Key generation method and device, blockchain node and computer readable storage medium
By dividing the system's master private key into initial sub-private keys and distributing them to blockchain nodes to generate target private keys, the decentralization problem in blockchain is solved, decentralized key generation is achieved, and the system's security and flexibility are improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TENCENT TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2022-03-04
- Publication Date
- 2026-06-26
Smart Images

Figure CN116743354B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of blockchain technology, specifically to a key generation method, apparatus, blockchain node, and computer-readable storage medium. Background Technology
[0002] Blockchain is a distributed, shared ledger and database characterized by decentralization, immutability, and transparency, leading to its increasingly widespread application. Currently, to ensure security, user identities are authenticated during blockchain usage.
[0003] The method for authenticating a user's identity involves generating a private key for that user through a key generation center, and then verifying the user's identity based on this private key during their use of the blockchain. However, generating private keys through a key generation center does not conform to the decentralized nature of blockchain. Summary of the Invention
[0004] This application provides a key generation method, apparatus, blockchain node, and computer-readable storage medium, which can solve the technical problem that the blockchain cannot be truly decentralized because private keys are generated through a key generation center.
[0005] A key generation method, comprising:
[0006] Obtain the system master private key of the blockchain system, which includes a preset number of blockchain nodes;
[0007] The aforementioned system master private key is divided into initial sub-private keys that match the aforementioned preset number;
[0008] Distribute each of the aforementioned initial sub-private keys to the target blockchain nodes among the aforementioned blockchain nodes;
[0009] The target private key is generated by each of the aforementioned target blockchain nodes and its corresponding initial sub-private key.
[0010] Accordingly, embodiments of this application provide a key generation apparatus, including:
[0011] The acquisition module is used to acquire the system master private key of the blockchain system, which includes a preset number of blockchain nodes.
[0012] The partitioning module is used to divide the aforementioned system master private key into initial sub-private keys that match the aforementioned preset number.
[0013] The distribution module is used to distribute each of the aforementioned initial sub-private keys to the target blockchain nodes among the aforementioned blockchain nodes;
[0014] The generation module is used to generate the target private key through each of the aforementioned target blockchain nodes and their corresponding initial sub-private keys.
[0015] Optionally, the generation module is specifically used for execution:
[0016] Obtain key generation request;
[0017] A target blockchain node in the blockchain system is identified as the starting target blockchain node, and the next target blockchain node of the starting target blockchain node is identified as the current target blockchain node.
[0018] Using the aforementioned starting target blockchain node, generate the first candidate private key based on the initial sub-private key corresponding to the aforementioned starting target blockchain node and the aforementioned key generation request;
[0019] The first candidate private key is sent to the current target blockchain node through the aforementioned starting target blockchain node, and the second candidate private key is generated by the current target blockchain node based on the initial sub-private key corresponding to the current target blockchain node and the first candidate private key.
[0020] If the current target blockchain node is the last blockchain node among the target blockchain nodes, then the second candidate private key will be used as the target private key.
[0021] If the current target blockchain node is not the last blockchain node among the target blockchain nodes, then the current target blockchain node is taken as the starting target blockchain node, the second candidate private key is taken as the first candidate private key, the next target blockchain node of the current target blockchain node is taken as the current target blockchain node, and the process returns to the step of sending the first candidate private key to the current target blockchain node through the starting target blockchain node.
[0022] Optionally, the key generation request may include identity information.
[0023] Accordingly, the generation module is specifically used for execution:
[0024] The preset private key calculation formula is determined based on the preset encryption signature algorithm;
[0025] Using the aforementioned starting target blockchain node, the initial sub-private key corresponding to the aforementioned starting target blockchain node and the aforementioned identity information are substituted into the aforementioned preset private key calculation formula for calculation to obtain the first candidate private key;
[0026] By substituting the initial sub-private key corresponding to the current target blockchain node and the first candidate private key into the preset private key calculation formula, the second candidate private key is obtained.
[0027] Optionally, the aforementioned preset encryption signature algorithm includes a certificateless national cryptographic algorithm, and the aforementioned preset private key calculation formula includes a first preset formula, a second preset formula, a third preset formula, and a fourth preset formula.
[0028] Accordingly, the generation module is specifically used for execution:
[0029] Using the aforementioned starting target blockchain node, substitute the initial sub-private key corresponding to the aforementioned starting target blockchain node into the aforementioned first preset formula for calculation to obtain the first candidate sub-private key;
[0030] Substitute the initial sub-private key corresponding to the above-mentioned starting target blockchain node and the above-mentioned identity information into the above-mentioned second setting formula for calculation to obtain the second candidate sub-private key;
[0031] The first candidate private key is determined based on the first candidate sub-private key and the second candidate private key.
[0032] The initial sub-private key and the first candidate sub-private key of the current target blockchain node are substituted into the third preset formula to obtain the third candidate sub-private key. The initial sub-private key and the second candidate sub-private key of the current target blockchain node are substituted into the fourth preset formula to obtain the fourth candidate sub-private key. The second candidate sub-private key is determined based on the third and fourth candidate sub-private keys.
[0033] Optionally, the generation module is specifically used for execution:
[0034] Arrange the aforementioned target blockchain nodes according to preset rules to obtain the arranged target blockchain nodes;
[0035] Select the initial target blockchain node from the above-arranged target blockchain nodes;
[0036] The next target blockchain node in the arranged target blockchain nodes is taken as the current target blockchain node;
[0037] If the current target blockchain node is not the last blockchain node in the above target blockchain nodes, then the next target blockchain node in the above-arranged target blockchain nodes will be taken as the current target blockchain node.
[0038] Optionally, the generation module is also used to perform:
[0039] Generate the target public key based on the key generation request described above.
[0040] Accordingly, the aforementioned key generation device further includes:
[0041] The processing module is used to execute:
[0042] Obtain the data to be processed;
[0043] Perform a hash operation on the above data to be processed to obtain the target message digest;
[0044] The target message digest is signed using the target private key to obtain the target signature result.
[0045] The target signature result and the data to be processed are sent to the verification blockchain node so that the verification blockchain node can verify the target signature result using the target public key and process the data to be processed when the verification is successful.
[0046] Optionally, the processing module is specifically used to execute:
[0047] Based on the aforementioned certificateless national cryptographic algorithm, the aforementioned target private key is used to sign the aforementioned target message digest to obtain the target signature result.
[0048] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key according to the certificateless national cryptographic algorithm, and process the data to be processed when the verification is successful.
[0049] Furthermore, this application embodiment also provides a blockchain node, including a processor and a memory, wherein the memory stores a computer program, and the processor is used to run the computer program in the memory to implement the key generation method provided in this application embodiment.
[0050] Furthermore, embodiments of this application also provide a computer-readable storage medium storing a computer program adapted for loading by a processor to execute any of the key generation methods provided in embodiments of this application.
[0051] Furthermore, this application also provides a computer program product, including a computer program that, when executed by a processor, implements any of the key generation methods provided in this application.
[0052] In this embodiment, the system master private key of the blockchain system is first obtained. The blockchain system includes a preset number of blockchain nodes. Then, the system master private key is divided into initial sub-private keys matching the preset number. Next, each initial sub-private key is distributed to a target blockchain node. Finally, a target private key is generated using each target blockchain node and its corresponding initial sub-private key.
[0053] In this embodiment of the application, since the obtained system master private key is divided into initial sub-private keys matching a preset number, and each initial sub-private key is distributed to the target blockchain node in the blockchain node, the target private key can be generated through each target blockchain node and its corresponding initial sub-private key, so that the target private key does not need to be generated through the key generation center, thereby achieving decentralization. Attached Figure Description
[0054] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0055] Figure 1 This is a schematic diagram of the structure of the blockchain system provided in the embodiments of this application;
[0056] Figure 2 This is a schematic diagram of the block structure provided in the embodiments of this application;
[0057] Figure 3 This is a flowchart illustrating the key generation method provided in an embodiment of this application;
[0058] Figure 4 This is a flowchart illustrating another key generation method provided in an embodiment of this application;
[0059] Figure 5 This is a schematic diagram of the encryption algorithm and signature algorithm provided in the embodiments of this application;
[0060] Figure 6 This is a schematic diagram illustrating the generation of the target private key provided in an embodiment of this application;
[0061] Figure 7 This is a schematic diagram of the blockchain system provided in the embodiments of this application;
[0062] Figure 8 This is a schematic diagram of the consortium blockchain system provided in the embodiments of this application;
[0063] Figure 9 This is a schematic diagram illustrating the generation process of the consortium blockchain system provided in the embodiments of this application;
[0064] Figure 10 This is a schematic diagram of the key generation device provided in the embodiments of this application;
[0065] Figure 11 This is a schematic diagram of the structure of a blockchain node provided in an embodiment of this application. Detailed Implementation
[0066] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0067] This application provides a key generation method, apparatus, blockchain node, and computer-readable storage medium. The key generation apparatus can be integrated into a blockchain node, which can be a server or a terminal, among other devices.
[0068] The server can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, network acceleration services (Content Delivery Network, CDN), as well as big data and artificial intelligence platforms.
[0069] Terminals include, but are not limited to, mobile phones, computers, intelligent voice interaction devices, smart home appliances, and in-vehicle terminals. Embodiments of this invention can be applied to various scenarios, including but not limited to cloud technology, artificial intelligence, smart transportation, and assisted driving. Terminals and servers can be directly or indirectly connected via wired or wireless communication methods; this application does not impose any limitations on this.
[0070] The system involved in the embodiments of the present invention can be a distributed system formed by connecting a client and multiple nodes (any form of computing device in the network, such as a server or a user terminal) through network communication.
[0071] Taking a distributed system as an example, see blockchain system. Figure 1 , Figure 1 This is an optional structural diagram of the distributed system 100 provided in this embodiment of the invention applied to a blockchain system. It consists of multiple nodes 200 (any form of computing device in the network, such as servers or user terminals) and clients 300. The nodes form a peer-to-peer (P2P) network. The P2P protocol is an application layer protocol running on top of the Transmission Control Protocol (TCP). In the distributed system, any machine, such as a server or terminal, can join and become a node. A node includes a hardware layer, a middleware layer, an operating system layer, and an application layer.
[0072] See Figure 1 The functions of each node in the blockchain system shown include:
[0073] 1) Routing: A basic function of nodes used to support communication between nodes.
[0074] In addition to routing capabilities, nodes can also have the following functions:
[0075] 2) Applications are deployed in the blockchain to implement specific business needs. They record data related to the implementation of functions to form record data, carry digital signatures in the record data to indicate the source of the task data, and send the record data to other nodes in the blockchain system. When other nodes successfully verify the source and integrity of the record data, they add the record data to a temporary block.
[0076] For example, the business logic implemented by the application includes:
[0077] 2.1) A wallet is used to provide the function of conducting electronic currency transactions, including initiating transactions (i.e., sending the transaction record of the current transaction to other nodes in the blockchain system; after other nodes successfully verify the transaction, they store the transaction record data in the temporary block of the blockchain as a response to acknowledge the validity of the transaction; of course, the wallet also supports querying the remaining electronic currency in the electronic currency address;
[0078] 2.2) Shared ledger, used to provide functions such as storage, query and modification of ledger data. It sends the record data of the operation on the ledger data to other nodes in the blockchain system. After the other nodes verify the validity, as a response to acknowledge the validity of the ledger data, they store the record data in a temporary block. They can also send confirmation to the node that initiated the operation.
[0079] 2.3) Smart contracts are computerized protocols that can execute the terms of a contract. They are implemented through code deployed on a shared ledger that executes when certain conditions are met. Based on actual business needs, the code is used to complete automated transactions, such as querying the logistics status of goods purchased by a buyer and transferring the buyer's electronic money to the merchant's address after the buyer signs for the goods. Of course, smart contracts are not limited to executing contracts for transactions; they can also execute contracts for processing received information.
[0080] 3) A blockchain consists of a series of blocks that are sequentially generated. Once a new block is added to the blockchain, it will not be removed. The blocks contain the data submitted by the nodes in the blockchain system.
[0081] See Figure 2 , Figure 2This is an optional schematic diagram of the block structure provided in this embodiment of the invention. Each block includes the hash value of the transaction records stored in this block (the hash value of this block) and the hash value of the previous block. The blocks are connected through their hash values to form a blockchain. Additionally, the block may include information such as a timestamp when it was generated. A blockchain is essentially a decentralized database, a chain of data blocks linked together using cryptographic methods. Each data block contains relevant information used to verify the validity of the information (anti-counterfeiting) and to generate the next block.
[0082] Furthermore, in the embodiments of this application, "multiple" refers to two or more. The terms "first" and "second," etc., in the embodiments of this application are used for distinguishing descriptions and should not be construed as implying relative importance.
[0083] The following sections provide detailed descriptions of each example. It should be noted that the order in which the embodiments are described is not intended to limit the preferred order of the embodiments.
[0084] In this embodiment, the description will be from the perspective of a key generation device integrated into a blockchain node. To facilitate the explanation of the key generation method of this application, the following will describe the key target blockchain node in the blockchain node in detail, that is, the key target blockchain node will be used as the execution subject for detailed explanation.
[0085] Please see Figure 3 , Figure 3 This is a flowchart illustrating a key generation method provided in an embodiment of this application. The key generation method may include:
[0086] S301. Obtain the system master private key of the blockchain system, which includes a preset number of blockchain nodes.
[0087] The master private key of a blockchain system is a random number. For example, a number can be randomly selected from [1, N-1] as the master private key, where N is a cyclic group G1, G2, ..., G T The order of a cyclic group is defined as follows: if every element of a group G is a power of some fixed element a, then G is called a cyclic group, and the fixed element a is called a generator of G.
[0088] The preset quantity is an integer greater than 1. Users can select the specific value of the preset quantity according to the actual situation, and this embodiment does not limit it.
[0089] A blockchain system can be a consortium blockchain, a public blockchain, or a private blockchain. Users can choose the type of blockchain system based on their actual needs; this embodiment does not impose any limitations.
[0090] The target blockchain node can obtain a random number as the system master private key upon receiving the blockchain system initialization command. Alternatively, the target blockchain node can also obtain a random number as the system master private key upon receiving the acquisition command, in which case it is not necessary to obtain the system master private key during blockchain system initialization. The user can choose the timing for obtaining the system master private key based on actual circumstances; this embodiment does not impose any limitations.
[0091] In some embodiments, after obtaining the system master private key, the target blockchain node can generate system parameters for the blockchain system based on the system master private key, and then store the system parameters in the genesis block of the blockchain system. This allows subsequent blockchain nodes in the blockchain system to retrieve the system parameters from the genesis block and generate a public key based on the user's identity information and the system parameters. The genesis block refers to the earliest block constructed in the blockchain and has a unique identifier.
[0092] The system parameters can be obtained by substituting the system master private key into the following formula:
[0093] P pub =[k]P2 (1)
[0094] P pub represents system parameters, k represents the system master private key, and P2 represents the generator of G2.
[0095] S302. Divide the system master private key into initial sub-private keys that match a preset number.
[0096] After obtaining the system master private key, the target blockchain node can randomly divide the system master private key into a preset number of sub-private keys.
[0097] Matching the preset number means that the number of initial sub-private keys is the same as the preset number. Alternatively, matching the preset number can also mean that the difference between the number of initial sub-private keys and the preset number is within a preset range (the number of initial sub-private keys is less than the preset number).
[0098] When the number of initial sub-private keys is the same as the preset number, the relationship between the initial sub-private keys and the system master private key can be:
[0099]
[0100] Where n represents the preset quantity, k represents the system master private key, and k j Let j represent the j-th initial sub-private key, where j = 1, 2, ..., n.
[0101] S303. Distribute each initial sub-private key to the target blockchain node in the blockchain node.
[0102] A target blockchain node is a blockchain node within a target blockchain node set. When the number of initial sub-private keys is the same as the preset number, every blockchain node in the blockchain system is a target blockchain node. When the number of initial sub-private keys is less than the preset number, only a subset of the blockchain nodes in the blockchain system are target blockchain nodes.
[0103] For example, if a blockchain system includes four blockchain nodes and the initial sub-private key includes three, then only three blockchain nodes in the blockchain system are the target blockchain nodes.
[0104] After obtaining each initial sub-private key, the target blockchain node stores one of the initial sub-private keys on its own node, and then distributes the other initial sub-private keys to other target blockchain nodes in the blockchain system.
[0105] For example, the target blockchain nodes include node A, node B, node C, and node D, and node A is the target blockchain node for the key. The initial sub-private keys include initial sub-private key k1, initial sub-private key k2, initial sub-private key k3, and initial sub-private key k4. Then node A stores initial sub-private key k1 in its own node, sends initial sub-private key k2 to node B for storage, sends initial sub-private key k3 to node C for storage, and sends initial sub-private key k4 to node D for storage.
[0106] In some embodiments, after the initial sub-private keys are distributed to the target blockchain nodes in the blockchain nodes, if a new blockchain node joins the blockchain system and the new blockchain node is also a target blockchain node, the new blockchain node can send an update instruction to the key target blockchain node, and the key target blockchain node will then re-divide the system master private key, so that the new blockchain node also has the corresponding initial sub-private key.
[0107] S304. Generate the target private key through each target blockchain node and its corresponding initial sub-private key.
[0108] After storing each initial sub-private key in each target blockchain node, if each target blockchain node stores the corresponding user's identity information, then the target private key corresponding to each target blockchain node in the blockchain system can be generated directly through each target blockchain node and its corresponding initial sub-private key, that is, the target private key corresponding to each identity information can be generated.
[0109] Alternatively, it can be done as follows: After obtaining the key generation request, generate the target private key corresponding to the key generation request through each target blockchain node and its corresponding initial sub-private key, based on the key generation request. The key generation request may include the user's identity information.
[0110] It should be noted that when a user needs to generate their target private key, the user can trigger the request from any node in the blockchain system, causing that node to generate a key generation request based on the user's trigger. The node triggered by the user can be the target blockchain node; alternatively, the node triggered by the user can be any other target blockchain node in the blockchain system besides the target blockchain node; or, when only a portion of the blockchain nodes are target blockchain nodes, the node triggered by the user can be a non-target blockchain node in the blockchain system, and then the non-target blockchain node forwards the key generation request to the target blockchain node.
[0111] In some embodiments, the process of generating a target private key using each target blockchain node and its corresponding initial sub-private key can be as follows: the key target blockchain node determines a first target sub-private key using the initial sub-private key corresponding to the starting target blockchain node, and determines the target sub-private key corresponding to each second target blockchain node using the second target blockchain node and its corresponding initial sub-private key. Here, the second target blockchain nodes are the target blockchain nodes other than the starting target blockchain node. It should be noted that when the key target blockchain node and the starting target blockchain node are the same target blockchain node, the second target blockchain node does not include the key target blockchain node; when the key target blockchain node and the starting target blockchain node are not the same target blockchain node, the second target blockchain node includes the key target blockchain node.
[0112] Then, the target sub-private key is sent to the key target blockchain node through the second target blockchain node. The key target blockchain node then determines the target private key based on the first target sub-private key and the target sub-private key corresponding to each second target blockchain node.
[0113] For example, if the target blockchain nodes include nodes A, B, C, and D, and node A is both the key target blockchain node and the initial target blockchain node, then nodes B, C, and D are all second target blockchain nodes. Node A determines the first target sub-private key using its corresponding initial sub-private key. Node A then determines the target sub-private key corresponding to node B using node B and its corresponding initial sub-private key, and sends this target sub-private key from node B to node A through node B.
[0114] Node A determines the target sub-private key corresponding to Node C using Node C and its corresponding initial sub-private key, and then sends the target sub-private key to Node C to Node A through Node C. Node A determines the target sub-private key corresponding to Node D using Node D and its corresponding initial sub-private key, and then sends the target sub-private key to Node D to Node A through Node D.
[0115] Node A then determines the target private key based on the first target sub-private key and the target sub-private keys corresponding to Nodes B, C, and D respectively.
[0116] In other embodiments, the process of generating a target private key from each target blockchain node and its corresponding initial sub-private key can be as follows:
[0117] The target blockchain node determines the first candidate private key using the initial sub-private key corresponding to the starting target blockchain node, and sends the first candidate private key to the current target blockchain node in the target blockchain node, so that the current target blockchain node can determine the second candidate private key using its own initial sub-private key and the first candidate private key.
[0118] If the current target blockchain node is the last node in the target blockchain, then the current target blockchain node sends the second candidate private key to the key target blockchain node, and the key target blockchain node uses the second candidate private key as the target private key.
[0119] If the current target blockchain node is not the last node in the target blockchain node, then the current target blockchain node is taken as the starting target blockchain node, the second candidate private key is taken as the first candidate private key, the next target blockchain node of the current target blockchain node is taken as the current target blockchain node, and the step of sending the first candidate private key to the current target blockchain node in the target blockchain node is returned.
[0120] At this point, if the target private key corresponding to the key generation request is generated based on the key generation request using each target blockchain node and its corresponding initial sub-private key, then the target private key corresponding to the key generation request generated using each target blockchain node and its corresponding initial sub-private key can include:
[0121] Obtain key generation request;
[0122] Determine a target blockchain node in the blockchain system as the starting target blockchain node, and take the next target blockchain node of the starting target blockchain node as the current target blockchain node;
[0123] Generate the first candidate private key based on the initial sub-private key and key generation request corresponding to the starting target blockchain node;
[0124] The first candidate private key is sent to the current target blockchain node through the starting target blockchain node, and the second candidate private key is generated by the current target blockchain node according to the initial sub-private key and the first candidate private key.
[0125] If the current target blockchain node is the last blockchain node in the target blockchain node, then the second candidate private key will be used as the target private key;
[0126] If the current target blockchain node is not the last blockchain node in the target blockchain node, then the current target blockchain node is taken as the starting target blockchain node, the second candidate private key is taken as the first candidate private key, the next target blockchain node of the current target blockchain node is taken as the current target blockchain node, and the process of sending the first candidate private key to the current target blockchain node through the starting target blockchain node is returned.
[0127] For example, the target blockchain nodes include node A, node B, and node C, where node C is the last blockchain node in the target blockchain, and node A is the key target blockchain node. When the initial target blockchain node is node A, the current target blockchain node is node B, and the next target blockchain node is node C, node A generates a first candidate private key based on its corresponding initial sub-private key and key generation request. Then, it sends the first candidate private key to node B, which generates a second candidate private key based on its corresponding initial sub-private key and the first candidate private key.
[0128] At this point, since node B is not the last blockchain node in the target blockchain, the second candidate private key is sent to node C through node B. Then, through node C, the third candidate private key is generated based on the initial sub-private key corresponding to node C and the second candidate private key.
[0129] That is, it is equivalent to taking node B as the new starting target blockchain node, taking node C as the current target blockchain node, taking the second candidate private key as the new first candidate private key, and then taking the new starting target blockchain node (node B) as the step of sending the new first candidate private key to the current target blockchain node (node C) in the target blockchain node.
[0130] After generating the third candidate private key through node C, since node C is the last blockchain node in the target blockchain, the third candidate private key is sent to the key target blockchain node, i.e., node A (the key target blockchain node will not change), through node C. The key target blockchain node then uses the third candidate private key as the target private key.
[0131] It should be noted that the target blockchain node for the key can be the starting target blockchain node, the current target blockchain node, or the next target blockchain node.
[0132] Furthermore, the target blockchain nodes can be arranged, and then the key target blockchain node can select one target blockchain node from the arranged target blockchain nodes as the starting target blockchain node, and the next target blockchain node of the starting target blockchain node can be used as the current target blockchain node.
[0133] Optionally, the target blockchain node can use the first-ranked target blockchain node as the starting target blockchain node and the second-ranked target blockchain node as the current target blockchain node. Alternatively, the target blockchain node can use the last-ranked target blockchain node as the starting target blockchain node and the second-to-last-ranked target blockchain node as the current target blockchain node.
[0134] The order of the target blockchain nodes can be fixed or variable. If the order is variable, the key target blockchain node can send the order of the target blockchain nodes to the current target blockchain node through the starting target blockchain node. This allows the key target blockchain node to determine whether the current target blockchain node is the last target blockchain node and which target blockchain node is the next target blockchain node, based on the order of the target blockchain nodes.
[0135] When the order of the target blockchain nodes is not fixed, determining one target blockchain node in the blockchain system as the starting target blockchain node, and taking the next target blockchain node as the current target blockchain node, includes:
[0136] Arrange the target blockchain nodes according to preset rules to obtain the arranged target blockchain nodes;
[0137] Select the initial target blockchain node from the sorted target blockchain nodes;
[0138] The next target blockchain node in the sorted target blockchain nodes is taken as the current target blockchain node;
[0139] If the current target blockchain node is not the last blockchain node in the target blockchain node list, the above method of taking the next target blockchain node as the current target blockchain node includes:
[0140] If the current target blockchain node is not the last blockchain node in the target blockchain node list, then the next target blockchain node in the sorted target blockchain node list will be taken as the current target blockchain node.
[0141] For example, if the target blockchain nodes include nodes A, B, and C, and node A is the target blockchain node for the key, then node A arranges nodes A, B, and C according to a preset rule. After the arrangement, the target blockchain nodes are nodes B, C, and A. Therefore, when directly calculating the first candidate private key for the first time, node B can be used as the starting target blockchain node, and the corresponding current target blockchain node is node C.
[0142] At this point, node A sends a key generation request to node B, which calculates the first candidate private key and sends it to node C.
[0143] Because node C is not the last node in the target blockchain, and node A is the next target blockchain node after C is sorted, node A takes node C as its new starting target blockchain node. Therefore, node A becomes the current target blockchain node, and the second candidate private key is sent to node A through node C. Node A then calculates the third candidate private key using its own initial sub-private key and the second candidate private key. Since node A is the last target blockchain node, the third candidate private key is the target private key.
[0144] The key target blockchain node can first select the starting target blockchain node from the sorted target blockchain nodes, and then select the current target blockchain node corresponding to the starting target blockchain node from the sorted target blockchain nodes through the starting target blockchain node.
[0145] It should be understood that the target blockchain node for the key can be obtained by arranging various target blockchain nodes according to a preset rule upon receiving an arrangement instruction. Alternatively, the target blockchain node for the key can also be obtained by arranging various target blockchain nodes according to a preset rule upon receiving a key generation request. This embodiment does not impose any limitations on this. The preset rule can be a random rule.
[0146] If the target blockchain node is arranged according to a preset rule after receiving the key generation request, then the target blockchain node can be arranged once for each target private key generated.
[0147] If the target blockchain node is arranged according to a preset rule when it receives the arrangement instruction, it can be that the target blockchain node is arranged once for each target private key generated, or it can be arranged once after at least two target private keys are generated.
[0148] In this embodiment, when generating the target private key, the target blockchain nodes are arranged in a different order, thereby increasing the difficulty of cracking the process of generating the target private key and ensuring the security of the generated target private key.
[0149] In other embodiments, the key generation request includes identity information; generating a first candidate private key through the starting target blockchain node, based on the initial sub-private key corresponding to the starting target blockchain node and the key generation request, includes:
[0150] The preset private key calculation formula is determined based on the preset encryption signature algorithm;
[0151] By substituting the initial sub-private key and identity information corresponding to the starting target blockchain node into the preset private key calculation formula, the first candidate private key is obtained.
[0152] Correspondingly, the second candidate private key is generated by the current target blockchain node based on the initial sub-private key and the first candidate private key, including:
[0153] The second candidate private key is obtained by substituting the initial sub-private key and the first candidate private key corresponding to the current target blockchain node into the preset private key calculation formula.
[0154] When different encryption signature algorithms are used, the private key calculation formula is also different. Therefore, in this embodiment, the preset private key calculation formula is first determined according to the preset encryption signature algorithm, and then the first candidate private key and the second candidate private key are calculated using the preset private key calculation formula.
[0155] The type of preset encryption signature algorithm can be selected according to the actual situation. For example, the preset encryption signature algorithm can be a certificateless national cryptographic algorithm, which can be the SM9 national cryptographic algorithm or the SM2 national cryptographic algorithm. This embodiment does not limit it.
[0156] In other embodiments, the preset encryption signature algorithm includes a certificateless national cryptographic algorithm, and the preset private key calculation formula includes a first preset formula, a second preset formula, a third preset formula, and a fourth preset formula.
[0157] By using the initial target blockchain node, the initial sub-private key and identity information corresponding to the initial target blockchain node are substituted into the preset private key calculation formula to obtain the first candidate private key, including:
[0158] By substituting the initial sub-private key corresponding to the starting target blockchain node into the first preset formula for calculation, the first candidate sub-private key is obtained.
[0159] Substitute the initial sub-private key and identity information corresponding to the starting target blockchain node into the second formula for calculation to obtain the second candidate sub-private key;
[0160] The first candidate private key is determined based on the first candidate sub-private key and the second candidate sub-private key.
[0161] Correspondingly, by substituting the initial sub-private key and the first candidate private key corresponding to the current target blockchain node into the preset private key calculation formula, the second candidate private key is obtained, including:
[0162] By substituting the initial sub-private key and the first candidate sub-private key corresponding to the current target blockchain node into the third preset formula, the third candidate sub-private key is obtained.
[0163] Substitute the initial sub-private key and the second candidate sub-private key corresponding to the current target blockchain node into the fourth preset formula for calculation to obtain the fourth candidate sub-private key;
[0164] The second candidate private key is determined based on the third and fourth candidate sub-private keys.
[0165] The certificateless national cryptographic algorithm can be the SM9 national cryptographic algorithm. The private key calculation formula for the SM9 national cryptographic algorithm is:
[0166]
[0167] Where, d A Indicates the target private key, ID A The user identifier represents the identity information, k represents the system master private key, H1() represents the cryptographic function, N represents the order of the cyclic group, hid represents the user key generation function identifier, and P1 represents the generator of G1.
[0168] The first preset formula can be:
[0169] r1=[k1]P1 (4)
[0170] r1 represents the first candidate sub-private key, and k1 represents the initial sub-private key corresponding to the starting target blockchain node.
[0171] The second preset formula can be:
[0172] R1 = H1(ID) A ||hid,N)+k1 (5)
[0173] R1 represents the second candidate sub-private key.
[0174] The third preset formula can be:
[0175]
[0176] r i This represents the third candidate private key, where i represents the current target blockchain node, and k represents the third candidate private key. i This represents the initial sub-private key corresponding to the current target blockchain node.
[0177] The fourth preset formula can be:
[0178]
[0179] R i This represents the fourth candidate child private key.
[0180] That is, the target blockchain node takes the initial sub-private key corresponding to the starting target blockchain node and substitutes it into the first preset formula to perform calculations to obtain the first candidate sub-private key; substitutes the initial sub-private key and identity information corresponding to the starting target blockchain node into the second preset formula to perform calculations to obtain the second candidate sub-private key; and uses the first candidate sub-private key and the second candidate sub-private key as the first candidate private key, that is, the first candidate private key includes the first candidate sub-private key and the second candidate sub-private key.
[0181] Then, the first candidate private key is sent to the current target blockchain node through the initial target blockchain node. Using the current target blockchain node, the initial sub-private key and the first candidate sub-private key are substituted into the third preset formula for calculation to obtain the third candidate sub-private key; the initial sub-private key and the second candidate sub-private key are substituted into the fourth preset formula for calculation to obtain the fourth candidate sub-private key; and the third and fourth candidate sub-private keys are used as the second candidate private key.
[0182] If the current target blockchain node is the last target blockchain node, that is, the current target blockchain node is the nth target blockchain node, then the second candidate private key can be determined by dividing the third candidate private key by the fourth candidate private key to obtain the second candidate private key.
[0183] That is, the entire calculation process of the current target blockchain node is as follows:
[0184]
[0185] In this embodiment, the preset encryption signature algorithm adopts the certificateless national cryptographic algorithm, and then the target private key is calculated using the preset private key calculation formula corresponding to the certificateless national cryptographic algorithm.
[0186] In other embodiments, after obtaining the key generation request, the method further includes:
[0187] Generate the target public key based on the key generation request;
[0188] After generating the target private key corresponding to the key generation request using each target blockchain node and its corresponding initial sub-private key according to the key generation request, the process also includes:
[0189] Obtain the data to be processed;
[0190] Perform a hash operation on the data to be processed to obtain the target message digest;
[0191] The target message digest is signed using the target private key to obtain the target signature result;
[0192] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key and process the data to be processed when the verification is successful.
[0193] The process of generating a target public key based on a key generation request can be as follows: The target blockchain node calculates the target public key based on the identity information in the key generation request and the system parameters obtained from the genesis block, and then broadcasts the target public key so that verification blockchain nodes can obtain it. The verification blockchain nodes are the nodes that generate the blocks.
[0194] Alternatively, the target blockchain node can generate and store only the target private key, without storing the target public key. When the target blockchain node needs to use the target public key, it obtains the system parameters from the genesis block and calculates the target public key based on the identity information and system parameters.
[0195] Then, if the verification blockchain node needs to obtain the target public key, the verification blockchain node obtains the system parameters from the genesis block and calculates the target public key based on the identity information and system parameters.
[0196] Since the target private key and the target public key are a pair of keys, the identity information for generating the target public key is the same as that for generating the target private key. That is, when the target public key is generated, the identity information in the target blockchain node is the same as that in the verification blockchain node.
[0197] After generating the target private key and target public key, these keys can be used to implement business operations through the blockchain system. These operations can be transactional or data storage. Therefore, the target blockchain node, upon receiving the data to be processed, performs a hash operation on the data to obtain a target message digest. Then, it signs the target message digest using the target private key to obtain the target signature result. Finally, the target signature result and the data to be processed are sent to the verification blockchain node, which then verifies the target signature result using the target public key and processes the data upon successful verification.
[0198] The process of verifying the blockchain node's processing of the data to be processed can be as follows: the verification blockchain node packages the data to be processed and generates blocks.
[0199] The verification process of a blockchain node using the target public key to verify the target signature result can be as follows: the target public key is used to verify the target signature result. If the verification is successful, the target message digest is obtained, and the data to be processed is hashed again to obtain the initial message digest. If the initial message digest and the target message digest are consistent, then the verification of the target signature result using the target public key is successful.
[0200] Since the verification blockchain node also has a corresponding public key and private key, the target blockchain node can also use the public key corresponding to the verification blockchain node to encrypt the data to be processed, obtain the encrypted data to be processed, and then send the encrypted data to be processed and the target signature result together to the verification blockchain node.
[0201] The verification blockchain node first verifies the target signature result using the target's public key. If the verification passes, it obtains the target message digest. Then, it decrypts the encrypted data to be processed using its own private key to obtain the data to be processed. Next, it performs another hash operation on the data to be processed to obtain the initial message digest. If the initial message digest matches the target message digest, then the verification of the target signature result using the target's public key passes.
[0202] It should be noted that, to prevent the target message digest from being cracked and to further ensure security, the target blockchain node can use the target private key to sign the target message digest and system parameters, obtaining the target signature result. Then, the verification blockchain node uses the target public key and system parameters to verify the target signature result.
[0203] In other embodiments, the target message digest is signed using the target private key to obtain the target signature result, including:
[0204] Based on the certificateless national cryptographic algorithm, the target message digest is signed using the target private key to obtain the target signature result;
[0205] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key, and process the data to be processed if the verification is successful, including:
[0206] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key according to the certificateless national cryptographic algorithm, and process the data to be processed when the verification is successful.
[0207] Because the certificateless national cryptographic algorithm is a national cryptographic algorithm, in this embodiment, the target message digest is signed using the target private key according to the certificateless national cryptographic algorithm, which complies with the national cryptographic standards and can guarantee the security of the blockchain system.
[0208] Furthermore, by using a certificateless national cryptographic algorithm for signing and encryption, there is no need to apply for and exchange digital certificates. Therefore, in this embodiment, the target message digest is signed using the target private key according to the certificateless national cryptographic algorithm to obtain the target signature result, which eliminates the need to manage digital certificates and thus reduces the cost of managing digital certificates.
[0209] It should be noted that the target blockchain node can also encrypt the data to be processed using the public key of the verification blockchain node according to the certificateless national cryptographic algorithm, thus obtaining the encrypted data to be processed. Then, the verification blockchain node decrypts the encrypted data to be processed using its own private key according to the certificateless national cryptographic algorithm.
[0210] Optionally, the target blockchain node can also encrypt the data to be processed and system parameters using the public key of the verification blockchain node according to a certificateless national cryptographic algorithm, obtaining encrypted data to be processed. Then, the verification blockchain node decrypts the encrypted data to be processed using its own private key according to the certificateless national cryptographic algorithm. After decryption, if the system parameters in the encrypted data to be processed are consistent with the system parameters obtained from the genesis block, it indicates that the encrypted data to be processed has not been modified, thereby further ensuring security.
[0211] As can be seen from the above, in this embodiment, the system master private key of the blockchain system is first obtained, and the blockchain system includes a preset number of blockchain nodes. Then, the system master private key is divided into initial sub-private keys matching the preset number. Next, each initial sub-private key is distributed to the target blockchain nodes. Finally, the target private key is generated using each target blockchain node and its corresponding initial sub-private key.
[0212] In this embodiment of the application, since the obtained system master private key is divided into initial sub-private keys matching a preset number, and each initial sub-private key is distributed to the target blockchain node in the blockchain node, the target private key can be generated through each target blockchain node and its corresponding initial sub-private key, so that the target private key does not need to be generated through the key generation center, thereby achieving decentralization.
[0213] The methods described in the above embodiments will be further explained in detail below with examples.
[0214] This embodiment uses the key generation device integrated into the terminal as an example. Please refer to [link to example]. Figure 4 , Figure 4 This is a flowchart illustrating the key generation method provided in an embodiment of this application. The key generation method may include:
[0215] S401. The target blockchain node obtains the system master private key of the blockchain system, which includes a preset number of blockchain nodes.
[0216] In this embodiment, the current encryption and signature algorithms in the blockchain are replaced with the SM9 national cryptographic algorithm, for example, such as... Figure 5 As shown. Therefore, when a user needs to generate private and public keys, the user can trigger the target blockchain node to obtain the system's master private key. The system master private key can be generated during the initialization of the blockchain system.
[0217] S402. The target blockchain node divides the system master private key into a preset number of initial sub-private keys and distributes each initial sub-private key to the target blockchain node in the blockchain node.
[0218] S403. The target blockchain node obtains the arrangement instruction and, based on the arrangement instruction, arranges each target blockchain node according to a preset rule to obtain the arrangement order of the target blockchain nodes.
[0219] S404. The target blockchain node selects the starting target blockchain node from the target blockchain nodes according to the sorting order and obtains the key generation request.
[0220] S405. The target blockchain node sends the key generation request and sorting order to the starting target blockchain node.
[0221] S406. The target blockchain node, through the starting target blockchain node, substitutes the initial sub-private key corresponding to the starting target blockchain node into the first preset formula of the certificateless national cryptographic algorithm to perform calculations, thereby obtaining the first candidate sub-private key. Then, it substitutes the initial sub-private key corresponding to the starting target blockchain node and the identity information in the key generation request into the second preset formula of the certificateless national cryptographic algorithm to perform calculations, thereby obtaining the second candidate sub-private key.
[0222] S407. The target blockchain node for the key is selected from the target blockchain nodes according to the order of the initial target blockchain node.
[0223] S408. The target blockchain node sends the first candidate sub-private key, the second candidate sub-private key, and their order to the current target blockchain node through the starting target blockchain node.
[0224] For example, such as Figure 6 As shown. At this point, the initial target blockchain node is blockchain node 1, the current blockchain node is blockchain node i, the first candidate sub-private key is r1 = [k1]P1, and the second candidate sub-private key is R1 = H1(ID). A ||hid,N)+k1. Blockchain node 1 sends the first candidate sub-private key, the second candidate sub-private key, and their order to blockchain node i.
[0225] S409. The target blockchain node, through the current target blockchain node, substitutes the initial sub-private key and the first candidate sub-private key corresponding to the current target blockchain node into the second preset formula of the certificateless national cryptographic algorithm for calculation to obtain the third candidate sub-private key. Then, it substitutes the initial sub-private key and the second candidate sub-private key corresponding to the current target blockchain node into the fourth preset formula of the certificateless national cryptographic algorithm for calculation to obtain the fourth candidate sub-private key.
[0226] S4010. If the current target blockchain node is the last blockchain node among the target blockchain nodes, the key target blockchain node determines the target private key through the current target blockchain node based on the third candidate sub-private key and the fourth candidate sub-private key.
[0227] For example, such as Figure 6 As shown, if the current target blockchain node is the last blockchain node in the target blockchain node, that is, the current target blockchain node is blockchain node n, then the target private key is determined through the current target blockchain node based on the third candidate sub-private key and the fourth candidate sub-private key.
[0228] S4011. If the current target blockchain node is not the last blockchain node in the target blockchain, the key target blockchain node will select the next target blockchain node from the target blockchain according to the order of arrangement of the current target blockchain node.
[0229] S4012, The target blockchain node takes the current target blockchain node as the starting target blockchain node, takes the next target blockchain node as the current target blockchain node, takes the third candidate sub-private key as the first candidate sub-private key, takes the fourth candidate sub-private key as the second candidate sub-private key, and returns to execute S408.
[0230] for example, Figure 6 As shown, if the current target blockchain node is not the last blockchain node in the target blockchain node, then the third candidate sub-private key and the fourth candidate sub-private key are sent to the next target blockchain node through the current target blockchain node. This is equivalent to taking the current target blockchain node as the starting target blockchain node, taking the next target blockchain node as the current target blockchain node, taking the third candidate sub-private key as the first candidate sub-private key, taking the fourth candidate sub-private key as the second candidate sub-private key, and returning to execute S408.
[0231] S4013. The target blockchain node determines the system parameters based on the system master private key and stores the system parameters in the genesis block.
[0232] After replacing the current encryption and signature algorithms in the blockchain with the SM9 national cryptographic algorithm, the blockchain system can function as follows: Figure 7 As shown.
[0233] When the blockchain system is a consortium blockchain system, the consortium blockchain system can be as follows: Figure 8 As shown, the consortium blockchain system includes organization a, organization b, organization c, and organization d, and each organization includes multiple target blockchain nodes. The generation process of the consortium blockchain system can then be as follows: Figure 9 As shown.
[0234] It should be noted that when the blockchain system is a consortium blockchain system, all blockchain nodes within the same organization can be the target blockchain node. Alternatively, a single blockchain node can be selected from the same organization as the target blockchain node. In this case, the preset number can also be used to represent the number of organizations.
[0235] When all blockchain nodes within the same organization are target blockchain nodes, the target blockchain node can first divide the system master private key into a first number of initial sub-private keys, where the first number is the number of organizations, meaning each organization has a corresponding initial sub-private key. Then, each initial sub-private key is sent to its respective organization, which then further divides its own initial sub-private key to obtain final sub-private keys, ensuring that each blockchain node within the organization has a corresponding final sub-private key.
[0236] S4014. The target blockchain node obtains the data to be processed and performs a hash operation on the data to be processed to obtain the target message digest.
[0237] S4015. The target blockchain node uses the target private key to sign the target message digest and system parameters according to the certificateless national cryptographic algorithm, and obtains the target signature result. Then, it uses the public key of the verification blockchain node to encrypt the data to be processed and the system parameters, and obtains the encrypted data to be processed.
[0238] S4016. The target blockchain node sends the target signature result and the encrypted data to be processed to the verification blockchain node. The verification blockchain node verifies the target signature result using the target public key and system parameters according to the certificateless national cryptographic algorithm. When the verification is successful, the target message digest is obtained.
[0239] Verifying blockchain nodes can obtain identity information and system parameters from the genesis block, and then determine the target public key based on the identity information and system parameters.
[0240] S4017. The target blockchain node verifies the blockchain node and, based on the certificateless national cryptographic algorithm, uses the private key corresponding to the verification blockchain node and system parameters to decrypt the encrypted data to be processed. When the decryption is successful, the data to be processed is obtained. A hash operation is performed on the data to be processed to obtain the initial message digest.
[0241] S4018. If the initial message digest and the target message digest are the same, the target blockchain node will process the data to be processed by verifying the blockchain node.
[0242] In this embodiment, the obtained system master private key is divided into a preset number of initial sub-private keys, and each initial sub-private key is distributed to the target blockchain nodes in the blockchain node. Therefore, the target private key can be generated by each target blockchain node using the initial sub-private key corresponding to each target blockchain node according to the certificateless national cryptographic algorithm, so that the target private key does not need to be generated through the key generation center, thereby achieving decentralization.
[0243] When generating the target private key, the target blockchain nodes are arranged in a different order, which increases the difficulty of cracking the process of generating the target private key and thus ensures the security of the generated target private key.
[0244] Because the certificateless national cryptographic algorithm is a national cryptographic algorithm, in this embodiment, the target private key is used to sign the target message digest and system parameters according to the certificateless national cryptographic algorithm, which complies with the national cryptographic standards and can guarantee the security of the blockchain system.
[0245] Furthermore, by using a certificateless national cryptographic algorithm for signing and encryption, there is no need to apply for and exchange digital certificates. Therefore, in this embodiment, the target message digest and system parameters are signed using the target private key according to the certificateless national cryptographic algorithm to obtain the target signature result, which eliminates the need to manage digital certificates and thus reduces the cost of managing digital certificates.
[0246] The specific implementation process of each step in this embodiment can be referred to the above key generation method embodiment, and will not be repeated here.
[0247] To facilitate better implementation of the key generation method provided in the embodiments of this application, the embodiments of this application also provide an apparatus based on the above-described key generation method. The meanings of the terms used are the same as in the key generation method described above, and specific implementation details can be found in the descriptions in the method embodiments.
[0248] For example, such as Figure 10 As shown, the key generation device may include:
[0249] The acquisition module 1001 is used to acquire the system master private key of the blockchain system, which includes a preset number of blockchain nodes.
[0250] The module 1002 is used to divide the system master private key into initial sub-private keys that match a preset number.
[0251] The distribution module 1003 is used to distribute each initial sub-private key to the target blockchain node in the blockchain node.
[0252] The generation module 1004 is used to generate target private keys through each target blockchain node and its corresponding initial sub-private key.
[0253] Optionally, the generation module 1004 is specifically used to execute:
[0254] Obtain key generation request;
[0255] Determine a target blockchain node in the blockchain system as the starting target blockchain node, and take the next target blockchain node of the starting target blockchain node as the current target blockchain node;
[0256] Generate the first candidate private key based on the initial sub-private key and key generation request corresponding to the starting target blockchain node;
[0257] The first candidate private key is sent to the current target blockchain node through the starting target blockchain node, and the second candidate private key is generated by the current target blockchain node according to the initial sub-private key and the first candidate private key.
[0258] If the current target blockchain node is the last blockchain node in the target blockchain node, then the second candidate private key will be used as the target private key;
[0259] If the current target blockchain node is not the last blockchain node in the target blockchain node, then the current target blockchain node is taken as the starting target blockchain node, the second candidate private key is taken as the first candidate private key, the next target blockchain node in the current target blockchain node is taken as the current target blockchain node, and the process of sending the first candidate private key to the current target blockchain node in the target blockchain node through the starting target blockchain node is returned.
[0260] Optionally, the key generation request may include identity information.
[0261] Accordingly, the generation module 1004 is specifically used to execute:
[0262] The preset private key calculation formula is determined based on the preset encryption signature algorithm;
[0263] By substituting the initial sub-private key corresponding to the initial target blockchain node and the identity information into the preset private key calculation formula, the first candidate private key is obtained.
[0264] The second candidate private key is obtained by substituting the initial sub-private key and the first candidate private key corresponding to the current target blockchain node into the preset private key calculation formula.
[0265] Optionally, the preset encryption signature algorithm includes a certificateless national cryptographic algorithm, and the preset private key calculation formula includes a first preset formula, a second preset formula, a third preset formula, and a fourth preset formula.
[0266] Accordingly, the generation module 1004 is specifically used to execute:
[0267] By substituting the initial sub-private key corresponding to the starting target blockchain node into the first preset formula for calculation, the first candidate sub-private key is obtained.
[0268] Substitute the initial sub-private key and identity information corresponding to the starting target blockchain node into the second formula for calculation to obtain the second candidate sub-private key;
[0269] The first candidate private key is determined based on the first candidate sub-private key and the second candidate private key;
[0270] The initial sub-private key and the first candidate sub-private key corresponding to the current target blockchain node are substituted into the third preset formula for calculation to obtain the third candidate sub-private key. The initial sub-private key and the second candidate sub-private key corresponding to the current target blockchain node are substituted into the fourth preset formula for calculation to obtain the fourth candidate sub-private key. The second candidate sub-private key is determined based on the third candidate sub-private key and the fourth candidate sub-private key.
[0271] Optionally, the generation module 1004 is specifically used to execute:
[0272] Arrange the target blockchain nodes according to preset rules to obtain the arranged target blockchain nodes;
[0273] Select the initial target blockchain node from the sorted target blockchain nodes;
[0274] The next target blockchain node in the sorted target blockchain nodes will be taken as the current target blockchain node.
[0275] If the current target blockchain node is not the last blockchain node in the target blockchain node sequence, then the next target blockchain node in the sequence after the current target blockchain node is arranged will be taken as the current target blockchain node.
[0276] Optionally, the generation module 1004 is also used to perform:
[0277] Generate the target public key based on the key generation request.
[0278] Accordingly, the key generation device also includes:
[0279] The processing module is used to execute:
[0280] Obtain the data to be processed;
[0281] Perform a hash operation on the data to be processed to obtain the target message digest;
[0282] The target message digest is signed using the target's private key to obtain the target signature result;
[0283] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key and process the data to be processed when the verification is successful.
[0284] Optionally, the processing module is specifically used to execute:
[0285] Based on the certificateless national cryptographic algorithm, the target message digest is signed using the target private key to obtain the target signature result.
[0286] The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key according to the certificateless national cryptographic algorithm, and process the data to be processed when the verification is successful.
[0287] In practice, each of the above modules can be implemented as an independent entity or can be combined arbitrarily to be implemented as the same or several entities. For the specific implementation methods and corresponding beneficial effects of each of the above modules, please refer to the previous method embodiments, which will not be repeated here.
[0288] This application also provides a blockchain node, such as... Figure 11 As shown, it illustrates a schematic diagram of the structure of a blockchain node involved in an embodiment of this application. Specifically:
[0289] The blockchain node may include components such as a processor 1101 with one or more processing cores, a memory 1102 with one or more computer-readable storage media, a power supply 1103, and an input unit 1104. Those skilled in the art will understand that... Figure 11 The blockchain node structure shown does not constitute a limitation on blockchain nodes and may include more or fewer components than illustrated, or combine certain components, or have different component arrangements. Wherein:
[0290] The processor 1101 is the control center of the blockchain node, connecting various parts of the entire blockchain node through various interfaces and lines. It executes various functions of the blockchain node and processes data by running or executing computer programs and / or modules stored in the memory 1102, and by calling data stored in the memory 1102. Optionally, the processor 1101 may include one or more processing cores; preferably, the processor 1101 may integrate an application processor and a modem processor, wherein the application processor mainly handles the operating system, user interface, and applications, and the modem processor mainly handles wireless communication. It is understood that the modem processor may not be integrated into the processor 1101.
[0291] The memory 1102 can be used to store computer programs and modules. The processor 1101 executes various functional applications and data processing by running the computer programs and modules stored in the memory 1102. The memory 1102 may mainly include a program storage area and a data storage area. The program storage area may store the operating system, computer programs required for at least one function (such as sound playback function, image playback function, etc.), etc.; the data storage area may store data created based on the use of blockchain nodes, etc. In addition, the memory 1102 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 1102 may also include a memory controller to provide the processor 1101 with access to the memory 1102.
[0292] The blockchain node also includes a power supply 1103 that supplies power to the various components. Preferably, the power supply 1103 can be logically connected to the processor 1101 through a power management system, thereby enabling functions such as charging, discharging, and power consumption management through the power management system. The power supply 1103 may also include one or more DC or AC power supplies, recharging systems, power fault detection circuits, power converters or inverters, power status indicators, and other arbitrary components.
[0293] The blockchain node may also include an input unit 1104, which can be used to receive input digital or character information, and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
[0294] Although not shown, a blockchain node may also include a display unit, etc., which will not be described in detail here. Specifically, in this embodiment, the processor 1101 in the blockchain node loads the executable files corresponding to the processes of one or more computer programs into the memory 1102 according to the following instructions, and the processor 1101 runs the computer programs stored in the memory 1102 to realize various functions, such as:
[0295] Obtain the system master private key of the blockchain system, which includes a preset number of blockchain nodes;
[0296] Divide the system master private key into initial sub-private keys that match a preset number;
[0297] Distribute each initial sub-private key to the target blockchain node in the blockchain node;
[0298] The target private key is generated by each target blockchain node and its corresponding initial sub-private key.
[0299] For details on the specific implementation methods and corresponding beneficial effects of the above operations, please refer to the detailed description of the image processing methods above, which will not be repeated here.
[0300] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be performed by a computer program, or by a computer program controlling related hardware. The computer program can be stored in a computer-readable storage medium and loaded and executed by a processor.
[0301] Therefore, embodiments of this application provide a computer-readable storage medium storing a computer program that can be loaded by a processor to execute the steps of any of the key generation methods provided in embodiments of this application. For example, the computer program can execute the following steps:
[0302] Obtain the system master private key of the blockchain system, which includes a preset number of blockchain nodes;
[0303] Divide the system master private key into initial sub-private keys that match a preset number;
[0304] Distribute each initial sub-private key to the target blockchain node in the blockchain node;
[0305] The target private key is generated by each target blockchain node and its corresponding initial sub-private key.
[0306] For details on the specific implementation methods and corresponding beneficial effects of the above operations, please refer to the previous embodiments, which will not be repeated here.
[0307] The computer-readable storage medium may include: read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.
[0308] Since the computer program stored in the computer-readable storage medium can execute the steps of any key generation method provided in the embodiments of this application, the beneficial effects that any key generation method provided in the embodiments of this application can achieve can be realized, as detailed in the preceding embodiments, and will not be repeated here.
[0309] According to one aspect of this application, a computer program product or computer program is provided, comprising computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the aforementioned key generation method.
[0310] The foregoing has provided a detailed description of a key generation method, apparatus, blockchain node, and computer-readable storage medium provided in the embodiments of this application. Specific examples have been used to illustrate the principles and implementation methods of this application. The descriptions of the embodiments above are only for the purpose of helping to understand the method and core ideas of this application. At the same time, for those skilled in the art, there will be changes in the specific implementation methods and application scope based on the ideas of this application. Therefore, the content of this specification should not be construed as a limitation of this application.
Claims
1. A key generation method, characterized in that, include: Obtain the system master private key of the blockchain system, which includes a preset number of blockchain nodes; The system master private key is divided into initial sub-private keys that match the preset number; Distribute each of the initial sub-private keys to the target blockchain nodes in the blockchain nodes; Generating a target private key using each target blockchain node and its corresponding initial sub-private key includes: obtaining a key generation request; determining one target blockchain node in the blockchain system as the starting target blockchain node, and designating the next target blockchain node of the starting target blockchain node as the current target blockchain node; generating a first candidate private key using the starting target blockchain node based on the initial sub-private key corresponding to the starting target blockchain node and the key generation request; sending the first candidate private key to the current target blockchain node using the starting target blockchain node, and generating a second candidate private key using the current target blockchain node based on the initial sub-private key corresponding to the current target blockchain node and the first candidate private key; if the current target blockchain node is the last blockchain node among the target blockchain nodes, then using the second candidate private key as the target private key; if the current target blockchain node is not the last blockchain node among the target blockchain nodes, then using the current target blockchain node as the starting target blockchain node, using the second candidate private key as the first candidate private key, designating the next target blockchain node of the current target blockchain node as the current target blockchain node, and returning to execute the step of sending the first candidate private key to the current target blockchain node using the starting target blockchain node.
2. The key generation method according to claim 1, characterized in that, The key generation request includes identity information; The step of generating a first candidate private key through the starting target blockchain node, based on the initial sub-private key corresponding to the starting target blockchain node and the key generation request, includes: The preset private key calculation formula is determined based on the preset encryption signature algorithm; Using the starting target blockchain node, the initial sub-private key corresponding to the starting target blockchain node and the identity information are substituted into the preset private key calculation formula for calculation to obtain the first candidate private key; The step of generating a second candidate private key by means of the current target blockchain node based on the initial sub-private key corresponding to the current target blockchain node and the first candidate private key includes: The initial sub-private key and the first candidate private key corresponding to the current target blockchain node are substituted into the preset private key calculation formula to obtain the second candidate private key.
3. The key generation method according to claim 2, characterized in that, The preset encryption signature algorithm includes a certificate-free national cryptographic algorithm, and the preset private key calculation formula includes a first preset formula, a second preset formula, a third preset formula, and a fourth preset formula; The step of substituting the initial sub-private key corresponding to the initial target blockchain node and the identity information into the preset private key calculation formula to obtain the first candidate private key includes: By substituting the initial sub-private key corresponding to the starting target blockchain node into the first preset formula for calculation, a first candidate sub-private key is obtained. Substitute the initial sub-private key corresponding to the starting target blockchain node and the identity information into the second preset formula for calculation to obtain the second candidate sub-private key; The first candidate private key is determined based on the first candidate sub-private key and the second candidate private key; The step of substituting the initial sub-private key corresponding to the current target blockchain node and the first candidate private key into the preset private key calculation formula to obtain the second candidate private key includes: By substituting the initial sub-private key and the first candidate sub-private key corresponding to the current target blockchain node into the third preset formula for calculation, the third candidate sub-private key is obtained. Substitute the initial sub-private key and the second candidate sub-private key corresponding to the current target blockchain node into the fourth preset formula for calculation to obtain the fourth candidate sub-private key; The second candidate private key is determined based on the third candidate sub-private key and the fourth candidate sub-private key.
4. The key generation method according to claim 1, characterized in that, The step of determining a target blockchain node in the blockchain system as the starting target blockchain node, and designating the next target blockchain node of the starting target blockchain node as the current target blockchain node, includes: The target blockchain nodes are arranged according to preset rules to obtain the arranged target blockchain nodes; Select the initial target blockchain node from the arranged target blockchain nodes; Based on the arrangement, the next target blockchain node after the starting target blockchain node is taken as the current target blockchain node; If the current target blockchain node is not the last blockchain node among the target blockchain nodes, then the step of taking the next target blockchain node as the current target blockchain node includes: Based on the arrangement, the next target blockchain node after the current target blockchain node is taken as the current target blockchain node.
5. The key generation method according to any one of claims 1-4, characterized in that, Following the key generation request, the following is also included: Generate the target public key according to the key generation request; After generating the target private key corresponding to the key generation request using each of the target blockchain nodes and their corresponding initial sub-private keys according to the key generation request, the process further includes: Obtain the data to be processed; Perform a hash operation on the data to be processed to obtain the target message digest; The target message digest is signed using the target private key to obtain the target signature result; The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key, and process the data to be processed when the verification is successful.
6. The key generation method according to claim 5, characterized in that, The step of signing the target message digest using the target private key to obtain the target signature result includes: According to the certificateless national cryptographic algorithm, the target message digest is signed using the target private key to obtain the target signature result; The step of sending the target signature result and the data to be processed to a verification blockchain node, so that the verification blockchain node verifies the target signature result using the target public key, and processes the data to be processed when the verification is successful, includes: The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node verifies the target signature result using the target public key according to the certificateless national cryptographic algorithm, and processes the data to be processed when the verification is successful.
7. A key generation device, characterized in that, include: The acquisition module is used to acquire the system master private key of the blockchain system, which includes a preset number of blockchain nodes; A segmentation module is used to segment the system master private key into initial sub-private keys that match the preset number; The distribution module is used to distribute each of the initial sub-private keys to the target blockchain nodes in the blockchain nodes; The generation module is used to generate target private keys using each target blockchain node and its corresponding initial sub-private key, including: obtaining a key generation request; determining one target blockchain node in the blockchain system as the starting target blockchain node, and designating the next target blockchain node of the starting target blockchain node as the current target blockchain node; generating a first candidate private key using the starting target blockchain node, based on the initial sub-private key corresponding to the starting target blockchain node and the key generation request; sending the first candidate private key to the current target blockchain node using the starting target blockchain node, and generating a first candidate private key using the initial sub-private key corresponding to the current target blockchain node and the initial sub-private key corresponding to the current target blockchain node. The initial private key and the first candidate private key are used to generate a second candidate private key; if the current target blockchain node is the last blockchain node among the target blockchain nodes, then the second candidate private key is used as the target private key; if the current target blockchain node is not the last blockchain node among the target blockchain nodes, then the current target blockchain node is used as the starting target blockchain node, the second candidate private key is used as the first candidate private key, the next target blockchain node of the current target blockchain node is used as the current target blockchain node, and the process returns to the step of sending the first candidate private key to the current target blockchain node through the starting target blockchain node.
8. The key generation apparatus according to claim 7, characterized in that, The key generation request includes identity information; The generation module is specifically used to execute: The preset private key calculation formula is determined based on the preset encryption signature algorithm; Using the starting target blockchain node, the initial sub-private key corresponding to the starting target blockchain node and the identity information are substituted into the preset private key calculation formula for calculation to obtain the first candidate private key; The initial sub-private key and the first candidate private key corresponding to the current target blockchain node are substituted into the preset private key calculation formula to obtain the second candidate private key.
9. The key generation apparatus according to claim 8, characterized in that, The preset encryption signature algorithm includes a certificate-free national cryptographic algorithm, and the preset private key calculation formula includes a first preset formula, a second preset formula, a third preset formula, and a fourth preset formula; The generation module is specifically used to execute: By substituting the initial sub-private key corresponding to the starting target blockchain node into the first preset formula for calculation, a first candidate sub-private key is obtained. Substitute the initial sub-private key corresponding to the starting target blockchain node and the identity information into the second preset formula for calculation to obtain the second candidate sub-private key; The first candidate private key is determined based on the first candidate sub-private key and the second candidate private key; The initial sub-private key and the first candidate sub-private key corresponding to the current target blockchain node are substituted into the third preset formula for calculation to obtain the third candidate sub-private key. The initial sub-private key and the second candidate sub-private key corresponding to the current target blockchain node are substituted into the fourth preset formula for calculation to obtain the fourth candidate sub-private key. The second candidate private key is determined based on the third candidate sub-private key and the fourth candidate sub-private key.
10. The key generation apparatus according to claim 7, characterized in that, The generation module is specifically used to execute: The target blockchain nodes are arranged according to preset rules to obtain the arranged target blockchain nodes; Select the initial target blockchain node from the arranged target blockchain nodes; The next target blockchain node in the arranged target blockchain nodes is taken as the current target blockchain node; If the current target blockchain node is not the last blockchain node in the target blockchain nodes, then the next target blockchain node in the arranged target blockchain nodes will be taken as the current target blockchain node.
11. The key generation apparatus according to any one of claims 7 to 10, characterized in that, The generation module is also used to perform: Generate the target public key according to the key generation request; The key generation device further includes: The processing module is used to execute: Obtain the data to be processed; Perform a hash operation on the data to be processed to obtain the target message digest; The target message digest is signed using the target private key to obtain the target signature result; The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node can verify the target signature result using the target public key, and process the data to be processed when the verification is successful.
12. The key generation apparatus according to claim 11, characterized in that, The processing module is specifically used to execute: According to the certificateless national cryptographic algorithm, the target message digest is signed using the target private key to obtain the target signature result; The target signature result and the data to be processed are sent to the verification blockchain node, so that the verification blockchain node verifies the target signature result using the target public key according to the certificateless national cryptographic algorithm, and processes the data to be processed when the verification is successful.
13. A blockchain node, characterized in that, It includes a processor and a memory, the memory storing a computer program, and the processor running the computer program in the memory to perform the key generation method according to any one of claims 1 to 6.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program adapted for loading by a processor to execute the key generation method according to any one of claims 1 to 6.
15. A computer program product, characterized in that, The computer program product stores a computer program adapted for loading by a processor to execute the key generation method according to any one of claims 1 to 6.