WO2020181427A1 - Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties - Google Patents

Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties Download PDF

Info

Publication number
WO2020181427A1
WO2020181427A1 PCT/CN2019/077527 CN2019077527W WO2020181427A1 WO 2020181427 A1 WO2020181427 A1 WO 2020181427A1 CN 2019077527 W CN2019077527 W CN 2019077527W WO 2020181427 A1 WO2020181427 A1 WO 2020181427A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
private key
level
transaction
transaction data
Prior art date
Application number
PCT/CN2019/077527
Other languages
English (en)
Chinese (zh)
Inventor
唐虹刚
谢翔
孙立林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/077527 priority Critical patent/WO2020181427A1/fr
Publication of WO2020181427A1 publication Critical patent/WO2020181427A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof

Definitions

  • the solution in the embodiments of this specification belongs to the field of information security technology, and in particular relates to a signature method, device and system based on secure multi-party computing.
  • Secure Multi-Party Computation is to solve the problem of collaborative computing that protects privacy between a group of untrusted parties. It can be abstractly understood as: each participant owns their own private data, and calculates the public function without leaking their private data, and when the entire function calculation is completed, each participant only knows the calculation result, and does not know the other Participants’ data and intermediate data in the calculation process. It can be seen that the application of secure multi-party computing to asset transaction security and future digital asset management has an important role.
  • the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces.
  • the organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process.
  • this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
  • the purpose of the embodiments of this specification is to provide a signature method, device, and system based on secure multi-party calculation, which can effectively solve the security risks of loss or theft of private keys, and greatly improve transaction security.
  • this application provides a signature method based on secure multi-party calculation, including:
  • determining a signature authority which is a trusted authority that signs the transaction data
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client respectively storing private key fragments, including:
  • the first fragment of the private key is stored in the trusted authority, and the second fragment of the private key is stored in the client.
  • the storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes :
  • the first fragments of different private keys are stored in different trusted institutions, and the second fragments of different private keys are stored in different hardware areas of the client. Among them, the signature levels authorized by different trusted institutions are different.
  • the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold includes:
  • the determining the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold value further includes:
  • the transaction amount is less than a second threshold, it is determined that the signature level of the transaction data is a third level, and the second threshold is less than the first threshold.
  • the determining a signature authority based on the signature level includes:
  • the signature level is the first level, it is determined that there are at least two signature agencies that authorize the signature level;
  • the signature level is the second level or the third level, it is determined that the signature authority authorized by the signature level includes one.
  • the embodiment of this specification also provides a signature device based on secure multi-party calculation, including:
  • the transaction data acquisition module is used to acquire transaction data, and generate a transaction hash using preset rules for the transaction data;
  • a signature level determination module configured to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold
  • a signature authority determination module configured to determine a signature authority based on the signature level, the signature authority being a trusted authority that signs the transaction data;
  • the signature verification module is configured to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client separately store private key fragments, including:
  • the key generation module is used to generate at least two pairs of asymmetric keys during the registration process
  • the fragment obtaining module is used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
  • the fragment saving module is configured to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
  • the signature level determination module includes:
  • the first determining unit is configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
  • the second determining unit is configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
  • the signature level determination module further includes:
  • the third determining unit is configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
  • the embodiments of this specification provide a signature device based on secure multi-party computing, including a processor and a memory for storing processor-executable instructions.
  • the implementation includes the following steps:
  • determining a signature authority which is a trusted authority that signs the transaction data
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the embodiments of this specification provide a signature system based on secure multi-party computing, including at least one processor and a memory storing computer-executable instructions.
  • the processor implements the instructions described in any one of the foregoing embodiments when executing the instructions. Method steps.
  • the embodiment of this specification provides a signature method, device, and system based on secure multi-party computing. At least two pairs of asymmetric keys are generated when applying for registration, and then the private key in the key is segmented and saved to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client
  • the private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification
  • FIG. 2 is a schematic flowchart of an embodiment of key processing in the application registration process provided in this specification
  • FIG. 3 is a schematic structural diagram of an embodiment in which a private key sharding party needs to be provided for a small amount signature based on secure multi-party calculation provided in this specification;
  • FIG. 4 is a schematic flow chart of an embodiment of small-amount signature authentication based on secure multi-party computing provided in this specification
  • FIG. 5 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for a medium signature based on secure multi-party calculation provided in this specification;
  • FIG. 6 is a schematic structural diagram of an embodiment of a private key sharding party that needs to provide a private key for large-amount signature based on secure multi-party calculation provided in this specification;
  • FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification
  • FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification.
  • the dynamic signature method based on secure multi-party computing is to divide the private key in the asymmetric key into two pieces.
  • the organization keeps one piece and the user personally keeps one piece. Only the organization and the individual can sign together. Complete the transaction process.
  • this scheme can largely alleviate the security problem of a single key being lost and stolen, in an extreme case: when the keys of individuals and institutions are both stolen, the security of assets cannot be guaranteed. It can be seen that the existing widely used asymmetric key scheme still has great security problems.
  • At least two pairs of asymmetric keys are generated during the registration application, and then the private key in the key is segmented and saved to multiple trusted third-party institutions and users
  • the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signing authority, and then use the private key shards saved by the signature authority and the private key shards saved by the client Perform signature verification based on secure multi-party calculations on transaction data to achieve dynamic multi-key simultaneous signatures.
  • the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • FIG. 1 is a schematic flowchart of an embodiment of a signature method based on secure multi-party computing provided in this specification.
  • this specification provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps after partial combination based on conventional or no creative labor. Or modular unit.
  • steps or structures where there is no necessary causal relationship logically the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the embodiments of this specification or the drawings.
  • Fig. 1 A specific embodiment is shown in Fig. 1.
  • the method may include:
  • S1 Obtain transaction data, and generate a transaction hash using preset rules for the transaction data.
  • Transaction data is the data information generated when the transaction party conducts a transaction, and it can at least include the transaction amount. For example, it can be online shopping or offline bill payment, etc., all including at least the transaction amount.
  • the preset rule is an algorithm that converts transaction data into transaction hash, which can be MD5 (Message-Digest Algorithm 5), SHA (Secure Hash Algorithm, secure hash algorithm), etc., or other algorithms. This manual does not limit this.
  • Hash, or HASH is called hash in mathematics. It is like a fingerprint of data. The form of expression can be expressed by a string of letters, numbers or other symbols.
  • Transaction HASH is a character segment that can mark transaction data, which is generally a voucher for transaction.
  • the transaction data is generated using a preset algorithm to generate a transaction hash, that is, the transaction data is converted into a character string marking the transaction data, which provides a basis for further signature verification.
  • the trusted organization and the client separately store private key fragments, including: generating at least two pairs of asymmetric keys during the registration process, and combining the private key in the asymmetric key Key segmentation to obtain the first segment of the private key and the second segment of the private key, store the first segment of the private key in the trusted authority, and store the second segment of the private key in the Client.
  • storing the first fragment of the private key in the trusted authority and storing the second fragment of the private key in the client includes: storing the first fragment of different private keys in different In the trust organization, the second fragments of different private keys are stored in different hardware areas of the client, where the signature levels authorized by different trusted organizations may be different.
  • two pairs of asymmetric keys A and B are generated during the registration process, and the private keys SKA and SKB of the two pairs of keys are split to obtain SKA1 and SKB respectively.
  • SKA2, SKB1 and SKB2 and then part of the split private key (SKA1, SKB1) is kept in the secure storage area inside the trusted organization, and the other part (SKA2, SKB2) is safely distributed to users.
  • Put the private key fragments into different security areas of the client such as the SIM (Subscriber Identity Module) card of the mobile phone and the TEE (Trust Execution Environment) of the mobile phone CPU.
  • SIM Subscriber Identity Module
  • TEE Titan Execution Environment
  • the arrow of private key A segment 1 pointing to trusted organization 1 means that private key A segment 1 is saved to trusted organization 1.
  • the arrow of private key B segment 1 pointing to trusted organization 2 means that the private key B segment 1 is saved to trusted institution 2.
  • the arrow pointing to the SIM of the private key A segment 2 indicates that the private key A segment 2 is stored in the secure area of the SIM card on the mobile device (mobile phone); similarly, the private key B segment 2 is secured by the TEE in the mobile device (mobile phone) CPU Area to save.
  • the trusted institution 1 points to the SIM card, it means that the trusted institution 1 interacts with the SIM card; in the same way, the trusted institution 2 points to the TEE means that the trusted institution 2 interacts with the TEE. In this way, by storing the two private keys in different hardware security areas, it is more difficult for hackers to crack two different security hardware at the same time, which can increase security.
  • the application registration process can be completed by the user interacting with trusted institutions 1 and 2 through the mobile phone wallet APP agent.
  • wallets are generally developed by third parties.
  • the wallet can be provided by a transaction institution or by one of the trusted institutions.
  • the transaction function is also integrated in the wallet function to facilitate users to implement transactions.
  • the above-mentioned two pairs of asymmetric keys generated during the registration application process are merely illustrative. In specific implementation, more than two pairs of asymmetric keys can be generated during the registration process mentioned above.
  • the processing method is similar to the processing method of generating two pairs of keys.
  • the specific implementation method can refer to the method of generating two pairs of keys. The description of the processing embodiments will not be repeated here.
  • the trusted institution and the user client are required to provide the private key fragments they hold together to perform specific transaction data processing. For example, it is necessary to use the private key shards kept by two trusted institutions and the private key shards kept by the client at the same time to call the fund data in the user's account and complete the transaction. Since the possibility of two third-party trusted institutions being compromised at the same time is very low, by introducing two trusted third-party institutions at the same time, even if the third party steals the private key fragments kept by a trusted institution and the client respectively , It is also impossible to call the user's account, which can greatly improve the security of the user's transaction data processing.
  • the foregoing client can be specifically understood as a client device that stores the user's private key fragments.
  • it may be a mobile phone or tablet that was previously used by the user or previously bound to the user's account.
  • the above-mentioned trusted organization can be understood as a system that stores user private key fragments.
  • it may be a banking system or management system that was previously used by the user or previously bound to the user's account.
  • the clients and trusted institutions listed above are only schematic illustrations.
  • the aforementioned client may also be other types of electronic equipment, or a software program running in the aforementioned electronic equipment, etc., and the aforementioned trusted institution may also be other transaction systems. This manual does not limit the specific forms and types of clients and trusted institutions.
  • multiple trusted institutions can be introduced, and when the client saves multiple private key fragments, they can be stored through software processing. To different security areas; for different trusted institutions, different signature levels can be granted according to the actual situation. For example, in some embodiments, two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
  • S2 Determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold.
  • the first threshold may be preset according to actual transactions, or may be preset according to customer needs.
  • the signature level can be understood as the security level of the transaction amount.
  • the signature level can be divided into two levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the transaction When the amount is less than the first threshold, it is determined that the signature level of the transaction data is the second level.
  • a limit can be set in advance. When the transaction limit is greater than or equal to the limit, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction limit is less than the limit, the signature level of the transaction can be determined Belongs to the second level, that is, small signatures.
  • the user presets the bank's transaction limit as 1000. When the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is less than 1000, it is a small-value signature and only one institution is required. The signature verification is sufficient.
  • the signature level can be divided into three levels according to actual scenarios, that is, when the transaction amount is greater than or equal to the first threshold, it is determined that the signature level of the transaction data is the first level, and when the When the transaction amount is less than the first threshold, the signature level of the transaction data is determined to be the second level, and when the transaction amount is less than the second threshold, the signature level of the transaction data is determined to be the third level, and the first The second threshold is less than the first threshold.
  • two quotas can be set in advance (the first quota is greater than the second quota).
  • the transaction quota When the transaction quota is greater than or equal to the first quota, it can be determined that the signature level of the transaction belongs to the first level, that is, a large amount signature; when the transaction quota is greater than When it is equal to the second amount and less than the first amount, it can be determined that the signature level of the transaction belongs to the second level, that is, the middle amount signature; when the transaction amount is less than the second amount, it can be determined that the signature level of the transaction belongs to the third level, that is Sign a small amount.
  • the user presets the bank’s transaction limits as 1000 and 500.
  • the transaction amount exceeds 1000, it is a large-value signature and requires multiple parties to perform signature verification; when the transaction amount is greater than or equal to 500 and less than 1000, it belongs to A medium-value signature requires an institution to perform signature verification; when the transaction amount is less than 500, it is a small-value signature and requires an institution to perform signature verification. In this way, when large-value transactions are carried out, even if the key fragments of individuals and an organization are stolen, the security of assets can be effectively protected.
  • the transaction quota corresponding to the first level is greater than the transaction quota corresponding to the second level
  • the transaction quota corresponding to the second level is greater than the transaction quota corresponding to the third level.
  • the above-mentioned signature levels of two or three levels are merely illustrative. In specific implementation, the above-mentioned signature levels can also be divided into other levels according to actual needs, and this specification does not limit this.
  • S3 Based on the signature level, a signature authority is determined, and the signature authority is a trusted authority that signs the transaction data.
  • the signature agency is a trusted agency that signs the transaction data, and the signature levels authorized by different trusted agencies can be different, when the transaction data is determined according to the relationship between the transaction amount and the first threshold in the transaction data In the signature level, the signature authority required for signature verification of the current transaction can be determined according to the signature levels authorized by different trusted institutions.
  • the signature level when the signature level is divided into two levels, and the signature level is determined to be the first level, it can be determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it can be determined that the signature authority authorized by the signature level includes one.
  • the signature level is preset to two levels, when the signature level is a large-value signature, at least two trusted institutions authorized to perform large-value signatures are required to perform signature verification at the same time; In the case of small-value signatures, only a trusted organization authorized to perform small-value signatures can perform signature verification.
  • the signature level when the signature level is divided into three levels, and the signature level is determined to be the first level, it is determined that the signature authority authorized by the signature level includes at least two; when it is determined that the signature level is In the second level, it is determined that the signature level authorized to include one signature authority; when the signature level is determined to be the third level, it is determined that the signature level authorized includes one signature authority.
  • the signature level is preset to three levels
  • at least two trusted institutions authorized to perform large-value signatures are required to perform signature authentication
  • when the signature level is a medium-value signature only A trusted organization authorized to perform medium-value signatures can perform signature verification
  • when the signature level is a small-value signature only a trusted organization authorized to perform small-value signatures can perform signature verification.
  • the signature levels authorized by different trusted institutions can be different or the same, and this specification does not limit this.
  • two trusted institutions are introduced. Trusted institution 1 can be preset to authenticate transactions with a smaller amount, and trusted institution 2 to authenticate signatures with a larger amount. However, two trusted institutions are required for large transactions. At the same time signature authentication. In other embodiments, two trusted institutions are introduced, and the two trusted institutions can be set to have the same signature level. In the case of small transactions, one trusted institution is randomly selected for authentication. When the transaction amount is large, two are required. At the same time, the trusted organization signs and authenticates.
  • S4 Perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, wherein the trusted authority and the client The terminals respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • Secure Multi-Party Computation is a collaborative computing problem that solves the privacy protection of a group of untrusted parties. It can be abstractly understood as: multiple parties holding their own private data to execute together A function (such as calculating the maximum value), and obtain the calculation result, but in the process, each party participating in the process will not leak their own data. Signature verification can also be understood as transaction signature.
  • Transaction signature is to digitally sign the transaction, that is, to digitally sign the transaction data packet (block) composed of transaction information, including transaction information such as the trader, amount, time, etc., generally initiated by the transaction (Usually the transferer of the asset) signature, and digital signature (also known as public key digital signature, electronic signature, etc.) is a kind of ordinary physical signature similar to that written on paper, but it uses technology in the field of public key encryption Implementation, a method used to identify digital information.
  • digital signatures use public and private keys, the private key is used for signature, and the public key is used for verification.
  • RSA Raster-Shamir-Adleman, an asymmetric encryption algorithm
  • DSA Digital Signature Algorithm, digital signature algorithm
  • ECDSA Elliptic Curve Digital Signature Algorithm, elliptic curve digital signature
  • the private key in the asymmetric key is then divided to obtain the first segment of the private key and the second segment of the private key. Save the first fragment of the private key in a trusted institution, and save the second fragment of the private key in the client.
  • the first shards of different private keys are stored in different trusted institutions, and the second shards of different private keys are stored in different hardware areas of the client, so according to the relationship between the transaction amount and the first threshold in the transaction data .
  • After determining the signature level of the transaction data, and determining the final signature authority required according to the corresponding relationship between the signature level and the signature authority it can be based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client , Perform signature verification based on secure multi-party calculation on the transaction hash.
  • the required signature agency is determined to be agency 1, and then the private key saved by agency 1 is used to split and The private key saved by the client is sharded to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a medium signature, it is determined that the required signature institution is institution 2, and the institution 2 is used The saved private key shards and the private key shards saved on the client side are used to perform signature verification based on secure multi-party calculation on the transaction hash; when the current transaction amount belongs to a large-value signature, the required signature agency is determined to be an agency 1 and Institution 2, use the private key fragments saved by institution 1, the private key fragments saved by institution 2, and the private key fragments saved by the client, and simultaneously sign the transaction hash based on secure multi-party calculations Certification.
  • the private key segment is composed of partial sub-private keys generated based on segmenting the asymmetric key.
  • the signature level is preset to three levels: small-value signature, medium-value signature, and large-value signature.
  • Institution 1 performs small-value signature verification
  • institution 2 performs medium-value signature verification.
  • Large-value transactions require two institutions to sign and verify at the same time.
  • two pairs of asymmetric keys A and B are generated during the registration process, and the private keys in the two pairs of keys are split to obtain private key A segment 1 and private key A segment 2, respectively.
  • B segment 1 and private key B segment 2 then save the split private key A segment 1 in organization 1, private key B segment 1 in organization 2, private key A segment 2 and
  • the private key B segment 2 is stored in the user's mobile phone, and the organization that chooses to sign the transaction may be different depending on the transaction amount.
  • Figure 3 is a schematic diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a small signature based on secure multi-party computing.
  • the manual provides a schematic flow diagram of an embodiment of small-amount signature authentication based on secure multi-party computing.
  • FIG. 5 is a schematic structural diagram of an embodiment of the private key sharding party that needs to provide a private key for a small-value signature based on secure multi-party computing provided in this specification.
  • Fig. 6 is a schematic structural diagram of an embodiment provided in this specification in which a private key sharding party needs to be provided for a large-value signature based on secure multi-party calculation.
  • the embodiment of this specification provides a signature method based on secure multi-party calculation, which generates at least two pairs of asymmetric keys during registration application, and then divides the private key in the key and saves it to multiple trusted third-party institutions and In different hardware areas of the user client, when the transaction is actually performed, the transaction amount is compared with the preset threshold to determine the signature level of the transaction and the signature authority, and then use the private key saved by the signature authority to shard and the client save Private key sharding performs signature verification based on secure multi-party calculations on transaction data, realizing dynamic multi-key simultaneous signing.
  • the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • one or more embodiments of this specification also provide a signature device based on secure multi-party computing.
  • the described devices may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc., which use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices.
  • the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated.
  • unit or “module” can be a combination of software and/or hardware that implements predetermined functions.
  • devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived.
  • FIG. 7 is a schematic diagram of the module structure of an embodiment of a signature device based on secure multi-party computing provided in this specification.
  • a signature device based on secure multi-party computing provided in this specification may include: Transaction data acquisition module 121, signature level determination module 122, signature authority determination module 123, signature verification module 124.
  • the transaction data obtaining module 121 may be used to obtain transaction data, and generate a transaction hash using preset rules for the transaction data;
  • the signature level determining module 122 may be used to determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold;
  • the signature authority determining module 123 may be used to determine a signature authority based on the signature level, where the signature authority is a trusted authority that signs the transaction data;
  • the signature verification module 124 can be used to perform signature verification based on secure multi-party calculation on the transaction hash based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client.
  • the trust agency and the client respectively store private key fragments, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the trusted organization and the client separately store private key fragments, which may include:
  • the key generation module can be used to generate at least two pairs of asymmetric keys during the registration process
  • the fragment obtaining module can be used to split the private key in the asymmetric key to obtain the first fragment of the private key and the second fragment of the private key;
  • the fragment saving module may be used to save the first fragment of the private key in the trusted authority, and save the second fragment of the private key in the client.
  • the signature level determining module 122 may include:
  • the first determining unit may be configured to determine that the signature level of the transaction data is the first level when the transaction amount is greater than or equal to the first threshold;
  • the second determining unit may be configured to determine that the signature level of the transaction data is the second level when the transaction amount is less than the first threshold.
  • the signature level determining module 122 may further include:
  • the third determining unit may be configured to determine that the signature level of the transaction data is a third level when the transaction amount is less than a second threshold, and the second threshold is less than the first threshold.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment, and for the specific implementation manner, refer to the description of the related method embodiment, which is not repeated here.
  • this specification also provides a signature device based on secure multi-party computing, which includes a processor and a memory for storing processor-executable instructions. When the instructions are executed by the processor, the implementation includes the following steps:
  • a signature authority Based on the signature level, determine a signature authority, where the signature authority is a trusted authority that signs the transaction data;
  • signature authentication based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority and the client are respectively Private key fragments are stored, and the private key fragments are composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium.
  • the storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD.
  • devices that use electrical energy to store information such as various types of memory, such as RAM, ROM, etc.
  • devices that use magnetic energy to store information such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk
  • a device that uses optical means to store information such as CD or DVD.
  • quantum memory graphene memory, and so on.
  • the above-mentioned device may also include other implementation manners according to the description of the method embodiment.
  • specific implementation manners reference may be made to the description of the related method embodiments, which will not be repeated here.
  • FIG. 8 is a schematic diagram of the module structure of an embodiment of a signature system based on secure multi-party computing provided in this specification. As shown in FIG. 8, this A signature system based on secure multi-party computing provided in the specification may include a processor 131 and a memory 132 for storing executable instructions of the processor. The processor 131 and the memory 132 communicate with each other through a bus 133;
  • the processor 131 is configured to call the program instructions in the memory 132 to execute the method provided in the above-mentioned signature method based on secure multi-party computing.
  • the processor 131 includes: obtaining transaction data and using preset rules for the transaction data. Generate a transaction hash; determine the signature level of the transaction data according to the relationship between the transaction amount in the transaction data and the first threshold; determine the signature authority based on the signature level, and the signature authority performs the transaction data The trusted authority of the signature; based on the private key fragments saved by the determined signature authority and the private key fragments saved by the client, signature verification based on secure multi-party calculation is performed on the transaction hash, wherein the trusted authority A private key segment is stored separately with the client, and the private key segment is composed of partial sub-private keys generated based on splitting the asymmetric key.
  • the system described above in the specification may also include other implementation manners based on the description of the related method embodiments.
  • specific implementation manners refer to the description of the method embodiments, which will not be repeated here.
  • the various embodiments in the present application are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments.
  • the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
  • the embodiment of this specification provides a signature device or device or system based on secure multi-party computing, which generates at least two pairs of asymmetric keys when applying for registration, and then splits the private key in the key and saves it to multiple trusted In the third-party organization and the user client, when the transaction is actually performed, the transaction amount is compared with a preset threshold to determine the signature level of the transaction and the signature organization, and then use the private key saved by the signature organization to slice and save on the client
  • the private key sharding of the transaction data performs signature verification based on secure multi-party calculations, realizing dynamic multi-key simultaneous signing. In this way, since the possibility of multiple third-party institutions being compromised at the same time is very low, the implementation scheme provided in this manual can effectively solve the security risks of loss or theft of private keys while realizing dynamic multi-key signatures. Dadi improves transaction security.
  • a programmable logic device Programmable Logic Device, PLD
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers.
  • controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic.
  • controller in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • Computers, wearable devices, or any combination of these devices may be specifically implemented by computer chips or entities, or implemented by products with certain functions.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • the functions are divided into various modules and described separately.
  • the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. .
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne, selon des modes de réalisation, un procédé de signature, un dispositif et un système faisant appel au calcul sécurisé multi-parties (SMPC). Le procédé consiste : à acquérir des données de transaction, et à générer un hachage de transaction à partir des données de transaction au moyen d'une règle préconfigurée ; à déterminer un niveau de signature des données de transaction selon une relation entre un plafond de transaction dans les données de transaction et un premier seuil ; à déterminer une organisation de signature en fonction du niveau de signature, l'organisation de signature étant une organisation de confiance qui signe les données de transaction ; et à effectuer une vérification de signature basée sur un SMPC sur le hachage de transaction sur la base d'une tranche de clé privée mémorisée par l'organisation de signature déterminée et d'une tranche de clé privée mémorisée par un client, l'organisation de confiance et le client mémorisant respectivement les tranches de clé privée, et la tranche de clé privée étant constituée d'une partie d'une clé privée enfant acquise par découpage d'une clé asymétrique. Les modes de réalisation de l'invention éliminent les risques de sécurité causés par une clé privée perdue ou volée, et améliore considérablement la sécurité de la transaction.
PCT/CN2019/077527 2019-03-08 2019-03-08 Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties WO2020181427A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077527 WO2020181427A1 (fr) 2019-03-08 2019-03-08 Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077527 WO2020181427A1 (fr) 2019-03-08 2019-03-08 Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties

Publications (1)

Publication Number Publication Date
WO2020181427A1 true WO2020181427A1 (fr) 2020-09-17

Family

ID=72427195

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/077527 WO2020181427A1 (fr) 2019-03-08 2019-03-08 Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties

Country Status (1)

Country Link
WO (1) WO2020181427A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210133701A1 (en) * 2019-10-31 2021-05-06 Digital Trust Networks Inc. Proxied cross-ledger authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105096118A (zh) * 2015-08-21 2015-11-25 廖小谦 一种电子货币转付系统及方法
CN106251146A (zh) * 2016-07-21 2016-12-21 恒宝股份有限公司 一种移动支付方法及移动支付系统
US20170330177A1 (en) * 2016-05-16 2017-11-16 Hewlett Packard Enterprise Development Lp Payment terminal authentication
CN107623569A (zh) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 基于秘密共享技术的区块链密钥托管和恢复方法、装置
CN109219950A (zh) * 2016-03-29 2019-01-15 西门子移动有限公司 用于在安全相关的设备之间交换消息的方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105096118A (zh) * 2015-08-21 2015-11-25 廖小谦 一种电子货币转付系统及方法
CN109219950A (zh) * 2016-03-29 2019-01-15 西门子移动有限公司 用于在安全相关的设备之间交换消息的方法
US20170330177A1 (en) * 2016-05-16 2017-11-16 Hewlett Packard Enterprise Development Lp Payment terminal authentication
CN106251146A (zh) * 2016-07-21 2016-12-21 恒宝股份有限公司 一种移动支付方法及移动支付系统
CN107623569A (zh) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 基于秘密共享技术的区块链密钥托管和恢复方法、装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210133701A1 (en) * 2019-10-31 2021-05-06 Digital Trust Networks Inc. Proxied cross-ledger authentication
US11704636B2 (en) * 2019-10-31 2023-07-18 Adi Association Proxied cross-ledger authentication

Similar Documents

Publication Publication Date Title
WO2021068636A1 (fr) Procédé, appareil, dispositif et système de création sur chaîne de blocs d'une revendication vérifiable
CN109934585B (zh) 一种基于安全多方计算的签名方法、装置及系统
TWI686073B (zh) 金鑰資料處理方法、裝置及伺服器
TWI701933B (zh) 一種區塊鏈資料處理方法、裝置、處理設備及系統
US11165590B2 (en) Decentralized biometric signing of digital contracts
TWI696375B (zh) 一種區塊鏈資料處理方法、裝置、處理設備及系統
TWI705350B (zh) 一種事務請求的處理方法及裝置
US10009179B2 (en) Trusted platform module (TPM) protected device
EP3780541B1 (fr) Procédé et dispositif d'identification d'informations d'identité
US11295303B2 (en) Method, apparatus and electronic device for blockchain transactions
AU2015247929B2 (en) Systems, apparatus and methods for improved authentication
US9871783B2 (en) Universal enrollment using biometric PKI
EP3641218B1 (fr) Procédé, appareil et dispositif d'autorisation de service
WO2020063176A1 (fr) Procédé et dispositif d'authentification d'identité d'utilisateur dans un réseau
TW201947436A (zh) 區塊鏈成員管理的資料處理方法、裝置、伺服器及系統
JP2020508593A (ja) コンセンサス検証方法およびデバイス
CN107360001A (zh) 一种数字证书管理方法、装置和系统
CN110046996A (zh) 区块链交易的生成方法和装置
US20140026189A1 (en) Method, client, server and system of login verification
CN115632854A (zh) 一种基于区块链的数据处理方法和装置
CN112564920B (zh) 企业身份验证方法、系统、电子设备及存储介质
US11757659B2 (en) Post-quantum certificate binding
WO2020220212A1 (fr) Procédé de reconnaissance de caractéristique biologique et dispositif électronique
US20170317839A1 (en) Backup and invalidation of authentication credentials
WO2020181427A1 (fr) Procédé de signature, dispositif, et système faisant appel au calcul sécurisé multi-parties

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19919212

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19919212

Country of ref document: EP

Kind code of ref document: A1