WO2020181427A1 - Signing method, device, and system employing secure multi-party computation - Google Patents

Signing method, device, and system employing secure multi-party computation Download PDF

Info

Publication number
WO2020181427A1
WO2020181427A1 PCT/CN2019/077527 CN2019077527W WO2020181427A1 WO 2020181427 A1 WO2020181427 A1 WO 2020181427A1 CN 2019077527 W CN2019077527 W CN 2019077527W WO 2020181427 A1 WO2020181427 A1 WO 2020181427A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
private key
level
transaction
transaction data
Prior art date
Application number
PCT/CN2019/077527
Other languages
French (fr)
Chinese (zh)
Inventor
唐虹刚
谢翔
孙立林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/077527 priority Critical patent/WO2020181427A1/en
Publication of WO2020181427A1 publication Critical patent/WO2020181427A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof

Definitions

  • the solution in the embodiments of this specification belongs to the field of information security technology, and in particular relates to a signature method, device and system based on secure multi-party computing.
  • Secure Multi-Party Computation is to solve the problem of collaborative computing that protects privacy between a group of untrusted parties. It can be abstractly understood as: each participant owns their own private data, and calculates the public function without leaking their private data, and when the entire function calculation is completed, each participant only knows the calculation result, and does not know the other Participants’ data and intermediate data in the calculation process. It can be seen that the application of secure multi-party computing to asset transaction security and future digital asset management has an important role.
  • the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces.
  • the organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process.
  • this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
  • the purpose of the embodiments of this specification is to provide a signature method, device, and system based on secure multi-party calculation, which can effectively solve the security risks of loss or theft of private keys, and greatly improve transaction security.
  • this application provides a signature method based on secure multi-party calculation, including:
  • determining a signature authority which is a trusted authority that signs the transaction data
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client respectively storing private key fragments, including:
  • the first fragment of the private key is stored in the trusted authority, and the second fragment of the private key is stored in the client.
  • the storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes :
  • the first fragments of different private keys are stored in different trusted institutions, and the second fragments of different private keys are stored in different hardware areas of the client. Among them, the signature levels authorized by different trusted institutions are different.
  • the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold includes:
  • the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold value further includes:
  • the transaction amount is less than a second threshold, it is determined that the signature level of the transaction data is a third level, and the second threshold is less than the first threshold.
  • the determining a signature authority based on the signature level includes:
  • the signature level is the first level, it is determined that there are at least two signature agencies that authorize the signature level;
  • the signature level is the second level or the third level, it is determined that the signature authority authorized by the signature level includes one.
  • the embodiment of this specification also provides a signature device based on secure multi-party calculation, including:
  • the transaction data acquisition module is used to acquire transaction data, and generate a transaction hash using preset rules for the transaction data;
  • a signature level determination module configured to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold
  • a signature authority determination module configured to determine a signature authority based on the signature level, the signature authority being a trusted authority that signs the transaction data;
  • the signature verification module is configured to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client separately store private key fragments, including:
  • the key generation module is used to generate at least two pairs of asymmetric keys during the registration process
  • the fragment obtaining module is used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
  • the fragment saving module is configured to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
  • the signature level determination module includes:
  • the first determining unit is configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
  • the second determining unit is configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
  • the signature level determination module further includes:
  • the third determining unit is configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
  • the embodiments of this specification provide a signature device based on secure multi-party computing, including a processor and a memory for storing processor-executable instructions.
  • the implementation includes the following steps:
  • determining a signature authority which is a trusted authority that signs the transaction data
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the embodiments of this specification provide a signature system based on secure multi-party computing, including at least one processor and a memory storing computer-executable instructions.
  • the processor implements the instructions described in any one of the foregoing embodiments when executing the instructions. Method steps.
  • the embodiment of this specification provides a signature method, device, and system based on secure multi-party computing. At least two pairs of asymmetric keys are generated when applying for registration, and then the private key in the key is segmented and saved to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client
  • the private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification
  • FIG. 2 is a schematic flowchart of an embodiment of key processing in the application registration process provided in this specification
  • FIG. 3 is a schematic structural diagram of an embodiment in which a private key sharding party needs to be provided for a small amount signature based on secure multi-party calculation provided in this specification;
  • FIG. 4 is a schematic flow chart of an embodiment of small-amount signature authentication based on secure multi-party computing provided in this specification
  • FIG. 5 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for a medium signature based on secure multi-party calculation provided in this specification;
  • FIG. 6 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for large-amount signature based on secure multi-party calculation provided in this specification;
  • FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification
  • FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification.
  • the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces.
  • the organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process.
  • this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
  • At least two pairs of asymmetric keys are generated during the registration application, and then the private key in the key is segmented and saved to multiple trusted third-party institutions and users
  • the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signing authority, and then use the private key shards saved by the signature authority and the private key shards saved by the client Perform signature verification based on secure multi-party calculations on transaction data to achieve dynamic multi-key simultaneous signatures.
  • the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification.
  • this specification provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps after partial combination based on conventional or no creative labor. Or modular unit.
  • steps or structures where there is no necessary causal relationship logically the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the embodiments of this specification or the drawings.
  • Fig. 1 A specific embodiment is shown in Fig. 1.
  • the method may include:
  • S1 Obtain transaction data, and generate a transaction hash using preset rules for the transaction data.
  • Transaction data is the data information generated when the transaction party conducts a transaction, and it can at least include the transaction amount. For example, it can be online shopping or offline bill payment, etc., all including at least the transaction amount.
  • the preset rule is an algorithm that converts transaction data into transaction hash, which can be MD5 (Message-Digest Algorithm 5), SHA (Secure Hash Algorithm, secure hash algorithm), etc., or other algorithms. This manual does not limit this.
  • Hash, or HASH is called hash in mathematics. It is like a fingerprint of data. The form of expression can be expressed by a string of letters, numbers or other symbols.
  • Transaction HASH is a character segment that can mark transaction data, which is generally a voucher for transaction.
  • the transaction data is generated using a preset algorithm to generate a transaction hash, that is, the transaction data is converted into a character string marking the transaction data, which provides a basis for further signature verification.
  • the trusted organization and the client separately store private key fragments, including: generating at least two pairs of asymmetric keys during the registration process, and combining the private key in the asymmetric key Key segmentation to obtain the first segment of the private key and the second segment of the private key, store the first segment of the private key in the trusted authority, and store the second segment of the private key in the Client.
  • storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes: storing the first fragment of different private keys in different In the trust organization, the second fragments of different private keys are stored in different hardware areas of the client, where the signature levels authorized by different trusted organizations may be different.
  • two pairs of asymmetric keys A and B are generated during the registration process, and the private keys SKA and SKB of the two pairs of keys are split to obtain SKA1 and SKB respectively.
  • SKA2, SKB1 and SKB2 and then part of the split private key (SKA1, SKB1) is kept in the secure storage area inside the trusted organization, and the other part (SKA2, SKB2) is safely distributed to users.
  • Put the private key fragments into different security areas of the client such as the SIM (Subscriber Identity Module) card of the mobile phone and the TEE (Trust Execution Environment) of the mobile phone CPU.
  • SIM Subscriber Identity Module
  • TEE Titan Execution Environment
  • the arrow of private key A segment 1 pointing to trusted organization 1 means that private key A segment 1 is saved to trusted organization 1.
  • the arrow of private key B segment 1 pointing to trusted organization 2 means that the private key B segment 1 is saved to trusted institution 2.
  • the arrow pointing to the SIM of the private key A segment 2 indicates that the private key A segment 2 is stored in the secure area of the SIM card on the mobile device (mobile phone); similarly, the private key B segment 2 is secured by the TEE in the mobile device (mobile phone) CPU Area to save.
  • the trusted institution 1 points to the SIM card, it means that the trusted institution 1 interacts with the SIM card; in the same way, the trusted institution 2 points to the TEE means that the trusted institution 2 interacts with the TEE. In this way, by storing the two private keys in different hardware security areas, it is more difficult for hackers to crack two different security hardware at the same time, which can increase security.
  • the application registration process can be completed by the user interacting with trusted institutions 1 and 2 through the mobile phone wallet APP agent.
  • wallets are generally developed by third parties.
  • the wallet can be provided by a transaction institution or by one of the trusted institutions.
  • the transaction function is also integrated in the wallet function to facilitate users to implement transactions.
  • the above-mentioned two pairs of asymmetric keys generated during the registration application process are merely illustrative. In specific implementation, more than two pairs of asymmetric keys can be generated during the registration process mentioned above.
  • the processing method is similar to the processing method of generating two pairs of keys.
  • the specific implementation method can refer to the method of generating two pairs of keys. The description of the processing embodiments will not be repeated here.
  • the trusted institution and the user client are required to provide the private key fragments they hold together to perform specific transaction data processing. For example, it is necessary to use the private key shards kept by two trusted institutions and the private key shards kept by the client at the same time to call the fund data in the user's account and complete the transaction. Since the possibility of two third-party trusted institutions being compromised at the same time is very low, by introducing two trusted third-party institutions at the same time, even if the third party steals the private key fragments kept by a trusted institution and the client respectively , It is also impossible to call the user's account, which can greatly improve the security of the user's transaction data processing.
  • the foregoing client can be specifically understood as a client device that stores the user's private key fragments.
  • it may be a mobile phone or tablet that was previously used by the user or previously bound to the user's account.
  • the above-mentioned trusted organization can be understood as a system that stores user private key fragments.
  • it may be a banking system or management system that was previously used by the user or previously bound to the user's account.
  • the clients and trusted institutions listed above are only schematic illustrations.
  • the aforementioned client may also be other types of electronic equipment, or a software program running in the aforementioned electronic equipment, etc., and the aforementioned trusted institution may also be other transaction systems. This manual does not limit the specific forms and types of clients and trusted institutions.
  • multiple trusted institutions can be introduced, and when the client saves multiple private key fragments, they can be stored through software processing. To different security areas; for different trusted institutions, different signature levels can be granted according to the actual situation. For example, in some embodiments, two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
  • S2 Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold.
  • the first threshold may be preset according to actual transactions, or may be preset according to customer needs.
  • the signature level can be understood as the security level of the transaction amount.
  • the signature level can be divided into two levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the transaction When the amount is less than the first threshold, it is determined that the signature level of the transaction data is the second level.
  • a limit can be set in advance. When the transaction limit is greater than or equal to the limit, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction limit is less than the limit, the signature level of the transaction can be determined Belongs to the second level, that is, small signatures.
  • the user presets the bank's transaction limit as 1000. When the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is less than 1000, it is a small-value signature and only one institution is required. The signature verification is sufficient.
  • the signature level can be divided into three levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the When the transaction amount is less than the first threshold, the signature level of the transaction data is determined to be the second level, and when the transaction amount is less than the second threshold, the signature level of the transaction data is determined to be the third level, and the first The second threshold is less than the first threshold.
  • two quotas can be set in advance (the first quota is greater than the second quota).
  • the transaction quota When the transaction quota is greater than or equal to the first quota, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction quota is greater than When it is equal to the second amount and less than the first amount, it can be determined that the signature level of the transaction belongs to the second level, that is, the middle amount signature; when the transaction amount is less than the second amount, it can be determined that the signature level of the transaction belongs to the third level, that is Sign a small amount.
  • the user presets the bank’s transaction limits as 1000 and 500.
  • the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is greater than or equal to 500 and less than 1000, it belongs to A medium-value signature requires an institution to perform signature verification; when the transaction amount is less than 500, it is a small-value signature and requires an institution to perform signature verification. In this way, when large-value transactions are carried out, even if the key fragments of individuals and an organization are stolen, the security of assets can be effectively protected.
  • the transaction quota corresponding to the first level is greater than the transaction quota corresponding to the second level
  • the transaction quota corresponding to the second level is greater than the transaction quota corresponding to the third level.
  • the above-mentioned signature levels of two or three levels are merely illustrative. In specific implementation, the above-mentioned signature levels can also be divided into other levels according to actual needs, and this specification does not limit this.
  • S3 Based on the signature level, a signature authority is determined, and the signature authority is a trusted authority that signs the transaction data.
  • the signature agency is a trusted agency that signs the transaction data, and the signature levels authorized by different trusted agencies can be different, when the transaction data is determined according to the relationship between the transaction amount and the first threshold in the transaction data In the signature level, the signature authority required for signature verification of the current transaction can be determined according to the signature levels authorized by different trusted institutions.
  • the signature level when the signature level is divided into two levels, and the signature level is determined to be the first level, it can be determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it can be determined that the signature authority authorized by the signature level includes one.
  • the signature level is preset to two levels, when the signature level is a large-value signature, at least two trusted institutions authorized to perform large-value signatures are required to perform signature verification at the same time; In the case of small-value signatures, only a trusted organization authorized to perform small-value signatures can perform signature verification.
  • the signature level when the signature level is divided into three levels, and the signature level is determined to be the first level, it is determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it is determined that the signature level authorized to include one signature authority; when the signature level is determined to be the third level, it is determined that the signature level authorized includes one signature authority.
  • the signature level is preset to three levels
  • at least two trusted institutions authorized to perform large-value signatures are required to perform signature authentication
  • when the signature level is a medium-value signature only A trusted organization authorized to perform medium-value signatures can perform signature verification
  • when the signature level is a small-value signature only a trusted organization authorized to perform small-value signatures can perform signature verification.
  • the signature levels authorized by different trusted institutions can be different or the same, and this specification does not limit this.
  • two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
  • S4 Perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority and the client The terminals respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • Secure Multi-Party Computation is a collaborative computing problem that solves the privacy protection of a group of untrusted parties. It can be abstractly understood as: multiple parties holding their own private data to execute together A function (such as calculating the maximum value), and obtain the calculation result, but in the process, each party participating in the process will not leak their own data. Signature verification can also be understood as transaction signature.
  • Transaction signature is to digitally sign the transaction, that is, to digitally sign the transaction data packet (block) composed of transaction information, including transaction information such as the trader, amount, time, etc., generally initiated by the transaction (Usually the transferer of the asset) signature, and digital signature (also known as public key digital signature, electronic signature, etc.) is a kind of ordinary physical signature similar to that written on paper, but it uses technology in the field of public key encryption Implementation, a method used to identify digital information.
  • digital signatures use public and private keys, the private key is used for signature, and the public key is used for verification.
  • RSA Raster-Shamir-Adleman, an asymmetric encryption algorithm
  • DSA Digital Signature Algorithm, digital signature algorithm
  • ECDSA Elliptic Curve Digital Signature Algorithm, elliptic curve digital signature
  • the private key in the asymmetric key is then divided to obtain the first segment of the private key and the second segment of the private key. Save the first fragment of the private key in a trusted institution, and save the second fragment of the private key in the client.
  • the first shards of different private keys are stored in different trusted institutions, and the second shards of different private keys are stored in different hardware areas of the client, so according to the relationship between the transaction amount and the first threshold in the transaction data .
  • After determining the signature level of the transaction data, and determining the final signature authority required according to the corresponding relationship between the signature level and the signature authority it can be based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client , Perform signature verification based on secure multi-party calculation on the transaction hash.
  • the required signature agency is determined to be agency 1, and then the private key saved by agency 1 is used to split and The private key saved by the client is sharded to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a medium signature, it is determined that the required signature institution is institution 2, and the institution 2 is used The saved private key shards and the private key shards saved on the client side are used to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a large-value signature, the required signature agency is determined to be an agency 1 and Institution 2, use the private key fragments saved by institution 1, the private key fragments saved by institution 2, and the private key fragments saved by the client, and simultaneously sign the transaction hash based on secure multi-party calculations Certification.
  • the private key segment is composed of partial sub-private keys generated based on segmenting the asymmetric key.
  • the signature level is preset to three levels: small-value signature, medium-value signature, and large-value signature.
  • Institution 1 performs small-value signature verification
  • institution 2 performs medium-value signature verification.
  • Large-value transactions require two institutions to sign and verify at the same time.
  • two pairs of asymmetric keys A and B are generated during the registration process, and the private keys in the two pairs of keys are split to obtain private key A segment 1 and private key A segment 2, respectively.
  • B segment 1 and private key B segment 2 then save the split private key A segment 1 in organization 1, private key B segment 1 in organization 2, private key A segment 2 and
  • the private key B segment 2 is stored in the user's mobile phone, and the organization that chooses to sign the transaction may be different depending on the transaction amount.
  • Figure 3 is a schematic diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a small signature based on secure multi-party computing.
  • the manual provides a schematic flow diagram of an embodiment of small-amount signature authentication based on secure multi-party computing.
  • FIG. 5 is a schematic structural diagram of an embodiment of the private key sharding party that needs to provide a private key for a small-value signature based on secure multi-party computing provided in this specification.
  • Fig. 6 is a schematic structural diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a large-value signature based on secure multi-party calculation.
  • the embodiment of this specification provides a signature method based on secure multi-party calculation, which generates at least two pairs of asymmetric keys during registration application, and then divides the private key in the key and saves it to multiple trusted third-party institutions and In different hardware areas of the user client, when the transaction is actually performed, the transaction amount is compared with the preset threshold to determine the signature level of the transaction and the signature authority, and then use the private key saved by the signature authority to shard and the client save Private key sharding performs signature verification based on secure multi-party calculations on transaction data, realizing dynamic multi-key simultaneous signing.
  • the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • one or more embodiments of this specification also provide a signature device based on secure multi-party computing.
  • the described devices may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc., which use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices.
  • the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated.
  • unit or “module” can be a combination of software and/or hardware that implements predetermined functions.
  • devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived.
  • FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification.
  • a signature device based on secure multi-party computing provided in this specification may include: Transaction data acquisition module 121, signature level determination module 122, signature authority determination module 123, signature verification module 124.
  • the transaction data obtaining module 121 may be used to obtain transaction data, and generate a transaction hash using preset rules for the transaction data;
  • the signature level determining module 122 may be used to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
  • the signature authority determining module 123 may be used to determine a signature authority based on the signature level, where the signature authority is a trusted authority that signs the transaction data;
  • the signature verification module 124 can be used to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client.
  • the trust agency and the client respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client separately store private key fragments, which may include:
  • the key generation module can be used to generate at least two pairs of asymmetric keys during the registration process
  • the fragment obtaining module can be used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
  • the fragment saving module may be used to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
  • the signature level determining module 122 may include:
  • the first determining unit may be configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
  • the second determining unit may be configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
  • the signature level determining module 122 may further include:
  • the third determining unit may be configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment, and for the specific implementation manner, refer to the description of the related method embodiment, which is not repeated here.
  • this specification also provides a signature device based on secure multi-party computing, which includes a processor and a memory for storing processor-executable instructions. When the instructions are executed by the processor, the implementation includes the following steps:
  • a signature authority Based on the signature level, determine a signature authority, where the signature authority is a trusted authority that signs the transaction data;
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium.
  • the storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD.
  • devices that use electrical energy to store information such as various types of memory, such as RAM, ROM, etc.
  • devices that use magnetic energy to store information such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk
  • a device that uses optical means to store information such as CD or DVD.
  • quantum memory graphene memory, and so on.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment.
  • specific implementation manners reference may be made to the description of the related method embodiments, which will not be repeated here.
  • FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification. As shown in FIG. 8, this A signature system based on secure multi-party computing provided in the specification may include a processor 131 and a memory 132 for storing executable instructions of the processor. The processor 131 and the memory 132 communicate with each other through a bus 133;
  • the processor 131 is configured to call the program instructions in the memory 132 to execute the method provided in the above-mentioned signature method based on secure multi-party computing.
  • the processor 131 includes: obtaining transaction data and using preset rules for the transaction data. Generate a transaction hash; determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold; determine the signature authority based on the signature level, and the signature authority performs the transaction data The trusted authority of the signature; based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature verification based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the system described above in the specification may also include other implementation manners based on the description of the related method embodiments.
  • specific implementation manners refer to the description of the method embodiments, which will not be repeated here.
  • the various embodiments in the present application are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments.
  • the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
  • the embodiment of this specification provides a signature device or device or system based on secure multi-party computing, which generates at least two pairs of asymmetric keys when applying for registration, and then splits the private key in the key and saves it to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client
  • the private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • a programmable logic device Programmable Logic Device, PLD
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers.
  • controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic.
  • controller in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • Computers, wearable devices, or any combination of these devices may be specifically implemented by computer chips or entities, or implemented by products with certain functions.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • the functions are divided into various modules and described separately.
  • the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. .
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Abstract

Embodiments of the description disclose a signing method, device, and system employing secure multi-party computation (SMPC). The method comprises: acquiring transaction data, and generating a transaction hash from the transaction data by using a pre-configured rule; determining a signing level of the transaction data according to a relationship between a transaction ceiling in the transaction data and a first threshold; determining a signing organization on the basis of the signing level, the signing organization being a trusted organization that signs the transaction data; and performing SMPC-based signature verification on the transaction hash on the basis of a private key slice stored by the determined signing organization and a private key slice stored by a client, wherein the trusted organization and the client respectively store the private key slices, and the private key slice consists of part of a child private key acquired by slicing an asymmetric key. The embodiments of the description eliminate security risks caused by a lost or stolen private key, and dramatically improves security of transaction.

Description

一种基于安全多方计算的签名方法、装置及系统A signature method, device and system based on secure multi-party calculation 技术领域Technical field
本说明书实施例方案属于信息安全技术领域,尤其涉及一种基于安全多方计算的签名方法、装置及系统。The solution in the embodiments of this specification belongs to the field of information security technology, and in particular relates to a signature method, device and system based on secure multi-party computing.
背景技术Background technique
安全多方计算(Secure Multi-Party Computation,MPC)是解决一组互不信任的参与方之间保护隐私的协同计算问题。其可以抽象理解为:各个参与方分别拥有各自的私有数据,在不泄漏各自私有数据的情况下,计算公共函数,且在整个函数计算完成时,各个参与方只知道计算结果,并不知道其他参与方的数据以及计算过程的中间数据。可见,将安全多方计算应用于资产交易安全以及未来数字资产的管理有着重要的作用。Secure Multi-Party Computation (MPC) is to solve the problem of collaborative computing that protects privacy between a group of untrusted parties. It can be abstractly understood as: each participant owns their own private data, and calculates the public function without leaking their private data, and when the entire function calculation is completed, each participant only knows the calculation result, and does not know the other Participants’ data and intermediate data in the calculation process. It can be seen that the application of secure multi-party computing to asset transaction security and future digital asset management has an important role.
目前,在数字资产管理、资产交易中,基于安全多方计算的动态签名办法是将非对称密钥中的私钥分成两片,机构保管一片,用户个人保管一片,只有机构和个人共同进行签名才能完成交易过程。虽然该方案可以很大程度上缓解单一密钥丢失被盗的安全问题,但是在一种极端情况:个人及机构的密钥都被盗窃时,就无法保障资产的安全。可见,现有广泛使用的非对称密钥的方案还存在很大的安全性问题。At present, in digital asset management and asset transactions, the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces. The organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process. Although this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
因此,业内亟需一种可以有效解决私钥丢失或被盗的解决方案。Therefore, the industry urgently needs a solution that can effectively solve the loss or theft of the private key.
发明内容Summary of the invention
本说明书实施例目的在于提供一种基于安全多方计算的签名方法、装置及系统,可以有效解决私钥丢失或被盗的安全隐患,大幅度提高交易安全性。The purpose of the embodiments of this specification is to provide a signature method, device, and system based on secure multi-party calculation, which can effectively solve the security risks of loss or theft of private keys, and greatly improve transaction security.
一方面本申请提供了一种基于安全多方计算的签名方法,包括:On the one hand, this application provides a signature method based on secure multi-party calculation, including:
获取交易数据,将所述交易数据利用预设规则生成交易哈希;Obtain transaction data, and generate transaction hash using preset rules for the transaction data;
根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;Based on the signature level, determining a signature authority, which is a trusted authority that signs the transaction data;
基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥 分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
本说明书提供的所述方法的另一个实施例中,所述可信机构和所述客户端分别保存有私钥分片,包括:In another embodiment of the method provided in this specification, the trusted organization and the client respectively storing private key fragments, including:
在注册过程中生成至少两对非对称密钥;Generate at least two pairs of asymmetric keys during the registration process;
将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片;Segmenting the private key in the asymmetric key to obtain the first segment of the private key and the second segment of the private key;
将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。The first fragment of the private key is stored in the trusted authority, and the second fragment of the private key is stored in the client.
本说明书提供的所述方法的另一个实施例中,所述将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端,包括:In another embodiment of the method provided in this specification, the storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes :
不同的私钥第一分片保存在不同的可信机构中,不同的私钥第二分片保存在所述客户端的不同硬件区域中,其中,不同的可信机构授权的签名等级不同。The first fragments of different private keys are stored in different trusted institutions, and the second fragments of different private keys are stored in different hardware areas of the client. Among them, the signature levels authorized by different trusted institutions are different.
本说明书提供的所述方法的另一个实施例中,所述根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级,包括:In another embodiment of the method provided in this specification, the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold includes:
当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级;When the transaction amount is greater than or equal to the first threshold, determining that the signature level of the transaction data is the first level;
当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。When the transaction amount is less than the first threshold, it is determined that the signature level of the transaction data is the second level.
本说明书提供的所述方法的另一个实施例中,所述根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级,还包括:In another embodiment of the method provided in this specification, the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold value further includes:
当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。When the transaction amount is less than a second threshold, it is determined that the signature level of the transaction data is a third level, and the second threshold is less than the first threshold.
本说明书提供的所述方法的另一个实施例中,所述基于所述签名等级,确定签名机构,包括:In another embodiment of the method provided in this specification, the determining a signature authority based on the signature level includes:
当确定所述签名等级为第一等级时,确定授权所述签名等级的签名机构至少包括两个;When it is determined that the signature level is the first level, it is determined that there are at least two signature agencies that authorize the signature level;
当确定所述签名等级为第二等级或第三等级时,确定授权所述签名等级的签名机构包括一个。When it is determined that the signature level is the second level or the third level, it is determined that the signature authority authorized by the signature level includes one.
另一方面,本说明书实施例还提供一种基于安全多方计算的签名装置,包括:On the other hand, the embodiment of this specification also provides a signature device based on secure multi-party calculation, including:
交易数据获取模块,用于获取交易数据,将所述交易数据利用预设规则生成交易哈希;The transaction data acquisition module is used to acquire transaction data, and generate a transaction hash using preset rules for the transaction data;
签名等级确定模块,用于根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;A signature level determination module, configured to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
签名机构确定模块,用于基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;A signature authority determination module, configured to determine a signature authority based on the signature level, the signature authority being a trusted authority that signs the transaction data;
签名认证模块,用于基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。The signature verification module is configured to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
本说明书提供的所述装置的另一个实施例中,所述可信机构和所述客户端分别保存有私钥分片,包括:In another embodiment of the device provided in this specification, the trusted organization and the client separately store private key fragments, including:
密钥生成模块,用于在注册过程中生成至少两对非对称密钥;The key generation module is used to generate at least two pairs of asymmetric keys during the registration process;
分片获得模块,用于将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片;The fragment obtaining module is used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
分片保存模块,用于将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。The fragment saving module is configured to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
本说明书提供的所述装置的另一个实施例中,所述签名等级确定模块,包括:In another embodiment of the device provided in this specification, the signature level determination module includes:
第一确定单元,用于当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级;The first determining unit is configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
第二确定单元,用于当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。The second determining unit is configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
本说明书提供的所述装置的另一个实施例中,所述签名等级确定模块,还包括:In another embodiment of the device provided in this specification, the signature level determination module further includes:
第三确定单元,用于当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。The third determining unit is configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
另一方面,本说明书实施例提供一种基于安全多方计算的签名设备,包括处理器及用于存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现包括以下步骤:On the other hand, the embodiments of this specification provide a signature device based on secure multi-party computing, including a processor and a memory for storing processor-executable instructions. When the instructions are executed by the processor, the implementation includes the following steps:
获取交易数据,将所述交易数据利用预设规则生成交易哈希;Obtain transaction data, and generate transaction hash using preset rules for the transaction data;
根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;Based on the signature level, determining a signature authority, which is a trusted authority that signs the transaction data;
基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
另一方面,本说明书实施例提供一种基于安全多方计算的签名系统,包括至少一个处理器以及存储计算机可执行指令的存储器,所述处理器执行所述指令时实现上述任意一个实施例所述方法的步骤。On the other hand, the embodiments of this specification provide a signature system based on secure multi-party computing, including at least one processor and a memory storing computer-executable instructions. The processor implements the instructions described in any one of the foregoing embodiments when executing the instructions. Method steps.
本说明书实施例提供的一种基于安全多方计算的签名方法、装置及系统,在注册申请时生成至少两对非对称密钥,然后对密钥中私钥进行切分保存到多个可信任的第三方机构以及用户客户端中,在实际进行交易时,通过将交易额度与预先设置的阈值进行比较,确定交易的签名等级以及签名机构,然后利用签名机构保存的私钥分片和客户端保存的私钥分片对交易数据进行基于安全多方计算的签名认证,实现动态多密钥同时签名。这样,由于多个第三方机构同时被攻破的可能性非常低,所以采用本说明书提供的实施方案,可以在实现动态多密钥签名的同时,有效解决私钥丢失或被盗的安全隐患,极大地提高交易安全性。The embodiment of this specification provides a signature method, device, and system based on secure multi-party computing. At least two pairs of asymmetric keys are generated when applying for registration, and then the private key in the key is segmented and saved to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client The private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of this specification or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.
图1是本说明书提供的一种基于安全多方计算的签名方法的一个实施例的流程示意图;FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification;
图2是本说明书提供的申请注册过程中密钥处理的一个实施例的流程示意图;FIG. 2 is a schematic flowchart of an embodiment of key processing in the application registration process provided in this specification;
图3是本说明书提供的基于安全多方计算进行小额签名需提供私钥分片方的一个实施例的结构示意图;FIG. 3 is a schematic structural diagram of an embodiment in which a private key sharding party needs to be provided for a small amount signature based on secure multi-party calculation provided in this specification;
图4是本说明书提供的基于安全多方计算进行小额签名认证的一个实施例的概要流程示意图;FIG. 4 is a schematic flow chart of an embodiment of small-amount signature authentication based on secure multi-party computing provided in this specification;
图5是本说明书提供的基于安全多方计算进行中额签名需提供私钥分片方的一个实施例的结构示意图;FIG. 5 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for a medium signature based on secure multi-party calculation provided in this specification;
图6是本说明书提供的基于安全多方计算进行大额签名需提供私钥分片方的一个实施例的结构示意图;FIG. 6 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for large-amount signature based on secure multi-party calculation provided in this specification;
图7是本说明书提供的一种基于安全多方计算的签名装置的一个实施例的模块结构示意图;FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification;
图8是本说明书提供的一种基于安全多方计算的签名系统的一个实施例的模块结构示意图。FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书中的一部分实施例,而不是全部的实施例。基于本说明书中的一个或多个实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书实施例保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on one or more embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the embodiments of this specification.
目前,在数字资产管理、资产交易中,基于安全多方计算的动态签名办法是将非对称密钥中的私钥分成两片,机构保管一片,用户个人保管一片,只有机构和个人共同进行签名才能完成交易过程。虽然该方案可以很大程度上缓解单一密钥丢失被盗的安全问题,但是在一种极端情况:个人及机构的密钥都被盗窃时,就无法保障资产的安全。可见,现有的广泛使用的非对称密钥的方案还存在很大的安全性问题。At present, in digital asset management and asset transactions, the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces. The organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process. Although this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
相应的,本说明书提供的一个或多个实施方案中,在注册申请时生成至少两对非对称密钥,然后对密钥中私钥进行切分保存到多个可信任的第三方机构以及用户客户端中,在实际进行交易时,通过将交易额度与预先设置的阈值进行比较,确定交易的签名等级以及签名机构,然后利用签名机构保存的私钥分片和客户端保存的私钥分片对交易数据进行基于安全多方计算的签名认证,实现动态多密钥同时签名。这样,由于多个第三方机构同时被攻破的可能性非常低,所以采用本说明书提供的实施方案,可以在实现动态多密钥签名的同时,有效解决私钥丢失或被盗的安全隐患,极大地提高交易安全性。Correspondingly, in one or more implementations provided in this specification, at least two pairs of asymmetric keys are generated during the registration application, and then the private key in the key is segmented and saved to multiple trusted third-party institutions and users In the client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signing authority, and then use the private key shards saved by the signature authority and the private key shards saved by the client Perform signature verification based on secure multi-party calculations on transaction data to achieve dynamic multi-key simultaneous signatures. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
下面以一个具体的应用场景为例对本说明书实施方案进行说明。具体的,图1是本说明书提供的一种基于安全多方计算的签名方法的一个实施例的流程示意图。虽然本说明书提供了如下述实施例或附图所示的方法操作步骤或装置结构,但基于常规或者无需创造性的劳动在所述方法或装置中可以包括更多或者部分合并后更少的操作步骤或模块单元。在逻辑性上不存在必要因果关系的步骤或结构中,这些步骤的执行顺序或装置的模块结构不限于本说明书实施例或附图所示的执行顺序或模块结构。所述的方法或模块结构的在实际中的装置、服务器或终端产品应用时,可以按照实施例或者附图所示的方法或模块结构进行顺序执行或者并行执行(例如并行处理器或者多线程处理的环境、甚至包括分布式处理、服务器集群的实施环境)。The following takes a specific application scenario as an example to describe the implementation of this specification. Specifically, FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification. Although this specification provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps after partial combination based on conventional or no creative labor. Or modular unit. In steps or structures where there is no necessary causal relationship logically, the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the embodiments of this specification or the drawings. When the described method or module structure is applied to an actual device, server or terminal product, it can be executed sequentially or in parallel according to the method or module structure shown in the embodiments or drawings (for example, parallel processor or multi-threaded processing). Environment, even including distributed processing, server cluster implementation environment).
当然,下述实施例的描述并不对基于本说明书的其他可扩展到的技术方案构成限制。Of course, the description of the following embodiments does not limit other expandable technical solutions based on this specification.
具体的一种实施例如图1所示,本说明书提供的一种基于安全多方计算的签名方法的一种实施例中,所述方法可以包括:A specific embodiment is shown in Fig. 1. In an embodiment of a signature method based on secure multi-party computation provided in this specification, the method may include:
S1:获取交易数据,将所述交易数据利用预设规则生成交易哈希。S1: Obtain transaction data, and generate a transaction hash using preset rules for the transaction data.
交易数据是交易方进行交易时所产生的数据信息,至少可以包括交易额度。例如,可以是线上购物或者支付线下账单等,都至少包括交易金额。预设规则是将交易数据转换为交易哈希的算法,可以是MD5(Message-Digest Algorithm 5,消息摘要算法)、SHA(Secure Hash Algorithm,安全散列算法)等算法,也可以是其他算法,本说明书对此不作限制。哈希,即HASH,在数学上的概念叫散列,它就像是数据的指纹,表现形式可以采用一串字母、数字或者其他符号来表达。交易HASH是可以标记交易数据的字符段,通俗来讲就是交易的凭证。Transaction data is the data information generated when the transaction party conducts a transaction, and it can at least include the transaction amount. For example, it can be online shopping or offline bill payment, etc., all including at least the transaction amount. The preset rule is an algorithm that converts transaction data into transaction hash, which can be MD5 (Message-Digest Algorithm 5), SHA (Secure Hash Algorithm, secure hash algorithm), etc., or other algorithms. This manual does not limit this. Hash, or HASH, is called hash in mathematics. It is like a fingerprint of data. The form of expression can be expressed by a string of letters, numbers or other symbols. Transaction HASH is a character segment that can mark transaction data, which is generally a voucher for transaction.
本说明书一个实施例中,通过获取交易数据,将所述交易数据利用预先设定的算法生成交易哈希,即将交易数据转换为标记交易数据的字符串,为进一步进行签名认证提供基础。In one embodiment of this specification, by acquiring transaction data, the transaction data is generated using a preset algorithm to generate a transaction hash, that is, the transaction data is converted into a character string marking the transaction data, which provides a basis for further signature verification.
本说明书一个实施例中,所述可信机构和所述客户端分别保存有私钥分片,包括:在注册过程中生成至少两对非对称密钥,将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片,将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。其中,将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端,包括:不同的私钥第一分片保存在不同的可信机构中,不同的私钥第二分片保存在所述客户端的不同硬件区域中,其中,不同的可信机构授权的签名等级可以不同。In an embodiment of this specification, the trusted organization and the client separately store private key fragments, including: generating at least two pairs of asymmetric keys during the registration process, and combining the private key in the asymmetric key Key segmentation to obtain the first segment of the private key and the second segment of the private key, store the first segment of the private key in the trusted authority, and store the second segment of the private key in the Client. Wherein, storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes: storing the first fragment of different private keys in different In the trust organization, the second fragments of different private keys are stored in different hardware areas of the client, where the signature levels authorized by different trusted organizations may be different.
具体的,以生成两对密钥为例,在申请注册过程中生成两对非对称密钥A和B,同时将这两对密钥中的私钥SKA,SKB进行切分,分别得到SKA1和SKA2,SKB1和SKB2,然后将切分后私钥的一部分(SKA1,SKB1)保留在可信机构内部的安全存储区域,把另外的一部分(SKA2,SKB2)安全的分发给用户,用户分别将两把私钥分片放到客户端不同的安全区域,比如手机的SIM(Subscriber Identity Module,用户身份模块)卡和手机CPU的TEE(Trust Execution Environment,可信执行环境)中。如图2所示,图2是本说明书提供的申请注册过程中密钥处理的一个实施例的流程示意图。其中,私钥A分片1指向可信机构1的箭头表示将私钥A分片1保存到可信机构1;同理,私钥B分片1指向可信机构2的箭头表示将私钥B分片1保存到可信机构2。私钥A分片2指向SIM的箭头表示私钥A分片 2在移动设备(手机)端由SIM卡安全区保存;同理,私钥B分片2由移动设备(手机)CPU中TEE安全区保存。可信机构1指向SIM卡表示可信机构1与SIM卡进行交互;同理,可信机构2指向TEE表示可信机构2与TEE进行交互。这样通过将两个私钥分片存放到不同的硬件安全区,黑客要同时破解两个不同的安全硬件,难度就比较大,从而可以增加安全性。Specifically, taking the generation of two pairs of keys as an example, two pairs of asymmetric keys A and B are generated during the registration process, and the private keys SKA and SKB of the two pairs of keys are split to obtain SKA1 and SKB respectively. SKA2, SKB1 and SKB2, and then part of the split private key (SKA1, SKB1) is kept in the secure storage area inside the trusted organization, and the other part (SKA2, SKB2) is safely distributed to users. Put the private key fragments into different security areas of the client, such as the SIM (Subscriber Identity Module) card of the mobile phone and the TEE (Trust Execution Environment) of the mobile phone CPU. As shown in Fig. 2, Fig. 2 is a schematic flowchart of an embodiment of key processing in the registration application process provided in this specification. Among them, the arrow of private key A segment 1 pointing to trusted organization 1 means that private key A segment 1 is saved to trusted organization 1. Similarly, the arrow of private key B segment 1 pointing to trusted organization 2 means that the private key B segment 1 is saved to trusted institution 2. The arrow pointing to the SIM of the private key A segment 2 indicates that the private key A segment 2 is stored in the secure area of the SIM card on the mobile device (mobile phone); similarly, the private key B segment 2 is secured by the TEE in the mobile device (mobile phone) CPU Area to save. If the trusted institution 1 points to the SIM card, it means that the trusted institution 1 interacts with the SIM card; in the same way, the trusted institution 2 points to the TEE means that the trusted institution 2 interacts with the TEE. In this way, by storing the two private keys in different hardware security areas, it is more difficult for hackers to crack two different security hardware at the same time, which can increase security.
需要说明的是,申请注册过程可以是用户通过手机端钱包APP代理与可信机构1、2交互完成的。其中,钱包一般由第三方开发。一些实施例中,钱包可以由一个交易机构提供,也可以由可信机构中的一个提供。钱包功能中一般也会集成交易功能,以方便用户实施交易。It should be noted that the application registration process can be completed by the user interacting with trusted institutions 1 and 2 through the mobile phone wallet APP agent. Among them, wallets are generally developed by third parties. In some embodiments, the wallet can be provided by a transaction institution or by one of the trusted institutions. Generally, the transaction function is also integrated in the wallet function to facilitate users to implement transactions.
此外,上述所列举的在申请注册过程中生成两对非对称密钥只是一种示意性说明。具体实施时,上述在申请注册过程中还可以生成多于两对非对称密钥等等,其处理方式与生成两对密钥的处理方式类似,具体的实现方式可以参照生成两对密钥的处理实施例的描述,在此不作一一赘述。In addition, the above-mentioned two pairs of asymmetric keys generated during the registration application process are merely illustrative. In specific implementation, more than two pairs of asymmetric keys can be generated during the registration process mentioned above. The processing method is similar to the processing method of generating two pairs of keys. The specific implementation method can refer to the method of generating two pairs of keys. The description of the processing embodiments will not be repeated here.
进一步地,后续在响应用户指令,进行交易数据处理时,需要可信机构和用户客户端一起提供各自所保管的私钥分片,才能进行具体的交易数据处理。例如,需要同时利用两个可信机构保管的私钥分片和客户端保管的私钥分片,才能调用用户的账户中的资金数据,完成交易。由于两个第三方可信机构同时被攻破的可能性非常低,所以通过同时引入了两个可信任的第三方机构,即使第三方窃取到了一个可信机构和客户端各自保管的私钥分片,也无法调用用户的账户,从而可以大幅度提高用户的交易数据处理的安全性。Further, in the subsequent processing of transaction data in response to user instructions, the trusted institution and the user client are required to provide the private key fragments they hold together to perform specific transaction data processing. For example, it is necessary to use the private key shards kept by two trusted institutions and the private key shards kept by the client at the same time to call the fund data in the user's account and complete the transaction. Since the possibility of two third-party trusted institutions being compromised at the same time is very low, by introducing two trusted third-party institutions at the same time, even if the third party steals the private key fragments kept by a trusted institution and the client respectively , It is also impossible to call the user's account, which can greatly improve the security of the user's transaction data processing.
上述客户端具体可以理解为一种保存有用户私钥分片的客户端设备。例如,可以是用户之前使用的,或者之前绑定了用户的账户的手机或平板电脑等。上述可信机构可以理解为一种保存有用户私钥分片的系统。例如,可以是用户之前使用的,或者之前绑定了用户的账户的银行系统或管理系统等。当然,需要说明的是,上述所列举的客户端、可信机构只是一种示意性说明。具体实施时,上述客户端还可以是其他类型的电子设备,或者运行于上述电子设备中的软件程序等等,上述可信机构还可以是其他交易系统。对于客户端、可信机构的具体形式、类型,本说明书不作限定。The foregoing client can be specifically understood as a client device that stores the user's private key fragments. For example, it may be a mobile phone or tablet that was previously used by the user or previously bound to the user's account. The above-mentioned trusted organization can be understood as a system that stores user private key fragments. For example, it may be a banking system or management system that was previously used by the user or previously bound to the user's account. Of course, it should be noted that the clients and trusted institutions listed above are only schematic illustrations. In a specific implementation, the aforementioned client may also be other types of electronic equipment, or a software program running in the aforementioned electronic equipment, etc., and the aforementioned trusted institution may also be other transaction systems. This manual does not limit the specific forms and types of clients and trusted institutions.
此外,本说明书实施例中,在注册申请过程中生成多对非对称密钥时,可以引入多个的可信机构,而对于客户端保存多个私钥分片时可以通过软件处理将其存放到不同的安全区域;对于不同的可信机构,可以根据实际情况授予不同的签名等级。比如,一些 实施例中,引入两个可信机构,可以预先设定可信机构1进行较小额度的交易认证,可信机构2进行较大额签名认证,而巨额交易需要两个可信机构同时签名认证。另一些实施例中,引入两个可信机构,可以设定两个可信机构有相同的签名等级,在小额交易的时候随机选择一个可信机构进行认证,交易金额较大时需要两个可信机构同时签名认证。In addition, in the embodiments of this specification, when multiple pairs of asymmetric keys are generated during the registration application process, multiple trusted institutions can be introduced, and when the client saves multiple private key fragments, they can be stored through software processing. To different security areas; for different trusted institutions, different signature levels can be granted according to the actual situation. For example, in some embodiments, two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
S2:根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级。S2: Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold.
第一阈值可以根据实际交易预先设定,也可以根据客户需求预先设定。签名等级可以理解为交易金额安全等级。The first threshold may be preset according to actual transactions, or may be preset according to customer needs. The signature level can be understood as the security level of the transaction amount.
本说明书一个实施例中,签名等级根据实际场景可以分为两级,即当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级,当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。具体的,可以预先设置一个额度,当交易额度大于等于该额度时,可以确定该交易的签名等级属于第一等级,即大额签名;当交易额度小于该额度时,可以确定该交易的签名等级属于第二等级,即小额签名。例如,用户预先设定银行的交易额度为1000,当交易金额超过1000时,就属于大额签名,需要多方机构进行签名认证;当交易金额小于1000时,则属于小额签名,只需要一个机构进行签名认证即可。In an embodiment of this specification, the signature level can be divided into two levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the transaction When the amount is less than the first threshold, it is determined that the signature level of the transaction data is the second level. Specifically, a limit can be set in advance. When the transaction limit is greater than or equal to the limit, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction limit is less than the limit, the signature level of the transaction can be determined Belongs to the second level, that is, small signatures. For example, the user presets the bank's transaction limit as 1000. When the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is less than 1000, it is a small-value signature and only one institution is required. The signature verification is sufficient.
本说明书另一个实施例中,签名等级根据实际场景可以分为三级,即当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级,当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级,当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。具体的,可以预先设置两个额度(第一额度大于第二额度),当交易额度大于等于第一额度时,可以确定该交易的签名等级属于第一等级,即大额签名;当交易额度大于等于第二额度且小于第一额度时,可以确定该交易的签名等级属于第二等级,即中额签名;当交易额度小于第二额度时,可以确定该交易的签名等级属于第三等级,即小额签名。例如,用户预先设定银行的交易额度为1000和500,当某次交易金额超过1000时,就属于大额签名,需要多方机构进行签名认证;当交易金额大于等于500且小于1000时,则属于中额签名,需要一个机构进行签名认证;当交易金额小于500时,则属于小额签名,需要一个机构进行签名认证。这样,在进行大额交易时,即使个人及一个机构的密钥分片都被盗窃,也可以有效保障资产的安全。In another embodiment of this specification, the signature level can be divided into three levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the When the transaction amount is less than the first threshold, the signature level of the transaction data is determined to be the second level, and when the transaction amount is less than the second threshold, the signature level of the transaction data is determined to be the third level, and the first The second threshold is less than the first threshold. Specifically, two quotas can be set in advance (the first quota is greater than the second quota). When the transaction quota is greater than or equal to the first quota, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction quota is greater than When it is equal to the second amount and less than the first amount, it can be determined that the signature level of the transaction belongs to the second level, that is, the middle amount signature; when the transaction amount is less than the second amount, it can be determined that the signature level of the transaction belongs to the third level, that is Sign a small amount. For example, the user presets the bank’s transaction limits as 1000 and 500. When the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is greater than or equal to 500 and less than 1000, it belongs to A medium-value signature requires an institution to perform signature verification; when the transaction amount is less than 500, it is a small-value signature and requires an institution to perform signature verification. In this way, when large-value transactions are carried out, even if the key fragments of individuals and an organization are stolen, the security of assets can be effectively protected.
需要说明的是,第一等级对应的交易额度大于第二等级对应的交易额度,第二等级对应的交易额度大于第三等级对应的交易额度。此外,上述所列举的签名等级为二级或三级只是一种示意性说明,具体实施时,上述签名等级还可以根据实际需求分为其他等级,本说明书对此不作限定。It should be noted that the transaction quota corresponding to the first level is greater than the transaction quota corresponding to the second level, and the transaction quota corresponding to the second level is greater than the transaction quota corresponding to the third level. In addition, the above-mentioned signature levels of two or three levels are merely illustrative. In specific implementation, the above-mentioned signature levels can also be divided into other levels according to actual needs, and this specification does not limit this.
S3:基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构。S3: Based on the signature level, a signature authority is determined, and the signature authority is a trusted authority that signs the transaction data.
由于签名机构是对所述交易数据进行签名的可信机构,而不同的可信机构授权的签名等级可以不同,所以当根据交易数据中交易额度与第一阈值的关系确定了所述交易数据的签名等级时,可以根据不同可信机构所授权的签名等级来确定当前交易进行签名认证所需的签名机构。Since the signature agency is a trusted agency that signs the transaction data, and the signature levels authorized by different trusted agencies can be different, when the transaction data is determined according to the relationship between the transaction amount and the first threshold in the transaction data In the signature level, the signature authority required for signature verification of the current transaction can be determined according to the signature levels authorized by different trusted institutions.
本说明书一下实施例中,当签名等级分为两级,且确定所述签名等级为第一等级时,则可以确定授权所述签名等级的签名机构至少包括两个;当确定所述签名等级为第二等级时,则可以确定授权所述签名等级的签名机构包括一个。具体的,在交易过程中,假设签名等级预先设定为两级,则当签名等级属于大额签名时,需要至少两个授权可以进行大额签名的可信机构同时进行签名认证;当签名等级属于小额签名时,只需要一个授权可以进行小额签名的可信机构就可以进行签名认证。In the following embodiment of this specification, when the signature level is divided into two levels, and the signature level is determined to be the first level, it can be determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it can be determined that the signature authority authorized by the signature level includes one. Specifically, in the transaction process, assuming that the signature level is preset to two levels, when the signature level is a large-value signature, at least two trusted institutions authorized to perform large-value signatures are required to perform signature verification at the same time; In the case of small-value signatures, only a trusted organization authorized to perform small-value signatures can perform signature verification.
本说明书另一下实施例中,当签名等级分为三级,且确定所述签名等级为第一等级时,则确定授权所述签名等级的签名机构至少包括两个;当确定所述签名等级为第二等级时,则确定授权所述签名等级的签名机构包括一个;当确定所述签名等级为第三等级时,则确定授权所述签名等级的签名机构包括一个。具体的,假设签名等级预先设定为三级,当签名等级属于大额签名时,需要至少两个授权可以进行大额签名的可信机构进行签名认证;当签名等级属于中额签名时,只需要一个授权可以进行中额签名的可信机构就可以进行签名认证;当签名等级属于小额签名时,只需要一个授权可以进行小额签名的可信机构就可以进行签名认证。这样,在交易过程中通过根据交易金额确定签名等级,然后利用签名等级与签名机构的对应关系确定最终所需的签名机构,可以有效保障资产的安全。In another embodiment of this specification, when the signature level is divided into three levels, and the signature level is determined to be the first level, it is determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it is determined that the signature level authorized to include one signature authority; when the signature level is determined to be the third level, it is determined that the signature level authorized includes one signature authority. Specifically, assuming that the signature level is preset to three levels, when the signature level is a large-value signature, at least two trusted institutions authorized to perform large-value signatures are required to perform signature authentication; when the signature level is a medium-value signature, only A trusted organization authorized to perform medium-value signatures can perform signature verification; when the signature level is a small-value signature, only a trusted organization authorized to perform small-value signatures can perform signature verification. In this way, by determining the signature level according to the transaction amount during the transaction, and then using the corresponding relationship between the signature level and the signature authority to determine the final signature authority required, the security of the asset can be effectively guaranteed.
需要说明的是,不同的可信机构授权的签名等级可以不同,也可以相同,本说明书对此不作限定。比如,一些实施例中,引入两个可信机构,可以预先设定可信机构1进行较小额度的交易认证,可信机构2进行较大额签名认证,而巨额交易需要两个可信机构同 时签名认证。另一些实施例中,引入两个可信机构,可以设定两个可信机构有相同的签名等级,在小额交易的时候随机选择一个可信机构进行认证,交易金额较大时需要两个可信机构同时签名认证。It should be noted that the signature levels authorized by different trusted institutions can be different or the same, and this specification does not limit this. For example, in some embodiments, two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
S4:基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。S4: Perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority and the client The terminals respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
安全多方计算(Secure Multi-Party Computation,MPC)是解决一组互不信任的参与方之间保护隐私的协同计算问题,其可以抽象理解为:多个持有各自私有数据的参与方,共同执行一个函数(如,求最大值计算),并获得计算结果,但过程中,参与的每一方均不会泄漏各自的数据。签名认证也可以理解为交易签名,交易签名是对交易进行数字签名,即对交易的内容,包括交易者、金额、时间等交易信息组成的交易数据包(块)进行数字签名,一般由交易发起者(一般是资产转出方)签名,而数字签名(又称公钥数字签名、电子签章等)是一种类似写在纸上的普通的物理签名,但是使用了公钥加密领域的技术实现,用于鉴别数字信息的方法。此外,数字签名要用到公私密钥,私钥用于签名,公钥用于验证。一般情况下,可以用于签名的算法有RSA(Rivest-Shamir-Adleman,一种非对称加密算法)、DSA(Digital Signature Algorithm,数字签名算法)、ECDSA(Elliptic Curve Digital Signature Algorithm,椭圆曲线数字签名加密算法)三种,但在区块链中主要用ECDSA,本说明书还可以用其它签名算法进行签名,对此不作限定。Secure Multi-Party Computation (MPC) is a collaborative computing problem that solves the privacy protection of a group of untrusted parties. It can be abstractly understood as: multiple parties holding their own private data to execute together A function (such as calculating the maximum value), and obtain the calculation result, but in the process, each party participating in the process will not leak their own data. Signature verification can also be understood as transaction signature. Transaction signature is to digitally sign the transaction, that is, to digitally sign the transaction data packet (block) composed of transaction information, including transaction information such as the trader, amount, time, etc., generally initiated by the transaction (Usually the transferer of the asset) signature, and digital signature (also known as public key digital signature, electronic signature, etc.) is a kind of ordinary physical signature similar to that written on paper, but it uses technology in the field of public key encryption Implementation, a method used to identify digital information. In addition, digital signatures use public and private keys, the private key is used for signature, and the public key is used for verification. Generally, the algorithms that can be used for signatures are RSA (Rivest-Shamir-Adleman, an asymmetric encryption algorithm), DSA (Digital Signature Algorithm, digital signature algorithm), ECDSA (Elliptic Curve Digital Signature Algorithm, elliptic curve digital signature) Encryption algorithm) There are three types, but ECDSA is mainly used in the blockchain. This manual can also use other signature algorithms to sign, which is not limited.
本说明书实施例中,由于在注册过程中会生成至少两对非对称密钥,然后将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片,将所述私钥第一分片保存在可信机构,将所述私钥第二分片保存在客户端。其中,不同的私钥第一分片保存在不同的可信机构中,不同的私钥第二分片保存在客户端的不同硬件区域中,所以在根据交易数据中交易额度与第一阈值的关系,确定了交易数据的签名等级,并根据签名等级与签名机构的对应关系确定最终所需的签名机构后,可以基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证。In the embodiment of this specification, since at least two pairs of asymmetric keys are generated during the registration process, the private key in the asymmetric key is then divided to obtain the first segment of the private key and the second segment of the private key. Save the first fragment of the private key in a trusted institution, and save the second fragment of the private key in the client. Among them, the first shards of different private keys are stored in different trusted institutions, and the second shards of different private keys are stored in different hardware areas of the client, so according to the relationship between the transaction amount and the first threshold in the transaction data , After determining the signature level of the transaction data, and determining the final signature authority required according to the corresponding relationship between the signature level and the signature authority, it can be based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client , Perform signature verification based on secure multi-party calculation on the transaction hash.
具体的,当签名等级预先设定为三级,且两个不同的可信机构(机构1、机构2)有不同的授权级别时,假设预先设定机构1进行小额签名认证,机构2进行中额签名认证, 大额交易需要两个机构同时签名认证,则当当前交易额度属于小额签名时,则确定所需要的签名机构为机构1,则利用机构1所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证;当当前交易额度属于中额签名时,则确定所需要的签名机构为机构2,则利用机构2所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证;当当前交易额度属于大额签名时,则确定所需要的签名机构为机构1和机构2,则利用机构1所保存的私钥分片、机构2所保存的私钥分片以及客户端保存的私钥分片,同时对所述交易哈希进行基于安全多方计算的签名认证。其中,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Specifically, when the signature level is preset to three levels, and two different trusted institutions (institution 1, institution 2) have different authorization levels, it is assumed that institution 1 is pre-set to perform small signature authentication, and institution 2 is Medium-value signature verification. Large-value transactions require two institutions to sign and verify at the same time. When the current transaction amount is a small-value signature, the required signature agency is determined to be agency 1, and then the private key saved by agency 1 is used to split and The private key saved by the client is sharded to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a medium signature, it is determined that the required signature institution is institution 2, and the institution 2 is used The saved private key shards and the private key shards saved on the client side are used to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a large-value signature, the required signature agency is determined to be an agency 1 and Institution 2, use the private key fragments saved by institution 1, the private key fragments saved by institution 2, and the private key fragments saved by the client, and simultaneously sign the transaction hash based on secure multi-party calculations Certification. Wherein, the private key segment is composed of partial sub-private keys generated based on segmenting the asymmetric key.
进一步的,假设签名等级预先设定为小额签名、中额签名、大额签名三级,机构1进行小额签名认证,机构2进行中额签名认证,大额交易需要两个机构同时签名认证,且在申请注册过程中生成两对非对称密钥A和B,将这两对密钥中的私钥进行切分,分别得到私钥A分片1和私钥A分片2,私钥B分片1和私钥B分片2,然后将切分后的私钥A分片1保存在机构1中,私钥B分片1的保存在机构2中,私钥A分片2和私钥B分片2保存在用户手机端,则根据交易额度的不同,选择进行交易签名的机构可能会不同。例如,如图3、图4、图5、图6所示,图3是本说明书提供的基于安全多方计算进行小额签名需提供私钥分片方的一个实施例的结构示意图,图4是本说明书提供的基于安全多方计算进行小额签名认证的一个实施例的概要流程示意图,图5是本说明书提供的基于安全多方计算进行中额签名需提供私钥分片方的一个实施例的结构示意图,图6是本说明书提供的基于安全多方计算进行大额签名需提供私钥分片方的一个实施例的结构示意图。其中,图4中,函数Sign=F(A1,A2)可以表示将机构1保存的私钥A分片1(A1)和用户手机端保存的私钥A分片2(A2)作为函数F的输入,获得输出结果Sign的过程,即各个参与方(机构1和用户手机端)分别拥有各自的私有数据(A1、A2),在不泄漏各自私有数据的情况下,能够计算出关于公共函数(F)的结果,且在整个函数计算完成时,各个参与方只知道计算结果(Sign)。Further, suppose that the signature level is preset to three levels: small-value signature, medium-value signature, and large-value signature. Institution 1 performs small-value signature verification, and institution 2 performs medium-value signature verification. Large-value transactions require two institutions to sign and verify at the same time. , And two pairs of asymmetric keys A and B are generated during the registration process, and the private keys in the two pairs of keys are split to obtain private key A segment 1 and private key A segment 2, respectively. B segment 1 and private key B segment 2, then save the split private key A segment 1 in organization 1, private key B segment 1 in organization 2, private key A segment 2 and The private key B segment 2 is stored in the user's mobile phone, and the organization that chooses to sign the transaction may be different depending on the transaction amount. For example, as shown in Figure 3, Figure 4, Figure 5, and Figure 6, Figure 3 is a schematic diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a small signature based on secure multi-party computing. The manual provides a schematic flow diagram of an embodiment of small-amount signature authentication based on secure multi-party computing. FIG. 5 is a schematic structural diagram of an embodiment of the private key sharding party that needs to provide a private key for a small-value signature based on secure multi-party computing provided in this specification. Fig. 6 is a schematic structural diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a large-value signature based on secure multi-party calculation. Among them, in Figure 4, the function Sign = F (A1, A2) can represent the private key A segment 1 (A1) saved by the organization 1 and the private key A segment 2 (A2) saved by the user's mobile phone as the function F Input and get the output result Sign process, that is, each participant (institution 1 and user's mobile phone) has their own private data (A1, A2), and can calculate the public function ( The result of F), and when the entire function calculation is completed, each participant only knows the calculation result (Sign).
此外,在上述实施例中,也可以设定两个机构有相同的签名等级,在小额签名和中额签名时可以随机选择一个机构进行签名认证,在大额签名时两个机构同时签名认证。In addition, in the above embodiment, it is also possible to set two institutions to have the same signature level. In the case of small-value signatures and medium-value signatures, one agency can be randomly selected for signature verification, and when large-value signatures are signed, both agencies simultaneously sign and verify .
需要说明的是,对于中额签名和大额签名的实现过程可以参照图4中的流程示意图,本说明书对此不在赘述。对于签名等级预先设定为其他等级的实施例,可以采用与上述相似的方法或者其它方法实现签名,对此不作限定。本说明书仅以在注册申请时生成两对非对称密钥,对应的有两个机构为例,只是一种示意性说明。具体实施时,可以对多 对非对称密钥,多个机构应用,本说明书不作限定。It should be noted that for the implementation process of the medium signature and the large signature, refer to the flowchart in FIG. 4, which will not be repeated in this specification. For embodiments where the signature level is preset to other levels, a method similar to the above or other methods can be used to implement the signature, which is not limited. This manual only uses two pairs of asymmetric keys to be generated during the registration application, and there are two corresponding institutions as an example, which is only a schematic illustration. During specific implementation, multiple pairs of asymmetric keys and multiple institutions can be applied, and this specification does not limit it.
本说明书实施例提供的一种基于安全多方计算的签名方法,在注册申请时生成至少两对非对称密钥,然后对密钥中私钥进行切分保存到多个可信任的第三方机构以及用户客户端不同硬件区域中,在实际进行交易时,通过将交易额度与预先设置的阈值进行比较,确定交易的签名等级以及签名机构,然后利用签名机构保存的私钥分片和客户端保存的私钥分片对交易数据进行基于安全多方计算的签名认证,实现动态多密钥同时签名。这样,由于多个第三方机构同时被攻破的可能性非常低,所以采用本说明书提供的实施方案,可以在实现动态多密钥签名的同时,有效解决私钥丢失或被盗的安全隐患,极大地提高交易安全性。The embodiment of this specification provides a signature method based on secure multi-party calculation, which generates at least two pairs of asymmetric keys during registration application, and then divides the private key in the key and saves it to multiple trusted third-party institutions and In different hardware areas of the user client, when the transaction is actually performed, the transaction amount is compared with the preset threshold to determine the signature level of the transaction and the signature authority, and then use the private key saved by the signature authority to shard and the client save Private key sharding performs signature verification based on secure multi-party calculations on transaction data, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
基于上述所述的一种基于安全多方计算的签名方法,本说明书一个或多个实施例还提供一种基于安全多方计算的签名装置。所述的装置可以包括使用了本说明书实施例所述方法的系统(包括分布式系统)、软件(应用)、模块、组件、服务器、客户端等并结合必要的实施硬件的装置。基于同一创新构思,本说明书实施例提供的一个或多个实施例中的装置如下面的实施例所述。由于装置解决问题的实现方案与方法相似,因此本说明书实施例具体的装置的实施可以参见前述方法的实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。Based on the aforementioned signature method based on secure multi-party computing, one or more embodiments of this specification also provide a signature device based on secure multi-party computing. The described devices may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc., which use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices. Based on the same innovative concept, the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated. As used below, the term "unit" or "module" can be a combination of software and/or hardware that implements predetermined functions. Although the devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived.
具体地,图7是本说明书提供的一种基于安全多方计算的签名装置的一个实施例的模块结构示意图,如图7所示,本说明书提供的一种基于安全多方计算的签名装置可以包括:交易数据获取模块121,签名等级确定模块122,签名机构确定模块123,签名认证模块124。其中,交易数据获取模块121,可以用于获取交易数据,将所述交易数据利用预设规则生成交易哈希;Specifically, FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification. As shown in FIG. 7, a signature device based on secure multi-party computing provided in this specification may include: Transaction data acquisition module 121, signature level determination module 122, signature authority determination module 123, signature verification module 124. Wherein, the transaction data obtaining module 121 may be used to obtain transaction data, and generate a transaction hash using preset rules for the transaction data;
签名等级确定模块122,可以用于根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;The signature level determining module 122 may be used to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
签名机构确定模块123,可以用于基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;The signature authority determining module 123 may be used to determine a signature authority based on the signature level, where the signature authority is a trusted authority that signs the transaction data;
签名认证模块124,可以用于基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部 分子私钥组成。The signature verification module 124 can be used to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client. The trust agency and the client respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
所述装置的另一个实施例中,所述可信机构和所述客户端分别保存有私钥分片,可以包括:In another embodiment of the device, the trusted organization and the client separately store private key fragments, which may include:
密钥生成模块,可以用于在注册过程中生成至少两对非对称密钥;The key generation module can be used to generate at least two pairs of asymmetric keys during the registration process;
分片获得模块,可以用于将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片;The fragment obtaining module can be used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
分片保存模块,可以用于将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。The fragment saving module may be used to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
所述装置的另一个实施例中,所述签名等级确定模块122,可以包括:In another embodiment of the apparatus, the signature level determining module 122 may include:
第一确定单元,可以用于当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级;The first determining unit may be configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
第二确定单元,可以用于当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。The second determining unit may be configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
所述装置的另一个实施例中,所述签名等级确定模块122,还可以包括:In another embodiment of the apparatus, the signature level determining module 122 may further include:
第三确定单元,可以用于当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。The third determining unit may be configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
需要说明的,上述所述的装置根据方法实施例的描述还可以包括其他的实施方式,具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned device may also include other implementation manners according to the description of the method embodiment, and for the specific implementation manner, refer to the description of the related method embodiment, which is not repeated here.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown to achieve the desired result. In certain embodiments, multitasking and parallel processing are also possible or may be advantageous.
本说明书提供的上述实施例所述的方法可以通过计算机程序实现业务逻辑并记录在存储介质上,所述的存储介质可以计算机读取并执行,实现本说明书实施例所描述方案的效果。因此,本说明书还提供一种基于安全多方计算的签名设备,包括处理器及用于存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现包括以下步骤:The methods described in the foregoing embodiments provided in this specification can implement business logic through a computer program and be recorded on a storage medium, and the storage medium can be read and executed by a computer to achieve the effects of the solutions described in the embodiments of this specification. Therefore, this specification also provides a signature device based on secure multi-party computing, which includes a processor and a memory for storing processor-executable instructions. When the instructions are executed by the processor, the implementation includes the following steps:
获取交易数据,将所述交易数据利用预设规则生成交易哈希;Obtain transaction data, and generate transaction hash using preset rules for the transaction data;
根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可 信机构;Based on the signature level, determine a signature authority, where the signature authority is a trusted authority that signs the transaction data;
基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
所述存储介质可以包括用于存储信息的物理装置,通常是将信息数字化后再以利用电、磁或者光学等方式的媒体加以存储。所述存储介质有可以包括:利用电能方式存储信息的装置如,各式存储器,如RAM、ROM等;利用磁能方式存储信息的装置如,硬盘、软盘、磁带、磁芯存储器、磁泡存储器、U盘;利用光学方式存储信息的装置如,CD或DVD。当然,还有其他方式的可读存储介质,例如量子存储器、石墨烯存储器等等。The storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium. The storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD. Of course, there are other ways of readable storage media, such as quantum memory, graphene memory, and so on.
需要说明的,上述所述的设备根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned device may also include other implementation manners according to the description of the method embodiment. For specific implementation manners, reference may be made to the description of the related method embodiments, which will not be repeated here.
本说明书实施例提供的上述一种基于安全多方计算的签名方法、装置、设备可以在计算机中由处理器执行相应的程序指令来实现,如使用windows操作系统的c++语言在PC端实现、linux系统实现,或其他例如使用android、iOS系统程序设计语言在智能终端实现,以及基于量子计算机的处理逻辑实现等。本说明书提供一种基于安全多方计算的签名系统的一个实施例中,图8是本说明书提供的一种基于安全多方计算的签名系统的一个实施例的模块结构示意图,如图8所示,本说明书提供的一种基于安全多方计算的签名系统可以包括处理器131以及用于存储处理器可执行指令的存储器132,处理器131和存储器132通过总线133完成相互间的通信;The above-mentioned signature method, device, and device based on secure multi-party computing provided by the embodiments of this specification can be implemented in a computer by a processor executing corresponding program instructions, such as using the c++ language of the windows operating system to implement on the PC side, and the linux system Implementation, or other implementations such as using android and iOS system programming languages in smart terminals, and implementation of processing logic based on quantum computers. This specification provides an embodiment of a signature system based on secure multi-party computing. FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification. As shown in FIG. 8, this A signature system based on secure multi-party computing provided in the specification may include a processor 131 and a memory 132 for storing executable instructions of the processor. The processor 131 and the memory 132 communicate with each other through a bus 133;
所述处理器131用于调用所述存储器132中的程序指令,以执行上述基于安全多方计算的签名方法实施例所提供的方法,例如包括:获取交易数据,将所述交易数据利用预设规则生成交易哈希;根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。The processor 131 is configured to call the program instructions in the memory 132 to execute the method provided in the above-mentioned signature method based on secure multi-party computing. For example, the processor 131 includes: obtaining transaction data and using preset rules for the transaction data. Generate a transaction hash; determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold; determine the signature authority based on the signature level, and the signature authority performs the transaction data The trusted authority of the signature; based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature verification based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
需要说明的是,说明书上述所述的系统根据相关方法实施例的描述还可以包括其他的实施方式,具体的实现方式可以参照方法实施例的描述,在此不作一一赘述。本申请中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可, 每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于硬件+程序类实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that the system described above in the specification may also include other implementation manners based on the description of the related method embodiments. For specific implementation manners, refer to the description of the method embodiments, which will not be repeated here. The various embodiments in the present application are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments. In particular, for the hardware+program embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
本说明书实施例提供的一种基于安全多方计算的签名装置或者设备或者系统,在注册申请时生成至少两对非对称密钥,然后对密钥中私钥进行切分保存到多个可信任的第三方机构以及用户客户端中,在实际进行交易时,通过将交易额度与预先设置的阈值进行比较,确定交易的签名等级以及签名机构,然后利用签名机构保存的私钥分片和客户端保存的私钥分片对交易数据进行基于安全多方计算的签名认证,实现动态多密钥同时签名。这样,由于多个第三方机构同时被攻破的可能性非常低,所以采用本说明书提供的实施方案,可以在实现动态多密钥签名的同时,有效解决私钥丢失或被盗的安全隐患,极大地提高交易安全性。The embodiment of this specification provides a signature device or device or system based on secure multi-party computing, which generates at least two pairs of asymmetric keys when applying for registration, and then splits the private key in the key and saves it to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client The private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
本说明书实施例并不局限于必须是符合行业通信标准、标准计算机数据处理和数据存储规则或本说明书一个或多个实施例所描述的情况。某些行业标准或者使用自定义方式或实施例描述的实施基础上略加修改后的实施方案也可以实现上述实施例相同、等同或相近、或变形后可预料的实施效果。应用这些修改或变形后的数据获取、存储、判断、处理方式等获取的实施例,仍然可以属于本说明书实施例的可选实施方案范围之内。The embodiments of this specification are not limited to the conditions described in one or more embodiments of this specification that must comply with industry communication standards, standard computer data processing and data storage rules. Certain industry standards or implementations described in custom methods or examples with slight modifications can also achieve the same, equivalent or similar implementation effects of the foregoing examples, or predictable implementation effects after modification. Examples obtained by applying these modified or deformed data acquisition, storage, judgment, processing methods, etc., may still fall within the scope of the optional implementation solutions of the examples of this specification.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University  Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) and software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a programmable logic device (Programmable Logic Device, PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized by "logic compiler" software, which is similar to the software compiler used in program development and writing. The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used It is VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that only a little logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic. Those skilled in the art also know that in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet. Computers, wearable devices, or any combination of these devices.
虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。 第一,第二等词语用来表示名称,而并不表示任何特定的顺序。Although one or more embodiments of this specification provide method operation steps as described in the embodiments or flowcharts, conventional or non-inventive means may include more or fewer operation steps. The sequence of steps listed in the embodiment is only one way of the execution sequence of the steps, and does not represent the only execution sequence. When an actual device or terminal product is executed, it can be executed sequentially or in parallel according to the methods shown in the embodiments or drawings (for example, a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product, or device that includes a series of elements includes not only those elements, but also other elements that are not explicitly listed. Elements, or also include elements inherent to such processes, methods, products, or equipment. If there are no more restrictions, it does not exclude that there are other identical or equivalent elements in the process, method, product, or device including the elements. Words such as first and second are used to denote names, but do not denote any specific order.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. . The device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
本发明是参照根据本发明实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或 技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" etc. mean specific features described in conjunction with the embodiment or example , Structure, materials or features are included in at least one embodiment or example in this specification. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples and the characteristics of the different embodiments or examples described in this specification without contradicting each other.
以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。The above descriptions are only examples of one or more embodiments of this specification, and are not used to limit one or more embodiments of this specification. For those skilled in the art, one or more embodiments of this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims.

Claims (12)

  1. 一种基于安全多方计算的签名方法,其特征在于,包括:A signature method based on secure multi-party calculation, characterized in that it includes:
    获取交易数据,将所述交易数据利用预设规则生成交易哈希;Obtain transaction data, and generate transaction hash using preset rules for the transaction data;
    根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
    基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;Based on the signature level, determining a signature authority, which is a trusted authority that signs the transaction data;
    基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  2. 如权利要求1所述的一种基于安全多方计算的签名方法,其特征在于,所述可信机构和所述客户端分别保存有私钥分片,包括:The signature method based on secure multi-party computing according to claim 1, wherein the trusted organization and the client respectively store private key fragments, comprising:
    在注册过程中生成至少两对非对称密钥;Generate at least two pairs of asymmetric keys during the registration process;
    将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片;Segmenting the private key in the asymmetric key to obtain the first segment of the private key and the second segment of the private key;
    将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。The first fragment of the private key is stored in the trusted authority, and the second fragment of the private key is stored in the client.
  3. 如权利要求2所述的一种基于安全多方计算的签名方法,其特征在于,所述将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端,包括:The signature method based on secure multi-party computing according to claim 2, wherein the first fragment of the private key is stored in the trusted authority, and the second fragment of the private key is stored The client includes:
    不同的私钥第一分片保存在不同的可信机构中,不同的私钥第二分片保存在所述客户端的不同硬件区域中,其中,不同的可信机构授权的签名等级不同。The first fragments of different private keys are stored in different trusted institutions, and the second fragments of different private keys are stored in different hardware areas of the client. Among them, the signature levels authorized by different trusted institutions are different.
  4. 如权利要求1所述的一种基于安全多方计算的签名方法,其特征在于,所述根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级,包括:The signature method based on secure multi-party computing according to claim 1, wherein the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold includes:
    当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级;When the transaction amount is greater than or equal to the first threshold, determining that the signature level of the transaction data is the first level;
    当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。When the transaction amount is less than the first threshold, it is determined that the signature level of the transaction data is the second level.
  5. 如权利要求1或4所述的一种基于安全多方计算的签名方法,其特征在于,所述根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级,还包 括:A signature method based on secure multi-party computing according to claim 1 or 4, wherein the signature level of the transaction data is determined according to the relationship between the transaction amount in the transaction data and the first threshold, and include:
    当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。When the transaction amount is less than a second threshold, it is determined that the signature level of the transaction data is a third level, and the second threshold is less than the first threshold.
  6. 如权利要求1所述的一种基于安全多方计算的签名方法,其特征在于,所述基于所述签名等级,确定签名机构,包括:The signature method based on secure multi-party computing according to claim 1, wherein said determining a signature authority based on said signature level comprises:
    当确定所述签名等级为第一等级时,确定授权所述签名等级的签名机构至少包括两个;When it is determined that the signature level is the first level, it is determined that there are at least two signature agencies that authorize the signature level;
    当确定所述签名等级为第二等级或第三等级时,确定授权所述签名等级的签名机构包括一个。When it is determined that the signature level is the second level or the third level, it is determined that the signature authority authorized by the signature level includes one.
  7. 一种基于安全多方计算的签名装置,其特征在于,包括:A signature device based on secure multi-party computing, characterized in that it comprises:
    交易数据获取模块,用于获取交易数据,将所述交易数据利用预设规则生成交易哈希;The transaction data acquisition module is used to acquire transaction data, and generate a transaction hash using preset rules for the transaction data;
    签名等级确定模块,用于根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;A signature level determination module, configured to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
    签名机构确定模块,用于基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;A signature authority determination module, configured to determine a signature authority based on the signature level, the signature authority being a trusted authority that signs the transaction data;
    签名认证模块,用于基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。The signature verification module is configured to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
  8. 如权利要求7所述的一种基于安全多方计算的签名装置,其特征在于,所述可信机构和所述客户端分别保存有私钥分片,包括:The signature device based on secure multi-party computing according to claim 7, wherein the trusted organization and the client respectively store private key fragments, comprising:
    密钥生成模块,用于在注册过程中生成至少两对非对称密钥;The key generation module is used to generate at least two pairs of asymmetric keys during the registration process;
    分片获得模块,用于将所述非对称密钥中的私钥进行切分,获得私钥第一分片和私钥第二分片;The fragment obtaining module is used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
    分片保存模块,用于将所述私钥第一分片保存在所述可信机构,将所述私钥第二分片保存在所述客户端。The fragment saving module is configured to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
  9. 如权利要求7所述的一种基于安全多方计算的签名装置,其特征在于,所述签名等级确定模块,包括:8. The signature device based on secure multi-party calculation according to claim 7, wherein the signature level determination module comprises:
    第一确定单元,用于当所述交易额度大于等于所述第一阈值时,确定所述交易数据的签名等级为第一等级;The first determining unit is configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
    第二确定单元,用于当所述交易额度小于所述第一阈值时,确定所述交易数据的签名等级为第二等级。The second determining unit is configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
  10. 如权利要求7或9所述的一种基于安全多方计算的签名装置,其特征在于,所述签名等级确定模块,还包括:The signature device based on secure multi-party computing according to claim 7 or 9, wherein the signature level determination module further comprises:
    第三确定单元,用于当所述交易额度小于第二阈值时,确定所述交易数据的签名等级为第三等级,所述第二阈值小于所述第一阈值。The third determining unit is configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
  11. 一种基于安全多方计算的签名设备,其特征在于,包括处理器及用于存储处理器可执行指令的存储器,所述指令被所述处理器执行时实现包括以下步骤:A signature device based on secure multi-party computing, which is characterized by comprising a processor and a memory for storing executable instructions of the processor, the instructions being executed by the processor including the following steps:
    获取交易数据,将所述交易数据利用预设规则生成交易哈希;Obtain transaction data, and generate transaction hash using preset rules for the transaction data;
    根据所述交易数据中交易额度与第一阈值的关系,确定所述交易数据的签名等级;Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
    基于所述签名等级,确定签名机构,所述签名机构是对所述交易数据进行签名的可信机构;Based on the signature level, determining a signature authority, which is a trusted authority that signs the transaction data;
    基于确定的签名机构所保存的私钥分片和客户端保存的私钥分片,对所述交易哈希进行基于安全多方计算的签名认证,其中,所述可信机构和所述客户端分别保存有私钥分片,所述私钥分片由基于对非对称密钥进行切分生成的部分子私钥组成。Based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  12. 一种基于安全多方计算的签名系统,其特征在于,包括至少一个处理器以及存储计算机可执行指令的存储器,所述处理器执行所述指令时实现权利要求1-6中任意一项所述方法的步骤。A signature system based on secure multi-party computing, which is characterized by comprising at least one processor and a memory storing computer-executable instructions, and the processor implements the method described in any one of claims 1-6 when executing the instructions A step of.
PCT/CN2019/077527 2019-03-08 2019-03-08 Signing method, device, and system employing secure multi-party computation WO2020181427A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077527 WO2020181427A1 (en) 2019-03-08 2019-03-08 Signing method, device, and system employing secure multi-party computation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077527 WO2020181427A1 (en) 2019-03-08 2019-03-08 Signing method, device, and system employing secure multi-party computation

Publications (1)

Publication Number Publication Date
WO2020181427A1 true WO2020181427A1 (en) 2020-09-17

Family

ID=72427195

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/077527 WO2020181427A1 (en) 2019-03-08 2019-03-08 Signing method, device, and system employing secure multi-party computation

Country Status (1)

Country Link
WO (1) WO2020181427A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210133701A1 (en) * 2019-10-31 2021-05-06 Digital Trust Networks Inc. Proxied cross-ledger authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105096118A (en) * 2015-08-21 2015-11-25 廖小谦 Electronic currency transfer payment system and method
CN106251146A (en) * 2016-07-21 2016-12-21 恒宝股份有限公司 A kind of method of mobile payment and mobile-payment system
US20170330177A1 (en) * 2016-05-16 2017-11-16 Hewlett Packard Enterprise Development Lp Payment terminal authentication
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN109219950A (en) * 2016-03-29 2019-01-15 西门子移动有限公司 For the method in safety-related exchanged between equipment message

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105096118A (en) * 2015-08-21 2015-11-25 廖小谦 Electronic currency transfer payment system and method
CN109219950A (en) * 2016-03-29 2019-01-15 西门子移动有限公司 For the method in safety-related exchanged between equipment message
US20170330177A1 (en) * 2016-05-16 2017-11-16 Hewlett Packard Enterprise Development Lp Payment terminal authentication
CN106251146A (en) * 2016-07-21 2016-12-21 恒宝股份有限公司 A kind of method of mobile payment and mobile-payment system
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210133701A1 (en) * 2019-10-31 2021-05-06 Digital Trust Networks Inc. Proxied cross-ledger authentication
US11704636B2 (en) * 2019-10-31 2023-07-18 Adi Association Proxied cross-ledger authentication

Similar Documents

Publication Publication Date Title
WO2021068636A1 (en) Block chain-based creation method, apparatus, device and system for verifiable claim
CN109934585B (en) Signature method, device and system based on secure multiparty calculation
TWI686073B (en) Key data processing method, device and server
TWI701933B (en) Block chain data processing method, device, processing equipment and system
TWI696375B (en) Blockchain data processing method, device, processing equipment and system
TWI705350B (en) Method and device for processing transaction request
US10009179B2 (en) Trusted platform module (TPM) protected device
US10541818B2 (en) Decentralized biometric signing of digital contracts
EP3780541B1 (en) Identity information identification method and device
AU2015247929B2 (en) Systems, apparatus and methods for improved authentication
US9871783B2 (en) Universal enrollment using biometric PKI
EP3641218B1 (en) Service authorization method, apparatus and device
TW201947436A (en) Data processing method and apparatus of blockchain member management, server and system
JP2020508593A (en) Consensus verification method and device
CN107360001A (en) A kind of digital certificate management method, device and system
US20140026189A1 (en) Method, client, server and system of login verification
CN112215608A (en) Data processing method and device
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
WO2020042713A1 (en) Document authentication method, device, equipment and readable medium
CN112564920B (en) Enterprise identity verification method, system, electronic equipment and storage medium
US11757659B2 (en) Post-quantum certificate binding
WO2020220212A1 (en) Biological feature recognition method and electronic device
US9755840B2 (en) Backup and invalidation of authentication credentials
CN114187000A (en) Signature method, device, storage medium and processor for dispersing private key
WO2020181427A1 (en) Signing method, device, and system employing secure multi-party computation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19919212

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19919212

Country of ref document: EP

Kind code of ref document: A1