CN120185801A - Key recovery method, device, computer equipment and storage medium - Google Patents
Key recovery method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN120185801A CN120185801A CN202311762623.8A CN202311762623A CN120185801A CN 120185801 A CN120185801 A CN 120185801A CN 202311762623 A CN202311762623 A CN 202311762623A CN 120185801 A CN120185801 A CN 120185801A
- Authority
- CN
- China
- Prior art keywords
- key
- share
- shares
- confusing
- confusion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
本申请涉及一种密钥恢复方法、装置、计算机设备、存储介质和计算机程序产品。所述方法包括:在接收到密钥恢复请求的情况下,对所述密钥恢复请求的来源方进行身份验证;在身份验证通过的情况下,提取所述密钥恢复请求中的混淆密钥份额存储;在存储的混淆密钥份额的数量达到第一数量的情况下,确定与混淆密钥份额对应的预设解密方式;按照所述预设解密方式对各混淆密钥份额进行解密,得到密钥份额;根据所述第一数量个的密钥份额进行密钥恢复,得到主密钥。采用本方法能够提高密钥安全性。
The present application relates to a key recovery method, apparatus, computer equipment, storage medium and computer program product. The method comprises: upon receiving a key recovery request, authenticating the source of the key recovery request; upon passing the identity authentication, extracting the obfuscated key share storage in the key recovery request; upon the number of stored obfuscated key shares reaching a first number, determining a preset decryption method corresponding to the obfuscated key share; decrypting each obfuscated key share according to the preset decryption method to obtain a key share; and performing key recovery based on the first number of key shares to obtain a master key. The use of this method can improve key security.
Description
Technical Field
The present application relates to the field of computer technology, and in particular, to a key recovery method, apparatus, computer device, storage medium, and computer program product.
Background
With the development of computer technology, cryptography technology, which is the technical science of researching and compiling passwords and decrypting passwords, has emerged. The key can be used for encrypting and decrypting the important information in an electronic form, so that the encryption storage and transmission of the information are realized, and the safety of the information can be ensured. The traditional information encryption mode generally adopts a secret key held by an information owner to encrypt, and once the secret key is stolen, an attacker can easily steal the information, so that certain potential safety hazards exist.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a key recovery method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve information security.
In a first aspect, the present application provides a key recovery method, including:
under the condition that a key recovery request is received, carrying out identity verification on a source side of the key recovery request;
extracting the confusing key share storage in the key recovery request under the condition that the identity verification is passed;
Under the condition that the number of stored confusing key shares reaches a first number, determining a preset decryption mode corresponding to the confusing key shares;
Decrypting each mixed key share according to the preset decryption mode to obtain a key share;
And performing key recovery according to the first number of key shares to obtain a master key.
In a second aspect, the present application also provides a key recovery apparatus, including:
The verification module is used for carrying out identity verification on the source side of the key recovery request under the condition that the key recovery request is received;
the extracting module is used for extracting the mixed key share storage in the key recovery request under the condition that the identity verification is passed;
the determining module is used for determining a preset decryption mode corresponding to the confusing key shares under the condition that the number of the stored confusing key shares reaches the first number;
The decryption module is used for decrypting each mixed key share according to the preset decryption mode to obtain the key share;
And the recovery module is used for carrying out key recovery according to the first number of key shares to obtain a master key.
In a third aspect, the present application also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the key recovery method when the computer program is executed by the processor.
In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of a key recovery method.
In a fifth aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of a key recovery method.
The key recovery method, the device, the computer equipment, the storage medium and the computer program product carry out identity verification on the source side of the key recovery request under the condition that the key recovery request is received, and extract the mixed key share in the key recovery request for storage under the condition that the identity verification is passed. Under the condition that the number of stored mixed key shares reaches the first number, a preset decryption mode corresponding to the mixed key shares is determined, and then each mixed key share is decrypted according to the preset decryption mode to obtain key shares, so that key recovery can be carried out according to the first number of key shares, and a master key is obtained. That is, the application divides the master key into a plurality of key shares, so that even if a part of key shares are stolen, an attacker cannot acquire the complete key, the difficulty of stealing the complete key by a malicious attacker is increased, and meanwhile, by confusing each key share, an additional protection layer is further provided for the master key, even if the key shares are exposed, the original master key is difficult to restore, and the security of information encryption can be greatly improved. In addition, under the condition of receiving the key recovery request, the application can prevent illegal use of the key by checking the validity of the identity, thereby further guaranteeing the information security.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is an application environment diagram of a key recovery method in one embodiment;
FIG. 2 is a flow diagram of a key recovery method in one embodiment;
FIG. 3 is a flow diagram that illustrates the steps of obfuscating key share distribution in one embodiment;
FIG. 4 is a schematic diagram of key share confusion in one embodiment;
FIG. 5 is a schematic diagram of key share confusion in another embodiment;
FIG. 6 is a schematic diagram of a confusing key share distribution in one embodiment;
FIG. 7 is a flowchart showing steps for extracting a confusing key share store in a key recovery request in the event of authentication pass, in one embodiment;
FIG. 8 is a flow chart of a key recovery method according to another embodiment;
FIG. 9 is a block diagram of a key recovery device in one embodiment;
Fig. 10 is an internal structural view of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The key recovery method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Wherein the terminal 102 communicates with the computer device 104 via a network. The data storage system may store data that computer device 104 needs to process. The data storage system may be integrated on the computer device 104 or may be located on a cloud or other network server. The terminal 102 sends a key recovery request to the computer device 104, the computer device 104 performs identity verification on a source side of the key recovery request when receiving the key recovery request, extracts and stores the mixed key shares in the key recovery request when the identity verification passes, determines a preset decryption mode corresponding to the mixed key shares when the number of the stored mixed key shares reaches a first number, decrypts each mixed key share according to the preset decryption mode to obtain the key shares, and performs key recovery according to the key shares of the first number to obtain the master key.
The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices (such as vehicle terminals), and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The computer device 104 may be a terminal or a server, where the server may be an independent physical server, or may be a server cluster or a distributed system formed by multiple physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and an artificial intelligence platform. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the present application is not limited herein.
The key recovery method of the present application may be performed by a smart contract, which may be a smart contract deployed on a blockchain. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The blockchain underlying platform may include processing modules for user management, basic services, smart contracts, and operational monitoring. The system comprises a user management module, a base service module, a public and private key generation (account management), a key management and a corresponding relation maintenance (authority management) of a user real identity and a blockchain address, and the like, wherein the user management module is responsible for identity information management of all blockchain participants, comprises maintenance of public and private key generation (account management), key management, maintenance of a corresponding relation between the user real identity and the blockchain address (authority management) and the like, and provides rule configuration (wind control audit) of risk control under the authorized condition, the base service module is deployed on all blockchain node devices and is used for verifying the validity of service requests, recording the valid requests after the valid requests are completed, for a new service request, the base service firstly carries out interface adaptation analysis and authentication processing (interface adaptation), then carries out encryption (consensus management) on the service information, and carries out recording and storage on a shared account book (network communication) after the encryption, the intelligent contract module is responsible for registration issuing of contracts and contract triggering and contract execution, developers can define contract logic through programming languages, issue contract logic on the blockchain (contract registering), call keys or other event triggering execution according to contract logic, and complete contract logic, and provide updating and upgrading main function monitoring and main contract updating function, and monitoring device in real-time monitoring and monitoring conditions in a cloud monitoring and monitoring device.
The platform product service layer provides basic capabilities and implementation frameworks of typical applications, and developers can complete the blockchain implementation of business logic based on the basic capabilities and the characteristics of the superposition business. The application service layer provides the application service based on the block chain scheme to the business participants for use.
In an exemplary embodiment, as shown in fig. 2, a key recovery method is provided, and an example of application of the method to the computer device in fig. 1 is described, including the following steps 202 to 210. Wherein:
Step 202, in the case of receiving the key recovery request, performing identity verification on the source side of the key recovery request.
Wherein the key recovery request is a request for recovering the master key. In particular, the computer device may perform authentication on the source of the key recovery request in the case of receiving the key recovery sent by the terminal, to confirm whether the source of the key recovery request is a party participating in preserving the confusing key share. If yes, the key recovery request is legal, otherwise, the computer equipment can not respond to the key recovery request, so that illegal use of the master key is prevented, and information security is ensured.
In some embodiments, the computer device may receive one key recovery request at a time, or may receive multiple key recovery requests at a time, where different key recovery requests may originate from the same source or may originate from different sources, and embodiments of the present application are not limited in this respect.
In some embodiments, when any one of the participants determines that a condition is met, a key recovery request may be initiated based on its own saved confusing key shares. In some embodiments, the party may encrypt its own stored obfuscated key share with its own party public key and send the encrypted result to the computer device, thereby requesting recovery of the master key.
In some embodiments, the computer device may authenticate the source of the key recovery request by extracting data carried in the key recovery request, including encrypted data and the source identification. Searching a source party identifier from a party identifier list, acquiring a party public key based on the searched party identifier if the party identifier matched with the source party identifier is searched, decrypting the encrypted data through the party public key, and determining that the identity verification is passed if the decryption is successful.
The source identifier is used for uniquely identifying the initiator of the key recovery request, and specifically may be a terminal identifier or an account identifier of the initiator of the key recovery request, which may be generally represented by letters, characters, numbers, or character strings. The participants refer to objects which receive the confusing key shares when the confusing key shares are distributed in advance, and the participant identification list is a list formed by the participant identifications of all the participants. The participant identification is used for uniquely identifying the participant, and can be letters, characters, quantity, character strings or the like.
Specifically, the computer device may extract the source identifier from the key recovery request, and further determine, by using a table look-up method, whether the source identifier exists in the participant identifier list. If so, the matching is determined to be up, and then the public key of the participant can be obtained based on the participant identification of successful matching.
In some embodiments, the computer device may have stored in advance participant public keys corresponding to the respective participants, which may be public keys of the participants or keys that the participants transfer to the computer device through a trusted communication environment.
In some embodiments, the computer device may store the participant identifier and the participant public key of each participant in association in the form of a table or database, and further obtain the participant public key according to the participant identifier in a scenario requiring validity verification.
Further, the computer device may decrypt the encrypted data with the public key of the party, and if the decryption is successful, it indicates that the encrypted data is encrypted based on the private key of the party, that is, sent by the legitimate party. Thus, the source may be considered to be authenticated.
In the above embodiment, the party public key performs identity verification on the source party of the key recovery request, so that the authenticity and reliability of the source of the master key to be recovered can be ensured, the malicious situation can be avoided, and the use security of the master key can be further enhanced.
In some embodiments, the computer device may also use other ways to authenticate the identity of the source, so long as the identity of the source can be verified, which is not limited by the embodiments of the present application. For example, the computer device may detect whether a preset credential exists in the key recovery request, if so, indicate that the source is authenticated, and if not, indicate that the source is not authenticated. The preset certificate is a certificate agreed in advance by the participant and the computer equipment and is used for proving the identity of the participant. For example, the computer device may extract the source identifier from the key recovery request, indicate that the source is authenticated if the source identifier is present in the list of source identifiers and the source identifier is not authenticated if the source identifier is not present.
In some embodiments, the key recovery method of the present application may be performed by a smart contract deployed on a computer device. An intelligent contract is a computer protocol that aims to propagate, verify, or execute contracts in an informative manner. Smart contracts allow trusted transactions to be made without third parties, which transactions are traceable and irreversible. Conventionally, intelligent contracts are well-defined computer programs that automatically execute trusted contract content without the involvement of third party intermediaries, all of which are publicly available and irreversible.
The intelligent contract contracting process includes the steps of establishing common agreements into one intelligent contract after the agreement of the participating parties, broadcasting and storing the intelligent contract to the fulcrums of all global blockchains through a blockchain network, and automatically executing contract contents after successful intelligent contract establishment waiting conditions are met.
In some embodiments, a smart contract may be deployed in advance in a computer device (e.g., a smart contract platform) that has the ability to authenticate the source and decrypt the obfuscated key shares, while automatically executing the contract content after the master key is reconstructed. When the intelligent contract is a contract for transferring resources, the corresponding contract content is automatically transferred resources.
Step 204, extracting the confusing key share storage in the key recovery request in case the authentication passes.
Specifically, in the case that the authentication passes, the computer device may directly extract the mixed key share carried in the key recovery request, and store the mixed key share in the preset storage space. The preset storage space may be a space dedicated to storing the obfuscated key share, and specifically may be a buffer queue, a table, a database, or other storage space, which is not limited in the embodiment of the present application.
In step 206, if the number of stored obfuscated key shares reaches the first number, a preset decryption manner corresponding to the obfuscated key shares is determined.
It will be appreciated that each time a computer device receives a key recovery request, it will authenticate the source of the key recovery request, and in the event that authentication is passed, the obfuscated key shares in the key recovery request will be extracted for storage. Thus, as the number of authenticated key recovery requests received increases, the number of confusing key shares stored in the preset memory space correspondingly increases.
When the computer device determines that the number of the confusing key shares stored in the preset storage space reaches the first number, a preset decryption manner corresponding to the confusing key shares may be determined. Wherein the first number is the minimum number required for reconstructing the master key.
In some embodiments, after a plurality of key shares are obtained in advance based on the master key splitting, different encryption modes are adopted for different key shares to obtain mixed key shares. Therefore, for each different confusion key share, the corresponding preset decryption mode is available and different from each other.
In some embodiments, after obtaining multiple key shares based on master key splitting in advance, the same encryption mode is used for processing different key shares to obtain mixed key shares. Therefore, for each different confusion key share, the same preset decryption mode is corresponding.
In some embodiments, the computer device encrypts the key shares using a predetermined confusion function, so that during decryption, an anti-confusion function, which is the inverse of the predetermined confusion function, may be used for decryption.
And step 208, decrypting each mixed key share according to a preset decryption mode to obtain the key share.
In some embodiments, after a plurality of key shares are obtained in advance based on the master key splitting, different encryption modes are adopted for different key shares to obtain mixed key shares. Therefore, for each different confusion key share, the corresponding preset decryption mode is available and different from each other.
Furthermore, for any confusing key share, the computer device may decrypt the confusing key share by adopting a preset decryption method matched with the confusing key share, so as to obtain the key share. Thus, after all of the first number of confusing key shares are decrypted, the first number of key shares is obtained.
In some embodiments, after obtaining multiple key shares based on master key splitting in advance, the same encryption mode is used for processing different key shares to obtain mixed key shares. Therefore, for each different confusion key share, the same preset decryption mode is corresponding.
Furthermore, for all the secret key shares, the computer device may adopt the same preset decryption method to decrypt the secret key shares to obtain the secret key shares. Thus, after all of the first number of confusing key shares are decrypted, the first number of key shares is obtained.
In some embodiments, the computer device encrypts the key shares using a predetermined confusion function, so that during decryption, an anti-confusion function, which is the inverse of the predetermined confusion function, may be used for decryption. A predetermined aliasing function such as an exclusive or function, and a back aliasing function such as an inverted exclusive or function.
In some embodiments, the computer device may encrypt the key shares using a shift or an ectopic operation, so that during decryption, the obfuscated key shares may be inversely shifted or inversely ectopic.
And step 210, performing key recovery according to the first number of key shares to obtain a master key.
In particular, in case the number of stored key shares reaches the first number, the computer device may perform the key reconstruction by interpolation from the first number of key shares to obtain the master key. In some embodiments, the computer device may derive the master key by a Lagrangian interpolation formula and performing a calculation based on k key shares. In other embodiments, the computer device may use differential interpolation and calculate based on k key shares to obtain the master key.
It should be noted that the plurality of key shares may be obtained by processing the master key in advance in the following manner:
the computer device or smart contract deployment party may construct a k-1 th order polynomial with the master key as a constant term, the k-1 th order polynomial being as follows: Where s is the master key, a 1、a2……ak-1 is the coefficients of the polynomial, P is the prime number, mod (P) is modulo P. The computer device may take N different x's to be substituted into F (x), obtain N group key shares [ x 1,F(x1)]、[x2,F(x2)]……[xN,F(xN ], and distribute the N group key shares to N participants for respective custody.
After the computer device has acquired k key shares, the following polynomial may be constructed: The polynomial is a variation of the above polynomial, where x i is the value of x in the ith group key share, y i is the value of F (x i) in the ith group key share, and x j is the value of x in the jth group key share.
The computer device may then take x=0 and substitute k key shares into the polynomial, respectively, to solve for F (0), i.e. the value of the master key.
In some embodiments, the computer device may further generate the second number of key shares by using the master key in other manners, and reconstruct the first number of key shares to obtain the master key by using a reconstruction manner matched with the key share generation manner. For example, the computer device may generate the second number of key shares based on the master key by Shamir secret sharing (a threshold secret sharing technique), blakley secret sharing (a threshold secret sharing technique), CRT (chinese remainder theorem) secret sharing, or the like, and then reconstruct the master key based on the k key shares by a reconstruction method that matches the key share generation method.
According to the key recovery method, under the condition that the key recovery request is received, the identity of the source side of the key recovery request is verified, and under the condition that the identity verification is passed, the mixed key share in the key recovery request is extracted and stored. Under the condition that the number of stored mixed key shares reaches the first number, a preset decryption mode corresponding to the mixed key shares is determined, and then each mixed key share is decrypted according to the preset decryption mode to obtain key shares, so that key recovery can be carried out according to the first number of key shares, and a master key is obtained. That is, the application divides the master key into a plurality of key shares, so that even if a part of key shares are stolen, an attacker cannot acquire the complete key, the difficulty of stealing the complete key by a malicious attacker is increased, and meanwhile, by confusing each key share, an additional protection layer is further provided for the master key, even if the key shares are exposed, the original master key is difficult to restore, and the security of information encryption can be greatly improved. In addition, under the condition of receiving the key recovery request, the application can prevent illegal use of the key by checking the validity of the identity, thereby further guaranteeing the information security.
Before receiving the key recovery request, the master key is further split into a plurality of key shares in advance, and the key shares are mixed to obtain mixed key shares. The confusing key shares are distributed to a plurality of participants for escrow. When the master key reconstruction is needed, the terminal can initiate a key recovery request to the computer equipment. It should be noted that the steps of key splitting, confusion, and distribution may be specifically performed by a computer device in the present application, or may be performed by another computer device, which is not limited by the embodiment of the present application. The following describes in detail the steps performed by the computer device in the present application for key splitting, confusion, and distribution:
in some embodiments, the method further comprises the step of obfuscating the key share distribution, the step specifically comprising:
step 302, a master key is obtained and a second number of key shares is generated from the master key.
The master key is a key for encrypting data to be protected, so as to prevent the data to be protected from being revealed or stolen. The data to be protected may be media data, session message, voice data, or digital asset.
In some embodiments, the master key may be, in particular, a wallet key of an electronic wallet. The electronic wallet may be in particular a digital wallet or a software wallet for storing resources in electronic form. In other embodiments, the master key may be a key associated with an actual service, such as a user private key, or a symmetric key for data storage and transmission, which is not limited by the embodiments of the present application.
In particular, the computer device may itself generate the master key or receive the master key transmitted by other computer devices. The computer device may then generate a second number of mutually different key shares based on the master key, wherein at least k key shares may be used to recover the resulting master key.
In some embodiments, the wallet creator may generate a digital wallet and set a wallet key, which is passed to the computer device today, which may take the received wallet key as the master key.
Further, the computer device may construct a k-1 th order polynomial with the master key as a constant term as follows: Wherein s is a master key, a 1、a2……ak-1 is a coefficient of the polynomial, and P is a prime number. The computer device may take N different x's to be substituted into F (x) to obtain N group key shares, and distribute the N group key shares to N participants for respective storage.
Of course, the computer device may also generate multiple key shares based on the master key in other manners, such as by Blakley (a threshold secret sharing technique) secret sharing or CRT (China remainder theorem) secret sharing, which are not limited by the embodiments of the present application.
Step 304, determining noise data, and respectively encrypting each key share through the noise data to obtain a second number of mixed key shares.
The noise data may specifically be preset fixed noise or random noise, such as preset values, preset symbols, random values, random symbols, and the like.
During the encryption process of the key shares by the noise data, the computer device may determine noise data that matches each key share separately. In particular, the computer device may use different noise data for the different key shares to obfuscate to obtain the obfuscated key shares. Or the same noise data is adopted for mixing different key shares, so as to obtain mixed key shares. Or the same noise data is used for the partial key shares to be mixed, and different noise data is used for the partial key shares to be mixed. The embodiment of the present application is not limited thereto.
In some embodiments, after determining the noise data matched with each key share, the computer device may determine a confusion manner corresponding to each key share, and perform encryption processing on the key share and the noise data through the corresponding confusion manner to obtain a confusion key share. In particular, the computer device may use different obfuscation methods for different key shares to obtain obfuscated key shares. Or the same confusion mode is adopted for different key shares, so as to obtain the confusion key shares. Or the same confusion mode is adopted for part of the key shares, and different confusion modes are adopted for part of the key shares. The embodiment of the present application is not limited thereto.
For N key shares, the computer device may encrypt the N key shares using the same noise data and the same confusion, resulting in N confusion key shares.
For N key shares, the computer device may encrypt the N key shares using the same noise data and different aliasing methods to obtain N aliased key shares.
For example, for the key share 1, the computer device may use the noise data Z and the confusion mode 1 to encrypt the key share to obtain the confusion key share 1, for the key share 2, the computer device may use the noise data Z and the confusion mode 2 to encrypt the key share to obtain the confusion key share 2.
For N key shares, the computer device may encrypt the N key shares using different noise data and the same confusion, resulting in N confusion key shares.
For example, for the key share 1, the computer device may use the noise data 1 and the confusion manner H to encrypt the key share to obtain the confusion key share 1, for the key share 2, the computer device may use the noise data 2 and the confusion manner H to encrypt the key share to obtain the confusion key share 2.
For N key shares, the computer device may encrypt the N key shares using different noise data and different aliasing methods to obtain N aliased key shares.
For example, for the key share 1, the computer device may use the noise data 1 and the confusion mode 1 to encrypt the key share to obtain the confusion key share 1, for the key share 2, the computer device may use the noise data 2 and the confusion mode 2 to encrypt the key share to obtain the confusion key share 2.
In some embodiments, the manner in which the computer device encrypts the key share may be by inserting noise data into the key share. For example, for key share n, the computer device may add noise data matching it to the key share n at a preset location, resulting in a garbled key share. The preset position may be a fixed position or a position satisfying a preset rule.
For example, for any key share, the computer device may obfuscate noise data that matches the key share to obtain obfuscated key data. The confusion modes corresponding to different key shares can be the same or different.
For example, the computer device may process all key shares as follows:
in some embodiments, referring to fig. 4, the computer device inserts noise data matching the key share into a fixed location of the key share resulting in a garbled key share. As in fig. 4, noise data matching the key share is inserted between the second data block and the third data span of the key share.
In some embodiments, referring to fig. 5, the computer device may sort the key shares, determine insertion locations corresponding to different key shares in the sorted order, and then insert noise data matched by each key share to the corresponding insertion location. The insertion positions determined according to the sorting order may be distributed in an arithmetic queue, or may be distributed in other mathematical rules, or may not be distributed regularly, which is not limited in the embodiment of the present application. Such as the insertion position of fig. 5, is shifted back one more data block.
Step 306, the second number of confusing key shares is transferred to the second number of parties, wherein each party holds one of the confusing key shares.
Referring to fig. 6, the computer device may communicate a second number of confusing key shares to a second number of parties, each party holding one of the confusing key shares.
In some embodiments, the computer device may issue the obfuscated key share through a network security channel or a preset security protocol. Or a hardware device may also be used to distribute the obfuscated key shares. Each confusing key share is stored separately in a different hardware device, such as u dun, and then the hardware device is distributed to different parties.
In some embodiments, the computer device may communicate the obfuscated key shares by receiving key encryption data sent by the parties, the key encryption data being obtained by encrypting the first shared key with the party private key, decrypting the key encryption data with the party public key to obtain the first shared key, encrypting the obfuscated key shares with the first shared key, and communicating the encrypted obfuscated key shares to the parties.
In particular, before the transfer of the secret key shares, the participant can agree with the computer device on a shared key, i.e. a first shared key, for encrypting the secret key shares, by means of which the security of the secret key share transmission is ensured. The party may generate a symmetric key, use the symmetric key as the first shared key, and transmit the symmetric key to the computer device by secure transmission.
In some embodiments, the party may generate a symmetric key through an encryption algorithm, and encrypt the symmetric key through its own party private key to obtain the key encrypted data. And further transmits the key encrypted data to the computer device. The computer equipment decrypts the key encrypted data through the public key of the participator to obtain the symmetric key, and the symmetric key is used as a first shared key. The computer device may then encrypt the obfuscated key share using the first shared key and send the encrypted obfuscated key share to the participant.
It should be noted that, each participant may negotiate a shared key with the computer device, and when the computer device distributes the confusing key share, the computer device may encrypt the confusing key share with the corresponding shared key and then distribute the confusing key share, so that the security of the confusing key share distribution may be ensured. Of course, a shared key can be shared by a plurality of participants, and when the computer equipment distributes the confusing key share, the computer equipment distributes the confusing key share after encrypting the confusing key share by the same shared key, so that the confusing key share is prevented from being acquired by a non-participant, and the safety of the confusing key share transmission process can be ensured.
In the above embodiment, the first shared key can be transmitted through the private key of the participant, and then the mixed key share is safely transmitted through the first shared key, so that the security of the mixed key share transmission process can be ensured, and the hidden danger of leakage or theft of the mixed key share is avoided.
In some embodiments, the computer device may also distribute the obfuscated key shares by way of quantum key distribution. The method comprises the steps of obtaining a random bit string, randomly selecting a polarization base aiming at any bit value in the random bit string, obtaining quantum bits according to bit values aimed at by encoding the selected polarization base, sending all the quantum bits to a participant to instruct the participant to measure each quantum bit based on the randomly selected polarization base, obtaining measurement results of all the quantum bits, obtaining all the polarization bases selected by the participant, matching all the polarization bases selected locally with all the polarization bases selected by the participant to determine a successfully matched polarization base, determining a second shared key based on bit values corresponding to the successfully matched polarization bases, encrypting a confusing key share through the second shared key, and transmitting the encrypted confusing key share to the participant.
In particular, computer devices may exploit the characteristics of quantum mechanics to enable secure obfuscated key share distribution. The core idea is that some properties of the quantum system are disturbed when measured, so that any third party trying to intercept or measure will cause the qubit in the transmission to inevitably destroy its state, which disturbance can be detected by the sender and the receiver of the key.
The computer device may select a random bit string as the original information, randomly select a polarization basis (e.g., rectangular basis or diagonal basis) for each bit value in the random bit string within a preset range, and encode the bit value with the selected polarization basis.
For example, the random bit string has m bit values, such as a 1A2A3A4…Am, then for each bit value a polarization basis is randomly selected to encode the bit value as a qubit. The m polarization groups may be represented as sequence L 1L2L3L4……Lm and the m qubits may be represented as B 1B2B3B4…Bm.
In turn, the computer device may send each qubit (i.e., encoded bit data, which may represent photons in a polarized state) to the participants.
After each qubit is received by the participant, a polarization basis is randomly selected to measure it. The participant records the measurements and the polarization basis used for each qubit, which can be noted as sequence l 1l2l3l4……lm.
The computer device and the participants disclose the polarization basis used by each, but do not disclose the actual bit values. Thus, the computer device can compare the polarization base sequence L 1l2l3l4……lm disclosed by the participant with the polarization base sequence L 1L2L3L4……Lm selected locally. If the polarization bases with the same serial numbers are the same, the polarization bases corresponding to the serial numbers are considered to be successfully matched, then the computer equipment can screen out bit values corresponding to the serial numbers of the polarization bases which are successfully matched, the bit values which are not matched with the polarization bases are discarded, and then a second shared secret key can be constructed based on the screened bit values. The screened bit values may in particular be combined to form the shared key. And further encrypting the obfuscated key shares with the shared key to enable secure transmission of the obfuscated key shares.
In the above embodiment, the shared key is agreed with the participants by the quantum key distribution manner, so that the mixed key share is encrypted based on the shared key to perform the encrypted transmission of the mixed key share, so that the security of the mixed key share transmission process can be ensured, and the potential safety hazard of leakage or theft of the mixed key share is avoided.
Further, the second shared key is determined based on the bit value corresponding to the successfully matched polarization base, wherein the second shared key comprises the steps of taking the bit value corresponding to the successfully matched polarization base as a target bit value, disclosing part of bit values in the target bit value and acquiring part of data disclosed by the participator, if the part of bit values disclosed locally are consistent with the part of data disclosed by the participator, determining the shared key based on the target bit value, otherwise discarding the target bit value, and returning to the step of acquiring the random bit string to continue to be executed until the second shared key is acquired.
In some embodiments, to detect if there is a risk of information leakage, the computer device and the participant may disclose a portion of the target bit values and compare them. If the disclosed bit values are successfully matched, there is likely to be no risk of information leakage, and if there is a non-matched bit value, it is indicated that information leakage may exist. If information leakage exists, the step of acquiring the random bit string can be returned to be continuously executed so as to acquire a safe shared secret key again. In this way, by disclosing the partial bit value to determine whether there is a risk of information leakage, and reserving the shared key for encryption of a subsequent mixed key share without information leakage, the security of the mixed key share encryption transmission process can be further ensured.
It will be appreciated that in the above embodiments, the computer device is the sender and the participant is the receiver to negotiate the shared key. In practical applications, the shared key may be negotiated by using the computer device as the receiving party and the participating party as the sending party, which is not limited by the embodiment of the present application.
It will be understood that the terms first, second, etc. as used herein may be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another element. For example, the first shared key may be referred to as the second shared key without departing from the scope of the present disclosure.
In the above embodiment, the master key is divided into a second number of key shares in advance, and then each key share is encrypted by noise data, so as to obtain a second number of mixed key shares. And then distributing the second number of the mixed key shares to the second number of the participants, so that each participant keeps own mixed key shares, and at least k mixed key shares are provided to recover the master key when the master key recovery is required. Under the condition that some participants have the loss of the share of the confusing key, the master key can be recovered, and the method is more flexible.
In some embodiments, the method further includes the step of storing configuration data, specifically including recording a correspondence between the confusing key shares and the noise data, and a correspondence between the confusing key shares and the participants, to obtain the configuration data, and storing the configuration data.
Specifically, after obtaining the second number of confusion key shares, the computer device may establish a correspondence between the confusion key shares and noise data, and establish a correspondence between the confusion key shares and the participants. And further obtaining configuration data based on the corresponding relation between the confusing key share and the noise data and the corresponding relation between the confusing key share and the participator, and storing the configuration data in the nonvolatile storage medium.
In some embodiments, the computer device may also establish a correspondence between the obfuscated key shares and the obfuscated manner. And obtaining configuration data based on the corresponding relation between the confusing key share and the noise data, the corresponding relation between the confusing key share and the participator and the corresponding relation between the confusing key share and the confusing mode.
For illustration, please refer to table 1 for the format of the configuration data:
Table 1 configuration data
In some embodiments, the configuration data may further include at least one of a master key, a second number of key shares, a confusing key share distribution time, a confusing key share distribution manner, and the like.
In the above embodiment, the correspondence between the mixed key share and the noise data and the correspondence between the mixed key share and the participant are stored, so that when the key recovery request sent by the participant is received subsequently, the mixed key share can be decrypted to obtain the key share.
In some embodiments, the authentication of the source of the key recovery request includes detecting whether the key recovery request carries a dynamic token, and if so, verifying the validity of the dynamic token and, if the validity verification passes, determining that the source passes the authentication.
It should be noted that the computer device may divide the master key into N key shares (N is a natural number greater than 1 and N is greater than the second number k) in advance, and encrypt each key share to obtain N mixed key shares, where the N mixed key shares are distributed to N participants, and each participant stores one of the mixed key shares. At the same time, each party is provided with a dynamic Token generator which generates a new, random Token, i.e. dynamic Token, within a defined time interval. The dynamic Token generator may specifically be a hardware device or a software application (e.g., google Authenticator).
When a party wants to recover the master key, it is first necessary to provide the current dynamic token. The computer equipment detects whether the dynamic token is carried in the key recovery request, if so, the computer equipment continuously verifies whether the dynamic token is correct and is valid currently so as to verify the legal identity of the participant through the dynamic token. If the dynamic token is not carried in the key recovery request, the computer device can directly discard the key recovery request and not respond.
In some embodiments, the computer device may detect whether the dynamic token is a duplicate dynamic token, if not, determine that the dynamic token passes the validity check and record the dynamic token, and if so, determine that the dynamic token does not pass the validity check. The recorded dynamic token is used for judging the repeatability of the dynamic token in the subsequent key recovery request.
In some embodiments, the computer device may detect whether the dynamic token is within a validity period, if so, determine that the dynamic token passes the validity check, and if not, determine that the dynamic token does not pass the validity check.
In some embodiments, a computer device may detect whether the dynamic token is a duplicate dynamic token, detect whether the dynamic token is within a validity period, determine that the dynamic token is valid if the dynamic token is not a duplicate dynamic token and is within the validity period, and record the dynamic token. Otherwise, determining that the dynamic token fails the validity check.
In the embodiment, the verification of the identity of the source party is realized through the dynamic token, so that the legal identity of the source party can be verified, an illegal attacker can be identified, and the security of key recovery can be ensured.
In some embodiments, referring to fig. 7, in the event that authentication passes, extracting the obfuscated key share store in the key recovery request includes:
in step 702, if the authentication is passed, a setting condition corresponding to the source is determined.
The set condition is a condition that the participant is responsible for confirming whether the master key recovery can be performed or not, and may be pre-submitted to the computer device. The setting conditions for which the different parties are responsible may be the same or different.
For example, for a preset period of time, or for a particular event to occur. In the field of resource inheritance, the condition can be specifically, but not limited to, permission of the digital wallet owner, natural death of the digital wallet owner, presentation of a specific object by the source transfer initiator, triggering of a preset event and the like.
And step 704, extracting the data to be verified carried in the key recovery request.
The data to be verified is data submitted by the party and used for proving that the set condition is achieved. In some embodiments, the computer device may extract the data to be authenticated directly from the data carried by the key recovery request. In other embodiments, the computer device may decrypt the data in the key recovery request with a party public key corresponding to the party initiating the key recovery request to extract the data to be verified. It should be noted that, the decrypted data includes the obfuscated key share in addition to the data to be verified.
Step 706, verifying the data to be verified based on the set condition, and extracting and storing the confusing key share in the key recovery request under the condition that verification is passed.
In particular, the computer device may extract the set conditions associated with the participant from the pre-stored data. And then, whether the setting condition can be met or not is determined based on the data to be verified, if so, the initiation time of the key recovery request is proper, so that verification is determined to pass, and the computer equipment can extract and store the confusing key share in the key recovery request.
In some embodiments, when the computer device determines whether the set condition can be met based on the data to be verified, the computer device may further acquire the predetermined knowledge to perform auxiliary judgment, for example, in the case that the set condition relates to time, the computer device may acquire the current system time, in the case that the judgment condition relates to the occurred event, the computer device may acquire the occurred event from the network or the knowledge base, and so on, so that the accurate judgment of the data to be verified can be achieved through the predetermined knowledge and the set condition together.
In the above embodiment, by verifying the data to be verified, and extracting the confusing key share therein for storage after the verification is passed, the key recovery request which does not meet the submitting requirement can be screened out.
In some embodiments, determining the preset decryption method corresponding to the confusion key share includes reading configuration data, wherein the configuration data records the confusion method corresponding to each participant. And determining confusion modes respectively corresponding to the stored participants from which the confusion key shares are derived according to the configuration data. And determining a preset decryption mode corresponding to each stored confusion key share respectively based on the determined confusion modes.
In particular, the computer device may read the locally stored configuration data. The configuration data is recorded with a confusion mode corresponding to each participant, that is, a correspondence relationship between the participant and the confusion mode. In some embodiments, the configuration data further includes a correspondence between the confusion key share and the noise data, a correspondence between the confusion key share and the participant, and a correspondence between the confusion key share and the confusion manner. For details, refer to table 1 in the previous embodiments.
Furthermore, the computer device may determine the participant identifier of the participant from which each of the confusion key shares stored in the preset storage space originates, and then search in the configuration data according to the participant identifier, so as to determine the confusion manner corresponding to each of the participant identifiers, that is, determine the confusion manner corresponding to each of the confusion key shares.
Illustratively, the obfuscation may be a shift operation, a splice operation, or a sequence of blocking key shares and disturbing different data blocks, which is not limited by the embodiment of the present application.
For any confusing key share, the computer device may determine a preset decryption method that is matched according to the confusing method corresponding to the confusing key share, for example, performing a reverse operation on the confusing method to obtain the preset decryption method. Such as reverse shifting, reverse stitching, or restoring the order of the data blocks to the original order, etc.
It should be noted that, for different key shares, the computer device may use the same confusion manner to encrypt, or may use different confusion manners to encrypt, which is not limited by the embodiment of the present application. Therefore, when determining the preset decryption mode, the preset decryption modes corresponding to different confusion key shares can be the same decryption mode or different decryption modes.
In the above embodiment, the confusion manner corresponding to each confusion key share can be accurately obtained through the configuration data, so that the preset decryption manner corresponding to each confusion key share can be determined according to the confusion manner.
In some embodiments, decrypting each of the obfuscated key shares according to a preset decryption manner to obtain a corresponding key share includes determining noise data used when key obfuscation is performed, decrypting each of the obfuscated key shares according to the preset decryption manner and according to the noise data to obtain a corresponding key share.
In some embodiments, the computer device may determine noise data from the locally stored data, and further, for each mixed key share, decrypt the mixed key share according to a preset decryption manner corresponding to the mixed key share, and obtain the key share through the noise data.
In some embodiments, when encrypting the N key shares, the same noise data may be used for encryption, or different noise data may be used for encryption, which is not limited by the embodiment of the present application.
In the above embodiments, noise data used in performing key obfuscation is used to help decrypt the obfuscated key shares to obtain accurate key shares.
In some embodiments, determining noise data for use in performing key confusion includes determining noise data for use separately for each key share in performing key confusion and determining noise data corresponding separately to stored confusion key shares from the noise data for use separately for each key share. Decrypting each confusing key share according to a preset decryption mode and according to noise data to obtain a corresponding key share, wherein the method comprises the following steps: and decrypting each confusing key share according to a preset decryption mode and according to noise data respectively corresponding to the stored confusing key shares to obtain corresponding key shares.
In some embodiments, when encrypting N key shares, different noise data is used for encryption, so that when decrypting, the noise data corresponding to each confusing key share needs to be confirmed. And further, according to a preset decryption mode, decrypting each confusing key share according to noise data respectively corresponding to the stored confusing key shares to obtain corresponding key shares.
In the above embodiment, the key share can be accurately obtained by decrypting the noise data corresponding to each alias key share according to the noise data.
In some embodiments, the method further comprises a resource transfer step, wherein the resource transfer step specifically comprises the steps of determining a first wallet address associated with a master key, acquiring a preset second wallet address, accessing the first wallet address according to the recovered master key, and performing resource transfer according to the second wallet address.
In some embodiments, the computer device may determine a first wallet address associated with the master key, obtain a second wallet address carried in the key recovery request, or obtain a preset second wallet address, and further access the first wallet address according to the recovered master key, and perform resource transfer according to the second wallet address. That is, the resources in the first wallet to which the first wallet address points are transferred to the second wallet to which the second wallet address points.
In some embodiments, the amount of the resource transfer may be a preset amount, may be an amount carried in the key recovery request, or may be a total amount of all resources in the first wallet.
In some embodiments, the computer device may generate a resource transfer request based on the first wallet address, the second wallet address, and the amount of the resource transfer, and send the resource transfer request to a correlation authority to effect the operation of the resource transfer through the correlation structure.
In some embodiments, the master key, all key shares, and the obfuscated key shares are purged after the resource transfer is completed. That is, after completing the resource transfer, the computer device may clear the master key, all key shares, and the obfuscated key shares. Even if the storage space of the computer equipment is cleaned, the performance of the computer equipment is improved.
In some embodiments, the above-mentioned key recovery method is executed by the smart contract and obtains the master key, so after the smart contract recovers to obtain the master key, the resource transfer can be directly performed based on the first wallet address and the second wallet address stored in advance in the smart contract.
In the embodiment, after the master key is recovered, the resource transfer can be automatically performed, so that the transparency of the resource transfer is ensured to be processed after all conditions are met, and the possibility of human intervention is eliminated.
In some embodiments, referring to fig. 8, the key recovery method includes the steps of:
First phase, key generation phase (including steps 802-804):
At step 802, the original N key shares are constructed.
The computer equipment receives a master key S of the digital wallet automatically generated based on a key algorithm, selects a polynomial of k-1 degrees, sets a constant term as the master key S, randomly selects other terms (selects in a finite field F), obtains a target polynomial, and decomposes the master key S into N key shares. Where k may be a custom value, less than N is required.
At step 804, noise is injected.
Random noise is introduced and mixed with each key share (e.g., complex shifting or ectopic operations) to create a garbled key share. The random noise may be a random number, a random string, or other random data. The noise data is kept in a secure place because they are needed for the recovery process.
Or multiple random noises may be introduced and each key share is assigned a random noise and correlated.
A second phase, a key distribution phase (including step 806):
step 806 distributes the N confusing key shares to the N participants.
The N obfuscated key shares are distributed to N holders or safekeeping institutions, each of which is required to be provided with a dynamic Token generator that will generate a new, random Token within a defined time interval. When a bearer or custody authority wants to recover the master key, they first need to provide the current dynamic token. An intelligent contract deployed in the computer device verifies that this token is correct and currently valid in order to verify the legitimate identity of the bearer or custody institution with this token.
A condition satisfying the submitted confusing key share is set for each holder or custody institution, respectively. Such as reaching a preset time period, or the occurrence of a particular event.
Third phase, smart contract deployment (including step 808):
step 808, deploying a digital resource transfer smart contract on the smart contract platform.
The smart contract is capable of handling dynamic token validation and anti-aliasing of the obfuscated key shares.
Fourth phase, confusing key share commit (including step 810):
at step 810, the party submits a key recovery request.
When the condition set for a certain participant is reached, the mixed key share and the dynamic token held by the participant are submitted to the intelligent contract platform. The intelligent contract verifies whether the dynamic token is legal or not, and if so, the confusing key share is stored first.
Fifth stage, key recovery (including step 812):
step 812, decrypting based on the k confusing key shares to obtain k key shares, and reconstructing based on the k key shares to obtain the master key.
When the smart contract platform receives k confusing key shares, an anti-confusing function can be executed to obtain original key shares, and then the master key is recovered by using the original key share combinations.
Sixth stage, asset transfer (including step 814):
At step 814, the smart contract automatically accesses the digital wallet using the restored master key and transfers the resource to the recipient as specified by the contract.
The recipient creates a new digital wallet or provides a wallet address, and the intelligence transfers the resource from the original wallet to the new wallet after verifying the wallet address. After the resource transfer is completed, destroying all the original key share data.
According to the key recovery method, the master key is divided into the plurality of key shares, so that even if a part of key shares are stolen, an attacker cannot acquire the complete key, and the difficulty of the malicious attacker in stealing the complete key is increased. By introducing random noise to confuse each key share, an additional layer of protection is further provided for the key. Even if the obfuscated key shares are exposed, it is difficult to restore the master key. The dynamic Token generator ensures the legitimacy of the identity of the bearer or institution submitting the obfuscated key share, thereby preventing illegal distribution and use. The submitted conditions are set for each key share holder or organization, different N values and conditions can be set according to different application scenes and requirements, and customization and flexibility are considered. The intelligent contract automated execution ensures transparency of handling asset transitions after all conditions are met, eliminating the possibility of human intervention.
The key recovery method provided by the application is particularly suitable for a resource transfer scene, and the obtained master key, namely the wallet key, can realize automatic resource transfer after the master key is recovered. Of course, the key recovery method provided by the application can also be applied to other scenes, such as a data transmission scene, the recovered master key is a transmission key for encrypting and transmitting important data, and also such as a permission management scene, the recovered master key is an operation credential, and the operation within the permission range of the adaptation is performed through the permission credential.
It should be understood that, although the steps in the flowcharts related to the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a key recovery device for realizing the key recovery method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in one or more embodiments of the key recovery device provided below may refer to the limitation of the key recovery method hereinabove, and will not be repeated here.
In one exemplary embodiment, as shown in FIG. 9, a key recovery apparatus 900 is provided, comprising a verification module 901, an extraction module 902, a determination module 903, a decryption module 904, and a recovery module 905, wherein:
and the verification module 901 is configured to perform identity verification on a source party of the key recovery request when the key recovery request is received.
An extracting module 902, configured to extract the confusing key share storage in the key recovery request if the authentication passes.
The determining module 903 is configured to determine a preset decryption manner corresponding to the confusion key share when the number of stored confusion key shares reaches the first number.
The decryption module 904 is configured to decrypt each mixed key share according to a preset decryption manner, so as to obtain a key share.
A recovery module 905, configured to perform key recovery according to the first number of key shares, to obtain a master key.
In some embodiments, the verification module is specifically configured to detect whether the dynamic token is carried in the key recovery request, and if so, verify the validity of the dynamic token, and determine that the source passes the authentication if the validity verification passes.
In some embodiments, the extracting module is specifically configured to determine a set condition corresponding to the source side when the authentication is passed, extract data to be authenticated carried in the key recovery request, authenticate the data to be authenticated based on the set condition, and extract and store the confusing key share in the key recovery request when the authentication is passed.
In some embodiments, the determining module is specifically configured to read configuration data, where a confusion manner corresponding to each party is recorded in the configuration data, determine, according to the configuration data, a confusion manner corresponding to each party from which each stored confusion key share originates, and determine, based on the determined confusion manners, a preset decryption manner corresponding to each stored confusion key share.
In some embodiments, the decryption module is specifically configured to determine noise data used when performing key confusion, and decrypt each confusion key share according to the noise data in a preset decryption manner, so as to obtain a corresponding key share.
In some embodiments, the decryption module is specifically configured to determine noise data used for each key share when performing key confusion, determine noise data corresponding to the stored confusion key shares from the noise data used for each key share, and decrypt each confusion key share according to a preset decryption manner and according to the noise data corresponding to the stored confusion key shares, to obtain the corresponding key shares.
In some embodiments, the apparatus further comprises a resource transfer module configured to determine a first wallet address associated with the master key, obtain a preset second wallet address, access the first wallet address according to the recovered master key, and perform resource transfer according to the second wallet address.
In some embodiments, the apparatus further comprises a purging module to purge the master key, all key shares, and the obfuscated key shares after completing the resource transfer.
In some embodiments, the apparatus further includes a key distribution module configured to obtain a master key and generate a second number of key shares according to the master key, determine noise data, and encrypt each key share with the noise data to obtain a second number of mixed key shares, and transmit the second number of mixed key shares to a second number of participants, where each participant stores one of the mixed key shares.
In some embodiments, the apparatus further includes a storage module configured to record a correspondence between the confusing key share and the noise data and a correspondence between the confusing key share and the participant to obtain configuration data, and store the configuration data.
The respective modules in the key recovery apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one exemplary embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 10. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing key data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a key recovery method.
It will be appreciated by those skilled in the art that the structure shown in FIG. 10 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (15)
1. A method of key recovery, the method comprising:
under the condition that a key recovery request is received, carrying out identity verification on a source side of the key recovery request;
extracting the confusing key share storage in the key recovery request under the condition that the identity verification is passed;
Under the condition that the number of stored confusing key shares reaches a first number, determining a preset decryption mode corresponding to the confusing key shares;
Decrypting each mixed key share according to the preset decryption mode to obtain a key share;
And performing key recovery according to the first number of key shares to obtain a master key.
2. The method of claim 1, wherein the authenticating the source of the key recovery request comprises:
detecting whether the key recovery request carries a dynamic token or not;
and if the dynamic token is carried, checking the validity of the dynamic token, and determining that the source passes the identity verification under the condition that the validity check passes.
3. The method of claim 1, wherein the extracting the obfuscated key share store in the key recovery request if authentication passes comprises:
under the condition that the identity verification is passed, determining a setting condition corresponding to the source party;
extracting data to be verified carried in the key recovery request;
and verifying the data to be verified based on the set condition, and extracting and storing the mixed key share in the key recovery request under the condition that verification is passed.
4. The method of claim 1, wherein determining the preset decryption means corresponding to the obfuscated key share comprises:
Reading configuration data, wherein confusion modes corresponding to each participant are recorded in the configuration data;
determining confusion modes respectively corresponding to the stored participants from which the confusion key shares are derived according to the configuration data;
And determining a preset decryption mode corresponding to each stored confusion key share respectively based on the determined confusion modes.
5. The method according to claim 1, wherein decrypting each of the obfuscated key shares according to the preset decryption scheme to obtain a corresponding key share comprises:
Determining noise data used in performing key confusion;
And decrypting each mixed key share according to the preset decryption mode and the noise data to obtain a corresponding key share.
6. The method of claim 5, wherein the determining noise data for use in performing key confusion comprises:
determining noise data used separately for each key share in performing key confusion;
From noise data used for each key share, respectively, determining noise data corresponding to the stored confusing key shares respectively;
And decrypting each mixed key share according to the preset decryption mode and the noise data to obtain a corresponding key share, wherein the method comprises the following steps:
And decrypting each confusing key share according to the preset decryption mode and according to the noise data respectively corresponding to the stored confusing key shares to obtain the corresponding key share.
7. The method according to claim 1, wherein the method further comprises:
Determining a first wallet address associated with the master key;
Acquiring a preset second wallet address;
And accessing the first wallet address according to the restored master key, and transferring resources according to the second wallet address.
8. The method of claim 7, wherein the method further comprises:
after the transfer of the resource is completed, the master key, all key shares, and the obfuscated key shares are purged.
9. The method according to any one of claims 1 to 8, further comprising:
acquiring a master key and generating a second number of key shares according to the master key;
Determining noise data, and respectively carrying out encryption processing on each key share through the noise data to obtain a second number of mixed key shares;
and transmitting the second number of confusing key shares to the second number of participants, wherein each participant holds one of the confusing key shares.
10. The method according to claim 9, wherein the method further comprises:
Recording the corresponding relation between the confusing key share and the noise data and the corresponding relation between the confusing key share and the participator to obtain the configuration data;
And saving the configuration data.
11. A key recovery apparatus, the apparatus comprising:
The verification module is used for carrying out identity verification on the source side of the key recovery request under the condition that the key recovery request is received;
the extracting module is used for extracting the mixed key share storage in the key recovery request under the condition that the identity verification is passed;
the determining module is used for determining a preset decryption mode corresponding to the confusing key shares under the condition that the number of the stored confusing key shares reaches the first number;
The decryption module is used for decrypting each mixed key share according to the preset decryption mode to obtain the key share;
And the recovery module is used for carrying out key recovery according to the first number of key shares to obtain a master key.
12. The apparatus according to claim 11, wherein the verification module is specifically configured to:
detecting whether the key recovery request carries a dynamic token or not;
and if the dynamic token is carried, checking the validity of the dynamic token, and determining that the source passes the identity verification under the condition that the validity check passes.
13. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 10 when the computer program is executed.
14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 10.
15. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311762623.8A CN120185801A (en) | 2023-12-19 | 2023-12-19 | Key recovery method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311762623.8A CN120185801A (en) | 2023-12-19 | 2023-12-19 | Key recovery method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN120185801A true CN120185801A (en) | 2025-06-20 |
Family
ID=96028355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311762623.8A Pending CN120185801A (en) | 2023-12-19 | 2023-12-19 | Key recovery method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120185801A (en) |
-
2023
- 2023-12-19 CN CN202311762623.8A patent/CN120185801A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| JP6528008B2 (en) | Personal Device Security Using Elliptic Curve Cryptography for Secret Sharing | |
| JP6547079B1 (en) | Registration / authorization method, device and system | |
| CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
| CN115811412B (en) | Communication method and device, SIM card, electronic equipment and terminal equipment | |
| CN108352015A (en) | Secure multi-party anti-loss storage and encryption key transfer for blockchain-based systems combined with wallet management systems | |
| US20190140819A1 (en) | System and method for mekle puzzles symeteric key establishment and generation of lamport merkle signatures | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN106897879A (en) | Block chain encryption method based on the PKI CLC close algorithms of isomerization polymerization label | |
| CN109286490A (en) | Method and system for deduplication and integrity verification of encrypted data | |
| CN116668072A (en) | A method and system for data security sharing based on multi-authority attribute-based encryption | |
| CN109274644A (en) | Data processing method, terminal and watermark server | |
| CN116232639B (en) | Data transmission method, device, computer equipment and storage medium | |
| CN109754226B (en) | Data management method, device and storage medium | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| Chidambaram et al. | Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique | |
| CN110855667A (en) | Block chain encryption method, device and system | |
| CN114826702B (en) | Database access password encryption method, device and computer equipment | |
| CN119519980B (en) | Identity authentication method and system | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| US20230143356A1 (en) | Method and system for performing cryptocurrency asset transaction | |
| CN116760608A (en) | Data message processing method, system, computer equipment, storage medium | |
| CN120185801A (en) | Key recovery method, device, computer equipment and storage medium | |
| CN117176325A (en) | Encryption processing method, decryption processing method and related devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |