TW202243437A - Threshold and number of participation adjusting system for threshold signature scheme and method thereof - Google Patents

Threshold and number of participation adjusting system for threshold signature scheme and method thereof Download PDF

Info

Publication number
TW202243437A
TW202243437A TW110113618A TW110113618A TW202243437A TW 202243437 A TW202243437 A TW 202243437A TW 110113618 A TW110113618 A TW 110113618A TW 110113618 A TW110113618 A TW 110113618A TW 202243437 A TW202243437 A TW 202243437A
Authority
TW
Taiwan
Prior art keywords
node host
value
node
threshold
host
Prior art date
Application number
TW110113618A
Other languages
Chinese (zh)
Other versions
TWI782486B (en
Inventor
莊治耘
林祐德
Original Assignee
英屬開曼群島商現代財富控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英屬開曼群島商現代財富控股有限公司 filed Critical 英屬開曼群島商現代財富控股有限公司
Priority to TW110113618A priority Critical patent/TWI782486B/en
Application granted granted Critical
Publication of TWI782486B publication Critical patent/TWI782486B/en
Publication of TW202243437A publication Critical patent/TW202243437A/en

Links

Images

Landscapes

  • Communication Control (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A threshold and number of participation adjusting system for threshold signature scheme and method thereof is disclosed. By performing a (t,n) threshold signature scheme function through a plurality of node hosts, and recalculating a share of the node hosts based on secure multi-party computation (MPC) without restoring a private key when n decreases and t does not change, t increases and n does not change, or t decreases and n does not change, and calculating a corresponding share according to a x-coordinate and a level value of the node hosts to be added when n increases and t does not change. The mechanism is help to improve the availability of the (t,n) threshold signature scheme.

Description

門檻式簽章方案的門檻值與參與數量的調整系統及其調整方法The adjustment system and adjustment method of the threshold value and the number of participants of the threshold signature scheme

本發明涉及一種調整系統及其調整方法,特別是門檻式簽章方案的門檻值與參與數量的調整系統及其調整方法。The invention relates to an adjustment system and an adjustment method thereof, in particular to an adjustment system and an adjustment method for the threshold value and the number of participants of a threshold type signature scheme.

近年來,隨著區塊鏈的普及與蓬勃發展,各種應用在區塊鏈的技術便如雨後春筍般湧現,其中又以能夠強化交易安全性的(t,n)門檻式簽章方案最受矚目。In recent years, with the popularization and vigorous development of the blockchain, various technologies applied to the blockchain have sprung up, among which the (t,n) threshold signature scheme that can strengthen transaction security has attracted the most attention .

一般而言,(t,n)門檻式簽章方案是指n個節點主機各自持有自己的共享單元(Share),並且只要在t個節點(t <= n)主機進行互動和運算(如:安全多方計算)便可根據共享單元計算出正確的簽章來完成交易。然而,隨著時間的流逝,可能會需要增加或減少人員的參與數量,導致門檻值需要同步被調整。因此,在不還原共同持有的秘密(或稱之為密文,一般為私鑰)的條件下,傳統的方式難以動態調整門檻值及參與數量,故具有門檻式簽章方案的可用性不高的問題。Generally speaking, the (t,n) threshold signature scheme means that n node hosts each hold their own shared unit (Share), and as long as t nodes (t <= n) hosts interact and perform calculations (such as : secure multi-party computation) can calculate the correct signature based on the shared unit to complete the transaction. However, over time, the number of people involved may need to be increased or decreased, causing the threshold to be adjusted in tandem. Therefore, without restoring the shared secret (or ciphertext, usually a private key), it is difficult to dynamically adjust the threshold and the number of participants in the traditional way, so the usability of the threshold signature scheme is not high The problem.

綜上所述,可知先前技術中長期以來一直存在門檻式簽章方案的可用性不高的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a problem of low usability of the threshold signature scheme in the prior art for a long time, so it is really necessary to propose an improved technical means to solve this problem.

本發明揭露一種門檻式簽章方案的門檻值與參與數量的調整系統及其調整方法。The invention discloses an adjustment system and an adjustment method for the threshold value and the number of participants of a threshold type signature scheme.

首先,本發明揭露一種門檻式簽章方案的門檻值與參與數量的調整系統,其包含多個節點主機。所述節點主機用以允許執行(t, n)門檻式簽章方案,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機具有x座標及層級值,並且允許持有共享單元,每一節點主機皆包含:第一處理模組、第一計算模組、調整模組、第二處理模組、第二計算模組及生成模組。其中,第一處理模組用以在執行(t, n)門檻式簽章方案時設為第k個節點主機,當n減少且t不變、t增加且n不變,或t減少且n不變時,基於安全多方計算(Secure Multi-Party Computation, MPC)計算畢克霍夫係數(Birkhoff Coefficient),並且隨機選擇一個M次多項式且其常數項為畢克霍夫係數乘以自身的共享單元,其中,k、M為正整數;第一計算模組連接第一處理模組,用以根據執行(t, n)門檻式簽章方案的第j個節點主機的x座標及層級值對M次多項式取值以產生相應的多項式值,並且將多項式值傳送至第j個節點主機,其中, j為正整數;調整模組連接第一計算模組,用以將接收自不同節點主機的所有多項式值相加以作為自身的共享單元;第二處理模組連接第一處理模組,用以在n增加且t不變時,將欲加入執行(t, n)門檻式簽章方案的節點主機設為第n+1個節點主機,並且將第n+1個節點主機的x座標及層級值傳送至t個已持有共享單元的節點主機;第二計算模組連接第二處理模組,用以在接收到第n+1個節點主機的x座標及層級值,並且本身為已持有共享單元的第k個節點主機時,根據第n+1個節點主機的層級值、第n+1個節點主機的x座標,以及第k個節點主機的共享單元計算出相應的a值;以及生成模組連接第二計算模組,用以將a值隨機分成t個分片,再將第j個分片傳送至第j個節點主機,並且將來自不同節點主機的所有分片相加以產生第k個節點主機的b值,再將所述b值傳送至第n+1個節點主機,以及在節點主機本身為第n+1個節點主機時,將接收到的所有b值相加以作為自身的共享單元。Firstly, the present invention discloses a system for adjusting the threshold value and the number of participants of the threshold signature scheme, which includes multiple node hosts. The node host is used to allow the implementation of the (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers and meet t <= n, and each node host has x Coordinates and level values, and allow to hold shared units, each node host includes: the first processing module, the first calculation module, the adjustment module, the second processing module, the second calculation module and the generation module . Wherein, the first processing module is used to set the kth node host when executing the (t, n) threshold signature scheme. When n decreases and t remains unchanged, t increases and n remains unchanged, or t decreases and n When constant, the Birkhoff coefficient (Birkhoff Coefficient) is calculated based on Secure Multi-Party Computation (MPC), and an M-degree polynomial is randomly selected and its constant term is the Birkhoff coefficient multiplied by its own share unit, wherein k and M are positive integers; the first calculation module is connected to the first processing module, and is used to pair the x-coordinate and level value of the j-th node host according to the implementation of the (t, n) threshold signature scheme The M degree polynomial value is used to generate the corresponding polynomial value, and the polynomial value is transmitted to the jth node host, wherein, j is a positive integer; the adjustment module is connected to the first computing module, so as to receive from different node hosts All polynomial values are summed up as its own shared unit; the second processing module is connected to the first processing module, and is used to join the nodes that want to join the (t, n) threshold signature scheme when n increases and t remains unchanged The host is set as the n+1th node host, and the x-coordinate and level value of the n+1th node host are sent to t node hosts that have shared units; the second computing module is connected to the second processing module , when receiving the x-coordinate and level value of the n+1th node host, and it is the kth node host already holding a shared unit, according to the level value of the n+1th node host, the nth The x-coordinates of +1 node host and the shared unit of the kth node host calculate the corresponding a value; and the generation module is connected to the second calculation module to randomly divide the a value into t slices, and then The jth shard is sent to the jth node host, and all the shards from different node hosts are summed to generate the b value of the kth node host, and the b value is sent to the n+1th node host , and when the node host itself is the n+1th node host, add all the b values received as its own sharing unit.

另外,本發明還揭露一種門檻式簽章方案的門檻值與參與數量的調整方法,其步驟包括:提供允許執行(t, n)門檻式簽章方案的節點主機,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機具有x座標及層級值,並且允許持有共享單元;當n減少且t不變、t增加且n不變,或t減少且n不變時,執行(t, n)門檻式簽章方案的第k個節點主機基於安全多方計算(Secure Multi-Party Computation, MPC)執行以下步驟,其中k為正整數:計算畢克霍夫係數,並且隨機選擇一個M次多項式且其常數項為畢克霍夫係數乘以自身的共享單元,其中,M皆為正整數;接收執行(t, n)門檻式簽章方案的第j個節點主機的x座標及層級值,用以對選擇的M次多項式取值以產生相應的多項式值,並且將多項式值傳送至第j個節點主機,其中, j為正整數;以及將接收自不同節點主機的所有多項式值相加以作為自身的共享單元;以及當n增加且t不變時,已加入與欲加入執行(t, n)門檻式簽章方案的節點主機基於安全多方計算執行以下步驟:將欲加入執行(t, n)門檻式簽章方案的節點主機設為第n+1個節點主機,並且將第n+1個節點主機的x座標及層級值傳送至t個已持有共享單元的節點主機;已持有共享單元的第k個節點主機根據第n+1個節點主機的層級值、第n+1個節點主機的x座標,以及第k個節點主機的共享單元計算出相應的a值;已持有共享單元的第k個節點主機將a值隨機分成t個分片,再將第j個分片傳送至第j個節點主機;已持有共享單元的第k個節點主機將來自不同節點主機的所有分片相加以產生第k個節點主機的b值,再將所述b值傳送至第n+1個節點主機;以及第n+1個節點主機將接收到的所有b值相加以作為自身的共享單元。In addition, the present invention also discloses a method for adjusting the threshold value and the number of participants of the threshold signature scheme, the steps of which include: providing node hosts that are allowed to execute the (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers and meet t <= n, each node host has x coordinates and level values, and is allowed to hold shared units; when n decreases and t does not change, t increases and n does not change , or when t decreases and n remains unchanged, the k-th node host implementing the (t, n) threshold signature scheme performs the following steps based on Secure Multi-Party Computation (MPC), where k is a positive integer: Calculate the Bikhoff coefficient, and randomly select a polynomial of degree M and its constant term is the shared unit multiplied by Bikhoff coefficient itself, where M is a positive integer; receive and execute (t, n) threshold signature The x-coordinate and level value of the jth node host in the scheme are used to take the value of the selected M-degree polynomial to generate a corresponding polynomial value, and transmit the polynomial value to the jth node host, where j is a positive integer; And add all polynomial values received from different node hosts as its own shared unit; and when n increases and t remains unchanged, the node hosts that have joined and want to join the (t, n) threshold signature scheme are based on security The multi-party computing performs the following steps: set the node host to join the (t, n)threshold signature scheme as the n+1th node host, and send the x coordinate and level value of the n+1th node host to t node hosts that already hold shared units; the kth node hosts that already hold shared units are based on the level value of the n+1th node host, the x coordinate of the n+1th node host, and the kth node The shared unit of the host calculates the corresponding a value; the kth node host that already holds the shared unit randomly divides the a value into t fragments, and then transmits the jth fragment to the jth node host; The kth node host of the shared unit adds all the fragments from different node hosts to generate the b value of the kth node host, and then transmits the b value to the n+1th node host; and the n+1th node host A node host sums all b values received as its own shared unit.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過節點主機執行(t,n)門檻式簽章方案,並且在n減少且t不變、t增加且n不變,或t減少且n不變時,由節點主機在不還原私鑰的條件下,基於安全多方計算重新計算共享單元,以及在n增加且t不變時,由已持有共享單元的節點主機,根據欲加入的節點主機的x座標及層級值在不還原私鑰的條件下,計算其相應的共享單元。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention implements the (t,n) threshold signature scheme through the node host, and when n decreases and t does not change, t increases and n does not change, Or when t decreases and n remains unchanged, the node host recalculates the shared unit based on secure multi-party computation without restoring the private key, and when n increases and t remains unchanged, the node host that already holds the shared unit, According to the x-coordinate and level value of the node host to be joined, the corresponding shared unit is calculated without restoring the private key.

透過上述的技術手段,本發明可以達成提高(t,n)門檻式簽章方案的可用性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the usability of the (t,n) threshold signature scheme.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The implementation of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

首先,在說明本發明所揭露之門檻式簽章方案的門檻值與參與數量的調整系統及其調整方法之前,先對本發明的應用環境作說明,本發明係應用在區塊鏈網路的環境,例如:比特幣區塊鏈網路(Bitcoin Blockchain Network)或以太坊區塊鏈網路(Ethereum Blockchain Network),這些區塊鏈網路中的各節點主機能夠執行安全多方計算,用以相互交換資料及計算結果,進而執行門檻式簽章方案。接著,針對本發明自行定義的名詞作說明,本發明所述的共享單元(Share)是指在進行安全多方計算時,在不同的節點主機之間進行相互交換資料及計算結果所生成的元素,所述元素能夠在不需重組私鑰的情況下,直接以數學運算計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」)。另外,所述分片是指透過分片(Sharding)技術將資料切分成的各分片,以便由不同節點主機相互獨立地處理各分片,再根據處理結果組成最終結果,即:新增的共享單元。First of all, before explaining the threshold value and the adjustment system and adjustment method of the threshold value and the number of participants in the threshold signature scheme disclosed in the present invention, the application environment of the present invention will be explained first. The present invention is applied in the blockchain network environment , such as: Bitcoin Blockchain Network (Bitcoin Blockchain Network) or Ethereum Blockchain Network (Ethereum Blockchain Network), each node host in these blockchain networks can perform secure multi-party calculations for mutual exchange Data and calculation results, and then implement the threshold signature scheme. Next, explain the self-defined nouns of the present invention. The shared unit (Share) mentioned in the present invention refers to the elements generated by exchanging data and calculation results between different node hosts when performing secure multi-party computing. The elements can directly calculate the signature (or "signature") conforming to the signature format of the Elliptic Curve Digital Signature Algorithm (ECDSA) by mathematical operations without reorganizing the private key. ). In addition, the sharding refers to the sharding of the data through sharding (Sharding) technology, so that different node hosts can process each shard independently, and then form the final result according to the processing results, namely: the newly added shared unit.

以下配合圖式對本發明門檻式簽章方案的門檻值與參與數量的調整系統及其調整方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明門檻式簽章方案的門檻值與參與數量的調整系統之系統方塊圖,此系統包含:多個節點主機(110a~110c)。所述節點主機(110a~110c)為區塊鏈網路100的節點,用以允許執行(t, n)門檻式簽章方案,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機(110a~110c)具有x座標及層級值,並且允許持有共享單元,每一節點主機(110a~110c)皆包含:第一處理模組111、第一計算模組112、調整模組113、第二處理模組114、第二計算模組115及生成模組116。其中,第一處理模組111用以在執行(t, n)門檻式簽章方案時設為第k個節點主機,當n減少且t不變、t增加且n不變,或t減少且n不變時,基於安全多方計算(Secure Multi-Party Computation, MPC)計算畢克霍夫係數,並且隨機選擇一個M次多項式且其常數項為畢克霍夫係數乘以自身的共享單元,其中,k、M為正整數。在實際實施上,所述M次多項式的微分次數等於層級值(當層級值為數值0時不微分),當n減少且t不變時,M = t - 1,當t增加且n不變,或t減少且n不變時,M = t’ - 1,t’為t改變後的門檻值且為正整數。另外,判斷n及t是否欲改變可由其中一個節點主機以廣播(Broadcast)或群播(Multicast)的方式通知區塊鏈網路100中的其它節點主機,舉例來說,假設要改要變n或t,可使其中一個節點主機產生並傳送一個紀錄有改變方式的通知訊息,用以通知參與執行(t, n)門檻式簽章方案的其它節點主機。要補充說明的是,所述x座標為橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的曲線點的x座標,如:「Secp256k1」橢圓曲線。The following diagrams will further explain the threshold value and the adjustment system and adjustment method of the threshold value and the number of participants in the threshold signature scheme of the present invention. Please refer to "Figure 1" first. "Picture 1" is the threshold signature scheme of the present invention. The system block diagram of the adjustment system of the threshold value and the number of participants, the system includes: multiple node hosts (110a~110c). The node hosts (110a~110c) are nodes of the blockchain network 100 to allow the implementation of the (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, and t and n are Positive integer and satisfying t<= n, each node host (110a~110c) has an x coordinate and a level value, and is allowed to hold a shared unit, each node host (110a~110c) includes: the first processing module 111 , the first calculation module 112 , the adjustment module 113 , the second processing module 114 , the second calculation module 115 and the generation module 116 . Among them, the first processing module 111 is used to set the kth node host when executing the (t, n) threshold signature scheme. When n decreases and t remains unchanged, t increases and n remains unchanged, or t decreases and When n is constant, the Bickhoff coefficient is calculated based on Secure Multi-Party Computation (MPC), and an M-degree polynomial is randomly selected and its constant item is the Bickhoff coefficient multiplied by its own shared unit, where , k and M are positive integers. In practice, the degree of differentiation of the M degree polynomial is equal to the level value (no differentiation when the level value is 0), when n decreases and t remains unchanged, M = t - 1, when t increases and n remains unchanged , or when t decreases and n remains unchanged, M = t' - 1, t' is the threshold value after t changes and is a positive integer. In addition, to determine whether n and t are to be changed, one of the node hosts can notify other node hosts in the blockchain network 100 by broadcast (Broadcast) or multicast (Multicast). Or t, one of the node hosts can generate and send a notification message with a record of the change mode, which is used to notify other node hosts participating in the implementation of the (t, n) threshold signature scheme. It should be added that the x-coordinate is the x-coordinate of a curve point of an Elliptic Curve Digital Signature Algorithm (ECDSA), such as the "Secp256k1" elliptic curve.

第一計算模組112連接第一處理模組111,用以根據執行(t, n)門檻式簽章方案的第j個節點主機的x座標及層級值對M次多項式取值以產生相應的多項式值,並且將多項式值傳送至第j個節點主機,其中,j為正整數。以三個節點主機為例,三個節點主機(110a~110c)會分別根據三個節點主機(110a~110c)的x座標及層級值對M次多項式取值以產生相應的多項式值,並且將產生的多項式值傳送給相應的節點主機,也就是說,自己會將基於自己的x座標及層級值所計算出的多項式值傳送給自己,以及將基於對方的x座標及層級值所計算出的多項式值傳送給對方,例如:第一個節點主機110a會將基於第二個節點主機110b的x座標及層級值所計算出的多項式值傳送給第二個節點主機110b;第一個節點主機110a會將基於第三個節點主機110c的x座標及層級值所計算出的多項式值傳送給第三個節點主機110c,並以此類推。The first calculation module 112 is connected to the first processing module 111, and is used to obtain the value of the M-degree polynomial according to the x-coordinate and the level value of the jth node host implementing the (t, n) threshold signature scheme to generate a corresponding polynomial value, and transmit the polynomial value to the jth node host, where j is a positive integer. Taking three node hosts as an example, the three node hosts (110a~110c) will generate corresponding polynomial values based on the x-coordinates and level values of the three node hosts (110a~110c) to generate corresponding polynomial values. The generated polynomial value is transmitted to the corresponding node host, that is, the polynomial value calculated based on its own x coordinate and level value will be transmitted to itself, and the polynomial value calculated based on the other party's x coordinate and level value The polynomial value is transmitted to the other party, for example: the first node host 110a will transmit the polynomial value calculated based on the x coordinate and the level value of the second node host 110b to the second node host 110b; the first node host 110a The polynomial value calculated based on the x-coordinate and the level value of the third node host 110c is transmitted to the third node host 110c, and so on.

調整模組113連接第一計算模組112,用以將接收自不同節點主機的所有多項式值相加以作為自身的共享單元。在實際實施上,節點主機本身會接收到自己計算出的多項式值,以及接收到來自其它節點主機計算出的多項式值,並且將這些多項式值相加以作為自身的共享單元,並且取代原本持有的共享單元。另外,調整模組113可連接第一處理模組111,以便在取代原本持有的共享單元後,重新由第一處理模組111根據n及t的變化進行相應的處理。The adjustment module 113 is connected to the first calculation module 112 for adding all polynomial values received from different node hosts as its own shared unit. In actual implementation, the node host itself will receive the polynomial value calculated by itself, as well as the polynomial value calculated by other node hosts, and add these polynomial values as its own shared unit, and replace the originally held shared unit. In addition, the adjustment module 113 can be connected to the first processing module 111, so that after replacing the originally held shared unit, the first processing module 111 can perform corresponding processing again according to the changes of n and t.

第二處理模組114連接第一處理模組,用以在n增加且t不變時,將欲加入執行(t, n)門檻式簽章方案的節點主機設為第n+1個節點主機,並且將第n+1個節點主機的x座標及層級值傳送至t個已持有共享單元的節點主機。舉例來說,假設n及t皆為數值2代表有兩個已持有共享單元的節點主機(110a、110b),當n增加(即:n + 1)且t不變時,第三個節點主機110c會將自己的x座標及層級值傳送給這兩個已持有共享單元的節點主機(110a、110b)。The second processing module 114 is connected to the first processing module, and is used to set the node host that wants to join the (t, n) threshold signature scheme as the n+1th node host when n increases and t remains unchanged , and transmit the x-coordinate and level value of the n+1th node host to the t node hosts that already hold the shared unit. For example, assuming that both n and t are the value 2, it means that there are two node hosts (110a, 110b) that already hold shared units. When n increases (ie: n + 1) and t remains unchanged, the third node The host 110c will send its own x-coordinate and level value to the two node hosts ( 110a , 110b ) that have shared units.

第二計算模組115連接第二處理模組114,用以在接收到第n+1個節點主機的x座標及層級值,並且本身為已持有共享單元的第k個節點主機時,根據第n+1個節點主機的層級值、第n+1個節點主機的x座標,以及第k個節點主機的共享單元計算出相應的a值。在實際實施上,所述a值的計算式為「a k= sum_{i = n n+1} ^{t-1}( i! / (i - n n+1)!) * x n+1^{i - n n+1} * B i,k* s k」,其中,「a k」為第k個節點主機計算出的a值、「n n+1」為第n+1個節點主機的層級值、「x n+1」為第n+1個節點主機的x座標、「B i,k」為第k個節點主機的第i個畢克霍夫係數,以及「s k」為第k個節點主機的共享單元、「i」為正整數。 The second calculation module 115 is connected to the second processing module 114, and is used for receiving the x-coordinate and level value of the n+1th node host, and when it is the kth node host already holding a shared unit, according to The level value of the n+1th node host, the x coordinate of the n+1th node host, and the shared unit of the kth node host calculate the corresponding a value. In actual implementation, the formula for calculating the value of a is "a k = sum_{i = n n+1 } ^ {t-1}( i! / (i - n n+1 )!) * x n+ 1 ^{i - n n+1 } * B i,k * s k ”, where “a k ” is the a value calculated by the kth node host, and “n n+1 ” is the n+1th The level value of the node host, "x n+1 " is the x-coordinate of the n+1th node host, "B i,k " is the i-th Bickhoff coefficient of the k-th node host, and "s k ” is the shared unit of the kth node host, and “i” is a positive integer.

生成模組116連接第二計算模組115,用以將a值隨機分成t個分片,再將第j個分片傳送至第j個節點主機,並且將來自不同節點主機的所有分片相加以產生第k個節點主機的b值,再將所述b值傳送至第n+1個節點主機,以及在節點主機(110a~110c)本身為第n+1個節點主機時,將接收到的所有b值相加以作為自身的共享單元。舉例來說,假設a值為數值11,可將其分成「1」及「10」,其中「10」為隨機選擇;假設a值為數值12,可將其分成「5」及「7」,其中「7」為隨機選擇。在實際實施上,生成模組116可連接第一處理模組111,以便在生成模組116產生自身的共享單元後,重新由第一處理模組111根據n及t的變化進行相應的處理。The generation module 116 is connected to the second calculation module 115, and is used to randomly divide the value of a into t fragments, and then transmit the jth fragment to the jth node host, and compare all the fragments from different node hosts Generate the b value of the kth node host, and then send the b value to the n+1th node host, and when the node host (110a~110c) itself is the n+1th node host, it will receive All b-values of are added together as their own shared unit. For example, if the value of a is 11, it can be divided into "1" and "10", where "10" is randomly selected; if the value of a is 12, it can be divided into "5" and "7", Among them, "7" is randomly selected. In practical implementation, the generation module 116 can be connected to the first processing module 111, so that after the generation module 116 generates its own shared unit, the first processing module 111 performs corresponding processing again according to the changes of n and t.

特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that in actual implementation, the modules described in the present invention can be implemented in various ways, including software, hardware or any combination thereof. For example, in some implementations, each module can use software and hardware or one of them. In addition, the present invention can also be realized partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), complex programmable logic device (Complex Programmable Logic Device, CPLD), field programmable logic gate array (Field Programmable Gate Array, FPGA) and so on. The present invention can be a system, method and/or computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for causing a processor to implement various aspects of the present invention, the computer-readable storage medium may be a tangible and equipment. A computer readable storage medium may be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light signals through fiber optic cables), or transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded over a network, such as the Internet, local area network, wide area network, and/or wireless network to an external computer device or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in computer-readable storage media in each computing/processing device middle. The computer program instructions for performing the operations of the present invention may be assembly language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may be executed entirely on the computer, partly on the computer, as a stand-alone piece of software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server to execute.

請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明門檻式簽章方案的門檻值與參與數量的調整方法之方法流程圖,其步驟包括:提供允許執行(t, n)門檻式簽章方案的節點主機(110a~110c),其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機(110a~110c)具有x座標及層級值,並且允許持有共享單元(步驟210);當n減少且t不變、t增加且n不變,或t減少且n不變時,執行(t, n)門檻式簽章方案的第k個節點主機基於安全多方計算(Secure Multi-Party Computation, MPC)執行以下步驟,其中k為正整數(步驟220):計算畢克霍夫係數,並且隨機選擇一個M次多項式且其常數項為畢克霍夫係數乘以自身的共享單元,其中,M皆為正整數(步驟221);接收執行(t, n)門檻式簽章方案的第j個節點主機的x座標及層級值,用以對選擇的M次多項式取值以產生相應的多項式值,並且將多項式值傳送至第j個節點主機,其中,j為正整數(步驟222);將接收自不同節點主機的所有多項式值相加以作為自身的共享單元(步驟223);以及當n增加且t不變時,已加入與欲加入執行(t, n)門檻式簽章方案的節點主機基於安全多方計算執行以下步驟(步驟230):將欲加入執行(t, n)門檻式簽章方案的節點主機設為第n+1個節點主機,並且將第n+1個節點主機的x座標及層級值傳送至t個已持有共享單元的節點主機(步驟231);已持有共享單元的第k個節點主機根據第n+1個節點主機的層級值、第n+1個節點主機的x座標,以及第k個節點主機的共享單元計算出相應的a值(步驟232);已持有共享單元的第k個節點主機將a值隨機分成t個分片,再將第j個分片傳送至第j個節點主機(步驟233);已持有共享單元的第k個節點主機將來自不同節點主機的所有分片相加以產生第k個節點主機的b值,再將所述b值傳送至第n+1個節點主機(步驟234);以及第n+1個節點主機將接收到的所有b值相加以作為自身的共享單元(步驟235)。透過上述步驟,即可透過節點主機執行(t,n)門檻式簽章方案,並且在n減少且t不變、t增加且n不變,或t減少且n不變時,由節點主機基於安全多方計算重新計算共享單元,以及在n增加且t不變時,由已持有共享單元的節點主機,根據欲加入的節點主機的x座標及層級值計算其相應的共享單元。Please refer to "Fig. 2A" and "Fig. 2B". "Fig. 2A" and "Fig. 2B" are the flow charts of the method for adjusting the threshold value and the number of participants of the threshold signature scheme of the present invention. The steps include : Provide node hosts (110a~110c) that are allowed to implement the (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers that meet the requirement that t <= n, each Node hosts (110a-110c) have x coordinates and level values, and are allowed to hold shared units (step 210); when n decreases and t does not change, t increases and n does not change, or t decreases and n does not change, execute (t, n) The k-th node host of the threshold signature scheme performs the following steps based on Secure Multi-Party Computation (MPC), where k is a positive integer (step 220): calculate the Bikerhoff coefficient, And randomly select a polynomial of degree M and its constant term is the shared unit multiplied by Bickhoff coefficients itself, where M is all positive integers (step 221); receive and implement the (t, n)th threshold signature scheme The x-coordinates and level values of the j node hosts are used to evaluate the selected M-degree polynomial to generate a corresponding polynomial value, and transmit the polynomial value to the j-th node host, where j is a positive integer (step 222) ; Add all polynomial values received from different node hosts as its own shared unit (step 223); The node host executes the following steps based on secure multi-party computation (step 230): set the node host to join the implementation of the (t, n) threshold signature scheme as the n+1th node host, and set the n+1th node host The x-coordinate and level value of the shared unit are sent to the t node hosts that already hold the shared unit (step 231); the kth node host that already holds the shared unit is based on the level value of the n+1th The x coordinates of the node hosts and the shared unit of the kth node host calculate the corresponding a value (step 232); the kth node host that already holds the shared unit randomly divides the a value into t fragments, and then The j-th fragment is sent to the j-th node host (step 233); the k-th node host that already holds the shared unit adds all the fragments from different node hosts to generate the b value of the k-th node host, and then The b value is transmitted to the n+1th node host (step 234); and the n+1th node host adds up all received b values as its own sharing unit (step 235). Through the above steps, the (t,n) threshold signature scheme can be implemented through the node host, and when n decreases and t remains unchanged, t increases and n remains unchanged, or t decreases and n remains unchanged, the node host based on Secure multi-party computing recalculates the shared unit, and when n increases and t remains unchanged, the node host that already holds the shared unit calculates its corresponding shared unit according to the x-coordinate and level value of the node host to join.

以下配合「第3圖」至「第6圖」以實施例的方式進行如下說明,請參閱「第3圖」,「第3圖」為應用本發明減少參與數量且門檻值不變之示意圖。倘若(t, n)門檻式簽章方案的t為數值2,n為數值3,代表其門檻值為數值2及參與數量為數值3,在有限體為「F 13」的情況下,以三個節點主機(110a~110c)為例,假設第一個節點主機110a的x座標、層級值及共享單元分別為「1」、「0」及「11」;第二個節點主機110b的x座標、層級值及共享單元分別為「2」、「0」及「1」;第三個節點主機110c的x座標、層級值及共享單元分別為「5」、「1」及「3」,並且原本對應的唯一多項式為「3x + 8」,其中,數值「8」為密文。當要減少參與數量(即:n降低)且門檻值不變時,例如:欲使第三個節點主機110c持有的共享單元失效,那麼,需要第一個節點主機110a及第二個節點主機110b基於安全多方計算共同參與運算。此時,第一個節點主機110a將隨機選擇一個多項式311,如:「f(x) = 5x + 2 * 11」、第二個節點主機110b同樣隨機選擇一個多項式312,如:「g(x) = 7x + (-1) * 1」,其中,「2」及「-1」為各自對應的畢克霍夫係數;「11」及「1」為各自對應的共享單元。接著,第一個節點主機110a除了會根據自身的x座標及層級值(x座標帶入多項式的x;層級值代表多項式的微分次數,數值0代表多項式微分0次或不微分,數值1代表多項式微分1次,並以此類推)計算出相應的多項式值(即:「f(1) = 27 = 1 mod 13」)之外,也會根據第二個節點主機110b的x座標及層級值計算出相應的多項式值(即:「f(2) = 32 = 6 mod 13」)。第二個節點主機110b同樣也可以相同方式計算出「g(1) = 6」、「g(2) = 0」。接下來,第一個節點主機110a會將多項式值「f(2) = 6 mod 13」傳送給第二個節點主機110b;第二個節點主機110b則將多項式值「g(1) = 6 mod 13」傳送給第一個節點主機110a。如此一來,第一個節點主機110a便得知多項式值「f(1)」及「g(1)」,並且將其相加的值(即:數值7)作為自身的共享單元,而第二個節點主機110b則得知多項式值「f(2)」及「g(2)」,並且將其相加的值(即:數值6)作為自身的共享單元。在進行驗證時,可計算出唯一的一次多項式「h(x)」滿足「h(1) = 7」且「h(2) = 6」,即:「h(x) = 12x + 8 mod 13」,當x帶入數值0時,可得到與原本對應的唯一多項式相同的數值8,但是對於第三個節點主機110c來說,原本的共享單元便會失效,因為「h’(5) = 12」不等於「3 mod 13」。 The following description will be made in the form of an embodiment in conjunction with "Figure 3" to "Figure 6", please refer to "Figure 3", "Figure 3" is a schematic diagram of applying the present invention to reduce the number of participants and keep the threshold value unchanged. If t of the (t, n) threshold signature scheme is a value of 2 and n is a value of 3, it means that its threshold value is a value of 2 and the number of participants is a value of 3 . Take two node hosts (110a~110c) as an example, assuming that the x-coordinate, level value and sharing unit of the first node host 110a are "1", "0" and "11"respectively; the x-coordinate of the second node host 110b , level value and shared unit are "2", "0" and "1"respectively; the x-coordinate, level value and shared unit of the third node host 110c are "5", "1" and "3" respectively, and The original corresponding unique polynomial is "3x + 8", where the value "8" is the ciphertext. When the number of participants needs to be reduced (i.e., n is lowered) and the threshold remains unchanged, for example, if the shared unit held by the third node host 110c is to be invalidated, then the first node host 110a and the second node host 110a are required to 110b participates in computing based on secure multi-party computing. At this time, the first node host 110a will randomly select a polynomial 311, such as: "f(x) = 5x + 2 * 11", and the second node host 110b also randomly selects a polynomial 312, such as: "g(x ) = 7x + (-1) * 1", where "2" and "-1" are the corresponding Bickhoff coefficients; "11" and "1" are the corresponding shared units. Next, the first node host 110a, in addition to its own x-coordinate and level value (the x-coordinate is brought into the x of the polynomial; the level value represents the degree of differentiation of the polynomial, a value of 0 means that the polynomial has 0 degree of differentiation or no differentiation, and a value of 1 means that the polynomial Differentiate once, and so on) to calculate the corresponding polynomial value (ie: "f(1) = 27 = 1 mod 13"), it will also be calculated based on the x-coordinate and level value of the second node host 110b to produce the corresponding polynomial value (ie: "f(2) = 32 = 6 mod 13"). The second node host 110b can also calculate "g(1) = 6" and "g(2) = 0" in the same way. Next, the first node host 110a will transmit the polynomial value "f(2) = 6 mod 13" to the second node host 110b; the second node host 110b will send the polynomial value "g(1) = 6 mod 13" to the first node host 110a. In this way, the first node host 110a knows the polynomial values "f(1)" and "g(1)", and uses the added value (ie: value 7) as its own shared unit, while the second The two node hosts 110b then know the polynomial values "f(2)" and "g(2)", and use the added value (ie, the value 6) as their shared unit. When verifying, it can be calculated that the only polynomial of degree "h(x)" satisfies "h(1) = 7" and "h(2) = 6", namely: "h(x) = 12x + 8 mod 13 ", when x takes the value 0, the same value 8 as the original corresponding unique polynomial can be obtained, but for the third node host 110c, the original shared unit will be invalid, because "h'(5) = 12" is not equal to "3 mod 13".

接下來,請參閱「第4圖」,「第4圖」為應用本發明增加門檻值且參與數量不變之示意圖。以上述三個節點主機(110a~110c)為例,若欲使t增加且n不變,則所有節點主機(110a~110c)都會參與運算。假設原本的門檻值為t、參與數量為n、調整後的門檻值t’,則「t < t’ <= n」。接著,第k個節點主機會計算出畢克霍夫係數,並且隨機選擇 t’ - 1次多項式「

Figure 02_image001
」且其常數項為「B i,k* s k」,其中,「B i,k」為第k個節點主機的畢克霍夫係數、「s k」為第k個節點主機的共享單元。接下來,第k個節點主機會根據第j個節點主機的x座標和層級值計算「
Figure 02_image003
」的多項式值再回傳至第j個節點主機,其中,「
Figure 02_image005
」為第j個節點主機的層級值、「
Figure 02_image007
」為第j個節點主機的x座標。每一個節點主機(110a~110c)都會收到共計n個多項式值(包含自己根據自身的x座標和層級值所計算出的層級值),將其相加後即可產生共享單元。舉例來說,假設門檻值要從數值2增加至數值3,第一個節點主機110a隨機選擇二次多項式411為「f(x) = x 2+ 5x + 6 * 11」;第二個節點主機110b隨機選擇二次多項式412為「g(x) = 2 * x 2+ 7x + 8 * 1」;第三個節點主機110c隨機選擇二次多項式413為「h(x) = x 2+ 7x + 4 * 3」。此時,第一個節點主機110a根據自身、第二個節點主機110b和第三個節點主機110c的x座標和層級值分別計算出「f(1) = 7」、「f(2) = 2」及「f’(5) = 2」;第二個節點主機110b以相同的方式計算出「g(1) = 4」、「g(2) = 4」及「g’(5) = 1」;第三個節點主機110c同樣可計算出「h(1) = 7」、「h(2) = 4」及「h’(5) = 4」。接著,將計算出的多項式值傳送給相應的節點主機,即:「f(1) = 7」、「g(1) = 4」及「h(1) = 7」傳給第一個節點主機110a;「f(2) = 2」、「g(2) = 4」及「h(2) = 4」傳送給第二個節點主機110b;「f’(5) = 2」、「g’(5) = 1」及「h’(5) = 4」傳送給第三個節點主機110c。如此一來,第一個節點主機110a將其加總(f(1) + g(1) + h(1) = 5 mod 13)後即可獲得相應的共享單元;第二個節點主機110b將其加總(f(2) + g(2) + h(2) = 10 mod 13)後即可獲得相應的共享單元;第三個節點主機110c將其加總(f’(5) + g’(5) + h’(5) = 7 mod 13)後即可獲得相應的共享單元。要補充說明的是,由於唯一滿足「5」、「10」及「7」這三個解的二次多項式為「t(x) = 4x 2+ 6x + 8 mod 13」,因為「t(1) = 5」、「t(2) = 10」且「t’(5) = 7」。因此,如果只有任意兩個節點主機的話,將無法正確解出密文,例如:「t(1) = 5」和「t(2) = 10」將解出一次多項式為「5 * x」;「t(1) = 5」和「t’(5) = 7」將解出一次多項式為「7x + 11」;「t(2) = 10」和「t’(5) = 7」將解出一次多項式為「7x + 9」,然而,從這些多項式皆無法獲得密文(即:常數項皆與密文不同),故證明在未達門檻值時,無法正確進行簽章。 Next, please refer to "Figure 4", "Figure 4" is a schematic diagram of applying the present invention to increase the threshold and keep the number of participants unchanged. Taking the above three node hosts (110a-110c) as an example, if it is desired to increase t while keeping n unchanged, all node hosts (110a-110c) will participate in the calculation. Assuming that the original threshold value is t, the number of participants is n, and the adjusted threshold value is t', then "t <t'<=n". Then, the k-th node host will calculate the Bickhoff coefficient, and randomly select t' - polynomial of degree 1"
Figure 02_image001
” and its constant term is “B i,k * s k ”, where “B i,k ” is the Bikerhoff coefficient of the k-th node host, and “s k ” is the shared unit of the k-th node host . Next, the kth node host will be calculated according to the x coordinate and level value of the jth node host "
Figure 02_image003
"The polynomial value is sent back to the jth node host, where "
Figure 02_image005
"is the hierarchy value of the jth node host, "
Figure 02_image007
"is the x-coordinate of the jth node host. Each node host (110a-110c) will receive a total of n polynomial values (including the level value calculated by itself based on its own x-coordinate and level value), which can be added to generate a shared unit. For example, assuming that the threshold value is to be increased from value 2 to value 3, the first node host 110a randomly selects the quadratic polynomial 411 as "f(x) = x 2 + 5x + 6 * 11"; the second node host 110b randomly selects the quadratic polynomial 412 as "g(x) = 2 * x 2 + 7x + 8 * 1"; the third node host 110c randomly selects the quadratic polynomial 413 as "h(x) = x 2 + 7x + 4*3". At this time, the first node host 110a calculates "f(1) = 7" and "f(2) = 2 " and "f'(5) = 2"; the second node host 110b calculates "g(1) = 4", "g(2) = 4" and "g'(5) = 1 in the same way "; the third node host 110c can also calculate "h(1)=7", "h(2)=4" and "h'(5)=4". Then, transmit the calculated polynomial value to the corresponding node host, namely: "f(1) = 7", "g(1) = 4" and "h(1) = 7" to the first node host 110a; "f(2) = 2", "g(2) = 4" and "h(2) = 4" are sent to the second node host 110b; "f'(5) = 2", "g' (5) = 1" and "h'(5) = 4" are sent to the third node host 110c. In this way, the first node host 110a can obtain the corresponding shared unit after adding up (f(1) + g(1) + h(1) = 5 mod 13); the second node host 110b will The corresponding shared unit can be obtained after the sum (f(2) + g(2) + h(2) = 10 mod 13); the third node host 110c sums it up (f'(5) + g '(5) + h'(5) = 7 mod 13) to get the corresponding shared unit. It should be added that since the only quadratic polynomial that satisfies the three solutions of "5", "10" and "7" is "t(x) = 4x 2 + 6x + 8 mod 13", because "t(1 ) = 5", "t(2) = 10", and "t'(5) = 7". Therefore, if there are only any two node hosts, the ciphertext will not be correctly decrypted, for example: "t(1) = 5" and "t(2) = 10" will solve the first-degree polynomial as "5 * x";"t(1) = 5" and "t'(5) = 7" will solve the first degree polynomial as "7x + 11";"t(2) = 10" and "t'(5) = 7" will solve The first-degree polynomial is "7x + 9". However, the ciphertext cannot be obtained from these polynomials (that is, the constant items are all different from the ciphertext), so it is proved that the signature cannot be performed correctly when the threshold value is not reached.

如「第5圖」所示意,「第5圖」為應用本發明減少門檻值且參與數量不變之示意圖。同樣以上述三個節點主機(110a~110c)為例,在t減少且n不變的情況下,所有節點主機(110a~110c)都會參與運算,其與「第4圖」舉例的差異在於門檻值將滿足「t’ < t <= n」。在門檻值為數值3時,原本對應的唯一多項式為「t(x) = 4x 2+ 6x + 8 mod 13」,倘若要將門檻值調整為數值2,三個節點主機(110a~110c)會重新隨機選擇一次多項式,例如:第一個節點主機110a選擇一次多項式511為「f(x) = 5x + 6 * 11」;第二個節點主機110b選擇一次多項式512為「g(x) = 7x + 8 * 1」;第三個節點主機110c選擇一次多項式513為「h(x) = 7x + 4 * 3」。接著,第一個節點主機110a根據自身、第二個節點主機110b和第三個節點主機110c的x座標和層級值分別計算出「f(1) = 6」、「f(2) = 11」及「f’(5) = 5」;第二個節點主機110b以相同的方式計算出「g(1) = 2」、「g(2) = 9」及「g’(5) = 7」;第三個節點主機110c同樣可計算出「h(1) = 6」、「h(2) = 0」及「h’(5) = 7」,然後將計算出的多項式值傳送給相應的節點主機,即:「f(1) = 6」、「g(1) = 2」及「h(1) = 6」傳給第一個節點主機110a;「f(2) = 11」、「g(2) = 9」及「h(2) = 0」傳送給第二個節點主機110b;「f’(5) = 5」、「g’(5) = 7」及「h’(5) = 7」傳送給第三個節點主機110c。如此一來,第一個節點主機110a將其加總(f(1) + g(1) + h(1) = 1 mod 13)後即可獲得相應的共享單元;第二個節點主機110b將其加總(f(2) + g(2) + h(2) = 7 mod 13)後即可獲得相應的共享單元;第三個節點主機110c將其加總(f’(5) + g’(5) + h’(5) = 6 mod 13)後即可獲得相應的共享單元。此時,由於任意兩個節點主機解出的一次多項式都是相同的,如:「t(1) = 5」和「t(2) = 7」解出一次多項式為「6x + 8」;「t(1) = 5」和「t’(5) = 6」解出一次多項式為「6x + 8」;「t(2) = 7」和「t’(5) = 6」解出一次多項式為「6x + 8」,故證明門檻值滿足數值2時,即可獲得密文(即:數值8)並正確進行簽章。 As shown in "Figure 5", "Figure 5" is a schematic diagram of applying the present invention to reduce the threshold and keep the number of participants unchanged. Also take the above three node hosts (110a~110c) as an example. When t decreases and n remains unchanged, all node hosts (110a~110c) will participate in the calculation. The difference from the example in "Figure 4" lies in the threshold The value will satisfy "t'< t <= n". When the threshold value is 3, the original corresponding unique polynomial is "t(x) = 4x 2 + 6x + 8 mod 13". If the threshold value is to be adjusted to a value of 2, the three node hosts (110a~110c) will Randomly select the first-order polynomial again, for example: the first node host 110a selects the first-order polynomial 511 as "f(x) = 5x + 6 * 11"; the second node host 110b selects the first-order polynomial 512 as "g(x) = 7x + 8 * 1"; the third node host 110c selects the first-degree polynomial 513 as "h(x) = 7x + 4 * 3". Next, the first node host 110a calculates "f(1) = 6" and "f(2) = 11" respectively according to the x-coordinates and level values of itself, the second node host 110b, and the third node host 110c and "f'(5) = 5"; the second node host 110b calculates "g(1) = 2", "g(2) = 9" and "g'(5) = 7" in the same way ; The third node host 110c can also calculate "h(1) = 6", "h(2) = 0" and "h'(5) = 7", and then transmit the calculated polynomial value to the corresponding Node hosts, namely: "f(1) = 6", "g(1) = 2" and "h(1) = 6" are passed to the first node host 110a; "f(2) = 11", " g(2) = 9" and "h(2) = 0" are sent to the second node host 110b; "f'(5) = 5", "g'(5) = 7" and "h'(5) ) = 7" to the third node host 110c. In this way, the first node host 110a can obtain the corresponding shared unit after adding up (f(1) + g(1) + h(1) = 1 mod 13); the second node host 110b will The corresponding shared unit can be obtained after the sum (f(2) + g(2) + h(2) = 7 mod 13); the third node host 110c sums it up (f'(5) + g '(5) + h'(5) = 6 mod 13) to get the corresponding shared unit. At this time, since the first-order polynomials solved by any two node hosts are the same, such as: "t(1) = 5" and "t(2) = 7" solve the first-order polynomial as "6x + 8";" t(1) = 5" and "t'(5) = 6" solve the first degree polynomial as "6x + 8";"t(2) = 7" and "t'(5) = 6" solve the first degree polynomial It is "6x + 8", so when the proof threshold meets the value 2, the ciphertext (ie: value 8) can be obtained and signed correctly.

從上面可清楚看到,在n減少t不變、t增加且n不變、t減少且n不變等情況下,這三種情況的處理流程均大致相同,三者主要的差異在於選擇的M次多項式的M會隨著t的變化而改變,也就是說,當t增加且n不變,或t減少且n不變時,須滿足「M = t’ – 1」,其中,t’為t改變後的門檻值且為正整數,舉例來說,在t增加且n不變時滿足「t < t’ <= n」;在t減少且n不變時滿足「t’ < t <= n」。接著,另一個差異在於執行安全多方計算時,若調整t則需要所有已持有共享單元的節點主機共同參與計算,若t不變則由t個已持有共享單元的節點主機參與計算。另外,為了方便說明,上述舉例中皆以簡單的數值進行示意,實際上,x座標及共享單元通常是非常大的數值。It can be clearly seen from the above that in the cases where n decreases and t does not change, t increases and n does not change, t decreases and n does not change, etc., the processing procedures of these three cases are roughly the same, and the main difference between the three lies in the selected M The M of the degree polynomial will change as t changes, that is, when t increases and n does not change, or t decreases and n does not change, it must satisfy "M = t' – 1", where t' is The threshold value after t is changed and is a positive integer. For example, when t increases and n remains unchanged, "t < t' <= n" is satisfied; when t decreases and n remains unchanged, "t' < t <= n". Next, another difference is that when performing secure multi-party computation, if t is adjusted, all node hosts that already hold shared units are required to participate in the calculation; if t remains unchanged, t node hosts that already hold shared units are required to participate in the calculation. In addition, for the convenience of description, the above examples are all illustrated with simple numerical values. In fact, the x-coordinate and the shared unit are usually very large numerical values.

如「第6圖」所示意,「第6圖」為應用本發明增加參與數量且門檻值不變之示意圖。假設原本有二個節點主機(110a、110b),對應的唯一多項式為「3x + 8」,且「8」為密文,第一個節點主機110a的x座標、層級值及共享單元分別為「1」「0」「11」,第二個節點主機110b的x座標、層級值及共享單元分別為「2」「1」「3」。若要增加一個節點主機110c執行(t,n)門檻式簽章方案,此節點主機110c的x座標及層級值分別為「5」及「0」。此時,需要第一個節點主機110a及第二個節點主機110b幫助計算出第三個節點主機110c的共享單元。因此,第三個節點主機110c會先將自己的x座標及層級值傳送給第一個節點主機110a及第二個節點主機110b,以便第一個節點主機根據x座標、層級值及自身的共享單元計算出相應的a值(即:1 * 11),計算式611為:「(1 + 5 * 0) * 11」;第二個節點主機110b同樣根據x座標、層級值及自身的共享單元計算出相應的a值(即:4 * 3),計算式612為「(-1 + 5 * 1) * 3」。接下來,第一個節點主機110a將其計算出的a值分成t個分片,例如:將11分成「1 + 10」,其中「10」為隨機挑選且傳送給第二節點主機110b;第二個節點主機110b同樣將其計算出的a值分成t個分片,例如:將12分成「5 + 7」,其中「7」為隨機挑選且傳送給第一個節點主機110a。此時,第一個節點主機110a持有「1」和「7」;第二個節點主機110b持有「5」和「10」。接著,第一個節點主機110a將「1」和「7」相加得到「8」(即:第一個節點主機110a計算出的b值);第二個節點主機110b將「5」和「10」相加得到「15」(即:第二個節點主機110b計算出的b值),並且都將計算出的b值傳送給第三個節點主機110c,以便由第三個節點主機110c將接收到的所有b值相加以作為自身的共享單元,即:「15 + 8 = 23」。由於原本的多項式為「3x + 8」,將第三個節點主機110c的x座標(即:數值5)帶入可得到相同的值(即:數值23),故可確認新產生的共享單元無誤。特別要說明的是,假設在有限體為「F 13」的情況下,上述共享單元與第三個節點主機110c的x座標帶入計算出的數值23同樣都會進行取模運算,以此例而言,其數值將成為「10 mod 13」。 As shown in "Figure 6", "Figure 6" is a schematic diagram of applying the present invention to increase the number of participants and keep the threshold value unchanged. Suppose there are originally two node hosts (110a, 110b), the corresponding unique polynomial is "3x + 8", and "8" is the ciphertext, the x-coordinate, level value and sharing unit of the first node host 110a are respectively "1","0" and "11", and the x-coordinate, level value and shared unit of the second node host 110b are "2", "1" and "3" respectively. If adding a node host 110c to implement the (t,n) threshold signature scheme, the x-coordinate and level value of the node host 110c are "5" and "0" respectively. At this time, the first node host 110a and the second node host 110b are required to help calculate the shared unit of the third node host 110c. Therefore, the third node host 110c will first transmit its own x coordinate and level value to the first node host 110a and the second node host 110b, so that the first node host can The unit calculates the corresponding a value (ie: 1 * 11), and the calculation formula 611 is: "(1 + 5 * 0) * 11"; the second node host 110b also uses the x coordinate, level value and its own shared unit Calculate the corresponding value of a (ie: 4 * 3), and the calculation formula 612 is "(-1 + 5 * 1) * 3". Next, the first node host 110a divides the calculated a value into t pieces, for example: divide 11 into "1 + 10", where "10" is randomly selected and sent to the second node host 110b; The two node hosts 110b also divide the calculated a value into t pieces, for example: divide 12 into "5 + 7", where "7" is randomly selected and sent to the first node host 110a. At this time, the first node host 110a holds "1" and "7"; the second node host 110b holds "5" and "10". Next, the first node host 110a adds "1" and "7" to get "8" (ie: the b value calculated by the first node host 110a); the second node host 110b adds "5" and "10" to get "15" (namely: the b value calculated by the second node host 110b), and both will send the calculated b value to the third node host 110c, so that the third node host 110c will All received b values are summed up as its own shared unit, ie: "15 + 8 = 23". Since the original polynomial is "3x + 8", the same value (ie: 23) can be obtained by substituting the x coordinate of the third node host 110c (ie: value 5), so it can be confirmed that the newly generated shared unit is correct . In particular, assuming that the finite body is “F 13 ”, the value 23 calculated by the above shared unit and the x-coordinate of the third node host 110c will also be subjected to a modulo calculation. In this example, In other words, its value will be "10 mod 13".

綜上所述,可知本發明與先前技術之間的差異在於透過節點主機執行(t,n)門檻式簽章方案,並且在n減少且t不變、t增加且n不變,或t減少且n不變時,由節點主機在不還原私鑰的條件下,基於安全多方計算重新計算共享單元,以及在n增加且t不變時,由已持有共享單元的節點主機,根據欲加入的節點主機的x座標及層級值在不還原私鑰的條件下,計算其相應的共享單元,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高(t,n)門檻式簽章方案的可用性之技術功效。To sum up, it can be seen that the difference between the present invention and the prior art lies in the implementation of the (t,n) threshold signature scheme through the node host, and when n decreases and t remains unchanged, t increases and n remains unchanged, or t decreases And when n is unchanged, the node host recalculates the shared unit based on secure multi-party computation without restoring the private key, and when n increases and t remains unchanged, the node host that already holds the shared unit, according to the desire to join The x-coordinate and level value of the node host can calculate its corresponding shared unit under the condition of not restoring the private key. This technical means can solve the problems existing in the previous technology, and then achieve an improved (t, n) threshold formula The technical effect of the usability of the signature scheme.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above with the aforementioned embodiments, it is not intended to limit the present invention. Any person familiar with similar skills may make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to what is defined in the scope of patent application attached to this specification.

100:區塊鏈網路 110a~110c:節點主機 111:第一處理模組 112:第一計算模組 113:調整模組 114:第二處理模組 115:第二計算模組 116:生成模組 311,312:多項式 411~413:二次多項式 511~513:一次多項式 611,612:計算式 步驟210:提供允許執行一(t, n)門檻式簽章方案的多個節點主機,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機具有一x座標及一層級值,並且允許持有一共享單元 步驟220:當n減少且t不變、t增加且n不變,或t減少且n不變時,執行該(t, n)門檻式簽章方案的第k個所述節點主機基於安全多方計算(Secure Multi-Party Computation, MPC)執行以下步驟,其中k為正整數 步驟221:計算一畢克霍夫係數,並且隨機選擇一M次多項式且其常數項為該畢克霍夫係數乘以自身的所述共享單元,其中,M皆為正整數 步驟222:接收執行該(t, n)門檻式簽章方案的第j個所述節點主機的該x座標及該層級值,用以對選擇的所述M次多項式取值以產生相應的一多項式值,並且將所述多項式值傳送至第j個所述節點主機,其中, j為正整數 步驟223:將接收自不同所述節點主機的所有所述多項式值相加以作為自身的該共享單元 步驟230:當n增加且t不變時,已加入與欲加入執行該(t, n)門檻式簽章方案的所述節點主機基於安全多方計算執行以下步驟 步驟231:將欲加入執行該(t, n)門檻式簽章方案所述節點主機設為第n+1個所述節點主機,並且將第n+1個所述節點主機的該x座標及該層級值傳送至t個已持有所述共享單元的所述節點主機 步驟232:已持有所述共享單元的第k個所述節點主機根據第n+1個所述節點主機的該層級值、第n+1個所述節點主機的該x座標,以及第k個所述節點主機的所述共享單元計算出相應的一a值 步驟233:已持有所述共享單元的第k個所述節點主機將所述a值隨機分成t個分片,再將第j個所述分片傳送至第j個所述節點主機 步驟234:已持有所述共享單元的第k個所述節點主機將來自不同所述節點主機的所有所述分片相加以產生第k個所述節點主機的一b值,再將所述b值傳送至第n+1個所述節點主機 步驟235:第n+1個所述節點主機將接收到的所有所述b值相加以作為自身的該共享單元 100: Blockchain network 110a~110c: node host 111: The first processing module 112: The first computing module 113: Adjustment module 114: Second processing module 115: Second computing module 116: Generate modules 311,312: Polynomials 411~413: quadratic polynomial 511~513: first degree polynomial 611,612: calculation formula Step 210: Provide multiple node hosts that are allowed to implement a (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers that meet t <= n, each Node hosts have an x-coordinate and a level value, and are allowed to hold a shared unit Step 220: When n decreases and t does not change, t increases and n does not change, or t decreases and n does not change, execute the kth node host of the (t, n) threshold signature scheme based on secure multi-party The calculation (Secure Multi-Party Computation, MPC) performs the following steps, where k is a positive integer Step 221: Calculate a Bickhoff coefficient, and randomly select a polynomial of degree M and whose constant term is the Bickhoff coefficient multiplied by itself, wherein, M is a positive integer Step 222: Receive the x-coordinate and the level value of the jth node host that implements the (t, n) threshold signature scheme, and use it to value the selected M-degree polynomial to generate a corresponding polynomial value, and transmit the polynomial value to the jth node host, where j is a positive integer Step 223: adding all the polynomial values received from different said node hosts as its own shared unit Step 230: When n increases and t remains unchanged, the node hosts that have joined and intend to join to implement the (t, n) threshold signature scheme perform the following steps based on secure multi-party computation Step 231: set the node host to join and implement the (t, n) threshold signature scheme as the n+1th node host, and set the x coordinate and The level value is sent to the t node hosts that already hold the shared unit Step 232: The kth node host that already holds the shared unit is based on the level value of the n+1th node host, the x coordinate of the n+1th node host, and the kth node host The shared unit of each of the node hosts calculates a corresponding value of a Step 233: The k-th node host that already holds the shared unit randomly divides the a value into t fragments, and then transmits the j-th fragment to the j-th node host Step 234: the kth node host that has held the shared unit adds all the fragments from different node hosts to generate a b value of the kth node host, and then adds the The b value is sent to the n+1th node host Step 235: The n+1th node host adds all the b values received as its own shared unit

第1圖為本發明門檻式簽章方案的門檻值與參與數量的調整系統之系統方塊圖。 第2A圖及第2B圖為本發明門檻式簽章方案的門檻值與參與數量的調整方法之方法流程圖。 第3圖為應用本發明減少參與數量且門檻值不變之示意圖。 第4圖為應用本發明增加門檻值且參與數量不變之示意圖。 第5圖為應用本發明減少門檻值且參與數量不變之示意圖。 第6圖為應用本發明增加參與數量且門檻值不變之示意圖。 Fig. 1 is a system block diagram of the adjustment system of the threshold value and the number of participants of the threshold type signature scheme of the present invention. Figure 2A and Figure 2B are flow charts of the method for adjusting the threshold value and the number of participants of the threshold signature scheme of the present invention. Figure 3 is a schematic diagram of applying the present invention to reduce the number of participants and keep the threshold value unchanged. Figure 4 is a schematic diagram of applying the present invention to increase the threshold and keep the number of participants unchanged. Figure 5 is a schematic diagram of applying the present invention to reduce the threshold and keep the number of participants unchanged. Fig. 6 is a schematic diagram of applying the present invention to increase the number of participants and keep the threshold value unchanged.

100:區塊鏈網路 100: Blockchain network

110a~110c:節點主機 110a~110c: node host

111:第一處理模組 111: The first processing module

112:第一計算模組 112: The first computing module

113:調整模組 113: Adjustment module

114:第二處理模組 114: Second processing module

115:第二計算模組 115: Second computing module

116:生成模組 116: Generate modules

Claims (10)

一種門檻式簽章方案的門檻值與參與數量的調整系統,該系統包含: 多個節點主機,用以允許執行一(t, n)門檻式簽章方案,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機具有一x座標及一層級值,並且允許持有一共享單元,每一節點主機皆包含: 一第一處理模組,用以在執行該(t, n)門檻式簽章方案時設為第k個所述節點主機,當n減少且t不變、t增加且n不變,或t減少且n不變時,基於安全多方計算(Secure Multi-Party Computation, MPC)計算一畢克霍夫係數,並且隨機選擇一M次多項式且其常數項為該畢克霍夫係數乘以自身的所述共享單元,其中,k、M為正整數; 一第一計算模組,連接該第一處理模組,用以根據執行該(t, n)門檻式簽章方案的第j個所述節點主機的該x座標及該層級值對所述M次多項式取值以產生相應的一多項式值,並且將所述多項式值傳送至第j個所述節點主機,其中, j為正整數; 一調整模組,連接該第一計算模組,用以將接收自不同所述節點主機的所有所述多項式值相加以作為自身的該共享單元; 一第二處理模組,連接該第一處理模組,用以在n增加且t不變時,將欲加入執行該(t, n)門檻式簽章方案的所述節點主機設為第n+1個所述節點主機,並且將第n+1個所述節點主機的該x座標及該層級值傳送至t個已持有所述共享單元的所述節點主機; 一第二計算模組,連接該第二處理模組,用以在接收到第n+1個所述節點主機的該x座標及該層級值,並且本身為已持有所述共享單元的第k個所述節點主機時,根據第n+1個所述節點主機的該層級值、第n+1個所述節點主機的該x座標,以及第k個所述節點主機的所述共享單元計算出相應的一a值;以及 一生成模組,連接該第二計算模組,用以將所述a值隨機分成t個分片,再將第j個所述分片傳送至第j個所述節點主機,並且將來自不同所述節點主機的所有所述分片相加以產生第k個所述節點主機的一b值,再將所述b值傳送至第n+1個所述節點主機,以及在所述節點主機本身為第n+1個所述節點主機時,將接收到的所有所述b值相加以作為自身的該共享單元。 A system for adjusting the threshold value and the number of participants of a threshold signature scheme, the system includes: Multiple node hosts are used to allow the implementation of a (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers and meet t <= n, each node host Has an x-coordinate and a level value, and allows holding a shared unit, each node host contains: A first processing module, configured to set the kth node host when executing the (t, n) threshold signature scheme, when n decreases and t remains unchanged, t increases and n remains unchanged, or t When it is reduced and n is constant, a Bickhoff coefficient is calculated based on Secure Multi-Party Computation (MPC), and an M-degree polynomial is randomly selected and its constant term is the Bickhoff coefficient multiplied by itself The shared unit, wherein k and M are positive integers; A first calculation module, connected to the first processing module, for calculating the M Taking the value of the degree polynomial to generate a corresponding polynomial value, and transmitting the polynomial value to the jth node host, where j is a positive integer; an adjustment module, connected to the first calculation module, for adding all the polynomial values received from different said node hosts as its own shared unit; A second processing module, connected to the first processing module, for setting the node host that wants to join the (t, n) threshold signature scheme as the nth when n increases and t remains unchanged +1 said node host, and transmitting the x-coordinate and the level value of the n+1th said node host to t said node hosts that already hold said shared unit; A second calculation module, connected to the second processing module, used to receive the x-coordinate and the level value of the n+1th node host, and itself is the first node that already holds the shared unit When there are k node hosts, according to the level value of the n+1th node host, the x coordinate of the n+1th node host, and the shared unit of the kth node host calculating a corresponding value of a; and A generation module, connected to the second calculation module, is used to randomly divide the value of a into t fragments, and then transmit the j-th fragment to the j-th node host, and send data from different All the fragments of the node host are added to generate a b value of the kth node host, and then the b value is transmitted to the n+1th node host, and the node host itself When it is the n+1th node host, add all the b values received as its own sharing unit. 如請求項1之門檻式簽章方案的門檻值與參與數量的調整系統,其中所述M次多項式在n減少且t不變時,M = t - 1,當t增加且n不變,或t減少且n不變時,M = t’ - 1,t’為t改變後的門檻值且為正整數。Such as the adjustment system of the threshold value and the number of participants of the threshold signature scheme of claim 1, wherein the M-degree polynomial is when n is reduced and t is constant, M = t - 1, when t is increased and n is constant, or When t decreases and n remains unchanged, M = t' - 1, t' is the threshold value after t changes and is a positive integer. 如請求項1之門檻式簽章方案的門檻值與參與數量的調整系統,其中所述a值的計算式為:a k= sum_{i = n n+1} ^{t-1}( i! / (i - n n+1)!) * x n+1^{i - n n+1} * B i,k* s k,其中,a k為第k個所述節點主機計算出的所述a值、n n+1為第n+1個所述節點主機的該層級值、x n+1為第n+1個所述節點主機的該x座標、B i,k為第k個所述節點主機的第i個所述畢克霍夫係數,以及s k為第k個所述節點主機的所述共享單元,其中i為正整數。 For example, the adjustment system of the threshold value and the number of participants of the threshold signature scheme in request item 1, wherein the calculation formula for the value of a is: a k = sum_{i = n n+1 } ^ {t-1}( i ! / (i - n n+1 )!) * x n+1 ^{i - n n+1 } * B i,k * s k , where a k is calculated by the kth node host The a value, n n+1 is the level value of the n+1th node host, x n+1 is the x coordinate of the n+1th node host, B i,k is the kth The i-th Bikerhoff coefficient of the node host, and s k is the shared unit of the k-th node host, where i is a positive integer. 如請求項1之門檻式簽章方案的門檻值與參與數量的調整系統,其中所述x座標為橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的曲線點的x座標。Such as the adjustment system of the threshold value and the number of participants of the threshold signature scheme of claim 1, wherein the x-coordinate is the x-coordinate of the curve point of the Elliptic Curve Digital Signature Algorithm (ECDSA). 如請求項1之門檻式簽章方案的門檻值與參與數量的調整系統,其中所述M次多項式的微分次數等於該層級值,當該層級值為數值0時不微分。For example, the adjustment system of the threshold value and the number of participants of the threshold signature scheme of claim 1, wherein the degree of differentiation of the M-degree polynomial is equal to the level value, and no differentiation is made when the level value is 0. 一種門檻式簽章方案的門檻值與參與數量之調整方法,其步驟包括: 提供允許執行一(t, n)門檻式簽章方案的多個節點主機,其中,t為門檻值,n為參與數量,t及n為正整數且符合t <= n,每一節點主機具有一x座標及一層級值,並且允許持有一共享單元; 當n減少且t不變、t增加且n不變,或t減少且n不變時,執行該(t, n)門檻式簽章方案的第k個所述節點主機基於安全多方計算(Secure Multi-Party Computation, MPC)執行以下步驟,其中k為正整數: 計算一畢克霍夫係數,並且隨機選擇一M次多項式且其常數項為該畢克霍夫係數乘以自身的所述共享單元,其中,M皆為正整數; 接收執行該(t, n)門檻式簽章方案的第j個所述節點主機的該x座標及該層級值,用以對選擇的所述M次多項式取值以產生相應的一多項式值,並且將所述多項式值傳送至第j個所述節點主機,其中, j為正整數;以及 將接收自不同所述節點主機的所有所述多項式值相加以作為自身的該共享單元;以及 當n增加且t不變時,已加入與欲加入執行該(t, n)門檻式簽章方案的所述節點主機基於安全多方計算執行以下步驟: 將欲加入執行該(t, n)門檻式簽章方案的所述節點主機設為第n+1個所述節點主機,並且將第n+1個所述節點主機的該x座標及該層級值傳送至t個已持有所述共享單元的所述節點主機; 已持有所述共享單元的第k個所述節點主機根據第n+1個所述節點主機的該層級值、第n+1個所述節點主機的該x座標,以及第k個所述節點主機的所述共享單元計算出相應的一a值; 已持有所述共享單元的第k個所述節點主機將所述a值隨機分成t個分片,再將第j個所述分片傳送至第j個所述節點主機; 已持有所述共享單元的第k個所述節點主機將來自不同所述節點主機的所有所述分片相加以產生第k個所述節點主機的一b值,再將所述b值傳送至第n+1個所述節點主機;以及 第n+1個所述節點主機將接收到的所有所述b值相加以作為自身的該共享單元。 A method for adjusting the threshold value and the number of participants of a threshold signature scheme, the steps of which include: Provide multiple node hosts that are allowed to implement a (t, n) threshold signature scheme, where t is the threshold value, n is the number of participants, t and n are positive integers and satisfy t <= n, and each node host has An x-coordinate and a level value, and allows holding a shared cell; When n decreases and t does not change, t increases and n does not change, or t decreases and n does not change, the kth node host that executes the (t, n) threshold signature scheme is based on secure multi-party computation (Secure Multi-Party Computation, MPC) performs the following steps, where k is a positive integer: Calculating a Bikhoff coefficient, and randomly selecting a polynomial of degree M and whose constant term is the Bikhoff coefficient multiplied by itself, wherein, M is a positive integer; receiving the x-coordinate and the level value of the jth node host implementing the (t, n) threshold signature scheme, and using it to evaluate the selected M-degree polynomial to generate a corresponding polynomial value, and transmitting the polynomial value to the jth node host, where j is a positive integer; and summing all said polynomial values received from different said node hosts as its own shared unit; and When n increases and t remains unchanged, the node hosts that have joined and intend to join to implement the (t, n) threshold signature scheme perform the following steps based on secure multi-party computation: Set the node host that wants to join the (t, n)threshold signature scheme as the n+1th node host, and set the x coordinate and the level of the n+1th node host value is sent to t hosts of said nodes that already hold said shared unit; The kth node host that already holds the shared unit is based on the level value of the n+1th node host, the x coordinate of the n+1th node host, and the kth node host The sharing unit of the node host calculates a corresponding value of a; The k-th node host that already holds the shared unit randomly divides the a value into t fragments, and then transmits the j-th fragment to the j-th node host; The kth node host that already holds the shared unit adds all the fragments from different node hosts to generate a b value of the kth node host, and then transmits the b value to the n+1th said node host; and The n+1th node host adds all the b values received as its own shared unit. 如請求項6之門檻式簽章方案的門檻值與參與數量的調整方法,其中所述M次多項式的微分次數等於該層級值,當n減少且t不變時,M = t - 1,當t增加且n不變,或t減少且n不變時,M = t’ - 1,t’為t改變後的門檻值且為正整數。Such as the adjustment method of the threshold value and the number of participants of the threshold signature scheme of claim 6, wherein the degree of differentiation of the M-degree polynomial is equal to the level value, when n decreases and t remains unchanged, M = t - 1, when When t increases and n remains unchanged, or when t decreases and n remains unchanged, M = t' - 1, and t' is the threshold value after t changes and is a positive integer. 如請求項6之門檻式簽章方案的門檻值與參與數量的調整方法,其中所述a值的計算式為:a k= sum_{i = n n+1} ^{t-1}( i! / (i - n n+1)!) * x n+1^{i - n n+1} * B i,k* s k,其中,a k為第k個所述節點主機計算出的所述a值、n n+1為第n+1個所述節點主機的該層級值、x n+1為第n+1個所述節點主機的該x座標、B i,k為第k個所述節點主機的第i個所述畢克霍夫係數,以及s k為第k個所述節點主機的所述共享單元,其中i為正整數。 For example, the method for adjusting the threshold value and the number of participants of the threshold signature scheme in request item 6, wherein the formula for calculating the value of a is: a k = sum_{i = n n+1 } ^ {t-1}( i ! / (i - n n+1 )!) * x n+1 ^{i - n n+1 } * B i,k * s k , where a k is calculated by the kth node host The a value, n n+1 is the level value of the n+1th node host, x n+1 is the x coordinate of the n+1th node host, B i,k is the kth The i-th Bikerhoff coefficient of the node host, and s k is the shared unit of the k-th node host, where i is a positive integer. 如請求項6之門檻式簽章方案的門檻值與參與數量的調整方法,其中所述x座標為橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的曲線點的x座標。For example, the method for adjusting the threshold value and the number of participants of the threshold signature scheme in claim 6, wherein the x-coordinate is the x-coordinate of the curve point of the Elliptic Curve Digital Signature Algorithm (ECDSA). 如請求項6之門檻式簽章方案的門檻值與參與數量的調整方法,其中所述M次多項式的微分次數等於該層級值,當該層級值為數值0時不微分。For example, the method for adjusting the threshold value and the number of participants of the threshold signature scheme of claim 6, wherein the degree of differentiation of the M-degree polynomial is equal to the level value, and no differentiation is made when the level value is 0.
TW110113618A 2021-04-15 2021-04-15 Threshold and number of participation adjusting system for threshold signature scheme and method thereof TWI782486B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110113618A TWI782486B (en) 2021-04-15 2021-04-15 Threshold and number of participation adjusting system for threshold signature scheme and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110113618A TWI782486B (en) 2021-04-15 2021-04-15 Threshold and number of participation adjusting system for threshold signature scheme and method thereof

Publications (2)

Publication Number Publication Date
TWI782486B TWI782486B (en) 2022-11-01
TW202243437A true TW202243437A (en) 2022-11-01

Family

ID=85792861

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110113618A TWI782486B (en) 2021-04-15 2021-04-15 Threshold and number of participation adjusting system for threshold signature scheme and method thereof

Country Status (1)

Country Link
TW (1) TWI782486B (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI701931B (en) * 2019-09-12 2020-08-11 英屬開曼群島商現代財富控股有限公司 Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore

Also Published As

Publication number Publication date
TWI782486B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN113424185B (en) Fast inadvertent transmission
JP7564868B2 (en) System and method for signing messages - Patents.com
TWI821248B (en) Computer implemented method and system for transferring control of a digital asset
WO2022120699A1 (en) One-way proxy re-encryption method and apparatus, and electronic device and system
US11943359B2 (en) Secure compute network devices and methods
CN114553593A (en) Multi-party secure computation privacy intersection method, device, equipment and storage medium
CN112953700B (en) Method, system and storage medium for improving safe multiparty computing efficiency
CN114337994A (en) Data processing method, device and system
TWI782486B (en) Threshold and number of participation adjusting system for threshold signature scheme and method thereof
US10887091B2 (en) Multi-hop security amplification
CN111709053B (en) Operation method and operation device based on loose coupling transaction network
TWI782701B (en) Non-interactive approval system for blockchain wallet and method thereof
TW202239173A (en) Threshold signature scheme system based on inputting password and method thereof
TWI776416B (en) Threshold signature scheme system for hierarchical deterministic wallet and method thereof
TWI769738B (en) Asset cross-chain exchanging system based on threshold signature scheme and method thereof
CN117540426A (en) Method and device for sharing energy power data based on homomorphic encryption and federal learning
TWI689194B (en) Threshold signature system based on secret sharing without dealer and method thereof
US12028322B2 (en) Computer-implemented system and methods for off-chain exchange of transactions pertaining to a distributed ledger
TWI702820B (en) Secret sharing signature system with hierarchical mechanism and method thereof
TWI694349B (en) Threshold signature system with prevent memory dump and method thereof
TWI799286B (en) Random number generation system for threshold signature scheme and method thereof
TWI737956B (en) Threshold signature system based on secret sharing and method thereof
TW202310584A (en) Key generating system for hierarchical deterministic wallet and method thereof
CN113381850B (en) SM9 user key generation method, device, equipment and storage medium
TWI795284B (en) Threshold signature generation system based on garbled circuit and method thereof