TWI734087B - Signature system based on homomorphic encryption and method thereof - Google Patents
Signature system based on homomorphic encryption and method thereof Download PDFInfo
- Publication number
- TWI734087B TWI734087B TW108109272A TW108109272A TWI734087B TW I734087 B TWI734087 B TW I734087B TW 108109272 A TW108109272 A TW 108109272A TW 108109272 A TW108109272 A TW 108109272A TW I734087 B TWI734087 B TW I734087B
- Authority
- TW
- Taiwan
- Prior art keywords
- private key
- signature
- value
- server
- homomorphic encryption
- Prior art date
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Description
本發明涉及一種簽章系統及其方法,特別是基於同態加密的簽章系統及其方法。The invention relates to a signature system and a method thereof, in particular to a signature system and a method based on homomorphic encryption.
近年來,隨著政府、組織及民眾等對資訊安全的重視,各種基於電子簽章(以下簡稱簽章)的應用便如雨後春筍般出現。然而,如何確保簽章的私鑰安全性一直是各家廠商亟欲解決的問題之一。In recent years, as governments, organizations, and people attach importance to information security, various applications based on electronic signatures (hereinafter referred to as signatures) have sprung up. However, how to ensure the security of the private key of the signature has always been one of the problems that various manufacturers urgently want to solve.
一般而言,簽章是指使用私鑰(Private Key)對資料簽名,所以私鑰的安全性便十分重要,倘若私鑰外洩被未獲授權者取得,那麼,未獲授權者便可使用此私鑰對資料進行簽名達到偽造簽名的效果。實際上,為了維護私鑰的安全性,私鑰通常會先經過加密後再進行儲存,如:儲存在資料庫、以檔案形式儲存,或是利用硬體安全模組(Hardware Security Module, HSM)來儲存。然而,上述方式存在一個共同的問題,即:沒有辦法防止記憶體傾印(Memory Dump)攻擊,因為在某些時間點上,私鑰會被解密並讀取至記憶體中,這時候未獲授權者便可透過記憶體傾印從記憶體中竊取私鑰。Generally speaking, signing refers to the use of a private key to sign data, so the security of the private key is very important. If the private key is leaked and obtained by an unauthorized person, then the unauthorized person can use it. This private key signs the data to achieve the effect of forging the signature. In fact, in order to maintain the security of the private key, the private key is usually encrypted and then stored, such as: stored in a database, stored in the form of a file, or using a hardware security module (Hardware Security Module, HSM) To store. However, the above methods have a common problem, that is: there is no way to prevent Memory Dump attacks, because at some point in time, the private key will be decrypted and read into the memory, which is not obtained at this time. The authorized person can steal the private key from the memory through memory dumping.
有鑑於此,便有廠商提出門檻式簽章的技術,其透過多個私鑰共同進行簽章,當簽章的數量達到門檻時,才代表簽章有效。如此一來,可以降低單一使用者的私鑰外洩所造成的影響,有效增加記憶體傾印攻擊的困難度。然而,由於此方式同樣會使各自的私鑰存在於各自的記憶體中,故此方式仍然無法有效避免私鑰遭到記憶體傾印攻擊,進而導致私鑰安全性不足的問題。In view of this, some manufacturers have proposed a threshold-type signature technology, which uses multiple private keys to jointly perform the signature. When the number of signatures reaches the threshold, the signature is valid. In this way, the impact caused by the leakage of a single user's private key can be reduced, and the difficulty of a memory dump attack can be effectively increased. However, since this method also causes the respective private keys to exist in their respective memory, this method still cannot effectively prevent the private key from being attacked by memory dumping, which leads to the problem of insufficient private key security.
綜上所述,可知先前技術中長期以來一直存在私鑰安全性不足之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has always had the problem of insufficient private key security for a long time. Therefore, it is necessary to propose improved technical means to solve this problem.
本發明揭露一種基於同態加密的簽章系統及其方法。The invention discloses a signature system and method based on homomorphic encryption.
首先,本發明揭露一種基於同態加密的簽章系統,此系統包含:客戶端及伺服端。其中,所述客戶端用以傳送私鑰請求及交易請求;所述伺服端包含:第一金鑰生成模組、第二金鑰生成模組、雜湊模組、計算模組及簽章模組。所述第一金鑰生成模組用以生成同態加密公鑰及其對應的同態加密私鑰;第二金鑰生成模組連接第一金鑰生成模組,用以在接收到私鑰請求後,生成對應客戶端的私鑰且分割成多個私鑰共享單元,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間;雜湊模組用以在接收到來自客戶端的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值;計算模組連接雜湊模組及第二金鑰生成模組,用以自儲存空間載入相應客戶端的私鑰共享加密單元,並且根據隨機值及基點(Base Point)計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值;簽章模組連接計算模組,用以根據同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章。First, the present invention discloses a signature system based on homomorphic encryption, which includes a client and a server. Wherein, the client is used to send a private key request and a transaction request; the server includes: a first key generation module, a second key generation module, a hash module, a calculation module, and a signature module . The first key generation module is used to generate a homomorphic encryption public key and its corresponding homomorphic encryption private key; the second key generation module is connected to the first key generation module for receiving the private key After the request, the private key corresponding to the client is generated and divided into multiple private key sharing units, and each private key sharing unit is encrypted with the homomorphic encryption public key to generate the corresponding private key sharing encryption unit, and the The private key shared encryption unit is stored in different storage spaces; the hash module is used to generate a transaction message according to the transaction request when receiving a transaction request from the client, and hash the transaction message to generate a hash value of the transaction message; calculation module The group connects the hash module and the second key generation module to load the corresponding client's private key shared encryption unit from the storage space, and calculate the X coordinate in the curve point coordinates based on the random value and the base point, and Calculate the encrypted signature value according to the random value, the hash value of the transaction message, the private key shared encryption unit and the X coordinate; the signature module is connected to the calculation module to decrypt the encrypted signature value according to the homomorphic encryption private key to generate the signature Chapter value, and generate a signature message based on the X coordinate and the signature value, and embed the signature message in the transaction message to complete the signature.
另外,本發明揭露一種基於同態加密的簽章方法,應用在具有客戶端及伺服端的網路環境中,其步驟包括:客戶端傳送私鑰請求至伺服端;伺服端接收到私鑰請求後,生成對應客戶端的私鑰且分割成多個私鑰共享單元;伺服端生成同態加密公鑰及其對應的同態加密私鑰,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間;當伺服端接收到來自客戶端的交易請求時,根據此交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值;伺服端自儲存空間載入相應客戶端的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值;以及伺服端以同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章。In addition, the present invention discloses a signature method based on homomorphic encryption, which is applied in a network environment with a client and a server. The steps include: the client sends a private key request to the server; after the server receives the private key request , Generate the private key corresponding to the client and divide it into multiple private key sharing units; the server generates a homomorphic encryption public key and its corresponding homomorphic encryption private key, and performs a homomorphic encryption public key on each private key sharing unit Encrypt to generate corresponding private key shared encryption units, and store the private key shared encryption units in different storage spaces; when the server receives a transaction request from the client, it generates a transaction message according to the transaction request, and The transaction message is hashed to generate the transaction message hash value; the server loads the corresponding client's private key shared encryption unit from the storage space, and calculates the X coordinate in the curve point coordinates based on the random value and base point, and based on the random value and transaction message The hash value, the private key shared encryption unit and the X coordinate calculate the encrypted signature value; and the server decrypts the encrypted signature value with the homomorphic encryption private key to generate the signature value, and generates the signature based on the X coordinate and the signature value Message, and embed the signature message into the transaction message to complete the signature.
本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過伺服端執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息。The system and method disclosed in the present invention are as above. The difference from the prior art is that the present invention uses a server to execute a secret sharing algorithm to generate multiple private key sharing units, and uses a homomorphic encryption public key to pair the private key sharing units. Encryption is performed to generate the corresponding private key shared encryption unit, so that when the server performs the signature calculation, the homomorphic encryption private key is used to decrypt the result of the calculation directly with the private key shared encryption unit, and then the correct signature message can be obtained.
透過上述的技術手段,本發明可以達成提高私鑰安全性之技術功效。Through the above-mentioned technical means, the present invention can achieve the technical effect of improving the security of the private key.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The following describes the implementation of the present invention in detail with the drawings and embodiments, so as to fully understand and implement the implementation process of how the present invention uses technical means to solve technical problems and achieve technical effects.
在說明本發明所揭露之基於同態加密的簽章系統及其方法之前,先對本發明所自行定義的名詞作說明,本發明所述的各種「共享單元(Share)」,如:「私鑰共享單元」,是指將私鑰經過秘密共享演算法,如:沙米爾秘密共享(Shamir’s Secret Sharing, SSS)演算法所分解出的各部分,或是執行秘密共享演算法,如:聯合隨機秘密共享(Joint Random Secret Sharing, JRSS)演算法的過程中,進行計算時所需的元素,這些元素會在執行安全多方運算(Secure Multi-Party Computation, SMC/MPC)時,在不同的節點主機之間進行相互交換,並且用來共同計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章訊息(或稱為「簽名」),即:「(r, s)」,其中,「r」為曲線點座標中的X座標,「s」為透過插值法(如:拉格朗日插值法)計算出的簽章值。另外,所述「私鑰共享加密單元」是指經過同態加密公鑰加密過的私鑰共享單元,在實際實施上,私鑰共享單元可在私鑰共享加密單元生成並儲存後立即刪除,後續皆由伺服端直接使用加密狀態下的私鑰共享加密單元進行計算,再透過同態加密私鑰對計算結果進行解密以便獲得簽章訊息中的簽章值。Before describing the signature system and method based on homomorphic encryption disclosed in the present invention, the self-defined terms of the present invention will be explained. The various "shares" mentioned in the present invention, such as: "private key" "Sharing unit" refers to the parts that pass the private key through a secret sharing algorithm, such as: Shamir's Secret Sharing (SSS) algorithm, or perform a secret sharing algorithm, such as: joint random secret In the process of sharing (Joint Random Secret Sharing, JRSS) algorithm, the elements required for calculation will be performed on different node hosts when performing Secure Multi-Party Computation (SMC/MPC). Exchange between them and jointly calculate the signature message (or “signature”) that conforms to the signature format of the Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), namely: "(r, s)", where "r" is the X coordinate of the curve point coordinates, and "s" is the signature value calculated by interpolation (such as Lagrangian interpolation). In addition, the "private key sharing encryption unit" refers to a private key sharing unit encrypted by a homomorphic public key. In actual implementation, the private key sharing unit can be deleted immediately after the private key sharing encryption unit is generated and stored. Subsequent calculations are performed by the server directly using the private key sharing encryption unit in the encrypted state, and then the calculation result is decrypted by the homomorphic encryption private key to obtain the signature value in the signature message.
以下配合圖式對本發明基於同態加密的簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於同態加密的簽章系統的系統方塊圖,此系統包含:客戶端110及伺服端120。其中,客戶端110用以透過網路130傳送私鑰請求及交易請求至伺服端120。在實際實施上,客戶端110在伺服端120建立帳戶時,會傳送私鑰請求以便產生與客戶端110相應的金鑰,如:同態加密公鑰、同態加密私鑰、私鑰共享單元、私鑰共享加密單元等等。當客戶端110欲透過伺服端120進行交易時,會傳送交易請求,使伺服端120根據此交易請求生成相應的交易訊息,並且由伺服端120根據客戶端110的私鑰共享單元計算出格式符合ECDSA的簽章訊息,以便嵌入此交易訊息進而完成簽章。所述交易請求可包含來源地址,如:客戶端110的區塊鏈地址(或稱為「帳戶地址」),以便伺服端120能夠根據此來源地址自儲存空間(例如:資料庫)中查詢出相應客戶端110的私鑰共享加密單元,用以作為計算簽章訊息之用,稍後將對簽章訊息的計算方式作詳細說明。The following is a further description of the signature system and method based on homomorphic encryption of the present invention with the drawings. Please refer to "Figure 1" first. "Figure 1" is a system block diagram of the signature system based on homomorphic encryption of the present invention. , This system includes: a
伺服端120包含:第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123、計算模組124及簽章模組125,其中,第一金鑰生成模組121用以生成同態加密公鑰及其對應的同態加密私鑰,例如:根據同態加密演算法生成同態加密公鑰「EA
()」及其對應的同態加密私鑰「DA
()」。在實際實施上,所述同態加密演算法可使用加法同態(例如:Paillier)或全同態(Fully Homomorphic)的方式來實現。The
第二金鑰生成模組122連接第一金鑰生成模組121,用以在接收到私鑰請求後,生成對應客戶端110的私鑰且分割成多個私鑰共享單元,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的儲存空間。在實際實施上,秘密共享演算法可包含SSS演算法、布萊克利秘密共享(Blakley’s Secret Sharing, BSS)演算法及JRSS演算法等等。以SSS演算法為例,可以將私鑰分解為多個私鑰共享單元「Sdi
」,其中,「i」代表第i個私鑰共享單元。接著,使用同態加密公鑰「EA
()」將這些私鑰共享單元「Sdi
」進行加密成為相應的私鑰共享加密單元「EA
(Sdi
)」,並且將其儲存至不同的儲存空間,如:不同的資料庫。另外,以JRSS演算法為例,可透過MPC生成對應客戶端110的私鑰的多個私鑰共享單元,稍後將配合圖式作詳細說明。如此一來,即便有人取得足夠數量的私鑰共享加密單元「EA
(Sdi
)」,並且對其直接進行插值計算也無法得到真正的私鑰,而是會得到加密過的私鑰,有效提高私鑰的安全性。另外,假設伺服端120為叢集架構包含不同的節點主機,由於在不同節點主機上會認得私鑰共享單元是來自於某一個私鑰所分割的(即:會有參數提供),因此節點主機會使用相同的同態加密公鑰加密。具體實施上,可透過查表的方式來實現。每個節點主機都建立一個同態加密的公鑰私鑰對應表。當偵測到是來自於同一個私鑰的私鑰共享單元時,會調用同一組公鑰去加密私鑰共享單元。The second
雜湊模組123用以在接收到來自客戶端110的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值。在實際實施上,假設要進行區塊鏈交易,那麼便會根據交易請求生成符合區塊鏈資料格式的交易訊息,所述區塊鏈資料格式包含比特幣(Bitcoin)區塊鏈、以太坊(Ethereum)區塊鏈或其它相似區塊鏈的資料格式。舉例來說,假設區塊鏈資料格式為比特幣區塊鏈,那麼會根據交易請求生成符合比特幣的交易資料格式的交易訊息,假設區塊鏈資料格式為以太坊區塊鏈,則會根據交易請求生成符合以太坊的交易資料格式的交易訊息。另外,文中所述雜湊是指使用安全雜湊演算法(Secure Hash Algorithm, SHA),如:SHA3、SHA256、或其相似演算法進行計算。The
計算模組124連接雜湊模組123及第二金鑰生成模組122,用以自儲存空間載入相應客戶端110的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值。舉例來說,假設載入多個私鑰共享加密單元「EA
(Sdi
)」,經過拉格朗日插值計算後可得到加密過的私鑰「EA
(d)」,接著,選擇隨機值「k」(即:1 ≤ k ≤ q-1)計算其倒數再乘以基點「G」且對「q」取餘數以作為曲線點座標「(Rx
, Ry
)」,即:「(Rx
, Ry
) = k-1
G mod q」,其中,「q」為基數(Cardinality),所述基數「q」及基點「G」皆為橢圓曲線的域參數(Domain Parameter)。接下來,將曲線點座標的X座標「Rx
」作為「r」(即:「r = Rx
」),以及將交易訊息雜湊值作為「e」,用以計算出加密簽章值「s’」,例如:「s’ = EA
(k)e
* EA
(d)r*k
mod q」,其中,「EA
(k)」為使用同態加密公鑰加密後的隨機值「k」。The
簽章模組125連接計算模組124,用以根據同態加密私鑰「DA
()」對加密簽章值「s’」進行解密以生成簽章值「s」,即:「s = DA
(s’)」,並且根據X座標(即:「r」)及簽章值(即:「s」)生成簽章訊息「(r, s)」,以及將簽章訊息「(r, s)」嵌入交易訊息以完成簽章。特別要說明的是,假設「r」及「s」其中之一為數值零,那麼,需要重新進行計算,也就是說,重新對交易訊息進行雜湊及重新選擇隨機值,以便重新計算出新的數值「r」及「s」,直到這兩個數值皆不為數值零為止。The
另外,所述伺服端120除了可在一台主機上包含上述各模組之外,還可將各模組實現在伺服端120所包含的不同主機上,舉例來說,伺服端120可包含前端主機及節點主機,所述節點主機為伺服端120的叢集節點,並且與伺服端120的前端主機連接,所述第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123、計算模組124及簽章模組125則可分別設置在前端主機及節點主機,甚至同一個模組可以一部分設置在前端主機,另一部分則設置在節點主機。以第二金鑰生成模組122一部分設置在前端主機,另一部分設置在節點主機為例,在執行SSS演算法的情況下,可以由前端主機將分割後的私鑰共享單元傳送至節點主機使用,以便節點主機使用同態加密公鑰對其進行加密,進而成為相應的私鑰共享加密單元,以及自節點主機接收加密簽章值以透過同態加密私鑰進行解密。在實際實施上,節點主機均預先設置相同的秘密共享參數,此秘密共享參數包含橢圓曲線、質數、基數、基點及階數等等的數值,以供執行秘密共享演算法之用,實際上,可以使用ECDSA這個通用演算法在 「Secp256k1」 這條曲線上的參數作為秘密共享參數。另外,客戶端110傳送的私鑰請求可包含門檻值及總數值,以便伺服端120選擇與總數值相同數量的節點主機執行秘密共享演算法,使每一節點主機各自選擇隨機多項式進行計算及交換計算結果以生成私鑰共享單元,以及共同計算簽章訊息,其中,門檻值小於或等於總數值,並且門檻值及總數值皆為大於數值1的正整數。如此一來,便可以在節點主機上執行JRSS演算法生成相應私鑰的多個私鑰共享單元,而非如SSS演算法需要事先產生一個私鑰,再將此私鑰拆解成多個私鑰共享單元。藉由此方式能夠完全避免實際生成私鑰,有效防止記憶體傾印攻擊。在另一實施例中,前端主機可包含第一金鑰生成模組121、第二金鑰生成模組122、雜湊模組123及簽章模組125;節點主機可包含計算模組124,以便由前端主機將生成的私鑰共享加密單元分別傳送至不同的節點主機進行儲存及計算,並且接收節點主機所計算出的加密簽章值後,使用同態加密私鑰對其進行解密並生成簽章訊息。特別要說明的是,雖然本發明以上述舉例說明各模組實現在伺服端120所包含的不同主機的方式,然本發明並不以此為限,任何能夠實現各模組的裝置、架構或環境皆不脫離本發明的應用範疇。In addition, the
特別要說明的是,在實際實施上,本發明所述的各模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時信號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光信號)、或者通過電線傳輸的電信號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。計算機可讀程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。In particular, it should be noted that, in actual implementation, each module described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, each module can be It can be implemented by software and hardware or one of them. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, System on Chip (SoC), Complex Programmable Logic Device (CPLD), Field Programmable Gate Array (FPGA), etc. are implemented. The invention can be a system, a method and/or a computer program. The computer program may include a computer-readable storage medium loaded with computer-readable program instructions for enabling a processor to implement various aspects of the present invention. The computer-readable storage medium may be a tangible that can hold and store instructions used by an instruction execution device. equipment. The computer-readable storage medium can be, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. The computer-readable storage medium used herein is not interpreted as the instantaneous signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, optical signals through fiber optic cables), or through wires Transmission of electrical signals. In addition, the computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded via a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. To an external computer device or external storage device. The network may include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network, and forwards the computer-readable program instructions for storage in the computer-readable storage medium in each computing/processing device middle. The computer program instructions that perform the operations of the present invention can be combined language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, micro instructions, firmware instructions, or source code or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as C language or similar programming language. Computer-readable program instructions can be executed entirely on the computer, partly on the computer, executed as a stand-alone software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server Executed on.
請參閱「第2圖」,「第2圖」為本發明基於同態加密的簽章方法的方法流程圖,應用在具有客戶端110及伺服端120的網路環境中,其步驟包括:客戶端110傳送私鑰請求至伺服端120(步驟210);伺服端120接收到私鑰請求後,生成對應客戶端110的私鑰且分割成多個私鑰共享單元(步驟220);伺服端120生成同態加密公鑰及其對應的同態加密私鑰,並且以同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的私鑰共享加密單元,以及將私鑰共享加密單元分別儲存至不同的多個儲存空間(步驟230);當伺服端120接收到來自客戶端110的交易請求時,根據交易請求生成交易訊息,並且對交易訊息進行雜湊以生成交易訊息雜湊值(步驟240);伺服端120自儲存空間載入相應客戶端110的私鑰共享加密單元,並且根據隨機值及基點計算曲線點座標中的X座標,以及根據隨機值、交易訊息雜湊值、私鑰共享加密單元及X座標計算加密簽章值(步驟250);伺服端120以同態加密私鑰對加密簽章值進行解密以生成簽章值,並且根據X座標及簽章值生成簽章訊息,以及將簽章訊息嵌入交易訊息以完成簽章(步驟260)。透過上述步驟,即可透過伺服端120執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端120進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息。Please refer to "Figure 2". "Figure 2" is a method flow chart of the signature method based on homomorphic encryption of the present invention. It is applied in a network environment with a
以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明以SSS演算法拆解私鑰及儲存之示意圖。假設伺服端120產生私鑰且執行的秘密共享演算法為SSS演算法,那麼,在執行SSS演算法後將生成對應此私鑰的多個私鑰共享單元,如:私鑰共享單元1~n。接著,伺服端120會使用預先生成的同態加密公鑰對每一個私鑰共享單元進行加密,以便生成相應的私鑰共享加密單元,如:私鑰共享加密單元1~n。然後,可將各個私鑰共享加密單元分別儲存至不同的資料庫,如:資料庫1~n。如此一來,在進行簽章時,可以基於同態加密的特性,直接使用資料庫中的私鑰共享加密單元來計算出加密過的私鑰,並且由具有與同態加密公鑰相應的同態加密私鑰的伺服端120來計算簽章訊息。由於在簽章的所有計算過程中,都是使用加密過的私鑰進行計算,並未實際計算出私鑰,所以即使遭到記憶體傾印攻擊,也不會導致私鑰遭到竊取,故能夠大幅提高私鑰安全性。以上述為例,假設私鑰為「d」、同態加密公鑰為「EA
()」及同態加密私鑰為「DA
()」,那麼,經過SSS演算法生成的私鑰共享單元為「Sdi
」,而使用同態加密公鑰「EA
()」將其加密後所生成的私鑰共享加密單元為「EA
(Sdi
)」,其中,「i」為1至n的正整數。這些生成的私鑰共享加密單元「EA
(Sdi
)」分別儲存在不同的資料庫中。當進行簽章時,伺服端120會先從各資料庫中查詢相應的私鑰共享加密單元「EA
(Sdi
)」,並且以拉格朗日插值計算出加密過的私鑰「EA
(d)」,例如:「」。嚴格來說,只要獲得大於門檻值的私鑰共享加密單元即可生成加密過的私鑰「EA
(d)」。接著再將欲簽章的交易訊息「m」進行雜湊以生成交易訊息雜湊值「e」,以及搭配基點「G」和選擇的隨機值「k」計算曲線點座標「(Rx
, Ry
)」。然後,將其中的X座標「Rx
」設為數值「r」,當「r」為數值零則重新雜湊交易訊息和選擇隨機值,直到計算出的數值「r」不為數值零為止。接下來,伺服端120可根據加密過的私鑰「EA
(d)」、使用同態加密公鑰加密過的隨機值「EA
(k)」、交易雜湊值「e」、數值「r」及隨機值「k」等等,對基數「q」取餘數來計算出一個加密簽章值「s’」,例如:「s’ = EA
(k)e
* EA
(d)r*k
mod q」。最後,使用相應的同態加密私鑰「DA
()」對加密簽章值「s’」進行解密以獲得簽章值「s」(即:「s = DA
(s’)」)。其中,當簽章值「s」為數值零時,同樣重新雜湊交易訊息和選擇隨機值,並且以上述相同步驟進行計算直到數值不為零為止。特別要說明的是,隨機值「k」的範圍為「1 ≤ k ≤ q-1」。至此,伺服端120即可將數值「r」及簽章值「s」一併作為簽章訊息「(r, s)」,並且將此簽章訊息嵌入交易訊息中以完成簽章。The following description will be given in the form of an embodiment in conjunction with "Figure 3" and "Figure 4". Please refer to "Figure 3" first. "Figure 3" is the application of the present invention to the use of the SSS algorithm to disassemble the private key and save it. The schematic diagram. Assuming that the
如「第4圖」所示意,「第4圖」為應用本發明執行JRSS演算法的伺服端之示意圖。由於使用SSS演算法是分割實際生成的私鑰,雖然此私鑰僅在建立客戶端110的帳戶時才會產生,而且在相應的私鑰共享單元生成後便立即丟棄,然而,此方式仍然存在遭到記憶體傾印攻擊的可能性。因此,在實際實施上,可以執行JRSS演算法來解決此問題。具體來說,執行JRSS演算法的伺服端400可包含一個前端主機401及多個節點主機410,這些節點主機410以叢集的方式設置在前端主機401後方,所述前端主機401會從中選擇與欲生成的私鑰共享單元相同數量的節點主機410來執行JRSS演算法。特別要說明的是,由於所述JRSS演算法是透過MPC來進行計算及交換訊息,所以每當利用MPC計算出一個數值時,被選擇的節點主機410均需要同時在線上才能相互交換訊息。以伺服端400為例,假設前端主機401選擇了三個節點主機410,在執行JRSS演算法時,每一個節點主機410會各自選擇一個隨機多項式,例如:第一個節點主機410選擇隨機多項式「d1」、第二個節點主機410選擇隨機多項式「d2」,以及第三個節點主機410選擇隨機多項式「d3」,這三個隨機多項式「d1」至「d3」的常數項為每一節點主機410各自選擇的隨機整數(或稱為「密文(Secret)」)。接著,每一節點主機410分別將不同的數值(例如:數值1至數值3)帶入各自選擇的隨機多項式進行計算,例如,第一個節點主機410將數值1至數值3帶入隨機多項式「d1」計算出三個計算結果(即:「d1(1)」、「d1(2)」及「d1(3)」),第二個節點主機410同樣將數值1至數值3帶入隨機多項式「d2」計算出三個計算結果(即:「d2(1)」、「d2(2)」及「d2(3)」),第三個節點主機410同樣將數值1至數值3帶入隨機多項式「d3」計算出三個計算結果(即:「d3(1)」、「d3(2)」及「d3(3)」),總共可計算出九個計算結果,然後,每一節點主機410相互交換訊息,也就是說,這三個節點主機410各自將帶入數值1的計算結果(即:「d1(1)」、「d2(1)」及「d3(1)」),提供給第一個節點主機410加總以得到相應的私鑰共享單元「Sd1
」(即:「Sd1
=d1(1)+d2(1)+d3(1)」)、將帶入數值2的計算結果(即:「d1(2)」、「d2(2)」及「d3(2)」),提供給第二個節點主機410加總以得到相應的私鑰共享單元「Sd2
」(即:「Sd2
=d1(2)+d2(2)+d3(2)」),以及將帶入數值3的計算結果(即:「d1(3)」、「d2(3)」及「d3(3)」),提供給第三個節點主機410加總以得到相應的私鑰共享單元「Sd3
」(即:「Sd3
=d1(3)+d2(3)+d3(3)」),使得每一節點主機410經過MPC計算及交換訊息後,各自得到相應的私鑰共享單元(即:第一個節點主機410得到私鑰共享單元「Sd1
」、第二個節點主機410得到私鑰共享單元「Sd2
」,第三個節點主機410得到私鑰共享單元「Sd3
」)。接著,各節點主機410分別以相同的同態加密公鑰對各自的私鑰共享單元進行加密以獲得相應的私鑰共享加密單元「EA
(Sd1
)」、「EA
(Sd2
)」及「EA
(Sd3
)」,並且儲存至自己的資料庫。當伺服端120欲進行簽章時,與上述SSS演算法不同地方在於每一節點主機410皆使用自己擁有的私鑰共享加密單元及隨機值進行計算後,再交換彼此的計算結果,以便使用拉格朗日插值計算出加密簽章值「s’」,或者是每一節點主機410將自己擁有的私鑰共享加密單元傳送至前端主機401,由前端主機401先計算出加密的私鑰「EA
(d)」後,再繼續進行簽章訊息的計算流程。由於前述計算過程皆在加密的狀態下完成,所以可以有效防止記憶體傾印導致私鑰「d」外洩的可能。實際上,所述三個私鑰共享加密單元「EA
(Sd1
)」至「EA
(Sd3
)」分別將其計算適當的拉格朗日係數(Lagrange coefficient)次方,並且以同態加密私鑰「DA
()」進行解密再乘以基點「G」後,再將結果相互加總即可得到一個對應私鑰「d」的公鑰「Q」,即:「Q = DA
(EA
(Sd1
)(Lagrange coefficient)
)*G + DA
(EA
(Sd2
)(Lagrange coefficient)
)*G + DA
(EA
(Sd3
)(Lagrange coefficient)
)*G」,此公鑰「Q」經過雜湊處理後即成為客戶端110的帳戶地址,而透過此帳戶地址即可進行區塊鏈交易。As shown in "Figure 4", "Figure 4" is a schematic diagram of the server that applies the present invention to execute the JRSS algorithm. Since the SSS algorithm is used to split the actually generated private key, although this private key is only generated when the account of the
綜上所述,可知本發明與先前技術之間的差異在於透過伺服端執行秘密共享演算法以生成多個私鑰共享單元,並且使用同態加密公鑰對所述私鑰共享單元進行加密以生成相應的私鑰共享加密單元,以便在伺服端進行簽章計算時,使用同態加密私鑰來解密直接以私鑰共享加密單元進行計算的結果,進而獲得正確的簽章訊息,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高私鑰安全性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that the server executes a secret sharing algorithm to generate multiple private key sharing units, and uses a homomorphic encryption public key to encrypt the private key sharing units. Generate the corresponding private key shared encryption unit, so that when the server performs the signature calculation, the homomorphic encryption private key is used to decrypt the result of the calculation directly with the private key shared encryption unit, and then the correct signature message can be obtained. A technical means can solve the problems of the prior art, and then achieve the technical effect of improving the security of the private key.
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Anyone familiar with similar art can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of patent protection shall be subject to the definition of the scope of patent application attached to this specification.
110:客戶端120:伺服端121:第一金鑰生成模組122:第二金鑰生成模組123:雜湊模組124:計算模組125:簽章模組130:網路400:伺服端401:前端主機410:節點主機步驟210:客戶端傳送一私鑰請求至伺服端步驟220:該伺服端接收到該私鑰請求後,生成對應該客戶端的私鑰且分割成多個私鑰共享單元步驟230:該伺服端生成一同態加密公鑰及其對應的一同態加密私鑰,並且以該同態加密公鑰對每一私鑰共享單元進行加密以分別生成相應的一私鑰共享加密單元,以及將所述私鑰共享加密單元分別儲存至不同的多個儲存空間步驟240:當該伺服端接收到來自該客戶端的一交易請求時,根據該交易請求生成一交易訊息,並且對該交易訊息進行雜湊以生成一交易訊息雜湊值步驟250:該伺服端自所述儲存空間載入相應該客戶端的所述私鑰共享加密單元,並且根據至少一隨機值及一基點計算曲線點座標中的一X座標,以及根據所述隨機值、該交易訊息雜湊值、所述私鑰共享加密單元及該X座標計算一加密簽章值步驟260:該伺服端以該同態加密私鑰對該加密簽章值進行解密以生成一簽章值,並且根據該X座標及該簽章值生成一簽章訊息,以及將該簽章訊息嵌入該交易訊息以完成簽章110: client 120: server 121: first key generation module 122: second key generation module 123: hash module 124: calculation module 125: signature module 130: network 400: server 401: Front-end host 410: Node host Step 210: The client sends a private key request to the server Step 220: After the server receives the private key request, it generates a private key corresponding to the client and splits it into multiple private key shares Unit step 230: The server generates a homomorphic encryption public key and its corresponding homomorphic encryption private key, and encrypts each private key sharing unit with the homomorphic encryption public key to respectively generate a corresponding private key shared encryption Unit, and store the private key shared encryption unit in different storage spaces. Step 240: When the server receives a transaction request from the client, it generates a transaction message according to the transaction request, and The transaction message is hashed to generate a transaction message hash value. Step 250: The server loads the private key shared encryption unit corresponding to the client from the storage space, and calculates the curve point coordinates based on at least a random value and a base point And calculate an encrypted signature value based on the random value, the hash value of the transaction message, the private key shared encryption unit and the X coordinate. Step 260: The server uses the homomorphic encryption private key to The encrypted signature value is decrypted to generate a signature value, and a signature message is generated according to the X coordinate and the signature value, and the signature message is embedded in the transaction message to complete the signature
第1圖為本發明基於同態加密的簽章系統之系統方塊圖。 第2圖為本發明基於同態加密的簽章方法之方法流程圖。 第3圖為應用本發明以SSS演算法拆解私鑰及儲存之示意圖。 第4圖為應用本發明執行JRSS演算法的伺服端之示意圖。Figure 1 is a system block diagram of the signature system based on homomorphic encryption of the present invention. Figure 2 is a method flow chart of the signature method based on homomorphic encryption of the present invention. Figure 3 is a schematic diagram of the application of the present invention using the SSS algorithm to disassemble the private key and store it. Figure 4 is a schematic diagram of the server side applying the present invention to execute the JRSS algorithm.
110:客戶端 110: client
120:伺服端 120: server
121:第一金鑰生成模組 121: The first key generation module
122:第二金鑰生成模組 122: The second key generation module
123:雜湊模組 123:Hash Module
124:計算模組 124: Calculation Module
125:簽章模組 125: Signature Module
130:網路 130: Network
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108109272A TWI734087B (en) | 2019-03-19 | 2019-03-19 | Signature system based on homomorphic encryption and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108109272A TWI734087B (en) | 2019-03-19 | 2019-03-19 | Signature system based on homomorphic encryption and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202036346A TW202036346A (en) | 2020-10-01 |
TWI734087B true TWI734087B (en) | 2021-07-21 |
Family
ID=74091222
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108109272A TWI734087B (en) | 2019-03-19 | 2019-03-19 | Signature system based on homomorphic encryption and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI734087B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
CN101322349A (en) * | 2005-12-12 | 2008-12-10 | 高通股份有限公司 | Certify and split system and method for replacing cryptographic keys |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN107171806A (en) * | 2017-05-18 | 2017-09-15 | 北京航空航天大学 | Mobile terminal network cryptographic key negotiation method based on block chain |
CN107612934A (en) * | 2017-10-24 | 2018-01-19 | 济南浪潮高新科技投资发展有限公司 | A kind of block chain mobile terminal computing system and method based on Secret splitting |
CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
-
2019
- 2019-03-19 TW TW108109272A patent/TWI734087B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101322349A (en) * | 2005-12-12 | 2008-12-10 | 高通股份有限公司 | Certify and split system and method for replacing cryptographic keys |
CN101296072A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Sharing cryptographic key generation method of elliptic curve |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN107171806A (en) * | 2017-05-18 | 2017-09-15 | 北京航空航天大学 | Mobile terminal network cryptographic key negotiation method based on block chain |
CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
CN107612934A (en) * | 2017-10-24 | 2018-01-19 | 济南浪潮高新科技投资发展有限公司 | A kind of block chain mobile terminal computing system and method based on Secret splitting |
Also Published As
Publication number | Publication date |
---|---|
TW202036346A (en) | 2020-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11601407B2 (en) | Fast oblivious transfers | |
US10785019B2 (en) | Data transmission method and apparatus | |
US10616213B2 (en) | Password manipulation for secure account creation and verification through third-party servers | |
CN109800584B (en) | Identity or attribute encryption calculation method and system based on Intel SGX mechanism | |
US9686248B2 (en) | Secure shared key sharing systems and methods | |
US8688973B2 (en) | Securing communications sent by a first user to a second user | |
CN109299149B (en) | Data query method, computing device and system | |
WO2022120699A1 (en) | One-way proxy re-encryption method and apparatus, and electronic device and system | |
JPWO2016203762A1 (en) | Encryption information creation device, encryption information creation method, recording medium, and verification system | |
US11374910B2 (en) | Method and apparatus for effecting a data-based activity | |
TW202029693A (en) | Computer implemented system and method for distributing shares of digitally signed data | |
JP5405658B2 (en) | Efficient method for calculating secret functions using resettable tamper-resistant hardware tokens | |
TW202025666A (en) | Computer implemented system and method for sharing a common secret | |
JP2021086158A (en) | Methods of generating encryption key and digital signature based on lattices | |
US11637817B2 (en) | Method and apparatus for effecting a data-based activity | |
CN115336224A (en) | Adaptive attack-resistant distributed symmetric encryption | |
Mohammed et al. | Secure third party auditor (tpa) for ensuring data integrity in fog computing | |
TWI734087B (en) | Signature system based on homomorphic encryption and method thereof | |
TWI701931B (en) | Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore | |
TWI702820B (en) | Secret sharing signature system with hierarchical mechanism and method thereof | |
TWI694349B (en) | Threshold signature system with prevent memory dump and method thereof | |
TWI689194B (en) | Threshold signature system based on secret sharing without dealer and method thereof | |
CN115865531B (en) | Proxy re-encryption digital asset authorization method | |
TWI764811B (en) | Key generating system for hierarchical deterministic wallet and method thereof | |
TWI737956B (en) | Threshold signature system based on secret sharing and method thereof |