CN117318940A - Multiparty collaborative signature method and system based on authentication secret sharing - Google Patents
Multiparty collaborative signature method and system based on authentication secret sharing Download PDFInfo
- Publication number
- CN117318940A CN117318940A CN202311589819.1A CN202311589819A CN117318940A CN 117318940 A CN117318940 A CN 117318940A CN 202311589819 A CN202311589819 A CN 202311589819A CN 117318940 A CN117318940 A CN 117318940A
- Authority
- CN
- China
- Prior art keywords
- signature
- key
- participants
- share
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012795 verification Methods 0.000 claims abstract description 48
- 238000007781 pre-processing Methods 0.000 claims abstract description 19
- 238000004364 calculation method Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 5
- 239000000654 additive Substances 0.000 claims 1
- 230000000996 additive effect Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 241000170489 Upis Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a multiparty collaborative signature method and a multiparty collaborative signature system based on authentication secret sharing, and relates to the technical field of information security. The method comprises the following steps: determining participants of the collaborative signature according to the message to be signed; preprocessing the participants by using a data distribution method to obtain a global key and a key message authentication code; each participant randomly generates a respective signature private key, all participants perform secure computation by using the respective signature private keys to generate a joint public key, and the joint public key is used for generating a signature of a message to be signed; and (3) verifying the key message authentication code of the signature by using the global key, and determining that the generated signature is a multi-party collaborative signature result after verification. The invention breaks through the limit of limited number of participants or the limit of special safety hardware in the existing SM2 signature system, can verify the signature result, prevents malicious participants from tampering data, and can realize efficient collaborative signature.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a multiparty collaborative signature method and system based on authentication secret sharing.
Background
With rapid development of network technology and increasing frequency of online activities, information security becomes a very prominent problem, and digital signature technology plays an extremely important role in ensuring data integrity, reliability, non-repudiation and the like.
Digital signatures are widely used to protect the integrity and trustworthiness of electronic files. However, in some cases, the document needs to be signed by multiple people to be confirmed. For example, in some financial transactions or legal documents, multiple signers are required to sign the same document to validate the document. Furthermore, in some cases, the signing of documents may need to be spread across multiple geographic locations or organizations. In particular, in the financial market, multiple companies may commonly publish some market data for use by investors and analysts. Such market data may include stock prices, trade volume, profitability, market rate, and so forth. These data are relevant to the healthy development of an economic market, and if counterfeit market data is released, investors and analysts may make investment decisions based on erroneous information, resulting in market distortion. This may cause market fluctuations and uncertainties, thereby affecting market stability and health development. So that the company that distributes the data needs to be responsible for the data together, in which case the collaborative signature technique may provide a viable solution to ensure the integrity, confidentiality, traceability, non-repudiation of the data by collaborative signing the message.
Collaborative signing is a special digital signature technique that supports multiple signers to sign the same document. In conventional digital signature schemes, digital signature behavior can only be implemented by a single signer, while collaborative signature techniques can share signature authority among multiple signers. The advent of collaborative signature technology has enabled multiple signers to safely and efficiently sign the same document, thereby improving the efficiency and accuracy of signing documents. It provides a more flexible, secure way to sign documents, making the signing process more transparent and reliable. In the actual signing process, companies participating in the signature cannot be guaranteed to be honest, wherein some companies may try to release data beneficial to the companies, or terminals of some companies are attacked, so that malicious actions such as modifying the shares of the companies, cheating other participants to take other participant keys and the like are shown, and the malicious actions bring potential safety hazards to the signature, so that a collaborative signature scheme capable of verifying the signature is needed.
For elliptic curve public key cryptography (SM 2) of domestic cryptography, SM2 signature schemes supporting multiparty collaboration have been proposed successively, but most of them have some drawbacks, such as that the signer needs to perform multiple key negotiations, introducing zero knowledge proof or a large number of public key operations in online stage leads to low signature efficiency, limited number of collaborative signers, and need special security hardware. Therefore, how to ensure the security of the signing process to realize more efficient collaborative signature on the premise that the number of signing parties is not limited becomes a problem to be solved in the prior art.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide the multiparty collaborative signature method and the multiparty collaborative signature system based on authentication secret sharing, by distributing data to signature parties, a plurality of signature parties can carry out collaborative signature only when the parties commonly provide respective private keys, the number of the parties is not considered, the limit of the limited number of the parties or the limit of special safety hardware is broken through in the existing SM2 signature system, meanwhile, signature results can be verified, malicious parties are prevented from tampering with the data, and efficient collaborative signature can be realized.
In order to achieve the above object, the present invention is realized by the following technical scheme:
the invention provides a multiparty collaborative signature method based on authentication secret sharing, which comprises the following steps:
determining participants of the collaborative signature according to the message to be signed;
preprocessing the participants by using a data distribution method to obtain a global key and a key message authentication code;
each participant randomly generates a respective signature private key, all participants perform secure computation by using the respective signature private keys to generate a joint public key, and the joint public key is used for generating a signature of a message to be signed;
and (3) verifying the key message authentication code of the signature by using the global key, and determining that the generated signature is a multi-party collaborative signature result after verification.
Further, the specific steps of preprocessing the participants by using the data distribution method are as follows:
giving a group of verification private key sets, and randomly distributing the verification private keys to all the participants;
carrying out global key addition share distribution on each participant at random, and adding all global key addition shares to form an addition share;
calculating a key message authentication code according to the addition share and the verification private key;
and obtaining the global key according to the key message authentication code, the addition share and the verification private key.
Further, the calculation formula for obtaining the global key according to the key message authentication code, the addition share and the verification private key is as follows:
,
wherein,is a global key->Add shares for global key of ith party,/->Authentication private key for the ith party,/->Authentication code for key message of the ith party,/->N is the number of participants.
Further, each participant randomly generates a respective signature private key, and all the participants perform safe calculation by using the respective signature private keys to generate a joint public key, which comprises the following specific steps:
a group of numerical value sets are given, and a signature private key, a first random number and a second random number of each participant are randomly generated from the numerical value sets;
each participant calculates the share of each participant by using the signature private key, the first random number and the second random number;
reconstructing a total share according to the share of all the participants;
and carrying out inversion calculation on the total share by adopting a partial opening mode to obtain the joint public key.
Still further, the partial opening is performed by opening only the numeric portion of the shared share and not the message authentication code portion.
Further, the specific steps of each party calculating the share of each party by using the signature private key, the first random number and the second random number are as follows:
each participant selects corresponding random value pairs from a preset random value pair set for a signature private key, a first random number and a second random number, and the corresponding random value pairs are respectively marked as the signature private key random value pairs, the first random number random value pairs and the second random number random value pairs;
the signature private key, the first random number and the second random number are subjected to blinding by adopting corresponding random values to obtain corresponding blinded values which are respectively the signature private key blinded value, the first random number blinded value and the second random number blinded value, and all the blinded values are broadcasted;
and each participant calculates the received blinded value by using the random value pair held by each participant to obtain each share.
Further, the generating process of the preset random value pair set is as follows:
random value distribution is carried out on each participant randomly, and all random values are added to form a random share;
calculating a random value message authentication code according to the random share and the verification private key;
obtaining a first random value according to the random value message authentication code, the random share and the verification private key;
calculating a second random value according to the addition share and the random share;
the first random value and the second random value form a random value pair, and the random value pairs of all the participants form a random value pair set.
Further, a random value key is generated in the preprocessing process of the participant by using the data distribution method, and when the global key is used for verifying the key message authentication code of the signature, the global key and the random value key are opened to combine with a commitment protocol to verify the key message authentication code of the signature.
The second aspect of the present invention provides a multiparty collaborative signature system based on authenticated secret sharing, comprising:
the data acquisition module is configured to determine a cooperatively signed participant according to the message to be signed;
the preprocessing module is configured to preprocess the participants by utilizing a data distribution method to obtain a global key and a key message authentication code;
the online processing module is configured to randomly generate respective signature private keys for all the participants, and all the participants perform secure calculation by using the respective signature private keys to generate a joint public key and generate the signature of the message to be signed by using the joint public key;
and the verification module is configured to verify the signature by using the global key through a key message authentication code, and after the verification is passed, the generated signature is determined to be a multi-party collaborative signature result.
Further, in the preprocessing module, a semi-honest server is adopted to distribute data to the participants.
The one or more of the above technical solutions have the following beneficial effects:
the invention discloses a multiparty collaborative signature method and a multiparty collaborative signature system based on authentication secret sharing, which are divided into a preprocessing stage and an online stage, wherein the preprocessing stage is independent of the online stage, and can run the preprocessing stage to prepare required data for the online stage when the computing content of the online stage of a signature participant is not known. In the online stage, each participant generates own private key, all participants perform secure calculation by using the own private key to generate a joint public key, and signature information of the message is generated by using the public key. The invention can realize the collaborative signature of a plurality of users and ensure the security against malicious enemies. Compared with other prior art, the method adopts a mode of combining secret sharing, message Authentication Code (MAC) and SM2 signature algorithm, performs data preparation work in an offline stage, reduces complex zero knowledge proof in an online stage, only needs simple linear operation in the online stage, greatly reduces on-line calculation complexity and communication complexity, has higher efficiency in a signature process, ensures that the number of signature parties is not limited, does not need special safety hardware, has more flexible advantage, and can be suitable for most signature scenes.
Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
Fig. 1 is all participants open in case of 3 participantsSchematic diagram of the operation;
fig. 2 is in the case of 3 participantsOpening->Schematic diagram of the operation;
FIG. 3 is a diagram illustrating a share calculation process according to a first embodiment of the present invention.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It should be noted that, in the embodiments of the present invention, related data such as SM2 signature is involved, when the above embodiments of the present invention are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data is required to comply with related laws and regulations and standards.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof;
term interpretation:
1. secret sharing:
secret Sharing (Secret Sharing) is a cryptographic basic primitive that is the core technology of many MPC protocols. Colloquially speaking, oneSecret sharing scheme will be secret->Is divided into->Parts, any->The parts are not revealed about +>Any information of (2), and any->All parts can be reconstructed into +.>. The substances used in the present invention are classical +.>Adding the secret shares, i.e. the secret +.>Is divided into->Parts, any->The parts are not revealed about +>Is to be added to the content, and all parts can be reconstructed +.>。
2. Message authentication code: message authentication codes (Message Authentication Code, MAC) are a technique for verifying message integrity and authenticity. It is by operating the key together with the message to generate a fixed length code that is used to represent the integrity and authenticity of the message. The message authentication code is inputted as a message of an arbitrary length and a secret key shared between a sender and a receiver, and it can output data of a fixed length, which is called a MAC value.
The fixed length data is output according to the message of arbitrary length, which is similar to the one-way hash function. However, since the shared key is necessary to calculate the MAC value, a person without the shared key cannot calculate the MAC value, and thus the message authentication code uses this property to complete authentication. Furthermore, the message authentication code has an avalanche effect as a one-way hash function, and even a 1-bit change in the message can cause an indistinguishable change in the MAC value.
SM2 signature algorithm:
the SM2 signature algorithm refers to a digital signature algorithm of elliptic curve public key cryptography, and the mathematical basis is based on discrete logarithm calculation of point groups on an elliptic curve.
4. Commitment protocol:
promise protocolIs the fundamental primitive of many cryptographic protocols. The commitment protocol allows a sender to commit to a secret value that the sender will later disclose to the receiver. The receiver cannot obtain any information about the commitment value before the sender reveals the commitment value to the receiver, which is called Hiding (hiting). Meanwhile, the sender cannot make any modification to the secret value after committing to the secret value, which is called Binding.
5. Collaborative signature:
collaborative signing (Co-signature) is a novel digital signature technology that can provide more efficient and safer signing services. In the conventional digital signature scheme, only one signer can sign a document, and the case where a collaborative signature can be changed, it allows a plurality of signers to sign one document at the same time, thereby improving the security of the document. The core principle of collaborative signature is decentralized consensus, and the basic idea is that a plurality of signers sign a document together, so that the signature of the document is safer and more reliable. When a document is commonly signed by multiple signers, none of the signers is able to tamper with the document individually, as other signers can discover and reject such tampering, thereby ensuring the integrity of the document. The collaborative signature may also provide a more secure signature service because it may effectively prevent false signatures and denial of service attacks. In the conventional digital signature scheme, since a document can be signed by only one signer, it is easy for an attacker to tamper with the document by pseudo-signing or to break the integrity of the document by denial of service attack, and the collaborative signature mechanism can effectively prevent such attack.
6.:/>Formal calculatorThe formula is:
for the followingThe form of the share addition can be calculated as follows:
,
wherein,and->Representing two different shares,/->Respectively indicate->、/>Public value of share->Respectively indicate->、/>The MAC value of the share.
For the followingForm of the share and disclosure value->Multiplication can be calculated as follows:
,
wherein,is an arbitrary public value, ++>Representing arbitrary share->Representation->Public value of share->Representation->The MAC value of the share.
For the followingForm of the share and disclosure value->The addition can be calculated as follows:
,
wherein,is an arbitrary public value, ++>Representing arbitrary share->Representation->Public value of share->Representation->The MAC value of the share, n, is the number of participants.
7.:/>The form fractions are expressed as follows:
,
the share of the form does not involve a conventional calculation, which has only one open operation:
as shown in figure 1 of the drawings,is an arbitrary share, n is the number of participants. When all participants are open->When each computing partyTo each party except the calculator +.>Send ∈he holds->Is->And ∈he holds->Is the share of the type one message authentication code +.>Then->Check->In the case of 3 participants shown in fig. 1, all participants are on +.>Is performed according to the operation of (a).
As shown in fig. 2, when a certain participantOpening->When the method is used, other participants only need to be directed to the +.>Send->And a share of a type of message authentication code, by +.>To do the inspection. In the case of 3 participants shown in fig. 2 +.>Opening upIs performed according to the operation of (a).
Embodiment one:
the embodiment of the invention provides a multiparty collaborative signature method based on authentication secret sharing, which comprises the following steps:
s1: and determining the participants of the collaborative signature according to the message to be signed. Is provided withThe participants want to sign cooperatively, the +.>The individual participants are marked as->The message to be signed is +.>The private key of each participant is +.>Public key +.>In the present invention, i=1, 2,3 … … n.
S2: the method comprises the steps of preprocessing the participators by using a data distribution method, namely distributing data of the participators according to a randomly generated set, and obtaining a global key, a key message authentication code, a random value pair, a verification random value and a multiplication triplet through calculation.
S2.1: a global key and a key message authentication code are generated.
S2.1.1: given a set of authentication private key setsRandomly assigning a verification private key to each party,/->And distributing the obtained verification private key for the ith party, wherein n is the number of the parties.
S2.1.2: global key addition share allocation is randomly performed for each participant.
The set of all global key addition shares is,/>The obtained global key addition share is distributed for the ith participant, and n is the number of the participants; all global key addition shares add to form a global key value +.>。
S2.1.3: calculating a global key-type message authentication code according to the global key addition share and the verification private key:
,
wherein,global key-type message authentication code for the ith party,/a->Add shares for global key, ++>For global key value,/->The resulting authentication private key is assigned to the i-th party, i=1, 2,3 … … n.
S2.1.4: and obtaining the global key share according to the global key-type message authentication code, the global key addition share and the verification private key.
Message authentication code for global key-typeRespectively divide into ∈10 according to the number of participants>Parts by weight of the mixture to obtain
;
,
Wherein,symbolic representation definition +.>Is a global key->Add shares for global key of ith party,/->Authentication private key for the ith party,/->Is->First part of the participants>A global key-type message authentication code,/a global key-type message authentication code>N is the number of participants.
S2.1.5: will beDistributed to each participant->。
S2.2: a set of preset random value pairs is generated.
S2.2.1: given a set of random shares asThe random shares of the n participants, 1,2, … respectively, all of which are added to form a random value +.>。
S2.2.2: calculating a random value one-type message authentication code according to the random value and the verification private key:
,
wherein,random value-type message authentication code of 1 st, … th, n participants,/-respectively>Is a random value +.>The resulting authentication private key is assigned to the 1 st, … n participants.
S2.2.3: obtaining a first signature private key random value according to the random value one-type message authentication code, the random share and the verification private keyA share.
Message authentication code of random value one typeIs divided into->Parts by weight of the mixture to obtain
Generating a first signature private key random valueShare:
,
wherein,is->Random share of the individual participants->The verification private key for the ith party,1, …, n participants +.>A random value message authentication code,>,/>is the number of the participants.
S2.2.4: calculating a first signature private key random value according to the addition share and the random shareA share.
Specifically, a random value type message authentication code is calculated:
,
wherein,for a random value type two message authentication code, < >>For global key value,/->Is the random value found in S2.2.1.
Message authentication code of random value typeIs divided into->Obtaining a random value second type message authentication code setWhich are random value type two message authentication codes of the 1 st, … th, n participants, respectively.
Generating a first signature private key random valueShare:
,
wherein,symbolic representation definition +.>Is a public value and the initial value is +.>,/>Is->Random share of the individual participants->Is->Random value of the individual party message authentication code of type two,/->Is the number of the participants.
S2.2.5: random value by first signature private keyShare and first signature private key random value +.>Shares constitute a first signature private key random value pair
。
S2.2.6: will beDistribution to participants->。
S2.2.7 generating a second signature private key random value pair by the steps S2.2.1-S2.2.6…, th->Signature private key random value pair +.>Generating a first signed random number I random value pair +.>…, th->Signature random number I random value pair +.>The method comprises the steps of carrying out a first treatment on the surface of the Generating a first signed random number II random value pair +.>…, th->Signature random number II random value pair +.>And distributed.
S2.3: a verification random value is generated. And generating a random value verification key in the preprocessing process of the participant by using the data distribution method, and when the global key is used for verifying the key message authentication code of the signature, opening the global key and verifying the random value key to combine with a commitment protocol to verify the key message authentication code of the signature.
S2.3.1: each party is randomly assigned a verification random value.
Given a set of verified random shares as,/>Distributing the obtained verification random share for the ith party, wherein n is the number of the parties; all verification random shares are added to form a verification random value +.>。
S2.3.2: calculating a verification random value one-type message authentication code according to the verification random share and the verification private key:
,
wherein,a random value one type message authentication code for the ith party,/for the party>To verify the random value +.>The resulting authentication private key is assigned to the i-th party, i=1, 2,3 … … n.
S2.3.3: and obtaining the share of the verification random value according to the verification random value one-type message authentication code, the verification random value and the verification private key.
Authentication of random value messages to be verifiedCodeIs divided into->Parts by weight of the mixture to obtain
。
S2.3.4: generating a verification random valueShare:
,
wherein,symbolic representation definition +.>Verifying the random share for the ith party,/->Authentication private key for the ith party,/->Is->First part of the participants>A random value one type message authentication code, is verified>N is the number of participants.
S2.3.5: will beDistribution to participants->。
S2.4: generating multiplication triplets。
S2.4.1: given a first multiplier element shareGiven the second multiplication element share +.>N is the number of the participants; first multiplication element value->Second multiplication element value->。
Calculating a third multiplication element value c according to the formula:
。
s2.4.2: respectively calculating the second message authentication code of the first multiplication elementSecond multiplication element type message authentication code +.>Third multiplying element type two message authentication code +.>:
,/>,/>。
S2.4.3: generating multiplication tripletsA share.
Will beIs divided into->Parts, get->,/>,/>,/>Wherein->Is the number of the participants.
Computing multiplication tripletsShare:
,
wherein,symbolic representation definition +.>For multiplication triplets, a, b and c are respectively a first multiplication element, a first multiplication element and a third multiplication element, +.>Is a public value and the initial value is +.>。
S2.4.5: will beDistribution to participants->。
S3: each participant randomly generates a respective signature private key, all participants perform secure computation by using the respective signature private keys to generate a joint public key, and the joint public key is used for generating the signature of the message to be signed.
S3.1 giving a set of numerical valuesEach party is->Randomly generating a respective signature private key for each party from a set of values>Signature random number I->And signature random number II->. Definitions->,,/>。
S3.2: each participant calculates the share of each party by using the signature private key, the signature random number I and the signature random number II.
S3.2.1: each participant selects corresponding random value pairs from a preset random value pair set for the signature private key, the signature random number I and the signature random number II, and the random value pairs are respectively recorded as the signature private key random valuesRandom value pair of signature random number IAnd signature random number II random value pair +.>. Wherein, the preset random value pair set is obtained by processing in the pretreatment stage.
S3.2.2: and carrying out blinding on the signature private key, the signature random number I and the signature random number II by adopting corresponding random values to obtain corresponding blinded values which are respectively the signature private key blinded value, the signature random number I blinded value and the signature random number II blinded value, and broadcasting all the blinded values.
Specifically, the participantsRespectively opening the i-th signature private key random value +.>Share, th->Random value of individual signature random number I>Share, th->Random value of individual signature random number II>The proportions are respectively taken as->,/>,/>Is a value of (2).
By->,/>,/>For->,/>,/>Performing blinding and calculating a signature private key blinding value +.>Signature random number I blinding value +.>Signature random number II blinding value +.>And broadcast->,/>,/>. Wherein (1)>The assigned symbol is assigned.
S3.2.3: and each participant calculates the received blinded value by using the random value pair held by each participant to obtain each share.
Specifically, each participant uses the i-th signature private key random value held in his own handShare, th->Signature random number I random value->First->Signature random number II random value->Share and received->、/>、/>Calculation of,/>,/>Obtaining the share of the signature private key as the share +.>Signature random number I shares a share->Signature random number II shares a share ∈ ->。
S3.3: based on share of all participants,/>,/>Rebuilding total share->。
Order theRepresentation->Participant in possession->Shared +.>Share of->,/>And the same is true. Wherein (1)>Representing the current participant->Representing the other participants.
Each participant sideCalculating share of signature private key after reconstruction>The share of the signature random number I after reconstruction>The signature random number II shares the share after reconstruction>At this time->Hold and hold),/>),/>) I.e. joint private key->Random number->、/>The operation of which is shown in figure 3.
Each party treats signed messageHashing: calculate->。
S3.4: and carrying out inversion calculation on the total share by adopting a partial opening mode to obtain the joint public key.
In a specific embodiment, the partial opening is in such a way that only the numeric portion of the shared share is opened, and the message authentication code portion is not opened.
S3.4.1: based on multiplication tripletsThe participant calculates a first intermediate value +.>Share and second intermediate value share->Share of->,/>And partly turn them on and get the first intermediate value +.>Second intermediate value->. For share->Each participant->Send->Give->Calculate->And will->Broadcast to all participants (in practiceThe workload of each participant is balanced in the process of actual execution).
S3.4.2: the participator calculates a third intermediate value。
S3.4.3: partially opening a third intermediate valueFor->Inversion to obtain +.>。
S3.4.4: calculation of each PartyObtain public key->Is a fraction of (a).
S3.5: a signature of the message to be signed is generated using the joint public key.
S3.5.1: calculation of each PartyAn elliptic curve point is obtained, wherein +.>Is the abscissa of elliptic curve point +.>Is the ordinate of the elliptic curve point. And partly open the elliptic curve point abscissa +.>。
S3.5.2: each party calculates a signature first component
S3.5.3: each participant calculates a fourth intermediate value
S3.5.4: the participant calculates a fifth intermediate valueSixth intermediate value->And is partly opened->,/>
S3.5.5: the participant calculates a seventh intermediate value
S3.5.6: each party computes a signed second component:。
s4: and (3) verifying the key message authentication code of the signature by using the global key, and determining that the generated signature is a multi-party collaborative signature result after verification.
In the previous step, the first intermediate value is partially openedSecond intermediate value->Third intermediate value->Elliptic curve point abscissa ++>Fifth intermediate value->Sixth intermediate value->Six values, let->,…,/>Representing the values of these partial openings, wherein>All participants turn on a random valueAll participants calculate +.>
S4.1: each participantInvoking promise protocol->For->Output value held +.>、/>Is->、/>And the share of the corresponding MAC value +.>、/>Promise is made, wherein->。
S4.2: all participants open
S4.3: each participantCall->Opening->All participants check +.>If the equation is not satisfied, the protocol terminates, otherwise the output value is calculated correctly.
S4.4: each party callOpening->,/>And->,/>All participants calculate +.>,。
S4.5: each participant checkAnd->And if the inspection passes, outputting a result.
Embodiment two:
the second embodiment of the invention provides a multiparty collaborative signature system based on authentication secret sharing, which comprises the following components:
the data acquisition module is configured to determine a cooperatively signed participant according to the message to be signed;
the preprocessing module is configured to preprocess the participants by utilizing a data distribution method to obtain a global key and a key message authentication code;
the online processing module is configured to randomly generate respective signature private keys for all the participants, and all the participants perform secure calculation by using the respective signature private keys to generate a joint public key and generate the signature of the message to be signed by using the joint public key;
and the verification module is configured to verify the signature by using the global key through a key message authentication code, and after the verification is passed, the generated signature is determined to be a multi-party collaborative signature result.
In the preprocessing module, a semi-honest server (CS) is adopted to distribute data to the participants, and the CS can run the preprocessing stage to prepare required data for the online stage when the CS does not know the calculation content of the online stage of the signing participant.
The steps involved in the second embodiment correspond to those of the first embodiment of the method, and the detailed description of the second embodiment can be found in the related description section of the first embodiment.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented by general-purpose computer means, alternatively they may be implemented by program code executable by computing means, whereby they may be stored in storage means for execution by computing means, or they may be made into individual integrated circuit modules separately, or a plurality of modules or steps in them may be made into a single integrated circuit module. The present invention is not limited to any specific combination of hardware and software.
While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.
Claims (10)
1. The multiparty collaborative signature method based on authentication secret sharing is characterized by comprising the following steps of:
determining participants of the collaborative signature according to the message to be signed;
preprocessing the participants by using a data distribution method to obtain a global key and a key message authentication code;
each participant randomly generates a respective signature private key, all participants perform secure computation by using the respective signature private keys to generate a joint public key, and the joint public key is used for generating a signature of a message to be signed;
and (3) verifying the key message authentication code of the signature by using the global key, and determining that the generated signature is a multi-party collaborative signature result after verification.
2. A multiparty collaborative signature method based on authenticated secret sharing according to claim 1,
the specific steps of preprocessing the participants by using the data distribution method are as follows:
giving a group of verification private key sets, and randomly distributing the verification private keys to all the participants;
carrying out global key addition share distribution on each participant at random, and adding all global key addition shares to form an addition share;
calculating a key message authentication code according to the addition share and the verification private key;
and obtaining the global key according to the key message authentication code, the addition share and the verification private key.
3. The multiparty collaborative signature method based on authenticated secret sharing according to claim 2, wherein the calculation formula for obtaining the global key from the key message authentication code, the additive share and the verification private key is:
,
wherein,is a global key->Add shares for global key of ith party,/->Authentication private key for the ith party,/->Authentication code for key message of the ith party,/->N is the number of participants.
4. The multiparty collaborative signature method based on authentication secret sharing according to claim 1, wherein each participant randomly generates a respective signature private key, and the specific steps of all participants performing secure computation by using the respective signature private key to generate a joint public key are as follows:
a group of numerical value sets are given, and a signature private key, a first random number and a second random number of each participant are randomly generated from the numerical value sets;
each participant calculates the share of each participant by using the signature private key, the first random number and the second random number;
reconstructing a total share according to the share of all the participants;
and carrying out inversion calculation on the total share by adopting a partial opening mode to obtain the joint public key.
5. A multiparty collaborative signature method based on authenticated secret sharing according to claim 4, wherein the partial opening is in such a way that only the numeric portion of the share is opened and the message authentication code portion is not opened.
6. The method for multiparty collaborative signature based on authenticated secret sharing according to claim 4, wherein each party calculates the share of each party using the signature private key, the first random number and the second random number comprises the steps of:
each participant selects corresponding random value pairs from a preset random value pair set for a signature private key, a first random number and a second random number, and the corresponding random value pairs are respectively marked as the signature private key random value pairs, the first random number random value pairs and the second random number random value pairs;
the signature private key, the first random number and the second random number are subjected to blinding by adopting corresponding random values to obtain corresponding blinded values which are respectively the signature private key blinded value, the first random number blinded value and the second random number blinded value, and all the blinded values are broadcasted;
and each participant calculates the received blinded value by using the random value pair held by each participant to obtain each share.
7. The multiparty collaborative signature method based on authentication secret sharing according to claim 6, wherein the generating process of the preset random value pair set is as follows:
random value distribution is carried out on each participant randomly, and all random values are added to form a random share;
calculating a random value message authentication code according to the random share and the verification private key;
obtaining a first random value according to the random value message authentication code, the random share and the verification private key;
calculating a second random value according to the addition share and the random share;
the first random value and the second random value form a random value pair, and the random value pairs of all the participants form a random value pair set.
8. The multiparty collaborative signature method based on authentication secret sharing according to claim 1, wherein a verification random value key is also generated during preprocessing of the participants by using a data distribution method, and when the global key is used for verifying the key message authentication code of the signature, the global key and the verification random value key are opened to combine with a commitment protocol to verify the key message authentication code of the signature.
9. A multiparty collaborative signature system based on authenticated secret sharing, comprising:
the data acquisition module is configured to determine a cooperatively signed participant according to the message to be signed;
the preprocessing module is configured to preprocess the participants by utilizing a data distribution method to obtain a global key and a key message authentication code;
the online processing module is configured to randomly generate respective signature private keys for all the participants, and all the participants perform secure calculation by using the respective signature private keys to generate a joint public key and generate the signature of the message to be signed by using the joint public key;
and the verification module is configured to verify the signature by using the global key through a key message authentication code, and after the verification is passed, the generated signature is determined to be a multi-party collaborative signature result.
10. The authentication secret sharing-based multiparty collaborative signature system according to claim 9, wherein the pre-processing module employs a semi-honest server to distribute data to the participants.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311589819.1A CN117318940B (en) | 2023-11-27 | 2023-11-27 | Multiparty collaborative signature method and system based on authentication secret sharing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311589819.1A CN117318940B (en) | 2023-11-27 | 2023-11-27 | Multiparty collaborative signature method and system based on authentication secret sharing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117318940A true CN117318940A (en) | 2023-12-29 |
| CN117318940B CN117318940B (en) | 2024-02-23 |
Family
ID=89286830
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311589819.1A Active CN117318940B (en) | 2023-11-27 | 2023-11-27 | Multiparty collaborative signature method and system based on authentication secret sharing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117318940B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200228325A1 (en) * | 2017-12-14 | 2020-07-16 | Robert Bosch Gmbh | Method for Faster Secure Multiparty Inner Product with SPDZ |
| CN114640451A (en) * | 2022-03-29 | 2022-06-17 | 蚂蚁区块链科技(上海)有限公司 | Method, system and consensus node for realizing distributed key generation on block chain |
| WO2022133949A1 (en) * | 2020-12-24 | 2022-06-30 | 华为技术有限公司 | Secure access method and device |
| WO2023055371A1 (en) * | 2021-09-30 | 2023-04-06 | Visa International Service Association | Replicated secret share generation for distributed symmetric cryptography |
| US20230246825A1 (en) * | 2020-06-15 | 2023-08-03 | Nchain Licensing Ag | Generating secret shares |
| CN116933899A (en) * | 2023-07-10 | 2023-10-24 | 中国人民解放军战略支援部队信息工程大学 | Data security aggregation method and system based on multiple homomorphism attributes |
-
2023
- 2023-11-27 CN CN202311589819.1A patent/CN117318940B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200228325A1 (en) * | 2017-12-14 | 2020-07-16 | Robert Bosch Gmbh | Method for Faster Secure Multiparty Inner Product with SPDZ |
| US20230246825A1 (en) * | 2020-06-15 | 2023-08-03 | Nchain Licensing Ag | Generating secret shares |
| WO2022133949A1 (en) * | 2020-12-24 | 2022-06-30 | 华为技术有限公司 | Secure access method and device |
| WO2023055371A1 (en) * | 2021-09-30 | 2023-04-06 | Visa International Service Association | Replicated secret share generation for distributed symmetric cryptography |
| CN114640451A (en) * | 2022-03-29 | 2022-06-17 | 蚂蚁区块链科技(上海)有限公司 | Method, system and consensus node for realizing distributed key generation on block chain |
| CN116933899A (en) * | 2023-07-10 | 2023-10-24 | 中国人民解放军战略支援部队信息工程大学 | Data security aggregation method and system based on multiple homomorphism attributes |
Non-Patent Citations (3)
| Title |
|---|
| LIANG TAN等: ""Multi-party co-signature scheme based on SM2"", 《PLOS》, pages 1 - 24 * |
| YE SU ET AL: ""Efficient_and_Flexible_Multiauthority_Attribute-Based_Authentication_for_IoT_Devices"", 《IEEE INTERNET OF THINGS JOURNAL》 * |
| 金歌等: ""FPCBC:基于众包聚合的联邦学习隐私保护分类系统"", 《计算机研究与发展》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117318940B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zaghloul et al. | Bitcoin and blockchain: Security and privacy | |
| Wang et al. | Preserving transaction privacy in bitcoin | |
| Anceaume et al. | Safety analysis of Bitcoin improvement proposals | |
| CN110784320A (en) | Distributed key implementation method and system and user identity management method and system | |
| CN108737068B (en) | Cryptocurrency transaction privacy protection method and system based on block chain | |
| CN112437049A (en) | BFT-based block chain consensus method and device | |
| CN115795518B (en) | Block chain-based federal learning privacy protection method | |
| CN113676333A (en) | Method for generating SM2 blind signature through cooperation of two parties | |
| CN112073196B (en) | Service data processing method and device, electronic equipment and storage medium | |
| Liu et al. | Enhancing anonymity of bitcoin based on ring signature algorithm | |
| Qu et al. | A electronic voting protocol based on blockchain and homomorphic signcryption | |
| CN114154196A (en) | Heterogeneous data processing method and device and electronic equipment | |
| Huang et al. | A blockchain-based self-tallying voting protocol with maximum voter privacy | |
| Zhu et al. | New instant confirmation mechanism based on interactive incontestable signature in consortium blockchain | |
| US8868903B2 (en) | Digital arbitration | |
| CN117318940B (en) | Multiparty collaborative signature method and system based on authentication secret sharing | |
| Borse et al. | A review of blockchain consensus algorithm | |
| Buyukbaskin et al. | Requirement analysis of some blockchain-based e-voting schemes | |
| CN113486368A (en) | Input data credibility verification method and device based on block chain technology | |
| CN114567448A (en) | Collaborative signature method and collaborative signature system | |
| Li et al. | A regulatable data privacy protection scheme for energy transactions based on consortium blockchain | |
| Feng et al. | A Secure Multi-party Computation Protocol Combines Pederson Commitment with Schnorr Signature for Blockchain | |
| NS et al. | Security Attacks and Key Challenges in Blockchain Technology: A survey | |
| CN112769539A (en) | Method and system for generating RSA key and cooperating with RSA signature and decryption | |
| CN111106938A (en) | Information processing method, system and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Su Ye Inventor after: Li Xiaotong Inventor after: Wang Hao Inventor before: Li Xiaotong Inventor before: Wang Hao Inventor before: Su Ye |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |