TW202236130A - Asset cross-chain exchanging system based on threshold signature scheme and method thereof - Google Patents

Asset cross-chain exchanging system based on threshold signature scheme and method thereof Download PDF

Info

Publication number
TW202236130A
TW202236130A TW110108993A TW110108993A TW202236130A TW 202236130 A TW202236130 A TW 202236130A TW 110108993 A TW110108993 A TW 110108993A TW 110108993 A TW110108993 A TW 110108993A TW 202236130 A TW202236130 A TW 202236130A
Authority
TW
Taiwan
Prior art keywords
client host
host
asset
account
value
Prior art date
Application number
TW110108993A
Other languages
Chinese (zh)
Other versions
TWI769738B (en
Inventor
莊治耘
林祐德
Original Assignee
帳聯網路科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 帳聯網路科技股份有限公司 filed Critical 帳聯網路科技股份有限公司
Priority to TW110108993A priority Critical patent/TWI769738B/en
Application granted granted Critical
Publication of TWI769738B publication Critical patent/TWI769738B/en
Publication of TW202236130A publication Critical patent/TW202236130A/en

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An asset cross-chain exchanging system based on threshold signature scheme and method thereof is disclosed. By performing a distributed key generation (DKG) function based on secure multi-party computation (MPC) through a first client and a second client, so as to generate temporary accounts on different blockchain networks, at the same time, let a fair end host, the first client and the second client have different levels of shares corresponding to each temporary account. When the first client and the second client want to exchange assets of different blockchain networks, first transfer the assets to be exchanged to the corresponding temporary account, and then execute a threshold signature scheme (TSS) according to the shares to obtain of control the corresponding temporary account for completing cross-chain asset exchange. The mechanism is help to improve the high availability of cross-chain asset exchange.

Description

基於門檻式簽章的資產跨鏈交換系統及其方法Asset cross-chain exchange system and method based on threshold signature

本發明涉及一種跨區塊鏈交換資產的系統及其方法,特別是基於門檻式簽章的資產跨鏈交換系統及其方法。The invention relates to a system and method for exchanging assets across blockchains, in particular to an asset cross-chain exchange system and method based on threshold signatures.

近年來,隨著區塊鏈的普及與蓬勃發展,各種基於區塊鏈技術的數位貨幣便如雨後春筍般湧現,例如:比特幣、以太幣等等。In recent years, with the popularization and vigorous development of blockchain, various digital currencies based on blockchain technology have sprung up like mushrooms, such as Bitcoin, Ethereum and so on.

一般而言,不同的數位貨幣由於基於不同的區塊鏈,所以無法直接進行交易、交換、轉移等等,而傳統的方式是透過交易所或預先約定的方式來實現。然而,透過交易所需要花費額外的手續費,而且操作繁瑣不便;透過預先約定的方式則存在違約或詐騙的可能性。因此,傳統的方式存在資產交換不便及安全性不佳的問題。Generally speaking, because different digital currencies are based on different blockchains, they cannot be directly traded, exchanged, transferred, etc., and the traditional way is to achieve it through an exchange or a pre-agreed way. However, through the exchange, additional handling fees are required, and the operation is cumbersome and inconvenient; through the pre-agreed method, there is a possibility of breach of contract or fraud. Therefore, the traditional method has the problems of inconvenient asset exchange and poor security.

有鑑於此,便有廠商提出跨鏈交換資產的技術手段,其透過公證人機制(Notary Schemes),在交易雙方無法互相信任下,經由雙方共同信任且相對公正獨立的一個或一群第三方,充當公證人以驗證並確保交易的合法性。然而,此方式在公證人不夠公正而與其中一方合謀的情況下,將導致資產被非法轉移,所以大幅限制了跨鏈交換資產的可用性,故具有跨鏈交換資產的可用性不佳的問題。In view of this, some manufacturers have proposed the technical means of cross-chain exchange assets. Through the notary mechanism (Notary Schemes), when the two parties to the transaction cannot trust each other, one or a group of third parties that are mutually trusted by both parties and are relatively fair and independent act as Notaries to verify and ensure the legitimacy of transactions. However, this method will lead to the illegal transfer of assets if the notary is not impartial and conspires with one of the parties, so the availability of cross-chain exchange assets is greatly limited, so there is a problem of poor usability of cross-chain exchange assets.

綜上所述,可知先前技術中長期以來一直存在跨鏈交換資產的可用性不佳的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a problem of poor availability of cross-chain exchange assets in the previous technology for a long time, so it is necessary to propose improved technical means to solve this problem.

本發明揭露一種基於門檻式簽章的資產跨鏈交換系統及其方法。The present invention discloses an asset cross-chain exchange system and method based on a threshold signature.

首先,本發明揭露一種基於門檻式簽章的資產跨鏈交換系統,其包含:公正端主機、第一客戶端主機及第二客戶端主機。其中,公正端主機用以接收第一分片、另一第一分片、第二分片及另一第二分片,並且根據第一分片及所述另一第一分片組成低等級的第一新共享單元,以及根據第二分片及所述另一第二分片組成低等級的第二新共享單元;第一客戶端主機用以與公正端主機相互連接,以及在第一區塊鏈網路的第一帳戶具有第一資產,所述第一客戶端主機包含:第一確認模組、第一執行模組及第一交易模組。其中,第一確認模組用以在欲交換第一資產及第二資產時,向公正端主機確認第二區塊鏈網路的第二帳戶的擁有者,以及查詢此第二帳戶是否具有第二資產的所有權;第一執行模組連接第一確認模組,用以在確認及查詢無誤後,以安全多方計算(Secure Multi-Party Computation, MPC)執行分散式金鑰生成函式以在第一區塊鏈網路產生第一暫存帳戶及其相應且具有不同等級的第一共享單元,以及產生與第一共享單元相應且低等級的第一新共享單元的第一分片和與第二共享單元相應且低等級的該第二新共享單元的第二分片以傳送至公正端主機;第一交易模組連接第一執行模組,用以在第一暫存帳戶產生後,以區塊鏈交易方式將第一資產傳送至第一暫存帳戶。接著,在第二客戶端主機的部分,其與公正端主機相互連接,以及在第二區塊鏈網路的第二帳戶具有第二資產,所述第二客戶端主機包含:第二確認模組、第二執行模組及第二交易模組。其中,第二確認模組用以在欲交易第一資產及第二資產時,向公正端主機確認第一區塊鏈的第一帳戶的擁有者,以及查詢第一帳戶是否具有第一資產的所有權;第二執行模組連接第二確認模組,用以在確認及查詢無誤後,以安全多方計算執行分散式金鑰生成函式以在第二區塊鏈網路產生第二暫存帳戶及其相應且具有不同等級的第二共享單元,以及產生與所述第二共享單元相應且低等級的第二新共享單元的另一第二分片和與所述第一共享單元相應且低等級的第一新共享單元的另一第一分片以傳送至公正端主機;第二交易模組連接第二執行模組,用以在第二暫存帳戶產生後,以區塊鏈交易方式將第二資產傳送至第二暫存帳戶。其中,第一客戶端主機儲存低等級的第一共享單元及高等級的第二共享單元,第二客戶端主機儲存高等級的第一共享單元及低等級的第二共享單元,並且允許第一客戶端主機及第二客戶端主機選擇與公正端主機一併執行門檻式簽章以分別根據第一共享單元及第一新共享單元控制第一暫存帳戶的第一資產,以及根據第二共享單元及第二新共享單元控制第二暫存帳戶的第二資產。First, the present invention discloses a cross-chain asset exchange system based on a threshold signature, which includes: a fair-end host, a first client host, and a second client host. Wherein, the fair-end host is used to receive the first fragment, another first fragment, second fragment and another second fragment, and form a lower level according to the first fragment and the other first fragment The first new sharing unit of the first new sharing unit, and the second new sharing unit of low level is formed according to the second fragment and the other second fragment; the first client host is used to connect with the fair end host, and in the first The first account in the blockchain network has a first asset, and the first client host includes: a first confirmation module, a first execution module and a first transaction module. Among them, the first confirmation module is used to confirm the owner of the second account of the second blockchain network to the impartial host when the first asset and the second asset are to be exchanged, and to inquire whether the second account has the second account. The ownership of the second asset; the first execution module is connected to the first confirmation module, which is used to execute the distributed key generation function with Secure Multi-Party Computation (MPC) after the confirmation and query are correct. A block chain network generates a first temporary storage account and its corresponding first shared unit with a different level, and generates a first shard of a first new shared unit corresponding to the first shared unit and a lower level and related to the second shared unit. The second fragment of the second new shared unit corresponding to the two shared units and the lower level is sent to the fair-end host; the first transaction module is connected to the first execution module, so that after the first temporary storage account is generated, with The blockchain transaction method transfers the first asset to the first temporary storage account. Then, in the part of the second client host, which is connected to the fair-end host, and has a second asset in the second account of the second blockchain network, the second client host includes: a second confirmation module group, the second execution module and the second transaction module. Among them, the second confirmation module is used to confirm the owner of the first account of the first block chain to the fair-side host when the first asset and the second asset are to be traded, and to inquire whether the first account has the identity of the first asset. Ownership; the second execution module is connected to the second confirmation module, which is used to execute the distributed key generation function with secure multi-party computing to generate the second temporary storage account in the second blockchain network after the confirmation and query are correct and a second shared unit corresponding to it and having a different level, and another second slice that generates a second new shared unit corresponding to the second shared unit and having a lower level and corresponding to the first shared unit and lower Another first fragment of the first new shared unit of the level can be sent to the fair-end host; the second transaction module is connected to the second execution module, which is used to trade in the blockchain after the second temporary storage account is generated Transfer the second asset to the second escrow account. Wherein, the first client host stores a low-level first shared unit and a high-level second shared unit, and the second client host stores a high-level first shared unit and a low-level second shared unit, and allows the first The client host and the second client host choose to execute the threshold signature together with the impartial host to control the first asset of the first temporary storage account according to the first sharing unit and the first new sharing unit, and to control the first asset of the first temporary account according to the second sharing unit. The unit and the second new shared unit control a second asset of the second escrow account.

另外,本發明還揭露一種基於門檻式簽章的資產跨鏈交換方法,其步驟包括:提供第一客戶端主機,此第一客戶端主機在第一區塊鏈網路的第一帳戶具有第一資產、提供第二客戶端主機,此第二客戶端主機在第二區塊鏈網路的第二帳戶具有第二資產,以及提供與第一客戶端主機及第二客戶端主機相互連接的公正端主機;當第一客戶端主機及第二客戶端主機欲相互交換第一資產及第二資產時,共同向公正端主機確認第一帳戶及第二帳戶的擁有者是否分別為第一客戶端主機及第二客戶端主機,以及查詢第一帳戶及第二帳戶是否具有第一資產及第二資產的所有權;第一客戶端主機及第二客戶端主機在確認及查詢無誤後,以安全多方計算執行分散式金鑰生成函式,用以在第一區塊鏈網路產生第一暫存帳戶及其相應且具有不同等級的第一共享單元,以及在第二區塊鏈網路產生第二暫存帳戶及其相應且具有不同等級的第二共享單元,其中,第一客戶端主機儲存低等級的第一共享單元及高等級的第二共享單元,第二客戶端主機儲存高等級的第一共享單元及低等級的第二共享單元;第一客戶端主機以區塊鏈交易方式將第一資產傳送至第一暫存帳戶,第二客戶端主機以區塊鏈交易方式將第二資產傳送至第二暫存帳戶;第一客戶端主機及第二客戶端主機以安全多方計算執行分散式金鑰生成函式,用以分別產生與第一共享單元相應的第一分片及另一第一分片,以及分別產生與第二共享單元相應的第二分片及另一第二分片,其中,第一客戶端主機將產生的第一分片及第二分片傳送至公正端主機,第二客戶端主機將產生的另一第一分片及另一第二分片傳送至公正端主機;公正端主機根據接收到的第一分片及另一第一分片組成低等級的第一新共享單元,以及根據接收到的第二分片及另一第二分片組成低等級的第二新共享單元;以及第一客戶端主機及第二客戶端主機允許選擇與公正端主機一併執行門檻式簽章以分別根據第一共享單元及第一新共享單元控制第一暫存帳戶的第一資產,以及根據第二共享單元及第二新共享單元控制第二暫存帳戶的第二資產。In addition, the present invention also discloses a cross-chain asset exchange method based on a threshold signature, the steps of which include: providing a first client host, the first client host has a first account in the first blockchain network with the first An asset, providing a second client host, the second client host has a second asset in the second account of the second block chain network, and providing the mutual connection between the first client host and the second client host Fair-side host; when the first client host and the second client-side host want to exchange the first asset and the second asset with each other, they jointly confirm to the fair-end host whether the owners of the first account and the second account are the first client respectively end host and the second client host, and check whether the first account and the second account have the ownership of the first asset and the second asset; after the first client host and the second client host confirm and check that they are correct, the Multi-party computing executes a distributed key generation function to generate a first temporary storage account and its corresponding first shared unit with different levels in the first blockchain network, and generate A second temporary account and its corresponding second shared unit with a different level, wherein the first client host stores a low-level first shared unit and a high-level second shared unit, and the second client host stores a high-level shared unit The first shared unit and the second low-level shared unit; the first client host transfers the first asset to the first temporary storage account in the form of blockchain transactions, and the second client host transfers the first asset to the first temporary storage account in the form of blockchain transactions. The second asset is sent to the second temporary storage account; the first client host and the second client host use secure multi-party computing to execute the distributed key generation function to generate the first slice and the corresponding first shared unit respectively another first fragment, and generate a second fragment corresponding to the second sharing unit and another second fragment respectively, wherein the first client host sends the generated first fragment and the second fragment to The fair-end host, the second client host sends another first fragment and another second fragment generated to the fair-end host; the fair-end host composes according to the received first fragment and another first fragment A low-level first new shared unit, and a low-level second new shared unit formed according to the received second fragment and another second fragment; and the first client host and the second client host allow selection and The fair end host executes the threshold signature together to control the first asset of the first temporary storage account according to the first sharing unit and the first new sharing unit, and to control the second temporary storage account according to the second sharing unit and the second new sharing unit. The second asset of the savings account.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過第一客戶端主機及第二客戶端主機以安全多方計算執行分散式金鑰生成函式,以便在不同的區塊鏈網路產生暫存帳戶,同時使公正端主機、第一客戶端主機及第二客戶端主機具有相應於各暫存帳戶且不同等級的共享單元,當第一客戶端主機及第二客戶端主機欲交換不同區塊鏈網路的資產時,先將欲交換的資產轉移至相應暫存帳戶,再分別根據持有的共享單元執行門檻式簽章以獲得相應暫存帳戶的控制權,進而完成跨鏈交換資產。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention uses secure multi-party computation to execute the distributed key generation function through the first client host and the second client host, so that different blocks can The chain network generates a temporary storage account, and at the same time makes the fair end host, the first client host and the second client host have sharing units corresponding to each temporary storage account and different levels, when the first client host and the second client host When the host wants to exchange assets of different blockchain networks, it first transfers the assets to be exchanged to the corresponding temporary storage account, and then executes the threshold signature according to the shared units held to obtain the control of the corresponding temporary storage account, and then Complete the cross-chain exchange of assets.

透過上述的技術手段,本發明可以達成提高跨鏈交換資產的高可用性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the high availability of cross-chain exchange assets.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The implementation of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

首先,在說明本發明所揭露之基於門檻式簽章的資產跨鏈交換系統及其方法之前,先對本發明的應用環境作說明,本發明係應用在同時具有不同區塊鏈網路的環境,例如:比特幣區塊鏈網路(Bitcoin Blockchain Network)及以太坊區塊鏈網路(Ethereum Blockchain Network),這些區塊鏈網路中的各節點能夠執行安全多方計算,用以相互交換資料及計算結果,進而執行門檻式簽章。接著,針對本發明自行定義的名詞作說明,本發明所述的共享單元(Share)是指在進行安全多方計算時,在不同的節點(如:第一客戶端主機、第二客戶端主機)之間進行相互交換資料及計算結果所生成的元素,此元素能夠在不需重組私鑰的情況下,直接以數學運算計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」),例如:「第一共享單元」、「第二共享單元」、「第一新共享單元」及「第二新共享單元」等等,相互之間的差異僅在於對應的暫存帳戶或持有者不同。其中,第一共享單元、第一新共享單元對應第一暫存帳戶;第二共享單元、第二新共享單元對應第二暫存帳戶;第一新共享單元及第二新共享單元的持有者為公正端主機,而第一客戶端主機及第二客戶端主機皆持有不同等級的第一共享單元及第二共享單元。另外,所述分片(如:第一分片、第二分片、另一第一分片及另一第二分片)是指透過分片(Sharding)技術將資料切分成的各分片,以便由不同主機相互獨立地處理各分片,再根據處理結果組成最終結果。舉例來說,第一分片及另一第一分片能夠組成第一新共享單元;第二分片及另一第二分片能夠組成第二新共享單元。First of all, before explaining the asset cross-chain exchange system and method based on the threshold signature disclosed in the present invention, the application environment of the present invention will be described first. The present invention is applied in an environment with different blockchain networks at the same time. For example: Bitcoin Blockchain Network (Bitcoin Blockchain Network) and Ethereum Blockchain Network (Ethereum Blockchain Network), each node in these blockchain networks can perform secure multi-party calculations to exchange data and Calculate the result, and then execute the threshold signature. Next, explain the self-defined terms of the present invention. The shared unit (Share) in the present invention refers to the shared unit (Share) in different nodes (such as: the first client host and the second client host) when performing secure multi-party computing. The elements generated by exchanging data and calculation results between each other can directly calculate the elliptic curve digital signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA) by mathematical operations without reorganizing the private key. The signature (or "signature") in the signature format, such as: "First Shared Unit", "Second Shared Unit", "First New Shared Unit" and "Second New Shared Unit", etc., mutually The only difference between is that the corresponding temporary accounts or holders are different. Among them, the first sharing unit and the first new sharing unit correspond to the first temporary storage account; the second sharing unit and the second new sharing unit correspond to the second temporary storage account; the holding of the first new sharing unit and the second new sharing unit The latter is a fair host, and both the first client host and the second client host have different levels of the first sharing unit and the second sharing unit. In addition, the shards (such as: the first shard, the second shard, another first shard, and another second shard) refer to shards that divide data into shards through sharding technology , so that each fragment can be processed independently by different hosts, and then the final result can be composed according to the processing results. For example, a first slice and another first slice can form a first new sharing unit; a second slice and another second slice can form a second new sharing unit.

以下配合圖式對本發明基於門檻式簽章的資產跨鏈交換系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於門檻式簽章的資產跨鏈交換系統之系統方塊圖,此系統包含:公正端主機100、第一客戶端主機110及第二客戶端主機120。其中,公正端主機100用以接收第一分片、另一第一分片、第二分片、另一第二分片,並且根據第一分片及另一第一分片組成低等級的第一新共享單元,以及根據第二分片及另一第二分片組成低等級的第二新共享單元。在實際實施上,低等級的第一新共享單元係與第一暫存帳戶及其第一共享單元相應;低等級的第二新共享單元則係與第二暫存帳戶及其第二共享單元相應。實際上,第一新共享單元及第二新共享單元均是以執行新增共享單元的方式產生,由第一客戶端主機110及第二客戶端主機120在執行分散式金鑰生成函式時,同時將公正端主機100的x座標及層級值帶入計算產生相應的分片,再由公正端主機100將分片組成新共享單元,舉例來說,假設第一客戶端主機110(簡稱為「A」)擁有高等級的共享單元,其值為數值「24」、x座標為數值「3」且層級值為數值「0」;第二客戶端主機120(簡稱為「B」)擁有低等級的共享單元,其值為數值「5」、x座標為數值「4」且層級值為數值「1」。A與B進行安全多方計算,在不透露私鑰的情況下生成新共享單元(即:第一新共享單元及第二新共享單元)給公正端主機100(簡稱為「AMIS」)的步驟如下:The following diagrams will further explain the asset cross-chain exchange system and method based on the threshold signature of the present invention. Please refer to "Picture 1" first. "Picture 1" is the asset cross-chain based on the threshold signature of the present invention. A system block diagram of an exchange system, the system includes: a fair end host 100 , a first client host 110 and a second client host 120 . Among them, the fair-end host 100 is used to receive the first fragment, another first fragment, second fragment, and another second fragment, and form a low-level A first new shared unit, and a second new shared unit at a lower level is formed according to the second slice and another second slice. In practice, the low-level first new sharing unit corresponds to the first temporary storage account and its first sharing unit; the low-level second new sharing unit corresponds to the second temporary storage account and its second sharing unit corresponding. In fact, both the first new shared unit and the second new shared unit are generated by executing a newly added shared unit. When the first client host 110 and the second client host 120 execute the distributed key generation function , and at the same time bring the x-coordinate and level value of the fair-end host 100 into the calculation to generate corresponding fragments, and then the fair-end host 100 forms the fragments into a new sharing unit. For example, assume that the first client host 110 (referred to as "A") has a high-level shared unit with a value of "24", an x-coordinate of a value of "3" and a level value of "0"; the second client host 120 (abbreviated as "B") has a low A shared cell of a level with a value of "5", an x-coordinate of a value of "4" and a level of a value of "1". A and B perform secure multi-party calculations, and generate new shared units (namely: the first new shared unit and the second new shared unit) to the impartial host 100 (referred to as "AMIS") without disclosing the private key. The steps are as follows :

1. AMIS產生x座標及層級值,如:x座標為數值「7」、層級值為數值「1」,並且分別傳送給A及B。1. AMIS generates the x-coordinate and level value, for example, the x-coordinate is the value "7" and the level value is "1", and sends them to A and B respectively.

2. 當A接收到AMIS的x座標及層級值後,若正確便計算0*24。同樣地,B也計算1*5。其中,數值24是在多項式為「f(x) = 5x + 9」時,將x座標帶入所計算出的值;數值5則是「f’(x) = 5」。特別要說明的是,層級值為0代表多項式不用微分;層級值為1代表多項式的一次微分;層級值為2代表多項式的二次微分,並以此類推。2. After receiving the x-coordinate and level value of AMIS, A calculates 0*24 if it is correct. Similarly, B also calculates 1*5. Among them, the value 24 is the value calculated by substituting the x coordinate into the polynomial when the polynomial is "f(x) = 5x + 9"; the value 5 is "f'(x) = 5". In particular, a level value of 0 means no differentiation of the polynomial; a level value of 1 means the first differential of the polynomial; a level value of 2 means the second differential of the polynomial, and so on.

3. A隨機選擇一個數字a在[0, P-1]之中,其中,P為橢圓曲線的個數,則 a b= a 和 a amis= -a 滿足a b+ a amis= 0。同樣地,B也以前述方式隨機選取數字b,使得b a+ b amis= 5,且b a= b和 b amis= 5 - b。 3. A randomly selects a number a in [0, P-1], where P is the number of elliptic curves, then a b = a and a amis = -a satisfy a b + a amis = 0. Likewise, B also randomly picks a number b in the aforementioned manner, such that b a + b amis = 5, and b a = b and b amis = 5 - b.

4. A將a b傳送至B,同時B將b a傳送至A。接著,A計算s A= b a+a amis= b + a。至於B則計算s B= a b+ b amis= -a + 5 - b。此時,A會將s A傳送給AMIS;B則會將s B傳送給AMIS。 4. A sends a b to B, and B sends b a to A. Next, A calculates s A = b a + a amis = b + a. As for B calculate s B = a b + b amis = -a + 5 - b. At this point, A will send s A to AMIS; B will send s B to AMIS.

5. AMIS根據接收到的s A和s B,將自己的新共享單元「s amis」設定為「s A+ s B= b + a + (-a) + 5 – b = 5」。 5. Based on the received s A and s B , AMIS sets its new sharing unit "s amis " as "s A + s B = b + a + (-a) + 5 – b = 5".

第一客戶端主機110用以與公正端主機100相互連接,以及在第一區塊鏈網路101的第一帳戶具有第一資產,此第一客戶端主機110包含:第一確認模組111、第一執行模組112及第一交易模組113。其中,第一確認模組111用以在欲交換第一資產及第二資產時,向公正端主機100確認第二區塊鏈網路102的第二帳戶的擁有者,以及查詢第二帳戶是否具有第二資產的所有權,其確認方式是根據帳戶地址進行確認及查詢。在實際實施上,所述第一資產是指在第一區塊鏈網路101的數位資產,例如:比特幣、以太幣、代幣(Token)化的商品或服務等等,假設第一區塊鏈網路101為以太坊區塊鏈網路,代幣化是指基於ERC(Ethereum Request for Comment)協議,如:ERC-20、ERC-721等等,所發行的代幣。The first client host 110 is used to connect with the fair-end host 100, and the first account in the first blockchain network 101 has the first asset. The first client host 110 includes: a first confirmation module 111 , the first execution module 112 and the first transaction module 113 . Among them, the first confirmation module 111 is used to confirm the owner of the second account of the second blockchain network 102 to the impartial host 100 when the first asset and the second asset are to be exchanged, and to inquire whether the second account Has the ownership of the second asset, and its confirmation method is to confirm and inquire according to the account address. In actual implementation, the first asset refers to the digital assets in the first blockchain network 101, such as: Bitcoin, Ethereum, tokenized goods or services, etc., assuming that the first zone The blockchain network 101 is the Ethereum blockchain network, and tokenization refers to tokens issued based on the ERC (Ethereum Request for Comment) protocol, such as: ERC-20, ERC-721, etc.

第一執行模組112連接第一確認模組111,用以在確認及查詢無誤後,以安全多方計算執行分散式金鑰生成函式,以便在第一區塊鏈網路101產生第一暫存帳戶及其相應且具有不同等級的第一共享單元,例如:高等級的第一共享單元及低等級的第一共享單元,以及產生與所述第一共享單元相應且低等級的第一新共享單元的第一分片和與第二共享單元相應且低等級的第二新共享單元的第二分片以傳送至公正端主機100。實際上,產生這些共享單元(即:第一共享單元、第一新共享單元)的目的便是為了在滿足門檻式簽章的門檻時,獲得第一暫存帳戶的控制權。The first execution module 112 is connected to the first confirmation module 111, and is used to execute the distributed key generation function with secure multi-party computation after the confirmation and query are correct, so as to generate the first temporary in the first block chain network 101. deposit accounts and their corresponding first sharing units with different levels, for example: a first sharing unit of a high level and a first sharing unit of a low level, and generate a first new account corresponding to the first sharing unit and of a low level The first segment of the sharing unit and the second segment of the second new sharing unit corresponding to the second sharing unit and having a lower level are transmitted to the fair-side host 100 . In fact, the purpose of generating these sharing units (namely: the first sharing unit, the first new sharing unit) is to obtain control over the first temporary storage account when the threshold of the threshold signature is met.

第一交易模組113連接第一執行模組112,用以在第一暫存帳戶產生後,以區塊鏈交易方式將第一資產傳送至第一暫存帳戶。舉例來說,假設第一資產為10個比特幣,第一交易模組113會從第一帳戶轉移10個比特幣至第一暫存帳戶。在實際實施上,第一暫存帳戶是根據執行分散式金鑰生成函式產生的公鑰所轉換後的區塊鏈的地址,第一資產與第一暫存帳戶位於同一個區塊鏈網路(即:第一區塊鏈網路101)。The first transaction module 113 is connected to the first execution module 112, and is used for transferring the first asset to the first temporary storage account in the form of blockchain transaction after the first temporary storage account is generated. For example, assuming that the first asset is 10 bitcoins, the first transaction module 113 will transfer 10 bitcoins from the first account to the first temporary storage account. In actual implementation, the first temporary storage account is the address of the blockchain converted according to the public key generated by executing the distributed key generation function, and the first asset and the first temporary storage account are located in the same blockchain network road (ie: the first blockchain network 101).

接著,在第二客戶端主機120的部分,其用以與公正端主機100相互連接,以及在第二區塊鏈網路102的第二帳戶具有第二資產,所述第二客戶端主機120包含:第二確認模組121、第二執行模組122及第二交易模組123。其中,第二確認模組121用以在欲交換第一資產及第二資產時,向公正端主機100確認第一區塊鏈網路101的第一帳戶的擁有者,以及查詢第一帳戶是否具有第一資產的所有權。在實際實施上,其確認及查詢方式如同第一客戶端主機110的第一確認模組111。另外,所述第二資產是指在第二區塊鏈網路102的數位資產,其與第一資產的差異在於兩者位於不同的區塊鏈網路,舉例來說,假設第一資產為比特幣,則第二資產可能為以太幣。Next, in the part of the second client host 120, which is used to connect with the fair-end host 100, and the second account in the second blockchain network 102 has a second asset, the second client host 120 Including: a second confirmation module 121 , a second execution module 122 and a second transaction module 123 . Among them, the second confirmation module 121 is used to confirm the owner of the first account of the first blockchain network 101 to the impartial host 100 when the first asset and the second asset are to be exchanged, and to inquire whether the first account Have ownership of the first property. In actual implementation, the confirmation and inquiry method is similar to the first confirmation module 111 of the first client host 110 . In addition, the second asset refers to a digital asset on the second blockchain network 102, which differs from the first asset in that the two are located in different blockchain networks. For example, assuming that the first asset is Bitcoin, the second asset may be Ether.

第二執行模組122連接第二確認模組121,用以在確認及查詢無誤後,以安全多方計算執行分散式金鑰生成函式,以便以在第二區塊鏈網路102產生第二暫存帳戶及其相應且具有不同等級的第二共享單元,以及產生與第二共享單元相應且低等級的第二新共享單元的另一第二分片和與第一共享單元相應且低等級的第一新共享單元的另一第一分片以傳送至公正端主機100。實際上,產生這些共享單元(即:第二共享單元、第二新共享單元)的目的便是為了在滿足門檻式簽章的門檻時,獲得第二暫存帳戶的控制權。The second execution module 122 is connected to the second confirmation module 121, and is used to execute the distributed key generation function with secure multi-party computation after the confirmation and query are correct, so as to generate the second Temporary account and its corresponding second sharing unit with different level, and another second shard that generates a second new sharing unit corresponding to the second sharing unit and lower level and corresponding to the first sharing unit and lower level Another first segment of the first new shared unit is sent to the fair host 100 . In fact, the purpose of generating these sharing units (ie: the second sharing unit, the second new sharing unit) is to obtain control over the second temporary storage account when the threshold of the threshold signature is met.

第二交易模組123連接第二執行模組122,用以在第二暫存帳戶產生後,以區塊鏈交易方式將第二資產傳送至第二暫存帳戶。舉例來說,假設第二資產為50個以太幣,第二交易模組123會從第二帳戶將50個以太幣轉移至第二暫存帳戶。在實際實施上,第二暫存帳戶是根據執行分散式金鑰生成函式產生的公鑰所轉換後的區塊鏈的地址,第二資產與第二暫存帳戶位於同一個區塊鏈網路(即:第二區塊鏈網路102)。The second transaction module 123 is connected to the second execution module 122, and is used for transferring the second asset to the second temporary storage account in the form of blockchain transaction after the second temporary storage account is generated. For example, assuming that the second asset is 50 ETH, the second transaction module 123 will transfer 50 ETH from the second account to the second temporary storage account. In actual implementation, the second temporary storage account is the address of the blockchain converted according to the public key generated by executing the distributed key generation function, and the second asset and the second temporary storage account are located in the same blockchain network Road (ie: the second blockchain network 102).

其中,第一客戶端主機110儲存低等級的第一共享單元及高等級的第二共享單元,第二客戶端主機120儲存高等級的第一共享單元及低等級的第二共享單元,並且第一客戶端主機110及第二客戶端主機120允許選擇與公正端主機100一併執行門檻式簽章以分別根據所述第一共享單元及第一新共享單元控制第一暫存帳戶的第一資產,以及根據所述第二共享單元及第二新共享單元控制第二暫存帳戶的第二資產。另外,在實際實施上,第一客戶端主機110及第二客戶端主機120可選擇執行逐步交換協定(Gradual Exchange Protocol)以使第一客戶端主機110及第二客戶端主機120相互交換各自持有的低等級的第一共享單元及第二共享單元,並且在完成交換後,使第一客戶端主機110允許根據高等級的第二共享單元及低等級的第二共享單元控制第二暫存帳戶,以及使第二客戶端主機120允許根據高等級的第一共享單元及低等級的第一共享單元控制第一暫存帳戶。具體而言,逐步交換協定包含以下步驟:Wherein, the first client host 110 stores a low-level first shared unit and a high-level second shared unit, the second client host 120 stores a high-level first shared unit and a low-level second shared unit, and the second A client host 110 and a second client host 120 are allowed to choose to perform threshold signature together with the impartial host 100 to control the first temporary storage account according to the first sharing unit and the first new sharing unit respectively. asset, and a second asset controlling a second temporary storage account according to the second sharing unit and the second new sharing unit. In addition, in actual implementation, the first client host 110 and the second client host 120 may choose to implement a Gradual Exchange Protocol (Gradual Exchange Protocol) so that the first client host 110 and the second client host 120 exchange their respective There is a low-level first sharing unit and a second sharing unit, and after the exchange is completed, the first client host 110 is allowed to control the second temporary storage according to the high-level second sharing unit and the low-level second sharing unit account, and enabling the second client host 120 to allow the first temporary account to be controlled according to the high-level first sharing unit and the low-level first sharing unit. Specifically, the step-by-step exchange protocol consists of the following steps:

1. 使第一客戶端主機110及第二客戶端主機120分別隨機選擇r A,i值及r B,i值,並且皆在 [0, P-1] 的區間,其中,A代表第一客戶端主機110、B代表第二客戶端主機120、P為橢圓曲線群的個數(例如:256),以及i為正整數。 1. Make the first client host 110 and the second client host 120 randomly select r A, i values and r B, i values respectively, and both are in the interval [0, P-1], where A represents the first The client host 110, B represents the second client host 120, P is the number of elliptic curve groups (for example: 256), and i is a positive integer.

2. 將第一客戶端主機110的密文x及第二客戶端主機120的密文y拆分成k(即:k = P / 32,在此例 P = 256,因此 k = 8)等分以生成多個x i值及多個y i值,所述x i值滿足密文x = sum i2 32ix i、所述y i值滿足密文y = sum i2 32iy i,其中,k = P / 32,i為正整數滿足 1 <= i <= k,0 <= x i< 2 32且 0 <= y i< 2 322. Split the ciphertext x of the first client host 110 and the ciphertext y of the second client host 120 into k (ie: k = P / 32, in this example P = 256, so k = 8), etc. points to generate multiple x i values and multiple y i values, the x i values satisfy the ciphertext x = sum i 2 32i x i , and the y i values satisfy the ciphertext y = sum i 2 32i y i , where , k = P / 32, i is a positive integer satisfying 1 <= i <= k, 0 <= x i < 2 32 and 0 <= y i < 2 32 .

3.第一客戶端主機110計算D i值及E i值,所述D i值為{x iG + r A,iM}、E i值為{r A,iG},其中,G為橢圓曲線群的基點、M為第一客戶端主機的公鑰,第二客戶端主機120計算V i值及W i值,所述V i值為{y iG + r B,iN},所述W i值為{r B,iG},其中,N為第二客戶端主機120的公鑰。 3. The first client host 110 calculates the value of D i and the value of E i , the value of D i is {x i G + r A, i M}, and the value of E i is {r A, i G}, where G is the base point of the elliptic curve group, and M is the public key of the first client host, the second client host 120 calculates the V i value and the W i value, and the V i value is {y i G + r B,i N} , the value of W i is {r B, i G}, where N is the public key of the second client host 120 .

4. 第一客戶端主機110及第二客戶端主機120相互交換各自計算出的D i值及V i值,再依序交換所述E i值及所述W i值直到停止依序交換為止。 4. The first client host 110 and the second client host 120 exchange their calculated D i values and V i values with each other, and then exchange the E i values and the W i values in sequence until the sequential exchange is stopped .

特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that in actual implementation, the modules described in the present invention can be implemented in various ways, including software, hardware or any combination thereof. For example, in some implementations, each module can use software and hardware or one of them. In addition, the present invention can also be realized partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), complex programmable logic device (Complex Programmable Logic Device, CPLD), field programmable logic gate array (Field Programmable Gate Array, FPGA) and so on. The present invention can be a system, method and/or computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for causing a processor to implement various aspects of the present invention, the computer-readable storage medium may be a tangible and equipment. A computer readable storage medium may be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light signals through fiber optic cables), or transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded over a network, such as the Internet, local area network, wide area network, and/or wireless network to an external computer device or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in computer-readable storage media in each computing/processing device middle. The computer program instructions for performing the operations of the present invention may be assembly language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may be executed entirely on the computer, partly on the computer, as a stand-alone piece of software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server to execute.

請參閱「第2A圖」至「第2D圖」,「第2A圖」至「第2D圖」為本發明基於門檻式簽章的資產跨鏈交換方法之方法流程圖,其步驟包括:提供第一客戶端主機110,此第一客戶端主機110在第一區塊鏈網路101的第一帳戶具有第一資產、提供第二客戶端主機120,此第二客戶端主機120在第二區塊鏈網路102的第二帳戶具有第二資產,以及提供與第一客戶端主機110及第二客戶端主機120相互連接的公正端主機100(步驟210);當第一客戶端主機110及第二客戶端主機120欲相互交換第一資產及第二資產時,共同向公正端主機100確認第一帳戶及第二帳戶的擁有者是否分別為第一客戶端主機110及第二客戶端主機120,以及查詢第一帳戶及第二帳戶是否具有第一資產及第二資產的所有權(步驟220);第一客戶端主機110及第二客戶端主機120在確認及查詢無誤後,以安全多方計算執行分散式金鑰生成函式,用以在第一區塊鏈網路101產生第一暫存帳戶及其相應且具有不同等級的第一共享單元,以及在第二區塊鏈網路102產生第二暫存帳戶及其相應且具有不同等級的第二共享單元,其中,第一客戶端主機110儲存低等級的第一共享單元及高等級的第二共享單元,第二客戶端主機120儲存高等級的第一共享單元及低等級的第二共享單元(步驟230);第一客戶端主機110以區塊鏈交易方式將第一資產傳送至第一暫存帳戶,第二客戶端主機120以區塊鏈交易方式將第二資產傳送至第二暫存帳戶(步驟240);第一客戶端主機110及第二客戶端主機120以安全多方計算執行分散式金鑰生成函式,用以分別產生與第一共享單元相應的第一分片及另一第一分片,以及分別產生與第二共享單元相應的第二分片及另一第二分片,其中,第一客戶端主機110將產生的第一分片及第二分片傳送至公正端主機100,以及第二客戶端主機120將產生的另一第一分片及另一第二分片傳送至公正端主機100(步驟250);公正端主機100根據接收到的第一分片及另一第一分片組成第一新共享單元,以及根據接收到的第二分片及另一第二分片組成第二新共享單元(步驟260);第一客戶端主機110及第二客戶端主機120允許選擇與公正端主機100一併執行門檻式簽章以分別根據第一共享單元及第一新共享單元控制第一暫存帳戶的第一資產,以及根據第二共享單元及第二新共享單元控制第二暫存帳戶的第二資產(步驟270)。透過上述步驟,即可透過第一客戶端主機110及第二客戶端主機120以安全多方計算執行分散式金鑰生成函式,以便在不同的區塊鏈網路產生暫存帳戶,同時使公正端主機100、第一客戶端主機110及第二客戶端主機120具有相應於各暫存帳戶且不同等級的共享單元,當第一客戶端主機110及第二客戶端主機120欲交換不同區塊鏈網路的資產時,先將欲交換的資產轉移至相應暫存帳戶,再分別根據持有的共享單元執行門檻式簽章以獲得相應暫存帳戶的控制權,進而完成跨鏈交換資產。Please refer to "Figure 2A" to "Figure 2D". "Figure 2A" to "Figure 2D" are the flow charts of the method for asset cross-chain exchange based on the threshold signature of the present invention. The steps include: providing A client host 110, the first client host 110 has the first asset in the first account of the first block chain network 101, and a second client host 120 is provided, and the second client host 120 is in the second region The second account of the block chain network 102 has a second asset, and provides a fair end host 100 interconnected with the first client host 110 and the second client host 120 (step 210); when the first client host 110 and When the second client host 120 intends to exchange the first asset and the second asset with each other, it jointly confirms to the impartial host 100 whether the owners of the first account and the second account are the first client host 110 and the second client host respectively 120, and check whether the first account and the second account have the ownership of the first asset and the second asset (step 220); after the first client host 110 and the second client host 120 confirm and check that they are correct, they will use multiple security Calculate and execute the distributed key generation function to generate the first temporary storage account and its corresponding first sharing unit with different levels in the first blockchain network 101, and generate the first temporary account in the second blockchain network 102 Generate a second temporary account and its corresponding second shared unit with different levels, wherein the first client host 110 stores the first shared unit with a low level and the second shared unit with a high level, and the second client host 120 Store the high-level first shared unit and the low-level second shared unit (step 230); the first client host 110 sends the first asset to the first temporary storage account in a blockchain transaction, and the second client host 120 transmits the second asset to the second temporary storage account in the form of a blockchain transaction (step 240); the first client host 110 and the second client host 120 execute the distributed key generation function with secure multi-party computing, and use to respectively generate a first fragment and another first fragment corresponding to the first sharing unit, and respectively generate a second fragment and another second fragment corresponding to the second sharing unit, wherein the first client The host 110 transmits the generated first fragment and the second fragment to the fair-end host 100, and the second client host 120 transmits another first fragment and another second fragment generated to the fair-end host 100 (Step 250); the impartial host 100 forms a first new sharing unit according to the received first fragment and another first fragment, and forms a second shared unit according to the received second fragment and another second fragment New sharing unit (step 260); the first client host 110 and the second client host 120 are allowed to choose to perform threshold signature together with the impartial host 100 to control the first sharing unit and the first new sharing unit respectively. A first asset of an escrow account, and a second asset of a second escrow account controlled according to the second sharing unit and the second new sharing unit (step 270 ). Through the above steps, the distributed key generation function can be executed by secure multi-party computing through the first client host 110 and the second client host 120, so as to generate temporary accounts in different blockchain networks, and at the same time make fair The end host 100, the first client host 110 and the second client host 120 have sharing units corresponding to each temporary storage account and different levels, when the first client host 110 and the second client host 120 want to exchange different blocks When linking the assets of the network, first transfer the assets to be exchanged to the corresponding temporary storage account, and then execute the threshold signature according to the shared units held to obtain the control of the corresponding temporary storage account, and then complete the cross-chain exchange of assets.

另外,在步驟270之後,第一客戶端主機110及第二客戶端主機120可選擇執行逐步交換協定(Gradual Exchange Protocol)以使第一客戶端主機110及第二客戶端主機120相互交換各自持有的低等級的第一共享單元及第二共享單元,並且在完成交換後,使第一客戶端主機110允許根據高等級的第二共享單元及低等級的第二共享單元控制第二暫存帳戶,以及使第二客戶端主機120允許根據高等級的第一共享單元及低等級的第一共享單元控制第一暫存帳戶(步驟280)。換句話說,第一客戶端主機110或第二客戶端主機120可以直接根據自己原本持有的高等級的第一共享單元,以及交換後所得到的低等級的第一共享單元進行門檻式簽章運算,無須與其它方的主機配合即可自行將資產歸戶。在實際實施上,逐步交換協定如「第2D圖」所示意,其包含:使第一客戶端主機110及第二客戶端主機120分別隨機選擇r A,i值及r B,i值,並且皆在 [0, P-1] 的區間,其中,A代表第一客戶端主機110、B代表第二客戶端主機120、P為橢圓曲線群的個數,以及i為正整數(步驟281);將第一客戶端主機110的密文x及第二客戶端主機120的密文y拆分成k等分(即:k = P / 32,假設 P = 256,則 k = 8)以生成多個x i值及多個y i值,所述x i值滿足密文x =  sum i2 32ix i、所述y i值滿足密文y = sum i2 32iy i,其中,k = P / 32,i為正整數滿足 0 <= i <= k,0 <= x i< 2 32且 0 <= y i< 2 32(步驟282);第一客戶端主機110計算D i值及E i值,所述D i值為{x iG + r A,iM}、E i值為{r A,iG},其中,G為橢圓曲線群的基點、M為第一客戶端主機110的公鑰,第二客戶端主機120計算V i值及W i值,所述V i值為{y iG + r B,iN},所述W i值為{r B,iG},其中,N為第二客戶端主機120的公鑰(步驟283);第一客戶端主機110及第二客戶端主機120相互交換各自計算出的D i值及V i值,再依序交換所述E i值及所述W i值直到停止依序交換為止(步驟284)。如此一來,便可根據相互交換的值計算出對方的密文(即:密文x與密文y)進而實現交換低等級的共享單元的目的。 In addition, after step 270, the first client host 110 and the second client host 120 may choose to implement a Gradual Exchange Protocol (Gradual Exchange Protocol) so that the first client host 110 and the second client host 120 exchange their There is a low-level first sharing unit and a second sharing unit, and after the exchange is completed, the first client host 110 is allowed to control the second temporary storage according to the high-level second sharing unit and the low-level second sharing unit account, and enabling the second client host 120 to allow the first temporary account to be controlled according to the high-level first sharing unit and the low-level first sharing unit (step 280 ). In other words, the first client host 110 or the second client host 120 can directly perform threshold signing based on the high-level first shared unit originally held by itself and the low-level first shared unit obtained after the exchange. Chapter calculation, without the need to cooperate with other parties' hosts, the assets can be returned to the household by itself. In actual implementation, the step-by-step exchange protocol is shown in "Figure 2D", which includes: making the first client host 110 and the second client host 120 randomly select r A,i values and r B,i values respectively, and All are in the interval [0, P-1], wherein, A represents the first client host 110, B represents the second client host 120, P is the number of elliptic curve groups, and i is a positive integer (step 281) ; Split the ciphertext x of the first client host 110 and the ciphertext y of the second client host 120 into k equal parts (ie: k = P / 32, assuming P = 256, then k = 8) to generate A plurality of x i values and a plurality of y i values, the x i values satisfy the ciphertext x = sum i 2 32i x i , and the y i values satisfy the ciphertext y = sum i 2 32i y i , where k = P / 32, i is a positive integer satisfying 0 <= i <= k, 0 <= x i < 2 32 and 0 <= y i < 2 32 (step 282); the first client host 110 calculates the D i value and The value of E i , the value of D i is {x i G + r A, i M}, and the value of E i is {r A, i G}, wherein G is the base point of the elliptic curve group, and M is the first client The public key of the host 110, the second client host 120 calculates the V i value and the W i value, the V i value is {y i G + r B, i N}, and the W i value is {r B, i G}, wherein, N is the public key of the second client host 120 (step 283); the first client host 110 and the second client host 120 exchange their calculated D i values and V i values, and then according to The E i value and the W i value are exchanged sequentially until the sequential exchange is stopped (step 284). In this way, the other party's ciphertext (ie: ciphertext x and ciphertext y) can be calculated according to the exchanged values, and then the purpose of exchanging low-level shared units can be realized.

以下配合「第3圖」至「第4B圖」以實施例的方式進行如下說明,請參閱「第3圖」,「第3圖」為應用本發明生成共享單元之示意圖。在執行分散式金鑰生成函式生成共享單元時,第一客戶端主機110(以下簡稱為「A」)與第二客戶端主機120(以下簡稱為「B」)會有自己的x座標,如:3及4,並且根據自己的等級選擇層級值,例如:高等級選擇的層級值為數值0;低等級選擇的層級值為數值1。假設A為高等級、B為低等級,兩者分別隨機選擇一個一次多項式(311、312),如:「f(x) = 3 * x + 5」及「g(x) = 10 * x + 19」。接著,基於安全多方計算,A會根據各方的x座標和層級值計算「f(3) = 14」及「f’(4) = 3」,其中,由於B的層級值為數值1,代表需要對欲帶入B的x座標的一次多項式先進行一次微分後再帶入計算。同樣地,B會根據各方的x座標和層級值計算「g(3) = 49」及「g’(4) = 10」。然後,A將「f’(4) = 3」傳給B;B將「g(3) = 49」傳給A。此時,A即可令自己的共享單元(即:與第一暫存帳戶相應的第一共享單元)為「f(3) + g(3) = 63」;B則令自己的共享單元(即:與第一暫存帳戶相應的另一個第一共享單元)為「f’(4) + g’(4) = 13」,至此,A獲得自己的共享單元為「63」、B獲得自己的共享單元為「13」。特別要說明的是,為了方便說明,上述皆以簡單的數值進行示意,實際上,x座標及共享單元通常是非常大的數值。The following description will be made in the form of an embodiment in conjunction with "Figure 3" to "Figure 4B", please refer to "Figure 3", "Figure 3" is a schematic diagram of the application of the present invention to generate a shared unit. When executing the distributed key generation function to generate a shared unit, the first client host 110 (hereinafter referred to as "A") and the second client host 120 (hereinafter referred to as "B") will have their own x-coordinates, For example: 3 and 4, and select the level value according to your own level, for example: the value of the level selected by the high level is 0; the value of the level selected by the low level is 1. Assuming that A is a high grade and B is a low grade, both randomly select a first-degree polynomial (311, 312), such as: "f(x) = 3 * x + 5" and "g(x) = 10 * x + 19". Then, based on secure multi-party computation, A will calculate "f(3) = 14" and "f'(4) = 3" based on the x-coordinates and level values of all parties, where, since B's level value is 1, it means It is necessary to differentiate the first-order polynomial to be brought into the x-coordinate of B before bringing it into the calculation. Similarly, B will calculate "g(3) = 49" and "g'(4) = 10" based on the x-coordinates and level values of each party. Then, A passes "f'(4) = 3" to B; B passes "g(3) = 49" to A. At this point, A can set his own sharing unit (ie: the first sharing unit corresponding to the first temporary storage account) to "f(3) + g(3) = 63"; B can set his own sharing unit ( That is: another first shared unit corresponding to the first temporary storage account) is "f'(4) + g'(4) = 13", so far, A gets his own shared unit as "63", and B gets his own The shared unit for is "13". It should be noted that, for the convenience of description, the above are all illustrated with simple numerical values. In fact, the x-coordinate and the shared unit are usually very large numerical values.

如「第4A圖」及「第4B圖」所示意,「第4A圖」及「第4B圖」為應用本發明進行資產跨鏈交換之示意圖。假設第一客戶端主機110在比特幣區塊鏈網路中有一個帳戶(即:第一帳戶401),此帳戶中的一筆資產(如:20個比特幣)為第一資產;第二客戶端主機120在以太坊區塊鏈網路中有一個帳戶(即:第二帳戶402),此帳戶中的一筆資產(如:10個以太幣)為第二資產。 當第一客戶端主機110和第二客戶端主機120要交換第一資產及第二資產時,雙方會向公正端主機100確認第一帳戶401及第二帳戶402的擁有者,以及查詢第一帳戶401/第二帳戶402是否具有第一資產/第二資產的所有權。當確認及查詢無誤後,第一客戶端主機110及第二客戶端主機120會分別執行分散式金鑰生成函式,用以產生第一暫存帳戶411及第二暫存帳戶412,並且使第一客戶端主機110獲得與第一暫存帳戶411相應的低等級的共享單元(即:第一共享單元421),以及與第二暫存帳戶412相應的高等級的共享單元(即:第二共享單元431);使第二客戶端主機120獲得與第一暫存帳戶411相應的高等級的共享單元(即:第一共享單元422),以及與第二暫存帳戶412相應的低等級的共享單元(即:第二共享單元432)。接下來,第一客戶端主機110將第一帳戶401內的第一資產轉入第一暫存帳戶411,第二客戶端主機120則將第二帳戶402內的第二資產轉入第二暫存帳戶412。As shown in "Figure 4A" and "Figure 4B", "Figure 4A" and "Figure 4B" are schematic diagrams of cross-chain asset exchange using the present invention. Assume that the first client host 110 has an account (ie: the first account 401) in the Bitcoin blockchain network, and an asset in this account (such as: 20 bitcoins) is the first asset; the second client The end host 120 has an account (ie: the second account 402 ) in the Ethereum blockchain network, and an asset (eg: 10 ETH) in this account is the second asset. When the first client host 110 and the second client host 120 want to exchange the first asset and the second asset, both parties will confirm the owners of the first account 401 and the second account 402 to the impartial host 100, and query the first Whether the account 401/second account 402 has ownership of the first asset/second asset. After confirmation and query are correct, the first client host 110 and the second client host 120 will respectively execute the distributed key generation function to generate the first temporary storage account 411 and the second temporary storage account 412, and use The first client host 110 obtains a low-level sharing unit corresponding to the first temporary storage account 411 (ie, the first sharing unit 421 ), and a high-level sharing unit corresponding to the second temporary storage account 412 (ie, the first sharing unit 412 ). Two sharing unit 431); make the second client host 120 obtain the high-level sharing unit corresponding to the first temporary storage account 411 (ie: the first sharing unit 422 ), and the low-level corresponding to the second temporary storage account 412 shared unit (namely: the second shared unit 432). Next, the first client host 110 transfers the first asset in the first account 401 to the first temporary account 411, and the second client host 120 transfers the second asset in the second account 402 to the second temporary account. deposit account 412.

接著,如「第4B圖」所示意,第一客戶端主機110與第二客戶端主機120在得知公正端主機100的x座標及層級值後,將再次執行分散式金鑰生成函式,用以新增與第一共享單元(421、422)相應且低等級的第一新共享單元423,以及與第二共享單元(431、432)相應且低等級的第二新共享單元433。具體來說,第一客戶端主機110會產生與第一共享單元(421、422)相應的第一分片441和與第二共享單元(431、432)相應的第二分片442;第二客戶端主機120會產生與第一共享單元(421、422)相應的另一第一分片451和與第二共享單元(431、432)相應的另一第二分片452,接著,第一客戶端主機110將產生的第一分片441及第二分片442傳送至公正端主機100;第二客戶端主機120將產生的另一第一分片451及另一第二分片452傳送至公正端主機100,如此一來,公正端主機100便能夠根據接收到的第一分片441及另一第一分片451組成第一新共享單元423,以及根據接收到的第二分片442及另一第二分片452組成第二新共享單元433。此時,第二客戶端主機120與公正端主機100分別有以太幣地址的低等級共享單元(即:第二共享單元431和第二新共享單元433),第一客戶端主機110則擁有以太幣地址的高等級共享單元(即:第二共享單元432);第一客戶端主機110與公正端主機100分別有比特幣地址的低等級共享單元(即:第一共享單元421和第二新共享單元433),第二客戶端主機120則擁有比特幣地址的高等級共享單元(即:第一共享單元422)。因此,要控制第一暫存帳戶的第一資產一定須要第二客戶端主機120以其共享單元參與門檻式簽章運算。同樣地,要控制第二暫存帳戶的第二資產一定須要第一客戶端主機110以其共享單元參與門檻式簽章運算。如此一來,第二客戶端主機120與公正端主機100可以共同根據高等級的第一共享單元422和低等級的第一新共享單元423取得第一暫存帳戶411的控制權;第一客戶端主機110與公正端主機100可以共同根據高等級的第二共享單元432和低等級的第二新共享單元433取得第二暫存帳戶412的控制權,進而實現資產跨鏈交換的目的。除此之外,第一客戶端主機110及第二客戶端主機120可選擇執行逐步交換協定以使第一客戶端主機110及第二客戶端主機120相互交換各自持有的低等級的第一共享單元及第二共享單元,並且在完成交換後,使第一客戶端主機110允許根據高等級的第二共享單元及低等級的第二共享單元控制第二暫存帳戶,以及使第二客戶端主機120允許根據高等級的第一共享單元及低等級的第一共享單元控制第一暫存帳戶。如此一來,即可在減少交易成本的前提下完成跨鏈交換資產,並且可以支援沒有智能合約(Smart Contract)的區塊鏈網路,同時也不用耗費佈署智能合約的成本,大幅提高跨鏈交換資產的可用性。Next, as shown in "FIG. 4B", after the first client host 110 and the second client host 120 know the x-coordinate and the level value of the impartial host 100, they will execute the distributed key generation function again, It is used to add a first new sharing unit 423 corresponding to the first sharing unit ( 421 , 422 ) and a lower level, and a second new sharing unit 433 corresponding to the second sharing unit ( 431 , 432 ) and a lower level. Specifically, the first client host 110 will generate the first fragment 441 corresponding to the first sharing unit (421, 422) and the second fragment 442 corresponding to the second sharing unit (431, 432); the second The client host 120 will generate another first fragment 451 corresponding to the first sharing unit (421, 422) and another second fragment 452 corresponding to the second sharing unit (431, 432), and then, the first The client host 110 transmits the generated first fragment 441 and the second fragment 442 to the impartial host 100; the second client host 120 transmits another first fragment 451 and another second fragment 452 generated to the fair-end host 100, so that the fair-end host 100 can form the first new sharing unit 423 according to the received first fragment 441 and another first fragment 451, and according to the received second fragment 442 and another second slice 452 form a second new shared unit 433 . At this time, the second client host 120 and the fair-end host 100 respectively have low-level sharing units of the Ethereum address (ie: the second sharing unit 431 and the second new sharing unit 433), and the first client host 110 has the Ethereum address The high-level sharing unit of the currency address (ie: the second sharing unit 432); the first client host 110 and the fair-side host 100 respectively have low-level sharing units of the bitcoin address (ie: the first sharing unit 421 and the second new sharing unit 433 ), the second client host 120 owns a high-level sharing unit of the bitcoin address (namely: the first sharing unit 422 ). Therefore, to control the first asset of the first temporary storage account, the second client host 120 must participate in the threshold signature calculation with its sharing unit. Similarly, to control the second assets of the second temporary storage account, the first client host 110 must participate in the threshold signature calculation with its sharing unit. In this way, the second client host 120 and the fair-end host 100 can jointly obtain the control right of the first temporary storage account 411 according to the high-level first sharing unit 422 and the low-level first new sharing unit 423; The end host 110 and the impartial end host 100 can jointly obtain the control right of the second temporary storage account 412 according to the high-level second sharing unit 432 and the low-level second new sharing unit 433 , so as to achieve the purpose of asset cross-chain exchange. In addition, the first client host 110 and the second client host 120 may choose to implement a step-by-step exchange protocol so that the first client host 110 and the second client host 120 exchange their respective low-level first sharing unit and the second sharing unit, and after completing the exchange, make the first client host 110 allow to control the second temporary account according to the second sharing unit of the high level and the second sharing unit of the low level, and make the second client The end host 120 allows controlling the first escrow account according to the high-level first sharing unit and the low-level first sharing unit. In this way, cross-chain asset exchange can be completed while reducing transaction costs, and it can support blockchain networks without smart contracts (Smart Contract). Availability of on-chain swap assets.

綜上所述,可知本發明與先前技術之間的差異在於透過第一客戶端主機及第二客戶端主機以安全多方計算執行分散式金鑰生成函式,以便在不同的區塊鏈網路產生暫存帳戶,同時使公正端主機、第一客戶端主機及第二客戶端主機具有相應於各暫存帳戶且不同等級的共享單元,當第一客戶端主機及第二客戶端主機欲交換不同區塊鏈網路的資產時,先將欲交換的資產轉移至相應暫存帳戶,再分別根據持有的共享單元執行門檻式簽章以獲得相應暫存帳戶的控制權,進而完成跨鏈交換資產,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高跨鏈交換資產的高可用性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art lies in that the distributed key generation function is executed by secure multi-party computation through the first client host and the second client host, so that different blockchain networks can Generate a temporary storage account, and at the same time make the fair end host, the first client host and the second client host have sharing units corresponding to each temporary storage account and different levels, when the first client host and the second client host want to exchange For assets of different blockchain networks, first transfer the assets to be exchanged to the corresponding temporary storage account, and then perform threshold signatures according to the shared units held to obtain control of the corresponding temporary storage account, and then complete the cross-chain Exchange assets, through this technical means, can solve the problems existing in the previous technology, and then achieve the technical effect of improving the high availability of cross-chain exchange assets.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above with the aforementioned embodiments, it is not intended to limit the present invention. Any person familiar with similar skills may make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to what is defined in the scope of patent application attached to this manual.

101:第一區塊鏈網路 102:第二區塊鏈網路 100:公正端主機 110:第一客戶端主機 111:第一確認模組 112:第一執行模組 113:第一交易模組 120:第二客戶端主機 121:第二確認模組 122:第二執行模組 123:第二交易模組 311,312:一次多項式 401:第一帳戶 402:第二帳戶 411:第一暫存帳戶 412:第二暫存帳戶 421,422:第一共享單元 431,432:第二共享單元 423:第一新共享單元 433:第二新共享單元 441:第一分片 442:第二分片 451:另一第一分片 452:另一第二分片 步驟210:提供一第一客戶端主機,該第一客戶端主機在一第一區塊鏈網路的一第一帳戶具有一第一資產、提供一第二客戶端主機,該第二客戶端主機在一第二區塊鏈網路的一第二帳戶具有一第二資產,以及提供與該第一客戶端主機及該第二客戶端主機相互連接的一公正端主機 步驟220:當該第一客戶端主機及該第二客戶端主機欲相互交換該第一資產及該第二資產時,共同向該公正端主機確認該第一帳戶及該第二帳戶的擁有者是否分別為該第一客戶端主機及該第二客戶端主機,以及查詢該第一帳戶及該第二帳戶是否具有該第一資產及該第二資產的所有權 步驟230:該第一客戶端主機及該第二客戶端主機在確認及查詢無誤後,以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,用以在該第一區塊鏈網路產生一第一暫存帳戶及其相應且具有不同等級的多個第一共享單元,以及在該第二區塊鏈網路產生一第二暫存帳戶及其相應且具有不同等級的多個第二共享單元,其中,該第一客戶端主機儲存低等級的所述第一共享單元及高等級的所述第二共享單元,該第二客戶端主機儲存高等級的所述第一共享單元及低等級的所述第二共享單元 步驟240:該第一客戶端主機將該第一資產傳送至該第一暫存帳戶,該第二客戶端主機將該第二資產傳送至該第二暫存帳戶 步驟250:該第一客戶端主機及該第二客戶端主機以安全多方計算執行該分散式金鑰生成函式,用以分別產生與所述第一共享單元相應的一第一分片及另一第一分片,以及分別產生與所述第二共享單元相應的一第二分片及另一第二分片,其中,該第一客戶端主機將產生的該第一分片及該第二分片傳送至該公正端主機,該第二客戶端主機將產生的該另一第一分片及該另一第二分片傳送至該公正端主機 步驟260:該公正端根據接收到的該第一分片及該另一第一分片組合成低等級的一第一新共享單元,以及根據接收到的該第二分片及該另一第二分片組合成低等級的一第二新共享單元 步驟270:該第一客戶端主機及該第二客戶端主機允許選擇與該公正端主機一併執行門檻式簽章以分別根據所述第一共享單元及該第一新共享單元產生一第一簽章訊息以轉移第一暫存帳戶的該第一資產,以及根據所述第二共享單元及該第二新共享單元產生一第二簽章訊息以轉移該第二暫存帳戶的該第二資產 步驟280:該第一客戶端主機及該第二客戶端主機選擇執行一逐步交換協定(Gradual Exchange Protocol)以使該第一客戶端主機及該第二客戶端主機相互交換各自持有的低等級的所述第一共享單元及所述第二共享單元,並且在完成交換後,使該第一客戶端主機允許根據高等級的所述第二共享單元及低等級的所述第二共享單元控制該第二暫存帳戶,以及使該第二客戶端主機允許根據高等級的所述第一共享單元及低等級的所述第一共享單元控制該第一暫存帳戶簽章 步驟281:使該第一客戶端主機及該第二客戶端主機分別隨機選擇一r A,i值及一r B,i值,並且皆在 [0, P-1] 的區間,其中,A代表該第一客戶端主機、B代表該第二客戶端主機、P為橢圓曲線群的個數,以及i為正整數 步驟282:將該第一客戶端主機的一密文x及該第二客戶端主機的一密文y拆分成k等分以生成多個x i值及多個y i值,所述x i值滿足該密文x = sum i2 32ix i、所述y i值滿足該密文y = sum i2 32iy i,其中,k = P / 32,i為正整數滿足 1 <= i <= k,0 <= x i< 2 32且 0 <= y i< 2 32步驟283:該第一客戶端主機計算一D i值及一E i值,該D i值為{x iG + r A,iM},該E i值為{r A,iG},其中,G為橢圓曲線群的基點、M為該第一客戶端主機的公鑰,該第二客戶端主機計算一V i值及一W i值,該V i值為{y iG + r B,iN},該W i值為{r B,iG},其中,N為該第二客戶端主機的公鑰 步驟284:該第一客戶端主機及該第二客戶端主機相互交換各自計算出的所述D i值及所述V i值,再依序交換所述E i值及所述W i值直到停止依序交換為止 101: the first blockchain network 102: the second blockchain network 100: the impartial host 110: the first client host 111: the first confirmation module 112: the first execution module 113: the first transaction module Group 120: second client host 121: second confirmation module 122: second execution module 123: second transaction module 311, 312: first-order polynomial 401: first account 402: second account 411: first temporary storage account 412: Second Temporary Account 421, 422: First Shared Unit 431, 432: Second Shared Unit 423: First New Shared Unit 433: Second New Shared Unit 441: First Shard 442: Second Shard 451: Another First Shard A shard 452: another second shard Step 210: provide a first client host with a first asset in a first account in a first blockchain network, provide a a second client host having a second asset in a second account on a second blockchain network and providing interconnection with the first client host and the second client host Step 220: when the first client host and the second client host intend to exchange the first asset and the second asset, jointly confirm the first account and the second asset to the fair end host Whether the owners of the two accounts are the first client host and the second client host respectively, and query whether the first account and the second account have the ownership of the first asset and the second asset Step 230: the The first client host and the second client host execute a distributed key generation function using Secure Multi-Party Computation (MPC) after confirming and querying that they are correct. The chain network generates a first temporary storage account and its corresponding multiple first shared units with different levels, and generates a second temporary storage account and its corresponding and different levels of shared units in the second block chain network. A plurality of second shared units, wherein the first client host stores the first shared unit at a low level and the second shared unit at a high level, and the second client host stores the first shared unit at a high level Sharing unit and the second sharing unit of lower level Step 240: the first client host transfers the first asset to the first temporary storage account, and the second client host transfers the second asset to the second Two Temporary Accounts Step 250: The first client host and the second client host execute the distributed key generation function by secure multi-party computation, so as to generate a first corresponding to the first sharing unit respectively. Fragment and another first fragment, and respectively generate a second fragment and another second fragment corresponding to the second sharing unit, wherein, the first client host will generate the first fragment The first fragment and the second fragment are sent to the fair-end host, and the second client host sends the other first fragment and the other second fragment to the fair-end host. Step 260: the fair-end According to the received first fragment and the other A slice is combined into a low-level first new shared unit, and a low-level second new shared unit is combined according to the received second slice and the other second slice Step 270: the first The client host and the second client host are allowed to choose to implement threshold signature together with the impartial host to generate a first signature message according to the first sharing unit and the first new sharing unit to transfer the second The first asset of a temporary storage account, and a second signature message generated according to the second sharing unit and the second new sharing unit to transfer the second asset of the second temporary storage account Step 280: the first A client host and the second client host choose to implement a Gradual Exchange Protocol (Gradual Exchange Protocol) to enable the first client host and the second client host to exchange the low-level first share unit and the second share unit, and after the exchange is completed, enable the first client host to allow the second temporary storage to be controlled according to the second share unit at a higher level and the second share unit at a lower level account, and make the second client host allow to control the first temporary account signature according to the first sharing unit of the high level and the first sharing unit of the low level. Step 281: Make the first client host and the second client host randomly select a r A,i value and a r B,i value respectively, and both are in the interval [0, P-1], wherein A represents the first client host, B represents The second client host, P is the number of elliptic curve groups, and i is a positive integer Step 282: Split a ciphertext x of the first client host and a ciphertext y of the second client host Divided into k to generate multiple x i values and multiple y i values, the x i values satisfy the ciphertext x = sum i 2 32i x i , the y i values satisfy the ciphertext y = sum i 2 32i y i , wherein, k = P / 32, i is a positive integer satisfying 1 <= i <= k, 0 <= x i < 2 32 and 0 <= y i < 2 32 Step 283: The first client The host computer calculates a D i value and an E i value, the D i value is {x i G + r A, i M}, the E i value is {r A, i G}, wherein, G is the elliptic curve group Base point, M is the public key of the first client host, the second client host calculates a V i value and a W i value, the V i value is {y i G + r B, i N}, the W The value of i is {r B, i G}, wherein N is the public key of the second client host. Step 284: The first client host and the second client host exchange the D i calculated respectively. value and the V i value, and then exchange the E i value and the W i value in sequence until the sequential exchange is stopped

第1圖為本發明基於門檻式簽章的資產跨鏈交換系統之系統方塊圖。 第2A圖至第2D圖為本發明基於門檻式簽章的資產跨鏈交換方法之方法流程圖。 第3圖為應用本發明產生共享單元之示意圖。 第4A圖及第4B圖為應用本發明進行資產跨鏈交換之示意圖。 Figure 1 is a system block diagram of the asset cross-chain exchange system based on the threshold signature of the present invention. Fig. 2A to Fig. 2D are the method flow charts of the asset cross-chain exchange method based on the threshold signature of the present invention. Fig. 3 is a schematic diagram of applying the present invention to generate a shared unit. Figure 4A and Figure 4B are schematic diagrams of asset cross-chain exchange using the present invention.

101:第一區塊鏈網路 101: The first blockchain network

102:第二區塊鏈網路 102: Second blockchain network

100:公正端主機 100: impartial host

110:第一客戶端主機 110: the first client host

111:第一確認模組 111: The first confirmation module

112:第一執行模組 112: The first execution module

113:第一交易模組 113: The first trading module

120:第二客戶端主機 120: Second client host

121:第二確認模組 121: The second confirmation module

122:第二執行模組 122: The second execution module

123:第二交易模組 123: Second trading module

Claims (8)

一種基於門檻式簽章的資產跨鏈交換系統,該系統包含: 一公正端主機,用以接收一第一分片、另一第一分片、一第二分片及另一第二分片,並且根據該第一分片及該另一第一分片組成低等級的一第一新共享單元,以及根據該第二分片及該另一第二分片組成低等級的一第二新共享單元; 一第一客戶端主機,用以與該公正端主機相互連接,以及在一第一區塊鏈網路的一第一帳戶具有一第一資產,該第一客戶端主機包含: 一第一確認模組,用以在欲交換該第一資產及一第二資產時,向該公正端主機確認一第二區塊鏈網路的一第二帳戶的擁有者,以及查詢該第二帳戶是否具有該第二資產的所有權; 一第一執行模組,連接該第一確認模組,用以在確認及查詢無誤後,以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式以在該第一區塊鏈網路產生一第一暫存帳戶及其相應且具有不同等級的多個第一共享單元,以及產生與所述第一共享單元相應且低等級的該第一新共享單元的該第一分片和與多個第二共享單元相應且低等級的該第二新共享單元的該第二分片以傳送至該公正端主機;以及 一第一交易模組,連接該第一執行模組,用以在該第一暫存帳戶產生後,以區塊鏈交易方式將該第一資產傳送至該第一暫存帳戶;以及 一第二客戶端主機,用以與該公正端主機相互連接,以及在該第二區塊鏈網路的該第二帳戶具有該第二資產,該第二客戶端主機包含: 一第二確認模組,用以在欲交換該第一資產及該第二資產時,向該公正端主機確認該第一區塊鏈網路的該第一帳戶的擁有者,以及查詢該第一帳戶是否具有該第一資產的所有權; 一第二執行模組,連接該第二確認模組,用以在確認及查詢無誤後,以安全多方計算執行該分散式金鑰生成函式以在該第二區塊鏈網路產生一第二暫存帳戶及其相應且具有不同等級的所述第二共享單元,以及產生與所述第二共享單元相應且低等級的該第二新共享單元的該另一第二分片和與所述第一共享單元相應且低等級的該第一新共享單元的該另一第一分片以傳送至該公正端主機;以及 一第二交易模組,連接該第二執行模組,用以在該第二暫存帳戶產生後,以區塊鏈交易方式將該第二資產傳送至該第二暫存帳戶; 其中,該第一客戶端主機儲存低等級的所述第一共享單元及高等級的所述第二共享單元,該第二客戶端主機儲存高等級的所述第一共享單元及低等級的所述第二共享單元,並且該第一客戶端主機及該第二客戶端主機允許選擇與該公正端主機一併執行門檻式簽章以分別根據所述第一共享單元及該第一新共享單元控制第一暫存帳戶的該第一資產,以及根據所述第二共享單元及該第二新共享單元控制該第二暫存帳戶的該第二資產。 A cross-chain asset exchange system based on threshold signature, which includes: A fair-end host, used to receive a first fragment, another first fragment, a second fragment, and another second fragment, and compose according to the first fragment and the other first fragment A first new shared unit of low level, and a second new shared unit of low level formed according to the second slice and the other second slice; A first client host is used to connect with the fair-end host, and a first account in a first blockchain network has a first asset, the first client host includes: A first confirmation module, used to confirm the owner of a second account of a second block chain network to the impartial host when the first asset and a second asset are to be exchanged, and query the second account 2. Whether the account has ownership of the second asset; A first execution module, connected to the first confirmation module, is used to execute a distributed key generation function with Secure Multi-Party Computation (MPC) after the confirmation and query are correct. A block chain network generates a first temporary storage account and corresponding multiple first shared units with different levels, and generates the first new shared unit corresponding to the first shared unit and having a lower level The first segment and the second segment of the second new share unit corresponding to the plurality of second share units and lower-ranked are transmitted to the fair-end host; and A first transaction module, connected to the first execution module, is used to transfer the first asset to the first temporary storage account in the form of a blockchain transaction after the first temporary storage account is generated; and A second client host, used to connect with the fair-end host, and the second account in the second blockchain network has the second asset, the second client host includes: A second confirmation module, used to confirm the owner of the first account of the first blockchain network to the impartial host when the first asset and the second asset are to be exchanged, and query the second Whether an account has ownership of the first asset; A second execution module, connected to the second confirmation module, is used to execute the distributed key generation function by secure multi-party computation to generate a first Two temporary storage accounts and the second shared unit corresponding to them and having different levels, and generating the other second slice of the second new shared unit corresponding to the second shared unit and having a lower level and related to the second shared unit sending the another first segment of the first new shared unit corresponding to the first shared unit and lower level to the fair-side host; and A second transaction module, connected to the second execution module, used to transfer the second asset to the second temporary storage account in the form of blockchain transactions after the second temporary storage account is generated; Wherein, the first client host stores the low-level first shared unit and the high-level second shared unit, and the second client host stores the high-level first shared unit and the low-level all the second sharing unit, and the first client host and the second client host are allowed to choose to perform threshold signature together with the fair-end host to respectively perform controlling the first asset of the first escrow account, and controlling the second asset of the second escrow account according to the second sharing unit and the second new sharing unit. 如請求項1之基於門檻式簽章的資產跨鏈交換系統,其中該第一客戶端主機及該第二客戶端主機選擇執行一逐步交換協定(Gradual Exchange Protocol)以使該第一客戶端主機及該第二客戶端主機相互交換各自持有的低等級的所述第一共享單元及所述第二共享單元,並且在完成交換後,使該第一客戶端主機允許根據高等級的所述第二共享單元及低等級的所述第二共享單元控制該第二暫存帳戶,以及使該第二客戶端主機允許根據高等級的所述第一共享單元及低等級的所述第一共享單元控制該第一暫存帳戶。As in claim 1, the asset cross-chain exchange system based on threshold signature, wherein the first client host and the second client host choose to implement a Gradual Exchange Protocol (Gradual Exchange Protocol) so that the first client host and the second client host exchange the low-level first shared unit and the second shared unit held by each other, and after the exchange is completed, allow the first client host to allow according to the high-level said The second sharing unit and the second sharing unit of the lower level control the second temporary account, and allow the second client host to allow The unit controls the first temporary account. 如請求項2之基於門檻式簽章的資產跨鏈交換系統,其中該逐步交換協定包含執行下列步驟: 使該第一客戶端主機及該第二客戶端主機分別隨機選擇一r A,i值及一r B,i值,並且皆在 [0, P-1] 的區間,其中,A代表該第一客戶端主機、B代表該第二客戶端主機、P為橢圓曲線群的個數,以及i為正整數; 將該第一客戶端主機的一密文x及該第二客戶端主機的一密文y拆分成k等分以生成多個x i值及多個y i值,所述x i值滿足該密文x = sum i2 32ix i、所述y i值滿足該密文y = sum i2 32iy i,其中,k = P / 32,i為正整數滿足 1 <= i <= k, 0 <= x i< 2 32且 0 <= y i< 2 32; 該第一客戶端主機計算一D i值及一E i值,該D i值為{x iG + r A,iM},該E i值為{r A,iG},其中,G為橢圓曲線群的基點、M為該第一客戶端主機的公鑰,該第二客戶端主機計算一V i值及一W i值,該V i值為{y iG + r B,iN},該W i值為{r B,iG},其中,N為該第二客戶端主機的公鑰;以及 該第一客戶端主機及該第二客戶端主機相互交換各自計算出的所述D i值及所述V i值,再依序交換所述E i值及所述W i值直到停止依序交換為止。 Such as the asset cross-chain exchange system based on the threshold signature of claim 2, wherein the step-by-step exchange agreement includes the following steps: Make the first client host and the second client host randomly select a value of rA ,i respectively And a r B, i value, and all in the interval [0, P-1], wherein, A represents the first client host, B represents the second client host, P is the number of elliptic curve groups, and i is a positive integer; splitting a ciphertext x of the first client host and a ciphertext y of the second client host into k equal parts to generate multiple x i values and multiple y i values, The x i value satisfies the ciphertext x = sum i 2 32i x i , the y i value satisfies the ciphertext y = sum i 2 32i y i , wherein, k = P / 32, i is a positive integer satisfying 1 <= i <= k, 0 <= x i < 2 32 and 0 <= y i < 2 32 ; the first client host calculates a D i value and an E i value, and the D i value is {x i G + r A, i M}, the E i value is {r A, i G}, wherein, G is the base point of the elliptic curve group, M is the public key of the first client host, and the second client host Calculate a V i value and a W i value, the V i value is {y i G + r B, i N}, the W i value is {r B, i G}, where N is the second client the public key of the host; and the first client host and the second client host exchange the D i value and the V i value calculated respectively, and then exchange the E i value and the W i value in sequence i values until the sequential exchange is stopped. 如請求項1之基於門檻式簽章的資產跨鏈交換系統,其中該第一新共享單元的該第一分片及該另一第一分片,以及該第二新共享單元的該第二分片及該另一第二分片係該第一客戶端主機及該第二客戶端主機在執行該分散式金鑰生成函式時,同時將該公正端主機的x座標及層級值帶入計算所產生。The asset cross-chain exchange system based on threshold signature as in claim 1, wherein the first shard and the other first shard of the first new shared unit, and the second shard of the second new shared unit Fragmentation and the other second fragmentation are when the first client host and the second client host execute the distributed key generation function, simultaneously bring the x-coordinate and level value of the fair-end host into generated by the calculation. 一種基於門檻式簽章的資產跨鏈交換方法,其步驟包括: 提供一第一客戶端主機,該第一客戶端主機在一第一區塊鏈網路的一第一帳戶具有一第一資產、提供一第二客戶端主機,該第二客戶端主機在一第二區塊鏈網路的一第二帳戶具有一第二資產,以及提供與該第一客戶端主機及該第二客戶端主機相互連接的一公正端主機; 當該第一客戶端主機及該第二客戶端主機欲相互交換該第一資產及該第二資產時,共同向該公正端主機確認該第一帳戶及該第二帳戶的擁有者是否分別為該第一客戶端主機及該第二客戶端主機,以及查詢該第一帳戶及該第二帳戶是否具有該第一資產及該第二資產的所有權; 該第一客戶端主機及該第二客戶端主機在確認及查詢無誤後,以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,用以在該第一區塊鏈網路產生一第一暫存帳戶及其相應且具有不同等級的多個第一共享單元,以及在該第二區塊鏈網路產生一第二暫存帳戶及其相應且具有不同等級的多個第二共享單元,其中,該第一客戶端主機儲存低等級的所述第一共享單元及高等級的所述第二共享單元,該第二客戶端主機儲存高等級的所述第一共享單元及低等級的所述第二共享單元; 該第一客戶端主機以區塊鏈交易方式將該第一資產傳送至該第一暫存帳戶,該第二客戶端主機以區塊鏈交易方式將該第二資產傳送至該第二暫存帳戶; 該第一客戶端主機及該第二客戶端主機以安全多方計算執行該分散式金鑰生成函式,用以分別產生與所述第一共享單元相應的一第一分片及另一第一分片,以及分別產生與所述第二共享單元相應的一第二分片及另一第二分片,其中,該第一客戶端主機將產生的該第一分片及該第二分片傳送至該公正端主機,該第二客戶端主機將產生的該另一第一分片及該另一第二分片傳送至該公正端主機; 該公正端根據接收到的該第一分片及該另一第一分片組成低等級的一第一新共享單元,以及根據接收到的該第二分片及該另一第二分片組成低等級的一第二新共享單元;以及 該第一客戶端主機及該第二客戶端主機允許選擇與該公正端主機一併執行門檻式簽章以分別根據所述第一共享單元及該第一新共享單元控制第一暫存帳戶的該第一資產,以及根據所述第二共享單元及該第二新共享單元控制該第二暫存帳戶的該第二資產。 A cross-chain asset exchange method based on a threshold signature, the steps of which include: Provide a first client host with a first asset in a first account on a first blockchain network, provide a second client host with a second client host in a A second account of the second block chain network has a second asset, and provides a fair end host interconnected with the first client host and the second client host; When the first client host and the second client host intend to exchange the first asset and the second asset, they jointly confirm to the impartial host whether the owners of the first account and the second account are the first client host and the second client host, and inquiring whether the first account and the second account have ownership of the first asset and the second asset; The first client host and the second client host execute a distributed key generation function using Secure Multi-Party Computation (MPC) after confirming and querying that they are correct, and are used in the first area The block chain network generates a first temporary storage account and its corresponding multiple first shared units with different levels, and generates a second temporary storage account and its corresponding and different levels in the second blockchain network a plurality of second shared units, wherein the first client host stores the first shared unit with a low level and the second shared unit with a high level, and the second client host stores the first shared unit with a high level a shared unit and said second shared unit of lower rank; The first client host transfers the first asset to the first temporary storage account through a blockchain transaction, and the second client host transfers the second asset to the second temporary storage account through a blockchain transaction account; The first client host and the second client host use secure multi-party computation to execute the distributed key generation function to generate a first slice and another first slice corresponding to the first shared unit respectively. Fragmentation, and respectively generating a second fragmentation and another second fragmentation corresponding to the second sharing unit, wherein the first client host will generate the first fragmentation and the second fragmentation sending to the fair-end host, and the second client host sends the generated another first fragment and the other second fragment to the fair-end host; The impartial end forms a low-level first new shared unit based on the received first fragment and the other first fragment, and forms a low-level first new shared unit based on the received second fragment and the other second fragment A second new shared unit at a lower level; and The first client host and the second client host are allowed to choose to implement threshold signature together with the fair-end host to control the first temporary storage account according to the first sharing unit and the first new sharing unit respectively The first asset, and the second asset controlling the second temporary storage account according to the second sharing unit and the second new sharing unit. 如請求項5之基於門檻式簽章的資產跨鏈交換方法,其中該方法更包含該第一客戶端主機及該第二客戶端主機選擇執行一逐步交換協定(Gradual Exchange Protocol)以使該第一客戶端主機及該第二客戶端主機相互交換各自持有的低等級的所述第一共享單元及所述第二共享單元,並且在完成交換後,使該第一客戶端主機允許根據高等級的所述第二共享單元及低等級的所述第二共享單元控制該第二暫存帳戶,以及使該第二客戶端主機允許根據高等級的所述第一共享單元及低等級的所述第一共享單元控制該第一暫存帳戶的步驟。As in claim 5, the asset cross-chain exchange method based on threshold signature, wherein the method further includes that the first client host and the second client host choose to implement a Gradual Exchange Protocol (Gradual Exchange Protocol) so that the first A client host and the second client host exchange the low-level first shared unit and the second shared unit held by each other, and after completing the exchange, allow the first client host to allow The second sharing unit at a higher level and the second sharing unit at a lower level control the second temporary account and enable the second client host to allow The step of controlling the first temporary storage account by the first sharing unit is described. 如請求項6之基於門檻式簽章的資產跨鏈交換方法,其中該逐步交換協定包含執行下列步驟: 使該第一客戶端主機及該第二客戶端主機分別隨機選擇一r A,i值及一r B,i值,並且皆在 [0, P-1] 的區間,其中,A代表該第一客戶端主機、B代表該第二客戶端主機、P為橢圓曲線群的個數,以及i為正整數; 將該第一客戶端主機的一密文x及該第二客戶端主機的一密文y拆分成k等分以生成多個x i值及多個y i值,所述x i值滿足該密文x = sum i2 32ix i、所述y i值滿足該密文y = sum i2 32iy i,其中,k = P / 32,i為正整數滿足 1 <= i <= k, 0 <= x i< 2 32且 0 <= y i< 2 32; 該第一客戶端主機計算一D i值及一E i值,該D i值為{x iG + r A,iM},該E i值為{r A,iG},其中,G為橢圓曲線群的基點、M為該第一客戶端主機的公鑰,該第二客戶端主機計算一V i值及一W i值,該V i值為{y iG + r B,iN},該W i值為{r B,iG},其中,N為該第二客戶端主機的公鑰;以及 該第一客戶端主機及該第二客戶端主機相互交換各自計算出的所述D i值及所述V i值,再依序交換所述E i值及所述W i值直到停止依序交換為止。 As in claim 6, the asset cross-chain exchange method based on the threshold signature, wherein the step-by-step exchange agreement includes the following steps: Make the first client host and the second client host randomly select a value of rA ,i respectively And a r B, i value, and all in the interval [0, P-1], wherein, A represents the first client host, B represents the second client host, P is the number of elliptic curve groups, and i is a positive integer; splitting a ciphertext x of the first client host and a ciphertext y of the second client host into k equal parts to generate multiple x i values and multiple y i values, The x i value satisfies the ciphertext x = sum i 2 32i x i , the y i value satisfies the ciphertext y = sum i 2 32i y i , wherein, k = P / 32, i is a positive integer satisfying 1 <= i <= k, 0 <= x i < 2 32 and 0 <= y i < 2 32 ; the first client host calculates a D i value and an E i value, and the D i value is {x i G + r A, i M}, the E i value is {r A, i G}, wherein, G is the base point of the elliptic curve group, M is the public key of the first client host, and the second client host Calculate a V i value and a W i value, the V i value is {y i G + r B, i N}, the W i value is {r B, i G}, where N is the second client the public key of the host; and the first client host and the second client host exchange the D i value and the V i value calculated respectively, and then exchange the E i value and the W i value in sequence i values until the sequential exchange is stopped. 如請求項5之基於門檻式簽章的資產跨鏈交換方法,其中該第一新共享單元及該第二新共享單元係該第一客戶端主機及該第二客戶端主機在執行該分散式金鑰生成函式時,同時將該公正端主機的x座標及層級值帶入計算所產生。The asset cross-chain exchange method based on threshold signature as in claim 5, wherein the first new sharing unit and the second new sharing unit are the first client host and the second client host executing the decentralized When the key is generated, the x-coordinate and level value of the impartial host are brought into the calculation at the same time.
TW110108993A 2021-03-12 2021-03-12 Asset cross-chain exchanging system based on threshold signature scheme and method thereof TWI769738B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110108993A TWI769738B (en) 2021-03-12 2021-03-12 Asset cross-chain exchanging system based on threshold signature scheme and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110108993A TWI769738B (en) 2021-03-12 2021-03-12 Asset cross-chain exchanging system based on threshold signature scheme and method thereof

Publications (2)

Publication Number Publication Date
TWI769738B TWI769738B (en) 2022-07-01
TW202236130A true TW202236130A (en) 2022-09-16

Family

ID=83439448

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110108993A TWI769738B (en) 2021-03-12 2021-03-12 Asset cross-chain exchanging system based on threshold signature scheme and method thereof

Country Status (1)

Country Link
TW (1) TWI769738B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117592991B (en) * 2024-01-18 2024-04-26 暨南大学 Efficient blockchain cross-chain data exchange method based on threshold signature

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11329825B2 (en) * 2018-12-17 2022-05-10 Insights Network System and method for authenticating user identity
CN110046482A (en) * 2018-12-25 2019-07-23 阿里巴巴集团控股有限公司 Identity verification method and its system
CN112150284B (en) * 2020-09-22 2024-04-12 浙江数秦科技有限公司 Blockchain heterogeneous chain cross-chain transaction method
CN112396427B (en) * 2021-01-19 2021-04-23 北京连琪科技有限公司 Cross-chain interchange operation method for general scenes

Also Published As

Publication number Publication date
TWI769738B (en) 2022-07-01

Similar Documents

Publication Publication Date Title
US10972448B2 (en) Technologies for data broker assisted transfer of device ownership
US11601407B2 (en) Fast oblivious transfers
CN110866823B (en) Public link-based transaction method and block chain system
TWI828857B (en) Computer-implemented systems and methods for implementing transfers over a blockchain network
TWI809080B (en) Computer implemented method and system for transferring access to a digital asset
US20200127825A1 (en) Revocation of cryptographic keys in the absence of a trusted central authority
KR20200066257A (en) System and method for information protection
CN108683630A (en) The authentication method and device, electronic equipment of transregional piece of chain
CN110709875A (en) Method and system for establishing trusted peer-to-peer communication between nodes in a blockchain network
CN110945831B (en) Generation of anti-Sybil attack identities
EP3920464A1 (en) Method for storing transaction that represents asset transfer to distributed network and program for the same
TWI769738B (en) Asset cross-chain exchanging system based on threshold signature scheme and method thereof
CN111709053B (en) Operation method and operation device based on loose coupling transaction network
TWI759138B (en) Threshold signature scheme system based on inputting password and method thereof
CN111769945A (en) Auction processing method based on block chain and block chain link point
WO2021258107A1 (en) Systems and methods for encrypted, dark messaging continuity and bid negotiation over peer to peer (p2p) communication
CN112419017A (en) Auction method, auction device, electronic equipment and computer readable storage medium
TWI689194B (en) Threshold signature system based on secret sharing without dealer and method thereof
TWI782486B (en) Threshold and number of participation adjusting system for threshold signature scheme and method thereof
TWI737956B (en) Threshold signature system based on secret sharing and method thereof
TWI694349B (en) Threshold signature system with prevent memory dump and method thereof
US20230334040A1 (en) Methods and systems for storing data using a distributed ledger
TWI702820B (en) Secret sharing signature system with hierarchical mechanism and method thereof
JP7484037B1 (en) METHOD FOR PROVIDING USER IDENTIFICATION BASED ON ZERO-KNOWLEDGE PROOF IN BLOCKCHAIN NETWORK USING USER CERTIFICATION AND BLOCKCHAIN SYSTEM USING THE SAME
TW202349241A (en) Random number generation system for threshold signature scheme and method thereof