TWI734087B - Signature system based on homomorphic encryption and method thereof - Google Patents

Signature system based on homomorphic encryption and method thereof Download PDF

Info

Publication number
TWI734087B
TWI734087B TW108109272A TW108109272A TWI734087B TW I734087 B TWI734087 B TW I734087B TW 108109272 A TW108109272 A TW 108109272A TW 108109272 A TW108109272 A TW 108109272A TW I734087 B TWI734087 B TW I734087B
Authority
TW
Taiwan
Prior art keywords
private key
signature
value
server
homomorphic encryption
Prior art date
Application number
TW108109272A
Other languages
Chinese (zh)
Other versions
TW202036346A (en
Inventor
莊治耘
陳昶吾
林祐德
Original Assignee
開曼群島商現代財富控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 開曼群島商現代財富控股有限公司 filed Critical 開曼群島商現代財富控股有限公司
Priority to TW108109272A priority Critical patent/TWI734087B/en
Publication of TW202036346A publication Critical patent/TW202036346A/en
Application granted granted Critical
Publication of TWI734087B publication Critical patent/TWI734087B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A signature system based on homomorphic encryption and method thereof is disclosed. By executing a secret sharing algorithm to generate a plurality of private shares through a server, and encrypting the private shares according to a homomorphic encryption public key to generate a plurality of corresponding private key encryption shares, so as to use a homomorphic encryption private key to decrypt the result of directly calculated by the private key encryption shares for getting a correct signature message when performing signature calculation on the server. The mechanism is help to prevent the safety of the private key.

Description

基於同態加密的簽章系統及其方法Signature system and method based on homomorphic encryption

本發明涉及一種簽章系統及其方法,特別是基於同態加密的簽章系統及其方法。The invention relates to a signature system and a method thereof, in particular to a signature system and a method based on homomorphic encryption.

近年來,隨著政府、組織及民眾等對資訊安全的重視,各種基於電子簽章(以下簡稱簽章)的應用便如雨後春筍般出現。然而,如何確保簽章的私鑰安全性一直是各家廠商亟欲解決的問題之一。In recent years, as governments, organizations, and people attach importance to information security, various applications based on electronic signatures (hereinafter referred to as signatures) have sprung up. However, how to ensure the security of the private key of the signature has always been one of the problems that various manufacturers urgently want to solve.

一般而言,簽章是指使用私鑰(Private Key)對資料簽名,所以私鑰的安全性便十分重要,倘若私鑰外洩被未獲授權者取得,那麼,未獲授權者便可使用此私鑰對資料進行簽名達到偽造簽名的效果。實際上,為了維護私鑰的安全性,私鑰通常會先經過加密後再進行儲存,如:儲存在資料庫、以檔案形式儲存,或是利用硬體安全模組(Hardware Security Module, HSM)來儲存。然而,上述方式存在一個共同的問題,即:沒有辦法防止記憶體傾印(Memory Dump)攻擊,因為在某些時間點上,私鑰會被解密並讀取至記憶體中,這時候未獲授權者便可透過記憶體傾印從記憶體中竊取私鑰。Generally speaking, signing refers to the use of a private key to sign data, so the security of the private key is very important. If the private key is leaked and obtained by an unauthorized person, then the unauthorized person can use it. This private key signs the data to achieve the effect of forging the signature. In fact, in order to maintain the security of the private key, the private key is usually encrypted and then stored, such as: stored in a database, stored in the form of a file, or using a hardware security module (Hardware Security Module, HSM) To store. However, the above methods have a common problem, that is: there is no way to prevent Memory Dump attacks, because at some point in time, the private key will be decrypted and read into the memory, which is not obtained at this time. The authorized person can steal the private key from the memory through memory dumping.

有鑑於此,便有廠商提出門檻式簽章的技術,其透過多個私鑰共同進行簽章,當簽章的數量達到門檻時,才代表簽章有效。如此一來,可以降低單一使用者的私鑰外洩所造成的影響,有效增加記憶體傾印攻擊的困難度。然而,由於此方式同樣會使各自的私鑰存在於各自的記憶體中,故此方式仍然無法有效避免私鑰遭到記憶體傾印攻擊,進而導致私鑰安全性不足的問題。In view of this, some manufacturers have proposed a threshold-type signature technology, which uses multiple private keys to jointly perform the signature. When the number of signatures reaches the threshold, the signature is valid. In this way, the impact caused by the leakage of a single user's private key can be reduced, and the difficulty of a memory dump attack can be effectively increased. However, since this method also causes the respective private keys to exist in their respective memory, this method still cannot effectively prevent the private key from being attacked by memory dumping, which leads to the problem of insufficient private key security.

綜上所述,可知先前技術中長期以來一直存在私鑰安全性不足之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has always had the problem of insufficient private key security for a long time. Therefore, it is necessary to propose improved technical means to solve this problem.

本發明揭露一種基於同態加密的簽章系統及其方法。The invention discloses a signature system and method based on homomorphic encryption.

首先,本發明揭露一種基於同態加密的簽章系統,此系統包含:客戶端及伺服端。其中,所述客戶端用以傳送私鑰請求及交易請求;所述伺服端包含:第一金鑰生成模組、第二金鑰生成模組、雜湊模組、計算模組及簽章模組。所述第一金鑰生成模組用以生成同態加密公鑰及其對應的同態加密私鑰;第二金鑰生成模組連接第一金鑰生成模組,用以在接收到私鑰請求後,生成對應客戶端的私鑰且分割成多個私鑰共享單元,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間;雜湊模組用以在接收到來自客戶端的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值;計算模組連接雜湊模組及第二金鑰生成模組,用以自儲存空間載入相應客戶端的私鑰共享加密單元,並且根據隨機值及基點(Base Point)計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值;簽章模組連接計算模組,用以根據同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章。First, the present invention discloses a signature system based on homomorphic encryption, which includes a client and a server. Wherein, the client is used to send a private key request and a transaction request; the server includes: a first key generation module, a second key generation module, a hash module, a calculation module, and a signature module . The first key generation module is used to generate a homomorphic encryption public key and its corresponding homomorphic encryption private key; the second key generation module is connected to the first key generation module for receiving the private key After the request, the private key corresponding to the client is generated and divided into multiple private key sharing units, and each private key sharing unit is encrypted with the homomorphic encryption public key to generate the corresponding private key sharing encryption unit, and the The private key shared encryption unit is stored in different storage spaces; the hash module is used to generate a transaction message according to the transaction request when receiving a transaction request from the client, and hash the transaction message to generate a hash value of the transaction message; calculation module The group connects the hash module and the second key generation module to load the corresponding client's private key shared encryption unit from the storage space, and calculate the X coordinate in the curve point coordinates based on the random value and the base point, and Calculate the encrypted signature value according to the random value, the hash value of the transaction message, the private key shared encryption unit and the X coordinate; the signature module is connected to the calculation module to decrypt the encrypted signature value according to the homomorphic encryption private key to generate the signature Chapter value, and generate a signature message based on the X coordinate and the signature value, and embed the signature message in the transaction message to complete the signature.

另外,本發明揭露一種基於同態加密的簽章方法,應用在具有客戶端及伺服端的網路環境中,其步驟包括:客戶端傳送私鑰請求至伺服端;伺服端接收到私鑰請求後,生成對應客戶端的私鑰且分割成多個私鑰共享單元;伺服端生成同態加密公鑰及其對應的同態加密私鑰,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間;當伺服端接收到來自客戶端的交易請求時,根據此交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值;伺服端自儲存空間載入相應客戶端的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值;以及伺服端以同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章。In addition, the present invention discloses a signature method based on homomorphic encryption, which is applied in a network environment with a client and a server. The steps include: the client sends a private key request to the server; after the server receives the private key request , Generate the private key corresponding to the client and divide it into multiple private key sharing units; the server generates a homomorphic encryption public key and its corresponding homomorphic encryption private key, and performs a homomorphic encryption public key on each private key sharing unit Encrypt to generate corresponding private key shared encryption units, and store the private key shared encryption units in different storage spaces; when the server receives a transaction request from the client, it generates a transaction message according to the transaction request, and The transaction message is hashed to generate the transaction message hash value; the server loads the corresponding client's private key shared encryption unit from the storage space, and calculates the X coordinate in the curve point coordinates based on the random value and base point, and based on the random value and transaction message The hash value, the private key shared encryption unit and the X coordinate calculate the encrypted signature value; and the server decrypts the encrypted signature value with the homomorphic encryption private key to generate the signature value, and generates the signature based on the X coordinate and the signature value Message, and embed the signature message into the transaction message to complete the signature.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過伺服端執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息。The system and method disclosed in the present invention are as above. The difference from the prior art is that the present invention uses a server to execute a secret sharing algorithm to generate multiple private key sharing units, and uses a homomorphic encryption public key to pair the private key sharing units. Encryption is performed to generate the corresponding private key shared encryption unit, so that when the server performs the signature calculation, the homomorphic encryption private key is used to decrypt the result of the calculation directly with the private key shared encryption unit, and then the correct signature message can be obtained.

透過上述的技術手段,本發明可以達成提高私鑰安全性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the security of the private key.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The following describes the implementation of the present invention in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.

在說明本發明所揭露之基於同態加密的簽章系統及其方法之前,先對本發明所自行定義的名詞作說明,本發明所述的各種「共享單元(Share)」,如:「私鑰共享單元」,是指將私鑰經過秘密共享演算法,如:沙米爾秘密共享(Shamir’s Secret Sharing, SSS)演算法所分解出的各部分,或是執行秘密共享演算法,如:聯合隨機秘密共享(Joint Random Secret Sharing, JRSS)演算法的過程中,進行計算時所需的元素,這些元素會在執行安全多方運算(Secure Multi-Party Computation, SMC/MPC)時,在不同的節點主機之間進行相互交換,並且用來共同計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章訊息(或稱為「簽名」),即:「(r, s)」,其中,「r」為曲線點座標中的X座標,「s」為透過插值法(如:拉格朗日插值法)計算出的簽章值。另外,所述「私鑰共享加密單元」是指經過同態加密公鑰加密過的私鑰共享單元,在實際實施上,私鑰共享單元可在私鑰共享加密單元生成並儲存後立即刪除,後續皆由伺服端直接使用加密狀態下的私鑰共享加密單元進行計算,再透過同態加密私鑰對計算結果進行解密以便獲得簽章訊息中的簽章值。Before describing the signature system and method based on homomorphic encryption disclosed in the present invention, the self-defined terms of the present invention will be explained. The various "shares" mentioned in the present invention, such as: "private key" "Sharing unit" refers to the parts that pass the private key through a secret sharing algorithm, such as: Shamir's Secret Sharing (SSS) algorithm, or perform a secret sharing algorithm, such as: joint random secret In the process of sharing (Joint Random Secret Sharing, JRSS) algorithm, the elements required for calculation will be performed on different node hosts when performing Secure Multi-Party Computation (SMC/MPC). Exchange between them and jointly calculate the signature message (or “signature”) that conforms to the signature format of the Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), namely: "(r, s)", where "r" is the X coordinate of the curve point coordinates, and "s" is the signature value calculated by interpolation (such as Lagrangian interpolation). In addition, the "private key sharing encryption unit" refers to a private key sharing unit encrypted by a homomorphic public key. In actual implementation, the private key sharing unit can be deleted immediately after the private key sharing encryption unit is generated and stored. Subsequent calculations are performed by the server directly using the private key sharing encryption unit in the encrypted state, and then the calculation result is decrypted by the homomorphic encryption private key to obtain the signature value in the signature message.

以下配合圖式對本發明基於同態加密的簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於同態加密的簽章系統的系統方塊圖,此系統包含:客戶端110及伺服端120。其中,客戶端110用以透過網路130傳送私鑰請求及交易請求至伺服端120。在實際實施上,客戶端110在伺服端120建立帳戶時,會傳送私鑰請求以便產生與客戶端110相應的金鑰,如:同態加密公鑰、同態加密私鑰、私鑰共享單元、私鑰共享加密單元等等。當客戶端110欲透過伺服端120進行交易時,會傳送交易請求,使伺服端120根據此交易請求生成相應的交易訊息,並且由伺服端120根據客戶端110的私鑰共享單元計算出格式符合ECDSA的簽章訊息,以便嵌入此交易訊息進而完成簽章。所述交易請求可包含來源地址,如:客戶端110的區塊鏈地址(或稱為「帳戶地址」),以便伺服端120能夠根據此來源地址自儲存空間(例如:資料庫)中查詢出相應客戶端110的私鑰共享加密單元,用以作為計算簽章訊息之用,稍後將對簽章訊息的計算方式作詳細說明。The following is a further description of the signature system and method based on homomorphic encryption of the present invention with the drawings. Please refer to "Figure 1" first. "Figure 1" is a system block diagram of the signature system based on homomorphic encryption of the present invention. , This system includes: a client 110 and a server 120. Among them, the client 110 is used to send a private key request and a transaction request to the server 120 via the network 130. In actual implementation, when the client 110 creates an account on the server 120, it will send a private key request to generate a key corresponding to the client 110, such as: homomorphic encryption public key, homomorphic encryption private key, private key sharing unit , Private key sharing encryption unit, etc. When the client 110 wants to conduct a transaction through the server 120, it will send a transaction request so that the server 120 generates a corresponding transaction message according to the transaction request, and the server 120 calculates the format according to the private key sharing unit of the client 110 ECDSA's signature message, in order to embed this transaction message to complete the signature. The transaction request may include a source address, such as the blockchain address (or "account address") of the client 110, so that the server 120 can query the storage space (for example, the database) according to the source address The private key sharing encryption unit of the corresponding client 110 is used for calculating the signature message. The calculation method of the signature message will be described in detail later.

伺服端120包含:第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123、計算模組124及簽章模組125,其中,第一金鑰生成模組121用以生成同態加密公鑰及其對應的同態加密私鑰,例如:根據同態加密演算法生成同態加密公鑰「EA ()」及其對應的同態加密私鑰「DA ()」。在實際實施上,所述同態加密演算法可使用加法同態(例如:Paillier)或全同態(Fully Homomorphic)的方式來實現。The server 120 includes: a first key generation module 121, a second key generation module 122, a hash module 123, a calculation module 124, and a signature module 125. Among them, the first key generation module 121 uses To generate the homomorphic encryption public key and its corresponding homomorphic encryption private key, for example: according to the homomorphic encryption algorithm to generate the homomorphic encryption public key "E A ()" and its corresponding homomorphic encryption private key "D A ( )". In actual implementation, the homomorphic encryption algorithm can be implemented in an additive homomorphic (for example: Paillier) or a fully homomorphic (Fully Homomorphic) manner.

第二金鑰生成模組122連接第一金鑰生成模組121,用以在接收到私鑰請求後,生成對應客戶端110的私鑰且分割成多個私鑰共享單元,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間。在實際實施上,秘密共享演算法可包含SSS演算法、布萊克利秘密共享(Blakley’s Secret Sharing, BSS)演算法及JRSS演算法等等。以SSS演算法為例,可以將私鑰分解為多個私鑰共享單元「Sdi 」,其中,「i」代表第i個私鑰共享單元。接著,使用同態加密公鑰「EA ()」將這些私鑰共享單元「Sdi 」進行加密成為相應的私鑰共享加密單元「EA (Sdi )」,並且將其儲存至不同的儲存空間,如:不同的資料庫。另外,以JRSS演算法為例,可透過MPC生成對應客戶端110的私鑰的多個私鑰共享單元,稍後將配合圖式作詳細說明。如此一來,即便有人取得足夠數量的私鑰共享加密單元「EA (Sdi )」,並且對其直接進行插值計算也無法得到真正的私鑰,而是會得到加密過的私鑰,有效提高私鑰的安全性。另外,假設伺服端120為叢集架構包含不同的節點主機,由於在不同節點主機上會認得私鑰共享單元是來自於某一個私鑰所分割的(即:會有參數提供),因此節點主機會使用相同的同態加密公鑰加密。具體實施上,可透過查表的方式來實現。每個節點主機都建立一個同態加密的公鑰私鑰對應表。當偵測到是來自於同一個私鑰的私鑰共享單元時,會調用同一組公鑰去加密私鑰共享單元。The second key generation module 122 is connected to the first key generation module 121 to generate a private key corresponding to the client 110 after receiving the private key request and divide it into multiple private key sharing units, and homomorphic The encryption public key encrypts each private key sharing unit to generate a corresponding private key shared encryption unit, and stores the private key shared encryption unit in different storage spaces. In actual implementation, the secret sharing algorithm may include the SSS algorithm, the Blakley's Secret Sharing (BSS) algorithm, the JRSS algorithm, and so on. Taking the SSS algorithm as an example, the private key can be decomposed into multiple private key sharing units "Sd i ", where "i" represents the i-th private key sharing unit. Then, use the homomorphic encryption public key "E A ()" to encrypt these private key sharing units "Sd i " into the corresponding private key sharing encryption unit "E A (Sd i )", and store them in different Storage space, such as: different databases. In addition, taking the JRSS algorithm as an example, multiple private key sharing units corresponding to the private key of the client 110 can be generated through MPC, which will be described in detail later in conjunction with the diagram. In this way, even if someone obtains a sufficient number of private keys to share the encryption unit "E A (Sd i )" and directly performs interpolation calculations on them, they cannot get the real private key. Instead, they will get the encrypted private key, which is effective. Improve the security of the private key. In addition, assuming that the server 120 contains different node hosts for the cluster architecture, it is recognized that the private key sharing unit is derived from a certain private key (that is, there will be parameters provided) on different node hosts, so the node hosts will Use the same homomorphic encryption public key for encryption. In terms of specific implementation, it can be achieved by looking up a meter. Each node host establishes a homomorphic encrypted public key private key correspondence table. When a private key sharing unit from the same private key is detected, the same set of public keys will be used to encrypt the private key sharing unit.

雜湊模組123用以在接收到來自客戶端110的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值。在實際實施上,假設要進行區塊鏈交易,那麼便會根據交易請求生成符合區塊鏈資料格式的交易訊息,所述區塊鏈資料格式包含比特幣(Bitcoin)區塊鏈、以太坊(Ethereum)區塊鏈或其它相似區塊鏈的資料格式。舉例來說,假設區塊鏈資料格式為比特幣區塊鏈,那麼會根據交易請求生成符合比特幣的交易資料格式的交易訊息,假設區塊鏈資料格式為以太坊區塊鏈,則會根據交易請求生成符合以太坊的交易資料格式的交易訊息。另外,文中所述雜湊是指使用安全雜湊演算法(Secure Hash Algorithm, SHA),如:SHA3、SHA256、或其相似演算法進行計算。The hash module 123 is used to generate a transaction message according to the transaction request when receiving a transaction request from the client 110, and hash the transaction message to generate a hash value of the transaction message. In actual implementation, assuming that a blockchain transaction is to be performed, a transaction message conforming to the blockchain data format will be generated according to the transaction request. The blockchain data format includes the Bitcoin blockchain and Ethereum ( Ethereum) blockchain or other similar blockchain data format. For example, if the blockchain data format is the Bitcoin blockchain, then a transaction message conforming to the Bitcoin transaction data format will be generated according to the transaction request. If the blockchain data format is the Ethereum blockchain, it will be based on The transaction request generates a transaction message that conforms to the transaction data format of Ethereum. In addition, the hash mentioned in the article refers to the use of Secure Hash Algorithm (SHA), such as SHA3, SHA256, or similar algorithms for calculation.

計算模組124連接雜湊模組123及第二金鑰生成模組122,用以自儲存空間載入相應客戶端110的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值。舉例來說,假設載入多個私鑰共享加密單元「EA (Sdi )」,經過拉格朗日插值計算後可得到加密過的私鑰「EA (d)」,接著,選擇隨機值「k」(即:1 ≤ k ≤ q-1)計算其倒數再乘以基點「G」且對「q」取餘數以作為曲線點座標「(Rx , Ry )」,即:「(Rx , Ry )  = k-1 G mod q」,其中,「q」為基數(Cardinality),所述基數「q」及基點「G」皆為橢圓曲線的域參數(Domain Parameter)。接下來,將曲線點座標的X座標「Rx 」作為「r」(即:「r = Rx 」),以及將交易訊息雜湊值作為「e」,用以計算出加密簽章值「s’」,例如:「s’ = EA (k)e * EA (d)r*k mod q」,其中,「EA (k)」為使用同態加密公鑰加密後的隨機值「k」。The calculation module 124 is connected to the hash module 123 and the second key generation module 122 to load the private key shared encryption unit of the corresponding client 110 from the storage space, and calculate the X in the curve point coordinates based on the random value and the base point Coordinates, and calculate the encrypted signature value based on the random value, the hash value of the transaction message, the private key shared encryption unit and the X coordinate. For example, suppose to load multiple private key sharing encryption unit "E A (Sd i )", after Lagrangian interpolation calculation, the encrypted private key "E A (d)" can be obtained, and then select a random The value "k" (ie: 1 ≤ k ≤ q-1) calculates its reciprocal and multiplies it by the base point "G" and takes the remainder of "q" as the curve point coordinate "(R x , R y )", that is: " (R x , R y ) = k -1 G mod q”, where “q” is the cardinality, and the cardinality “q” and the base point “G” are both Domain Parameter of the elliptic curve. Next, use the X coordinate "R x "of the curve point coordinates as "r" (ie: "r = R x ") and the hash value of the transaction message as "e" to calculate the encrypted signature value "s '", for example: "s' = E A (k) e * E A (d) r*k mod q", where "E A (k)" is the random value encrypted by the homomorphic encryption public key "k".

簽章模組125連接計算模組124,用以根據同態加密私鑰「DA ()」對加密簽章值「s’」進行解密以生成簽章值「s」,即:「s = DA (s’)」,並且根據X座標(即:「r」)及簽章值(即:「s」)生成簽章訊息「(r, s)」,以及將簽章訊息「(r, s)」嵌入交易訊息以完成簽章。特別要說明的是,假設「r」及「s」其中之一為數值零,那麼,需要重新進行計算,也就是說,重新對交易訊息進行雜湊及重新選擇隨機值,以便重新計算出新的數值「r」及「s」,直到這兩個數值皆不為數值零為止。The signature module 125 is connected to the calculation module 124 to decrypt the encrypted signature value “s'” according to the homomorphic encryption private key “D A ()” to generate the signature value “s”, namely: “s = D A (s')" and generate the signature message "(r, s)" based on the X coordinate (ie: "r") and the signature value (ie: "s"), and the signature message "(r , s)" to embed the transaction message to complete the signature. In particular, if one of "r" and "s" is zero, then it needs to be recalculated, that is to say, re-cash the transaction information and re-select the random value in order to recalculate the new value The values "r" and "s" until these two values are not the value zero.

另外,所述伺服端120除了可在一台主機上包含上述各模組之外,還可將各模組實現在伺服端120所包含的不同主機上,舉例來說,伺服端120可包含前端主機及節點主機,所述節點主機為伺服端120的叢集節點,並且與伺服端120的前端主機連接,所述第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123、計算模組124及簽章模組125則可分別設置在前端主機及節點主機,甚至同一個模組可以一部分設置在前端主機,另一部分則設置在節點主機。以第二金鑰生成模組122一部分設置在前端主機,另一部分設置在節點主機為例,在執行SSS演算法的情況下,可以由前端主機將分割後的私鑰共享單元傳送至節點主機使用,以便節點主機使用同態加密公鑰對其進行加密,進而成為相應的私鑰共享加密單元,以及自節點主機接收加密簽章值以透過同態加密私鑰進行解密。在實際實施上,節點主機均預先設置相同的秘密共享參數,此秘密共享參數包含橢圓曲線、質數、基數、基點及階數等等的數值,以供執行秘密共享演算法之用,實際上,可以使用ECDSA這個通用演算法在 「Secp256k1」 這條曲線上的參數作為秘密共享參數。另外,客戶端110傳送的私鑰請求可包含門檻值及總數值,以便伺服端120選擇與總數值相同數量的節點主機執行秘密共享演算法,使每一節點主機各自選擇隨機多項式進行計算及交換計算結果以生成私鑰共享單元,以及共同計算簽章訊息,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數。如此一來,便可以在節點主機上執行JRSS演算法生成相應私鑰的多個私鑰共享單元,而非如SSS演算法需要事先產生一個私鑰,再將此私鑰拆解成多個私鑰共享單元。藉由此方式能夠完全避免實際生成私鑰,有效防止記憶體傾印攻擊。在另一實施例中,前端主機可包含第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123及簽章模組125;節點主機可包含計算模組124,以便由前端主機將生成的私鑰共享加密單元分別傳送至不同的節點主機進行儲存及計算,並且接收節點主機所計算出的加密簽章值後,使用同態加密私鑰對其進行解密並生成簽章訊息。特別要說明的是,雖然本發明以上述舉例說明各模組實現在伺服端120所包含的不同主機的方式,然本發明並不以此為限,任何能夠實現各模組的裝置、架構或環境皆不脫離本發明的應用範疇。In addition, the server 120 may not only include the above-mentioned modules on one host, but also implement the modules on different hosts included in the server 120. For example, the server 120 may include a front-end A host and a node host. The node host is a cluster node of the server 120 and is connected to the front-end host of the server 120. The first key generation module 121, the second key generation module 122, and the hash module 123, the computing module 124, and the signing module 125 can be set on the front-end host and the node host respectively, and even the same module can be set on the front-end host and the other part on the node host. Taking part of the second key generation module 122 set in the front-end host and the other part set in the node host as an example, the front-end host can transmit the split private key sharing unit to the node host for use when the SSS algorithm is executed. , So that the node host uses the homomorphic encryption public key to encrypt it, and then becomes the corresponding private key shared encryption unit, and receives the encrypted signature value from the node host to decrypt it through the homomorphic encryption private key. In actual implementation, the node hosts all set the same secret sharing parameters in advance. The secret sharing parameters include elliptic curve, prime number, cardinality, base point and order, etc., for the purpose of executing the secret sharing algorithm. In fact, The parameters on the curve "Secp256k1" of ECDSA, a general algorithm, can be used as secret sharing parameters. In addition, the private key request sent by the client 110 may include a threshold value and a total value, so that the server 120 selects the same number of node hosts as the total value to execute the secret sharing algorithm, so that each node host selects a random polynomial for calculation and exchange. The calculation result is used to generate the private key sharing unit and jointly calculate the signature message, wherein the threshold value is less than or equal to the total value, and both the threshold value and the total value are positive integers greater than the value 1. In this way, it is possible to execute the JRSS algorithm on the node host to generate multiple private key sharing units of the corresponding private key, instead of generating a private key in advance for the SSS algorithm, and then disassembling the private key into multiple private keys. Key sharing unit. In this way, the actual generation of the private key can be completely avoided, and the memory dump attack can be effectively prevented. In another embodiment, the front-end host may include a first key generation module 121, a second key generation module 122, a hash module 123, and a signature module 125; the node host may include a computing module 124 to The front-end host transmits the generated private key shared encryption unit to different node hosts for storage and calculation, and after receiving the encrypted signature value calculated by the node host, it decrypts it with the homomorphic encryption private key and generates the signature Chapter message. It should be particularly noted that although the present invention uses the above examples to illustrate the manner in which each module is implemented in the different hosts included in the server 120, the present invention is not limited to this, and any device, architecture, or structure that can implement each module The environment does not deviate from the scope of application of the present invention.

特別要說明的是,在實際實施上,本發明所述的各模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時信號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光信號)、或者通過電線傳輸的電信號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。計算機可讀程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that, in actual implementation, each module described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, each module can be It can be implemented by software and hardware or one of them. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, System on Chip (SoC), Complex Programmable Logic Device (CPLD), Field Programmable Gate Array (FPGA), etc. are implemented. The invention can be a system, a method and/or a computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for enabling a processor to implement various aspects of the present invention. The computer-readable storage medium may be a tangible that can hold and store instructions used by an instruction execution device. equipment. The computer-readable storage medium can be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. The computer-readable storage medium used herein is not interpreted as the instantaneous signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, optical signals through fiber optic cables), or through wires Transmission of electrical signals. In addition, the computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded via a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. To an external computer device or external storage device. The network may include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network, and forwards the computer-readable program instructions for storage in the computer-readable storage medium in each computing/processing device middle. The computer program instructions that perform the operations of the present invention can be combined language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as C language or similar programming language. Computer-readable program instructions can be executed entirely on the computer, partly on the computer, executed as a stand-alone software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server Executed on.

請參閱「第2圖」,「第2圖」為本發明基於同態加密的簽章方法的方法流程圖,應用在具有客戶端110及伺服端120的網路環境中,其步驟包括:客戶端110傳送私鑰請求至伺服端120(步驟210);伺服端120接收到私鑰請求後,生成對應客戶端110的私鑰且分割成多個私鑰共享單元(步驟220);伺服端120生成同態加密公鑰及其對應的同態加密私鑰,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將私鑰共享加密單元分別儲存至不同的多個儲存空間(步驟230);當伺服端120接收到來自客戶端110的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值(步驟240);伺服端120自儲存空間載入相應客戶端110的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值(步驟250);伺服端120以同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章(步驟260)。透過上述步驟,即可透過伺服端120執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端120進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息。Please refer to "Figure 2". "Figure 2" is a method flow chart of the signature method based on homomorphic encryption of the present invention. It is applied in a network environment with a client 110 and a server 120. The steps include: Client The client 110 sends a private key request to the server 120 (step 210); after receiving the private key request, the server 120 generates a private key corresponding to the client 110 and divides it into multiple private key sharing units (step 220); Generate a homomorphic encryption public key and its corresponding homomorphic encryption private key, and encrypt each private key sharing unit with the homomorphic encryption public key to generate the corresponding private key sharing encryption unit, and the private key sharing encryption unit Stored in different storage spaces (step 230); when the server 120 receives a transaction request from the client 110, it generates a transaction message according to the transaction request, and hashes the transaction message to generate a hash value of the transaction message (step 230). 240); The server 120 loads the private key sharing encryption unit of the corresponding client 110 from the storage space, and calculates the X coordinate in the curve point coordinates based on the random value and the base point, and based on the random value, transaction message hash value, and private key sharing The encryption unit and the X coordinate calculate the encrypted signature value (step 250); the server 120 decrypts the encrypted signature value with the homomorphic encryption private key to generate the signature value, and generates the signature message according to the X coordinate and the signature value, And embed the signature message into the transaction message to complete the signature (step 260). Through the above steps, the server 120 can execute the secret sharing algorithm to generate multiple private key sharing units, and use the homomorphic encryption public key to encrypt the private key sharing unit to generate the corresponding private key sharing encryption unit. So that when the server 120 performs the signature calculation, the homomorphic encryption private key is used to decrypt the result of the calculation performed by the private key sharing encryption unit directly, so as to obtain the correct signature message.

以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明以SSS演算法拆解私鑰及儲存之示意圖。假設伺服端120產生私鑰且執行的秘密共享演算法為SSS演算法,那麼,在執行SSS演算法後將生成對應此私鑰的多個私鑰共享單元,如:私鑰共享單元1~n。接著,伺服端120會使用預先生成的同態加密公鑰對每一個私鑰共享單元進行加密,以便生成相應的私鑰共享加密單元,如:私鑰共享加密單元1~n。然後,可將各個私鑰共享加密單元分別儲存至不同的資料庫,如:資料庫1~n。如此一來,在進行簽章時,可以基於同態加密的特性,直接使用資料庫中的私鑰共享加密單元來計算出加密過的私鑰,並且由具有與同態加密公鑰相應的同態加密私鑰的伺服端120來計算簽章訊息。由於在簽章的所有計算過程中,都是使用加密過的私鑰進行計算,並未實際計算出私鑰,所以即使遭到記憶體傾印攻擊,也不會導致私鑰遭到竊取,故能夠大幅提高私鑰安全性。以上述為例,假設私鑰為「d」、同態加密公鑰為「EA ()」及同態加密私鑰為「DA ()」,那麼,經過SSS演算法生成的私鑰共享單元為「Sdi 」,而使用同態加密公鑰「EA ()」將其加密後所生成的私鑰共享加密單元為「EA (Sdi )」,其中,「i」為1至n的正整數。這些生成的私鑰共享加密單元「EA (Sdi )」分別儲存在不同的資料庫中。當進行簽章時,伺服端120會先從各資料庫中查詢相應的私鑰共享加密單元「EA (Sdi )」,並且以拉格朗日插值計算出加密過的私鑰「EA (d)」,例如:「

Figure 02_image001
」。嚴格來說,只要獲得大於門檻值的私鑰共享加密單元即可生成加密過的私鑰「EA (d)」。接著再將欲簽章的交易訊息「m」進行雜湊以生成交易訊息雜湊值「e」,以及搭配基點「G」和選擇的隨機值「k」計算曲線點座標「(Rx , Ry )」。然後,將其中的X座標「Rx 」設為數值「r」,當「r」為數值零則重新雜湊交易訊息和選擇隨機值,直到計算出的數值「r」不為數值零為止。接下來,伺服端120可根據加密過的私鑰「EA (d)」、使用同態加密公鑰加密過的隨機值「EA (k)」、交易雜湊值「e」、數值「r」及隨機值「k」等等,對基數「q」取餘數來計算出一個加密簽章值「s’」,例如:「s’ = EA (k)e * EA (d)r*k mod q」。最後,使用相應的同態加密私鑰「DA ()」對加密簽章值「s’」進行解密以獲得簽章值「s」(即:「s = DA (s’)」)。其中,當簽章值「s」為數值零時,同樣重新雜湊交易訊息和選擇隨機值,並且以上述相同步驟進行計算直到數值不為零為止。特別要說明的是,隨機值「k」的範圍為「1 ≤ k ≤ q-1」。至此,伺服端120即可將數值「r」及簽章值「s」一併作為簽章訊息「(r, s)」,並且將此簽章訊息嵌入交易訊息中以完成簽章。The following description will be given in the form of an embodiment in conjunction with "Figure 3" and "Figure 4". Please refer to "Figure 3" first. "Figure 3" is the application of the present invention to the use of the SSS algorithm to disassemble the private key and save it. The schematic diagram. Assuming that the server 120 generates a private key and the secret sharing algorithm executed is the SSS algorithm, then after the SSS algorithm is executed, multiple private key sharing units corresponding to the private key will be generated, such as: private key sharing units 1 to n . Then, the server 120 encrypts each private key sharing unit using the pre-generated homomorphic encryption public key, so as to generate a corresponding private key sharing encryption unit, such as private key sharing encryption units 1 to n. Then, each private key shared encryption unit can be stored in a different database, such as database 1~n. In this way, when signing, based on the characteristics of homomorphic encryption, the private key shared encryption unit in the database can be directly used to calculate the encrypted private key, and the encrypted private key can be calculated by having the corresponding homomorphic encryption public key. The server 120 that encrypts the private key is used to calculate the signature message. Since the encrypted private key is used for calculation in all calculations of the signature, the private key is not actually calculated, so even if it is attacked by memory dumping, the private key will not be stolen. Can greatly improve the security of the private key. Taking the above as an example, assuming that the private key is "d", the homomorphic encryption public key is "E A ()", and the homomorphic encryption private key is "D A ()", then the private key generated by the SSS algorithm is shared The unit is "Sd i ", and the private key shared encryption unit generated by encrypting it with the homomorphic encryption public key "E A ()" is "E A (Sd i )", where "i" is 1 to A positive integer of n. These generated private key shared encryption units "E A (Sd i )" are stored in different databases. When signing, the server 120 will first query the corresponding private key shared encryption unit "E A (Sd i )" from each database, and use Lagrangian interpolation to calculate the encrypted private key "E A (d)", for example: "
Figure 02_image001
". Strictly speaking, the encrypted private key "E A (d)" can be generated by obtaining the private key shared encryption unit that is greater than the threshold value. Then hash the transaction message "m" to be signed to generate the transaction message hash value "e", and use the base point "G" and the selected random value "k" to calculate the curve point coordinates "(R x , R y ) ". Then, set the X coordinate "R x "to the value "r". When the "r" is a value of zero, the transaction information is re-clustered and a random value is selected until the calculated value of "r" is not a value of zero. Next, the server 120 can use the encrypted private key "E A (d)", the random value "E A (k)" encrypted with the homomorphic encryption public key, the transaction hash value "e", and the value "r "And the random value "k", etc., take the remainder of the base "q" to calculate an encrypted signature value "s'", for example: "s' = E A (k) e * E A (d) r* k mod q". Finally, using the corresponding private key homomorphic encryption "D A ()" encrypted signature value "s '" is decrypted to obtain the signature value "s" (ie: "s = D A (s')"). Among them, when the signature value "s" is a value of zero, the transaction information is also re-clustered and a random value is selected, and the calculation is performed with the same steps as described above until the value is not zero. In particular, the range of the random value "k" is "1 ≤ k ≤ q-1". At this point, the server 120 can use the value "r" and the signature value "s" together as the signature message "(r, s)", and embed the signature message in the transaction message to complete the signature.

如「第4圖」所示意,「第4圖」為應用本發明執行JRSS演算法的伺服端之示意圖。由於使用SSS演算法是分割實際生成的私鑰,雖然此私鑰僅在建立客戶端110的帳戶時才會產生,而且在相應的私鑰共享單元生成後便立即丟棄,然而,此方式仍然存在遭到記憶體傾印攻擊的可能性。因此,在實際實施上,可以執行JRSS演算法來解決此問題。具體來說,執行JRSS演算法的伺服端400可包含一個前端主機401及多個節點主機410,這些節點主機410以叢集的方式設置在前端主機401後方,所述前端主機401會從中選擇與欲生成的私鑰共享單元相同數量的節點主機410來執行JRSS演算法。特別要說明的是,由於所述JRSS演算法是透過MPC來進行計算及交換訊息,所以每當利用MPC計算出一個數值時,被選擇的節點主機410均需要同時在線上才能相互交換訊息。以伺服端400為例,假設前端主機401選擇了三個節點主機410,在執行JRSS演算法時,每一個節點主機410會各自選擇一個隨機多項式,例如:第一個節點主機410選擇隨機多項式「d1」、第二個節點主機410選擇隨機多項式「d2」,以及第三個節點主機410選擇隨機多項式「d3」,這三個隨機多項式「d1」至「d3」的常數項為每一節點主機410各自選擇的隨機整數(或稱為「密文(Secret)」)。接著,每一節點主機410分別將不同的數值(例如:數值1至數值3)帶入各自選擇的隨機多項式進行計算,例如,第一個節點主機410將數值1至數值3帶入隨機多項式「d1」計算出三個計算結果(即:「d1(1)」、「d1(2)」及「d1(3)」),第二個節點主機410同樣將數值1至數值3帶入隨機多項式「d2」計算出三個計算結果(即:「d2(1)」、「d2(2)」及「d2(3)」),第三個節點主機410同樣將數值1至數值3帶入隨機多項式「d3」計算出三個計算結果(即:「d3(1)」、「d3(2)」及「d3(3)」),總共可計算出九個計算結果,然後,每一節點主機410相互交換訊息,也就是說,這三個節點主機410各自將帶入數值1的計算結果(即:「d1(1)」、「d2(1)」及「d3(1)」),提供給第一個節點主機410加總以得到相應的私鑰共享單元「Sd1 」(即:「Sd1 =d1(1)+d2(1)+d3(1)」)、將帶入數值2的計算結果(即:「d1(2)」、「d2(2)」及「d3(2)」),提供給第二個節點主機410加總以得到相應的私鑰共享單元「Sd2 」(即:「Sd2 =d1(2)+d2(2)+d3(2)」),以及將帶入數值3的計算結果(即:「d1(3)」、「d2(3)」及「d3(3)」),提供給第三個節點主機410加總以得到相應的私鑰共享單元「Sd3 」(即:「Sd3 =d1(3)+d2(3)+d3(3)」),使得每一節點主機410經過MPC計算及交換訊息後,各自得到相應的私鑰共享單元(即:第一個節點主機410得到私鑰共享單元「Sd1 」、第二個節點主機410得到私鑰共享單元「Sd2 」,第三個節點主機410得到私鑰共享單元「Sd3 」)。接著,各節點主機410分別以相同的同態加密公鑰對各自的私鑰共享單元進行加密以獲得相應的私鑰共享加密單元「EA (Sd1 )」、「EA (Sd2 )」及「EA (Sd3 )」,並且儲存至自己的資料庫。當伺服端120欲進行簽章時,與上述SSS演算法不同地方在於每一節點主機410皆使用自己擁有的私鑰共享加密單元及隨機值進行計算後,再交換彼此的計算結果,以便使用拉格朗日插值計算出加密簽章值「s’」,或者是每一節點主機410將自己擁有的私鑰共享加密單元傳送至前端主機401,由前端主機401先計算出加密的私鑰「EA (d)」後,再繼續進行簽章訊息的計算流程。由於前述計算過程皆在加密的狀態下完成,所以可以有效防止記憶體傾印導致私鑰「d」外洩的可能。實際上,所述三個私鑰共享加密單元「EA (Sd1 )」至「EA (Sd3 )」分別將其計算適當的拉格朗日係數(Lagrange coefficient)次方,並且以同態加密私鑰「DA ()」進行解密再乘以基點「G」後,再將結果相互加總即可得到一個對應私鑰「d」的公鑰「Q」,即:「Q =  DA (EA (Sd1 )(Lagrange coefficient) )*G + DA (EA (Sd2 )(Lagrange coefficient) )*G + DA (EA (Sd3 )(Lagrange coefficient) )*G」,此公鑰「Q」經過雜湊處理後即成為客戶端110的帳戶地址,而透過此帳戶地址即可進行區塊鏈交易。As shown in "Figure 4", "Figure 4" is a schematic diagram of the server that applies the present invention to execute the JRSS algorithm. Since the SSS algorithm is used to split the actually generated private key, although this private key is only generated when the account of the client 110 is established, and is immediately discarded after the corresponding private key sharing unit is generated, however, this method still exists Possibility of being attacked by memory dumping. Therefore, in actual implementation, the JRSS algorithm can be implemented to solve this problem. Specifically, the server 400 that executes the JRSS algorithm may include a front-end host 401 and a plurality of node hosts 410. The node hosts 410 are arranged behind the front-end host 401 in a clustered manner. The generated private key shares the same number of node hosts 410 to execute the JRSS algorithm. In particular, since the JRSS algorithm uses MPC to calculate and exchange messages, whenever a value is calculated using MPC, the selected node host 410 needs to be online at the same time to exchange messages with each other. Taking the server 400 as an example, suppose that the front-end host 401 selects three node hosts 410. When the JRSS algorithm is executed, each node host 410 will select a random polynomial. For example, the first node host 410 selects a random polynomial. d1", the second node host 410 selects the random polynomial "d2", and the third node host 410 selects the random polynomial "d3". The constant terms of these three random polynomials "d1" to "d3" are each node host 410 randomly selected integers (or "Secret"). Then, each node host 410 brings different values (for example, the value 1 to the value 3) into the random polynomial of its choice for calculation. For example, the first node host 410 brings the value 1 to the value 3 into the random polynomial. d1" calculates three calculation results (ie: "d1(1)", "d1(2)" and "d1(3)"), the second node host 410 also brings the value 1 to value 3 into the random polynomial "D2" calculates three calculation results (ie: "d2(1)", "d2(2)" and "d2(3)"), and the third node host 410 also brings the value 1 to 3 into random The polynomial "d3" calculates three calculation results (ie: "d3(1)", "d3(2)" and "d3(3)"). A total of nine calculation results can be calculated. Then, each node host 410 exchange messages with each other, that is, each of the three node hosts 410 will bring in the calculation result of the value 1 (ie: "d1(1)", "d2(1)" and "d3(1)"), and provide Sum up the first node host 410 to get the corresponding private key sharing unit "Sd 1 "(ie: "Sd 1 = d1(1)+d2(1)+d3(1)"), which will bring in the value 2 The calculation results (ie: "d1(2)", "d2(2)" and "d3(2)") are provided to the second node host 410 for summation to obtain the corresponding private key sharing unit "Sd 2 " (Ie: "Sd 2 = d1(2)+d2(2)+d3(2)"), and the calculation result that will include the value 3 (ie: "d1(3)", "d2(3)" and "D3(3)"), which is provided to the third node host 410 to sum up to obtain the corresponding private key sharing unit "Sd 3 "(ie: "Sd 3 = d1(3)+d2(3)+d3(3) )”), so that each node host 410 obtains the corresponding private key sharing unit (ie: the first node host 410 gets the private key sharing unit "Sd 1 ", the second node host 410 obtains the private key sharing unit "Sd 2 ", and the third node host 410 obtains the private key sharing unit "Sd 3 "). Then, each node host 410 respectively encrypts its private key sharing unit with the same homomorphic encryption public key to obtain the corresponding private key sharing encryption unit "E A (Sd 1 )", "E A (Sd 2 )" And "E A (Sd 3 )", and save it to your own database. When the server 120 intends to sign, the difference from the above-mentioned SSS algorithm is that each node host 410 uses its own private key to share the encryption unit and random value for calculation, and then exchanges the calculation results with each other in order to use the pull Grange interpolation calculates the encrypted signature value "s'", or each node host 410 transmits its own private key shared encryption unit to the front-end host 401, and the front-end host 401 first calculates the encrypted private key "E After "A (d)", continue with the calculation process of the signature message. Since the foregoing calculation process is completed in an encrypted state, it can effectively prevent the possibility of leakage of the private key "d" caused by memory dumping. In fact, the three private key sharing encryption units "E A (Sd 1 )" to "E A (Sd 3 )" respectively calculate the appropriate Lagrange coefficient to the power, and use the same The encrypted private key "D A ()" is decrypted and multiplied by the base point "G", and then the results are added together to obtain a public key "Q" corresponding to the private key "d", that is: "Q = D" A (E A (Sd 1 ) (Lagrange coefficient) )*G + D A (E A (Sd 2 ) (Lagrange coefficient) )*G + D A (E A (Sd 3 ) (Lagrange coefficient) )*G」 , This public key "Q" becomes the account address of the client 110 after being hashed, and blockchain transactions can be carried out through this account address.

綜上所述,可知本發明與先前技術之間的差異在於透過伺服端執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高私鑰安全性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that the server executes a secret sharing algorithm to generate multiple private key sharing units, and uses a homomorphic encryption public key to encrypt the private key sharing units. Generate the corresponding private key shared encryption unit, so that when the server performs the signature calculation, the homomorphic encryption private key is used to decrypt the result of the calculation directly with the private key shared encryption unit, and then the correct signature message can be obtained. A technical means can solve the problems of the prior art, and then achieve the technical effect of improving the security of the private key.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Anyone familiar with similar art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to the definition of the scope of patent application attached to this specification.

110:客戶端120:伺服端121:第一金鑰生成模組122:第二金鑰生成模組123:雜湊模組124:計算模組125:簽章模組130:網路400:伺服端401:前端主機410:節點主機步驟210:客戶端傳送一私鑰請求至伺服端步驟220:該伺服端接收到該私鑰請求後,生成對應該客戶端的私鑰且分割成多個私鑰共享單元步驟230:該伺服端生成一同態加密公鑰及其對應的一同態加密私鑰,並且以該同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的一私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的多個儲存空間步驟240:當該伺服端接收到來自該客戶端的一交易請求時,根據該交易請求生成一交易訊息,並且對該交易訊息進行雜湊以生成一交易訊息雜湊值步驟250:該伺服端自所述儲存空間載入相應該客戶端的所述私鑰共享加密單元,並且根據至少一隨機值及一基點計算曲線點座標中的一X座標,以及根據所述隨機值、該交易訊息雜湊值、所述私鑰共享加密單元及該X座標計算一加密簽章值步驟260:該伺服端以該同態加密私鑰對該加密簽章值進行解密以生成一簽章值,並且根據該X座標及該簽章值生成一簽章訊息,以及將該簽章訊息嵌入該交易訊息以完成簽章110: client 120: server 121: first key generation module 122: second key generation module 123: hash module 124: calculation module 125: signature module 130: network 400: server 401: Front-end host 410: Node host Step 210: The client sends a private key request to the server Step 220: After the server receives the private key request, it generates a private key corresponding to the client and splits it into multiple private key shares Unit step 230: The server generates a homomorphic encryption public key and its corresponding homomorphic encryption private key, and encrypts each private key sharing unit with the homomorphic encryption public key to respectively generate a corresponding private key shared encryption Unit, and store the private key shared encryption unit in different storage spaces. Step 240: When the server receives a transaction request from the client, it generates a transaction message according to the transaction request, and The transaction message is hashed to generate a transaction message hash value. Step 250: The server loads the private key shared encryption unit corresponding to the client from the storage space, and calculates the curve point coordinates based on at least a random value and a base point And calculate an encrypted signature value based on the random value, the hash value of the transaction message, the private key shared encryption unit and the X coordinate. Step 260: The server uses the homomorphic encryption private key to The encrypted signature value is decrypted to generate a signature value, and a signature message is generated according to the X coordinate and the signature value, and the signature message is embedded in the transaction message to complete the signature

第1圖為本發明基於同態加密的簽章系統之系統方塊圖。 第2圖為本發明基於同態加密的簽章方法之方法流程圖。 第3圖為應用本發明以SSS演算法拆解私鑰及儲存之示意圖。 第4圖為應用本發明執行JRSS演算法的伺服端之示意圖。Figure 1 is a system block diagram of the signature system based on homomorphic encryption of the present invention. Figure 2 is a method flow chart of the signature method based on homomorphic encryption of the present invention. Figure 3 is a schematic diagram of the application of the present invention using the SSS algorithm to disassemble the private key and store it. Figure 4 is a schematic diagram of the server side applying the present invention to execute the JRSS algorithm.

110:客戶端 110: client

120:伺服端 120: server

121:第一金鑰生成模組 121: The first key generation module

122:第二金鑰生成模組 122: The second key generation module

123:雜湊模組 123:Hash Module

124:計算模組 124: Calculation Module

125:簽章模組 125: Signature Module

130:網路 130: Network

Claims (10)

一種基於同態加密的簽章系統,該系統包含:一客戶端,用以傳送一私鑰請求及一交易請求;以及一伺服端,該伺服端包含:一第一金鑰生成模組,用以生成一同態加密公鑰及其對應的一同態加密私鑰;一第二金鑰生成模組,連接該第一金鑰生成模組,用以在接收到該私鑰請求後,生成對應該客戶端的私鑰且分割成多個私鑰共享單元,並且以該同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的一私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的多個儲存空間;一雜湊模組,用以在接收到來自該客戶端的該交易請求時,根據該交易請求生成一交易訊息,並且對該交易訊息進行雜湊以生成一交易訊息雜湊值;一計算模組,連接該雜湊模組及該第二金鑰生成模組,用以自所述儲存空間載入相應該客戶端的所述私鑰共享加密單元,並且根據至少一隨機值及一基點計算曲線點座標中的一X座標,以及根據所述隨機值、該交易訊息雜湊值、所述私鑰共享加密單元及該X座標計算一加密簽章值;以及一簽章模組,連接該計算模組,用以根據該同態加密私鑰對該加密簽章值進行解密以生成一簽章值,並且根據該X 座標及該簽章值生成一簽章訊息,以及將該簽章訊息嵌入該交易訊息以完成簽章。 A signature system based on homomorphic encryption. The system includes: a client for sending a private key request and a transaction request; and a server, the server including: a first key generation module, using To generate a homomorphic encryption public key and its corresponding homomorphic encryption private key; a second key generation module, connected to the first key generation module, to generate a corresponding response after receiving the private key request The private key of the client is divided into multiple private key sharing units, and each private key sharing unit is encrypted with the homomorphic encryption public key to generate a corresponding private key sharing encryption unit, and the private key is shared Encryption units are stored in different storage spaces; a hash module is used to generate a transaction message according to the transaction request when receiving the transaction request from the client, and hash the transaction message to generate a Transaction message hash value; a calculation module connected to the hash module and the second key generation module for loading the private key shared encryption unit corresponding to the client from the storage space, and based on at least one A random value and a base point are used to calculate an X coordinate in the curve point coordinates, and an encrypted signature value is calculated based on the random value, the transaction message hash value, the private key sharing encryption unit and the X coordinate; and a signature The module is connected to the calculation module for decrypting the encrypted signature value according to the homomorphic encryption private key to generate a signature value, and according to the X The coordinates and the signature value generate a signature message, and the signature message is embedded in the transaction message to complete the signature. 根據申請專利範圍第1項之基於同態加密的簽章系統,其中該私鑰請求包含一門檻值及一總數值,該伺服端選擇與該總數值相同數量的多個節點主機執行一秘密共享演算法,使每一節點主機各自選擇一隨機多項式進行計算及交換計算結果以生成所述私鑰共享單元,以及共同計算該簽章訊息,其中,該門檻值小於或等於該總數值,並且該門檻值及該總數值皆為大於數值1的正整數。 According to the signature system based on homomorphic encryption in the first item of the scope of patent application, the private key request includes a threshold value and a total value, and the server selects the same number of multiple node hosts as the total value to perform a secret sharing The algorithm enables each node host to select a random polynomial to calculate and exchange calculation results to generate the private key sharing unit, and to calculate the signature message together, wherein the threshold value is less than or equal to the total value, and the Both the threshold value and the total value are positive integers greater than the value 1. 根據申請專利範圍第1項之基於同態加密的簽章系統,其中該伺服端由多個節點主機及一前端主機所組成,所述節點主機為該伺服端的叢集節點,並且與該前端主機連接,每一節點主機皆包含該計算模組,該前端主機包含該第一金鑰生成模組、第二金鑰生成模組、該雜湊模組及該簽章模組,並且由該前端主機將所述私鑰共享加密單元傳送至每一節點主機進行儲存及計算,以及自所述節點主機接收該加密簽章值以透過該同態加密私鑰進行解密。 According to the first item of the scope of patent application, the signature system based on homomorphic encryption, wherein the server is composed of multiple node hosts and a front-end host, and the node host is a cluster node of the server and is connected to the front-end host , Each node host includes the computing module, the front-end host includes the first key generation module, the second key generation module, the hash module, and the signature module, and the front-end host will The private key shared encryption unit is transmitted to each node host for storage and calculation, and the encrypted signature value is received from the node host to decrypt it through the homomorphic encrypted private key. 根據申請專利範圍第1項之基於同態加密的簽章系統,其中每一私鑰共享加密單元分別將其計算拉格朗日係數次方,並且以該同態加密私鑰進行解密再乘以該基點後,再相互加總以生成一公鑰,以及將該公鑰進行雜湊處理後作為該客戶端的一帳戶地址,用以透過該帳戶地址進行區塊鏈交易,所述雜湊處理包含安全雜湊演算法(Secure Hash Algorithm,SHA)。 According to the signature system based on homomorphic encryption in the first item of the scope of patent application, each private key shared encryption unit calculates the Lagrangian coefficient to the power, and decrypts it with the homomorphic encryption private key and then multiplies it by After the base point, they are summed together to generate a public key, and the public key is hashed as an account address of the client, which is used for blockchain transactions through the account address. The hash processing includes a secure hash Algorithm (Secure Hash Algorithm, SHA). 根據申請專利範圍第1項之基於同態加密的簽章系統,其中該第二金鑰生成模組執行一秘密共享演算法,用以將對應該客戶端的私鑰分割成所述私鑰共享單元,該秘密共享演算法包含沙米爾秘密共享(Shamir’s Secret Sharing,SSS)演算法、布萊克利秘密共享(Blakley’s Secret Sharing,BSS)演算法及聯合隨機秘密共享(Joint Random Secret Sharing,JRSS)演算法。 According to the first item of the scope of patent application, the signature system based on homomorphic encryption, wherein the second key generation module executes a secret sharing algorithm to divide the private key corresponding to the client into the private key sharing unit , The secret sharing algorithm includes Shamir's Secret Sharing (SSS) algorithm, Blakley's Secret Sharing (BSS) algorithm and Joint Random Secret Sharing (JRSS) algorithm. 一種基於同態加密的簽章方法,應用在具有一客戶端及一伺服端的網路環境中,其步驟包括:該客戶端傳送一私鑰請求至該伺服端;該伺服端接收到該私鑰請求後,生成對應該客戶端的私鑰且分割成多個私鑰共享單元;該伺服端生成一同態加密公鑰及其對應的一同態加密私鑰,並且以該同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的一私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的多個儲存空間;當該伺服端接收到來自該客戶端的一交易請求時,根據該交易請求生成一交易訊息,並且對該交易訊息進行雜湊以生成一交易訊息雜湊值;該伺服端自所述儲存空間載入相應該客戶端的所述私鑰共享加密單元,並且根據至少一隨機值及一基點計算曲線點座標中的一X座標,以及根據所述隨機值、該交易訊息雜湊值、所述私鑰共享加密單元及該X座標計算一加密簽章值;以及 該伺服端以該同態加密私鑰對該加密簽章值進行解密以生成一簽章值,並且根據該X座標及該簽章值生成一簽章訊息,以及將該簽章訊息嵌入該交易訊息以完成簽章。 A signature method based on homomorphic encryption, applied in a network environment with a client and a server, and the steps include: the client sends a private key request to the server; the server receives the private key After the request, the private key corresponding to the client is generated and divided into multiple private key sharing units; the server generates a homomorphic encryption public key and its corresponding homomorphic encryption private key, and uses the homomorphic encryption public key to pair each The private key sharing unit performs encryption to generate a corresponding private key shared encryption unit, and stores the private key shared encryption unit in different storage spaces; when the server receives a transaction request from the client At the time, generate a transaction message according to the transaction request, and hash the transaction message to generate a transaction message hash value; the server loads the private key sharing encryption unit corresponding to the client from the storage space, and according to At least one random value and a base point are used to calculate an X coordinate in the curve point coordinates, and an encrypted signature value is calculated based on the random value, the transaction message hash value, the private key shared encryption unit and the X coordinate; and The server decrypts the encrypted signature value with the homomorphic encryption private key to generate a signature value, generates a signature message based on the X coordinate and the signature value, and embeds the signature message in the transaction Message to complete the signature. 根據申請專利範圍第6項之基於同態加密的簽章方法,其中該私鑰請求包含一門檻值及一總數值,該伺服端選擇與該總數值相同數量的多個節點主機執行一秘密共享演算法,使每一節點主機各自選擇一隨機多項式進行計算及交換計算結果以生成所述私鑰共享單元,以及共同計算該簽章訊息,其中,該門檻值小於或等於該總數值,並且該門檻值及該總數值皆為大於數值1的正整數。 According to the signature method based on homomorphic encryption in item 6 of the scope of patent application, the private key request includes a threshold value and a total value, and the server selects the same number of multiple node hosts as the total value to perform a secret sharing The algorithm enables each node host to select a random polynomial to calculate and exchange calculation results to generate the private key sharing unit, and to calculate the signature message together, wherein the threshold value is less than or equal to the total value, and the Both the threshold value and the total value are positive integers greater than the value 1. 根據申請專利範圍第6項之基於同態加密的簽章方法,其中該伺服端由多個節點主機及一前端主機所組成,所述節點主機為該伺服端的叢集節點,並且與該前端主機連接,該前端主機將所述私鑰共享加密單元傳送至每一節點主機以進行儲存及計算,以及自所述節點主機接收該加密簽章值以透過該同態加密私鑰進行解密。 According to the signature method based on homomorphic encryption according to item 6 of the scope of patent application, the server is composed of a plurality of node hosts and a front-end host, and the node host is a cluster node of the server and is connected to the front-end host The front-end host transmits the private key shared encryption unit to each node host for storage and calculation, and receives the encrypted signature value from the node host to decrypt it through the homomorphic encrypted private key. 根據申請專利範圍第6項之基於同態加密的簽章方法,其中每一私鑰共享加密單元分別將其計算拉格朗日係數次方,並且以該同態加密私鑰進行解密再乘以該基點後,再相互加總以生成一公鑰,以及將該公鑰進行雜湊處理後作為該客戶端的一帳戶地址,用以透過該帳戶地址進行區塊鏈交易,所述雜湊處理包含安全雜湊演算法(Secure Hash Algorithm,SHA)。 According to the signature method based on homomorphic encryption in item 6 of the scope of patent application, each private key shared encryption unit calculates the Lagrangian coefficient to the power, and decrypts it with the homomorphic encryption private key and then multiplies it by After the base point, they are summed together to generate a public key, and the public key is hashed as an account address of the client, which is used for blockchain transactions through the account address. The hash processing includes a secure hash Algorithm (Secure Hash Algorithm, SHA). 根據申請專利範圍第6項之基於同態加密的簽章方法,其中該伺服端執行一秘密共享演算法,用以將對應該客戶端的私鑰分割成 所述私鑰共享單元,該秘密共享演算法包含沙米爾秘密共享(Shamir’s Secret Sharing,SSS)演算法、布萊克利秘密共享(Blakley’s Secret Sharing,BSS)演算法及聯合隨機秘密共享(Joint Random Secret Sharing,JRSS)演算法。 According to the signature method based on homomorphic encryption in item 6 of the scope of patent application, the server executes a secret sharing algorithm to divide the private key corresponding to the client into The private key sharing unit, the secret sharing algorithm includes Shamir's Secret Sharing (SSS) algorithm, Blakley's Secret Sharing (BSS) algorithm, and Joint Random Secret Sharing (Joint Random Secret Sharing) , JRSS) algorithm.
TW108109272A 2019-03-19 2019-03-19 Signature system based on homomorphic encryption and method thereof TWI734087B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108109272A TWI734087B (en) 2019-03-19 2019-03-19 Signature system based on homomorphic encryption and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108109272A TWI734087B (en) 2019-03-19 2019-03-19 Signature system based on homomorphic encryption and method thereof

Publications (2)

Publication Number Publication Date
TW202036346A TW202036346A (en) 2020-10-01
TWI734087B true TWI734087B (en) 2021-07-21

Family

ID=74091222

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108109272A TWI734087B (en) 2019-03-19 2019-03-19 Signature system based on homomorphic encryption and method thereof

Country Status (1)

Country Link
TW (1) TWI734087B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296072A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Sharing cryptographic key generation method of elliptic curve
CN101322349A (en) * 2005-12-12 2008-12-10 高通股份有限公司 Certify and split system and method for replacing cryptographic keys
CN106548345A (en) * 2016-12-07 2017-03-29 北京信任度科技有限公司 The method and system of block chain private key protection are realized based on Secret splitting
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN107612934A (en) * 2017-10-24 2018-01-19 济南浪潮高新科技投资发展有限公司 A kind of block chain mobile terminal computing system and method based on Secret splitting
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101322349A (en) * 2005-12-12 2008-12-10 高通股份有限公司 Certify and split system and method for replacing cryptographic keys
CN101296072A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Sharing cryptographic key generation method of elliptic curve
CN106548345A (en) * 2016-12-07 2017-03-29 北京信任度科技有限公司 The method and system of block chain private key protection are realized based on Secret splitting
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN107623569A (en) * 2017-09-30 2018-01-23 矩阵元技术(深圳)有限公司 Block chain key escrow and restoration methods, device based on Secret sharing techniques
CN107612934A (en) * 2017-10-24 2018-01-19 济南浪潮高新科技投资发展有限公司 A kind of block chain mobile terminal computing system and method based on Secret splitting

Also Published As

Publication number Publication date
TW202036346A (en) 2020-10-01

Similar Documents

Publication Publication Date Title
US11601407B2 (en) Fast oblivious transfers
US10785019B2 (en) Data transmission method and apparatus
US10616213B2 (en) Password manipulation for secure account creation and verification through third-party servers
CN109800584B (en) Identity or attribute encryption calculation method and system based on Intel SGX mechanism
US9686248B2 (en) Secure shared key sharing systems and methods
US8688973B2 (en) Securing communications sent by a first user to a second user
CN109299149B (en) Data query method, computing device and system
WO2022120699A1 (en) One-way proxy re-encryption method and apparatus, and electronic device and system
JPWO2016203762A1 (en) Encryption information creation device, encryption information creation method, recording medium, and verification system
US11374910B2 (en) Method and apparatus for effecting a data-based activity
TW202029693A (en) Computer implemented system and method for distributing shares of digitally signed data
JP5405658B2 (en) Efficient method for calculating secret functions using resettable tamper-resistant hardware tokens
TW202025666A (en) Computer implemented system and method for sharing a common secret
JP2021086158A (en) Methods of generating encryption key and digital signature based on lattices
US11637817B2 (en) Method and apparatus for effecting a data-based activity
CN115336224A (en) Adaptive attack-resistant distributed symmetric encryption
Mohammed et al. Secure third party auditor (tpa) for ensuring data integrity in fog computing
TWI734087B (en) Signature system based on homomorphic encryption and method thereof
TWI701931B (en) Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore
TWI702820B (en) Secret sharing signature system with hierarchical mechanism and method thereof
TWI694349B (en) Threshold signature system with prevent memory dump and method thereof
TWI689194B (en) Threshold signature system based on secret sharing without dealer and method thereof
CN115865531B (en) Proxy re-encryption digital asset authorization method
TWI764811B (en) Key generating system for hierarchical deterministic wallet and method thereof
TWI737956B (en) Threshold signature system based on secret sharing and method thereof