WO2020019341A1 - Method and device for processing blockchain account, and storage medium - Google Patents

Method and device for processing blockchain account, and storage medium Download PDF

Info

Publication number
WO2020019341A1
WO2020019341A1 PCT/CN2018/097647 CN2018097647W WO2020019341A1 WO 2020019341 A1 WO2020019341 A1 WO 2020019341A1 CN 2018097647 W CN2018097647 W CN 2018097647W WO 2020019341 A1 WO2020019341 A1 WO 2020019341A1
Authority
WO
WIPO (PCT)
Prior art keywords
quantum
account
public key
wallet address
generating
Prior art date
Application number
PCT/CN2018/097647
Other languages
French (fr)
Chinese (zh)
Inventor
袁振南
谈扬
Original Assignee
区链通网络有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 区链通网络有限公司 filed Critical 区链通网络有限公司
Priority to PCT/CN2018/097647 priority Critical patent/WO2020019341A1/en
Priority to CN201880002267.0A priority patent/CN109716375B/en
Publication of WO2020019341A1 publication Critical patent/WO2020019341A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0655Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed centrally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention proposes a method, a device, and a storage medium for processing a blockchain account, which are used to improve the security level of the blockchain account.
  • the invention also proposes a device for managing a blockchain quantum account, including:
  • the invention can preset two or more encryption algorithms in the blockchain system in advance to determine the currently available preferred encryption algorithm according to the specific situation, which is beneficial to the backward compatibility of the blockchain account and has a forward-looking Sex.
  • FIG. 1 is a schematic structural diagram of an embodiment of a blockchain account system according to the present invention
  • FIG. 3 is a schematic flowchart of an embodiment of an operation method of a blockchain application client invented
  • FIG. 4 is a schematic flowchart of another embodiment of a method for processing a blockchain account according to the present invention.
  • any full node 1011 in the blockchain network 101 deposits data or generates a contract
  • other nodes 1011 in the blockchain network 101 can also obtain the stored data or the generated contract according to the consensus algorithm, and save the data at the current node.
  • the same data is also stored in the block and the contract is stored in the contract list, so that the data stored on all nodes 1011 in the blockchain network 101 is consistent.
  • the terminal 102 used here includes both a wireless signal receiver device, which only has a wireless signal receiver device with no transmitting capability, and a device that receives and transmits hardware, which has A device that receives and transmits hardware on a two-way communication link.
  • a device may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display; a PCS (Personal Communications Service).
  • Step S20 Generate a random polynomial, and generate a quantum private key according to the random polynomial and the request;
  • Step S10 Obtain a request to generate a blockchain account.
  • the request may be initiated according to a user instruction, or may be initiated by a machine device.
  • the blockchain system can generate a data block to identify the user's identity, and the user can initiate a request to generate a blockchain account.
  • the blockchain account includes an external account or a contract account.
  • the external account is also called EOA or EOAs, which represents the identity of an external user or agent; the permissions of the external account are mainly controlled by the private key, that is, the external account has the information to view the wallet address on the blockchain using the public key, However, the transaction must be signed using the private key corresponding to the wallet address.
  • the contract account represents the account generated after the contract deployment is completed.
  • the blockchain system After obtaining the request, if the request includes a request to generate a key using the Falcon encryption algorithm, the blockchain system will randomly generate two random polynomials to be used as the short polynomial f of the NTRU encryption algorithm in the lattice-based digital signature scheme.
  • the NTRU encryption algorithm is a public key system proposed by three mathematics professors at Brown University in 1996. For details, please refer to the IEEE Std 1363.1 standard published in 2008.
  • the full name of the NTRU encryption system is Number, Theory, and Research Unit encryption system, which includes two parts of algorithms: one is using NTRUEncrypt in the IEEE Std 1363.1 standard, and the other is using NTRUSign for digital signature.
  • the method for obtaining the private key sk can be found in the standard Mathematical algorithm in the, or other related instructions on the NTRU encryption algorithm.
  • the NTRU encryption system can be used to prevent the generated blockchain public key and other information from being cracked by the Shor algorithm, and can significantly improve the computing performance of the blockchain.
  • a mnemonic word can also be generated to assist the user in remembering or saving the private key when creating a wallet address.
  • the BIP39 algorithm can be used to generate 12, 15, 18, 21, or 24 word strings, and then use the word string as the mnemonic word; and then use the BIP32 and BIP44 algorithms to generate the word string.
  • the generated quantum private key may be a 64-bit random number, for example a hexadecimal 64-bit character string.
  • the mnemonic may be another manifestation of a private key, and has the same authority as the private key, and is used for transactions in the blockchain.
  • Step S30 Generate the quantum public key by using the Falcon encryption algorithm for the quantum private key.
  • the Falcon encryption algorithm is a post-quantum cryptographic algorithm submitted to the National Institute of Standards and Technology (NIST) on November 30, 2017. Its characteristic is that the generated quantum public key is facing the Quantum computers can continue to ensure the security of blockchain accounts.
  • the Falcon encryption algorithm is an NTRU encryption system based on the Lattice digital signature scheme to establish an algorithm framework. After obtaining short polynomials f, g, F, and G, a binary or ternary Falcon structure tree can be established to obtain the quantum private For the quantum public key corresponding to the key, please refer to the post-quantum cryptographic algorithm submitted to NIST and other related descriptions of the Falcon encryption algorithm for the specific calculation method.
  • Step S40 Perform hash mapping and encoding on the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
  • the generated quantum wallet address can be used to receive data of transactions from other wallet addresses, and can also be used as a voucher to initiate a transaction.
  • Each of the quantum wallet addresses corresponds to a pair of public and private keys to ensure a user's operation authority over the quantum wallet address; the quantum wallet address may also correspond to a mnemonic word so that the user can pass the helper The word enters the quantum wallet address and obtains the same operation authority as the quantum private key.
  • This embodiment uses the Falcon encryption algorithm to generate the quantum public key, which can resist the quantum computer's cracking of the existing blockchain account system. Compared to the existing post-quantum cryptographic student-generated key, the generated public key of this embodiment The quantum public key is described, the storage space is smaller, the verification speed is faster, and the computational burden on the blockchain server is reduced.
  • the size of the storage space occupied by the quantum public key based on the Falcon encryption algorithm is 897B
  • the size of the storage space occupied by the quantum private key is 2 * 897B
  • the storage occupied by the signature is The size of the space is 617.38B, which is less than the size of the public or private key formed by existing post-quantum cryptographic students.
  • the account system based on Falcon encryption algorithm also has obvious advantages in efficiency;
  • the 128-bit security level on a desktop computer with an i7-6567U CPU (clocked at 3.3 GHz) is used as a parameter.
  • the embodiment of the present invention can generate 6081.9 signatures per second and 37175.3 signature verifications.
  • the quantum wallet address after generating the quantum wallet address, it may further include a step of backing up the quantum private key, which may be used to generate the mnemonic word so that a user can pass the mnemonic word Obtain the quantum private key or have the authority equivalent to the quantum private key.
  • a user after generating the quantum wallet address, a user may enter an instruction to generate a mnemonic word corresponding to the quantum wallet address, and enter a corresponding mnemonic password to obtain the mnemonic word.
  • the user private key is generally a series of uppercase and lowercase characters without language meaning, which is difficult to remember.
  • the step of backing up the quantum private key in this embodiment can generate a set of mnemonic words that are easy to remember, such as multiple A word string, so that when the user does not have a private key, the user can obtain the operation authority of the quantum wallet address through an easy-to-remember mnemonic word.
  • the present invention also provides a second embodiment. After the request for generating a blockchain account, the method further includes:
  • the present invention also proposes a third embodiment: after the request for obtaining and generating a blockchain account, the method further includes:
  • the request may include the steps of generating a second random number and generating a second private key according to the second random number.
  • the quantum account generated by the present invention can be used as a backup quantum account of a non-quantum account, so as to upgrade the non-quantum account corresponding to the second encryption algorithm to the quantum account of the present invention according to specific conditions, thereby guaranteeing the existing non-quantum account Security.
  • the second encryption algorithm may be the aforementioned non-quantum computer-resistant algorithm, or an algorithm with a security level equal to or higher than the Falcon encryption algorithm.
  • two or more encryption algorithms can be preset in the system framework to determine the currently preferred encryption algorithm according to specific conditions; when the security level of the second encryption algorithm is higher than the In the Falcon encryption algorithm, in this embodiment, the second encryption algorithm may also be selected to further improve the security level of the quantum account based on the Falcon encryption algorithm.
  • the system confirms which encryption algorithm is adopted, which is beneficial to the backward compatibility of the blockchain account and is forward-looking.
  • the present invention provides another embodiment of a method for processing a blockchain account. This embodiment further includes the following steps:
  • the account balance in the elliptic curve wallet address is transferred to the quantum wallet address, or the account balance in the quantum wallet address is transferred to the elliptic curve wallet address.
  • the obtained transfer instruction is to transfer the account balance in the quantum wallet address to the second wallet address, if the security level of the second account is equal to or higher than the quantum account corresponding to the Falcon encryption algorithm, Then the present invention can provide another quantum account solution for the quantum account to meet different requirements, or further improve the security level of the quantum account.
  • the account balance of each wallet address is transferred to the quantum wallet address.
  • the transfer instruction may be initiated by a user or a blockchain system.
  • Each wallet address to obtain a local account can be based on the data storage directory of the local blockchain, for example: query all local accounts generated based on the secp256k1 encryption algorithm, and transfer the account balances of the wallet addresses corresponding to all the local accounts that are queried to the said Quantum wallet address.
  • the local account described in this embodiment may include an account generated based on the secp256k1 encryption algorithm, and may also include a blockchain account generated by other existing encryption algorithms.
  • the local account can be selected by the user or the system upgrade
  • the account balance of each wallet address is transferred to the quantum wallet address, which improves the security of the quantum computer that can resist the existing blockchain account.
  • the account balance of each wallet address is transferred to the second wallet address.
  • the balance in the quantum wallet address can be transferred to a second wallet address with a higher security level, which further improves the security of the quantum wallet address.
  • transferring the account balance of each wallet address to the quantum wallet address may further include the following steps:
  • the transfer instruction determine whether the transaction data corresponding to the transaction of account balance transfer of each wallet address exceeds a preset size, and if it exceeds the preset size, the transaction is split into multiple transactions and transferred to the quantum Wallet address.
  • the present invention also provides a specific embodiment of a method for processing a blockchain account.
  • the user's account uses a coexistence scheme of the existing secp256k1 encryption algorithm and the quantum-resistant Falcon encryption algorithm; the user may In the current specific case, choose to generate a wallet address corresponding to the secp256k1 encryption algorithm, or choose to generate a quantum wallet address corresponding to the Falcon encryption algorithm.
  • the specific flowchart is shown in Figure 5.
  • the blockchain system can use the secp256k1 encryption algorithm by default; the quantum wallet address generation based on the Falcon encryption algorithm can be implemented by the user through the command line or specified by the corresponding wallet instruction generate.
  • Step S10 Obtain a request to generate a blockchain account
  • Step S21 confirm the encryption algorithm of the private key and the encryption algorithm of the public key according to the request
  • Step S22 Generate a private key according to the encryption algorithm of the private key
  • Step S41 calculating a SHA-256 hash value of the public key
  • Step S42 calculating a RIPEMD-160 hash value according to the SHA-256 hash value
  • Step S43 hash the RIPEMD-160 hash value again, and add an address version number before the string of the operation result to obtain a public key hash value with the address version number; the address version number includes characters A or FALCON;
  • Step S44 Perform two SHA256 calculations on the public key hash value to obtain the first four bytes of the calculation result, and add the four bytes to the back of the public key hash value to obtain a check digit.
  • Hash of the public key
  • Step S45 BASE58Code encode the hash value of the public key with the check digit
  • Step S46 Use the encoding result as the wallet address of the blockchain.
  • the request may be a command line entered by a user, for example, when a user enters the following command line on a client:
  • a secp256k1 encryption algorithm may be called to generate an elliptic curve private key and an elliptic curve public key, and convert the elliptic curve public key into an elliptic curve wallet address and return.
  • a falcon encryption algorithm may be called to generate the quantum private key and the quantum public key, and the quantum public key is converted into the quantum wallet address and returned.
  • wallet addresses obtained by using the secp256k1 encryption algorithm and the Falcon encryption algorithm may be distinguished by using different prefixes.
  • step S43 if the obtained operation result is JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX, the wallet address obtained based on the secp256k1 encryption algorithm is added with the prefix A to obtain:
  • the account balance can be based on the user's Transaction output query, that is, query based on UTXO (Unspent Transaction Output), or query based on account.
  • UTXO Unspent Transaction Output
  • the account balance is packaged into a transaction, and the balances of all accounts with account balances greater than zero are sent to a quantum wallet address based on the falcon encryption algorithm, and the private key of each account based on the secp256k1 encryption algorithm is used to sign the transaction. Data is sent to other nodes in the blockchain network.
  • the transaction process if the transaction data of a transaction is too large, it will be split and packaged into multiple transactions and sent to other nodes in the blockchain network.
  • Falcon-based encryption algorithm is used to provide quantum-resistant security.
  • Falcon encryption algorithm occupies a small amount of storage space, which can ensure quantum-resistant security while minimizing the area.
  • the impact of the amount of transaction concurrency on the blockchain network; the efficiency advantage of blockchain accounts based on the Falcon encryption algorithm also improves the transaction processing efficiency of the blockchain network.
  • the blockchain account can use the secp256k1 encryption algorithm by default. Compared with the direct use of the falcon encryption algorithm, it can reduce the storage space and help maintain the existing blockchain network. The amount of concurrent transactions reduces the storage space occupied by blockchain data, and does not adversely affect the security of user accounts.
  • the wallet address obtained by using the secp256k1 encryption algorithm and the falcon encryption algorithm can use different address formats to prevent users from making mistakes and making incorrect transfers.
  • the account balance transfer command can be set as a key to achieve a one-click transfer of the balance on the user account based on the secp256k1 encryption algorithm to a quantum account address based on the Falcon encryption algorithm, which facilitates the user account system. Safe transition to the post-quantum era.
  • the invention also proposes a device for managing a blockchain quantum account.
  • the device includes:
  • a public key generation module configured to generate a quantum public key by using the Falcon encryption algorithm for the quantum private key
  • An embodiment of the present invention further provides a computer-readable storage medium having a computer program stored thereon, which is executed by a processor to implement a method for processing a blockchain account according to any one of the above.
  • the storage medium includes, but is not limited to, any type of disk (including a floppy disk, a hard disk, an optical disk, a CD-ROM, and a magneto-optical disk), a ROM (Read-Only Memory), a RAM (Random Access Memory), and then Memory), EPROM (Erasable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card That is, the storage medium includes any medium that stores or transfers information in a readable form by a device (for example, a computer). It can be read-only memory, magnetic disk or optical disk, etc.
  • the functional units in the embodiments of the present invention may be integrated into one processing module, or each of the units may exist separately physically, or two or more units may be integrated into one module.
  • the above integrated modules may be implemented in the form of hardware or software functional modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided are a method and device for processing a blockchain account, and a storage medium. The method for processing a blockchain account comprises: receiving a request to create a blockchain account; generating a random polynomial, and generating a quantum private key according to the random polynomial and the request; generating a quantum public key from the quantum private key by means of Falcon, a cryptographic algorithm; and performing hash mapping and encoding on the quantum public key to obtain an address of a quantum wallet corresponding to the quantum public key. In the invention, a quantum public key is generated by means of Falcon, a cryptographic algorithm, thereby increasing a security level of a blockchain account, and enhancing resistance of existing blockchain account systems to attacks by quantum computers. Compared with cipher keys generated employing existing post-quantum cryptographic algorithms, a quantum private key and a quantum public key generated using the present invention occupy less storage space, enable faster signing and authentication, and reduce an operation load for a blockchain server.

Description

区块链账户的处理方法、装置和存储介质Processing method, device and storage medium of blockchain account 技术领域Technical field
本发明涉及计算机技术领域,具体而言,本发明涉及一种区块链账户的处理方法、装置和存储介质。The present invention relates to the field of computer technology, and in particular, the present invention relates to a method, a device, and a storage medium for processing a blockchain account.
背景技术Background technique
随着计算机计算能力的提高,为确保安全性,公钥密码的密码长度一直在增加。密钥长度增加后,现有的公钥密码需要在更大的有限域内进行指数运算操作,从而使得现有的公钥密码在生成密钥和解开密钥的效率方面问题更加突出。椭圆曲线密钥算法(Elliptic curve cryptosystems)是一种复杂度更高但密钥长度更短的加密算法,目前的区块链的账户系统主要采用基于椭圆曲线离散对数的secp256k1曲线的参数,如比特币和以太坊。Secp256k1是椭圆曲线数字签名算法曲线的参数,并且在高效密码学标准(Certicom Research)中进行了定义。With the increase of computing power of computers, the password length of public key passwords has been increasing to ensure security. After the key length is increased, the existing public key password needs to perform exponential operation in a larger limited domain, so that the existing public key password has more prominent problems in the efficiency of generating and unlocking keys. Elliptic curve cryptosystems are a kind of encryption algorithm with higher complexity but shorter key length. The current blockchain account system mainly uses the parameters of the secp256k1 curve based on the elliptic curve discrete logarithm, such as Bitcoin and Ethereum. Secp256k1 is a parameter of the elliptic curve digital signature algorithm curve, and it is defined in the high-efficiency cryptography standard (Certicom Research).
但是,根据舒尔算法(Shor's algorithm算法,简称Shor算法),大规模的量子计算机可攻破目前基于数字理论的非对称加密和数字签名算法的公钥账户系统,包括基于离散对数、椭圆曲线离散对数、RSA等加密算法的账户系统。RSA加密算法是1977年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)三人提出的,故采用他们三人姓氏首字母的组合RSA作为该算法的名称。尽管目前还没有大规模成熟的量子计算机,但是各国家,大型互联网企业都在积极发展量子计算机。区块链中的账户系统涉及到用户的虚拟财产安全,为了能够应对将来出现的量子危机,保护用户虚拟财产的安全,区块链中需要设计一套可以抵抗量子计算机攻击的账户系统。However, according to Shor's algorithm (Shor's algorithm), large-scale quantum computers can break public key account systems based on current digital theory asymmetric encryption and digital signature algorithms, including discrete logarithmic and elliptic curve discrete Account system for logarithmic, RSA and other encryption algorithms. The RSA encryption algorithm was proposed by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977, so their three surnames were used. The initial combination of RSA is the name of the algorithm. Although there is no large-scale mature quantum computer at present, large-scale Internet companies in various countries are actively developing quantum computers. The account system in the blockchain involves the security of the user's virtual property. In order to be able to cope with the future quantum crisis and protect the security of the user's virtual property, the blockchain needs to design an account system that can resist quantum computer attacks.
可抗量子的公钥密码学,也称为后量子密码学,主要分为如下四大类:1)基于格的密码(Lattice-based);2)基于哈希的密码(Hash-based);3)基于编码(纠错码)的密码(Code-based);4)多变量公钥密码学(Multivariate Public Key Cryptography)。这些后量子密码学应用到区块链系统时,具有以下问题:Quantum resistant public key cryptography, also known as post-quantum cryptography, is mainly divided into the following four categories: 1) Lattice-based; 2) Hash-based; 3) Code-based; 4) Multivariate Public Key Cryptography. When applied to blockchain systems, these post-quantum cryptography have the following problems:
1、生成的密钥占用存储空间过大;后量子密码学很多方案的公私钥都超过10KByte,基于编码的密钥有些甚至超过1Mbyte,远大于相同安全级别的secp256k1(其公钥为32字节)。1. The generated key occupies too much storage space; the public and private keys of many schemes in post-quantum cryptography exceed 10KByte, and some of the keys based on encoding are even more than 1Mbyte, which is much larger than secp256k1 (the public key is 32 bytes) ).
2、性能消耗过大;生成的密钥优化了存储方案后,往往存在性能过低的问题,导致签名和验证的速度降低。2. Excessive performance consumption. After the generated key is optimized for the storage scheme, there is often a problem of low performance, resulting in a reduction in the speed of signing and verification.
3、安全性问题;很多方案并不能完全规约到基础的困难问题,缺乏最坏情况的可证明安全性,部分方案可被基于硬件的攻击攻破。3. Security issues; many schemes cannot fully reduce to basic difficulties, lack of worst-case provable security, and some schemes can be broken by hardware-based attacks.
发明内容Summary of the Invention
本发明针对现有方式的缺点,提出一种区块链账户的处理方法、装置和存储介质,用于提高区块链账户的安全级别。In view of the shortcomings of the existing methods, the present invention proposes a method, a device, and a storage medium for processing a blockchain account, which are used to improve the security level of the blockchain account.
本发明提出的区块链账户的处理方法,包括如下步骤:The method for processing a blockchain account provided by the present invention includes the following steps:
获取生成区块链账户的请求;Get a request to generate a blockchain account;
生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;Generating a random polynomial, and generating a quantum private key according to the random polynomial and the request;
将所述量子私钥通过Falcon加密算法生成量子公钥;Generating the quantum public key by using the quantum private key through a Falcon encryption algorithm;
对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。Hash map and encode the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
优选地,所述获取生成区块链账户的请求之后,还包括:Preferably, after the request for obtaining and generating a blockchain account, the method further includes:
生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥;Generating a random number, and generating an elliptic curve private key according to the random number and the request;
将所述椭圆曲线私钥通过secp256k1加密算法生成椭圆曲线公钥;Generating the elliptic curve public key by using the secp256k1 encryption algorithm of the elliptic curve private key;
对所述椭圆曲线公钥进行哈希映射与编码,得到与所述椭圆曲线公钥对应的椭圆曲线钱包地址。Hash map and encode the elliptic curve public key to obtain an elliptic curve wallet address corresponding to the elliptic curve public key.
优选地,所述获取生成区块链账户的请求之后,还包括:Preferably, after the request for obtaining and generating a blockchain account, the method further includes:
确认系统使用Falcon加密算法还是secp256k1加密算法;Confirm whether the system uses Falcon encryption algorithm or secp256k1 encryption algorithm;
若系统使用Falcon加密算法,继续所述将所述生成随机多项式,根据所述随机多项式与所述请求生成量子私钥的步骤;If the system uses a Falcon encryption algorithm, continue with the steps of generating a random polynomial and generating a quantum private key according to the random polynomial and the request;
若系统使用secp256k1加密算法,继续所述生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥的步骤。If the system uses the secp256k1 encryption algorithm, the steps of generating a random number and generating an elliptic curve private key according to the random number and the request are continued.
优选地,所述区块链账户的处理方法还包括:Preferably, the method for processing a blockchain account further includes:
获取转账指令;Get transfer instructions;
根据所述转账指令,将所述椭圆曲线钱包地址内的账户余额转移至所述量子钱包地址,或将所述量子钱包地址内的账户余额转移至所述椭圆曲线钱包地址。According to the transfer instruction, the account balance in the elliptic curve wallet address is transferred to the quantum wallet address, or the account balance in the quantum wallet address is transferred to the elliptic curve wallet address.
优选地,所述区块链账户的处理方法还包括:Preferably, the method for processing a blockchain account further includes:
获取转账指令;Get transfer instructions;
获取本地账户的每一个钱包地址;Get each wallet address of the local account;
根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址。According to the transfer instruction, the account balance of each wallet address is transferred to the quantum wallet address.
优选地,所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量 子钱包地址,包括:Preferably, the transferring the account balance of each wallet address to the quantum wallet address according to the transfer instruction includes:
历遍所有与所述本地账户对应的钱包地址,查询所述对应的钱包地址内的账户余额;Traverse all wallet addresses corresponding to the local account, and query the account balance in the corresponding wallet address;
将所述账户余额大于零的钱包地址内的账户余额转移至所述量子钱包地址。Transferring the account balance in the wallet address with the account balance greater than zero to the quantum wallet address.
优选地,所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址,包括:Preferably, the transferring the account balance of each wallet address to the quantum wallet address according to the transfer instruction includes:
根据所述转账指令,判断每一个钱包地址的账户余额转移的交易对应的交易数据是否超过预设大小,若超过预设大小,则将所述交易拆分为多笔交易,转移至所述量子钱包地址。According to the transfer instruction, determine whether the transaction data corresponding to the transaction of account balance transfer of each wallet address exceeds a preset size, and if it exceeds the preset size, the transaction is split into multiple transactions and transferred to the quantum Wallet address.
优选地,所述将所述量子私钥通过Falcon加密算法生成量子公钥,包括:Preferably, generating the quantum public key by using the Falcon encryption algorithm for the quantum private key includes:
接收量子公钥生成指令;Receiving quantum public key generation instructions;
根据所述量子公钥生成指令,将所述量子私钥通过Falcon加密算法生成量子公钥。According to the quantum public key generating instruction, the quantum private key is generated by a Falcon encryption algorithm.
优选地,所述获取生成区块链账户的请求之后,还包括:Preferably, after the request for obtaining and generating a blockchain account, the method further includes:
根据所述请求,随机生成第二随机数或第二随机多项式;Generating a second random number or a second random polynomial randomly according to the request;
根据所述第二随机数或第二随机多项式生成第二私钥;Generating a second private key according to the second random number or the second random polynomial;
将所述第二私钥通过与所述Falcon加密算法不同的第二加密算法生成第二公钥;Generating a second public key by using the second private key with a second encryption algorithm different from the Falcon encryption algorithm;
对所述第二公钥进行哈希映射与编码,得到与所述第二公钥对应的第二钱包地址。Hash map and encode the second public key to obtain a second wallet address corresponding to the second public key.
本发明还提出一种管理区块链量子账户的装置,包括:The invention also proposes a device for managing a blockchain quantum account, including:
获取模块,用于获取生成区块链账户的请求;An acquisition module for acquiring a request to generate a blockchain account;
密钥生成模块,用于生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;A key generation module, configured to generate a random polynomial, and generate a quantum private key according to the random polynomial and the request;
公钥生成模块,用于将所述量子私钥通过Falcon加密算法生成量子公钥;A public key generation module, configured to generate a quantum public key by using the Falcon encryption algorithm for the quantum private key;
钱包地址生成模块,用于对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。A wallet address generation module is configured to hash map and encode the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
本发明还提出一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现前述任意一项所述的区块链账户的处理方法。The present invention also proposes a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the method for processing a blockchain account according to any one of the foregoing is implemented.
本发明具有以下有益效果:The invention has the following beneficial effects:
1、本发明通过Falcon加密算法生成所述量子公钥,提高了区块链账户的安全 性能,可抵抗量子计算机对现有区块链账户系统的破解;相比于现有的后量子密码学生成的密钥,本发明生成的所述量子私钥与所述量子公钥,存储空间更小,签名、验证速度更快,也减小了对区块链服务器造成的运算负担。1. The present invention generates the quantum public key through the Falcon encryption algorithm, which improves the security performance of the blockchain account and can resist the quantum computer's cracking of the existing blockchain account system; compared with existing post-quantum cryptography students The generated secret key, the quantum private key and the quantum public key generated by the present invention have smaller storage space, faster signature and verification speed, and reduce the computational burden on the blockchain server.
2、本发明可采用基于secp256k1加密算法生成椭圆曲线私钥与椭圆曲线公钥,以在保障区块链账户安全性的前提下,提高区块链的加密与解密速度,并降低对区块链服务器运算性能的要求;本发明也可同时采用secp256k1加密算法与所述Falcon加密算法,以提高采用secp256k1加密算法的区块链账户的安全级别。2. The present invention can generate an elliptic curve private key and an elliptic curve public key based on the secp256k1 encryption algorithm to improve the encryption and decryption speed of the blockchain and reduce the blockchain on the premise of ensuring the security of the blockchain account. Requirements for server computing performance; the present invention can also use the secp256k1 encryption algorithm and the Falcon encryption algorithm at the same time to improve the security level of a blockchain account that uses the secp256k1 encryption algorithm.
3、本发明可预先在区块链系统中预设两种或两种以上的加密算法,以根据具体情况确定当前可采用的优选加密算法,有利于区块链账户的向后兼容,具有前瞻性。3. The invention can preset two or more encryption algorithms in the blockchain system in advance to determine the currently available preferred encryption algorithm according to the specific situation, which is beneficial to the backward compatibility of the blockchain account and has a forward-looking Sex.
本发明附加的方面和优点将在下面的描述中部分给出,这些将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the present invention will be given in part in the following description, which will become apparent from the following description or be learned through the practice of the present invention.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and / or additional aspects and advantages of the present invention will become apparent and easily understood from the following description of the embodiments with reference to the accompanying drawings, in which:
图1为本发明区块链账户系统一个实施例的结构示意图;FIG. 1 is a schematic structural diagram of an embodiment of a blockchain account system according to the present invention;
图2为本发明区块链账户的处理方法第一实施例的流程示意图;2 is a schematic flowchart of a first embodiment of a method for processing a blockchain account according to the present invention;
图3为发明区块链应用客户端的操作方法实施例的简要流程图;3 is a schematic flowchart of an embodiment of an operation method of a blockchain application client invented;
图4为本发明区块链账户的处理方法另一实施例的流程示意图;4 is a schematic flowchart of another embodiment of a method for processing a blockchain account according to the present invention;
图5为本发明区块链账户的处理方法又一实施例的流程示意图。FIG. 5 is a schematic flowchart of another embodiment of a method for processing a blockchain account according to the present invention.
具体实施方式detailed description
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。Hereinafter, embodiments of the present invention will be described in detail. Examples of the embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals represent the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are exemplary and are only used to explain the present invention, but not to limit the present invention.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式,这里使用的“第一”、“第二”仅用于区别同一技术特征,并不对该技术特征的顺序和数量等加以限定。应该进一步理解的是,本发明的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。Those skilled in the art can understand that, unless specifically stated, the singular forms "a", "an", "the" and "the" may include plural forms, and the "first" and "second" used herein "It is only used to distinguish the same technical feature, and does not limit the order and number of such technical features. It should be further understood that the term "including" used in the description of the present invention refers to the presence of the described features, integers, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components, and / or groups thereof.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本发明所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It should also be understood that terms such as those defined in the general dictionary should be understood to have meanings consistent with the meanings in the context of the prior art, and unless specifically defined like this, they would not be idealized or overly Formal meaning to explain.
本发明所述的管理区块链量子账户的方法可应用于如图1所示的硬件环境实施例中,为了便于说明,仅示出了与本发明实施例相关的部分。本发明中的账户系统包括区块链网络101和多个终端102,区块链网络101用于管理外部账户或合约账户在区块链中的账户资源,以及存储区块链账户的交互信息和合约信息。区块链网络101中包括多个全节点1011,每个全节点1011可对应一个或一组服务器;所述多个全节点1011可按照时间顺序存储同一个区块链数据。终端102指区块链网络101所连接的用户所在的终端,用于与区块链网络101进行交互,例如SPV轻钱包所在的终端,可为用户生成区块链账户、存储区块链账户信息,并可向其它区块链账户转移账户资源等;所述账户资源包括虚拟的账户余额。用户账户或本地账户包括通过终端102登录的用户所关联的账户;所述账户中可存储用户可交易的区块链资源,例如网银中货币资源的账户余额、比特币的账户余额等。用户可通过终端102生成对应的私钥、公钥和钱包地址,并将所述公钥和钱包地址通知区块链网络101。当用户输入转账指令时,区块链网络101可验证该转账交易的合法性、广播该转账交易,并将交易记录写入区块链区块中。The method for managing a quantum account of a blockchain according to the present invention can be applied to the embodiment of the hardware environment as shown in FIG. 1. For convenience of explanation, only parts related to the embodiment of the present invention are shown. The account system in the present invention includes a blockchain network 101 and a plurality of terminals 102. The blockchain network 101 is used to manage account resources of external accounts or contract accounts in the blockchain, and to store interactive information of blockchain accounts and Contract information. The blockchain network 101 includes multiple full nodes 1011, each full node 1011 may correspond to one or a group of servers; the multiple full nodes 1011 may store the same blockchain data in chronological order. Terminal 102 refers to the terminal where the user connected to the blockchain network 101 is used to interact with the blockchain network 101. For example, the terminal where the SPV light wallet is located can generate a blockchain account for users and store blockchain account information , And can transfer account resources to other blockchain accounts; the account resources include virtual account balances. A user account or a local account includes an account associated with a user logged in through the terminal 102; the account may store blockchain resources that the user can trade, such as an account balance of a currency resource in online banking, an account balance of Bitcoin, and the like. The user may generate the corresponding private key, public key, and wallet address through the terminal 102, and notify the blockchain network 101 of the public key and wallet address. When a user enters a transfer instruction, the blockchain network 101 can verify the legality of the transfer transaction, broadcast the transfer transaction, and write the transaction record into the blockchain block.
当区块链网络101中的任意一个全节点1011存入数据或生成合约时,该区块链网络101中的其它节点1011亦可根据共识算法获取存入数据或生成的合约,并在当前节点的区块中也存入同样的数据,以及在合约列表中存入所述合约,使得区块链网络101中所有节点1011上存储的数据保持一致。When any full node 1011 in the blockchain network 101 deposits data or generates a contract, other nodes 1011 in the blockchain network 101 can also obtain the stored data or the generated contract according to the consensus algorithm, and save the data at the current node. The same data is also stored in the block and the contract is stored in the contract list, so that the data stored on all nodes 1011 in the blockchain network 101 is consistent.
本技术领域技术人员可以理解,这里所使用的终端102既包括无线信号接收器的设备,其仅具备无发射能力的无线信号接收器的设备,又包括接收和发射硬件的设备,其具有能够在双向通信链路上,执行双向通信的接收和发射硬件的设备。这种设备可以包括:蜂窝或其他通信设备,其具有单线路显示器或多线路显示器或没有多线路显示器的蜂窝或其他通信设备;PCS(Personal Communications Service,个人通信系统)。这里所使用的“终端”、还可以是通信终端、上网终端、音乐/视频播放终端,例如可以是PDA、MID(Mobile Internet Device,移动互联网设备)和/或移动电话,也可以是智能电视、机顶盒等设备。Those skilled in the art can understand that the terminal 102 used here includes both a wireless signal receiver device, which only has a wireless signal receiver device with no transmitting capability, and a device that receives and transmits hardware, which has A device that receives and transmits hardware on a two-way communication link. Such a device may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display; a PCS (Personal Communications Service). The "terminal" used herein may also be a communication terminal, an Internet terminal, or a music / video player terminal, such as a PDA, a Mobile Internet Device (MID) and / or a mobile phone, or a smart TV, Set-top boxes and other equipment.
如图2所示的第一实施例,本发明提出一种区块链量子账户生成方法,用于提高现有区块链账户系统的安全级别。该区块链量子账户生成方法包括如下步骤:As shown in the first embodiment shown in FIG. 2, the present invention proposes a method for generating a blockchain quantum account, which is used to improve the security level of an existing blockchain account system. The blockchain quantum account generation method includes the following steps:
步骤S10:获取生成区块链账户的请求。Step S10: Obtain a request to generate a blockchain account.
步骤S20:生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;Step S20: Generate a random polynomial, and generate a quantum private key according to the random polynomial and the request;
步骤S30:将所述量子私钥通过Falcon加密算法生成量子公钥;Step S30: Generate the quantum public key by using the Falcon encryption algorithm on the quantum private key.
步骤S40:对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。Step S40: Perform hash mapping and encoding on the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
其中,每个步骤具体如下:Each step is as follows:
步骤S10:获取生成区块链账户的请求。Step S10: Obtain a request to generate a blockchain account.
所述请求可根据用户指令发起,亦可由机器设备发起。例如,用户在区块链系统上注册后,区块链系统可产生数据块用于标识该用户的身份,该用户可发起生成区块链账户的请求。所述区块链账户包括外部账户或合约账户。所述外部账户又称为EOA或EOAs,代表着外部用户或代理人的身份;外部账户的权限主要由私钥控制,即:外部账户具有运用公钥查看区块链上的钱包地址的信息,但是交易时,必须使用与该钱包地址对应的私钥来签署交易。合约账户代表着完成合约部署后生成的账号,合约账号内存放了用于完成预定的合约服务的代码;外部账号亦可调用合约账号,以完成区块链数据操作。外部账户内一般存有账户余额,合约账户内一般既可以有余额也可以储存有合约。生成的区块链账户的类型可根据所述请求确定,生成的各账户之间可通过转账或触发合约代码的方式进行交易。The request may be initiated according to a user instruction, or may be initiated by a machine device. For example, after a user registers on the blockchain system, the blockchain system can generate a data block to identify the user's identity, and the user can initiate a request to generate a blockchain account. The blockchain account includes an external account or a contract account. The external account is also called EOA or EOAs, which represents the identity of an external user or agent; the permissions of the external account are mainly controlled by the private key, that is, the external account has the information to view the wallet address on the blockchain using the public key, However, the transaction must be signed using the private key corresponding to the wallet address. The contract account represents the account generated after the contract deployment is completed. The contract account stores the code used to complete the predetermined contract service; the external account can also call the contract account to complete the blockchain data operation. Account balances are generally stored in external accounts, and both contract balances and contracts can be stored in contract accounts. The type of the generated blockchain account can be determined according to the request, and the generated accounts can be transacted by transferring funds or triggering contract codes.
步骤S20:生成随机多项式,根据所述随机多项式与所述请求生成量子私钥。Step S20: Generate a random polynomial, and generate a quantum private key according to the random polynomial and the request.
获取所述请求后,若所述请求包括利用Falcon加密算法生成密钥的请求,则区块链系统将随机生成两个随机多项式,以分别作为格基数字签名方案中NTRU加密算法的短多项式f和短多项式g;所述短多项式f和短多项式g符合NTRU加密算法的预设条件后,则继续根据所述NTRU加密算法得到短多项式F和短多项式G,且使短多项式f、g、F和G满足NTRU加密算法的等式条件;然后对短多项式f、g、F和G进行格式化、施密特正交化等数学处理,得到生成私钥的算法。After obtaining the request, if the request includes a request to generate a key using the Falcon encryption algorithm, the blockchain system will randomly generate two random polynomials to be used as the short polynomial f of the NTRU encryption algorithm in the lattice-based digital signature scheme. And the short polynomial g; after the short polynomial f and the short polynomial g meet the preset conditions of the NTRU encryption algorithm, then continue to obtain the short polynomial F and the short polynomial G according to the NTRU encryption algorithm, and make the short polynomials f, g, F And G satisfy the equality conditions of the NTRU encryption algorithm; then the short polynomials f, g, F, and G are formatted, Schmidt orthogonalization, and other mathematical processing to obtain the algorithm for generating the private key.
NTRU加密算法是1996年美国布朗大学三位数学教授提出的公开密钥体制,具体内容可参见发布于2008年的IEEE Std 1363.1标准。NTRU加密系统全称为Number Theory Research Unit加密系统,包括两部分算法:一个是利用IEEE Std 1363.1标准中的NTRUEncrypt加密,另一个是利用NTRUSign进行数字签名,其中得到私钥sk的方法可参见所述标准中的数学算法,或其它关于NTRU加密算法的相关说明。采用NTRU加密 系统可以防止生成的区块链公钥等信息被Shor算法破解,并可显著提升区块链的运算性能。The NTRU encryption algorithm is a public key system proposed by three mathematics professors at Brown University in 1996. For details, please refer to the IEEE Std 1363.1 standard published in 2008. The full name of the NTRU encryption system is Number, Theory, and Research Unit encryption system, which includes two parts of algorithms: one is using NTRUEncrypt in the IEEE Std 1363.1 standard, and the other is using NTRUSign for digital signature. The method for obtaining the private key sk can be found in the standard Mathematical algorithm in the, or other related instructions on the NTRU encryption algorithm. The NTRU encryption system can be used to prevent the generated blockchain public key and other information from being cracked by the Shor algorithm, and can significantly improve the computing performance of the blockchain.
为方便用户使用,生成所述量子私钥时,还可生成助记词,以在创建钱包地址时,协助用户记忆或保存私钥。例如生成私钥时,可采用BIP39算法生成12,15,18,21或24个单词串,再将该单词串作为所述助记词;再将所述助记词通过BIP32和BIP44算法生成所述量子私钥,生成的所述量子私钥可以是一个64位的随机数,例如为16进制的64位字符串。所述助记词可为私钥的另一个表现形式,且与所述私钥具有同等的权限,以用于区块链中的交易。For the convenience of users, when generating the quantum private key, a mnemonic word can also be generated to assist the user in remembering or saving the private key when creating a wallet address. For example, when generating the private key, the BIP39 algorithm can be used to generate 12, 15, 18, 21, or 24 word strings, and then use the word string as the mnemonic word; and then use the BIP32 and BIP44 algorithms to generate the word string. Said quantum private key, the generated quantum private key may be a 64-bit random number, for example a hexadecimal 64-bit character string. The mnemonic may be another manifestation of a private key, and has the same authority as the private key, and is used for transactions in the blockchain.
步骤S30:将所述量子私钥通过Falcon加密算法生成量子公钥。Step S30: Generate the quantum public key by using the Falcon encryption algorithm for the quantum private key.
Falcon加密算法为2017年11月30日提交给美国国家标准与技术研究院(National Institute of Standards and Technology,简称NIST)的后量子密码学算法,其特点是生成的所述量子公钥在面对量子计算机时,可继续确保区块链账户的安全。Falcon加密算法是基于格基数字签名方案的NTRU加密系统建立算法框架,当得到短多项式f、g、F和G后,可建立二进制或三进制的Falcon结构树,以得到与所述量子私钥对应的量子公钥,其具体计算方式可参见提交至NIST的所述后量子密码学算法以及其它关于Falcon加密算法的相关说明。The Falcon encryption algorithm is a post-quantum cryptographic algorithm submitted to the National Institute of Standards and Technology (NIST) on November 30, 2017. Its characteristic is that the generated quantum public key is facing the Quantum computers can continue to ensure the security of blockchain accounts. The Falcon encryption algorithm is an NTRU encryption system based on the Lattice digital signature scheme to establish an algorithm framework. After obtaining short polynomials f, g, F, and G, a binary or ternary Falcon structure tree can be established to obtain the quantum private For the quantum public key corresponding to the key, please refer to the post-quantum cryptographic algorithm submitted to NIST and other related descriptions of the Falcon encryption algorithm for the specific calculation method.
通过所述Falcon加密算法生成的每一个所述量子公钥对应一个所述量子私钥,还可对应一个助记词,所述量子私钥与所述助记词均不可修改。Each of the quantum public keys generated by the Falcon encryption algorithm corresponds to one of the quantum private keys, and may also correspond to one mnemonic word, and neither the quantum private key nor the mnemonic word can be modified.
所述量子私钥用于作为区块链交易的数字签名凭证,所述量子公钥用于验证所述量子私钥是否具有区块链交易的权限;所述量子公钥还可缩短对应的量子钱包地址的长度,例如:当得到的所述量子公钥的大小为1KB时,其对应得到的量子钱包地址可以为20字节。The quantum private key is used as a digital signature certificate for a blockchain transaction, and the quantum public key is used to verify whether the quantum private key has the authority of a blockchain transaction; the quantum public key can also shorten the corresponding quantum The length of the wallet address, for example, when the size of the quantum public key obtained is 1 KB, the corresponding quantum wallet address may be 20 bytes.
步骤S40:对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。Step S40: Perform hash mapping and encoding on the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
所述量子公钥可通过单向哈希算法SHA256等哈希算法以及亲凑函数RIPEEMD160生成一个账户地址;该账户地址可预设一个标识位,以使该账户地址与其它区块链账户地址进行区分,例如可以将FALCON作为账户地址的开头。所述账户地址可再进行编码以生成所述量子钱包地址,以使所述量子钱包地址可视化;所述编码方式可根据具体的区块链系统确定,例如采用base58Code等编码方式,以使所述量子钱包地址变为ASCII码。The quantum public key can generate an account address by using a one-way hash algorithm such as SHA256 and a hash function RIPEEMD160; the account address can be preset with an identification bit so that the account address can be compared with other blockchain account addresses Differentiate, for example, FALCON can be used as the beginning of the account address. The account address may be further coded to generate the quantum wallet address to visualize the quantum wallet address; the coding method may be determined according to a specific blockchain system, for example, a coding method such as base58Code is used to make the The quantum wallet address becomes ASCII.
生成的所述量子钱包地址可用于接收其它钱包地址交易的数据,也可作为发起 交易的凭证。每个所述量子钱包地址对应一对公钥和私钥,以确保用户对所述量子钱包地址的操作权限;所述量子钱包地址还可对应一个助记词,以使用户可通过所述助记词进入所述量子钱包地址,并获取与所述量子私钥相同的操作权限。The generated quantum wallet address can be used to receive data of transactions from other wallet addresses, and can also be used as a voucher to initiate a transaction. Each of the quantum wallet addresses corresponds to a pair of public and private keys to ensure a user's operation authority over the quantum wallet address; the quantum wallet address may also correspond to a mnemonic word so that the user can pass the helper The word enters the quantum wallet address and obtains the same operation authority as the quantum private key.
本实施例通过Falcon加密算法生成所述量子公钥,可抵抗量子计算机对现有区块链账户系统的破解;相比于现有的后量子密码学生成的密钥,本实施例生成的所述量子公钥,存储空间更小,验证速度更快,减小了对区块链服务器造成的运算负担。This embodiment uses the Falcon encryption algorithm to generate the quantum public key, which can resist the quantum computer's cracking of the existing blockchain account system. Compared to the existing post-quantum cryptographic student-generated key, the generated public key of this embodiment The quantum public key is described, the storage space is smaller, the verification speed is faster, and the computational burden on the blockchain server is reduced.
实际应用中,在与Secp256k1加密算法相同安全级别的条件下,基于Falcon加密算法的量子公钥占用的存储空间的大小为897B,量子私钥占用的存储空间大小为2*897B,签名占用的存储空间大小为617.38B,均小于现有的后量子密码学生成的公钥或私钥的大小。同时,基于Falcon加密算法的账户系统,在效率上也具有明显的优势;以
Figure PCTCN2018097647-appb-000001
i7-6567U CPU(clocked at 3.3GHz)的台式电脑上128bit安全级别作为参数,本发明的实施例每秒可以生成6081.9个签名,以及37175.3次签名验证。 In practical applications, under the same security level as the Secp256k1 encryption algorithm, the size of the storage space occupied by the quantum public key based on the Falcon encryption algorithm is 897B, the size of the storage space occupied by the quantum private key is 2 * 897B, and the storage occupied by the signature is The size of the space is 617.38B, which is less than the size of the public or private key formed by existing post-quantum cryptographic students. At the same time, the account system based on Falcon encryption algorithm also has obvious advantages in efficiency;
Figure PCTCN2018097647-appb-000001
The 128-bit security level on a desktop computer with an i7-6567U CPU (clocked at 3.3 GHz) is used as a parameter. The embodiment of the present invention can generate 6081.9 signatures per second and 37175.3 signature verifications.
结合图3所示的区块链应用客户端操作实施例的流程图,当区块链应用客户端的区块链应用模块向安全模块发送所述生成区块链账户的请求后,所述安全模块根据所述请求,生成所述量子私钥,并利用Falcon加密算法生成量子公钥和对应的量子钱包地址,并将生成的所述量子私钥、量子公钥和量子钱包地址返回给所述区块链应用模块;所述区块链应用模块还可将所述量子公钥和量子钱包地址发送至区块链各节点,以便其它区块链账户访问。With reference to the flowchart of the operation example of the blockchain application client shown in FIG. 3, when the blockchain application module of the blockchain application client sends the request for generating a blockchain account to the security module, the security module According to the request, generate the quantum private key, and use a Falcon encryption algorithm to generate a quantum public key and a corresponding quantum wallet address, and return the generated quantum private key, quantum public key, and quantum wallet address to the area Blockchain application module; the blockchain application module can also send the quantum public key and quantum wallet address to each node of the blockchain for access by other blockchain accounts.
当所述区块链应用客户端需要所述量子公钥进行验证访问,或需要所述量子私钥进行交易等操作时,所述区块链应用模块向所述安全模块发送相应的请求,所述安全模块根据所述量子私钥或所述量子公钥对所述请求进行验证,并将验证结果返回给所述区块链应用模块,以使所述区块链应用客户端完成相应的操作。When the blockchain application client requires the quantum public key for verification access, or the quantum private key for operations such as transactions, the blockchain application module sends a corresponding request to the security module. The security module verifies the request according to the quantum private key or the quantum public key, and returns a verification result to the blockchain application module, so that the blockchain application client completes a corresponding operation .
所述区块链应用客户端可安装于可接入区块链网络的终端上,所述区块链网络可包括区块链服务器,所述区块链应用模块与所述安全模块之间可通过通讯模块进行数据交换。The blockchain application client may be installed on a terminal that can access a blockchain network, the blockchain network may include a blockchain server, and the blockchain application module and the security module may be connected to each other. Data exchange via communication module.
进一步地,在创建所述量子钱包地址时,还可设定一个用户密码,所述用户密码可作为所述量子钱包地址交易时的支付密码,也可作为将所述量子私钥导入所述量子钱包地址时的登录密码。一个所述量子钱包地址可对应多个所述用户密码,以使用户可在多个不同的终端通过同一个所述量子私钥和不同的所述用户密码登录 同一个对应的所述量子钱包地址,可增强用户在不同终端上信息的私密性。Further, when creating the quantum wallet address, a user password can also be set, and the user password can be used as a payment password when the quantum wallet address is traded, and can also be used to import the quantum private key into the quantum. Login password for wallet address. One quantum wallet address may correspond to a plurality of the user passwords, so that a user may log in to the same corresponding quantum wallet address by using the same quantum private key and different user passwords at multiple different terminals. , Can enhance the privacy of users' information on different terminals.
在本发明的另一个实施例中,在生成所述量子钱包地址后,还可包括备份所述量子私钥的步骤,可用于生成所述助记词,以使用户可通过所述助记词得到所述量子私钥或具有与所述量子私钥等同的权限。例如:生成所述量子钱包地址后,用户可输入生成与所述量子钱包地址对应的助记词的指令,并输入对应的助记词密码,以得到所述助记词。所述用户私钥一般为不具有语言意义的一串区分大小写字母的字符,难以记忆,本实施例中的备份所述量子私钥的步骤可生成便于记忆的一组助记词,例如多个单词串,以使用户在没有私钥的时候,通过易于记忆的助记词获取所述量子钱包地址的操作权限。In another embodiment of the present invention, after generating the quantum wallet address, it may further include a step of backing up the quantum private key, which may be used to generate the mnemonic word so that a user can pass the mnemonic word Obtain the quantum private key or have the authority equivalent to the quantum private key. For example, after generating the quantum wallet address, a user may enter an instruction to generate a mnemonic word corresponding to the quantum wallet address, and enter a corresponding mnemonic password to obtain the mnemonic word. The user private key is generally a series of uppercase and lowercase characters without language meaning, which is difficult to remember. The step of backing up the quantum private key in this embodiment can generate a set of mnemonic words that are easy to remember, such as multiple A word string, so that when the user does not have a private key, the user can obtain the operation authority of the quantum wallet address through an easy-to-remember mnemonic word.
每个所述量子钱包地址对应一个助记词,且所述助记词不能修改。所述助记词密码可用于查看对应的助记词,或将生成的助记词导入所述量子钱包地址。生成所述助记词时,若用户输入的所述助记词密码不同,则得到的助记词不同。进一步地示例如下:用户输入备份所述量子私钥的指令,并输入助记词密码,则所述量子私钥与所述助记词密码可通过Scrypt算法生成一个用于备份的Keystore,该Keystore为一串固定格式字符串,该字符串即可作为所述助记词。Each quantum wallet address corresponds to a mnemonic, and the mnemonic cannot be modified. The mnemonic password can be used to view the corresponding mnemonic words, or import the generated mnemonic words into the quantum wallet address. When generating the mnemonic word, if the mnemonic password input by the user is different, the obtained mnemonic word is different. A further example is as follows: a user enters an instruction to back up the quantum private key and enters a mnemonic password, and then the quantum private key and the mnemonic password can generate a Keystore for backup through the Scrypt algorithm, and the Keystore It is a fixed format string, and this string can be used as the mnemonic word.
本发明还提出第二实施例,所述获取生成区块链账户的请求之后,还包括:The present invention also provides a second embodiment. After the request for generating a blockchain account, the method further includes:
生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥;Generating a random number, and generating an elliptic curve private key according to the random number and the request;
将所述椭圆曲线私钥通过secp256k1加密算法生成椭圆曲线公钥;Generating the elliptic curve public key by using the secp256k1 encryption algorithm of the elliptic curve private key;
对所述椭圆曲线公钥进行哈希映射与编码,得到与所述量子公钥对应的椭圆曲线钱包地址。Hash map and encode the elliptic curve public key to obtain an elliptic curve wallet address corresponding to the quantum public key.
获取所述请求后,若所述请求包括利用secp256k1加密算法生成密钥的请求,则区块链系统将随机生成一个随机数;该随机数可通过操作系统底层的随机数生成器来产生256位的熵,或接收外部输入的预定位数的随机数。所述账户私钥可以是1和n-1之间的任何数字,其中n是一个常数,n的具体数值可根据区块链所使用的加密算法的阶定义。例如,在一个密码学安全的随机源中选择一串随机字节,并通过SHA256算法生成一个256位的数字,如果该数字小于n-1,则可将该数字作为椭圆曲线私钥;如果不小于n-1,则重新生成另一个随机字节,并将该另一个随机字节通过SHA256算法生成一个新的256位的数字,并判断该新的256位的数字是否小于n-1……,如此重复,只至生成一个符合条件的数字作为椭圆曲线私钥。After obtaining the request, if the request includes a request to generate a key using the secp256k1 encryption algorithm, the blockchain system will randomly generate a random number; the random number can be generated by the random number generator at the bottom of the operating system to generate 256 bits Entropy, or a random number that receives a predetermined number of external inputs. The account private key can be any number between 1 and n-1, where n is a constant, and the specific value of n can be defined according to the order of the encryption algorithm used by the blockchain. For example, select a string of random bytes from a cryptographically secure random source and generate a 256-bit number through the SHA256 algorithm. If the number is less than n-1, the number can be used as an elliptic curve private key; if not Less than n-1, then generate another random byte, and use SHA256 algorithm to generate a new 256-bit number, and determine whether the new 256-bit number is less than n-1 ... , And so on, until only a qualified number is generated as the elliptic curve private key.
在本实施例中,可通过secp256k1加密算法生成一对椭圆曲线密钥,以作为椭圆曲线钱包地址对应的椭圆曲线私钥和椭圆曲线公钥,可在保障区块链账户安全性 的前提下,提高区块链的加密与解密速度,并降低对区块链服务器运算性能的要求。在另一些情况下,例如出现量子计算机后,可通过所述Falcon加密算法生成量子私钥和量子公钥,以保障区块链账户的数据安全,使区块链账户具有抵抗量子计算机的安全级别。In this embodiment, a pair of elliptic curve keys can be generated by using the secp256k1 encryption algorithm as the elliptic curve private key and elliptic curve public key corresponding to the elliptic curve wallet address, which can ensure the security of the blockchain account, Improve the encryption and decryption speed of the blockchain, and reduce the requirements for the computing performance of the blockchain server. In other cases, for example, after the emergence of a quantum computer, a quantum private key and a quantum public key can be generated through the Falcon encryption algorithm to ensure the data security of the blockchain account and make the blockchain account have a security level that is resistant to the quantum computer. .
在本发明所述的各实施例中,亦可采用离散对数、椭圆曲线离散对数、RSA等加密算法生成包括私钥和公钥的一对密钥,并将所述Falcon加密算法生成的区块链账户作为备用的量子账户,提高本发明的适用范围。所述离散对数、椭圆曲线离散对数、RSA等加密算法生成密钥的方式可采用现有方式,在此不再赘述。In the embodiments of the present invention, a pair of keys including a private key and a public key can also be generated using encryption algorithms such as discrete logarithm, elliptic curve discrete logarithm, and RSA, and the Falcon encryption algorithm generates The blockchain account serves as a backup quantum account, which increases the scope of application of the present invention. The encryption logarithm such as discrete logarithm, elliptic curve discrete logarithm, and RSA can generate a key by using an existing method, and details are not described herein again.
为进一步提高本发明的适用范围,本发明还提出第三实施例:所述获取生成区块链账户的请求之后,还包括:In order to further increase the scope of application of the present invention, the present invention also proposes a third embodiment: after the request for obtaining and generating a blockchain account, the method further includes:
根据所述请求,随机生成第二随机数或第二随机多项式;Generating a second random number or a second random polynomial randomly according to the request;
根据所述第二随机数或第二随机多项式生成第二私钥;Generating a second private key according to the second random number or the second random polynomial;
将所述第二私钥通过与所述Falcon加密算法不同的第二加密算法生成第二公钥;Generating a second public key by using the second private key with a second encryption algorithm different from the Falcon encryption algorithm;
对所述第二公钥进行哈希映射与编码,得到与所述第二公钥对应的第二钱包地址。Hash map and encode the second public key to obtain a second wallet address corresponding to the second public key.
在部分情况下,例如所述第二加密算法为现有的非抗量子计算机的算法时,所述请求可包括生成第二随机数,并根据所述第二随机数生成第二私钥的步骤。本发明生成的量子账户可作为非量子账户的备用量子账户,以根据具体情况,将与所述第二加密算法对应的非量子账户升级至本发明的量子账户,从而保障现有的非量子账户的安全。In some cases, for example, when the second encryption algorithm is an existing non-quantum computer-resistant algorithm, the request may include the steps of generating a second random number and generating a second private key according to the second random number. . The quantum account generated by the present invention can be used as a backup quantum account of a non-quantum account, so as to upgrade the non-quantum account corresponding to the second encryption algorithm to the quantum account of the present invention according to specific conditions, thereby guaranteeing the existing non-quantum account Security.
进一步地,所述第二加密算法亦可为安全级别等同于或高于所述Falcon加密算法的算法,所述请求可包括生成第二随机多项式,并根据所述第二随机多项式生成第二私钥的步骤。所述第二加密算法对应的第二账户,可作为与所述量子公钥对应的量子账户的备用账户,从而为所述量子账户提供不同的加密方案,以适应不同的要求,或进一步提高抵抗量子计算机的安全性能。Further, the second encryption algorithm may be an algorithm with a security level equal to or higher than the Falcon encryption algorithm, and the request may include generating a second random polynomial and generating a second private Key steps. The second account corresponding to the second encryption algorithm can be used as a backup account of the quantum account corresponding to the quantum public key, thereby providing different encryption schemes for the quantum account to meet different requirements, or to further increase resistance Quantum computer security performance.
基于第二实施例,本发明还提出另一种实施例:所述获取生成区块链账户的请求之后,还包括:Based on the second embodiment, the present invention also proposes another embodiment: after the request for obtaining and generating a blockchain account, the method further includes:
确认系统使用Falcon加密算法还是secp256k1加密算法;Confirm whether the system uses Falcon encryption algorithm or secp256k1 encryption algorithm;
若系统使用Falcon加密算法,继续所述生成随机多项式,根据所述随机多项式与所述请求生成量子私钥量子私钥的步骤;If the system uses a Falcon encryption algorithm, the steps of generating a random polynomial and generating a quantum private key and a quantum private key according to the random polynomial and the request are continued;
若系统使用secp256k1加密算法,继续所述生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥的步骤。If the system uses the secp256k1 encryption algorithm, the steps of generating a random number and generating an elliptic curve private key according to the random number and the request are continued.
本实施例可在系统框架中,预先设定两种加密算法,以根据具体情况确定当前采用哪种优选加密算法生成私钥与公钥,有利于区块链账户的向后兼容,具有前瞻性。In this embodiment, two encryption algorithms can be preset in the system framework to determine which preferred encryption algorithm is currently used to generate the private and public keys according to the specific situation, which is beneficial to the backward compatibility of the blockchain account and has a forward-looking .
同理,基于所述第三实施例,本发明还提出又一实施例:所述获取生成区块链账户的请求之后,还包括:Similarly, based on the third embodiment, the present invention further proposes another embodiment: After the request for obtaining and generating a blockchain account, the method further includes:
确认系统使用Falcon加密算法还是第二加密算法;Determine whether the system uses the Falcon encryption algorithm or the second encryption algorithm;
若系统使用Falcon加密算法,继续所述生成随机多项式,根据所述随机多项式与所述请求生成量子私钥的步骤;If the system uses a Falcon encryption algorithm, the steps of generating a random polynomial and generating a quantum private key according to the random polynomial and the request are continued;
若系统使用第二加密算法,继续所述根据所述请求,随机生成第二随机数或第二随机多项式的步骤。If the system uses a second encryption algorithm, the step of randomly generating a second random number or a second random polynomial according to the request is continued.
同理,所述第二加密算法可为前述的非抗量子计算机的算法,或安全级别等同于或高于所述Falcon加密算法的算法。本发明所述实施例均可在系统框架中预先设定两种或两种以上的加密算法,以根据具体情况确定当前优选的加密算法;当所述第二加密算法的安全级别高于所述Falcon加密算法时,本实施例还可选择所述第二加密算法,以进一步提高基于所述Falcon加密算法对应的量子账户的安全级别。本实施例通过由系统确认采用哪种加密算法,有利于区块链账户的向后兼容,具有前瞻性。Similarly, the second encryption algorithm may be the aforementioned non-quantum computer-resistant algorithm, or an algorithm with a security level equal to or higher than the Falcon encryption algorithm. In the embodiments of the present invention, two or more encryption algorithms can be preset in the system framework to determine the currently preferred encryption algorithm according to specific conditions; when the security level of the second encryption algorithm is higher than the In the Falcon encryption algorithm, in this embodiment, the second encryption algorithm may also be selected to further improve the security level of the quantum account based on the Falcon encryption algorithm. In this embodiment, the system confirms which encryption algorithm is adopted, which is beneficial to the backward compatibility of the blockchain account and is forward-looking.
基于第二实施例,本发明提出又一区块链账户的处理方法的实施例,该实施例还包括如下步骤:Based on the second embodiment, the present invention provides another embodiment of a method for processing a blockchain account. This embodiment further includes the following steps:
获取转账指令;Get transfer instructions;
根据所述转账指令,将所述椭圆曲线钱包地址内的账户余额转移至所述量子钱包地址,或将所述量子钱包地址内的账户余额转移至所述椭圆曲线钱包地址。According to the transfer instruction, the account balance in the elliptic curve wallet address is transferred to the quantum wallet address, or the account balance in the quantum wallet address is transferred to the elliptic curve wallet address.
在部分情况下,例如在量子计算机出现时,本实施例可将所述椭圆曲线钱包地址内的账户余额转移至所述量子钱包地址,以保障所述椭圆曲线钱包地址内的账户安全;同时,在一些情况下,亦可将所述量子钱包地址内的账户余额转移至所述椭圆曲线钱包地址,例如在secp256k1加密算法即可满足账户安全时,亦可将所述量子钱包地址内的账户余额转移至所述椭圆曲线钱包地址,以提高区块链交易的速度。当然,所述椭圆曲线钱包地址亦可为现有的其它加密算法得到的钱包地址,在此不再重复赘述。In some cases, such as when a quantum computer appears, this embodiment may transfer the account balance in the elliptic curve wallet address to the quantum wallet address to ensure the security of the account in the elliptic curve wallet address; at the same time, In some cases, the account balance in the quantum wallet address can also be transferred to the elliptic curve wallet address. For example, when the secp256k1 encryption algorithm can meet account security, the account balance in the quantum wallet address can also be transferred. Transfer to the elliptic curve wallet address to increase the speed of blockchain transactions. Of course, the elliptic curve wallet address may also be a wallet address obtained by other existing encryption algorithms, and details are not repeated here.
当获取的转账指令为将所述量子钱包地址内的账户余额转移至所述第二钱包地址时,若所述第二账户的安全级别等同于或高于所述Falcon加密算法对应的量子账户,则本发明可为所述量子账户提供备用的另一个量子账户方案,以适应不同的要求,或进一步提高所述量子账户的安全级别。When the obtained transfer instruction is to transfer the account balance in the quantum wallet address to the second wallet address, if the security level of the second account is equal to or higher than the quantum account corresponding to the Falcon encryption algorithm, Then the present invention can provide another quantum account solution for the quantum account to meet different requirements, or further improve the security level of the quantum account.
当用户具有多个钱包地址时,为确保每个钱包地址的安全性,本发明还提出另一实施例:所述区块链账户的处理方法还包括如下步骤:When the user has multiple wallet addresses, in order to ensure the security of each wallet address, the present invention also proposes another embodiment: The method for processing a blockchain account further includes the following steps:
获取转账指令;Get transfer instructions;
获取本地账户的每一个钱包地址;Get each wallet address of the local account;
根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址。According to the transfer instruction, the account balance of each wallet address is transferred to the quantum wallet address.
所述转账指令可由用户发起,亦可由区块链系统发起。获取本地账户的每一个钱包地址可基于本地区块链的数据存储目录,例如:查询本地所有基于secp256k1加密算法生成的账户,并将查询的所有本地账户对应的钱包地址的账户余额转移至所述量子钱包地址。本实施例中所述的本地账户可包括基于secp256k1加密算法生成的账户,亦可包括通过现有其它加密算法生成的区块链账户本实施例可通过用户选择或系统升级的方式,将本地账户每一个钱包地址的账户余额转移至所述量子钱包地址,提高了现有区块链账户的可抗量子计算机的安全性。The transfer instruction may be initiated by a user or a blockchain system. Each wallet address to obtain a local account can be based on the data storage directory of the local blockchain, for example: query all local accounts generated based on the secp256k1 encryption algorithm, and transfer the account balances of the wallet addresses corresponding to all the local accounts that are queried to the said Quantum wallet address. The local account described in this embodiment may include an account generated based on the secp256k1 encryption algorithm, and may also include a blockchain account generated by other existing encryption algorithms. In this embodiment, the local account can be selected by the user or the system upgrade The account balance of each wallet address is transferred to the quantum wallet address, which improves the security of the quantum computer that can resist the existing blockchain account.
当本地账户为采用与所述Falcon加密算法不同的可抗量子计算机的加密算法生成的账户时,本实施例所述的量子钱包地址也可为所述本地账户提供另一个备用的量子钱包地址,以使用户根据具体情况采取转账操作。When the local account is an account generated by using a quantum computer-resistant encryption algorithm different from the Falcon encryption algorithm, the quantum wallet address described in this embodiment may also provide another spare quantum wallet address for the local account. So that the user can take the transfer operation according to the specific situation.
在发明的另一种实施例中,所述获取生成区块链账户的请求之后,还可包括如下步骤:In another embodiment of the invention, after obtaining the request for generating a blockchain account, the method may further include the following steps:
根据所述请求,随机生成第二随机多项式;Generating a second random polynomial randomly according to the request;
根据所述第二随机多项式生成第二私钥;Generating a second private key according to the second random polynomial;
将所述第二私钥通过与所述Falcon加密算法不同的第二加密算法生成第二公钥,所述第二加密算法的安全级别高于所述Falcon加密算法;Generating a second public key by using the second private key with a second encryption algorithm different from the Falcon encryption algorithm, where the security level of the second encryption algorithm is higher than the Falcon encryption algorithm;
对所述第二公钥进行哈希映射与编码,得到与所述第二公钥对应的第二钱包地址;Performing hash mapping and encoding on the second public key to obtain a second wallet address corresponding to the second public key;
获取转账指令;Get transfer instructions;
获取本地账户的每一个钱包地址;Get each wallet address of the local account;
根据所述转账指令,将每一个钱包地址的账户余额转移至所述第二钱包地址。According to the transfer instruction, the account balance of each wallet address is transferred to the second wallet address.
本实施例可将所述量子钱包地址中的余额转移至安全级别更高的第二钱包地 址中,进一步提高了所述量子钱包地址的安全性。In this embodiment, the balance in the quantum wallet address can be transferred to a second wallet address with a higher security level, which further improves the security of the quantum wallet address.
进一步地,所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址,还可包括以下步骤:Further, according to the transfer instruction, transferring the account balance of each wallet address to the quantum wallet address may further include the following steps:
历遍所有与所述本地账户对应的钱包地址,查询所述对应的钱包地址内的账户余额;Traverse all wallet addresses corresponding to the local account, and query the account balance in the corresponding wallet address;
将所述账户余额大于零的钱包地址内的账户余额转移至所述量子钱包地址。Transferring the account balance in the wallet address with the account balance greater than zero to the quantum wallet address.
本实施例通过查询账户余额,以减少无效的账户余额交易,减轻区块链服务器的负担;在用户具有多个钱包地址时,本实施例可加快用户的账户余额转移效率。In this embodiment, the account balance is queried to reduce invalid account balance transactions and reduce the burden on the blockchain server. When the user has multiple wallet addresses, this embodiment can speed up the user's account balance transfer efficiency.
当某一笔账户余额转移的交易对应的交易数据非常大时,例如某个钱包地址中的账户余额来源较为复杂时,其交易数据可能超过预设大小,故本发明还提出另一实施例:所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址,包括:When the transaction data corresponding to a certain account balance transfer transaction is very large, for example, when the source of the account balance in a certain wallet address is more complicated, the transaction data may exceed a preset size. Therefore, the present invention also proposes another embodiment: The transferring the account balance of each wallet address to the quantum wallet address according to the transfer instruction includes:
根据所述转账指令,判断每一个钱包地址的账户余额转移的交易对应的交易数据是否超过预设大小,若超过预设大小,则将所述交易拆分为多笔交易,转移至所述量子钱包地址。According to the transfer instruction, determine whether the transaction data corresponding to the transaction of account balance transfer of each wallet address exceeds a preset size, and if it exceeds the preset size, the transaction is split into multiple transactions and transferred to the quantum Wallet address.
本实施例可将所述交易数据超过预设大小的交易拆分为多笔交易,以加快账户余额的转移效率,同时将所述多笔交易的交易数据发送到区块链中的其它节点,以确保交易的安全性。In this embodiment, a transaction in which the transaction data exceeds a preset size can be split into multiple transactions to speed up the transfer efficiency of the account balance, and at the same time, the transaction data of the multiple transactions is sent to other nodes in the blockchain. To ensure transaction security.
在本发明的另一实施例中,结合图4所示,所述将所述量子私钥通过Falcon加密算法生成量子公钥,包括:In another embodiment of the present invention, combining the quantum private key with a Falcon encryption algorithm as shown in FIG. 4 to generate a quantum public key, including:
步骤S31:接收量子公钥生成指令;Step S31: receiving a quantum public key generation instruction;
步骤S33:根据所述量子公钥生成指令,将所述量子私钥通过Falcon加密算法生成量子公钥。Step S33: Generate the quantum public key by using the Falcon encryption algorithm according to the quantum public key generation instruction.
进一步地,所述步骤S33之前,还可包括:Further, before step S33, the method may further include:
在所述步骤S32:确认系统使用Falcon加密算法,以便根据所述量子公钥生成指令,将所述量子私钥通过Falcon加密算法生成量子公钥。In the step S32: the confirmation system uses a Falcon encryption algorithm, so as to generate a quantum public key through the Falcon encryption algorithm according to the quantum public key generation instruction.
本实施例可根据用户的选择指令或区块链系统的指令生成所述量子公钥,以在需要所述量子公钥时才生成所述量子公钥;例如可在量子计算机出现后,由用户的选择指令生成,或通过区块链服务器升级指令生成;或在区块链系统中设置预置的触发条件,当符合所述触发条件时,则发出所述量子公钥生成指令,以根据所述Falcon加密算法生成量子公钥。本实施例增加了区块链账户的管理自由度,并可减 少区块链服务器和用户终端的资源消耗。In this embodiment, the quantum public key can be generated according to a user's selection instruction or an instruction of a blockchain system to generate the quantum public key when the quantum public key is needed; for example, after the appearance of a quantum computer, the user can Generated selection instructions, or generated by a blockchain server upgrade instruction; or set a preset trigger condition in the blockchain system, and when the trigger condition is met, the quantum public key generation instruction is issued to The Falcon encryption algorithm is used to generate the quantum public key. This embodiment increases the degree of freedom in the management of the blockchain account, and can reduce the resource consumption of the blockchain server and user terminals.
本发明还一种区块链账户的处理方法的具体实施例,在本方法的实施例中,用户的账号采用现有的secp256k1加密算法与可抗量子的Falcon加密算法并存的方案;用户可根据当前具体情况,选择生成与secp256k1加密算法对应的钱包地址,或选择生成与Falcon加密算法对应的量子钱包地址。其具体流程图如图5所示。The present invention also provides a specific embodiment of a method for processing a blockchain account. In the embodiment of the method, the user's account uses a coexistence scheme of the existing secp256k1 encryption algorithm and the quantum-resistant Falcon encryption algorithm; the user may In the current specific case, choose to generate a wallet address corresponding to the secp256k1 encryption algorithm, or choose to generate a quantum wallet address corresponding to the Falcon encryption algorithm. The specific flowchart is shown in Figure 5.
在采用secp256k1加密算法的区块链账号是安全时,区块链系统可默认使用secp256k1加密算法;基于Falcon加密算法的量子钱包地址的生成则可由用户通过命令行实现,或者由对应的钱包指令指定生成。When the blockchain account using the secp256k1 encryption algorithm is secure, the blockchain system can use the secp256k1 encryption algorithm by default; the quantum wallet address generation based on the Falcon encryption algorithm can be implemented by the user through the command line or specified by the corresponding wallet instruction generate.
其包括如下步骤:It includes the following steps:
步骤S10:获取生成区块链账户的请求;Step S10: Obtain a request to generate a blockchain account;
步骤S21:根据所述请求,确认私钥的加密算法与公钥的加密算法;Step S21: confirm the encryption algorithm of the private key and the encryption algorithm of the public key according to the request;
步骤S22:根据所述私钥的加密算法生成私钥;Step S22: Generate a private key according to the encryption algorithm of the private key;
步骤S35:根据所述公钥的加密算法,生成公钥;Step S35: Generate a public key according to the encryption algorithm of the public key;
步骤S41:计算所述公钥的SHA-256哈希值;Step S41: calculating a SHA-256 hash value of the public key;
步骤S42:根据所述SHA-256哈希值,计算RIPEMD-160哈希值;Step S42: calculating a RIPEMD-160 hash value according to the SHA-256 hash value;
步骤S43:对所述RIPEMD-160哈希值再次进行哈希运算,并在运算结果的字符串之前加入地址版本号,得到具有地址版本号的公钥哈希值;所述地址版本号包括字符A或FALCON;Step S43: hash the RIPEMD-160 hash value again, and add an address version number before the string of the operation result to obtain a public key hash value with the address version number; the address version number includes characters A or FALCON;
步骤S44:将所述公钥哈希值进行两次SHA256计算,得到计算结果前面的四个字节,将所述四个字节加入所述公钥哈希值的后面,得到具有校验位的公钥哈希值;Step S44: Perform two SHA256 calculations on the public key hash value to obtain the first four bytes of the calculation result, and add the four bytes to the back of the public key hash value to obtain a check digit. Hash of the public key;
步骤S45:对所述具有校验位的公钥哈希值进行BASE58Code编码;Step S45: BASE58Code encode the hash value of the public key with the check digit;
步骤S46:将编码结果作为区块链的钱包地址。Step S46: Use the encoding result as the wallet address of the blockchain.
所述请求可为用户输入的命令行,例如,当用户在客户端输入以下命令行时:The request may be a command line entered by a user, for example, when a user enters the following command line on a client:
./ame-cli getnewaddress./ame-cli getnewaddress
本实施例所述的步骤S21-步骤S35,可调用secp256k1加密算法生成椭圆曲线私钥和椭圆曲线公钥,并将所述椭圆曲线公钥转化为椭圆曲线钱包地址返回。In steps S21 to S35 described in this embodiment, a secp256k1 encryption algorithm may be called to generate an elliptic curve private key and an elliptic curve public key, and convert the elliptic curve public key into an elliptic curve wallet address and return.
当用户在客户端输入命令:When the user enters the command on the client:
./ame-cli getnewfalconaddress./ame-cli getnewfalconaddress
本实施例所述的步骤S21-步骤S46,可调用falcon加密算法生成所述量子私钥与所述量子公钥,并将所述量子公钥转化成所述量子钱包地址返回。In steps S21 to S46 of this embodiment, a falcon encryption algorithm may be called to generate the quantum private key and the quantum public key, and the quantum public key is converted into the quantum wallet address and returned.
在步骤S41-步骤S46中,采用secp256k1加密算法和Falcon加密算法得到的钱包地址可采用不同的前缀来做区分。例如,在步骤S43中,若得到的所述运算结果为JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX,则将基于secp256k1加密算法得到的钱包地址加上前缀A,得到:In steps S41-S46, wallet addresses obtained by using the secp256k1 encryption algorithm and the Falcon encryption algorithm may be distinguished by using different prefixes. For example, in step S43, if the obtained operation result is JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX, the wallet address obtained based on the secp256k1 encryption algorithm is added with the prefix A to obtain:
AJA6FuwhMzkriA8mk2zkuKFFb1MvvoCifXAJA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX
将基于Falcon加密算法得到的量子钱包地址加上做前缀“falcon:”,得到:Prefix the quantum wallet address based on the Falcon encryption algorithm with "falcon:" to get:
falcon:JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifXfalcon: JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX
所述地址版本号可等同于所述前缀,亦可包括但不限于所述前缀中的字符。在区块链量子账户中,还可设置客户端命令,以使用户通过客户端命令行或者第三方钱包,将基于secp256k1加密算法的钱包地址上的账户余额转移到基于Falcon加密算法的量子钱包地址上,使得用户的区块链账户可快捷安全的从非量子计算机时代过度到量子计算机时代。所述客户端命令行示例可如下:The address version number may be equivalent to the prefix, and may include, but is not limited to, characters in the prefix. In the blockchain quantum account, you can also set client commands to enable users to transfer the account balance on the wallet address based on the secp256k1 encryption algorithm to the quantum wallet address based on the Falcon encryption algorithm through the client command line or a third-party wallet. In this way, users' blockchain accounts can quickly and safely transition from the non-quantum computer era to the quantum computer era. An example of the client command line may be as follows:
./ame-cli sendalltofalconaddr falcon:JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX./ame-cli sendalltofalconaddr falcon: JA6FuwhMzkriA8mk2zkuKFFb1MvvoCifX
其实现的具体过程如下:The specific process is as follows:
首先,遍历本地钱包,例如区块链数据存储目录wallet.dat中所有基于secp256k1加密算法生成的区块链账户,并查询所述区块链账户中的账户余额;所述账户余额可基于用户的交易输出查询,即基于UTXO(Unspent Transaction Output)查询,或者基于账户查询。First, traverse all the blockchain accounts generated based on the secp256k1 encryption algorithm in the blockchain data storage directory wallet.dat, and query the account balance in the blockchain account; the account balance can be based on the user's Transaction output query, that is, query based on UTXO (Unspent Transaction Output), or query based on account.
其次,将所述账户余额打包为一笔交易,将所有账户余额大于零的账户的余额发送到基于falcon加密算法的量子钱包地址,并使用各个账户基于secp256k1加密算法的私钥进行签名,将交易数据发送到区块链网络的其它节点。Second, the account balance is packaged into a transaction, and the balances of all accounts with account balances greater than zero are sent to a quantum wallet address based on the falcon encryption algorithm, and the private key of each account based on the secp256k1 encryption algorithm is used to sign the transaction. Data is sent to other nodes in the blockchain network.
交易过程中,若一笔交易的交易数据过大,则拆分打包为多笔交易,并发送到区块链网络中的其它节点。During the transaction process, if the transaction data of a transaction is too large, it will be split and packaged into multiple transactions and sent to other nodes in the blockchain network.
本实施例具有以下有益效果:This embodiment has the following beneficial effects:
1、采用基于Falcon的加密算法,提供了可抗量子的安全性;而且Falcon加密算法相对于其它后量子方案,占用的存储空间小,可在保证可抗量子安全的同时,尽量减小对区块链网络的交易并发量的影响;基于Falcon加密算法的区块链账户在效率上的优势,还提升区块链网络的交易处理效率。1. Falcon-based encryption algorithm is used to provide quantum-resistant security. In addition, compared with other post-quantum solutions, Falcon encryption algorithm occupies a small amount of storage space, which can ensure quantum-resistant security while minimizing the area. The impact of the amount of transaction concurrency on the blockchain network; the efficiency advantage of blockchain accounts based on the Falcon encryption algorithm also improves the transaction processing efficiency of the blockchain network.
2、在secp256k1加密算法满足区块链账户的安全时,区块链账户可默认采用secp256k1加密算法,相比于直接采用falcon加密算法,可减少存储空间,并有利于维持现有区块链网络的交易并发量,减少区块链数据占用的存储空间,而且不会 对用户账号的安全造成不利影响。2. When the secp256k1 encryption algorithm meets the security of the blockchain account, the blockchain account can use the secp256k1 encryption algorithm by default. Compared with the direct use of the falcon encryption algorithm, it can reduce the storage space and help maintain the existing blockchain network. The amount of concurrent transactions reduces the storage space occupied by blockchain data, and does not adversely affect the security of user accounts.
3、本实施例中,采用secp256k1加密算法和采用falcon加密算法得到的钱包地址可采用不同的地址格式,以防止用户误操作,错误转账。3. In this embodiment, the wallet address obtained by using the secp256k1 encryption algorithm and the falcon encryption algorithm can use different address formats to prevent users from making mistakes and making incorrect transfers.
4、本实施例可将所述账户余额的转移命令设置为按键,以达到一键将基于secp256k1加密算法的用户账号上的余额转账到基于Falcon加密算法的量子账户地址上,方便了用户账号系统安全过渡到后量子时代。4. In this embodiment, the account balance transfer command can be set as a key to achieve a one-click transfer of the balance on the user account based on the secp256k1 encryption algorithm to a quantum account address based on the Falcon encryption algorithm, which facilitates the user account system. Safe transition to the post-quantum era.
本发明还提出一种管理区块链量子账户的装置,该装置包括:The invention also proposes a device for managing a blockchain quantum account. The device includes:
获取模块,用于获取生成区块链账户的请求;An acquisition module for acquiring a request to generate a blockchain account;
密钥生成模块,用于生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;A key generation module, configured to generate a random polynomial, and generate a quantum private key according to the random polynomial and the request;
公钥生成模块,用于将所述量子私钥通过Falcon加密算法生成量子公钥;A public key generation module, configured to generate a quantum public key by using the Falcon encryption algorithm for the quantum private key;
钱包地址生成模块,用于对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。A wallet address generation module is configured to hash map and encode the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
本发明实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述任意一项所述的区块链账户的处理方法。其中,所述存储介质包括但不限于任何类型的盘(包括软盘、硬盘、光盘、CD-ROM、和磁光盘)、ROM(Read-Only Memory,只读存储器)、RAM(Random Access Memory,随即存储器)、EPROM(Erasable Programmable Read-Only Memory,可擦写可编程只读存储器)、EEPROM(Electrically Erasable Programmable Read-Only Memory,电可擦可编程只读存储器)、闪存、磁性卡片或光线卡片。也就是,存储介质包括由设备(例如,计算机)以能够读的形式存储或传输信息的任何介质。可以是只读存储器,磁盘或光盘等。An embodiment of the present invention further provides a computer-readable storage medium having a computer program stored thereon, which is executed by a processor to implement a method for processing a blockchain account according to any one of the above. The storage medium includes, but is not limited to, any type of disk (including a floppy disk, a hard disk, an optical disk, a CD-ROM, and a magneto-optical disk), a ROM (Read-Only Memory), a RAM (Random Access Memory), and then Memory), EPROM (Erasable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card That is, the storage medium includes any medium that stores or transfers information in a readable form by a device (for example, a computer). It can be read-only memory, magnetic disk or optical disk, etc.
应该理解的是,在本发明各实施例中的各功能单元可集成在一个处理模块中,也可以各个单元单独物理存在,也可以两个或两个以上单元集成于一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。It should be understood that the functional units in the embodiments of the present invention may be integrated into one processing module, or each of the units may exist separately physically, or two or more units may be integrated into one module. The above integrated modules may be implemented in the form of hardware or software functional modules.
以上所述仅是本发明的部分实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above description is only part of the embodiments of the present invention. It should be noted that, for those of ordinary skill in the art, without departing from the principles of the present invention, several improvements and retouches can be made. These improvements and retouches also It should be regarded as the protection scope of the present invention.

Claims (11)

  1. 一种区块链账户的处理方法,其特征在于,包括:A method for processing a blockchain account, comprising:
    获取生成区块链账户的请求;Get a request to generate a blockchain account;
    生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;Generating a random polynomial, and generating a quantum private key according to the random polynomial and the request;
    将所述量子私钥通过Falcon加密算法生成量子公钥;Generating the quantum public key by using the quantum private key through a Falcon encryption algorithm;
    对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。Hash map and encode the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
  2. 根据权利要求1所述的方法,其特征在于,所述获取生成区块链账户的请求之后,还包括:The method according to claim 1, wherein after the obtaining the request for generating a blockchain account, the method further comprises:
    生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥;Generating a random number, and generating an elliptic curve private key according to the random number and the request;
    将所述椭圆曲线私钥通过secp256k1加密算法生成椭圆曲线公钥;Generating the elliptic curve public key by using the secp256k1 encryption algorithm of the elliptic curve private key;
    对所述椭圆曲线公钥进行哈希映射与编码,得到与所述椭圆曲线公钥对应的椭圆曲线钱包地址。Hash map and encode the elliptic curve public key to obtain an elliptic curve wallet address corresponding to the elliptic curve public key.
  3. 根据权利要求2所述的方法,其特征在于,所述获取生成区块链账户的请求之后,还包括:The method according to claim 2, wherein after the obtaining the request for generating a blockchain account, the method further comprises:
    确认系统使用Falcon加密算法还是secp256k1加密算法;Confirm whether the system uses Falcon encryption algorithm or secp256k1 encryption algorithm;
    若系统使用Falcon加密算法,继续所述生成随机多项式,根据所述随机多项式与所述请求生成量子私钥的步骤;If the system uses a Falcon encryption algorithm, the steps of generating a random polynomial and generating a quantum private key according to the random polynomial and the request are continued;
    若系统使用secp256k1加密算法,继续所述生成随机数,根据所述随机数与所述请求生成椭圆曲线私钥的步骤。If the system uses the secp256k1 encryption algorithm, the steps of generating a random number and generating an elliptic curve private key according to the random number and the request are continued.
  4. 根据权利要求2所述的方法,其特征在于,还包括:The method according to claim 2, further comprising:
    获取转账指令;Get transfer instructions;
    根据所述转账指令,将所述椭圆曲线钱包地址内的账户余额转移至所述量子钱包地址,或将所述量子钱包地址内的账户余额转移至所述椭圆曲线钱包地址。According to the transfer instruction, the account balance in the elliptic curve wallet address is transferred to the quantum wallet address, or the account balance in the quantum wallet address is transferred to the elliptic curve wallet address.
  5. 根据权利要求1所述的方法,其特征在于,还包括:The method according to claim 1, further comprising:
    获取转账指令;Get transfer instructions;
    获取本地账户的每一个钱包地址;Get each wallet address of the local account;
    根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址。According to the transfer instruction, the account balance of each wallet address is transferred to the quantum wallet address.
  6. 根据权利要求5所述的方法,其特征在于,所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址,包括:The method according to claim 5, wherein the transferring the account balance of each wallet address to the quantum wallet address according to the transfer instruction comprises:
    历遍所有与所述本地账户对应的钱包地址,查询所述对应的钱包地址内的账户 余额;Traverse all wallet addresses corresponding to the local account, and query the account balance in the corresponding wallet address;
    将所述账户余额大于零的钱包地址内的账户余额转移至所述量子钱包地址。Transferring the account balance in the wallet address with the account balance greater than zero to the quantum wallet address.
  7. 根据权利要求5所述的方法,其特征在于,所述根据所述转账指令,将每一个钱包地址的账户余额转移至所述量子钱包地址,包括:The method according to claim 5, wherein the transferring the account balance of each wallet address to the quantum wallet address according to the transfer instruction comprises:
    根据所述转账指令,判断每一个钱包地址的账户余额转移的交易对应的交易数据是否超过预设大小,若超过预设大小,则将所述交易拆分为多笔交易,转移至所述量子钱包地址。According to the transfer instruction, determine whether the transaction data corresponding to the transaction of account balance transfer of each wallet address exceeds a preset size, and if it exceeds the preset size, the transaction is split into multiple transactions and transferred to the quantum Wallet address.
  8. 根据权利要求1所述的方法,其特征在于,所述将所述量子私钥通过Falcon加密算法生成量子公钥,包括:The method according to claim 1, wherein the generating the quantum public key by the Falcon encryption algorithm of the quantum private key comprises:
    接收量子公钥生成指令;Receiving quantum public key generation instructions;
    根据所述量子公钥生成指令,将所述量子私钥通过Falcon加密算法生成量子公钥。According to the quantum public key generating instruction, the quantum private key is generated by a Falcon encryption algorithm.
  9. 根据权利要求1所述的方法,其特征在于,所述获取生成区块链账户的请求之后,还包括:The method according to claim 1, wherein after the obtaining the request for generating a blockchain account, the method further comprises:
    根据所述请求,随机生成第二随机数或第二随机多项式;Generating a second random number or a second random polynomial randomly according to the request;
    根据所述第二随机数或第二随机多项式生成第二私钥;Generating a second private key according to the second random number or the second random polynomial;
    将所述第二私钥通过与所述Falcon加密算法不同的第二加密算法生成第二公钥;Generating a second public key by using the second private key with a second encryption algorithm different from the Falcon encryption algorithm;
    对所述第二公钥进行哈希映射与编码,得到与所述第二公钥对应的第二钱包地址。Hash map and encode the second public key to obtain a second wallet address corresponding to the second public key.
  10. 一种管理区块链量子账户的装置,其特征在于,包括:A device for managing a blockchain quantum account is characterized in that it includes:
    获取模块,用于获取生成区块链账户的请求;An acquisition module for acquiring a request to generate a blockchain account;
    密钥生成模块,用于生成随机多项式,根据所述随机多项式与所述请求生成量子私钥;A key generation module, configured to generate a random polynomial, and generate a quantum private key according to the random polynomial and the request;
    公钥生成模块,用于将所述量子私钥通过Falcon加密算法生成量子公钥;A public key generation module, configured to generate a quantum public key by using the Falcon encryption algorithm for the quantum private key;
    钱包地址生成模块,用于对所述量子公钥进行哈希映射与编码,得到与所述量子公钥对应的量子钱包地址。A wallet address generation module is configured to hash map and encode the quantum public key to obtain a quantum wallet address corresponding to the quantum public key.
  11. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现如权利要求1至9中任意一项所述的区块链账户的处理方法。A computer-readable storage medium having stored thereon a computer program, characterized in that when the program is executed by a processor, the method for processing a blockchain account according to any one of claims 1 to 9 is implemented.
PCT/CN2018/097647 2018-07-27 2018-07-27 Method and device for processing blockchain account, and storage medium WO2020019341A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/097647 WO2020019341A1 (en) 2018-07-27 2018-07-27 Method and device for processing blockchain account, and storage medium
CN201880002267.0A CN109716375B (en) 2018-07-27 2018-07-27 Block chain account processing method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/097647 WO2020019341A1 (en) 2018-07-27 2018-07-27 Method and device for processing blockchain account, and storage medium

Publications (1)

Publication Number Publication Date
WO2020019341A1 true WO2020019341A1 (en) 2020-01-30

Family

ID=66261382

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/097647 WO2020019341A1 (en) 2018-07-27 2018-07-27 Method and device for processing blockchain account, and storage medium

Country Status (2)

Country Link
CN (1) CN109716375B (en)
WO (1) WO2020019341A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111861686A (en) * 2020-06-12 2020-10-30 方欣科技有限公司 Finance and tax accounting method and system based on block chain
CN112600665A (en) * 2020-12-25 2021-04-02 江苏通付盾区块链科技有限公司 Covert communication method, device and system based on block chain and encryption technology
CN112749967A (en) * 2021-01-19 2021-05-04 矩阵元技术(深圳)有限公司 Transaction data processing method and device, user terminal and server
CN114329433A (en) * 2021-12-29 2022-04-12 迅鳐成都科技有限公司 Block chain-based virtual and real account management method, device and system and storage medium

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110098920B (en) * 2019-05-07 2022-08-02 山大地纬软件股份有限公司 Block chain link point load balancing method and device for reducing node collision
CN110289968B (en) * 2019-06-27 2022-06-24 矩阵元技术(深圳)有限公司 Private key recovery method, collaborative address creation method, collaborative address signature device and storage medium
SG11202003891YA (en) * 2019-06-28 2020-05-28 Advanced New Technologies Co Ltd System and method for blockchain address mapping
CN110363509B (en) * 2019-07-19 2022-03-29 华中师范大学 Information protection method and device
CN112543103B (en) * 2019-09-23 2024-06-25 百度在线网络技术(北京)有限公司 Account address generation method, account address verification method, account address generation device, account address verification device and account address verification medium
CN110740130A (en) * 2019-09-29 2020-01-31 南京金宁汇科技有限公司 block chain key management method, system and storage medium
CN111104688B (en) * 2019-11-13 2021-11-16 上海链颉科技有限公司 Public and private key authority proxy method, system and storage medium based on block chain
CN111008837B (en) * 2019-11-21 2023-06-30 深圳前海环融联易信息科技服务有限公司 Block chain account private key recovery method and device, computer equipment and storage medium
CN111010379B (en) * 2019-12-04 2022-08-09 腾讯科技(深圳)有限公司 Data login method and device based on block chain network
CN112990918A (en) * 2019-12-17 2021-06-18 上海唯链信息科技有限公司 Method, system, electronic device and storage medium for determining right and transferring article
CN111242611B (en) * 2019-12-30 2023-08-18 航天信息股份有限公司 Method and system for recovering digital wallet key
CN111314066B (en) * 2020-01-23 2022-02-11 腾讯科技(深圳)有限公司 Block chain-based data transfer method, terminal and computer-readable storage medium
CN111325535A (en) * 2020-02-19 2020-06-23 福州博泉网络科技有限公司 Block chain private key management method, system and storage medium based on elliptic curve migration
CN111523885B (en) * 2020-03-06 2023-08-01 杜晓楠 Encryption multi-account construction method for blockchain wallet, computer readable storage medium and blockchain encryption multi-account wallet
CN111556124B (en) * 2020-04-14 2023-06-16 深圳市启迪网络科技有限公司 Safe block chain wallet service system
CN111598555A (en) * 2020-05-13 2020-08-28 楚天龙股份有限公司 Multi-terminal hardware wallet adapting method and system
CN112769566B (en) * 2021-01-19 2023-06-02 上海布沁网络科技有限公司 Block chain HD private key recovery method
CN112953728A (en) * 2021-03-03 2021-06-11 西安电子科技大学 Quantum attack resistant alliance block chain digital signature encryption method
CN113221159A (en) * 2021-04-19 2021-08-06 湖北邮电规划设计有限公司 Epidemic situation reporting system based on block chain
CN113269642B (en) * 2021-05-24 2023-03-28 深圳壹账通智能科技有限公司 Transaction processing method, device, equipment and storage medium based on block chain
CN113421091A (en) * 2021-06-29 2021-09-21 中国电子科技网络信息安全有限公司 Block chain-based digital identity contract implementation method
CN114553887B (en) * 2022-01-24 2024-04-05 浙江数秦科技有限公司 Block chain network point-to-point data transmission method
CN115150149B (en) * 2022-06-28 2024-01-30 北京送好运信息技术有限公司 Method for managing various digital certificates through electronic mailbox based on blockchain technology
CN115147111A (en) * 2022-09-02 2022-10-04 杭州弦冰科技有限公司 Key generation method and device, electronic device and storage medium
CN115578088B (en) * 2022-10-14 2023-06-13 深圳职业技术学院 Efficient blockchain payment system based on post quantum cryptography
CN117113199A (en) * 2023-10-23 2023-11-24 浙江星汉信息技术股份有限公司 File security management system and method based on artificial intelligence

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094148A (en) * 2017-05-09 2017-08-25 电子科技大学 A kind of unmanned plane block chain management and control strategy of resisting quantum computation attack
CN107124278A (en) * 2017-03-30 2017-09-01 腾讯科技(深圳)有限公司 Method for processing business, device and data-sharing systems
CN107819583A (en) * 2016-09-13 2018-03-20 渡边浩志 The anti-abuse technology of key
CN107851284A (en) * 2015-04-06 2018-03-27 比特记号公司 The system and method for recording and identifying for distributing ownership
US20180183587A1 (en) * 2016-12-23 2018-06-28 Vmware, Inc. Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819582A (en) * 2016-09-14 2018-03-20 陈新 Intelligent block chain interacted system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107851284A (en) * 2015-04-06 2018-03-27 比特记号公司 The system and method for recording and identifying for distributing ownership
CN107819583A (en) * 2016-09-13 2018-03-20 渡边浩志 The anti-abuse technology of key
US20180183587A1 (en) * 2016-12-23 2018-06-28 Vmware, Inc. Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications
CN107124278A (en) * 2017-03-30 2017-09-01 腾讯科技(深圳)有限公司 Method for processing business, device and data-sharing systems
CN107094148A (en) * 2017-05-09 2017-08-25 电子科技大学 A kind of unmanned plane block chain management and control strategy of resisting quantum computation attack

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111861686A (en) * 2020-06-12 2020-10-30 方欣科技有限公司 Finance and tax accounting method and system based on block chain
CN112600665A (en) * 2020-12-25 2021-04-02 江苏通付盾区块链科技有限公司 Covert communication method, device and system based on block chain and encryption technology
CN112600665B (en) * 2020-12-25 2023-12-01 江苏通付盾区块链科技有限公司 Hidden communication method, device and system based on block chain and encryption technology
CN112749967A (en) * 2021-01-19 2021-05-04 矩阵元技术(深圳)有限公司 Transaction data processing method and device, user terminal and server
CN114329433A (en) * 2021-12-29 2022-04-12 迅鳐成都科技有限公司 Block chain-based virtual and real account management method, device and system and storage medium

Also Published As

Publication number Publication date
CN109716375A (en) 2019-05-03
CN109716375B (en) 2023-06-23

Similar Documents

Publication Publication Date Title
WO2020019341A1 (en) Method and device for processing blockchain account, and storage medium
US11784801B2 (en) Key management method and related device
CN105516201B (en) Lightweight anonymous authentication and cryptographic key negotiation method under a kind of environment of multi-server
CN111656343B (en) Error correction coding based shared blockchain data storage in trusted execution environments
US9641340B2 (en) Certificateless multi-proxy signature method and apparatus
CN111837117B (en) Error correction coding based shared blockchain data storage in trusted execution environments
WO2020073513A1 (en) Blockchain-based user authentication method and terminal device
CN115549887A (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
AU2021204543B2 (en) Digital signature method, signature information verification method, related apparatus and electronic device
CN112104619A (en) Data access control system and method based on outsourcing ciphertext attribute encryption
US11870897B1 (en) Post quantum unique key per token system
US11438172B2 (en) Robust state synchronization for stateful hash-based signatures
WO2020140626A1 (en) Salt-based data possession verification method and terminal device
CN112930660A (en) Computer-implemented system and method for allocating shares of digitally signed data
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN114503508A (en) Computer-implemented method and system for storing authenticated data on blockchains
US10158490B2 (en) Double authentication system for electronically signed documents
CN110635899B (en) IBC user key updating method and device
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
CN106992854A (en) Shared key generation method and the information processing terminal
Shi et al. Threshold eddsa signature for blockchain-based decentralized finance applications
WO2023159849A1 (en) Digital signature methods, computer device and medium
CN112507357B (en) Multi-stage interface design method based on key generator
US11424922B2 (en) Hashing schemes for cryptographic private key generation
US11902428B2 (en) Key exchange system, communication apparatus, key exchange method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18927370

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18927370

Country of ref document: EP

Kind code of ref document: A1