TW202029687A - Threshold signature system based on secret sharing without dealer and method thereof - Google Patents
Threshold signature system based on secret sharing without dealer and method thereof Download PDFInfo
- Publication number
- TW202029687A TW202029687A TW108102431A TW108102431A TW202029687A TW 202029687 A TW202029687 A TW 202029687A TW 108102431 A TW108102431 A TW 108102431A TW 108102431 A TW108102431 A TW 108102431A TW 202029687 A TW202029687 A TW 202029687A
- Authority
- TW
- Taiwan
- Prior art keywords
- value
- sharing
- unit
- signature
- broadcast
- Prior art date
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
本發明涉及一種簽章系統及其方法,特別是基於無分派者秘密共享的門檻式簽章系統及其方法。The invention relates to a signature system and a method thereof, in particular to a threshold type signature system and a method based on secret sharing without dispatchers.
近年來,隨著政府、組織及民眾等對資訊安全的重視,各種基於電子簽章(以下簡稱簽章)的應用便如雨後春筍般出現。其中又以多方簽章(Multisig)的應用最受矚目。In recent years, as governments, organizations, and people attach importance to information security, various applications based on electronic signatures (hereinafter referred to as signatures) have sprung up. Among them, the application of Multisig (Multisig) has attracted the most attention.
一般而言,多方簽章是指多個用戶對同一個訊息進行簽章,舉例來說,在區塊鏈交易(Blockchain Transaction)中,一個交易允許N個用戶使用各自的私鑰(Private Key)對其簽章,也就是說,允許N個私鑰進行簽章,而其中只要有M個用戶簽章時(M<N),即代表允許支付交易。由於可參與交易的用戶數量變多,所以可以應用的交易方式也更具多樣性。然而,多方簽章也存在許多問題,例如:多方簽章會使交易訊息變大,導致手續費變貴;隱私性較低,外人可以知道M或N是那些地址,進而追蹤各別地址的其它交易;以智能合約實現需要多個交易才能完成;汰換M成員需要重新建立錢包,或是依照智能合約內容汰換。Generally speaking, multi-party signing means that multiple users sign the same message. For example, in a blockchain transaction (Blockchain Transaction), a transaction allows N users to use their own private key (Private Key) To sign it, that is to say, N private keys are allowed to be signed, and as long as there are M users signing (M<N), it means that the payment transaction is allowed. As the number of users who can participate in transactions increases, the transaction methods that can be applied are also more diverse. However, there are many problems with multi-party signatures. For example, multi-party signatures will increase transaction messages and result in more expensive handling fees; privacy is low, and outsiders can know which addresses M or N are, and then track other addresses in each address. Transaction; the realization of smart contract requires multiple transactions to complete; the replacement of M members needs to re-establish the wallet, or replace according to the content of the smart contract.
有鑑於此,便有廠商提出搭配秘密共享演算法的技術,其透過將私鑰分解為多個共享單元(Share),由每一方分別持有不同的共享單元,用以對同一個區塊鏈交易訊息進行計算以生成簽章。如此一來,可有效控制交易訊息的大小,並且因為不使用完整的地址,所以更具隱私性,在汰換成員時,能夠更新所有共享單元,但維持使用原本的私鑰,所以更具靈活性。然而,此方式會由伺服端產生私鑰,當伺服端被入侵時,將導致私鑰外洩而使得未獲授權者得以使用此私鑰進行簽章,破壞簽章的公正性,故以此方式具有簽章的公正性不佳的問題。In view of this, some manufacturers have proposed a technology with a secret sharing algorithm. By decomposing the private key into multiple shared units (Share), each party holds a different shared unit to share the same blockchain. The transaction information is calculated to generate a signature. In this way, the size of the transaction message can be effectively controlled, and because the complete address is not used, it is more private. When members are replaced, all shared units can be updated, but the original private key is maintained, so it is more flexible Sex. However, this method will generate a private key on the server side. When the server side is hacked, the private key will be leaked, allowing unauthorized persons to use the private key for signing and destroying the integrity of the signature. The method has the problem of poor impartiality of the signature.
綜上所述,可知先前技術中長期以來一直存在簽章的公正性不佳之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has always had the problem of poor integrity of signatures for a long time. Therefore, it is necessary to propose improved technical means to solve this problem.
本發明揭露一種基於無分派者秘密共享的門檻式簽章系統及其方法。The present invention discloses a threshold type signature system and method based on secret sharing without dispatchers.
首先,本發明揭露一種基於無分派者秘密共享的門檻式簽章系統,此系統包含:客戶端及伺服端。所述客戶端允許作為多個執行節點其中之一,以及傳送交易請求及包含門檻值及總數值的金鑰請求,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數。First of all, the present invention discloses a threshold signature system based on secret sharing without dispatchers. The system includes a client and a server. The client is allowed to be one of multiple execution nodes, and to send transaction requests and key requests including threshold and total values, where the threshold is less than or equal to the total value, and the threshold and total value are both greater than the value A positive integer of 1.
在伺服端的部分,其包含前端主機及多個節點。其中,所述前端主機用以接收交易請求及金鑰請求,並且根據金鑰請求選擇與總數值相同數量的執行節點,以及在區塊鏈交易初始時,根據交易請求及區塊鏈資料格式生成對應的原始交易訊息以進行傳送;所述節點連接前端主機,並且將前端主機選擇的節點作為執行節點,每一執行節點包含:執行模組、金鑰模組、計算模組及簽章模組。其中,執行模組用以執行聯合隨機秘密共享(Joint Random Secret Sharing, JRSS)演算法,選擇隨機多項式進行計算,並且與每一執行節點交換計算結果以生成相應的私鑰共享單元,以及執行二次聯合隨機秘密共享演算法以生成相應的第一共享單元及第二共享單元,再執行二次聯合隨機零值秘密共享(Joint Random Zero Secret Sharing, JZSS)演算法以生成相應的第三共享單元及第四共享單元;金鑰模組連接執行模組,用以廣播生成的私鑰共享單元對基點(Base Point)的乘積值,以及根據每一執行節點廣播的乘積值的數值總和計算出公鑰;計算模組連接執行模組,用以根據每一執行節點各自擁有的第一共享單元、第二共享單元、第三共享單元及第四共享單元計算相應的第一廣播數值及第二廣播數值,其中,第一廣播數值為第一共享單元乘以第二共享單元後,加上第三共享單元,第二廣播數值為第二共享單元乘以基點,以及廣播各自計算出的第一廣播數值及第二廣播數值,並且根據所有第一廣播數值及第二廣播數值計算曲線座標點;簽章模組連接執行模組、金鑰模組及計算模組,用以執行橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的門檻簽章協定,根據原始交易訊息、曲線座標點的X座標及各自擁有的第一共享單元、私鑰共享單元及第四共享單元進行計算及交換訊息,當計算及交換訊息的數量滿足門檻值時,由執行節點至少其中之一根據計算及交換訊息的結果生成交易簽章,並且將此交易簽章嵌入原始交易訊息以生成已簽章交易訊息,以及將已簽章交易訊息廣播至區塊鏈網路。On the server side, it includes a front-end host and multiple nodes. Wherein, the front-end host is used to receive the transaction request and the key request, and select the same number of execution nodes as the total value according to the key request, and generate according to the transaction request and the blockchain data format when the blockchain transaction is initiated The corresponding original transaction message is transmitted; the node is connected to the front-end host, and the node selected by the front-end host is used as the execution node. Each execution node includes: an execution module, a key module, a calculation module, and a signature module . Among them, the execution module is used to execute the Joint Random Secret Sharing (JRSS) algorithm, select random polynomials for calculation, and exchange calculation results with each execution node to generate the corresponding private key sharing unit, and execute two The second joint random secret sharing algorithm generates the corresponding first and second shared units, and then performs the second joint random zero secret sharing (JZSS) algorithm to generate the corresponding third shared unit And the fourth sharing unit; the key module is connected to the execution module to broadcast the product value of the generated private key sharing unit to the base point (Base Point), and calculate the public based on the sum of the product values broadcast by each execution node Key; The calculation module is connected to the execution module to calculate the corresponding first broadcast value and second broadcast according to the first shared unit, second shared unit, third shared unit, and fourth shared unit owned by each execution node Value, where the first broadcast value is the first shared unit multiplied by the second shared unit, plus the third shared unit, and the second broadcast value is the second shared unit multiplied by the base point, and the first broadcast calculated by each broadcast The numerical value and the second broadcast value, and the curve coordinate point is calculated according to all the first broadcast value and the second broadcast value; the signature module is connected to the execution module, the key module and the calculation module to perform the elliptic curve digital signature calculation Method (Elliptic Curve Digital Signature Algorithm, ECDSA) threshold signing agreement, based on the original transaction message, the X coordinate of the curve coordinate point, and the first shared unit, private key shared unit and fourth shared unit owned by each to perform calculations and exchange messages When the number of calculated and exchanged messages meets the threshold, at least one of the execution nodes generates a transaction signature based on the result of the calculation and exchange of messages, and embeds this transaction signature into the original transaction message to generate a signed transaction message, And broadcast the signed transaction message to the blockchain network.
另外,本發明揭露一種基於無分派者秘密共享的門檻式簽章方法,應用在具有客戶端及伺服端的網路環境中,此伺服端包含前端主機及多個節點,其步驟包括:客戶端傳送包含門檻值及總數值的金鑰請求至伺服端的前端主機,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數;前端主機根據接收到的金鑰請求,自節點及客戶端中選擇與總數值相同的數量作為執行節點,每一執行節點皆執行聯合隨機秘密共享演算法,用以分別選擇隨機多項式進行計算,並且與每一執行節點交換計算結果以生成相應的私鑰共享單元;每一執行節點廣播生成的私鑰共享單元對基點的乘積值,以及根據每一執行節點廣播的乘積值的數值總和計算出公鑰;在區塊鏈交易初始時,伺服端的前端主機接收來自客戶端的交易請求,並且根據交易請求及區塊鏈資料格式生成對應的原始交易訊息,以及將原始交易訊息傳送至客戶端及每一執行節點;每一執行節點執行二次JRSS演算法以生成相應的第一共享單元及第二共享單元,以及執行二次JZSS演算法以生成相應的第三共享單元及第四共享單元;每一執行節點根據各自擁有的第一共享單元、第二共享單元、第三共享單元及第四共享單元計算相應的第一廣播數值及第二廣播數值,其中,第一廣播數值為第一共享單元乘以第二共享單元後,加上第三共享單元,第二廣播數值為第二共享單元乘以基點;每一執行節點廣播各自計算出的第一廣播數值及第二廣播數值,並且根據所有第一廣播數值及第二廣播數值計算曲線座標點;以及每一執行節點執行橢圓曲線數位簽名演算法的門檻簽章協定,用以根據原始交易訊息、曲線座標點的X座標及各自擁有的第一共享單元、私鑰共享單元及第四共享單元進行計算及交換訊息,當計算及交換訊息的數量滿足門檻值時,由執行節點至少其中之一根據計算及交換訊息的結果生成交易簽章,並且將交易簽章嵌入原始交易訊息以生成已簽章交易訊息,以及將已簽章交易訊息廣播至區塊鏈網路。In addition, the present invention discloses a threshold signature method based on secret sharing without dispatchers, which is applied in a network environment with a client and a server. The server includes a front-end host and multiple nodes. The steps include: client transmission A key request including the threshold value and total value is sent to the front-end host of the server, where the threshold value is less than or equal to the total value, and the threshold and total value are both positive integers greater than the value 1. The front-end host requests the key according to the received key , Select the same number as the total value from the nodes and clients as the execution nodes. Each execution node executes a joint random secret sharing algorithm to select random polynomials for calculations, and exchanges the calculation results with each execution node Generate the corresponding private key sharing unit; each execution node broadcasts the product value of the private key sharing unit to the base point, and calculates the public key according to the sum of the product values broadcast by each execution node; at the beginning of the blockchain transaction , The front-end host of the server receives the transaction request from the client, and generates the corresponding original transaction message according to the transaction request and the blockchain data format, and sends the original transaction message to the client and each execution node; each execution node executes two The second JRSS algorithm is used to generate the corresponding first shared unit and the second shared unit, and the second JZSS algorithm is executed to generate the corresponding third shared unit and the fourth shared unit; each execution node is based on its own first shared unit The unit, the second sharing unit, the third sharing unit, and the fourth sharing unit calculate the corresponding first broadcast value and the second broadcast value, where the first broadcast value is the first sharing unit multiplied by the second sharing unit, plus The third sharing unit, the second broadcast value is the second sharing unit multiplied by the base point; each execution node broadcasts the first broadcast value and the second broadcast value calculated separately, and is calculated based on all the first broadcast values and the second broadcast value The curve coordinate point; and the threshold signature agreement for each execution node to execute the elliptic curve digital signature algorithm, which is used according to the original transaction message, the X coordinate of the curve coordinate point and the first shared unit, private key shared unit and The four shared units perform calculations and exchange messages. When the number of calculations and exchanges meets the threshold, at least one of the execution nodes generates a transaction signature based on the results of the calculation and exchange of messages, and embeds the transaction signature into the original transaction message. Generate signed transaction messages and broadcast the signed transaction messages to the blockchain network.
本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過前端主機選擇多個執行節點,由執行節點執行聯合隨機秘密分享演算法及聯合隨機零值秘密分享演算法產生共享單元,並且透過安全多方運算對共享單元進行計算及交換訊息,以便根據計算及交換訊息的結果生成對應共享單元的公鑰及交易簽章,並且將交易簽章嵌入原始交易訊息後廣播至區塊鏈網路,並且將已簽章交易訊息廣播至區塊鏈網路。The system and method disclosed in the present invention are as above. The difference from the prior art is that the present invention selects multiple execution nodes through the front-end host, and the execution nodes execute the joint random secret sharing algorithm and the joint random zero-value secret sharing algorithm to generate shared units , And calculate and exchange messages on the shared unit through secure multi-party operations, so as to generate the public key and transaction signature of the corresponding shared unit based on the results of the calculation and exchange of messages, and embed the transaction signature into the original transaction message and broadcast it to the blockchain And broadcast the signed transaction information to the blockchain network.
透過上述的技術手段,本發明可以在不生成私鑰的前提下,達成提高簽章的公正性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the fairness of the signature without generating a private key.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。Hereinafter, the implementation of the present invention will be described in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.
在說明本發明所揭露之基於無分派者秘密共享的門檻式簽章系統及其方法之前,先對本發明所自行定義的名詞作說明,本發明所述的各種「共享單元(Share)」,如:「私鑰共享單元」、「第一共享單元」、「第二共享單元」、「第三共享單元」、「第四共享單元」及「簽章共享單元」,均是指執行秘密共享演算法,如:聯合隨機秘密共享演算法、聯合隨機零值秘密共享演算法等的過程中,進行計算時所需的元素,這些元素會在執行安全多方運算(Secure Multi-Party Computation, SMC/MPC)時,在不同的執行節點之間進行相互交換,並且用來計算出交易簽章(或稱為「簽名」),即:「(r, s)」,其中,「r」為曲線座標點的X座標,「s」為透過內插法計算出的簽章值,稍後將針對交易簽章的計算方式做進一步說明。接著,所述第一廣播數值及第二廣播數值是指執行JRSS及JZSS時,需要廣播給其它執行節點的數值,如:「vi 」及「wi 」,另外,所述無分派者是指並非由單一方產生及分派私鑰,而是由多方經過JRSS及JZSS共同計算及交換訊息後,計算出相應公鑰及符合ECDSA簽章格式的交易簽章。Before explaining the threshold signature system and method based on secret sharing without dispatcher disclosed in the present invention, firstly, the self-defined terms of the present invention will be explained. The various "shares" mentioned in the present invention are as follows: :"Private Key Sharing Unit", "First Sharing Unit", "Second Sharing Unit", "Third Sharing Unit", "Fourth Sharing Unit" and "Signature Sharing Unit" all refer to the execution of secret sharing calculations Methods, such as: joint random secret sharing algorithm, joint random zero-value secret sharing algorithm, etc., the elements required for calculation, these elements will be executed in the secure multi-party calculation (Secure Multi-Party Computation, SMC/MPC) ), exchange between different execution nodes, and used to calculate the transaction signature (or "signature"), namely: "(r, s)", where "r" is the curve coordinate point The X coordinate of "s" is the signature value calculated by interpolation. The calculation method of transaction signature will be further explained later. Next, the first broadcast and the second broadcast numerical value and means when executed JRSS JZSS, other values need to be broadcast to the node is performed, such as: "v i" and "w i" Further, the dispatcher is not the It means that the private key is not generated and distributed by a single party, but the corresponding public key and the transaction signature conforming to the ECDSA signature format are calculated by multiple parties after the JRSS and JZSS jointly calculate and exchange messages.
以下配合圖式對本發明基於無分派者秘密共享的門檻式簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於無分派者秘密共享的門檻式簽章系統的系統方塊圖,此系統包含:客戶端110及伺服端120。其中,客戶端110用以允許作為多個執行節點其中之一,以及傳送交易請求及包含門檻值及總數值的金鑰請求,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數。在實際實施上,所述客戶端110及執行節點130均預先設置相同的秘密共享參數,此秘密共享參數包含橢圓曲線、質數、基點及階數的數值,以供執行聯合隨機秘密共享演算法及聯合隨機零值秘密共享演算法之用,舉例來說,可以使用ECDSA這個通用演算法在 「Secp256k1」 這條曲線上的參數作為秘密共享參數。The following diagrams will further explain the threshold signature system and method of the present invention based on secret sharing without dispatchers. Please refer to "Figure 1" first. "Figure 1" is the threshold of the present invention based on secret sharing without dispatchers. The system block diagram of the type signature system. This system includes: a
伺服端120包含:前端主機121及節點122,其中,前端主機121用以接收交易請求及金鑰請求,並且根據金鑰請求選擇與總數值相同數量的執行節點130,以及在區塊鏈交易初始時,根據交易請求及區塊鏈資料格式生成對應的原始交易訊息以進行傳送。在實際實施上,所述交易請求可包含來源地址,如:客戶端110的區塊鏈地址(或稱為「帳戶地址」),以便伺服端120能夠根據此來源地址自儲存空間(例如:資料庫)中查詢出相應客戶端110的共享單元,用以在執行門檻簽章協定時,將查詢出的共享單元用來對原始交易訊息進行計算以生成簽章。另外,所述區塊鏈資料格式包含比特幣(Bitcoin)區塊鏈、以太坊(Ethereum)區塊鏈或其它相似區塊鏈的資料格式,假設區塊鏈資料格式為比特幣區塊鏈,那麼會將區塊鏈的交易請求轉換為比特幣的交易資料格式,假設區塊鏈資料格式為以太坊區塊鏈,則會將區塊鏈的交易請求轉換為以太坊的交易資料格式。The
節點122連接前端主機121,並且將前端主機121選擇的節點122作為執行節點130,換句話說,節點122與執行節點130的差異僅在於是否被前端主機121選擇。每一執行節點130包含:執行模組131、金鑰模組132、計算模組133及簽章模組134。其中,執行模組131用以執行聯合隨機秘密共享演算法,選擇隨機多項式進行計算,並且與每一執行節點交換計算結果以生成相應的私鑰共享單元,以及執行二次聯合隨機秘密共享演算法以生成相應的第一共享單元及第二共享單元,再執行二次聯合隨機零值秘密共享演算法以生成相應的第三共享單元及第四共享單元。在實際實施上,JRSS演算法及JZSS演算法是透過安全多方運算來進行計算及交換訊息,每當利用MPC計算一個數值出來時,各執行節點130需要同時在線上。另外,執行JRSS演算法及JZSS演算法的目的主要是為了讓每一執行節點130產生亂數,而且可以經過計算將這些產生的亂數組合起來後,剛好轉換為欲獲得的數值,如:「d*r」的數值,其中,「d」代表私鑰、「r」代表曲線座標點中的X座標。如此一來,在具有「d*r」的計算式子中,是否有「d」便不再重要,因為已經直接得知「d*r」的數值。另外,為了提高安全性,每一執行節點130可執行聯合隨機零值秘密共享演算法以生成相應的隨機數值「zi
」,並且將此隨機數值與各自的私鑰共享單元「Sdi
」相加成為隨機的數值「Sd’ i
」。The
金鑰模組132連接執行模組131,用以廣播生成的私鑰共享單元「Sdi
」對基點「G」的乘積值,以及根據每一執行節點130廣播的乘積值的數值總和計算出公鑰。舉例來說,假設廣播的乘積值分別為「Sd1
*G」、「Sd2
*G」及「Sd3
*G」,公鑰「Q」的計算式即為「Q=Sd1
*G+Sd2
*G+Sd3
*G」。在實際實施上,公鑰可以經過雜湊處理後作為客戶端110的帳戶地址,以便透過帳戶地址進行區塊鏈交易,所述雜湊處理是指使用安全雜湊演算法(Secure Hash Algorithm, SHA),如:SHA3、SHA256、或其相似演算法進行計算。
計算模組133用以連接執行模組131,用以根據每一執行節點130各自擁有的第一共享單元、第二共享單元、第三共享單元及第四共享單元計算相應的第一廣播數值及第二廣播數值,其中,第一廣播數值為第一共享單元乘以第二共享單元後,加上第三共享單元,第二廣播數值為第二共享單元乘以基點,以及廣播各自計算出的第一廣播數值及第二廣播數值,並且根據所有第一廣播數值及第二廣播數值計算曲線座標點。舉例來說,假設第一共享單元為「ki
」、第二共享單元為「ai
」、第三共享單元為「bi
」、第四共享單元為「ci
」、第一廣播數值為「vi
」、第二廣播數值為「wi
」及基點為「G」,那麼,第一廣播數值的計算方式為「vi
=ki
*ai
+bi
」、第二廣播數值的計算方式為「wi
=ai
*G」,其中,「i」代表第幾個執行節點130,「i」為數值1代表第一個執行節點130、「i」為數值2代表第二個執行節點130,並以此類推,「i」為數值5代表第五個執行節點130,也就是說,「i」的數值與總數值相等。特別要說明的是,第二共享單元為「ai
」、第三共享單元為「bi
」及第四共享單元為「ci
」在計算式子中目的是作為避免洩漏第一共享單元為「ki
」的遮罩(Mask)。另外,所述計算式子可以是取其餘數的數值,以「vi
=ki
*ai
+bi
」為例,其可以是「vi
=ki
*ai
+bi
mod q」,其中「q」為除數。The
簽章模組134連接執行模組131、金鑰模組132及計算模組133,用以執行橢圓曲線數位簽名演算法的門檻簽章協定,以便根據原始交易訊息、曲線座標點的X座標及各自擁有的第一共享單元、選擇的一組數值及第四共享單元進行計算及交換訊息,舉例來說,假設原始交易訊息經雜湊處理後的數值為「e」、曲線座標點的X座標為「r」、第一共享單元為「ki
」、私鑰共享單元為「Sdi
」及第四共享單元為「ci
」,那麼可根據計算式子「si
= ki -1
(e+Sdi
r)」計算出相應各執行節點130的簽章共享單元「si
」,並將其作為欲交換的訊息。當計算及交換訊息的數量滿足門檻值時(例如:「si
」的數量及門檻值皆為數值3),由執行節點130至少其中之一根據計算及交換訊息的結果生成交易簽章,以上例而言,由於執行節點130除了本身將計算出簽章共享單元之外,在交換訊息後還會得到其它執行節點130所計算出簽章共享單元,因此,將所有執行節點130所計算出的各簽章共享單元使用拉格朗日插值法即可計算出簽章值「s」,舉例來說,假設有三個執行節點130,簽章值的計算方式為「s=L[(1,s1
)+(2,s2
)+(3,s3
)][0]」,其中,L代表拉格朗日插值法,「[0]」代表取值在x=0,並且與曲線座標點的X座標「r」組成一對(Pair),進而獲得交易簽章「(r, s)」。接著,再將此交易簽章「(r, s)」嵌入原始交易訊息以生成已簽章交易訊息,以及將已簽章交易訊息廣播至區塊鏈網路。特別要說明的是,在計算過程中,倘若「r」或「s」的數值為零,那麼,將重新進行計算直到不為數值零為止。The
特別要說明的是,在實際實施上,本發明所述的各模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時信號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光信號)、或者通過電線傳輸的電信號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。計算機可讀程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that in actual implementation, each module described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, each module can be It can be implemented by software and hardware or one of them. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, System on Chip (SoC), Complex Programmable Logic Device (CPLD), Field Programmable Gate Array (FPGA) and so on. The present invention can be a system, method and/or computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for enabling the processor to implement various aspects of the present invention. The computer-readable storage medium may be a tangible storage medium that can hold and store instructions used by an instruction execution device. equipment. The computer-readable storage medium can be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. The computer-readable storage medium used here is not interpreted as the instantaneous signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, optical signals through fiber optic cables), or through wires Transmission of electrical signals. In addition, the computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded via a network, such as the Internet, local area network, wide area network and/or wireless network To an external computer device or external storage device. The network may include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network, and forwards the computer-readable program instructions for storage in the computer-readable storage media in each computing/processing device in. The computer program instructions for performing the operations of the present invention may be combined language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby, PHP, etc., as well as conventional programs Procedural programming language, such as C language or similar programming language. Computer readable program instructions can be executed entirely on the computer, partly on the computer, executed as a stand-alone software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server Executed on.
請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明基於無分派者秘密共享的門檻式簽章方法的方法流程圖,應用在具有客戶端110及伺服端120的網路環境中,所述伺服端120包含前端主機121及節點122,其步驟包括:客戶端110傳送包含門檻值及總數值的金鑰請求至伺服端120的前端主機121,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數(步驟210);前端主機121根據接收到的金鑰請求,自節點122及客戶端110中選擇與總數值相同的數量作為多個執行節點130,每一執行節點130皆執行聯合隨機秘密共享演算法,用以分別選擇一隨機多項式進行計算,並且與每一執行節點交換計算結果以生成相應的私鑰共享單元(步驟220);每一執行節點130廣播生成的私鑰共享單元對基點的乘積值,以及根據每一執行節點130廣播的乘積值的數值總和計算出公鑰(步驟230);在區塊鏈交易初始時,伺服端120的前端主機121接收來自客戶端110的交易請求,並且根據此交易請求及區塊鏈資料格式生成對應的原始交易訊息,以及將此原始交易訊息傳送至客戶端110及每一執行節點130(步驟240);每一執行節點130執行二次聯合隨機秘密共享演算法以生成相應的第一共享單元及第二共享單元,以及執行二次聯合隨機零值秘密共享演算法以生成相應的第三共享單元及第四共享單元(步驟250);每一執行節點130根據各自擁有的第一共享單元、第二共享單元、第三共享單元及第四共享單元計算相應的第一廣播數值及第二廣播數值,其中,第一廣播數值為第一共享單元乘以第二共享單元後,加上第三共享單元,第二廣播數值為第二共享單元乘以基點(步驟260);每一執行節點130廣播各自計算出的第一廣播數值及第二廣播數值,並且根據所有第一廣播數值及第二廣播數值計算曲線座標點(步驟270);每一執行節點130執行橢圓曲線數位簽名演算法的門檻簽章協定,用以根據原始交易訊息、曲線座標點的X座標及各自擁有的第一共享單元、私鑰共享單元及第四共享單元進行計算及交換訊息,當計算及交換訊息的數量滿足門檻值時,由執行節點130至少其中之一根據計算及交換訊息的結果生成交易簽章,並且將此交易簽章嵌入原始交易訊息以生成已簽章交易訊息,以及將已簽章交易訊息廣播至區塊鏈網路(步驟280)。透過上述步驟,即可透過前端主機121選擇多個執行節點130,由執行節點130執行聯合隨機秘密分享演算法及聯合隨機零值秘密分享演算法產生共享單元,並且透過安全多方運算對共享單元進行計算及交換訊息,以便根據計算及交換訊息的結果生成對應共享單元的公鑰及交易簽章,並且將交易簽章嵌入原始交易訊息後廣播至區塊鏈網路。Please refer to "Figure 2A" and "Figure 2B". "Figure 2A" and "Figure 2B" are the flowcharts of the threshold signature method based on the secret sharing of no dispatcher in the present invention. In the network environment of 110 and the
以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明產生私鑰共享單元及計算公鑰之示意圖。在實際實施上,當客戶端110發送金鑰請求給伺服端120的前端主機121後,伺服端120的前端主機121會根據接收到的金鑰請求,從伺服端120的節點122及客戶端110中選擇與總數值相同的數量作為執行節點130。接著,每一執行節點130皆執行JRSS演算法,用以分別選擇一隨機多項式「di
」進行計算,舉例來說,假設有三個執行節點130,第一個執行節點130選擇隨機多項式「d1
=x2
+x+1」,並且將數值1至3分別帶入x得到三個計算結果;第二個執行節點130選擇隨機多項式「d2
=x2
+x+3」,並且同樣將數值1至3分別帶入x得到三個計算結果,以此類推,第三個執行節點130選擇隨機多項式「d3
=x2
+x+4」,並且同樣將數值1至3分別帶入x得到三個計算結果,接下來,每一執行節點130會交換計算結果(即:每一執行節點130會將對應數值1的計算結果提供給第一個執行節點130、將對應數值2的計算結果提供給第二個執行節點130,以及將對應數值3的計算結果提供給第三個執行節點130)以生成相應的共享單元(即:私鑰共享單元「Sdi
」),並且可將其儲存至資料庫。然後,透過MPC繼續執行JRSS演算法的計算及交換訊息,以便廣播生成的私鑰共享單元「Sdi
」對基點「G」的乘積值「Sdi
*G」,以及根據每一個執行節點130廣播的乘積值的數值總和計算出公鑰「Q」,並且可將公鑰儲存至資料庫與對應的私鑰共享單元相對應。舉例來說,假設門檻值為數值2、總數量為數值3,前端主機121會選擇三個執行節點130,這些執行節點在執行JRSS演算法時,假設第一個執行節點130生成私鑰共享單元「Sd1
」、第二個執行節點130生成私鑰共享單元「Sd2
」及第三個執行節點130生成私鑰共享單元「Sd3
」,並且同樣乘以基點「G」後分別得到「Sd1
*G」、「Sd2
*G」及「Sd3
*G」作為私鑰共享單元對基點的乘積值並進行廣播。如此一來,各執行節點130都會擁有三個私鑰共享單元對基點的乘積值「Sd1
*G」、「Sd2
*G」及「Sd3
*G」,此時,每一執行節點130只要將這三個私鑰共享單元對基點的乘積值相加後,都可以計算出公鑰「Q」,其計算式為「Q=Sd1
*G+Sd2
*G+Sd3
*G」。以此方式可以確保沒有人可以得知私鑰「d」,因為「d=Sd1
+Sd2
+Sd3
」,但是在橢圓曲線上有個難題是,即使已知「d*G」及「G」,欲知「d」仍然十分困難。另外,將公鑰「Q」進行雜湊處理後可以作為客戶端130的帳戶地址。要補充說明的是,前面提到,從伺服端120的節點122及客戶端110中選擇與總數值相同的數量作為執行節點130,其目的是為了讓客戶端110也有參與其中的機會,而不是僅由伺服端120來計算及儲存。換句話說,倘若選擇到客戶端110作為其中一個執行節點130,那麼客戶端110便能夠參與計算及儲存,倘若沒選擇到客戶端110,那麼便全部由伺服端120的執行節點130進行計算及儲存。因此,客戶端110可以包含執行節點130的所有模組及其功能,以便在前端主機121選擇客戶端110時,能夠成為其中一個執行節點130。The following description will be given in the form of embodiment in conjunction with "Figure 3" and "Figure 4". Please refer to "Figure 3" first. "Figure 3" is the application of the present invention to generate a private key sharing unit and calculate a public key. Schematic. In actual implementation, after the
如「第4圖」所示意,「第4圖」為應用本發明計算及生成簽章之示意圖。在區塊鏈交易初始時,客戶端110會發送交易請求給伺服端120,由伺服端120根據此交易請求的來源地址,自儲存空間(例如:資料庫)中查詢出相應此客戶端110的共享單元。同時,伺服端120會根據交易請求及區塊鏈資料格式來產生原始交易訊息,也就是說,假設區塊鏈資料格式是使用以太坊的資料格式,那麼產生的原始交易訊息就會符合以太坊的資料格式;假設區塊鏈資料格式是使用比特幣的資料格式,那麼產生的原始交易訊息就會符合比特幣的資料格式。接著,伺服端120會將產生的原始交易訊息傳送給客戶端110及執行節點130。假設客戶端110是其中一個執行節點,客戶端110與伺服端120的執行節點130會進行MPC來針對原始交易訊息進行門檻式簽章,其中,MPC包含了執行多次JRSS演算法及JZSS演算法的計算及交換訊息的步驟,最後生成交易簽章嵌入原始交易訊息以生成已簽章交易訊息,並且將生成的已簽章交易訊息廣播至區塊鏈網路。As shown in "Figure 4", "Figure 4" is a schematic diagram of calculating and generating signatures using the present invention. At the beginning of the blockchain transaction, the
在實際實施上,由於一開始資料庫不會存在相應的共享單元,因此,第i個執行節點130會執行二次JRSS演算法以生成相應的第一共享單元「ki
」及第二共享單元「ai
」,以及執行二次JZSS演算法以生成相應的第三共享單元「bi
」及第四共享單元「ci
」。接著,每一執行節點130根據各自擁有的第一共享單元「ki
」、第二共享單元「ai
」、第三共享單元「bi
」及第四共享單元「ci
」計算相應的第一廣播數值「vi
」及第二廣播數值「wi
」,其中,第一廣播數值「vi
」為第一共享單元「ki
」乘以第二共享單元「ai
」後,加上第三共享單元「bi
」,亦即「vi
=ki
*ai
+bi
」;第二廣播數值「wi
」為第二共享單元「ai
」乘以基點「G」,亦即「wi
=ai
*G」。然後,每一執行節點130廣播各自計算出的第一廣播數值「vi
」及第二廣播數值「wi
」,並且根據所有第一廣播數值進行拉格朗日插值計算,以上述三個執行節點130為例,即:「v=L[(1,v1
)+(2,v2
)+(3,v3
)][0]」,其中,L代表拉格朗日插值法,「[0]」代表取值在x=0」,再將計算結果的倒數乘以所有第二廣播值的總和,即:「w=w1
+w2
+w3
」,用以計算曲線座標點「(Rx
, Ry
)」,其計算方式為「(Rx
, Ry
)=w*v-1
」。接下來,每一執行節點130執行橢圓曲線數位簽名演算法的門檻簽章協定,用以根據原始交易訊息「m」、曲線座標點的X座標(即:r=Rx
)及各自擁有的第一共享單元「ki
」、私鑰共享單元「Sdi
」及第四共享單元「ci
」進行計算及交換訊息,當計算及交換訊息的數量滿足門檻值時,由執行節點130至少其中之一根據計算及交換訊息的結果生成交易簽章「(r, s)」,其中,「r」為曲線座標點的X座標;「s」的計算方式是先由各執行節點130交換各自根據計算式子「si
= ki -1
(e+Sdi
r)」所計算出的結果,再進行插值(Interpolation)計算所得,其中,「e」為經雜湊處理的原始交易訊息「m」。舉例來說,假設有三個執行節點130,第一個執行節點130的計算式子為「s1
= k1 -1
(e+Sd1
r)」;第二個執行節點130的計算式子為「s2
= k2 -1
(e+Sd2
r)」;第三個執行節點130的計算式子為「s3
= k3 -1
(e+Sd3
r)」,經過MPC的計算及交換訊息後,每一個執行節點130皆具有「s1
」、「s2
」及「s3
」,因此,使用拉格朗日插值法即可計算出簽章值「s」,例如:「s=L[(1,s1
)+(2,s2
)+(3,s3
)][0]」,其中,L代表拉格朗日插值法,「[0]」代表取值在x=0。如此一來,便可將「r」的數值與「s」的數值組合成一對作為交易簽章「(r, s)」。最後,將此交易簽章嵌入原始交易訊息以生成已簽章交易訊息,以及將已簽章交易訊息廣播至區塊鏈網路。In practical implementation, since the beginning of the database does not exist corresponding shared cell, so the i-
綜上所述,可知本發明與先前技術之間的差異在於透過前端主機選擇多個執行節點,由執行節點執行聯合隨機秘密分享演算法及聯合隨機零值秘密分享演算法產生共享單元,並且透過安全多方運算對共享單元進行計算及交換訊息,以便根據計算及交換訊息的結果生成對應共享單元的公鑰及交易簽章,並且將交易簽章嵌入原始交易訊息後廣播至區塊鏈網路,藉由此一技術手段可以解決先前技術所存在的問題,進而在不生成私鑰的前提下,達成提高簽章的公正性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that multiple execution nodes are selected by the front-end host, and the execution nodes execute the joint random secret sharing algorithm and the joint random zero-value secret sharing algorithm to generate shared units, and through Secure multi-party calculations calculate and exchange messages on the shared unit, so as to generate the corresponding public key and transaction signature of the shared unit based on the results of the calculation and exchange of messages, and embed the transaction signature into the original transaction message and broadcast it to the blockchain network. With this technical means, the problems of the prior art can be solved, and the technical effect of improving the fairness of the signature can be achieved without generating a private key.
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Anyone familiar with similar art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be determined by the scope of the patent application attached to this specification.
110:客戶端120:伺服端121:前端主機122:節點130:執行節點131:執行模組132:金鑰模組133:計算模組134:簽章模組步驟210:客戶端傳送包含一門檻值及一總數值的一金鑰請求至伺服端的前端主機,其中,該門檻值小於或等於該總數值,並且該門檻值及該總數值皆為大於數值1的正整數步驟220:該前端主機根據接收到的該金鑰請求,自節點及該客戶端中選擇與該總數值相同的數量作為多個執行節點,每一執行節點皆執行一聯合隨機秘密共享演算法,用以分別選擇一隨機多項式進行計算,並且與每一執行節點交換計算結果以生成相應的一私鑰共享單元步驟230:每一執行節點廣播生成的該私鑰共享單元對一基點的一乘積值,以及根據每一執行節點廣播的該乘積值的數值總和計算出一公鑰步驟240:在區塊鏈交易初始時,該伺服端的該前端主機接收來自該客戶端的一交易請求,並且根據該交易請求及區塊鏈資料格式生成對應的一原始交易訊息,以及將該原始交易訊息傳送至該客戶端及每一執行節點步驟250:每一執行節點執行二次該聯合隨機秘密共享演算法以生成相應的一第一共享單元及一第二共享單元,以及執行二次一聯合隨機零值秘密共享演算法以生成相應的一第三共享單元及一第四共享單元步驟260:每一執行節點根據各自擁有的該第一共享單元、該第二共享單元、該第三共享單元及該第四共享單元計算相應的一第一廣播數值及一第二廣播數值,其中,該第一廣播數值為該第一共享單元乘以該第二共享單元後,加上該第三共享單元,該第二廣播數值為該第二共享單元乘以該基點步驟270:每一執行節點廣播各自計算出的該第一廣播數值及該第二廣播數值,並且根據所有該第一廣播數值及該第二廣播數值計算一曲線座標點步驟280:每一執行節點執行橢圓曲線數位簽名演算法的一門檻簽章協定,用以根據該原始交易訊息、該曲線座標點的一X座標及各自擁有的所述第一共享單元、所述私鑰共享單元及所述第四共享單元進行計算及交換訊息,當計算及交換訊息的數量滿足門檻值時,由所述執行節點至少其中之一根據計算及交換訊息的結果生成一交易簽章,並且將該交易簽章嵌入該原始交易訊息以生成一已簽章交易訊息,以及將該已簽章交易訊息廣播至區塊鏈網路110: client 120: server 121: front-end host 122: node 130: execution node 131: execution module 132: key module 133: calculation module 134: signature module Step 210: client transmission includes a threshold A key of the value and a total value is requested to the front-end host of the server, where the threshold value is less than or equal to the total value, and the threshold and the total value are both positive integers greater than the value 1. Step 220: the front-end host According to the received key request, the self node and the client select the same number as the total number as multiple execution nodes, and each execution node executes a joint random secret sharing algorithm to select a random Polynomial is calculated, and the calculation result is exchanged with each execution node to generate a corresponding private key sharing unit. Step 230: Each execution node broadcasts a product value of the private key sharing unit generated by each execution node to a base point, and according to each execution The total value of the product value broadcast by the node calculates a public key. Step 240: At the beginning of the blockchain transaction, the front-end host of the server receives a transaction request from the client, and based on the transaction request and the blockchain data Format to generate a corresponding original transaction message, and send the original transaction message to the client and each execution node Step 250: Each execution node executes the joint random secret sharing algorithm twice to generate a corresponding first share Unit and a second shared unit, and execute a second-time-joint random zero-valued secret sharing algorithm to generate a corresponding third shared unit and a fourth shared unit Step 260: Each execution node according to its own first The sharing unit, the second sharing unit, the third sharing unit, and the fourth sharing unit calculate a corresponding first broadcast value and a second broadcast value, where the first broadcast value is the first sharing unit multiplied by After the second sharing unit, the third sharing unit is added, and the second broadcast value is the second sharing unit multiplied by the base point. Step 270: Each execution node broadcasts the first broadcast value and the first broadcast value calculated by each execution node. Two broadcast values, and calculate a curve coordinate point according to all the first broadcast values and the second broadcast values. Step 280: Each execution node executes a threshold signature agreement of the elliptic curve digital signature algorithm for the original transaction The message, an X coordinate of the curve coordinate point, and the first sharing unit, the private key sharing unit, and the fourth sharing unit owned by each of them perform calculations and exchange messages, when the number of calculations and exchange messages meets the threshold At this time, at least one of the execution nodes generates a transaction signature according to the result of calculation and exchange of messages, and embeds the transaction signature into the original transaction message to generate a signed transaction message, and the signed transaction message Broadcast transaction information to the blockchain network
第1圖為本發明基於無分派者秘密共享的門檻式簽章系統之系統方塊圖。 第2A圖及第2B圖為本發明基於無分派者秘密共享的門檻式簽章方法之方法流程圖。 第3圖為應用本發明產生私鑰共享單元及計算公鑰之示意圖。 第4圖為應用本發明計算及生成簽章之示意圖。Figure 1 is a system block diagram of the threshold signature system based on secret sharing without dispatchers of the present invention. Fig. 2A and Fig. 2B are flowcharts of the threshold signature method based on the secret sharing of no dispatcher of the present invention. Figure 3 is a schematic diagram of applying the present invention to generate a private key sharing unit and calculate a public key. Figure 4 is a schematic diagram of calculating and generating signatures using the present invention.
110:客戶端 110: client
120:伺服端 120: server
121:前端主機 121: front-end host
122:節點 122: Node
130:執行節點 130: execution node
131:執行模組 131: Execution module
132:金鑰模組 132: Key Module
133:計算模組 133: Computing Module
134:簽章模組 134: Signature Module
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108102431A TWI689194B (en) | 2019-01-22 | 2019-01-22 | Threshold signature system based on secret sharing without dealer and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108102431A TWI689194B (en) | 2019-01-22 | 2019-01-22 | Threshold signature system based on secret sharing without dealer and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI689194B TWI689194B (en) | 2020-03-21 |
TW202029687A true TW202029687A (en) | 2020-08-01 |
Family
ID=70767048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108102431A TWI689194B (en) | 2019-01-22 | 2019-01-22 | Threshold signature system based on secret sharing without dealer and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI689194B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9569771B2 (en) * | 2011-04-29 | 2017-02-14 | Stephen Lesavich | Method and system for storage and retrieval of blockchain blocks using galois fields |
EP3132560A4 (en) * | 2014-04-17 | 2017-12-20 | Hrl Laboratories, Llc | A method for secure and resilient distributed generation of elliptic curve digital signature algorithm (ecdsa) based digital signatures with proactive security |
GB201705621D0 (en) * | 2017-04-07 | 2017-05-24 | Nchain Holdings Ltd | Computer-implemented system and method |
GB201707168D0 (en) * | 2017-05-05 | 2017-06-21 | Nchain Holdings Ltd | Computer-implemented system and method |
CN107801059B (en) * | 2017-09-26 | 2018-09-04 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and server |
-
2019
- 2019-01-22 TW TW108102431A patent/TWI689194B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI689194B (en) | 2020-03-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11601407B2 (en) | Fast oblivious transfers | |
CN114586313B (en) | System and method for signing information | |
CN110247757B (en) | Block chain processing method, device and system based on cryptographic algorithm | |
TWI807125B (en) | Computer implemented system and method for distributing shares of digitally signed data | |
TW201946412A (en) | Computer implemented method and system for transferring control of a digital asset | |
WO2019047418A1 (en) | Digital signature method, device and system | |
JP2021145388A (en) | Digital signature method, signature information verification method, related equipment, and electronic device | |
CN112953700B (en) | Method, system and storage medium for improving safe multiparty computing efficiency | |
CN114301677B (en) | Key negotiation method, device, electronic equipment and storage medium | |
TWI782701B (en) | Non-interactive approval system for blockchain wallet and method thereof | |
TWI759138B (en) | Threshold signature scheme system based on inputting password and method thereof | |
TWI689194B (en) | Threshold signature system based on secret sharing without dealer and method thereof | |
TWI737956B (en) | Threshold signature system based on secret sharing and method thereof | |
TWI694349B (en) | Threshold signature system with prevent memory dump and method thereof | |
TW202236130A (en) | Asset cross-chain exchanging system based on threshold signature scheme and method thereof | |
TWI734087B (en) | Signature system based on homomorphic encryption and method thereof | |
TWI702820B (en) | Secret sharing signature system with hierarchical mechanism and method thereof | |
TWI776416B (en) | Threshold signature scheme system for hierarchical deterministic wallet and method thereof | |
CN111552950A (en) | Software authorization method and device and computer readable storage medium | |
TWI764811B (en) | Key generating system for hierarchical deterministic wallet and method thereof | |
TWI782486B (en) | Threshold and number of participation adjusting system for threshold signature scheme and method thereof | |
TWI783804B (en) | Shares generation system based on linear integer secret sharing and method thereof | |
TWI799286B (en) | Random number generation system for threshold signature scheme and method thereof | |
CN113381850B (en) | SM9 user key generation method, device, equipment and storage medium | |
WO2024140259A1 (en) | Blockchain-based transaction supervision method, system and apparatus, and electronic device |