A blockchain-based nested signature collaborative evidence storage system and method
By using a blockchain-nested signature collaborative evidence storage system, the problems of controlling the signing order of multiple parties and the large amount of signature data and high verification overhead are solved, achieving highly secure and reliable multi-party collaborative evidence storage, and improving the system's operating efficiency and applicability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SOUTHEAST UNIV
- Filing Date
- 2026-03-09
- Publication Date
- 2026-06-05
AI Technical Summary
Existing blockchain-based evidence storage technologies struggle to effectively control the order of multi-party signing, resulting in issues such as large signature data volumes, high verification overhead, and insufficient flexibility in key usage, which impacts business traceability and security.
The blockchain-based nested signature collaborative evidence storage system ensures high security, strong order control, and verifiable digital evidence storage in multi-party collaborative business through digital certificate identity authentication, nested signature chain signature and verification architecture, access control module, and blockchain evidence storage technology.
It achieves identity verification security and reliability in the multi-party collaborative evidence storage process, ensures that the signature order strictly follows the business process, reduces storage and computing overhead, and improves system applicability and trustworthiness.
Smart Images

Figure CN122160064A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to digital signature and blockchain technology, specifically designing a nested signature collaborative evidence storage system and method based on blockchain. Background Technology
[0002] As one of the emerging security infrastructures driven by the rapid development of information technology in recent years, blockchain technology achieves distributed data storage through a decentralized ledger structure and cryptographic algorithms. Digital signatures, as a key technology, ensure the authenticity and integrity of the stored data. The development of blockchain technology has revolutionized evidence preservation methods. Traditional methods using email archives and chat screenshots as proof are not only costly to store but also pose risks of data leakage and tampering, thus affecting the validity of the evidence. To address this issue, blockchain technology constructs a closed-loop technology for verifying the authenticity of electronic evidence through distributed node consensus and cryptographic hash algorithms.
[0003] However, most existing blockchain-based evidence storage technologies employ common consensus mechanisms, such as consensus algorithms based on majority voting or Byzantine fault tolerance. While these mechanisms offer good performance in transaction confirmation and ledger synchronization, they struggle to meet security requirements in business scenarios demanding strict process control. They pose a risk of minority parties being suppressed, cannot guarantee the veto power of key personnel, and attackers may interfere with the consensus process through data tampering, message replay, or signature forgery, leading to the rejection of legitimate proposals or the incorrect uploading of illegitimate proposals to the blockchain, thus undermining the credibility of the evidence storage results.
[0004] To address these issues, some scholars have proposed using a role-weighted voting mechanism in consortium blockchain environments. This approach improves security to some extent and increases the decision-making power of key roles, but it still cannot guarantee the signing order. Furthermore, other scholars have proposed threshold signatures and multi-signatures. In a simple multi-signature scheme, each participant has a unique public-private key pair. A valid signature is the set of all user signatures, and final signature verification requires the public key of each signer. This results in multi-signature-based authorization evidence consuming significant space. In threshold signatures, each participant possesses only one key, which can issue a partial signature. These signature fragments must be combined to generate a valid final signature, but this also means that these keys may not be able to independently participate in another signing process.
[0005] In summary, existing technologies have at least the following shortcomings: First, it is difficult to effectively control the signing order of multiple parties based on business processes, which may affect the traceability and standardization of business operations; second, some solutions generate significant signature data or verification overhead, which is detrimental to improving the overall system operating efficiency; and third, the flexibility in key usage is insufficient, which may affect the collaborative capabilities of participating parties in multi-process parallel scenarios. Therefore, how to ensure the security of multi-party collaboration while achieving a controllable signing order, reducing storage and computational overhead, and improving system applicability has become a pressing technical problem to be solved in this field. Summary of the Invention
[0006] To address the aforementioned issues, this invention discloses a blockchain-based nested signature collaborative evidence storage system and method. This invention achieves a highly secure, strongly ordered, and verifiable digital evidence storage solution for multi-party collaborative business by comprehensively applying digital certificate authentication, a chain-based signature and verification architecture based on nested signatures, an access control module, and blockchain evidence storage technology. This solves problems in existing technologies such as the lack of sequential signatures, lax identity authentication, and susceptibility to signature tampering.
[0007] This invention provides a blockchain-based nested signature collaborative evidence storage system, comprising a blockchain network consisting of a trusted authority, a service provider, and signatories, as well as a signature stack; the trusted authority... This entity acts as the authoritative body for issuing and managing digital certificates, responsible for authenticating the digital identities of all signatories within the system, and generating and distributing private keys accordingly. and digital certificates that comply with national cryptographic standards To ensure the uniqueness and trustworthiness of the identities of each signatory to the national cryptographic SM2 algorithm; the service provider It is used to receive evidence storage requests from business initiators, process business requirements, formulate standardized signing process specifications based on preset business logic, and provide business processing and process management services to each signatory.
[0008] The signatory It is a collection of multiple entities participating in the signing process, using private keys distributed by a trusted authority. Perform digital signature; the signing party It is the entity that initiates the system's business process and is responsible for contacting the service provider. Submit a request for evidence preservation;
[0009] The other signatories It consists of personnel with corresponding signing authority, including but not limited to third-party service agencies, professional salespersons, notaries, and legal practitioners, among whom professional salespersons... Establish an orderly execution sequence for business signing; the blockchain network is operated by a trusted authoritative institution. With the signatory The system is configured to record business status changes, signing results, and related audit information in a decentralized ledger manner, thereby ensuring the immutability and full-process traceability of signature data; the signature stack Used to store evidence data such as nested signatures and timestamps.
[0010] The blockchain-based nested signature collaborative notarization method includes the following steps:
[0011] Step S1: System Initialization and Certificate Distribution
[0012] This step involves key generation and certificate issuance based on the Chinese national cryptographic algorithm SM2. (Trusted and authoritative institution) Based on this algorithm, a key pair is generated using the set of all attributes as input; the signing party After joining the system, the system provides its attributes to a trusted authority and registers. The trusted authority then generates a signatory based on the algorithm. public key Private key and issue digital certificates .
[0013] Step S2: Initialize the evidence storage process;
[0014] Signatory Initiating a request for evidence preservation services, a professional salesperson According to the signature order specified by the participants. Service Provider take over and The request is processed to meet business needs, and standardized signing process specifications are formulated based on preset business logic, specifying the signature order required for the evidence preservation process. Signature stack State variables Time lock Reputation assessment model It performs initialization and provides business processing and workflow management services to all signatories.
[0015] Step S3: Signing and verifying the evidence data;
[0016] The signing and verification of the evidence-based data is based on a nested chain-like signing and verification architecture. Each signatory... The signature order must be followed as described in step S2. and in time lock The system signs the stored data. Each signer must undergo a three-layer verification algorithm—sequential verification, key verification, and forward verification—before digitally signing. If the verification and signing are successful, the signature stack described in step S2 is updated. State variables Otherwise, the signing process will terminate, and the signing order will be changed. Signature stack State variables It will be discarded. The reputation assessment model described in step S2 during the signing process. The system will be updated in real time based on the actions of each signatory, and a final settlement will be made when the signing process ends.
[0017] Step S4: Upload evidence data to the blockchain
[0018] After all signatories have completed their signatures, the service provider... The overall verification algorithm will be executed, covering the process and signature stack that includes signatures from all signatories. Verification will be performed. If verification is successful, the service provider... Upload the evidence data to the blockchain, and the reputation assessment model described in step S2. The reputation value of each signatory will be calculated; if verification fails, the signature data will be discarded and the evidence storage process will fail.
[0019] Furthermore, step S1, system initialization and certificate distribution, specifically includes:
[0020] S1.1 System Initialization: This takes the entire set of system attributes as input and is performed by a trusted authoritative organization. A pair of asymmetric keys for issuing certificates is generated based on the national cryptographic algorithm SM2. ;
[0021] S1.2 Key generation and certificate issuance based on the Chinese national cryptographic algorithm SM2:
[0022] 1) Each signatory You need to apply during registration. The organization provides its own set of attributes. ,in For name, For the organization to which it belongs, For the role type, these three are required. A private key is generated for this entity using the SM2 national cryptographic algorithm. and corresponding public key ;
[0023] 2) The organization will submit the attribute set by the signatory. With public key Digital certificates packaged together in the national cryptographic standard format The process The organization uses its private key The certificate needs to be signed to verify its validity before it can be used. public key of the institution The identity certificate is verified to confirm the authenticity and integrity of the certificate holder's identity. .
[0024] Furthermore, the initialization of the evidence storage process in step S2 specifically involves:
[0025] S2.1 Business Request: Signatory Initiating a request for evidence preservation services, a professional salesperson A dictionary of signature order is pre-set based on the signatory's identity. ,in Ordinal values, A unique identifier for each signatory ;
[0026] S2.2 Initialization:
[0027] 1) Service Provider Initialize the process and receive and The request is processed to determine the final order of business requirements. ;
[0028] 2) Initialize the signature stack Signature stack Used to store data such as signatures and signature timestamps; initialization uses the original evidence storage data. It will be stored in the signature stack;
[0029] 3) Initialize signature state variables State variables This is used to dynamically record the signing progress. The status variable is automatically updated after each signing operation is completed, ensuring that at any given time only one legitimate signer has signing authority, while other signers have limited signing authority and can only access the current signing progress.
[0030] 4) Initialize the time lock Time Lock This is used to specify the signing time for each signatory; that is, each signatory must complete their signature within this threshold time. To ensure the fastest possible signing time and prevent irresponsible behavior such as signing without reviewing the document, This is the slowest signing time. If the signing is not completed within this time, the evidence storage process fails and the evidence storage information is discarded.
[0031] 1) Initialize the reputation assessment model and construct the reputation assessment model. This model is used to assess the reputation of each signatory, and those whose reputation falls below a certain threshold will be prohibited from participating in the evidence preservation process. The parameters used in the assessment include the number of successful, timely signatures. The number of times the signature was successfully verified by other nodes Number of signature timeouts Number of abnormal rejections / incorrect signatures .
[0032]
[0033] in To complete the signature, a reward coefficient is required. The citation value coefficient. As a penalty factor. Signature is a fundamental task, setting... To reward users who complete the signature; for users who pass verification, [the system is set up to...]. Further enhance its reputation; set up higher than and This increases the cost of attacks. It should be noted that signature timeouts may be caused by non-subjective factors, such as network failures, therefore the penalty for signature timeouts has been reduced. Generally, each signer has a base reputation value of 10; those below the threshold of 6 are prohibited from participating in the signature process.
[0034] 5) Initialize the query service. Provide a signature progress query service. This is used to enable the pre-defined signer to obtain the signature status information of the current evidence preservation process in real time. When executing the query service, it obtains the identity certificate of the querying party and then outputs the signature process information related to the querying party. 1. 2.
[0037] Furthermore, the signing and verification of the evidence data in step S3 specifically involves:
[0038] S3.1 Nested Signature of Stored Data: Each signatory must submit its identity certificate when performing a signature operation. With private key It is used for identity verification and signature calculation. Each signature is completed based on the previous signature (the first signature is based on the original stored evidence data). (hash signature), after each signature, we get ;
[0039]
[0040] S3.2 Three-layer verification algorithm:
[0041] S3.2.1 Sequential Verification: For the first... Signatory Before executing a signature, identity verification is required to determine whether the person is the current member who should sign. This mainly involves the following steps:
[0042] ① Get the current signature status
[0043] ② Obtain the identity of the person currently required to sign.
[0044] ③ Institutional Validation Certificate
[0045] ④ Verification order
[0046] S3.2.2 Key Verification: For each signer, before executing the signature, it is necessary to verify whether the identity certificate and private key match. This mainly involves the following steps:
[0047] ① Obtain the first The public key of the signer
[0048] ② Verify public and private keys
[0049] S3.2.3 Forward verification: For the first... Signatory Before executing the signature, the previous signatory (the third party) must be verified. The signature result of (bits) Verification is performed. This mainly involves the following steps:
[0050] ① Obtain the first The public key of the signer
[0051] ②Analysis of the first Signature results
[0052] ③ Calculate the first The hash value of each signature result
[0053] ④ Verify signature
[0054] After all three verifications in S3.2.4 pass, use the private key. For current data Perform a signature and obtain the current signature result. And stored in the signature stack. In the process, the next signatory performs the signing operation, and this cycle repeats until all signatories have completed their signatures. If verification fails during the forward verification process, it indicates that the previous signatory made an invalid signature. At this point, the evidence storage process stops, the signature data is discarded, and the reputation values of each signatory are updated. Signatories that did not sign are not updated and retain their original reputation values.
[0055] Furthermore, step S4, storing the evidence data on the blockchain, specifically involves:
[0056] S4.1 After all signatories have signed, a comprehensive verification will be performed. The overall verification algorithm first initializes the overall verification result variable. The default verification is successful. The algorithm then traverses the signature stack data, starting from the top of the stack and continuously performing the forward verification described in step S3.2.3. If the function successfully traverses the signature stack data to the bottom, the verification is successful, and the function returns. and This indicates successful verification and no failures were found; if any data fails verification during the iteration, the verification result variable is updated to 0 and the position of the verification failure is recorded. ;
[0057]
[0058] S4.2 If verification passes, the evidence data is uploaded to the blockchain; if verification fails, the signature data is discarded, and the evidence storage process fails. Finally, based on the verification results, the reputation values of each signatory are updated.
[0059] Beneficial effects: The present invention has the following advantages:
[0060] (1) This invention provides authoritative identity authentication for multiple participating entities in the process of evidence storage based on the national cryptographic SM2 algorithm for digital certificate distribution and identity authentication. Each signing step must be verified by matching the certificate and the private key to ensure that only the signer with a legitimate identity can perform the signing operation, which significantly improves the security and reliability of identity verification in the collaborative evidence storage process.
[0061] (2) This invention designs an evidence storage system, which is not a simple digital signature and verification, but involves joint maintenance by multiple parties to ensure the evidence storage process; this invention can be applied to more application scenarios, and the specific signature and verification algorithms are different, and I have a reputation assessment model to constrain signature behavior, increasing credibility and security.
[0062] (3) This invention designs a chain-based signature and verification architecture based on nested signatures. The chain-based signature strictly follows the preset business process order to complete the multi-party signatures sequentially, avoiding the business logic distortion problem caused by parallel or disordered signing in traditional multi-signature schemes. Dynamic signature permission management is realized through signature state variables and access control modules to ensure that only the currently designated signer has the signature permission at any given time, effectively preventing security risks such as skipping signatures and unauthorized signatures. (4) The forward verification in the three-layer verification algorithm uses the identity certificate and signature result of the previous signer to verify the integrity of the signature chain in real time, ensuring that the signature chain has not been tampered with or forged. This architecture provides continuous security protection in the multi-party collaboration process, improving the authenticity and legal validity of the final evidence storage result.
[0063] (5) This invention stores the complete multi-party ordered signature results on the blockchain. By utilizing the decentralized and tamper-proof characteristics of the blockchain, it achieves the tamper-proof, traceable and public verification capabilities of the stored data, which can provide credible digital evidence for subsequent auditing, liability determination and legal dispute resolution. Attached Figure Description
[0064] Figure 1 This is a diagram of the overall system framework of the present invention.
[0065] Figure 2 This is a schematic diagram of the data storage stage interaction in the embodiment.
[0066] Figure 3 This is the overall collaborative flowchart of the present invention. Detailed Implementation
[0067] The present invention will be further illustrated below with reference to the accompanying drawings and specific embodiments. It should be understood that the following specific embodiments are for illustrative purposes only and are not intended to limit the scope of the invention. It should be noted that the terms "front," "rear," "left," "right," "up," and "down" used in the following description refer to directions in the accompanying drawings, and the terms "inner" and "outer" refer to directions toward or away from the geometric center of a specific component, respectively.
[0068] like Figure 1 As shown, this is a blockchain network and signature stack comprised of a trusted authority, service provider, and signatory; the trusted authority... This entity serves as the authoritative body for issuing and managing digital certificates, responsible for authenticating the digital identities of all signatories within the system, and generating and distributing digital certificates compliant with Chinese cryptographic standards based on the SM2 algorithm. and the corresponding private key To ensure the uniqueness and credibility of each signatory's identity; the service provider This system is used to receive evidence storage requests from business initiators, process business requirements, formulate standardized signing process specifications based on preset business logic, and provide business processing and process management services to each signatory; the signatory... It is a collection of multiple entities participating in the signing process, using private keys distributed by a trusted authority. Perform digital signature; the signing party It is the entity that initiates the system's business process and is responsible for contacting the service provider. Submit a request for evidence storage; the other signatories It consists of personnel with corresponding signing authority, including but not limited to third-party service agencies, professional salespersons, notaries, and legal practitioners, among whom professional salespersons... Used to establish an orderly execution sequence for business signing; the blockchain network is operated by a trusted authority. With the signatory The system is configured to record business status changes, signing results, and related audit information in a decentralized ledger manner, thereby ensuring the immutability and full-process traceability of signature data; the signature stack Used to store nested signatures, timestamps, and other data;
[0069] The blockchain-based nested signature collaborative notarization method in this embodiment specifically includes the following steps:
[0070] Step 1: System Initialization and Certificate Distribution
[0071] 1.1 System Initialization: This takes the entire set of system attributes as input and is performed by a trusted authoritative organization. A pair of asymmetric keys for issuing certificates is generated based on the national cryptographic algorithm SM2. ;
[0072] 1.2 Certificate Distribution; Each entity submits a certificate to a Certificate Authority (CA). Provide its own set of attributes A private key is generated for this entity using the national cryptographic algorithm SM2. ;
[0073] 1.3 Certificate encapsulation; generate the corresponding public key and match it with the attribute set. They are packaged together into a digital certificate in the national cryptographic standard format, and by... The organization uses its private key to sign, thereby generating a verifiable identity certificate and private key pair. ;
[0074] Step 2: Initialization of the Evidence Preservation Process
[0075] 2.1 Signature Order Initialization; During the initialization of each evidence preservation process, the insurance company pre-sets the set of signatory identities and the signature order list. ,in Ordinal values, A unique identifier for each signatory ;
[0076] 2.2 Signature State Initialization: A state-based access control mechanism is adopted to ensure that only valid signatures from the current round can perform the signature operation. The signature state variable is set. The signature progress is dynamically recorded, initialized to 0, and automatically updated after each signature operation. This field is controlled by the smart contract to ensure that only one legitimate signing entity has signing authority at any given time, while access to other entities is restricted.
[0077] 2.3 Initialization of Time Lock and Reputation Assessment Model; Initialization of Time Lock ,in To ensure the fastest possible signing time and prevent irresponsible behavior such as signing without reviewing the document, This is the slowest signing time. If the signing is not completed within this time, the evidence storage process fails, and the evidence storage information is discarded. Initialize the reputation assessment model and construct the reputation assessment model. This model is used to assess the reputation of each signatory, and those whose reputation falls below a certain threshold will be prohibited from participating in the evidence preservation process. The parameters used in the assessment include the number of successful, timely signatures. The number of times the signature was successfully verified by other nodes Number of signature timeouts Number of abnormal rejections / incorrect signatures .
[0078]
[0079] in To complete the signature, a reward coefficient is required. The citation value coefficient. As a penalty factor. Signature is a fundamental task, setting... To reward users who complete the signature; for users who pass verification, [the system is set up to...]. Further enhance its reputation; set up higher than and This increases the cost of attacks. It should be noted that signature timeouts may be caused by non-subjective factors, such as network failures, therefore the penalty for signature timeouts has been reduced. Generally, each signer has a base reputation value of 10; those below the threshold of 6 are prohibited from participating in the signature process.
[0080] Step 3: Signature and Verification
[0081] 3.1 Each signatory must submit their identity certificate when performing a signature operation. With private key It is used for identity verification and signature calculation. Each signature is completed based on the previous signature (the first signature is based on the original stored evidence data). (hash signature), after each signature, we get ;
[0082]
[0083] 3.2, Regarding the first Signatory Before each signature, both sequence verification and key verification are required. Sequence verification verifies identity, determining whether the signer is the current member to sign, including ① obtaining the current signing status. ② Obtain the identity of the person currently required to sign. ;③ Institutional Validation Certificate ④ Verification order Key verification, which verifies whether the identity certificate matches the private key, includes ① obtaining the key. The public key of the signer ② Verify public and private keys For the first Signatory Before each signature, forward verification is required, that is, verification of the previous signer (the first signer). The signature result of (bits) Verification is performed, including ① obtaining the first The public key of the signer ;② Analysis of the first Signature results ③ Calculate the first The hash value of each signature result ;
[0084] ④ Verify signature If verification fails during the forward verification process, it indicates that the previous signatory made an invalid signature. At this point, the evidence storage process stops, the signature data is discarded, and the reputation assessment model is invoked. Update the reputation of each signatory.
[0085] 3.3 After all three verifications are successful, use the private key. For current data Perform a signature and obtain the current signature result. .
[0086] like Figure 2 As shown.
[0087] Step 4: Uploading evidence data to the blockchain
[0088] 4.1 Using a signature stack Total number of signatories Signatory Certificates and original evidence data Execute the overall verification algorithm Initialize the overall verification result variables. This indicates successful verification. The algorithm traverses the signature stack data, starting from the top of the stack and continuously performing forward verification. If the function reaches the bottom of the signature stack data, the verification is successful, and it returns. and This indicates successful verification and no failures were found. If any data fails verification during the iteration, the verification result variable is updated to 0 and the location of the verification failure is recorded. .
[0089] 4.2 After successful verification, the final evidence data is stored. The data will be uploaded to the blockchain; if verification fails, the stored data will be discarded. After the verification algorithm completes, the reputation assessment model will be invoked. Update reputation value.
[0090] like Figure 3 As shown.
[0091] As can be seen from the above embodiments, by using a blockchain-based nested signature collaborative notarization method to perform nested signatures on the data to be notified, the present invention can ensure the confidentiality and immutability of the data, prevent unauthorized access to the data by non-signing process users, and at the same time perform access control for each signer in each process to ensure that only the signer in the current order can access the data in the signature stack to sign.
[0092] Meanwhile, this invention designs a multi-layered verification algorithm and a time lock and reputation assessment model to constrain each signatory, better standardizing the entire signing process, ensuring the integrity and authenticity of the signed data, and increasing the cost of attacks. The blockchain-based evidence storage scheme, with each signatory and a trusted authority forming a blockchain network, establishes a distributed and trusted environment for the evidence storage process. Based on the national cryptographic algorithm SM2, each network node is authenticated and authorized. Simultaneously, the evidence storage data can be recorded on the blockchain, providing credible evidence for event and accountability tracing.
[0093] The technical means disclosed in this invention are not limited to those disclosed in the above embodiments, but also include technical solutions composed of any combination of the above technical features.
Claims
1. A blockchain-based nested signature collaborative evidence storage method, characterized in that... Specifically, it includes the following steps: Step S1: System initialization and certificate distribution, key generation and certificate issuance based on the national cryptographic algorithm SM2; trusted authoritative institution. Based on the national cryptographic algorithm SM2, a key pair is generated using the set of all attributes as input; the signing party After joining the system, the system provides its attributes to a trusted authority and registers. The trusted authority then generates a signatory based on the national cryptographic algorithm SM2. public key Private key and issue digital certificates ; Step S2: Initialize the evidence storage process; signatory Initiating a request for evidence preservation services, a professional salesperson According to the signature order specified by the participants; service provider take over and The request is processed to meet business needs, and standardized signing process specifications are formulated based on preset business logic, specifying the signature order required for the evidence preservation process. Signature stack State variables Time Lock Reputation assessment model Initialize the process and provide business processing and workflow management services to all signatories. Step S3: Signing and verification of the evidence storage data; the signing and verification of the evidence storage data is based on a nested signature chain signing and verification architecture; each signatory... The signature order must be followed as described in step S2. and in time lock The system signs the stored data. Each signer must undergo a three-layer verification algorithm—sequential verification, key verification, and forward verification—before digitally signing. If the verification and signing are successful, the signature stack described in step S2 is updated. State variables Otherwise, the signing process will terminate, and the signing order will be changed. Signature stack State variables It will be discarded; during the signing process, the reputation assessment model described in step S2... The process will be updated in real time based on the actions of each signatory, and a final settlement will be made at the end of the signing process. Step S4: Upload evidence data to the blockchain; after all signatories have completed their signatures, the service provider... The overall verification algorithm will be executed, covering the process and signature stack that includes signatures from all signatories. Verification will be performed; if verification is successful, the service provider will... Upload the evidence data to the blockchain, and the reputation assessment model described in step S2. The reputation value of each signatory will be calculated; if verification fails, the signature data will be discarded and the evidence storage process will fail.
2. The blockchain-based nested signature collaborative evidence storage method according to claim 1, characterized in that, The specific steps of system initialization and certificate distribution in step S1 include the following: S1.1 System Initialization: This takes the entire set of system attributes as input and is performed by a trusted authoritative organization. A pair of asymmetric keys for issuing certificates is generated based on the national cryptographic algorithm SM2. ; S1.2 Key generation and certificate issuance based on the Chinese national cryptographic algorithm SM2: 1) Each signatory Registration requires contacting a trusted and authoritative organization. Provide its own set of attributes ,in For name, For the organization to which it belongs, For the role type, these three are required. A private key is generated for this entity using the SM2 national cryptographic algorithm. and public key ; 2) Trustworthy and authoritative institutions The attribute set submitted by the signatory With public key Digital certificates packaged together in the national cryptographic standard format This process is conducted by a credible and authoritative organization. Use its private key The certificate is signed to verify its validity and allow access to a trusted authority. public key The identity certificate is verified to confirm the authenticity and integrity of the certificate holder's identity. .
3. The blockchain-based nested signature collaborative evidence storage method according to claim 1, characterized in that, The specific steps for initializing the evidence storage process in step S2 include the following: S2.1 Business Request: Signatory Initiating a request for evidence preservation services, a professional salesperson A dictionary of signature order is pre-set based on the signatory's identity. ,in Ordinal values, A unique identifier for each signatory ; S2.2 Initialization: 1) Service Provider Initialize the process and receive and The request is processed to determine the final order of business requirements. ; 2) Initialize the signature stack Signature stack Used to store data such as signatures and signature timestamps; initialization uses the original evidence storage data. It will be stored in the signature stack; 3) Initialize signature state variables ; State variables This is used to dynamically record the signing progress. The status variable is automatically updated after each signing operation is completed, ensuring that at any given time only one legitimate signer has signing authority, while other signers have limited signing authority and can only access the current signing progress. 4) Initialize the time lock Time Lock This is used to specify the signing time for each signatory, meaning that each signatory must complete their signature within this threshold time; whereby... To ensure the fastest possible signing time and prevent irresponsible behavior such as signing without reviewing the document, This is the slowest signing time. If the signing is not completed within this time, the evidence storage process will fail and the evidence storage information will be discarded. 5) Initialize the reputation assessment model Reputation assessment model Used to assess the reputation of each signatory; when their reputation falls below a certain threshold, they will be prohibited from participating in the evidence preservation process. The parameters included in the evaluation are the number of signatures that were successfully completed on time. The number of times the signature was successfully verified by other nodes Number of signature timeouts Number of abnormal rejections / incorrect signatures ; ; in To complete the signature, a reward coefficient is required. The citation value coefficient. As a penalty factor; signature is the foundational work, setting To reward users who complete the signature; for users who pass verification, [the system is set up to...]. Further enhance its reputation; set up higher than and This increases the cost of attacks; 6) Initialize the query service; Provide signature progress inquiry service It is used to enable the preset signer to obtain the signature status information of the current evidence storage process in real time; when executing the query service, it will obtain the identity certificate of the queryer and then output the signature process information related to the queryer.
4. The blockchain-based nested signature collaborative evidence storage method according to claim 1, characterized in that, The specific steps for signing and verifying the evidence data in step S3 include the following: S3.1 Nested Signature of Stored Data: Each signatory must submit its identity certificate when performing a signature operation. With private key It is used for identity verification and signature calculation. Each signature is completed based on the previous signature, while the first signature is based on the original stored evidence data. The hash signature, obtained after each signature. : ; S3.2 Three-layer verification algorithm: S3.2.1 Sequential Verification: For the first... The signatory, Before executing a signature, identity verification is required to determine whether the person is the current member who should sign. This mainly involves the following steps: ① Get the current signature status ; ② Obtain the identity of the person currently required to sign. ; ③ Institutional Validation Certificate ; ④ Verification order ; S3.2.2 Key Verification: For each signer, before executing the signature, it is necessary to verify whether the identity certificate and private key match. This mainly involves the following steps: ① Obtain the first The public key of the signer ; ② Verify public and private keys ; S3.2.3 Forward verification: For the first... The signatory, Before executing the signature, the previous signatory must be verified. The signature result of the bits Verification is required; The main steps are as follows: ① Obtain the first The public key of the signer ; ②Analysis of the first Signature results ; ③ Calculate the first The hash value of each signature result ; ④ Verify signature ; After all three verifications in S3.2.4 pass, use the private key. For current data Perform a signature and obtain the current signature result. And stored in the signature stack. In the process, the next signer performs the signing operation, and this cycle continues until all signers have completed the signing. If the verification fails during the forward verification process, it means that the previous signer made an invalid signature. At this time, the evidence storage process stops, the signature data is discarded, and the reputation value of each signer is updated. The signers who have not signed are not updated and retain their original reputation values.
5. The blockchain-based nested signature collaborative evidence storage method according to claim 1, characterized in that, The specific steps for uploading the evidence data to the blockchain in step S4 include the following: After the S4.1 signature is completed, the overall verification algorithm is executed. ; The input to the overall verification algorithm is the signature stack. Total number of signatories Collection of signing party certificates And the hash of the original evidence data The output is the verification result. and verification failure location ; The overall verification algorithm first initializes the overall verification result variable. The verification is successful by default. The algorithm then traverses the signature stack data, starting from the top of the stack, and continuously performs the forward verification described in step S3.2.
3. If the function successfully traverses the signature stack data to the bottom of the stack, the verification is successful, and the function returns. and This indicates that the verification was successful and no failures were found. If any data fails validation during the iteration, update the validation result variable to 0 and record the location of the validation failure. ; S4.2 If the verification passes, the evidence data is uploaded to the blockchain; if the verification fails, the signature data is discarded and the evidence storage process fails; finally, based on the verification results, the reputation value of each signatory is updated.
6. A blockchain-based nested signature collaborative evidence storage system, characterized in that: Including credible and authoritative institutions Service Provider Signatory The resulting blockchain network and signature stack; The trusted authoritative institutions It serves as the authoritative entity for issuing and managing digital certificates, responsible for authenticating the digital identities of all signatories within the system, and generating and distributing private keys based on the national cryptographic algorithm SM2. and digital certificates that comply with national cryptographic standards To ensure the uniqueness and credibility of each signatory's identity; the service provider This system is used to receive evidence storage requests from business initiators, process business requirements, formulate standardized signing process specifications based on preset business logic, and provide business processing and process management services to each signatory; the signatory... It is a collection of multiple entities participating in the signing process, using private keys distributed by a trusted authority. Perform digital signature; Signatory It is the entity that initiates the system's business process and is responsible for contacting the service provider. Submit a request for evidence storage; the other signatories It consists of personnel with corresponding signing authority, including but not limited to third-party service agencies, professional salespersons, notaries, and legal professionals, among whom professional salespersons... Establish an orderly execution sequence for business signing; the blockchain network is operated by a trusted authoritative institution. With the signatory The system is configured to record business status changes, signing results, and related audit information in a decentralized ledger manner, thereby ensuring the immutability and full-process traceability of signature data; the signature stack Used to store nested signatures and timestamp evidence data.