WO2022193789A1 - Anonymous multi-signature method, computer device, and storage medium - Google Patents

Anonymous multi-signature method, computer device, and storage medium Download PDF

Info

Publication number
WO2022193789A1
WO2022193789A1 PCT/CN2021/143838 CN2021143838W WO2022193789A1 WO 2022193789 A1 WO2022193789 A1 WO 2022193789A1 CN 2021143838 W CN2021143838 W CN 2021143838W WO 2022193789 A1 WO2022193789 A1 WO 2022193789A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
anonymous
verification
anonymous multi
target data
Prior art date
Application number
PCT/CN2021/143838
Other languages
French (fr)
Chinese (zh)
Inventor
马登极
王志文
吴思进
Original Assignee
杭州复杂美科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州复杂美科技有限公司 filed Critical 杭州复杂美科技有限公司
Publication of WO2022193789A1 publication Critical patent/WO2022193789A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Definitions

  • the present application relates to the field of Internet technologies, in particular to an anonymous multi-signature method, computer equipment and storage medium.
  • the blockchain node executes the transaction through the multi-signature contract, and verifies the signature through the user's public key: if the verification is successful, the user's signature is recorded in the contract;
  • the multi-signature verification is successful.
  • Zero-Knowledge Proof was proposed by S. Goldwasser, S. Micali and C. Rackoff in the early 1980s. It refers to the ability of the prover to convince the verifier that an assertion is correct without providing any useful information to the verifier.
  • a zero-knowledge proof is essentially a protocol involving two or more parties, a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and convinces it that it knows or possesses a certain message, but the proof process cannot reveal any information about the proved message to the verifier.
  • the present invention provides an anonymous multi-signature method.
  • An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying the anonymous multi-signature is configured in the anonymous multi-signature contract.
  • Generated validation parameters the method includes:
  • Generate signature identification information for identifying whether each user authorized to participate in multi-signature participates in this multi-signature according to each first public key
  • the present invention provides an anonymous multi-signature method suitable for blockchain nodes.
  • An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying the anonymous multi-signature is configured in the anonymous multi-signature contract.
  • the method includes:
  • the first anonymous multi-signature transaction is executed through the anonymous multi-signature contract, and the first target data, the first proof information and the verification parameters are input into the zero-knowledge proof circuit for anonymous multi-signature verification:
  • the first anonymous multi-signature transaction includes first target data and first certification information, and is generated by the first user terminal;
  • the first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data and the corresponding first public key and the first elliptic curve random number;
  • the signature identification information is used to identify whether each user authorized to participate in the multi-signature participates in the multi-signature this time, and is generated by the first user terminal according to each first public key.
  • the present invention also provides a computer apparatus comprising one or more processors and a memory, wherein the memory contains instructions executable by the one or more processors to cause the one or more processors to perform operations in accordance with the present invention
  • the anonymous multi-signature method provided by each embodiment.
  • the present invention further provides a storage medium storing a computer program, the computer program causing a computer to execute the anonymous multi-signature method provided according to each embodiment of the present invention.
  • the anonymous multi-signature method, computer device and storage medium configured a zero-knowledge proof circuit for simultaneously verifying whether the number of signatures is sufficient and whether each signature can pass the verification in a smart contract, and configure the circuit to generate
  • the verification parameters of the blockchain allow anonymous multi-signature transactions publicly submitted to the blockchain to include only the target data and the certification information generated according to the signature data and other information, without including any information that may expose the user's identity, such as the public key, so as to achieve Anonymous multi-signature on the blockchain.
  • FIG. 1 is a flowchart of an anonymous multi-signature method according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of another anonymous multi-signature method provided by an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of an anonymous multi-signature method according to an embodiment of the present invention.
  • the present invention provides an anonymous multi-signature method.
  • An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying anonymous multi-signature is configured in the anonymous multi-signature contract.
  • the method includes:
  • S11 respectively acquiring first signature data generated by each first user participating in this multi-signature signing the first target data, the corresponding first public key and the first elliptic curve random number;
  • S13 Generate signature identification information for identifying whether each user who has the right to participate in multi-signature participates in this multi-signature according to each first public key;
  • S15 Generate first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the first elliptic curve random number;
  • S17 Generate a first anonymous multi-signature transaction including the first target data and the first certification information and send it to the blockchain network, so that the blockchain node can execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and the first anonymous multi-signature transaction
  • the target data, the first proof information and the verification parameters are input into the zero-knowledge proof circuit for anonymous multi-signature verification:
  • the signature algorithm adopts the schnorr signature algorithm, and the generation algorithm of the signature data is as follows:
  • s is the signature data
  • r is the random number
  • k is the private key
  • P is the public key
  • R is the elliptic curve random number generated according to r
  • m is the target data of the signature.
  • the verification algorithm for signed data is as follows:
  • G is the base point of the elliptic curve.
  • the zero-knowledge proof circuit configured in the anonymous multi-signature contract is generated according to the above algorithms.
  • the zero-knowledge proof circuit at least includes the generation algorithm Setup(), the proof algorithm Prove() and the verification algorithm Verify(). The specific process will not be repeated here.
  • the signature algorithm can also be configured as other signature algorithms commonly used in the field according to actual requirements, as long as the verification algorithm of the signature algorithm can meet the requirements of zero-knowledge proof, that is, the public information submitted by the anonymous multi-signature exchange The same technical effect can be achieved by entering and attesting without revealing information about the user's identity.
  • the method shown in FIG. 1 can be applied to both the client and different computer devices such as an auxiliary centralized server, which will be specifically described with reference to the following examples.
  • the above method is exemplarily explained by taking an example of an anonymous multi-signature registered in the contract that all 9 users have the right to sign and requires at least 6 of the 9 users to pass the signature.
  • the verification parameter ver_key1 needs to be generated according to the public keys P A -P I or address addr A -addr I of 9 users and the above generation algorithm Setup(), namely:
  • ver_key1 is submitted to the blockchain through an anonymous multi-signature registration transaction, and ver_key1 is deployed to the anonymous multi-signature contract for subsequent verification.
  • the user terminal of user A performs the method as an example for illustrative illustration; in other embodiments, the user terminal of each user can also use the public key, signature data and signature corresponding to the The elliptic curve random number is submitted to an auxiliary centralized server with confidential credit, and the centralized server executes the method shown in FIG. 1; in more embodiments, other methods that can be understood by those skilled in the art can also be Different devices implement the method shown in Figure 1, as long as the device can obtain the data provided by each client, generate transactions and send them to the blockchain network, the same technical effect can be achieved.
  • step S11 the user terminal of user A obtains the following data respectively:
  • the user terminal of user A uses the private key p A and the random number r1 to sign the signature data s A generated by data1, the public key P A of user A, and the elliptic curve random number R1 generated according to r1;
  • the user terminal of user C uses the private key p C and the random number r2 to sign the signature data s C generated by data1, the public key PC of user C , and the elliptic curve random number R2 generated according to r2;
  • the user terminal of user D uses the private key p D and the random number r3 to sign the signature data s D generated by data1, the public key P D of user D, and the elliptic curve random number R3 generated according to r3;
  • the user terminal of user F uses the private key p F and the random number r4 to sign the signature data s F generated by data1, the public key P F of user F, and the elliptic curve random number R4 generated according to r4;
  • the user terminal of user G uses the private key p G and the random number r5 to sign the signature data s G generated by data1, the public key P G of the user G, and the elliptic curve random number R5 generated according to r5;
  • the user terminal of user H uses the private key p H and the random number r6 to sign the signature data s H generated by data1, the public key P H of the user H, and the elliptic curve random number R6 generated according to r6.
  • step S13 the user terminal of user A generates according to each of the first public keys PA, PC, PD , PF , PG , and PH for identifying whether each user who has the right to participate in the multi - signature participates in this time
  • the signature identification information of the multi-signature is 101101110 (may also use 0 to identify participation and 1 to identify non-participation, then the signature identification information is 010010001; it can also be identified in other ways that can be understood by those skilled in the art).
  • step S15 the user terminal of user A takes the first target data data1 as a public input, and takes the signature data s A -s H , public keys P A -P H , and elliptic curve random numbers R1-R6 obtained in step S11 as Private input, input the above-mentioned proof algorithm Prove(), and generate the first proof information prove1, namely:
  • step S17 the user terminal of user A packages and generates an anonymous multi-signature transaction tx1 including the first target data data1 and the first proof information prove1, and sends the tx1 to the blockchain network.
  • the blockchain node receives, broadcasts, packages and executes tx1 through the anonymous multi-signature contract, and inputs the first target data data1, the first proof information prove1 and the verification parameter ver_key1 into the verification algorithm Verify() of the zero-knowledge proof circuit, and performs anonymous multi-signature Validation, i.e.:
  • Verify() ensures that the following two verifications are simultaneously performed inside the zero-knowledge proof circuit:
  • the information disclosed on the blockchain through the execution results of tx1 and tx1 only includes the target data data1, which can only be used for verification, the proof information prove1 that cannot be parsed, and the verification result is success or failure, and No information is disclosed that would reveal the identity of the signing user.
  • the above embodiment configures a zero-knowledge proof circuit in the smart contract for simultaneously verifying whether the number of signatures is sufficient and whether each signature can pass the verification, and configures the verification parameters generated according to the circuit, so that the anonymous public submission to the blockchain can be achieved.
  • Multi-signature transactions can only include target data and certification information generated based on information such as signature data, without including any information that may expose the user's identity, such as the public key, thus realizing anonymous multi-signature on the blockchain.
  • FIG. 2 is a flowchart of another anonymous multi-signature method provided by an embodiment of the present invention. The method shown in FIG. 2 may be performed in conjunction with the method shown in FIG. 1 .
  • the present invention also provides an anonymous multi-signature method suitable for blockchain nodes, where an anonymous multi-signature contract is configured on the blockchain, and an anonymous multi-signature contract is configured in the anonymous multi-signature contract for verification
  • An anonymous multi-signature zero-knowledge proof circuit and, according to the verification parameters generated by the zero-knowledge proof circuit, the method includes:
  • S21 Execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and input the first target data, the first proof information and the verification parameters into the zero-knowledge proof circuit for anonymous multi-signature verification:
  • the first anonymous multi-signature transaction includes first target data and first certification information, and is generated by the first user terminal;
  • the first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data and the corresponding first public key and the first elliptic curve random number;
  • the signature identification information is used to identify whether each user authorized to participate in the multi-signature participates in the multi-signature this time, and is generated by the first user terminal according to each first public key.
  • the above zero-knowledge proof circuit is generated according to the following algorithm:
  • s is the signature data
  • r is the random number
  • k is the private key
  • P is the public key
  • R is the elliptic curve random number generated according to r
  • m is the target data of the signature
  • G is the base point of the elliptic curve.
  • FIG. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • the present application also provides a computer device 300 , comprising one or more central processing units (CPUs) 301 , which can operate according to a program stored in a read only memory (ROM) 302 Or a program loaded from the storage section 308 into the random access memory (RAM) 303 executes various appropriate actions and processes.
  • ROM read only memory
  • RAM random access memory
  • various programs and data necessary for the operation of the device 300 are also stored.
  • the CPU 301 , the ROM 302 , and the RAM 303 are connected to each other through a bus 304 .
  • An input/output (I/O) interface 305 is also connected to bus 304 .
  • the following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, etc.; an output section 307 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 308 including a hard disk, etc. ; and a communication section 309 including a network interface card such as a LAN card, a modem, and the like. The communication section 309 performs communication processing via a network such as the Internet.
  • a drive 310 is also connected to the I/O interface 305 as needed.
  • a removable medium 311, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive 310 as needed so that a computer program read therefrom is installed into the storage section 308 as needed.
  • the method described in any of the above embodiments may be implemented as a computer software program.
  • embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program containing program code for performing any of the methods described above.
  • the computer program may be downloaded and installed from the network via the communication portion 309 and/or installed from the removable medium 311 .
  • the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium may be a computer-readable storage medium included in the apparatus of the foregoing embodiment; A computer-readable storage medium in a device.
  • the computer-readable storage medium stores one or more programs that are used by one or more processors to perform the methods described in the present application.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code that contains one or more logical functions for implementing the specified functions executable instructions.
  • the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations can be implemented by dedicated hardware-based systems that perform the specified functions or operations , or can be implemented by a combination of dedicated hardware and computer instructions.
  • the units or modules involved in the embodiments of the present application may be implemented in a software manner, and may also be implemented in a hardware manner.
  • the described units or modules may also be provided in the processor, for example, each unit may be a software program provided in a computer or a mobile smart device, or may be a separately configured hardware device. Wherein, the names of these units or modules do not constitute limitations on the units or modules themselves under certain circumstances.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An anonymous multi-signature method, a computer device, and a storage medium. The method comprises: respectively acquiring first signature data and corresponding first public keys and first elliptic curve random numbers (S11); generating, according to the first public keys, signature identifier information for identifying whether each user that has the right to participate in multi-signature has participated in the present multi-signature (13); generating first proof information according to first target data, the signature identifier information, the first signature data and the corresponding first public keys and first elliptic curve random numbers (S15); and generating a first anonymous multi-signature transaction comprising the first target data and the first proof information and sending same to a blockchain network (S17), such that the first anonymous multi-signature transaction is executed by means of an anonymous multi-signature contract, and the first target data, the first proof information and a verification parameter are input into a zero-knowledge proof circuit for anonymous multi-signature verification. The method implements the anonymous multi-signature on a blockchain.

Description

匿名多重签名方法、计算机设备和存储介质Anonymous multi-signature method, computer device and storage medium 技术领域technical field
本申请涉及互联网技术领域,具体涉及一种匿名多重签名方法、计算机设备和存储介质。The present application relates to the field of Internet technologies, in particular to an anonymous multi-signature method, computer equipment and storage medium.
背景技术Background technique
当前的区块链多重签名方案都是公开签名的方案:The current blockchain multi-signature schemes are all publicly signed schemes:
参与多重签名的用户通过自己持有的私钥签名并生成交易发送到区块链网络中;Users participating in multi-signature sign and generate transactions through their own private keys and send them to the blockchain network;
区块链节点通过多重签名合约执行该笔交易,通过该用户的公钥验证签名:验证成功,则在合约中记录该用户的签名;The blockchain node executes the transaction through the multi-signature contract, and verifies the signature through the user's public key: if the verification is successful, the user's signature is recorded in the contract;
当合约中记录的签名用户数超过多重签名需要求的用户数,例如,总用户数的2/3时,则本次多重签名验证成功。When the number of signing users recorded in the contract exceeds the number of users required for multi-signature, for example, 2/3 of the total number of users, the multi-signature verification is successful.
上述方案非常清晰地暴露了哪些用户参与了多重签名、哪些用户没有参与多重签名。The above scheme very clearly exposes which users participate in multi-signature and which users do not participate in multi-signature.
当某些用户既希望参与本次多重签名,又不希望暴露自己参与本次多重签名的信息时,上述方案无法满足该类用户的需求。When some users want to participate in this multi-signature, and do not want to expose their information about participating in this multi-signature, the above scheme cannot meet the needs of such users.
零知识证明(Zero—Knowledge Proof),是由S.Goldwasser、S.Micali及C.Rackoff在20世纪80年代初提出的。它指的是证明者能够在不向验证者提供任何有用的信息的情况下,使验证者相信某个论断是正确的。零知识证明实质上是一种涉及两方或更多方的协议,即两方或更多方完成一项任务所需采取的一系列步骤。证明者向验证者证明并使其相信自己知道或拥有某一消息,但证明过程不能向验证者泄漏任何关于被证明消息的信息。Zero-Knowledge Proof was proposed by S. Goldwasser, S. Micali and C. Rackoff in the early 1980s. It refers to the ability of the prover to convince the verifier that an assertion is correct without providing any useful information to the verifier. A zero-knowledge proof is essentially a protocol involving two or more parties, a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and convinces it that it knows or possesses a certain message, but the proof process cannot reveal any information about the proved message to the verifier.
发明内容SUMMARY OF THE INVENTION
鉴于现有技术中的上述缺陷或不足,期望提供一种在区块链上实 现匿名多重签名的匿名多重签名方法、计算机设备和存储介质。In view of the above-mentioned defects or deficiencies in the prior art, it is desirable to provide an anonymous multi-signature method, computer equipment and storage medium for realizing anonymous multi-signature on the blockchain.
第一方面,本发明提供一种匿名多重签名方法,区块链上配置有匿名多重签名合约,匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据零知识证明电路所生成的验证参数,该方法包括:In the first aspect, the present invention provides an anonymous multi-signature method. An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying the anonymous multi-signature is configured in the anonymous multi-signature contract. Generated validation parameters, the method includes:
分别获取参与本次多重签名的各第一用户对第一目标数据签名所生成的第一签名数据以及相应的第一公钥和第一椭圆曲线随机数;Obtaining the first signature data generated by each first user participating in this multi-signature to the first target data signature and the corresponding first public key and the first elliptic curve random number;
根据各第一公钥生成用于标识每个有权限参与多重签名的用户是否参与本次多重签名的签名标识信息;Generate signature identification information for identifying whether each user authorized to participate in multi-signature participates in this multi-signature according to each first public key;
根据第一目标数据、签名标识信息、各第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成第一证明信息;generating the first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the first elliptic curve random number;
生成包括第一目标数据和第一证明信息的第一匿名多重签名交易并发送至区块链网络,以供区块链节点通过匿名多重签名合约执行第一匿名多重签名交易,将第一目标数据、第一证明信息和验证参数输入零知识证明电路进行匿名多重签名验证:Generate a first anonymous multi-signature transaction including the first target data and the first certification information and send it to the blockchain network for the blockchain node to execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and the first target data. , the first proof information and verification parameters are input into the zero-knowledge proof circuit for anonymous multi-signature verification:
验证签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verify that the number of signing users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
验证签名标识信息所标识的各第一用户的签名是否通过验证:Verify whether the signature of each first user identified by the signature identification information passes the verification:
上述任一项验证失败,则匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
上述两项验证都成功,则匿名多重签名验证成功。If the above two verifications are successful, the anonymous multi-signature verification is successful.
第二方面,本发明提供一种适用于区块链节点的匿名多重签名方法,区块链上配置有匿名多重签名合约,匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据零知识证明电路所生成的验证参数,该方法包括:In the second aspect, the present invention provides an anonymous multi-signature method suitable for blockchain nodes. An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying the anonymous multi-signature is configured in the anonymous multi-signature contract. And, according to the verification parameters generated by the zero-knowledge proof circuit, the method includes:
通过匿名多重签名合约执行第一匿名多重签名交易,将第一目标数据、第一证明信息和验证参数输入零知识证明电路进行匿名多重签名验证:The first anonymous multi-signature transaction is executed through the anonymous multi-signature contract, and the first target data, the first proof information and the verification parameters are input into the zero-knowledge proof circuit for anonymous multi-signature verification:
验证签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verify that the number of signing users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
验证签名标识信息所标识的各第一用户的签名是否通过验证:Verify whether the signature of each first user identified by the signature identification information passes the verification:
上述任一项验证失败,则匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
上述两项验证都成功,则匿名多重签名验证成功。If the above two verifications are successful, the anonymous multi-signature verification is successful.
其中,第一匿名多重签名交易包括第一目标数据和第一证明信息,由第一用户端生成;Wherein, the first anonymous multi-signature transaction includes first target data and first certification information, and is generated by the first user terminal;
第一证明信息由第一用户端根据第一目标数据、签名标识信息、各第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成;The first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data and the corresponding first public key and the first elliptic curve random number;
签名标识信息用于标识每个有权限参与多重签名的用户是否参与本次多重签名,由第一用户端根据各第一公钥生成。The signature identification information is used to identify whether each user authorized to participate in the multi-signature participates in the multi-signature this time, and is generated by the first user terminal according to each first public key.
第三方面,本发明还提供一种计算机设备,包括一个或多个处理器和存储器,其中存储器包含可由该一个或多个处理器执行的指令以使得该一个或多个处理器执行根据本发明各实施例提供的匿名多重签名方法。In a third aspect, the present invention also provides a computer apparatus comprising one or more processors and a memory, wherein the memory contains instructions executable by the one or more processors to cause the one or more processors to perform operations in accordance with the present invention The anonymous multi-signature method provided by each embodiment.
第四方面,本发明还提供一种存储有计算机程序的存储介质,该计算机程序使计算机执行根据本发明各实施例提供的匿名多重签名方法。In a fourth aspect, the present invention further provides a storage medium storing a computer program, the computer program causing a computer to execute the anonymous multi-signature method provided according to each embodiment of the present invention.
本发明诸多实施例提供的匿名多重签名方法、计算机设备和存储介质通过在智能合约中配置用于同时验证签名数量是否足够、各签名是否能通过验证的零知识证明电路,并配置根据该电路生成的验证参数,使得公开提交到区块链上的匿名多重签名交易可以只包括目标数据和根据签名数据等信息所生成的证明信息,而无需包括公钥等任何可能暴露用户身份的信息,从而实现了区块链上的匿名多重签名。The anonymous multi-signature method, computer device and storage medium provided by the embodiments of the present invention configure a zero-knowledge proof circuit for simultaneously verifying whether the number of signatures is sufficient and whether each signature can pass the verification in a smart contract, and configure the circuit to generate The verification parameters of the blockchain allow anonymous multi-signature transactions publicly submitted to the blockchain to include only the target data and the certification information generated according to the signature data and other information, without including any information that may expose the user's identity, such as the public key, so as to achieve Anonymous multi-signature on the blockchain.
附图说明Description of drawings
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:Other features, objects and advantages of the present application will become more apparent by reading the detailed description of non-limiting embodiments made with reference to the following drawings:
图1为本发明一实施例提供的一种匿名多重签名方法的流程图。FIG. 1 is a flowchart of an anonymous multi-signature method according to an embodiment of the present invention.
图2为本发明一实施例提供的另一种匿名多重签名方法的流程图。FIG. 2 is a flowchart of another anonymous multi-signature method provided by an embodiment of the present invention.
图3为本发明一实施例提供的一种计算机设备的结构示意图。FIG. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
具体实施方式Detailed ways
下面结合附图和实施例对本申请作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释相关发明,而非对该发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与发明相关的部分。The present application will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the related invention, but not to limit the invention. In addition, it should be noted that, for the convenience of description, only the parts related to the invention are shown in the drawings.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that the embodiments in the present application and the features of the embodiments may be combined with each other in the case of no conflict. The present application will be described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
图1为本发明一实施例提供的一种匿名多重签名方法的流程图。FIG. 1 is a flowchart of an anonymous multi-signature method according to an embodiment of the present invention.
如图1所示,在本实施例中,本发明提供一种匿名多重签名方法,区块链上配置有匿名多重签名合约,匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据零知识证明电路所生成的验证参数,该方法包括:As shown in FIG. 1, in this embodiment, the present invention provides an anonymous multi-signature method. An anonymous multi-signature contract is configured on the blockchain, and a zero-knowledge proof circuit for verifying anonymous multi-signature is configured in the anonymous multi-signature contract. , and, according to the verification parameters generated by the zero-knowledge proof circuit, the method includes:
S11:分别获取参与本次多重签名的各第一用户对第一目标数据签名所生成的第一签名数据以及相应的第一公钥和第一椭圆曲线随机数;S11: respectively acquiring first signature data generated by each first user participating in this multi-signature signing the first target data, the corresponding first public key and the first elliptic curve random number;
S13:根据各第一公钥生成用于标识每个有权限参与多重签名的用户是否参与本次多重签名的签名标识信息;S13: Generate signature identification information for identifying whether each user who has the right to participate in multi-signature participates in this multi-signature according to each first public key;
S15:根据第一目标数据、签名标识信息、各第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成第一证明信息;S15: Generate first certification information according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the first elliptic curve random number;
S17:生成包括第一目标数据和第一证明信息的第一匿名多重签名交易并发送至区块链网络,以供区块链节点通过匿名多重签名合约执行第一匿名多重签名交易,将第一目标数据、第一证明信息和验证参数输入零知识证明电路进行匿名多重签名验证:S17: Generate a first anonymous multi-signature transaction including the first target data and the first certification information and send it to the blockchain network, so that the blockchain node can execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and the first anonymous multi-signature transaction The target data, the first proof information and the verification parameters are input into the zero-knowledge proof circuit for anonymous multi-signature verification:
验证签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verify that the number of signing users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
验证签名标识信息所标识的各第一用户的签名是否通过验证:Verify whether the signature of each first user identified by the signature identification information passes the verification:
上述任一项验证失败,则匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
上述两项验证都成功,则匿名多重签名验证成功。If the above two verifications are successful, the anonymous multi-signature verification is successful.
在本实施例中,签名算法采用schnorr签名算法,签名数据的生成算法如下:In this embodiment, the signature algorithm adopts the schnorr signature algorithm, and the generation algorithm of the signature data is as follows:
s=r+ke,e=hash(P||R||m);s=r+ke, e=hash(P||R||m);
其中,s为签名数据,r为随机数,k为私钥,P为公钥,R为根据r生成的椭圆曲线随机数,m为签名的目标数据。Among them, s is the signature data, r is the random number, k is the private key, P is the public key, R is the elliptic curve random number generated according to r, and m is the target data of the signature.
签名数据的验证算法如下:The verification algorithm for signed data is as follows:
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
其中,G为椭圆曲线基点。Among them, G is the base point of the elliptic curve.
在本实施例中,匿名多重签名合约中所配置的零知识证明电路是根据上述各项算法所生成的。In this embodiment, the zero-knowledge proof circuit configured in the anonymous multi-signature contract is generated according to the above algorithms.
具体地,本领域技术人员可以理解在零知识证明体系中如何根据算法生成零知识证明电路,该零知识证明电路至少包括生成算法Setup()、证明算法Prove()和验证算法Verify()。具体过程此处不再赘述。Specifically, those skilled in the art can understand how to generate a zero-knowledge proof circuit according to an algorithm in a zero-knowledge proof system, where the zero-knowledge proof circuit at least includes the generation algorithm Setup(), the proof algorithm Prove() and the verification algorithm Verify(). The specific process will not be repeated here.
在更多实施例中,还可根据实际需求将签名算法配置为本领域常用的其它签名算法,只要该签名算法的验证算法可以满足零知识证明的要求,即,匿名多重签名交易所提交的公开输入和证明不会暴露用户身份相关的信息,即可实现相同的技术效果。In more embodiments, the signature algorithm can also be configured as other signature algorithms commonly used in the field according to actual requirements, as long as the verification algorithm of the signature algorithm can meet the requirements of zero-knowledge proof, that is, the public information submitted by the anonymous multi-signature exchange The same technical effect can be achieved by entering and attesting without revealing information about the user's identity.
图1所示的方法既可适用于用户端,也可适用于辅助的中心化服务器等不同计算机设备,具体会结合以下例举的示例进行说明。The method shown in FIG. 1 can be applied to both the client and different computer devices such as an auxiliary centralized server, which will be specifically described with reference to the following examples.
以下以合约中注册了一项9个用户均有签名权限、需要9个用户中至少6个用户签名可以通过的匿名多重签名为例,对上述方法进行示例性的阐述。The above method is exemplarily explained by taking an example of an anonymous multi-signature registered in the contract that all 9 users have the right to sign and requires at least 6 of the 9 users to pass the signature.
首先,在进行匿名多重签名注册时,需要根据9个用户的公钥P A-P I或地址addr A-addr I和上述生成算法Setup()生成验证参数ver_key1,即: First, when performing anonymous multi-signature registration, the verification parameter ver_key1 needs to be generated according to the public keys P A -P I or address addr A -addr I of 9 users and the above generation algorithm Setup(), namely:
Setup(P A-P I)→验证参数ver_key1;或, Setup(P A -P I )→verify parameter ver_key1; or,
Setup(addr A-addr I)→验证参数ver_key1; Setup(addr A -addr I )→verify parameter ver_key1;
然后将ver_key1通过匿名多重签名的注册交易提交到区块链上, 将ver_key1部署到匿名多重签名合约中以用于后续的验证。Then ver_key1 is submitted to the blockchain through an anonymous multi-signature registration transaction, and ver_key1 is deployed to the anonymous multi-signature contract for subsequent verification.
在注册成功后,当用户A、C、D、F、G、H需要对目标数据data1进行匿名多重签名时,需要汇总各用户的公钥、对data1的签名数据以及签名所对应的椭圆曲线随机数以生成证明信息并生成匿名多重签名交易,即,需要一个设备执行图1所示的方法。After successful registration, when users A, C, D, F, G, and H need to perform anonymous multi-signature on the target data data1, they need to summarize the public keys of each user, the signature data for data1, and the elliptic curve corresponding to the signature. To generate proof information and generate anonymous multi-signature transactions, that is, a device is required to perform the method shown in Figure 1.
在本实施例中,以用户A的用户端执行该方法为例进行示例性的阐述;在另一些实施例中,也可以由各用户的用户端分别将公钥、签名数据和签名所对应的椭圆曲线随机数提交给一个辅助的、具有保密信用的中心化服务器,并由该中心化服务器来执行图1所示的方法;在更多实施例中,还可以由本领域技术人员可以理解的其它不同设备执行图1所示的方法,只要该设备能获取到各用户端提供的数据、能生成交易并发送到区块链网络,即可实现相同的技术效果。In this embodiment, the user terminal of user A performs the method as an example for illustrative illustration; in other embodiments, the user terminal of each user can also use the public key, signature data and signature corresponding to the The elliptic curve random number is submitted to an auxiliary centralized server with confidential credit, and the centralized server executes the method shown in FIG. 1; in more embodiments, other methods that can be understood by those skilled in the art can also be Different devices implement the method shown in Figure 1, as long as the device can obtain the data provided by each client, generate transactions and send them to the blockchain network, the same technical effect can be achieved.
在步骤S11中,用户A的用户端分别获取以下数据:In step S11, the user terminal of user A obtains the following data respectively:
用户A的用户端通过私钥p A和随机数r1对data1签名所生成的签名数据s A,用户A的公钥P A,根据r1生成的椭圆曲线随机数R1; The user terminal of user A uses the private key p A and the random number r1 to sign the signature data s A generated by data1, the public key P A of user A, and the elliptic curve random number R1 generated according to r1;
用户C的用户端通过私钥p C和随机数r2对data1签名所生成的签名数据s C,用户C的公钥P C,根据r2生成的椭圆曲线随机数R2; The user terminal of user C uses the private key p C and the random number r2 to sign the signature data s C generated by data1, the public key PC of user C , and the elliptic curve random number R2 generated according to r2;
用户D的用户端通过私钥p D和随机数r3对data1签名所生成的签名数据s D,用户D的公钥P D,根据r3生成的椭圆曲线随机数R3; The user terminal of user D uses the private key p D and the random number r3 to sign the signature data s D generated by data1, the public key P D of user D, and the elliptic curve random number R3 generated according to r3;
用户F的用户端通过私钥p F和随机数r4对data1签名所生成的签名数据s F,用户F的公钥P F,根据r4生成的椭圆曲线随机数R4; The user terminal of user F uses the private key p F and the random number r4 to sign the signature data s F generated by data1, the public key P F of user F, and the elliptic curve random number R4 generated according to r4;
用户G的用户端通过私钥p G和随机数r5对data1签名所生成的签名数据s G,用户G的公钥P G,根据r5生成的椭圆曲线随机数R5; The user terminal of user G uses the private key p G and the random number r5 to sign the signature data s G generated by data1, the public key P G of the user G, and the elliptic curve random number R5 generated according to r5;
用户H的用户端通过私钥p H和随机数r6对data1签名所生成的签名数据s H,用户H的公钥P H,根据r6生成的椭圆曲线随机数R6。 The user terminal of user H uses the private key p H and the random number r6 to sign the signature data s H generated by data1, the public key P H of the user H, and the elliptic curve random number R6 generated according to r6.
在步骤S13中,用户A的用户端根据各第一公钥P A、P C、P D、P F、P G、P H生成用于标识每个有权限参与多重签名的用户是否参与本次多重签名的签名标识信息101101110(也可以以0标识参与、1标识未参与,则签名标识信息为010010001;还可以以其它本领域技术人员可以理解的方式进行标识)。 In step S13, the user terminal of user A generates according to each of the first public keys PA, PC, PD , PF , PG , and PH for identifying whether each user who has the right to participate in the multi - signature participates in this time The signature identification information of the multi-signature is 101101110 (may also use 0 to identify participation and 1 to identify non-participation, then the signature identification information is 010010001; it can also be identified in other ways that can be understood by those skilled in the art).
在步骤S15中,用户A的用户端将第一目标数据data1作为公开输入,将步骤S11所获取的签名数据s A-s H、公钥P A-P H、椭圆曲线随机数R1-R6作为私密输入,输入上述证明算法Prove(),生成第一证明信息prove1,即: In step S15, the user terminal of user A takes the first target data data1 as a public input, and takes the signature data s A -s H , public keys P A -P H , and elliptic curve random numbers R1-R6 obtained in step S11 as Private input, input the above-mentioned proof algorithm Prove(), and generate the first proof information prove1, namely:
Prove(data1,s A-s H、P A-P H、R1-R6)→prove1。 Prove(data1, s A -s H , P A -P H , R1-R6)→prove1.
在步骤S17中,用户A的用户端打包生成包括第一目标数据data1和第一证明信息prove1的匿名多重签名交易tx1,将tx1发送至区块链网络。In step S17, the user terminal of user A packages and generates an anonymous multi-signature transaction tx1 including the first target data data1 and the first proof information prove1, and sends the tx1 to the blockchain network.
区块链节点接收、广播、打包并通过匿名多重签名合约执行tx1,将第一目标数据data1、第一证明信息prove1和验证参数ver_key1输入零知识证明电路的验证算法Verify(),进行匿名多重签名验证,即:The blockchain node receives, broadcasts, packages and executes tx1 through the anonymous multi-signature contract, and inputs the first target data data1, the first proof information prove1 and the verification parameter ver_key1 into the verification algorithm Verify() of the zero-knowledge proof circuit, and performs anonymous multi-signature Validation, i.e.:
Verify(data1,prove1,ver_key1)→Yes/No。Verify(data1, prove1, ver_key1)→Yes/No.
具体地,验证算法Verify()保障了零知识证明电路内部同时进行了以下两项验证:Specifically, the verification algorithm Verify() ensures that the following two verifications are simultaneously performed inside the zero-knowledge proof circuit:
验证签名标识信息101101110所标识的签名用户数量(6)是否不小于多重签名所要求的签名数量(6);Verify whether the number of signature users (6) identified by the signature identification information 101101110 is not less than the number of signatures required for multi-signature (6);
验证签名标识信息所标识的各第一用户的签名是否通过验证。Verify whether the signature of each first user identified by the signature identification information passes the verification.
若上述两项验证中的任一项验证未通过,则验证算法Verify()的输出结果为No,匿名多重签名验证失败;If any of the above two verifications fails, the output result of the verification algorithm Verify() is No, and the anonymous multi-signature verification fails;
若上述两项验证都成功,则验证算法Verify()的输出结果为Yes,匿名多重签名验证成功。If the above two verifications are successful, the output result of the verification algorithm Verify() is Yes, and the anonymous multi-signature verification is successful.
在上述示例中,区块链上通过tx1和tx1的执行结果所公开的信息只包括目标数据data1,只能用于验证、无法被解析的证明信息prove1,以及,验证结果为成功或失败,而没有公开任何会暴露签名用户身份的信息。In the above example, the information disclosed on the blockchain through the execution results of tx1 and tx1 only includes the target data data1, which can only be used for verification, the proof information prove1 that cannot be parsed, and the verification result is success or failure, and No information is disclosed that would reveal the identity of the signing user.
上述实施例通过在智能合约中配置用于同时验证签名数量是否足够、各签名是否能通过验证的零知识证明电路,并配置根据该电路生成的验证参数,使得公开提交到区块链上的匿名多重签名交易可以只包括目标数据和根据签名数据等信息所生成的证明信息,而无需包括公钥等任何可能暴露用户身份的信息,从而实现了区块链上的匿名多 重签名。The above embodiment configures a zero-knowledge proof circuit in the smart contract for simultaneously verifying whether the number of signatures is sufficient and whether each signature can pass the verification, and configures the verification parameters generated according to the circuit, so that the anonymous public submission to the blockchain can be achieved. Multi-signature transactions can only include target data and certification information generated based on information such as signature data, without including any information that may expose the user's identity, such as the public key, thus realizing anonymous multi-signature on the blockchain.
图2为本发明一实施例提供的另一种匿名多重签名方法的流程图。图2所示的方法可配合图1所示的方法执行。FIG. 2 is a flowchart of another anonymous multi-signature method provided by an embodiment of the present invention. The method shown in FIG. 2 may be performed in conjunction with the method shown in FIG. 1 .
如图2所示,在本实施例中,本发明还提供一种适用于区块链节点的匿名多重签名方法,区块链上配置有匿名多重签名合约,匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据零知识证明电路所生成的验证参数,该方法包括:As shown in FIG. 2 , in this embodiment, the present invention also provides an anonymous multi-signature method suitable for blockchain nodes, where an anonymous multi-signature contract is configured on the blockchain, and an anonymous multi-signature contract is configured in the anonymous multi-signature contract for verification An anonymous multi-signature zero-knowledge proof circuit, and, according to the verification parameters generated by the zero-knowledge proof circuit, the method includes:
S21:通过匿名多重签名合约执行第一匿名多重签名交易,将第一目标数据、第一证明信息和验证参数输入零知识证明电路进行匿名多重签名验证:S21: Execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and input the first target data, the first proof information and the verification parameters into the zero-knowledge proof circuit for anonymous multi-signature verification:
验证签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verify that the number of signing users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
验证签名标识信息所标识的各第一用户的签名是否通过验证:Verify whether the signature of each first user identified by the signature identification information passes the verification:
上述任一项验证失败,则匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
上述两项验证都成功,则匿名多重签名验证成功。If the above two verifications are successful, the anonymous multi-signature verification is successful.
其中,第一匿名多重签名交易包括第一目标数据和第一证明信息,由第一用户端生成;Wherein, the first anonymous multi-signature transaction includes first target data and first certification information, and is generated by the first user terminal;
第一证明信息由第一用户端根据第一目标数据、签名标识信息、各第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成;The first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data and the corresponding first public key and the first elliptic curve random number;
签名标识信息用于标识每个有权限参与多重签名的用户是否参与本次多重签名,由第一用户端根据各第一公钥生成。The signature identification information is used to identify whether each user authorized to participate in the multi-signature participates in the multi-signature this time, and is generated by the first user terminal according to each first public key.
优选地,上述零知识证明电路根据以下算法生成:Preferably, the above zero-knowledge proof circuit is generated according to the following algorithm:
s=r+ke;s=r+ke;
e=hash(P||R||m);e=hash(P||R||m);
s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
其中,s为签名数据,r为随机数,k为私钥,P为公钥,R为根据r生成的椭圆曲线随机数,m为签名的目标数据,G为椭圆曲线基点。Among them, s is the signature data, r is the random number, k is the private key, P is the public key, R is the elliptic curve random number generated according to r, m is the target data of the signature, and G is the base point of the elliptic curve.
图2所示方法的匿名多重签名原理可参照图1所示的方法,此处 不再赘述。For the anonymous multi-signature principle of the method shown in Fig. 2, reference may be made to the method shown in Fig. 1, and details are not repeated here.
图3为本发明一实施例提供的一种计算机设备的结构示意图。FIG. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
如图3所示,作为另一方面,本申请还提供了一种计算机设备300,包括一个或多个中央处理单元(CPU)301,其可以根据存储在只读存储器(ROM)302中的程序或者从存储部分308加载到随机访问存储器(RAM)303中的程序而执行各种适当的动作和处理。在RAM303中,还存储有设备300操作所需的各种程序和数据。CPU301、ROM302以及RAM303通过总线304彼此相连。输入/输出(I/O)接口305也连接至总线304。As shown in FIG. 3 , as another aspect, the present application also provides a computer device 300 , comprising one or more central processing units (CPUs) 301 , which can operate according to a program stored in a read only memory (ROM) 302 Or a program loaded from the storage section 308 into the random access memory (RAM) 303 executes various appropriate actions and processes. In the RAM 303, various programs and data necessary for the operation of the device 300 are also stored. The CPU 301 , the ROM 302 , and the RAM 303 are connected to each other through a bus 304 . An input/output (I/O) interface 305 is also connected to bus 304 .
以下部件连接至I/O接口305:包括键盘、鼠标等的输入部分306;包括诸如阴极射线管(CRT)、液晶显示器(LCD)等以及扬声器等的输出部分307;包括硬盘等的存储部分308;以及包括诸如LAN卡、调制解调器等的网络接口卡的通信部分309。通信部分309经由诸如因特网的网络执行通信处理。驱动器310也根据需要连接至I/O接口305。可拆卸介质311,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器310上,以便于从其上读出的计算机程序根据需要被安装入存储部分308。The following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, etc.; an output section 307 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 308 including a hard disk, etc. ; and a communication section 309 including a network interface card such as a LAN card, a modem, and the like. The communication section 309 performs communication processing via a network such as the Internet. A drive 310 is also connected to the I/O interface 305 as needed. A removable medium 311, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive 310 as needed so that a computer program read therefrom is installed into the storage section 308 as needed.
特别地,根据本公开的实施例,上述任一实施例描述的方法可以被实现为计算机软件程序。例如,本公开的实施例包括一种计算机程序产品,其包括有形地包含在机器可读介质上的计算机程序,计算机程序包含用于执行上述任一方法的程序代码。在这样的实施例中,该计算机程序可以通过通信部分309从网络上被下载和安装,和/或从可拆卸介质311被安装。In particular, according to an embodiment of the present disclosure, the method described in any of the above embodiments may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program containing program code for performing any of the methods described above. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 309 and/or installed from the removable medium 311 .
作为又一方面,本申请还提供了一种计算机可读存储介质,该计算机可读存储介质可以是上述实施例的装置中所包含的计算机可读存储介质;也可以是单独存在,未装配入设备中的计算机可读存储介质。计算机可读存储介质存储有一个或者一个以上程序,该程序被一个或者一个以上的处理器用来执行描述于本申请提供的方法。As yet another aspect, the present application also provides a computer-readable storage medium. The computer-readable storage medium may be a computer-readable storage medium included in the apparatus of the foregoing embodiment; A computer-readable storage medium in a device. The computer-readable storage medium stores one or more programs that are used by one or more processors to perform the methods described in the present application.
附图中的流程图和框图,图示了按照本发明各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点 上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这根据所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以通过执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以通过专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code that contains one or more logical functions for implementing the specified functions executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by dedicated hardware-based systems that perform the specified functions or operations , or can be implemented by a combination of dedicated hardware and computer instructions.
描述于本申请实施例中所涉及到的单元或模块可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的单元或模块也可以设置在处理器中,例如,各单元可以是设置在计算机或移动智能设备中的软件程序,也可以是单独配置的硬件装置。其中,这些单元或模块的名称在某种情况下并不构成对该单元或模块本身的限定。The units or modules involved in the embodiments of the present application may be implemented in a software manner, and may also be implemented in a hardware manner. The described units or modules may also be provided in the processor, for example, each unit may be a software program provided in a computer or a mobile smart device, or may be a separately configured hardware device. Wherein, the names of these units or modules do not constitute limitations on the units or modules themselves under certain circumstances.
以上描述仅为本申请的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本申请中所涉及的发明范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离本申请构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本申请中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present application and an illustration of the applied technical principles. Those skilled in the art should understand that the scope of the invention involved in the present application is not limited to the technical solutions formed by the specific combination of the above-mentioned technical features, and should also cover, without departing from the concept of the present application, the above-mentioned technical features or Other technical solutions formed by any combination of its equivalent features. For example, a technical solution is formed by replacing the above-mentioned features with the technical features disclosed in this application (but not limited to) with similar functions.

Claims (6)

  1. 一种匿名多重签名方法,其特征在于,区块链上配置有匿名多重签名合约,所述匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据所述零知识证明电路所生成的验证参数,所述方法包括:An anonymous multi-signature method, characterized in that an anonymous multi-signature contract is configured on the blockchain, the anonymous multi-signature contract is configured with a zero-knowledge proof circuit for verifying anonymous multi-signature, and, according to the zero-knowledge proof verification parameters generated by a circuit, the method comprising:
    分别获取参与本次多重签名的各第一用户对第一目标数据签名所生成的第一签名数据以及相应的第一公钥和第一椭圆曲线随机数;Obtaining the first signature data generated by each first user participating in this multi-signature to the first target data signature and the corresponding first public key and the first elliptic curve random number;
    根据各所述第一公钥生成用于标识每个有权限参与多重签名的用户是否参与本次多重签名的签名标识信息;Generate signature identification information for identifying whether each user who has the right to participate in multi-signature participates in this multi-signature according to each of the first public keys;
    根据所述第一目标数据、所述签名标识信息、各所述第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成第一证明信息;generating first certification information according to the first target data, the signature identification information, each of the first signature data, the corresponding first public key and the first elliptic curve random number;
    生成包括所述第一目标数据和所述第一证明信息的第一匿名多重签名交易并发送至区块链网络,以供区块链节点通过所述匿名多重签名合约执行所述第一匿名多重签名交易,将所述第一目标数据、所述第一证明信息和所述验证参数输入所述零知识证明电路进行匿名多重签名验证:A first anonymous multi-signature transaction including the first target data and the first certification information is generated and sent to the blockchain network for the blockchain node to execute the first anonymous multi-signature contract through the anonymous multi-signature contract Sign the transaction, input the first target data, the first proof information and the verification parameters into the zero-knowledge proof circuit for anonymous multi-signature verification:
    验证所述签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verifying whether the number of signature users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
    验证所述签名标识信息所标识的各所述第一用户的签名是否通过验证:Verify whether the signature of each of the first users identified by the signature identification information passes the verification:
    上述任一项验证失败,则所述匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
    上述两项验证都成功,则所述匿名多重签名验证成功。If the above two verifications are successful, the anonymous multi-signature verification is successful.
  2. 根据权利要求1所述的方法,其特征在于,所述零知识证明电路根据以下算法生成:The method according to claim 1, wherein the zero-knowledge proof circuit is generated according to the following algorithm:
    s=r+ke;s=r+ke;
    e=hash(P||R||m);e=hash(P||R||m);
    s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
    其中,s为签名数据,r为随机数,k为私钥,P为公钥,R为根 据r生成的椭圆曲线随机数,m为签名的目标数据,G为椭圆曲线基点。Among them, s is the signature data, r is the random number, k is the private key, P is the public key, R is the elliptic curve random number generated according to r, m is the target data of the signature, and G is the base point of the elliptic curve.
  3. 一种匿名多重签名方法,其特征在于,区块链上配置有匿名多重签名合约,所述匿名多重签名合约中配置有用于验证匿名多重签名的零知识证明电路,以及,根据所述零知识证明电路所生成的验证参数,所述方法适用于区块链节点,所述方法包括:An anonymous multi-signature method, characterized in that an anonymous multi-signature contract is configured on the blockchain, the anonymous multi-signature contract is configured with a zero-knowledge proof circuit for verifying anonymous multi-signature, and, according to the zero-knowledge proof The verification parameters generated by the circuit, the method is applicable to a blockchain node, and the method includes:
    通过所述匿名多重签名合约执行第一匿名多重签名交易,将第一目标数据、第一证明信息和所述验证参数输入所述零知识证明电路进行匿名多重签名验证:Execute the first anonymous multi-signature transaction through the anonymous multi-signature contract, and input the first target data, the first proof information and the verification parameters into the zero-knowledge proof circuit for anonymous multi-signature verification:
    验证签名标识信息所标识的签名用户数量是否不小于多重签名所要求的签名数量;以及,Verify that the number of signing users identified by the signature identification information is not less than the number of signatures required for multi-signature; and,
    验证所述签名标识信息所标识的各第一用户的签名是否通过验证:Verify whether the signature of each first user identified by the signature identification information passes the verification:
    上述任一项验证失败,则所述匿名多重签名验证失败;If any of the above verification fails, the anonymous multi-signature verification fails;
    上述两项验证都成功,则所述匿名多重签名验证成功;If the above two verifications are successful, the anonymous multi-signature verification is successful;
    其中,所述第一匿名多重签名交易包括所述第一目标数据和所述第一证明信息,由第一用户端生成;Wherein, the first anonymous multi-signature transaction includes the first target data and the first certification information, and is generated by the first client;
    所述第一证明信息由所述第一用户端根据所述第一目标数据、所述签名标识信息、各第一签名数据以及相应的第一公钥和第一椭圆曲线随机数生成;The first certification information is generated by the first user terminal according to the first target data, the signature identification information, each first signature data, the corresponding first public key and the first elliptic curve random number;
    所述签名标识信息用于标识每个有权限参与多重签名的用户是否参与本次多重签名,由所述第一用户端根据各所述第一公钥生成。The signature identification information is used to identify whether each user authorized to participate in the multi-signature participates in the multi-signature this time, and is generated by the first user terminal according to each of the first public keys.
  4. 根据权利要求3所述的方法,其特征在于,所述零知识证明电路根据以下算法生成:The method according to claim 3, wherein the zero-knowledge proof circuit is generated according to the following algorithm:
    s=r+ke;s=r+ke;
    e=hash(P||R||m);e=hash(P||R||m);
    s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;s*G=(r+ke)*G=r*G+(k*G)e=R+Pe;
    其中,s为签名数据,r为随机数,k为私钥,P为公钥,R为根 据r生成的椭圆曲线随机数,m为签名的目标数据,G为椭圆曲线基点。Among them, s is the signature data, r is the random number, k is the private key, P is the public key, R is the elliptic curve random number generated according to r, m is the target data of the signature, and G is the base point of the elliptic curve.
  5. 一种计算机设备,其特征在于,所述设备包括:A computer device, characterized in that the device comprises:
    一个或多个处理器;one or more processors;
    存储器,用于存储一个或多个程序,memory for storing one or more programs,
    当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器执行如权利要求1-4中任一项所述的方法。The one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-4.
  6. 一种存储有计算机程序的存储介质,其特征在于,该程序被处理器执行时实现如权利要求1-4中任一项所述的方法。A storage medium storing a computer program, characterized in that, when the program is executed by a processor, the method according to any one of claims 1-4 is implemented.
PCT/CN2021/143838 2021-03-19 2021-12-31 Anonymous multi-signature method, computer device, and storage medium WO2022193789A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110297995.2A CN113112268A (en) 2021-03-19 2021-03-19 Anonymous multiple signature method, computer device, and storage medium
CN202110297995.2 2021-03-19

Publications (1)

Publication Number Publication Date
WO2022193789A1 true WO2022193789A1 (en) 2022-09-22

Family

ID=76711833

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/143838 WO2022193789A1 (en) 2021-03-19 2021-12-31 Anonymous multi-signature method, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN113112268A (en)
WO (1) WO2022193789A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112865980A (en) * 2021-02-01 2021-05-28 杭州复杂美科技有限公司 Block chain encryption voting method, computer device and storage medium
CN113112268A (en) * 2021-03-19 2021-07-13 杭州复杂美科技有限公司 Anonymous multiple signature method, computer device, and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110060903A1 (en) * 2008-03-19 2011-03-10 Takuya Yoshida Group signature system, apparatus and storage medium
WO2011144247A1 (en) * 2010-05-20 2011-11-24 Hewlett-Packard Development Company, L.P. Digital signature method and apparatus
US10735205B1 (en) * 2019-03-08 2020-08-04 Ares Technologies, Inc. Methods and systems for implementing an anonymized attestation chain
WO2020208491A1 (en) * 2019-04-12 2020-10-15 nChain Holdings Limited Computer implemented method and system for knowledge proof in blockchain transactions
CN113112268A (en) * 2021-03-19 2021-07-13 杭州复杂美科技有限公司 Anonymous multiple signature method, computer device, and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3331328B2 (en) * 1999-02-02 2002-10-07 日本電信電話株式会社 Multiple digital signature method, system, apparatus and program recording medium
JP4790422B2 (en) * 2005-05-24 2011-10-12 日本電信電話株式会社 Electronic signature method with threshold, verification method, electronic signature system, verification device, signature device, duplicate signature copy signature detection device, signature verification system, signature verification method, electronic billing system, electronic cash payment system, and program
JP2011029783A (en) * 2009-07-22 2011-02-10 Kddi Corp Multiple signature system, verification system, multiple signature method and multiple signature program
JP2019213092A (en) * 2018-06-06 2019-12-12 日本電信電話株式会社 Anonymous signature system, signature generation device, anonymous signature generation device, verification device, anonymous signature method, and program
CN109934593B (en) * 2019-03-26 2023-07-04 众安信息技术服务有限公司 Design method and device for realizing block chain system supporting multiple signatures
CN110505064A (en) * 2019-07-26 2019-11-26 深圳市网心科技有限公司 Thresholding voting method, system and relevant device based on EC-Schnoor signature algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110060903A1 (en) * 2008-03-19 2011-03-10 Takuya Yoshida Group signature system, apparatus and storage medium
WO2011144247A1 (en) * 2010-05-20 2011-11-24 Hewlett-Packard Development Company, L.P. Digital signature method and apparatus
US10735205B1 (en) * 2019-03-08 2020-08-04 Ares Technologies, Inc. Methods and systems for implementing an anonymized attestation chain
WO2020208491A1 (en) * 2019-04-12 2020-10-15 nChain Holdings Limited Computer implemented method and system for knowledge proof in blockchain transactions
CN113112268A (en) * 2021-03-19 2021-07-13 杭州复杂美科技有限公司 Anonymous multiple signature method, computer device, and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
WANG GUOCAI, LIU MEILAN : "Schnorr type efficient multiple group signature scheme with the elliptic curve", MICROCOMPUTER & ITS APPLICATIONS, no. 13, 10 July 2013 (2013-07-10), XP055968173, ISSN: 1674-7720, DOI: 10.19358/j.issn.1674-7720.2013.13.015 *
ZHOU LIANG: "Detailed introduction of Schnorr signature and Bitcoin multi-signature", 26 April 2019 (2019-04-26), XP055968172, Retrieved from the Internet <URL:www.elecfans.com/blockchain/922948.html> [retrieved on 20221005] *

Also Published As

Publication number Publication date
CN113112268A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN110224837B (en) Zero-knowledge proof method and terminal based on distributed identity
WO2022161108A1 (en) Anonymous multi-signature method, computer device and storage medium
CN110391911B (en) System and method for anonymously voting block chain
US11429967B2 (en) Mechanism for efficient validation of finality proof in lightweight distributed ledger clients
Chase et al. On signatures of knowledge
EP3764308A1 (en) Blockchain-based system, and electronic apparatus and method in the system
CN112968881B (en) Block chain anonymous voting method, computer device and storage medium
JP4932168B2 (en) New fair blind signing process
WO2022193789A1 (en) Anonymous multi-signature method, computer device, and storage medium
US9882890B2 (en) Reissue of cryptographic credentials
Hohenberger et al. ANONIZE: A large-scale anonymous survey system
Lapon et al. Analysis of revocation strategies for anonymous idemix credentials
CN113095827B (en) Anonymous multiple signature method, computer device, and storage medium
WO2019047418A1 (en) Digital signature method, device and system
WO2019174402A1 (en) Group membership issuing method and device for digital group signature
CN109104410B (en) Information matching method and device
CN113360943A (en) Block chain private data protection method and device
JP2022549070A (en) Computer-implemented methods and systems for storing authenticated data on a blockchain
JP6742558B2 (en) Certification system and certification program
CN110990790B (en) Data processing method and equipment
Bhargav-Spantzel et al. Multifactor identity verification using aggregated proof of knowledge
CN108259180B (en) Method for quantum specifying verifier signature
CN113112269B (en) Multiple signature method, computer device, and storage medium
Hajny et al. Privacy ABCs: Now Ready for Your Wallets!
Yang et al. A Minimal Disclosure Signature Authentication Scheme Based on Consortium Blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21931360

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21931360

Country of ref document: EP

Kind code of ref document: A1