WO2022037596A1 - Combined signature and signature verification method and system, and storage medium - Google Patents

Combined signature and signature verification method and system, and storage medium Download PDF

Info

Publication number
WO2022037596A1
WO2022037596A1 PCT/CN2021/113137 CN2021113137W WO2022037596A1 WO 2022037596 A1 WO2022037596 A1 WO 2022037596A1 CN 2021113137 W CN2021113137 W CN 2021113137W WO 2022037596 A1 WO2022037596 A1 WO 2022037596A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature
public key
verification
elements
combined
Prior art date
Application number
PCT/CN2021/113137
Other languages
French (fr)
Chinese (zh)
Inventor
曹一新
欧阳健男
晏鹤春
赵宇时
Original Assignee
上海万向区块链股份公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海万向区块链股份公司 filed Critical 上海万向区块链股份公司
Publication of WO2022037596A1 publication Critical patent/WO2022037596A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to the technical field of blockchain, and in particular, to a combined signature and signature verification method, system and storage medium.
  • Private key-public key pairs based on asymmetric cryptography and their signature and verification operations are often used in the security infrastructure of CA certificate systems, data transmission, digital asset transactions, electronic contract signing and other application scenarios. Dilemma. Take the digital asset transaction that has received more attention in recent years as an example: by generating a set of private key-public key pairs, the public key is used to declare a certain digital asset and its quantity, and the private key is used to control its transfer.
  • existing wallets and other application tools can generate and store private keys and public keys for users on local devices to ensure users have absolute control over digital assets. Users can transfer digital assets by signing with the private key. However, once the private key Loss or damage cannot be recovered, and users can no longer use the digital assets controlled by the private key.
  • users can custody digital assets to a professional centralized institution, which manages the private key and performs related operations on behalf of the user.
  • the Chinese patent with application publication number CN110086612A published "A method and system for backup and recovery of public and private keys of blockchain".
  • the key segment is sent to multiple backup parties for escrow, and the backup party can use its own private key to restore the private key segment it received, but in principle cannot know other private key segments.
  • the user proposes to retrieve the private key only m of the n backup parties need to send the private key segment encrypted by the transmission public key provided by the user to the user, and the user can decrypt the private key segment with the transmission private key and restore the private key segment.
  • private key fragments are generated and distributed on the same client. The distribution process depends on the security and reliability of the server, and there are still problems such as witch attacks, that is, the attacker pretends to be multiple backup parties to collect m private key fragments. Realize operations such as stealing coins and counterfeiting.
  • the Chinese patent with application publication number CN110741600A publishes "Computer Implemented System and Method for Providing Decentralized Protocol to retrieve Encrypted Assets", which makes two types of signatures accessible by setting access rights to digital assets on the blockchain
  • the digital asset is introduced into the collective storage private key share of the decentralized blockchain network, which is used to generate a threshold signature on behalf of the user to access the digital asset.
  • the above two technologies provide solutions to the loss of private keys for the situation where the user holds the complete private key, without involving the user's custody of assets to a third-party institution, and to solve problems such as third-party credit risk.
  • the purpose of the present invention is to provide a combined signature and signature verification method, system and storage medium.
  • a combined signature and verification signature method provided according to the present invention includes:
  • Step S1 N groups of devices form a device cluster, the device cluster determines a combination mode, creates a registration, signature and signature verification program and submits it to the system;
  • Step S2 The device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the corresponding relationship between the combination of the shared public key and the object to be operated;
  • Step S4 The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
  • step S1 the step S1:
  • the system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
  • the device side includes:
  • Independent equipment including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
  • a component embedded in a device capable of performing cryptographic operations and communicating with other devices
  • the system refers to the server connected to the device, including: blockchain system and centralized server.
  • step S2 the step S2:
  • the shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
  • the public key elements include: a single sub-public key and a sub-public key list.
  • step S3 the step S3:
  • the device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the relevant operation;
  • the signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove that processing the private key. Permission to perform alternative operations on the shared public key combination marked object in the event of loss, damage, etc.;
  • the generation of k signature elements the generation algorithms of each signature element are independent of each other, including generation algorithms such as ordinary signature or multi-signature or threshold signature or secure multi-party computation;
  • a group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature
  • a set of device terminals includes one or more device terminals, which locally generate a private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
  • At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
  • the device-side cluster corresponds to a user or user group, a business party, and a supervisory party.
  • step S4 the step S4:
  • the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
  • the routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
  • the candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
  • the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
  • the multi-level signature verification procedure is automatically executed by embedding a smart contract in the system
  • the combined signature and signature verification method further includes: an alternative signature verification triggering method;
  • the implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
  • a combined signature and verification signature system provided according to the present invention includes:
  • Module S1 N groups of devices form a device cluster, the device cluster determines the combination mode, creates a registration, signature and signature verification program and submits it to the system;
  • Module S2 the device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the corresponding relationship between the combination of the shared public key and the object to be operated;
  • Module S4 The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
  • the module S1 the module S1:
  • the system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
  • the device side includes:
  • Independent equipment including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
  • a component embedded in a device capable of performing cryptographic operations and communicating with other devices
  • the system refers to the server connected to the device, including: blockchain system and centralized server;
  • the shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
  • the public key elements include: a single sub-public key and a sub-public key list;
  • the device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the relevant operation;
  • the signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove processing
  • the generation of k signature elements the generation algorithms of each signature element are independent of each other, including generation algorithms such as ordinary signature or multi-signature or threshold signature or secure multi-party computation;
  • a group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature
  • a set of device terminals includes one or more device terminals, which locally generate a private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
  • At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
  • the device-side cluster corresponds to users or user groups, business parties, and supervisors;
  • the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
  • the routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
  • the candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
  • the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
  • the multi-level signature verification procedure is automatically executed by embedding a smart contract in the system
  • the combined signature and verification signature system further includes: an alternative signature verification triggering method
  • the implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
  • a computer-readable storage medium storing a computer program according to the present invention is characterized in that, when the computer program is executed by a processor, the steps of the combination signature and signature verification method described in any one of the above are implemented.
  • the present invention has the following beneficial effects:
  • the present invention distinguishes and recombines the signatures generated by multiple groups of equipment terminals, and sets multi-level signature verification conditions for the combined signatures, so as to realize the split control rights to multiple parties while retaining the absolute control rights of some signatories, and solve the problems involving Existing technologies hosted by third parties may have problems with joint fake signatures.
  • FIG. 1 is a schematic diagram of a combined signature and signature verification method provided by the present invention.
  • FIG. 2 is a schematic flowchart of a signature verification program provided by the present invention.
  • the present invention proposes a combined signature and signature verification method for distinguishing the signature weights and operation authority of different role parties, including four steps of initialization, registration, signature, and signature verification. Avoid third-party escrow credit risks, and introduce alternative signature and verification processes to solve the problem of lost or damaged private keys.
  • a combined signature and signature verification method includes:
  • Step 1 N groups of devices form a device cluster, the device cluster determines the combination mode, creates a registration, signature and signature verification program and submits it to the system;
  • the device end can be an independent device, such as a cipher machine specially used for encryption and decryption operations , computer, mobile phone, security hardware module HSM, or a component embedded in the device, which can perform cryptography-related operations and communicate with other devices.
  • the system refers to the server that connects to the device, which can be a blockchain system or a centralized server.
  • the combination method for example: 10 device terminals form a device cluster, which is divided into three groups, one group is composed of device terminals held by one user, the second group is composed of device terminals held by one business party, and the third group is composed of 8 It consists of devices held by a supervisory party.
  • the three groups are negotiated, it is determined that the conventional signature only needs one device side of one group, two groups, and three groups.
  • One group generates a conventional necessary public key element
  • the combination of the second group and the third group generates a conventional public key element.
  • Three groups generate candidate public key elements. These public key elements constitute a shared public key combination.
  • the grouping method and the signature conditions set for each group are designed according to specific business scenarios, and can be in many forms.
  • Step 2 The device cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations formed by the private key or the private key fragment (in the prior art).
  • Combination elements are indistinguishable, or homogeneous, and are generally combined in the same signature method.
  • the present invention first distinguishes the combination elements into conventional necessary, conventional, and alternative, and supports different signature methods. Can be nested and combined together); the shared public key combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the combination of the shared public key and the object to be operated.
  • the corresponding relationship of the operation object (referring to the mapping relationship, establish a one-to-one mapping relationship between the shared public key combination and an object to be operated. At that time, the shared public key combination and the operation to be performed are specified in the signature, and the system will notify the relevant modules when the signature is passed. perform the operation to be operated on the object);
  • Step 4 The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
  • the first step is characterized in that the system can provide a basic programming language for the device side, and the device side cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide the device side with Generic program template;
  • the step 2 is characterized in that the shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements; at least one of the conventional public key elements is marked.
  • the public key element is marked as the conventional necessary public key element; the conventional public key element refers to a type of constituent element in the shared public key combination, and in the subsequently generated signature element, there must be a signature matching the conventional necessary public key to be able to pass Check the signature.
  • the public key element may be a single sub-public key or a sub-public key list
  • the step 3 is characterized in that the device end informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system, etc.; the signature content includes the content of the relevant operation;
  • the signature elements described in step 3 are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform routine operations on the shared public key combination marked object, and the alternative signature elements are used to prove that processing private The permission to perform an alternative operation on the shared public key combination marker object when the key is lost, damaged, etc.;
  • the step 3 of generating k signature elements is characterized in that the generation algorithms of each signature element are independent of each other, and can be generation algorithms such as ordinary signatures, multi-signatures, threshold signatures, or secure multi-party computation.
  • the third step is further characterized in that a group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
  • a set of devices may include one or more devices, which generate a private key or multiple private keys or multiple private key fragments locally, and these private keys or private key fragments are used to generate common signatures, multi-signatures, thresholds signature, etc.;
  • At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures, etc.
  • the device-side cluster may correspond to roles such as users or user groups, business parties, and supervisors.
  • the multi-level signature verification described in step 4 is characterized in that the verification signature program determines whether the combined signature contains conventional signature elements. sign subroutine;
  • the routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
  • the candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
  • the system can set a device access mechanism, such as a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
  • a device access mechanism such as a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
  • the multi-level signature verification procedure can be executed automatically by embedding a smart contract in the system.
  • an alternative signature verification triggering method may be added.
  • An implementation method of the trigger method may be that the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system verifies his identity. Then start the alternative signature verification process.
  • the system, device and each module provided by the present invention can be completely implemented by logically programming the method steps.
  • the same program is implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, among others. Therefore, the system, device and each module provided by the present invention can be regarded as a kind of hardware component, and the modules included in it for realizing various programs can also be regarded as the structure in the hardware component;
  • a module for realizing various functions can be regarded as either a software program for realizing a method or a structure within a hardware component.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a combined signature and signature verification method and system, and a medium. The method comprises: step S1, N groups of devices form a device cluster, and the device cluster determines a combination mode, creates registration, signature, and signature verification programs, and submits the same to a system; S2, the device cluster respectively generates private keys or private key fragments locally according to an initialization program, and generates a shared public key combination on the basis of at least two combinations formed by the private keys or the private key fragments, wherein the shared public key combination is used for marking an object to be operated, and the private keys or the private key fragments are used for generating a signature and permitting an operation related to the marked object. In the present invention, signatures generated by multiple groups of devices are distinguished and then combined, and multi-level signature verification conditions are configured for the combined signature; thus, absolute control rights of some signature parties are reserved while separating control rights to multiple parties; the problem of jointly forged signatures in the prior art related to third-party custody is solved.

Description

组合签名及验证签名方法、***及存储介质Combined signature and signature verification method, system and storage medium 技术领域technical field
本发明涉及区块链技术领域,具体地,涉及组合签名及验证签名方法、***及存储介质。The present invention relates to the technical field of blockchain, and in particular, to a combined signature and signature verification method, system and storage medium.
背景技术Background technique
基于非对称密码学技术的私钥-公钥对及其签名、验签操作经常被用于CA证书***、数据传输、数字资产交易、电子合同签订等应用场景的安全基础设施中,但一直面临两难境地。拿近年来关注比较多的数字资产交易举例:通过生成一组私钥-公钥对,用公钥来声明某种数字资产及数量,用私钥来控制其转移。一方面,现有钱包等应用工具可为用户在本地设备生成并存储私钥和公钥,确保用户对数字资产的绝对控制权,用户用私钥进行签名即可转移数字资产,然而一旦私钥丢失或损坏便无法恢复,用户再也无法动用该私钥控制的数字资产。另一方面,用户可将数字资产托管至专业的中心化机构并由其管理私钥并代理用户进行相关操作,虽然这是目前数字资产二级交易市场普遍采取方式,但安全和信用风险一直是投资者的忧虑点。Private key-public key pairs based on asymmetric cryptography and their signature and verification operations are often used in the security infrastructure of CA certificate systems, data transmission, digital asset transactions, electronic contract signing and other application scenarios. Dilemma. Take the digital asset transaction that has received more attention in recent years as an example: by generating a set of private key-public key pairs, the public key is used to declare a certain digital asset and its quantity, and the private key is used to control its transfer. On the one hand, existing wallets and other application tools can generate and store private keys and public keys for users on local devices to ensure users have absolute control over digital assets. Users can transfer digital assets by signing with the private key. However, once the private key Loss or damage cannot be recovered, and users can no longer use the digital assets controlled by the private key. On the other hand, users can custody digital assets to a professional centralized institution, which manages the private key and performs related operations on behalf of the user. Although this is currently a common method in the secondary trading market of digital assets, security and credit risks have always been investor concerns.
申请公布号CN110086612A的中国专利公布了《一种区块链公私钥备份及丢失找回方法和***》提出将用户私钥拆分成多份,通过服务器将分别用备份方公钥加密后的私钥片段发送至多个备份方进行托管,备份方可以用自己的私钥还原出它收到的私钥片段,但原则上不能知道其它私钥片段。用户提出找回私钥时,n个备份方中只需m个备份方将用户提供的传输公钥加密后的私钥片段发送给用户,用户即可用传输私钥解密后恢复私钥片段。该技术中私钥片段在同一客户端生成并进行复制派发,派发过程依赖服务器的安全性和可信度,且仍然存在女巫攻击等问题,即攻击方冒充多个备份方收集m个私钥片段实现盗币作假等操作。The Chinese patent with application publication number CN110086612A published "A method and system for backup and recovery of public and private keys of blockchain". The key segment is sent to multiple backup parties for escrow, and the backup party can use its own private key to restore the private key segment it received, but in principle cannot know other private key segments. When the user proposes to retrieve the private key, only m of the n backup parties need to send the private key segment encrypted by the transmission public key provided by the user to the user, and the user can decrypt the private key segment with the transmission private key and restore the private key segment. In this technology, private key fragments are generated and distributed on the same client. The distribution process depends on the security and reliability of the server, and there are still problems such as witch attacks, that is, the attacker pretends to be multiple backup parties to collect m private key fragments. Realize operations such as stealing coins and counterfeiting.
申请公布号CN110741600A的中国专利公布了《提供去中心化协议以找回加密资产的计算机实现的***和方法》,该技术通过对区块链上数字资产设置访问权限使两种类型的签名可以访问该数字资产,并引入去中心化区块链网络的集体存储私钥 份额,用于生成阈值签名代表用户访问数字资产,虽避免了私钥派发复制可能存在的安全隐患,仍然存在女巫攻击风险。并且由于私钥-公钥生成过程的不可逆特性,为已经存储于区块链某对私钥-公钥下的数字资产设置额外的访问权限,即从一个公钥倒推出满足阈值签名要求的私钥份额可行性非常低。The Chinese patent with application publication number CN110741600A publishes "Computer Implemented System and Method for Providing Decentralized Protocol to Retrieve Encrypted Assets", which makes two types of signatures accessible by setting access rights to digital assets on the blockchain The digital asset is introduced into the collective storage private key share of the decentralized blockchain network, which is used to generate a threshold signature on behalf of the user to access the digital asset. Although the potential security risks of private key distribution and copying are avoided, there is still a risk of sybil attack. And due to the irreversible nature of the private key-public key generation process, additional access rights are set for digital assets that have been stored under a certain private key-public key pair in the blockchain, that is, a private key that meets the threshold signature requirements is deduced from a public key. Key share feasibility is very low.
并且上述两种技术都是针对用户自己持有完整私钥的情况给出应对私钥丢失解决方案,没有涉及用户将资产托管至第三方机构的情况,并解决第三方信用风险等问题。In addition, the above two technologies provide solutions to the loss of private keys for the situation where the user holds the complete private key, without involving the user's custody of assets to a third-party institution, and to solve problems such as third-party credit risk.
现有技术,例如申请公布号CN109934585A的中国专利公布的《一种基于安全多方计算的签名方法、装置及***》,提出让多方持有私钥或私钥分片,并基于多重签名、阈值签名、安全多方计算等技术管理资产的控制权,可将控制权拆分到多方,避免单方持有控制权带来的信用风险,并只需n方中的m方(m<=n)用私钥或私钥分片即可完成签名,应用到包括用户、业务方、监管方等多方签名的场景中,在一方私钥分片丢失的情况下可由其它多方进行签名重置,但上述技术仍然存在用户以外的至少m方联合作假签名的可能。In the prior art, such as the Chinese Patent Application Publication No. CN109934585A, "A Signature Method, Device and System Based on Secure Multi-Party Computation", it is proposed to allow multiple parties to hold private keys or private key fragments, and based on multiple signatures, threshold signatures , secure multi-party computing and other technologies to manage the control of assets, the control can be split into multiple parties to avoid the credit risk caused by unilateral holding of control, and only m of n parties (m<=n) use private The signature can be completed by key or private key fragmentation, and it is applied to scenarios including multi-party signatures such as users, business parties, and supervisors. There is a possibility that at least m parties other than the user can jointly create a fake signature.
发明内容SUMMARY OF THE INVENTION
针对现有技术中的缺陷,本发明的目的是提供一种组合签名及验证签名方法、***及存储介质。In view of the defects in the prior art, the purpose of the present invention is to provide a combined signature and signature verification method, system and storage medium.
根据本发明提供的一种组合签名及验证签名方法,包括:A combined signature and verification signature method provided according to the present invention includes:
步骤S1:N组设备端构成设备集群,所述设备集群确定组合方式,创建登记、签名及验证签名程序提交至***;Step S1: N groups of devices form a device cluster, the device cluster determines a combination mode, creates a registration, signature and signature verification program and submits it to the system;
步骤S2:所述设备端集群根据初始化程序各自在本地生成私钥或私钥分片;基于所述私钥或私钥分片构成的至少两个组合生成共享公钥组合;所述共享公钥组合用于标记待操作对象,所述私钥或私钥分片用于生成签名并许可有关标记对象的操作;***记录共享公钥组合与待操作对象的对应关系;Step S2: The device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the corresponding relationship between the combination of the shared public key and the object to be operated;
步骤S3:根据应用场景选择及签名程序,设备端使用所述私钥或私钥分片构成的k个组合生成k个签名元素,将k个签名元素构成组合签名发送至***,其中k>=1;Step S3: According to the application scenario selection and signature program, the device uses the k combinations of the private key or private key fragments to generate k signature elements, and sends the k signature elements to form a combined signature to the system, where k >= 1;
步骤S4:***的验证签名程序对组合签名进行多级验签,验证签名通过则执行有关所述共享公钥组合标记对象的操作。Step S4: The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
优选地,所述步骤S1:Preferably, the step S1:
所述***能够为设备端提供基础编程语言,设备端集群能够自行或请第三方基于基础编程语言开发并创建登记、签名及验证签名程序;***也能够为设备端提供通用程序模板;The system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
所述设备端包括:The device side includes:
独立的设备,包括:用于加解密运算的密码机、计算机、手机、安全硬件模组HSM;Independent equipment, including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
嵌入设备的部件,能够进行密码学相关的运算并与其它设备端通讯;A component embedded in a device, capable of performing cryptographic operations and communicating with other devices;
所述***指对接设备端的服务器,包括:区块链***、中心化服务器。The system refers to the server connected to the device, including: blockchain system and centralized server.
优选地,所述步骤S2:Preferably, the step S2:
所述共享公钥组合包括至少两个公钥元素;将所述公钥元素标记为常规公钥元素或备选公钥元素两类;The shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
将至少一个所述常规公钥元素标记为常规必要公钥元素;marking at least one of said regular public key elements as regular necessary public key elements;
所述公钥元素包括:单一子公钥、子公钥列表。The public key elements include: a single sub-public key and a sub-public key list.
优选地,所述步骤S3:Preferably, the step S3:
设备端通过将共享公钥组合或签名内容明文提交至***等方式告知***签名对应的待操作对象;所述签名内容包含有关操作的内容;The device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the relevant operation;
所述签名元素,分为常规签名元素或备选签名元素两类;常规签名元素用于证明对所述共享公钥组合标记对象进行常规操作的许可,备选签名元素用于证明处理私钥中出现丢失、损坏等情况时对所述共享公钥组合标记对象进行备选操作的许可;The signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove that processing the private key. Permission to perform alternative operations on the shared public key combination marked object in the event of loss, damage, etc.;
所述生成k个签名元素:每个签名元素的生成算法互相独立,包括普通签名或多重签名或阈值签名或安全多方计算等生成算法;The generation of k signature elements: the generation algorithms of each signature element are independent of each other, including generation algorithms such as ordinary signature or multi-signature or threshold signature or secure multi-party computation;
所述设备端集群中的一组设备端可单独生成签名,也可由多组设备共同生成签名;A group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
一组设备端包含一个或多个设备端,在本地生成一个私钥或多个私钥或多个私钥分片,所述私钥或私钥分片用于生成普通签名、多重签名及阈值签名;A set of device terminals includes one or more device terminals, which locally generate a private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
多组设备的至少两个设备端在本地生成私钥或私钥分片,用于生成多重签名或阈值签名;At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
所述设备端集群,对应用户或用户群、业务方、监管方。The device-side cluster corresponds to a user or user group, a business party, and a supervisory party.
优选地,所述步骤S4:Preferably, the step S4:
所述多级验签:验证签名程序判断组合签名是否包含常规签名元素,若包含,则进入常规验签子程序,若不包含,则进入备选验签子程序;Described multi-level signature verification: the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
所述常规验签子程序判断所述共享公钥组合中每个常规必要公钥元素是否存在对应 的满足验证条件的常规签名元素;若至少一个不存在,则常规验签失败,结束验证签名程序;若全部存在,则进一步验证所述共享公钥组合中剩余每个常规公钥元素是否存在对应的满足验证条件的常规签名元素;若全部存在,则通过常规验签流程,***执行签名指示的有关所述共享公钥组合标记对象的操作;若至少一个不存在,则常规验签失败,结束验证签名程序;The routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
所述备选验签子程序判断组合签名是否包含备选签名元素且备选签名元素满足与备选公钥元素匹配的验证条件,若存在且满足,则通过备选验签流程,***执行签名指示的有关所述共享公钥组合标记对象的备选操作,否则,备选验签失败,结束验证签名流程。The candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
优选地,所述***设置设备准入机制,包括联盟链***,由多个互相独立的可信第三方处理备选验签相关的操作;Preferably, the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
所述多级验签程序通过在***嵌入智能合约自动执行;The multi-level signature verification procedure is automatically executed by embedding a smart contract in the system;
所述组合签名及验证签名方法还包括:备选验签触发方法;The combined signature and signature verification method further includes: an alternative signature verification triggering method;
所述触发方法的实现方法包括:所述共享公钥组合标记的对象的所有者事先向***申请CA证书等身份认证工具,当所有者向***发起备选操作申请,***验证其身份后启动备选验签流程。The implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
根据本发明提供的一种组合签名及验证签名***,包括:A combined signature and verification signature system provided according to the present invention includes:
模块S1:N组设备端构成设备集群,所述设备集群确定组合方式,创建登记、签名及验证签名程序提交至***;Module S1: N groups of devices form a device cluster, the device cluster determines the combination mode, creates a registration, signature and signature verification program and submits it to the system;
模块S2:所述设备端集群根据初始化程序各自在本地生成私钥或私钥分片;基于所述私钥或私钥分片构成的至少两个组合生成共享公钥组合;所述共享公钥组合用于标记待操作对象,所述私钥或私钥分片用于生成签名并许可有关标记对象的操作;***记录共享公钥组合与待操作对象的对应关系;Module S2: the device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the corresponding relationship between the combination of the shared public key and the object to be operated;
模块S3:根据应用场景选择及签名程序,设备端使用所述私钥或私钥分片构成的k个组合生成k个签名元素,将k个签名元素构成组合签名发送至***,其中k>=1;Module S3: According to the application scenario selection and signature program, the device uses the private key or the k combinations of the private key fragments to generate k signature elements, and sends the k signature elements to form a combined signature to the system, where k >= 1;
模块S4:***的验证签名程序对组合签名进行多级验签,验证签名通过则执行有关所述共享公钥组合标记对象的操作。Module S4: The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
优选地,所述模块S1:Preferably, the module S1:
所述***能够为设备端提供基础编程语言,设备端集群能够自行或请第三方基于基础编程语言开发并创建登记、签名及验证签名程序;***也能够为设备端提供通用程序 模板;The system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
所述设备端包括:The device side includes:
独立的设备,包括:用于加解密运算的密码机、计算机、手机、安全硬件模组HSM;Independent equipment, including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
嵌入设备的部件,能够进行密码学相关的运算并与其它设备端通讯;A component embedded in a device, capable of performing cryptographic operations and communicating with other devices;
所述***指对接设备端的服务器,包括:区块链***、中心化服务器;The system refers to the server connected to the device, including: blockchain system and centralized server;
所述模块S2:The module S2:
所述共享公钥组合包括至少两个公钥元素;将所述公钥元素标记为常规公钥元素或备选公钥元素两类;The shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
将至少一个所述常规公钥元素标记为常规必要公钥元素;marking at least one of said regular public key elements as regular necessary public key elements;
所述公钥元素包括:单一子公钥、子公钥列表;The public key elements include: a single sub-public key and a sub-public key list;
所述模块S3:The module S3:
设备端通过将共享公钥组合或签名内容明文提交至***等方式告知***签名对应的待操作对象;所述签名内容包含有关操作的内容;The device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the relevant operation;
所述签名元素,分为常规签名元素或备选签名元素两类;常规签名元素用于证明对所述共享公钥组合标记对象进行常规操作的许可,备选签名元素用于证明处理The signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove processing
私钥中出现丢失、损坏等情况时对所述共享公钥组合标记对象进行备选操作的许可;Permission to perform alternative operations on the shared public key combination marker object when the private key is lost or damaged;
所述生成k个签名元素:每个签名元素的生成算法互相独立,包括普通签名或多重签名或阈值签名或安全多方计算等生成算法;The generation of k signature elements: the generation algorithms of each signature element are independent of each other, including generation algorithms such as ordinary signature or multi-signature or threshold signature or secure multi-party computation;
所述设备端集群中的一组设备端可单独生成签名,也可由多组设备共同生成签名;A group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
一组设备端包含一个或多个设备端,在本地生成一个私钥或多个私钥或多个私钥分片,所述私钥或私钥分片用于生成普通签名、多重签名及阈值签名;A set of device terminals includes one or more device terminals, which locally generate a private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
多组设备的至少两个设备端在本地生成私钥或私钥分片,用于生成多重签名或阈值签名;At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
所述设备端集群,对应用户或用户群、业务方、监管方;The device-side cluster corresponds to users or user groups, business parties, and supervisors;
所述模块S4:The module S4:
所述多级验签:验证签名程序判断组合签名是否包含常规签名元素,若包含,则进入常规验签子程序,若不包含,则进入备选验签子程序;Described multi-level signature verification: the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
所述常规验签子程序判断所述共享公钥组合中每个常规必要公钥元素是否存在对应的满足验证条件的常规签名元素;若至少一个不存在,则常规验签失败,结束验证签名程序;若全部存在,则进一步验证所述共享公钥组合中剩余每个常规公钥元素是否存在 对应的满足验证条件的常规签名元素;若全部存在,则通过常规验签流程,***执行签名指示的有关所述共享公钥组合标记对象的操作;若至少一个不存在,则常规验签失败,结束验证签名程序;The routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
所述备选验签子程序判断组合签名是否包含备选签名元素且备选签名元素满足与备选公钥元素匹配的验证条件,若存在且满足,则通过备选验签流程,***执行签名指示的有关所述共享公钥组合标记对象的备选操作,否则,备选验签失败,结束验证签名流程。The candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
优选地,所述***设置设备准入机制,包括联盟链***,由多个互相独立的可信第三方处理备选验签相关的操作;Preferably, the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
所述多级验签程序通过在***嵌入智能合约自动执行;The multi-level signature verification procedure is automatically executed by embedding a smart contract in the system;
所述组合签名及验证签名***还包括:备选验签触发方法;The combined signature and verification signature system further includes: an alternative signature verification triggering method;
所述触发方法的实现方法包括:所述共享公钥组合标记的对象的所有者事先向***申请CA证书等身份认证工具,当所有者向***发起备选操作申请,***验证其身份后启动备选验签流程。The implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
根据本发明提供的一种存储有计算机程序的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现上述中任一项所述的组合签名及验证签名方法的步骤。A computer-readable storage medium storing a computer program according to the present invention is characterized in that, when the computer program is executed by a processor, the steps of the combination signature and signature verification method described in any one of the above are implemented.
与现有技术相比,本发明具有如下的有益效果:Compared with the prior art, the present invention has the following beneficial effects:
1.本发明通过将多组设备端生成的签名进行区分再组合,并对组合签名设置多级验签条件,实现在拆分控制权到多方的同时保留部分签名方的绝对控制权,解决涉及第三方托管的现有技术可能出现联合作假签名的问题。1. The present invention distinguishes and recombines the signatures generated by multiple groups of equipment terminals, and sets multi-level signature verification conditions for the combined signatures, so as to realize the split control rights to multiple parties while retaining the absolute control rights of some signatories, and solve the problems involving Existing technologies hosted by third parties may have problems with joint fake signatures.
2.通过设置备选验签方法,解决签名所需私钥或私钥分量丢失或损坏导致无法进行相关操作的问题。2. By setting an alternative signature verification method, the problem that the private key or private key component required for signature is lost or damaged causes the related operations to be impossible.
3.通过采用设备端本地生成私钥或私钥分片,再交互生成共享公钥组合的方法,既避免私钥传输过程中的安全问题和信用风险,又提高了方案可行性。3. By using the method of locally generating private keys or private key fragments on the device side, and then interactively generating a combination of shared public keys, it not only avoids security problems and credit risks in the process of private key transmission, but also improves the feasibility of the solution.
4.通过引入设备准入机制,可进一步降低女巫攻击等风险。4. By introducing a device access mechanism, risks such as witch attacks can be further reduced.
附图说明Description of drawings
通过阅读参照以下附图对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更明显:Other features, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments with reference to the following drawings:
图1为本发明提供的组合签名及验证签名方法示意图。FIG. 1 is a schematic diagram of a combined signature and signature verification method provided by the present invention.
图2为本发明提供的验签程序的流程示意图。FIG. 2 is a schematic flowchart of a signature verification program provided by the present invention.
具体实施方式detailed description
下面结合具体实施例对本发明进行详细说明。以下实施例将有助于本领域的技术人员进一步理解本发明,但不以任何形式限制本发明。应当指出的是,对本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变化和改进。这些都属于本发明的保护范围。The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.
本发明提出一种区分不同角色方签名权重和操作权限的组合签名及验证签名方法,包括初始化、登记、签名、验证签名四个步骤,通过引入常规必要公钥元素赋予部分签名方绝对控制权,避免第三方托管信用风险,同时引入备选签名及验签流程解决私钥丢失或损坏情况下问题。The present invention proposes a combined signature and signature verification method for distinguishing the signature weights and operation authority of different role parties, including four steps of initialization, registration, signature, and signature verification. Avoid third-party escrow credit risks, and introduce alternative signature and verification processes to solve the problem of lost or damaged private keys.
一种组合签名及验证签名方法,如图1所示,包括:A combined signature and signature verification method, as shown in Figure 1, includes:
步骤一:N组设备端构成设备集群,所述设备集群确定组合方式,创建登记、签名及验证签名程序提交至***;设备端可以是一个独立的设备,例如专门用于加解密运算的密码机、计算机、手机、安全硬件模组HSM,也可以是嵌入设备的某个部件,可以进行密码学相关的运算并与其它设备端通讯即可。***是指对接设备端的服务器,可以是一个区块链***,也可以是中心化服务器。Step 1: N groups of devices form a device cluster, the device cluster determines the combination mode, creates a registration, signature and signature verification program and submits it to the system; the device end can be an independent device, such as a cipher machine specially used for encryption and decryption operations , computer, mobile phone, security hardware module HSM, or a component embedded in the device, which can perform cryptography-related operations and communicate with other devices. The system refers to the server that connects to the device, which can be a blockchain system or a centralized server.
所述组合方式,例如:10个设备端构成设备集群,其中分三组,一组由一个用户持有的设备端组成,二组由1个业务方持有的设备端组成,三组由8个监管方持有的设备端组成。这三组经协商后确定常规签名只需一组、二组、三组的1个设备端进行,其中一组生成1个常规必要公钥元素,二组和三组组合生成常规公钥元素,三组生成备选公钥元素。这些公钥元素构成共享公钥组合。签名时,必须包含匹配常规必要公钥元素的签名元素(用户必须参与签名)、同时满足其它常规公钥元素的验签条件(用户单方面签名没用),才能通过常规验签。若用户丢失私钥,需要三组的全体私钥进行备选签名才能进行恢复等操作。The combination method, for example: 10 device terminals form a device cluster, which is divided into three groups, one group is composed of device terminals held by one user, the second group is composed of device terminals held by one business party, and the third group is composed of 8 It consists of devices held by a supervisory party. After the three groups are negotiated, it is determined that the conventional signature only needs one device side of one group, two groups, and three groups. One group generates a conventional necessary public key element, and the combination of the second group and the third group generates a conventional public key element. Three groups generate candidate public key elements. These public key elements constitute a shared public key combination. When signing, it must contain a signature element that matches the conventional necessary public key elements (the user must participate in the signature), and at the same time meet the verification conditions of other conventional public key elements (the user's unilateral signature is useless), in order to pass the conventional signature verification. If the user loses the private key, all three groups of private keys are required for alternative signatures to perform operations such as recovery.
分组方式和每组设定的签名条件根据具体业务场景设计,可以有很多种形式。The grouping method and the signature conditions set for each group are designed according to specific business scenarios, and can be in many forms.
步骤二:所述设备端集群根据初始化程序各自在本地生成私钥或私钥分片;基于所述私钥或私钥分片构成的至少两个组合生成共享公钥组合(现有技术中的组合元素是没有区分的,或者说是同质的,且一般以同一种签名方式组合到一起,本发 明首先对组合元素进行了区分,分为常规必要、常规、备选,并且支持不同签名方式可以嵌套组合在一起);所述共享公钥组合用于标记待操作对象,所述私钥或私钥分片用于生成签名并许可有关标记对象的操作;***记录共享公钥组合与待操作对象的对应关系(指映射关系,将共享公钥组合和一个待操作对象建立一对一映射关系。届时签名中指定共享公钥组合和要进行的操作,验签通过***就会通知相关模块执行对待操作对象的操作);Step 2: The device cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations formed by the private key or the private key fragment (in the prior art). Combination elements are indistinguishable, or homogeneous, and are generally combined in the same signature method. The present invention first distinguishes the combination elements into conventional necessary, conventional, and alternative, and supports different signature methods. Can be nested and combined together); the shared public key combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the combination of the shared public key and the object to be operated. The corresponding relationship of the operation object (referring to the mapping relationship, establish a one-to-one mapping relationship between the shared public key combination and an object to be operated. At that time, the shared public key combination and the operation to be performed are specified in the signature, and the system will notify the relevant modules when the signature is passed. perform the operation to be operated on the object);
步骤三:根据应用场景选择及签名程序,设备端使用所述私钥或私钥分片构成的k(k>=1)个组合生成k个签名元素,将k个签名元素构成组合签名发送至***;Step 3: According to the application scenario selection and signature program, the device uses k (k>=1) combinations of the private key or private key fragments to generate k signature elements, and sends the k signature elements to form a combined signature to the system;
步骤四:***的验证签名程序对组合签名进行多级验签,验证签名通过则执行有关所述共享公钥组合标记对象的操作。Step 4: The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
所述步骤一,其特征在于,***可为设备端提供基础编程语言,设备端集群可自行或请第三方基于基础编程语言开发并创建登记、签名及验证签名程序;***也可为设备端提供通用程序模板;The first step is characterized in that the system can provide a basic programming language for the device side, and the device side cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide the device side with Generic program template;
所述步骤二,其特征在于,所述共享公钥组合包括至少两个公钥元素;将所述公钥元素标记为常规公钥元素或备选公钥元素两类;将至少一个所述常规公钥元素标记为常规必要公钥元素;常规公钥元素是指共享公钥组合中的一类组成元素,在后续生成的签名元素中,必须存在与常规必要公钥匹配的签名才有可能通过验签。The step 2 is characterized in that the shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements; at least one of the conventional public key elements is marked. The public key element is marked as the conventional necessary public key element; the conventional public key element refers to a type of constituent element in the shared public key combination, and in the subsequently generated signature element, there must be a signature matching the conventional necessary public key to be able to pass Check the signature.
其特征还在于,所述公钥元素可以是单一子公钥或子公钥列表;It is also characterized in that the public key element may be a single sub-public key or a sub-public key list;
所述步骤三,其特征在于,设备端通过将共享公钥组合或签名内容明文提交至***等方式告知***签名对应的待操作对象;所述签名内容包含有关操作的内容;The step 3 is characterized in that the device end informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system, etc.; the signature content includes the content of the relevant operation;
步骤三所述签名元素,分为常规签名元素或备选签名元素两类;常规签名元素用于证明对所述共享公钥组合标记对象进行常规操作的许可,备选签名元素用于证明处理私钥中出现丢失、损坏等情况时对所述共享公钥组合标记对象进行备选操作的许可;The signature elements described in step 3 are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform routine operations on the shared public key combination marked object, and the alternative signature elements are used to prove that processing private The permission to perform an alternative operation on the shared public key combination marker object when the key is lost, damaged, etc.;
步骤三所述生成k个签名元素,其特征在于,每个签名元素的生成算法互相独立,可以是普通签名或多重签名或阈值签名或安全多方计算等生成算法。The step 3 of generating k signature elements is characterized in that the generation algorithms of each signature element are independent of each other, and can be generation algorithms such as ordinary signatures, multi-signatures, threshold signatures, or secure multi-party computation.
所述步骤三,其特征还在于,所述设备端集群中的一组设备端可单独生成签名,也可由多组设备共同生成签名;The third step is further characterized in that a group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
一组设备端可能包含一个或多个设备端,在本地生成一个私钥或多个私钥或多个私钥分片,这些私钥或私钥分片用于生成普通签名、多重签名、阈值签名等;A set of devices may include one or more devices, which generate a private key or multiple private keys or multiple private key fragments locally, and these private keys or private key fragments are used to generate common signatures, multi-signatures, thresholds signature, etc.;
多组设备的至少两个设备端在本地生成私钥或私钥分片,用于生成多重签名或阈值签名等。At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures, etc.
所述设备端集群,可对应用户或用户群、业务方、监管方等角色。The device-side cluster may correspond to roles such as users or user groups, business parties, and supervisors.
如图2所示,步骤四所述多级验签,其特征在于,验证签名程序判断组合签名是否包含常规签名元素,若包含,则进入常规验签子程序,若不包含,则进入备选验签子程序;As shown in Figure 2, the multi-level signature verification described in step 4 is characterized in that the verification signature program determines whether the combined signature contains conventional signature elements. sign subroutine;
所述常规验签子程序判断所述共享公钥组合中每个常规必要公钥元素是否存在对应的满足验证条件的常规签名元素;若至少一个不存在,则常规验签失败,结束验证签名程序;若全部存在,则进一步验证所述共享公钥组合中剩余每个常规公钥元素是否存在对应的满足验证条件的常规签名元素;若全部存在,则通过常规验签流程,***执行签名指示的有关所述共享公钥组合标记对象的操作;若至少一个不存在,则常规验签失败,结束验证签名程序;The routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
所述备选验签子程序判断组合签名是否包含备选签名元素且备选签名元素满足与备选公钥元素匹配的验证条件,若存在且满足,则通过备选验签流程,***执行签名指示的有关所述共享公钥组合标记对象的备选操作,否则,备选验签失败,结束验证签名流程。The candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
优选地,所述***可以设置设备准入机制,例如联盟链***,由多个互相独立的可信第三方处理备选验签相关的操作;Preferably, the system can set a device access mechanism, such as a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification;
所述多级验签程序可通过在***嵌入智能合约自动执行。The multi-level signature verification procedure can be executed automatically by embedding a smart contract in the system.
优选地,本发明所述组合签名及验证签名方法,还可增加备选验签触发方法。所述触发方法的一种实现方法可以是,所述共享公钥组合标记的对象的所有者事先向***申请CA证书等身份认证工具,当所有者向***发起备选操作申请,***验证其身份后启动备选验签流程。Preferably, in the combined signature and signature verification method of the present invention, an alternative signature verification triggering method may be added. An implementation method of the trigger method may be that the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system verifies his identity. Then start the alternative signature verification process.
在本申请的描述中,需要理解的是,术语“上”、“下”、“前”、“后”、“左”、“右”、“竖直”、“水平”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本申请和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本申请的限制。In the description of this application, it should be understood that the terms "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", The orientation or positional relationship indicated by "bottom", "inner", "outer", etc. is based on the orientation or positional relationship shown in the accompanying drawings, which is only for the convenience of describing the present application and simplifying the description, rather than indicating or implying the indicated device. Or elements must have a particular orientation, be constructed and operate in a particular orientation, and therefore should not be construed as a limitation of the present application.
本领域技术人员知道,除了以纯计算机可读程序代码方式实现本发明提供的***、装置及其各个模块以外,完全可以通过将方法步骤进行逻辑编程来使得本发明提供的系 统、装置及其各个模块以逻辑门、开关、专用集成电路、可编程逻辑控制器以及嵌入式微控制器等的形式来实现相同程序。所以,本发明提供的***、装置及其各个模块可以被认为是一种硬件部件,而对其内包括的用于实现各种程序的模块也可以视为硬件部件内的结构;也可以将用于实现各种功能的模块视为既可以是实现方法的软件程序又可以是硬件部件内的结构。Those skilled in the art know that, in addition to implementing the system, device and each module provided by the present invention in the form of pure computer readable program code, the system, device and each module provided by the present invention can be completely implemented by logically programming the method steps. The same program is implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, among others. Therefore, the system, device and each module provided by the present invention can be regarded as a kind of hardware component, and the modules included in it for realizing various programs can also be regarded as the structure in the hardware component; A module for realizing various functions can be regarded as either a software program for realizing a method or a structure within a hardware component.
以上对本发明的具体实施例进行了描述。需要理解的是,本发明并不局限于上述特定实施方式,本领域技术人员可以在权利要求的范围内做出各种变化或修改,这并不影响本发明的实质内容。在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the above-mentioned specific embodiments, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essential content of the present invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily, provided that there is no conflict.

Claims (10)

  1. 一种组合签名及验证签名方法,其特征在于,包括:A combined signature and signature verification method, comprising:
    步骤S1:N组设备端构成设备集群,所述设备集群确定组合方式,创建登记、签名及验证签名程序提交至***;Step S1: N groups of devices form a device cluster, the device cluster determines a combination mode, creates a registration, signature and signature verification program and submits it to the system;
    步骤S2:所述设备端集群根据初始化程序各自在本地生成私钥或私钥分片;基于所述私钥或私钥分片构成的至少两个组合生成共享公钥组合;所述共享公钥组合用于标记待操作对象,所述私钥或私钥分片用于生成签名并许可有关标记对象的操作;***记录共享公钥组合与待操作对象的对应关系;Step S2: The device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the corresponding relationship between the combination of the shared public key and the object to be operated;
    步骤S3:根据应用场景选择及签名程序,设备端使用所述私钥或私钥分片构成的k个组合生成k个签名元素,将k个签名元素构成组合签名发送至***,其中k>=1;Step S3: According to the application scenario selection and signature program, the device uses the k combinations of the private key or private key fragments to generate k signature elements, and sends the k signature elements to form a combined signature to the system, where k >= 1;
    步骤S4:***的验证签名程序对组合签名进行多级验签,验证签名通过则执行有关所述共享公钥组合标记对象的操作。Step S4: The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, operations related to the shared public key combined signature object are performed.
  2. 根据权利要求1所述的组合签名及验证签名方法,其特征在于,所述步骤S1:The combined signature and signature verification method according to claim 1, wherein the step S1:
    所述***能够为设备端提供基础编程语言,设备端集群能够自行或请第三方基于基础编程语言开发并创建登记、签名及验证签名程序;***也能够为设备端提供通用程序模板;The system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
    所述设备端包括:The device side includes:
    独立的设备,包括:用于加解密运算的密码机、计算机、手机、安全硬件模组HSM;Independent equipment, including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
    嵌入设备的部件,能够进行密码学相关的运算并与其它设备端通讯;A component embedded in a device, capable of performing cryptographic operations and communicating with other devices;
    所述***指对接设备端的服务器,包括:区块链***、中心化服务器。The system refers to the server connected to the device, including: blockchain system and centralized server.
  3. 根据权利要求1所述的组合签名及验证签名方法,其特征在于,所述步骤S2:The combined signature and verification signature method according to claim 1, wherein the step S2:
    所述共享公钥组合包括至少两个公钥元素;将所述公钥元素标记为常规公钥元素或备选公钥元素两类;The shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
    将至少一个所述常规公钥元素标记为常规必要公钥元素;marking at least one of said regular public key elements as regular necessary public key elements;
    所述公钥元素包括:单一子公钥、子公钥列表。The public key elements include: a single sub-public key and a sub-public key list.
  4. 根据权利要求1所述的组合签名及验证签名方法,其特征在于,所述步骤S3:The combined signature and verification signature method according to claim 1, wherein the step S3:
    设备端通过将共享公钥组合或签名内容明文提交至***等方式告知***签名对应的待操作对象;所述签名内容包含有关操作的内容;The device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the operation;
    所述签名元素,分为常规签名元素或备选签名元素两类;常规签名元素用于证明对所述共享公钥组合标记对象进行常规操作的许可,备选签名元素用于证明处理私钥中出 现丢失、损坏等情况时对所述共享公钥组合标记对象进行备选操作的许可;The signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove that processing the private key. Permission to perform alternative operations on the shared public key combination marked object in the event of loss, damage, etc.;
    所述生成k个签名元素:每个签名元素的生成算法互相独立,包括普通签名或多重签名或阈值签名或安全多方计算等生成算法;The generation of k signature elements: the generation algorithms of each signature element are independent of each other, including generation algorithms such as ordinary signature or multi-signature or threshold signature or secure multi-party computation;
    所述设备端集群中的一组设备端可单独生成签名,也可由多组设备共同生成签名;A group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
    一组设备端包含一个或多个设备端,在本地生成一个私钥或多个私钥或多个私钥分片,所述私钥或私钥分片用于生成普通签名、多重签名及阈值签名;A set of device terminals includes one or more device terminals, which locally generate one private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
    多组设备的至少两个设备端在本地生成私钥或私钥分片,用于生成多重签名或阈值签名;At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
    所述设备端集群,对应用户或用户群、业务方、监管方。The device-side cluster corresponds to a user or user group, a business party, and a supervisory party.
  5. 根据权利要求1所述的组合签名及验证签名方法,其特征在于,所述步骤S4:The combined signature and signature verification method according to claim 1, wherein the step S4:
    所述多级验签:验证签名程序判断组合签名是否包含常规签名元素,若包含,则进入常规验签子程序,若不包含,则进入备选验签子程序;Described multi-level signature verification: the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
    所述常规验签子程序判断所述共享公钥组合中每个常规必要公钥元素是否存在对应的满足验证条件的常规签名元素;若至少一个不存在,则常规验签失败,结束验证签名程序;若全部存在,则进一步验证所述共享公钥组合中剩余每个常规公钥元素是否存在对应的满足验证条件的常规签名元素;若全部存在,则通过常规验签流程,***执行签名指示的有关所述共享公钥组合标记对象的操作;若至少一个不存在,则常规验签失败,结束验证签名程序;The routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
    所述备选验签子程序判断组合签名是否包含备选签名元素且备选签名元素满足与备选公钥元素匹配的验证条件,若存在且满足,则通过备选验签流程,***执行签名指示的有关所述共享公钥组合标记对象的备选操作,否则,备选验签失败,结束验证签名流程。The candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
  6. 根据权利要求1所述的组合签名及验证签名方法,其特征在于,所述***设置设备准入机制,包括联盟链***,由多个互相独立的可信第三方处理备选验签相关的操作;The combined signature and signature verification method according to claim 1, wherein the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification ;
    所述多级验签程序通过在***嵌入智能合约自动执行;The multi-level signature verification procedure is automatically executed by embedding a smart contract in the system;
    所述组合签名及验证签名方法还包括:备选验签触发方法;The combined signature and signature verification method further includes: an alternative signature verification triggering method;
    所述触发方法的实现方法包括:所述共享公钥组合标记的对象的所有者事先向***申请CA证书等身份认证工具,当所有者向***发起备选操作申请,***验证其身份后启动备选验签流程。The implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
  7. 一种组合签名及验证签名***,其特征在于,包括:A combined signature and verification signature system, comprising:
    模块S1:N组设备端构成设备集群,所述设备集群确定组合方式,创建登记、签名及验证签名程序提交至***;Module S1: N groups of devices form a device cluster, and the device cluster determines a combination mode, creates a registration, signature and signature verification program and submits it to the system;
    模块S2:所述设备端集群根据初始化程序各自在本地生成私钥或私钥分片;基于所述私钥或私钥分片构成的至少两个组合生成共享公钥组合;所述共享公钥组合用于标记待操作对象,所述私钥或私钥分片用于生成签名并许可有关标记对象的操作;***记录共享公钥组合与待操作对象的对应关系;Module S2: the device-side cluster generates a private key or private key fragment locally according to the initialization program; generates a shared public key combination based on at least two combinations of the private key or private key fragment; the shared public key The combination is used to mark the object to be operated, and the private key or private key fragment is used to generate a signature and permit the operation of the marked object; the system records the correspondence between the combination of shared public keys and the object to be operated;
    模块S3:根据应用场景选择及签名程序,设备端使用所述私钥或私钥分片构成的k个组合生成k个签名元素,将k个签名元素构成组合签名发送至***,其中k>=1;Module S3: According to the application scenario selection and signature program, the device side uses the private key or the k combinations of the private key fragments to generate k signature elements, and sends the k signature elements to form a combined signature to the system, where k >= 1;
    模块S4:***的验证签名程序对组合签名进行多级验签,验证签名通过则执行有关所述共享公钥组合标记对象的操作。Module S4: The system's signature verification program performs multi-level signature verification on the combined signature, and if the signature is verified, the operations related to the shared public key combined signature object are performed.
  8. 根据权利要求7所述的组合签名及验证签名***,其特征在于,所述模块S1:The combined signature and verification signature system according to claim 7, wherein the module S1:
    所述***能够为设备端提供基础编程语言,设备端集群能够自行或请第三方基于基础编程语言开发并创建登记、签名及验证签名程序;***也能够为设备端提供通用程序模板;The system can provide a basic programming language for the device end, and the device end cluster can develop and create registration, signature and verification signature programs based on the basic programming language by itself or by a third party; the system can also provide a general program template for the device end;
    所述设备端包括:The device side includes:
    独立的设备,包括:用于加解密运算的密码机、计算机、手机、安全硬件模组HSM;Independent equipment, including: cipher machines, computers, mobile phones, and security hardware modules HSM for encryption and decryption operations;
    嵌入设备的部件,能够进行密码学相关的运算并与其它设备端通讯;A component embedded in a device, capable of performing cryptographic operations and communicating with other devices;
    所述***指对接设备端的服务器,包括:区块链***、中心化服务器;The system refers to the server connected to the device, including: blockchain system and centralized server;
    所述模块S2:The module S2:
    所述共享公钥组合包括至少两个公钥元素;将所述公钥元素标记为常规公钥元素或备选公钥元素两类;The shared public key combination includes at least two public key elements; the public key elements are marked as two types of conventional public key elements or alternative public key elements;
    将至少一个所述常规公钥元素标记为常规必要公钥元素;marking at least one of said regular public key elements as regular necessary public key elements;
    所述公钥元素包括:单一子公钥、子公钥列表;The public key elements include: a single sub-public key and a sub-public key list;
    所述模块S3:The module S3:
    设备端通过将共享公钥组合或签名内容明文提交至***等方式告知***签名对应的待操作对象;所述签名内容包含有关操作的内容;The device side informs the system of the object to be operated corresponding to the signature by submitting the shared public key combination or the plaintext of the signature content to the system; the signature content includes the content of the operation;
    所述签名元素,分为常规签名元素或备选签名元素两类;常规签名元素用于证明对所述共享公钥组合标记对象进行常规操作的许可,备选签名元素用于证明处理私钥中出现丢失、损坏等情况时对所述共享公钥组合标记对象进行备选操作的许可;The signature elements are divided into two types: conventional signature elements and alternative signature elements; the conventional signature elements are used to prove the permission to perform conventional operations on the shared public key combination mark object, and the alternative signature elements are used to prove that processing the private key. Permission to perform alternative operations on the shared public key combination marked object in the event of loss, damage, etc.;
    所述生成k个签名元素:每个签名元素的生成算法互相独立,包括普通签名或多重 签名或阈值签名或安全多方计算等生成算法;Described generating k signature elements: the generation algorithms of each signature element are independent of each other, including generation algorithms such as common signature or multi-signature or threshold signature or secure multi-party computation;
    所述设备端集群中的一组设备端可单独生成签名,也可由多组设备共同生成签名;A group of device ends in the device end cluster can generate a signature independently, or a plurality of groups of devices can jointly generate a signature;
    一组设备端包含一个或多个设备端,在本地生成一个私钥或多个私钥或多个私钥分片,所述私钥或私钥分片用于生成普通签名、多重签名及阈值签名;A set of device terminals includes one or more device terminals, which locally generate one private key or multiple private keys or multiple private key fragments, which are used to generate ordinary signatures, multi-signatures and thresholds sign;
    多组设备的至少两个设备端在本地生成私钥或私钥分片,用于生成多重签名或阈值签名;At least two device ends of multiple groups of devices generate private keys or private key fragments locally, which are used to generate multi-signatures or threshold signatures;
    所述设备端集群,对应用户或用户群、业务方、监管方;The device-side cluster corresponds to users or user groups, business parties, and supervisors;
    所述模块S4:The module S4:
    所述多级验签:验证签名程序判断组合签名是否包含常规签名元素,若包含,则进入常规验签子程序,若不包含,则进入备选验签子程序;Described multi-level signature verification: the signature verification program judges whether the combined signature includes conventional signature elements, if included, then enters the conventional signature verification subroutine, if not included, then enters the alternative signature verification subroutine;
    所述常规验签子程序判断所述共享公钥组合中每个常规必要公钥元素是否存在对应的满足验证条件的常规签名元素;若至少一个不存在,则常规验签失败,结束验证签名程序;若全部存在,则进一步验证所述共享公钥组合中剩余每个常规公钥元素是否存在对应的满足验证条件的常规签名元素;若全部存在,则通过常规验签流程,***执行签名指示的有关所述共享公钥组合标记对象的操作;若至少一个不存在,则常规验签失败,结束验证签名程序;The routine signature verification subroutine judges whether each routine necessary public key element in the shared public key combination has a corresponding routine signature element that satisfies the verification condition; if at least one does not exist, the routine signature verification fails, and the verification signature procedure ends; If all of them exist, then further verify whether each of the remaining conventional public key elements in the shared public key combination has a corresponding conventional signature element that satisfies the verification conditions; The operation of the shared public key combination to mark the object; if at least one does not exist, the conventional signature verification fails, and the verification signature procedure is ended;
    所述备选验签子程序判断组合签名是否包含备选签名元素且备选签名元素满足与备选公钥元素匹配的验证条件,若存在且满足,则通过备选验签流程,***执行签名指示的有关所述共享公钥组合标记对象的备选操作,否则,备选验签失败,结束验证签名流程。The candidate signature verification subroutine judges whether the combined signature contains candidate signature elements and the candidate signature elements satisfy the verification conditions matching the candidate public key elements. If it exists and is satisfied, the system executes the signature instruction through the candidate signature verification process The alternative operation related to the shared public key combination to mark the object, otherwise, the alternative signature verification fails, and the verification signature process ends.
  9. 根据权利要求7所述的组合签名及验证签名***,其特征在于,所述***设置设备准入机制,包括联盟链***,由多个互相独立的可信第三方处理备选验签相关的操作;The combined signature and signature verification system according to claim 7, wherein the system sets a device access mechanism, including a consortium chain system, and multiple independent trusted third parties process operations related to candidate signature verification ;
    所述多级验签程序通过在***嵌入智能合约自动执行;The multi-level signature verification procedure is automatically executed by embedding a smart contract in the system;
    所述组合签名及验证签名***还包括:备选验签触发方法;The combined signature and verification signature system further includes: an alternative signature verification triggering method;
    所述触发方法的实现方法包括:所述共享公钥组合标记的对象的所有者事先向***申请CA证书等身份认证工具,当所有者向***发起备选操作申请,***验证其身份后启动备选验签流程。The implementation method of the triggering method includes: the owner of the object marked by the shared public key combination applies to the system for an identity authentication tool such as a CA certificate in advance, and when the owner initiates an application for an alternative operation to the system, the system starts the backup after verifying his identity. Selection process.
  10. 一种存储有计算机程序的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的组合签名及验证签名方法的步骤。A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the steps of the combined signature and signature verification method described in any one of claims 1 to 6 are implemented.
PCT/CN2021/113137 2020-08-20 2021-08-18 Combined signature and signature verification method and system, and storage medium WO2022037596A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010845719.0A CN111988147B (en) 2020-08-20 2020-08-20 Combined signature and signature verification method, system and storage medium
CN202010845719.0 2020-08-20

Publications (1)

Publication Number Publication Date
WO2022037596A1 true WO2022037596A1 (en) 2022-02-24

Family

ID=73443881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/113137 WO2022037596A1 (en) 2020-08-20 2021-08-18 Combined signature and signature verification method and system, and storage medium

Country Status (2)

Country Link
CN (1) CN111988147B (en)
WO (1) WO2022037596A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666066A (en) * 2022-05-20 2022-06-24 杭州天谷信息科技有限公司 Private key recovery method and system and private key updating method and system
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN115714673A (en) * 2022-11-03 2023-02-24 哈尔滨工程大学 Real-time certificate revocation method based on multiple intermediate entities in cross-domain authentication process
CN116743377A (en) * 2023-08-09 2023-09-12 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium based on blockchain key

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988147B (en) * 2020-08-20 2022-06-03 上海万向区块链股份公司 Combined signature and signature verification method, system and storage medium
CN112737777B (en) * 2020-12-29 2023-01-10 北京百度网讯科技有限公司 Threshold signature and signature verification method, device, equipment and medium based on secret key
CN112749968B (en) * 2021-01-29 2022-09-06 支付宝实验室(新加坡)有限公司 Service data recording method and device based on block chain
CN112926967B (en) * 2021-03-18 2024-02-02 上海零数众合信息科技有限公司 Metering and payment method for blockchain platform
CN114338034B (en) * 2021-12-09 2023-07-18 河南大学 Block chain-based dam bank monitoring data safe sharing method and system
CN116032661B (en) * 2023-03-23 2023-08-08 南京邮电大学 Parallel supervision identity privacy protection method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109934585A (en) * 2019-03-08 2019-06-25 矩阵元技术(深圳)有限公司 A kind of endorsement method based on multi-party computations, apparatus and system
CN110784320A (en) * 2019-11-04 2020-02-11 张冰 Distributed key implementation method and system and user identity management method and system
US20200193432A1 (en) * 2017-04-24 2020-06-18 Blocksettle Ab Method and system for settling a blockchain transaction
WO2020162780A1 (en) * 2019-02-08 2020-08-13 Алексей Сергеевич СМИРНОВ System and method for securely storing digital currencies and carrying out transactions in a blockchain network
CN111988147A (en) * 2020-08-20 2020-11-24 上海万向区块链股份公司 Combined signature and signature verification method, system and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4892011B2 (en) * 2007-02-07 2012-03-07 日本電信電話株式会社 Client device, key device, service providing device, user authentication system, user authentication method, program, recording medium
CN102170356B (en) * 2011-05-10 2013-12-04 北京联合智华微电子科技有限公司 Authentication system realizing method supporting exclusive control of digital signature key
CN105450396B (en) * 2016-01-11 2017-03-29 长沙市迪曼森信息科技有限公司 A kind of combination key without certificate is produced and application process
EP3672143A1 (en) * 2018-12-20 2020-06-24 Safenet Canada Inc. Method for generating stateful hash based signatures of messages to be signed
CN109684791B (en) * 2018-12-26 2020-09-15 飞天诚信科技股份有限公司 Software protection method and device
CN109861826B (en) * 2019-02-18 2022-02-18 郑州师范学院 Method and device for realizing bidirectional proxy re-signature
CN110971411B (en) * 2019-12-02 2022-07-12 南京壹证通信息科技有限公司 SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
CN111447070B (en) * 2020-03-26 2023-04-07 丁莉萍 Block chain signature verification method and device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200193432A1 (en) * 2017-04-24 2020-06-18 Blocksettle Ab Method and system for settling a blockchain transaction
WO2020162780A1 (en) * 2019-02-08 2020-08-13 Алексей Сергеевич СМИРНОВ System and method for securely storing digital currencies and carrying out transactions in a blockchain network
CN109934585A (en) * 2019-03-08 2019-06-25 矩阵元技术(深圳)有限公司 A kind of endorsement method based on multi-party computations, apparatus and system
CN110784320A (en) * 2019-11-04 2020-02-11 张冰 Distributed key implementation method and system and user identity management method and system
CN111988147A (en) * 2020-08-20 2020-11-24 上海万向区块链股份公司 Combined signature and signature verification method, system and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN114679281B (en) * 2022-03-15 2023-12-01 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and apparatus
CN114666066A (en) * 2022-05-20 2022-06-24 杭州天谷信息科技有限公司 Private key recovery method and system and private key updating method and system
CN115714673A (en) * 2022-11-03 2023-02-24 哈尔滨工程大学 Real-time certificate revocation method based on multiple intermediate entities in cross-domain authentication process
CN116743377A (en) * 2023-08-09 2023-09-12 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium based on blockchain key
CN116743377B (en) * 2023-08-09 2023-11-03 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium based on blockchain key

Also Published As

Publication number Publication date
CN111988147A (en) 2020-11-24
CN111988147B (en) 2022-06-03

Similar Documents

Publication Publication Date Title
WO2022037596A1 (en) Combined signature and signature verification method and system, and storage medium
US10601805B2 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
CN111046352B (en) Identity information security authorization system and method based on block chain
US20220191012A1 (en) Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System
WO2022126967A1 (en) Blockchain-based data supervision method, apparatus and device, and storage medium
CN100477833C (en) Authentication method
WO2019237570A1 (en) Electronic contract signing method, device and server
CN114600419A (en) Encrypted asset hosting system with equity certification blockchain support
US9253162B2 (en) Intelligent card secure communication method
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN111324881B (en) Data security sharing system and method fusing Kerberos authentication server and block chain
TWI648679B (en) License management system and method using blockchain
CN109347625B (en) Password operation method, work key creation method, password service platform and equipment
WO2018133674A1 (en) Method of verifying and feeding back bank payment permission authentication information
US10887110B2 (en) Method for digital signing with multiple devices operating multiparty computation with a split key
US10990692B2 (en) Managing data handling policies
US20230284027A1 (en) Method for establishing communication channel, and user terminal
JP2013084034A (en) Template distribution type cancelable biometric authentication system and method therefor
CN111476573A (en) Account data processing method, device, equipment and storage medium
JP2010231404A (en) System, method, and program for managing secret information
CN110266483B (en) Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD
US11757660B2 (en) Security governance of the processing of a digital request
CN110176997B (en) Quantum communication service station AKA key negotiation method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21857688

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21857688

Country of ref document: EP

Kind code of ref document: A1