CN111541551B - Threshold signature message processing method, system, storage medium and server - Google Patents
Threshold signature message processing method, system, storage medium and server Download PDFInfo
- Publication number
- CN111541551B CN111541551B CN202010439087.8A CN202010439087A CN111541551B CN 111541551 B CN111541551 B CN 111541551B CN 202010439087 A CN202010439087 A CN 202010439087A CN 111541551 B CN111541551 B CN 111541551B
- Authority
- CN
- China
- Prior art keywords
- signature
- member node
- threshold
- node
- threshold signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a processing method of a threshold signature message, which is applied to a server and comprises the following steps: receiving a threshold signature message sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key; the threshold signature message carries a first signature fragment; the first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment; verifying the second signature according to the second public key; responding to the verification that the second signature passes, and generating a third signature for the threshold signature message according to a third private key; forwarding the threshold signature message, the third signature and the public key certificate of the server to a second member node; the second member node is the member node except the first member node in the threshold signature group. The method provided by the application can improve the threshold signature efficiency. The application also provides a processing system, a storage medium and a server of the threshold signature message.
Description
Technical Field
The present application relates to the field of block chain technologies, and in particular, to a method, a system, a storage medium, and a server for processing a threshold signature message.
Background
Threshold signature (threshold signature, threshold-Sig), i.e. when there are t (t < n) user signatures among n users, the signature is valid. The combination of threshold signatures with blockchains is an important improvement of blockchain technology.
In a blockchain network, a portion of blockchain link points may be set as a threshold signature set for signing transactions. When signing a transaction, a private key is needed. In the threshold signature scheme, a private key can be decomposed into a plurality of private key fragments, and each member node of a threshold signature group is used as an authority user and respectively holds one private key fragment. Each member node signs the blockchain transaction with a respective held private key shard, thereby generating a signature shard. And carrying out multiple rounds of message exchange between every two member nodes in the threshold signature group to obtain signature fragments of each other, and then piecing the signature fragments of which the number exceeds a threshold value into a complete signature through a public algorithm.
Disclosure of Invention
According to a first aspect of the present specification, there is provided a method for processing a threshold signature message, the method being applied to a server, and including:
and receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The second signature is verified according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message according to the held third private key.
And forwarding the threshold signature message, the third signature and the public key certificate of the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
According to a second aspect of the present specification, there is provided a method for processing a threshold signature message, the method being applied to a first member node of a threshold signature group in a block chain network, and comprising:
and generating a second signature for the threshold signature message according to the second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
And in response to the second signature passing the verification, generating a third signature for the threshold signature message according to a third private key held by the server, and forwarding the threshold signature message, the third signature and the public key certificate of the server to the second member node. The second public key of the first member node and the second private key held by the first member node form a key pair. The second member node is the member node except the first member node in the threshold signature group.
According to a third aspect of the present specification, there is provided a method for processing a threshold signature message, comprising:
and the first member node of the threshold signature group in the block chain network generates a second signature for the threshold signature message according to the second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The first member node sends a threshold signature message and a second signature to the server.
The server verifies the second signature based on the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message by the server according to the held third private key.
The server forwards the threshold signature message, the third signature, and the server's public key certificate to the second member node. The second member node is a member node in the threshold signature group except the first member node.
According to a fourth aspect of the present specification, there is provided a system for processing a threshold signature message, the system being applied to a server, and comprising:
and the receiving module is used for receiving the threshold signature message sent by the first member node of the threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to the second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
And the verification module is used for verifying the second signature according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And the encryption module is used for responding to the verification that the second signature passes, and generating a third signature for the threshold signature message according to a third private key held.
And the forwarding module is used for forwarding the threshold signature message, the third signature and the public key certificate of the server to the second member node. The second member node is a member node in the threshold signature group except the first member node.
According to a fifth aspect of the present specification, there is provided a server comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program:
and receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The second signature is verified based on a second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message according to a third private key held.
Forwarding the threshold signature message, the third signature, and the public key certificate of the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
According to a sixth aspect of the present specification, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
and receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The second signature is verified according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message according to the held third private key.
Forwarding the threshold signature message, the third signature, and the public key certificate of the server to the second member node. The second member node is a member node in the threshold signature group except the first member node.
After the server receives the threshold signature message and a second signature generated by a first member node of a threshold signature group for the threshold signature message carrying a first signature fragment according to a second private key, verifying the second signature by a second public key corresponding to the second private key held by the second private key, so that the message is conveniently confirmed to be sent by the first member node, and whether the threshold signature message is maliciously tampered can be verified; and the third public key directly obtained from the server is compared with the decrypted third public key to verify the identity of the server so as to confirm that the message is sent by the server, and whether the threshold signature message is maliciously tampered or not can be verified, so that the reliability is improved. Through the scheme provided by the specification, the server can safely forward the messages of the member nodes of the threshold signature group in the block chain network, and the efficiency is effectively improved compared with the prior art that messages need to be exchanged pairwise between the member nodes in the threshold signature group.
Drawings
Fig. 1 is a schematic diagram of an application architecture of a method for processing a threshold signature message in an embodiment;
FIG. 2 is a flow diagram of a method for processing threshold signature messages in one embodiment;
FIG. 3 is a flow diagram of a method for processing threshold signature messages in yet another embodiment;
FIG. 4 is a flow diagram of a method for processing threshold signature messages in yet another embodiment;
FIG. 5 is a flowchart illustrating steps S802-S812 of a method for processing a threshold signature message according to yet another embodiment;
FIG. 6 is a flowchart illustrating steps S814-S824 in a method for processing a threshold signature message in yet another embodiment;
FIG. 7 is a block diagram of a system that processes threshold signature messages in one embodiment;
fig. 8 is an internal structural diagram of a server in an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application.
The terms "first," "second," and the like in the description and in the claims of the embodiments of the application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) A Block chain (Blockchain) is a storage structure for encrypted, chained transactions formed from blocks (blocks). The header of each block can comprise the hash values of all transactions in the block and also comprises the hash values of all transactions in the previous block, so that the falsification and forgery prevention of the transactions in the block are realized on the basis of the hash values; newly generated transactions, after filling in the tiles and passing through the consensus of nodes in the blockchain network, are appended to the end of the blockchain to form a chain growth.
2) The block chain network includes a new block into a set of a series of nodes of a block chain in a consensus mode. The blockchain network may include a plurality of nodes that form a decentralized, cooperating database storage system.
3) An asymmetric encryption algorithm is a secret method of a key. Asymmetric encryption algorithms require two keys: public keys (public keys for short) and private keys (private keys for short). The public key and the private key form a key pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data. The public key and the algorithm are both public, while the private key is kept secret. The public key corresponding to the private key referred to in this specification means a public key that forms a key pair with the private key.
4) And signing, namely, the data signed by the private key can be verified by the corresponding public key. A signature is understood to be the addition of a piece of content to the information that can prove that the information has not been tampered with. Generally, a hash value can be obtained by performing a hash calculation on the information, a signature is generated by encrypting the hash value through a private key, and the signature and the information are sent out together. After receiving the information, the receiver decrypts the signature through the public key, and if the decryption succeeds, the identity of the owner of the private key is verified. After decryption succeeds, the receiver recalculates the hash value of the information, compares the hash value with the hash value obtained by decrypting the signature through the public key, and if the hash value is consistent with the public key, the receiver indicates that the content of the information is not tampered.
5) A digital Certificate is issued to a server by a CA (Certificate Authority) organization, the CA organization generates certificates through related information provided by the server, and one Certificate comprises three parts, namely Certificate content, a hash algorithm and an encrypted ciphertext. The certificate content is hashed by a hash algorithm to obtain a hash value, and then RSA encryption is performed by using a private key provided by a CA organization. The encrypted ciphertext can be decrypted by a public key provided by a CA (certificate authority) to obtain a Hash value (digital signature), meanwhile, the certificate content is hashed by using the same Hash algorithm to obtain another Hash value, the two Hash values are compared, and if the two Hash values are equal, the certificate is safe.
The processing method of the threshold signature message provided in the embodiment of the present specification may be applied To an application environment as shown in fig. 1, where any node in the blockchain network 1 may communicate through a network, and a P2P (Peer To Peer) protocol is used between any two blockchain nodes for network communication. The server 3 may communicate with any node in the blockchain 1 over a network. The server is implemented by an independent server or a server cluster consisting of a plurality of servers.
In the embodiment shown in fig. 1, the block chain network 1 includes an authority node group, where the authority node group includes member nodes 11 to 13, where a node 12a is a first member node of a threshold signature group, and nodes 12b and 12c are both member nodes except the first member node in the threshold signature group, that is, second member nodes. It should be noted that the number of nodes in the blockchain network 1, the number of nodes in the authority node group, and the number of nodes in the threshold signature group in fig. 1 are only exemplary, and the present invention is not limited thereto.
In the first embodiment of the present specification, as shown in fig. 2, a method for processing a threshold signature message is provided, which is described by taking the method as an example applied to the server 31 in fig. 1, and includes steps S202 to S208:
step S202, threshold signature information sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature information according to a second private key held by the first member node are received. The threshold signature message carries a first signature fragment.
Specifically, the threshold signature message includes the transaction to be signed and the first signature fragment.
The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment. It should be noted that the first private key fragment is used for signing the transaction to be signed, and each member node of the threshold signature group holds the first private key fragment corresponding to the same complete private key; each member node holds a different shard of the first private key.
And generating a public key corresponding to the complete private key after generating the first private key fragment on the first member node. The first member node is the same as the public key generated by the other member nodes in the threshold signature group.
The second private key is used to sign the threshold signature message.
Optionally, the threshold signature group is formed by responding to a signature request of a transaction to be signed by a trusted node in the block chain network, and selecting a plurality of nodes from the latest authority node group according to a threshold value corresponding to the transaction to be signed. The authority node group is formed by a plurality of nodes selected from candidate nodes before a plurality of non-candidate nodes in the block chain network generate a second signature for the threshold signature message according to a second private key in a threshold signature group of the block chain network. And selecting a plurality of nodes from the candidate nodes updated in the preset interval time by the non-candidate nodes in the block chain network in a voting mode according to the preset interval time so as to update the nodes with the corresponding number in the original authority node group through a plurality of nodes with more votes.
Further, after updating the authority node group, each member node of the authority node group generates a new first private key fragment. Specifically, the member nodes of the authority node group communicate with the server responsible for key generation management to regenerate a new first private key fragment. After regenerating the first private key fragment, a public key corresponding to the new complete private key is generated. Namely, the security of the transaction signature can be improved through the timed updating of the authority node group and the regeneration of the first private key fragment.
And step S204, verifying a second signature according to a second public key of the first member node.
And the second public key of the first member node and the second private key held by the first member node form a key pair. The first member holds the second private key and the second public key and informs the server of the second public key in advance.
And step S206, responding to the verification that the second signature passes, and generating a third signature for the threshold signature message according to the held third private key.
And if the second signature passes the verification, the message can be confirmed to be sent by the first member node, and the threshold signature message can be determined not to be tampered maliciously.
And step S208, forwarding the threshold signature message, the third signature and the public key certificate of the server to the second member node.
And the second member node is the member node except the first member node in the threshold signature group.
Specifically, the public key certificate of the server is issued by a certificate authority. The certificate authority may be a trusted node in the blockchain network or may be a third party.
The server holds a third private key and a third public key. The server tells the second member node the third public key and applies the trusted node for the third public key to a public key certificate. The certificate content of the public key certificate of the server comprises the public key of the server, the information of the issuing organization of the certificate, the owner of the certificate, the validity period of the certificate and the like.
Specifically, step S208 includes: and forwarding the threshold signature message, the third signature and the public key certificate of the server to a second member node, so that the second member node decrypts the public key certificate according to the public key of the certificate authority, and verifies the third signature according to a third public key corresponding to a third private key after decryption is completed.
The second member node decrypts the public key certificate according to the public key of the certificate authority to decrypt a third public key in the certificate content, and compares the third public key directly obtained from the server with the decrypted third public key to verify the identity of the server so as to confirm that the message is sent by the server.
After the decryption is completed, the second member node verifies the third signature according to the third public key corresponding to the third private key, whether the message is sent by the server or not can be further confirmed, and whether the threshold signature message is maliciously tampered or not can be verified, so that the reliability is improved.
Further, the second member node verifies the second signature through a second public key of the second member node; verifying a first signature fragment of the threshold signature message by the first public key in response to the second signature passing the verification; and in response to the first signature fragment being verified, piecing the first signature fragments of all member nodes of the threshold signature group received from the server into a complete signature fragment.
By the scheme provided by the embodiment, the server can safely forward the messages of the member nodes of the threshold signature group in the block chain network, and the efficiency is effectively improved compared with the prior art that the messages need to be exchanged pairwise between the member nodes in the threshold signature group.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least some of the sub-steps or stages of other steps.
In a second embodiment, as shown in fig. 3, a method for processing a threshold signature message is provided, which is described by taking the method as an example applied to the server 3 in fig. 1, and includes steps S402 to S412:
step S402, a second public key corresponding to a second private key held by the first member node is obtained from a trusted node in the block chain network.
The second public key and the second private key are generated by the first member node running the client. The installation package of the client is a client binary package which is sent to the first member node by the trusted node and corresponds to the system information of the first member node. The system information of the first member node includes information such as system, version, and configuration.
Step S404, receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key held by the first member node. The threshold signature message carries a first signature fragment.
Specifically, the threshold signature message comprises a transaction to be signed, a first signature fragment and zero knowledge proof information.
The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The zero-knowledge proof information is used for proving to the second member node that the protocol followed by the first member node for generating the first signature fragment is the same as the preset protocol.
Step S406, verifying the second signature according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And step S408, responding to the verification that the second signature passes, and generating a third signature for the threshold signature message according to the held third private key.
And S410, encrypting the threshold signature message according to a second private key of the second member node.
And step S412, forwarding the encrypted threshold signature message, the third signature and the public key certificate of the server to the second member node.
Specifically, step S412 includes: and forwarding the encrypted threshold signature message, the third signature and the public key certificate of the server to a second member node so that the second member node decrypts the public key certificate according to the public key of the certificate authority, verifies the third signature according to a third public key corresponding to the third private key after decryption is completed, and decrypts the threshold signature message according to a held second private key.
It should be understood that, although the steps in the flowchart of fig. 3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In a third embodiment, as shown in fig. 4, a threshold signature message processing method is provided, which is described by taking the method applied to the first member node 12a in fig. 1 as an example, and includes steps S602 to S604:
step S602, generating a second signature for the threshold signature message according to the second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
Step S604, sending the threshold signature message and the second signature to the server, so that the server verifies the second signature according to the second public key of the first member node, and in response to the second signature passing the verification, generating a third signature for the threshold signature message according to a third private key held, and forwarding the threshold signature message, the third signature, and the public key certificate of the server to the second member node.
The second public key of the first member node and the second private key held by the first member node form a key pair. The second member node is the member node except the first member node in the threshold signature group.
Specifically, step S604 includes: sending a threshold signature message and a second signature to a server so that the server verifies the second signature according to a second public key corresponding to a second private key held by a first member node, responding to the verification that the second signature passes, generating a third signature for the threshold signature message according to a third private key held by the first member node, and forwarding the threshold signature message, the third signature and a public key certificate of the server to the second member node so that the second member node decrypts the public key certificate according to the public key of a certificate authority, and verifying the third signature according to a third public key corresponding to the third private key after the decryption is completed. The second member node is the member node except the first member node in the threshold signature group.
It should be understood that, although the steps in the flowchart of fig. 4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 4 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In a fourth embodiment, as shown in fig. 5-6, a method for processing a threshold signature message is provided, the method includes steps S802 to S808:
step S802, a plurality of non-candidate nodes in the block chain network select a plurality of nodes from the latest authority node group according to the threshold value corresponding to the transaction to be signed to form an authority node group.
Step S804, non-candidate nodes in the block chain network select a plurality of nodes from the candidate nodes updated in the preset interval time in a voting mode according to the preset interval time so as to update the nodes with the corresponding number in the original authority node group through a plurality of nodes with a large number of votes.
Further, after updating the authority node group, each member node of the authority node group generates a new first private key fragment. Specifically, the member nodes of the authority node group communicate with the server responsible for key generation management to regenerate a new first private key fragment. After regenerating the first shard of private keys, the public key corresponding to the new complete private key is generated. Namely, the security of the transaction signature can be improved through the timed updating of the authority node group and the regeneration of the first private key fragment.
And step S806, the member nodes of the authority node group send the corresponding system information to the trusted nodes in the block chain network.
Step S808, responding to the received signature request of the transaction to be signed, the trusted node selects a plurality of nodes from the latest authority node group according to the threshold value corresponding to the transaction to be signed, and a threshold signature group is formed.
And step S810, the first member node of the threshold signature group generates a second signature for the threshold signature message according to the second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The threshold signature group is formed by a plurality of nodes which respond to a signature request of a transaction to be signed through a trusted node in the block chain network and are selected from the latest authority node group according to a threshold value corresponding to the transaction to be signed.
And step S812, the trusted node returns a client binary package corresponding to the system information to the member nodes of the authority node group according to the received system information.
And step S814, installing the client by the member nodes of the authority node group according to the received client binary package.
Step S816, the member nodes of the authority node group generate a second private key and a second public key by operating the client installed on the node, and send the second public key to the trusted node.
Step S818, the first member node sends the threshold signature message and the second signature to the server.
Step S820, the server verifies the second signature according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
Step S822, in response to the verification that the second signature passes, the server generates a third signature for the threshold signature message according to the held third private key.
Step S824, the server forwards the threshold signature message, the third signature and the public key certificate of the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
It should be understood that although the various steps in the flowcharts of fig. 5-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 5-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 7, a threshold signature message processing system 7 is provided, which is illustrated by being applied to the server 3 in fig. 1, and includes a receiving module 101, an authentication module 103, an encryption module 105, and a forwarding module 107.
The receiving module 101 is configured to receive a threshold signature message sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key held by the first member node. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The verification module 103 is configured to verify the second signature according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
The encryption module 105 is configured to generate a third signature for the threshold-signed message based on the held third private key in response to the second signature being verified.
The forwarding module 107 is configured to forward the threshold signature message, the third signature, and the public key certificate issued by the certificate authority to the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
In one embodiment, the threshold signature message also carries zero knowledge proof of knowledge information. The zero-knowledge proof information is used for proving to the second member node that the protocol followed by the first member node for generating the first signature fragment is the same as the preset protocol.
In one embodiment, the system further comprises:
and the encryption module is used for encrypting the threshold signature message according to a second private key of the second member node before forwarding the threshold signature message, the third signature and the public key certificate issued by the certificate authority to the server to the second member node.
The forwarding module comprises:
and the forwarding unit is used for forwarding the encrypted threshold signature message, the third signature and the public key certificate issued by the certificate authority to the server to the second member node.
In one embodiment, the system further comprises:
the obtaining module is used for obtaining a second public key of the first member node from a trusted node in the block chain network before receiving a threshold signature message sent by the first member node of the threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key held by the first member node. The second public key and the second private key of the first member node are generated by the first member node running the client. The installation package of the client is a client binary package which is sent to the first member node by the trusted node and corresponds to the system information of the first member node.
For specific limitations of the threshold signature message processing system, reference may be made to the above limitations of the threshold signature message processing method, which is not described herein again. The various modules in the threshold signature message processing system 7 described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent of a processor in the server, and can also be stored in a memory in the server in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a server is provided, the internal structure of which may be as shown in fig. 8. The server includes a processor, a memory, a network interface, and a database connected by a device bus. Wherein the processor of the server is configured to provide computing and control capabilities. The memory of the server includes media and internal memory. The medium is a computer readable storage medium. In particular, the computer readable storage medium is a non-volatile computer readable storage medium. The non-transitory computer-readable storage medium stores an operating device, a computer program, and a database. The internal memory provides an environment for the operation device and execution of the computer program in the non-volatile computer-readable storage medium. The database of the server is used for storing data. The network interface of the server is used for communicating with an external terminal through network connection. The computer program is executed by a processor to implement a method of threshold signature message processing.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is a block diagram of only a portion of the architecture associated with the subject application, and does not constitute a limitation on the servers to which the subject application applies, as a particular server may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a server comprising a memory having a computer program stored therein and a processor that when executed performs the steps of:
and receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The second signature is verified according to the second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message according to the held third private key.
And forwarding the threshold signature message, the third signature and the public key certificate issued by the certificate authority to the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
In one embodiment, the threshold signature message also carries zero knowledge proof of knowledge information. The zero knowledge proof information is used to prove to the second member nodes that the protocol under which the first member node generates the first signature fragment is the same as the preset protocol.
In one embodiment, the processor, when executing the computer program, performs the steps of:
and before forwarding the threshold signature message, the third signature and the public key certificate issued by the certificate authority to the server to the second member node, encrypting the threshold signature message according to a second private key of the second member node.
Forwarding the threshold signature message, the third signature and a public key certificate issued by the certificate authority for the server to the second member node, including:
and forwarding the encrypted threshold signature message, the third signature and a public key certificate issued by the certificate authority for the server to the second member node.
In one embodiment, the processor, when executing the computer program, performs the steps of:
and before receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key, acquiring a second public key of the first member node from a trusted node in the block chain network.
The second public key and the second private key of the first member node are generated by the first member node operating the client. The installation package of the client is a client binary package which is sent to the first member node by the trusted node and corresponds to the system information of the first member node.
In one embodiment, a storage medium is provided, the medium being a computer readable storage medium having a computer program stored thereon, the computer program when executed by a processor implementing the steps of:
and receiving a threshold signature message sent by a first member node of a threshold signature group in the block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key. The threshold signature message carries a first signature fragment. The first signature fragment is generated by threshold signature of the transaction to be signed by the first member node according to the held first private key fragment.
The second signature is verified based on a second public key of the first member node. The second public key of the first member node and the second private key held by the first member node form a key pair.
And responding to the verification of the second signature, and generating a third signature for the threshold signature message according to the held third private key.
And forwarding the threshold signature message, the third signature and the public key certificate issued by the certificate authority for the server to the second member node. The second member node is the member node except the first member node in the threshold signature group.
In one embodiment, the threshold signature message also carries zero knowledge proof of knowledge information. The zero-knowledge proof information is used for proving to the second member node that the protocol followed by the first member node for generating the first signature fragment is the same as the preset protocol.
In one embodiment, the threshold signature message, the third signature and the public key certificate issued by the certificate authority for the server are encrypted according to a second private key of the second member node before being forwarded to the second member node.
Forwarding the threshold signature message, the third signature and a public key certificate issued by the certificate authority for the server to the second member node, including:
and forwarding the encrypted threshold signature message, the third signature and the public key certificate issued by the certificate authority for the server to the second member node.
In one embodiment, before receiving a threshold signature message sent by a first member node of a threshold signature group in a blockchain network and a second signature generated by the first member node for the threshold signature message according to a second private key held by the first member node, a second public key of the first member node is acquired from a trusted node in the blockchain network.
The second public key and the second private key of the first member node are generated by the first member node running the client. The installation package of the client is a client binary package which is sent to the first member node by the trusted node and corresponds to the system information of the first member node.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, the computer program may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct Rambus Dynamic RAM (DRDRAM), and Rambus Dynamic RAM (RDRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A processing method of threshold signature message is applied to a server, and comprises the following steps:
receiving a threshold signature message sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key; the threshold signature message carries a first signature fragment; the first signature fragment is generated by threshold signature of the first member node on the transaction to be signed according to the held first private key fragment;
verifying the second signature according to a second public key of the first member node; the second public key of the first member node and a second private key held by the first member node form a key pair;
responding to the second signature passing verification, and generating a third signature for the threshold signature message according to a third private key held;
forwarding the threshold signature message, the third signature, and the public key certificate of the server to a second member node; the second member node is a member node in the threshold signature group except the first member node.
2. The processing method of claim 1, wherein the threshold signature message further carries zero knowledge proof of knowledge information; the zero knowledge proof information is used for proving to the second member node that a protocol, along which the first member node generates the first signature fragment, is the same as a preset protocol.
3. The processing method of claim 1, further comprising:
encrypting the threshold signature message according to a second private key of a second member node before forwarding the threshold signature message, the third signature and the public key certificate of the server to the second member node;
said forwarding said threshold signature message, said third signature and said server's public key certificate to a second member node comprises:
and forwarding the encrypted threshold signature message, the third signature and the public key certificate of the server to a second member node.
4. The processing method of claim 1, further comprising:
before receiving a threshold signature message sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key, acquiring a second public key of the first member node from a trusted node in the block chain network;
the second public key and the second private key of the first member node are generated by the first member node running the client; the installation package of the client is a client binary package which is sent to the first member node by the trusted node and corresponds to the system information of the first member node.
5. A method for processing threshold signature messages, which is applied to a first member node of a threshold signature group in a block chain network, comprises the following steps:
generating a second signature for the threshold signature message according to a second private key; the threshold signature message carries a first signature fragment; the first signature fragment is generated by threshold signature of the first member node on the transaction to be signed according to the held first private key fragment;
sending the threshold signature message and the second signature to a server, so that the server verifies the second signature according to a second public key of the first member node, and in response to the verification of the second signature, generating a third signature for the threshold signature message according to a third private key held by the server, and forwarding the threshold signature message, the third signature and a public key certificate of the server to the second member node; the second public key of the first member node and a second private key held by the first member node form a key pair; and the second member node is the member node except the first member node in the threshold signature group.
6. A method for processing threshold signature messages, comprising:
a first member node of a threshold signature group in the block chain network generates a second signature for the threshold signature message according to a second private key; the threshold signature message carries a first signature fragment; the first signature fragment is generated by threshold signature of the first member node on the transaction to be signed according to the held first private key fragment;
the first member node sends the threshold signature message and the second signature to a server;
the server verifies the second signature according to a second public key of the first member node; the second public key of the first member node and a second private key held by the first member node form a key pair;
responding to the second signature passing the verification, and generating a third signature for the threshold signature message by the server according to a third private key held by the server;
the server forwards the threshold signature message, the third signature and a public key certificate of the server to a second member node; the second member node is a member node in the threshold signature group except the first member node.
7. The processing method of claim 6, further comprising:
before a first member node of a threshold signature group in the block chain network generates a second signature for a threshold signature message according to a second private key, a member node of an authority node group sends corresponding system information to a trusted node in the block chain network; the permission node group is formed by a plurality of nodes selected from candidate nodes in a voting mode through a plurality of non-candidate nodes in the block chain network; the threshold signature group is formed by a plurality of nodes selected from the authority node group through the credible node according to the threshold value corresponding to the transaction to be signed;
the trusted node returns a client binary package corresponding to the system information to the member nodes of the authority node group according to the received system information;
the member nodes of the authority node group install clients according to the received client binary packages;
and the member nodes of the authority node group generate a second private key and a second public key by operating the client installed on the node, and send the second public key to the trusted node.
8. A system for processing threshold signature messages, applied to a server, comprising:
the receiving module is used for receiving a threshold signature message sent by a first member node of a threshold signature group in a block chain network and a second signature generated by the first member node for the threshold signature message according to a second private key held by the first member node; the threshold signature message carries a first signature fragment; the first signature fragment is generated by threshold signature of the first member node on the transaction to be signed according to the held first private key fragment;
the verification module is used for verifying the second signature according to a second public key of the first member node; the second public key of the first member node and a second private key held by the first member node form a key pair;
the encryption module is used for responding to the verification of the second signature and generating a third signature for the threshold signature message according to a third private key;
a forwarding module, configured to forward the threshold signature message, the third signature, and the public key certificate of the server to a second member node; and the second member node is the member node except the first member node in the threshold signature group.
9. A server, characterized in that it comprises a memory storing a computer program and a processor implementing the steps of the method for processing threshold signed messages according to any of claims 1 to 4 when executing said computer program.
10. A storage medium having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the method of processing threshold signed messages according to any of the claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010439087.8A CN111541551B (en) | 2020-05-22 | 2020-05-22 | Threshold signature message processing method, system, storage medium and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010439087.8A CN111541551B (en) | 2020-05-22 | 2020-05-22 | Threshold signature message processing method, system, storage medium and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111541551A CN111541551A (en) | 2020-08-14 |
| CN111541551B true CN111541551B (en) | 2023-04-18 |
Family
ID=71979528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010439087.8A Active CN111541551B (en) | 2020-05-22 | 2020-05-22 | Threshold signature message processing method, system, storage medium and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111541551B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338028A (en) * | 2020-09-28 | 2022-04-12 | 华为技术有限公司 | Threshold signature method and device, electronic equipment and readable storage medium |
| CN111934890B (en) * | 2020-10-13 | 2021-01-26 | 百度在线网络技术(北京)有限公司 | Key generation method, signature and signature verification method, device, equipment and medium |
| CN112288431A (en) * | 2020-11-03 | 2021-01-29 | 上海阿吉必信息技术有限公司 | Transaction method and device based on threshold signature |
| CN112737777B (en) * | 2020-12-29 | 2023-01-10 | 北京百度网讯科技有限公司 | Threshold signature and signature verification method, device, equipment and medium based on secret key |
| CN112636929B (en) * | 2020-12-29 | 2023-01-17 | 北京百度网讯科技有限公司 | Group service implementation method, device, equipment and storage medium |
| CN112785307A (en) * | 2021-01-28 | 2021-05-11 | 联想(北京)有限公司 | Request message processing method and device |
| CN114169888B (en) * | 2021-12-07 | 2022-06-28 | 北京众信星空网络技术有限公司 | Universal type cryptocurrency custody method supporting multiple signatures |
| CN114092092B (en) * | 2022-01-19 | 2022-04-29 | 安徽中科晶格技术有限公司 | Decentralized digital certificate management system based on threshold signature and use method |
| CN116743512B (en) * | 2023-08-15 | 2024-01-26 | 中移(苏州)软件技术有限公司 | Network autonomy and isolation method and device, electronic equipment and readable storage medium |
| CN117728959B (en) * | 2024-02-06 | 2024-05-10 | 中国信息通信研究院 | Threshold signature method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109104286A (en) * | 2018-07-26 | 2018-12-28 | 杭州安恒信息技术股份有限公司 | A kind of new block generation method of the common recognition based on threshold digital signature |
| CN109379387A (en) * | 2018-12-14 | 2019-02-22 | 成都三零嘉微电子有限公司 | Safety certification and data communication system between a kind of internet of things equipment |
| CN109510709A (en) * | 2018-09-18 | 2019-03-22 | 中国农业大学 | (k, n) Threshold Signature method, apparatus and electronic equipment based on RSA |
| CN109962769A (en) * | 2019-05-09 | 2019-07-02 | 长春理工大学 | Data safety De-weight method based on threshold blind signature |
| CN109962777A (en) * | 2017-12-26 | 2019-07-02 | 航天信息股份有限公司 | The key in block catenary system is permitted to generate, obtain the method and apparatus of key |
| CN110401540A (en) * | 2019-07-25 | 2019-11-01 | 郑州师范学院 | A kind of threshold group signatures method that verification can be disclosed based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102233473B1 (en) * | 2015-01-06 | 2021-03-29 | 한국전자통신연구원 | Method of acquiring contents exchange information among peers in P2P networks |
-
2020
- 2020-05-22 CN CN202010439087.8A patent/CN111541551B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109962777A (en) * | 2017-12-26 | 2019-07-02 | 航天信息股份有限公司 | The key in block catenary system is permitted to generate, obtain the method and apparatus of key |
| CN109104286A (en) * | 2018-07-26 | 2018-12-28 | 杭州安恒信息技术股份有限公司 | A kind of new block generation method of the common recognition based on threshold digital signature |
| CN109510709A (en) * | 2018-09-18 | 2019-03-22 | 中国农业大学 | (k, n) Threshold Signature method, apparatus and electronic equipment based on RSA |
| CN109379387A (en) * | 2018-12-14 | 2019-02-22 | 成都三零嘉微电子有限公司 | Safety certification and data communication system between a kind of internet of things equipment |
| CN109962769A (en) * | 2019-05-09 | 2019-07-02 | 长春理工大学 | Data safety De-weight method based on threshold blind signature |
| CN110401540A (en) * | 2019-07-25 | 2019-11-01 | 郑州师范学院 | A kind of threshold group signatures method that verification can be disclosed based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111541551A (en) | 2020-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111541551B (en) | Threshold signature message processing method, system, storage medium and server | |
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| JP4593533B2 (en) | System and method for updating keys used for public key cryptography | |
| CN111200641B (en) | Data cross-chain sharing method and system, computer equipment and storage medium | |
| JP4709815B2 (en) | Authentication method and apparatus | |
| CN111835512B (en) | Private key fragment management method, signature fragment generation method, system and node equipment | |
| US20150350196A1 (en) | Terminal authentication system, server device, and terminal authentication method | |
| CN112491846A (en) | Cross-chain block chain communication method and device | |
| GB2623015A (en) | Internet-of-vehicles communication security authentication method, system and device based on national cryptographic algorithm | |
| CN110268679B (en) | Block chain-based authentication method and system | |
| CN111614621B (en) | Internet of things communication method and system | |
| Othman et al. | Physically secure lightweight and privacy-preserving message authentication protocol for VANET in smart city | |
| CN112822255B (en) | Block chain-based mail processing method, mail sending end, receiving end and equipment | |
| CN110781140B (en) | Method, device, computer equipment and storage medium for signing data in blockchain | |
| EP3808025A1 (en) | Decentralised authentication | |
| CN109039656A (en) | SM9 Combination with Digital endorsement method, device and computer equipment | |
| US20230128131A1 (en) | Protecting Application Private Keys with Remote and Local Security Controllers and Local MPC Key Generation | |
| CN115883646A (en) | Cross-chaining method, system, storage medium and server | |
| Wang et al. | A data reporting protocol with revocable anonymous authentication for edge-assisted intelligent transport systems | |
| Chen et al. | Provable secure group key establishment scheme for fog computing | |
| CN114866244B (en) | Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption | |
| CN114208109A (en) | Method for establishing secure data communication for a processing device, trust module for generating a cryptographic key, and field device | |
| Aslam et al. | One-way-linkable blind signature security architecture for VANET | |
| Kwon et al. | Certificate transparency with enhanced privacy | |
| CN110572257B (en) | Identity-based data source identification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |