WO2023093319A1 - Blockchain-based account resetting method, and device - Google Patents

Blockchain-based account resetting method, and device Download PDF

Info

Publication number
WO2023093319A1
WO2023093319A1 PCT/CN2022/124274 CN2022124274W WO2023093319A1 WO 2023093319 A1 WO2023093319 A1 WO 2023093319A1 CN 2022124274 W CN2022124274 W CN 2022124274W WO 2023093319 A1 WO2023093319 A1 WO 2023093319A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
reset
ciphertext
authentication device
associated account
Prior art date
Application number
PCT/CN2022/124274
Other languages
French (fr)
Chinese (zh)
Inventor
张龙
范瑞彬
张开翔
毛嘉宇
储雨知
王越
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2023093319A1 publication Critical patent/WO2023093319A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • This application relates to the field of financial technology (Finteh), in particular to a blockchain-based account reset method and device.
  • Blockchain (Block-Chain) technology is no exception, but due to the security and real-time requirements of the financial industry, it also puts forward higher requirements for blockchain technology. Especially when resetting the blockchain account, the security requirements are higher.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to a requesting device.
  • the reset system includes a requesting device, a blockchain system, and multiple authentication devices.
  • the method includes:
  • each authenticated device For each authenticated device, obtain the reset information and the ciphertext of at least one associated account logged in on other authenticated devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain the ciphertext of each authenticated device The corresponding reset notification request;
  • the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it;
  • the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain.
  • the account reset process is performed according to the reset information.
  • Another embodiment of the present application provides a blockchain-based account reset method, the method is applied to the blockchain system, and the method includes:
  • each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request; the corresponding reset transaction request of each authentication device
  • the configuration notification request is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
  • the account reset process is performed according to the reset information.
  • a requesting device including: a processor, and a memory communicatively connected to the processor;
  • the memory stores computer-executable instructions
  • the processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
  • an authentication device including: a processor, and a memory communicatively connected to the processor;
  • the memory stores computer-executable instructions
  • the processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
  • Another embodiment of the present application provides a computer-readable storage medium.
  • Computer-executable instructions are stored in the computer-readable storage medium. When the computer-executable instructions are executed by a processor, they are used to implement the account reset method provided in the above-mentioned embodiments.
  • the blockchain-based account reset method and device provided by this application store multiple associated accounts used to reset private keys and corresponding external accounts in the blockchain in the form of joint ciphertext, and the data security of associated accounts High, it can prevent the authentication device logged in with one of the associated accounts from obtaining other associated accounts on the blockchain to do evil, and cooperate with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, in order to facilitate the reset initiated by the authentication device
  • the transaction request is authenticated.
  • a notification request is generated based on at least one associated account ciphertext, so that the authentication device can generate a reset transaction request with multiple associated account ciphertexts.
  • Blockchain can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
  • Figure 1 is a schematic diagram of a model of a blockchain account provided by this application.
  • FIG. 2 is a schematic flow diagram of establishing a new blockchain account provided by an embodiment of the present application
  • Figure 3 is a schematic diagram of an example based on the blockchain account model shown in Figure 1 provided by this application;
  • Fig. 4 is a schematic diagram of an example after the blockchain account shown in Fig. 3 is reset based on the present application;
  • FIG. 5 is a schematic structural diagram of the reset system provided by the present application.
  • FIG. 6 is a schematic flowchart of an account reset method provided in another embodiment of the present application.
  • FIG. 7 is a schematic flowchart of an account reset method provided by another embodiment of the present application.
  • Figure 8 is a schematic diagram of another model of the blockchain account provided by this application.
  • FIG. 9 is a schematic diagram of the principle of generating the ciphertext of joint associated accounts provided by another embodiment of the present application.
  • Figure 10 is a schematic diagram of an example based on the blockchain account model shown in Figure 8 provided by this application;
  • Fig. 11 is a schematic diagram of an example after the blockchain account shown in Fig. 10 is reset based on the present application;
  • Fig. 12 is a schematic structural diagram of an account reset device provided by another embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of an account reset device provided in yet another embodiment of the present application.
  • FIG. 14 is a schematic structural diagram of an account reset device provided in another embodiment of the present application.
  • FIG. 15 is a schematic structural diagram of an electronic device provided by another embodiment of the present application.
  • the public key system is usually used to operate and manage the blockchain account.
  • the user saves the private key and saves the account generated based on the public key on the blockchain.
  • the transaction request is signed by the private key, and the blockchain system verifies the transaction signature through the account on the blockchain.
  • the private key is the only certificate for identity verification of the blockchain account. Once the private key is lost, it means that the user will lose all assets and rights under the current blockchain account.
  • the user needs to save the mnemonic, usually through the mnemonic.
  • the lost private key can be obtained through the mnemonic.
  • the encrypted private key will also be saved through the password escrow system. Since the encrypted private key is escrowed by the password escrow system, the user is required to save the password used for private key encryption.
  • mnemonic words and passwords can improve user experience, users do not need to memorize complex private keys. However, mnemonic words and passwords still have the risk of being lost or stolen, which essentially does not solve the problem of private key loss.
  • a blockchain account model based on a two-tier account system which facilitates obtaining a new private key and a new external account by resetting the private key and external account when the private key is lost. account.
  • all the assets and rights of the user are bound to the internal account, and the external account is only used to verify the transaction signature. When the external account is reset, the user's assets and rights will not be affected in any way.
  • the blockchain account model of the proposed two-tier account system includes external accounts and internal accounts.
  • the external account is implemented based on the public key, that is, the device is requested to randomly generate an asymmetric key, and the external account generated based on the public key is saved on the blockchain, and the user saves the private key.
  • the requesting device initiates a transaction request
  • the transaction request is signed by the private key
  • the blockchain system verifies the transaction signature through the external account on the blockchain.
  • Internal accounts are used to reset private keys and external accounts.
  • Internal accounts include internal contract account information, a list of associated accounts, and reset thresholds.
  • the internal contract account information is randomly generated by the blockchain system in response to the registration request initiated by the requesting device, and forms a mapping relationship between the internal contract account information and the external account.
  • the associated account list contains multiple associated accounts, and each associated account is an external account of a blockchain account, which is used to reset the private key saved by the user and the external account saved in the blockchain.
  • the reset threshold is the minimum number of signatures associated with an account when private keys and external accounts are reset.
  • the process of creating a new blockchain account in the blockchain system specifically includes:
  • the requesting device randomly generates an asymmetric key, and generates an external account according to the public key in the asymmetric key.
  • privateKey represents the private key, and the private key is used to sign the transaction to the blockchain system.
  • publicKey represents the public key, and the private key is used to generate an external account in the blockchain account, and the external account is recorded as publicKeyAddress.
  • the requesting device generates a registration request according to the external account, and signs the registration request with a private key.
  • the requesting device sends a registration request to the blockchain system.
  • the blockchain system creates a new blockchain account according to the registration request.
  • the blockchain system After the blockchain system receives the registration request, the blockchain system first randomly generates internal contract account information, which is recorded as: randomAddress. Then obtain the external account according to the signature, record it as: publicKeyAddress, and finally establish the mapping relationship between the external account and the internal contract account information, and record the mapping relationship on the blockchain.
  • the mapping relationship is recorded as: (publicKeyAddress, randomAddress).
  • the essence of setting up linked accounts is to provide a redundant multi-factor authentication.
  • the account reset transaction can be initiated through the device logged in with the associated account, and the external account generated by the blockchain system using the public key corresponding to the new private key will replace the public key corresponding to the old private key.
  • the external account generated by the key will form a new mapping relationship, and the security of account reset will be ensured by means of multi-party signatures.
  • the requesting device When adding an associated account and resetting the threshold, the requesting device obtains the associated account and resetting the threshold, and initiates an adding transaction request based on the associated account and resetting the threshold, and the requesting device signs the adding transaction request and sends it to the blockchain system . That is, the request device is sent to the blockchain system in plain text. After the blockchain system receives the request to add a transaction, it is also stored on the blockchain in plain text.
  • publicKeyAddress A represents the external account of blockchain account A
  • publicKeyAddress B represents the external account of blockchain account B
  • publicKeyAddress C represents the external account of blockchain account C
  • publicKeyAddress D represents the external account of blockchain account D.
  • the reset threshold is the minimum number of blockchain accounts that agree to reset during the private key and external account reset process. That is to say, when resetting the private key and external account, at least 3 signatures of blockchain accounts in blockchain account A to blockchain account D are required to complete the reset operation.
  • the user's blockchain account model is shown in Figure 3.
  • the requesting device can initiate a reset notification request to the authentication device logged in with the associated account, so that the authentication device initiates an account reset transaction request to the blockchain, and the blockchain system
  • the reset of the account and private key is completed by means of multi-party signatures. Specific steps are as follows:
  • the requesting device randomly generates an asymmetric key, and generates a new external account according to the public key in the asymmetric key.
  • the requesting device randomly generates an asymmetric key, which is recorded as:
  • privateKey' is the new private key
  • publicKey' is the new public key
  • a new external account is calculated according to the new public key publicKey', and the new external account is recorded as publicKeyAddress'.
  • the requesting device generates an account reset notification request according to the new external account and the old external account.
  • the requesting device sends a reset notification request to the authentication device logged in with the associated account.
  • the associated account list includes blockchain account A to blockchain account D, then a reset notification request is sent to the authentication device logged in from blockchain account A to blockchain account D, and the new external account The publicKeyAddress' and the old external account publicKeyAddress are sent to the authentication devices logged in from blockchain account A to blockchain account D.
  • Each authentication device generates a private key reset transaction request according to the new external address and the old external address.
  • the associated accounts are blockchain account A to blockchain account D, and the authentication device logged in from blockchain account A to blockchain account C sends a signed reset transaction request.
  • TX A , TX B and TX C are recorded as TX A , TX B and TX C , specifically:
  • TX A (publicKeyAddress', publicKeyAddress, signature A )
  • TX B (publicKeyAddress', publicKeyAddress, signature B )
  • TX C (publicKeyAddress', publicKeyAddress, signature C )
  • publicKeyAddress′ is the new external account
  • publicKeyAddress is the external account corresponding to the lost private key, that is, the old external account
  • signature A is the signature of blockchain account A
  • signature B is the signature of blockchain account B
  • signature c It is the signature of blockchain account C.
  • the blockchain system performs signature verification according to the reset transaction request sent by each authentication device and the associated account list on the blockchain, and resets the account according to the signature verification result.
  • the blockchain system parses out the external address according to the transaction signature A of blockchain account A. If the external address is in In the list of associated accounts on the blockchain, if the verification is passed, the number of signatures that pass the verification is accumulated.
  • the reset transaction requests sent by the authentication devices logged in by blockchain account B and blockchain account C are authenticated in turn, and the number of signatures that pass the verification is accumulated.
  • the update model is:
  • the reset blockchain account is shown in Figure 4. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' corresponding to the new private key privateKey', so The user signs the transaction initiated by the new private key, the signature can be verified, and the assets and rights of the account corresponding to the old private key can be inherited, and the old private key will become invalid.
  • the above-mentioned private key and external account reset solution based on the two-tier account system can reset the private key and external account through the associated account in case the private key is leaked or lost, so as to ensure that the assets and rights of the account are not lost .
  • This algorithm for resetting the private key and external account is based on the assumption that the associated account does not do evil or the private key of the associated account is not stolen. Since the associated account list of the blockchain account is stored on the blockchain in plain text. When the associated account does evil, it will also collude with other associated accounts to initiate a reset transaction request, and reset the external account corresponding to the blockchain account to obtain the assets and related rights of the blockchain account. Or, the attacking device attacks the device logged in by the associated account until the private key of the most associated account is obtained, and then it can initiate a reset transaction request for the private key of the corresponding blockchain account, thereby obtaining the assets and related information of the blockchain account. rights and interests.
  • the root cause of the above-mentioned malicious risks or attack methods is that the associated accounts are stored in plain text on the blockchain.
  • this application provides a more secure account reset solution. Save the associated account in ciphertext on the upper blockchain, and jointly encrypt the associated account, so that the attacking device cannot determine the associated account of the blockchain account based on the associated account after joint encryption, and reset the account if necessary At this time, the identity verification of the associated account can still be performed through joint encryption, so as to realize account reset.
  • an embodiment of the present application provides an account reset system, which includes a blockchain system 300 , a requesting device 100 and an authentication device 200 .
  • the blockchain system 300 and the authentication device 200 are connected in communication, so that the authentication device 200 initiates a reset transaction request to the blockchain system 300 .
  • the blockchain system 300 and the requesting device 100 are also connected in communication, so that the requesting device 100 can also initiate a registration request and an initialization transaction request to the blockchain system 300 .
  • a blockchain account is stored in the blockchain running on the blockchain system 300, and the communication connection between the requesting device 100 and the authentication device 200, so that the requesting device 100 can initiate a reset notification request to the authentication device, and the authentication device 200 After receiving the reset notification request, send an account reset transaction request to the blockchain system, so that the blockchain system resets the blockchain account.
  • an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, to obtain Reset notification request for each authenticated device.
  • the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account. It also includes a new external account generated based on the public key corresponding to the new private key.
  • the requesting device For each authenticated device, the requesting device generates a reset notification request.
  • a reset notification request is generated for a certain authentication device, obtain the associated account logged on other authentication devices except the authentication device, the associated account is the associated account in the blockchain account corresponding to the private key to be reset, and Encrypting associated accounts logged in on other authentication devices to obtain at least one associated account ciphertext.
  • the ciphertexts of at least one associated account may be grouped, and the ciphertexts in each group are encrypted, so as to generate the certification information of the certification device.
  • the grouping method is the same as the grouping method when generating the joint associated account ciphertext stored on the blockchain. It is also possible to directly use the obtained ciphertext of at least one associated account as the certification information of the authentication device.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the requesting device will generate a corresponding reset notification request for each authentication device.
  • the ciphertext of the associated account logged in on other authentication devices is used to generate a reset notification request. Therefore, each authentication Device reset notification requests are different.
  • Each authentication device generates a reset transaction request according to the corresponding reset notification request and the ciphertext of the associated account logged on the authentication device.
  • the authentication device receives the reset notification request, and parses out the reset information and the certification information of the authentication device from the reset notification request, and obtains the ciphertext of the associated account logged in on its own device. , and then generate a reset transaction request based on the ciphertext of the associated account logged in on the own device, the certification information of the authentication device, and the reset information. That is, the reset transaction request needs to be based on the ciphertext of all associated accounts.
  • the authentication device also uses the private key corresponding to the associated account logged on it to sign the reset transaction request.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • each authentication device After each authentication device receives the reset notification request, it will generate a signed reset transaction request and send the reset transaction request to the blockchain system under the condition of not doing evil.
  • the blockchain system verifies the identity of the associated account according to the reset transaction request sent by each authentication device and the ciphertext of the associated account stored on the blockchain, and obtains the verification result of the associated account.
  • the blockchain system performs identity verification on the reset transaction request sent by each authentication device, and obtains the verification result of the associated account logged on each authentication device.
  • any node in the blockchain system parses the reset transaction request to obtain the certification information of the authentication device, the ciphertext of the associated account logged on the authentication device, and the reset information.
  • the certification information of the authentication device and the ciphertext of the associated account logged on the authentication device are encrypted to generate a composite ciphertext, and then the composite ciphertext is compared with the ciphertext of the joint associated account stored on the blockchain, and if they are consistent, a verification is generated If the verification result is passed, if it is inconsistent, a verification result of verification failure will be generated.
  • the blockchain system resets the account according to the reset information when the verification result of the associated account satisfies the preset reset condition.
  • satisfying the preset reset condition includes that the verification result is that the number of linked accounts that pass the verification is greater than or equal to the reset threshold. Failure to meet the preset reset condition includes that the verification result is that the number of associated accounts that pass the verification is less than the reset threshold.
  • the blockchain system counts the verification results of the associated accounts, obtains the number of associated accounts that have passed the verification, and judges whether the number of associated accounts that have passed the verification is greater than or equal to the reset threshold. If so, use the new external account to update the old external account, and form The mapping relationship between the new external account and the corresponding internal account of the old external account.
  • the multiple associated accounts used to reset the private key and the corresponding external accounts are stored in the block chain in the form of joint ciphertext.
  • the authentication device obtains other associated accounts on the blockchain to do evil, and cooperates with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, which can also resist the attack of the attacking device.
  • a notification request is generated based on at least one associated account ciphertext, so that the authentication device can use multiple associated account ciphertexts Generate a reset transaction request, and the blockchain system can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
  • an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • the old external account is generated by the requesting device according to the public key in the randomly generated second asymmetric key.
  • the way in which the requesting device generates the certification information of each authentication account is the same as the way in which the requesting device generates the ciphertext of the joint associated account.
  • the certification information of the authentication account only includes the ciphertext of the associated account logged in on each other authentication device.
  • the ciphertext of the joint associated account is obtained by grouping the ciphertexts of each associated account and then encrypting them separately, when generating the certification information of the authentication account, it is also necessary to group the ciphertexts of the associated accounts logged in on other authentication devices.
  • a hash calculation is performed on each associated account associated with the old external account to obtain the ciphertext of each associated account associated with the old external account.
  • hash calculation is performed on the hash values of the multiple groups obtained at last to obtain the ciphertext of the joint associated account.
  • Satisfying the second loop stop condition includes that the number of packets is equal to 2, and not satisfying the second loop stop condition includes that the number of packets is not equal to 2.
  • the requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
  • the initialization request is used to increase the associated account information and reset the threshold in the blockchain account, and the associated account information is stored in the form of joint associated account ciphertext.
  • the private key in the second asymmetric key is used to sign the initial transaction request, so that the blockchain system can authenticate the requesting device.
  • the requesting device sends an initialization transaction request to the blockchain system.
  • the blockchain system responds to the initialization transaction request.
  • the group hash value is calculated again by cyclically grouping each hash value, and the ciphertext of the joint associated account is obtained in a tree-shaped encryption method, and the ciphertext of the associated account is increased in the area.
  • the data security stored in the block chain does not need to decrypt the ciphertext of the joint associated account when resetting the account. It is directly based on the certification information of the authentication device and the hash value of the associated account logged in on the authentication device. After rehashing , and then compared with the ciphertext of the joint associated account stored in the blockchain to complete the identity verification, which can further resist the attack of the attacking device and the malicious authentication device will jointly perform the account reset transaction after cracking the associated account.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
  • the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account.
  • Reset information also includes new external accounts.
  • a first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
  • the ciphertext of at least one associated account is grouped, and hash calculation is performed on the ciphertext in each group to obtain the hash value of each group. That is, for each group, calculate the hash value between all ciphertexts in the group, and use it as the hash value of the group. For example, if the group includes 2 ciphertexts, calculate the hash value between the 2 ciphertexts, and if the group includes 3 ciphertexts, then calculate the hash value between the 3 ciphertexts.
  • the hash value of each group is cyclically grouped and then the hash value in the group is calculated to obtain the hash value of multiple groups until the number of groups satisfies the first loop stop condition. That is, after obtaining the hash values of multiple groups, further group the hash values of multiple groups to obtain a new group, and then calculate the hash value between the hash values in the new group for each new group, Use it as the hash value of the new group, so as to obtain the hash values of multiple new groups, and complete a cycle.
  • the hash value of each group is obtained through multiple loops. And the hash value of multiple groups is used as the certification information of the authenticated device.
  • satisfying the first cycle stop condition includes that the number of groups is equal to the first threshold, and the first threshold is determined according to the method of obtaining the ciphertext of the joint associated account, so as to ensure that when the blockchain system receives the reset transaction request sent by the authentication device, Based on the hash value of each group and the hash value of the associated account registered on the authentication device, the ciphertext of the joint associated account can be obtained, and then compared with the ciphertext of the associated account stored on the blockchain to realize the verification of the authentication device.
  • a reset notification request for each certified device is generated according to each certified device, the certified information and the reset information.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the authentication device For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
  • the authentication device For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • the blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
  • the blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
  • the verification results of the obtained associated accounts are counted to obtain the number of associated accounts that have passed the verification.
  • the internal account includes the ciphertext of the joint associated account and resets the threshold.
  • the requesting device in order to realize the identity verification of the authentication device, the requesting device generates an identity certificate for each authentication device, so that the block chain can be based on the ciphertext of the identity certificate and the associated account of the authentication device in the reset transaction request.
  • Identity verification while ensuring the security of associated accounts stored on the block chain, it can also facilitate the block chain system to perform identity verification.
  • Another embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • the blockchain account to be reset has been created in the blockchain
  • the external account of the blockchain account is recorded as publicKeyAddress
  • the randomly generated internal contract account information is recorded as randomAddress
  • the internal contract account information As an internal account address, and make the external account and internal contract account information form a mapping relationship, and record it on the blockchain, the mapping relationship model is:
  • the external account is generated based on the public key in the asymmetric key, and the asymmetric key is recorded as ⁇ privateKey, publicKey> privateKey is the private key, and publicKey is the public key.
  • the associated accounts of the external account are blockchain account A, blockchain account B, blockchain account C and blockchain account D.
  • H(A) Hash(publicKeyAddress A )
  • H(B) Hash(publicKeyAddress B )
  • H(C) Hash(publicKeyAddress C )
  • H(D) Hash(publicKeyAddress D )
  • the joint associated account ciphertext is obtained through tree hash operation, which is marked as H(ABCD).
  • H(ABCD) tree hash operation
  • the first group is H(A) and H(B)
  • the second group is H(C) and H(D).
  • the hash value of the first group is marked as H(AB):
  • the hash value of the second group is marked as H(CD):
  • Hash the hash values of the two groups to obtain the joint account ciphertext H(ABCD
  • the requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
  • the associated associated account ciphertext H (ABCD) is used to set the associated account information and set the reset threshold, for example: the reset threshold is 3.
  • the requesting device sends an initialization transaction request to the blockchain system.
  • the blockchain system responds to the initialization transaction request.
  • the joint associated account ciphertext H (ABCD) and the reset threshold are stored in the blockchain, as shown in Figure 10.
  • An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
  • each authentication device For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
  • the device is requested to regenerate a public-private key pair (privateKey', publicKey'), and calculate a new external account publicKeyAddress' based on the new public key publicKey'.
  • Each authentication device has an associated account logged in, and the requesting device generates certification information for each authentication device based on the associated account, so as to construct a joint associated account ciphertext based on the ciphertext and authentication information of the associated account logged in on the authentication device.
  • H(ABCD) root hash value of the tree encryption method
  • the root hash value needs to be constructed based on the proof information, and it is equal to the root hash value H(ABCD) stored on the blockchain, which proves that the login account on the authentication device is an associated account, otherwise the login account on the authentication device is not associated account.
  • a reset notification request is generated according to the reset information and the certification information of the certification device.
  • the reset information includes the new external account publicKeyAddress' and the old external account publicKeyAddress.
  • the requesting device sends a corresponding reset notification request to each authentication device.
  • the authentication device For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
  • each authentication device has an associated account logged in, and each authentication device performs hash calculation on the associated account logged in to obtain the ciphertext of the associated account.
  • the first authentication device 200 encrypts the external account of the blockchain account A to obtain the ciphertext of the associated account.
  • the second authentication device 200 has a blockchain account B logged in, and the second authentication device encrypts the external account of the blockchain account B to obtain the ciphertext of the associated account.
  • the authentication device For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
  • each authentication device After receiving the reset notification request, each authentication device initiates a reset transaction request and signs it.
  • the reset transaction request initiated by the device where the blockchain account A is located is recorded as TX A :
  • TX A (publicKeyAddress′, publicKeyAddress, signature A , Proof A )
  • publicKeyAddress' is the new external account
  • publicKeyAddress is the nine external accounts
  • signature A is the signature of blockchain account A
  • Proof A is the certification information of blockchain account A.
  • the reset transaction request initiated by the device of blockchain account A is recorded as TX A
  • the reset transaction request initiated by the device of blockchain account B is recorded as TX B :
  • TX B (publicKeyAddress′, publicKeyAddress, signature B , Proof B )
  • TX C (publicKeyAddress′, publicKeyAddress, signature C , Proof C )
  • signature B is the signature of blockchain account B
  • Proof B is the certification information of blockchain account B
  • signature C is the signature of blockchain account C
  • Proof C is the certification information of blockchain account C.
  • Each authentication device sends a reset transaction request to the blockchain system.
  • the blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
  • the blockchain network authenticates the blockchain account on the transaction initiator device according to the transaction signature.
  • the blockchain system analyzes the associated account that initiates the reset transaction request based on the transaction signature, and constructs the root hash value based on the associated account and the corresponding certification information. If they are the same, the originating account of the reset transaction request is an associated account, and the verification is passed, and the transaction is successful; if not, it is not an associated account, and the verification fails, and the transaction fails. And accumulate the number of associated accounts that pass the verification, and judge whether the reset threshold is reached.
  • the blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
  • the blockchain account logged in on the device that initiates the reset transaction request TX B and reset transaction request TX C Verify that both are verified, and add up the number of signatures to 3.
  • the number of signatures is equal to the reset threshold, and the blockchain system updates the old external account to a new external account.
  • the model is as follows:
  • the updated blockchain model is shown in Figure 11. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' generated based on the public key corresponding to the new private key privateKey', so the authentication device initiates through the new private key pair After the transaction request is signed, it can be verified, and the assets and rights of the account corresponding to the original private key will be inherited, and the original private key will become invalid.
  • the associated account when adding an associated account, the associated account is not added in plain text, but the associated account is encrypted and added, and at the same time, the verification information is used to verify whether the account that initiated the reset transaction request is one of the multiple associated accounts, which can reduce the number of associated accounts. Even if the account is attacked, other associated account information cannot be obtained from the blockchain, which can prevent the associated accounts from colluding.
  • an embodiment of the present application provides a blockchain-based account reset device 800, which includes:
  • the first processing module 801 is configured to, for each authentication device, obtain reset information and the ciphertext of at least one associated account logged on other authentication devices, and generate a reset notification according to the reset information and the ciphertext of at least one associated account request to obtain the reset notification request corresponding to each authenticated device;
  • the first sending module 802 is configured to send a corresponding reset notification request to each authentication device; wherein, the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it of;
  • the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain.
  • the account reset process is performed according to the reset information.
  • the first processing module 801 is specifically configured to:
  • the first processing module 801 is specifically configured to:
  • Group the ciphertext of at least one associated account, and perform hash calculation on the ciphertext in each group to obtain the hash value of each group;
  • the hash values of multiple groups are used as proof information for authenticating the device.
  • the first processing module 801 is specifically configured to:
  • the associated account logged on the authentication device is obtained, and hash processing is performed on the associated account to generate the ciphertext of the associated account, so as to obtain the ciphertext of multiple associated accounts.
  • the first processing module 801 is specifically configured to:
  • the first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
  • the first sending module 802 is specifically used for:
  • the initialization transaction request is used to make the blockchain system store the mapping relationship between the old external account and the internal account on the blockchain, and the internal account includes the ciphertext of the joint associated account and the reset threshold.
  • the first processing module 801 is specifically configured to:
  • an embodiment of the present application provides a blockchain-based account reset device 900, which includes:
  • the first receiving module 901 is configured to receive a reset notification request sent by the requesting device; wherein, the reset notification request is generated according to the reset information and the ciphertext of the associated account logged in on other authentication devices;
  • the second processing module 902 is configured to generate a reset transaction request according to the reset notification request and the ciphertext of the associated account logged on the authentication device;
  • the second sending module 903 is used to send a reset transaction request to the block chain system; wherein, the verification result of each associated account is the combination of the reset transaction request sent by the block chain system according to each authentication device and the block chain.
  • the blockchain system is also used to perform account reset processing according to the reset information when the verification results of each associated account meet the preset reset conditions.
  • the second processing module 902 is specifically used to:
  • an embodiment of the present application provides a blockchain-based account reset device 110, which includes:
  • the second receiving module 111 is configured to receive reset transaction requests sent by each authentication device; wherein, each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request The reset notification request corresponding to each authentication device is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
  • the third processing module 112 is used to perform identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, and obtain the verification result of each associated account;
  • the account reset process is performed according to the reset information.
  • the third processing module 112 is specifically used for:
  • each reset transaction request For each reset transaction request, analyze the reset transaction request to obtain the certification information of the authentication device and the ciphertext of the associated account logged in on the authentication device, and encrypt the certification information and the ciphertext of the associated account to generate a composite ciphertext to Obtain multiple synthetic ciphertexts;
  • the third processing module 112 is specifically used for:
  • the new external account is used to update the old external account in the blockchain, and the mapping relationship between the new external account and the internal account corresponding to the old external account is established;
  • the internal account includes the joint associated account ciphertext and reset threshold.
  • the third processing module 112 is specifically used for:
  • the old external account includes federated associated account ciphertext and reset threshold.
  • an embodiment of the present application provides an electronic device 120 , and the electronic device 120 includes a memory 121 and a processor 122 .
  • the memory 121 is used to store computer instructions executable by the processor
  • the processor 122 implements each step in the methods in the above-mentioned embodiments when executing computer instructions. For details, refer to the related descriptions in the foregoing method embodiments.
  • the above-mentioned memory 121 can be independent or integrated with the processor 122 .
  • the electronic device further includes a bus for connecting the memory 121 and the processor 122 .
  • the embodiment of the present application also provides a computer-readable storage medium, in which computer instructions are stored, and when the processor executes the computer instructions, each step in the method in the foregoing embodiments is implemented.
  • An embodiment of the present application further provides a computer program product, including computer instructions, and when the computer instructions are executed by a processor, each step in the method in the foregoing embodiments is implemented.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided in the present application are a blockchain-based account resetting method, and a device. The method comprises: acquiring resetting information, and ciphertext of at least one associated account logged in on another authentication device, and generating a resetting notification request according to the resetting information and the ciphertext of the at least one associated account, so as to obtain a resetting notification request corresponding to each authentication device; and sending the corresponding resetting notification request to each authentication device, wherein a resetting transaction request is generated by means of each authentication device and according to the corresponding resetting notification request and ciphertext of an associated account logged in on the authentication device, a verification result of each associated account is obtained by means of a blockchain system performing identity verification according to a resetting transaction request, which is sent by each authentication device, and joint associated account ciphertext stored in a blockchain, and the blockchain system is used for performing account resetting processing according to the resetting information when the verification result of each associated account meets a preset resetting condition. The account security can be improved by encrypting and storing an associated account in a blockchain.

Description

基于区块链的账户重置方法和设备Blockchain-based account reset method and device
本申请要求于2021年11月24日提交中国专利局、申请号为CN202111405515.6、申请名称为“基于区块链的账户重置方法和设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to a Chinese patent application filed with the China Patent Office on November 24, 2021, with application number CN202111405515.6, and application title "Blockchain-based account reset method and device", the entire content of which is adopted References are incorporated in this application.
技术领域technical field
本申请涉及金融科技(Finteh)领域,尤其涉及一种基于区块链的账户重置方法和设备。This application relates to the field of financial technology (Finteh), in particular to a blockchain-based account reset method and device.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Finteh)转变。区块链(Block-Chain)技术也不例外,但由于金融行业的安全性、实时性要求,也对区块链技术提出的更高的要求。尤其是在对区块链账户进行重置时安全性要求更高。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Finteh). Blockchain (Block-Chain) technology is no exception, but due to the security and real-time requirements of the financial industry, it also puts forward higher requirements for blockchain technology. Especially when resetting the blockchain account, the security requirements are higher.
发明内容Contents of the invention
本申请一实施例提供一种基于区块链的账户重置方法,方法应用于请求设备,重置系统包括请求设备、区块链系统及多个认证设备,方法包括:An embodiment of the present application provides a blockchain-based account reset method, which is applied to a requesting device. The reset system includes a requesting device, a blockchain system, and multiple authentication devices. The method includes:
针对每个认证设备,获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据重置信息和至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求;For each authenticated device, obtain the reset information and the ciphertext of at least one associated account logged in on other authenticated devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain the ciphertext of each authenticated device The corresponding reset notification request;
向每个认证设备发送对应的重置通知请求;其中,重置交易请求是每个认证设备根据对应的重置通知请求和其上登录的关联账户的密文生成的;Send a corresponding reset notification request to each authentication device; wherein, the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it;
其中,各个关联账户的验证结果是区块链系统根据每个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文进行身份验证获得的,区块链系统还用于在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。Among them, the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain. When the verification result of each associated account meets the preset reset condition, the account reset process is performed according to the reset information.
本申请另一实施例提供一种基于区块链的账户重置方法,方法应用于区块链系统,方法包括:Another embodiment of the present application provides a blockchain-based account reset method, the method is applied to the blockchain system, and the method includes:
接收各个认证设备发送的重置交易请求;其中,各个重置交易请求是对应的认证设备根据对应的认证设备上登录的关联账户的密文和重置通知请求生成的;各个认证设备对应的重置通知请求是请求设备根据至少一个其他认证设备上登录的关联账户的密文和重置信息生成的;Receive reset transaction requests sent by each authentication device; wherein, each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request; the corresponding reset transaction request of each authentication device The configuration notification request is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得各个关联账户的验证结果;Verify the identity of each associated account according to the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain, and obtain the verification result of each associated account;
在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。When the verification result of each associated account satisfies the preset reset condition, the account reset process is performed according to the reset information.
本申请另一实施例提供一种请求设备,包括:处理器,及与处理器通信连接的存储器;Another embodiment of the present application provides a requesting device, including: a processor, and a memory communicatively connected to the processor;
存储器存储计算机执行指令;the memory stores computer-executable instructions;
处理器执行存储器存储的计算机执行指令,以实现上述实施例提供的账户重置方法。The processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
本申请另一实施例提供一种认证设备,包括:处理器,及与处理器通信连接的存储器;Another embodiment of the present application provides an authentication device, including: a processor, and a memory communicatively connected to the processor;
存储器存储计算机执行指令;the memory stores computer-executable instructions;
处理器执行存储器存储的计算机执行指令,以实现上述实施例提供的账户重置方法。The processor executes the computer-executed instructions stored in the memory, so as to implement the account reset method provided in the above embodiments.
本申请另一实施例提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机执行指令,计算机执行指令被处理器执行时用于实现上述实施例提供的账户重置方法。Another embodiment of the present application provides a computer-readable storage medium. Computer-executable instructions are stored in the computer-readable storage medium. When the computer-executable instructions are executed by a processor, they are used to implement the account reset method provided in the above-mentioned embodiments.
本申请提供的基于区块链的账户重置方法和设备,将用于重置私钥和对应外部账户的多个关联账户以联合密文方式存储在区块链中,关联账户的数据安全性高,可以防止登录有其中一个关联账户的认证设备在区块链上获取其他关联账户而作恶,联合其他关联账户发起重置私钥和对应外部账户的交易,为了便于对认证设备发起的重置交易请求进行身份验证,在请求设备向认证设备发起重置通知请求时,基于至少一个关联账户密文生成通知请求,以使认证设备可以多个关联账户密文生成重置交易请求,区块链系统可以根据多个关联账户密文进行关联账户验证,从而实现私钥和对应外部账户的重置。The blockchain-based account reset method and device provided by this application store multiple associated accounts used to reset private keys and corresponding external accounts in the blockchain in the form of joint ciphertext, and the data security of associated accounts High, it can prevent the authentication device logged in with one of the associated accounts from obtaining other associated accounts on the blockchain to do evil, and cooperate with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, in order to facilitate the reset initiated by the authentication device The transaction request is authenticated. When the requesting device initiates a reset notification request to the authentication device, a notification request is generated based on at least one associated account ciphertext, so that the authentication device can generate a reset transaction request with multiple associated account ciphertexts. Blockchain The system can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
附图说明Description of drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本申请的实施例,并与说明书一起用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description serve to explain the principles of the application.
图1为本申请提供的区块链账户的一种模型示意图;Figure 1 is a schematic diagram of a model of a blockchain account provided by this application;
图2为本申请一实施例提供的建立新区块链账户的流程示意图;FIG. 2 is a schematic flow diagram of establishing a new blockchain account provided by an embodiment of the present application;
图3为本申请提供基于图1所示的区块链账户模型的实例示意图;Figure 3 is a schematic diagram of an example based on the blockchain account model shown in Figure 1 provided by this application;
图4为本申请提供基于图3所示的区块链账户被重置后的实例示意图;Fig. 4 is a schematic diagram of an example after the blockchain account shown in Fig. 3 is reset based on the present application;
图5为本申请提供的重置系统的结构示意图;FIG. 5 is a schematic structural diagram of the reset system provided by the present application;
图6为本申请又一实施例提供的账户重置方法的流程示意图;FIG. 6 is a schematic flowchart of an account reset method provided in another embodiment of the present application;
图7为本申请另一实施例提供的账户重置方法的流程示意图;FIG. 7 is a schematic flowchart of an account reset method provided by another embodiment of the present application;
图8为本申请提供的区块链账户的另一种模型示意图;Figure 8 is a schematic diagram of another model of the blockchain account provided by this application;
图9为本申请再一实施例提供的生成联合关联账户密文的原理示意图;FIG. 9 is a schematic diagram of the principle of generating the ciphertext of joint associated accounts provided by another embodiment of the present application;
图10为本申请提供基于图8所示的区块链账户模型的实例示意图;Figure 10 is a schematic diagram of an example based on the blockchain account model shown in Figure 8 provided by this application;
图11为本申请提供基于图10所示的区块链账户被重置后的实例示意图;Fig. 11 is a schematic diagram of an example after the blockchain account shown in Fig. 10 is reset based on the present application;
图12为本申请另一实施例提供的账户重置装置的结构示意图;Fig. 12 is a schematic structural diagram of an account reset device provided by another embodiment of the present application;
图13为本申请再一实施例提供的账户重置装置的结构示意图;FIG. 13 is a schematic structural diagram of an account reset device provided in yet another embodiment of the present application;
图14为本申请又一实施例提供的账户重置装置的结构示意图;FIG. 14 is a schematic structural diagram of an account reset device provided in another embodiment of the present application;
图15为本申请又一实施例提供的电子设备的结构示意图。FIG. 15 is a schematic structural diagram of an electronic device provided by another embodiment of the present application.
通过上述附图,已示出本申请明确的实施例,后文中将有更详细的描述。这些附图和文字描述并不是为了通过任何方式限制本申请构思的范围,而是通过参考特定实施例为本领域技术人员说明本申请的概念。By means of the above drawings, specific embodiments of the present application have been shown, which will be described in more detail hereinafter. These drawings and text descriptions are not intended to limit the scope of the concept of the application in any way, but to illustrate the concept of the application for those skilled in the art by referring to specific embodiments.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.
在区块链系统中,通常采用公钥体系对区块链账户进行操作和管理,用户保存私钥,并将基于公钥生成的账户保存在区块链上。在发起交易请求时,通过私钥对交易请求进行签名,区块链系统通过区块链上的账户对交易签名进行验证。也就是,私钥是进行区块链账户的身份验证的唯一凭证,一旦私钥丢失,则意味着用户将丢失当前区块链账户下的所有资产和权益。In the blockchain system, the public key system is usually used to operate and manage the blockchain account. The user saves the private key and saves the account generated based on the public key on the blockchain. When a transaction request is initiated, the transaction request is signed by the private key, and the blockchain system verifies the transaction signature through the account on the blockchain. In other words, the private key is the only certificate for identity verification of the blockchain account. Once the private key is lost, it means that the user will lose all assets and rights under the current blockchain account.
为了解决个问题,作为其中一种技术方案,通常通过助记词方式,用户需要保存助记词,当用户丢失私钥后,可以通过助记词获得丢失私钥。作为另外一种技术方案,也会通过密码托管系统保存加密私钥,由于密码托管系统托管加密私钥,需要用户保存用于私钥加密的口令密码。虽然,助记词和和口令密码能够提升用户体验,用户不需要再 去记忆复杂的私钥。但助记词和密码仍然存在丢失或者被盗取的风险,本质上并没有解决私钥丢失的问题。In order to solve this problem, as one of the technical solutions, the user needs to save the mnemonic, usually through the mnemonic. When the user loses the private key, the lost private key can be obtained through the mnemonic. As another technical solution, the encrypted private key will also be saved through the password escrow system. Since the encrypted private key is escrowed by the password escrow system, the user is required to save the password used for private key encryption. Although mnemonic words and passwords can improve user experience, users do not need to memorize complex private keys. However, mnemonic words and passwords still have the risk of being lost or stolen, which essentially does not solve the problem of private key loss.
为了从本质上解决私钥丢失的问题,又提出一种基于双层账户体系的区块链账户模型,便于在私钥丢失时通过重置私钥和外部账户的方式获得新私钥和新外部账户。并且,用户所有的资产、权益均和内部账户绑定,外部账户仅用于验证交易签名。当重置外部账户后,用户的资产和权益不会受到任何影响。In order to essentially solve the problem of private key loss, a blockchain account model based on a two-tier account system is proposed, which facilitates obtaining a new private key and a new external account by resetting the private key and external account when the private key is lost. account. In addition, all the assets and rights of the user are bound to the internal account, and the external account is only used to verify the transaction signature. When the external account is reset, the user's assets and rights will not be affected in any way.
如图1,所提出的双层账户体系的区块链账户模型包括外部账户和内部账户。外部账户是基于公钥实现的,也就是,请求设备随机生成非对称密钥,并将基于公钥生成的外部账户保存在区块链上,由用户保存私钥。在请求设备发起交易请求时,通过私钥对交易请求进行签名,区块链系统通过区块链上的外账户对交易签名进行验证。As shown in Figure 1, the blockchain account model of the proposed two-tier account system includes external accounts and internal accounts. The external account is implemented based on the public key, that is, the device is requested to randomly generate an asymmetric key, and the external account generated based on the public key is saved on the blockchain, and the user saves the private key. When the requesting device initiates a transaction request, the transaction request is signed by the private key, and the blockchain system verifies the transaction signature through the external account on the blockchain.
内部账户用于实现私钥和外部账户的重置。内部账户包括内部合约账户信息、关联账户列表以及重置阈值。其中,内部合约账户信息为区块链系统在响应请求设备发起的注册请求时随机生成,并形成内部合约账户信息和外部账户之间的映射关系。关联账户列表中包含多个关联账户,每个关联账户为一个区块链账户的外部账户,用于重置用户保存的私钥和区块链中保存的外部账户。重置阈值为在私钥和外部账户重置时关联账户签名的最小数量。Internal accounts are used to reset private keys and external accounts. Internal accounts include internal contract account information, a list of associated accounts, and reset thresholds. Among them, the internal contract account information is randomly generated by the blockchain system in response to the registration request initiated by the requesting device, and forms a mapping relationship between the internal contract account information and the external account. The associated account list contains multiple associated accounts, and each associated account is an external account of a blockchain account, which is used to reset the private key saved by the user and the external account saved in the blockchain. The reset threshold is the minimum number of signatures associated with an account when private keys and external accounts are reset.
如图2所示,在区块链系统中新建一个区块链账户的过程具体包括:As shown in Figure 2, the process of creating a new blockchain account in the blockchain system specifically includes:
S101、请求设备随机生成非对称密钥,并根据非对称密钥中公钥生成外部账户。S101. The requesting device randomly generates an asymmetric key, and generates an external account according to the public key in the asymmetric key.
在该步骤中,将请求设备随机生成非对称密钥记为:In this step, requesting the device to randomly generate an asymmetric key is recorded as:
<privateKey,publicKey><privateKey, publicKey>
其中,privateKey表示私钥,私钥用于在向区块链系统发起交易进行签名。publicKey表示公钥,私钥用于生成区块链账户中的外部账户,将外部账户记为publicKeyAddress。Among them, privateKey represents the private key, and the private key is used to sign the transaction to the blockchain system. publicKey represents the public key, and the private key is used to generate an external account in the blockchain account, and the external account is recorded as publicKeyAddress.
S102、请求设备根据外部账户生成注册请求,并用私钥对注册请 求进行签名。S102. The requesting device generates a registration request according to the external account, and signs the registration request with a private key.
S103、请求设备向区块链系统发送注册请求。S103. The requesting device sends a registration request to the blockchain system.
S104、区块链系统根据注册请求新建区块链账户。S104. The blockchain system creates a new blockchain account according to the registration request.
其中,区块链系统在接收到注册请求后,区块链系统首先随机生成内部合约账户信息,将其记为:randomAddress。然后根据签名获得外部账户,将其记为:publicKeyAddress,最后建立外部账户和内部合约账户信息的映射关系,将映射关系记录在区块链上。映射关系记为:(publicKeyAddress,randomAddress)。Among them, after the blockchain system receives the registration request, the blockchain system first randomly generates internal contract account information, which is recorded as: randomAddress. Then obtain the external account according to the signature, record it as: publicKeyAddress, and finally establish the mapping relationship between the external account and the internal contract account information, and record the mapping relationship on the blockchain. The mapping relationship is recorded as: (publicKeyAddress, randomAddress).
在通过执行S101至S104完成区块链的注册后,还需要在内部账户中添加新建区块链账户的关联账户以及重置阈值。After completing the registration of the blockchain by executing S101 to S104, it is also necessary to add the associated account of the newly created blockchain account to the internal account and reset the threshold.
设置关联账户的本质是提供一个冗余的多因子身份认证。当由用户保存的私钥丢失或者被盗,可以通过关联账户所登录的设备发起账户重置交易,由区块链系统用新私钥对应的公钥生成的外部账户替换旧私钥对应的公钥生成的外部账户,形成新的映射关系,并以多方签名的方式确保账户重置的安全性。The essence of setting up linked accounts is to provide a redundant multi-factor authentication. When the private key saved by the user is lost or stolen, the account reset transaction can be initiated through the device logged in with the associated account, and the external account generated by the blockchain system using the public key corresponding to the new private key will replace the public key corresponding to the old private key. The external account generated by the key will form a new mapping relationship, and the security of account reset will be ensured by means of multi-party signatures.
在添加关联账户和重置阈值时,由请求设备获取关联账户和重置阈值,并根据关联账户和重置阈值发起添加交易请求,由请求设备对添加交易请求进行签名后发送到区块链系统。也就是请求设备是以明文的形式发送到区块链系统。在区块链系统接收到添加交易请求后,也是以明文的方式保存在区块链上的。When adding an associated account and resetting the threshold, the requesting device obtains the associated account and resetting the threshold, and initiates an adding transaction request based on the associated account and resetting the threshold, and the requesting device signs the adding transaction request and sends it to the blockchain system . That is, the request device is sent to the blockchain system in plain text. After the blockchain system receives the request to add a transaction, it is also stored on the blockchain in plain text.
例如:在区块链系统新建一个区块链账户后,设置重置阈值为3,所添加的区块链账户的关联账户列表为:For example: After creating a new blockchain account in the blockchain system, set the reset threshold to 3, and the associated account list of the added blockchain account is:
{publicKeyAddress A{ publicKeyAddress A ;
publicKeyAddress BpublicKeyAddress B ;
publicKeyAddress CpublicKeyAddress C ;
publicKeyAddress D} publicKeyAddress D }
其中,publicKeyAddress A表示区块链账户A的外部账户,publicKeyAddress B表示区块链账户B的外部账户,publicKeyAddress C表示区块链账户C的外部账户, publicKeyAddress D表示区块链账户D的外部账户。 Among them, publicKeyAddress A represents the external account of blockchain account A, publicKeyAddress B represents the external account of blockchain account B, publicKeyAddress C represents the external account of blockchain account C, and publicKeyAddress D represents the external account of blockchain account D.
重置阈值为在私钥和外部账户重置过程中同意重置的区块链账户的最少数量。也就是当重置私钥和外部账户时,在区块链账户A至区块链账户D中至少需要3个区块链账户的签名才能完成重置操作。此时用户的区块链账户模型如图3所示。The reset threshold is the minimum number of blockchain accounts that agree to reset during the private key and external account reset process. That is to say, when resetting the private key and external account, at least 3 signatures of blockchain accounts in blockchain account A to blockchain account D are required to complete the reset operation. At this time, the user's blockchain account model is shown in Figure 3.
当用户保存的私钥泄露或者丢失时,可以由请求设备向关联账户所登录的认证设备发起重置通知请求,以使认证设备向区块链发起账户重置交易请求,并由区块链系统通过多方签名的方式完成账户和私钥的重置。具体步骤如下:When the private key saved by the user is leaked or lost, the requesting device can initiate a reset notification request to the authentication device logged in with the associated account, so that the authentication device initiates an account reset transaction request to the blockchain, and the blockchain system The reset of the account and private key is completed by means of multi-party signatures. Specific steps are as follows:
S201、请求设备随机生成非对称密钥,并根据非对称密钥中的公钥生成新外部账户。S201. The requesting device randomly generates an asymmetric key, and generates a new external account according to the public key in the asymmetric key.
其中,在私钥丢失后,请求设备随机生成非对称密钥,将其记为:Among them, after the private key is lost, the requesting device randomly generates an asymmetric key, which is recorded as:
(privateKey′,publicKey′)(privateKey', publicKey')
其中,privateKey′为新私钥,publicKey′为新公钥。Among them, privateKey' is the new private key, and publicKey' is the new public key.
根据新公钥publicKey′计算新的外部账户,将新的外部账户记为publicKeyAddress′。A new external account is calculated according to the new public key publicKey', and the new external account is recorded as publicKeyAddress'.
S202、请求设备根据新外部账户和旧外部账户生成账户重置通知请求。S202. The requesting device generates an account reset notification request according to the new external account and the old external account.
S203、请求设备向关联账户所登录的认证设备发送重置通知请求。S203. The requesting device sends a reset notification request to the authentication device logged in with the associated account.
在该步骤中,关联账户列表包括区块链账户A至区块链账户D,则向区块链账户A至区块链账户D所登录的认证设备发送重置通知请求,以新的外部账户publicKeyAddress′和旧外部账户publicKeyAddress发送给块链账户A至区块链账户D所登录的认证设备。In this step, the associated account list includes blockchain account A to blockchain account D, then a reset notification request is sent to the authentication device logged in from blockchain account A to blockchain account D, and the new external account The publicKeyAddress' and the old external account publicKeyAddress are sent to the authentication devices logged in from blockchain account A to blockchain account D.
S204、各个认证设备根据新外部地址和旧外部地址生成私钥重置交易请求。S204. Each authentication device generates a private key reset transaction request according to the new external address and the old external address.
其中,关联账户为区块链账户A至区块链账户D,区块链账户A至区块链账户C所登录的认证设备发送签名后的重置交易请求。Among them, the associated accounts are blockchain account A to blockchain account D, and the authentication device logged in from blockchain account A to blockchain account C sends a signed reset transaction request.
由区块链账户A至区块链账户C发起的签名后的重置交易请求 记为TX A、TX B和TX C,具体为: The signed reset transaction requests initiated by blockchain account A to blockchain account C are recorded as TX A , TX B and TX C , specifically:
TX A=(publicKeyAddress′,publicKeyAddress,signature A) TX A =(publicKeyAddress', publicKeyAddress, signature A )
TX B=(publicKeyAddress′,publicKeyAddress,signature B) TX B =(publicKeyAddress', publicKeyAddress, signature B )
TX C=(publicKeyAddress′,publicKeyAddress,signature C) TX C =(publicKeyAddress', publicKeyAddress, signature C )
其中,publicKeyAddress′为新的外部账户,publicKeyAddress为丢失私钥对应的外部账户,也就是旧外部账户,signature A为区块链账户A的签名,signature B为区块链账户B的签名,signature c为区块链账户C的签名。 Among them, publicKeyAddress′ is the new external account, publicKeyAddress is the external account corresponding to the lost private key, that is, the old external account, signature A is the signature of blockchain account A, signature B is the signature of blockchain account B, signature c It is the signature of blockchain account C.
S205、区块链系统根据各个认证设备发送的重置交易请求和区块链上的关联账户列表进行签名验证,并根据签名验证结果进行账户重置。S205. The blockchain system performs signature verification according to the reset transaction request sent by each authentication device and the associated account list on the blockchain, and resets the account according to the signature verification result.
在该步骤中,区块链系统在接收到区块链账户A所登录的认证设备发送的重置交易请求后,根据区块链账户A的交易签名signature A解析出外部地址,如果外部地址在区块链上的关联账户列表中,验证通过,累加验证通过的签名数量。依次对区块链账户B和区块链账户C所登录的认证设备发送的重置交易请求进行认验证,累加验证通过的签名数量。 In this step, after receiving the reset transaction request sent by the authentication device logged in by blockchain account A, the blockchain system parses out the external address according to the transaction signature A of blockchain account A. If the external address is in In the list of associated accounts on the blockchain, if the verification is passed, the number of signatures that pass the verification is accumulated. The reset transaction requests sent by the authentication devices logged in by blockchain account B and blockchain account C are authenticated in turn, and the number of signatures that pass the verification is accumulated.
判断累加结果是否大于或等于重置阈值,若累加结果小于重置阈值,则不响应重置交易请求,交易失败。若累加结果等于或大于重置阈值,则响应重置交易请求,交易成功。Determine whether the accumulation result is greater than or equal to the reset threshold. If the accumulation result is less than the reset threshold, the reset transaction request will not be responded and the transaction will fail. If the accumulated result is equal to or greater than the reset threshold, the reset transaction request is responded and the transaction is successful.
由于区块链账户A至区块链账户C为关联账户,累加签名数量为3,此时累加结果等于重置阈值,区块链系统将就外部账户更新为新的外部账户,更新模型为:Since blockchain account A to blockchain account C are associated accounts, and the cumulative number of signatures is 3, the accumulated result is equal to the reset threshold, and the blockchain system will update the external account to a new external account. The update model is:
(publicKeyAddress,randomAddress)→(publicKeyAddress′,randomAddress)(publicKeyAddress, randomAddress) → (publicKeyAddress′, randomAddress)
重置后的区块链账户如图4所示,由于内部账户不变,所以用户的资产和权益并未丢失,且将外部账户重置为新私钥privateKey′对应的外部账户publicKeyAddress′,所以用户通过新的私钥对发起的交易进行签名,签名可以验证通过,可以继承旧私钥对应账户的资产和权 益,旧私钥将会失效。The reset blockchain account is shown in Figure 4. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' corresponding to the new private key privateKey', so The user signs the transaction initiated by the new private key, the signature can be verified, and the assets and rights of the account corresponding to the old private key can be inherited, and the old private key will become invalid.
上述基于双层账户体系的私钥和外部账户重置解决方案能够在私钥泄露或者丢失的情况下,通过关联账户对私钥和外部账户进行重置,从而确保账户的资产和权益不受损失。The above-mentioned private key and external account reset solution based on the two-tier account system can reset the private key and external account through the associated account in case the private key is leaked or lost, so as to ensure that the assets and rights of the account are not lost .
但是安全是多维度的,这种私钥和外部账户的重置算法是建立在关联账户不作恶或者关联账户私钥不被盗取的情况下的。由于区块链账户的关联账户列表是明文存储在区块链上的。当关联账户作恶时,也会与其他关联账户共谋发起重置交易请求,将对应区块链账户的外部账户重置,以获取区块链账户的资产和相关权益。又或者,攻击设备攻击关联账户所登录的设备,直到获得最多的关联账户的私钥,就可以对对应区块链账户的私钥发起重置交易请求,从而获得区块链账户的资产和相关权益。But security is multi-dimensional. This algorithm for resetting the private key and external account is based on the assumption that the associated account does not do evil or the private key of the associated account is not stolen. Since the associated account list of the blockchain account is stored on the blockchain in plain text. When the associated account does evil, it will also collude with other associated accounts to initiate a reset transaction request, and reset the external account corresponding to the blockchain account to obtain the assets and related rights of the blockchain account. Or, the attacking device attacks the device logged in by the associated account until the private key of the most associated account is obtained, and then it can initiate a reset transaction request for the private key of the corresponding blockchain account, thereby obtaining the assets and related information of the blockchain account. rights and interests.
综上,导致上述作恶风险或攻击手段出现的根本原因是因为关联账户在区块链上以明文保存。基于上述分析,本申请提供一种安全性更高的账户重置方案。将关联账户以密文保存在上区块链上,且将关联账户进行联合加密,以使作攻击设备无法根据联合加密后的关联账户确定区块链账户的关联账户,并且在需要重置账户时仍可以通过联合加密进行关联账户的身份验证,从而实现账户重置。In summary, the root cause of the above-mentioned malicious risks or attack methods is that the associated accounts are stored in plain text on the blockchain. Based on the above analysis, this application provides a more secure account reset solution. Save the associated account in ciphertext on the upper blockchain, and jointly encrypt the associated account, so that the attacking device cannot determine the associated account of the blockchain account based on the associated account after joint encryption, and reset the account if necessary At this time, the identity verification of the associated account can still be performed through joint encryption, so as to realize account reset.
如图5所示,本申请一实施例提供一种账户重置系统,该账户重置系统包括区块链系统300、请求设备100和认证设备200。区块链系统300与认证设备200之间通信连接,以使认证设备200向区块链系统300发起重置交易请求。区块链系统300与请求设备100之间也通信连接,以使请求设备100也可以向区块链系统300发起注册请求和初始化交易请求。As shown in FIG. 5 , an embodiment of the present application provides an account reset system, which includes a blockchain system 300 , a requesting device 100 and an authentication device 200 . The blockchain system 300 and the authentication device 200 are connected in communication, so that the authentication device 200 initiates a reset transaction request to the blockchain system 300 . The blockchain system 300 and the requesting device 100 are also connected in communication, so that the requesting device 100 can also initiate a registration request and an initialization transaction request to the blockchain system 300 .
在区块链系统300上运行的区块链内存储有区块链账户,请求设备100和认证设备200之间通信连接,以使请求设备100可以向认证设备发起重置通知请求,认证设备200在接收到重置通知请求后向区块链系统发送账户重置交易请求,以使区块链系统重置区块链账户。A blockchain account is stored in the blockchain running on the blockchain system 300, and the communication connection between the requesting device 100 and the authentication device 200, so that the requesting device 100 can initiate a reset notification request to the authentication device, and the authentication device 200 After receiving the reset notification request, send an account reset transaction request to the blockchain system, so that the blockchain system resets the blockchain account.
如图6所示,本申请一实施例提供一种基于区块链的账户重置 方法,该方法应用于账户重置系统,该方法包括如下步骤:As shown in Figure 6, an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
S301、针对每个认证设备,请求设备获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据重置信息和至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求。S301. For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, to obtain Reset notification request for each authenticated device.
在该步骤中,重置信息包括待重置私钥对应的区块链账户内的外部账户,也称之为旧外部账户。还包括基于新私钥对应的公钥所生成的新外部账户。In this step, the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account. It also includes a new external account generated based on the public key corresponding to the new private key.
针对每个认证设备,请求设备都会生成一个重置通知请求。在为某一个认证设备生成重置通知请求时,获取除去该认证设备以外的其他认证设备上登录的关联账户,关联账户是待重置的私钥对应的区块链账户内的关联账户,并对在其他认证设备上登录的关联账户进行加密获得至少一个关联账户密文。For each authenticated device, the requesting device generates a reset notification request. When a reset notification request is generated for a certain authentication device, obtain the associated account logged on other authentication devices except the authentication device, the associated account is the associated account in the blockchain account corresponding to the private key to be reset, and Encrypting associated accounts logged in on other authentication devices to obtain at least one associated account ciphertext.
在获得重置信息和至少一个关联账户的密文后,先根据至少一个关联账户的密文生成认证设备的证明信息,再根据认证设备的证明信息和重置信息生成重置通知请求。After obtaining the reset information and the ciphertext of at least one associated account, first generate the certification information of the authentication device according to the ciphertext of the at least one associated account, and then generate a reset notification request according to the certification information of the authentication device and the reset information.
在生成认证设备的证明信息时,可以对至少一个关联账户的密文进行分组,对每组内密文进行加密处理,以生成该认证设备的证明信息。其中,分组方式与在生成存储在区块链上的联合关联账户密文时的分组方式相同。还可以直接将获得的至少一个关联账户的密文直接作为认证设备的证明信息。When generating the certification information of the authentication device, the ciphertexts of at least one associated account may be grouped, and the ciphertexts in each group are encrypted, so as to generate the certification information of the certification device. Among them, the grouping method is the same as the grouping method when generating the joint associated account ciphertext stored on the blockchain. It is also possible to directly use the obtained ciphertext of at least one associated account as the certification information of the authentication device.
通过分组生成认证设备的证明信息后再进一步生成重置通知请求方式,关联账户被恶意攻击后获取的难度更高,可以提高账户重置的安全性。After generating the certification information of the authentication device by group, and then further generating the reset notification request method, it is more difficult to obtain the associated account after it is maliciously attacked, which can improve the security of account reset.
S302、请求设备向各个认证设备发送对应的重置通知请求。S302. The requesting device sends a corresponding reset notification request to each authentication device.
在该步骤,请求设备会为每个认证设备生成对应的重置通知请求,针对某一认证设备,仅使用其他认证设备上登录的关联账户的密文生成重置通知请求,因此,每个认证设备的重置通知请求不同。In this step, the requesting device will generate a corresponding reset notification request for each authentication device. For a certain authentication device, only the ciphertext of the associated account logged in on other authentication devices is used to generate a reset notification request. Therefore, each authentication Device reset notification requests are different.
S303、每个认证设备根据对应的重置通知请求和认证设备上登录的关联账户的密文生成重置交易请求。S303. Each authentication device generates a reset transaction request according to the corresponding reset notification request and the ciphertext of the associated account logged on the authentication device.
在该步骤,针对任意认证设备,该认证设备接收重置通知请求,并从重置通知请求中解析出重置信息和该认证设备的证明信息,在获取自身设备上登录的关联账户的密文,再基于自身设备上登录的关联账户的密文、该认证设备的证明信息和重置信息生成重置交易请求。也就是重置交易请求需要基于所有关联账户的密文。该认证设备还使用其上登录的关联账户对应的私钥对重置交易请求进行签名。In this step, for any authentication device, the authentication device receives the reset notification request, and parses out the reset information and the certification information of the authentication device from the reset notification request, and obtains the ciphertext of the associated account logged in on its own device. , and then generate a reset transaction request based on the ciphertext of the associated account logged in on the own device, the certification information of the authentication device, and the reset information. That is, the reset transaction request needs to be based on the ciphertext of all associated accounts. The authentication device also uses the private key corresponding to the associated account logged on it to sign the reset transaction request.
S304、各个认证设备向区块链系统发送重置交易请求。S304. Each authentication device sends a reset transaction request to the blockchain system.
在该步骤,在每个认证设备接收到重置通知请求后,在不作恶的情况下,都会生成签名后的重置交易请求,并向区块链系统发送重置交易请求。In this step, after each authentication device receives the reset notification request, it will generate a signed reset transaction request and send the reset transaction request to the blockchain system under the condition of not doing evil.
S305、区块链系统根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文对关联账户进行身份验证,获得关联账户的验证结果。S305. The blockchain system verifies the identity of the associated account according to the reset transaction request sent by each authentication device and the ciphertext of the associated account stored on the blockchain, and obtains the verification result of the associated account.
在该步骤,区块链系统针对每个认证设备发送的重置交易请求进行身份验证,获得每个认证设备上登录的关联账户的验证结果。In this step, the blockchain system performs identity verification on the reset transaction request sent by each authentication device, and obtains the verification result of the associated account logged on each authentication device.
针对每个认证设备发送的重置交易请求,区块链系统中任意节点解析重置交易请求,获得该认证设备的证明信息、该认证设备上登录的关联账户的密文以及重置信息,对该认证设备的证明信息和该认证设备上登录的关联账户的密文进行加密生成合成密文,再将合成密文与区块链上存储的联合关联账户密文进行比较,若一致则生成验证通过的验证结果,若不一致则生成验证失败的验证结果。For the reset transaction request sent by each authentication device, any node in the blockchain system parses the reset transaction request to obtain the certification information of the authentication device, the ciphertext of the associated account logged on the authentication device, and the reset information. The certification information of the authentication device and the ciphertext of the associated account logged on the authentication device are encrypted to generate a composite ciphertext, and then the composite ciphertext is compared with the ciphertext of the joint associated account stored on the blockchain, and if they are consistent, a verification is generated If the verification result is passed, if it is inconsistent, a verification result of verification failure will be generated.
S306、区块链系统在关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。S306. The blockchain system resets the account according to the reset information when the verification result of the associated account satisfies the preset reset condition.
在该步骤,满足预设重置条件包括验证结果为验证通过的关 联账户的数量大于或等于重置阈值。不满足预设重置条件包括验证结果为验证通过的关联账户的数量小于重置阈值。In this step, satisfying the preset reset condition includes that the verification result is that the number of linked accounts that pass the verification is greater than or equal to the reset threshold. Failure to meet the preset reset condition includes that the verification result is that the number of associated accounts that pass the verification is less than the reset threshold.
区块链系统统计关联账户的验证结果,获得验证通过的关联账户的数量,判断验证通过的关联账户的数量是否大于或等于重置阈值,若是,则使用新外部账户更新旧外部账户,并形成新外部账户与旧外部账户对应的内部账户之间的映射关系。The blockchain system counts the verification results of the associated accounts, obtains the number of associated accounts that have passed the verification, and judges whether the number of associated accounts that have passed the verification is greater than or equal to the reset threshold. If so, use the new external account to update the old external account, and form The mapping relationship between the new external account and the corresponding internal account of the old external account.
在上述技术方案中,用于重置私钥和对应外部账户的多个关联账户以联合密文方式存储在区块链中,关联账户的数据安全性高,可以防止登录有其中一个关联账户的认证设备在区块链上获取其他关联账户而作恶,联合其他关联账户发起重置私钥和对应外部账户的交易,也可以抵抗攻击设备的攻击。为了便于对认证设备发起的重置交易请求进行身份验证,在请求设备向认证设备发起重置通知请求时,基于至少一个关联账户密文生成通知请求,以使认证设备可以多个关联账户密文生成重置交易请求,区块链系统可以根据多个关联账户密文进行关联账户验证,从而实现私钥和对应外部账户的重置。In the above technical solution, the multiple associated accounts used to reset the private key and the corresponding external accounts are stored in the block chain in the form of joint ciphertext. The authentication device obtains other associated accounts on the blockchain to do evil, and cooperates with other associated accounts to initiate a transaction to reset the private key and the corresponding external account, which can also resist the attack of the attacking device. In order to facilitate the authentication of the reset transaction request initiated by the authentication device, when the requesting device initiates a reset notification request to the authentication device, a notification request is generated based on at least one associated account ciphertext, so that the authentication device can use multiple associated account ciphertexts Generate a reset transaction request, and the blockchain system can verify the associated account according to the ciphertext of multiple associated accounts, so as to realize the reset of the private key and the corresponding external account.
如图7所示,本申请一实施例提供一种基于区块链的账户重置方法,该方法应用于账户重置系统,该方法包括如下步骤:As shown in Figure 7, an embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
S401、请求设备对旧外部账户关联的所有关联账户进行加密,生成联合关联账户密文。S401. Request the device to encrypt all associated accounts associated with the old external account, and generate a joint associated account ciphertext.
其中,旧外部账户是请求设备根据随机生成的第二非对称密钥中公钥生成的。请求设备在生成各个认证账户的证明信息的方式与请求设备在生成联合关联账户密文时的方式相同。Wherein, the old external account is generated by the requesting device according to the public key in the randomly generated second asymmetric key. The way in which the requesting device generates the certification information of each authentication account is the same as the way in which the requesting device generates the ciphertext of the joint associated account.
若在生成联合关联账户密文时,没有对关联账户密文进行分组后再加密,则认证账户的证明信息也就是仅包括各个其他认证设备上登录的关联账户的密文。If the ciphertext of the associated account is not grouped and then encrypted when the ciphertext of the joint associated account is generated, the certification information of the authentication account only includes the ciphertext of the associated account logged in on each other authentication device.
若联合关联账户密文是通过对各个关联账户的密文分组后再分别加密后获得的,则生成认证账户的证明信息时也需要对各个 其他认证设备上登录的关联账户的密文进行分组。If the ciphertext of the joint associated account is obtained by grouping the ciphertexts of each associated account and then encrypting them separately, when generating the certification information of the authentication account, it is also necessary to group the ciphertexts of the associated accounts logged in on other authentication devices.
更具体地,对旧外部账户关联的各个关联账户进行哈希计算,以获得旧外部账户关联的各个关联账户密文。对旧外部账户关联的各个关联账户密文进行分组,并对各个分组内的密文进行哈希计算获得各个分组的哈希值,循环执行将各个分组的哈希值分组后对分组内哈希值进行哈希计算获得多个分组的哈希值直至分组数量满足第二循环停止条件。并将最后获得的多个分组的哈希值进行哈希计算,获得联合关联账户密文。More specifically, a hash calculation is performed on each associated account associated with the old external account to obtain the ciphertext of each associated account associated with the old external account. Group the ciphertexts of each associated account associated with the old external account, and perform hash calculation on the ciphertexts in each group to obtain the hash value of each group, perform cyclic execution to group the hash values of each group and then hash the hash values in the group Perform hash calculation on the values to obtain the hash values of multiple groups until the number of groups satisfies the second loop stop condition. And hash calculation is performed on the hash values of the multiple groups obtained at last to obtain the ciphertext of the joint associated account.
在一实施例中,在对各个关联账户密文进行分组以及对各个分组进行再分组时,保证分组后的每个分组内有个两个哈希值或者两个关联账户密文。In an embodiment, when grouping each associated account ciphertext and regrouping each group, it is guaranteed that there are two hash values or two associated account ciphertexts in each group after grouping.
满足第二循环停止条件包括分组数量等于2,不满足第二循环停止条件包括分组数量不等于2。Satisfying the second loop stop condition includes that the number of packets is equal to 2, and not satisfying the second loop stop condition includes that the number of packets is not equal to 2.
S402、请求设备根据联合关联账户密文和重置阈值生成初始化交易请求,并使用第二非对称密钥中私钥对初始化交易请求进行签名。S402. The requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
其中,初始化请求用于在区块链账户内增加关联账户信息和重置阈值,关联账户信息以联合关联账户密文方式存储。利用第二非对称密钥中私钥对初始化交易请求进行签名,以使区块链系统对请求设备进行身份验证。Among them, the initialization request is used to increase the associated account information and reset the threshold in the blockchain account, and the associated account information is stored in the form of joint associated account ciphertext. The private key in the second asymmetric key is used to sign the initial transaction request, so that the blockchain system can authenticate the requesting device.
S403、请求设备向区块链系统发送初始化交易请求。S403. The requesting device sends an initialization transaction request to the blockchain system.
S404、区块链系统响应初始化交易请求。S404. The blockchain system responds to the initialization transaction request.
在该步骤中,利用区块链账户的外部账户对初始化交易请求中签名进行验证,在验证通过后建立联合关联账户密文与内部账户之间的对应关系,并建立重置阈值与内部账户之间的对应关系,在区块链上存储旧外部账户和内部账户之间的映射关系,如图8所示。In this step, use the external account of the blockchain account to verify the signature in the initial transaction request, establish the corresponding relationship between the ciphertext of the joint associated account and the internal account after the verification is passed, and establish the relationship between the reset threshold and the internal account. The corresponding relationship between the old external accounts and internal accounts is stored on the blockchain, as shown in Figure 8.
在上述技术方案中,在生成联合关联账户密文时通过对各个哈希值进行循环分组再次计算分组哈希值,以树形加密方式获得 联合关联账户密文,增加联合关联账户密文在区块链存储的数据安全性,在进行账户重置时也无需对联合关联账户密文进行解密,直接基于认证设备的证明信息和认证设备上登录的关联账户的哈希值进行再次哈希运算后,再与区块链中存储的联合关联账户密文比较,完成身份验证,可以进一步抵抗攻击设备的攻击以及作恶的认证设备在破解关联账户后联合进行账户重置交易。In the above technical solution, when generating the ciphertext of the joint associated account, the group hash value is calculated again by cyclically grouping each hash value, and the ciphertext of the joint associated account is obtained in a tree-shaped encryption method, and the ciphertext of the associated account is increased in the area. The data security stored in the block chain does not need to decrypt the ciphertext of the joint associated account when resetting the account. It is directly based on the certification information of the authentication device and the hash value of the associated account logged in on the authentication device. After rehashing , and then compared with the ciphertext of the joint associated account stored in the blockchain to complete the identity verification, which can further resist the attack of the attacking device and the malicious authentication device will jointly perform the account reset transaction after cracking the associated account.
本申请一实施例提供一种基于区块链的账户重置方法,该方法应用于账户重置系统,该方法包括如下步骤:An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
S501、针对每个认证设备,请求设备获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据重置信息和至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求。S501. For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
在该步骤中,重置信息包括待重置私钥对应的区块链账户内的外部账户,也称之为旧外部账户。重置信息还包括新外部账户。为获取新外部账户,随机生成第一非对称密钥,并根据第一非对称密钥中公钥生成新外部账户。In this step, the reset information includes an external account in the blockchain account corresponding to the private key to be reset, which is also called an old external account. Reset information also includes new external accounts. In order to obtain a new external account, a first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
为获得每个关联账户的密文,以其中一个认证设备为例,获取认证设备上登录的关联账户,对认证设备上登录的关联账户进行哈希处理,获得认证设备上登录的关联账户的密文,从而获得多个关联账户的密文。In order to obtain the ciphertext of each associated account, take one of the authentication devices as an example, obtain the associated account logged in on the authentication device, perform hash processing on the associated account logged in on the authentication device, and obtain the password of the associated account logged in on the authentication device Text, so as to obtain the ciphertext of multiple associated accounts.
为获得每个认证设备的证明信息,将至少一个关联账户的密文进行分组,并对各个分组内的密文进行哈希计算获得各个分组的哈希值。也就是针对每个分组,计算分组内所有密文之间的哈希值,将其作为该分组的哈希值。例如:分组包括2个密文,则计算2个密文之间的哈希值,分组包括3个密文,则计算3个密文之间哈希值。In order to obtain the certification information of each authentication device, the ciphertext of at least one associated account is grouped, and hash calculation is performed on the ciphertext in each group to obtain the hash value of each group. That is, for each group, calculate the hash value between all ciphertexts in the group, and use it as the hash value of the group. For example, if the group includes 2 ciphertexts, calculate the hash value between the 2 ciphertexts, and if the group includes 3 ciphertexts, then calculate the hash value between the 3 ciphertexts.
在获得各个分组的哈希值后,循环执行将各个分组的哈希值分组后对分组内哈希值进行哈希计算获得多个分组的哈希值直至 分组数量满足第一循环停止条件。也就是在获得多个分组的哈希值后,进一步对多个分组的哈希值进行分组,获得新分组,再对每个新分组,计算新分组内哈希值之间的哈希值,将其作为新分组的哈希值,从而获得多个新分组的哈希值,完成一次循环。通过多次循环以获得各个分组的哈希值。并将多个分组的哈希值作为认证设备的证明信息。After the hash value of each group is obtained, the hash value of each group is cyclically grouped and then the hash value in the group is calculated to obtain the hash value of multiple groups until the number of groups satisfies the first loop stop condition. That is, after obtaining the hash values of multiple groups, further group the hash values of multiple groups to obtain a new group, and then calculate the hash value between the hash values in the new group for each new group, Use it as the hash value of the new group, so as to obtain the hash values of multiple new groups, and complete a cycle. The hash value of each group is obtained through multiple loops. And the hash value of multiple groups is used as the certification information of the authenticated device.
其中,满足第一循环停止条件包括分组数量等于第一阈值,第一阈值是根据获得联合关联账户密文的方式确定,以保证区块链系统在接收到认证设备发送的重置交易请求时,基于各分组的哈希值和该认证设备上登录的关联账户的哈希值可以获得联合关联账户密文,再与区块链上存储的联合关联账户密文进行比较而实现认证设备的验证。Among them, satisfying the first cycle stop condition includes that the number of groups is equal to the first threshold, and the first threshold is determined according to the method of obtaining the ciphertext of the joint associated account, so as to ensure that when the blockchain system receives the reset transaction request sent by the authentication device, Based on the hash value of each group and the hash value of the associated account registered on the authentication device, the ciphertext of the joint associated account can be obtained, and then compared with the ciphertext of the associated account stored on the blockchain to realize the verification of the authentication device.
在获得每个认证设备的证明信息后,根据每个认证设备和证明信息和重置信息生成每个认证设备的重置通知请求。After the certification information of each certified device is obtained, a reset notification request for each certified device is generated according to each certified device, the certified information and the reset information.
S502、请求设备向各个认证设备发送对应的重置通知请求。S502. The requesting device sends a corresponding reset notification request to each authentication device.
S503、针对每个认证设备,认证设备对其上登录的关联账户进行哈希处理,获得该认证设备上登录的关联账户的密文,以获得各个认证设备上登录的关联账户的密文。S503. For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
S504、针对每个认证设备,认证设备根据接收到的重置通知请求和其上登录的关联账户的密文生成重置交易请求,以获得各个认证设备生成的重置交易请求。S504. For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
S505、各个认证设备向区块链系统发送重置交易请求。S505. Each authentication device sends a reset transaction request to the blockchain system.
S506、区块链系统根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得各个关联账户的验证结果。S506. The blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
在该步骤中,针对任意一个重置交易请求,解析重置交易请求获得认证设备的证明信息和认证设备上登录的关联账户的密文,并对证明信息和关联账户的密文进行加密处理生成合成密文,将合成密文与联合关联账户密文进行比较获得关联账户的验证结果, 以获得一个关联账户的验证结果。In this step, for any reset transaction request, analyze the reset transaction request to obtain the certification information of the authentication device and the ciphertext of the associated account logged on the authentication device, and encrypt the certification information and the ciphertext of the associated account to generate Synthetic ciphertext, compare the synthetic ciphertext with the ciphertext of the joint associated account to obtain the verification result of the associated account, and obtain the verification result of an associated account.
通过重复执行上述步骤,以获得所有重置交易请求对应的关联账户的验证结果。Repeat the above steps to obtain the verification results of the associated accounts corresponding to all reset transaction requests.
S507、区块链系统在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。S507. The blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
在该步骤中,统计所获得的关联账户的验证结果,以获得验证结果为验证通过的关联账户数量,当验证结果为验证通过的关联账户数量大于或等于重置阈值时,在区块链中使用新外部账户更新旧外部账户,并将新外部账户与旧外部账户对应的内部账户关联,内部账户包括联合关联账户密文以及重置阈值。In this step, the verification results of the obtained associated accounts are counted to obtain the number of associated accounts that have passed the verification. Use the new external account to update the old external account, and associate the new external account with the internal account corresponding to the old external account. The internal account includes the ciphertext of the joint associated account and resets the threshold.
在上述技术方案中,为实现认证设备的身份验证,由请求设备针对每个认证设备生成身份证明,以使区块链可以基于重置交易请求中身份证明和认证设备的关联账户的密文进行身份验证,在保证关联账户在区块链上存储的安全性的同时也能便于区块链系统进行身份验证。In the above technical solution, in order to realize the identity verification of the authentication device, the requesting device generates an identity certificate for each authentication device, so that the block chain can be based on the ciphertext of the identity certificate and the associated account of the authentication device in the reset transaction request. Identity verification, while ensuring the security of associated accounts stored on the block chain, it can also facilitate the block chain system to perform identity verification.
本申请另一实施例提供一种基于区块链的账户重置方法,该方法应用于账户重置系统,该方法包括如下步骤:Another embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
S601、请求设备对旧外部账户关联的所有关联账户进行加密,生成联合关联账户密文。S601. Request the device to encrypt all associated accounts associated with the old external account, and generate a joint associated account ciphertext.
在该步骤中,在区块链中已经创建待重置的区块链账户,该区块链账户的外部账户记为publicKeyAddress,随机生成的内部合约账户信息记为randomAddress,并将内部合约账户信息作为内部账户地址,并使外部账户和内部合约账户信息形成映射关系,并记录在区块链上,映射关系模型为:In this step, the blockchain account to be reset has been created in the blockchain, the external account of the blockchain account is recorded as publicKeyAddress, the randomly generated internal contract account information is recorded as randomAddress, and the internal contract account information As an internal account address, and make the external account and internal contract account information form a mapping relationship, and record it on the blockchain, the mapping relationship model is:
(publicKeyAddress,randomAddress)(publicKeyAddress, randomAddress)
外部账户是根据非对称密钥中公钥生成的,非对称密钥记为<privateKey,publicKey>privateKey为私钥,publicKey为公钥。The external account is generated based on the public key in the asymmetric key, and the asymmetric key is recorded as <privateKey, publicKey> privateKey is the private key, and publicKey is the public key.
外部账户的关联账户为区块链账户A、区块链账户B、区块链 账户C以及区块链账户D。获取四个账户的外部账户,又称之为公钥地址信息,具体如下:The associated accounts of the external account are blockchain account A, blockchain account B, blockchain account C and blockchain account D. Obtain the external accounts of the four accounts, also known as public key address information, as follows:
publicKeyAddress A publicKeyAddressA
publicKeyAddress B publicKeyAddress B
publicKeyAddress C publicKeyAddress C
publicKeyAddress D publicKeyAddress D
对外部账户进行哈希计算,获得关联账户的哈希值:Perform hash calculation on the external account to obtain the hash value of the associated account:
H(A)=Hash(publicKeyAddress A) H(A)=Hash(publicKeyAddress A )
H(B)=Hash(publicKeyAddress B) H(B)=Hash(publicKeyAddress B )
H(C)=Hash(publicKeyAddress C) H(C)=Hash(publicKeyAddress C )
H(D)=Hash(publicKeyAddress D) H(D)=Hash(publicKeyAddress D )
如图9所示,然后通过树形哈希运算获得联合关联账户密文,标记为H(ABCD)。将四个哈希值进行分组,第一个分组为H(A)和H(B),第二个分组为H(C)和H(D)。As shown in Figure 9, the joint associated account ciphertext is obtained through tree hash operation, which is marked as H(ABCD). Group the four hash values, the first group is H(A) and H(B), and the second group is H(C) and H(D).
第一个分组的哈希值标记为H(AB):The hash value of the first group is marked as H(AB):
H(AB)=H(H(A)+H(B))H(AB)=H(H(A)+H(B))
第二个分组的哈希值标记为H(CD):The hash value of the second group is marked as H(CD):
H(CD)=H(H(C)+H(D))H(CD)=H(H(C)+H(D))
将两个分组的哈希值进行哈希计算,获得联合关联账户密文H(ABCDHash the hash values of the two groups to obtain the joint account ciphertext H(ABCD
H(ABCD)=H(H(AB)+H(CD))H(ABCD)=H(H(AB)+H(CD))
S602、请求设备根据联合关联账户密文和重置阈值生成初始化交易请求,并使用第二非对称密钥中私钥对初始化交易请求进行签名。S602. The requesting device generates an initialization transaction request according to the ciphertext of the associated account and the reset threshold, and signs the initialization transaction request using the private key in the second asymmetric key.
在该步骤中,联合关联账户密文H(ABCD)用于设置关联账户的信息,并设置重置阈值,例如:重置阈值为3。In this step, the associated associated account ciphertext H (ABCD) is used to set the associated account information and set the reset threshold, for example: the reset threshold is 3.
S603、请求设备向区块链系统发送初始化交易请求。S603. The requesting device sends an initialization transaction request to the blockchain system.
S604、区块链系统响应初始化交易请求。S604. The blockchain system responds to the initialization transaction request.
在该步骤中,通过对初始化交易请求进行签名验证后,再将 联合关联账户密文H(ABCD)和重置阈值存储在区块链中,如图10所示。In this step, after the signature verification of the initial transaction request, the joint associated account ciphertext H (ABCD) and the reset threshold are stored in the blockchain, as shown in Figure 10.
在上述技术方案中,由于哈希函数的防碰撞特性,从联合关联账户密文H(ABCD)获得各个关联账户的可能性极低,认证设备或者其他攻击设备无法再联合其他关联账户恶意重置区块链账户,确保了关联账户的隐私性和安全性。In the above technical solution, due to the anti-collision feature of the hash function, the possibility of obtaining each associated account from the joint associated account ciphertext H (ABCD) is extremely low, and the authentication device or other attacking device cannot cooperate with other associated accounts to maliciously reset Blockchain accounts ensure the privacy and security of associated accounts.
本申请一实施例提供一种基于区块链的账户重置方法,该方法应用于账户重置系统,该方法包括如下步骤:An embodiment of the present application provides a blockchain-based account reset method, which is applied to an account reset system, and the method includes the following steps:
S701、针对每个认证设备,请求设备获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据重置信息和至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求。S701. For each authentication device, request the device to obtain the reset information and the ciphertext of at least one associated account logged in on other authentication devices, and generate a reset notification request according to the reset information and the ciphertext of at least one associated account, so as to obtain Reset notification request for each authenticated device.
在该步骤中,当私钥丢失或者存在泄露的风险,请求设备重新生成公私钥对(privateKey′,publicKey′),并根据新公钥publicKey′计算新的外部账户publicKeyAddress′。In this step, when the private key is lost or there is a risk of leakage, the device is requested to regenerate a public-private key pair (privateKey', publicKey'), and calculate a new external account publicKeyAddress' based on the new public key publicKey'.
每个认证设备上登录有一个关联账户,请求设备根据关联账户生成每个认证设备的证明信息,以根据认证设备上登录的关联账户的密文和认证信息构建联合关联账户密文。由于区块链上只存储了树形加密方式的根哈希值H(ABCD),所以需要证明发送某个私钥重置交易请求的请求设备上登录的区块链账户是否为关联账户,只需要根据证明信息能够构建出根哈希值,且和区块链上的存储的根哈希值H(ABCD)相等,则证明认证设备上登录账户为关联账户,否则认证设备上登录账户不是关联账户。Each authentication device has an associated account logged in, and the requesting device generates certification information for each authentication device based on the associated account, so as to construct a joint associated account ciphertext based on the ciphertext and authentication information of the associated account logged in on the authentication device. Since only the root hash value H(ABCD) of the tree encryption method is stored on the blockchain, it is necessary to prove whether the blockchain account logged in on the requesting device that sends a private key reset transaction request is an associated account. The root hash value needs to be constructed based on the proof information, and it is equal to the root hash value H(ABCD) stored on the blockchain, which proves that the login account on the authentication device is an associated account, otherwise the login account on the authentication device is not associated account.
以区块链账户A为关联账户为例,要计算H(ABCD),只需要知道区块链账户B的哈希值H(B)、区块链账户C的哈希值和区块链账户D的哈希值之间的哈希值H(CD)即可。认证设备再计算区块链账户A的哈希值H(A),并根据H(A)和H(B)计算出H(AB),再根据H(AB)和H(CD)计算出H(ABCD),所以关联账户A的证明信息Proof A为:Proof A={H(B),H(CD)}。 Taking blockchain account A as the associated account as an example, to calculate H(ABCD), you only need to know the hash value H(B) of blockchain account B, the hash value of blockchain account C, and the blockchain account The hash value H(CD) between the hash values of D is enough. The authentication device then calculates the hash value H(A) of blockchain account A, calculates H(AB) based on H(A) and H(B), and then calculates H(AB) based on H(AB) and H(CD) (ABCD), so the proof information Proof A of the associated account A is: Proof A = {H(B), H(CD)}.
在获得各个认证设备的证明信息,根据重置信息和认证设备的证明信息生成重置通知请求。重置信息包括新的外部账户publicKeyAddress′和旧外部账户publicKeyAddress。After obtaining the certification information of each authentication device, a reset notification request is generated according to the reset information and the certification information of the certification device. The reset information includes the new external account publicKeyAddress' and the old external account publicKeyAddress.
S702、请求设备向各个认证设备发送对应的重置通知请求。S702. The requesting device sends a corresponding reset notification request to each authentication device.
S703、针对每个认证设备,认证设备对其上登录的关联账户进行哈希处理,获得该认证设备上登录的关联账户的密文,以获得各个认证设备上登录的关联账户的密文。S703. For each authentication device, the authentication device performs hash processing on the associated account logged in to obtain the ciphertext of the associated account logged in on the authentication device, so as to obtain the ciphertext of the associated account logged in on each authentication device.
在该步骤中,每个认证设备上登录有关联账户,每个认证设备对其上登录的关联账户进行哈希计算,获得关联账户的密文。In this step, each authentication device has an associated account logged in, and each authentication device performs hash calculation on the associated account logged in to obtain the ciphertext of the associated account.
例如:第一个认证设备上登陆有区块链账户A,则第一个认证设备200对区块链账户A的外部账户进行加密,获得关联账户的密文。第二个认证设备200上登陆有区块链账户B,则第二个认证设备对区块链账户B的外部账户进行加密,获得关联账户的密文。For example, if a blockchain account A is registered on the first authentication device, the first authentication device 200 encrypts the external account of the blockchain account A to obtain the ciphertext of the associated account. The second authentication device 200 has a blockchain account B logged in, and the second authentication device encrypts the external account of the blockchain account B to obtain the ciphertext of the associated account.
S704、针对每个认证设备,认证设备根据接收到的重置通知请求和其上登录的关联账户的密文生成重置交易请求,以获得各个认证设备生成的重置交易请求。S704. For each authentication device, the authentication device generates a reset transaction request according to the received reset notification request and the ciphertext of the associated account logged on it, so as to obtain the reset transaction request generated by each authentication device.
在该步骤中,当每个认证设备接收到重置通知请求后,发起重置交易请求,并进行签名。In this step, after receiving the reset notification request, each authentication device initiates a reset transaction request and signs it.
例如:区块链账户A所在设备发起重置交易请求记为TX AFor example: the reset transaction request initiated by the device where the blockchain account A is located is recorded as TX A :
TX A=(publicKeyAddress′,publicKeyAddress,signature A,Proof A) TX A =(publicKeyAddress′, publicKeyAddress, signature A , Proof A )
其中,publicKeyAddress′为新外部账户,publicKeyAddress为九外部账户,signature A为区块链账户A的签名,Proof A为区块链账户A的证明信息。 Among them, publicKeyAddress' is the new external account, publicKeyAddress is the nine external accounts, signature A is the signature of blockchain account A, and Proof A is the certification information of blockchain account A.
相应地,区块链账户A所在设备发起重置交易请求记为TX A,区块链账户B所在设备发起重置交易请求记为TX BCorrespondingly, the reset transaction request initiated by the device of blockchain account A is recorded as TX A , and the reset transaction request initiated by the device of blockchain account B is recorded as TX B :
TX B=(publicKeyAddress′,publicKeyAddress,signature B,Proof B) TX B =(publicKeyAddress′, publicKeyAddress, signature B , Proof B )
TX C=(publicKeyAddress′,publicKeyAddress,signature C,Proof C) TX C =(publicKeyAddress′, publicKeyAddress, signature C , Proof C )
signature B为区块链账户B的签名,Proof B为区块链账户B的证明信息,signature C为区块链账户C的签名,Proof C为区块链账户C的证明信息。 signature B is the signature of blockchain account B, Proof B is the certification information of blockchain account B, signature C is the signature of blockchain account C, and Proof C is the certification information of blockchain account C.
S705、各个认证设备向区块链系统发送重置交易请求。S705. Each authentication device sends a reset transaction request to the blockchain system.
S706、区块链系统根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得各个关联账户的验证结果。S706. The blockchain system performs identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the blockchain, and obtains a verification result of each associated account.
在该步骤中,区块链网络根据交易签名对交易的发起设备上的区块链账户进行身份验证。区块链系统根据交易签名解析出发起重置交易请求的关联账户,并根据关联账户及对应的证明信息构建根哈希值,如果根哈希值和区块链上存储的联合关联账户密文相同,则重置交易请求的发起账户为关联账户,验证通过,交易成功;如果不相同,则不是关联账户,验证失败,交易失败。且累加验证通过的关联账户的数量,并判断是否达到重置阈值。In this step, the blockchain network authenticates the blockchain account on the transaction initiator device according to the transaction signature. The blockchain system analyzes the associated account that initiates the reset transaction request based on the transaction signature, and constructs the root hash value based on the associated account and the corresponding certification information. If the root hash value and the ciphertext of the joint associated account stored on the blockchain If they are the same, the originating account of the reset transaction request is an associated account, and the verification is passed, and the transaction is successful; if not, it is not an associated account, and the verification fails, and the transaction fails. And accumulate the number of associated accounts that pass the verification, and judge whether the reset threshold is reached.
S707、区块链系统在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。S707. The blockchain system performs account reset processing according to the reset information when the verification result of each associated account meets the preset reset condition.
在该步骤中,对于重置交易请求TX A,校验出交易TX A的发起设备上登陆的区块链账户A为关联账户,则累加签名个数为1,但仍未达到签名个数阈值要求,所以并不会进行账户重置。 In this step, for the reset transaction request TX A , it is verified that the blockchain account A logged in on the initiating device of the transaction TX A is an associated account, and the cumulative number of signatures is 1, but the threshold for the number of signatures has not yet been reached required, so no account reset will be performed.
由于认证设备上登陆的区块链账户B和认证设备上登陆的区块链账户C为关联账户,对重置交易请求TX B和重置交易请求TX C的发起设备上登陆的区块链账户进行验证,两个都验证通过,并累加签名个数到3,此时签名个数等于重置阈值,区块链系统将旧外部账户更新为新外部账户,模型如下: Since the blockchain account B logged in on the authentication device and the blockchain account C logged in on the authentication device are associated accounts, the blockchain account logged in on the device that initiates the reset transaction request TX B and reset transaction request TX C Verify that both are verified, and add up the number of signatures to 3. At this time, the number of signatures is equal to the reset threshold, and the blockchain system updates the old external account to a new external account. The model is as follows:
(publicKeyAddress,randomAddress)→(publicKeyAddress′,randomAddress)(publicKeyAddress, randomAddress) → (publicKeyAddress′, randomAddress)
更新后的区块链模型如图11。由于内部账户不变,所以用户的资产和权益并未丢失,且将外部账户重置为基于新私钥privateKey′对应的公钥生成的外部账户publicKeyAddress′,所以 认证设备通过新的私钥对发起交易请求进行签名后可以验证通过,继承了原私钥对应账户的资产和权益,原来的私钥将会失效。The updated blockchain model is shown in Figure 11. Since the internal account remains unchanged, the user's assets and rights and interests are not lost, and the external account is reset to the external account publicKeyAddress' generated based on the public key corresponding to the new private key privateKey', so the authentication device initiates through the new private key pair After the transaction request is signed, it can be verified, and the assets and rights of the account corresponding to the original private key will be inherited, and the original private key will become invalid.
在上述技术方案中,添加关联账户时不采用明文添加,而是对关联账户进行加密后添加,同时通过证明信息验证重置交易请求发起账户是否为多个关联账户中的其中一个,可降低关联账户被攻击,也无法从区块链中获取其他关联账户信息,可以防止关联账户合谋。In the above technical solution, when adding an associated account, the associated account is not added in plain text, but the associated account is encrypted and added, and at the same time, the verification information is used to verify whether the account that initiated the reset transaction request is one of the multiple associated accounts, which can reduce the number of associated accounts. Even if the account is attacked, other associated account information cannot be obtained from the blockchain, which can prevent the associated accounts from colluding.
如图12所示,本申请一实施例提供一种基于区块链的账户重置装置800,装置包括:As shown in Figure 12, an embodiment of the present application provides a blockchain-based account reset device 800, which includes:
第一处理模块801,用于针对每个认证设备,获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据重置信息和至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求;The first processing module 801 is configured to, for each authentication device, obtain reset information and the ciphertext of at least one associated account logged on other authentication devices, and generate a reset notification according to the reset information and the ciphertext of at least one associated account request to obtain the reset notification request corresponding to each authenticated device;
第一发送模块802,用于向每个认证设备发送对应的重置通知请求;其中,重置交易请求是每个认证设备根据对应的重置通知请求和其上登录的关联账户的密文生成的;The first sending module 802 is configured to send a corresponding reset notification request to each authentication device; wherein, the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it of;
其中,各个关联账户的验证结果是区块链系统根据每个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文进行身份验证获得的,区块链系统还用于在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。Among them, the verification results of each associated account are obtained by the blockchain system through identity verification based on the reset transaction request sent by each authentication device and the ciphertext of the joint associated account stored on the blockchain. When the verification result of each associated account meets the preset reset condition, the account reset process is performed according to the reset information.
在一实施例中,第一处理模块801,具体用于:In an embodiment, the first processing module 801 is specifically configured to:
根据至少一个关联账户的密文生成认证设备的证明信息;Generating certification information of the authentication device according to the ciphertext of at least one associated account;
根据认证设备的证明信息和重置信息生成重置通知请求。Generate a reset notification request based on the attestation information and reset information of the authenticated device.
在一实施例中,第一处理模块801,具体用于:In an embodiment, the first processing module 801 is specifically configured to:
将至少一个关联账户的密文进行分组,并对各个分组内的密文进行哈希计算,获得各个分组的哈希值;Group the ciphertext of at least one associated account, and perform hash calculation on the ciphertext in each group to obtain the hash value of each group;
循环执行将各个分组的哈希值分组后对分组内哈希值进行哈希计算获得多个分组的哈希值直至分组数量满足第一循环停止条件;Carry out cyclic execution to group the hash values of each group and then perform hash calculation on the hash values in the group to obtain the hash values of multiple groups until the number of groups satisfies the first loop stop condition;
将多个分组的哈希值作为认证设备的证明信息。The hash values of multiple groups are used as proof information for authenticating the device.
在一实施例中,第一处理模块801,具体用于:In an embodiment, the first processing module 801 is specifically configured to:
针对每个认证设备,获取认证设备上登录的关联账户,并对关联账户进行哈希处理生成关联账户的密文,以获得多个关联账户的密文。For each authentication device, the associated account logged on the authentication device is obtained, and hash processing is performed on the associated account to generate the ciphertext of the associated account, so as to obtain the ciphertext of multiple associated accounts.
在一实施例中,第一处理模块801,具体用于:In an embodiment, the first processing module 801 is specifically configured to:
随机生成第一非对称密钥,并根据第一非对称密钥中公钥生成新外部账户。The first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
在一实施例中,第一发送模块802,具体用于:In an embodiment, the first sending module 802 is specifically used for:
对旧外部账户关联的所有关联账户进行加密,生成联合关联账户密文;其中,旧外部账户是根据第二非对称密钥中公钥生成的;Encrypt all associated accounts associated with the old external account to generate a joint associated account ciphertext; wherein, the old external account is generated according to the public key in the second asymmetric key;
根据联合关联账户密文和重置阈值生成初始化交易请求,并使用第二非对称密钥中私钥对初始化交易请求进行签名;Generate an initial transaction request according to the ciphertext of the joint associated account and the reset threshold, and use the private key in the second asymmetric key to sign the initial transaction request;
向区块链系统发送签名后的初始化交易请求;Send a signed initial transaction request to the blockchain system;
其中,初始化交易请求用于使区块链系统在区块链上存储旧外部账户和内部账户之间的映射关系,内部账户包括联合关联账户密文和重置阈值。Among them, the initialization transaction request is used to make the blockchain system store the mapping relationship between the old external account and the internal account on the blockchain, and the internal account includes the ciphertext of the joint associated account and the reset threshold.
在一实施例中,第一处理模块801,具体用于:In an embodiment, the first processing module 801 is specifically configured to:
对旧外部账户关联的各个关联账户进行哈希计算,获得旧外部账户关联的各个关联账户密文;Perform hash calculation on each associated account associated with the old external account to obtain the ciphertext of each associated account associated with the old external account;
对旧外部账户关联的各个关联账户密文进行分组,并对各个分组内的密文进行哈希计算,获得各个分组的哈希值;Group the ciphertext of each associated account associated with the old external account, and perform hash calculation on the ciphertext in each group to obtain the hash value of each group;
循环执行将各个分组的哈希值分组后对分组内哈希值进行哈希计算获得多个分组的哈希值直至分组数量满足第二循环停止条件;Carry out cyclic execution to group the hash values of each group and then perform hash calculation on the hash values in the group to obtain the hash values of multiple groups until the number of groups satisfies the second loop stop condition;
将多个分组的哈希值进行哈希计算,获得联合关联账户密文。Perform hash calculation on the hash values of multiple groups to obtain the ciphertext of the joint associated account.
如图13所示,本申请一实施例提供一种基于区块链的账户重置装置900,装置包括:As shown in Figure 13, an embodiment of the present application provides a blockchain-based account reset device 900, which includes:
第一接收模块901,用于接收请求设备发送的重置通知请求;其中,重置通知请求是根据重置信息和其他认证设备上登录的关联账户的密文生成的;The first receiving module 901 is configured to receive a reset notification request sent by the requesting device; wherein, the reset notification request is generated according to the reset information and the ciphertext of the associated account logged in on other authentication devices;
第二处理模块902,用于根据重置通知请求和认证设备上登录的关联账户的密文生成重置交易请求;The second processing module 902 is configured to generate a reset transaction request according to the reset notification request and the ciphertext of the associated account logged on the authentication device;
第二发送模块903,用于向区块链系统发送重置交易请求;其中,各个关联账户的验证结果是区块链系统根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文进行身份验证获得的,区块链系统还用于当各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。The second sending module 903 is used to send a reset transaction request to the block chain system; wherein, the verification result of each associated account is the combination of the reset transaction request sent by the block chain system according to each authentication device and the block chain. The blockchain system is also used to perform account reset processing according to the reset information when the verification results of each associated account meet the preset reset conditions.
在一实施例中,第二处理模块902具体用于:In an embodiment, the second processing module 902 is specifically used to:
对认证设备上登录的关联账户进行哈希处理,获得认证设备上登录的关联账户的密文。Perform hash processing on the associated account logged in on the authentication device to obtain the ciphertext of the associated account logged in on the authentication device.
如图14所示,本申请一实施例提供一种基于区块链的账户重置装置110,装置包括:As shown in Figure 14, an embodiment of the present application provides a blockchain-based account reset device 110, which includes:
第二接收模块111,用于接收各个认证设备发送的重置交易请求;其中,各个重置交易请求是对应的认证设备根据对应的认证设备上登录的关联账户的密文和重置通知请求生成的;各个认证设备对应的重置通知请求是请求设备根据至少一个其他认证设备上登录的关联账户的密文和重置信息生成的;The second receiving module 111 is configured to receive reset transaction requests sent by each authentication device; wherein, each reset transaction request is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request The reset notification request corresponding to each authentication device is generated by the requesting device based on the ciphertext and reset information of the associated account logged on at least one other authentication device;
第三处理模块112,用于根据各个认证设备发送的重置交易请求和区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得各个关联账户的验证结果;The third processing module 112 is used to perform identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, and obtain the verification result of each associated account;
在各个关联账户的验证结果满足预设重置条件时根据重置信息进行账户重置处理。When the verification result of each associated account satisfies the preset reset condition, the account reset process is performed according to the reset information.
在一实施例中,第三处理模块112具体用于:In an embodiment, the third processing module 112 is specifically used for:
针对每个重置交易请求,解析重置交易请求获得认证设备的证明信息和认证设备上登录的关联账户的密文,并对证明信息和关联账户的密文进行加密处理生成合成密文,以获得多个合成密 文;For each reset transaction request, analyze the reset transaction request to obtain the certification information of the authentication device and the ciphertext of the associated account logged in on the authentication device, and encrypt the certification information and the ciphertext of the associated account to generate a composite ciphertext to Obtain multiple synthetic ciphertexts;
针对每个合成密文,将合成密文与联合关联账户密文进行比较获得关联账户的验证结果,以获得多个关联账户的验证结果。For each synthesized ciphertext, compare the synthesized ciphertext with the ciphertext of the joint associated account to obtain the verification result of the associated account, so as to obtain the verification results of multiple associated accounts.
在一实施例中,第三处理模块112具体用于:In an embodiment, the third processing module 112 is specifically used for:
当验证结果为验证通过的关联账户的数量超过重置阈值时,在区块链中使用新外部账户更新旧外部账户,并建立新外部账户与旧外部账户对应的内部账户之间的映射关系;When the verification result is that the number of associated accounts that have passed the verification exceeds the reset threshold, the new external account is used to update the old external account in the blockchain, and the mapping relationship between the new external account and the internal account corresponding to the old external account is established;
其中,内部账户包括联合关联账户密文以及重置阈值。Among them, the internal account includes the joint associated account ciphertext and reset threshold.
在一实施例中,第三处理模块112具体用于:In an embodiment, the third processing module 112 is specifically used for:
接收请求设备发送的初始化交易请求;Receive the initial transaction request sent by the requesting device;
在区块链上存储旧外部账户和内部账户之间的映射关系;Store the mapping relationship between old external accounts and internal accounts on the blockchain;
其中,旧外部账户包括联合关联账户密文和重置阈值。Among them, the old external account includes federated associated account ciphertext and reset threshold.
如图15所示,本申请一实施例提供一种电子设备120,电子设备120包括存储器121和处理器122。As shown in FIG. 15 , an embodiment of the present application provides an electronic device 120 , and the electronic device 120 includes a memory 121 and a processor 122 .
其中,存储器121用于存储处理器可执行的计算机指令;Wherein, the memory 121 is used to store computer instructions executable by the processor;
处理器122在执行计算机指令时实现上述实施例中方法中的各个步骤。具体可以参见前述方法实施例中的相关描述。The processor 122 implements each step in the methods in the above-mentioned embodiments when executing computer instructions. For details, refer to the related descriptions in the foregoing method embodiments.
可选地,上述存储器121既可以是独立的,也可以跟处理器122集成在一起。当存储器121独立设置时,该电子设备还包括总线,用于连接存储器121和处理器122。Optionally, the above-mentioned memory 121 can be independent or integrated with the processor 122 . When the memory 121 is set independently, the electronic device further includes a bus for connecting the memory 121 and the processor 122 .
本申请实施例还提供一种计算机可读存储介质,计算机可读存储介质中存储有计算机指令,当处理器执行计算机指令时,实现上述实施例中方法中的各个步骤。The embodiment of the present application also provides a computer-readable storage medium, in which computer instructions are stored, and when the processor executes the computer instructions, each step in the method in the foregoing embodiments is implemented.
本申请实施例还提供一种计算机程序产品,包括计算机指令,该计算机指令被处理器执行时实现上述实施例中方法中的各个步骤。An embodiment of the present application further provides a computer program product, including computer instructions, and when the computer instructions are executed by a processor, each step in the method in the foregoing embodiments is implemented.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本申请的其它实施方案。本申请旨在涵盖本申请的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵 循本申请的一般性原理并包括本申请未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本申请的真正范围和精神由下面的权利要求书指出。Other embodiments of the present application will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the application, these modifications, uses or adaptations follow the general principles of the application and include common knowledge or conventional technical means in the technical field not disclosed in the application . The specification and examples are to be considered exemplary only, with a true scope and spirit of the application indicated by the following claims.
应当理解的是,本申请并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本申请的范围仅由所附的权利要求书来限制。It should be understood that the present application is not limited to the precise constructions which have been described above and shown in the accompanying drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (15)

  1. 一种基于区块链的账户重置方法,其特征在于,所述方法应用于请求设备,重置系统包括请求设备、区块链系统及多个认证设备,所述方法包括:A blockchain-based account reset method, characterized in that the method is applied to a requesting device, and the reset system includes a requesting device, a blockchain system and multiple authentication devices, and the method includes:
    针对每个认证设备,获取重置信息和至少一个其他认证设备上登录的关联账户的密文,并根据所述重置信息和所述至少一个关联账户的密文生成重置通知请求,以获得每个认证设备对应的重置通知请求;所述重置信息包括新外部账户和旧外部账户;For each authentication device, obtain the reset information and the ciphertext of the associated account logged in at least one other authentication device, and generate a reset notification request according to the reset information and the ciphertext of the at least one associated account, to obtain A reset notification request corresponding to each authentication device; the reset information includes a new external account and an old external account;
    向每个认证设备发送对应的重置通知请求;其中,重置交易请求是所述每个认证设备根据对应的重置通知请求和其上登录的关联账户的密文生成的;Send a corresponding reset notification request to each authentication device; wherein, the reset transaction request is generated by each authentication device according to the corresponding reset notification request and the ciphertext of the associated account logged on it;
    其中,所述各个关联账户的验证结果是所述区块链系统根据所述每个认证设备发送的所述重置交易请求和区块链上存储的联合关联账户密文进行身份验证获得的,所述区块链系统还用于在各个关联账户的验证结果满足预设重置条件时根据所述重置信息进行账户重置处理;所述预设重置条件包括验证结果为验证通过的关联账户的数量大于或等于重置阈值。Wherein, the verification result of each associated account is obtained by the block chain system through identity verification according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, The block chain system is also used to perform account reset processing according to the reset information when the verification result of each associated account satisfies the preset reset condition; the preset reset condition includes an association whose verification result is verified The number of accounts is greater than or equal to the reset threshold.
  2. 根据权利要求1所述的方法,其特征在于,根据所述重置信息和所述至少一个关联账户的密文生成重置通知请求,具体包括:The method according to claim 1, wherein generating a reset notification request according to the reset information and the ciphertext of the at least one associated account specifically includes:
    根据所述至少一个关联账户的密文生成所述认证设备的证明信息;generating certification information of the authentication device according to the ciphertext of the at least one associated account;
    根据所述认证设备的证明信息和所述重置信息生成所述重置通知请求。generating the reset notification request according to the certification information of the authentication device and the reset information.
  3. 根据权利要求2所述的方法,其特征在于,根据所述至少一个关联账户的密文生成所述认证设备的证明信息,具体包括:The method according to claim 2, characterized in that generating the certification information of the authentication device according to the ciphertext of the at least one associated account, specifically comprising:
    将所述至少一个关联账户的密文进行分组,并对各个分组内的密文进行哈希计算,获得各个分组的哈希值;grouping the ciphertexts of the at least one associated account, and performing hash calculation on the ciphertexts in each group to obtain the hash value of each group;
    循环执行将各个分组的哈希值分组后对分组内哈希值进行哈 希计算获得多个分组的哈希值直至分组数量满足第一循环停止条件;Carry out the hash calculation of the hash values in the group to obtain the hash values of multiple groups after grouping the hash values of each group until the number of groups satisfies the first loop stop condition;
    将多个分组的哈希值作为所述认证设备的证明信息。The hash values of multiple groups are used as the certification information of the authentication device.
  4. 根据权利要求1至3中任意一项所述的方法,其特征在于,获取至少一个其他认证设备上登录的关联账户的密文,具体包括:The method according to any one of claims 1 to 3, wherein obtaining the ciphertext of the associated account logged in at least one other authentication device specifically includes:
    针对每个认证设备,获取所述认证设备上登录的关联账户,并对所述关联账户进行哈希处理生成关联账户的密文,以获得多个关联账户的密文。For each authentication device, the associated account logged in on the authentication device is obtained, and hash processing is performed on the associated account to generate the ciphertext of the associated account, so as to obtain the ciphertext of multiple associated accounts.
  5. 根据权利要求1至3中任意一项所述的方法,其特征在于,所述重置信息包括新外部账户,所述获取重置信息,具体包括:The method according to any one of claims 1 to 3, wherein the reset information includes a new external account, and the obtaining reset information specifically includes:
    随机生成第一非对称密钥,并根据所述第一非对称密钥中公钥生成新外部账户。A first asymmetric key is randomly generated, and a new external account is generated according to the public key in the first asymmetric key.
  6. 根据权利要求1至3中任意一项所述的方法,其特征在于,所述重置信息包括旧外部账户,在获取重置信息和至少一个其他认证设备上登录的关联账户的密文之前,所述方法包括:The method according to any one of claims 1 to 3, wherein the reset information includes the old external account, and before obtaining the reset information and the ciphertext of the associated account logged on at least one other authentication device, The methods include:
    对所述旧外部账户关联的所有关联账户进行加密,生成联合关联账户密文;其中,所述旧外部账户是根据第二非对称密钥中公钥生成的;Encrypt all associated accounts associated with the old external account to generate a joint associated account ciphertext; wherein, the old external account is generated according to the public key in the second asymmetric key;
    根据所述联合关联账户密文和重置阈值生成初始化交易请求,并使用所述第二非对称密钥中私钥对所述初始化交易请求进行签名;Generate an initialization transaction request according to the ciphertext of the joint associated account and the reset threshold, and use the private key in the second asymmetric key to sign the initialization transaction request;
    向所述区块链系统发送签名后的初始化交易请求;Send a signed initial transaction request to the blockchain system;
    其中,所述初始化交易请求用于使所述区块链系统在所述区块链上存储所述旧外部账户和内部账户之间的映射关系,所述内部账户包括所述联合关联账户密文和所述重置阈值。Wherein, the initialization transaction request is used to make the block chain system store the mapping relationship between the old external account and the internal account on the block chain, and the internal account includes the ciphertext of the joint associated account and the reset threshold.
  7. 根据权利要求6所述的方法,其特征在于,对所述旧外部账户关联的所有关联账户进行加密,生成联合关联账户密文,具体包括:The method according to claim 6, characterized in that, encrypting all associated accounts associated with the old external account to generate a joint associated account ciphertext, specifically comprising:
    对所述旧外部账户关联的各个关联账户进行哈希计算,获得 所述旧外部账户关联的各个关联账户密文;Perform hash calculation on each associated account associated with the old external account to obtain the ciphertext of each associated account associated with the old external account;
    对所述旧外部账户关联的各个关联账户密文进行分组,并对各个分组内的密文进行哈希计算,获得各个分组的哈希值;grouping the ciphertexts of each associated account associated with the old external account, and performing hash calculation on the ciphertexts in each group to obtain the hash value of each group;
    循环执行将各个分组的哈希值分组后对分组内哈希值进行哈希计算获得多个分组的哈希值直至分组数量满足第二循环停止条件;Carry out cyclic execution to group the hash values of each group and then perform hash calculation on the hash values in the group to obtain the hash values of multiple groups until the number of groups satisfies the second loop stop condition;
    将所述多个分组的哈希值进行哈希计算,获得所述联合关联账户密文。Perform hash calculation on the hash values of the multiple groups to obtain the ciphertext of the joint associated account.
  8. 一种基于区块链的账户重置方法,其特征在于,所述方法应用于认证设备,所述方法包括:A blockchain-based account reset method, characterized in that the method is applied to authentication equipment, and the method includes:
    接收请求设备发送的重置通知请求;其中,所述重置通知请求是根据重置信息和其他认证设备上登录的关联账户的密文生成的;所述重置信息包括新外部账户和旧外部账户;Receive a reset notification request sent by the requesting device; wherein, the reset notification request is generated based on the reset information and the ciphertext of the associated account logged in on other authentication devices; the reset information includes the new external account and the old external account account;
    根据所述重置通知请求和所述认证设备上登录的关联账户的密文生成重置交易请求;generating a reset transaction request according to the reset notification request and the ciphertext of the associated account logged in on the authentication device;
    向区块链系统发送所述重置交易请求;其中,各个关联账户的验证结果是所述区块链系统根据各个认证设备发送的所述重置交易请求和区块链上存储的联合关联账户密文进行身份验证获得的,所述区块链系统还用于当各个关联账户的验证结果满足预设重置条件时根据所述重置信息进行账户重置处理;所述预设重置条件包括验证结果为验证通过的关联账户的数量大于或等于重置阈值。Send the reset transaction request to the block chain system; wherein, the verification result of each associated account is that the block chain system sends the reset transaction request according to each authentication device and the joint associated account stored on the block chain The ciphertext is obtained through identity verification, and the blockchain system is also used to perform account reset processing according to the reset information when the verification results of each associated account meet the preset reset conditions; the preset reset conditions Include the number of associated accounts whose verification result is verified to be greater than or equal to the reset threshold.
  9. 根据权利要求8所述的方法,其特征在于,在根据所述认证设备上登录的关联账户的密文、所述其他认证设备上登录的关联账户的密文以及所述请求设备上登录的重置信息生成重置交易请求之前,所述方法还包括:The method according to claim 8, characterized in that, based on the ciphertext of the associated account logged in on the authentication device, the ciphertext of the associated account logged in on the other authentication device, and the re-encrypted account logged in on the requesting device Before the configuration information generates a reset transaction request, the method further includes:
    对所述认证设备上登录的关联账户进行哈希处理,获得所述认证设备上登录的关联账户的密文。Perform hash processing on the associated account logged in on the authentication device to obtain the ciphertext of the associated account logged in on the authentication device.
  10. 一种基于区块链的账户重置方法,其特征在于,所述方法 应用于区块链系统,所述方法包括:A blockchain-based account reset method, characterized in that the method is applied to a blockchain system, and the method includes:
    接收各个认证设备发送的重置交易请求;其中,各个所述重置交易请求是对应的认证设备根据所述对应的认证设备上登录的关联账户的密文和重置通知请求生成的;各个认证设备对应的重置通知请求是请求设备根据至少一个其他认证设备上登录的关联账户的密文和重置信息生成的;所述重置信息包括新外部账户和旧外部账户;Receive reset transaction requests sent by each authentication device; wherein, each of the reset transaction requests is generated by the corresponding authentication device according to the ciphertext of the associated account logged on the corresponding authentication device and the reset notification request; each authentication The reset notification request corresponding to the device is generated by the requesting device according to the ciphertext and reset information of the associated account logged on at least one other authentication device; the reset information includes the new external account and the old external account;
    根据各个认证设备发送的所述重置交易请求和区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得所述各个关联账户的验证结果;Perform identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, and obtain the verification result of each associated account;
    在各个关联账户的验证结果满足预设重置条件时根据所述重置信息进行账户重置处理;所述预设重置条件包括验证结果为验证通过的关联账户的数量大于或等于重置阈值。When the verification result of each associated account satisfies the preset reset condition, the account reset process is performed according to the reset information; the preset reset condition includes that the number of associated accounts whose verification result is verified is greater than or equal to the reset threshold .
  11. 根据权利要求10所述的方法,其特征在于,所述根据各个认证设备发送的所述重置交易请求和所述区块链上存储的联合关联账户密文对各个关联账户进行身份验证,获得所述各个关联账户的验证结果,具体包括:The method according to claim 10, characterized in that, performing identity verification on each associated account according to the reset transaction request sent by each authentication device and the joint associated account ciphertext stored on the block chain, to obtain The verification results of each associated account specifically include:
    针对每个重置交易请求,解析所述重置交易请求获得认证设备的证明信息和认证设备上登录的关联账户的密文,并对所述证明信息和所述关联账户的密文进行加密处理生成合成密文,以获得多个合成密文;For each reset transaction request, analyze the reset transaction request to obtain the certification information of the authentication device and the ciphertext of the associated account logged on the authentication device, and encrypt the certification information and the ciphertext of the associated account Generate composite ciphertexts to obtain multiple composite ciphertexts;
    针对每个合成密文,将所述合成密文与所述联合关联账户密文进行比较获得所述关联账户的验证结果,以获得多个关联账户的验证结果。For each synthesized ciphertext, compare the synthesized ciphertext with the joint associated account ciphertext to obtain the verification result of the associated account, so as to obtain the verification results of multiple associated accounts.
  12. 根据权利要求10或11所述的方法,其特征在于,在各个关联账户的验证结果满足预设重置条件时根据所述重置信息进行账户重置处理,具体包括:The method according to claim 10 or 11, wherein when the verification result of each associated account satisfies a preset reset condition, the account reset process is performed according to the reset information, specifically comprising:
    当所述验证结果为验证通过的关联账户的数量超过重置阈值时,在所述区块链中使用新外部账户更新旧外部账户,并建立所 述新外部账户与所述旧外部账户对应的内部账户之间的映射关系;When the verification result is that the number of associated accounts that have passed the verification exceeds the reset threshold, update the old external account with the new external account in the blockchain, and establish a relationship between the new external account and the old external account Mapping relationship between internal accounts;
    其中,所述内部账户包括联合关联账户密文以及所述重置阈值。Wherein, the internal account includes the cipher text of the joint associated account and the reset threshold.
  13. 根据权利要求10或11所述的方法,其特征在于,在接收各个认证设备发送的重置交易请求之前,所述方法还包括:The method according to claim 10 or 11, wherein before receiving the transaction reset request sent by each authentication device, the method further comprises:
    接收所述请求设备发送的初始化交易请求;receiving an initialization transaction request sent by the requesting device;
    在所述区块链上存储旧外部账户和内部账户之间的映射关系;storing the mapping relationship between the old external account and the internal account on the blockchain;
    其中,所述旧外部账户包括所述联合关联账户密文和重置阈值。Wherein, the old external account includes the joint associated account ciphertext and a reset threshold.
  14. 一种电子设备,包括:处理器,及与所述处理器通信连接的存储器;An electronic device, comprising: a processor, and a memory communicatively connected to the processor;
    所述存储器存储计算机执行指令;the memory stores computer-executable instructions;
    所述处理器执行所述存储器存储的计算机执行指令,以实现如权利要求1至7中任一项,或者,8或9所述的账户重置方法。The processor executes the computer-executed instructions stored in the memory, so as to realize the account reset method described in any one of claims 1-7, or 8 or 9.
  15. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机执行指令,所述计算机执行指令被处理器执行时用于实现如权利要求1至7任一项,8或9,或者,10至13中任意一项所述的账户重置方法。A computer-readable storage medium, characterized in that computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, they are used to implement any one of claims 1 to 7, 8 Or 9, or, the account reset method described in any one of 10 to 13.
PCT/CN2022/124274 2021-11-24 2022-10-10 Blockchain-based account resetting method, and device WO2023093319A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111405515.6A CN114049121B (en) 2021-11-24 2021-11-24 Block chain based account resetting method and equipment
CN202111405515.6 2021-11-24

Publications (1)

Publication Number Publication Date
WO2023093319A1 true WO2023093319A1 (en) 2023-06-01

Family

ID=80210877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/124274 WO2023093319A1 (en) 2021-11-24 2022-10-10 Blockchain-based account resetting method, and device

Country Status (2)

Country Link
CN (1) CN114049121B (en)
WO (1) WO2023093319A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455676A (en) * 2023-06-14 2023-07-18 章和技术(广州)有限公司 Equipment decryption method and device, electronic equipment and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114049121B (en) * 2021-11-24 2023-04-07 深圳前海微众银行股份有限公司 Block chain based account resetting method and equipment
CN115941354B (en) * 2022-12-31 2024-04-19 广州市鑫澳康科技有限公司 Cross-chain interaction identity authentication method and device based on blockchain and computer readable medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110022316A (en) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 The method and apparatus for creating block chain account and resetting account key
CN111311260A (en) * 2020-02-19 2020-06-19 深圳前海微众银行股份有限公司 Method and device for resetting account private key
CN111339199A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Block chain key recovery method and device
US20200228318A1 (en) * 2018-09-21 2020-07-16 NEC Laboratories Europe GmbH Method for signing a new block in a decentralized blockchain consensus network
US20200334674A1 (en) * 2019-04-19 2020-10-22 Coinbase, Inc. Systems and methods for blockchain administration
KR20200129939A (en) * 2019-05-10 2020-11-18 주식회사 메디블록 Method, system and non-transitory computer-readable recording medium for managing an account on blockchain network
CN114049121A (en) * 2021-11-24 2022-02-15 深圳前海微众银行股份有限公司 Block chain based account resetting method and equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10439812B2 (en) * 2018-02-02 2019-10-08 SquareLink, Inc. Technologies for private key recovery in distributed ledger systems
EP3815014A4 (en) * 2018-06-28 2022-03-30 Coinbase Inc. Wallet recovery method
CN109474424B (en) * 2018-12-17 2020-08-18 江苏恒宝智能系统技术有限公司 Block chain account key backup and recovery method and system
US11748687B2 (en) * 2019-03-28 2023-09-05 Ebay Inc. Dynamically generating visualization data based on shipping events

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200228318A1 (en) * 2018-09-21 2020-07-16 NEC Laboratories Europe GmbH Method for signing a new block in a decentralized blockchain consensus network
CN109951295A (en) * 2019-02-27 2019-06-28 百度在线网络技术(北京)有限公司 Key handling and application method, device, equipment and medium
CN110022316A (en) * 2019-03-29 2019-07-16 阿里巴巴集团控股有限公司 The method and apparatus for creating block chain account and resetting account key
US20200334674A1 (en) * 2019-04-19 2020-10-22 Coinbase, Inc. Systems and methods for blockchain administration
KR20200129939A (en) * 2019-05-10 2020-11-18 주식회사 메디블록 Method, system and non-transitory computer-readable recording medium for managing an account on blockchain network
CN111311260A (en) * 2020-02-19 2020-06-19 深圳前海微众银行股份有限公司 Method and device for resetting account private key
CN111339199A (en) * 2020-02-28 2020-06-26 中国工商银行股份有限公司 Block chain key recovery method and device
CN114049121A (en) * 2021-11-24 2022-02-15 深圳前海微众银行股份有限公司 Block chain based account resetting method and equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455676A (en) * 2023-06-14 2023-07-18 章和技术(广州)有限公司 Equipment decryption method and device, electronic equipment and storage medium
CN116455676B (en) * 2023-06-14 2024-01-26 章和技术(广州)有限公司 Equipment decryption method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN114049121B (en) 2023-04-07
CN114049121A (en) 2022-02-15

Similar Documents

Publication Publication Date Title
US10116453B2 (en) Method for distributed trust authentication
US11533297B2 (en) Secure communication channel with token renewal mechanism
WO2020087805A1 (en) Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network
WO2023093319A1 (en) Blockchain-based account resetting method, and device
WO2020182151A1 (en) Methods for splitting and recovering key, program product, storage medium, and system
CN106104562B (en) System and method for securely storing and recovering confidential data
KR102580509B1 (en) Computer-implemented system and method enabling secure storage of large-scale blockchains through multiple storage nodes
US8059818B2 (en) Accessing protected data on network storage from multiple devices
WO2018045568A1 (en) Access control method oriented to cloud storage service platform and system thereof
CN109359464B (en) Wireless security authentication method based on block chain technology
TW201918049A (en) Trusted remote attestation method, device and system capable of ensuring information security without causing an influence on the operation of the server terminal during the policy deployment process
CN108173827B (en) Block chain thinking-based distributed SDN control plane security authentication method
US11038699B2 (en) Method and apparatus for performing multi-party secure computing based-on issuing certificate
Frymann et al. Asynchronous remote key generation: An analysis of yubico's proposal for W3C webauthn
WO2019110018A1 (en) Message authentication method for communication network system, communication method and communication network system
Albalawi et al. A survey on authentication techniques for the internet of things
WO2020215572A1 (en) Authentication communication method and device, storage medium, and computer device
JP2015192446A (en) Program, cipher processing method, and cipher processing device
JP2016522637A (en) Secured data channel authentication that implies a shared secret
EP4096160A1 (en) Shared secret implementation of proxied cryptographic keys
WO2022143498A1 (en) Access control method and apparatus, and network-side device, terminal and blockchain node
Tiwari et al. ACDAS: Authenticated controlled data access and sharing scheme for cloud storage
WO2022143935A1 (en) Blockchain-based method and system for sdp access control
WO2017020669A1 (en) Method and device for authenticating identity of node in distributed system
Liou et al. T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22897404

Country of ref document: EP

Kind code of ref document: A1