Disclosure of Invention
In view of the above, the invention provides a strategic method and a strategic system based on a multi-path cooperator of block chain nodes, wherein the strategic method and the strategic system cooperate to complete signature operation in the block chain node authentication process, so that the signature security is improved.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for policing a blockchain node-based multipath coordinator, comprising the steps of:
initializing a generating method, a cooperator and a public parameter set;
generating a random index parameter, and selecting a signature strategy under the matching of the index parameter from a strategy index space constructed in advance;
under the signature strategy, the method and the assistant respectively generate respective private keys and cooperatively generate matched public keys and signature factor parameters;
and signing the data to be signed based on the signing factor parameters to obtain a final signing result, and verifying the signing result by using the public key.
Further, the pre-constructed policy index space is represented as { R1, R2, R3, R4}, and represents that R1 pieces of the method and R2 pieces of the cooperators are selected, R3 pieces of signature random numbers are generated by the method, R4 pieces of signature random numbers are generated by the cooperators, R1 pieces of the method and R2 pieces of cooperators adopt R3 pieces of signature random numbers and R4 pieces of signature random numbers respectively, and different signature policies are adopted to cooperatively carry out the construction of a complete private key, the construction of a signature public key and the construction of a random point Q, so that the index space of all signature policies is finally formed.
Further, the method and the assistant generate respective private keys sk respectively i And sk j And performing modulo addition and modulo inversion calculation to obtain a complete private key sk, wherein the generation of the private key sk comprises four strategy modes, and the strategy modes are expressed as an array: sk_array= { sk,1+sk, (1+sk) -1 ,sk -1 };
Wherein sk i Representing the private key generated by the ith party; sk (sk) j Representing a private key generated by the jth party;
under the mth policy mode, calculating pk_array [ m ] =sk_array [ m ] ×g to obtain matched public keys, wherein the matched public keys under the four policy modes are expressed as an array:
pk_array={pk,pk_add1,pk_add1_exp1,pk_exp1};
where m=1, 2,3,4, sk_array [ m ] represents the mth element in the array sk_array, and G represents the base point on the SM2 elliptic curve.
Further, the calculation mode of the public key comprises a multiplication combination and an addition combination, wherein the multiplication combination comprises the following calculation modes:
pk ij =(sk i *sk j -1)*G
pk ij =((sk i *sk j ) -1 -1)G
pk ij =(ski * sk j +sk i +sk j )*G
pk ij =((sk i +1) -1 *(sk j +1) -1 -1)*G
the calculation mode of the addition combination is as follows:
pk ij =((sk i +sk j ) -1 -1)*G
wherein i is more than 0 and less than or equal to R1, and j is more than 0 and less than or equal to R2; sk (sk) i Representing the private key generated by the ith party; sk (sk) j Representing a private key generated by the jth party; pk (pk) ij Representing a public key cooperatively generated by an ith party and a jth party; g represents a base point on the SM2 elliptic curve.
Further, the signature factor generation process includes:
the method and the assistant respectively generate one or more random numbers, and the coordinates of random points are determined according to the random numbers;
and calculating the data to be signed by using the random point coordinates to obtain signature factor parameters.
Further, the calculation mode of the random point Q coordinate comprises a multiplication combination and an addition combination, wherein the multiplication combination comprises the following steps:
only signature factor:
Q kl =(q k *q l +q l+1 )*G
Q kl =((q k +q l )*q l+1 )*G
wherein q k Represents the kth random number, q, generated by the method l Represents the first random number, q, generated by the co-party l+1 Representing the first +1st random number generated by the assistant;
public key factor-carrying model: in the mode, k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4;
Q kl =(q k *q l )*pk i +q l+1 *G
Q kl =(q k *q l )*pk_add1 i +q l+1 *G
Q kl =(q k *q l )*pk_add1_exp1 i +q l+1 *G
Q kl =(q k *q l )*pk_exp1 i +q l+1 *G
wherein pk is i 、pk_add1 i 、pk_add1_exp1 i And pk_exp1 i The public key factors under different strategies are respectively;
the calculation mode of the addition combination is as follows:
Q kl =(q k +q l )*G
wherein k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4.
Further, the calculating process of the signature factor parameter includes:
taking the random point Q coordinates (x 1, y 1) calculated under the final selection strategy, and carrying out modulo addition calculation on the data e to be signed to obtain a first signature factor parameter R:
R=e+x1;
calculate the second signature factor parameter s= (1+sk) -1 *(q+R)-R;
Where sk represents the full private key; q represents the final random number of the signature process;
and obtaining a final signature result sign= (R, S) according to the first signature factor parameter and the second signature factor parameter.
Further, the final random number q in the signature process is calculated according to the random numbers generated by the method and the assistant, and the calculation modes comprise a plurality of modes respectively:
only signature factor:
q kl =q k *q l +q l+1
q kl =(q k +q l )*q l+1
public key factor-carrying model:
q kl =(q k *q l )*sk i +q l+1
q kl =(q k *q l )*(1+sk i )+q l+1
q kl =(q k *q l )*(sk i +1) -1 +q l+1
q kl =(q k *q l )*sk i -1 +q l+1
adding and combining, wherein k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4:
q kl =q k +q l 。
further, (1+sk) in the second signature factor S -1 The calculation method of sk_ad1_exp1, sk_ad1_exp1 includes the following:
sk_add1_exp1=(1+sk) -1 =(1+sk i *sk j ) -1 =sk i -1 *sk j -1
sk_add1_exp1=(1+sk) -1 =(1+sk i -1 *sk j -1 -1) -1 =sk i *sk j
sk_add1_exp1=(1+sk) -1 =(1+sk i *sk j +sk i +sk j ) -1 =(sk i +1) -1 *(sk j +1) -1
sk_add1_exp1=(1+sk) -1 =(1+(sk i +1) -1 *(sk j +1) -1 -1) -1 =(sk i +1)*(sk j +1)
sk_add1_exp1=(1+sk) -1 =(1+((sk i +sk j ) -1 -1) -1 =(sk i +sk j )。
in a second aspect, the present invention provides a system for policing based on a blockchain node multipath partner, which is applicable to the above method for policing based on a blockchain node multipath partner, and includes:
the initialization module is used for initializing the generating party, the assistant party and the public parameter set;
the operation module is used for generating random index parameters and selecting signature strategies under the matching of the index parameters from a strategy index space constructed in advance; under the signature strategy, the method and the assistant respectively generate respective private keys and cooperatively generate matched public keys and signature factor parameters;
signature output module: the signature method is used for signing the data to be signed based on the signature factor parameters to obtain a final signature result, and verifying the signature result by using the public key.
Compared with the prior art, the invention has the following beneficial effects:
in the block chain link point authentication process, digital signature protection is needed to authenticate the identity of a user, a partner is introduced to complete signature operation, digital signature is completed through signature strategic space mapping, under the condition that an attacker attacks one of the parties or the partner through guessing, information mastered by the attacker cannot attack the other parties or the partner, a complete key cannot be attacked, and therefore a general tool mode aiming at all strategies cannot be formed, and overall safety is guaranteed. Meanwhile, the configuration of the random number and protocol parameters in the policy introducing and co-party process is increased, the enhancement design of algorithm security is improved, and the risk of leakage of the secret key is reduced.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, the embodiment of the invention discloses a strategic method based on a blockchain node multipath cooperator, which comprises the following steps:
initializing a generating method, a cooperator and a public parameter set;
generating a random index parameter, and selecting a signature strategy under the matching of the index parameter from a strategy index space constructed in advance;
under the signature strategy, the method and the assistant respectively generate respective private keys and cooperatively generate matched public keys and signature factor parameters;
and signing the data to be signed based on the signing factor parameters to obtain a final signing result, and verifying the signing result by using the public key.
The method mainly comprises two processes of initialization and operation, wherein objects needing to be classified and authenticated are called parties, and objects with collaborative operation capability are called parties.
On the SM2 elliptic curve, G is a base point, P is a point, and d is a number; the G-radix is a fixed system parameter because all points on the elliptic curve are derived from a number and the G-point.
The problem is described in that the point P is simple by d×g, and the mathematical difficulty problem is that d is derived by P, so that an elliptic curve cryptography algorithm is designed, and the algorithm is proved to be safe.
The steps described above are further described in the following with reference to one specific example.
The method comprises the following steps:
s1, initializing a generating method, a cooperator and a public parameter set.
S2, generating random index parameters, and selecting a signature strategy under the matching of the index parameters from a strategy index space constructed in advance; under the signature strategy, the method and the assistant respectively generate respective private keys and cooperatively generate matched public keys and signature factor parameters.
The pre-constructed strategy index space is represented as { R1, R2, R3 and R4}, R1 parties and R2 parties are selected, the parties generate R3 signature random numbers and R4 signature random numbers, the R1 parties and the R2 parties respectively adopt the R3 signature random numbers and the R4 signature random numbers to cooperatively carry out the construction of a complete private key, the construction of a signature public key and the construction strategy of a random point Q, and finally the index space containing various signature strategies is formed.
During calculation, the ith party and the jth party carry out parameters of the kth signature random number and the ith signature random number, which are called one of the policy implementation.
In the embodiment of the invention, all possible strategy combination sets are constructed into a strategy index space, each signature strategy in the strategy index space corresponds to one index value, the signature strategy under the mapping of the corresponding index value is obtained in the index space according to the generated random index parameter R0, and the signature operation is executed according to the indexed signature strategy.
The method and the assistant respectively generate respective private keys sk i And sk j And performing modulo addition and modulo inversion calculation to obtain a complete private key sk, wherein the generation of the private key sk comprises four strategy modes, and the strategy modes are expressed as an array:
sk_array={sk,1+sk,(1+sk) -1 ,sk -1 };
under the mth policy mode, calculating pk_array [ m ] =sk_array [ m ] ×g to obtain matched public keys, wherein the matched public keys under the four policy modes are expressed as an array:
pk_array={pk,pk_add1,pk_add1_exp1,pk_exp1};
where m=1, 2,3,4, sk_array [ m ] represents the mth element in the array sk_array, and G represents the base point on the SM2 elliptic curve.
Specifically, the calculation mode of the public key comprises a multiplication combination and an addition combination, wherein the multiplication combination comprises the following calculation modes:
pk ij =(sk i *sk j -1)*G
pk ij =((sk i *sk j ) -1 -1)*G
pk ij =(sk i *sk j +sk i +sk j )*G
pk ij =((sk i +1) -1 *(sk j +1) -1 -1)*G
the calculation mode of the addition combination is as follows:
pk ij =((sk i +sk j ) -1 -1)*G
wherein i is more than 0 and less than or equal to R1, and j is more than 0 and less than or equal to R2; sk (sk) i Representing the private key generated by the ith party; sk (sk) j Representing a private key generated by the jth party; pk (pk) ij Representing a public key cooperatively generated by an ith party and a jth party; g represents a base point on the SM2 elliptic curve.
At the ith party and the jth party: the public key calculation can be completed by using the disclosure factor, and the first calculation mode is described by taking an example:
pk ij =(sk i *sk j -1)*G
=sk i *(sk j *G)-G
=sk_array(i)[0]*pk_array(j)[0]-G
thus, the ith party is based on its own private sk i And the pk_array (j) disclosed by the jth partner can complete pk ij Is calculated by the computer.
In the same way, the j+1th coordinator may complete:
pk j+1,ij =sk_array(j+1)[0]*pk ij -G
therefore, the multiple parties and the multiple parties can complete the calculation of the final public key under the condition that only the public key factors are disclosed.
(2) The construction process of the random point Q is as follows:
the method and the assistant respectively generate a random number, and the coordinates of the random points are determined according to the random number.
Specifically, the calculation mode of the random point coordinates comprises multiplication combination and addition combination, wherein the multiplication combination comprises the following steps:
only signature factor:
Q kl =(q k *q l +q l+1 )*G
Q kl =((q k +q l )*q l+1 )*G
wherein q k Represents the kth random number, q, generated by the method l Represents the first random number, q, generated by the co-party l+1 Representing the first +1st trace generated by the co-partyA machine number;
one party and one party may generate multiple random numbers, e.g., one party generates q k One party generates q l 、q l+1 Can be used as q k *q l +q l+1 In such a way that the present/co-party does not expose q k *q l Is attacked to the end result because q is not transmitted l+1 Is unable to deduce q l+1 A kind of electronic device.
Public key factor-carrying model: in the mode, k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4;
Q kl =(q k *q l )*pk i +q l+1 *G
Q kl =(q k *q l )*pk_add1 i +q l+1 *G
Q kl =(q k *q l )*pk_add1_exp1 i +q l+1 *G
Q kl =(q k *q l )*pk_exp1 i +q l+1 *G
wherein pk is i 、pk_add1 i 、pk_add1_exp1 i And pk_exp1 i The public key factors under different strategies are respectively; the public key factor of the method is introduced here, so that the method can complete the construction modes of various signature random numbers while improving the security complexity of the signature random numbers.
The calculation mode of the addition combination is as follows:
Q kl =(q k +q l )*G
wherein k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4.
(3) Construction of signature factor parameters
Taking the calculated random point Q coordinates (x 1, y 1) under the final selection strategy, and carrying out e-mode addition calculation on the data to be signed to obtain a first signature factor parameter R:
R=e+x1;
calculate the second signature factor parameter s= (1+sk) -1 *(q+R)-R;
Where sk represents the full private key; q represents the final random number of the signature process;
specifically, the final random number q in the signature process is calculated according to random numbers generated by the method and the assistant, and the calculation modes comprise a plurality of modes respectively:
only signature factor:
q kl =q k *q l +q l+1
q kl =(q k +q l )*q l+1
public key factor-carrying model:
q kl =(q k *q l )*sk i +q l+1
q kl =(q k *q l )*(1+sk i )+q l+1
q kl =(q k *q l )*(sk i +1) -1 +q l+1
q kl =(q k *q l )*sk i -1 +q l+1
adding and combining, wherein k is more than 0 and less than or equal to R3, and l is more than 1 and less than or equal to R4:
q kl =q k +q l 。
in the second signature factor S (1+sk) -1 The calculation method of sk_ad1_exp1, sk_ad1_exp1 includes the following:
sk_add1_exp1=(1+sk) -1 =(1+sk i *sk j ) -1 =sk i -1 *sk j -1
sk_add1_exp1=(1+sk) -1 =(1+sk i -1 *sk j -1 -1) -1 =sk i *sk j
sk_add1_exp1=(1+sk) -1 =(1+sk i *sk j +sk i +sk j ) -1 =(sk i +1) -1 *(sk j +1) -1
sk_add1_exp1=(1+sk) -1 =(1+(sk i +1) -1 *(sk j +1) -1 -1) -1 =(sk i +1)*(sk j +1)
sk_add1_exp1=(1+sk) -1 =(1+((sk i +sk j ) -1 -1) -1 =(sk i +sk j )。
s3, obtaining a final signature result sign= (R, S) according to the first signature factor parameter R and the second signature factor parameter S, wherein the final signature result sign= (R, S) can be obtained through a public key pk ij And finishing standard SM2 signature verification.
According to the method, under the condition of multi-path signature, through the introduction of the cooperative signature, an attacker cannot acquire information of other path keys through the process data even if the attacker attacks one path of keys.
Meanwhile, strategic random number parameter configuration is adopted, and the width of the configuration parameter is L=256 bits; if an attacker attacks one group of data through guessing, because the attacker is one group in 2A 256 in the configuration, a universal attack tool cannot be formed, and the attacker attacks any other group of signature data, so that the security of a signature link is effectively ensured.
As shown in fig. 2, the embodiment of the present invention further provides a system for policing based on a blockchain node multipath partner, which is suitable for the above method for policing based on a blockchain node multipath partner, including:
the initialization module is used for initializing the generating party, the assistant party and the public parameter set;
the operation module is used for generating random index parameters and selecting signature strategies under the matching of the index parameters from a strategy index space constructed in advance; under the signature strategy, the method and the assistant respectively generate respective private keys and cooperatively generate matched public keys and signature factor parameters;
and the signature output module is used for signing the data to be signed based on the signature factor parameters to obtain a final signature result, and verifying the signature result by using the public key.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.