WO2024180903A1 - 情報処理装置、情報処理方法、及びプログラム - Google Patents

情報処理装置、情報処理方法、及びプログラム Download PDF

Info

Publication number
WO2024180903A1
WO2024180903A1 PCT/JP2024/000037 JP2024000037W WO2024180903A1 WO 2024180903 A1 WO2024180903 A1 WO 2024180903A1 JP 2024000037 W JP2024000037 W JP 2024000037W WO 2024180903 A1 WO2024180903 A1 WO 2024180903A1
Authority
WO
WIPO (PCT)
Prior art keywords
distribution
information processing
user
processing device
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2024/000037
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
勇作 前田
信也 丸山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Group Corp
Original Assignee
Sony Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Group Corp filed Critical Sony Group Corp
Priority to JP2025503609A priority Critical patent/JPWO2024180903A1/ja
Priority to EP24763388.6A priority patent/EP4675536A4/en
Publication of WO2024180903A1 publication Critical patent/WO2024180903A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This disclosure relates to an information processing device, an information processing method, and a program.
  • Wallets which act as virtual wallets, are used to manage such cryptocurrency.
  • a wallet is a system that manages the addresses of cryptocurrency owned by the user, as well as the private and public keys used to generate electronic signatures used when trading cryptocurrency. Wallets are broadly classified into two types depending on the method for managing the private key.
  • a custodial wallet users can entrust the management of their private keys to the business operator.
  • a custodial wallet requires users to trust the business operator, users can trade crypto assets by accessing the business operator's services from any device.
  • non-custodial wallet the user must manage their own private key.
  • users can trade crypto assets without having to trust a third party, but it can be difficult to trade crypto assets on any device.
  • MPC technology is a cryptographic technology that derives the results of calculations using values input from multiple subjects that do not trust each other, without sharing the input values of each of them. Therefore, in a wallet using MPC technology, the private key is divided into multiple distributed fragments and managed in a distributed manner, and when generating an electronic signature, the distributed fragments are obtained from each of the distribution destinations, making it possible to calculate the calculation results required for an electronic signature without recovering the private key.
  • an information processing device comprising: a distribution destination control unit that controls, based on a user's selection, a plurality of distribution destinations that respectively store a plurality of distribution fragments obtained by secretly distributing a private key; a signature generation unit that generates an electronic signature using the private key by using some of the plurality of distribution fragments stored in the plurality of distribution destinations; a transaction issuance unit that issues a transaction to which the electronic signature is attached to a blockchain; and an audit unit that verifies which of the plurality of distribution fragments was used to generate the electronic signature attached to the transaction on the blockchain.
  • a computer-based information processing method which includes controlling multiple distribution destinations that store multiple distribution fragments obtained by secretly distributing a private key based on a user's selection, generating an electronic signature using the private key using some of the multiple distribution fragments stored in the multiple distribution destinations, issuing a transaction to which the electronic signature is attached to a blockchain, and verifying which of the multiple distribution fragments was used to generate the electronic signature attached to the transaction on the blockchain.
  • a program for causing a computer to function as a distribution destination control unit that controls multiple distribution destinations that store multiple distribution fragments obtained by secretly distributing a private key based on a user's selection, a signature generation unit that generates an electronic signature using the private key using some of the multiple distribution fragments stored in the multiple distribution destinations, a transaction issuance unit that issues a transaction to which the electronic signature is attached to a blockchain, and an audit unit that verifies which of the multiple distribution fragments was used to generate the electronic signature attached to the transaction on the blockchain.
  • FIG. 1 is an explanatory diagram showing cryptocurrency transactions using blockchain technology.
  • FIG. 1 is an explanatory diagram illustrating distributed management of private keys using MPC technology.
  • 1 is a block diagram showing an internal configuration of an information processing device according to an embodiment of the present disclosure.
  • FIG. 13 is an explanatory diagram showing an example of an image for selecting a distribution destination for storing the distributed pieces of a private key. 13 is an explanatory diagram showing an example of an image for allowing other terminals owned by a user to participate in distributed management of distributed pieces.
  • FIG. An explanatory diagram showing an example of an image for allowing a server of AA Bank, a third-party organization, to participate in the distributed management of distributed pieces.
  • FIG. 10 is an explanatory diagram showing an example of an image showing the verification result of a digital signature attached to a transaction.
  • 11 is a sequence diagram showing the operation of an information processing device when generating shares of a private key.
  • FIG. 1 is a sequence showing an operation of an information processing device when issuing a transaction. 1 is a sequence showing an operation of an information processing device when verifying a digital signature.
  • FIG. 13 is an explanatory diagram showing an example of an image showing the reliability of a distribution destination that distributes and manages the dispersed pieces.
  • 11 is a sequence diagram showing the operation of an information processing device when switching the distribution destination storing distribution pieces to another distribution destination.
  • FIG. 2 is a block diagram illustrating an example hardware configuration of an information processing device according to an embodiment of the present disclosure.
  • Fig. 1 is an explanatory diagram showing crypto asset transactions using blockchain technology.
  • Fig. 2 is an explanatory diagram explaining distributed management of private keys using MPC technology.
  • crypto assets are financial values that are managed in a decentralized manner by an information processing system 10 that is configured by directly connecting multiple terminals on a network.
  • the information processing system 10 records the transaction history of crypto assets that occurs within the network on a blockchain, and manages the blockchain in a decentralized manner across multiple terminals.
  • each node of the information processing system 10 verifies the issued transaction Tr at predetermined intervals and compiles the verified transactions Tr into a block.
  • the block integrating the transactions Tr is linked to the blockchain as a new block, thereby completing the transaction of the cryptocurrency contained in the block.
  • an electronic signature ES by the user who issued the transaction Tr is attached to the transaction Tr.
  • the electronic signature ES is attached to check whether the contents of the transaction Tr have been tampered with.
  • the electronic signature ES can be verified using the public key that corresponds to the private key used when generating the electronic signature ES.
  • the private key that generates the electronic signature ES to be attached to the transaction Tr is managed, for example, in a wallet installed in the information processing device 100, and is used when generating the transaction Tr on the information processing device 100. Therefore, in order to properly manage crypto assets, it is important to properly manage the private key that generates the electronic signature ES so that it is not lost or stolen.
  • the multiple shares Fr into which the private key SK is split are managed in a distributed manner, for example, in an information processing device 100 in which the user's wallet is installed, another terminal 101 owned by the user, a server 200 of a business providing services related to cryptocurrency transactions, or a third-party institution 300.
  • the shared fragments Fr of the private key SK cannot generate an electronic signature ES by themselves. Therefore, by managing the shared fragments Fr in a distributed manner, the user can reduce the risk of an electronic signature ES being generated by another person when the shared fragments Fr are lost or stolen.
  • the information processing device 100 can generate an electronic signature ES using the private key SK without restoring the private key SK by collecting a predetermined number of shared fragments Fr of the private key SK. Therefore, by managing each of the shared fragments Fr of the private key SK in a distributed manner among different entities or different terminals, it is possible to reduce the risks associated with storing the private key SK while maintaining the convenience of the private key SK.
  • the information processing device 100 is capable of controlling the distribution destinations in which the shared fragments Fr of the private key SK are stored, based on the user's selection. In such a case, the information processing device 100 can distribute and manage the shared fragments Fr in distribution destinations that the user trusts, thereby further increasing the sense of security in cryptocurrency transactions.
  • the information processing device 100 is capable of verifying which of the distributed pieces Fr of the private key SK was used to generate the electronic signature ES generated by the private key SK.
  • the information processing device 100 can quickly detect the loss or theft of a distributed piece Fr of the private key SK by verifying the generation of the electronic signature ES that is unknown to the user. Therefore, the information processing device 100 can further improve the safety of the operation of the private key SK.
  • Fig. 3 is a block diagram showing the internal configuration of the information processing device 100 according to this embodiment.
  • the information processing device 100 includes an input unit 110, a candidate presentation unit 120, a distribution destination control unit 130, a signature generation unit 140, a transaction issuance unit 150, an audit unit 160, and a communication unit 170.
  • the input unit 110 is a device that accepts input from a user, such as a mouse, keyboard, touch panel, button, switch, or lever.
  • the input unit 110 can accept input from a user that specifies the distribution destination for managing the distributed share Fr of the private key SK.
  • the input unit 110 can also accept input of cryptocurrency transaction details from a user.
  • the candidate presentation unit 120 presents to the user candidates for distribution destinations for storing each of the multiple shares Fr obtained by dividing the private key SK.
  • the candidate presentation unit 120 presents to the user candidates for distribution destinations having different entities or terminals that can independently manage the shares Fr of the private key SK.
  • the candidate presentation unit 120 may present the information processing device 100, other terminals owned by the user, a server of a business providing services related to cryptocurrency transactions, or a server of a third-party institution as candidates for distribution destinations of the shares Fr.
  • the user can determine the distribution destination for storing the shares Fr of the private key SK by selecting a predetermined number of candidates from the candidates for distribution destinations presented by the candidate presentation unit 120.
  • the candidate presentation unit 120 may present devices owned by the user's relatives or friends as candidates for distribution destinations of the distributed pieces Fr.
  • the candidate presentation unit 120 may present the user with other candidates for distribution destinations other than those mentioned above, so long as they are devices owned by trustworthy people or servers of trustworthy institutions.
  • the candidate presentation unit 120 may present the user with candidates for distribution destinations for storing the shared fragment Fr of the private key SK by presenting the image 500 shown in FIG. 4.
  • FIG. 4 is an explanatory diagram showing an example of the image 500 for selecting a distribution destination for storing the shared fragment Fr of the private key SK.
  • option images 501, 502, 503, 504, and 505 are displayed as options for the distribution destination of the shared piece Fr of the private key SK.
  • Option image 501 is an option for selecting the information processing device 100 itself as the distribution destination of the shared piece Fr of the private key SK.
  • Option image 502 is an option for selecting another terminal owned by the user as the distribution destination of the shared piece Fr of the private key SK.
  • Option image 503 is an option for selecting a server of a business providing services related to cryptocurrency transactions as the distribution destination of the shared piece Fr of the private key SK.
  • Option image 504 is an option for selecting a server of AA Bank, which is a third-party institution, as the distribution destination of the shared piece Fr of the private key SK.
  • Option image 505 is an option for selecting a server of BB Bank, which is a third-party institution, as the distribution destination of the shared piece Fr of the private key SK.
  • Image 500 shown in FIG. 4 shows an example in which the user has selected option image 501 (information processing device 100), option image 503 (business operator's server), and option image 505 (server of BB Bank, a third-party institution) as the distribution destination of the shared piece Fr of the private key SK.
  • option image 501 information processing device 100
  • option image 503 business operator's server
  • option image 505 server of BB Bank, a third-party institution
  • the distribution destination of the shared piece Fr of the private key SK is selected, as shown in image 510 in FIG. 4, it is confirmed whether or not to confirm the distribution destination of the shared piece Fr.
  • the user can decide the distribution destination for storing the shared piece Fr from the presented candidate distribution destinations.
  • the distribution destination control unit 130 controls multiple distribution destinations that each distribute and manage multiple distribution pieces Fr of the private key SK based on the user's selection. Specifically, the distribution destination control unit 130 requests the terminal or server selected by the user as the distribution destination of the distribution piece Fr to participate in the distributed management of the distribution piece Fr, and executes the generation process of the distribution piece Fr of the private key SK by working with the distribution destination that accepts the request.
  • the distribution destination control unit 130 may request a terminal or server selected as the distribution destination of the distributed piece Fr to participate in the distributed management of the distributed piece Fr by presenting image 520 shown in FIG. 5 and image 530 shown in FIG. 6.
  • FIG. 5 is an explanatory diagram showing an example of image 520 for allowing other terminals owned by the user to participate in the distributed management of the distributed piece Fr.
  • FIG. 6 is an explanatory diagram showing an example of image 530 for allowing a server of AA Bank, a third-party institution, to participate in the distributed management of the distributed piece Fr.
  • the distribution destination control unit 130 may present an image 520 including a two-dimensional code 521 indicating the URL of a website for registering the distribution destination of the distributed fragment Fr.
  • the user can register the other terminal as a distribution destination of the distributed fragment Fr by having the other terminal determined as the distribution destination of the distributed fragment Fr read the presented two-dimensional code 521.
  • the distribution destination control unit 130 may present a website for logging in to the third-party institution as image 530 and prompt the user to log in to the third-party institution. If the user's login to the third-party institution is confirmed, the distribution destination control unit 130 requests the server of the third-party institution to participate in the distributed management of the distributed piece Fr. Note that if the user's login to the third-party institution is not confirmed, the distribution destination control unit 130 may inform the user that the server of the third-party institution cannot be used as a distribution destination for the distributed piece Fr.
  • the information processing device 100 and the distribution destinations that accepted the request each perform calculations independently using known MPC technology and transmit and receive the calculation results to generate the shared pieces Fr of the private key SK.
  • the shared pieces Fr of the private key SK are each generated on the distribution destination terminals or servers that participated in the process of generating the shared pieces Fr of the private key SK, so that the information processing device 100 can distribute and manage the shared pieces Fr of the private key SK at each distribution destination.
  • the signature generation unit 140 generates an electronic signature ES using a private key SK, using some of the multiple distribution fragments Fr stored in each of the multiple distribution destinations. Specifically, the signature generation unit 140 notifies the multiple distribution destinations that store the multiple distribution fragments Fr of the execution of a process for generating an electronic signature ES using the private key SK, and generates an electronic signature ES using the private key SK by working with the multiple distribution destinations that respond.
  • the signature generation unit 140 receives the distributed fragments Fr stored in each of the multiple distribution destinations, but does not restore the private key SK itself.
  • the signature generation unit 140 can generate an electronic signature ES using the private key SK from the multiple distributed fragments Fr without restoring the private key SK.
  • An electronic signature ES based on a private key SK can be generated when a predetermined number of shares Fr out of all shares Fr of the private key SK are collected.
  • the number of shares Fr required to generate an electronic signature ES based on a private key SK can be set when executing the process of generating the shares Fr of the private key SK.
  • the transaction issuing unit 150 issues a transaction Tr with an electronic signature ES attached to the blockchain of the information processing system 10. Specifically, the transaction issuing unit 150 first generates a transaction Tr that moves crypto assets managed in the blockchain of the information processing system 10 from one address to another address based on input from a user. Next, the transaction issuing unit 150 attaches an electronic signature ES using a private key SK to the generated transaction Tr, and then issues the transaction Tr with the electronic signature ES attached to the blockchain of the information processing system 10.
  • Transaction Tr issued to the blockchain is verified by each node of the information processing system 10, and then organized into blocks at predetermined intervals.
  • the block containing transaction Tr is then linked to the blockchain as a new block, thereby completing the transfer of the cryptocurrency indicated in transaction Tr.
  • the information processing device 100 can set in advance in the blockchain as a smart contract an audit rule to approve only electronic signatures ES including a specific distributed fragment Fr. In such a case, the information processing device 100 can control so that only transactions Tr of electronic signatures ES generated using distributed fragments Fr stored in the information processing device 100 itself are added to the blockchain. This allows the user to prevent transactions Tr that bring disadvantages to the user from being issued to the blockchain without the user's involvement.
  • the audit unit 160 verifies which shared fragment Fr was used to generate the electronic signature ES attached to the transaction Tr on the blockchain. Specifically, the audit unit 160 first obtains information about the transaction Tr incorporated in the blockchain of the information processing system 10 from the blockchain. Next, the audit unit 160 verifies the electronic signature ES attached to the transaction Tr to identify the shared fragment Fr used to generate the electronic signature ES.
  • the audit unit 160 may present the verification result of the electronic signature ES attached to the transaction Tr to the user by presenting the image 540 shown in FIG. 7.
  • FIG. 7 is an explanatory diagram showing an example of the image 540 showing the verification result of the electronic signature ES attached to the transaction Tr.
  • the image 540 shown in FIG. 7 includes transaction information text 541 showing information about the verified transaction Tr, and verification result text 542 showing the verification result of the electronic signature ES attached to the transaction Tr.
  • the transaction information text 541 may include, for example, information on the amount of cryptocurrency transferred in the verified transaction Tr, the source of the cryptocurrency, and the destination of the cryptocurrency.
  • the transaction information text 541 may further include information on the date and time when the transaction Tr was issued.
  • the verification result text 542 may include, for example, information on the entity or terminal storing the distributed fragment Fr that generated the electronic signature ES attached to the transaction Tr.
  • the communication unit 170 is, for example, a communication interface for connecting to the network of the information processing system 10.
  • the communication unit 170 may be, for example, a communication card for a wired or wireless LAN (Local Area Network), Wi-Fi (registered trademark), Bluetooth (registered trademark), or WUSB (Wireless USB).
  • the information processing device 100 can issue a transaction Tr indicating a cryptocurrency transaction to the network of the information processing system 10 via the communication unit 170.
  • the information processing device 100 can obtain information regarding the issued transaction Tr from the network of the information processing system 10 via the communication unit 170.
  • the information processing device 100 having the above configuration can divide the private key SK used in cryptocurrency transactions into multiple distributed fragments Fr, and store the divided distributed fragments Fr in respective distribution destinations selected by the user. As a result, the information processing device 100 can distribute and manage the distributed fragments Fr in distribution destinations that the user trusts more, thereby further increasing the sense of security in cryptocurrency transactions.
  • the information processing device 100 can verify which shared fragment Fr of the private key SK was used to generate the electronic signature ES of a transaction Tr issued on a blockchain that manages crypto assets. This allows the information processing device 100 to verify which shared fragment Fr was used to generate the electronic signature ES attached to a suspicious transaction Tr, making it possible to quickly detect misuse or theft of a shared fragment Fr that is managed in a distributed manner.
  • Fig. 8 is a sequence diagram showing the operation of the information processing device 100 when generating a shared piece Fr of a private key SK.
  • Fig. 9 is a sequence diagram showing the operation of the information processing device 100 when issuing a transaction Tr.
  • Fig. 10 is a sequence diagram showing the operation of the information processing device 100 when verifying a digital signature.
  • the user determines (S101) the distribution destination of the shared piece Fr of the private key SK from among the distribution destination candidates presented by the candidate presentation unit 120.
  • the information processing device 100, the first distribution destination, and the second distribution destination are determined as the distribution destination of the shared piece Fr of the private key SK.
  • the distribution destination control unit 130 requests the determined distribution destinations (the first distribution destination and the second distribution destination) to participate in the distribution management of the distribution piece Fr (S102, S104).
  • the first distribution destination and the second distribution destination each reply that they accept the request (S103, S105).
  • the distribution destination control unit 130 executes a process for generating a distribution piece Fr of the private key SK in cooperation with the first distribution destination and the second distribution destination (S106). Specifically, the information processing device 100, the first distribution destination, and the second distribution destination each perform calculations and transmit and receive the calculation results to each other, thereby generating a distribution piece Fr in each of the information processing device 100, the first distribution destination, and the second distribution destination.
  • the generated distribution pieces Fr are stored in the information processing device 100, the first distribution destination, and the second distribution destination, respectively (S107, S108, S109). This allows the information processing device 100 to distribute and manage the three distribution pieces Fr obtained by dividing the private key SK in the information processing device 100, the first distribution destination, and the second distribution destination, respectively.
  • the transaction issuing unit 150 sets an audit rule based on an input from a user (S201).
  • the audit rule may impose restrictions on the fragment Fr used to generate the electronic signature ES.
  • the audit rule may require that the fragment Fr stored in the information processing device 100 itself be used to generate the electronic signature ES attached to the transaction Tr.
  • the transaction issuing unit 150 sends the set audit rules to the blockchain (S202) and implements the audit rules as a smart contract in the blockchain (S203).
  • the signature generation unit 140 first executes a process of generating an electronic signature ES using the private key SK by working with the first distribution destination, the second distribution destination, and the information processing device 100, which respectively store the multiple distribution pieces Fr (S205).
  • an electronic signature ES using the private key SK is generated, and the transaction issuing unit 150 can generate a transaction Tr to which the electronic signature ES is attached (S206).
  • the transaction issuing unit 150 issues the transaction Tr with the electronic signature ES attached to the blockchain (S207).
  • the transaction Tr issued to the blockchain has the electronic signature ES and audit rules verified at each node of the information processing system 10 that manages the blockchain (S208). After verification, the transaction Tr is organized into blocks at predetermined intervals and then linked to the blockchain as a new block (S209). This completes the transfer of crypto assets indicated by the issued transaction Tr.
  • the audit unit 160 acquires information about the transaction Tr from the blockchain (S302), and verifies which share fragment Fr was used to generate the electronic signature ES attached to the acquired transaction Tr (S303). Specifically, the audit unit 160 can identify the share fragment Fr used to generate the electronic signature ES by calculating the electronic signature ES attached to the transaction Tr.
  • the information processing device 100 can quickly detect misuse or theft of the distributed pieces Fr used to generate the electronic signature ES by verifying the electronic signature ES attached to a suspicious transaction Tr.
  • a first modified example of the information processing device 100 according to the present embodiment will be described with reference to Fig. 11.
  • the first modified example is a modified example in which the reliability of the combination of distribution destinations selected by the user is further presented to the user.
  • Fig. 11 is an explanatory diagram showing an example of an image 550 indicating the reliability of the distribution destinations that manage the distribution of the dispersion pieces Fr.
  • the candidate presentation unit 120 may digitize the reliability of the selected combination of distribution destinations and present it to the user. Specifically, the candidate presentation unit 120 may calculate the reliability of the selected combination of distribution destinations as a numerical value based on a predetermined rule, and present the calculated numerical reliability value to the user.
  • the information processing device 100 (this terminal), the business operator's server (wallet server), and the server of AA Bank, a third-party institution (AA Bank server), are selected as distribution destinations for the distribution piece Fr, as shown in option images 551, 553, and 554.
  • the candidate presentation unit 120 may present the user with the reliability value of the combination of these distribution destinations in reliability image 556 (80 points).
  • the reliability value may be calculated, for example, based on the number of shares into which the private key SK is divided, Fr, and the number of shares Fr required to generate an electronic signature ES using the private key SK, or based on the possibility of collusion between the distribution destinations (for example, the commonality of the operating entities of the distribution destinations, or the commonality of the cloud services used by the distribution destination servers), or based on the security strength of the distribution destinations.
  • the reliability of the combination of destinations for the dispersion pieces Fr may be calculated using the following items in a deductive manner from a predetermined score (e.g., 100 points).
  • a predetermined score e.g. 100 points.
  • the number of distributed fragments Fr required to generate an electronic signature ES is less than the number of distributed fragments Fr: -20 points .
  • the candidate presentation unit 120 may present to the user the rule that caused the point deduction and the distribution destinations that were the subject of the rule. This allows the user to obtain a guide for selecting a more reliable combination of distribution destinations, making it easier to select a more reliable combination of distribution destinations.
  • the reliability value may be calculated using a point-adding method from a predetermined score (e.g., 0 points) instead of the point-deducting method described above.
  • the reliability value may also be calculated using both the point-deducting method and the point-adding method.
  • the candidate presentation unit 120 may also certify candidates for distribution destinations with high reliability and present the certified candidates for distribution destinations to the user with emphasis.
  • the candidate presentation unit 120 may certify, for example, organizations that meet certain conditions, such as having robust security measures in place or a low number of security incidents, as candidates for distribution destinations with high reliability. By presenting the certified candidates for distribution destinations to the user with emphasis, the candidate presentation unit 120 can allow the user to more easily select a distribution destination with high reliability.
  • the candidate presentation unit 120 may prepare a combination of distribution destinations with high reliability as a template in advance. By presenting the combination of distribution destinations prepared in advance to the user, the candidate presentation unit 120 can make it easier for the user to select a distribution destination for the dispersion piece Fr.
  • a second modified example of the information processing device 100 according to this embodiment will be described with reference to Fig. 12.
  • the information processing device 100 can perform processing to switch the distribution destination that stores the distribution piece Fr to another distribution destination.
  • Fig. 12 is a sequence showing the operation of the information processing device 100 when switching the distribution destination that stores the distribution piece Fr to another distribution destination.
  • the distribution destination control unit 130 sends a request to the second distribution destination to switch the storage of the distribution piece Fr from the second distribution destination to the third distribution destination (S402).
  • the second distribution destination that receives the request encrypts the stored distribution piece Fr and sends it to the third distribution destination (S403).
  • the third distribution destination that receives the encrypted distribution piece Fr decrypts and stores the received distribution piece Fr (S404).
  • the distribution destination control unit 130 performs processing to prevent misuse of the distribution pieces Fr stored in the second distribution destination, which is the distribution destination before the switch. Specifically, the distribution destination control unit 130 cooperates with the first distribution destination and the third distribution destination to reset the random number components of each of the distribution pieces Fr stored therein (S405). As a result, the distribution pieces Fr stored in the second distribution destination are invalidated, and it becomes impossible to generate an electronic signature ES using the distribution pieces Fr stored in the second distribution destination. In the above processing, as with the generation of an electronic signature ES using the private key SK, it is possible to only reset the random number components of each of the distribution pieces Fr without restoring the private key SK.
  • the distribution destination control unit 130 can also prevent misuse of the distribution fragments Fr stored in the second distribution destination before the switch, without resetting the random number components of each of the distribution fragments Fr.
  • the distribution destination control unit 130 may limit the number of times the distribution destination that stores the distribution pieces Fr is switched. For example, the distribution destination control unit 130 may limit the number of times the distribution destination is switched so that the number of distribution destinations that can be switched at one time is less than the number of distribution pieces Fr required to generate the electronic signature ES. In this way, the distribution destination control unit 130 can prevent the electronic signature ES from being generated using only the distribution pieces Fr that were stored in the distribution destination before the switch.
  • the distribution destination control unit 130 may set an audit rule in the smart contract that limits the distribution piece Fr used when generating the electronic signature ES.
  • the distribution destination control unit 130 may set an audit rule in the smart contract to the effect that the electronic signature ES is always generated using the distribution piece Fr stored in the first distribution destination or the information processing device 100, where the distribution destination of the distribution piece Fr has not been switched.
  • the distribution destination control unit 130 may set an audit rule in the smart contract to the effect that the electronic signature ES is always generated using the distribution piece Fr stored in the information processing device 100, which is a terminal owned by the user. In this way, the distribution destination control unit 130 can prevent the electronic signature ES from being generated using only the distribution piece Fr that was stored in the distribution destination before the switch.
  • Fig. 13 is a block diagram showing an example of the hardware configuration of the information processing device 100 according to this embodiment.
  • the functions of the information processing device 100 may be realized by collaboration between software and hardware described below.
  • the functions of the candidate presentation unit 120, distribution destination control unit 130, signature generation unit 140, transaction issuing unit 150, and audit unit 160 may be executed by, for example, the CPU 901.
  • the functions of the input unit 110 may be executed by the input device 906.
  • the functions of the communication unit 170 may be executed by, for example, the connection port 910 or the communication device 911.
  • the information processing device 100 includes a CPU (Central Processing Unit) 901, a ROM (Read Only Memory) 902, and a RAM (Random Access Memory) 903.
  • a CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • the information processing device 100 may further include a host bus 904a, a bridge 904, an external bus 904b, an interface 905, an input device 906, an output device 907, a storage device 908, a drive 909, a connection port 910, or a communication device 911.
  • the information processing device 100 may have a processing circuit such as a DSP (Digital Signal Processor) or an ASIC (Application Specific Integrated Circuit) instead of or together with the CPU 901.
  • DSP Digital Signal Processor
  • ASIC Application Specific Integrated Circuit
  • the CPU 901 functions as an arithmetic processing device or control device, and controls operations within the information processing device 100 in accordance with various programs recorded in the ROM 902, the RAM 903, the storage device 908, or a removable recording medium attached to the drive 909.
  • the ROM 902 stores programs used by the CPU 901, arithmetic parameters, etc.
  • the RAM 903 temporarily stores programs used in the execution of the CPU 901, and parameters used during the execution of the programs.
  • the CPU 901, ROM 902, and RAM 903 are interconnected by a host bus 904a capable of high-speed data transmission.
  • the host bus 904a is connected to an external bus 904b, such as a PCI (Peripheral Component Interconnect/Interface) bus, via a bridge 904, and the external bus 904b is connected to various components via an interface 905.
  • PCI Peripheral Component Interconnect/Interface
  • the input device 906 is, for example, a device that accepts input from a user, such as a mouse, keyboard, touch panel, button, switch, or lever.
  • the input device 906 may also be a microphone that detects the user's voice.
  • the input device 906 may also be, for example, a remote control device that uses infrared rays or other radio waves, or may be an externally connected device that supports the operation of the information processing device 100.
  • the input device 906 further includes an input control circuit that outputs an input signal generated based on information input by the user to the CPU 901. By operating the input device 906, the user can input various data or instruct the information processing device 100 to perform processing operations.
  • the output device 907 is a device capable of visually or audibly presenting information acquired or generated by the information processing device 100 to the user.
  • the output device 907 may be, for example, a display device such as an LCD (Liquid Crystal Display), a PDP (Plasma Display Panel), an OLED (Organic Light Emitting Diode) display, a hologram, or a projector, or may be a sound output device such as a speaker or headphones, or may be a printing device such as a printer device.
  • the output device 907 can output information acquired by processing by the information processing device 100 as video such as text or images, and sound such as voice or audio.
  • the storage device 908 is a data storage device configured as an example of a memory unit of the information processing device 100.
  • the storage device 908 may be configured, for example, with a magnetic memory device such as a hard disk drive (HDD), a semiconductor memory device, an optical memory device, or a magneto-optical memory device.
  • the storage device 908 can store programs executed by the CPU 901, various data, or various data acquired from the outside.
  • the drive 909 is a device for reading or writing removable recording media such as a magnetic disk, optical disk, magneto-optical disk, or semiconductor memory, and is built into the information processing device 100 or is externally attached.
  • the drive 909 can read information recorded on a removable recording medium that is attached and output the information to the RAM 903.
  • the drive 909 can also write information to a removable recording medium that is attached.
  • the connection port 910 is a port for directly connecting an external device to the information processing device 100.
  • the connection port 910 may be, for example, a Universal Serial Bus (USB) port, an IEEE 1394 port, or a Small Computer System Interface (SCSI) port.
  • the connection port 910 may also be an RS-232C port, an optical audio terminal, or an HDMI (registered trademark) (High-Definition Multimedia Interface) port.
  • the communication device 911 is, for example, a communication interface configured with a communication device for connecting to the communication network 920.
  • the communication device 911 may be, for example, a communication card for a wired or wireless LAN (Local Area Network), Wi-Fi (registered trademark), Bluetooth (registered trademark), or WUSB (Wireless USB).
  • the communication device 911 may also be a router for optical communications, a router for ADSL (Asymmetric Digital Subscriber Line), or a modem for various types of communications.
  • the communication device 911 can transmit and receive signals, for example, using a specific protocol such as TCP/IP between the Internet or other communication devices.
  • the communication network 920 connected to the communication device 911 is a wired or wireless network, and may be, for example, an Internet communication network, a home LAN, an infrared communication network, a radio wave communication network, or a satellite communication network.
  • a distribution destination control unit that controls, based on a user's selection, a plurality of distribution destinations that store a plurality of distribution pieces obtained by secretly sharing a private key; a signature generation unit that generates a digital signature using the private key by using a part of the plurality of shares stored in the plurality of distribution destinations; A transaction issuing unit that issues the transaction to which the digital signature is attached to a blockchain; An audit unit that verifies which of the multiple fragments was used to generate the electronic signature attached to the transaction on the blockchain; and An information processing device comprising: (2) The information processing device according to (1), wherein the signature generation unit generates the electronic signature using a predetermined number of the plurality of pieces of the distributed fragments.
  • the multiple distribution destinations include a terminal owned by the user, a server managed by a business providing services related to the transaction, or a server managed by a third-party organization.
  • the plurality of distribution destinations include at least a terminal owned by the user,
  • the signature generation unit generates the electronic signature using at least the distributed pieces stored in a terminal owned by the user.
  • the distribution destination control unit executes a generation process of the multiple distribution pieces by working together with the multiple distribution destinations selected by the user.
  • Information processing system 100 Information processing device 110 Input unit 120 Candidate presentation unit 130 Distribution destination control unit 140 Signature generation unit 150 Transaction issuing unit 160 Audit unit 170 Communication unit Tr Transaction ES Electronic signature SK Private key Fr Distribution piece

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
PCT/JP2024/000037 2023-02-27 2024-01-05 情報処理装置、情報処理方法、及びプログラム Ceased WO2024180903A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2025503609A JPWO2024180903A1 (https=) 2023-02-27 2024-01-05
EP24763388.6A EP4675536A4 (en) 2023-02-27 2024-01-05 INFORMATION PROCESSING DEVICE, INFORMATION PROCESS AND PROGRAM

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2023-028108 2023-02-27
JP2023028108 2023-02-27

Publications (1)

Publication Number Publication Date
WO2024180903A1 true WO2024180903A1 (ja) 2024-09-06

Family

ID=92590210

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/000037 Ceased WO2024180903A1 (ja) 2023-02-27 2024-01-05 情報処理装置、情報処理方法、及びプログラム

Country Status (3)

Country Link
EP (1) EP4675536A4 (https=)
JP (1) JPWO2024180903A1 (https=)
WO (1) WO2024180903A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7837612B1 (ja) * 2025-05-09 2026-03-31 Vlightup株式会社 情報処理装置、コンピュータプログラム、情報処理システム及び情報処理方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022037869A1 (en) * 2020-08-18 2022-02-24 Nchain Licensing Ag Threshold signatures
US20220239509A1 (en) * 2019-10-18 2022-07-28 Samsung Electronics Co., Ltd. Method for storing and recovering key for blockchain-based system, and device therefor

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020053851A1 (en) * 2018-09-11 2020-03-19 Kzen Networks Ltd. System and method for secure multi-party computation based blockchain transactions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220239509A1 (en) * 2019-10-18 2022-07-28 Samsung Electronics Co., Ltd. Method for storing and recovering key for blockchain-based system, and device therefor
WO2022037869A1 (en) * 2020-08-18 2022-02-24 Nchain Licensing Ag Threshold signatures

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
HWANG MIN-SHIANG, CHANG TING-YI: "Threshold Signatures: Current Status and Key Issues", RESEARCHGATE / INTERNATIONAL JOURNAL OF NETWORK SECURITY, 1 November 2005 (2005-11-01), pages 123 - 137, XP093204938, Retrieved from the Internet <URL:https://www.researchgate.net/profile/Ting-Yi-Chang/publication/45692700_Threshold_Signatures_Current_Status_and_Key_Issues/links/5434e3a30cf294006f736ed4/Threshold-Signatures-Current-Status-and-Key-Issues.pdf> *
JOHANN VAN DER MERWE ; DAWOUD S. DAWOUD ; STEPHEN MCDONALD: "A Fully Distributed Proactively Secure Threshold-Multisignature Scheme", IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, IEEE, USA, vol. 18, no. 4, 1 April 2007 (2007-04-01), USA, pages 562 - 575, XP011172544, ISSN: 1045-9219, DOI: 10.1109/TPDS.2007.1005 *
ROSARIO GENNAROSTEVEN GOLDFEDER: "Fast Multiparty Threshold ECDSA with Fast Trustless Setup", CCS '18: PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, October 2018 (2018-10-01), pages 1179 - 1194
See also references of EP4675536A1
vol. 19, 11 October 2022, SPRINGER INTERNATIONAL PUBLISHING, article BONEH DAN; KOMLO CHELSEA: "Threshold Signatures with Private Accountability", pages: 551 - 581, XP047636205, DOI: 10.1007/978-3-031-15985-5_19 *
YEHUDA LINDELL: "Fast Secure Two-Party ECDSA Signing", JOURNAL OF CRYPTOLOGY, vol. 34, 2021, pages 44

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7837612B1 (ja) * 2025-05-09 2026-03-31 Vlightup株式会社 情報処理装置、コンピュータプログラム、情報処理システム及び情報処理方法

Also Published As

Publication number Publication date
EP4675536A1 (en) 2026-01-07
EP4675536A4 (en) 2026-01-07
JPWO2024180903A1 (https=) 2024-09-06

Similar Documents

Publication Publication Date Title
KR102682222B1 (ko) 디지털 법정 화폐
CA3083508C (en) Blockchain systems and methods for user authentication
EP3509006B1 (en) Information sharing system
US20260004288A1 (en) Method, system, and computer-readable medium for secured multi-lateral data exchange over a computer network
US20190394175A1 (en) Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging
KR102250998B1 (ko) 다중 서명 보안 계정 제어 시스템
CN114600419A (zh) 具有权益证明区块链支持的加密资产托管系统
JP7240402B2 (ja) コンピュータにより実施される意思決定システム及び方法
JP2020502865A (ja) ブロックチェーン機密トランザクションの管理
CN113056741A (zh) 基于分布式账本的简档验证
JP7555349B2 (ja) ネットワーク上の複数のノード間でクエリの匿名検証を提供するシステムおよび方法
CN112800479B (zh) 利用可信第三方的多方联合数据处理方法及装置
CN110419044A (zh) 信息处理装置和信息处理方法
JPWO2019082442A1 (ja) データ登録方法、データ復号方法、データ構造、コンピュータ、及びプログラム
WO2021016195A1 (en) Federated custodian
US8312526B2 (en) Method and system for delegating authority with restricted access right in an online collaborative environment
CN108737435A (zh) 一种账户初始化方法和装置
US7546463B2 (en) Method and system for delegating authority in an online collaborative environment
Chenli et al. Fair $^{2} $2 Trade: Digital Trading Platform Ensuring Exchange and Distribution Fairness
WO2024180903A1 (ja) 情報処理装置、情報処理方法、及びプログラム
JP6293245B1 (ja) 強化されたセキュリティを有する取引相互監視システム
US11985254B2 (en) Threshold multi-party computation with must-have member
CN115442049A (zh) 一种在区块链中进行协作的方法、装置、设备及存储介质
JP2020161945A (ja) 暗号システム、ユーザ端末、ストレージ装置、暗号方法、認証方法、暗号プログラム、及び認証プログラム
WO2022089518A1 (zh) 地址的生成方法、区块链信息的处理方法以及相关设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24763388

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2025503609

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2025503609

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2024763388

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2024763388

Country of ref document: EP

Effective date: 20250929

ENP Entry into the national phase

Ref document number: 2024763388

Country of ref document: EP

Effective date: 20250929

ENP Entry into the national phase

Ref document number: 2024763388

Country of ref document: EP

Effective date: 20250929

WWP Wipo information: published in national office

Ref document number: 2024763388

Country of ref document: EP