TW202239173A - Threshold signature scheme system based on inputting password and method thereof - Google Patents
Threshold signature scheme system based on inputting password and method thereof Download PDFInfo
- Publication number
- TW202239173A TW202239173A TW110109070A TW110109070A TW202239173A TW 202239173 A TW202239173 A TW 202239173A TW 110109070 A TW110109070 A TW 110109070A TW 110109070 A TW110109070 A TW 110109070A TW 202239173 A TW202239173 A TW 202239173A
- Authority
- TW
- Taiwan
- Prior art keywords
- value
- host
- password
- server
- client
- Prior art date
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Input From Keyboards Or The Like (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
本發明涉及一種簽章系統及其方法,特別是基於輸入密碼的門檻式簽章系統及其方法。The invention relates to a signature system and method thereof, in particular to a threshold type signature system and method based on input password.
近年來,隨著區塊鏈的普及與蓬勃發展,各種區塊鏈技術的改良手段便如雨後春筍般湧現。其中,又以區塊鏈錢包的安全性最受矚目。In recent years, with the popularization and vigorous development of blockchain, various improved methods of blockchain technology have sprung up like mushrooms. Among them, the security of the blockchain wallet has attracted the most attention.
一般而言,基於區塊鏈的數位貨幣是透過區塊鏈錢包來進行交易與簽章,傳統的區塊鏈錢包會儲存至少一組金鑰對(包含公鑰及私鑰),以便在交易時,使用私鑰來對交易進行簽章以證明自己是數位貨幣的合法擁有者,進而成功執行交易。因此,在這些數位貨幣的價值水漲船高的時代,如何確保區塊鏈錢包的安全性便顯得格外重要,傳統將完整的金鑰對直接儲存在區塊鏈錢包內的方式,因為其金鑰對容易遭到竊取或外洩,所以具有安全性不足的問題。Generally speaking, blockchain-based digital currencies are traded and signed through blockchain wallets. Traditional blockchain wallets store at least one set of key pairs (including public and private keys) for transaction When , use the private key to sign the transaction to prove that you are the legal owner of the digital currency, and then successfully execute the transaction. Therefore, in an era when the value of these digital currencies is rising, how to ensure the security of the blockchain wallet is particularly important. The traditional method of storing the complete key pair directly in the blockchain wallet is because the key pair is easy to It has been stolen or leaked, so there is a problem of insufficient security.
有鑑於此,便有廠商提出將私鑰以秘密共享演算法拆分並分開存放的技術手段,其透過秘密共享演算法將私鑰拆分成多個共享單元(Share),並且允許在共享單元的數量滿足門檻值時,通過數學運算直接根據這些共享單元產生符合簽章格式的簽章,而無須組合出私鑰,藉以降低私鑰洩漏的風險。然而,此種方式存在管理不便及安全性不佳的問題,例如:要使用網頁程式執行時,通常會將共享單元儲存在「Cookie」中,但其安全性極低。另外,當區塊鏈錢包的載體(如:電腦、智慧型手機等等)遺失時,有可能導致共享單元被暴力取出,雖然僅遺失單一共享單元仍不足以進行簽章,但仍然有其風險存在,並且在私鑰共享單元從外部傳輸到主機時,僅依靠 HTTPS 加密,很可能因為釣魚或是網路上的各種攻擊方式,使得私鑰共享單元暴露。另一方面,實際持有共享單元便具有管理上的困擾,為了能夠隨時交易需要隨身攜帶,反而造成增加遺失或外洩的機率。因此,此方式仍然無法有效解決區塊鏈錢包的交易安全性及管理便利性不足的問題。In view of this, some manufacturers have proposed the technical means of splitting the private key with a secret sharing algorithm and storing it separately. It splits the private key into multiple shared units (Share) through the secret sharing algorithm, and allows sharing units When the number meets the threshold value, a signature that conforms to the signature format will be generated directly based on these shared units through mathematical operations, without the need to combine a private key, thereby reducing the risk of private key leakage. However, this method has the problems of inconvenient management and poor security. For example, when using a web program to execute, the shared unit is usually stored in a "cookie", but its security is extremely low. In addition, when the carrier of the blockchain wallet (such as: computer, smart phone, etc.) is lost, the shared unit may be taken out violently. Although the loss of a single shared unit is not enough for signing, there are still risks Existence, and when the private key sharing unit is transmitted from the outside to the host, relying only on HTTPS encryption, it is likely that the private key sharing unit will be exposed due to phishing or various attacks on the network. On the other hand, actually owning the shared unit has management troubles. In order to be able to trade at any time, it needs to be carried with you, which increases the probability of loss or leakage. Therefore, this method still cannot effectively solve the problems of insufficient transaction security and management convenience of blockchain wallets.
綜上所述,可知先前技術中長期以來一直存在區塊鏈錢包的交易安全性及管理便利性不足的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that the prior art has long had the problem of insufficient transaction security and management convenience of blockchain wallets, so it is necessary to propose improved technical means to solve this problem.
本發明揭露一種基於輸入密碼的門檻式簽章系統及其方法。The invention discloses a threshold type signature system and method based on input password.
首先,本發明揭露一種基於輸入密碼的門檻式簽章系統,應用在包含多個節點的區塊鏈網路,其包含:公正端主機、客戶端主機及伺服端主機。其中,公正端主機作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值;客戶端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,所述客戶端主機包含:第一生成模組、第二生成模組及第一運算模組。其中,第一生成模組用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送;第二生成模組連接第一生成模組,用以接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元;以及第一運算模組連接第二生成模組,用以基於安全多方計算(Secure Multi-Party Computation, MPC)執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。接著,所述伺服端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,伺服端主機包含:金鑰模組、第二運算模組及儲存模組。其中,金鑰模組用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;第二運算模組,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰;以及儲存模組連接金鑰模組及第二運算模組,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;其中,當客戶端主機及伺服端主機執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。First, the present invention discloses a threshold-type signature system based on an input password, which is applied to a blockchain network including multiple nodes, including: an impartial host, a client host, and a server host. Wherein, the impartial host is used as one of the nodes to pre-allocate different X coordinates and level values for the nodes; the client host is used as one of the nodes to receive the X coordinates and level values allocated by the fair end host, The client host includes: a first generating module, a second generating module and a first computing module. Among them, the first generation module is used to allow input of password and random selection of b value, and the password is brought into the first hash function to calculate the numerical value and b value to be multiplied to generate P value and transmit it; the second generation module Connect the first generation module to receive the V value, and bring the product of the password, the P value and the reciprocal of the b value and the V value into the second hash function to calculate the integer value held by the client host and corresponding to the password The password sharing unit; and the first calculation module is connected to the second generation module to execute the distributed key generation function based on Secure Multi-Party Computation (MPC), and the t value of the threshold signature , the value of n and the level value of the client host are brought into the distributed key generation function to generate the client shared unit of the client host and its corresponding threshold signature public key, wherein the client shared unit is equal to the password shared unit. Next, the server host is used as one of the nodes to receive the X coordinate and the level value assigned by the impartial host. The server host includes: a key module, a second computing module and a storage module. Among them, the key module is used to generate an asymmetric private key and its corresponding public key after receiving the P value, and randomly select the k value, then use the product of the k value and the P value as the V value, and set The public key and V value are sent to the client host; the second computing module is used to execute the distributed key generation function based on secure multi-party computation, and convert the t value and n value of the threshold signature and the level value of the server host Introduce the distributed key generation function to generate the server shared unit of the server host and correspond to the threshold signature public key; and the storage module connects the key module and the second computing module to store the server Shared unit, k value, threshold signature public key, private key, and the X coordinates and level values of the server host and client host; among them, when the client host and server host execute threshold signature, the client host Prompt to enter the password and re-select the b value randomly, and bring the entered password into the first hash function to multiply the value calculated by the re-selected b value to regenerate the P value, and send the regenerated P value to the servo end host, so that the server host recalculates the V value and sends it to the client host, and then the client host brings the password, the regenerated P value, the reciprocal of the reselected b value and the product of the recalculated V value into the The second hash function regenerates the client shared unit of the client host, and performs threshold signature on the transaction hash message according to the client shared unit regenerated by the client host and the server shared unit stored in the server host.
另外,本發明還揭露一種基於輸入密碼的門檻式簽章方法,應用在包含多個節點的區塊鏈網路,其步驟包括:提供作為區塊鏈網路的節點的公正端主機、客戶端主機及伺服端主機,所述客戶端主機及伺服端主機皆由公正端主機預先分配相應的X座標及層級值;客戶端主機允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機;伺服端主機接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;客戶端主機在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應所述密碼的密碼共享單元;客戶端主機及伺服端主機以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及伺服端主機的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰;伺服端主機儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;以及當執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。In addition, the present invention also discloses a threshold-type signature method based on an input password, which is applied to a blockchain network containing multiple nodes, and the steps include: providing an impartial host and a client as nodes of the blockchain network The host and the server host, the client host and the server host are pre-assigned by the impartial host with the corresponding X coordinates and level values; the client host allows the input of passwords and random selection of b values, and brings the passwords into the first hash The value calculated by the function is multiplied by the b value to generate a P value, and the P value is sent to the server host; after the server host receives the P value, it generates an asymmetric private key and its corresponding public key, And randomly select the k value, then use the product of the k value and the P value as the V value, and transmit the public key and the V value to the client host; after the client host receives the V value, the password, P value, and b value The product of the reciprocal of V and the value of V is brought into the integer value calculated by the second hash function as the password sharing unit held by the client host and corresponding to the password; The key generation function brings the t value, n value and their respective level values of the threshold signature into the distributed key generation function to generate the client shared unit of the client host and the server shared unit of the server host, Wherein, the client sharing unit is equal to the password sharing unit, and generates a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit; the server-end host stores the server-side sharing unit, k value, threshold-type signature public key, The private key and the X coordinates and level values of the server host and the client host; and when the threshold signature is executed, the client host prompts to enter a password and re-selects the b value randomly, and brings the entered password into the first hash function The value calculated by the formula is multiplied by the re-selected b value to regenerate the P value, and the regenerated P value is sent to the server host, so that the server host recalculates the V value and sends it to the client host, and then the client The end host brings the product of the password, the regenerated P value, the reciprocal of the reselected b value, and the recalculated V value into the second hash function to regenerate the client shared unit of the client host, and then according to the The client shared unit regenerated by the host and the server shared unit stored by the server host perform threshold signature on the transaction hash message.
本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention assigns X coordinates and level values to the client host and the server host through the impartial host, and allows the client to set the password after the client host sets the password. The end host and the server host execute the distributed key generation function based on secure multi-party computing, which is used to generate a shared unit corresponding to the password according to the password, X coordinate and level value and store it in the server host. When the threshold signature is executed , only need to enter the password on the client host to regenerate the shared unit corresponding to the password on the client host, and execute the threshold signature together with the shared unit stored in the server host.
透過上述的技術手段,本發明可以在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the transaction security and management convenience of the blockchain wallet without generating a private key.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The implementation of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.
首先,在說明本發明所揭露之基於輸入密碼的門檻式簽章系統及其方法之前,先對本發明的應用環境作說明,本發明係應用在區塊鏈網路中,區塊鏈網路中的各節點能夠執行安全多方計算,用以相互交換資料及計算結果,進而執行門檻式簽章。接著,針對本發明自行定義的名詞作說明,本發明所述的第一雜湊函式是根據字串或位元組陣列生成橢圓曲線群(Elliptic Curve Group)元素的函式,所述第二雜湊函式是根據字串或位元組陣列生成整數的函式。另外,本發明所述的共享單元(Share)是指在進行安全多方計算時,在不同的節點之間進行相互交換資料及計算結果所生成的元素,此元素能夠用來計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」),其中、基於密碼產生的便稱之為「密碼共享單元」,由客戶端主機持有的便稱為「客戶端共享單元」,由伺服端主機持有的便稱為「伺服端共享單元」。First of all, before explaining the password-input-based threshold signature system and its method disclosed in the present invention, the application environment of the present invention will be described first. The present invention is applied in the blockchain network, and the blockchain network Each node of the system can perform secure multi-party calculations to exchange data and calculation results with each other, and then implement threshold signatures. Next, explain the nouns defined by the present invention. The first hash function in the present invention is a function that generates elements of an Elliptic Curve Group (Elliptic Curve Group) according to a word string or byte array. The second hash function Functions are functions that generate integers from strings or byte arrays. In addition, the sharing unit (Share) mentioned in the present invention refers to the element generated by exchanging data and calculation results between different nodes during secure multi-party calculation. The signature (or "signature") of the signature format of the signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), among them, the one based on the password is called the "password sharing unit", which is held by the client host The one held by the server host is called the "client shared unit", and the one held by the server host is called the "server shared unit".
以下配合圖式對本發明基於輸入密碼的門檻式簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖,應用在包含多個節點的區塊鏈網路100,此系統包含:公正端主機110、客戶端主機120及伺服端主機130。其中,公正端主機110作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值。舉例來說,公正端主機110可為客戶端主機120分配X座標為數值3且層級值為數值0,以及為伺服端主機130分配X座標為數值5且層級值為數值0。另外,客戶端主機120及伺服端主機130可執行雙因子認證或稱為雙重驗證(Two-Factor Authentication, 2FA)以驗證交易者身分,進而增加交易的安全性。The following drawings will further explain the password-based threshold signature system and its method of the present invention. Please refer to "Fig. 1" first. "Fig. 1" is the system of the threshold-type signature system based on password input in the present invention. The block diagram is applied to a
客戶端主機120作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,所述客戶端主機120包含:第一生成模組121、第二生成模組122及第一運算模組123。其中,第一生成模組121用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送。舉例來說,假設使用者輸入密碼為「password」、隨機選擇的b值為數值8,則P值的計算方式為「Hash(password) * 8」,其中,「Hash()」代表第一雜湊函式,而「Hash(password)」為橢圓曲線上的一個點。The
第二生成模組122連接第一生成模組121,用以自伺服端主機130接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元。相較於第一生成模組121使用第一雜湊函式,第二生成模組122則是使用第二雜湊函式計算相應於密碼的共享單元(即:密碼共享單元「share-pw」),也就是說,密碼共享單元的計算方式為「Hash’(password, P, 8
-1* V)」其中,「Hash’()」為第二雜湊函式、「password」為密碼、「P」為P值、「8
-1」為b值的倒數、「V」為接收自伺服端主機130的V值。在實際實施上,客戶端主機120還可自伺服端主機130接收公鑰,並且使用此公鑰對自己的密碼進行加密,以便將加密後的密碼儲存在雲端硬碟作為備份之用。如此一來,當使用者忘記密碼時,可以向伺服端主機130要求相應的私鑰以對其進行解密,進而獲得密碼。
The
第一運算模組123連接第二生成模組122,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。在實際實施上,門檻式簽章的t值代表門檻值、n值代表所有參與簽章運算的節點數量,舉例來說,當參與門檻式簽章的節點為客戶端主機120及伺服端主機130時,因為只有兩台主機,所以n值為數值2。另外,當t值為數值2時,代表至少需要具有符合的共享單元的兩台主機(以此例而言,分別為客戶端主機120及伺服端主機130)才能完成簽章。The
接著,所述伺服端主機130作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,伺服端主機130包含:金鑰模組131、第二運算模組132及儲存模組133。其中,金鑰模組131用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機。此處隨機選擇k值的方式,如同客戶端主機120隨機選擇b值的方式,假設k值為數值100,便將接收自客戶端主機120的P值與k值相乘得到V值,即:「V = 100 * P」,接著再將生成的公鑰及V值傳送至客戶端主機120。Next, the
第二運算模組132用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰。在實際實施上,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式主要是為了選擇合適的第一多項式,實際上,基於安全多方計算所執行的分散是金鑰生成函式包含下列步驟:The
1. 客戶端主機120及伺服端主機130相互交換各自的X座標。假設客戶端主機120的X座標為數值3、伺服端主機130的X座標為數值5,相互交換後,客戶端主機120會得知伺服端主機130的X座標,同樣地,伺服端主機130也會得知客戶端主機120的X座標。1. The
2. 客戶端主機120根據t值、n值及層級值隨機選擇第一多項式,伺服端主機根據t值、n值及層級值隨機選擇第二多項式,第一多項式及第二多項式的最高次數為t值減數值1,以及將客戶端主機120的X座標分別帶入第一多項式及第二多項式以分別計算出第一多項式值及第二多項式值(即:客戶端主機120將自己的X座標帶入第一多項式,伺服端主機130將客戶端主機120的X座標帶入第一多項式),其中,隨機選擇的第一多項式需滿足第一多項式值與密碼共享單元相等,隨機選擇的第二多項式需滿足第二多項式值為數值零。換句話說,假設第一多項式為「f
user(x)」、第二多項式為「f
server(x)」,那麼,「f
user(3) = share-pw」、「f
server(3) = 0」。
2. The
3. 客戶端主機120及伺服端主機130將自身的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第三多項式值,以及將對方的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第四多項式值,並且由客戶端主機120將計算出的第四多項式值「f
user(5)」傳送給伺服端主機130。特別要說明的是,由於第二多項式需滿足第二多項式值為數值零,所以伺服端主機130傳送的數值一定為零。因此,在此步驟中,伺服端主機130可以不用將已知的數值零傳送給客戶端主機120,而是僅由客戶端主機120傳送「f
user(5)」給伺服端主機130即可。以上例而言,客戶端主機120會得到「f
user(3)」,而伺服端主機會得到「f
user(5)」及「f
server(5)」。也就是說,第三多項式值是指將自身的X座標帶入自身選擇的多項式所得到的值,如:客戶端主機120得到的第三多項式值為「f
user(3)」,以及伺服端主機130得到的第三多項式值為「f
server(5)」,第四多項式值則是將對方的X座標帶入自身選擇的多項式所得到的值,如:伺服端主機130得到的第四多項式值為「f
server(3)」,以及客戶端主機120得到的第四多項式值為「f
user(5)」。
3. The
4. 客戶端主機120及伺服端主機130分別將數值零帶入自身選擇的第一多項式或第二多項式以計算出相應的第五多項式值,再將各自計算出的第五多項式值與橢圓曲線群的基點「G」相乘以各自計算出相應的交換數值和生成與密碼共享單元及伺服端共享單元相應的零知識證明(Zero-Knowledge Proofs)並相互交換。舉例來說,客戶端主機120計算出的第五多項式值為「f
user(0) * G」、伺服端主機130計算出的第五多項式值為「f
server(0) * G」,經過交換後,客戶端主機120會得到「f
server(0) * G」,而伺服端主機130則會得到「f
user(0) * G」。至此,客戶端主機120已得到「f
user(3)」及「f
server(0) * G」,伺服端主機130已得到「f
user(5)」、「f
server(5)」及「f
user(0) * G」。
4. The
5. 客戶端主機120將自身計算出的第三多項式值設為客戶端共享單元,以及伺服端主機130將自身計算出的第三多項式值及接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且驗證零知識證明和根據交換數值及客戶端主機120與伺服端主機130的伯克霍夫係數計算出與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰。舉例來說,客戶端主機120會將「f
user(3)」設為客戶端的共享單元,其與密碼共享單元「share-pw」相等,而伺服端主機130會將「f
user(5)」加上「f
server(5)」得到伺服端共享單元「s
server」。至於公鑰的計算方式為「b
userf
user(0) * G + b
serverf
server(0) * G」,其中,b是指伯克霍夫係數。
5. The
儲存模組133連接金鑰模組131及第二運算模組132,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值。在實際實施上,儲存模組133可使用硬碟、光碟、非揮發性記憶體、資料庫等等來實現。The
要補充說明的是,由於客戶端主機120不需要儲存任何資料,所以當客戶端主機120及伺服端主機130執行門檻式簽章時,客戶端主機120會提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。It should be added that since the
特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that in actual implementation, the modules described in the present invention can be implemented in various ways, including software, hardware or any combination thereof. For example, in some implementations, each module can use software and hardware or one of them. In addition, the present invention can also be realized partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), complex programmable logic device (Complex Programmable Logic Device, CPLD), field programmable logic gate array (Field Programmable Gate Array, FPGA) and so on. The present invention can be a system, method and/or computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for causing a processor to implement various aspects of the present invention, the computer-readable storage medium may be a tangible and equipment. A computer readable storage medium may be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light signals through fiber optic cables), or transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded over a network, such as the Internet, local area network, wide area network, and/or wireless network to an external computer device or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in computer-readable storage media in each computing/processing device middle. The computer program instructions for performing the operations of the present invention may be assembly language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may be executed entirely on the computer, partly on the computer, as a stand-alone piece of software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server to execute.
請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明基於輸入密碼的門檻式簽章方法之方法流程圖,應用在包含多個節點的區塊鏈網路100,其步驟包括:提供作為區塊鏈網路100的節點的公正端主機110、客戶端主機120及伺服端主機130,所述客戶端主機120及伺服端主機130皆由公正端主機110預先分配相應的X座標及層級值(步驟211);客戶端主機120允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機130(步驟212);伺服端主機130接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機120(步驟213);客戶端主機120在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機120持有且對應所述密碼的密碼共享單元(步驟214);客戶端主機120及伺服端主機130以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端共享單元及伺服端主機130的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰(步驟215);伺服端主機130儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值(步驟216);以及當執行門檻式簽章時,客戶端主機120提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章(步驟217)。透過上述步驟,即可透過公正端主機110為客戶端主機120及伺服端主機130分配X座標及層級值,並且允許在客戶端主機120設定密碼後,使客戶端主機120及伺服端主機130基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機130,當執行門檻式簽章時,僅需在客戶端主機120輸入密碼即可在客戶端主機120重新產生與密碼相應的共享單元,並且與儲存在伺服端主機130的共享單元共同執行門檻式簽章。Please refer to "Fig. 2A" and "Fig. 2B". "Fig. 2A" and "Fig. 2B" are the method flow charts of the threshold-type signature method based on the input password of the present invention, which are applied to the area containing multiple nodes. The block chain network 100, the steps include: providing a fair end host 110, a client host 120 and a server end host 130 as nodes of the block chain network 100, the client host 120 and the server end host 130 are all controlled by the fair The end host 110 pre-assigns the corresponding X coordinates and level values (step 211); the client host 120 allows input of a password and random selection of the b value, and takes the password into the first hash function to calculate the value and multiply the b value to obtain Generate a P value, and transmit this P value to the server host 130 (step 212); after receiving the P value, the server host 130 generates an asymmetric private key and its corresponding public key, and randomly selects the k value, Then the product of the k value and the P value is used as the V value, and the public key and the V value are sent to the client host 120 (step 213); after the client host 120 receives the V value, the password, the P value, and the b value The product of the reciprocal of V and the value of V is brought into the integer value calculated by the second hash function as the password shared unit held by the client host 120 and corresponding to the password (step 214); the client host 120 and the server host 130 use Secure multi-party computing executes the distributed key generation function, and brings the t value, n value and their respective level values of the threshold signature into the distributed key generation function to generate the client shared unit and server of the client host 120 The server sharing unit of the end host 130, wherein the client sharing unit is equal to the password sharing unit, and generates a threshold-type signature public key corresponding to the client sharing unit and the server sharing unit (step 215); the server host 130 stores the server End sharing unit, k value, threshold type signature public key, private key, and the X coordinate and level value of server host 130 and client host 120 (step 216); and when performing threshold type signature, client host 120 Prompt to enter the password and re-select the b value randomly, and bring the entered password into the first hash function to multiply the value calculated by the re-selected b value to regenerate the P value, and send the regenerated P value to the servo The end host 130 makes the server host 130 recalculate the V value and transmits it to the client host 120, and then the client host 120 converts the password, the regenerated P value, the reciprocal of the reselected b value, and the recalculated V value The product is brought into the second hash function to regenerate the client shared unit of the client host 120, and then according to the client shared unit regenerated by the client host 120 and the server shared unit stored in the server host 130, the transaction hash message is Execute threshold signature (step 217). Through the above steps, the
以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請參閱「第3圖」,「第3圖」為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。初始時,公正端主機110會為每一個參與運算的節點分配X座標及其對應的層級值,例如:客戶端主機120分配到的X座標為數值3且層級值為數值0;伺服端主機130分配到的X座標為數值5且層級值為數值0。The following description will be made in the form of an embodiment in conjunction with "Fig. 3" and "Fig. 4". Please refer to "Fig. 3". Schematic diagram of the chapter. Initially, the
客戶端主機120允許使用者在生成視窗300的輸入區塊310中輸入自訂的密碼以生成相應的共享單元,當使用者點選生成共享單元按鍵320時,客戶端主機120會隨機選擇一個數值(即:b值),例如:數值8。此時,客戶端主機將計算P值,如:「P = Hash(password) * 8」。其中,「password」代表使用者在輸入區塊310中輸入的密碼,「Hash( )」代表第一雜湊函式,當執行第一雜湊函式並帶入密碼且與b值相乘後即可得到P值。在計算出P值之後,客戶端主機120會將P值傳送至伺服端主機130,使伺服端主機130生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將此k值與P值的乘積作為V值。舉例來說,假設K值為數值100,則V值的計算方式為「V = 100 * P」)。然後,再將公鑰及V值傳送至客戶端主機。The
當客戶端主機120接收到來自伺服端主機130的V值後,根據密碼、P值及b值與接收到的V值的乘積執行第二雜湊函式以生成整數值作為自身的共享單元。舉例來說,計算方式為「share-pw = Hash’(pw,P,8
-1* V)」。其中,「share-pw」代表與密碼相應的共享單元(即:密碼共享單元);「Hash’()」代表另一個雜湊函式(即:第二雜湊函式);「pw」代表輸入的密碼;「P」代表P值;「8
-1」代表b值的倒數;「V」代表V值。在實際實施上,可以使用伺服端主機130提供的公鑰對自己的密碼加密後,儲存在異地(如:雲端硬碟)作為備份使用。
After the
接著,客戶端主機120隨機選擇一個多項式(即:第一多項式「f
user(x)」),這個第一多項式的最高次數為門檻式簽章的門檻值(即:t值)減數值1。舉例來說,假設門檻值為數值「2」,則第一多項式的最高次數為數值「1」,代表第一多項式為一次多項式。除此之外,將X座標帶入此第一多項式計算出的多項式值(即:第一多項式值)需要與所述密碼共享單元相等,以X座標為數值3為例,第一多項式滿足「f
user(3) = share-pw」。另外,伺服端主機130也會隨機選擇一個多項式(即:第二多項式「f
server(x)」),這個第二多項式的最高次數同樣為門檻值減數值1,並且滿足將客戶端主機120的X座標帶入第二多項式計算出的多項式值(即:第二多項式值)為數值零,同樣以X座標為數值3為例,其代表「f
server(3) = 0」。
Next, the
接下來,客戶端主機120與伺服端主機130會將自己的X座標帶入自身選擇的多項式取值(即:第三多項式值),以及執行安全多方計算相互交換自身的X座標,以便將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出交換數值(即:「f
user(0) * G 」和「f
server(0) * G」)和生成與密碼共享單元及伺服端共享單元相應的零知識證明並相互交換。在這個例子中,執行安全多方計算的客戶端主機120會得到「f
user(3)」及「f
server(0) * G」;伺服端主機130會得到「f
user(5)」、「f
server(5)」及「f
user(0) * G」。
Next, the
當客戶端主機120得到第三多項式值及交換數值,伺服端主機130得到第三多項式值、第四多項式值及交換數值後,客戶端主機120將第三多項式值設為客戶端共享單元,伺服端主機130將第三多項式值與接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且客戶端主機120和伺服端主機130驗證零知識證明和根據交換數值及伯克霍夫係數計算出與共享單元相應的公鑰(即:門檻式簽章公鑰)。舉例來說,客戶端主機120計算出的共享單元(即:客戶端共享單元)為「f
user(3)」;伺服端主機130計算出的共享單元(即:伺服端共享單元)為「f
user(5) + f
server(5)」;門檻式簽章公鑰為「b
userf
user(0) * G + b
serverf
server(0) * G」。其中,「b
user」與「b
server」是指伯克霍夫係數。
When the
此時,伺服端主機130會儲存伺服端主機130的共享單元「s
server」、K值、門檻式簽章公鑰、用於解密密碼的私鑰及所有X座標及其相應的層級值,而客戶端主機120則不需要儲存任何資料,實際上,也可以將自己使用公鑰加密的密碼傳送至雲端作為備份使用。至此,伺服端主機130便具有相應於密碼的共享單元,即:伺服端共享單元,能夠在客戶端主機120也具有相應於密碼的客戶端共享單元時,共同對交易雜湊訊息進行簽章。
At this time, the
當客戶端主機120要與伺服端主機130進行門檻式簽章時,會在客戶端主機120顯示簽章視窗350提示使用者在輸入區塊360中輸入先前設定的密碼,當使用者輸入密碼且點選簽章元件370時,客戶端主機120會重新隨機選擇b值,例如:數值10。然後,客戶端主機會將使用者在輸入區塊360中輸入的密碼帶入第一雜湊函式,並且將計算出的數值與重新隨機選擇的b值相乘,用以重新生成P值(即:「P = Hash(password) * 10」),並且將重新生成的P值傳送至伺服端主機130,以便伺服端主機130根據k值(在上例中,k值假設為數值100)及接收到的P值重新計算V值(即:「V = 100 * P」)。接下來,伺服端主機130除了將重新計算出的V值傳送至伺服端主機130之外,還可將儲存的客戶端主機120的X座標(x
user)及門檻式簽章公鑰傳送至客戶端主機120。
When the
當客戶端主機120自伺服端主機130接收到其重新計算的V值後,便將密碼、重新生成的P值、重新選擇的b值及伺服端主機130重新計算出的V值帶入第二雜湊函式以重新生成客戶端主機120的共享單元(即:客戶端共享單元)。如此一來,客戶端主機120即可使用重新生成的共享單元,搭配儲存在伺服端主機130與此密碼相應的共享單元,即:伺服端共享單元「s
server」,執行安全多方計算以對交易雜湊訊息執行門檻式簽章。
After the
如「第4圖」所示意,「第4圖」為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。在實際實施上,客戶端主機120及伺服端主機130允許基於安全多方計算執行一個更換密碼函式,用以將舊密碼更換為新密碼。舉例來說,當使用者欲更換密碼時,客戶端主機120允許在更換密碼視窗400輸入舊密碼及新密碼,例如:在輸入區塊410輸入舊密碼,以及在輸入區塊420輸入新密碼。接著,使用者點選確定元件430後,客戶端主機120會隨機選擇兩個數值,即:b1值及b2值。假設選擇數值10和數值8之後,客戶端主機120分別將新密碼及舊密碼帶入第一雜湊函式,用以分別計算出舊P值(即:「P
old= Hash(password
old) * 10」)和新P值(即:「P
new= Hash(password
new) * 8」),並且將計算結果傳送至伺服端主機130。
As shown in "Fig. 4", "Fig. 4" is a schematic diagram of applying the present invention to change the password of the client host and its corresponding client sharing unit and server sharing unit. In practical implementation, the
之後,伺服端主機130根據客戶端主機120的舊k值「k
old」(在上例中,假設為數值100)和舊P值計算出舊V值(V
old= 100 * P
old),並且隨機生成新k值「k
new」(假設為數值200),用以根據新P值和新k值計算出新V值(V
new= 200 * P
new)。然後,將舊V值、新V值和公鑰傳送給客戶端主機120。
Afterwards, the
接著,在客戶端主機120收到舊V值和新V值之後,將舊密碼、舊P值及b1值「10」的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊共享單元(即:「share-pw
old= Hash’(pw
old, P
old, 10
-1* V
old)」),以及將新密碼、新P值及b2值「8」的倒數與新V值的乘積帶入第二雜湊函式以計算出新共享單元(即:「share-pw
new= Hash’(pw
new, P
new, 8
-1* V
new)」)。
Next, after the
接下來,客戶端主機120隨機選擇一個t-1次的多項式「f
user(x) = ((share-pw
new– b
user* share-pw
old) / 3) * (x - 3) + share-pw
new」。同樣地,伺服端主機130也隨機選擇一個t-1次的多項式「f
server(x) = - (b
server* s
server) / 3) * (x - 3)」,其中「t」是指t值或稱為門檻值。然後,客戶端主機120和伺服端主機130將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出相應的交換數值(即:「f
user(0) * G 」和「f
server(0) * G」), 並且相互交換計算出的第四多項式值、交換數值,以及將相應舊密碼的共享單元與基點「G」的乘積(即:「share-pw
old* G」)傳送至伺服端主機130,並且客戶端會生成關於「share-pw
old」和「share-pw
new」的零知識證明和伺服端會生成關於「s
server」的零知識證明以確保雙方是知道各自的秘密,即:「share-pw
old」、「share-pw
new」和「s
server」(這邊可使用標準的 Schnorr protocol 達到這個目的)。在這個例子中,執行安全多方計算的客戶端主機120會得到「f
user(3)」及「f
server(0) * G」 和兩個關於「share-pw
old」和「share-pw
new」的零知識證明;伺服端主機130會得到「f
user(5)」、「f
server(5)」、「f
user(0) * G」及「share-pw
old* G」和關於「s
server」的零知識證明。
Next, the
當客戶端主機120和伺服端主機130獲得上述計算結果後,客戶端主機120將「f
user(3)」設為新密碼相應的新共享單元,即:客戶端新共享單元「share-pw
new」;伺服端主機130將「f
user(5)」與「f
server(5)」加總計算出伺服端主機130的新共享單元,即:伺服端新共享單元「s
server-new」。同時,客戶端主機120和伺服端主機130會計算新的門檻式簽章公鑰(即:新門檻式簽章公鑰),計算方式為「b
userf
user(0) * G + b
serverf
server(0) * G」,其中,「b
user」和「b
server」分別為客戶端主機120和伺服端主機130的伯克霍夫係數,而驗證門檻式簽章公鑰的方式可根據「b1 * share-pw
old* G + b2 * s
server* G」的值及 「b1 * share-pw
new* G + b2 * s
server-new* G」的值來判斷,其中,「b1」與「b2」是對應可計算的伯克霍夫係數及各自驗證收到的零知識證明。至此,只要沒有人同時知道客戶端主機120和伺服端主機130的兩個共享單元,則置換過密碼後,可以讓原本擁有的單一共享單元都失效。
After the
換句話說,客戶端主機120及伺服端主機130允許基於安全多方計算執行的更換密碼函式,其可包含下列步驟:In other words, the
1. 客戶端主機120提示輸入密碼及新密碼,並且隨機選擇b1值及b2值,再將密碼帶入第一雜湊函式且與b1值相乘以計算出舊P值,以及將新密碼帶入第一雜湊函式且與b2值相乘以計算出新P值,並且將舊P值及新P值傳送至伺服端主機130。1. The
2. 伺服端主機130將k值與舊P值相乘以計算出舊V值,以及將隨機產生的新k值與新P值相乘以計算出新V值,並且傳送舊V值、新V值及公鑰至客戶端主機120。2. The
3. 客戶端主機120將密碼、舊P值、b1值的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊密碼共享單元,以及將新密碼、新P值、b2值的倒數與新V值的乘積帶入第二雜湊函式以計算出新密碼共享單元。3. The
4. 客戶端主機120及伺服端主機130將舊密碼共享單元、新密碼共享單元、門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端新共享單元及伺服端主機130的伺服端新共享單元,並且以伺服端新共享單元取代原本的伺服端共享單元,以及生成與客戶端新共享單元及伺服端新共享單元相應的新門檻式簽章公鑰。4. The
綜上所述,可知本發明與先前技術之間的差異在於透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章,藉由此一技術手段可以解決先前技術所存在的問題,進而在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。To sum up, it can be seen that the difference between the present invention and the prior art lies in that the impartial host assigns the X coordinate and level value to the client host and the server host, and allows the client host and the The server-end host executes the distributed key generation function based on secure multi-party computing, which is used to generate a shared unit corresponding to the password according to the password, X coordinate and level value and store it in the server-end host. When performing threshold signature, only Enter the password on the client host to regenerate the shared unit corresponding to the password on the client host, and perform threshold signature together with the shared unit stored in the server host. This technical means can solve the problems existing in the prior art In order to achieve the technical effect of improving the transaction security and management convenience of the blockchain wallet without generating a private key.
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above with the aforementioned embodiments, it is not intended to limit the present invention. Any person familiar with similar skills may make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to what is defined in the scope of patent application attached to this specification.
100:區塊鏈網路 110:公正端主機 120:客戶端主機 121:第一生成模組 122:第二生成模組 123:第一運算模組 130:伺服端主機 131:金鑰模組 132:第二運算模組 133:儲存模組 300:生成視窗 310:輸入區塊 320:生成共享單元按鍵 350:簽章視窗 360:輸入區塊 370:簽章元件 400:更換密碼視窗 410,420:輸入區塊 430:確定元件 步驟211:提供作為區塊鏈網路的節點的一公正端主機、一客戶端主機及一伺服端主機,該客戶端主機及該伺服端主機皆由該公正端主機預先分配相應的一X座標及一層級值 步驟212:該客戶端主機允許輸入一密碼及隨機選擇一b值,並且將該密碼帶入一第一雜湊函式計算出的數值與該b值相乘以生成一P值,以及將該P值傳送至該伺服端主機 步驟213:該伺服端主機接收到該P值之後,生成非對稱式的一私鑰及其相應的一公鑰,並且隨機選擇一k值,再將該k值與該P值的乘積作為一V值,以及將該公鑰及該V值傳送至該客戶端主機 步驟214:該客戶端主機在接收到該V值後,將該密碼、該P值及該b值的倒數與該V值的乘積帶入一第二雜湊函式計算出的整數值作為該客戶端主機持有且對應該密碼的一密碼共享單元 步驟215:該客戶端主機及該伺服端主機以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,將門檻式簽章的一t值、一n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端共享單元及該伺服端主機的一伺服端共享單元,其中該客戶端共享單元等於該密碼共享單元,以及生成與該客戶端共享單元及該伺服端共享單元相應的一門檻式簽章公鑰 步驟216:該伺服端主機儲存該伺服端共享單元、該k值、該門檻式簽章公鑰、該私鑰以及該伺服端主機及該客戶端主機的該X座標與該層級值 步驟217:當執行門檻式簽章時,該客戶端主機提示輸入該密碼且重新隨機選擇該b值,並且將輸入的該密碼帶入該第一雜湊函式計算出的數值與重新選擇的該b值相乘以重新生成該P值,以及將重新生成的該P值傳送至該伺服端主機,使伺服端主機重新計算該V值並傳送至該客戶端主機,再由該客戶端主機將該密碼、重新生成的該P值、重新選擇的該b值的倒數與重新計算出的該V值的乘積帶入該第二雜湊函式以重新生成該客戶端主機的該客戶端共享單元,再根據該客戶端主機重新生成的該客戶端共享單元與該伺服端主機儲存的該伺服端共享單元對一交易雜湊訊息執行門檻式簽章 100: Blockchain network 110: impartial host 120: client host 121: The first generation module 122:Second Generation Module 123: The first computing module 130: server host 131: Key module 132: Second computing module 133: storage module 300: Generate window 310: input block 320: Generate shared unit buttons 350: Signature window 360: input block 370: Signature components 400: Change the password window 410,420: input block 430: Determine the component Step 211: Provide an impartial host, a client host, and a server host as nodes of the blockchain network, the client host and the server host are pre-assigned a corresponding X coordinate by the impartial host and a level value Step 212: The client host is allowed to input a password and randomly select a b value, and bring the password into a first hash function to multiply the value calculated by the b value to generate a P value, and the P The value is sent to the server host Step 213: After receiving the P value, the server host generates an asymmetric private key and a corresponding public key, and randomly selects a k value, and then takes the product of the k value and the P value as a V value, and sending the public key and the V value to the client host Step 214: After receiving the V value, the client host puts the product of the password, the P value, the reciprocal of the b value, and the V value into a second hash function to calculate an integer value as the client A password sharing unit held by the end host and corresponding to the password Step 215: The client host and the server host execute a distributed key generation function using Secure Multi-Party Computation (MPC) to generate a t value, an n value and their respective The level value of is brought into the distributed key generation function to generate a client share unit of the client host and a server share unit of the server host, wherein the client share unit is equal to the password share unit, and generate a threshold signature public key corresponding to the client shared unit and the server shared unit Step 216: The server host stores the server shared unit, the k value, the threshold signature public key, the private key, the X coordinate and the level value of the server host and the client host Step 217: When performing threshold signature, the client host prompts to input the password and re-selects the b value randomly, and brings the input password into the value calculated by the first hash function and the re-selected b value. The b value is multiplied to regenerate the P value, and the regenerated P value is sent to the server host, so that the server host recalculates the V value and sends it to the client host, and then the client host will The product of the password, the regenerated P value, the reciprocal of the reselected b value and the recalculated V value is brought into the second hash function to regenerate the client shared unit of the client host, Then perform threshold signature on a transaction hash message according to the client shared unit regenerated by the client host and the server shared unit stored in the server host
第1圖為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖。 第2A圖及第2B圖為本發明基於輸入密碼的門檻式簽章方法之方法流程圖。 第3圖為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。 第4圖為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。 Fig. 1 is a system block diagram of the threshold type signature system based on the input password of the present invention. Fig. 2A and Fig. 2B are the method flow charts of the threshold type signature method based on the input password of the present invention. Figure 3 is a schematic diagram of applying the present invention to set a password on the client host and enter the password for signing. FIG. 4 is a schematic diagram of applying the present invention to change the password of the client host and the corresponding sharing unit of the client and the sharing unit of the server.
100:區塊鏈網路 100: Blockchain network
110:公正端主機 110: impartial host
120:客戶端主機 120: client host
121:第一生成模組 121: The first generation module
122:第二生成模組 122:Second Generation Module
123:第一運算模組 123: The first computing module
130:伺服端主機 130: server host
131:金鑰模組 131: Key module
132:第二運算模組 132: Second computing module
133:儲存模組 133: storage module
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI759138B TWI759138B (en) | 2022-03-21 |
TW202239173A true TW202239173A (en) | 2022-10-01 |
Family
ID=81710883
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI759138B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI795284B (en) * | 2022-05-05 | 2023-03-01 | 英屬開曼群島商現代財富控股有限公司 | Threshold signature generation system based on garbled circuit and method thereof |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10103885B2 (en) * | 2016-01-20 | 2018-10-16 | Mastercard International Incorporated | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
GB201817506D0 (en) * | 2018-03-02 | 2018-12-12 | Nchain Holdings Ltd | Computer implemented method and system |
-
2021
- 2021-03-15 TW TW110109070A patent/TWI759138B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI759138B (en) | 2022-03-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102170346B1 (en) | Systems and methods for information protection | |
JP7430238B2 (en) | A computer-implemented system and method for performing computational tasks across a group that operates in a manner that does not require administrative approval or in a dealer-free manner. | |
JP6515246B2 (en) | Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys | |
KR102139897B1 (en) | System and method for information protection | |
US11979493B2 (en) | Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network | |
WO2020167333A1 (en) | Fast oblivious transfers | |
KR20200066260A (en) | System and method for information protection | |
TWI821248B (en) | Computer implemented method and system for transferring control of a digital asset | |
KR20200066258A (en) | System and method for information protection | |
TWI813616B (en) | Computer implemented method and system for obtaining digitally signed data | |
TW202029693A (en) | Computer implemented system and method for distributing shares of digitally signed data | |
TWI759138B (en) | Threshold signature scheme system based on inputting password and method thereof | |
TWI782701B (en) | Non-interactive approval system for blockchain wallet and method thereof | |
TWI769738B (en) | Asset cross-chain exchanging system based on threshold signature scheme and method thereof | |
TWI701931B (en) | Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore | |
TWI702820B (en) | Secret sharing signature system with hierarchical mechanism and method thereof | |
TWI799286B (en) | Random number generation system for threshold signature scheme and method thereof | |
TWI737956B (en) | Threshold signature system based on secret sharing and method thereof | |
TWI764811B (en) | Key generating system for hierarchical deterministic wallet and method thereof | |
TWI689194B (en) | Threshold signature system based on secret sharing without dealer and method thereof | |
TWI776416B (en) | Threshold signature scheme system for hierarchical deterministic wallet and method thereof | |
TWI694349B (en) | Threshold signature system with prevent memory dump and method thereof | |
TWI783804B (en) | Shares generation system based on linear integer secret sharing and method thereof | |
TWI734087B (en) | Signature system based on homomorphic encryption and method thereof | |
TW202243437A (en) | Threshold and number of participation adjusting system for threshold signature scheme and method thereof |