TW202312055A - Non-interactive approval system for blockchain wallet and method thereof - Google Patents

Non-interactive approval system for blockchain wallet and method thereof Download PDF

Info

Publication number
TW202312055A
TW202312055A TW110133811A TW110133811A TW202312055A TW 202312055 A TW202312055 A TW 202312055A TW 110133811 A TW110133811 A TW 110133811A TW 110133811 A TW110133811 A TW 110133811A TW 202312055 A TW202312055 A TW 202312055A
Authority
TW
Taiwan
Prior art keywords
host
signature
value
user
message
Prior art date
Application number
TW110133811A
Other languages
Chinese (zh)
Other versions
TWI782701B (en
Inventor
莊治耘
林祐德
Original Assignee
英屬開曼群島商現代財富控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英屬開曼群島商現代財富控股有限公司 filed Critical 英屬開曼群島商現代財富控股有限公司
Priority to TW110133811A priority Critical patent/TWI782701B/en
Application granted granted Critical
Publication of TWI782701B publication Critical patent/TWI782701B/en
Publication of TW202312055A publication Critical patent/TW202312055A/en

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A non-interactive approval system for blockchain wallet and method thereof is disclosed. By generating a signature metadata jointly by a user host and at least one node host, and then transmitting the signature metadata to an aggregator host, so that the aggregator host can providing the signature metadata to the online user host for executing partial decryption to generate a partial decryption message, and transmitting the partial decryption message to the aggregator host. When the aggregator host receives the partial decryption message that meet a decryption condition, calculating a second value of a digital signature, verifying the digital signature and broadcasting the verified digital signature to execute a transaction. The mechanism is help to improve the security of the blockchain wallet.

Description

區塊鏈錢包的非互動式批核系統及其方法Non-interactive approval system and method for blockchain wallet

本發明涉及一種批核系統及其方法,特別是區塊鏈錢包的非互動式批核系統及其方法。The invention relates to an approval system and method thereof, in particular to a non-interactive approval system and method of a blockchain wallet.

近年來,隨著區塊鏈的普及與蓬勃發展,各種應用在區塊鏈的技術便如雨後春筍般湧現,其中又以區塊鏈錢包的發展最受矚目。In recent years, with the popularization and vigorous development of the blockchain, various technologies applied to the blockchain have sprung up like mushrooms, among which the development of the blockchain wallet has attracted the most attention.

一般而言,傳統的區塊鏈錢包僅由一位使用者持有,並且具有唯一的一組金鑰對(Key-pair),即:公鑰及私鑰。倘若使用者遺失私鑰將導致區塊鏈錢包中的加密貨幣被竊取。因此,為了強化區塊鏈錢包的安全性及可用性,便有廠商進一步發展可由多位使用者共同持有的區塊鏈錢包,如:多重簽名的區塊鏈錢包。此一方式是通過多個不同的金鑰產生相應數量的簽名,並且在擁有一定數量的簽名時才會使交易成功,如此一來,即使其中一個私鑰被竊、遺失等等,也可以保障區塊鏈錢包的安全,甚至因此使得區塊鏈錢包的可用性大增,例如可輕易應用在多數決的情境。然而,此方式在遺失的私鑰數量滿足門檻時,此區塊鏈錢包便不再安全了。因此,仍然有區塊鏈錢包的安全性不足的問題。Generally speaking, a traditional blockchain wallet is held by only one user and has a unique set of key-pairs, namely: public key and private key. If the user loses the private key, the cryptocurrency in the blockchain wallet will be stolen. Therefore, in order to enhance the security and usability of blockchain wallets, some manufacturers have further developed blockchain wallets that can be shared by multiple users, such as multi-signature blockchain wallets. This method is to generate a corresponding number of signatures through multiple different keys, and the transaction will be successful only when there are a certain number of signatures. In this way, even if one of the private keys is stolen, lost, etc., it can be guaranteed The security of the blockchain wallet has even greatly increased the usability of the blockchain wallet, for example, it can be easily applied in the majority decision situation. However, in this way, when the number of lost private keys meets the threshold, the blockchain wallet is no longer safe. Therefore, there is still the problem of insufficient security of blockchain wallets.

另一方面,假設要讓N個使用者共同管理一個區塊鏈錢包,當收到交易訊息時,使用者可以根據交易內容進行批核,當一定數量的使用者批核後,便可以將交易的簽名生成送出,代表同意此筆交易。在此情況下,存在許多需要考量的點,例如:倘若託管區塊鏈錢包,此託管機構可不可以自行轉移用戶資產,或是用戶如何達成非互動式批核等等。以非互動式批核為例,倘若上述一定數量的使用者均需同時在線同步批核,這將大幅降低區塊鏈錢包的便利性。On the other hand, suppose N users are to jointly manage a blockchain wallet. When receiving a transaction message, the user can approve it according to the transaction content. After a certain number of users approve it, the transaction can be Generating and sending the signature of , it means agreeing to the transaction. In this case, there are many points that need to be considered, such as: if the blockchain wallet is hosted, can the custody institution transfer the user's assets by itself, or how the user can achieve non-interactive approval, etc. Taking non-interactive approval as an example, if the above-mentioned certain number of users all need to approve online simultaneously, this will greatly reduce the convenience of the blockchain wallet.

綜上所述,可知先前技術中長期以來一直存在區塊鏈錢包的安全性及便利性不足的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that the security and convenience of the blockchain wallet have long existed in the prior art. Therefore, it is necessary to propose improved technical means to solve this problem.

本發明揭露一種區塊鏈錢包的非互動式批核系統及其方法。The invention discloses a non-interactive approval system and method for a blockchain wallet.

首先,本發明揭露一種區塊鏈錢包的非互動式批核系統,其包含:聚合主機、節點主機及N個使用者端主機。其中,聚合主機用以接收交易訊息及簽名元數據以進行驗證,並且在所述簽名元數據驗證無誤後,傳送此交易訊息及所述簽名元數據,以及接收部分解密訊息以在所述部分解密訊息滿足解密條件時,根據所述部分解密訊息計算出第二簽章值,並且驗證包含第一簽章值及第二簽章值的數位簽章後,再廣播已通過驗證的數位簽章;節點主機用以接收第一公鑰,以及與分派主機(Dealer)共同執行分散式金鑰生成(Distributed Key Generation, DKG)機制以生成i個門檻式簽章方案共享單元及其相應的第二公鑰,以及與交易主機共同執行門檻式簽章方案(Threshold Signature Scheme, TSS)以計算出第一簽章值及i個s值,再根據第一簽章值及i個所述s值計算出相應的簽名元數據以傳送至聚合主機,其中,i為大於數值1的正整數;以及N個使用者端主機,用以分別作為區塊鏈錢包的共同使用者,所述使用者端主機包含分派主機及交易主機,每一使用者端主機皆包含:第一生成模組、第二生成模組、計算模組及解密模組。其中,第一生成模組用以在使用者端主機為分派主機時選擇密文,並且與其他使用者端主機共同執行線性整數秘密共享(Linear Integer Secret Sharing, LISS)以生成同態加密的i個共享單元及其相應的第一公鑰,以及將此第一公鑰傳送至節點主機及使用者端主機、將第j個共享單元傳送至第j個使用者端主機,其中,N、i及j為正整數且N及i大於數值1;第二生成模組連接第一生成模組,用以在使用者端主機為分派主機時,與節點主機共同執行分散式金鑰生成機制,並將生成的門檻式簽章方案共享單元及其相應的第二公鑰傳送至使用者端主機;計算模組用以將接收到欲簽章的交易訊息的使用者端主機作為交易主機,此交易主機將交易訊息傳送至聚合主機,並且與節點主機共同執行門檻式簽章方案,同時使所述使用者主機及節點主機均將自身生成的簽名元數據傳送至聚合主機以進行驗證;以及解密模組連接計算模組,用以自聚合主機接收交易訊息及簽名元數據進行驗證及部分解密以生成相應的部分解密訊息,再將所述部分解密訊息傳送至聚合主機。Firstly, the present invention discloses a non-interactive approval system for blockchain wallets, which includes: an aggregation host, a node host, and N user hosts. Wherein, the aggregating host is used to receive the transaction message and the signature metadata for verification, and after the signature metadata is verified to be correct, transmit the transaction message and the signature metadata, and receive a part of the decryption message to decrypt the part When the message satisfies the decryption condition, calculate the second signature value according to the partially decrypted message, and after verifying the digital signature including the first signature value and the second signature value, broadcast the verified digital signature; The node host is used to receive the first public key, and jointly execute the distributed key generation (Distributed Key Generation, DKG) mechanism with the dispatch host (Dealer) to generate i threshold signature scheme shared units and their corresponding second public key key, and jointly execute the Threshold Signature Scheme (TSS) with the transaction host to calculate the first signature value and i s values, and then calculate the The corresponding signature metadata is sent to the aggregation host, wherein, i is a positive integer greater than the value 1; and N user-end hosts are used as co-users of the blockchain wallet respectively, and the user-end hosts include The distribution host and the transaction host, each client host includes: a first generation module, a second generation module, a calculation module and a decryption module. Among them, the first generation module is used to select the ciphertext when the user-side host is the dispatching host, and perform linear integer secret sharing (Linear Integer Secret Sharing, LISS) together with other user-side hosts to generate homomorphically encrypted i shared unit and its corresponding first public key, and transmit the first public key to the node host and the user host, and transmit the jth shared unit to the jth user host, wherein, N, i and j are positive integers and N and i are greater than the value 1; the second generation module is connected to the first generation module, and is used to jointly execute the distributed key generation mechanism with the node host when the user-end host is the dispatching host, and Send the generated shared unit of the threshold signature scheme and its corresponding second public key to the user host; the calculation module is used to use the user host that receives the transaction message to be signed as the transaction host, and the transaction The host sends the transaction message to the aggregation host, and executes the threshold signature scheme together with the node host, and at the same time, the user host and the node host send the signature metadata generated by themselves to the aggregation host for verification; and the decryption module A group connection computing module is used to receive transaction information and signature metadata from the aggregate host for verification and partial decryption to generate corresponding partially decrypted messages, and then transmit the partially decrypted messages to the aggregate host.

接著,本發明揭露一種區塊鏈錢包的非互動式批核方法,其步驟包括:提供N個使用者端主機分別作為區塊鏈錢包的共同使用者,以及提供節點主機及聚合主機,當所述使用者端主機為分派主機時,此分派主機選擇密文,並且與其他使用者端主機共同執行線性整數秘密共享以生成同態加密的i個共享單元及其相應的第一公鑰,以及將第一公鑰傳送至節點主機及使用者端主機、將第j個共享單元傳送至第j個使用者端主機,其中,N、i及j為正整數且N及i大於數值1;分派主機與節點主機共同執行分散式金鑰生成機制以生成i個門檻式簽章方案共享單元及其相應的第二公鑰;分派主機將生成的第二公鑰和門檻式簽章方案共享單元傳送至使用者端主機;當使用者端主機接收到欲簽章的交易訊息後,將交易訊息傳送至聚合主機,並且與節點主機共同執行門檻式簽章方案以計算出第一簽章值及i個s值,再根據第一簽章值及i個所述s值計算出相應的簽名元數據;使用者端主機及節點主機均將自身生成的簽名元數據傳送至聚合主機以進行驗證,當聚合主機驗證無誤後,聚合主機將交易訊息及所有接收到的簽名元數據傳送至已連線的使用者端主機進行驗證及部分解密以生成相應的部分解密訊息,再將所述部分解密訊息傳送至聚合主機;以及當聚合主機接收到的部分解密訊息滿足解密條件時,允許在不知私鑰的情況下,根據所述部分解密訊息計算出第二簽章值,以及驗證包含第一簽章值及第二簽章值的數位簽章後,再廣播已通過驗證的數位簽章。Next, the present invention discloses a non-interactive approval method for blockchain wallets, the steps of which include: providing N user-side hosts as co-users of blockchain wallets, and providing node hosts and aggregation hosts, when all When the above-mentioned user-end host is the dispatching host, the dispatching host selects the ciphertext, and performs linear integer secret sharing with other user-end hosts to generate i shared units of homomorphic encryption and their corresponding first public keys, and Send the first public key to the node host and the user-end host, and send the j-th shared unit to the j-th user-end host, where N, i, and j are positive integers and N and i are greater than the value 1; assign The host and the node host jointly execute the distributed key generation mechanism to generate i shared units of the threshold signature scheme and their corresponding second public keys; the dispatching host transmits the generated second public key and shared units of the threshold signature scheme To the user-end host; when the user-end host receives the transaction message to be signed, it sends the transaction message to the aggregation host, and executes the threshold signature scheme with the node host to calculate the first signature value and i s value, and then calculate the corresponding signature metadata according to the first signature value and i said s value; both the user host and the node host send the signature metadata generated by themselves to the aggregation host for verification, when After the aggregation host verifies that it is correct, the aggregation host sends the transaction message and all received signature metadata to the connected client host for verification and partial decryption to generate a corresponding partial decryption message, and then sends the partial decryption message to the aggregation host; and when the partial decryption message received by the aggregation host meets the decryption condition, it is allowed to calculate the second signature value based on the partial decryption message without knowing the private key, and verify that the first signature value is included and the digital signature of the second signature value, and then broadcast the verified digital signature.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過使用者端主機與節點主機共同生成相應的簽名元數據,再各自傳送至聚合主機驗證,以便聚合主機能夠將簽名元數據提供上線的使用者端主機執行部分解密以生成部分解密訊息,並且將生成的部分解密訊息回傳至聚合主機,當聚合主機接收到的部分解密訊息滿足解密條件時,先計算出數位簽章的第二簽章值,再驗證數位簽章,以及廣播通過驗證的數位簽章以執行交易。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention generates the corresponding signature metadata through the user-end host and the node host, and then sends them to the aggregate host for verification, so that the aggregate host can pass the signature metadata The data provider online client host performs partial decryption to generate a partial decrypted message, and returns the generated partial decrypted message to the aggregation host. When the partial decrypted message received by the aggregation host satisfies the decryption condition, the digital signature is first calculated The second signature value of , then verify the digital signature, and broadcast the verified digital signature to execute the transaction.

透過上述的技術手段,本發明可以達成提高區塊鏈錢包的安全性及便利性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the security and convenience of the blockchain wallet.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The implementation of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

首先,在說明本發明所揭露之區塊鏈錢包的非互動式批核系統及其方法之前,先對本發明自行定義的名詞作說明,本發明所述的共享單元(Share),如:共享單元、門檻式簽章共享單元等等,是指在進行安全多方計算時,在不同的節點主機之間進行相互交換資料及計算結果所生成的元素,其可視為私鑰的一部分,所述元素能夠在不需重組私鑰的情況下,直接以數學運算計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」)。First of all, before explaining the non-interactive approval system and method of the blockchain wallet disclosed in the present invention, the nouns defined by the present invention will be explained first. The sharing unit (Share) mentioned in the present invention, such as: sharing unit , threshold-type signature sharing unit, etc., refer to the elements generated by exchanging data and calculation results between different node hosts during secure multi-party computing, which can be regarded as a part of the private key, and the elements can be Without the need to reorganize the private key, the signature (or "signature") that conforms to the signature format of the Elliptic Curve Digital Signature Algorithm (ECDSA) is directly calculated by mathematical operations.

以下配合圖式對本發明區塊鏈錢包的非互動式批核系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明區塊鏈錢包的非互動式批核系統的系統方塊圖,此系統包含:聚合主機110、節點主機120及節點主機(130a~130n)。其中,聚合主機110用以接收交易訊息及簽名元數據以進行驗證,並且在簽名元數據驗證無誤後,傳送交易訊息及簽名元數據,以及接收部分解密訊息以在所述部分解密訊息滿足解密條件時,根據所述部分解密訊息計算出第二簽章值,並且驗證包含第一簽章值及第二簽章值的數位簽章後,再廣播已通過驗證的數位簽章。在實際實施上,所述簽名元數據包含多個參數,所述參數分別為第一簽章值(即:ECDSA簽章的其中一部分)、同態加密值(即:同態加密的密文)、乘積值(即:橢圓曲線上的點)及一致性證明(即:證明同態加密值與乘積值是相同的零知識證明),當聚合主機110接收到簽名元數據時,以零知識證明分別驗證同態加密值存在的證明、驗證一致性證明及驗證參數的參數範圍是否正確,所述同態加密值係將相應的s值「s i」進行同態加密後所生成的值「E D(s i)」,舉例來說,同態加密值「E D(s 1)」是將相應的s值「s 1」進行同態加密後所生成的值;同態加密值「E D(s 2)」是將相應的s值「s 2」進行同態加密後所生成的值,並以此類推。另外,聚合主機110在接收到的部分解密訊息滿足解密條件時,加總每一簽名元數據的乘積值(如:「sum_i hat{si}*R = r*P + m*G」),其中,所述乘積值為橢圓曲線上的點,加總的乘積值等於第一簽章值「r」與第二金鑰「P」的乘積加上交易訊息「m」的雜湊值與基點「G」的乘積,後續為了方便示意,將以「s i」來表示「hat{s i}」,所述基點為橢圓曲線基點。 The non-interactive approval system and method of the blockchain wallet of the present invention will be further described in conjunction with the drawings below. Please refer to "Fig. 1" first. "Fig. 1" is the non-interactive approval system of the blockchain wallet of the present invention. A system block diagram of a core system, the system includes: an aggregation host 110, a node host 120, and node hosts (130a-130n). Among them, the aggregation host 110 is used to receive the transaction message and signature metadata for verification, and after the signature metadata is verified to be correct, transmit the transaction message and signature metadata, and receive a partial decryption message so that the partial decryption message meets the decryption condition , calculate the second signature value according to the partially decrypted message, and verify the digital signature including the first signature value and the second signature value, and then broadcast the verified digital signature. In actual implementation, the signature metadata includes a plurality of parameters, the parameters are the first signature value (ie: a part of the ECDSA signature), the homomorphic encryption value (ie: the ciphertext of the homomorphic encryption) , the product value (ie: points on the elliptic curve) and consistency proof (ie: the zero-knowledge proof that proves that the homomorphic encryption value and the product value are the same), when the aggregation host 110 receives the signature metadata, it uses zero-knowledge proof Verify the proof of the existence of the homomorphic encryption value, verify the consistency certificate, and verify whether the parameter range of the parameter is correct. The homomorphic encryption value is the value "E D (s i )", for example, the homomorphic encryption value "E D (s 1 )" is the value generated by homomorphically encrypting the corresponding s value "s 1 "; the homomorphic encryption value "E D (s 2 )” is the value generated by homomorphically encrypting the corresponding s value “s 2 ”, and so on. In addition, the aggregation host 110 sums up the product value of each signature metadata (such as: "sum_i hat{si}*R = r*P + m*G") when the received partial decrypted message satisfies the decryption condition, where , the product value is a point on the elliptic curve, and the total product value is equal to the product of the first signature value "r" and the second key "P" plus the hash value of the transaction message "m" and the base point "G ", for the convenience of illustration, "hat{s i }" will be represented by "s i ", and the base point is the base point of the elliptic curve.

節點主機120用以接收第一公鑰,以及與分派主機共同執行 DKG 機制以生成i個門檻式簽章方案共享單元及其相應的第二公鑰,以及與交易主機共同執行 TSS 以計算出第一簽章值及i個s值,再根據第一簽章值及i個所述s值計算出相應的簽名元數據(Metadata)以傳送至聚合主機110,其中,i為大於數值1的正整數。在實際實施上,節點主機120的數量可為一個或一個以上。The node host 120 is used to receive the first public key, and jointly execute the DKG mechanism with the dispatch host to generate i threshold signature scheme shared units and their corresponding second public keys, and jointly execute the TSS with the transaction host to calculate the first A signature value and i s values, and then calculate the corresponding signature metadata (Metadata) based on the first signature value and the i s values to send to the aggregation host 110, where i is a positive value greater than 1 integer. In actual implementation, the number of node hosts 120 may be one or more than one.

使用者端主機(130a~130n)用以分別作為區塊鏈錢包的共同使用者,所述使用者端主機(130a~130n)包含分派主機及交易主機,每一使用者端主機(130a~130n)皆包含:第一生成模組131、第二生成模組132、計算模組133及解密模組134。其中, 第一生成模組131用以在使用者端主機(130a~130n)為分派主機時選擇密文,並且與其他使用者端主機共同執行 LISS 以生成同態加密的i個共享單元及其相應的第一公鑰,以及將第一公鑰傳送至節點主機120及使用者端主機(130a~130n)、將第j個共享單元傳送至第j個使用者端主機,其中,N、i及j為正整數且N及i大於數值1。以 LISS 為例,假設有一個分派主機要將密文「s」分散給其他人保管,每一個保管人持有的稱作「共享單元」,若沒有滿足數量的共享單元則無法還原密文「s」,當分派主機要將共享單元分成 m 份時,方法如下:The user-end hosts (130a~130n) are respectively used as common users of the blockchain wallet, and the user-end hosts (130a~130n) include a dispatch host and a transaction host, and each user-end host (130a~130n ) all include: a first generation module 131 , a second generation module 132 , a calculation module 133 and a decryption module 134 . Among them, the first generation module 131 is used to select the ciphertext when the user-end hosts (130a~130n) are the dispatching hosts, and execute LISS together with other user-end hosts to generate i shared units of homomorphic encryption and their Corresponding first public key, and transmitting the first public key to the node host 120 and the user-end hosts (130a~130n), and transmitting the jth shared unit to the jth user-end host, wherein, N, i and j are positive integers and N and i are greater than the value 1. Taking LISS as an example, assuming that there is a distribution host who wants to distribute the ciphertext "s" to other people for safekeeping, each custodian holds what is called a "shared unit". If there is no sufficient number of shared units, the ciphertext cannot be restored. s", when the dispatch host wants to divide the shared unit into m shares, the method is as follows:

1. 分派主機選取一個矩陣「M」,尺寸為「m*n」,並且選一個向量v := [s, x 2,…,x n] T,則產生的n份共享單元為「M * v = [s 1,…,s m] T」,此處的s為挑選的密文且「x 2,…,x n」皆為隨機挑選在一個適當的區間內。 1. The dispatching host selects a matrix "M" with a size of "m*n", and selects a vector v := [s, x 2 ,…,x n ] T , then the n shared units generated are "M * v = [s 1 ,…,s m ] T ”, where s is the selected ciphertext and “x 2 ,…,x n ” are all randomly selected within an appropriate interval.

2. 分派主機將共享單元「s i」分給合適者。 2. The assigning host distributes the shared unit "s i " to the appropriate one.

當可找到向量「w」使得M T* w = [1,0,0,…,0] T則計算[s 1,…,s m] T*w,可以還原s。舉例來說,假設有四個使用者:A、B、C及D,並且假設有以下組合條件可以組成私鑰: When the vector "w" can be found such that M T * w = [1,0,0,…,0] T , then calculate [s 1 ,…,s m ] T *w, and s can be restored. For example, suppose there are four users: A, B, C, and D, and assume that the following combination conditions can form a private key:

1. A, B1. A, B

2. C, D2. C, D

3. A, B, C3. A, B, C

4. A, B, D4. A, B, D

5. B, C, D5. B, C, D

6. A, B, C, D6. A, B, C, D

對應此情況,考慮矩陣M為:Corresponding to this situation, consider the matrix M as:

[1, 1, 0] ß A[1, 1, 0] ß A

[0, 1, 0] ß B[0, 1, 0] ß B

[1, 0, 1] ß C[1, 0, 1] ß C

[0, 0, 1] ß D[0, 0, 1] ß D

M*[s, x 2, x 3] T= [s+x 2, x 2, s+x 3, x 3]。所以A、B、C及D分別持有的共享單元依序為:「s+x 2」、「x 2」、「s+x 3」及「x 3」。其中,「s」為密文,而「x 2」及「x 3」皆為隨機選取的數值。如此一來,便能夠容易地進行檢查,以A及B的組合條件為例,以下矩陣的第一個垂直行(Column)是 A 取水平列(Row)的轉置(Transpose),第二個垂直行是 B 取水平列的轉置。 M*[s, x 2 , x 3 ] T = [s+x 2 , x 2 , s+x 3 , x 3 ]. Therefore, the shared units held by A, B, C, and D respectively are: "s+x 2 ", "x 2 ", "s+x 3 ", and "x 3 ". Among them, "s" is the ciphertext, and "x 2 " and "x 3 " are randomly selected values. In this way, it can be easily checked. Taking the combination condition of A and B as an example, the first vertical row (Column) of the following matrix is the transpose (Transpose) of the horizontal column (Row) of A, and the second The vertical rows are the transpose of B taking the horizontal columns.

[1, 0] * [1] =    [1][1, 0] * [1] = [1]

[1, 1]    [-1]       [0][1, 1] [-1] [0]

[0, 0]                 [0][0, 0] [0]

其中,w = [1, -1],因此,「w T*[s+x 2, x 2] = s」可成功還原出私鑰,其他情況同理,可以驗證出對於其他情況都存在「w」使得密文(即:私鑰)「s」可以被還原。因此,利用 LISS 的技術可以生成分配給其他使用者的共享單元。換句話說,整體流程為一個分派主機選擇密文「d」並且產生相應的公鑰「D」,再根據管理需求決定哪些人在一起才能生成共享單元,產出矩陣「M」,然後利用 LISS 生成對應的共享單元「d j」。其中,私鑰滿足「d = ∑ ja j*d j」,「a j」屬於「{-1, 0, 1}」,並且將公鑰傳輸給節點主機120。實際上,所述 LISS 如同 DKG 可以多人協力合作使得在沒有人知曉密文「d」的情況下,生成公鑰「D」及每個人持有的共享單元「d j」。特別要說明的是,當分派主機在分派共享單元時,會建立一個存取結構(Access Structure),用以決定允許將密文還原成明文(或稱為解密)的使用者端主機,此存取結構可包含門檻式存取結構(Threshold Access Structure)及非門檻式存取結構,當聚合主機110收到滿足可解密的部分解密訊息之條件便可以開始執行解密以計算出數位簽章中的第二部分,即:第二簽章值「s」。實際上,一個存取結構會決定這一次在怎樣的條件下允許解密(即:只要收集到滿足條件的部分解密訊息即可進行解密)。 Among them, w = [1, -1], therefore, "w T *[s+x 2 , x 2 ] = s" can successfully restore the private key, and the other cases are the same, and it can be verified that there are "w" makes the ciphertext (ie: private key) "s" recoverable. Therefore, techniques using LISS can generate shared units that are distributed to other users. In other words, the overall process selects the ciphertext "d" for a distribution host and generates the corresponding public key "D", and then decides who can be together to generate a shared unit according to management requirements, and outputs the matrix "M", and then uses LISS Generate the corresponding shared unit "d j ". Wherein, the private key satisfies “d = ∑ j a j *d j ”, “a j ” belongs to “{-1, 0, 1}”, and the public key is transmitted to the node host 120 . In fact, the LISS, like DKG, can cooperate with multiple people to generate the public key "D" and the shared unit "d j " held by everyone without anyone knowing the ciphertext "d". It should be noted that when the assigning host allocates shared units, it will establish an access structure (Access Structure) to determine the user-end hosts that are allowed to restore the ciphertext to plaintext (or called decryption). The access structure may include a threshold access structure (Threshold Access Structure) and a non-threshold access structure. When the aggregation host 110 receives a condition that satisfies the decipherable partial decryption message, it can start to decrypt to calculate the digital signature. The second part, namely: the second signature value "s". In fact, an access structure will determine the conditions under which decryption is allowed this time (that is, as long as part of the decrypted information meeting the conditions is collected, decryption can be performed).

第二生成模組132連接第一生成模組131,用以在使用者端主機(130a~130n)為分派主機時,與節點主機120共同執行 DKG 機制,並將生成的門檻式簽章方案共享單元及其相應的第二公鑰傳送至使用者端主機(130a~130n)。在實際實施上,DKG 機制係由使用者與託管機構所管理的節點主機一起參與,在不產生私鑰的條件下使各方獲得公鑰及共享單元,參與的使用者可以使用具有連網功能的智慧型手機、電腦等裝置作為使用者端主機(130a~130n),或是運行一個節點主機120,倘若將共享單元儲存在智慧型手機,則每次有新的使用者加入時,都會得到相同的共享單元。除此之外,雙方還可以透過權重高低來決定責任歸屬。The second generation module 132 is connected to the first generation module 131 to execute the DKG mechanism together with the node host 120 when the user hosts (130a~130n) are dispatching hosts, and share the generated threshold signature scheme The units and their corresponding second public keys are sent to the user hosts (130a~130n). In actual implementation, the DKG mechanism involves the participation of the user and the node host managed by the custodian organization. Without generating the private key, all parties can obtain the public key and the shared unit. Participating users can use the network-connected smart phones, computers and other devices as user hosts (130a~130n), or run a node host 120, if the shared unit is stored in the smart phone, each time a new user joins, it will get same shared unit. In addition, the two parties can also determine the ownership of responsibility through the weight.

計算模組133用以將接收到欲簽章的交易訊息的使用者端主機(130a~130n)作為交易主機,此交易主機將交易訊息傳送至聚合主機110,並且與節點主機120共同執行TSS,同時使所述使用者主機(130a~130n)及節點主機120均將自身生成的簽名元數據傳送至聚合主機110以進行驗證。The calculation module 133 is used to use the user hosts (130a~130n) that receive the transaction messages to be signed as transaction hosts, the transaction hosts transmit the transaction information to the aggregation host 110, and execute the TSS together with the node host 120, At the same time, both the user hosts ( 130 a - 130 n ) and the node host 120 transmit the signature metadata generated by themselves to the aggregation host 110 for verification.

解密模組134連接計算模組133,用以自聚合主機110接收交易訊息及簽名元數據進行驗證及部分解密以生成相應的部分解密訊息,再將所述部分解密訊息傳送至聚合主機110。在實際實施上,通過簽名元數據可以驗證同態加密值「E D(s i)」所包含的「s i」,並且在不知道「s i」的情況下,透過數學零知識證明使其相信所包含的資訊是對交易訊息「m」所做的簽名。 The decryption module 134 is connected to the computing module 133 for receiving the transaction message and signature metadata from the aggregation host 110 for verification and partial decryption to generate a corresponding partial decryption message, and then sending the partial decryption message to the aggregation host 110 . In actual implementation, the " si " contained in the homomorphic encryption value " ED (s i )" can be verified through signature metadata, and without knowing " si ", it can be verified through mathematical zero-knowledge proof It is believed that the contained information is a signature of the transaction message "m".

特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that in actual implementation, the modules described in the present invention can be implemented in various ways, including software, hardware or any combination thereof. For example, in some implementations, each module can use software and hardware or one of them. In addition, the present invention can also be realized partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), complex programmable logic device (Complex Programmable Logic Device, CPLD), field programmable logic gate array (Field Programmable Gate Array, FPGA) and so on. The present invention can be a system, method and/or computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for causing a processor to implement various aspects of the present invention, the computer-readable storage medium may be a tangible and equipment. A computer readable storage medium may be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light signals through fiber optic cables), or transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded over a network, such as the Internet, local area network, wide area network, and/or wireless network to an external computer device or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in computer-readable storage media in each computing/processing device middle. The computer program instructions for performing the operations of the present invention may be assembly language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may be executed entirely on the computer, partly on the computer, as a stand-alone piece of software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server to execute.

請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明區塊鏈錢包的非互動式批核方法的方法流程圖,其步驟包括:提供N個使用者端主機分別作為區塊鏈錢包的共同使用者,以及提供節點主機及聚合主機,當所述使用者端主機為分派主機時,此分派主機選擇密文,並且與其他使用者端主機共同執行線性整數秘密共享以生成同態加密的i個共享單元及其相應的第一公鑰,以及將第一公鑰傳送至節點主機及使用者端主機、將第j個共享單元傳送至第j個使用者端主機,其中,N、i及j為正整數且N及i大於數值1(步驟201);分派主機將生成的第一公鑰傳送至節點主機120,使節點主機120與分派主機共同執行分散式金鑰生成機制以生成i個門檻式簽章方案共享單元及其相應的第二公鑰(步驟202);分派主機將生成的第二公鑰和門檻式簽章方案共享單元傳送至使用者端主機(步驟203);當使用者端主機接收到欲簽章的交易訊息後,將交易訊息傳送至聚合主機,並且與節點主機共同執行門檻式簽章方案以計算出第一簽章值及i個s值,再根據第一簽章值及i個所述s值計算出相應的簽名元數據(步驟204);使用者端主機及節點主機均將自身生成的簽名元數據傳送至聚合主機110以進行驗證,當聚合主機110驗證無誤後,聚合主機110將交易訊息及所有接收到的簽名元數據傳送至已連線的使用者端主機進行驗證及部分解密以生成相應的部分解密訊息,再將所述部分解密訊息傳送至聚合主機110(步驟205);當聚合主機110接收到的部分解密訊息滿足解密條件時,允許在不知私鑰的情況下,根據部分解密訊息計算出第二簽章值,以及驗證包含第一簽章值及第二簽章值的數位簽章後,再廣播已通過驗證的數位簽章(步驟206)。透過上述步驟,即可透過使用者端主機與節點主機共同生成相應的簽名元數據,再各自傳送至聚合主機驗證,以便聚合主機能夠將簽名元數據提供上線的使用者端主機執行部分解密以生成部分解密訊息,並且將生成的部分解密訊息回傳至聚合主機,當聚合主機接收到的部分解密訊息滿足解密條件時,先計算出數位簽章的第二簽章值,再驗證數位簽章,以及廣播通過驗證的數位簽章以執行交易。Please refer to "Figure 2A" and "Figure 2B". "Figure 2A" and "Figure 2B" are the method flow chart of the non-interactive approval method of the blockchain wallet of the present invention. The steps include: providing N Each user-end host is used as a common user of the blockchain wallet, and provides a node host and an aggregation host. When the user-end host is a dispatching host, the dispatching host selects the ciphertext and communicates with other user-end hosts Jointly perform linear integer secret sharing to generate i shared units of homomorphic encryption and their corresponding first public keys, and transmit the first public key to the node host and the user host, and transmit the jth shared unit to the j user hosts, wherein N, i and j are positive integers and N and i are greater than the value 1 (step 201); the distribution host sends the generated first public key to the node host 120, so that the node host 120 and the distribution The hosts jointly execute the distributed key generation mechanism to generate i shared units of the threshold signature scheme and their corresponding second public keys (step 202); Send to the user-end host (step 203); when the user-end host receives the transaction message to be signed, it sends the transaction message to the aggregation host, and executes the threshold signature scheme together with the node host to calculate the first signature value and i s values, and then calculate the corresponding signature metadata according to the first signature value and the i s values (step 204); both the user end host and the node host will generate the signature metadata Send it to the aggregation host 110 for verification. When the aggregation host 110 verifies that it is correct, the aggregation host 110 sends the transaction message and all received signature metadata to the connected user-side host for verification and partial decryption to generate the corresponding Partially decrypt the message, and then send the partially decrypted message to the aggregation host 110 (step 205); when the partial decryption message received by the aggregation host 110 satisfies the decryption condition, it is allowed to calculate according to the partial decryption message without knowing the private key After obtaining the second signature value and verifying the digital signature including the first signature value and the second signature value, broadcast the verified digital signature (step 206). Through the above steps, the corresponding signature metadata can be jointly generated by the user host and the node host, and then sent to the aggregation host for verification, so that the aggregation host can provide the signature metadata to the online user host to perform partial decryption to generate Partially decrypt the message, and return the generated part of the decrypted message to the aggregation host. When the partial decryption message received by the aggregation host meets the decryption conditions, first calculate the second signature value of the digital signature, and then verify the digital signature. and broadcast a verified digital signature to execute the transaction.

以下配合「第3A圖」至「第3K圖」以實施例的方式進行如下說明,「第3A圖」至「第3J圖」為應用本發明的區塊鏈錢包之非互動式批核流程之示意圖。首先,如「第3A圖」所示意,假設有兩名使用者(即:N為2)分別透過使用者端主機330a及使用者端主機330b共同持有區塊鏈錢包,若使用者端主機330a為分派端主機(即:Dealer角色),使用者端主機330a將會選擇一個密文(或稱之為祕密),並且利用 LISS 方式與使用者端主機330b生成同態加密的二個共享單元,如:第1個共享單元「share d 1」及第2個共享單元「share d 2」,以及與這二個共享單元相應的第一公鑰「D」,接著,如「第3B圖」所示意,使用者端主機330a持有第1個共享單元及第一公鑰、使用者端主機330b持有第2個共享單元及第一公鑰,以及將第一公鑰傳送給節點主機320。接下來,如「第3C圖」所示意,分派主機(即:此例中為使用者端主機330a)與節點主機320共同執行 DKG 機制以生成i個門檻式簽章方案共享單元「s sign,i」及其相應的第二公鑰「P」,其中,節點主機320持有第1個門檻式簽章方案共享單元「s sign,1」,分派主機持有第2個門檻式簽章方案共享單元「s sign,2」。然後,如「第3D圖」所示意,分派主機將生成的第二公鑰「P」及第2個門檻式簽章方案共享單元「s sign,2」傳送給使用者端主機330b。 The following description will be made in the form of an embodiment in conjunction with "Figure 3A" to "Figure 3K". "Figure 3A" to "Figure 3J" are examples of the non-interactive approval process of the blockchain wallet applying the present invention. schematic diagram. First, as shown in "Figure 3A", suppose there are two users (i.e. N is 2) who jointly hold the blockchain wallet through the user-end host 330a and the user-end host 330b respectively. If the user-end host 330a is the dispatcher host (namely: Dealer role), the user host 330a will select a ciphertext (or called secret), and use the LISS method to generate two shared units of homomorphic encryption with the user host 330b , such as: the first shared unit “share d 1 ” and the second shared unit “share d 2 ”, and the first public key “D” corresponding to these two shared units, then, as in “Figure 3B” As shown, the user host 330a holds the first shared unit and the first public key, the user host 330b holds the second shared unit and the first public key, and transmits the first public key to the node host 320 . Next, as shown in "Fig. 3C", the dispatching host (namely: in this example, the user-end host 330a) and the node host 320 jointly execute the DKG mechanism to generate i threshold signature scheme shared units "s sign, i ” and its corresponding second public key “P”, wherein, the node host 320 holds the first shared unit “s sign,1 ” of the threshold signature scheme, and the dispatch host holds the second threshold signature scheme Shared unit "s sign,2 ". Then, as shown in "FIG. 3D", the distribution host sends the generated second public key "P" and the second shared unit "s sign,2 " of the threshold signature scheme to the client host 330b.

如「第3E圖」所示意,當使用者端主機330a有一筆交易需要簽名,例如:接收到欲簽章的交易訊息「m」,使用者端主機330a會將此交易訊息「m」傳送至聚合主機310。同時,使用者端主機330a會與節點主機320共同執行 TSS 以計算出第一簽章值與i個s值(即:s i),再根據第一簽章值及所述s值計算出相應的簽名元數據,其中,簽名元數據包含多個參數,所述參數分別為第一簽章值、同態加密值「E D(s i)」、乘積值「s i*R」及一致性證明「C(E D(s i), s i*R)」。以此例而言,節點主機320計算出第1個簽名元數據為「(r, E D(s 1), s 1*R, C(E D(s 1), s 1*R))」,使用者端主機330a計算出第2個簽名元數據為「(r, E D(s 2), s 2*R, C(E D(s 2), s 2*R))」。接著,如「第3F圖」所示意,使用者端主機330a及節點主機320均將自身生成的簽名元數據傳送至聚合主機310以進行驗證,當聚合主機310驗證無誤後,如「第3G圖」所示意,此聚合主機310會將交易訊息「m」及所有接收到的簽名元數據,如:第1個簽名元數據「(r, E D(s 1), s 1*R, C(E D(s 1), s 1*R))」及第2個簽名元數據「(r, E D(s 2), s 2*R, C(E D(s 2), s 2*R))」一併傳送至已連線的使用者端主機(如:使用者端主機330a)進行驗證及部分解密,以便如「第3H圖」所示意生成相應的部分解密訊息,例如:第1個部分解密訊息「E partial,1(s)」,再將此第1個部分解密訊息「E partial,1(s)」傳送至聚合主機310,其中,「s := s 1+ s 2」。特別要說明的是,當其他的使用者端主機(如:使用者端主機330b)上線時,聚合主機310同樣會如「第3I圖」所示意,將交易訊息「m」及所有簽名元數據傳送給它驗證,在此例中,聚合端主機310將交易訊息「m」、第1個簽名元數據「(r, E D(s 1), s 1*R, C(E D(s 1), s 1*R))」及第2個簽名元數據「(r, E D(s 2), s 2*R, C(E D(s 2), s 2*R))」一併傳送至已上線的使用者端主機330b進行驗證及執行部分解密,以便如「第3J圖」所示意生成第2個部分解密訊息「E partial,2(s)」再回傳給聚合主機310。實際上,第j個上線的使用者端主機會執行下列步驟: As shown in "Fig. 3E", when the client host 330a has a transaction that needs to be signed, for example: receiving the transaction message "m" to be signed, the client host 330a will send the transaction message "m" to Aggregation host 310 . At the same time, the user host 330a and the node host 320 will jointly execute the TSS to calculate the first signature value and i s values (ie: s i ), and then calculate the corresponding The signature metadata of , wherein the signature metadata contains multiple parameters, the parameters are the first signature value, homomorphic encryption value " ED (s i )", product value "s i *R" and consistency Prove "C(E D (s i ), s i *R)". In this example, the node host 320 calculates the first signature metadata as "(r, E D (s 1 ), s 1 *R, C(E D (s 1 ), s 1 *R))" , the client host 330a calculates the second signature metadata as "(r, E D (s 2 ), s 2 *R, C(E D (s 2 ), s 2 *R))". Next, as shown in "Fig. 3F", both the client host 330a and the node host 320 transmit the signature metadata generated by themselves to the aggregating host 310 for verification. ”, the aggregation host 310 will send the transaction message “m” and all received signature metadata, such as: the first signature metadata “(r, E D (s 1 ), s 1 *R, C( E D (s 1 ), s 1 *R))” and the second signature metadata “(r, E D (s 2 ), s 2 *R, C(E D (s 2 ), s 2 *R ))” and sent to the connected client host (such as: client host 330a) for verification and partial decryption, so as to generate corresponding partial decryption messages as shown in “Figure 3H”, for example: 1st Partially decrypted message "E partial, 1 (s)", and then send the first partially decrypted message "E partial, 1 (s)" to the aggregation host 310, wherein, "s := s 1 + s 2 " . In particular, when other user-end hosts (such as: user-end host 330b) go online, the aggregation host 310 will also send the transaction message "m" and all signature metadata as shown in "Figure 3I" In this example, the aggregator host 310 sends the transaction message "m", the first signature metadata "(r, E D (s 1 ), s 1 *R, C(E D (s 1 ), s 1 *R))” and the second signature metadata “(r, E D (s 2 ), s 2 *R, C(E D (s 2 ), s 2 *R))” together Send it to the online client host 330b for verification and partial decryption, so as to generate the second partial decryption message "E partial, 2 (s)" as shown in "Fig. 3J" and send it back to the aggregation host 310. In fact, the jth online client host will perform the following steps:

1. 驗證E D(s i)存在的證明。 1. Verify the proof of the existence of E D (s i ).

2. 驗證一致性證明「C(E D(s i), s i*R)」。 2. Verify the consistency proof "C(E D (s i ), s i *R)".

3. 驗證各參數的範圍是正確的。3. Verify that the ranges for each parameter are correct.

4. 計算「∑ is i* R = r * P + m * G」,其中「m」為交易訊息的雜湊值。 4. Calculate "∑ i s i * R = r * P + m * G", where "m" is the hash value of the transaction message.

5. 執行核准計算:「E partial,j(s) := (

Figure 02_image001
」,此處的「(
Figure 02_image003
」與「∑ iE D(s i)」相等,並且生成「
Figure 02_image005
」和「
Figure 02_image007
」的一致性證明。 5. Execute the approval calculation: "E partial,j (s) := (
Figure 02_image001
", where "(
Figure 02_image003
” is equal to “∑ i E D (s i )” and generates “
Figure 02_image005
"and"
Figure 02_image007
"Consistency proof.

6. 回傳生成的部分解密訊息「E partial,j(s)」及「

Figure 02_image005
」和「
Figure 02_image007
」的一致性證明。 6. Return the generated partial decryption message "E partial,j (s)" and "
Figure 02_image005
"and"
Figure 02_image007
"Consistency proof.

最後,如「第3K圖」所示意,聚合主機310接收到的部分解密訊息滿足解密條件(例如:具有足夠且可解密的部分解密訊息)時,允許在不知私鑰的情況下,根據所述部分解密訊息計算出第二簽章值(即:數位簽章(r,s)中的s值),以及驗證包含第一簽章值及第二簽章值的數位簽章後,再廣播已通過驗證的數位簽章。至此,由於區塊鏈錢包可以在不知私鑰的情況下計算出符合 ECDSA 規範的數位簽章,因此大幅提升安全性,而且使用者可以非同步上線進行批核,並且在批核後就下線,不需在交易過程中持續維持互動,故更具有便利性。Finally, as shown in "Figure 3K", when the partially decrypted message received by the aggregating host 310 satisfies the decryption condition (for example: there are enough and decipherable partially decrypted messages), it is allowed without knowing the private key, according to the Partially decrypt the message to calculate the second signature value (ie: the s value in the digital signature (r, s)), and verify the digital signature including the first signature value and the second signature value, and then broadcast the Verified digital signature. So far, since the blockchain wallet can calculate the digital signature that complies with the ECDSA specification without knowing the private key, the security is greatly improved, and the user can go online asynchronously for approval, and go offline after approval. There is no need to maintain continuous interaction during the transaction process, so it is more convenient.

綜上所述,可知本發明與先前技術之間的差異在於透過使用者端主機與節點主機共同生成相應的簽名元數據,再各自傳送至聚合主機驗證,以便聚合主機能夠將簽名元數據提供上線的使用者端主機執行部分解密以生成部分解密訊息,並且將生成的部分解密訊息回傳至聚合主機,當聚合主機接收到的部分解密訊息滿足解密條件時,先計算出數位簽章的第二簽章值,再驗證數位簽章,以及廣播通過驗證的數位簽章以執行交易,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高區塊鏈錢包的安全性及便利性之技術功效。To sum up, it can be seen that the difference between the present invention and the prior art lies in that the corresponding signature metadata is jointly generated by the user-end host and the node host, and then sent to the aggregation host for verification, so that the aggregation host can provide the signature metadata online The user-end host performs partial decryption to generate a partial decrypted message, and returns the generated partial decrypted message to the aggregation host. When the partial decrypted message received by the aggregation host meets the decryption conditions, it first calculates the second value of the digital signature. Signature value, re-verify the digital signature, and broadcast the verified digital signature to execute the transaction. With this technical means, the problems existing in the previous technology can be solved, and the security and convenience of the blockchain wallet can be improved. The technical effect.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above with the aforementioned embodiments, it is not intended to limit the present invention. Any person familiar with similar skills may make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to what is defined in the scope of patent application attached to this specification.

110:聚合主機 120:節點主機 130a~130n:使用者端主機 131:第一生成模組 132:第二生成模組 133:計算模組 134:解密模組 310:聚合主機 320:節點主機 330a,330b:使用者端主機 步驟201:提供N個使用者端主機分別作為一區塊鏈錢包的共同使用者,以及提供至少一節點主機及一聚合主機,當所述使用者端主機為一分派主機(Dealer)時,該分派主機選擇一密文,並且與其他所述使用者端主機共同執行一線性整數秘密共享(Linear Integer Secret Sharing, LISS)以生成同態加密的i個共享單元及其相應的一第一公鑰,以及將該第一公鑰傳送至所述節點主機及所述使用者端主機、將第j個所述共享單元傳送至第j個所述使用者端主機,其中,N、i及j為正整數且N及i大於數值1 步驟202:該分派主機與所述節點主機共同執行一分散式金鑰生成(Distributed Key Generation, DKG)機制以生成i個門檻式簽章方案共享單元及其相應的一第二公鑰 步驟203:該分派主機將生成的該第二公鑰和所述門檻式簽章方案共享單元傳送至所述使用者端主機 步驟204:當所述使用者端主機接收到欲簽章的一交易訊息後,將該交易訊息傳送至該聚合主機,並且與所述節點主機共同執行一門檻式簽章方案以計算出一第一簽章值及i個s值,再根據該第一簽章值及i個所述s值計算出相應的一簽名元數據 步驟205:所述使用者端主機及所述節點主機均將自身生成的該簽名元數據傳送至該聚合主機以進行驗證,當該聚合主機驗證無誤後,該聚合主機將該交易訊息及所有接收到的所述簽名元數據傳送至已連線的所述使用者端主機進行驗證及部分解密以生成相應的一部分解密訊息,再將所述部分解密訊息傳送至該聚合主機 步驟206:當該聚合主機接收到的所述部分解密訊息滿足一解密條件時,允許在不知私鑰的情況下,根據所述部分解密訊息計算出一第二簽章值,以及驗證包含該第一簽章值及該第二簽章值的一數位簽章後,再廣播已通過驗證的該數位簽章 110: aggregation host 120: node host 130a~130n: user host 131: The first generation module 132:Second Generation Module 133: Calculation module 134: Decryption module 310: aggregation host 320: node host 330a, 330b: user host Step 201: Provide N user-end hosts as co-users of a blockchain wallet, and provide at least one node host and an aggregation host. When the user-end host is a dispatch host (Dealer), the The assigning host selects a ciphertext, and performs a linear integer secret sharing (Linear Integer Secret Sharing, LISS) together with other said user end hosts to generate i shared units of homomorphic encryption and a corresponding first public key , and transmit the first public key to the node host and the user host, and transmit the jth shared unit to the jth user host, wherein N, i and j are Positive integer and N and i are greater than the value 1 Step 202: The assigning host and the node host jointly execute a distributed key generation (Distributed Key Generation, DKG) mechanism to generate i shared units of the threshold signature scheme and a corresponding second public key Step 203: The assigning host sends the generated second public key and the sharing unit of the threshold signature scheme to the user host Step 204: After the user host receives a transaction message to be signed, it sends the transaction message to the aggregation host, and executes a threshold signature scheme together with the node host to calculate a first A signature value and i s values, and then calculate a corresponding signature metadata based on the first signature value and i said s values Step 205: Both the user end host and the node host transmit the signature metadata generated by themselves to the aggregate host for verification, and when the aggregate host verifies that it is correct, the aggregate host sends the transaction message and all received The received signature metadata is sent to the connected client host for verification and partial decryption to generate a corresponding partial decryption message, and then the partial decryption message is sent to the aggregation host Step 206: When the part of the decrypted message received by the aggregation host satisfies a decryption condition, it is allowed to calculate a second signature value based on the part of the decrypted message without knowing the private key, and verify that the part contains the first signature value. After a signature value and a digital signature of the second signature value, broadcast the verified digital signature

第1圖為本發明區塊鏈錢包的非互動式批核系統的系統方塊圖。 第2A圖及第2B圖為本發明區塊鏈錢包的非互動式批核系統的方法流程圖。 第3A圖至第3K圖為應用本發明的區塊鏈錢包之非互動式批核流程的示意圖。 Figure 1 is a system block diagram of the non-interactive approval system of the blockchain wallet of the present invention. FIG. 2A and FIG. 2B are flow charts of the method of the non-interactive approval system of the blockchain wallet of the present invention. FIG. 3A to FIG. 3K are schematic diagrams of the non-interactive approval process of the blockchain wallet applying the present invention.

110:聚合主機 110: aggregation host

120:節點主機 120: node host

130a~130n:使用者端主機 130a~130n: user host

131:第一生成模組 131: The first generation module

132:第二生成模組 132:Second Generation Module

133:計算模組 133: Calculation module

134:解密模組 134: Decryption module

Claims (10)

一種區塊鏈錢包的非互動式批核系統,該系統包含: 一聚合主機,用以接收一交易訊息及多個簽名元數據以進行驗證,並且在所述簽名元數據驗證無誤後,傳送該交易訊息及所述簽名元數據,以及接收多個部分解密訊息以在所述部分解密訊息滿足一解密條件時,根據所述部分解密訊息計算出一第二簽章值,並且驗證包含一第一簽章值及該第二簽章值的一數位簽章後,再廣播已通過驗證的該數位簽章; 至少一節點主機,用以接收一第一公鑰,以及與一分派主機(Dealer)共同執行一分散式金鑰生成(Distributed Key Generation, DKG)機制以生成i個門檻式簽章方案共享單元及其相應的一第二公鑰,以及與一交易主機共同執行一門檻式簽章方案以計算出該第一簽章值及i個s值,再根據該第一簽章值及i個所述s值計算出相應的所述簽名元數據以傳送至該聚合主機,其中,i為大於數值1的正整數;以及 N個使用者端主機,用以分別作為一區塊鏈錢包的共同使用者,所述使用者端主機包含該分派主機及該交易主機,每一所述使用者端主機皆包含: 一第一生成模組,用以在所述使用者端主機為該分派主機時選擇一密文,並且與其他所述使用者端主機共同執行一線性整數秘密共享(Linear Integer Secret Sharing, LISS)以生成同態加密的i個共享單元及其相應的該第一公鑰,以及將該第一公鑰傳送至所述節點主機及所述使用者端主機、將第j個所述共享單元傳送至第j個所述使用者端主機,其中,N、i及j為正整數且N及i大於數值1; 一第二生成模組,連接該第一生成模組,用以在所述使用者端主機為該分派主機時,與所述節點主機共同執行該分散式金鑰生成機制,並將生成的所述門檻式簽章方案共享單元及其相應的該第二公鑰傳送至所述使用者端主機; 一計算模組,用以將接收到欲簽章的一交易訊息的所述使用者端主機作為該交易主機,該交易主機將該交易訊息傳送至該聚合主機,並且與所述節點主機共同執行該門檻式簽章方案,同時使所述使用者主機及所述節點主機均將自身生成的該簽名元數據傳送至該聚合主機以進行驗證;以及 一解密模組,連接該計算模組,用以自該聚合主機接收該交易訊息及所述簽名元數據進行驗證及部分解密以生成相應的所述部分解密訊息,再將所述部分解密訊息傳送至該聚合主機。 A non-interactive approval system for blockchain wallets, the system includes: An aggregation host, configured to receive a transaction message and a plurality of signature metadata for verification, and after the signature metadata is verified to be correct, transmit the transaction message and the signature metadata, and receive a plurality of partially decrypted messages for When the partially decrypted message satisfies a decryption condition, calculating a second signature value according to the partially decrypted message, and after verifying a digital signature including a first signature value and the second signature value, Rebroadcast the digital signature that has been verified; At least one node host, used to receive a first public key, and jointly execute a distributed key generation (Distributed Key Generation, DKG) mechanism with a distribution host (Dealer) to generate i shared units of the threshold signature scheme and Its corresponding second public key, and jointly execute a threshold signature scheme with a transaction host to calculate the first signature value and i s values, and then according to the first signature value and i The s value calculates the corresponding signature metadata to be sent to the aggregation host, wherein, i is a positive integer greater than the value 1; and N user-end hosts are used as co-users of a blockchain wallet respectively, the user-end hosts include the dispatch host and the transaction host, and each of the user-end hosts includes: A first generation module, used to select a ciphertext when the user-end host is the dispatching host, and perform a linear integer secret sharing (Linear Integer Secret Sharing, LISS) with other said user-end hosts To generate i shared units of homomorphic encryption and the corresponding first public key, and transmit the first public key to the node host and the user host, and transmit the jth shared unit To the jth user-side host, wherein N, i and j are positive integers and N and i are greater than the value 1; A second generation module, connected to the first generation module, used to jointly execute the distributed key generation mechanism with the node host when the user-end host is the dispatching host, and generate all The threshold signature scheme sharing unit and the corresponding second public key are transmitted to the user host; A calculation module, used to use the user-side host that receives a transaction message to be signed as the transaction host, the transaction host sends the transaction message to the aggregation host, and executes together with the node host The threshold signature scheme enables both the user host and the node host to transmit the signature metadata generated by themselves to the aggregation host for verification; and A decryption module, connected to the computing module, used to receive the transaction message and the signature metadata from the aggregation host for verification and partial decryption to generate the corresponding partial decryption message, and then transmit the partial decryption message to the aggregation host. 如請求項1之區塊鏈錢包的非互動式批核系統,其中所述簽名元數據包含多個參數,所述參數分別為該第一簽章值、一同態加密值、一乘積值及一一致性證明,當該聚合主機接收到所述簽名元數據時,以零知識證明分別驗證該同態加密值存在的證明、驗證該一致性證明及驗證所述參數的參數範圍是否正確。The non-interactive approval system of blockchain wallet as in claim 1, wherein the signature metadata includes a plurality of parameters, and the parameters are respectively the first signature value, a homomorphic encryption value, a product value and a Consistency proof, when the aggregation host receives the signature metadata, use zero-knowledge proof to respectively verify the proof of the existence of the homomorphic encryption value, verify the consistency proof and verify whether the parameter range of the parameter is correct. 如請求項2之區塊鏈錢包的非互動式批核系統,其中該聚合主機在接收到的所述部分解密訊息滿足該解密條件時,加總每一簽名元數據的該乘積值,其中,所述乘積值為橢圓曲線上的點,加總的所述乘積值等於該第一簽章值與該第二金鑰的乘積加上該交易訊息的雜湊值與一基點的乘積。The non-interactive approval system of blockchain wallet as claimed in claim 2, wherein the aggregating host sums up the product value of each signature metadata when the received partial decryption message satisfies the decryption condition, wherein, The product value is a point on the elliptic curve, and the sum of the product value is equal to the product of the first signature value and the second key plus the product of the hash value of the transaction message and a base point. 如請求項2之區塊鏈錢包的非互動式批核系統,其中該同態加密值係將相應的所述s值進行同態加密後所生成的值。As in the non-interactive approval system of the blockchain wallet of Claim 2, wherein the homomorphically encrypted value is a value generated by homomorphically encrypting the corresponding s value. 如請求項1之區塊鏈錢包的非互動式批核系統,其中該分派主機在分派共享單元時,建立一存取結構(Access Structure)以決定允許將該密文還原成明文的所述使用者端主機,該存取結構包含門檻式存取結構(Threshold Access Structure)及非門檻式存取結構以決定該解密條件。The non-interactive approval system of the blockchain wallet as claimed in claim 1, wherein the dispatching host establishes an access structure (Access Structure) to decide to allow the use of restoring the ciphertext to plaintext when dispatching the shared unit For an end host, the access structure includes a threshold access structure (Threshold Access Structure) and a non-threshold access structure to determine the decryption condition. 一種區塊鏈錢包的非互動式批核方法,其步驟包括: 提供N個使用者端主機分別作為一區塊鏈錢包的共同使用者,以及提供至少一節點主機及一聚合主機,當所述使用者端主機為一分派主機(Dealer)時,該分派主機選擇一密文,並且與其他所述使用者端主機共同執行一線性整數秘密共享(Linear Integer Secret Sharing, LISS)以生成同態加密的i個共享單元及其相應的一第一公鑰,以及將該第一公鑰傳送至所述節點主機及所述使用者端主機、將第j個所述共享單元傳送至第j個所述使用者端主機,其中,N、i及j為正整數且N及i大於數值1; 該分派主機與所述節點主機共同執行一分散式金鑰生成(Distributed Key Generation, DKG)機制以生成i個門檻式簽章方案共享單元及其相應的一第二公鑰; 該分派主機將生成的該第二公鑰和所述門檻式簽章方案共享單元傳送至所述使用者端主機; 當所述使用者端主機接收到欲簽章的一交易訊息後,將該交易訊息傳送至該聚合主機,並且與所述節點主機共同執行一門檻式簽章方案以計算出一第一簽章值及i個s值,再根據該第一簽章值及i個所述s值計算出相應的一簽名元數據; 所述使用者端主機及所述節點主機均將自身生成的該簽名元數據傳送至該聚合主機以進行驗證,當該聚合主機驗證無誤後,該聚合主機將該交易訊息及所有接收到的所述簽名元數據傳送至已連線的所述使用者端主機進行驗證及部分解密以生成相應的一部分解密訊息,再將所述部分解密訊息傳送至該聚合主機;以及 當該聚合主機接收到的所述部分解密訊息滿足一解密條件時,允許在不知私鑰的情況下,根據所述部分解密訊息計算出一第二簽章值,以及驗證包含該第一簽章值及該第二簽章值的一數位簽章後,再廣播已通過驗證的該數位簽章。 A non-interactive approval method for a blockchain wallet, the steps of which include: Provide N user-end hosts as co-users of a blockchain wallet, and provide at least one node host and an aggregation host. When the user-end host is a dealer, the dealer chooses a ciphertext, and jointly execute a linear integer secret sharing (Linear Integer Secret Sharing, LISS) with other said user end hosts to generate i shared units of homomorphic encryption and a corresponding first public key, and The first public key is sent to the node host and the user host, and the jth shared unit is sent to the jth user host, wherein N, i and j are positive integers and N and i are greater than the value 1; The dispatching host and the node host jointly execute a distributed key generation (Distributed Key Generation, DKG) mechanism to generate i shared units of the threshold signature scheme and a corresponding second public key; The assigning host sends the generated second public key and the sharing unit of the threshold signature scheme to the user host; When the user host receives a transaction message to be signed, it sends the transaction message to the aggregation host, and executes a threshold signature scheme with the node host to calculate a first signature value and i s values, and then calculate a corresponding signature metadata according to the first signature value and i said s values; Both the user host and the node host transmit the signature metadata generated by themselves to the aggregating host for verification. After the aggregating host verifies that it is correct, the aggregating host sends the transaction message and all received The signature metadata is sent to the connected client host for verification and partial decryption to generate a corresponding partial decryption message, and then the partial decryption message is sent to the aggregation host; and When the part of the decrypted message received by the aggregation host satisfies a decryption condition, it is allowed to calculate a second signature value based on the part of the decrypted message without knowing the private key, and verify that the first signature is included value and a digital signature of the second signature value, and then broadcast the verified digital signature. 如請求項6之區塊鏈錢包的非互動式批核方法,其中所述簽名元數據包含多個參數,所述參數分別為該第一簽章值、一同態加密值、一乘積值及一一致性證明,當該聚合主機接收到所述簽名元數據時,以零知識證明分別驗證該同態加密值存在的證明、驗證該一致性證明及驗證所述參數的參數範圍是否正確。The non-interactive approval method of blockchain wallet as in claim item 6, wherein the signature metadata includes a plurality of parameters, and the parameters are respectively the first signature value, a homomorphic encryption value, a product value and a Consistency proof, when the aggregation host receives the signature metadata, use zero-knowledge proof to respectively verify the proof of the existence of the homomorphic encryption value, verify the consistency proof and verify whether the parameter range of the parameter is correct. 如請求項7之區塊鏈錢包的非互動式批核方法,其中該聚合主機在接收到的所述部分解密訊息滿足該解密條件時,加總每一簽名元數據的該乘積值,其中,所述乘積值為橢圓曲線上的點,加總的所述乘積值等於該第一簽章值與該第二金鑰的乘積加上該交易訊息的雜湊值與一基點的乘積。A non-interactive approval method for a blockchain wallet as in claim 7, wherein the aggregation host sums up the product value of each signature metadata when the received partial decryption message satisfies the decryption condition, wherein, The product value is a point on the elliptic curve, and the sum of the product value is equal to the product of the first signature value and the second key plus the product of the hash value of the transaction message and a base point. 如請求項7之區塊鏈錢包的非互動式批核方法,其中該同態加密值係將相應的所述s值進行同態加密後所生成的值。A non-interactive approval method for a blockchain wallet as in Claim 7, wherein the homomorphic encryption value is a value generated by homomorphically encrypting the corresponding s value. 如請求項6之區塊鏈錢包的非互動式批核方法,其中該分派主機在分派共享單元時,建立一存取結構(Access Structure)以決定允許將該密文還原成明文的所述使用者端主機,該存取結構包含門檻式存取結構(Threshold Access Structure)及非門檻式存取結構以決定該解密條件。The non-interactive approval method of the blockchain wallet as claimed in claim 6, wherein the assigning host establishes an access structure (Access Structure) to determine the use of allowing the ciphertext to be restored to plaintext when assigning the shared unit For an end host, the access structure includes a threshold access structure (Threshold Access Structure) and a non-threshold access structure to determine the decryption condition.
TW110133811A 2021-09-10 2021-09-10 Non-interactive approval system for blockchain wallet and method thereof TWI782701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110133811A TWI782701B (en) 2021-09-10 2021-09-10 Non-interactive approval system for blockchain wallet and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110133811A TWI782701B (en) 2021-09-10 2021-09-10 Non-interactive approval system for blockchain wallet and method thereof

Publications (2)

Publication Number Publication Date
TWI782701B TWI782701B (en) 2022-11-01
TW202312055A true TW202312055A (en) 2023-03-16

Family

ID=85794292

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110133811A TWI782701B (en) 2021-09-10 2021-09-10 Non-interactive approval system for blockchain wallet and method thereof

Country Status (1)

Country Link
TW (1) TWI782701B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938604B (en) * 2023-09-18 2023-11-28 深圳市上融科技有限公司 Multi-party-based electronic signature system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632045A (en) * 2018-05-10 2018-10-09 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN108776896A (en) * 2018-06-04 2018-11-09 中钞信用卡产业发展有限公司杭州区块链技术研究院 Digital cash wallet business management method based on multi-signature and system
SG11202012708SA (en) * 2018-06-28 2021-02-25 Pay Gate Co Ltd Multi-signature security account control system
US11196570B2 (en) * 2019-10-07 2021-12-07 Accenture Global Solutions Limited Cryptologic blockchain interoperability membership system

Also Published As

Publication number Publication date
TWI782701B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
US11601407B2 (en) Fast oblivious transfers
US6941457B1 (en) Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key
TWI821248B (en) Computer implemented method and system for transferring control of a digital asset
CN111404950B (en) Information sharing method and device based on block chain network and related equipment
CN110709874A (en) Voucher generation and distribution method and system for block chain network
US11516195B2 (en) Terminal device, key distribution management device, server-client system, communication method, and programs
CN113411323B (en) Medical record data access control system and method based on attribute encryption
CN113901512A (en) Data sharing method and system
CN113609781A (en) Automobile production mold optimization method, system, equipment and medium based on federal learning
CN113468580B (en) Multi-party collaborative signature method and system
TWI782701B (en) Non-interactive approval system for blockchain wallet and method thereof
Kanimozhi et al. Secure sharing of IOT data in cloud environment using attribute-based encryption
CN113204788A (en) Privacy protection method for fine-grained attribute matching
WO2019230718A1 (en) Voting system, voting relay server, client terminal, voting method, advertisement distribution system, and program
TW202239173A (en) Threshold signature scheme system based on inputting password and method thereof
He et al. Semi-quantum ring signature protocol based on multi-particle GHZ state
TWI783804B (en) Shares generation system based on linear integer secret sharing and method thereof
CN111819815B (en) Computer-implemented method and system for transferring control of digital assets
TWI737956B (en) Threshold signature system based on secret sharing and method thereof
CN114257412B (en) Privacy protection multi-party data cooperation box-separating method, system, equipment and terminal
Wang et al. Online Trading Platform for Power Company Suppliers Based on Blockchain Technology
Wang et al. Secure mutual authentication quantum key agreement scheme for two-party setting with key recycling
TW202310584A (en) Key generating system for hierarchical deterministic wallet and method thereof
Wang et al. A Cheating Detectable Privacy-Preserving Data Sharing Scheme for Cloud Computing
Wang et al. A Secure Centralized Multi-Party Quantum Key Distribution Protocol with New Encoding Mode