proxy security multi-party computing method, system, processing equipment and storage medium | |
| JP2022522869A (en) | How to provide a digital signature on a message | |
| CN116633540A (en) | Distributed key generation recovery method, system and equipment | |
| Ebrahimi et al. | Enhancing cold wallet security with native multi-signature schemes in centralized exchanges | |
| Hussein et al. | NTRU_ SSS: Anew Method Signcryption Post Quantum Cryptography Based on Shamir’s Secret Sharing. | |
| TWI689194B (en) | Threshold signature system based on secret sharing without dealer and method thereof | |
| CN110837633B (en) | Intelligent certificate implementation method and system and readable storage medium | |
| TWI737956B (en) | Threshold signature system based on secret sharing and method thereof | |
| CN117914476A (en) | Verifiable federal learning security aggregation method supporting privacy and global protection | |
| CN117454428A (en) | Data sharing correctness verification method and device, electronic equipment and medium | |
| KR20220142254A (en) | Multi-signature wallet system in blockchain using the bloom filter | |
| CN116980117A (en) | Secure multi-party computing collusion attack resisting method based on alliance chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |