Multi-party secure electronic signature and certificate authentication method based on key component cooperation
By constructing a multi-scale predictive learning model and a spatial indexing architecture, and dynamically adjusting the authentication and encryption modes, the problems of delayed attack detection and low efficiency in high-load scenarios in traditional multi-party secure electronic signature and certificate authentication technologies are solved, achieving a higher signature success rate and lower certificate authentication latency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- GLANCE DIGITAL TECH (JIANGSU) CO LTD
- Filing Date
- 2026-05-08
- Publication Date
- 2026-07-14
AI Technical Summary
Traditional multi-party secure electronic signature and certificate authentication technologies cannot detect attacks in a timely manner when the hardware environment fluctuates, have insufficient risk prediction accuracy, and cannot support system operation under high load scenarios, resulting in low signature success rate and increased certificate authentication latency.
We construct a multi-scale predictive learning model covering short, medium, and long term, and dynamically adjust the authentication strength and encryption mode by combining blockchain server load parameters. We analyze the key component protocol fingerprint through a spatial index architecture, identify the signature triggering area in real time, and optimize the key distribution weight and encryption computing power consumption.
It has achieved enhanced proactive defense against attacks, improved system anti-attack capabilities, maximized signature success rate, minimized certificate authentication latency, and enhanced system stability.
Smart Images

Figure CN122160190B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of quantum technology, specifically to a method for multi-party secure electronic signatures and certificate authentication based on key component collaboration. Background Technology
[0002] With the rapid development of the digital economy and distributed business, electronic signatures and certificate authentication have become core trust technologies in scenarios such as blockchain evidence storage and electronic contracts. Multi-party collaborative signature technology is based on threshold cryptography, which splits the complete signature key into multiple key components, which are independently stored and collaboratively completed by multiple distributed authentication parties. Key components play an important role in key management, especially in the processes of key distribution, key generation, and key storage.
[0003] Traditional multi-party secure electronic signature and certificate authentication technologies have the following limitations: Firstly, traditional signatures are static. If the hardware environment fluctuates, it is impossible to determine whether an attack has occurred based on the fluctuating hardware environment. Moreover, in the collaborative signature process, remediation is often done after an attack or key expiration event. Even if some technologies introduce risk prediction models, they mostly use generalized predictions. Given the special nature of the key update cycle, they cannot predict attack behaviors and key expiration risks at different times, resulting in insufficient risk prediction accuracy. When a user issues a signature request, the adjustment of the distribution weight of key components cannot provide a reliable basis, and it is difficult to cope with multiple attack modes, increasing the risk of exposure of cryptographic components. Secondly, in the collaborative signature process, in high-load scenarios with signature request congestion and excessive certificate authentication latency, high-level identity verification strength cannot support system operation, resulting in a significant reduction in signature success rate. In the process of attack analysis and identification, it is mostly based on traffic feature statistics, and cannot analyze the spatial analysis caused by attack behavior. This makes the identification of high-dimensional attack feature vectors lagging, making it difficult to adapt to complex attack scenarios or business scenarios, greatly reducing the efficiency of collaborative signatures and increasing the latency of certificate authentication. Summary of the Invention
[0004] (a) Technical problems to be solved
[0005] To address the shortcomings of existing technologies, this invention provides a multi-party secure electronic signature and certificate authentication method based on key component collaboration. It constructs a short-, medium-, and long-term multi-scale predictive learning model based on historical attack patterns and key update cycles, outputting the comprehensive failure probability of key components to determine distribution weights. It dynamically adjusts the authentication strength of the collaborative signature process by combining real-time load parameters collected by the blockchain server. Furthermore, it introduces a spatial index architecture to analyze the key component protocol fingerprint, identify signature triggering areas, and obtain the entropy change rate. Combined with the real-time signature rate of the authenticator, it dynamically adapts the certificate authentication encryption mode, enhancing proactive prevention capabilities and system anti-attack levels, thus solving the problems raised in the background technology.
[0006] (II) Technical Solution
[0007] To achieve the above objectives, the present invention provides the following technical solution:
[0008] This application provides a multi-party secure electronic signature and certificate authentication method based on key component collaboration, applicable to users, authenticators, load balancers, and blockchain servers in the collaborative signature process. The method includes:
[0009] Based on historical attack patterns and key update cycles, a predictive learning model including short, medium, and long-term predictions is established to predict the overall failure probability of each key component and determine the distribution weight of each key component. A collaborative gateway is deployed through a load balancer and dynamically adjusts the distribution weight of each key component in response to preset instructions. At the same time, the distribution weight is combined with the load parameters collected in real time by the blockchain server to dynamically adjust the authentication strength in the collaborative signature process.
[0010] By having users initiate signature requests, a traffic monitoring plugin is set up at the certifying party, a spatial index architecture is introduced, the protocol fingerprint of the key components is analyzed, the signature triggering area of each key component is identified in real time, and the entropy change rate is obtained. Combined with the signature rate of each certifying party per unit time, the encryption mode of the corresponding certificate authentication of the blockchain server is dynamically adjusted.
[0011] Furthermore, based on the entropy change rate, authentication strength, and encryption mode, combined with the real-time attack mode, a multi-dimensional state vector is constructed. The multi-dimensional state vector is input into a preset policy network, and by defining the action space of the load balancer, a reward function is constructed to maximize the signature success rate and minimize the certificate authentication latency. The optimal action strategy of the load balancer is output, including the adjustment step size of the weight interpolation coefficients for correcting the key update cycle and distribution weight.
[0012] Furthermore, the acquisition of historical attack patterns includes:
[0013] Within a preset time period, the hardware parameters of the key components distributed by the collaborative gateway are monitored in real time, including voltage ripple and buffer collision frequency, to establish a three-dimensional monitoring vector; by dividing the preset time period into several time periods, the average value and standard deviation of the hardware parameters are analyzed for each time period to construct a variety of first judgment curves;
[0014] The DTW algorithm is used to compare multiple first judgment curves with the standard judgment curve one by one. If at least one first judgment curve has a matching degree greater than the preset matching threshold with the standard judgment curve, it is determined that an attack has occurred within that time period. For the time period of the attack, the second judgment curve with voltage ripple as the horizontal axis, buffer collision frequency as the vertical axis, and timestamp as the third axis is used to obtain the motion trajectory and direction of movement on the plane containing the horizontal and vertical axes, and to establish a dynamic cross section.
[0015] By analyzing the intersection area, difference area, and total non-overlapping area after the cross-sections are superimposed with the standard judgment, the attack mode is determined, including: replay attack, man-in-the-middle interference, and collusion attack.
[0016] Furthermore, the overall failure probability of the output key components is predicted, including:
[0017] Based on historical attack patterns and key update cycles, the interaction features of key components are captured in real time, including at least the number of attacks and protocol timing deviations during multi-party collaboration. The interaction features are normalized, and an autoencoder is used to extract high-dimensional attack feature vectors to build a dynamically updated historical attack pattern feature library. At the same time, short, medium and long-term prediction learning models are established, and different algorithm models are configured according to the historical attack pattern feature library.
[0018] The failure probabilities of short, medium and long-term prediction outputs are time-aligned, and the weight coefficients are adjusted by combining the cumulative number of signatures of the key components. Through weighted aggregation, the comprehensive failure probability of the key components in a single key update cycle is generated, and the reciprocal of the comprehensive failure probability is taken as the distribution weight. After each prediction in a key update cycle is completed, the new key components are added to the sliding window. When the prediction error exceeds the preset number threshold for several consecutive times, the prediction learning model is retrained.
[0019] Furthermore, different algorithm models can be configured, including:
[0020] Short-term prediction: Analyze the temporal perturbation characteristics of high-dimensional attack feature vectors using exponential weighted average to predict the failure probability of key components; Medium-term prediction: Analyze the evolution gradient characteristics of high-dimensional attack feature vectors using ridge regression to predict the failure probability of key components; Long-term prediction: Combine the key update cycle with logistic regression model analysis of the evolution trend of historical high-dimensional attack feature vectors to predict the failure probability of key components.
[0021] Furthermore, the authentication strength in the collaborative signature process is dynamically adjusted, including:
[0022] The transaction pool depth, encryption algorithm dimension, and block height are identified based on load parameters and normalized as evaluation indicators. The evaluation indicators are compared with standard indicators to obtain the corresponding deviation values. A topology model of users, authenticators, load balancers, and blockchain servers is constructed. Based on the topology model, the signature logs in the collaborative signature process are retrieved as training sets, and the obtained distribution weights and deviation values are used as input feature matrices. According to the signature success rate of the signature logs, each training set is configured with a corresponding identity verification strength label, including low, medium, and high strength levels.
[0023] The distribution weights are mapped to the deviation values, the mean of the probability distribution of each dimension in the training set is extracted, and the expected observation frequency of different authentication strength labels is calculated. The chi-square statistic is obtained by comparing the proportion of the squared difference between the actual observation frequency and the expected observation frequency in the training set, which quantifies the correlation of the input feature matrix with different authentication strength labels. The chi-square statistics are sorted in descending order, a dynamic correlation curve is plotted, the stationary region in the dynamic correlation curve is identified, the weight distribution of each dimension with the smallest volatility of the curve is extracted, and configured as the optimal control parameter. The authentication strength in the current collaborative signature process is output, and the process is iterated.
[0024] Furthermore, a spatial indexing architecture is introduced, including:
[0025] Responding to the signature request and simultaneously collecting the protocol fingerprint during the collaborative signature process, the protocol fingerprint is mapped to a high-dimensional feature space to form a protocol feature point set; wherein, the protocol fingerprint includes a one-way hash function, the signature distribution delay, and the signature request timestamp;
[0026] Extract the geometric center of the protocol feature point set and establish a multi-dimensional feature coordinate system; perform principal component analysis on the protocol feature point set to extract statistical features, analyze the two feature vectors with the largest dispersion as target directions, and form a first spatial plane; wherein, the target directions include the first target direction and the second target direction;
[0027] The protocol feature point set is projected onto the first spatial plane to obtain the projected point cluster, and the extreme values of the coordinates of the projected point cluster in the target direction are calculated. The minimum bounding rectangle is fitted and marked as the second spatial plane. The second spatial plane is divided into several grid cells, and each grid cell represents a signature triggering region.
[0028] Furthermore, obtaining the rate of change of entropy includes:
[0029] Retrieve the protocol feature point set of the current grid cell, form sample clusters through cluster analysis, and calculate the information entropy;
[0030] The topology model is retrieved, and the signature logs are compared in real time to filter out the authenticators whose online duration is greater than or equal to the standard online duration threshold. The corresponding information entropy is differentially differentiated over a key update cycle to obtain the entropy change rate.
[0031] Furthermore, there are encryption modes, including fast mode, standard mode, and enhanced mode.
[0032] (III) Beneficial Effects
[0033] This invention provides a method for multi-party secure electronic signature and certificate authentication based on key component collaboration, which has the following beneficial effects:
[0034] This invention analyzes voltage ripple and buffer collision frequency to obtain different first judgment curves through different combinations. These curves reflect the dynamic response characteristics of key distribution under different attack modes and quickly respond to whether the current preset time period has been attacked. Simultaneously, a second judgment curve is obtained based on voltage ripple and buffer collision frequency. By constructing dynamic nodes, the intersection area, difference area, and non-overlapping total area after overlapping with the standard judgment cross-section are analyzed to determine morphological differences and define the attack mode. This enables proactive analysis and judgment of attacks during the key component collaborative signature process.
[0035] This invention constructs short, medium, and long-term prediction models by analyzing historical attack patterns and key update cycles. It solves the problem of computational limitations due to different time scales by using time alignment. It dynamically adjusts the weighting coefficients of different time scales by binding the cumulative number of signatures to the key update cycle. At the same time, it quantifies the failure risk by combining the cumulative number of signatures, thereby improving the robustness of the system.
[0036] This invention analyzes load parameters and generates corresponding deviation values based on a topology model of users, authenticators, load balancers, and blockchain servers. Combined with the obtained distribution weights, an input feature matrix is established. By analyzing the actual observation frequency and the expected observation frequency, a dynamic correlation curve is constructed. Even in the event of an attack that has not yet occurred, the authentication strength can be adjusted in real time according to the fluctuation in the current collaborative signature process. To a certain extent, this can greatly improve the efficiency of key distribution and key reuse.
[0037] This invention introduces a spatial indexing architecture, abstracting the collaborative signature process into a mathematical modeling problem. It captures the spatial distribution characteristics of attack behavior in real time, accurately obtaining the entropy change rate of high-dimensional attack feature vectors. By analyzing protocol fingerprints, it identifies signature trigger areas. Simultaneously, by combining the real-time signature rates of each authenticator, it constructs a speed influence function and generates a security influence coefficient. This dynamically adjusts the encryption mode of the corresponding certificate authentication on the blockchain server, improving encryption protection strength and enhancing automatic optimization of encryption computing power consumption. By constructing a state space using entropy change rate, authentication strength, encryption mode, and real-time attack mode, and defining the action space of the load balancer, it constructs a reward function objective to maximize signature success rate and minimize certificate authentication latency. The PPO optimization algorithm is introduced to autonomously select the optimal reward to trigger the optimal action strategy, achieving reinforcement learning and ensuring system stability under large-scale concurrent signature requests, significantly reducing certificate authentication latency. Attached Figure Description
[0038] Figure 1 This is a flowchart illustrating the present invention. Detailed Implementation
[0039] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of the present invention.
[0040] Example: This embodiment of the invention provides a method for multi-party secure electronic signature and certificate authentication based on key component collaboration; Figure 1 This is a flowchart illustrating the present invention; please refer to [link / reference]. Figure 1 This method is applied to users, authenticators, load balancers, and blockchain servers in the collaborative signature process, and includes the following steps:
[0041] The following is an explanation of some of the terms involved:
[0042] User: Used in the collaborative signature process, the user is the initiator of the signature request and the holder of the key component; the user holds the securely distributed key component and is responsible for initiating the signature request, identity verification request and certificate authentication request for electronic signature, completing the signature fragment operation of the key component, and completing the full-link information exchange of the multi-party secure electronic signature process and certificate authentication process with the certifier, load balancer and blockchain server.
[0043] Authenticator: A service node used in the collaborative signature process, which can be one or more distributed service node clusters; the authenticator collaboratively completes the security and distributed storage of the user key component, and holds the collaborative key component corresponding to the user key component;
[0044] Load balancer: Used in the collaborative signature process, it is typically deployed between the user, the authenticator, and the blockchain server. The load balancer responds to signature requests, identity verification requests, and certificate authentication requests for electronic signatures. For example, for signature requests, a collaborative gateway is deployed in front of the load balancer to identify user-initiated signature requests in real time, dynamically adjust the distribution weight of each key component in response to preset instructions, and send the user request to the optimal authenticator. In addition, it is also responsible for the encrypted forwarding and communication link maintenance between the user, the authenticator, and the blockchain server.
[0045] Blockchain server: A service device used to form a distributed blockchain during the collaborative signature process. It can be a cluster of one or more service nodes and is the underlying support for multi-party secure electronic signatures and certificate authentication. It provides real-time traceability of on-chain electronic signatures and certificates for users, certifiers, load balancers and blockchain servers.
[0046] Preset instructions: These are instructions included in the policy network. By adjusting the distribution weights of different cluster nodes during the collaboration process, the system can treat the authenticator asymmetrically. For example, for service nodes with high creditworthiness or secure hardware environments, higher distribution weights are assigned through weight interpolation coefficients. During signature synthesis, these nodes contribute more, or the system prioritizes sampling the key components of these service nodes, thereby optimizing the key component synthesis speed while ensuring security.
[0047] Voltage ripple: Used during collaborative signing to monitor the state of key components in cryptographic operations within the encrypted communication channel, monitoring minute voltage fluctuations through a built-in high-speed analog-to-digital converter; Buffer collision frequency: Used during collaborative signing to monitor the state of buffer lines during key component operations, monitored through a hardware performance counter built into the CPU.
[0048] Transaction pool depth: Used in the collaborative signature process to characterize the congestion level of pending transactions on the current blockchain server; Encryption algorithm dimension: Used in the collaborative signature process to characterize the complexity of the encryption algorithm used in the key component collaboration process; Block height: Used in the collaborative signature process to characterize the block generation efficiency and overall operating load of the blockchain network.
[0049] Intersection area: Dynamic cross section ∩ Standard judgment cross section, i.e., the total overlapping area, representing the portion of the current motion trajectory that falls within the ideal safety domain; Difference area: Dynamic cross section - Standard judgment cross section, representing the abnormal overflow component of the dynamic cross section exceeding the standard cross section; Non-overlapping area: (Dynamic cross section ∪ Standard judgment cross section) - (Dynamic cross section ∩ Standard judgment cross section), representing the degree of overall morphological mismatch between the dynamic cross section and the standard judgment cross section;
[0050] One-way hash function: The function used to encrypt key components, representing the algorithm that maps the plaintext of an authentication certificate or key component to a fixed-length output value; Signature distribution delay: The time difference between the initiation of a signature request and the complete reception and verification of its issued instructions by multiple authenticators.
[0051] S1: Based on historical attack patterns and key update cycles, establish a predictive learning model that includes short, medium and long term predictions to predict the overall failure probability of each key component and determine the distribution weight of each key component; deploy a collaborative gateway through a load balancer and dynamically adjust the distribution weight of each key component in response to preset instructions. At the same time, combine the distribution weight with the load parameters collected in real time by the blockchain server to dynamically adjust the authentication strength in the collaborative signature process.
[0052] In this embodiment, a global master key is generated by initialization, divided into multiple key components, and encrypted and distributed to the corresponding authenticators. A collaborative gateway is deployed in front of the load balancer, and the load balancer is used to perform real-time feature recognition on the signature requests initiated by each user. Based on a preset load balancing algorithm, the signature requests are anchored to a specific collaborative gateway instance to establish an encrypted communication channel between the user, the authenticator, and the blockchain server.
[0053] Acquiring historical attack patterns includes: real-time monitoring of hardware parameters of the key components distributed by the collaborative gateway within a preset time period, including voltage ripple and buffer collision frequency, to establish a three-dimensional monitoring vector, namely voltage ripple, buffer collision frequency, and timestamp; simultaneously, dividing the preset time period into several time periods, and analyzing the average and standard deviation of hardware parameters for each time period, including the average voltage ripple, standard deviation of voltage ripple, average buffer collision frequency, and standard deviation of buffer collision frequency, to construct four first judgment curves: the first type: using the average voltage ripple plus k times the standard deviation of voltage ripple as the horizontal axis, and the average buffer collision frequency plus k times the standard deviation of buffer collision frequency as the vertical axis, to construct the first judgment curve; the second type: using the average voltage ripple... The first judgment curve is constructed by adding k times the standard deviation of the voltage ripple to the horizontal axis and subtracting k times the standard deviation of the buffer collision frequency from the average buffer collision frequency to the vertical axis. The second method uses the average voltage ripple minus k times the standard deviation of the voltage ripple to the horizontal axis and the average buffer collision frequency plus k times the standard deviation of the buffer collision frequency to the vertical axis. The third method uses the average voltage ripple minus k times the standard deviation of the voltage ripple to the horizontal axis and the average buffer collision frequency minus k times the standard deviation of the buffer collision frequency to the vertical axis. Here, k represents the conditional proportionality index, and k is typically set between 2 and 3 to balance reliability and sensitivity. The specific value is set based on the actual situation and will not be elaborated here.
[0054] Different combinations of first judgment curves can be obtained to reflect the dynamic response characteristics of key distribution under different attack modes. For example, using the average voltage ripple plus k times the standard deviation of the voltage ripple as the horizontal axis and the average buffer collision frequency minus k times the standard deviation of the buffer collision frequency as the vertical axis, the first judgment curve reflects the impact of the overall system's rising response capability on whether it has been attacked. Conversely, using the average voltage ripple minus k times the standard deviation of the voltage ripple as the horizontal axis and the average buffer collision frequency minus k times the standard deviation of the buffer collision frequency as the vertical axis, the first judgment curve reflects the impact of the overall falling response difference combination on whether it has been attacked. When the value of k increases, the range of the first judgment curve expands; when the value of k decreases, the range of the first judgment curve approaches the average value, allowing different combinations of first judgment curves to distinguish whether an attack has occurred.
[0055] The DTW algorithm is used to compare multiple first judgment curves with a standard judgment curve one by one. If at least one first judgment curve has a matching degree greater than a preset matching threshold with the standard judgment curve, it is determined that the time period has been attacked; otherwise, if the matching degree of all first judgment curves with the standard curve is less than or equal to the preset matching threshold, it is determined that the time period has not been attacked. The preset matching threshold is usually set to 0.8. For the attacked time period, the second judgment curve is used with voltage ripple as the horizontal axis, buffer collision frequency as the vertical axis, and timestamp as the third axis. The motion trajectory and direction of movement on the plane containing the horizontal and vertical axes are obtained to establish a dynamic cross section. By analyzing the intersection area, difference area, and non-overlapping total area after superimposing with the standard judgment cross section, the morphological difference is determined to define the attack mode. Specifically, if the motion trajectory in the horizontal and vertical axis planes presents a rigid overlap with the standard judgment cross section in multiple consecutive time periods, similar to the absolutely uniform milling trajectory of a CNC machine tool along a fixed mold. If the movement direction exhibits linear translation over time, and the intersection area approaches the total area of the dynamic cross section, and the non-overlapping area exhibits a silent state approaching zero, then it is determined to enter the replay attack mode. If, over multiple consecutive time periods, the movement trajectory exhibits discontinuous pulse jumps or local spurs in the horizontal and vertical planes, similar to the spike tearing trajectory generated by sudden strong electromagnetic interference in a high-frequency oscilloscope, and the movement direction undergoes instantaneous nonlinear deflection within the dynamic cross section, and if the difference area exhibits a sudden peak value, and the intersection area undergoes instantaneous collapse, then it is determined to enter the man-in-the-middle interference mode. If, over multiple consecutive time periods, the movement trajectories of multiple collaborative gateways exhibit a highly consistent phase synchronization state, similar to the ghost synchronous swing trajectory formed by multiple independent mechanical metronomes being forcibly pulled on the same resonant base, and if the correlation coefficient of the non-overlapping total area of multiple collaborative gateways evolves over time exceeding a preset threshold, then it is determined to have illegal detection behavior with multiple logical connections, and it is determined to enter the collusion attack mode.
[0056] It should be noted that the standard judgment curves are derived from historical statistics. Data on voltage ripple and buffer collision frequencies under attack-free and fault-free conditions during historical collaborative processes are collected. The mean and standard deviation of the voltage ripple and buffer collision frequencies are extracted, and these values are mapped onto a two-dimensional coordinate system with voltage ripple as the horizontal axis and buffer collision frequency as the vertical axis. This yields the corresponding standard judgment curves according to the four combinations mentioned above. The standard judgment cross-sections are derived from historical statistics. Data on voltage ripple and buffer collision frequencies under attack-free and fault-free conditions during historical collaborative processes are collected. For continuous historical voltage ripple and buffer collision frequency data, a dynamic window consistent with the dynamic cross-section is set. Window segments are slid along the time axis and projected onto the plane enclosed by the horizontal and vertical axes to obtain a single set of window cross-sections. The mean and standard deviation of the voltage ripple and buffer collision frequency data within each window cross-section are calculated. Based on the conditional scaling factor consistent with the first standard curve, the upper and lower limits of the motion trajectory envelope are obtained. The motion trajectory range and displacement velocity range of all data within this window are statistically analyzed to construct the standard cross-section.
[0057] The prediction of the overall failure probability of the output key component includes: real-time capture of interaction features of the key component based on historical attack patterns and key update cycles, including at least the number of attacks and protocol timing deviations during multi-party collaboration; normalization of the interaction features, extraction of high-dimensional attack feature vectors using an autoencoder, and construction of a dynamically updated historical attack pattern feature library; and the establishment of short-, medium-, and long-term prediction learning models, configuring different algorithm models according to the historical attack pattern feature library.
[0058] Short-term prediction: An exponentially weighted average (EWMA) method is used to analyze the temporal perturbation features of high-dimensional attack feature vectors. The short-term prediction includes an EWMA smoothing unit, one fully connected layer, and a Sigmoid output layer. The EWMA smoothing unit has an initial smoothing factor of 0.3, used to independently perform exponentially weighted average smoothing on each feature dimension of the input high-dimensional attack feature vector. The fully connected layer has 32 hidden units and uses the ReLU activation function to perform nonlinear fusion and dimensionality reduction on the temporal smoothing features, extracting deep fusion features strongly correlated with the key component failure risk. Finally, the Sigmoid output layer normalizes the result to the 0-1 range to predict the key component's... Failure probability; it should be noted that short-term prediction is usually 15 minutes; medium-term prediction: Ridge regression analysis is configured to analyze the evolutionary gradient features of high-dimensional attack feature vectors. The medium-term prediction includes a feature extraction layer, a ridge regression layer with L2 regularization, and a sigmoid output layer; the feature extraction layer is used to extract features from the input high-dimensional attack feature vector, capturing the direction and magnitude of attack feature changes; the regularization parameter of the ridge regression layer is initially configured to 1.0, performing linear fitting on the extracted evolutionary gradient features to establish a mapping relationship between the evolutionary gradient features and key component failure, while suppressing overfitting caused by high-dimensional features through L2 regularization; the sigmoid output layer converts the results into a linear sequence. The result is normalized to the 0-1 range to predict the failure probability of the key component. It should be noted that the medium-term prediction is typically 1 hour. Long-term prediction: Combining the key update cycle, a logistic regression model is configured to analyze the evolution trend of historical high-dimensional attack feature vectors. The long-term prediction includes a first encoding layer, a second encoding layer, a feature concatenation layer, a logistic regression layer, and a Sigmoid output layer. The first encoding layer incorporates STL time series decomposition to separate trend and periodic terms from historical high-dimensional attack feature vectors. The second encoding layer is used to encode key update cycle-related parameters to generate cryptographic feature vectors, including but not limited to the normalized time since the last key update. The parameters include: the normalized time until the next key update; one-hot encoding of the key window within one hour before and after the key update; feature concatenation layer concatenates the feature vectors generated by the first and second encoding layers to generate fused features; logistic regression layer is used to perform binary classification fitting on the fused features, establishing a mapping relationship between the fused features and the long-term failure of the key components, while L2 regularization suppresses overfitting caused by high-dimensional features; sigmoid output layer normalizes the results to the 0 to 1 interval and predicts the failure probability of the key components; it should be noted that long-term prediction is usually 1 day; the values mentioned above are all illustrative examples, and the specific values are given according to the actual situation, which will not be elaborated here.
[0059] The failure probabilities of short-, medium-, and long-term predictions are time-aligned, and the weighting coefficients are adjusted based on the cumulative signature count of the key component. Through weighted aggregation, a comprehensive failure probability of the key component within a single key update cycle is generated. This is achieved by multiplying the failure probability of the short-term prediction output by the first weighting coefficient, the failure probability of the medium-term prediction output by the second weighting coefficient, and the failure probability of the long-term prediction output by the third weighting coefficient, and then summing the results to obtain the comprehensive failure probability. It should be noted that a higher comprehensive failure probability indicates a higher risk of failure for the key component in the remaining cryptographic update cycle; conversely, a lower comprehensive failure probability indicates a lower risk of failure. Furthermore, the initial first weighting coefficient is greater than the second weighting coefficient, which is greater than the third weighting coefficient, which is greater than 0, and the sum of the first, second, and third weighting coefficients is always 1. The cumulative signature count is used as a constraint, and the ratio of the cumulative signature count to a preset signature count threshold is used as the signature utilization rate. A first weight coefficient, a second weight coefficient, and a third weight coefficient are dynamically calculated. For example: when the signature utilization rate is ≤0.3, the key component is considered newly activated, with a high cumulative signature count, and the failure risk is mainly short-term burst attacks; therefore, the first weight coefficient is set greater than the second weight coefficient, which is greater than the third weight coefficient. If 0.3 < signature utilization rate ≤0.7, the key component is considered to be in stable use, with the failure risk mainly being medium-term gradual attacks; therefore, the second weight coefficient is set to the maximum. If the signature utilization rate is >0.7, the key component is considered to be in high-load use, with a high cumulative signature count, and the failure risk is mainly long-term cumulative attrition; therefore, the third weight coefficient is set to the maximum. It should be noted that the values mentioned above are illustrative examples, and specific settings should be based on actual circumstances; these will not be elaborated upon here.
[0060] Meanwhile, the reciprocal of the overall failure probability is taken as the distribution weight; after each prediction within a key update cycle is completed, the new key component is added to the sliding window; when the prediction error exceeds the preset number of times for several consecutive times, the prediction learning model is retrained; it should be noted that the preset number of times threshold is predefined and is set according to the actual situation, which will not be elaborated here.
[0061] By unifying the failure probabilities of three different time dimensions into a weighted index of the same statistical dimension, the problem of incomprehensibility due to different time scales is solved. The cumulative number of signatures is bound to the key update cycle, and the weight coefficients of different time scales are dynamically adjusted. At the same time, the failure risk is quantified by combining the cumulative number of signatures, thereby improving the robustness of the system.
[0062] The authentication strength during the collaborative signature process is dynamically adjusted, including: identifying transaction pool depth, encryption algorithm dimension, and block height based on load parameters; normalizing these parameters as evaluation indicators; comparing the evaluation indicators with standard indicators to obtain corresponding deviation values, including: standard indicators include standard transaction pool depth, standard encryption algorithm dimension, and standard block height; determining the first deviation value based on transaction pool depth and standard transaction pool depth, the second deviation value based on encryption algorithm dimension and standard encryption algorithm dimension, and the third deviation value based on block height and standard block height; constructing a topology model of users, authenticators, load balancers, and blockchain servers; retrieving signature logs from the collaborative signature process as a training set based on the topology model; and using the obtained distribution weights and corresponding deviation values as input features, constructing an input feature matrix with distribution weights as the row dimension and deviation values as the column dimension; configuring authentication strength labels for each training set based on the signature success rate of the signature logs, including low, medium, and high strength levels, with higher signature success rates corresponding to higher authentication strength and lower signature success rates corresponding to lower authentication strength.
[0063] The distribution weights are mapped to the deviation values, the mean of the probability distribution of each dimension in the training set is extracted, and the expected observation frequency of different authentication strength labels is calculated. The chi-square statistic is obtained by comparing the proportion of the squared difference between the actual observation frequency and the expected observation frequency in the training set, which quantifies the correlation of the input feature matrix with different authentication strength labels. The chi-square statistics are sorted in descending order, a dynamic correlation curve is plotted, the stationary region in the dynamic correlation curve is identified, the weight distribution of each dimension with the smallest volatility of the curve is extracted, and configured as the optimal control parameter. The authentication strength in the current collaborative signature process is output, and the process is iterated.
[0064] By analyzing the load parameters, corresponding deviation values are generated, and combined with the obtained distribution weights, an input feature matrix is established. By analyzing the actual observation frequency and the expected observation frequency, a dynamic correlation curve is constructed. Even in the event of an attack that has not yet occurred, the authentication strength can be adjusted in real time according to the fluctuation level in the current collaborative signature process. To a certain extent, this can greatly improve the efficiency of key distribution and key reuse.
[0065] S2: By having the user initiate a signature request, the authenticator sets up a traffic monitoring plugin, introduces a spatial index architecture, analyzes the protocol fingerprint of the key components, identifies the signature triggering area of each key component in real time, and obtains the entropy change rate. Combined with the signature rate of each authenticator within a unit of time, the encryption mode of the corresponding certificate authentication of the blockchain server is dynamically adjusted.
[0066] A spatial indexing architecture is introduced, including: responding to signature requests and synchronously collecting protocol fingerprints during the collaborative signature process; mapping the protocol fingerprints to a high-dimensional feature space to form a protocol feature point set; wherein, the protocol fingerprint includes: a one-way hash function, the signature distribution delay, and the signature request timestamp; extracting the geometric center of the protocol feature point set and establishing a multi-dimensional feature coordinate system; performing principal component analysis on the protocol feature point set, extracting statistical features, analyzing the two feature vectors with the largest dispersion as target directions, and forming a first spatial plane; wherein, the target directions include a first target direction and a second target direction; projecting the protocol feature point set onto the first spatial plane to obtain a projection point cluster, calculating the coordinate extrema of the projection point cluster in the target direction, fitting a minimum bounding rectangle, and marking it as the second spatial plane; dividing the second spatial plane into several grid cells, with each grid cell representing a signature triggering region;
[0067] The acquisition of entropy change rate includes: retrieving the protocol feature point set of the current grid cell, forming a sample cluster through cluster analysis, and calculating the information entropy; retrieving the topology model, comparing the signature log in real time, filtering out authenticators whose online duration is greater than or equal to the standard online duration threshold, and marking them as active authenticators; and taking the differential derivative of the corresponding information entropy under one key update cycle to obtain the entropy change rate.
[0068] A traffic monitoring plugin is used to count the number of active authenticators within the signature triggering area, calculating the total number of signature requests per unit time. The ratio of the total number of signature requests to the number of windows is marked as the real-time signature request rate. A comparison interval for the signature request rate is set to obtain the rate impact function. For example: if the signature request rate is within the comparison interval and includes the boundary of the comparison interval, the rate impact function is assigned a value of 1.0; if the signature request rate is less than the comparison interval, the rate impact function is assigned a value of 0.8; if the signature request rate is greater than the comparison interval, the rate impact function is assigned a value of 1.5. The signature request rate is multiplied by the rate impact function, combined with the entropy change rate, and the natural logarithm function is used to calculate the entropy change rate by adding 1 and taking the logarithm. The results of the two calculations are multiplied to obtain the security impact coefficient. It should be noted that the entropy change rate, the signature request rate, and the security impact coefficient are positively correlated. The larger the entropy change rate, the more chaotic the data, and the higher the attack risk. The larger the signature request rate, the faster the signature requests, the easier the system is to be compromised, and the security is greatly reduced.
[0069] The security impact coefficient is compared with a preset first threshold and a second threshold: If the security impact coefficient is less than the first threshold, it is marked as 'a', assigned a first-level character, and 'a' is combined with the first-level character to generate a fast mode; for the fast mode, segmented homomorphic encryption is performed during certificate authentication, and spatial projection broadcast based on zero-knowledge proof is used to maximize anti-tampering capability at the cost of communication bandwidth; if the security impact coefficient is greater than or equal to the first threshold and less than or equal to the second threshold, it is marked as 'b', assigned a second-level character, and 'b' is combined with the second-level character to generate a standard mode; for the standard mode, batch certificate endorsement broadcast based on symmetric encryption algorithm is used during certificate authentication to reduce the storage load of the blockchain ledger through aggregated signatures; if the security impact coefficient is greater than the second threshold, it is marked as 'b', assigned a second-level character, and 'b' is combined with the second-level character to generate a standard mode; for the standard mode, batch certificate endorsement broadcast based on symmetric encryption algorithm is used during certificate authentication, and the storage load of the blockchain ledger is reduced by aggregating signatures; if the security impact coefficient is greater than the second threshold, it is marked as 'a', assigned a first-level character, and 'a' is combined with the first-level character to generate a fast mode; for the fast mode, segmented homomorphic encryption is performed during certificate authentication, and spatial projection broadcast based on zero-knowledge proof is used to maximize anti-tampering capability at the cost of communication bandwidth; if the security impact coefficient is greater than or equal to the first threshold and less than or equal to the second threshold, it is marked as 'b', assigned a second-level character, and 'b' is combined with the second-level character to generate a standard mode; for the standard mode, batch certificate endorsement broadcast based on symmetric encryption algorithm is used during certificate authentication, and batch certificate endorsement broadcast based on symmetric encryption algorithm is used to reduce the storage load of the blockchain ledger; if the security impact coefficient is greater than the second threshold, it is marked as The coefficient is labeled 'c', assigned a third-level character, and 'c' is combined with the third-level character to generate an enhanced mode. For this enhanced mode, a fragmented certificate synchronization mode based on hash digest is adopted during certificate authentication, broadcasting only state root change information to achieve the lowest latency certificate authentication update. The first threshold is less than the second threshold, and the first and second thresholds are obtained through cross-validation, including: using the security impact coefficient of historical data as a training set, and inputting the first and second thresholds into a random forest, employing 5-fold cross-validation, and automatically searching for the optimal first and second thresholds during training to avoid overfitting; for example: dividing historical data into a training set and a validation set; for each candidate first and second threshold, generating a judgment vector using the training set and training a classifier; calculating the accuracy on the validation set, and selecting the first and second thresholds with the highest accuracy.
[0070] Based on the entropy change rate, authentication strength, and encryption mode, combined with the real-time attack mode, a multi-dimensional state vector is constructed: [entropy change rate, authentication strength, encryption mode, real-time attack mode]. The multi-dimensional state vector is standardized and normalized, mapping all elements to the interval between 0 and 1. The multi-dimensional state vector is input into a preset policy network, which includes an encoder layer, an LSTM hidden layer, and an action output layer. The encoder layer performs feature compression on the multi-dimensional state vector, and the LSTM hidden layer captures the temporal dependencies of the states, providing deep feature support for action decisions. By defining the action space of the load balancer, a reward function is constructed to maximize the signature success rate and minimize the certificate authentication latency. These are quantified into corresponding reward items and assigned preset weights. The signature success rate reward item is positively correlated with the actual successful signature ratio, while the authentication latency reward item is inversely correlated with the average latency. The total reward is the weighted sum of the two, used to quantify the policy execution effect and obtain the initialized policy network parameters.
[0071] A PPO optimization algorithm is introduced, which calculates the action advantage function based on generalized advantage estimation. The PPO pruning objective function is used to constrain the policy update magnitude. The policy network parameters are optimized through gradient ascent, and the policy is continuously optimized iteratively. The iteration terminates when the preset maximum number of iterations is reached. The policy network parameters with the highest total reward are selected as the optimal policy encoding. During the online inference phase, the multi-dimensional state vector constructed in real time is input into the policy network, and the mean of the action distribution is directly output as the optimal action policy. The optimal action policy of the load balancer is output through the action output layer, including the adjustment step size of the key update cycle and the weight interpolation coefficient of the distribution weight. It should be noted that the adjustment step size of the key update cycle is within the preset maximum positive and negative adjustment thresholds, with positive values representing an extension of the key update cycle and negative values representing a shortening of the key update cycle. The adjustment step size of the weight interpolation coefficient of the distribution weight is limited to a preset adjustment range. The weight interpolation coefficient is introduced, and the distribution weight is smoothed through a linear interpolation algorithm. The result after interpolation is normalized, and the final distribution weight of each cooperative gateway is output.
[0072] By introducing a spatial index architecture, the collaborative signature process is abstracted into a mathematical modeling problem, capturing the spatial distribution characteristics of attack behavior in real time and accurately obtaining the entropy change rate of high-dimensional attack feature vectors. The signature triggering area is identified by analyzing protocol fingerprints. Simultaneously, a speed influence function is constructed by combining the real-time signature rates of each authenticator, generating a security influence coefficient. This dynamically adjusts the encryption mode of the corresponding certificate authentication on the blockchain server, improving encryption protection strength and enhancing automatic optimization of encryption computing power consumption. By constructing a state space based on entropy change rate, authentication strength, encryption mode, and real-time attack mode, and defining the action space of the load balancer, a reward function objective is constructed to maximize the signature success rate and minimize certificate authentication latency. The PPO optimization algorithm is introduced to autonomously select the optimal reward to trigger the optimal action strategy, achieving reinforcement learning and ensuring system stability under large-scale concurrent signature requests, significantly reducing certificate authentication latency.
[0073] In the application, the various formulas mentioned are all calculated by removing dimensions and taking their numerical values. The formulas are derived from the most recent real-world situation by collecting a large amount of data and conducting software simulations. The formulas are set by those skilled in the art according to the actual situation.
[0074] The above embodiments can be implemented, in whole or in part, by software, hardware, firmware, or any other combination thereof. When implemented in software, the above embodiments can be implemented, in whole or in part, as a computer program product. Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution.
[0075] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment, depending on actual needs.
[0076] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application.
Claims
1. A multi-party secure electronic signature and certificate authentication method based on key component collaboration, applied to users, authenticators, load balancers, and blockchain servers in the collaborative signature process, characterized in that... The method includes: Based on historical attack patterns and key update cycles, a predictive learning model including short, medium, and long-term predictions is established to predict the overall failure probability of each key component and determine the distribution weight of each key component. A collaborative gateway is deployed through a load balancer and dynamically adjusts the distribution weight of each key component in response to preset instructions. At the same time, the distribution weight is combined with the load parameters collected in real time by the blockchain server to dynamically adjust the authentication strength in the collaborative signature process. The predicted overall failure probability of each key component includes: Based on historical attack patterns and key update cycles, the interaction features of key components are captured in real time, including at least the number of attacks and protocol timing deviations during multi-party collaboration. The interaction features are normalized, and an autoencoder is used to extract high-dimensional attack feature vectors to build a dynamically updated historical attack pattern feature library. At the same time, short, medium and long-term prediction learning models are established, and different algorithm models are configured according to the historical attack pattern feature library. The failure probability outputs of short, medium and long term predictions are time-aligned, and the weight coefficients are adjusted by combining the cumulative number of signatures of the key components. Through weighted aggregation, the comprehensive failure probability of the key components in a single key update cycle is generated, and the reciprocal of the comprehensive failure probability is taken as the distribution weight. After each prediction in a key update cycle is completed, the new key components are added to the sliding window. When the prediction error exceeds the preset number threshold for several consecutive times, the prediction learning model is retrained. The dynamic adjustment of authentication strength during the collaborative signature process includes: The transaction pool depth, encryption algorithm dimension, and block height are identified based on load parameters and normalized as evaluation indicators. The evaluation indicators are compared with standard indicators to obtain the corresponding deviation values. A topology model of users, authenticators, load balancers, and blockchain servers is constructed. Based on the topology model, the signature logs in the collaborative signature process are retrieved as training sets, and the obtained distribution weights and deviation values are used as input feature matrices. According to the signature success rate of the signature logs, each training set is configured with a corresponding identity verification strength label, including low, medium, and high strength levels. The distribution weights are mapped to the deviation values, the mean of the probability distribution of each dimension in the training set is extracted, and the expected observation frequency of different authentication strength labels is calculated. The chi-square statistic is obtained by comparing the proportion of the squared difference between the actual observation frequency and the expected observation frequency in the training set, which quantifies the correlation of the input feature matrix with different authentication strength labels. The chi-square statistics are sorted in descending order, a dynamic correlation curve is plotted, the stationary region in the dynamic correlation curve is identified, the weight distribution of each dimension with the smallest volatility of the curve is extracted, and configured as the optimal control parameter. The authentication strength in the current collaborative signature process is output, and the process is iterated. By having users initiate signature requests, a traffic monitoring plugin is set up at the certifying party, a spatial index architecture is introduced, the protocol fingerprint of the key components is analyzed, the signature triggering area of each key component is identified in real time, and the entropy change rate is obtained. Combined with the signature rate of each certifying party per unit time, the encryption mode of the corresponding certificate authentication of the blockchain server is dynamically adjusted.
2. The method for multi-party secure electronic signature and certificate authentication based on key component collaboration according to claim 1, characterized in that, Also includes: Based on the entropy change rate, authentication strength, and encryption mode, combined with the real-time attack mode, a multi-dimensional state vector is constructed. The multidimensional state vector is input into the preset policy network. By defining the action space of the load balancer, a reward function is constructed to maximize the signature success rate and minimize the certificate authentication latency. The optimal action policy of the load balancer is output, including the adjustment step size of the weight interpolation coefficients for correcting the key update cycle and distribution weight.
3. The method for multi-party secure electronic signature and certificate authentication based on key component collaboration according to claim 1, characterized in that, Acquiring historical attack patterns includes: Within a preset time period, the hardware parameters of the key components distributed by the collaborative gateway are monitored in real time, including voltage ripple and buffer collision frequency, to establish a three-dimensional monitoring vector; by dividing the preset time period into several time periods, the average value and standard deviation of the hardware parameters are analyzed for each time period to construct a variety of first judgment curves; The DTW algorithm is used to compare multiple first judgment curves with the standard judgment curve one by one. If at least one first judgment curve has a matching degree greater than the preset matching threshold with the standard judgment curve, it is determined that the attack occurred during that time period. For the time period of the attack, the second judgment curve with voltage ripple as the horizontal axis, buffer collision frequency as the vertical axis, and timestamp as the third axis is used to obtain the motion trajectory and direction of movement on the plane containing the horizontal and vertical axes, and to establish a dynamic cross section. By analyzing the intersection area, difference area, and total non-overlapping area after the cross-sections are superimposed with the standard judgment, the attack mode is determined, including: replay attack, man-in-the-middle interference, and collusion attack.
4. The multi-party secure electronic signature and certificate authentication method based on key component collaboration according to claim 1, characterized in that, Configure different algorithm models, including: Short-term prediction: Analyze the temporal perturbation characteristics of high-dimensional attack feature vectors using exponential weighted average to predict the failure probability of key components; Medium-term prediction: Analyze the evolution gradient characteristics of high-dimensional attack feature vectors using ridge regression to predict the failure probability of key components; Long-term prediction: Combine the key update cycle with logistic regression model analysis of the evolution trend of historical high-dimensional attack feature vectors to predict the failure probability of key components.
5. The method for multi-party secure electronic signature and certificate authentication based on key component collaboration according to claim 1, characterized in that, Introducing a spatial indexing architecture, including: Responding to the signature request and simultaneously collecting the protocol fingerprint during the collaborative signature process, the protocol fingerprint is mapped to a high-dimensional feature space to form a protocol feature point set; wherein, the protocol fingerprint includes a one-way hash function, the signature distribution delay, and the signature request timestamp; Extract the geometric center of the protocol feature point set and establish a multi-dimensional feature coordinate system; perform principal component analysis on the protocol feature point set to extract statistical features, analyze the two feature vectors with the largest dispersion as target directions, and form a first spatial plane; wherein, the target directions include the first target direction and the second target direction; The protocol feature point set is projected onto the first spatial plane to obtain the projected point cluster, and the extreme values of the coordinates of the projected point cluster in the target direction are calculated. The minimum bounding rectangle is fitted and marked as the second spatial plane. The second spatial plane is divided into several grid cells, and each grid cell represents a signature triggering region.
6. The multi-party secure electronic signature and certificate authentication method based on key component collaboration according to claim 5, characterized in that, Obtaining the rate of entropy change includes: Retrieve the protocol feature point set of the current grid cell, form sample clusters through cluster analysis, and calculate the information entropy; The topology model is retrieved, and the signature logs are compared in real time to filter out the authenticators whose online duration is greater than or equal to the standard online duration threshold. The corresponding information entropy is differentially differentiated over a key update cycle to obtain the entropy change rate.
7. The method for multi-party secure electronic signature and certificate authentication based on key component collaboration according to claim 1, characterized in that, Encryption modes include Fast mode, Standard mode, and Enhanced mode.