WO2019006849A1 - Method and system for electronic signature - Google Patents

Method and system for electronic signature Download PDF

Info

Publication number
WO2019006849A1
WO2019006849A1 PCT/CN2017/100685 CN2017100685W WO2019006849A1 WO 2019006849 A1 WO2019006849 A1 WO 2019006849A1 CN 2017100685 W CN2017100685 W CN 2017100685W WO 2019006849 A1 WO2019006849 A1 WO 2019006849A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
time
signature
user
published
Prior art date
Application number
PCT/CN2017/100685
Other languages
French (fr)
Chinese (zh)
Inventor
威廉 罗斯科安德鲁
陈邦道
Original Assignee
克洛斯比尔有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 克洛斯比尔有限公司 filed Critical 克洛斯比尔有限公司
Publication of WO2019006849A1 publication Critical patent/WO2019006849A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a method and system for an electronic signature. The method for an electronic signature comprises allocating a group of secret keys to each user; with regard to each of the secret keys, forming a correlation between the secret key, the publication time of the secret key and a user identifier of the user to which the secret key belongs; hashing the correlation to obtain a Hash value; publishing the Hash value, the publication time and the user identifier on public media before the publication time, wherein the public media can ensure information published thereon cannot be tampered with; and releasing the secret key when the publication time is reached. A quantum computation attack can be resisted by using the technical solution of the disclosure.

Description

用于电子签名的方法和系统Method and system for electronic signature
相关申请的交叉引用Cross-reference to related applications
本公开内容要求于2017年07月07日提交的发明名称为“用于电子签名的方法和装置”并且申请号为201710553168.9以及于2017年07月07日提交的发明名称为“密钥实现方法和装置”并且申请号为201710555503.9的中国专利申请的优先权,这两件专利申请的全部内容通过引用结合于此。The present disclosure claims the invention entitled "Method and Apparatus for Electronic Signature" filed on July 07, 2017, and the application number of which is filed on Jul. 07, 2017 and entitled "Key Implementation Method and The present application is hereby incorporated by reference in its entirety in its entirety in its entirety in the the the the the the the the the the the the
技术领域Technical field
本发明涉及电子签名技术领域,尤其涉及一种用于电子签名的方法和系统以及用于创建签名的方法和用于验证签名的方法。The present invention relates to the field of electronic signature technologies, and in particular, to a method and system for electronic signature, a method for creating a signature, and a method for verifying a signature.
背景技术Background technique
随着电子信息技术和网络技术的飞速发展,人们越来越多地通过网络来传递信息。为了保证网上传递的信息的真实性、有效性和完整性,通常对所传递的信息进行电子签名。电子签名的一种最为普遍和成熟的实现方式是数字签名技术。数字签名技术是依靠密钥加密技术来实现的。现有数字签名技术主要有非对称密码技术等等。目前广泛使用的是非对称密码技术。非对称密码技术采用了公钥和私钥对,利用了私钥在多项式时间内不易被破解的性质。然而量子计算机以及舒尔(Shor)算法的出现意味着此类方法的不可破解性质也并非安全。With the rapid development of electronic information technology and network technology, people are increasingly transmitting information through the network. In order to ensure the authenticity, validity and integrity of the information transmitted on the Internet, the information transmitted is usually electronically signed. One of the most common and mature implementations of electronic signatures is digital signature technology. Digital signature technology relies on key encryption technology. Existing digital signature technologies mainly include asymmetric cryptography and the like. Asymmetric cryptography is widely used at present. Asymmetric cryptography uses public and private key pairs, taking advantage of the fact that private keys are not easily cracked in polynomial time. However, the advent of quantum computers and the Shor algorithm means that the unbreakable nature of such methods is not secure.
现今人们已大量研究不易受量子计算攻击的签名模型和非对称密码术,但是收效甚微。其中基于格的密码术似乎最具有前景,但是目前还尚不成熟。Signature models and asymmetric cryptography that are not susceptible to quantum computing attacks have been studied a lot, but the results have been minimal. Among them, grid-based cryptography seems to be the most promising, but it is still immature.
因此,需要一种能够抗量子计算攻击的用于电子签名的手段。Therefore, there is a need for a means for electronic signatures that is resistant to quantum computing attacks.
发明内容Summary of the invention
鉴于上述技术问题,本公开内容提出了一种抗量子计算攻击的用于电子签名的方法和系统以及用于创建签名的方法和用于验证签名的方法。In view of the above technical problems, the present disclosure proposes a method and system for electronic signature against quantum computational attacks and a method for creating a signature and a method for verifying a signature.
在本发明的一个方面,提供了一种用于电子签名的方法,其包括为每个用户分配一组密钥;对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;对所述对应关系求哈希得到哈希值;在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在公共媒体上,其中所述公共媒体能够确保公布在其上的信息不可篡改;以及在到达所述公布时间时,释放所述密钥。In one aspect of the invention, a method for electronic signature is provided, comprising: assigning each user a set of keys; for each key, forming the key, the time at which the key was published, and Corresponding relationship between user identifiers of users to which the key belongs; hashing the correspondence to obtain a hash value; before the publishing time, the hash value, the publishing time, and the user identifier Published on public media, wherein the public media can ensure that the information published thereon is not tamperable; and upon receipt of the publication time, the key is released.
在一些实施方式中,所述公共媒体可以为区块链。In some embodiments, the public medium can be a blockchain.
在一些实施方式中,所述公共媒体可以为带有时间戳的由可信第三方操作的公告牌。 In some embodiments, the public medium may be a time stamped bulletin board operated by a trusted third party.
在一些实施方式中,所述公共媒体可以为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。In some embodiments, the public medium can be a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users.
在一些实施方式中,公布在所述公共媒体上的所述哈希值、所述公布时间以及所述用户标识可以以数据块的形式存放,并且这些数据块具有单调递增的时间戳。In some embodiments, the hash value published on the public medium, the publication time, and the user identification may be stored in the form of data blocks, and the data blocks have a monotonically increasing timestamp.
在一些实施方式中,用于电子签名的方法还可以包括由所述用户使用未到公布时间的密钥对数据进行签名并将所得的签名放在所述公共媒体上。In some embodiments, the method for electronic signatures can also include signing the data by the user using a key that has not expired and placing the resulting signature on the public medium.
在一些实施方式中,用于电子签名的方法还可以包括为所述一组密钥中的每一个密钥赋予时间为0的时间戳;以及为所述用户创建另一组密钥。In some embodiments, the method for electronically signing can also include assigning a timestamp of time 0 to each of the set of keys; and creating another set of keys for the user.
在一些实施方式中,所述为所述用户创建另一组密钥可以包括:将未来的一个有限时间段分成若干连续的子有限时间段;以及针对每一个子有限时间段,创建公布时间要在其内的密钥。In some embodiments, the creating another set of keys for the user may include dividing a future limited time period into a number of consecutive sub-finite time periods; and creating an announcement time for each sub-limited time period The key within it.
在一些实施方式中,所述针对每一个子有限时间段,创建公布时间要在其内的密钥可以进一步包括:在存在至少一个未到公布时间的密钥时,创建公布时间在所述子有限时间段的下一个子有限时间段内的密钥。In some embodiments, the creating a key to which the publication time is to be made for each sub-finite period of time may further include: creating a publication time in the sub-state when there is at least one key that has not expired The key within the next sub-limited time period of the finite time period.
在一些实施方式中,所述为所述用户创建另一组密钥可以包括:在时间r-1创建要在时间r+1,r+2,…,r+2s-1公布的密钥,其中r为当前时间,s为对log2 r取整。In some embodiments, the creating another set of keys for the user may include creating a key to be published at time r+1, r+2, ..., r+2 s-1 at time r-1 , where r is the current time and s is rounded to log 2 r.
在一些实施方式中,所述为所述用户创建另一组密钥还包括用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;以及将所得的签名放在所述公共媒体上用于保持密钥的空间。In some embodiments, the creating another set of keys for the user further comprises signing the newly created key with a key of the user that has not yet reached the publication time; and placing the resulting signature in the The space used to maintain the key on public media.
在一些实施方式中,用于电子签名的方法还可以包括将所述公共媒体中用于保持密钥的空间划分成第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取;并且将所得的签名放在所述公共媒体上用于保持密钥的空间可以进一步包括将所得到的签名写入所述第二部分中以及在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。In some embodiments, the method for electronically signing can further include dividing a space in the public medium for holding a key into a first portion and a second portion, wherein the first portion is for storing the verified key And signature and the user is only readable and not writable, the second part is for storing unauthenticated keys and signatures and the user is only writable and readable; and the resulting signature is placed in the public The space on the medium for maintaining the key may further comprise writing the obtained signature into the second portion and transferring the resulting signature from the second portion to the first portion after the resulting signature is verified For the user to read.
在一些实施方式中,所述为所述用户创建另一组密钥还可以包括由可信第三方对新创建的密钥进行认证。In some embodiments, the creating another set of keys for the user may also include authenticating the newly created key by a trusted third party.
在本发明的另一方面,提供了一种用于电子签名的系统,其包括公共媒体、可信第三方和初始化器,其中:所述公共媒体被配置用于确保公布在其上的信息不可篡改;所述可信第三方被配置用于对所述初始化器进行认证;以及所述初始化器被配置用于:为每个用户分配一组密钥;对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;对所述对应关系求哈希得到哈希值;以及在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在所述公共媒体上。In another aspect of the invention, a system for electronic signature is provided, comprising a public medium, a trusted third party, and an initializer, wherein: the public medium is configured to ensure that information published thereon is not available Tampering; the trusted third party is configured to authenticate the initializer; and the initializer is configured to: assign each user a set of keys; for each key, form the secret Corresponding relationship between the key, the publication time of the key, and the user identifier of the user to which the key belongs; seeking a hash for the correspondence to obtain a hash value; and prior to the publication time, the hash The value, the published time, and the user identification are posted on the public media.
在一些实施方式中,所述公共媒体可以为区块链。In some embodiments, the public medium can be a blockchain.
在一些实施方式中,所述公共媒体可以为带有时间戳的由所述可信第三方操作的公告牌。 In some embodiments, the public medium may be a time stamped bulletin board operated by the trusted third party.
在一些实施方式中,所述公共媒体为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。In some embodiments, the public medium is a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users.
在一些实施方式中,公布在所述公共媒体上的所述哈希值、所述公布时间以及所述用户标识可以以数据块的形式存放,并且这些数据块具有单调递增的时间戳。In some embodiments, the hash value published on the public medium, the publication time, and the user identification may be stored in the form of data blocks, and the data blocks have a monotonically increasing timestamp.
在一些实施方式中,所述公共媒体可以进一步被配置用于存放由所述用户使用未到公布时间的密钥对数据进行的签名以及在到达所述公布时间时释放的密钥。In some embodiments, the public medium may be further configured to store a signature of the key pair data used by the user using the unpublished time and a key released upon arrival of the publication time.
在一些实施方式中,所述初始化器还可以被配置用于为每一个密钥赋予时间为0的时间戳,并且所述系统还可以包括密钥创建模块,所述密钥创建模块被配置用于为所述用户创建另一组密钥。In some embodiments, the initializer may be further configured to assign a timestamp of time 0 to each key, and the system may further include a key creation module configured to be configured Create another set of keys for the user.
在一些实施方式中,所述密钥创建模块可以包括划分模块,其被配置用于将未来的一个有限时间段分成若干连续的子有限时间段;以及第一子创建模块,其被配置用于针对每一个子有限时间段,创建公布时间要在其内的密钥。In some embodiments, the key creation module can include a partitioning module configured to divide a future limited time period into a number of consecutive sub-finite time periods; and a first sub-creation module configured to For each sub-limited time period, create a key within which the publication time is to be made.
在一些实施方式中,所述第一子创建模块可以进一步被配置用于在存在至少一个未到公布时间的密钥时,创建公布时间在所述子有限时间段的下一个子有限时间段内的密钥。In some embodiments, the first sub-creation module may be further configured to create a publication time within a next sub-limited time period of the sub-finite time period when there is at least one key that has not expired. Key.
在一些实施方式中,所述密钥创建模块可以包括第二子创建模块,所述第二子创建模块被配置用于在r-1时间创建要在r+1,r+2,…,r+2s-1时间公布的密钥,其中r为当前时间,s为对log2 r取整。In some embodiments, the key creation module can include a second sub-creation module configured to create at r-1, r+2,...,r at r-1 time +2 s-1 time published key, where r is the current time and s is rounded to log 2 r.
在一些实施方式中,所述密钥创建模块还可以包括签名模块,其被配置用于用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;和放置模块,其被配置用于将所得的签名放在所述公共媒体上用于保持密钥的空间。In some embodiments, the key creation module may further include a signature module configured to sign the newly created key with a key of the user that has not yet reached the publication time; and a placement module that is A space is provided for placing the resulting signature on the public medium for holding keys.
在一些实施方式中,所述公共媒体中用于保持密钥的空间可以被划分成第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取;并且所述放置模块可以包括写入模块,其被配置用于将所得的签名写入所述第二部分中;以及转放模块,其被配置用于在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。In some embodiments, the space in the public medium for holding a key may be divided into a first part and a second part, wherein the first part is for storing the verified key and signature and the user is only readable Not writable, the second portion is for storing unverified keys and signatures and the user is only writable and readable; and the placement module can include a write module configured to a signature written in the second portion; and a transfer module configured to transfer the resulting signature from the second portion to the first portion for reading by the user after the resulting signature is verified .
在一些实施方式中,所述签名模块可以进一步被配置用于由可信第三方对新创建的密钥进行认证。In some embodiments, the signature module can be further configured to authenticate the newly created key by a trusted third party.
在本发明的又一方面,提供了一种用于创建签名的方法,其包括用户从其密钥集中选择一个尚未到公布时间t的密钥;使用所选择的密钥对数据进行签名;以及在时间t’将所得的签名放到公共媒体上,其中t’<t,并且所述公共媒体能够确保公布在其上的信息不可篡改。In yet another aspect of the present invention, a method for creating a signature is provided, the method comprising a user selecting a key from a set of keys thereof that has not yet reached a publication time t; signing the data using the selected key; The resulting signature is placed on public media at time t', where t' < t, and the public media can ensure that the information published thereon cannot be tampered with.
在一些实施方式中,所述使用所选择的密钥对数据进行签名可以进一步包括形成hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥。In some embodiments, the signing the data using the selected key may further comprise forming a hash (X, A, k), wherein X represents the data, A represents a user identification of the user, and k represents The selected key.
在一些实施方式中,所述使用所选择的密钥对数据进行签名可以进一步包括形成hash(A,k,X),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥。In some embodiments, the signing the data using the selected key may further comprise forming a hash (A, k, X), wherein X represents the data, A represents a user identification of the user, and k represents The selected key.
在一些实施方式中,所述公共媒体可以为区块链。 In some embodiments, the public medium can be a blockchain.
在一些实施方式中,所述公共媒体可以为带有时间戳的由可信第三方操作的公告牌。In some embodiments, the public medium may be a time stamped bulletin board operated by a trusted third party.
在一些实施方式中,所述公共媒体可以为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。In some embodiments, the public medium can be a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users.
在本发明的再一方面,提供了一种用于验证签名的方法,所述签名是由用户用密钥对数据进行签名而得到的并且已在时间t’公布在公共媒体上,其中t’<t,并且t为所述密钥的公布时间,该方法包括验证所述密钥确为所述用户所有;检验在所述密钥的公布时间t所述密钥得以公布;按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算;比较计算的所得值是否等于所述签名;以及根据比较结果,确定所述签名的真实性。In yet another aspect of the present invention, a method for verifying a signature obtained by a user signing data with a key and having been published on public media at time t' is provided, where t' <t, and t is the publication time of the key, the method comprising verifying that the key is indeed owned by the user; verifying that the key is published at the publication time t of the key; The calculation method calculates the data according to the published key; compares whether the calculated value is equal to the signature; and determines the authenticity of the signature according to the comparison result.
在一些实施方式中,按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算可以进一步包括:根据公布的所述密钥计算hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所述密钥。In some embodiments, calculating the data according to the published key according to the calculation manner of the signature may further comprise: calculating a hash (X, A, k) according to the published key, wherein X represents The data, A represents the user identification of the user, and k represents the key.
在一些实施方式中,所述验证所述密钥确为所述用户所有可以进一步包括验证所述密钥的真实性;以及验证所述密钥是所述用户公布的。In some embodiments, the verifying that the key is indeed the user may further include verifying the authenticity of the key; and verifying that the key is published by the user.
在一些实施方式中,所述验证所述密钥的真实性可以进一步包括:验证所述密钥公布在所述公共媒体上的签名的真实性。In some embodiments, the verifying the authenticity of the key may further comprise verifying the authenticity of the signature of the key published on the public medium.
在一些实施方式中,所述验证所述密钥是所述用户公布的可以进一步包括计算hash(k,A,t);判断所计算的hash(k,A,t)是否等于所述公共媒体上公布的与所述密钥相对应的哈希值;以及在判断结果为相等的情况下,确定所述密钥是所述用户公布的。In some embodiments, the verifying that the key is published by the user may further comprise calculating a hash (k, A, t); determining whether the calculated hash (k, A, t) is equal to the public medium. a hash value corresponding to the key published thereon; and in the case where the judgment result is equal, it is determined that the key is published by the user.
在一些实施方式中,所述公共媒体可以为区块链。In some embodiments, the public medium can be a blockchain.
在一些实施方式中,所述公共媒体可以为带有时间戳的由可信第三方操作的公告牌。In some embodiments, the public medium may be a time stamped bulletin board operated by a trusted third party.
在一些实施方式中,所述公共媒体可以为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。In some embodiments, the public medium can be a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users.
在本发明的再一方面,提供了一种计算设备,其包括处理器和存储器,其中所述存储器上存储有计算机程序指令,所述计算机程序指令在由所述处理器执行时实现如上文所述的用于电子签名的方法和/或用于创建签名的方法和/或用于验证签名的方法。In still another aspect of the present invention, a computing device is provided, comprising a processor and a memory, wherein the memory stores computer program instructions that, when executed by the processor, implement as above A method for electronic signature and/or a method for creating a signature and/or a method for verifying a signature.
在本发明的再一方面,提供了一种机器可读存储介质,其上存储有计算机程序指令,其中所述计算机程序指令在由处理器执行时实现如上文所述的用于电子签名的方法和/或用于创建签名的方法和/或用于验证签名的方法。In still another aspect of the present invention, there is provided a machine readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement a method for electronic signature as described above And/or methods for creating signatures and/or methods for verifying signatures.
与现有技术相比,本公开内容的有益效果为:Compared with the prior art, the beneficial effects of the present disclosure are:
首先,本公开内容的技术方案是针对每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系,并将对所述对应关系求哈希所得的哈希值、所述公布时间以及所述用户标识公布在其上信息不可篡改的公共媒体上。所述公共媒体能够确保公布在其上的信息不可篡改,而且密码哈希函数被广泛认为是抗量子 计算攻击的,因此采用本公开内容的技术方案能够抗量子计算攻击。此外,本公开内容的技术方案能够运行于通常廉价且不足以运行非对称密码学方法的系统上。First, the technical solution of the present disclosure is to form, for each key, a correspondence between the key, the publication time of the key, and the user identifier of the user to which the key belongs, and the corresponding relationship is The hash value obtained by the hashing, the publication time, and the user identification are posted on the public media on which the information cannot be tampered with. The public medium can ensure that the information published on it cannot be tampered with, and the cryptographic hash function is widely considered to be anti-quantum The attack is calculated, so the technical solution of the present disclosure can be used to resist quantum computing attacks. Moreover, the technical solutions of the present disclosure are capable of operating on systems that are typically inexpensive and insufficient to run asymmetric cryptography methods.
其次,由于本公开内容的技术方案在进行签名创建和验证的整个过程中只进行了一次哈希运算,因此与非对称密码术以及已知的基于哈希的方案等相比采用本公开内容的技术方案密码计算量显著降低。Secondly, since the technical solution of the present disclosure performs only one hash operation in the whole process of signature creation and verification, the present disclosure is used in comparison with asymmetric cryptography and known hash-based schemes and the like. The technical solution password calculation amount is significantly reduced.
另外,依据本公开内容的技术方案能够用于创建在其中密钥生命期是最重要目标的公钥基础设施的等同体。Additionally, the technical solution in accordance with the present disclosure can be used to create an equivalent of a public key infrastructure in which the key lifetime is the most important goal.
附图说明DRAWINGS
在所附权利要求书中具体阐述了本发明的新颖特征。通过参考对在其中利用到本发明原理的说明性实施方式加以阐述的以下详细描述和附图,将会对本发明的特征和优点获得更好的理解。附图仅用于示出实施方式的目的,而并不应当认为是对本发明的限制。而且在整个附图中,用相同的附图标记表示相同的元素,在附图中:The novel features of the invention are set forth in the appended claims. A better understanding of the features and advantages of the present invention will be obtained in the <RTIgt; The drawings are only for the purpose of illustrating the embodiments and should not be construed as limiting the invention. Throughout the drawings, the same elements are denoted by the same reference numerals, in the drawings:
图1示出了依据本发明示例性实施方式的用于电子签名的方法的流程图;FIG. 1 shows a flow chart of a method for electronic signature in accordance with an exemplary embodiment of the present invention;
图2示出了图1中的为所述用户创建另一组密钥的一个示例的流程图;Figure 2 is a flow chart showing an example of creating another set of keys for the user in Figure 1;
图3示出了图1中的为所述用户创建另一组密钥的另一示例的流程图;3 shows a flow chart of another example of creating another set of keys for the user in FIG. 1;
图4示出了依据本发明示例性实施方式的用于电子签名的系统的示意图;FIG. 4 shows a schematic diagram of a system for electronic signatures in accordance with an exemplary embodiment of the present invention; FIG.
图5示出了图4中的密钥创建模块的一个示例的示意图;FIG. 5 is a schematic diagram showing an example of a key creation module in FIG. 4;
图6示出了图4中的密钥创建模块的另一示例的示意图;FIG. 6 is a schematic diagram showing another example of the key creation module in FIG. 4;
图7示出了依据本发明示例性实施方式的用于创建签名的方法的流程图;FIG. 7 shows a flowchart of a method for creating a signature in accordance with an exemplary embodiment of the present invention;
图8示出了依据本发明示例性实施方式的用于验证签名的方法的流程图;FIG. 8 shows a flowchart of a method for verifying a signature in accordance with an exemplary embodiment of the present invention; FIG.
图9示出了依据本发明示例性实施方式的验证所述密钥是所述用户公布的一个示例的流程图;以及FIG. 9 illustrates a flowchart of an example of verifying that the key is published by the user, in accordance with an exemplary embodiment of the present invention;
图10示出了依据本发明示例性实施方式的计算设备的示意图。FIG. 10 shows a schematic diagram of a computing device in accordance with an exemplary embodiment of the present invention.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开内容的示例性实施方式。虽然附图中显示了本公开内容的示例性实施方式,然而应当理解,可以以各种形式实现本公开内容而不应被这里阐述的实施方式所限制。相反,提供这些实施方式是为了能够更透彻地理解本公开内容,并且能够将本公开内容的范围完整地传达给本领域技术人员。在以下详细描述中没有任何内容旨在表明任何特定组件、特征或步骤对于本发明是必不可少的。本领域技术人员将会理解,在不脱离本公开内容的范围内各种特征或步骤可以彼此替代或结合。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the exemplary embodiments of the present disclosure are shown in the drawings, it is understood that the invention may be embodied in various forms and not limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be more fully understood, and the scope of the disclosure can be fully conveyed to those skilled in the art. Nothing in the following detailed description is intended to suggest that any particular component, feature or step is essential to the invention. Those skilled in the art will appreciate that various features or steps may be substituted or combined with each other without departing from the scope of the disclosure.
图1示出了依据本发明示例性实施方式的用于电子签名的方法的流程图。如图1所示,一种用于电子签名的方法可以包括:FIG. 1 shows a flow chart of a method for electronic signature in accordance with an exemplary embodiment of the present invention. As shown in FIG. 1, a method for electronic signature can include:
步骤S101,为每个用户分配一组密钥; Step S101, assigning a set of keys to each user;
步骤S102,对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;Step S102, for each key, form a correspondence between the key, the publication time of the key, and the user identifier of the user to which the key belongs;
步骤S103,对所述对应关系求哈希得到哈希值;Step S103, performing hashing on the correspondence relationship to obtain a hash value;
步骤S104,在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在公共媒体上,其中所述公共媒体能够确保公布在其上的信息不可篡改;以及Step S104, publishing the hash value, the publication time, and the user identifier on the public media before the publication time, wherein the public media can ensure that the information published thereon is not tamperable;
步骤S105,在到达所述公布时间时,释放所述密钥。Step S105, when the publication time is reached, the key is released.
由上述可知,依据本发明示例性实施方式的用于电子签名的方法首先可以为每个用户分配一组密钥,并为该组密钥中的每一个密钥形成密钥、密钥的公布时间以及密钥所属用户的用户标识之间的对应关系,接着求得该对应关系的哈希值,并且将该哈希值、所述公布时间以及所述用户标识公布在公共媒体上,其中所述公共媒体能够确保公布在其上的信息不可篡改。例如密钥为k,该密钥的公布时间为t,用户标识为A,则所形成的对应关系为(k,A,t),并且在公共媒体上公布的为(hash(k,A,t),t,A)。另外,这里的公布时间也即指释放该密钥的时间,也可以说是该密钥为公共所知的时间。由于所述公共媒体能够确保公布在其上的信息不可篡改并且合适的密钥哈希函数能够抗量子计算机,因此采用依据本发明示例性实施方式的用于电子签名的方法能够抗量子计算攻击。It can be seen from the above that the method for electronic signature according to an exemplary embodiment of the present invention can first assign a set of keys to each user, and form a key, a key announcement for each key in the set of keys. a correspondence between the time and the user identifier of the user to which the key belongs, and then obtaining a hash value of the correspondence, and publishing the hash value, the publication time, and the user identifier on the public media, where The public media can ensure that the information published on it cannot be tampered with. For example, if the key is k, the publication time of the key is t, and the user identifier is A, the corresponding relationship formed is (k, A, t), and published on the public media is (hash(k, A, t), t, A). In addition, the publication time here refers to the time when the key is released, and it can be said that the key is a publicly known time. Since the public medium can ensure that the information published thereon is not tamperable and a suitable key hash function can resist the quantum computer, the method for electronic signature according to an exemplary embodiment of the present invention can be resistant to quantum computing attacks.
再如图1所示,依据本发明示例性实施方式的用于电子签名的方法还可以包括步骤S106,由所述用户使用未到公布时间的密钥对数据进行签名并将所得的签名放在所述公共媒体上。依据本发明示例性实施例方式的用于电子签名的方法首先公布在公共媒体上的是关于密钥的对应关系的哈希值、公布时间和用户标识,而不是密钥本身。在密钥的公布时间未到来之前,用户可以用该密钥对预发送的数据等信息进行签名并签名放置在公共媒体上,而且该签名的时间戳在密钥的公布时间之前。最初,在密钥未公布之前,公众是不能确定数据就是由该用户进行签名的。也就是说,此时签名是无法得到验证的,待在该密钥的公布时间到达时,用户才会将该密钥释放出来,这时人们就可以对签名予以验证。因此,在进行签名和签名得以验证之间存在时间差,为了让签名能够尽快得到验证,用户通常选择邻近公布时间的密钥来对数据进行签名。通常可以通过对获得的密钥、在公共媒体上公布的公布时间以及用户标识求哈希,判断所得结果与公共媒体上所公布出来的哈希值是否相同,如果相同就表明该密钥就为该用户所有。As further shown in FIG. 1, the method for electronic signature according to an exemplary embodiment of the present invention may further include a step S106 of signing data by the user using a key that has not reached the publication time and placing the resulting signature on On the public media. A method for electronic signature according to an exemplary embodiment of the present invention first publishes on the public media a hash value, an announcement time, and a user identification of a correspondence relationship with respect to a key, instead of the key itself. Before the announcement time of the key does not come, the user can use the key to sign and sign the pre-sent data and place it on the public media, and the timestamp of the signature is before the announcement time of the key. Initially, before the key was published, the public could not be sure that the data was signed by the user. That is to say, the signature cannot be verified at this time, and the user will release the key when the announcement time of the key arrives, and then the signature can be verified. Therefore, there is a time lag between the signature and the signature being verified. In order for the signature to be verified as soon as possible, the user typically selects the key adjacent to the published time to sign the data. It is usually possible to judge whether the obtained result is the same as the hash value published on the public media by hashing the obtained key, the publication time published on the public media, and the user identification. If the same, the key is This user is all.
另外,采用依据本发明示例性实施方式的用于电子签名的方法在签名和验证的过程中只进行一次哈希运算,因此与非对称密码术等相比密码计算量显著降低。In addition, the method for electronic signature according to the exemplary embodiment of the present invention performs only one hash operation in the process of signature and verification, and thus the amount of cryptographic calculation is significantly reduced as compared with asymmetric cryptography or the like.
在一些实施方式中,公共媒体可以为区块链。密钥的时间戳可以是该密钥所公布在的区块的块索引。众所周知区块链是将数据以一系列区块的方式按时间顺序相连形成的一种链式数据结构,并以密码学方式保证数据的不可篡改和不可伪造的分布式账本。区块链利用诸如哈希和签名等加密技术以及共识算法建立信任机制,让抵赖、篡改和欺诈行为的成本巨大,保证了数据的不可篡改和不可伪造。 In some embodiments, the public medium can be a blockchain. The timestamp of the key may be the block index of the block in which the key is published. It is well known that a blockchain is a chained data structure in which data is connected in a time series in a series of blocks, and cryptographically guarantees that the data cannot be tampered and unforgeable distributed books. The blockchain uses encryption techniques such as hashing and signatures, as well as consensus algorithms to build trust mechanisms, so that the cost of repudiation, tampering, and fraud is enormous, ensuring that data cannot be tampered and unforgeable.
在另一些实现方式中,公共媒体可以为带有时间戳的由可信第三方(TTP,trusted third party)操作的公告牌(BBS,bulletin board system),也就是说由可信第三方来保证公布于BBS上的数据的不可篡改性。另外,公布于BBS上的每一条数据都赋予有时间戳,并且时间戳是严格地依次递增的。在又一些实现方式中,公共媒体可以为只写数据库,并且写入该只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。该只写数据库表示只能向其中写入数据的数据库。达成共识表示在所有用户之间都认可写入的数据的真实性,是未经篡改的。可以理解,公共媒体可以采用本领域已知的任何方式来实现,只要能够保证不可篡改和记录时间的单调性即可,本发明在此方面并不进行限制。In other implementations, the public media may be a time-stamped bulletin board system (BBS) operated by a trusted third party (TTP), that is, guaranteed by a trusted third party. The data published on the BBS cannot be modified. In addition, each piece of data published on the BBS is given a time stamp, and the timestamps are strictly incremented. In still other implementations, the public medium can be a write-only database, and each block of data written to the write-only database is irrevocable and a consensus is reached among all users. The write-only database represents a database to which data can only be written. Consensus indicates that the authenticity of the data written is recognized by all users and has not been tampered with. It will be appreciated that the public medium may be implemented in any manner known in the art, as long as the tamperability and monotonicity of the recording time are guaranteed, the invention is not limited in this respect.
在一些实施方式中,公布在公共媒体上的所述哈希值、所述公布时间以及所述用户标识以数据块的形式存放,并且这些数据块具有单调递增的时间戳。在一些情况下,可以采用数据块的块号作为时间戳。在另一些情况下,可以采用当前的真实时间作为时间戳。本领域技术人员应当认识到其他时间戳的实现方式也是可行的。In some embodiments, the hash value published on the public media, the publication time, and the user identification are stored in the form of data blocks, and the data blocks have a monotonically increasing timestamp. In some cases, the block number of the data block can be used as a timestamp. In other cases, the current real time can be used as the timestamp. Those skilled in the art will recognize that other timestamp implementations are also possible.
可以理解,为用户分配的一组密钥可以是有限集合,也可以是无限集合。当该组密钥是有限集合时,即,该组密钥中所包含的密钥数目是有限的,如果该组密钥中的所有密钥都已过了公布时间,用户若还需对数据进行签名的话,就会出现没有密钥可用的情况,这是因为此时为用户分配的一组密钥都已经释放,即都已被公众所知,任何人都可以使用它们来为数据签名,从而无从判断数据到底是来自于哪位用户。当该组密钥是无限集合时,如果相邻密钥的公布时间之间的时间间隔过大,就可能会出现用户对数据的签名迟迟得不到验证的情况,这不是人们所期望的。It can be understood that a set of keys assigned to a user may be a finite set or an infinite set. When the set of keys is a finite set, that is, the number of keys included in the set of keys is limited, and if all the keys in the set of keys have passed the publication time, the user still needs to compare the data. If a signature is made, there will be no key available, because the set of keys assigned to the user at this time has been released, that is, they are already known to the public, and anyone can use them to sign the data. Thus there is no way to determine which user the data came from. When the set of keys is an infinite set, if the time interval between the publication times of the adjacent keys is too large, there may be cases where the signature of the user is not verified, which is not expected. .
故此,再如图1所示,依据本发明示例性实施方式的用于电子签名的方法还可以包括;Therefore, as shown in FIG. 1, the method for electronic signature according to an exemplary embodiment of the present invention may further include:
步骤S107,为所述一组密钥中的每一个密钥赋予时间为0的时间戳;以及Step S107, assigning a timestamp with a time of 0 to each of the set of keys;
步骤S108,为所述用户创建另一组密钥,这另一组密钥分别要在相应的未来时间公布。Step S108, creating another set of keys for the user, and the other set of keys are respectively to be announced at a corresponding future time.
由上述可知,依据本公开内容的技术方案将分配给用户的这一组密钥都赋予时间为0的时间戳(即,时间0),并且这些密钥要在时间0之后的时间公布,例如在时间1、时间2、时间3,…,时间i,…等等时间公布。应当理解,时间1、时间2、时间3,…,时间i等等都是相对于时间0的相对时间。例如,假定当前时间为2017年5月5日,此时使用本技术方案将时间戳初始为0,即将当前时间2017年5月5日视为时间0。假定两个相继的时间之间的时间间隔为1天,则此时的时间1可以为2017年5月6日,时间2为2017年5月7日等等。本领域技术人员可以理解,时间1、时间2、时间3等等之间的间隔可以按分钟、小时、天、周、月等等,本发明在此方面并不进行限制。在本文中,这一组密钥也可以称为初始密钥,换言之,初始分配给用户的密钥。可以在此基础上,再为用户创建另一组密钥。As can be seen from the above, according to the technical solution of the present disclosure, the set of keys assigned to the user is given a time stamp of time 0 (ie, time 0), and the keys are to be announced at time after time 0, for example. Published at time 1, time 2, time 3, ..., time i, ... and so on. It should be understood that time 1, time 2, time 3, ..., time i, etc. are relative times with respect to time 0. For example, suppose the current time is May 5, 2017. At this time, the time stamp is initially 0 using the technical solution, that is, the current time, May 5, 2017 is regarded as time 0. Assuming that the time interval between two successive times is one day, the time 1 at this time may be May 6, 2017, time 2 is May 7, 2017, and the like. It will be understood by those skilled in the art that the interval between time 1, time 2, time 3, and the like may be in minutes, hours, days, weeks, months, and the like, and the present invention is not limited in this regard. In this context, this set of keys may also be referred to as an initial key, in other words, a key initially assigned to the user. On this basis, another set of keys can be created for the user.
如图2所示,其示出了图1中的为所述用户创建另一组密钥的一个示例的流程图。在图2中,为所述用户创建另一组密钥可以进一步包括:As shown in FIG. 2, a flow chart of one example of creating another set of keys for the user in FIG. 1 is shown. In FIG. 2, creating another set of keys for the user may further include:
步骤S201,将未来的一个有限时间段分成若干连续的子有限时间段;以及Step S201, dividing a future limited time period into a plurality of consecutive sub-finite time segments;
步骤S202,针对每一个子有限时间段,创建公布时间要在其内的密钥。 Step S202, for each sub-limited time period, a key in which the publication time is to be created is created.
由此可知,本例是将有限时间段分成一个个子有限时间段,继而一个子有限时间段一个子有限时间段地创建密钥,也就是创建要在各个子有限时间段内公布的密钥。在一些情况下,可以在存在至少一个未到公布时间的密钥时,创建公布时间在该子有限时间段的下一个子有限时间段内的密钥。在另一些情况下,可以在当前时间接近一个子有限时间段末尾时,创建公布时间在该子有限时间段的下一个子有限时间段内的密钥,即在一个子有限时间段即将结束时创建要在紧接着的下一个子有限时间段内公布的密钥。当然,子有限时间段还可以再进一步进行细分成进一步子有限时间段等等,以此类推,可以根据实际需要设置,本发明在此方面并不进行限制。It can be seen from this that in this example, the finite time period is divided into a finite time period, and then a sub finite time period is used to create a key for a sub finite period of time, that is, to create a key to be advertised in each sub finite period of time. In some cases, a key whose publication time is within the next sub-limited time period of the sub-limited time period may be created when there is at least one key that has not expired. In other cases, a key whose publication time is within the next sub-limited time period of the sub-finite time period may be created when the current time approaches the end of a sub-finite time period, that is, when a sub-finite time period is about to end. Create a key to be published in the next sub-limited time period. Of course, the sub-finite time period can be further subdivided into further sub-finite time periods and the like, and so on, which can be set according to actual needs, and the present invention is not limited in this respect.
图3示出了图1中的为所述用户创建另一组密钥的另一示例的流程图。如图3所示,步骤为所述用户创建另一组密钥可以包括步骤S301,在时间r-1创建要在时间r+1,r+2,…,r+2s-1公布的密钥,其中r为当前时间,s为对log2 r取整。FIG. 3 shows a flow chart of another example of creating another set of keys for the user in FIG. 1. As shown in FIG. 3, the step of creating another set of keys for the user may include step S301, creating a secret to be announced at time r+1, r+2, . . . , r+2 s-1 at time r -1 . Key, where r is the current time and s is rounded to log 2 r.
由此可知,在示例中,在时间1创建要在时间3公布的密钥;在时间3创建要在时间5和6公布的密钥;在时间5创建要在时间7公布的密钥;在时间7创建要在时间9、10和12公布的密钥;等等以此类推。通过这种方式创建密钥,使得在两个相继的未公开密钥之间的时间间隙为2的幂。另外,用户每次使用新创建的密钥时,都可以在由Thus, in the example, the key to be published at time 3 is created at time 1; the key to be published at times 5 and 6 is created at time 3; the key to be published at time 7 is created at time 5; Time 7 creates the keys to be published at times 9, 10, and 12; and so on. The key is created in such a way that the time gap between two successive undocumented keys is a power of two. In addition, each time a user uses a newly created key, they can
log2 t所界定的长度内追溯回到最初为用户分配的一组密钥,其中t表示当前时间。可以理解,为用户创建另一组密钥可以由该用户自己创建或者由认证机构(CA,certification authority)创建。CA是构建在公钥基础设施(PKI,public key infrastructure)之上的产生和确定数字证书的第三方可信机构(也称为可信第三方),其意在进行签名并且因此能够使得其他用户的新密钥有效。The length defined by log 2 t is traced back to the set of keys originally assigned to the user, where t represents the current time. It can be understood that creating another set of keys for the user can be created by the user himself or by a certification authority (CA). A CA is a third-party trusted authority (also known as a trusted third party) that generates and determines digital certificates built on top of a public key infrastructure (PKI), which is intended to be signed and thus enable other users. The new key is valid.
再如图3所示,步骤为所述用户创建另一组密钥还可以包括:As shown in FIG. 3, the step of creating another set of keys for the user may further include:
步骤S302,用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;以及Step S302, signing the newly created key with the key of the user that has not yet reached the publication time;
步骤S303,将所得的签名放在所述公共媒体上用于保持密钥的空间。Step S303, placing the obtained signature on the public medium for maintaining the space of the key.
我们知道初始分配给用户的一组密钥都是经过可信第三方认证的,从而可以保证该组密钥的真实性。在一些情况下,用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名,也即签署对新创建的密钥的绑定,这例如可以通过对新创建的密钥与标识其公布时间和所属用户的信息的组合求哈希来实现。可以理解用所述用户的尚未到公布时间的密钥对新创建的密钥进行签名可以通过本领域已知的任何方式来实现,本发明在此方面并不进行限制。假定密钥k’是初始分配给用户的密钥,并且其要在时间t’公布,则用公布时间t’的密钥k’为公布时间t的密钥k进行签名,其中t’<t;用公布时间t的密钥k为公布时间t”的密钥k”进行签名,其中t<t”,等等以此类推。这样对于新创建的密钥而言可以追溯到初始时间0的密钥,从而可以验证新创建的密钥的真实性。We know that a set of keys initially assigned to a user is authenticated by a trusted third party, so that the authenticity of the set of keys can be guaranteed. In some cases, the newly created key is signed with the key of the user that has not yet reached the publication time, that is, the binding of the newly created key is signed, which can be done, for example, by the newly created key. A combination of information identifying its publication time and the information of its own user is implemented by hashing. It will be appreciated that the signature of the newly created key with the key of the user that has not yet reached the publication time can be implemented by any means known in the art, and the invention is not limited in this respect. Assuming that the key k' is the key originally assigned to the user, and it is to be published at time t', the key k of the publication time t' is used to sign the key k of the publication time t, where t'<t Signing with the key k of the publication time t for the key k" of the publication time t", where t < t", etc. This can be traced back to the initial time 0 for the newly created key. The key, which verifies the authenticity of the newly created key.
然而,如果所有的密钥都必须追溯到时间0的初始密钥才能得以验证的话,在验证时间上会不经济。因此,在另一些实施方式中,可以由可信第三方对新创建的密钥进行认证,在这种情况下,如果需要验证密钥的签名,则追溯到由可信第三方认证的密钥即可。例如,假定密钥k1由可信第三方进行了认证,用密钥k1对公布时间在其之后的密钥k2 进行了签名,用公布时间t2的密钥k2为公布时间t3的密钥k3进行签名,其中t2<t3,用公布时间t3的密钥k3为公布时间t4的密钥k4进行签名,其中t3<t4,现在需要验证密钥k4的签名。因此,首先追溯到为密钥k4进行签名的密钥k3,由密钥k3追溯到为该密钥k3进行签名的密钥k2,再由密钥k2可以追溯到密钥k1。由于密钥k1已由可信第三方进行了认证,因此追溯到密钥k1时密钥k4的签名就可以得到验证,而不必再追溯到时间0的初始密钥。However, if all the keys must be traced back to the initial key of time 0 to be verified, it will not be economical in terms of verification time. Therefore, in other embodiments, the newly created key can be authenticated by a trusted third party, in which case the key authenticated by the trusted third party is traced if the signature of the key needs to be verified. Just fine. For example, assume that the key k1 is authenticated by a trusted third party, using the key k1 for the key k2 after the publication time The signature is made, and the key k3 of the publication time t3 is used to sign the key k3 at the publication time t3, where t2 < t3, the key k3 of the publication time t3 is used to sign the key k4 of the publication time t4, where t3 < T4, it is now necessary to verify the signature of the key k4. Therefore, it is first traced back to the key k3 for signing the key k4, which is traced back to the key k2 for signing the key k3, and can be traced back to the key k1 by the key k2. Since the key k1 has been authenticated by a trusted third party, the signature of the key k4 can be verified back to the key k1 without having to trace back to the initial key of time 0.
在一些情况下,在至少有一个密钥k尚未到公布时间的时候,可以使用密钥k对任何数目个公布时间在密钥k的公布时间之后的未来密钥进行签名。这些未来密钥可以填充在现有密钥之间的间隙(即,这些未来密钥的公布时间可以处于现有密钥的公布时间之间),或者这些未来密钥可以在现有密钥之后(即,这些未来密钥的公布时间在现有密钥的公布时间之后)。In some cases, the future key after the publication time of the key k can be signed with any number of publication times using the key k when at least one of the keys k has not yet reached the publication time. These future keys can be populated between the existing keys (ie, the publication time of these future keys can be between the published times of the existing keys), or these future keys can be after the existing keys (ie, the publication time of these future keys is after the publication time of the existing key).
当存在至少一个密钥k尚未到公布时间的时候,CA可以对用户(例如,用户A)的密钥进行签名。在这样的情况下,该用户A必须能够向CA证明该密钥确由其所有。The CA may sign the key of the user (e.g., user A) when at least one key k has not reached the publication time. In such a case, the user A must be able to prove to the CA that the key is indeed owned by it.
在一些实施方式中,用户为其自己创建的或者由诸如CA等可信第三方创建的所有新签名密钥都可以由区块链共识协议来检验。换言之,用户A可以使用要在时间t’公布的密钥k’来对要在时间t(其中t’<t)公布的密钥k进行签名,得到(hash(A,k,t),A,t),((hash(A,k,t),A,t,k’),ref(k’),其中(hash(A,k,t),A,t)是消息,相当于一个数据X;(hash(A,k,t),A,t,k’)是对数据X进行的签名,即计算hash(X,A,k’);以及ref(k’)是标识该数据X是新的密钥,刷新k’。当密钥k’公开的时候,就可以验证数据X是用户A发布的。因此所有用户可以在时间t’,即密钥k’已公开的时间,来验证密钥k为用户A的密钥。In some embodiments, all new signature keys created by the user for themselves or created by a trusted third party such as a CA may be verified by the blockchain consensus protocol. In other words, User A can use the key k' to be published at time t' to sign the key k to be published at time t (where t'<t), resulting in (hash(A,k,t),A , t), ((hash(A,k,t),A,t,k'), ref(k'), where (hash(A,k,t),A,t) is a message, equivalent to one Data X; (hash(A,k,t), A,t,k') is the signature of the data X, ie the calculation of hash(X,A,k'); and ref(k') is the identification of the data X is the new key, refreshing k'. When the key k' is exposed, it can be verified that the data X is issued by user A. Therefore, all users can be at time t', that is, when the key k' has been published. To verify that the key k is the key of User A.
通过以上描述,我们可以知道,用户首先将与密钥有关的哈希值、公布时间和用户标识公布到公共媒体上,待密钥的公布时间到达时再将密钥公布出来,这时就可以通过公布出来的密钥来验证是否是该用户进行的签名。然而在此阶段不能知道签名的密钥k的真实性。验证密钥的真实性有两种方案。一种方案是验证密钥k的签名,再验证证实密钥k的签名的密钥等等直到到达时间0时的根认证位置。第二种方案是一旦密钥k’的签名公布了就由区块链的共识机制或者其他媒体的可信第三方来验证每个密钥k(及其与用户A和时间t的绑定)的真实性。为了达到此目的,在一个实施方式中,首先将公共媒体(例如,公告牌或者区块链空间)上用于保持密钥的空间划分成两个部分,分别为第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取。也即,存放在第一部分上的密钥的真实性都已得到证实,用户可以读取该部分上的内容但是不能向其写入内容。存放在第二部分上的密钥的真实性尚未得到证实,此第二部分也称为是临时的,并且用户只能向第二部分上写入内容且不能够从其读取内容。当在时间t与存放在第二部分上的签名相对应的kA,t(kA,t是用户A要在时间t公布的密钥)被释放时,TTP或共识协议就能够根据所释放的kA,t对该签名进行验证,当证明该签名是真实的时,公共媒体就可将该签名(和密钥kA,t)写入第一部分中。从而图3中的步骤303将所得的签名放在所述 公共媒体上用于保持密钥的空间进一步包括:将所得的签名写入所述第二部分中;以及在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。Through the above description, we can know that the user first publishes the hash value, the publication time and the user identification related to the key to the public media, and then announces the key when the announcement time of the key arrives. Verify the signature of the user by using the published key. However, the authenticity of the signed key k cannot be known at this stage. There are two options for verifying the authenticity of a key. One solution is to verify the signature of the key k, verify the key of the signature verifying the key k, etc. until the root authentication location at time 0 is reached. The second option is to verify each key k (and its binding to user A and time t) by the consensus mechanism of the blockchain or a trusted third party of other media once the signature of the key k' is published. Authenticity. In order to achieve this, in one embodiment, the space for holding the key on the public medium (for example, the bulletin board or the blockchain space) is first divided into two parts, a first part and a second part, respectively. The first portion is for storing the verified key and signature and the user is only readable and not writable, and the second portion is for storing the unauthenticated key and signature and the user is only writable and unreadable take. That is, the authenticity of the key stored on the first part has been verified, and the user can read the content on the part but cannot write to the content. The authenticity of the key stored on the second part has not been confirmed, this second part is also referred to as temporary, and the user can only write content to the second part and cannot read content from it. When k A,t (k A,t is the key that user A wants to announce at time t) corresponding to the signature stored on the second part at time t, the TTP or consensus protocol can be released according to The signature is verified by k A,t , and when it is proved that the signature is authentic, the public medium can write the signature (and the key k A,t ) into the first part. Thus, step 303 in Figure 3 places the resulting signature on the public medium for maintaining the space of the key further comprising: writing the resulting signature into the second portion; and after the resulting signature is verified The resulting signature is transferred from the second portion to the first portion for reading by the user.
图4示出了依据本发明示例性实施方式的用于电子签名的系统的示意图。如图4所示,一种用于电子签名的系统可以包括公共媒体401、可信第三方(TTP,trusted third party)402和初始化器403,其中所述公共媒体401被配置用于确保公布在其上的信息不可篡改;所述可信第三方402被配置用于对所述初始化器进行认证;以及所述初始化器403被配置用于:为每个用户分配一组密钥;对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;对所述对应关系求哈希得到哈希值;以及在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在所述公共媒体401上。FIG. 4 shows a schematic diagram of a system for electronic signatures in accordance with an exemplary embodiment of the present invention. As shown in FIG. 4, a system for electronic signatures can include a public medium 401, a trusted third party (TTP) 402, and an initializer 403, wherein the public medium 401 is configured to ensure publication in The information thereon is not tamperable; the trusted third party 402 is configured to authenticate the initializer; and the initializer 403 is configured to: assign a set of keys to each user; for each a key, forming a correspondence between the key, a publication time of the key, and a user identifier of a user to which the key belongs; obtaining a hash value by hashing the correspondence; and in the publishing The hash value, the publication time, and the user identification are posted on the public media 401 prior to time.
由上述可知,依据本发明示例性实施方式的用于电子签名的系统中的初始化器403首先可以为每个用户分配一组密钥,并为该组密钥中的每一个密钥形成密钥、密钥的公布时间以及密钥所属用户的用户标识之间的对应关系,接着求得该对应关系的哈希值,并且将该哈希值、所述公布时间以及所述用户标识公布在公共媒体401上。例如密钥为k,该密钥的公布时间为t,用户标识为A,则所形成的对应关系为(k,A,t),并且在公共媒体上公布的为(hash(k,A,t),t,A)。另外,这里的公布时间也即指释放该密钥的时间,也可以说是该密钥为公共所知的时间。由于所述公共媒体401能够确保公布在其上的信息不可篡改并且合适的密钥哈希函数能够抗量子计算机,因此采用依据本发明示例性实施方式的用于电子签名的系统能够抗量子计算攻击。As can be seen from the above, the initializer 403 in the system for electronic signature according to an exemplary embodiment of the present invention can first assign a set of keys to each user and form a key for each of the set of keys. And a correspondence between the publication time of the key and the user identifier of the user to which the key belongs, and then obtaining a hash value of the correspondence, and publishing the hash value, the publication time, and the user identifier in a public On the media 401. For example, if the key is k, the publication time of the key is t, and the user identifier is A, the corresponding relationship formed is (k, A, t), and published on the public media is (hash(k, A, t), t, A). In addition, the publication time here refers to the time when the key is released, and it can be said that the key is a publicly known time. Since the public medium 401 can ensure that the information published thereon is not tamperable and a suitable key hash function can resist the quantum computer, the system for electronic signature according to an exemplary embodiment of the present invention can resist anti-quantum computing attacks. .
对于可信第三方402,其是通过法律、行政、商业等等途径得到可信资质,接受有关国家管理部门的监督,为所述系统提供维护运行服务。初始化阶段,可信第三方402严格验证每个用户的身份(例如线下验证有效身份证件等),然后为每个通过验证的用户生成一组密钥,并为这些密钥、用户身份等提供签名。其他用户可以随时验证可信第三方402的签名。如果通过了验证,其他用户就接受所述密钥是所述用户的密钥。For the trusted third party 402, it obtains credible qualifications through legal, administrative, commercial, etc., accepts the supervision of the relevant national administrative department, and provides maintenance and operation services for the system. During the initialization phase, the trusted third party 402 rigorously verifies the identity of each user (eg, offline valid ID, etc.), then generates a set of keys for each authenticated user and provides for those keys, user identities, etc. signature. Other users can verify the signature of the trusted third party 402 at any time. If the verification is passed, other users accept that the key is the user's key.
在一些实施方式中,公共媒体401可以为区块链。密钥的时间戳可以是该密钥所公布在的区块的块索引。众所周知区块链是将数据以一系列区块的方式按时间顺序相连形成的一种链式数据结构,并以密码学方式保证数据的不可篡改和不可伪造的分布式账本。区块链利用诸如哈希和签名等加密技术以及共识算法建立信任机制,让抵赖、篡改和欺诈行为的成本巨大,保证了数据的不可篡改和不可伪造。In some embodiments, the public medium 401 can be a blockchain. The timestamp of the key may be the block index of the block in which the key is published. It is well known that a blockchain is a chained data structure in which data is connected in a time series in a series of blocks, and cryptographically guarantees that the data cannot be tampered and unforgeable distributed books. The blockchain uses encryption techniques such as hashing and signatures, as well as consensus algorithms to build trust mechanisms, so that the cost of repudiation, tampering, and fraud is enormous, ensuring that data cannot be tampered and unforgeable.
在另一些实现方式中,公共媒体401为带有时间戳的由TTP 402操作的公告牌(BBS,bulletin board system),也就是说由TTP 402来保证公布于BBS上的数据的不可篡改性。另外,公布于BBS上的每一条数据都赋予有时间戳,并且时间戳是严格地依次递增的。在又一些实现方式中,公共媒体401为只写数据库,并且写入该只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。该只写数据库表示只能向其中写入数据的数据库。达成共识表示在所有用户之间都认可写入的数据的真实性,是未经篡改的。可以理解,公共媒体401可以采用本领域已知的任何方式来实现,只要能够保证不可篡改和记录时间的单调性即可,本发明在此方面并不进行限制。 In other implementations, the public medium 401 is a time-stamped bulletin board system (BBS) operated by the TTP 402, that is, the TTP 402 guarantees irreversible modification of the data published on the BBS. In addition, each piece of data published on the BBS is given a time stamp, and the timestamps are strictly incremented. In still other implementations, the public media 401 is a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users. The write-only database represents a database to which data can only be written. Consensus indicates that the authenticity of the data written is recognized by all users and has not been tampered with. It is to be understood that the public medium 401 can be implemented in any manner known in the art, as long as the tamperability and monotonicity of the recording time can be guaranteed, and the present invention is not limited in this respect.
在一些实施方式中,公布在公共媒体401上的所述哈希值、所述公布时间以及所述用户标识以数据块的形式存放,并且这些数据块具有单调递增的时间戳。在一些情况下,可以采用数据块的块号作为时间戳。在另一些情况下,可以采用当前的真实时间作为时间戳。本领域技术人员应当认识到其他时间戳的实现方式也是可行的。In some embodiments, the hash value published on the public medium 401, the publication time, and the user identification are stored in the form of data blocks, and the data blocks have a monotonically increasing timestamp. In some cases, the block number of the data block can be used as a timestamp. In other cases, the current real time can be used as the timestamp. Those skilled in the art will recognize that other timestamp implementations are also possible.
此外,公共媒体401还可以进一步被配置用于存放由所述用户使用未到公布时间的密钥对数据进行的签名以及在到达所述公布时间时释放的密钥。当密钥被用户放到公共媒体401上之后,就可以来验证该密钥是否为该用户所有。采用依据本发明示例性实施方式的用于电子签名的系统在签名和验证的过程中只进行一次哈希运算,因此与非对称密码术等相比密码计算量显著降低。In addition, the public medium 401 can be further configured to store a signature of the key pair data used by the user using the unpublished time and a key released upon arrival of the publication time. After the key is placed on the public medium 401 by the user, it can be verified whether the key is owned by the user. The system for electronic signature according to the exemplary embodiment of the present invention performs only one hash operation in the process of signature and verification, and thus the amount of cryptographic calculation is significantly reduced as compared with asymmetric cryptography or the like.
另外,在一些实施方式中,初始化器403还可以被配置用于为每一个密钥赋予时间为0的时间戳,并且这些密钥要在时间0之后的时间公布,例如在时间1、时间2、时间3,…,时间i,…等等时公布。应当理解,时间1、时间2、时间3,…,时间i等等都是相对于时间0的相对时间。例如,假定当前时间为2017年5月5日,此时使用本技术方案将时间戳初始为0,即将当前时间2017年5月5日视为时间0。假定各时间的时间间隔为1天,则此时的时间1可以为2017年5月6日,时间2为2017年5月7日等等。本领域技术人员可以理解,时间1、时间2、时间3等等之间的间隔可以按分钟、小时、天、周、月等等,本发明在此方面并不进行限制。Additionally, in some embodiments, the initializer 403 can also be configured to assign a timestamp of time 0 to each key, and these keys are to be published at times after time 0, such as at time 1, time 2 , time 3, ..., time i, ... and so on. It should be understood that time 1, time 2, time 3, ..., time i, etc. are relative times with respect to time 0. For example, suppose the current time is May 5, 2017. At this time, the time stamp is initially 0 using the technical solution, that is, the current time, May 5, 2017 is regarded as time 0. Assuming that the time interval of each time is one day, the time 1 at this time may be May 6, 2017, time 2 is May 7, 2017, and the like. It will be understood by those skilled in the art that the interval between time 1, time 2, time 3, and the like may be in minutes, hours, days, weeks, months, and the like, and the present invention is not limited in this regard.
再如图4所示,依据本发明示例性实施方式的用于电子签名的系统还可以包括密钥创建模块404,密钥创建模块404被配置用于为所述用户创建另一组密钥。As further shown in FIG. 4, the system for electronic signatures in accordance with an exemplary embodiment of the present invention may further include a key creation module 404 configured to create another set of keys for the user.
图5示出了图4中的密钥创建模块404的一个示例的示意图。在图5中,所述密钥创建模块404可以包括:划分模块501,其被配置用于将未来的一个有限时间段分成若干连续的子有限时间段;以及第一子创建模块502,其被配置用于针对每一个子有限时间段,创建公布时间要在其内的密钥。划分模块501将有限时间段分成一个个子有限时间段,继而由第一子创建模块502一个子有限时间段一个子有限时间段地创建密钥,也就是创建要在各个子有限时间段内公布的密钥。在一些情况下,可以在存在至少一个未到公布时间的密钥时,创建公布时间在该子有限时间段的下一个子有限时间段内的密钥。在另一些情况下,可以在当前时间接近一个子有限时间段末尾时,创建公布时间在该子有限时间段的下一个子有限时间段内的密钥,即在一个子有限时间段即将结束时创建要在紧接着的下一个子有限时间段内公布的密钥。当然,子有限时间段还可以再进一步进行细分成进一步子有限时间段等等,以此类推,可以根据实际需要设置,本发明在此方面并不进行限制。FIG. 5 shows a schematic diagram of one example of the key creation module 404 of FIG. In FIG. 5, the key creation module 404 can include a partitioning module 501 configured to divide a future limited time period into a number of consecutive sub-finite time periods; and a first sub-creation module 502 that is The configuration is used to create a key within which the publication time is to be made for each sub-limited time period. The dividing module 501 divides the finite time period into a sub-finite time period, and then the first sub-creation module 502 creates a key for a sub-finite time period and a sub-finite time period, that is, the creation is to be announced within each sub-limited time period. Key. In some cases, a key whose publication time is within the next sub-limited time period of the sub-limited time period may be created when there is at least one key that has not expired. In other cases, a key whose publication time is within the next sub-limited time period of the sub-finite time period may be created when the current time approaches the end of a sub-finite time period, that is, when a sub-finite time period is about to end. Create a key to be published in the next sub-limited time period. Of course, the sub-finite time period can be further subdivided into further sub-finite time periods and the like, and so on, which can be set according to actual needs, and the present invention is not limited in this respect.
图6示出了图4中的密钥创建模块404的另一示例的示意图。在图6中,密钥创建模块404可以包括第二子创建模块601,第二子创建模块601被配置用于在r-1时间创建要在r+1,r+2,…,r+2s-1时间公布的密钥,其中r为当前时间,s为对log2 r取整。例如,在时间1创建要在时间3公布的密钥;在时间3创建要在时间5和6公布的密钥;在时间5创建要在时间7公布的密钥;在时间7创建要在时间9、10和12公布的密钥;等等以此类推。 FIG. 6 shows a schematic diagram of another example of the key creation module 404 of FIG. In FIG. 6, the key creation module 404 can include a second sub-creation module 601 configured to create at r-1, r+2, ..., r+2 at r-1 time. The key published at s-1 time, where r is the current time and s is rounded to log 2 r. For example, create a key to be published at time 3 at time 1; create a key to be published at times 5 and 6 at time 3; create a key to be announced at time 7 at time 5; create at time 7 at time Keys published in 9, 10, and 12; and so on.
再如图6所示,密钥创建模块404还包括:签名模块602,其被配置用于用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;和放置模块603,其被配置用于将所得的签名放在所述公共媒体401上用于保持密钥的空间。由于初始分配给用户的一组密钥都是经过可信第三方402认证的,因此可以保证该组密钥的真实性。可以使用用户的尚未到公布时间的密钥为新创建的密钥进行签名,例如假定密钥k’是初始分配给用户的密钥,并且其要在时间t’公布,则用公布时间t’的密钥k’为公布时间t的密钥k进行签名,其中t’<t;用公布时间t的密钥k为公布时间t”的密钥k”进行签名,其中t<t”,等等以此类推。这样对于新创建的密钥而言可以追溯到初始时间0的密钥,从而可以验证新创建的密钥的真实性。As further shown in FIG. 6, the key creation module 404 further includes a signature module 602 configured to sign the newly created key with a key of the user that has not yet reached the publication time; and a placement module 603, It is configured to place the resulting signature on the public medium 401 for maintaining the space of the key. Since a set of keys initially assigned to the user is authenticated by the trusted third party 402, the authenticity of the set of keys can be guaranteed. The newly created key can be signed using the user's key that has not yet reached the publication time, for example, assuming that the key k' is the key originally assigned to the user, and it is to be announced at time t', then the publication time t' is used. The key k' is signed for the key k of the publication time t, where t' < t; the key k of the publication time t is used to sign the key k" of the publication time t", where t < t", etc. And so on. This allows the newly created key to be traced back to the key at the initial time of 0, so that the authenticity of the newly created key can be verified.
然而,如果所有的密钥都必须追溯到时间0的初始密钥才能得以验证的话,在验证时间上会不经济。因此,在另一些实施方式中,可以由可信第三方402对新创建的密钥进行认证,在这种情况下,如果需要验证密钥的签名,则追溯到由可信第三方402认证的密钥即可。例如,假定密钥k1由可信第三方进行402了认证,用密钥k1对公布时间在其之后的密钥k2进行了签名,用公布时间t2的密钥k2为公布时间t3的密钥k3进行签名,其中t2<t3,用公布时间t3的密钥k3为公布时间t4的密钥k4进行签名,其中t3<t4,现在需要验证密钥k4的签名。因此,首先追溯到为密钥k4进行签名的密钥k3,由密钥k3追溯到为该密钥k3进行签名的密钥k2,再由密钥k2可以追溯到密钥k1。由于密钥k1已由可信第三方402进行了认证,因此追溯到密钥k1时密钥k4的签名就可以得到验证,而不必再追溯到时间0的初始密钥。However, if all the keys must be traced back to the initial key of time 0 to be verified, it will not be economical in terms of verification time. Thus, in other embodiments, the newly created key can be authenticated by the trusted third party 402, in which case, if the signature of the key needs to be verified, it is traced back to the trusted third party 402. The key is fine. For example, assume that the key k1 is authenticated 402 by a trusted third party, the key k1 after the publication time is signed with the key k1, and the key k2 of the publication time t2 is the key k3 of the publication time t3. The signature is made, where t2 < t3, the key k3 of the publication time t3 is used to sign the key k4 of the publication time t4, where t3 < t4, it is now necessary to verify the signature of the key k4. Therefore, it is first traced back to the key k3 for signing the key k4, which is traced back to the key k2 for signing the key k3, and can be traced back to the key k1 by the key k2. Since the key k1 has been authenticated by the trusted third party 402, the signature of the key k4 can be verified back to the key k1 without having to trace back to the initial key of time 0.
下面通过示例来详细描述创建密钥的过程。假定初始分配给用户公布时间在时间1、2、4、8、16和32的密钥。在时间31创建要在时间33、34、36、40、48和64公布的密钥并用时间32的密钥对它们进行签名,在时间63创建要在时间65、66、68、72、80、96和128公布的密钥并用时间64的密钥对它们进行签名,在时间127创建要在时间129、130、132、136、144、160、192和256公布的密钥并用时间128的密钥对它们进行签名,在时间191创建要在时间193、194、196、200、208和224公布的密钥并用时间192的密钥对它们进行签名,以及在时间199创建要在时间201、202和204公布的密钥并用时间200的密钥对它们进行签名。为了验证公布时间在时间201的密钥,需要从公布时间在时间200的密钥、时间192的密钥、时间128的密钥、时间64的密钥一直检验到公布时间在时间32的初始密钥这样的签名链。由此可知,在对公布时间为时间N的密钥进行验证时,追溯到公布时间为时间1或以上的初始密钥的检验链绝不会长于2log2N。这样的链由几部分构成,第一部分是直到2的最大次幂(小于等于N的最大次幂),在本例中为时间128,而第二部分是从公布时间为2的最大次幂的密钥到初始密钥中公布时间为时间2的最高次幂的密钥。The process of creating a key is described in detail below by way of example. It is assumed that the key is initially allocated to the user to publish the time at times 1, 2, 4, 8, 16, and 32. Keys to be published at times 33, 34, 36, 40, 48, and 64 are created at time 31 and signed with a key of time 32, created at time 63 at times 65, 66, 68, 72, 80, The keys published by 96 and 128 are signed with the key of time 64, and the keys to be published at times 129, 130, 132, 136, 144, 160, 192 and 256 are created at time 127 and the key of time 128 is used. They are signed, keys issued at times 193, 194, 196, 200, 208, and 224 are created at time 191 and signed with a key of time 192, and created at time 199 to be at times 201, 202 and 204 announced keys and signed them with a time of 200 key. In order to verify the key of the publication time at time 201, it is necessary to check from the key of the publication time at time 200, the key of time 192, the key of time 128, the key of time 64 to the initial density of the publication time at time 32. A signature chain like a key. It can be seen from this that when the key with the publication time of time N is verified, the inspection chain traced back to the initial key whose time is 1 or above is never longer than 2 log 2 N. Such a chain consists of several parts, the first part being the maximum power up to 2 (less than or equal to the maximum power of N), in this case time 128, and the second part being the maximum power from the publication time of 2 The key is published to the initial key and the key with the highest power of time 2 is published.
在一些实施方式中,公共媒体401中用于保持密钥的空间可以被划分成第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取。此外,放置模块603可以包括:写入模块,其被配置用于将所得的签名写入所述第二部分中;以及转放模块,其被配置用于在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。 因此,当在时间t与存放在第二部分上的签名相对应的kA,t(kA,t是用户A要在时间t公布的密钥)被释放时,公共媒体401(例如通过TTP 402或共识协议)就能够根据所释放的kA,t对该签名进行验证,当证明该签名是真实的时,公共媒体401就可将该签名写入第一部分中。在这种情况下,由于TTP 402或共识协议等已对存放在第一部分中的密钥进行了认证,因此不需要进行上段中所描述的签名链的检验,并且每个签名的验证只需要进行一次哈希即可。In some embodiments, the space in the public medium 401 for holding the key can be divided into a first portion and a second portion, wherein the first portion is for storing the verified key and signature and the user is only readable Not writable, the second part is used to store unauthenticated keys and signatures and the user can only write and not read. Additionally, the placement module 603 can include a write module configured to write the resulting signature into the second portion, and a transfer module configured to obtain the resulting signature after verification A signature is transferred from the second portion to the first portion for reading by a user. Therefore, when k A,t (k A,t is the key that user A wants to announce at time t) corresponding to the signature stored on the second portion at time t, the public medium 401 (for example, by TTP) The 402 or consensus protocol can verify the signature based on the released k A,t , and when the signature is verified to be authentic, the public medium 401 can write the signature into the first portion. In this case, since the key stored in the first part has been authenticated by the TTP 402 or the consensus protocol, etc., the verification of the signature chain described in the above paragraph is not required, and the verification of each signature only needs to be performed. Hash once.
如图7所示,其示出了依据本发明示例性实施方式的用于创建签名的方法的流程图。在图7中,用于创建签名的方法可以包括:As shown in FIG. 7, a flowchart of a method for creating a signature in accordance with an exemplary embodiment of the present invention is shown. In FIG. 7, a method for creating a signature may include:
步骤S701,用户从其密钥集中选择一个尚未到公布时间t的密钥;Step S701, the user selects a key from its key set that has not yet reached the publication time t;
步骤S702,使用所选择的密钥对数据进行签名;以及Step S702, signing data using the selected key;
步骤S703,在时间t’将所得的签名放到公共媒体401上,其中t’<t,并且公共媒体401能够确保公布在其上的信息不可篡改。Step S703, the resulting signature is placed on the public medium 401 at time t', where t' < t, and the public medium 401 can ensure that the information posted thereon cannot be tampered with.
由此可知,依据本发明示例性实施方式的用于创建签名的方法可以供用户用来对数据等进行签名。用户可以从其密钥集中选择一个尚未到公布时间t的密钥,然后用此密钥对数据等进行签名,并在时间t’将所得的签名放到公共媒体401上。此时用户对数据的签名是不能得到验证的,待当密钥的公布时间t达到,且该密钥得以公布时,就可以用公布的密钥来对签名进行验证。It can be seen that the method for creating a signature according to an exemplary embodiment of the present invention can be used by a user to sign data or the like. The user can select a key from his key set that has not yet reached the publication time t, then use the key to sign the data and the like, and place the resulting signature on the public medium 401 at time t'. At this time, the user's signature on the data cannot be verified. When the publication time t of the key is reached, and the key is published, the signature can be verified by using the published key.
在一些实施方式中,步骤S702使用所选择的密钥对数据进行签名可以进一步包括形成hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥,即可以将X、A和k顺序拼接成字符串,对该字符串求哈希而得到数据X的签名。在另一些实施方式中,步骤S702使用所选择的密钥对数据进行签名可以进一步包括形成hash(A,k,X),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥,即可以将A、k和X顺序拼接成字符串,对该字符串求哈希而得到数据X的签名。在又一些实施方式中,步骤S702使用所选择的密钥对数据进行签名可以进一步包括使用加密算法利用所选择的密钥对数据X进行加密。本领域技术人员可以理解,可以使用本领域已知或将来可知的任何方法来对数据进行签名,本发明在此方面并不进行限制。In some embodiments, step S702 to sign the data using the selected key may further comprise forming a hash (X, A, k), wherein X represents the data, A represents a user identification of the user, and k represents The selected key, that is, the X, A, and k sequences can be spliced into a string, and the string is hashed to obtain the signature of the data X. In other embodiments, step S702 to sign the data using the selected key may further comprise forming a hash (A, k, X), where X represents the data, A represents the user identification of the user, and k Representing the selected key, that is, A, k, and X can be sequentially spliced into a string, and the string is hashed to obtain the signature of the data X. In still other embodiments, step S702, signing the data using the selected key may further comprise encrypting the data X with the selected key using an encryption algorithm. Those skilled in the art will appreciate that the data may be signed using any method known in the art or known in the future, and the invention is not limited in this respect.
在一些实施方式中,公共媒体401可以为区块链。密钥的时间戳可以是该密钥所公布在的区块的块索引。在另一些实施方式中,公共媒体401为带有时间戳的由可信第三方操作的公告牌。在又一些实施方式中,所述公共媒体401为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。可以理解,公共媒体401可以采用本领域已知的任何方式来实现,只要能够保证不可篡改和记录时间的单调性即可,本发明在此方面并不进行限制。In some embodiments, the public medium 401 can be a blockchain. The timestamp of the key may be the block index of the block in which the key is published. In other embodiments, the public medium 401 is a time stamped bulletin board operated by a trusted third party. In still other embodiments, the public medium 401 is a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users. It is to be understood that the public medium 401 can be implemented in any manner known in the art, as long as the tamperability and monotonicity of the recording time can be guaranteed, and the present invention is not limited in this respect.
如图8所示,其示出了依据本发明示例性实施方式的用于验证签名的方法的流程图,该签名是由用户用密钥对数据进行签名而得到的并且已在时间t’公布在公共媒体401上,其中t’<t,并且t为所述密钥的公布时间,该方法可以包括: As shown in FIG. 8, there is shown a flowchart of a method for verifying a signature obtained by a user signing data with a key and having been published at time t', in accordance with an exemplary embodiment of the present invention. On the public medium 401, where t' < t, and t is the publication time of the key, the method may include:
步骤S801,验证所述密钥确为所述用户所有;Step S801, verifying that the key is indeed owned by the user;
步骤S802,检验在所述密钥的公布时间t所述密钥得以公布;Step S802, verifying that the key is published at the publication time t of the key;
步骤S803,按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算;Step S803, calculating the data according to the published key according to the calculation manner of the signature;
步骤S804,比较计算的所得值是否等于所述签名;以及Step S804, comparing whether the calculated value obtained is equal to the signature;
步骤S805,根据比较结果,确定所述签名的真实性。Step S805, determining the authenticity of the signature according to the comparison result.
由此可知,依据本发明示例性实施方式的用于验证签名的方法可以首先验证该签名所用密钥的确为所述用户所有,再检验该密钥在所声称的公布时间也已公布。当密钥被公布出来之后,就可以按照该签名的计算方式用公开的这个密钥对所述数据进行计算,并对计算的所得值与所述签名进行比较。如果相等,则可以确定所述签名是真实的,如果不相等,则表示所述签名不可信。It can be seen from this that the method for verifying a signature according to an exemplary embodiment of the present invention can first verify that the key used for the signature is indeed owned by the user, and then verify that the key has also been published at the claimed time. After the key is published, the data can be calculated with the public key in accordance with the calculation of the signature, and the calculated value is compared with the signature. If they are equal, it can be determined that the signature is true, and if not equal, the signature is not trusted.
在一些实施方式中,步骤S803按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算还可以进一步包括根据公布的所述密钥计算hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所述密钥。In some embodiments, the step S803, according to the calculation manner of the signature, calculating the data according to the published key may further comprise calculating a hash (X, A, k) according to the published key, wherein X represents the data, A represents the user identification of the user, and k represents the key.
在一些实施方式中,步骤S801验证所述密钥确为所述用户所有可以进一步包括验证所述密钥的真实性;以及验证所述密钥是所述用户公布的。在一些实施方式中,验证所述密钥的真实性可以进一步包括验证所述密钥公布在所述公共媒体401上的签名的真实性。由于密钥是采用本公开内容中上文所描述的用于电子签名的方法创建的,因此假定密钥k是用公布时间在其之前的密钥k’进行签名的,而密钥k’是用公布时间在k’之前的密钥k”进行签名的,这样以此类推可以追溯到时间戳为0的密钥,由于时间戳为0的密钥是初始密钥且是经可信第三方402认证的,因此可以验证密钥k的真实性。In some embodiments, step S801 verifying that the key is indeed the user may further include verifying the authenticity of the key; and verifying that the key is published by the user. In some embodiments, verifying the authenticity of the key may further include verifying the authenticity of the signature of the key published on the public medium 401. Since the key is created using the method for electronic signature described above in the present disclosure, it is assumed that the key k is signed with the key k' preceding it at the time of publication, and the key k' is Signed with the key k" before the time of publication, so that it can be traced back to the key with a timestamp of 0, since the key with a timestamp of 0 is the initial key and is a trusted third party. 402 certified, so the authenticity of the key k can be verified.
在一些实施方式中,如图9所示,验证所述密钥是所述用户公布的一个示例可以进一步包括:In some embodiments, as shown in FIG. 9, an example of verifying that the key is published by the user may further include:
步骤S901,计算hash(k,A,t);Step S901, calculating hash(k, A, t);
步骤S902,判断所计算的hash(k,A,t)是否等于所述公共媒体401上公布的与所述密钥相对应的哈希值;以及Step S902, determining whether the calculated hash(k, A, t) is equal to a hash value corresponding to the key published on the public medium 401;
步骤S903,在判断结果为相等的情况下,确定所述密钥是所述用户公布的。In step S903, if the determination result is equal, it is determined that the key is published by the user.
在这些实施方式中,密钥k已经被释放,即密钥k的公布时间t已经达来,则可以计算hash(k,A,t)并且判断所计算的hash(k,A,t)是否等于公共媒体401上公布的与密钥k相对应的哈希值,如果相等,则表示密钥k就是用户A的密钥,因此可以确定密钥k是用户A公布的。In these embodiments, the key k has been released, ie the publication time t of the key k has been reached, then the hash(k, A, t) can be calculated and the calculated hash(k, A, t) is determined. It is equal to the hash value corresponding to the key k published on the public medium 401. If they are equal, it means that the key k is the key of the user A, so it can be determined that the key k is published by the user A.
在一些实施方式中,公共媒体401可以为区块链。密钥的时间戳可以是该密钥所公布在的区块的块索引。在另一些实施方式中,公共媒体401为带有时间戳的由可信第三方操作的公告牌。在又一些实施方式中,所述公共媒体401为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。可以理解,公共 媒体可以采用本领域已知的任何方式来实现,只要能够保证不可篡改和记录时间的单调性即可,本发明在此方面并不进行限制。In some embodiments, the public medium 401 can be a blockchain. The timestamp of the key may be the block index of the block in which the key is published. In other embodiments, the public medium 401 is a time stamped bulletin board operated by a trusted third party. In still other embodiments, the public medium 401 is a write-only database, and each data block written to the write-only database is irrevocable and a consensus is reached among all users. Understandably, public The media may be implemented in any manner known in the art, as long as the tamperability and monotonicity of the recording time are guaranteed, and the invention is not limited in this respect.
在本发明的一个方面,如图10所示,还提供了一种计算设备1000,其包括存储器1002和处理器1001,其中所述存储器1002上存储有计算机程序指令10020,所述计算机程序指令10020在由所述处理器1001执行时实现上文描述的用于电子签名的方法和/或用于创建签名的方法和/或用于验证签名的方法。由于前面已经详细描述了用于电子签名的方法、用于创建签名的方法和用于验证签名的方法,故在此不再详述。In one aspect of the invention, as shown in FIG. 10, there is also provided a computing device 1000 comprising a memory 1002 and a processor 1001, wherein the memory 1002 stores computer program instructions 10020, the computer program instructions 10020 The method for electronic signature described above and/or the method for creating a signature and/or the method for verifying a signature are implemented when executed by the processor 1001. Since the method for electronic signature, the method for creating a signature, and the method for verifying the signature have been described in detail above, it will not be described in detail herein.
在本发明的另一方面,提供了一种机器可读存储介质,该机器可读存储介质上存储有计算机程序指令,其中所述计算机程序指令在由处理器执行时实现上文所述的用于电子签名的方法和/或用于创建签名的方法和/或用于验证签名的方法。对于用于电子签名的方法和/或用于创建签名的方法和/或用于验证签名的方法,在上文已经进行了详细描述,在此不再赘述。在一些实施方式中,机器可读存储介质是数字处理设备的有形组件。在另一些实施方式中,机器可读存储介质可选地是可从数字处理设备移除的。在一些实施方式中,举非限制性示例而言,机器可读存储介质可以包括U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、闪速存储器、可编程只读存储器(PROM)、可擦除可编程只读存储器(EPROM)、固态存储器、磁碟、光盘、云计算系统或服务等。In another aspect of the invention, a machine readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implements the A method of electronic signature and/or a method for creating a signature and/or a method for verifying a signature. The method for electronic signature and/or the method for creating a signature and/or the method for verifying a signature have been described in detail above and will not be described herein. In some embodiments, a machine readable storage medium is a tangible component of a digital processing device. In other embodiments, the machine readable storage medium is optionally removable from the digital processing device. In some embodiments, by way of non-limiting example, the machine readable storage medium may include a USB flash drive, a removable hard disk, a Read-Only Memory (ROM), and a Random Access Memory (RAM). , Flash Memory, Programmable Read Only Memory (PROM), Erasable Programmable Read Only Memory (EPROM), Solid State Memory, Disk, Optical Disk, Cloud Computing System or Services.
应当理解,本发明的方法实施方式中记载的各个步骤可以按照不同的顺序执行,和/或并行执行。此外,方法实施方式可以包括附加的步骤和/或省略执行示出的步骤。本发明的范围在此方面不受限制。It should be understood that the various steps recited in the method embodiments of the present invention can be performed in a different order and/or in parallel. Moreover, method embodiments may include additional steps and/or omit the steps shown. The scope of the invention is not limited in this respect.
在本文所提供的说明书中,说明了大量具体细节。然而,应当理解,本公开内容的实施方式可以在没有这些具体细节的情况下实践。在一些实施方式中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the present disclosure may be practiced without these specific details. In some embodiments, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the specification.
虽然本文已经示出和描述了本发明的优选实施方式,但对于本领域技术人员显而易见的是,这样的实施方式只是以示例的方式提供的。本领域技术人员现将会在不偏离本发明的情况下想到许多更改、改变和替代。应当理解,在实践本发明的过程中可以采用对本文所描述的本发明实施方式的各种替代方案。以下权利要求旨在限定本发明的范围,并因此覆盖这些权利要求范围内的方法和结构及其等同项。 While a preferred embodiment of the present invention has been shown and described, it is apparent to those skilled in the art that such embodiments are provided by way of example only. Many modifications, changes and substitutions will now occur to those skilled in the art without departing from the invention. It should be understood that various alternatives to the embodiments of the invention described herein may be employed in the practice of the invention. The scope of the invention is intended to be limited only by the scope of the appended claims and the claims.

Claims (42)

  1. 一种用于电子签名的方法,包括:A method for electronic signature, comprising:
    为每个用户分配一组密钥;Assign a set of keys to each user;
    对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;For each key, forming a correspondence between the key, the publication time of the key, and the user identifier of the user to which the key belongs;
    对所述对应关系求哈希得到哈希值;Hashing the correspondence to obtain a hash value;
    在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在公共媒体上,其中所述公共媒体能够确保公布在其上的信息不可篡改;以及Publishing the hash value, the publication time, and the user identification on public media prior to the publication time, wherein the public medium is capable of ensuring that information published thereon is not tamperable;
    在到达所述公布时间时,释放所述密钥。Upon reaching the publication time, the key is released.
  2. 如权利要求1所述的用于电子签名的方法,其中所述公共媒体为区块链。The method for electronic signature of claim 1 wherein said public medium is a blockchain.
  3. 如权利要求1所述的用于电子签名的方法,其中所述公共媒体为带有时间戳的由可信第三方操作的公告牌。A method for electronic signature as claimed in claim 1 wherein said public medium is a time stamped bulletin board operated by a trusted third party.
  4. 如权利要求1所述的用于电子签名的方法,其中所述公共媒体为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。The method for electronic signature of claim 1 wherein said public medium is a write-only database and each data block written to said write-only database is irrevocable and a consensus is reached among all users.
  5. 如权利要求1所述的用于电子签名的方法,其中公布在所述公共媒体上的所述哈希值、所述公布时间以及所述用户标识以数据块的形式存放,并且这些数据块具有单调递增的时间戳。A method for electronic signature according to claim 1, wherein said hash value published on said public medium, said publication time, and said user identification are stored in the form of data blocks, and said data blocks have Monotonically increasing timestamp.
  6. 如权利要求1所述的用于电子签名的方法,还包括由所述用户使用未到公布时间的密钥对数据进行签名并将所得的签名放在所述公共媒体上。The method for electronic signature of claim 1 further comprising signing the data by the user using a key that has not expired and placing the resulting signature on the public medium.
  7. 如权利要求1至6中任一项所述的用于电子签名的方法,还包括:The method for electronic signature according to any one of claims 1 to 6, further comprising:
    为所述一组密钥中的每一个密钥赋予时间为0的时间戳;以及Assigning a timestamp of time 0 to each of the set of keys;
    为所述用户创建另一组密钥。Create another set of keys for the user.
  8. 如权利要求7所述的用于电子签名的方法,其中所述为所述用户创建另一组密钥包括:The method for electronic signature of claim 7 wherein said creating another set of keys for said user comprises:
    将未来的一个有限时间段分成若干连续的子有限时间段;以及Dividing a future limited time period into a number of consecutive sub-finite time periods;
    针对每一个子有限时间段,创建公布时间要在其内的密钥。For each sub-limited time period, create a key within which the publication time is to be made.
  9. 如权利要求8所述的用于电子签名的方法,其中所述针对每一个子有限时间段,创建公布时间要在其内的密钥进一步包括:在存在至少一个未到公布时间的密钥时,创建公布时间在所述子有限时间段的下一个子有限时间段内的密钥。A method for electronic signature according to claim 8, wherein said creating a key within which the publication time is to be made for each sub-limited time period further comprises: when there is at least one key that has not expired And creating a key whose publication time is within the next sub-limited time period of the sub-limited time period.
  10. 如权利要求7所述的用于电子签名的方法,其中所述为所述用户创建另一组密钥包括:The method for electronic signature of claim 7 wherein said creating another set of keys for said user comprises:
    在时间r-1创建要在时间r+1,r+2,…,r+2s-1公布的密钥,其中r为当前时间,s为对log2r取整。A key to be published at time r+1, r+2, ..., r+2 s -1 is created at time r -1 , where r is the current time and s is rounded to log 2 r.
  11. 如权利要求8至10中任一项所述的用于电子签名的方法,其中所述为所述用户创建另一组密钥还包括: A method for electronic signature according to any one of claims 8 to 10, wherein said creating another set of keys for said user further comprises:
    用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;以及Signing the newly created key with the key of the user that has not yet reached the publication time;
    将所得的签名放在所述公共媒体上用于保持密钥的空间。The resulting signature is placed on the public medium for the space to hold the key.
  12. 如权利要求11所述的用于电子签名的方法,还包括将所述公共媒体中用于保持密钥的空间划分成第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取;并且A method for electronic signature according to claim 11 further comprising dividing a space in said common medium for holding a key into a first portion and a second portion, wherein said first portion is for storing the verified secret Key and signature and the user is only readable and not writable, the second part is for storing unauthenticated keys and signatures and the user is only writable and not readable;
    将所得的签名放在所述公共媒体上用于保持密钥的空间进一步包括:Placing the resulting signature on the public medium for maintaining the key space further includes:
    将所得到的签名写入所述第二部分中;以及Writing the obtained signature into the second part;
    在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。After the resulting signature is verified, the resulting signature is transferred from the second portion to the first portion for reading by the user.
  13. 如权利要求11所述的用于电子签名的方法,其中所述为所述用户创建另一组密钥还包括:由可信第三方对新创建的密钥进行认证。The method for electronic signature of claim 11 wherein said creating another set of keys for said user further comprises authenticating the newly created key by a trusted third party.
  14. 一种用于电子签名的系统,包括公共媒体、可信第三方和初始化器,其中:A system for electronic signatures, including public media, trusted third parties, and initializers, where:
    所述公共媒体被配置用于确保公布在其上的信息不可篡改;The public medium is configured to ensure that information published thereon is not tamperable;
    所述可信第三方被配置用于对所述初始化器进行认证;以及The trusted third party is configured to authenticate the initializer;
    所述初始化器被配置用于:The initializer is configured to:
    为每个用户分配一组密钥;Assign a set of keys to each user;
    对于每一个密钥,形成所述密钥、所述密钥的公布时间以及所述密钥所属用户的用户标识之间的对应关系;For each key, forming a correspondence between the key, the publication time of the key, and the user identifier of the user to which the key belongs;
    对所述对应关系求哈希得到哈希值;以及Hashing the correspondence to obtain a hash value;
    在所述公布时间之前将所述哈希值、所述公布时间以及所述用户标识公布在所述公共媒体上。The hash value, the published time, and the user identification are posted on the public media prior to the publication time.
  15. 如权利要求14所述的用于电子签名的系统,其中所述公共媒体为区块链。A system for electronic signature as claimed in claim 14 wherein said common medium is a blockchain.
  16. 如权利要求14所述的用于电子签名的系统,其中所述公共媒体为带有时间戳的由所述可信第三方操作的公告牌。A system for electronic signature as claimed in claim 14 wherein said public medium is a time stamped bulletin board operated by said trusted third party.
  17. 如权利要求14所述的用于电子签名的系统,其中所述公共媒体为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。A system for electronic signature as claimed in claim 14 wherein said public medium is a write-only database and each data block written to said write-only database is irrevocable and a consensus is reached among all users.
  18. 如权利要求14所述的用于电子签名的系统,其中公布在所述公共媒体上的所述哈希值、所述公布时间以及所述用户标识以数据块的形式存放,并且这些数据块具有单调递增的时间戳。A system for electronic signature according to claim 14, wherein said hash value published on said public medium, said publication time, and said user identification are stored in the form of data blocks, and said data blocks have Monotonically increasing timestamp.
  19. 如权利要求14所述的用于电子签名的系统,其中所述公共媒体进一步被配置用于存放由所述用户使用未到公布时间的密钥对数据进行的签名以及在到达所述公布时间时释放的密钥。A system for electronic signature according to claim 14, wherein said public medium is further configured to store a signature of said key pair data used by said user at a time of publication and upon arrival of said publication time The key that was released.
  20. 如权利要求14至19中任一项所述的用于电子签名的系统,其中所述初始化器还被配置用于为每一个密钥赋予时间为0的时间戳,并且所述系统还包括密钥创建模块,所述密钥创建模块被配置用于为所述用户创建另一组密钥。 A system for electronic signature according to any one of claims 14 to 19, wherein said initializer is further configured to assign a time stamp of time 0 to each key, and said system further comprises a secret A key creation module configured to create another set of keys for the user.
  21. 如权利要求20所述的用于电子签名的系统,其中所述密钥创建模块包括:The system for electronic signature of claim 20, wherein the key creation module comprises:
    划分模块,其被配置用于将未来的一个有限时间段分成若干连续的子有限时间段;以及a partitioning module configured to divide a future limited time period into a number of consecutive sub-finite time periods;
    第一子创建模块,其被配置用于针对每一个子有限时间段,创建公布时间要在其内的密钥。A first sub-creation module configured to create a key within which the publication time is to be made for each sub-finite period of time.
  22. 如权利要求21所述的用于电子签名的系统,其中所述第一子创建模块进一步被配置用于在存在至少一个未到公布时间的密钥时,创建公布时间在所述子有限时间段的下一个子有限时间段内的密钥。A system for electronic signature according to claim 21, wherein said first sub-creation module is further configured to create an announcement time during said sub-limited time period when there is at least one key that has not expired The key for the next sub-limited time period.
  23. 如权利要求20所述的用于电子签名的系统,其中所述密钥创建模块包括第二子创建模块,所述第二子创建模块被配置用于在r-1时间创建要在r+1,r+2,…,r+2s-1时间公布的密钥,其中r为当前时间,s为对log2r取整。A system for electronic signature according to claim 20, wherein said key creation module comprises a second sub-creation module configured to be created at r-1 time to be at r+1 , r+2,...,r+2 s-1 time published key, where r is the current time and s is rounded to log 2 r.
  24. 如权利要求21至23中任一项所述的用于电子签名的系统,其中所述密钥创建模块还包括:The system for electronic signature according to any one of claims 21 to 23, wherein the key creation module further comprises:
    签名模块,其被配置用于用所述用户的尚未到公布时间的密钥为新创建的密钥进行签名;和a signing module configured to sign the newly created key with a key of the user that has not yet reached the publication time; and
    放置模块,其被配置用于将所得的签名放在所述公共媒体上用于保持密钥的空间。A placement module is configured to place the resulting signature on the public medium for maintaining a space for the key.
  25. 如权利要求24所述的用于电子签名的系统,其中所述公共媒体中用于保持密钥的空间被划分成第一部分和第二部分,其中所述第一部分用于存放已验证的密钥和签名并且用户只可读取而不可写入,所述第二部分用于存放未经验证的密钥和签名且用户只可写入而不可读取;并且A system for electronic signature according to claim 24, wherein a space for holding a key in said common medium is divided into a first portion and a second portion, wherein said first portion is for storing a verified key And the signature and the user is only readable and not writable, the second part is for storing the unauthenticated key and signature and the user is only writable and not readable;
    所述放置模块包括:The placement module includes:
    写入模块,其被配置用于将所得的签名写入所述第二部分中;以及a write module configured to write the resulting signature into the second portion;
    转放模块,其被配置用于在所得的签名得到验证后将所得的签名从所述第二部分转放到所述第一部分中供用户读取。A transfer module configured to transfer the resulting signature from the second portion to the first portion for reading by the user after the resulting signature is verified.
  26. 如权利要求24所述的用于电子签名的系统,其中所述签名模块进一步被配置用于由可信第三方对新创建的密钥进行认证。A system for electronic signature as claimed in claim 24 wherein said signature module is further configured to authenticate the newly created key by a trusted third party.
  27. 一种用于创建签名的方法,包括:A method for creating a signature, including:
    用户从其密钥集中选择一个尚未到公布时间t的密钥;The user selects a key from its key set that has not yet reached the publication time t;
    使用所选择的密钥对数据进行签名;以及Sign the data with the selected key; and
    在时间t’将所得的签名放到公共媒体上,其中t’<t,并且所述公共媒体能够确保公布在其上的信息不可篡改。The resulting signature is placed on public media at time t', where t' < t, and the public media can ensure that the information published thereon cannot be tampered with.
  28. 如权利要求27所述的用于创建签名的方法,其中所述使用所选择的密钥对数据进行签名进一步包括形成hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥。A method for creating a signature as claimed in claim 27, wherein said signing the data using the selected key further comprises forming a hash (X, A, k), wherein X represents said data and A represents said User's user ID, and k indicates the selected key.
  29. 如权利要求27所述的用于创建签名的方法,其中所述使用所选择的密钥对数据进行签名进一步包括形成hash(A,k,X),其中X表示所述数据,A表示所述用户的用户标识,而k表示所选择的密钥。A method for creating a signature as claimed in claim 27, wherein said signing the data using the selected key further comprises forming a hash (A, k, X), wherein X represents said data and A represents said User's user ID, and k indicates the selected key.
  30. 如权利要求27至29中任一项所述的用于创建签名的方法,其中所述公共媒体为区块链。 A method for creating a signature according to any one of claims 27 to 29, wherein the public medium is a blockchain.
  31. 如权利要求27至29中任一项所述的用于创建签名的方法,其中所述公共媒体为带有时间戳的由可信第三方操作的公告牌。A method for creating a signature according to any one of claims 27 to 29, wherein the public medium is a time stamped bulletin board operated by a trusted third party.
  32. 如权利要求27至29中任一项所述的用于创建签名的方法,其中所述公共媒体为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。A method for creating a signature according to any one of claims 27 to 29, wherein the public medium is a write-only database, and each data block written in the write-only database is irrevocable and available to all users. A consensus has been reached.
  33. 一种用于验证签名的方法,所述签名是由用户用密钥对数据进行签名而得到的并且已在时间t’公布在公共媒体上,其中t’<t,并且t为所述密钥的公布时间,该方法包括:A method for verifying a signature obtained by a user signing data with a key and having been published on public media at time t', where t' < t and t is the key The time of publication, the method includes:
    验证所述密钥确为所述用户所有;Verify that the key is indeed owned by the user;
    检验在所述密钥的公布时间t所述密钥得以公布;Verifying that the key is published at the publication time t of the key;
    按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算;Calculating the data according to the published key according to the calculation manner of the signature;
    比较计算的所得值是否等于所述签名;以及Comparing whether the calculated value is equal to the signature;
    根据比较结果,确定所述签名的真实性。Based on the comparison result, the authenticity of the signature is determined.
  34. 如权利要求33所述的用于验证签名的方法,其中按照所述签名的计算方式根据公布的所述密钥对所述数据进行计算进一步包括:The method for verifying a signature according to claim 33, wherein calculating the data according to the published key according to the calculation manner of the signature further comprises:
    根据公布的所述密钥计算hash(X,A,k),其中X表示所述数据,A表示所述用户的用户标识,而k表示所述密钥。A hash (X, A, k) is calculated from the published key, where X represents the data, A represents the user identification of the user, and k represents the key.
  35. 如权利要求33所述的用于验证签名的方法,其中所述验证所述密钥确为所述用户所有进一步包括:A method for verifying a signature as claimed in claim 33, wherein said verifying said key is indeed all of said user further comprises:
    验证所述密钥的真实性;以及Verify the authenticity of the key;
    验证所述密钥是所述用户公布的。Verify that the key is published by the user.
  36. 如权利要求35所述的用于验证签名的方法,其中所述验证所述密钥的真实性进一步包括:验证所述密钥公布在所述公共媒体上的签名的真实性。The method for verifying a signature of claim 35, wherein said verifying authenticity of said key further comprises verifying authenticity of a signature of said key published on said public medium.
  37. 如权利要求35所述的用于验证签名的方法,其中所述验证所述密钥是所述用户公布的进一步包括:A method for verifying a signature as claimed in claim 35, wherein said verifying said key is published by said user further comprises:
    计算hash(k,A,t);Calculate hash(k,A,t);
    判断所计算的hash(k,A,t)是否等于所述公共媒体上公布的与所述密钥相对应的哈希值;以及Determining whether the calculated hash(k, A, t) is equal to a hash value corresponding to the key published on the public medium;
    在判断结果为相等的情况下,确定所述密钥是所述用户公布的。In the case where the judgment result is equal, it is determined that the key is published by the user.
  38. 如权利要求33至37中任一项所述的用于验证签名的方法,其中所述公共媒体为区块链。A method for verifying a signature according to any one of claims 33 to 37, wherein the public medium is a blockchain.
  39. 如权利要求33至37中任一项所述的用于验证签名的方法,其中所述公共媒体为带有时间戳的由可信第三方操作的公告牌。A method for verifying a signature according to any one of claims 33 to 37, wherein the public medium is a time stamped bulletin board operated by a trusted third party.
  40. 如权利要求33至37中任一项所述的用于验证签名的方法,其中所述公共媒体为只写数据库,并且写入所述只写数据库中的每个数据块不可撤回且在所有用户之间达成了共识。 A method for verifying a signature according to any one of claims 33 to 37, wherein said public medium is a write-only database, and each data block written in said write-only database is irrevocable and available to all users A consensus has been reached.
  41. 一种计算设备,包括处理器和存储器,其中所述存储器上存储有计算机程序指令,所述计算机程序指令在由所述处理器执行时实现如权利要求1至13中任一项所述的用于电子签名的方法和/或如权利要求27至32中任一项所述的用于创建签名的方法和/或如权利要求33至40中任一项所述的用于验证签名的方法。A computing device comprising a processor and a memory, wherein the memory stores computer program instructions that, when executed by the processor, implement the use of any one of claims 1 to The method for electronically signing and/or the method for creating a signature according to any one of claims 27 to 32 and/or the method for verifying a signature according to any one of claims 33 to 40.
  42. 一种机器可读存储介质,其上存储有计算机程序指令,其中所述计算机程序指令在由处理器执行时实现如权利要求1至13中任一项所述的用于电子签名的方法和/或如权利要求27至32中任一项所述的用于创建签名的方法和/或如权利要求33至40中任一项所述的用于验证签名的方法。 A machine readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method for electronic signature of any one of claims 1 to 13 and/or Or a method for creating a signature according to any one of claims 27 to 32 and/or a method for verifying a signature according to any one of claims 33 to 40.
PCT/CN2017/100685 2017-07-07 2017-09-06 Method and system for electronic signature WO2019006849A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201710553168.9 2017-07-07
CN201710555503.9 2017-07-07
CN201710555503 2017-07-07
CN201710553168 2017-07-07

Publications (1)

Publication Number Publication Date
WO2019006849A1 true WO2019006849A1 (en) 2019-01-10

Family

ID=64950444

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100685 WO2019006849A1 (en) 2017-07-07 2017-09-06 Method and system for electronic signature

Country Status (1)

Country Link
WO (1) WO2019006849A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100005318A1 (en) * 2008-07-02 2010-01-07 Akram Hosain Process for securing data in a storage unit
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN106897761A (en) * 2017-03-06 2017-06-27 山东渔翁信息技术股份有限公司 A kind of two-dimensional code generation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100005318A1 (en) * 2008-07-02 2010-01-07 Akram Hosain Process for securing data in a storage unit
CN103259660A (en) * 2013-04-15 2013-08-21 山东大学 Image authentication method based on phase retrieval and elliptic curve digital signature algorithm
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN106897761A (en) * 2017-03-06 2017-06-27 山东渔翁信息技术股份有限公司 A kind of two-dimensional code generation method and device

Similar Documents

Publication Publication Date Title
US11336464B2 (en) Identity authentication method and system, as well as computing device and storage medium
Li et al. Privacy preserving cloud data auditing with efficient key update
Tian et al. Dynamic-hash-table based public auditing for secure cloud storage
CN107403303B (en) Signing method of electronic contract system based on block chain deposit certificate
EP3130104B1 (en) System and method for sequential data signatures
CN106972931B (en) Method for transparentizing certificate in PKI
JP2023106528A (en) System and method for authenticating off-chain data based on proof verification
US20180337787A1 (en) Method and server for providing notary service for file and verifying file recorded by notary service
JP2020502857A5 (en)
US20180006826A1 (en) Public key infrastructure using blockchains
JP4783112B2 (en) Signature history storage device
US20180365448A1 (en) Method and server for providing notary service for file and verifying file recorded by notary service
TW202034251A (en) Methods and devices for testing signature verification for blockchain system
KR100635280B1 (en) Security method using electronic signature
CN111488134B (en) Public random number generation method and device based on block chain
JP7367230B2 (en) privacy signature
CN108540447B (en) Block chain-based certificate verification method and system
Wu et al. Privacy-preserving proof of storage for the pay-as-you-go business model
Vigil et al. The Notary Based PKI: A Lightweight PKI for Long-Term Signatures on Documents
CN115516817A (en) DSA threshold signature with secret sharing
EP3700122B1 (en) Method and device for electronic signature
CN110855442A (en) PKI (public key infrastructure) technology-based inter-device certificate verification method
WO2019006849A1 (en) Method and system for electronic signature
US20110158401A1 (en) System and method for signing electronic document
Divya et al. A COMBINED DATA STORAGE WITH ENCRYPTION AND KEYWORD BASED DATA RETRIEVAL USING SCDS-TM MODEL IN CLOUD

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17917126

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17917126

Country of ref document: EP

Kind code of ref document: A1