WO2021102041A1 - Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management - Google Patents

Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management Download PDF

Info

Publication number
WO2021102041A1
WO2021102041A1 PCT/US2020/061111 US2020061111W WO2021102041A1 WO 2021102041 A1 WO2021102041 A1 WO 2021102041A1 US 2020061111 W US2020061111 W US 2020061111W WO 2021102041 A1 WO2021102041 A1 WO 2021102041A1
Authority
WO
WIPO (PCT)
Prior art keywords
party
digital asset
signature
private
private keys
Prior art date
Application number
PCT/US2020/061111
Other languages
French (fr)
Inventor
Vincenzo DI NICOLA
Massimiliano Sala
Alessio MENEGHETTI
Riccardo LONGO
Original Assignee
Conio Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Conio Inc. filed Critical Conio Inc.
Priority to EP20890122.3A priority Critical patent/EP4062350A4/en
Publication of WO2021102041A1 publication Critical patent/WO2021102041A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0655Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed centrally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present technology pertains to a method and apparatus for digital asset management independent of the type of blockchain employed.
  • the exemplary embodiments provided herein include a method for safe creation, custody, recovery and management of a digital asset, agnostic to an underlying blockchain technology, the method including establishing a virtual layer where three private keys are generated, transacting the digital asset by using two of three of the private keys and multi-party computation techniques, abstracting interactions between the three private keys from the underlying blockchain technology, having a digital asset transaction considered as a single-signature by the underlying blockchain technology, and recovering the digital asset if any of the three private keys is no longer available.
  • the digital asset may be a cryptocurrency, and a party may be disconnected from any network during the normal user operation phases.
  • the digital asset transaction may be considered as a single-signature, as seen by the underlying blockchain technology, and associated to a public key PK_ABC that is created and used to verify the transaction. Additionally, the digital asset may be transacted and recovered through derived keys.
  • a first party [B] may generate a private and public information pair (sk_B; pk_B) and transmit the public information (pk_B) to a second party [A]
  • the first party [B] may keep the private information sk_B secret and never reveal it.
  • a third party [C] may initiate communication with the second party [A] and transmit the public information pk_B to the third party [C] and the second party [A] may generate a secret s_A and two shards o_AB and o_AC.
  • the third party [C] may generate a secret s_C and two shards o_CA and o_CB, the second party [A] may generate a shard o_BA, and the third party [C] may generate a shard o_BC.
  • the second party [A] may encrypt shard o_AB and shard o_BA with the public information pk_B, getting rec_AB, and the third party [C] may encrypt shard o_CB and shard o_BC with the public information pk_B, getting rec_CB.
  • the second party [A] may send (o_AC; rec_AB) to the third party [C] and the third party [C] may send (o_CA; rec_CB) to the second party [A].
  • the second party [A] may compute the private key SK_A, generated by using s_A, o_B A and o_CA
  • the third party [C] may compute the private key SK_C, by using s_C, o_BC and o_AC.
  • a signature of private keys (SK_A, SK_C) a digital asset may be transacted.
  • the second party [A] and the third party [C] may compute a public key PK_ABC.
  • the public key PK_ABC may be communicated to a blockchain underneath the virtual layer, and the blockchain underneath the virtual layer may use the public key PK_ABC to verify that a signature is valid.
  • the signature may be created on the virtual layer by multiple private keys and the blockchain underneath the virtual layer may have access only to the public key PK_ABC and the signature.
  • the blockchain underneath the virtual layer may not have access to the multiple private keys on the virtual layer.
  • the second party [A] and the third party [C] may sign a transaction by using the private keys SK_A and SK_C and multi-party computation techniques.
  • FIG. 1 illustrates the various exemplary embodiments described herein that allow for a blockchain-agnostic safe multi-signature digital asset management.
  • FIG. 2 shows the Preliminary Phase
  • FIG 3. shows the Enrollment Phase
  • FIG 4. shows the Ordinary Signature Phase.
  • FIG 5. shows the Recovery Signature Phase where C is unable to sign.
  • FIG 6. shows the Recovery Signature Phase where A is unable to sign.
  • Digital assets for example, cryptocurrencies such as Bitcoin, or tokens created with certain blockchains
  • a digital asset transaction for example, a digital asset transfer
  • a Public Key can be communicated to the whole world, while the Private Key must be kept private by the owner. If the Private Key is lost, the owner can no longer access their digital asset. If the Private Key is given to or copied by someone else, that someone else can transact the digital asset, effectively stealing it from the owner.
  • FIG. 1 illustrates the various exemplary embodiments described herein that allow for blockchain-agnostic safe multi-signature digital asset management.
  • FIG. 1 Shown in FIG. 1 is a virtual layer and an underlying blockchain.
  • Party A for example, a server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium.
  • Party A has secret and public information.
  • Party B for example, a backup server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium.
  • Party B has secret and public information.
  • Party C for example, a user, is shown.
  • Party C has secret and public information.
  • Party C may also have a server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium, or a smartphone or other personal computing device.
  • a single signature is generated by the appropriate combination of the information of any two of the three parties.
  • the exemplary embodiments herein do not need the underlying blockchain to support multi-signature schemes. They effectively create a virtual layer, where parties deal with a multi-signature scheme and the underlying blockchain deals with a single-signature scheme. As a bonus result, since the digital asset transactions are effectively single-signature on the blockchain, their size and cost are smaller than the approaches mentioned earlier. [0023] According to various exemplary embodiments, they do not even need anyone to know what the Private Key related to the single-signature is (such a Private Key may not even be created at all), and it still allows transactions of the digital asset. Nor do all of the parties need to be online at the same time. One of the parties may even be disconnected from any network, and it still allows transactions of the digital asset.
  • A a server, always online. In certain embodiments, it is offered by a service provider.
  • B a backup server, online only in the preliminary phase and the recovery phase. In certain embodiments, it is offered by a provider different from A (for example, B may be a financial institution). In other embodiments, it may be handled by the user C itself if the user does not want to rely on other providers.
  • C the user, online starting from the enrollment phase. In certain embodiments, it is a person who wants digital assets, and may not even be known in the preliminary phase.
  • the various exemplary embodiments are structured so that all three parties' Private Keys are different from each other. It is also structured so that all three parties need not to be online at the same time. Additionally, one party may even cease to exist or not be available at all, and the digital asset can still be transacted or recovered.
  • FIG. 2 shows the Preliminary Phase.
  • Party B Shown in FIG. 2 are Party B and Party A.
  • Party B generates
  • Party B 's secret and public information.
  • Party B sends Party B's public information to Party A.
  • Party A receives Party B's public information.
  • B sends the public information pk_B to A.
  • FIG 3. shows the Enrollment Phase.
  • Party A sends Party
  • Party A also generates Party A's secret information, and combined Party A,C and A,B information.
  • Party A sends the combined Party A,C and A,B information to Party C.
  • Party A receives combined Party C,A and C,B information from Party C and generates private key SK_A and public key PK_ABC.
  • Party C receives Party B's public information from Party A.
  • Party C generates Party C's secret information and combined Party C,A and C,B information.
  • Party C receives combined Party A,C and A,B information from Party A.
  • Party C sends combined Party C,A and C,B information to Party A.
  • Party C also generates private key SK_C and public key PK_ABC.
  • the enrollment phase occurs whenever C, a new user, wants to deal with digital assets, and so it initiates its communication with A.
  • the parties involved in this phase are A and C:
  • A sends pk_B to C.
  • A generates a secret s_A and two shards o_AB and o_AC.
  • C generates a secret s_C and two shards o_CA and o_CB.
  • A generates a shard o_BA.
  • C generates a shard o_BC.
  • A encrypts o_AB and o_BA with the public information pk_B, getting recovery secret "rec"_AB.
  • C encrypts o_CB and o_BC with the public information pk_B, getting rec_CB.
  • a shard is a piece of data meant to be combined with other shards or secret information to create some data in a multi-party computation protocol.
  • A sends (o_AC; rec_AB) to C.
  • C sends (o_CA; rec_CB) to A.
  • A computes the Private Key SK_A, generated using s_A, o_BA and s CA.
  • C computes the Private Key SK_C, generated using s_C, o_BC and s AC.
  • SK_C allows to transact the digital asset ("2-of-3" signature scheme).
  • PK_ABC Public Key
  • PK_ABC Public Key
  • the blockchain underneath the virtual layer knows it, and may use it to verify that the signature (created on the virtual layer by multiple Private Keys) is valid.
  • the underlying blockchain sees only a Public Key and a single signature: it is not aware that this is the result of multiple Private Keys on the virtual layer.
  • Common secret generation A and C compute a common secret d, based on the shards o_B A and o_BC that can be used to derive other keys without performing another enrollment.
  • Private Key SK_ABC is not created and may never be created at all in any phase.
  • FIG 4. shows the Ordinary Signature Phase.
  • Party C signs a digital asset transaction with private key SK_C and multi-party computation techniques.
  • Secure multi-party computation also known as secure computation, multi-party computation (MPC), or privacy -preserving computation
  • MPC multi-party computation
  • the cryptography in this model protects participants' privacy from each other.
  • Party A signs a digital asset transaction with private key SK_A and multi-party computation techniques.
  • the resulting signature of this "2-of-3" scheme is verifiable by anyone with the public key PK_ABC. This also supports key derivation. In such a case, Party A and Party C sign with private key Ski_A and Ski_C and multi-party computation techniques. The resulting signature is verifiable by anyone with the public key PKi_ABC.
  • the Ordinary Signature Phase occurs whenever C, an existing user, wants to sign a digital asset transaction. The parties involved in this phase are A and C:
  • a and C sign the transaction by using the Private Keys SK_A and SK_C and multi-party computation techniques.
  • the signature is verifiable by anyone with the public key PK_ABC.
  • exemplary embodiments are also able to support
  • Various exemplary embodiments use their own way to derive keys: it is sufficient that A and C agree on a (public) derivation index i; then, using the common secret d computed during the Enrollment phase, they can independently derive the keys SKi_A and SKi_C, and use them in the Signature phase in place of SK_A and SK_C, respectively.
  • the derived Private Keys correspond to a new Public Key PKi_ABC.
  • the derivation can also be compounded: that is, more keys can be derived from a derived key.
  • FIG 5. shows the Recovery Signature Phase where C is unable to sign.
  • Party A and Party B Shown in FIG. 5 are Party A and Party B.
  • Party A sends combined Party A,B and C,B information to Party B.
  • Party A also signs a digital asset transaction with private key SK_A and multi-party computation techniques.
  • Party B receives the combined Party A,B and C,B information from Party A, generates private key SK_B and signs a digital asset transaction with private key SK_B and multi-party computation techniques.
  • Signature verification and eventual key derivation operations are analogous to the ones in the Ordinary Signature Phase.
  • certain exemplary embodiments comprise a
  • Recovery Signature phase This phase occurs whenever A or C can no longer sign a transaction, e.g. because one of them has lost their secret key material. As a result, the solution is able to recover a digital asset even if one of the parties is no longer available. If C is unable to sign, then the actors involved in this phase are A and B:
  • A sends (rec_AB; rec_CB) to B.
  • B decrypts rec_AB and rec_CB using the secret key sk_B, getting
  • B generates the secret s_B by using o_BA and o_BC.
  • B generates the Private Key SK_B by using s_B, o_AB and o_CB. This key is compatible with the "2-of-3" multi-signature scheme.
  • B computes the common secret d using o_BA and o_BC.
  • a and B sign the transaction using the Private Keys SK_A and
  • SK_B respectively (or the derived keys SKi_A and SKi_B, computed using the common secret d and a derivation index i on which they agreed), using computation techniques analogous to the ones used in in the Ordinary Signature phase.
  • This signature is verifiable by anyone with the public key PK_ABC (or the derived PKi_ABC).
  • FIG. shows the Recovery Signature Phase where A is unable to sign.
  • Party C Shown in FIG. 6 are Party C and Party B.
  • Party C sends combined Party A,B and C,B information to Party B.
  • Party C also signs a digital transaction with private key SK_C and multi-party computation techniques.
  • Party B receives combined Party A,B and C,B information from Party C.
  • Party B generates private key SK_B and signs a digital transaction with private key SK_B and multi-party computation techniques. Signature verification and eventual key derivation operations are analogous to the ones in the Ordinary Signature Phase. [0090] As shown in FIG. 6, if A is unable to sign, then the actors involved in this phase are B and C:
  • C sends (rec_AB; rec_CB) to B.
  • B generates the secret s_B by using o_BA and o_BC.
  • B generates the Private Key SK_B by using s_B, o_AB and o_CB.
  • B computes the common secret d using o_BA and o_BC.
  • C and B sign the transaction using the Private Keys SK_C and
  • the digital asset is transferred to a new digital wallet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Exemplary embodiments provided herein include a method for safe creation, custody, recovery and management of a digital asset, agnostic to an underlying blockchain technology, the method including establishing a virtual layer where three private keys are generated, transacting the digital asset by using two of three of the private keys and multi-party computation techniques, abstracting interactions between the three private keys from the underlying blockchain technology, having a digital asset transaction considered as a single-signature by the underlying blockchain technology, and recovering the digital asset if any of the three private keys is no longer available. Additionally, the digital asset may be a cryptocurrency, and a party may be disconnected from any network during the normal user operation phases. Furthermore, the digital asset transaction may be considered as a single-signature, as seen by the underlying blockchain technology, and is associated to a public key PK_ABC.

Description

METHOD AND APPARATUS FOR A BLOCKCHAIN-AGNOSTIC SAFE MULTI-SIGNATURE DIGITAL ASSET MANAGEMENT
CROSS-REFERENCE TO RELATED APPLICATIONS [0001] The present application claims the priority benefit of U.S.
Provisional Patent Application Serial No. 62/939,501 filed on November 22, 2019 titled "Method and Apparatus for a Blockchain-Agnostic Safe Multi-Signature Digital Asset Management," which is hereby incorporated by reference in its entirety.
FIELD OF INVENTION
[0002] The present technology pertains to a method and apparatus for digital asset management independent of the type of blockchain employed.
SUMMARY OF EXEMPLARY EMBODIMENTS
[0003] The exemplary embodiments provided herein include a method for safe creation, custody, recovery and management of a digital asset, agnostic to an underlying blockchain technology, the method including establishing a virtual layer where three private keys are generated, transacting the digital asset by using two of three of the private keys and multi-party computation techniques, abstracting interactions between the three private keys from the underlying blockchain technology, having a digital asset transaction considered as a single-signature by the underlying blockchain technology, and recovering the digital asset if any of the three private keys is no longer available. Additionally, the digital asset may be a cryptocurrency, and a party may be disconnected from any network during the normal user operation phases.
[0004] The digital asset transaction, according to various exemplary embodiments, may be considered as a single-signature, as seen by the underlying blockchain technology, and associated to a public key PK_ABC that is created and used to verify the transaction. Additionally, the digital asset may be transacted and recovered through derived keys.
[0005] In further exemplary embodiments, a first party [B] may generate a private and public information pair (sk_B; pk_B) and transmit the public information (pk_B) to a second party [A] The first party [B] may keep the private information sk_B secret and never reveal it. A third party [C] may initiate communication with the second party [A] and transmit the public information pk_B to the third party [C] and the second party [A] may generate a secret s_A and two shards o_AB and o_AC. Additionally, the third party [C] may generate a secret s_C and two shards o_CA and o_CB, the second party [A] may generate a shard o_BA, and the third party [C] may generate a shard o_BC. The second party [A] may encrypt shard o_AB and shard o_BA with the public information pk_B, getting rec_AB, and the third party [C] may encrypt shard o_CB and shard o_BC with the public information pk_B, getting rec_CB.
[0006] Additionally, the second party [A], according to many exemplary embodiments, may send (o_AC; rec_AB) to the third party [C] and the third party [C] may send (o_CA; rec_CB) to the second party [A]. The second party [A] may compute the private key SK_A, generated by using s_A, o_B A and o_CA, and the third party [C] may compute the private key SK_C, by using s_C, o_BC and o_AC. By combining a signature of private keys (SK_A, SK_C) a digital asset may be transacted. Furthermore, the second party [A] and the third party [C] may compute a public key PK_ABC. The public key PK_ABC may be communicated to a blockchain underneath the virtual layer, and the blockchain underneath the virtual layer may use the public key PK_ABC to verify that a signature is valid. In various exemplary embodiments, the signature may be created on the virtual layer by multiple private keys and the blockchain underneath the virtual layer may have access only to the public key PK_ABC and the signature. The blockchain underneath the virtual layer may not have access to the multiple private keys on the virtual layer. Additionally, the second party [A] and the third party [C] may sign a transaction by using the private keys SK_A and SK_C and multi-party computation techniques.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] The accompanying drawings, where like reference numerals refer to identical or functionally similar elements throughout the separate views, together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate embodiments of concepts that include the claimed disclosure, and explain various principles and advantages of those embodiments.
[0008] The methods and systems disclosed herein have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.
[0009] FIG. 1 illustrates the various exemplary embodiments described herein that allow for a blockchain-agnostic safe multi-signature digital asset management.
[0010] FIG. 2 shows the Preliminary Phase.
[0011] FIG 3. shows the Enrollment Phase.
[0012] FIG 4. shows the Ordinary Signature Phase.
[0013] FIG 5. shows the Recovery Signature Phase where C is unable to sign.
[0014] FIG 6. shows the Recovery Signature Phase where A is unable to sign. DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
[0015] While the present technology is susceptible of embodiment in many different forms, there is shown in the drawings and will herein be described in detail several specific embodiments with the understanding that the present disclosure is to be considered as an exemplification of the principles of the present technology and is not intended to limit the technology to the embodiments illustrated.
[0016] Digital assets (for example, cryptocurrencies such as Bitcoin, or tokens created with certain blockchains) are at their core defined by a single Public Key and Private Key pair. A digital asset transaction (for example, a digital asset transfer) is digitally signed with the original owner's Private Key, and any external observer can verify it by using the corresponding Public Key. [0017] A Public Key can be communicated to the whole world, while the Private Key must be kept private by the owner. If the Private Key is lost, the owner can no longer access their digital asset. If the Private Key is given to or copied by someone else, that someone else can transact the digital asset, effectively stealing it from the owner.
[0018] In order to prevent this, a number of approaches have been suggested to safeguard the Private Key. For example, divide the Private Key in multiple parts, make multiple copies of each part, and store them in different secure places. Such approaches are manual, require a "ceremony" with the physical presence of several operators in the same place, and the loss of a part of the Private Key may still result in the total loss of the Private Key.
[0019] Other approaches rely on multiple Private Keys, preferably handled by different entities, where a minimum number of different Private Key signatures are needed to create a digital asset transaction. Such approaches are specific to each different underlying blockchain technology (e.g., a multi signature scheme on the Bitcoin blockchain is different from a multi-signature scheme on the Ethereum blockchain). In addition, some blockchains may not even allow a multi-signature scheme, and are simply limited to a single signature scheme.
[0020] FIG. 1 illustrates the various exemplary embodiments described herein that allow for blockchain-agnostic safe multi-signature digital asset management.
[0021] Shown in FIG. 1 is a virtual layer and an underlying blockchain.
Included in the virtual layer is Party A, for example, a server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium. Party A has secret and public information. Also shown is Party B, for example, a backup server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium. Party B has secret and public information. Party C, for example, a user, is shown. Party C has secret and public information. Party C may also have a server including one or more hardware processors executing instructions stored in a non-transitory computer readable medium, or a smartphone or other personal computing device. A single signature is generated by the appropriate combination of the information of any two of the three parties.
[0022] The exemplary embodiments herein do not need the underlying blockchain to support multi-signature schemes. They effectively create a virtual layer, where parties deal with a multi-signature scheme and the underlying blockchain deals with a single-signature scheme. As a bonus result, since the digital asset transactions are effectively single-signature on the blockchain, their size and cost are smaller than the approaches mentioned earlier. [0023] According to various exemplary embodiments, they do not even need anyone to know what the Private Key related to the single-signature is (such a Private Key may not even be created at all), and it still allows transactions of the digital asset. Nor do all of the parties need to be online at the same time. One of the parties may even be disconnected from any network, and it still allows transactions of the digital asset.
[0024] In many exemplary embodiments, by applying the correct recovery methods, they effectively prevent the loss or theft of digital assets and also allow solving special real-life situations like transfer of a digital asset to an heir.
[0025] The various exemplary embodiments described herein are still able to enhance privacy by preventing the so-called address reusing: on the virtual layer, they properly derive the parties Private Keys and, on the underlying single-signature blockchain, for each derivation, a different Public Key (address) is generated.
[0026] According to various exemplary embodiments, there are three parties and four phases.
[0027] Parties:
[0028] A: a server, always online. In certain embodiments, it is offered by a service provider.
[0029] B: a backup server, online only in the preliminary phase and the recovery phase. In certain embodiments, it is offered by a provider different from A (for example, B may be a financial institution). In other embodiments, it may be handled by the user C itself if the user does not want to rely on other providers. [0030] C: the user, online starting from the enrollment phase. In certain embodiments, it is a person who wants digital assets, and may not even be known in the preliminary phase.
[0031] Phases:
[0032] Preliminary.
[0033] Enrollment.
[0034] Ordinary Signature.
[0035] Recovery Signature.
[0036] Communications between parties A, B and C may take place on insecure channels. So standard encryption mechanisms (e.g. HTTPS) are to be used.
[0037] The various exemplary embodiments described herein effectively create a virtual layer, where 3 Private Keys exist. They require at least any two Private Keys out of the three ("2-of-3") to create a signature, using proper threshold signature mechanisms. The blockchain underneath the virtual layer sees such a signature as if being signed by a single Private Key, and can verify it with its corresponding Public Key.
[0038] The various exemplary embodiments are structured so that all three parties' Private Keys are different from each other. It is also structured so that all three parties need not to be online at the same time. Additionally, one party may even cease to exist or not be available at all, and the digital asset can still be transacted or recovered.
[0039] FIG. 2 shows the Preliminary Phase.
[0040] Shown in FIG. 2 are Party B and Party A. Party B generates
Party B's secret and public information. Party B sends Party B's public information to Party A. Party A receives Party B's public information. [0041] As shown in FIG. 2, the process starts with a Preliminary Phase.
This phase occurs only once, at the very beginning. The parties involved in this phase are A and B:
[0042] B generates a non-ephemeral private/public information pair
(sk_B; pk_B).
[0043] B sends the public information pk_B to A.
[0044] B keeps the private information sk_B secret and never reveals it to the other parties.
[0045] FIG 3. shows the Enrollment Phase.
[0046] Shown in FIG. 3 are Party A and Party C. Party A sends Party
B's public information to Party C. Party A also generates Party A's secret information, and combined Party A,C and A,B information. Party A sends the combined Party A,C and A,B information to Party C. Party A receives combined Party C,A and C,B information from Party C and generates private key SK_A and public key PK_ABC.
[0047] Party C receives Party B's public information from Party A.
Party C generates Party C's secret information and combined Party C,A and C,B information. Party C receives combined Party A,C and A,B information from Party A. Party C sends combined Party C,A and C,B information to Party A. Party C also generates private key SK_C and public key PK_ABC.
[0048] The enrollment phase occurs whenever C, a new user, wants to deal with digital assets, and so it initiates its communication with A. The parties involved in this phase are A and C:
[0049] A sends pk_B to C.
[0050] Secrets generation:
[0051] A generates a secret s_A and two shards o_AB and o_AC.
[0052] C generates a secret s_C and two shards o_CA and o_CB. [0053] A generates a shard o_BA.
[0054] C generates a shard o_BC.
[0055] A encrypts o_AB and o_BA with the public information pk_B, getting recovery secret "rec"_AB.
[0056] C encrypts o_CB and o_BC with the public information pk_B, getting rec_CB.
[0057] A shard is a piece of data meant to be combined with other shards or secret information to create some data in a multi-party computation protocol.
[0058] Shards communication:
[0059] A sends (o_AC; rec_AB) to C.
[0060] C sends (o_CA; rec_CB) to A.
[0061] A and C Private Keys generation:
[0062] A computes the Private Key SK_A, generated using s_A, o_BA and s CA.
[0063] C computes the Private Key SK_C, generated using s_C, o_BC and s AC.
[0064] The combined signature of these two Private Keys (SK_A,
SK_C) allows to transact the digital asset ("2-of-3" signature scheme).
[0065] Public Key generation: A and C compute the public key
PK_ABC. Such Public Key (PK_ABC) is communicated to the world. The blockchain underneath the virtual layer knows it, and may use it to verify that the signature (created on the virtual layer by multiple Private Keys) is valid. As a result, the underlying blockchain sees only a Public Key and a single signature: it is not aware that this is the result of multiple Private Keys on the virtual layer. [0066] Common secret generation: A and C compute a common secret d, based on the shards o_B A and o_BC that can be used to derive other keys without performing another enrollment.
[0067] It is worth noting that both A and C have the pair of encrypted recovery secrets (rec_AB; rec_CB) but none of them has the corresponding plaintext content in full: the only party who is able to fully decrypt (rec_AB; rec_CB) is B.
[0068] It is also worth noting that Private Key SK_ABC is not created and may never be created at all in any phase.
[0069] FIG 4. shows the Ordinary Signature Phase.
[0070] Shown in FIG. 4 are Party C and Party A. Party C signs a digital asset transaction with private key SK_C and multi-party computation techniques. Secure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy -preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver), the cryptography in this model protects participants' privacy from each other.
[0071] Also shown in FIG. 4, Party A signs a digital asset transaction with private key SK_A and multi-party computation techniques. The resulting signature of this "2-of-3" scheme is verifiable by anyone with the public key PK_ABC. This also supports key derivation. In such a case, Party A and Party C sign with private key Ski_A and Ski_C and multi-party computation techniques. The resulting signature is verifiable by anyone with the public key PKi_ABC. [0072] As shown in FIG. 4, the Ordinary Signature Phase occurs whenever C, an existing user, wants to sign a digital asset transaction. The parties involved in this phase are A and C:
[0073] A and C sign the transaction by using the Private Keys SK_A and SK_C and multi-party computation techniques. The signature is verifiable by anyone with the public key PK_ABC.
[0074] In this phase, exemplary embodiments are also able to support
"Key Derivation." That is, the Private Keys SK_A and SK_C obtained in the Enrollment Phase can be utilized directly to sign messages and transactions, or they can be used to derive deterministically other key pairs. For example, in Bitcoin it is good practice to always use new addresses that correspond to different keys (as seen in BIP32).
[0075] Various exemplary embodiments use their own way to derive keys: it is sufficient that A and C agree on a (public) derivation index i; then, using the common secret d computed during the Enrollment phase, they can independently derive the keys SKi_A and SKi_C, and use them in the Signature phase in place of SK_A and SK_C, respectively. Note that the derived Private Keys correspond to a new Public Key PKi_ABC. The derivation can also be compounded: that is, more keys can be derived from a derived key.
[0076] FIG 5. shows the Recovery Signature Phase where C is unable to sign.
[0077] Shown in FIG. 5 are Party A and Party B. Party A sends combined Party A,B and C,B information to Party B. Party A also signs a digital asset transaction with private key SK_A and multi-party computation techniques. Party B receives the combined Party A,B and C,B information from Party A, generates private key SK_B and signs a digital asset transaction with private key SK_B and multi-party computation techniques. Signature verification and eventual key derivation operations are analogous to the ones in the Ordinary Signature Phase.
[0078] As shown in FIG. 5, certain exemplary embodiments comprise a
Recovery Signature phase. This phase occurs whenever A or C can no longer sign a transaction, e.g. because one of them has lost their secret key material. As a result, the solution is able to recover a digital asset even if one of the parties is no longer available. If C is unable to sign, then the actors involved in this phase are A and B:
[0079] Communication:
[0080] A contacts B, which comes back online to join the Recovery
Signature phase.
[0081] A sends (rec_AB; rec_CB) to B.
[0082] B Private Key creation:
[0083] B decrypts rec_AB and rec_CB using the secret key sk_B, getting
(o_AB; o_BA; o_CB; o_BC).
[0084] B generates the secret s_B by using o_BA and o_BC. B generates the Private Key SK_B by using s_B, o_AB and o_CB. This key is compatible with the "2-of-3" multi-signature scheme.
[0085] B computes the common secret d using o_BA and o_BC.
[0086] A and B sign the transaction using the Private Keys SK_A and
SK_B respectively (or the derived keys SKi_A and SKi_B, computed using the common secret d and a derivation index i on which they agreed), using computation techniques analogous to the ones used in in the Ordinary Signature phase. This signature is verifiable by anyone with the public key PK_ABC (or the derived PKi_ABC).
[0087] The digital asset is transferred to a new digital wallet. [0088] FIG 6. shows the Recovery Signature Phase where A is unable to sign.
[0089] Shown in FIG. 6 are Party C and Party B. Party C sends combined Party A,B and C,B information to Party B. Party C also signs a digital transaction with private key SK_C and multi-party computation techniques.
Party B receives combined Party A,B and C,B information from Party C. Party B generates private key SK_B and signs a digital transaction with private key SK_B and multi-party computation techniques. Signature verification and eventual key derivation operations are analogous to the ones in the Ordinary Signature Phase. [0090] As shown in FIG. 6, if A is unable to sign, then the actors involved in this phase are B and C:
[0091] Communication:
[0092] C contacts B, which comes back online to join the Recovery
Signature phase.
[0093] C sends (rec_AB; rec_CB) to B.
[0094] B Private Key creation:
[0095] B decrypts rec_AB and rec_CB using the secret key sk_B, getting
(o_AB; o_BA; o_BC; o_CB).
[0096] B generates the secret s_B by using o_BA and o_BC.
[0097] B generates the Private Key SK_B by using s_B, o_AB and o_CB.
This key is compatible with the "2-of-3" multi-signature scheme.
[0098] B computes the common secret d using o_BA and o_BC.
[0099] C and B sign the transaction using the Private Keys SK_C and
SK_B respectively (or the derived keys SKi_C and SKi_B, computed using the common secret d and a derivation index i on which they agreed), using computation techniques analogous to the ones used in in the Ordinary Signature phase. This signature is verifiable by anyone with the public key PK_ABC (or the derived PKi_ABC).
[00100] The digital asset is transferred to a new digital wallet.
[00101] While specific embodiments of, and examples for, the system are described above for illustrative purposes, various equivalent modifications are possible within the scope of the system, as those skilled in the relevant art will recognize. For example, while processes or steps are presented in a given order, alternative embodiments may perform routines having steps in a different order, and some processes or steps may be deleted, moved, added, subdivided, combined, and/or modified to provide alternative or sub-combinations. Each of these processes or steps may be implemented in a variety of different ways.
Also, while processes or steps are at times shown as being performed in series, these processes or steps may instead be performed in parallel, or may be performed at different times.
[00102] While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. The descriptions are not intended to limit the scope of the present technology to the particular forms set forth herein. To the contrary, the present descriptions are intended to cover such alternatives, modifications, and equivalents as may be included within the spirit and scope of the present technology as appreciated by one of ordinary skill in the art. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above- described exemplary embodiments.

Claims

CLAIMS What is claimed is:
1. A method for safe creation, custody, recovery and management of a digital asset, agnostic to an underlying blockchain technology, the method comprising: establishing a virtual layer where three private keys are generated; transacting the digital asset by using two of three of the private keys and multi-party computation techniques; abstracting interactions between the three private keys from the underlying blockchain technology; having a digital asset transaction considered as a single-signature by the underlying blockchain technology; recovering the digital asset if any of the three private keys is no longer available.
2. The method of claim 1, wherein the digital asset is a cryptocurrency.
3. The method of claim 1, further comprising disconnecting a party from any network during the normal user operation phases.
4. The method of claim 1, further comprising the digital asset transaction considered as a single-signature, as seen by the underlying blockchain technology, is associated to a private key SK_ABC that is never created.
5. The method of claim 1, further comprising the digital asset transaction considered as a single-signature, as seen by the underlying blockchain technology, is associated to a public key PK_ABC that is created and that is used to verify the transaction.
6. The method of claim 1, further comprising transacting and recovering the digital asset through derived keys.
7. A method comprising: a first party [B] generating a private and public information pair (sk_B; pk_B); the first party [B] transmitting the public information (pk_B) to a second party [A].
8. The method of claim 7, further comprising: the first party [B] keeping the private information sk_B secret and never revealing it.
9. The method of claim 8, further comprising: a third party [C] initiating communication with the second party [A]; the second party [A] transmitting the public information pk_B to the third party [C]; the second party [A] generating a secret s_A and two shards o_AB and _AC; the third party [C] generating a secret s_C and two shards o_CA and _CB; the second party [A] generating a shard o_BA; and the third party [C] generating a shard o_BC.
10. The method of claim 9, further comprising: the second party [A] encrypting shard o_AB and shard o_BA with the public information pk_B getting rec_AB; the third party [C] encrypting shard o_CB and shard o_BC with the public information pk_B, getting rec_CB.
11. The method of claim 10, further comprising: the second party [A] sending (o_AC; rec_AB) to the third party [C]; and the third party [C] sending (o_CA; rec_CB) to the second party [A].
12. The method of claim 11, further comprising: the second party [A] computing the private key SK_A, generated using s_A, o_BA and o_CA; and the third party [C] computing the private key SK_C, generated using s_C, o_BC and o_AC.
13. The method of claim 12, further comprising: combining a signature of private keys (SK_A, SK_C) to transact a digital asset.
14. The method of claim 13, further comprising the second party [A] and the third party [C] computing a public key PK_ABC.
15. The method of claim 14, further comprising communicating the public key
PK_ABC to a blockchain underneath a virtual layer.
16. The method of claim 15, further comprising the block chain underneath the virtual layer using the public key PK_ABC to verify that a signature is valid.
17. The method of claim 16, further comprising the signature being created on the virtual layer by multiple private keys.
18. The method of claim 17, further comprising the blockchain underneath the virtual layer having access only to the public key PK_ABC and the signature.
19. The method of claim 18, further comprising the blockchain underneath the virtual layer not having access to the multiple private keys on the virtual layer.
20. The method of claim 19, further comprising: the second party [A] and the third party [C] signing a transaction by using the private keys SK_A and SK_C and multi-party computation techniques.
PCT/US2020/061111 2019-11-22 2020-11-18 Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management WO2021102041A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP20890122.3A EP4062350A4 (en) 2019-11-22 2020-11-18 Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201962939501P 2019-11-22 2019-11-22
US62/939,501 2019-11-22
US16/951,747 US11915314B2 (en) 2019-11-22 2020-11-18 Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management
US16/951,747 2020-11-18

Publications (1)

Publication Number Publication Date
WO2021102041A1 true WO2021102041A1 (en) 2021-05-27

Family

ID=75975010

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/061111 WO2021102041A1 (en) 2019-11-22 2020-11-18 Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management

Country Status (3)

Country Link
US (1) US11915314B2 (en)
EP (1) EP4062350A4 (en)
WO (1) WO2021102041A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11164182B2 (en) 2018-05-17 2021-11-02 Conio Inc. Methods and systems for safe creation, custody, recovery, and management of a digital asset
US11915314B2 (en) 2019-11-22 2024-02-27 Conio Inc. Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180069697A1 (en) * 2016-09-02 2018-03-08 Conio Inc. Method and Apparatus for Restoring Access to Digital Assets
WO2018229608A1 (en) * 2017-06-13 2018-12-20 nChain Holdings Limited Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
US10373129B1 (en) * 2018-03-05 2019-08-06 Winklevoss Ip, Llc System, method and program product for generating and utilizing stable value digital assets

Family Cites Families (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5485519A (en) 1991-06-07 1996-01-16 Security Dynamics Technologies, Inc. Enhanced security for a secure token code
US5265164A (en) 1991-10-31 1993-11-23 International Business Machines Corporation Cryptographic facility environment backup/restore and replication in a public key cryptosystem
US5588061A (en) 1994-07-20 1996-12-24 Bell Atlantic Network Services, Inc. System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5835592A (en) 1995-06-01 1998-11-10 Chang; Chung Nan Secure, swift cryptographic key exchange
US9189777B1 (en) 1999-09-20 2015-11-17 Security First Corporation Electronic commerce with cryptographic authentication
EP2224368B1 (en) 2001-06-18 2013-01-09 Daon Holdings Limited An electronic data vault providing biometrically protected electronic signatures
US7680801B2 (en) 2004-11-17 2010-03-16 Iron Mountain, Incorporated Systems and methods for storing meta-data separate from a digital asset
US20070014399A1 (en) 2005-07-15 2007-01-18 Scheidt Edward M High assurance key management overlay
US7606769B2 (en) 2005-10-12 2009-10-20 Kabushiki Kaisha Toshiba System and method for embedding user authentication information in encrypted data
JP4179563B2 (en) 2006-09-21 2008-11-12 インターナショナル・ビジネス・マシーンズ・コーポレーション Technology for managing cryptographic keys for cryptographic communications
US8769284B2 (en) 2006-12-29 2014-07-01 Nokia Corporation Securing communication
EP1973265A1 (en) 2007-03-21 2008-09-24 Nokia Siemens Networks Gmbh & Co. Kg Key refresh in SAE/LTE system
US20090144557A1 (en) 2007-07-26 2009-06-04 Hyblue, Inc. Recoverable secure data store system and method
WO2010011472A2 (en) 2008-06-29 2010-01-28 Jeffrey Peck Koplow Public encrypted disclosure
US20130124870A1 (en) 2011-11-16 2013-05-16 Certicom Corp. Cryptographic document processing in a network
US8954758B2 (en) 2011-12-20 2015-02-10 Nicolas LEOUTSARAKOS Password-less security and protection of online digital assets
US8966268B2 (en) 2011-12-30 2015-02-24 Vasco Data Security, Inc. Strong authentication token with visual output of PKI signatures
US9084111B2 (en) 2012-02-07 2015-07-14 Aruba Networks, Inc. System and method for determining leveled security key holder
US9253171B2 (en) 2013-06-20 2016-02-02 Raytheon Cyber Products, Llc Distributed network encryption key generation
US20150170112A1 (en) 2013-10-04 2015-06-18 Erly Dalvo DeCastro Systems and methods for providing multi-currency platforms comprising means for exchanging and interconverting tangible and virtual currencies in various transactions, banking operations, and wealth management scenarios
US9235714B1 (en) 2013-11-12 2016-01-12 Amazon Technologies, Inc. Preventing persistent storage of cryptographic information using signaling
WO2015142765A1 (en) 2014-03-17 2015-09-24 Coinbase, Inc Bitcoin host computer system
US20150348017A1 (en) 2014-06-03 2015-12-03 Jonathan Allmen Method for integrating cryptocurrency transfer on a social network interface
US10061914B2 (en) 2014-11-14 2018-08-28 Mcafee, Llc Account recovery protocol
US9641341B2 (en) * 2015-03-31 2017-05-02 Duo Security, Inc. Method for distributed trust authentication
US9735958B2 (en) 2015-05-19 2017-08-15 Coinbase, Inc. Key ceremony of a security system forming part of a host computer for cryptographic transactions
US10778439B2 (en) 2015-07-14 2020-09-15 Fmr Llc Seed splitting and firmware extension for secure cryptocurrency key backup, restore, and transaction signing platform apparatuses, methods and systems
KR20180116278A (en) 2016-02-23 2018-10-24 엔체인 홀딩스 리미티드 Common information secrets for secure information exchange and hierarchical and deterministic cryptographic keys
AU2017223129A1 (en) 2016-02-23 2018-07-12 nChain Holdings Limited Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN107959656B (en) 2016-10-14 2021-08-31 阿里巴巴集团控股有限公司 Data security guarantee system, method and device
EP3379767B1 (en) * 2017-03-24 2021-01-13 Hewlett-Packard Development Company, L.P. Distributed authentication
US20180293557A1 (en) 2017-04-05 2018-10-11 Samsung Sds Co., Ltd. Method of charging electronic currency automatically based on blockchain and system thereof
WO2018231832A1 (en) * 2017-06-12 2018-12-20 PokitDok, Inc. System and method for autonomous dynamic person management
US10511436B1 (en) * 2017-07-31 2019-12-17 EMC IP Holding Company LLC Protecting key material using white-box cryptography and split key techniques
KR20240093786A (en) 2018-01-17 2024-06-24 티제로 아이피, 엘엘씨 Multi-approval system using m of n keys to restore a customer wallet
WO2020005328A2 (en) * 2018-02-09 2020-01-02 Orbs Ltd. Decentralized application platform for private key management
GB201817506D0 (en) * 2018-03-02 2018-12-12 Nchain Holdings Ltd Computer implemented method and system
US10771245B2 (en) 2018-04-20 2020-09-08 Mastercard International Incorporated Systems and methods for use in computer network security
US11164182B2 (en) 2018-05-17 2021-11-02 Conio Inc. Methods and systems for safe creation, custody, recovery, and management of a digital asset
US11444779B2 (en) * 2018-08-02 2022-09-13 Paypal, Inc. Techniques for securing application programming interface requests using multi-party digital signatures
CN109583887B (en) * 2018-10-26 2024-04-05 创新先进技术有限公司 Block chain transaction method and device
EP3891617A4 (en) * 2018-12-06 2022-10-12 Gk8 Ltd Secure consensus over a limited connection
CN109934585B (en) 2019-03-08 2023-07-28 矩阵元技术(深圳)有限公司 Signature method, device and system based on secure multiparty calculation
CN114730420A (en) * 2019-08-01 2022-07-08 科恩巴斯公司 System and method for generating signatures
US11228452B2 (en) * 2019-09-16 2022-01-18 Cisco Technology, Inc. Distributed certificate authority
EP4062350A4 (en) 2019-11-22 2024-03-06 Conio Inc. Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180069697A1 (en) * 2016-09-02 2018-03-08 Conio Inc. Method and Apparatus for Restoring Access to Digital Assets
WO2018229608A1 (en) * 2017-06-13 2018-12-20 nChain Holdings Limited Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
US10373129B1 (en) * 2018-03-05 2019-08-06 Winklevoss Ip, Llc System, method and program product for generating and utilizing stable value digital assets

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"XP093098540", SPATIUM, article "Secure multi-party computation vs Multisignature"
See also references of EP4062350A4

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11164182B2 (en) 2018-05-17 2021-11-02 Conio Inc. Methods and systems for safe creation, custody, recovery, and management of a digital asset
US11915314B2 (en) 2019-11-22 2024-02-27 Conio Inc. Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management

Also Published As

Publication number Publication date
EP4062350A1 (en) 2022-09-28
US11915314B2 (en) 2024-02-27
US20210158444A1 (en) 2021-05-27
EP4062350A4 (en) 2024-03-06

Similar Documents

Publication Publication Date Title
US11621833B2 (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN106548345B (en) Method and system for realizing block chain private key protection based on key partitioning
US10785019B2 (en) Data transmission method and apparatus
EP3289723B1 (en) Encryption system, encryption key wallet and method
CN108199835B (en) Multi-party combined private key decryption method
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
CN111431713B (en) Private key storage method and device and related equipment
CN111355749A (en) Efficient method for authenticated communication
CN105812349B (en) A kind of unsymmetrical key distribution of identity-based information and message encryption method
US20220021526A1 (en) Certificateless public key encryption using pairings
US20210158444A1 (en) Method and Apparatus for a Blockchain-Agnostic Safe Multi-Signature Digital Asset Management
CN112529573A (en) Combined block chain threshold signature method and system
US9641333B2 (en) Authentication methods, systems, devices, servers and computer program products, using a pairing-based cryptographic approach
CN110266483B (en) Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD
CN112003690B (en) Password service system, method and device
EP3883178A1 (en) Encryption system and method employing permutation group-based encryption technology
CN111130763B (en) Key backup and recovery method based on integrated encryption technology
EP4231583A1 (en) Methods and arrangements for establishing digital identity
WO2020258125A1 (en) Private key recovery method and apparatus, collaborative address creation method and apparatus, collaborative address signing method and apparatus, and storage medium
CN114493556A (en) Receiver offline digital currency quantum computation resistant anonymous transaction method based on ID cryptography
Scott et al. The Carnac protocol--or how to read the contents of a sealed envelope

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20890122

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020890122

Country of ref document: EP

Effective date: 20220622