Disclosure of Invention
The invention aims to provide a block chain key keeping and recovering method based on an encryption delegation technology, which aims to solve the technical problems that the existing user key is not high in security or cannot be recovered after a user is lost.
A block chain key keeping and recovering method based on encryption entrusting technology comprises the following steps:
(I) registration phase
The user encrypts a private key of the user locally and provides a registration application to a management counter;
the management counter encrypts user information including a user private key ciphertext and issues the encrypted user encryption information and a corresponding user public key to the block chain;
(II) Key recovery phase
In the key recovery stage, the management counter receives a key recovery request sent by a user, retrieves and decrypts user encrypted information on the block chain through a user public key, and sends the decrypted user information containing a user private key ciphertext to the user;
the user decrypts locally and recovers the key.
The invention provides a block chain key keeping and recovering transmitting device based on encryption entrusting technology, wherein the transmitting device is a node on a block chain, and the transmitting device comprises:
a processing unit: the system is used for generating a user private key and a user public key in a registration stage, encrypting the user private key locally and decrypting the user private key from a received user private key ciphertext by using a secret parameter extracted by biological characteristics in a key recovery stage;
a transmitting and receiving unit: data transceiving between management counters on a building blockchain system: the registration stage sends user information including a user private key ciphertext and a user public key; user information including a user private key ciphertext is received at a key recovery stage.
The invention also provides a management counter for block chain key custody and recovery based on encryption entrusting technology, which comprises:
a processing unit: for generating a counter public key and a counter private key; the counter public key is used for encrypting the user information including the user private key ciphertext in the registration stage; the device is also used for receiving a key recovery request sent by a user in a key recovery stage, retrieving user encryption information on the block chain through a user public key and decrypting the user encryption information;
a transmitting and receiving unit: for establishing data transceiving with other nodes on the blockchain system: the system comprises a register module, a register module and a register module, wherein the register module is used for receiving a register request of a user; the system is also used for issuing the encrypted user encryption information and the corresponding user public key to the block chain; and the system is also used for sending the decrypted user information containing the user private key ciphertext to the user.
Compared with the prior art, the invention has the following advantages:
firstly, the introduction of the key encryption entrusting technology of the invention enables a user to entrust the encrypted private key to a management counter for storage, and the management counter does not know the real content of the private key, so that the backup and the recovery of the private key are safer, and the rights and interests of the user are protected. The method overcomes the defect that the user needs to back up the private key on the core node in the prior art, thereby preventing the core node from having overlarge authority. Meanwhile, the user does not need to divide the private key into a plurality of parts to be backed up on different core nodes, so that collusion of the core nodes can be prevented, and the private key of the user can be recovered.
Secondly, the management counter encrypts the encrypted user private key ciphertext through the counter private key of the management counter, so that the security of the user private key ciphertext is further improved. Moreover, the user can encrypt the user private key by using the self identity identification information and/or password, thereby further ensuring the security of the user private key.
In addition, the management counter synchronizes the encrypted user information to the block chain, so that the encrypted user information is prevented from being directly stored on the management counter, and further the management counter cannot directly know the user private key ciphertext, so that the private key of the user cannot be known or recovered by other parties except the user.
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
In the blockchain system, a core node generally refers to participating in a complete transaction process of a blockchain, the node participates in blockchain consensus after storing complete blockchain data and completing the transaction, and has an opportunity to complete an accounting function to generate a new block, and the node is generally born by a workstation, a server or a cloud service with better performance. In this example, the core node that can implement blockchain key retention and recovery is the management counter.
Please refer to fig. 1, which is a flowchart illustrating a method for keeping and recovering a blockchain key based on an encryption delegation technique according to the present invention. It includes:
s10: registration phase
S110: the user encrypts a private key of the user locally and provides a registration application to a management counter;
s120: the management counter encrypts user information including a user private key ciphertext and issues the encrypted user encryption information and a corresponding user public key to the block chain;
s20: key recovery phase
S210: in the key recovery stage, the management counter receives a key recovery request sent by a user, retrieves and decrypts user encrypted information on the block chain through a user public key, and sends the decrypted user information containing a user private key ciphertext to the user;
s220: the user decrypts locally and recovers the key.
The technical scheme of the invention provides a user key recovery mechanism in the block chain system by using a key encryption entrusting technology, and the key recovery allows an ordinary user to retrieve the private key through a management counter after the private key is lost. The most important thing of the invention is that the user key is only on the hand of the user, and any node does not know or recover the user key, thereby ensuring the safety of the user key.
The key recovery scheme is divided into a registration phase and a key recovery phase. Consider two types of identities in a system: the detailed process of the common user and the management counter is as follows:
in the registration stage, a user A applies for a management counter, if the audit is successful, the user locally uses own biological characteristics to generate two parameters, a secret parameter in the two parameters is used for encrypting a private key of the user A to obtain an encrypted private key ciphertext, then the private key ciphertext and another public parameter are sent to the management counter, the management counter uses a public key encryption algorithm, a counter public key is used for encrypting the ciphertext and the public parameter of the private key of the user A, and the encrypted ciphertext and the corresponding user public key are issued to a block chain. The specific flow chart is shown in fig. 2.
1. The user presents the identity information and the registration information and requests a registration key service from the management counter. The user registers the identity on the management counter in advance. The management counter may pre-agree which users are legitimate and may allow the users to register.
2. The management counter checks the user information, and if the information is legal, the user is allowed to register if the information is passed; the management counter firstly checks the validity of the user information, and only the allowed users can carry out the next registration action.
3. User generated blockchain public and private key pair (sk)1,pk1)。
The way for the user to generate the public and private key pair of the block chain is many, and the details are not repeated as long as the existing generation way falls into the scope of the invention.
4. The user derives the public parameter P and the secret parameter R using the biometric feature B (including fingerprint, iris, palmar veins, facial form, etc.) using the fuzzy extractor gen (B) → (P, R). Of course, the user may generate the public parameter P and the secret parameter R by using a conventional algorithm such as password information. Also, using the biometric features to obtain the public parameter P and the secret parameter R using the fuzzy extractor is an existing algorithm, and will not be described here.
5. The user uses a symmetric encryption algorithm and takes the Hash value of the secret parameter R as a key to pair sk1Encrypting to obtain ciphertext C (also called user key ciphertext) by an encryption method Eh(R)(sk1) → C, where h () represents a hash value function;
6. the user sends the user information comprising the ciphertext C and the public parameter P to the management counter;
7. counter public and private key pair (sk) of management counter2,pk2) Using a public key encryption algorithm to encrypt the user information including the ciphertext C and the public parameter P to obtain a ciphertext C' (i.e., user encryption information), wherein an encryption formula is as follows: epk2(C, P) → C'; this formula representsUse the public key pk of the management counter2C' is obtained by carrying out asymmetric encryption on C and P, and only the corresponding private key sk is used2The ciphertext can be decrypted;
8. management counter cryptograph C' (user encryption information) and user public key pk1Synchronizing to a block chain for storage;
9. the user registration is successful.
The above disclosure is only one implementation way, and the user has a plurality of encryption ways for the user private key, and uses the own identification information to encrypt, which is only one encryption way, and is not used to limit the present invention. Similarly, the management counter encrypts the information, and the disclosure is by way of example only and not by way of limitation.
In the key recovery phase, when the user a finds that its own private key is lost, it sends out a key recovery request, so as to verify and retrieve the private key, and the specific flow is as shown in fig. 3:
1. the node requests to recover the private key and sends a private key recovery request to the management counter;
2. the management counter checks the user identity, and if the verification is successful, the user public key pk is obtained1;
3. Pass through pk for management counter1Searching and obtaining corresponding user encryption information (ciphertext C') on the block chain;
4. the management counter uses its private key sk2Decrypting C' to obtain a ciphertext C and a public parameter P;
5. the management counter sends user information including the ciphertext C and the public parameter P to the user;
6. the user restores Rep (P, B ') → R' by disclosing the parameter P and the biometric feature B 'using a fuzzy extractor, and by the concept of the fuzzy extractor, if the distance (B, B') < θ between the biometric feature B 'and the original biometric feature B, R' generated before and after is R; where distance () is a similarity distance function, and θ is a value defined in advance, the similarity distance representing two biometrics must be smaller than this value.
7. The user uses R' to decrypt the ciphertext C, and if decryption is successful, the private key sk is obtained1Secret keyThe recovery was successful.
A transmitting device for keeping and recovering a block chain key based on an encryption delegation technology, the transmitting device being a node on a block chain, the transmitting device comprising:
a processing unit: the system is used for generating a user private key and a user public key in a registration stage, encrypting the user private key locally and decrypting the user private key from a received user private key ciphertext by using a secret parameter extracted by biological characteristics in a key recovery stage;
a transmitting and receiving unit: data transceiving between management counters on a building blockchain system: the registration stage sends user information including a user private key ciphertext and a user public key; user information including a user private key ciphertext is received at a key recovery stage.
The transmitting device of the present invention refers to only a node on the blockchain, and may be a terminal on the blockchain network in general, including but not limited to a lightweight node.
A management counter for block chain key keeping and recovering based on encryption entrusting technology, comprising:
a processing unit: for generating a counter public key and a counter private key; the counter public key is used for encrypting the user information including the user private key ciphertext in the registration stage; the device is also used for receiving a key recovery request sent by a user in a key recovery stage, retrieving user encryption information on the block chain through a user public key and decrypting the user encryption information;
a transmitting and receiving unit: for establishing data transceiving with other nodes on the blockchain system: the system comprises a register module, a register module and a register module, wherein the register module is used for receiving a register request of a user; the system is also used for issuing the encrypted user encryption information and the corresponding user public key to the block chain; and the system is also used for sending the decrypted user information containing the user private key ciphertext to the user.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions of one or more of the flowcharts of the above-described flow diagrams.
Although the present invention has been described with reference to the preferred embodiments, it is not intended to limit the scope of the claims, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the invention.