区块链中签名算法什么意思啊,区块链中签名算法什么意思呀
区块链中签名算法(Blockchain Signature Algorithm)是指一种用于数字签名的算法,它可以保证发送者的身份,并且确保消息不被篡改。签名算法是区块链技术中重要的部分,它可以保证交易的安全性,并且可以有效地防止篡改和欺诈。本文将介绍区块链中的三种常见签名算法,分别是椭圆曲线签名算法(Elliptic Curve Signature Algorithm)、哈希函数签名算法(Hash Function Signature Algorithm)和整数因子签名算法(Integer Factor Signature Algorithm)。
椭圆曲线签名算法(Elliptic Curve Signature Algorithm)是一种签名算法,它可以用来创建和验证数字签名。椭圆曲线签名算法是一种非对称加密算法,它利用椭圆曲线的特性来产生一对公钥和私钥。公钥是可以公开分发的,它可以被任何人使用,而私钥是只有发送者自己知道的,它只能在发送者和接收者之间使用。椭圆曲线签名算法是区块链技术中最常用的签名算法,它可以有效地防止篡改和欺诈。
哈希函数签名算法(Hash Function Signature Algorithm)是一种用于数据签名的算法,它可以用来创建和验证数字签名。哈希函数签名算法是一种对称加密算法,它利用哈希函数的特性来产生一个公共的签名。哈希函数签名算法可以有效地防止消息被篡改,同时还可以有效地验证发送者的身份。哈希函数签名算法在区块链技术中也得到了广泛的应用,它可以帮助保证交易的安全性。
整数因子签名算法(Integer Factor Signature Algorithm)是一种用于数字签名的算法,它可以用来创建和验证数字签名。整数因子签名算法是一种非对称加密算法,它利用整数因子的特性来产生一对公钥和私钥。公钥是可以公开分发的,它可以被任何人使用,而私钥是只有发送者自己知道的,它只能在发送者和接收者之间使用。整数因子签名算法是一种经过验证的安全算法,它可以有效地防止篡改和欺诈。
以上就是区块链中的三种常见签名算法的介绍,它们分别是椭圆曲线签名算法、哈希函数签名算法和整数因子签名算法。这三种签名算法都是用于数字签名的算法,它们可以有效地防止篡改和欺诈,并且可以有效地验证发送者的身份。因此,它们在区块链技术中起着重要的作用,可以有效地保证交易的安全性。
请查看相关英文文档
A. The cryptography technology of blockchain includes
Cryptozoology technology is the core of blockchain technology. The cryptographic technology of blockchain includes digital signature algorithm and hash algorithm.
Digital Signature Algorithm
Digital signature algorithm is a subset of the digital signature standard, representing a specific public key algorithm used only for digital signatures. The key is run on the message hash generated by SHA-1: to verify a signature, the hash of the message is recalculated, the signature is decrypted using the public key and the results are compared. The abbreviation is DSA.
Digital signature is a special form of electronic signature. So far, at least more than 20 countries have passed laws recognizing electronic signatures, including the European Union and the United States. my country's electronic signature law was adopted at the 11th meeting of the Standing Committee of the 10th National People's Congress on August 28, 2004. . A digital signature is defined in the ISO 7498-2 standard as: “Some data appended to a data unit, or a cryptographic transformation made to the data unit, which allows the recipient of the data unit to confirm the source and origin of the data unit. The integrity of the data unit and protects the data from forgery by a person (e.g. the recipient)”. The digital signature mechanism provides an identification method to solve problems such as forgery, denial, impersonation and tampering. It uses data encryption technology and data transformation technology to enable both parties to send and receive data to meet two conditions: the receiver can identify what the sender claims. Identity; the sender cannot later deny that it sent the data.
Digital signature is an important branch of cryptography theory. It is proposed to sign electronic documents to replace handwritten signatures on traditional paper documents, so it must have 5 characteristics.
(1) The signature is credible.
(2) The signature cannot be forged.
(3) Signatures are not reusable.
(4) Signed documents are immutable.
(5) The signature is non-repudiation.
Hash algorithm
Hash is to convert an input of any length (also called pre-mapping, pre-image) into a fixed-length output through a hash algorithm, and the output is a hash value. This transformation is a compressed mapping in which the space of hash values is usually much smaller than the space of inputs. Different inputs may hash to the same output, but the input values cannot be deduced in reverse. Simply put, it is a function that compresses a message of any length into a message digest of a fixed length.
Hash algorithm is a one-way cryptographic system, that is, it is an irreversible mapping from plaintext to ciphertext, with only encryption process and no decryption process. At the same time, the hash function can change an input of any length to obtain a fixed-length output. The one-way characteristics of the hash function and the fixed length of the output data allow it to generate messages or data.
Represented by the Bitcoin blockchain, secondary hashing is used many times in the workload proof and key encoding process, such as SHA (SHA256(k)) or RIPEMD160 (SHA256(K)). This method The benefit is that it increases the workload or increases the difficulty of cracking if the protocol is not clear.
Represented by the Bitcoin blockchain, the two main hash functions used are:
1. SHA-256, mainly used to complete PoW (proof of work) calculations;
2.RIPEMD160, mainly used to generate Bitcoin addresses. As shown in Figure 1 below, the process of generating an address from a public key for Bitcoin.
B. What is a blockchain encryption algorithm
Blockchain encryption algorithm (EncryptionAlgorithm)
Asymmetric encryption algorithm is a function that uses an encryption key to The original plaintext file or data is converted into a string of unreadable ciphertext codes. The encryption process is irreversible. Only by holding the corresponding decryption key can the encrypted information be decrypted into readable plain text. Encryption allows private data to be transmitted through public networks with low risk and protects data from being stolen and read by third parties.
The core advantage of blockchain technology is decentralization. It can achieve decentralized credit in a distributed system where nodes do not need to trust each other by using data encryption, timestamps, distributed consensus and economic incentives. Point-to-point transactions, coordination and collaboration, thereby providing solutions to the problems of high cost, low efficiency and insecure data storage common in centralized institutions.
The application fields of blockchain include digital currency, certificates, finance, anti-counterfeiting and traceability, privacy protection, supply chain, entertainment, etc. With the popularity of blockchain and Bitcoin, many related top domain names have been registered. , which has had a relatively large impact on the domain name industry.
C. What is a digital signature
Digital signature is an encryption mechanism used to verify the authenticity and integrity of numbers and data. We can think of it as a digital version of the traditional handwritten signature method, and is more complex and secure than signatures.
In short, we can understand a digital signature as a code attached to a message or document. Once a digital signature is generated, it serves as proof that the message has not been tampered with during its journey from sender to receiver.
While the concept of using cryptography to protect the confidentiality of communications dates back to ancient times, digital signature schemes only became a reality in the 1970s with the development of public key cryptography (PKC). So, to understand how digital signatures work, we first need to understand the basics of hash functions and public key cryptography.
Hash is one of the core elements in digital signatures. The operation process of hash value refers to converting data of any length into a fixed length. thisThis is achieved through a special operation called a hash function. The value generated by the hash function is called a hash value or message digest.
When a hash value is combined with a cryptographic algorithm, a cryptographic hash function is used to generate a hash value (digest) that serves as a unique digital fingerprint. This means that any change to the input data (message) will result in a completely different output value (hash value). This is why cryptographic hash functions are widely used to verify the authenticity of numbers and data.
Public key cryptography or PKC refers to an encryption system that uses a pair of keys: a public key and a private key. The two keys are mathematically related and can be used for data encryption and digital signatures.
As an encryption tool, PKC has higher security than symmetric encryption. Symmetric encryption systems rely on the same key to encrypt and decrypt information, but PKC uses a public key for data encryption and a corresponding private key for data decryption.
In addition, PKC can also be applied to generate digital signatures. Essentially, the process involves the sender encrypting the hash of the message (data) using its own private key. Next, the recipient of the message can check whether the digital signature is valid using the public key provided by the signer.
In some cases, the digital signature itself may include an encryption process, but this is not always the case. For example, the Bitcoin blockchain uses PKC and digital signatures, and unlike most people believe, there is no encryption in the process. Technically speaking, Bitcoin in turn deploys the so-called Elliptic Curve Digital Signature Algorithm (ECDSA) to verify transactions.
In the context of cryptocurrency, digital signature systems typically consist of three basic processes: hashing, signing, and verification.
The first step is to hash the message or data. This is done by operating on the data using a hashing algorithm to generate a hash value (i.e. message digest). As mentioned above, messages can vary greatly in length, but when messages are hashed, their hash values are all the same length. This is the most basic property of hash functions.
However, merely hashing the message is not a requirement for generating a digital signature, since messages that have not been hashed can also be encrypted using the private key. But for cryptocurrency, messages need to be processed by a hash function, because processing fixed-length hash values helps cryptocurrency programs run.
After the message has been hashed, the sender of the message needs to sign their message. Public key cryptography is used here. There are several types of digital signature algorithms, each with its own unique operating mechanism. Essentially, a hashed message (hash value) is signed using a private key, which can then be signed by the recipient of the message using the corresponding public key (provided by the signer) to check its validity.
In other words, if the private key is not used when generating a signature, the recipient of the message will not be able to use the corresponding public key to verify its validity. Both public and private keys are generated by the sender of the message, but only the public key is shared with the recipient.
It is important to note that digital signatures are associated with the content of each message. Therefore, unlike handwritten signatures, digital signatures are different for each message.
Let’s take an example to illustrate the entire process, from the beginning to the final step of verification. Let's assume that Alice sends a message to Bob, hashes the message to a hash value, and then combines the hash value with her private key to generate a digital signature. The digital signature will serve as the unique digital fingerprint of the message.
When Bob receives the message, he can use the public key provided by Alice to check the validity of the digital signature. This way, Bob can be sure that the signature was created by Alice, since only she has the private key corresponding to the public key (at least that's what we assumed).
Therefore, it is important for Alice to keep her private key safe. If another person gets Alice's private key, they can also create a digital signature and pretend to be Alice. In the context of Bitcoin, this means that someone has access to Alice's private keys and can transfer or use her Bitcoins without her knowledge.
Digital signatures are typically used to achieve three goals: data integrity, authentication, and non-repudiation.
Digital signatures can be applied to a variety of digital documents and certificates. Therefore, they have several applications. Some of the most common cases include:
The main challenges faced by digital signature schemes are mainly limited to the following three factors:
In short, digital signatures can be understood as A specific type of electronic signature that refers to the use of electronic means to sign documents and messages. Therefore, all digital signatures can be considered electronic signatures, but not vice versa.
The main difference between them is the authentication method. Digital signatures require the deployment of cryptographic systems such as hash functions, public key cryptography, and encryption techniques.
Hash functions and public key encryption are the core of digital signature systems and are now used in a variety of cases. When implemented properly, digital signatures can improve security, ensure integrity, and facilitate authentication of all types of data.
In the world of blockchain, digital signatures are used to sign and authorize cryptocurrency transactions. They are especially important for Bitcoin because digital signatures ensure that a token can only be used by someone with the corresponding private key.
While we have been using electronic and digital signatures for years, there is still a lot of room for growth. Today, most official documents are still based on paper materials, but as more systems migrate to digital, we will see more digital signature solutions.
D. How to interpret the digital signature of the blockchain
In the distributed network of the blockchain, communication between nodes and reaching trust require reliance on digital signature technology, which It mainly realizes identity confirmation and information authenticity and integrity verification.
Digital signature
Digital signature (also known as public key digital signature, electronic signature) is a kind of ordinary physical signature similar to written on paper, but uses public key encryption Technical implementation in the field, methods for identifying digital information. A set of digital signatures usually defines two complementary operations, one for signing and another for verification. It is a string of numbers that only the sender of the message can generate that cannot be forged by others. This string of numbers is also an effective proof of the authenticity of the message sent by the sender of the message. Simple proof that "I am who I am".
E. [In-depth knowledge] Illustration of the encryption principle of the blockchain (encryption, signature)
First, let’s put an architecture diagram of Ethereum:
In the learning process, we mainly use a single module to learn and understand, including P2P, cryptography, network, protocols, etc. Let’s start with the summary directly:
The problem of secret key distribution is also the problem of secret key transmission. If the secret key is symmetric, then the secret key can only be exchanged offline. If the secret key is transmitted online, it may be intercepted. Therefore, asymmetric encryption is used, with two keys, one private key is kept privately, and the other public key is made public. Public keys can be transmitted over the Internet. No offline transactions required. Ensure data security.
As shown in the figure above, node A sends data to node B, and public key encryption is used at this time. Node A obtains the public key of node B from its own public key, encrypts the plaintext data, and sends the ciphertext to node B. Node B uses its own private key to decrypt.
2. Unable to solve message tampering.
As shown in the figure above, node A uses B's public key to encrypt, and then transmits the ciphertext to node B. Node B uses the public key of node A to decrypt the ciphertext.
1. Since A’s public key is public, once an online hacker intercepts the message, the ciphertext will be useless. To put it bluntly, this encryption method can be decrypted as long as the message is intercepted.
2. There is also the problem of being unable to determine the source of the message and the problem of message tampering.
As shown in the figure above, before sending data, node A first encrypts it with B's public key to obtain ciphertext 1, and then uses A's private key to encrypt ciphertext 1 to obtain ciphertext 2. After node B obtains the ciphertext, it first decrypts it using A's public key to obtain ciphertext 1, and then decrypts it using B's private key to obtain the plaintext.
1. When data ciphertext 2 is intercepted on the network, since A's public key is public, you can use A's public key to decrypt ciphertext 2 and obtain ciphertext 1. So this seems to be double encryption, but in fact the private key signature of the last layer is invalid. Generally speaking, we all hope that the signature is signed on the most original data. If the signature is placed later, the signature lacks security since the public key is public.
2. There are performance issues. Asymmetric encryption itself is very inefficient, and two encryption processes are performed.
As shown in the figure above, node A is first encrypted with A's private key, and then encrypted with B's public key. After receiving the message, node B first uses B's private key to decrypt it, and then uses A's public key to decrypt it.
1. When ciphertext data 2 is intercepted by a hacker, since ciphertext 2 can only be decrypted using B’s private key, and B’s private key is only owned by node B, others cannot keep it secret. Therefore, the safety is the highest.
2. When node B decrypts and obtains ciphertext 1, it can only use A’s public key to decrypt it. Only data encrypted by A's private key can be successfully decrypted with A's public key. Only node A has A's private key, so it can be determined that the data was transmitted by node A.
After two asymmetric encryptions, the performance problem is serious.
Based on the above problem of data tampering, we introduced message authentication. The encryption process after message authentication is as follows:
Before node A sends a message, it first performs a hash calculation on the plaintext data. A digest is obtained, and then the illumination and original data are sent to Node B at the same time. When node B receives the message, it decrypts the message. Parse out the hash digest and original data, then perform the same hash calculation on the original data to obtain digest 1, and compare the digest and digest 1. If they are the same, they have not been tampered with; if they are different, they have been tampered with.
As long as ciphertext 2 is tampered with during the transmission process, the resulting hash will be different from hash1.
The signature problem cannot be solved, that is, both parties attack each other. A never acknowledges the message he sent. For example, A sends an error message to B, causing B to suffer losses. But A denied that he did not send it himself.
In the process of (3), there is no way to solve the mutual attack between the two interacting parties.hit. What does that mean? It may be that the message sent by A is not good for node A, and later A denies that the message was not sent by it.
In order to solve this problem, signatures were introduced. Here we combine the encryption method in (2)-4 with the message signature.
In the above figure, we use node A's private key to sign the summary information sent by it, then add the signature + original text, and then use B's public key to encrypt. After B obtains the ciphertext, he first uses B's private key to decrypt it, and then uses A's public key to decrypt the digest. Only the content of the two digests is compared to see if they are the same. This not only avoids the problem of anti-tampering, but also circumvents the problem of attacks from both sides. Because A signed the information, it cannot be repudiated.
In order to solve the performance problem when asymmetrically encrypting data, hybrid encryption is often used. Here we need to introduce symmetric encryption, as shown below:
When encrypting data, we use a symmetric secret key shared by both parties to encrypt. The symmetric secret key should not be transmitted on the network to avoid loss. The shared symmetric key here is calculated based on one's own private key and the other party's public key, and then the symmetric key is used to encrypt the data. When the other party receives the data, it also calculates the symmetric secret key and decrypts the ciphertext.
The above symmetric key is unsafe because A's private key and B's public key are generally fixed in the short term, so the shared symmetric key is also fixed. To enhance security, the best way is to generate a temporary shared symmetric key for each interaction. So how can we generate a random symmetric key during each interaction without transmitting it?
So how to generate a random shared secret key for encryption?
For the sender node A, a temporary asymmetric secret key pair is generated every time it is sent, and then a symmetric secret key can be calculated based on the public key of node B and the temporary asymmetric private key. (KA algorithm-Key Agreement). The symmetric secret key is then used to encrypt the data. The process here for the shared secret key is as follows:
For node B, when receiving the transmitted data, the random public key of node A is parsed. Then the symmetric secret key (KA algorithm) is calculated using the random public key of node A and the private key of node B itself. The data is then encrypted using a symmetric key.
In fact, there are still many problems with the above encryption methods, such as how to avoidReplay attacks (adding Nonce to the message), and problems such as rainbow tables (refer to the KDF mechanism to solve). Due to limited time and ability, I will ignore it for now.
So what kind of encryption should be used?
Mainly based on the security level of the data to be transmitted. Unimportant data can actually be authenticated and signed, but very important data needs to use an encryption scheme with a relatively high security level.
Cipher suite is a concept of network protocol. It mainly includes algorithms for identity authentication, encryption, message authentication (MAC), and secret key exchange.
During the entire network transmission process, algorithms are mainly divided into the following categories according to cipher suites:
Secret key exchange algorithms: such as ECDHE, RSA. Mainly used for authentication when the client and server handshake.
Message authentication algorithm: such as SHA1, SHA2, SHA3. Mainly used for message summarization.
Batch encryption algorithm: such as AES, mainly used to encrypt information flow.
Pseudo-random number algorithm: For example, the pseudo-random function of TLS 1.2 uses the hash function of the MAC algorithm to create a master key - a 48-byte private key shared by both parties in the connection. The master key serves as a source of entropy when creating session keys (such as creating a MAC).
In the network, a message transmission generally needs to be encrypted in the following four stages to ensure safe and reliable transmission of the message.
Handshake/network negotiation phase:
During the handshake phase between both parties, link negotiation is required. The main encryption algorithms include RSA, DH, ECDH, etc.
Identity authentication phase:
In the identity authentication phase, the source of the sent message needs to be determined. The main encryption methods used include RSA, DSA, ECDSA (ECC encryption, DSA signature), etc.
Message encryption stage:
Message encryption refers to encrypting the sent information flow. The main encryption methods used include DES, RC4, AES, etc.
Message identity authentication phase/anti-tampering phase:
Mainly to ensure that the message has not been tampered with during transmission. The main encryption methods include MD5, SHA1, SHA2, SHA3, etc.
ECC: Elliptic Curves Cryptography, elliptic curve cryptography. It is an algorithm that generates public and private keys based on point multiple products on ellipses. Used to generate public and private keys.
ECDSA: used for digital signatures and is a digital signature algorithm. A valid digital signature enablesThe receiver has reason to believe that the message was created by a known sender, so that the sender cannot deny that the message has been sent (authentication and non-repudiation), and that the message has not changed in transit. The ECDSA signature algorithm is a combination of ECC and DSA. The entire signature process is similar to DSA. The difference is that the algorithm used in the signature is ECC, and the final signed value is also divided into r and s. Mainly used in the identity authentication phase.
ECDH: It is also a Huffman tree secret key based on the ECC algorithm. Through ECDH, both parties can negotiate a shared secret without sharing any secrets, and this shared secret key is the current The communication is temporarily generated randomly, and the secret key disappears once the communication is interrupted. Mainly used in the handshake negotiation phase.
ECIES: is an integrated encryption scheme, also known as a hybrid encryption scheme, which provides semantic security against selected plaintext and selected ciphertext attacks. ECIES can use different types of functions: key agreement function (KA), key derivation function (KDF), symmetric encryption scheme (ENC), hash function (HASH), H-MAC function (MAC).
ECC is an elliptical encryption algorithm, which mainly describes how the public and private keys are generated on the ellipse, and is irreversible. ECDSA mainly uses the ECC algorithm to make signatures, while ECDH uses the ECC algorithm to generate symmetric keys. All three of the above are applications of the ECC encryption algorithm. In real-world scenarios, we often use hybrid encryption (a combination of symmetric encryption, asymmetric encryption, signature technology, etc.). ECIES is a set of integrated (hybrid) encryption solutions provided by the underlying ECC algorithm. This includes asymmetric encryption, symmetric encryption and signature functions.
<meta charset="utf-8">
This precondition is to ensure that the curve does not contain singular points .
Therefore, as the curve parameters a and b continue to change, the curve also shows different shapes. For example:
All the basic principles of asymmetric encryption are basically based on a formula K = k G. Among them, K represents the public key, k represents the private key, and G represents a selected base point. The asymmetric encryption algorithm is to ensureThis formula cannot be inverted (that is, G/K cannot be calculated). *
How does ECC calculate the public and private keys? Here I describe it according to my own understanding.
I understand that the core idea of ECC is to select a base point G on the curve, then randomly pick a point k on the ECC curve (as the private key), and then calculate our public key based on k G K. And ensure that the public key K is also on the curve. *
So how to calculate k G? How to calculate k G to ensure that the final result is irreversible? This is what the ECC algorithm is supposed to solve.
First, we randomly select an ECC curve, a = -3, b = 7 and get the following curve:
On this curve, I randomly select two points. How to calculate the multiplication of points? We can simplify the problem. Multiplication can be expressed by addition, such as 2 2 = 2+2, 3 5 = 5+5+5. Then as long as we can calculate addition on the curve, we can theoretically calculate multiplication. Therefore, as long as addition calculations can be performed on this curve, multiplication can theoretically be calculated, and the value of an expression such as k*G can theoretically be calculated.
How to calculate the addition of two points on the curve? Here, in order to ensure irreversibility, ECC has customized an addition system on the curve.
In reality, 1+1=2, 2+2=4, but in the ECC algorithm, the addition system we understand is impossible. Therefore, it is necessary to customize a set of addition systems suitable for this curve.
The definition of ECC is to randomly find a straight line in the graph and intersect the ECC curve at three points (or possibly two points). These three points are P, Q, and R respectively.
Then P+Q+R = 0. Among them, 0 is not the 0 point on the coordinate axis, but the infinity point in ECC. In other words, the infinity point is defined as point 0.
Similarly, we can get P+Q = -R. Since R and -R are symmetrical about the X-axis, we can find their coordinates on the curve.
P+R+Q = 0, so P+R = -Q, as shown in the figure above.
The above describes how addition operations are performed in the world of ECC curves.
As can be seen from the above figure, there are only two intersection points between a straight line and a curve, which means that the straight line is the tangent line of the curve. At this time, P and R coincide.
That is, P = R. According to the above-mentioned ECC addition system, P+R+Q = 0, it can be concluded that P+R+Q = 2P+Q = 2R+Q=0
So we get 2 P = -Q (is it getting closer to the formula K = k G of our asymmetric algorithm?).
So we come to the conclusion that multiplication can be calculated, but it can only be calculated at the tangent point, and it can only be calculated by 2.
If 2 can be turned into any number for multiplication, then it means that multiplication can be performed in the ECC curve, then the ECC algorithm can meet the requirements of an asymmetric encryption algorithm.
So can we calculate the multiplication of any random number? The answer is yes. That is the dot product calculation method.
Choose a random number k, then what is k * P equal to?
We know that in the computer world, everything is binary. Since ECC can calculate the multiplication of 2, we can describe the random number k as binary and then calculate it. Suppose k = 151 = 10010111
Since 2 P = -Q, so k P is calculated. This is the dot product algorithm. Therefore, multiplication can be calculated under the ECC curve system, so this asymmetric encryption method is feasible.
As for why this calculation is irreversible. This requires a lot of deduction, and I don't understand it either. But I think it can be understood this way:
Our watches usually have time scales. Now if we take 0:00:00 on January 1, 1990 as the starting point, and if we tell you that a full year has passed until the starting point, then we can calculate the current time, that is, we can calculate it on the watch. The hour, minute and second hands should point to 00:00:00. But conversely, I said that the hour, minute and second hands on the watch are now pointing to 00:00:00. Can you tell me how many years have passed since the starting point?
The ECDSA signature algorithm is basically similar to other DSA and RSA, both using private key signature and public key verification. It’s just that the algorithm system uses the ECC algorithm. Both parties interacting must adopt the same set of parameter systems. The signature principle is as follows:
Select an infinite point on the curve as the base point G = (x, y). Randomly pick a point k on the curve as the private key, and K = k*G to calculate the public key.
Signature process:
Generate random numbersR, calculate RG.
Based on the random number R, the HASH value H of the message M, and the private key k, calculate the signature S = (H+kx)/R.
Send messages M, RG, S to the receiver.
Signature verification process:
Receive message M, RG, S
Calculate the HASH value H according to the message
According to the sender For the public key K, calculate HG/S + xK/S, and compare the calculated result with RG. If equal, the verification is successful.
Formula inference:
HG/S + xK/S = HG/S + x(kG)/S = (H+xk)/GS = RG
< p> Before introducing the principle, explain that ECC satisfies the associative law and the commutative law, that is to say, A+B+C = A+C+B = (A+C)+B.Here is an example on WIKI to illustrate how to generate a shared secret key. You can also refer to the example of Alice And Bob.
For Alice and Bob to communicate, both parties must have public and private keys generated by ECC based on the same parameter system. So there is a common base point G for ECC.
Secret key generation stage:
Alice uses the public key algorithm KA = ka * G, generates the public key KA and the private key ka, and makes the public key KA public.
Bob uses the public key algorithm KB = kb * G, generates the public key KB and the private key kb, and makes the public key KB public.
Calculation ECDH stage:
Alice uses the calculation formula Q = ka * KB to calculate a secret key Q.
Bob uses the calculation formula Q' = kb * KA to calculate a secret key Q'.
Shared key verification:
Q = ka KB = ka * kb * G = ka * G * kb = KA * kb = kb * KA = Q'
Therefore, the shared secret keys calculated by both parties do not need to be disclosed before they can be encrypted using Q. We call Q the shared secret key.
In Ethereum, other contents of the ECIEC encryption suite used:
1. The HASH algorithm uses the most secure SHA3 algorithm Keccak.
2. The signature algorithm is ECDSA
3. The authentication method isIt is H-MAC
4. The ECC parameter system uses secp256k1, other parameter systems can be found here
The whole process of H-MAC is called Hash-based Message Authentication Code. Its model is as follows: < /p>
In Ethereum's UDP communication (RPC communication encryption methods are different), the above implementation method is adopted and expanded.
First of all, the structure of Ethereum's UDP communication is as follows:
Among them, sig is the signature information encrypted by the private key. mac can be understood as a summary of the entire message, ptype is the event type of the message, and data is the RLP-encoded transmission data.
The entire encryption, authentication, and signature model of UDP are as follows:
F. Intensive reading of blockchain papers - Pixel: Multi-signatures for Consensus
The paper mainly proposes a multi-signature algorithm Pixel for the consensus mechanism PoS.
All PoS-based blockchains as well as allowed blockchains have a common structure where nodes run a consensus sub-protocol to reach consensus on the next block to be added to the ledger. Such consensus protocols typically require nodes to check blocking proposals and express their agreement by digitally signing acceptable proposals. When a node sees enough signatures from other nodes on a specific block, it appends them to its view of the ledger.
Since consensus protocols typically involve thousands of nodes working together to reach consensus, the efficiency of the signature scheme is crucial. Furthermore, in order for outsiders to effectively verify the validity of the chain, signatures should be compact for transmission and should be verified quickly. Multisigs have been found to be particularly useful for this task because they enable many signers to create compact and efficient verifiable signatures on public messages.
Additional knowledge: Multi-signature
is a digital signature. In digital signature applications, multiple users are sometimes required to sign and certify the same file. For example, if a statement issued by a company involves the finance department, development department, sales department, after-sales service department and other departments, and needs to be signed and approved by these departments, then these departments need to sign the statement document. A digital signature scheme that enables multiple users to sign the same file is called a multi-digital signature scheme.
Multi-signature is an upgrade of digital signature, which allowsIt is possible for blockchain-related technologies to be applied to all walks of life. In actual operation, a multi-signature address can be associated with n private keys. When operations such as transfers are required, funds can be transferred as long as m private keys are signed, where m must be less than or equal to n, that is to say m/n is less than 1, it can be 2/3, 3/5, etc., which must be determined when establishing this multi-signature address.
This article proposes the Pixel signature scheme, a pairing-based forward secure multi-signature scheme that can be used in PoS-based blockchains and can significantly save bandwidth and storage requirements. To support a total of T time periods and a committee of size N, multisig contains only two group elements, and verification requires only three pairings, one exponentiation and N -1 multiplications. Pixel signatures are almost as effective as BLS multi-signatures and also satisfy forward security. Additionally, just like in BLS multi-signatures, anyone can non-interactively aggregate individual signatures into a multi-signature.
Benefit:
To validate Pixel's design, the performance of Pixel's Rust implementation was compared with previous tree-based forward security solutions. Shows how to integrate Pixel into any PoS blockchain. Next, Pixel is evaluated on the Algorand blockchain, showing that it yields significant savings in storage, bandwidth, and block verification time. Our experimental results show that Pixel is effective as a stand-alone primitive and used in blockchains. For example, compared to a set of N = 1500 tree-based forward security signatures (for T = 232) with a 128-bit security level, a single Pixel signature that can authenticate the entire set is 2667 times smaller and can be verified 40 times faster . Pixel signing reduces the size of Algorand blocks of 1500 transactions by approximately 35% and reduces block verification time by approximately 38%.
The biggest difference compared to the traditional BLS multi-signature scheme is that BLS does not have forward security.
Compared with the tree-based forward security signature, the tree-based forward security signature can meet the security requirements, but the signature it constructs is too large and the verification speed needs to be improved. The design of this article reduces the signature size and verification time.
Supplementary knowledge: Forward security
is a security property of communication protocols in cryptography, which means that the leakage of a long-term master key will not lead to the leakage of past session keys. Forward security protects past communications from future exposure of passwords or keys. If a system has forward security, historical communications can be kept safe if the master key is compromised, even if the system is under active attack.
Build forward-secure signatures with Hierarchical Identity Based Encryption (HIBE) and add the ability to securely aggregate signatures on the same message and generate public parameters without a trusted set. byImplementation:
1. Generate and update keys
2. Security against malicious key attacks
3. Invalid trust settings
For common post-attacks there are Two variants:
1. Short-range variant: The adversary attempts to undermine committee members before a consensus agreement is reached. Resolution: Address short-range attacks by assuming the attack latency is longer than the running time of the consensus subprotocol.
2. Remote variant: solved by fork selection rules.
Forward secure signatures provide a clean solution to both attacks without the need for fork-choice rules or other assumptions about adversaries and clients. (Explain the advantages of forward secure signatures).
Permissioned blockchain consensus protocols (such as PBFT) are also at the core of many permissioned chains (such as Hyperledger), where only approved parties can join the network. Our signature scheme can be similarly applied to this setting to achieve forward secrecy, reduce communication bandwidth and generate compact block certificates.
In the traditional Bellare-Miner model, the forward security signature scheme FS of the message space M consists of the following algorithms:
1. Setup
pp ←Setup(T), pp is the parties Common parameters that are agreed upon by all, Setup(T) represents the distribution setting of fixed parameters within the T time period.
2. Key generation
(pk,sk1) ←Kg
The signer runs the key generation algorithm on the input maximum time period T to generate a public verification for the first time period Key pk and initial secret signing key sk1.
3. Key update
skt+1←Upd(skt) The signer uses the key update algorithm to update the secret key skt of time period t to skt + 1 of the next period. This scheme can also provide a "fast-forward" update algorithm skt0←$Upd0(skt,t0) for any t0 > t, which is more efficient than repeatedly applying Upd.
4. Signing
σ ←Sign(skt,M), when inputting the current signature key skt message m∈M, the signer uses this algorithm to calculate the signature σ.
5. Verification
b ← Vf(pk,t,M,σ) Anyone can verify the message M within the time period t under the public key pk by running the verification algorithm The signature of signature M. This algorithm returns 1 indicating that the signature is valid, otherwise it returns 0.
1. Rely on asymmetric bilinear groups to improve efficiency. Our signature is located in G2×G1 instead of G2^2. This way, it is enough to give public parameters into G1 (which we can then use hash curve instantiation without trust setup) without having to generate "consistent" public parameters (hi, h0 i) = (gxi 1, gxi 2) ∈G1×G2.
2. Key generation algorithm, public key pk is smaller, and parameter settings improve security.
In addition to the algorithm of the forward secure signature scheme in Section 3, the forward secure multi-signature scheme FMS in the key verification model also has a key generation that additionally outputs the public key Proof of π.
Added Key aggregation, Signature aggregation, and Aggregate verification. It also proves its correctness and security on the premise of meeting the multi-signature function of forward security.
1. PoS is protected from subsequent damage
Subsequent damage: Post-verified nodes attack and destroy the previous consensus verification state.
In situations where many users propagate many signatures (such as transaction blocks) on the same message, Pixel can be applied to all of these blockchains to protect against follow-on attacks and potentially reduce bandwidth, storage and computation cost.
2. Pixel integration
In order to vote on block B, each member of the sub-protocol signs B using a Pixel with the current block number. Consensus is reached when we see the set of N committee members signing on the same block B, where N is some fixed threshold. Finally, we aggregate these N signatures into a single multi-signature Σ, and the pair (B, Σ) forms a so-called block certificate and append block B to the blockchain.
3. Register a public key
Every user who wants to participate in the consensus needs to register a participating signing key. Users first sample Pixel key pairs and generate corresponding PoPs. The user then issues a special transaction (signed under her consumption key), registering a new participation key. Transactions include PoP. Select the PoS validator that reached agreement in round r to check (a) the validity of the special transaction and (b) the validity of the PoP. If both checks pass, the user's account is updated with the new participation key. From this point, if checked, the user will use the Pixel login block.
That is, constantly changing its own participation key to achieve forward security.
4. Propagation and aggregation of signatures
The signatures of each committee will be propagated through the network until the signatures of N committee members are seen on the same block B. Note that Pixel supports non-interactive and incremental aggregation: the former means that signatures can be aggregated by either party after broadcast, without being linked to the original signatureThe latter means that we can add new signatures to the multi-signature to obtain a new multi-signature. In practice, this means that the propagating node can perform intermediate aggregation on any number of committee signatures and propagate the results until a block certificate is formed. Alternatively, nodes can aggregate all signatures before writing the block to disk. That is, after receiving enough block certification votes, a node can aggregate the signatures of N committee members into a multi-signature and then write the block and certificate to disk.
5. Key update
When using Pixel in the blockchain, time corresponds to the block number or sub-step in the consensus protocol. When relating time to the block number, it means that all eligible committee members should update their pixel keys every time a new block is formed and the round number is updated.
Conduct an experimental evaluation on the Algorand project, and compare it with the Algorand project's own solution to prevent post-corruption attacks, BM-Ed25519, and the BLS multi-signature solution.
Storage space:
Bandwidth saving:
Algorand uses a relay-based propagation model, where the user’s nodes are connected to the relay network (nodes with more resources ). Without aggregation during propagation, the bandwidth pixel savings for relays and regular nodes come from smaller signature sizes. Each relay can serve dozens or hundreds of nodes, depending on the resources it provides.
Save verification time
G. What is a digital signature algorithm?
The algorithm of a digital signature is based on a certain calculation method, combined with files or other elements, to calculate a A fixed value that ensures that the file has not been tampered with.
H. Principles of digital signatures
The integrity of digitally signed documents is easy to verify (no stamping, signature, or handwriting expert required), and digital The signature is non-repudiable (no handwriting expert is required to verify it).
Simply put, the so-called digital signature is some data attached to the data unit, or a cryptographic transformation of the data unit. This data or transformation allows the recipient of the data unit to confirm the origin of the data unit and the integrity of the data unit and protect the data from forgery by someone (such as the recipient). It is a method of signing messages in electronic form. A signed message can be transmitted in a communication network. Digital signatures can be obtained based on both public key cryptography and private key cryptography, mainly based on public key cryptography.Code system digital signature. Including ordinary digital signatures and special digital signatures. Common digital signature algorithms include RSA, ElGamal, Fiat-Shamir, Guillou-Quisquarter, Schnorr, Ong-Schnorr-Shamir digital signature algorithm, Des/DSA, elliptic curve digital signature algorithm and finite automaton digital signature algorithm, etc. Special digital signatures include blind signatures, proxy signatures, group signatures, non-repudiation signatures, fair blind signatures, threshold signatures, signatures with message recovery functions, etc., which are closely related to specific application environments. Obviously, the application of digital signatures involves legal issues. The US federal government has formulated its own Digital Signature Standard (DSS) based on the discrete logarithm problem in finite fields.
