Background technology
Block chain is the core support technology using bit coin as the digital encryption currency system of representative.The core of block chain technologyHeart advantage is decentralization, can be encrypted, the means such as timestamp, distributed common recognition and economic incentives, saved by maintenance dataThe point-to-point transaction based on decentralization credit, coordination are realized in the distributed system that point need not trust each other with cooperating, so as toSolution is provided to solve the problems such as high cost of centralization mechanism generally existing, poor efficiency and data storage are dangerous.
With the fast development of bit coin in recent years and popularization, research and the application of block chain technology also show explosion typeGrowing trend, it is considered to be the 5th top of normal form is calculated after large scale computer, PC, internet, movement/social networksFormula innovation is covered, is the 4th mileage on mankind's credit evolutionary history after blood relation's credit, noble metal credit, Central Bank's paper creditUpright stone tablet.Blank of the block chain technology as cloud computing of future generation, it will be expected to as internet thoroughly remold human social activity's shapeState, and realize the transformation from current information interconnected network to value internet.
Block chain technology originates from 2008, not yet forms the generally acknowledged block chain definition of industry at present.For narrow sense, blockChain be it is a kind of data block is combined into specific data structure in a manner of chain sequentially in time, and protected in a manner of cryptographyGeneral ledger (Decentralized shared ledger), Neng Gouan are shared in the decentralization that can not be distorted He can not forge of cardIt is complete to store data simple, having precedence relationship, being verified in system.
The block chain technology of broad sense is verified with data storage, saved using distribution using chain type block structure is encryptedPoint common recognition algorithm programs one kind with operation data to generate and update the data, using automatized script code (intelligent contract)Brand-new decentralization architecture and Distributed Calculation normal form.
Block chain has the characteristics that decentralization, time series data, collective's maintenance, programmable and secure and trusted.Go firstCentralization:The processes such as checking, book keeping operation, storage, maintenance and the transmission of block chain data are all based on distributed system architecture, usePure mathematical method rather than central authority establish the trusting relationship between distributed node, so as to form the trusted of decentralizationDistributed system;Next to that time series data:Block chain use with timestamp chain type block structure data storage, so as to forData add time dimension, have extremely strong verifiability and trackability;3rd is that collective safeguards:Block catenary system usesSpecific economic limit water cut ensures that all nodes in distributed system each may participate in verification process (such as bit of data blockThe digging ore deposit process of coin), and select specific node that new block is added into block chain by knowing together algorithm;4th is to compileJourney:Block chain technology can provide flexible scripted code system, support user create advanced intelligent contract, currency or other goCentralization application.For example, ether mill (Ethereum) platform is to provide the figure complete script of spirit so that user buildsIt is any can be with the intelligent contract or type of transaction of explication;It is finally secure and trusted:Block chain technology uses asymmetric cryptographyLearn principle data are encrypted, while the common recognition algorithm formation such as proof of work by each node of distributed system is powerfulCalculation power is to resist external attack, guarantee block chain data can not distort and can not forge, thus has higher security.
It is, in general, that block catenary system is made up of data Layer, Internet, common recognition layer, excitation layer, contract layer and application layer.Wherein, data Layer encapsulates the technologies such as data encryption and the timestamp of bottom data block and correlation;Internet then includes dividingCloth networking mechanism, data dissemination mechanism and data authentication mechanism etc.;All kinds of common recognitions of common recognition layer predominant package network node are calculatedMethod;Economic factor is integrated into block chain technical system by excitation layer, main issuing mechanism and distribution including economic incentivesMechanism etc.;All kinds of scripts of contract layer predominant package, algorithm and intelligent contract, it is the basis of block chain programmable features;Application layerThen encapsulate the various application scenarios and case of block chain.Chain type block structure, the common recognition of distributed node based on timestampThe intelligent contract of mechanism, the economic incentives based on common recognition calculation power and flexible programmable is the most representational innovation of block chain technologyPoint.
At present, security threat is the sixty-four dollar question that block chain is faced so far, the secret protection of block chainThere is also security risks.Each node is not full energy matries in block catenary system, but passes through the ground of similar e-mail addressSender is required for transaction when location identifies (such as bit coin public key address) to realize transmission of transaction data, while merchandise every timeInformation is signed, and recipient needs to carry out sign test after receiving Transaction Information, to prove the credibility of transaction business, prevents falsenessBusiness is spread unchecked, while in order to adapt to the needs of different transaction scenes, block chain business needs to enter on the basis of safeguard protectionIndustry business is evolved, such as encrypted transaction message, multiple party signatures etc., and these safety services are required for using one or more correlationsPrivacy key, and then the distribution or generation of key need a reliable key management mechanism.
The content of the invention
To solve existing technical problem, the embodiment of the present invention provides a kind of block based on self-certified public key systemChain network cryptographic key distribution method, it is safe, flexible, and can preferably be embedded into existing block chain operation system, reducesImplementation cost, there is stronger exploitativeness.
To reach above-mentioned purpose, what the technical scheme of the embodiment of the present invention was realized in:
A kind of block chain network cryptographic key distribution method based on self-certified public key system, comprises the following steps:
Step 1, system initialization
TA nodes produce and announce respective block chain network systematic parameter, then complete area by multiple KDC node cooperationsThe distribution of block catenary system master key;
Step 2, the user's registration for carrying out block chain
The user node u for participating in block chain business network first has to carry out offline registration at TA nodes, is examined by TA nodesIts identity of core simultaneously issues registration voucher;
Step 3, the distribution of block chain user key
Multiple distributed key distribution center nodes of the user node into network send key request, KDCAfter checking request, distribute corresponding user key to the user node.
Further, step 1 specifically includes:
Step 10, block catenary system parameter are established
Define the security system parameter needed for the key distribution mechanism of whole block chain network;
Step 11, the distribution of block catenary system master key
First, n KDC node generates system master key s by distributed collaborative, and then each KDC nodes calculate itselfSecret shadow.
Further, step 11 specifically comprises the following steps:
Step 110, each KDC node is (i=1,2 ..., n) one secret (t-1) rank multinomial of construction:
fi(x)=di+ai,1x+ai,2x2+…+ai,t-1xt-1(mod q) (2)
Wherein, ai,j∈Zq*(j=1,2 ..., t-1);Then calculate and announce the public key P of itselfi=diP;
Step 111, KDC node is calculate and safely send the sub-secret share s of other KDC nodes j (j ≠ i)i,j=fi(j), then calculate and send corresponding experimental evidence Vi,0=diP, Vi,j=ai,jP (j=1,2 ..., t-1);
Step 112 ,] KDC nodes j receives the sub-secret share s from KDC node isi,jAnd after experimental evidence, utilize formula(3) its validity is verified;
It is effective then receive, otherwise distribute again.
Further, step 2 specifically comprises the following steps:
Step 20, user u select a secret random number wu∈Zq*, calculate evidence Wu=wuP, then by { IDu、WuCarryGive TA nodes;
After step 21, TA nodes receive user u log-on message, if auditing its identity not by refusal user u;OtherwiseCalculate user u registration voucher Ceru=dTAVu, wherein, Vu=H0(IDu||IDTA||Tu,Wu), TuTo register voucher CeruConjunctionThe method time limit;Then by { Ceru、TuIt is sent to user u;
After step 22, user u receive the registration voucher of TA nodes return, V is calculatedu=H0(IDu||IDTA||Tu,Wu), andUtilize the public key P of TA nodesTARegistration voucher Cer is verified by formula (4)uValidity;
It is verified and then receives registration voucher Ceru, otherwise re-register.
Further, step 3 specifically comprises the following steps:
Step 30, user u select t secret random number ki∈RZq*;CalculateWith r=kP;Then auxiliary is calculatedKey Kui=H1(wuPi), auxiliary information Yui=Kui⊕kiAnd authentication information Rui=HKui(Yui);Then by { IDu、IDTA、Tu、Wu、Ceru、r、Yui、RuiIt is sent to node KDCi(i=1,2 ..., t);
Step 31, node KDCiAfter the cipher key request information for receiving user u, V is calculatedu=H0(IDu||IDTA||Tu,Wu), andChecking registration voucher CeruLegitimacy;Then K is calculatedui'=H1(diWu) and Rui'=HKui'(Yui), and verified by formula (5)YuiValidity;
It is above-mentioned be verified after, receive user u request, otherwise refuse;
Step 32, user u receive node KDCiAfter the signing messages of transmission, S is calculatedui'=HKui(Eui), and pass through formula (7)Verify EuiValidity;
Then signature e is recoveredi=Kui⊕Eui, calculate Xi=rirx+eiP simultaneously utilizes node KDCiPublic key PiAnd open letterCease sj,iP (j=t+1 ..., n) pass through formula (8) checking signature eiValidity;
After being verified, receive signature ei, otherwise resubmit key request.
The beneficial effect of technical scheme provided in an embodiment of the present invention is:
Block chain network cryptographic key distribution method of the invention based on self-certified public key system provides safer and more flexibleKey Issuance mechanism, for safety block chain business operation Cryptographic Assurance About is provided, be adapted to have large-scale consumer node participationBlock chain network, such as alliance's block chain and publicly-owned block chain, on the premise of large-scale redevelopment system is not needed, the present inventionKey distribution function can preferably be embedded into existing block chain operation system, reduce implementation cost, have it is strongerExploitativeness.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present inventionFormula is described in further detail.
, it is necessary to dispose trusted party or private key generation center (private key in key managing projectGenerator, PKG) carry out the private key of dispatch user or the identity of certification user, block chain network are no exception.Fig. 1 show nothingThe block catenary system management structure of complete trusted key Distribution Center, Fig. 2 are that prior art has 5 without complete trusted key pointThe block catenary system master key distribution procedure schematic diagram at hair center, it is assumed that block chain network is made up of N number of node, is designated as U={ ID1, ID2 ..., IDN }, IDi (1≤i≤N) represent i-th of user, TA or KDC nodes globally unique identity in a networkMark.The present invention carries out the function of single PKG nodes decentralized distributed treatment, by n KDC (keyDistribution center, KDC) node and trusted authority mechanism (trusted authority, a TA) node on behalf ofPerform, so as to avoid block catenary system from only relying upon the problem of single PKG nodes are also easy to produce single point failure, and mitigate singleThe burden of PKG nodes.
Shown in reference picture 3, the block chain network cryptographic key distribution method of the invention based on self-certified public key system includes as followsStep:
Step 1, system initialization
First, TA nodes produce and announce respective block chain network systematic parameter, then by multiple KDC node cooperations Lai completeInto the distribution of block catenary system master key, and after the completion of initialization, TA nodes will be in offline (off-line) state.This hairBright is in embodiment, it is assumed that the node that the distribution of system master key is participated in block chain network is n (1≤n≤N) individual KDC nodes, itsThreshold value is t (t≤n≤2t-1).
Specifically, the system initialization comprises the following steps:
Step 10, block catenary system parameter are established;
Systematic parameter establishes the safety that process is used mainly to define needed for the key distribution mechanism of whole block chain networkSystem parameter.
First, TA joint structures meet the Bilinear map ê of GDH (gap Diffie-Hellman) group property:G1×G1→G2.The generation point that P is group G1 is made, while constructs the one-way hash function of lower big powers impact resistant:
H0:{0,1}*×G1*→G1*;
H1:G1*→Zq*;
H2:{0,1}*×G1*→Zq*;
Hk:{ 0,1 } * → Zq*,
Wherein k is auxiliary key;
Then randomly choose n secret number di ∈ Zq* and be securely distributed to corresponding KDC node is (i=1,2 ...,n);System public key is calculated by formula (1) again
Then, the private key dTA ∈ Zq* of itself are randomly choosed, and calculate public key PTA=dTAP;Then delete all secretClose several di (i=1,2 ..., n) simultaneously announce block catenary system parameter { G1, G2, ê, P, Ppub, PTA, H0, H1, H2, Hk }.
Step 11, the distribution of block catenary system master key
System master key distribution procedure is mainly used in when block chain business network is established, and the master for initializing whole system is closeKey (public/private keys to), got ready for the distribution of follow-up key, the master key of whole system equivalent to system root key,The whole network is credible, when can be used for follow-up block chain network operation, verifies the user key distributed in network.
First, n KDC node generates system master key s by distributed collaborative, and then each KDC nodes calculate itself(on master key s's) secret shadow, specific distributing step is as follows:
Step 110, each KDC node is (i=1,2 ..., n) one secret (t-1) rank multinomial of construction:
fi(x)=di+ai,1x+ai,2x2+…+ai,t-1xt-1(mod q) (2)
Wherein, ai,j∈Zq*(j=1,2 ..., t-1);Then calculate and announce the public key P of itselfi=diP。
Step 111, KDC node is calculate and safely send the sub-secret share s of other KDC nodes j (j ≠ i)i,j=fi(j), then calculate and send corresponding experimental evidence Vi,0=diP, Vi,j=ai,jP (j=1,2 ..., t-1).
Step 112 ,] KDC nodes j receives the sub-secret share s from KDC node isi,jAnd after experimental evidence, utilize formula(3) its validity is verified.
It is effective then receive, otherwise distribute again, receive all other n-1 sub- secret shadow si,jAfter (j ≠ i), institute is preservedThere is sub-secret share and announce si,jP;Finally, the sub-secret share s of itself is combinedj,jCalculate the secret shadow of itself
By said process, system safely establishes master key s, moreover, according to any t secret shadow siJust can weightStructure goes out system master keySystem public key Ppub=sP.
Step 2, the user's registration for carrying out block chain
User registration course is mainly used in auditing the identity information of user node, only true enough and satisfactory sectionPoint could add block chain network, and after auditing user node identity, system can issue a registration voucher, for subsequently participating in netThe behavior checking of network activity, this process can be carried out in a manner of online or be offline.
Shown in reference picture 4, before dispatch user key, it is intended to participate in user node u (its body of block chain business networkPart is identified as IDu) TA nodes (its identity is IDTA) place progress offline registration is first had to, its identity is audited by TA nodesAnd issue registration voucher.Comprise the following steps that:
Step 20, user u select a secret random number wu∈Zq*, calculate evidence Wu=wuP, then by { IDu、WuCarryGive TA nodes;
After step 21, TA nodes receive user u log-on message, if auditing its identity not by refusal user u;OtherwiseCalculate user u registration voucher Ceru=dTAVu, wherein, Vu=H0(IDu||IDTA||Tu,Wu), TuTo register voucher CeruConjunctionThe method time limit;Then by { Ceru、TuIt is sent to user u;
After step 22, user u receive the registration voucher of TA nodes return, V is calculatedu=H0(IDu||IDTA||Tu,Wu), andUtilize the public key P of TA nodesTARegistration voucher Cer is verified by formula (4)uValidity.
It is verified and then receives registration voucher Ceru, otherwise re-register.
Step 3, the distribution of block chain user key
User key distribution procedure is mainly used in (asymmetric close to participate in the user node of block chain network distribution keyKey, public/private keys to), multiple distributed key distribution center nodes of the user node into network send key request, keyAfter Distribution Center's checking request, distribute corresponding user key (public/private keys to) to the user node.Key distribution function byMultiple block chain network entities are taken on jointly, the problem of can avoiding single point failure.
In order to obtain private key SKu, user u needs to select t KDC node and to submit key request, assumes in the present embodimentThe t KDC node chosen is node KDCi, its public key is Pi(i=1,2 ..., t).Specific distributing step is as follows:
Step 30, user u select t secret random number ki∈RZq*;CalculateAnd r=kP;Then calculate auxiliaryHelp key Kui=H1(wuPi), auxiliary information Yui=Kui⊕kiAnd authentication information Rui=HKui(Yui);Then by { IDu、IDTA、Tu、Wu、Ceru、r、Yui、RuiIt is sent to node KDCi(i=1,2 ..., t);
Step 31, node KDCiAfter the cipher key request information for receiving user u, V is calculatedu=H0(IDu||IDTA||Tu,Wu), andRegistration voucher Cer is verified by formula (4)uLegitimacy;Then K is calculatedui'=H1(diWu) and Rui'=HKui'(Yui), and pass throughFormula (5) verifies YuiValidity.
It is above-mentioned be verified after, receive user u request, otherwise refuse.Then k is calculatedi=Kui'⊕YuiWith signature ei。
Wherein, rxFor coordinates of the point r in x-axis;Further, auxiliary information E is calculatedui=Kui'⊕eiAnd authentication informationSui=HKui'(Eui);Then by { Eui、SuiIt is sent to user u;
Step 32, user u receive node KDCiAfter the signing messages of transmission, S is calculatedui'=HKui(Eui), and pass through formula (7)Verify EuiValidity.
Then signature e is recoveredi=Kui⊕Eui, calculate Xi=rirx+eiP simultaneously utilizes node KDCiPublic key PiAnd open letterCease sj,iP (j=t+1 ..., n) pass through formula (8) checking signature eiValidity.
It is above-mentioned be verified after, receive signature ei, otherwise resubmit key request.Receive t effective signature eiAfterwards,CalculateAnd private key SK is calculated by formula (9)u。
SKu=wu+e+k (9)
Further, E=eP is calculated, and generates the public key PK of itselfu={ Wu, E, r }, followed by block chain network systemUnite public key PpubIts validity is verified by formula (10).
Or utilize the private key SK of itselfuIt is verified by formula (11).
SKuP=Wu+E+r (11)
It is above-mentioned be verified after, show public key PKu={ Wu, E, r } and it is effective, otherwise recalculate public key PKu。
By said process, block chain user u can obtain the believable public/private keys of the whole network in the block catenary system of oneselfTo { PKu, SKu}.Key needed for follow-up other subsystems can be block chain business system by this key to further expandingSystem provides support.
In the embodiment of the present invention, the key distributed is unsymmetrical key, can be that subsequent zone block chain service communication uses,For example, generate wallet account etc. and make basis.
Block chain key request process and key distribution when Fig. 5 A, Fig. 5 B is are (n, t)=(5,3) with thresholding t=3Process schematic.In Fig. 5 A, user node transmits key distribution request message to KDC nodes, calculates auxiliary information, authentication informationDeng being sent to node KDCi(i=0,1,2 ..., 4).Fig. 5 B are that KDC nodes transmit key generation message, section to user nodePoint KDCiAfter the cipher key request information for receiving user, by calculating, checking, user is then sent to.
In step 3, distribute use by the registration evidence of user and based on the group signature method of elliptic curve cryptosystemFamily private key, because single KDC is merely able to generating portion private key for user, even if multiple KDCs combineTo crack, the complete private key of user can not be also obtained, overcomes key escrow present in identity-based cipher key scheme.SeparatelyOutside, the public key of distribution has Self-certified, realizes client public key and signature verification in logic single step while completes.
The embodiment of the present invention by introducing Identity- based cryptography, threshold cryptography model and Bilinear map mechanism, andUse for reference self-certified public key concept and group ranking thought, for block chain network provide one newly based on self-certified public key systemThe thresholding cryptographic key distribution method without complete trusted key Distribution Center.In the present embodiment, PKG is common by multiple network entitiesTake on, avoid single point failure problem;And system master key is protected using threshold cryptography model, system has well fault-tolerantProperty;In addition, by the registration evidence of user and based on the group signature method of elliptic curve cryptosystem come dispatch user private key, byIn being merely able to generating portion private key for user, even if multiple KDCs join together to crack, the complete of user can not be also obtainedWhole private key, overcome key escrow present in IBC schemes.Meanwhile the public key of the inventive method generation has Self-certifiedProperty, client public key and signature verification are realized in logic single step while are completed;In key distribution procedure, centre can be resistedThe various attacks such as people's attack, identity personation, the confederate crack, message-replay and passive wiretapping;Be effectively saved computing resource andNetwork bandwidth.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer programProduct.Therefore, the shape of the embodiment in terms of the present invention can use hardware embodiment, software implementation or combination software and hardwareFormula.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more to use storageThe form for the computer program product that medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.).
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program productFigure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagramJourney and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be providedThe processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produceA raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for realThe device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spyDetermine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring toMake the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram orThe function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that countedSeries of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer orThe instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram oneThe step of function of being specified in individual square frame or multiple square frames.
The all or part of above-mentioned technical proposal provided in an embodiment of the present invention can pass through the related hardware of programmed instructionTo complete, described program can be stored in the storage medium that can be read, and the storage medium includes:ROM, RAM, magnetic disc or lightDisk etc. is various can be with the medium of store program codes.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit andWithin principle, any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.