TWI710987B - Wallet service system with multi-signature and method thereof - Google Patents

Wallet service system with multi-signature and method thereof Download PDF

Info

Publication number
TWI710987B
TWI710987B TW108144064A TW108144064A TWI710987B TW I710987 B TWI710987 B TW I710987B TW 108144064 A TW108144064 A TW 108144064A TW 108144064 A TW108144064 A TW 108144064A TW I710987 B TWI710987 B TW I710987B
Authority
TW
Taiwan
Prior art keywords
host
identification code
service host
terminal device
wallet service
Prior art date
Application number
TW108144064A
Other languages
Chinese (zh)
Other versions
TW202123119A (en
Inventor
莊治耘
陳昶吾
林祐德
Original Assignee
開曼群島商現代財富控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 開曼群島商現代財富控股有限公司 filed Critical 開曼群島商現代財富控股有限公司
Priority to TW108144064A priority Critical patent/TWI710987B/en
Application granted granted Critical
Publication of TWI710987B publication Critical patent/TWI710987B/en
Publication of TW202123119A publication Critical patent/TW202123119A/en

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A wallet service system with multi-signature and method thereof is disclosed. By providing a terminal device, a recover host, a wallet service host and an exchange host for executing a secret sharing algorithm to generate a plurality of shares, so as to execute a secure multi-party computation (MPC) to calculate a signature to complete a sign of transaction, and allowing the shares to be reset, regenerate at least one new share to replace the original shares under the premise of being able to use the same private key. The mechanism is help to improve the security of wallet.

Description

具多重簽章的錢包服務系統及其方法Wallet service system and method with multiple signatures

本發明涉及一種錢包服務系統及其方法,特別是具多重簽章的錢包服務系統及其方法。The invention relates to a wallet service system and method thereof, in particular to a wallet service system and method with multiple signatures.

近年來,隨著電子錢包的普及與蓬勃發展,各種錢包服務便如雨後春筍般出現,然而,無論是使用何種錢包服務,皆脫離不了使用私鑰來對交易進行簽章(即:簽署交易),但是當私鑰被竊取時,將會導致竊取者能夠進行未授權的交易,因此,如何保護錢包服務的私鑰便成為各家廠商亟欲解決的問題之一。In recent years, with the popularity and vigorous development of electronic wallets, various wallet services have sprung up. However, no matter what wallet service is used, it is inseparable from the use of private keys to sign transactions (ie: sign transactions) However, when the private key is stolen, the thief will be able to conduct unauthorized transactions. Therefore, how to protect the private key of the wallet service has become one of the problems that manufacturers urgently want to solve.

一般而言,傳統的私鑰保護方式是將私鑰進行加密後再進行儲存,例如,儲存在資料庫、以檔案形式儲存,或是使用硬體安全模組(Hardware Security Module, HSM)來儲存。然而,上述方式存在一個共同的問題,即:沒有辦法防止記憶體傾印(Memory Dump)攻擊,因為在某個時間點上,私鑰會被讀取至記憶體中,例如,在生成私鑰的時候,會以亂數方式產生一組私鑰,並且經過加密後再進行儲存,而這個過程中,私鑰會短暫存在記憶體中,另外,在對交易訊息進行簽章的時候,需要將私鑰取出以進行簽章,這時候在記憶體中同樣會有一份私鑰訊息。此時,容易因為記憶體傾印攻擊而導致私鑰被竊,故具有電子錢包的安全性不佳的問題。Generally speaking, the traditional private key protection method is to encrypt the private key before storing, for example, storing in a database, storing in the form of a file, or using a hardware security module (Hardware Security Module, HSM) to store . However, the above methods have a common problem, that is: there is no way to prevent Memory Dump attacks, because at a certain point in time, the private key will be read into the memory, for example, when the private key is generated At the time, a set of private keys will be generated in a random number method, and then stored after being encrypted. During this process, the private key will be stored in the memory for a short time. In addition, when signing the transaction message, you need to The private key is taken out for signing. At this time, there will also be a private key message in the memory. At this time, the private key is likely to be stolen due to a memory dump attack, so the security of the electronic wallet is not good.

有鑑於此,便有廠商提出門檻式簽章的技術,其透過多個私鑰共同進行簽章,當簽章的數量達到門檻時,才代表簽章有效。如此一來,可以降低單一使用者的私鑰被竊所造成的影響,有效增加記憶體傾印攻擊的困難度。然而,此方式同樣會使各自的私鑰存在於各自的記憶體中,所以同樣無法避免私鑰可能遭到記憶體傾印攻擊的情況,故此方式仍然無法有效解決電子錢包的安全性不佳的問題。In view of this, some manufacturers have proposed a threshold-type signature technology, which uses multiple private keys to sign together. When the number of signatures reaches the threshold, the signature is valid. In this way, the impact caused by the theft of a single user's private key can be reduced, and the difficulty of a memory dump attack can be effectively increased. However, this method also causes the respective private keys to exist in their respective memory, so it is also unavoidable that the private key may be attacked by memory dumping, so this method still cannot effectively solve the poor security of the electronic wallet problem.

綜上所述,可知先前技術中長期以來一直存在電子錢包的安全性不佳之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has always had the problem of poor security of electronic wallets for a long time, so it is really necessary to propose improved technical means to solve this problem.

本發明揭露一種具多重簽章的錢包服務系統及其方法。The invention discloses a wallet service system with multiple signatures and a method thereof.

首先,本發明揭露一種具多重簽章的錢包服務系統,應用在由多個節點組成的區塊鏈網路中,此系統包含:終端裝置、重設服務主機、錢包服務主機及交易所主機。其中,終端裝置為區塊鏈網路中的節點其中之一,用以於初始時,傳送地址生成請求及接收第一識別碼,在欲進行區塊鏈交易時,傳送交易請求及接收第二識別碼和編碼後的待簽章資料,以及在欲進行重設時,傳送重設請求及接收第三識別碼;重設服務主機為區塊鏈網路中的節點其中之一,用以在接收到包含第一識別碼的地址生成請求時,獲得第一識別碼,以及在接收到包含第三識別碼的重設請求時,獲得第三識別碼;錢包服務主機為區塊鏈網路中的節點其中之一,用以在接收到包含第一識別碼的地址生成請求時,獲得第一識別碼,並且傳送包含第一識別碼的地址生成請求至重設服務主機,當接收到包含第二識別碼與編碼後的待簽章資料的交易請求時,獲得第二識別碼與編碼後的待簽章資料,以及在接收到包含第三識別碼的重設請求時,獲得第三識別碼,並且傳送包含第三識別碼的重設請求至重設服務主機;交易所主機為區塊鏈網路中的節點其中之一,用以自終端裝置接收到地址生成請求時,產生第一識別碼且回傳給終端裝置,並且傳送包含第一識別碼的地址生成請求至錢包服務主機,自終端裝置接收到交易請求時,產生第二識別碼且將交易請求中的待簽章資料進行編碼,再將產生的第二識別碼與編碼後的待簽章資料一併帶入交易請求以傳送至終端裝置及錢包服務主機,以及自終端裝置接收到重設請求時,產生第三識別碼且回傳給終端裝置,並且傳送包含第三識別碼的重設請求至錢包服務主機;其中,終端裝置、重設服務主機、錢包服務主機及交易所主機皆獲得第一識別碼之後,相互建立安全點對點連線,並且執行相同的秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與基點及相應的插值係數相乘再相互加總以生成對應共享單元的公鑰,其中,N為正整數;其中,終端裝置、錢包服務主機及交易所主機皆獲得第二識別碼及編碼後的待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出簽章,以及由錢包服務主機廣播此簽章以完成對待簽章資料的簽署;其中,終端裝置、重設服務主機、錢包服務主機及交易所主機皆獲得第三識別碼之後,相互建立安全點對點連線,並且執行重設共享單元的安全多方運算,使終端裝置重新生成新的共享單元以取代原本在終端裝置的共享單元。First, the present invention discloses a wallet service system with multiple signatures, which is applied in a blockchain network composed of multiple nodes. The system includes: terminal devices, reset service hosts, wallet service hosts, and exchange hosts. Among them, the terminal device is one of the nodes in the blockchain network, which is used to transmit the address generation request and receive the first identification code at the beginning, and transmit the transaction request and receive the second identification code when a blockchain transaction is to be performed. The identification code and the encoded data to be signed, and when you want to reset, send a reset request and receive the third identification code; the reset service host is one of the nodes in the blockchain network for When receiving the address generation request containing the first identification code, obtain the first identification code, and when receiving the reset request containing the third identification code, obtain the third identification code; the wallet service host is in the blockchain network One of the nodes is used to obtain the first identification code when receiving the address generation request containing the first identification code, and transmit the address generation request containing the first identification code to the reset service host. 2. In the transaction request of the identification code and the encoded data to be signed, the second identification code and the encoded data to be signed are obtained, and the third identification code is obtained when the reset request containing the third identification code is received , And send a reset request containing the third identification code to the reset service host; the exchange host is one of the nodes in the blockchain network, used to generate the first identification when receiving the address generation request from the terminal device Code and return it to the terminal device, and send an address generation request containing the first identification code to the wallet service host. When a transaction request is received from the terminal device, a second identification code is generated and the data to be signed in the transaction request is encoded , And then bring the generated second identification code and the encoded data to be signed into the transaction request for transmission to the terminal device and the wallet service host, and when the reset request is received from the terminal device, the third identification code is generated and Send back to the terminal device, and send the reset request containing the third identification code to the wallet service host; where the terminal device, reset service host, wallet service host and exchange host all obtain the first identification code, and establish mutual security Point-to-point connection, and execute the same secret sharing algorithm and exchange calculation results to generate the corresponding N shared units respectively, and multiply each shared unit with the base point and the corresponding interpolation coefficient and then add them together to generate the corresponding The public key of the shared unit, where N is a positive integer; where the terminal device, the wallet service host, and the exchange host all obtain the second identification code and the encoded data to be signed, and establish a secure point-to-point connection with each other for Perform secure multi-party calculations to calculate the signature, and the wallet service host broadcasts the signature to complete the signature of the data to be signed; the terminal device, reset service host, wallet service host, and exchange host all obtain the third identification After the code, a secure point-to-point connection is established with each other, and a secure multi-party operation of resetting the shared unit is performed, so that the terminal device regenerates a new shared unit to replace the original shared unit in the terminal device.

另外,本發明揭露一種具多重簽章的錢包服務方法,應用在由多個節點組成的區塊鏈網路中,其步驟包括:在區塊鏈網路中,提供具有安全點對點連線功能的終端裝置、重設服務主機、錢包服務主機及交易所主機,用以分別作為節點其中之一;於初始時,終端裝置傳送地址生成請求至交易所主機,使交易所主機產生第一識別碼且回傳至終端裝置,以及交易所主機傳送包含第一識別碼的地址生成請求至錢包服務主機,使錢包服務主機傳送包含第一識別碼的地址生成請求至重設服務主機;終端裝置、重設服務主機、錢包服務主機及交易所主機皆獲得第一識別碼之後,相互建立安全點對點連線,並且執行相同的秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與基點及相應的插值係數相乘再相互加總以生成對應共享單元的公鑰,其中,N為正整數;當終端裝置欲進行區塊鏈交易時,此終端裝置傳送交易請求至交易所主機,使交易所主機產生相應的第二識別碼,以及將交易請求中的待簽章資料進行編碼,並且將產生的第二識別碼與編碼後的待簽章資料一併帶入交易請求以傳送至終端裝置及錢包服務主機;終端裝置、錢包服務主機及交易所主機皆獲得第二識別碼及編碼後的待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出簽章,以及由錢包服務主機廣播此簽章以完成對待簽章資料的簽署;當終端裝置欲重設共享單元時,此終端裝置傳送重設請求至交易所主機,使交易所主機產生第三識別碼並回傳給終端裝置,以及使交易所主機傳送包含第三識別碼的重設請求至錢包服務主機,再由錢包服務主機傳送包含第三識別碼的重設請求至重設服務主機;終端裝置、重設服務主機、錢包服務主機及交易所主機皆獲得第三識別碼之後,相互建立安全點對點連線,並且執行重設共享單元的安全多方運算,使終端裝置重新生成新的共享單元以取代原本在終端裝置的共享單元。In addition, the present invention discloses a wallet service method with multiple signatures, which is applied in a blockchain network composed of multiple nodes, and the steps include: in the blockchain network, providing a secure point-to-point connection function The terminal device, the reset service host, the wallet service host and the exchange host respectively serve as one of the nodes; at the initial stage, the terminal device sends an address generation request to the exchange host, so that the exchange host generates the first identification code and Back to the terminal device, and the exchange host transmits an address generation request containing the first identification code to the wallet service host, so that the wallet service host transmits the address generation request containing the first identification code to the reset service host; terminal device, reset After the service host, wallet service host, and exchange host all obtain the first identification code, they establish a secure point-to-point connection with each other, and execute the same secret sharing algorithm and exchange calculation results to generate corresponding N sharing units, and Multiply each shared unit with the base point and the corresponding interpolation coefficient and add them together to generate the public key of the corresponding shared unit, where N is a positive integer; when the terminal device wants to perform a blockchain transaction, the terminal device transmits the transaction Request to the exchange host to make the exchange host generate the corresponding second identification code and encode the data to be signed in the transaction request, and bring the generated second identification code and the encoded data to be signed together Incoming transaction requests are sent to the terminal device and the wallet service host; after the terminal device, the wallet service host and the exchange host obtain the second identification code and the encoded data to be signed, they establish a secure point-to-point connection with each other to implement security Multi-party calculations to calculate the signature, and the wallet service host broadcasts the signature to complete the signing of the data to be signed; when the terminal device wants to reset the shared unit, the terminal device sends a reset request to the exchange host to make the transaction The host generates a third identification code and sends it back to the terminal device, and causes the exchange host to send a reset request containing the third identification code to the wallet service host, and then the wallet service host sends a reset request containing the third identification code to Reset the service host; after the terminal device, reset service host, wallet service host, and exchange host all obtain the third identification code, they establish a secure point-to-point connection with each other, and perform the secure multi-party operation of resetting the shared unit to reset the terminal device Generate a new shared unit to replace the original shared unit in the terminal device.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過提供終端裝置、重設服務主機、錢包服務主機及交易所主機,執行秘密共享演算法以生成共享單元,以便在交易時,執行安全多方運算計算出簽章以完成交易簽署,並且允許重設共享單元,在重設前後均能夠使用相同私鑰的前提下,重新生成新的共享單元以取代原本的共享單元。The system and method disclosed in the present invention are as above. The difference from the prior art is that the present invention executes a secret sharing algorithm to generate shared units by providing terminal devices, reset service hosts, wallet service hosts, and exchange hosts. When performing secure multi-party calculations to calculate the signature to complete the transaction signing, and allow the shared unit to be reset, a new shared unit can be regenerated to replace the original shared unit under the premise that the same private key can be used before and after the reset.

透過上述的技術手段,本發明可以達成提高電子錢包的安全性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the security of the electronic wallet.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。Hereinafter, the implementation of the present invention will be described in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

在說明本發明所揭露之具多重簽章的錢包服務系統及其方法之前,先對本發明所自行定義的名詞作說明,本發明所述的「共享單元(Share)」是指執行秘密共享演算法如:聯合隨機秘密共享演算法(Joint Random Secret Sharing, JRSS)所生成的元素,用以在執行安全多方運算(Secure Multi-Party Computation, SMC/MPC)時,在不同的節點之間進行相互交換,以便用來計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」),進而實現分級式秘密共享(Hierarchical Secret Sharing, HSS)、門檻式秘密共享(Threshold Secret Sharing, TSS)等等。Before describing the wallet service system with multiple signatures and its method disclosed in the present invention, the self-defined terms of the present invention will be explained. The “Share” in the present invention refers to the execution of secret sharing algorithms For example, the elements generated by the Joint Random Secret Sharing (JRSS) algorithm are used to exchange between different nodes when performing Secure Multi-Party Computation (SMC/MPC) , In order to calculate the signature (or “signature”) in accordance with the signature format of the Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), and then achieve hierarchical secret sharing (Hierarchical Secret Sharing, HSS) ), Threshold Secret Sharing (TSS), etc.

以下配合圖式對本發明具多重簽章的錢包服務系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明具多重簽章的錢包服務系統之系統方塊圖,應用在由多個節點所組成的區塊鏈網路,此系統包含:終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140。其中,終端裝置110為區塊鏈網路中的節點其中之一,用以於初始時,傳送地址生成請求及接收第一識別碼,在欲進行區塊鏈交易時,傳送交易請求及接收第二識別碼和編碼後的待簽章資料,以及在欲進行重設時,傳送重設請求及接收第三識別碼。在實際實施上,第一識別碼、第二識別碼及第三識別碼可以是以任意的數字、字母及符號,組合成具有唯一性的字串,也可以直接使用通用唯一識別碼(Universally Unique Identifier, UUID)或全域唯一識別碼(Globally Unique Identifier, GUID),這些識別碼是交易所主機140在每次接收到請求(Request)時所產生,用以提供各方基於識別碼來區分和執行相應的請求。The following is a detailed description of the multi-signature wallet service system and method of the present invention in conjunction with the drawings. Please refer to "Figure 1" first. "Figure 1" is the system block diagram of the multi-signature wallet service system of the present invention. , Applied to a blockchain network composed of multiple nodes, this system includes: a terminal device 110, a reset service host 120, a wallet service host 130, and an exchange host 140. Among them, the terminal device 110 is one of the nodes in the blockchain network, which is used to send an address generation request and receive the first identification code at the initial stage, and to send a transaction request and receive the first identification code when a blockchain transaction is to be performed. 2. The identification code and the encoded data to be signed, and when resetting is desired, sending a reset request and receiving a third identification code. In actual implementation, the first identification code, the second identification code, and the third identification code can be any numbers, letters, and symbols, combined into a unique string, or can be directly used as a universally unique identification code (Universally Unique Identifier, UUID) or Globally Unique Identifier (GUID), these identification codes are generated by the exchange host 140 every time a request (Request) is received to provide parties to distinguish and execute based on the identification code The corresponding request.

重設服務主機120為區塊鏈網路中的節點其中之一,用以在接收到包含第一識別碼的地址生成請求時,獲得第一識別碼,以及在接收到包含第三識別碼的重設請求時,獲得第三識別碼。換句話說,重設服務主機120只在產生共享單元的過程中,從錢包服務主機130接收包含第一識別碼的地址生成請求,以及在重設共享單元的過程中,從錢包服務主機130接收包含第三識別碼的重設請求。在實際實施上,錢包服務主機130傳送重設請求時,需要帶入相應的原始公鑰或編碼以告知他方要重設的共享單元是哪一個,以帶入原始公鑰為例,其他方可根據原始公鑰得知對應的共享單元並進行替換;以帶入編碼為例,可以預先為共享單元設定一個獨立的編碼,如:「user_1_key_1」,如此一來,其他方才知道要替換哪一個共享單元。The reset service host 120 is one of the nodes in the blockchain network, and is used to obtain the first identification code when receiving the address generation request containing the first identification code, and to obtain the first identification code after receiving the address generation request containing the third identification code. Upon reset request, a third identification code is obtained. In other words, the reset service host 120 only receives the address generation request containing the first identification code from the wallet service host 130 during the process of generating the shared unit, and receives from the wallet service host 130 during the process of resetting the shared unit. A reset request containing the third identification code. In actual implementation, when the wallet service host 130 transmits the reset request, it needs to bring in the corresponding original public key or code to inform the other party which shared unit is to be reset. Taking the original public key as an example, other parties can Know the corresponding shared unit according to the original public key and replace it; take the code brought in as an example, you can set an independent code for the shared unit in advance, such as "user_1_key_1", so that other parties know which share to replace unit.

錢包服務主機130為區塊鏈網路中的節點其中之一,用以在接收到包含第一識別碼的地址生成請求時,獲得第一識別碼,並且傳送包含第一識別碼的地址生成請求至重設服務主機,當接收到包含第二識別碼與編碼後的待簽章資料的交易請求時,獲得第二識別碼與編碼後的待簽章資料,以及在接收到包含第三識別碼的重設請求時,獲得第三識別碼,並且傳送包含第三識別碼的重設請求至重設服務主機。換句話說,只有在接收到交易請求時,才會一併獲得識別碼及編碼後的待簽章資料,例如:轉出地址、轉入地址、金額等等,否則僅會得到識別碼。在實際實施上,錢包服務主機130可預先儲存包含第一目的地址的黑名單,當錢包服務主機130接收到區塊鏈交易且其目的位址在第一目的位址之中時,拒絕以簽章簽署區塊鏈交易,或是錢包服務主機130預先儲存包含第二目的地址的白名單,當錢包服務主機接收到區塊鏈交易且其目的位址在第二目的位址之中時,允許以簽章簽署區塊鏈交易。另外,錢包服務主機130也可允許透過交易所主機140設定限制條件,用以限制數位貨幣在某一時間範圍內的發送數量,例如:限制單日的數位貨幣發送量。The wallet service host 130 is one of the nodes in the blockchain network, which is used to obtain the first identification code when receiving the address generation request containing the first identification code, and transmit the address generation request containing the first identification code To reset the service host, when a transaction request containing the second identification code and the encoded data to be signed is received, the second identification code and the encoded data to be signed are obtained, and when the third identification code is received When the reset request is made, the third identification code is obtained, and the reset request containing the third identification code is sent to the reset service host. In other words, only when the transaction request is received, the identification code and the encoded data to be signed, such as the transfer-out address, transfer-in address, amount, etc., will be obtained, otherwise only the identification code will be obtained. In actual implementation, the wallet service host 130 can pre-store a blacklist containing the first destination address. When the wallet service host 130 receives a blockchain transaction and its destination address is among the first destination addresses, it refuses to sign Chapter to sign the blockchain transaction, or the wallet service host 130 pre-stores a whitelist containing the second destination address. When the wallet service host receives the blockchain transaction and its destination address is in the second destination address, it is allowed Sign blockchain transactions with signatures. In addition, the wallet service host 130 may also allow the exchange host 140 to set restriction conditions to limit the amount of digital currency sent within a certain time range, for example, limit the amount of digital currency sent in a single day.

交易所主機140為區塊鏈網路中的節點其中之一,用以自終端裝置110接收到地址生成請求時,產生第一識別碼且回傳給終端裝置110,並且傳送包含第一識別碼的地址生成請求至錢包服務主機130。另外,自終端裝置110接收到交易請求時,則產生第二識別碼且將交易請求中的待簽章資料進行編碼,再將產生的第二識別碼與編碼後的待簽章資料一併帶入交易請求以傳送至終端裝置110及錢包服務主機130。接著,自終端裝置110接收到重設請求時,則產生第三識別碼且回傳給終端裝置110,並且傳送包含第三識別碼的重設請求至錢包服務主機130。The exchange host 140 is one of the nodes in the blockchain network. When receiving an address generation request from the terminal device 110, the exchange host 140 generates a first identification code and sends it back to the terminal device 110, and transmits the first identification code The address of, generates a request to the wallet service host 130. In addition, when a transaction request is received from the terminal device 110, a second identification code is generated and the data to be signed in the transaction request is encoded, and then the generated second identification code is combined with the encoded data to be signed The transaction request is sent to the terminal device 110 and the wallet service host 130. Then, when a reset request is received from the terminal device 110, a third identification code is generated and sent back to the terminal device 110, and a reset request including the third identification code is sent to the wallet service host 130.

承上所述,終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆可分別視為一方(Party),這四方皆獲得第一識別碼之後,將相互建立安全點對點連線,並且執行相同的秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與基點及相應的插值係數(如:拉格朗日係數、伯克霍夫係數等等)相乘再相互加總以生成對應共享單元的公鑰,其中,N為正整數。此時,各方皆能知道自己的共享單元對應到哪一個公鑰。另外,終端裝置110、錢包服務主機130及交易所主機140皆獲得第二識別碼及編碼後的待簽章資料之後,將相互建立安全點對點連線,用以執行安全多方運算以計算出簽章,以及由錢包服務主機130廣播此簽章以完成對待簽章料的簽署。接著,終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆獲得第三識別碼之後,將相互建立安全點對點連線,並且執行重設共享單元的安全多方運算,使終端裝置110重新生成新的共享單元以取代原本在終端裝置110的共享單元。在實際實施上,除了以新的共享單元取代原本在終端裝置110的共享單元之外,也可以在終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆獲得第三識別碼之後,允許交易所主機140、錢包服務主機130及重設服務主機120各自重新生成新的共享單元以取代原本各自的共享單元。特別要說明的是,上述為TSS的情況,而在HSS的情況下,生成共享單元是終端裝置、重設服務主機、錢包服務主機及交易所主機分別根據各自預設的共享數量、門檻值、索引值及層級值產生相應的多項式,並且根據微分J次的多項式及所有索引值計算出符合共享數量的多個多項式值,其中,J為層級值。接著,終端裝置、重設服務主機、錢包服務主機及交易所主機執行安全多方運算,用以交換各自計算出的多項式值,並且根據交換結果各自生成對應且具有不同等級的共享單元。As mentioned above, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 can be regarded as parties respectively. After the four parties obtain the first identification code, they will establish a secure point-to-point connection with each other. Line, and execute the same secret sharing algorithm and exchange calculation results to generate the corresponding N shared units, and combine each shared unit with the base point and the corresponding interpolation coefficient (such as: Lagrangian coefficient, Burke Hough coefficients, etc.) are multiplied and then added to each other to generate the public key of the corresponding shared unit, where N is a positive integer. At this time, all parties can know which public key their shared unit corresponds to. In addition, after the terminal device 110, the wallet service host 130, and the exchange host 140 obtain the second identification code and the encoded data to be signed, they will establish a secure point-to-point connection with each other to perform secure multi-party operations to calculate the signature , And the wallet service host 130 broadcasts the signature to complete the signature of the signature material to be signed. Then, after the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 all obtain the third identification code, they will establish a secure point-to-point connection with each other, and perform the secure multi-party operation of resetting the shared unit to make the terminal The device 110 regenerates a new sharing unit to replace the original sharing unit in the terminal device 110. In actual implementation, in addition to replacing the original sharing unit in the terminal device 110 with a new sharing unit, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 can all obtain the third identification. After the code, the exchange host 140, the wallet service host 130, and the reset service host 120 are allowed to regenerate a new shared unit to replace the original shared unit. In particular, the above is the case of TSS, and in the case of HSS, the generating and sharing units are the terminal device, the reset service host, the wallet service host, and the exchange host, respectively, according to their respective preset sharing numbers, thresholds, The index value and the level value generate corresponding polynomials, and multiple polynomial values conforming to the shared number are calculated according to the differential J degree polynomial and all index values, where J is the level value. Then, the terminal device, the reset service host, the wallet service host, and the exchange host perform secure multi-party operations to exchange the polynomial values calculated by each, and respectively generate corresponding shared units with different levels according to the exchange results.

特別要說明的是,在實際實施上,終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆為區塊鏈網路的節點,各節點分別為具有網路功能的計算機裝置,如:個人電腦、筆記型電腦、平板電腦、智慧型手機、伺服器等等,而且每一節點在持有識別碼後,開始發起點對點(Peer to Peer, P2P)連線。另外,前面提及可實現HSS及TSS,兩者的差異在於前者的共享單元具有不同的等級(或稱為階層),而後者的共享單元則無。以HSS為例,假設產生五個共享單元,這五個共享單元的配置方式,可以在錢包服務主機130配置一個高階的共享單元、在重設服務主機120配置二個高階的共享單元、在交易所主機140配置一個低階的共享單元,以及在終端裝置110配置一個低階的共享單元。如果是在TSS的情況下,則終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆各自配置相同等級的共享單元。In particular, in actual implementation, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 are all nodes of the blockchain network, and each node is a computer with network functions. Devices, such as: personal computers, laptops, tablets, smart phones, servers, etc., and each node starts to initiate a peer-to-peer (P2P) connection after holding an identification code. In addition, the aforementioned can realize HSS and TSS, the difference between the two is that the shared unit of the former has different levels (or called hierarchy), while the shared unit of the latter does not. Taking HSS as an example, assuming that five shared units are generated, the configuration of these five shared units can be configured to configure a high-level shared unit in the wallet service host 130, and configure two high-level shared units in the reset service host 120. The host 140 is configured with a low-level sharing unit, and the terminal device 110 is configured with a low-level sharing unit. In the case of TSS, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 are each configured with the same level of sharing units.

請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明具多重簽章的錢包服務方法之方法流程圖,應用在由多個節點組成的區塊鏈網路中,其步驟包括:在區塊鏈網路中,提供具有安全點對點連線功能的終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140,用以分別作為節點其中之一(步驟210);於初始時,終端裝置110傳送地址生成請求至交易所主機140,使交易所主機140產生第一識別碼且回傳至終端裝置110,以及交易所主機140傳送包含第一識別碼的地址生成請求至錢包服務主機130,使錢包服務主機130傳送包含第一識別碼的地址生成請求至重設服務主機120(步驟220);終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆獲得第一識別碼之後,相互建立安全點對點連線,並且執行相同的秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與基點及相應的插值係數相乘再相互加總以生成對應共享單元的公鑰,其中,N為正整數(步驟230);當終端裝置110欲進行區塊鏈交易時,此終端裝置110傳送交易請求至交易所主機140,使交易所主機140產生相應的第二識別碼,以及將交易請求中的待簽章資料進行編碼,並且將產生的第二識別碼與編碼後的待簽章資料一併帶入交易請求以傳送至終端裝置110及錢包服務主機130(步驟240);終端裝置110、錢包服務主機130及交易所主機140皆獲得第二識別碼及編碼後的待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出簽章,以及由錢包服務主機130廣播此簽章以完成對待簽章資料的簽署(步驟250);當終端裝置110欲重設共享單元時,此終端裝置110傳送重設請求至交易所主機140,使交易所主機140產生第三識別碼並回傳給終端裝置110,以及使交易所主機140傳送包含第三識別碼的重設請求至錢包服務主機130,再由錢包服務主機130傳送包含第三識別碼的重設請求至重設服務主機120(步驟260);終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140皆獲得第三識別碼之後,相互建立安全點對點連線,並且執行重設共享單元的安全多方運算,使終端裝置110重新生成新的共享單元以取代原本在終端裝置110的共享單元(步驟270)。透過上述步驟,即可透過提供終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140,執行秘密共享演算法以生成共享單元,以便在交易時,執行安全多方運算計算出簽章以完成交易簽署,並且允許重設共享單元,在重設前後均能夠使用相同私鑰的前提下,重新生成新的共享單元以取代原本的共享單元。Please refer to "Figure 2A" and "Figure 2B". "Figure 2A" and "Figure 2B" are the method flowcharts of the multi-signature wallet service method of the present invention, which is applied in an area composed of multiple nodes. In the block chain network, the steps include: in the block chain network, a terminal device 110 with a secure point-to-point connection function, a reset service host 120, a wallet service host 130, and an exchange host 140 are provided to serve as One of the nodes (step 210); at the beginning, the terminal device 110 sends an address generation request to the exchange host 140 so that the exchange host 140 generates a first identification code and sends it back to the terminal device 110, and the exchange host 140 sends The address generation request containing the first identification code is sent to the wallet service host 130, so that the wallet service host 130 transmits the address generation request containing the first identification code to the reset service host 120 (step 220); the terminal device 110, the reset service host 120 After both the wallet service host 130 and the exchange host 140 obtain the first identification code, they establish a secure point-to-point connection with each other, and execute the same secret sharing algorithm and exchange calculation results to generate corresponding N sharing units, and Multiply each shared unit with the base point and the corresponding interpolation coefficient and then add them together to generate the public key of the corresponding shared unit, where N is a positive integer (step 230); when the terminal device 110 wants to perform a blockchain transaction, The terminal device 110 transmits a transaction request to the exchange host 140, so that the exchange host 140 generates a corresponding second identification code, encodes the data to be signed in the transaction request, and combines the generated second identification code with the encoded data The data to be signed is brought into the transaction request and sent to the terminal device 110 and the wallet service host 130 (step 240); the terminal device 110, the wallet service host 130 and the exchange host 140 all obtain the second identification code and the encoded After the data to be signed, a secure point-to-point connection is established to perform secure multi-party calculations to calculate the signature, and the wallet service host 130 broadcasts the signature to complete the signing of the data to be signed (step 250); When the device 110 wants to reset the shared unit, the terminal device 110 sends a reset request to the exchange host 140 so that the exchange host 140 generates a third identification code and sends it back to the terminal device 110, and causes the exchange host 140 to send a third identification code containing the The reset request of the three identification codes is sent to the wallet service host 130, and the wallet service host 130 transmits the reset request containing the third identification code to the reset service host 120 (step 260); the terminal device 110, the reset service host 120, After both the wallet service host 130 and the exchange host 140 obtain the third identification code, they establish a secure point-to-point connection with each other, and perform a secure multi-party operation to reset the shared unit, so that the terminal device 110 regenerates a new shared unit to replace the original terminal The sharing unit of the device 110 (step 270). Through the above steps, by providing the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140, a secret sharing algorithm can be executed to generate a shared unit, so that a secure multi-party calculation can be performed during transactions. Zhang Yi completes the transaction signing and allows the shared unit to be reset. On the premise that the same private key can be used before and after the reset, a new shared unit is regenerated to replace the original shared unit.

以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明產生共享單元之示意圖。當終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140在執行秘密共享演算法(如:JRSS)時,這四方會各自選擇至少一個隨機多項式,舉例來說,終端裝置110可選擇一個隨機多項式「d1」、重設服務主機120可選擇二個隨機多項式「d2」、「d3」、錢包服務主機130可選擇一個隨機多項式「d4」、交易所主機140可選擇一個隨機多項式「d5」,這五個隨機多項式「d1」至「d5」如「第3圖」所示意,其中,常數項為各方選擇的隨機整數(或稱為「密文(Secret)」)。接著,每一方分別將各方的索引值(例如:終端裝置110的索引值可為數值1、重設服務主機120的索引值可為數值2及數值3、錢包服務主機130的索引值可為數值4、交易所主機140的索引值可為數值5)帶入各自選擇的隨機多項式進行計算,例如,終端裝置110將數值1至數值5帶入隨機多項式「d1」計算出5個計算結果(即:「d1(1)」、「d1(2)」、「d1(3)」、「d1(4)」及「d1(5)」),重設服務主機120同樣將數值1至數值5帶入隨機多項式「d2」計算出5個計算結果(即:「d2(1)」、「d2(2)」、「d2(3)」、「d2(4)」及「d2(5)」),以及將數值1至數值5帶入隨機多項式「d3」計算出5個計算結果(即:「d3(1)」、「d3(2)」、「d3(3)」、「d3(4)」及「d3(5)」),錢包服務主機130將數值1至數值5帶入隨機多項式「d4」計算出5個計算結果(即:「d4(1)」、「d4(2)」、「d4(3)」、「d4(4)」及「d4(5)」),交易所主機140同樣將數值1至數值5帶入隨機多項式「d5」計算出5個計算結果(即:「d5(1)」、「d5(2)」、「d5(3)」、「d5(4)」及「d5(5)」),如此一來,總共可以計算出25個計算結果,然後,每一方相互交換訊息,也就是說,這四方各自將帶入數值1的計算結果(即:「d1(1)」、「d2(1)」、「d3(1)」、「d4(1)」及「d5(1)」),提供給具有索引值「1」的一方加總以得到相應的共享單元「Sd1」(即:「Sd1=d1(1)+d2(1)+d3(1)+d4(1)+d5(1)」)、將帶入數值2的計算結果(即:「d1(2)」、「d2(2)」、「d3(2)」、「d4(2)」及「d5(2)」),提供給具有索引值「2」的一方加總以得到相應的共享單元「Sd2」(即:「Sd2=d1(2)+d2(2)+d3(2)+d4(2)+d5(2)」),並且以此類推,將帶入數值5的計算結果(即:「d1(5)」、「d2(5)」、「d3(5)」、「d4(5)」及「d5(5)」),提供給具有索引值「5」的一方加總以得到相應的共享單元「Sd5」(即:「Sd5=d1(5)+d2(5)+d3(5)+d4(5)+d5(5)」),使每一方經過MPC計算及交換訊息後,如「第3圖」所示意,各自得到相應的共享單元(終端裝置110得到共享單元「Sd1」、重設服務主機120得到共享單元「Sd2」及「Sd3」,錢包服務主機130得到共享單元「Sd4」,交易所主機140得到共享單元「Sd5」。特別要說明的是,這五個共享單元若使用拉格朗日插值法(即:伯克霍夫插值法的特例)可以計算出如「第3圖」所示意的多項式300「39x^4+45x^3+54^2+74x+56」,其中,將數值0帶入x所計算出的解為數值56(即:私鑰「d」),然而,此處將私鑰「d」計算出來只是為了方便說明及驗證此數值的確是上述五個隨機多項式的常數項之總和(即:「d=d1(0)+d2(0)+d3(0)+d4(0)+d5(0)」),在實際應用上不會將此數值計算出來,因為在具有「d*r」的簽章計算式子中,如:「s=k(e+d*r)」,如果能夠直接得知「k(e+d*r)」的數值,那麼便不需要再實際計算出私鑰「d」。另外,這五個共享單元「Sd1」至「Sd5」分別與基點「G」和相應的插值係數,如:拉格朗日係數「L1」至「L5」相乘後,再相互加總可得到公鑰「Q」,即:「Q= L1*Sd1*G+ L2*Sd2*G+ L3*Sd3*G+ L4*Sd4*G+ L5*Sd5*G」,此公鑰「Q」經雜湊及編碼處理後即成為帳戶地址。The following description will be given in conjunction with "Figure 3" and "Figure 4" by way of embodiment. Please refer to "Figure 3" first. "Figure 3" is a schematic diagram of applying the present invention to generate shared units. When the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 are executing a secret sharing algorithm (such as JRSS), the four parties will each select at least one random polynomial. For example, the terminal device 110 A random polynomial "d1" can be selected, the reset service host 120 can choose two random polynomials "d2" and "d3", the wallet service host 130 can choose a random polynomial "d4", and the exchange host 140 can choose a random polynomial "D5", these five random polynomials "d1" to "d5" are as shown in "Figure 3", where the constant term is a random integer selected by all parties (or called "Secret"). Then, each party separately sets the index value of each party (for example, the index value of the terminal device 110 can be a value 1, the index value of the reset service host 120 can be a value 2 and a value 3, and the index value of the wallet service host 130 can be Value 4. The index value of the exchange host 140 can be a value of 5.) Bring in the random polynomial of your choice for calculation. For example, the terminal device 110 brings the value 1 to 5 into the random polynomial "d1" to calculate 5 calculation results ( Namely: "d1(1)", "d1(2)", "d1(3)", "d1(4)" and "d1(5)"), resetting the service host 120 will also set the value from 1 to 5 Bring in the random polynomial "d2" to calculate 5 calculation results (ie: "d2(1)", "d2(2)", "d2(3)", "d2(4)" and "d2(5)" ), and take the values 1 to 5 into the random polynomial "d3" to calculate 5 calculation results (ie: "d3(1)", "d3(2)", "d3(3)", "d3(4 )” and “d3(5)”), the wallet service host 130 takes the value 1 to 5 into the random polynomial “d4” to calculate 5 calculation results (ie: “d4(1)”, “d4(2)” , "D4(3)", "d4(4)" and "d4(5)"), the exchange host 140 also takes the values 1 to 5 into the random polynomial "d5" to calculate 5 calculation results (ie: "D5(1)", "d5(2)", "d5(3)", "d5(4)" and "d5(5)"), in this way, a total of 25 calculation results can be calculated, and then , Each party exchanges messages with each other, that is, the four parties will each bring in the calculation result of the value 1 (ie: "d1(1)", "d2(1)", "d3(1)", "d4(1) )” and “d5(1)”), which are provided to the party with the index value “1” to sum to obtain the corresponding shared unit “Sd1” (ie: “Sd1=d1(1)+d2(1)+d3( 1)+d4(1)+d5(1)”), the calculation result of the value 2 will be added (ie: “d1(2)”, “d2(2)”, “d3(2)”, “d4( 2)” and “d5(2)”), which are provided to the party with the index value “2” to sum to obtain the corresponding shared unit “Sd2” (ie: “Sd2=d1(2)+d2(2)+d3 (2)+d4(2)+d5(2)”), and so on, will bring the calculation result of the value 5 (ie: “d1(5)”, “d2(5)”, “d3(5 )”, “d4(5)” and “d5(5)”), which are provided to the party with the index value “5” to sum to obtain the corresponding shared unit “Sd5” (ie: “Sd5=d1(5)+ d2(5)+d3(5)+d4(5)+d5(5)”), so that after MPC calculation and exchange of messages by each party, as shown in "Figure 3", each party will get the corresponding shared unit (terminal Device 110 gets the shared unit "Sd1 ", the reset service host 120 obtains the shared unit "Sd2" and "Sd3", the wallet service host 130 obtains the shared unit "Sd4", and the exchange host 140 obtains the shared unit "Sd5". In particular, if these five shared units use Lagrangian interpolation (that is, a special case of Burkhoff interpolation), the polynomial 300 "39x^4+" as shown in "Figure 3" can be calculated. 45x^3+54^2+74x+56", the solution calculated by bringing the value 0 into x is the value 56 (ie: the private key "d"), however, the private key "d" is calculated here It is only for the convenience of explanation and verification that this value is indeed the sum of the constant terms of the above five random polynomials (ie: "d=d1(0)+d2(0)+d3(0)+d4(0)+d5(0) )”), this value will not be calculated in practical applications, because in the signature calculation formula with “d*r”, such as: “s=k(e+d*r)”, if you can directly Knowing the value of "k(e+d*r)", then there is no need to actually calculate the private key "d". In addition, these five shared units "Sd1" to "Sd5" are respectively multiplied by the base point "G" and the corresponding interpolation coefficients, such as: Lagrangian coefficients "L1" to "L5" are multiplied, and then added together to get The public key "Q", ie: "Q= L1*Sd1*G+ L2*Sd2*G+ L3*Sd3*G+ L4*Sd4*G+ L5*Sd5*G", this public key "Q" is hashed and encoded It becomes the account address.

以上是TSS的情況,假設是HSS的情況,也就是要使共享單元有等級區分時,則需要對多項式進行微分再取值。舉例來說,終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140分別根據各自預設的共享數量、門檻值、索引值及層級值產生相應的多項式,並且根據微分J次的多項式及所有索引值計算出符合共享數量的多個多項式值,其中,J為層級值。接著,終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140執行安全多方運算,用以交換各自計算出的多項式值,並且根據交換結果各自生成對應且具有不同等級的共享單元。這些共享單元可以在得知多項式的形式(Basis)、索引值、層級值的前提下,透過伯克霍夫插值法計算出滿足所有條件的多項式「f(x)」,而多項式中的常數項即代表密文。同樣地,基於安全的考量,實際上並不會將密文計算出來,而是直接使用共享單元進行簽章的計算,其與直接使用密文計算簽章的方式能夠獲得相同的結果。舉例來說,假設索引值為「1」的一方,如:終端裝置110,其預設的層級值為數值「0」、共享數量為數值「5」、門檻值為數值「3」,在生成共享單元時,將根據預設的係數陣列、多項式的形式(如:「{1, x, x^2}」)及層級值隨機生成多項式「f」,如:「x^2+2x+3」,其中,多項式的形式會隨著門檻值不同而有所改變,以門檻值等於數值「4」為例,其多項式的形式為「{1, x, x^2, x^3}」,也就是說,當門檻值為「t」時,在多項式的形式中,「x」的最高次數為「t - 1」。接著,令「di^j(x)」為一個微分「j」次的多項式,且「di^j(i)」為此多項式取值在「x = i」的點,其中,「i」代表索引值為「i」的私鑰共享單元的持有者(所述持有者可能是伺服端或客戶端的硬體錢包裝置)、「j」代表微分的次數,同時也是所述的層級值,「j」的數值越大代表多項式的微分次數越多,所生成的私鑰共享單元的層級(或稱為等級)越低。假設所有索引值為數值「1」至「5」且帶入多項式的「x」以及層級值分別為「j1」至「j5」,對於索引值為「i’」的裝置分別計算出相應的五個多項式值(即:「di’^j1(1)」至「di’^j5(5)」),那麼,將如同TSS,將帶入數值「2」所計算出來的多項式值「di’^j2(2)」傳送至索引值為「2」的一方、將帶入數值「3」所計算出來的多項式值「di’^j3(3)」傳送至索引值為「3」的一方,並以此類推,將帶入數值「5」所計算出來的多項式值「di’^j5(5)」傳送至索引值為「5」的一方。換句話說,執行安全多方運算會根據索引值將相應的多項式值傳送至相應的一方,所以索引值為「1」的一方,如:終端裝置110,除了擁有自己計算出的多項式值「d1^j1(1)」之外,還會接收到來自不同方根據自身的多項式帶入數值「1」所計算出的多項式值(即:「d2^j1(1)」、「d3^j1(1)」、「d4^j1(1)」及「d5^j1(1)」);索引值為「2」的一方,如:重設服務主機120,除了擁有自己計算出的多項式值「d2^j2(2)」之外,還會接收到來自不同方根據自身的多項式帶入數值「2」所計算出的多項式值(即:「d1^j2(2)」、「d3^j2(2)」、「d4^j2(2)」及「d5^j2(2)」),並以此類推。如此一來,各方(即:終端裝置110、重設服務主機120、錢包服務主機130及交易所主機140)便能夠根據這些多項式值進行加總以生成對應的共享單元,例如:索引值為「1」的一方加總多項式值「d1^j1(1)」、「d2^j1 (1)」、「d3^j1 (1)」、「d4^j1 (1)」及「d5^j1 (1)」,將獲得共享單元「Sd1」(即:「Sd1 = d1^j1 (1) + d2^j1 (1) + d3^j1 (1) + d4^j1 (1) + d5^j1 (1)」)、索引值為「2」的一方加總多項式值「d1^j2(2)」、「d2^j2 (2)」、「d3^j2 (2)」、「d4^j2 (2)」及「d5^j2 (2)」,將獲得共享單元「Sd2」(即:「Sd2 = d1^j2 (2) + d2^j2 (2) + d3^j2 (2) + d4^j2 (2) + d5^j2 (2)」),並以此類推,每一方皆獲得相應的共享單元。在實際實施上,每一方需交換各自的層級值「j」及共享單元的X座標以便計算伯克霍夫係數,以利後續計算簽章時使用。The above is the case of TSS, assuming it is the case of HSS, that is, to make the shared unit hierarchical, you need to differentiate the polynomial and then take the value. For example, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 respectively generate corresponding polynomials according to their preset sharing quantity, threshold value, index value, and level value, and according to the differential J degree The polynomial of and all index values are calculated to meet the shared number of polynomial values, where J is the level value. Then, the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140 perform secure multi-party operations to exchange the polynomial values calculated by each, and generate corresponding shared units with different levels according to the exchange results. . These shared units can calculate the polynomial "f(x)" that satisfies all the conditions through the Berkhof interpolation method on the premise of knowing the polynomial form (Basis), index value, and level value, and the constant term in the polynomial It stands for ciphertext. Similarly, based on security considerations, the ciphertext is not actually calculated, but the shared unit is directly used to calculate the signature, which can obtain the same result as the method of directly using the ciphertext to calculate the signature. For example, suppose the party whose index value is "1", such as the terminal device 110, whose default level value is the value "0", the number of shares is the value "5", and the threshold value is the value "3". When sharing the unit, a polynomial "f" will be randomly generated according to the preset coefficient array, polynomial form (such as: "{1, x, x^2}") and level value, such as: "x^2+2x+3 ", the form of the polynomial will change with the threshold value. Taking the threshold value equal to "4" as an example, the polynomial form is "{1, x, x^2, x^3}", In other words, when the threshold value is "t", in the polynomial form, the highest degree of "x" is "t-1". Next, let "di^j(x)" be a differential polynomial of degree "j", and "di^j(i)" this polynomial takes the value at the point "x = i", where "i" represents The holder of the private key sharing unit whose index value is "i" (the holder may be a hardware wallet device of the server or client), "j" represents the number of differentiations, and is also the level value, The larger the value of "j", the higher the degree of differentiation of the polynomial, and the lower the level (or called the level) of the generated private key sharing unit. Assuming that all the index values are from "1" to "5" and the polynomials "x" and the level values are "j1" to "j5", respectively, the corresponding five values are calculated for the devices with the index value "i". Polynomial values (ie: "di'^j1(1)" to "di'^j5(5)"), then, like TSS, the polynomial value "di'^ calculated by the value "2" will be added j2(2)” is sent to the party whose index value is “2”, and the polynomial value “di'^j3(3)” calculated with the value “3” is sent to the party whose index value is “3”, and By analogy, the polynomial value "di'^j5(5)" calculated with the value "5" is sent to the party whose index value is "5". In other words, the execution of a secure multi-party operation will send the corresponding polynomial value to the corresponding party according to the index value. Therefore, the party with the index value "1", such as the terminal device 110, has the polynomial value "d1^" calculated by itself. In addition to j1(1)", it will also receive polynomial values calculated by different parties from their own polynomials with the value "1" (ie: "d2^j1(1)", "d3^j1(1) ”, “d4^j1(1)” and “d5^j1(1)”); the party whose index value is “2”, such as resetting the service host 120, in addition to having the polynomial value “d2^j2” calculated by itself In addition to (2)", it will also receive the polynomial value calculated by the value "2" from different parties based on their own polynomial (ie: "d1^j2(2)", "d3^j2(2)" , "D4^j2(2)" and "d5^j2(2)"), and so on. In this way, all parties (ie: the terminal device 110, the reset service host 120, the wallet service host 130, and the exchange host 140) can sum up these polynomial values to generate the corresponding shared unit, for example: the index value The side of "1" sums up the polynomial values "d1^j1(1)", "d2^j1 (1)", "d3^j1 (1)", "d4^j1 (1)" and "d5^j1 ( 1)", the shared unit "Sd1" will be obtained (ie: "Sd1 = d1^j1 (1) + d2^j1 (1) + d3^j1 (1) + d4^j1 (1) + d5^j1 (1) )”), the party whose index value is “2” sums up the polynomial values “d1^j2(2)”, “d2^j2 (2)”, “d3^j2 (2)”, “d4^j2 (2) "" and "d5^j2 (2)" will get the shared unit "Sd2" (ie: "Sd2 = d1^j2 (2) + d2^j2 (2) + d3^j2 (2) + d4^j2 (2 ) + d5^j2 (2)”), and so on, each party gets the corresponding shared unit. In actual implementation, each party needs to exchange their own hierarchical value "j" and the X coordinate of the shared unit in order to calculate the Berkhof coefficient for subsequent use in calculating the signature.

如「第4圖」所示意,「第4圖」為應用本發明重設共享單元之示意圖。當終端裝置110欲重設共享單元時,將傳送重設請求至交易所主機140,使交易所主機140產生第三識別碼並回傳給終端裝置110,以及使交易所主機140傳送包含此第三識別碼的重設請求至錢包服務主機130,再由錢包服務主機130傳送包含此第三識別碼的重設請求至重設服務主機120。當這四方皆獲得第三識別碼之後,即可建立安全點對點連線,並且各自選擇至少一個多項式,所述多項式會隨著要替換的共享單元之數量而有所不同。以HSS為例,假設總共有n個共享單元,t為門檻值和「ji」為第i個共享單元對應的層級值,其中,1>=i>=n,倘若欲維持k個共享單元不變,其中,n、t、k及ji皆為正整數。假設維持不變的k個共享單元為1,…,k且t-k>2,那麼,多項式可先令為「x*f(x)」,此處的f(x)為次方t-2的多項式。根據限制條件「f^ji(i)=0, 0>i>k+1」可以利用線性代數解出f的係數限制條件。舉例來說,假設有五個共享單元,且門檻值為5,要維持其中二個共享單元不變索引值為1、2,且分別對應的層級值為2、1,其多項式可為「x*f(x)」且滿足限制條件「f^2(1)=0」和「f^1(2)=0」,可解出f(x)=a3x^3+a2x^2+a1x+a0的係數須滿足:「a1=0」、「a2=-3*a3」且「a0」和「a3」可為任意數字。在實際實施上,這四方所選擇的多項式可分別如「第4圖」所示意的「g1」至「g5」。接著,每一方分別將不同的索引值(例如:數值1至數值5)及分別對應的層級值(例如:數值j1至數值j5)帶入各自選擇的多項式進行計算,以「第3圖」的例子為例,終端裝置110會將數值1至數值5帶入多項式「g1」計算出5個計算結果(即:「g1^j1(1)」、「g1^j2(2)」、「g1^j3(3)」、「g1^j4(4)」及「g1^5(5)」),重設服務主機120會將數值1至數值5帶入多項式「g2」計算出5個計算結果(即:「g2^j1(1)」、「g2^j2(2)」、「g2^j3(3)」、「g2^j4(4)」及「g2^j5(5)」),以及將數值1至數值5帶入多項式「g3」計算出5個計算結果(即:「g3^j1(1)」、「g3^j2(2)」、「g3^j3(3)」、「g3^j4(4)」及「g3^j5(5)」),並且以此類推,交易所主機140會將數值1至數值5帶入多項式「g5」計算出5個計算結果(即:「g5^j1(1)」、「g5^j2(2)」、「g5^j3(3)」、「g5^j4(4)」及「g5^j5(5)」),總共可以計算出25個計算結果,然後,這四方相互交換訊息,也就是說,這四方各自將帶入數值1的計算結果(即:「g1^j1(1)」、「g2^j1(1)」、「g3^j1(1)」、「g4^j1(1)」及「g5^j(1)」),提供給終端裝置110加總以得到相應的多項式值加總,即:「Sg1」(計算式為「Sg1=g1^j1(1)+g2^j1(1)+g3^j1(1)+g4^j1(1)+g5^j1(1)」)、將帶入數值2及數值3的計算結果(即:「g1^j2(2)」、「g2^j2(2)」、「g3^j2(2)」、「g4^j2(2)」及「g5^j2(2)」;g1^j3(3)」、「g2^j3(3)」、「g3^j3(3)」、「g4^j3(3)」及「g5^j3(3)」),提供給重設服務主機120加總以得到相應的多項式值加總,即:「Sg2」與「Sg3」(計算式分別為「Sg2=g1^j2(2)+g2^j2(2)+g3^j2(2)+g4^j2(2)+g5^j2(2)」與「Sg3=g1^j3(3)+g2^j3(3)+g3^j3(3)+g4^j3(3)+g5^j3(3)」),並且以此類推,將帶入數值5的計算結果(即:「g1^j5(5)」、「g2^j5(5)」、「g3^j5(5)」、「g4^j5(5)」及「g5^j5(5)」),提供給交易所主機140加總以得到相應的多項式值加總,即:「Sg5」(計算式為「Sg5=g1^j5(5)+g2^j5(5)+g3^j5(5)+g4^j5(5)+g5^j5(5)」),使每一方經過MPC計算及交換訊息後,如「第4圖」所示意,各自得到相應的多項式值加總(終端裝置110得到多項式值加總「Sg1」、重設服務主機120得到多項式值加總「Sg2」及「Sg3」,並以此類推,交易所主機140得到多項式值加總「Sg5」)。接下來,將原共享單元替換為原共享單元與多項式值加總的總和以作為新的共享單元,以終端裝置110為例,新的共享單元「NSd1」等於原共享單元「Sd1」及多項式值加總「Sg1」的總和(即:NSd1=Sd1+Sg1)。如此一來, 使相應的二個新的共享單元「NSd1」及「NSd2」的值仍然會維持不變。特別要說明的是,這五個新的共享單元(即:「NSd1」至「NSd5」),若使用伯克霍夫插值法可以計算出如「第4圖」所示意的多項式400「137x^4-249x^3+54x^2+141x+56」,其中,將數值0帶入x所計算出的解仍然為數值56,這個數值與「第3圖」的共享單元使用伯克霍夫插值法所產生的多項式同樣將數值0帶入x的計算結果相同(即:以TSS生成的共享單元同樣可用伯克霍夫插值法計算出具有相同常數項的多項式,因為伯克霍夫插值法是更廣泛的方法,當所有的階層為0 時,伯克霍夫插值法等價於拉格朗日插值法),換句話說,即使已經替換為新的共享單元,簽章的計算結果仍然維持不變,等同使用同一把私鑰進行簽章。As shown in "Figure 4", "Figure 4" is a schematic diagram of resetting the shared unit by applying the present invention. When the terminal device 110 wants to reset the shared unit, it sends a reset request to the exchange host 140, causes the exchange host 140 to generate a third identification code and sends it back to the terminal device 110, and causes the exchange host 140 to send a third identification code containing this The reset request of the three identification code is sent to the wallet service host 130, and the wallet service host 130 transmits the reset request containing the third identification code to the reset service host 120. After all the four parties have obtained the third identification code, a secure point-to-point connection can be established, and at least one polynomial can be selected for each. The polynomial will vary with the number of shared units to be replaced. Take HSS as an example, suppose there are a total of n shared units, t is the threshold and "ji" is the level value corresponding to the i-th shared unit, where 1>=i>=n, if you want to maintain k shared units Change, where n, t, k and ji are all positive integers. Assuming that the k shared units that remain unchanged are 1,...,k and tk>2, then the polynomial can be set to "x*f(x)", where f(x) is the power of t-2 Polynomial. According to the restriction condition "f^ji(i)=0, 0>i>k+1", linear algebra can be used to solve the coefficient restriction condition of f. For example, suppose there are five shared units and the threshold value is 5. To maintain the constant index values of two of the shared units 1, 2, and the corresponding level values of 2, 1, the polynomial can be "x *f(x)" and meet the restriction conditions "f^2(1)=0" and "f^1(2)=0", f(x)=a3x^3+a2x^2+a1x+ The coefficient of a0 must satisfy: "a1=0", "a2=-3*a3" and "a0" and "a3" can be arbitrary numbers. In actual implementation, the polynomials selected by the four parties can be as shown in "Figure 4" as shown in "g1" to "g5". Then, each party takes a different index value (for example: value 1 to value 5) and the corresponding level value (for example: value j1 to value j5) into the polynomial of their choice for calculation. For example, the terminal device 110 will take the value 1 to the value 5 into the polynomial "g1" to calculate 5 calculation results (ie: "g1^j1(1)", "g1^j2(2)", "g1^ j3(3)", "g1^j4(4)" and "g1^5(5)"), resetting the service host 120 will bring the values 1 to 5 into the polynomial "g2" to calculate 5 calculation results ( Namely: "g2^j1(1)", "g2^j2(2)", "g2^j3(3)", "g2^j4(4)" and "g2^j5(5)"), and will Values 1 to 5 are brought into the polynomial "g3" to calculate 5 calculation results (ie: "g3^j1(1)", "g3^j2(2)", "g3^j3(3)", "g3^ j4(4)” and “g3^j5(5)”), and so on, the exchange host 140 will take the value 1 to 5 into the polynomial “g5” to calculate 5 calculation results (ie: “g5^ j1(1)", "g5^j2(2)", "g5^j3(3)", "g5^j4(4)" and "g5^j5(5)"), a total of 25 calculations can be calculated As a result, the four parties exchange messages with each other, that is, each of the four parties will bring in the calculation result of the value 1 (ie: "g1^j1(1)", "g2^j1(1)", "g3^j1 (1)", "g4^j1(1)" and "g5^j(1)"), which are provided to the terminal device 110 to sum to obtain the corresponding polynomial value sum, namely: "Sg1" (the calculation formula is " Sg1=g1^j1(1)+g2^j1(1)+g3^j1(1)+g4^j1(1)+g5^j1(1)”), will bring in the calculation results of the value 2 and the value 3 (Ie: "g1^j2(2)", "g2^j2(2)", "g3^j2(2)", "g4^j2(2)" and "g5^j2(2)"; g1^ j3(3)", "g2^j3(3)", "g3^j3(3)", "g4^j3(3)" and "g5^j3(3)"), provided to the reset service host 120 Sum to get the corresponding polynomial value, namely: "Sg2" and "Sg3" (the calculation formulas are "Sg2=g1^j2(2)+g2^j2(2)+g3^j2(2)+g4" ^j2(2)+g5^j2(2)'' and "Sg3=g1^j3(3)+g2^j3(3)+g3^j3(3)+g4^j3(3)+g5^j3(3 )”), and so on, will bring in the calculation result of the value 5 (ie: "g1^j5(5)", "g2^j5(5)", "g3^j5(5)", "g4^ j5(5)" and "g5^j5(5) ”), which is provided to the exchange host 140 for the summation to obtain the corresponding polynomial value summation, namely: "Sg5" (the calculation formula is "Sg5=g1^j5(5)+g2^j5(5)+g3^j5( 5)+g4^j5(5)+g5^j5(5)”), so that after MPC calculation and exchange of messages by each party, as shown in "Figure 4", each party obtains the sum of the corresponding polynomial values (terminal device 110 obtains the polynomial value addition "Sg1", resets the service host 120 to obtain the polynomial value addition "Sg2" and "Sg3", and so on, the exchange host 140 obtains the polynomial value addition "Sg5"). Next, replace the original shared unit with the sum of the original shared unit and the polynomial value as the new shared unit. Taking the terminal device 110 as an example, the new shared unit "NSd1" is equal to the original shared unit "Sd1" and the polynomial value Add the sum of "Sg1" (ie: NSd1=Sd1+Sg1). In this way, the values of the corresponding two new shared units "NSd1" and "NSd2" will remain unchanged. In particular, for these five new shared units (ie: "NSd1" to "NSd5"), if the Burkhof interpolation method is used, the polynomial 400 "137x^" as shown in "Figure 4" can be calculated. 4-249x^3+54x^2+141x+56", where the solution calculated by bringing the value 0 into x is still the value 56. This value and the shared unit of "Figure 3" use Berkhof interpolation The polynomial generated by the method also brings the value 0 into x. The calculation result is the same (that is: the shared unit generated by TSS can also be used to calculate the polynomial with the same constant term by the Burkhof interpolation method, because the Burkhof interpolation method is In a more general way, when all levels are 0, Burkhoff interpolation is equivalent to Lagrangian interpolation), in other words, even if it has been replaced with a new shared unit, the calculation result of the signature is still maintained No change, equivalent to using the same private key for signing.

綜上所述,可知本發明與先前技術之間的差異在於透過提供終端裝置、重設服務主機、錢包服務主機及交易所主機,執行秘密共享演算法以生成共享單元,以便在交易時,執行安全多方運算計算出簽章以完成交易簽署,並且允許重設共享單元,在重設前後均能夠使用出相同私鑰的前提下,重新生成新的共享單元以取代原本的共享單元,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高電子錢包的安全性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that by providing terminal devices, resetting service hosts, wallet service hosts, and exchange hosts, executing secret sharing algorithms to generate shared units for execution during transactions The secure multi-party operation calculates the signature to complete the transaction signing, and allows the shared unit to be reset. On the premise that the same private key can be used before and after the reset, a new shared unit is regenerated to replace the original shared unit. A technical method can solve the problems of the prior art, and then achieve the technical effect of improving the security of the electronic wallet.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Anyone familiar with similar art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be determined by the scope of the patent application attached to this specification.

110:終端裝置 120:重設服務主機 130:錢包服務主機 140:交易所主機 300、400:多項式 步驟210:在區塊鏈網路中,提供具有安全點對點連線功能的一終端裝置、一重設服務主機、一錢包服務主機及一交易所主機,用以分別作為節點其中之一 步驟220:於初始時,該終端裝置傳送一地址生成請求至該交易所主機,使該交易所主機產生一第一識別碼且回傳至該終端裝置,以及該交易所主機傳送包含該第一識別碼的該地址生成請求至該錢包服務主機,使該錢包服務主機傳送包含該第一識別碼的該地址生成請求至該重設服務主機 步驟230:該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第一識別碼之後,相互建立安全點對點連線,並且執行相同的一秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與一基點及相應的插值係數相乘再相互加總以生成對應所述共享單元的一公鑰,其中,N為正整數 步驟240:當該終端裝置欲進行區塊鏈交易時,該終端裝置傳送一交易請求至該交易所主機,使該交易所主機產生相應的一第二識別碼,以及將該交易請求中的一待簽章資料進行編碼,並且將產生的該第二識別碼與編碼後的該待簽章資料一併帶入該交易請求以傳送至該終端裝置及該錢包服務主機 步驟250:該終端裝置、該錢包服務主機及該交易所主機皆獲得該第二識別碼及編碼後的該待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出一簽章,以及由該錢包服務主機廣播該簽章以完成對該待簽章資料的簽署 步驟260:當該終端裝置欲重設所述共享單元時,該終端裝置傳送一重設請求至該交易所主機,使該交易所主機產生一第三識別碼並回傳給該終端裝置,以及使該交易所主機傳送包含該第三識別碼的該重設請求至該錢包服務主機,再由該錢包服務主機傳送包含該第三識別碼的該重設請求至該重設服務主機 步驟270:該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第三識別碼之後,相互建立安全點對點連線,並且執行重設所述共享單元的安全多方運算,使該終端裝置重新生成新的所述共享單元以取代原本在該終端裝置的所述共享單元110: terminal device 120: Reset service host 130: Wallet service host 140: Exchange host 300, 400: polynomial Step 210: Provide a terminal device with a secure point-to-point connection function, a reset service host, a wallet service host, and an exchange host in the blockchain network, each serving as one of the nodes Step 220: Initially, the terminal device transmits an address generation request to the exchange host, so that the exchange host generates a first identification code and sends it back to the terminal device, and the exchange host transmits the first identification code containing the first The address generation request of the identification code is sent to the wallet service host, so that the wallet service host transmits the address generation request including the first identification code to the reset service host Step 230: After the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the first identification code, they establish a secure point-to-point connection with each other, and execute the same secret sharing algorithm and exchange calculation As a result, it is used to generate corresponding N shared units, and multiply each shared unit with a base point and the corresponding interpolation coefficient and then add them together to generate a public key corresponding to the shared unit, where N is positive Integer Step 240: When the terminal device wants to perform a blockchain transaction, the terminal device transmits a transaction request to the exchange host, so that the exchange host generates a corresponding second identification code, and one of the transaction requests The data to be signed is encoded, and the generated second identification code and the encoded data to be signed are brought into the transaction request for transmission to the terminal device and the wallet service host Step 250: After the terminal device, the wallet service host, and the exchange host all obtain the second identification code and the encoded data to be signed, they establish a secure point-to-point connection with each other to perform secure multi-party operations to calculate A signature, and the signature is broadcast by the wallet service host to complete the signing of the data to be signed Step 260: When the terminal device wants to reset the sharing unit, the terminal device sends a reset request to the exchange host, so that the exchange host generates a third identification code and sends it back to the terminal device, and The exchange host transmits the reset request including the third identification code to the wallet service host, and the wallet service host transmits the reset request including the third identification code to the reset service host Step 270: After the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the third identification code, they establish a secure point-to-point connection with each other, and perform a secure multi-party operation to reset the shared unit , To make the terminal device regenerate the new sharing unit to replace the original sharing unit in the terminal device

第1圖為本發明具多重簽章的錢包服務系統之系統方塊圖。 第2A圖及第2B圖為本發明具多重簽章的錢包服務方法之方法流程圖。 第3圖為應用本發明產生共享單元之示意圖。 第4圖為應用本發明重設共享單元之示意圖。 Figure 1 is a system block diagram of the wallet service system with multiple signatures of the present invention. Fig. 2A and Fig. 2B are the method flowcharts of the multi-signature wallet service method of the present invention. Figure 3 is a schematic diagram of applying the present invention to generate shared units. Figure 4 is a schematic diagram of resetting the shared unit by applying the present invention.

110:終端裝置 110: terminal device

120:重設服務主機 120: Reset service host

130:錢包服務主機 130: Wallet service host

140:交易所主機 140: Exchange host

Claims (10)

一種具多重簽章的錢包服務系統,應用在由多個節點組成的一區塊鏈網路中,該系統包含: 一終端裝置,該終端裝置為該區塊鏈網路中的所述節點其中之一,用以於初始時,傳送一地址生成請求及接收一第一識別碼,在欲進行區塊鏈交易時,傳送一交易請求及接收一第二識別碼和編碼後的一待簽章資料,以及在欲進行重設時,傳送一重設請求及接收一第三識別碼; 一重設服務主機,該重設服務主機為該區塊鏈網路中的所述節點其中之一,用以在接收到包含該第一識別碼的該地址生成請求時,獲得該第一識別碼,以及在接收到包含該第三識別碼的該重設請求時,獲得該第三識別碼; 一錢包服務主機,該錢包服務主機為該區塊鏈網路中的所述節點其中之一,用以在接收到包含該第一識別碼的該地址生成請求時,獲得該第一識別碼,並且傳送包含該第一識別碼的該地址生成請求至該重設服務主機,當接收到包含該第二識別碼與編碼後的該待簽章資料的該交易請求時,獲得該第二識別碼與編碼後的該待簽章資料,以及在接收到包含該第三識別碼的該重設請求時,獲得該第三識別碼,並且傳送包含該第三識別碼的該重設請求至該重設服務主機;以及 一交易所主機,該交易所主機為該區塊鏈網路中的所述節點其中之一,用以自該終端裝置接收到該地址生成請求時,產生該第一識別碼且回傳給該終端裝置,並且傳送包含該第一識別碼的該地址生成請求至該錢包服務主機,自該終端裝置接收到該交易請求時,產生該第二識別碼且將該交易請求中的該待簽章資料進行編碼,再將產生的該第二識別碼與編碼後的該待簽章資料一併帶入該交易請求以傳送至該終端裝置及該錢包服務主機,以及自該終端裝置接收到該重設請求時,產生該第三識別碼且回傳給該終端裝置,並且傳送包含該第三識別碼的該重設請求至該錢包服務主機; 其中,該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第一識別碼之後,相互建立安全點對點連線,並且執行相同的一秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與一基點及相應的插值係數相乘再相互加總以生成對應所述共享單元的一公鑰,其中,N為正整數; 其中,該終端裝置、該錢包服務主機及該交易所主機皆獲得該第二識別碼及編碼後的該待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出一簽章,以及由該錢包服務主機廣播該簽章以完成對該待簽章資料的簽署;以及 其中,該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第三識別碼之後,相互建立安全點對點連線,並且執行重設所述共享單元的安全多方運算,使該終端裝置重新生成新的所述共享單元以取代原本在該終端裝置的所述共享單元。 A wallet service system with multiple signatures applied in a blockchain network composed of multiple nodes. The system includes: A terminal device, which is one of the nodes in the blockchain network, used to initially send an address generation request and receive a first identification code, when a blockchain transaction is desired , Send a transaction request and receive a second identification code and encoded data to be signed, and when resetting is desired, send a reset request and receive a third identification code; A reset service host, the reset service host being one of the nodes in the blockchain network, used to obtain the first identification code when the address generation request including the first identification code is received , And when the reset request containing the third identification code is received, the third identification code is obtained; A wallet service host, the wallet service host being one of the nodes in the blockchain network for obtaining the first identification code when the address generation request containing the first identification code is received, And send the address generation request containing the first identification code to the reset service host, and obtain the second identification code when the transaction request containing the second identification code and the encoded data to be signed is received And the encoded data to be signed, and when the reset request containing the third identification code is received, the third identification code is obtained, and the reset request containing the third identification code is sent to the reset Set up a service host; and An exchange host, the exchange host is one of the nodes in the blockchain network, used to generate the first identification code when receiving the address generation request from the terminal device and send it back to the Terminal device, and transmit the address generation request including the first identification code to the wallet service host, and when the transaction request is received from the terminal device, the second identification code is generated and the to-be-signed in the transaction request The data is encoded, and then the generated second identification code and the encoded data to be signed are brought into the transaction request to be transmitted to the terminal device and the wallet service host, and the data is received from the terminal device. When setting a request, generate the third identification code and send it back to the terminal device, and transmit the reset request containing the third identification code to the wallet service host; Wherein, after the terminal device, the reset service host, the wallet service host and the exchange host all obtain the first identification code, they establish a secure point-to-point connection with each other, and execute the same secret sharing algorithm and exchange calculation results , Used to respectively generate corresponding N shared units, and multiply each shared unit with a base point and corresponding interpolation coefficients and add them to each other to generate a public key corresponding to the shared unit, where N is a positive integer ; Wherein, after the terminal device, the wallet service host, and the exchange host all obtain the second identification code and the encoded data to be signed, they establish a secure point-to-point connection with each other to perform secure multi-party operations to calculate a Signature, and the wallet service host broadcasts the signature to complete the signing of the data to be signed; and Wherein, after the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the third identification code, they establish a secure point-to-point connection with each other, and perform a secure multi-party operation to reset the shared unit, Make the terminal device regenerate the new sharing unit to replace the original sharing unit in the terminal device. 根據申請專利範圍第1項之具多重簽章的錢包服務系統,其中該錢包服務主機預先儲存包含至少一第一目的地址的一黑名單,當該錢包服務主機接收到一區塊鏈交易且其目的位址在所述第一目的位址之中時,拒絕以該簽章簽署該區塊鏈交易,或是該錢包服務主機預先儲存包含至少一第二目的地址的一白名單,當該錢包服務主機接收到該區塊鏈交易且其目的位址在所述第二目的位址之中時,允許以該簽章簽署該區塊鏈交易。According to the multi-signature wallet service system of item 1 of the scope of patent application, the wallet service host pre-stores a blacklist containing at least one first destination address. When the wallet service host receives a blockchain transaction and its When the destination address is among the first destination addresses, refuse to sign the blockchain transaction with the signature, or the wallet service host pre-stores a white list containing at least one second destination address, when the wallet When the service host receives the blockchain transaction and its destination address is among the second destination addresses, it is allowed to sign the blockchain transaction with the signature. 根據申請專利範圍第1項之具多重簽章的錢包服務系統,其中該錢包服務主機允許透過該交易所主機設定一限制條件,用以限制數位貨幣在至少一時間範圍內的發送數量。According to the multi-signature wallet service system of the first item of the patent application, the wallet service host allows the exchange host to set a restriction condition to limit the amount of digital currency sent within at least a time range. 根據申請專利範圍第1項之具多重簽章的錢包服務系統,其中該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第三識別碼之後,允許該交易所主機、該錢包服務主機及該重設服務主機各自重新生成新的所述共享單元以取代原本各自的所述共享單元。The wallet service system with multiple signatures according to item 1 of the scope of patent application, in which the terminal device, the reset service host, the wallet service host and the exchange host all obtain the third identification code, allowing the exchange The host, the wallet service host, and the reset service host each regenerate a new shared unit to replace the original shared unit. 根據申請專利範圍第1項之具多重簽章的錢包服務系統,其中所述共享單元係由該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機分別根據各自預設的一共享數量、一門檻值、一索引值及一層級值產生相應的一多項式,並且根據微分J次的所述多項式及所有索引值計算出符合該共享數量的多個多項式值,以及執行安全多方運算以交換各自計算出的所述多項式值,並且根據交換結果各自生成對應且具有不同等級的所述共享單元,其中,J為該層級值。According to item 1 of the scope of patent application, the multi-signature wallet service system, wherein the sharing unit is composed of the terminal device, the reset service host, the wallet service host and the exchange host respectively according to a preset one The shared quantity, a threshold value, an index value, and a level value generate a corresponding polynomial, and calculate multiple polynomial values that meet the shared quantity according to the polynomial of degree J and all index values, and perform safe multi-party operations The polynomial values calculated by each are exchanged, and corresponding sharing units with different levels are generated according to the exchange results, where J is the level value. 一種具多重簽章的錢包服務方法,應用在由多個節點組成的一區塊鏈網路中,其步驟包括: 在該區塊鏈網路中,提供具有安全點對點連線功能的一終端裝置、一重設服務主機、一錢包服務主機及一交易所主機,用以分別作為所述節點其中之一; 於初始時,該終端裝置傳送一地址生成請求至該交易所主機,使該交易所主機產生一第一識別碼且回傳至該終端裝置,以及該交易所主機傳送包含該第一識別碼的該地址生成請求至該錢包服務主機,使該錢包服務主機傳送包含該第一識別碼的該地址生成請求至該重設服務主機; 該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第一識別碼之後,相互建立安全點對點連線,並且執行相同的一秘密共享演算法及交換計算結果,用以分別生成相應的N個共享單元,以及將每一共享單元與一基點及相應的插值係數相乘再相互加總以生成對應所述共享單元的一公鑰,其中,N為正整數; 當該終端裝置欲進行區塊鏈交易時,該終端裝置傳送一交易請求至該交易所主機,使該交易所主機產生相應的一第二識別碼,以及將該交易請求中的一待簽章資料進行編碼,並且將產生的該第二識別碼與編碼後的該待簽章資料一併帶入該交易請求以傳送至該終端裝置及該錢包服務主機; 該終端裝置、該錢包服務主機及該交易所主機皆獲得該第二識別碼及編碼後的該待簽章資料之後,相互建立安全點對點連線,用以執行安全多方運算以計算出一簽章,以及由該錢包服務主機廣播該簽章以完成對該待簽章資料的簽署; 當該終端裝置欲重設所述共享單元時,該終端裝置傳送一重設請求至該交易所主機,使該交易所主機產生一第三識別碼並回傳給該終端裝置,以及使該交易所主機傳送包含該第三識別碼的該重設請求至該錢包服務主機,再由該錢包服務主機傳送包含該第三識別碼的該重設請求至該重設服務主機;以及 該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第三識別碼之後,相互建立安全點對點連線,並且執行重設所述共享單元的安全多方運算,使該終端裝置重新生成新的所述共享單元以取代原本在該終端裝置的所述共享單元。 A wallet service method with multiple signatures, applied in a blockchain network composed of multiple nodes, and its steps include: In the blockchain network, a terminal device with a secure point-to-point connection function, a reset service host, a wallet service host, and an exchange host are provided to serve as one of the nodes; Initially, the terminal device transmits an address generation request to the exchange host, so that the exchange host generates a first identification code and sends it back to the terminal device, and the exchange host transmits an address containing the first identification code The address generation request to the wallet service host, so that the wallet service host transmits the address generation request including the first identification code to the reset service host; After the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the first identification code, they establish a secure point-to-point connection with each other, and execute the same secret sharing algorithm and exchange calculation results. To generate corresponding N shared units respectively, and multiply each shared unit with a base point and corresponding interpolation coefficient and then add them together to generate a public key corresponding to the shared unit, where N is a positive integer; When the terminal device wants to perform a blockchain transaction, the terminal device transmits a transaction request to the exchange host, so that the exchange host generates a corresponding second identification code, and a pending signature in the transaction request Data is encoded, and the generated second identification code and the encoded data to be signed are brought into the transaction request to be sent to the terminal device and the wallet service host; After the terminal device, the wallet service host, and the exchange host all obtain the second identification code and the encoded data to be signed, they establish a secure point-to-point connection with each other to perform secure multi-party operations to calculate a signature , And broadcast the signature by the wallet service host to complete the signature of the data to be signed; When the terminal device wants to reset the sharing unit, the terminal device sends a reset request to the exchange host, so that the exchange host generates a third identification code and sends it back to the terminal device, and makes the exchange host The host transmits the reset request including the third identification code to the wallet service host, and then the wallet service host transmits the reset request including the third identification code to the reset service host; and After the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the third identification code, they establish a secure point-to-point connection with each other, and perform a secure multi-party operation for resetting the sharing unit, so that the The terminal device regenerates the new sharing unit to replace the original sharing unit in the terminal device. 根據申請專利範圍第6項之具多重簽章的錢包服務方法,其中該錢包服務主機預先儲存包含至少一第一目的地址的一黑名單,當該錢包服務主機接收到一區塊鏈交易且其目的位址在所述第一目的位址之中時,拒絕以該簽章簽署該區塊鏈交易,或是該錢包服務主機預先儲存包含至少一第二目的地址的一白名單,當該錢包服務主機接收到該區塊鏈交易且其目的位址在所述第二目的位址之中時,允許以該簽章簽署該區塊鏈交易。According to the multi-signature wallet service method of item 6 of the scope of patent application, the wallet service host pre-stores a blacklist containing at least one first destination address. When the wallet service host receives a blockchain transaction and its When the destination address is among the first destination addresses, refuse to sign the blockchain transaction with the signature, or the wallet service host pre-stores a white list containing at least one second destination address, when the wallet When the service host receives the blockchain transaction and its destination address is among the second destination addresses, it is allowed to sign the blockchain transaction with the signature. 根據申請專利範圍第6項之具多重簽章的錢包服務方法,其中該錢包服務主機允許透過該交易所主機設定一限制條件,用以限制數位貨幣在至少一時間範圍內的發送數量。According to the multi-signature wallet service method according to item 6 of the scope of patent application, the wallet service host allows the exchange host to set a restriction condition to limit the amount of digital currency sent within at least a time range. 根據申請專利範圍第6項之具多重簽章的錢包服務方法,其中該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機皆獲得該第三識別碼之後,允許該交易所主機、該錢包服務主機及該重設服務主機各自重新生成新的所述共享單元以取代原本各自的所述共享單元。According to item 6 of the scope of patent application, the wallet service method with multiple signatures, wherein the terminal device, the reset service host, the wallet service host, and the exchange host all obtain the third identification code, then the exchange is allowed The host, the wallet service host, and the reset service host each regenerate a new shared unit to replace the original shared unit. 根據申請專利範圍第6項之具多重簽章的錢包服務方法,其中所述共享單元的生成步驟包含: 該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機分別根據各自預設的一共享數量、一門檻值、一索引值及一層級值產生相應的一多項式,並且根據微分J次的所述多項式及所有索引值計算出符合該共享數量的多個多項式值,其中,J為該層級值;以及 該終端裝置、該重設服務主機、該錢包服務主機及該交易所主機執行安全多方運算,用以交換各自計算出的所述多項式值,並且根據交換結果各自生成對應且具有不同等級的所述共享單元。 According to the multi-signature wallet service method according to item 6 of the scope of patent application, the steps of generating the sharing unit include: The terminal device, the reset service host, the wallet service host, and the exchange host respectively generate a corresponding polynomial according to a preset shared quantity, a threshold value, an index value, and a level value, and according to the differential J The polynomial of degree and all index values are calculated to meet the shared number of polynomial values, where J is the level value; and The terminal device, the reset service host, the wallet service host, and the exchange host perform secure multi-party operations to exchange the polynomial values calculated by each, and respectively generate corresponding and different levels of the polynomial values according to the exchange results Shared unit.
TW108144064A 2019-12-03 2019-12-03 Wallet service system with multi-signature and method thereof TWI710987B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108144064A TWI710987B (en) 2019-12-03 2019-12-03 Wallet service system with multi-signature and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108144064A TWI710987B (en) 2019-12-03 2019-12-03 Wallet service system with multi-signature and method thereof

Publications (2)

Publication Number Publication Date
TWI710987B true TWI710987B (en) 2020-11-21
TW202123119A TW202123119A (en) 2021-06-16

Family

ID=74202454

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108144064A TWI710987B (en) 2019-12-03 2019-12-03 Wallet service system with multi-signature and method thereof

Country Status (1)

Country Link
TW (1) TWI710987B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200427284A (en) * 2003-05-23 2004-12-01 Hsiang-Tsung Kung Personal authentication device and system and method thereof
TW200426599A (en) * 2002-12-31 2004-12-01 Ibm Method and system for consolidated sign-off in a heterogeneous federated environment
CN1705923A (en) * 2002-08-08 2005-12-07 新加坡南洋理工大学 Distributed processing in authentication
WO2013044175A1 (en) * 2011-09-23 2013-03-28 Visa International Service Association Consumer transaction leash control apparatuses, methods and systems
WO2013075071A1 (en) * 2011-11-18 2013-05-23 Ayman Hammad Mobile wallet store and service injection platform apparatuses, methods and systems
WO2014011691A1 (en) * 2012-07-09 2014-01-16 Visa International Service Association Multi-purpose virtual card transaction apparatuses, methods and systems

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1705923A (en) * 2002-08-08 2005-12-07 新加坡南洋理工大学 Distributed processing in authentication
TW200426599A (en) * 2002-12-31 2004-12-01 Ibm Method and system for consolidated sign-off in a heterogeneous federated environment
TW200427284A (en) * 2003-05-23 2004-12-01 Hsiang-Tsung Kung Personal authentication device and system and method thereof
WO2013044175A1 (en) * 2011-09-23 2013-03-28 Visa International Service Association Consumer transaction leash control apparatuses, methods and systems
WO2013075071A1 (en) * 2011-11-18 2013-05-23 Ayman Hammad Mobile wallet store and service injection platform apparatuses, methods and systems
WO2014011691A1 (en) * 2012-07-09 2014-01-16 Visa International Service Association Multi-purpose virtual card transaction apparatuses, methods and systems

Also Published As

Publication number Publication date
TW202123119A (en) 2021-06-16

Similar Documents

Publication Publication Date Title
TWI748853B (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
He et al. A pairing‐free certificateless authenticated key agreement protocol
JP4384728B2 (en) Key agreement and transport protocols using intrinsic signatures
US7363496B2 (en) Authenticated ID-based cryptosystem with no key escrow
JP2606419B2 (en) Cryptographic communication system and cryptographic communication method
JP3864249B2 (en) Cryptographic communication system, terminal device and server thereof
JP7492508B2 (en) Computer-implemented system and method for distributing shares of digitally signed data - Patents.com
CN111682938A (en) Three-party authenticatable key agreement method facing centralized mobile positioning system
JP2021523620A (en) Methods and systems for communicating secrets
JP2009526411A (en) Method of exchange between two parties interconnected by a device or network, signal transmission medium, and device (method and structure for challenge-response signatures and high performance secure Diffie-Hellman protocol)
JP7091322B2 (en) Composite digital signature
JP2023115331A (en) Method and system, executed by computer for acquiring data to be digital signatured
Sengupta et al. Message mapping and reverse mapping in elliptic curve cryptosystem
KR100989185B1 (en) A password authenticated key exchange method using the RSA
CN117155564A (en) Bidirectional encryption authentication system and method
Oualha et al. A security protocol for self-organizing data storage
TWI710987B (en) Wallet service system with multi-signature and method thereof
Harn et al. Conference key establishment protocol using a multivariate polynomial and its applications
Naher et al. Authentication of Diffie-Hellman protocol against man-in-the-middle attack using cryptographically secure CRC
Chhikara et al. Construction of elliptic curve cryptography‐based authentication protocol for internet of things
Meng et al. A secure and efficient on-line/off-line group key distribution protocol
CN116032470A (en) Data transmission system, method and device based on careless transmission protocol
Bene et al. Public Key Infrastructure in the Post-Quantum Era
Hwang et al. An enhanced authentication key exchange protocol
Mathews et al. QS-Auth: A Quantum-secure mutual authentication protocol based on PUF and Post-Quantum Signature for Heterogeneous Delay-Tolerant Networks