Electronic authentication system and method of supporting multi-signature

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to and the benefit of Korean Patent Application No. 10-2021-0113306 filed in the Korean Intellectual Property Office on Aug. 26, 2021, the entire contents of which are incorporated herein by reference.

TECHNICAL FIELD

The present invention relates to an electronic authentication system and method supporting multi-signature, and more particularly, to an electronic authentication system and method supporting multi-signature for improving multi-signature verification performance while enhancing security for personal information of users participating in multi-signature.

BACKGROUND ART

In general, multi-signature refers to an electronic signature method in which a plurality of parties performs a signature on one signature target. This multi-signature has higher security than a single-signature method in which a single party performs a signature on a single signature target, but has problems in increasing signature verification time and the amount of data storage.

That is, as disclosed in Korean Patent Nos. 10-1575030 and 10-1849908, since in the existing technology, multi-signature is performed through multiple user terminals, there is a problem in that a lot of time is required for the signature verification performed through the respective user terminals and the amount of data to be stored for signature verification is large.

SUMMARY OF THE INVENTION

The present invention has been made in an effort to provide an electronic authentication system and method for improving multi-signature verification performance and data storage efficiency while enhancing the security of personal information of users participating in multi-signature.

An exemplary embodiment of the present invention provides an electronic authentication method of a server supporting multi-signature, the electronic authentication method including: operation Aa of designating, by the server, a user group including a plurality of users to participate in multi-signature; operation Ab of further including, by the server, a virtual user in the user group according to a predetermined policy or a request of one or two or more users of the plurality of users; operation Ac of generating, by the server, a communication channel for communication with the user group; operation Ad of receiving, by the server, a public key for each user of the user group through the communication channel, and sharing the received public key with the user or virtual user of the user group; and operation Ae of sharing, by the server, a local signature generated by the user of the user group through the communication channel, in which the user of the user group performs multi-signature by using the local signature and a private key for the multi-signature, and generates multi-signer authentication information capable of authenticating validity of the performed multi-signature, and the user or the virtual user of the user group authenticates the validity of the performed multi-signature by using a public key for each user of the user group, a predetermined hash function, and the multi-signer authentication information.

According to the exemplary embodiment, the multi-signer authentication information may be stored as a Bloom filter.

According to the exemplary embodiment, the authentication of the multi-signer authentication information may be performed by requesting, by the user performing the multi-signature, the authentication from the virtual user.

According to the exemplary embodiment, the local signature shared in operation Ae may be a local signature encoded using a time stamp assigned to the user group and a private key fragment included in the private key for the multi-signature of the user performing the multi-signature.

According to the exemplary embodiment, when the multi-signature of the plurality of users is not completed within a predetermined time limit, the virtual user may stop the progress of the corresponding multi-signature.

According to the exemplary embodiment, the virtual user may update and store the multi-signer authentication information or store new multi-signer authentication information by using the public key of the user who has performed the multi-signature within the time limit, a public key of a user who has not performed the multi-signature within the time limit, and the hash function.

Another exemplary embodiment of the present invention provides an electronic authentication method of an electronic terminal supporting multi-signature, the electronic authentication method including: operation Ba of sharing, by the electronic terminal, a public key for each user of a user group including a plurality of users to participate in multi-signature; operation Bb of authenticating, by the electronic terminal, multi-signer authentication information for authenticating validity of the multi-signature by using the shared public key; operation Bc of performing, by the electronic terminal, the multi-signature using a private key for multi-signature, and sharing a local signature generated for the multi-signature; and operation Bd of updating and storing, by the electronic terminal, the multi-signer authentication information or storing new multi-signer authentication information by using the shared public key and a predetermined hash function, in which when a virtual user is included in the user group according to a predetermined policy for the user group or a request from one or two or more users included in the user group, the user or the virtual user of the user group authenticates validity of the multi-signature by using the public key for each user of the user group, the hash function, and the multi-signer authentication information.

According to the exemplary embodiment, the multi-signer authentication information stored in operation Bd may be stored as a Bloom filter.

According to the exemplary embodiment, operation Bc may include, in order to perform the multi-signature, generating a single signature by using a Threshold Elliptic Curve Digital Signature Algorithm (T-ECDSA) method by using a local signature shared by other electronic terminals of the user group and the private key for the multi-signature.

According to the exemplary embodiment, operation Bc may include encoding the local signature by using a time stamp assigned to the user group and a private key fragment included in the private key for the multi-signature before sharing the local signature.

According to the exemplary embodiment, operation Bb may include requesting, by the electronic terminal, the authentication from the virtual user and performing the authentication.

The exemplary embodiments according to the present invention may be implemented by using a computer program recorded in a recording medium as a computer program for executing the above-described operation or method through a computer system.

According to the present invention, the security and reliability of multi-signature may be strengthened by performing authentication for multi-signature while storing and managing multi-signer authentication information for authenticating the validity of multi-signature by a trusted virtual user.

In addition, it is possible to prevent personal information leakage and improve multi-signature verification performance and data storage efficiency at the same time by storing and managing multi-signer authentication information by using the Bloom filter having a small data size without storing actual data instead of the user's public key or address.

In addition, it is possible to further improve the multi-signature verification performance by reconstructing the local signatures generated by the multi-signer through the T-ECDSA and finally generating a single signature.

In addition, it is possible to systematically managing the signer by generating information on whether users participating in the multi-signature perform multi-signature when the multi-signature is completed, as well as when the multi-signature procedure is stopped.

In addition, it is possible to apply block chain protocols, such as Bitcoin and Ethereum, or ECDSA without modification, thereby making it easy to build a multi-signature system and reduce the cost of building the system.

Furthermore, those of ordinary skill in the art to which the present invention pertains will clearly understand from the following description that various embodiments according to the present invention can solve various technical problems not mentioned above.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating an electronic authentication system according to an exemplary embodiment of the present invention.

FIG. 2 is a diagram illustrating an authentication terminal of the electronic authentication system according to the exemplary embodiment of the present invention.

FIG. 3 is a diagram illustrating an authentication management server of the electronic authentication system according to the exemplary embodiment of the present invention.

FIG. 4 is a diagram illustrating a virtual user server of the electronic authentication system according to the exemplary embodiment of the present invention.

FIG. 5 is a diagram illustrating an example of a Bloom filter for storing multi-signer authentication information.

FIG. 6 is a flowchart illustrating a multi-signature process of an electronic authentication method according to an exemplary embodiment of the present invention.

FIG. 7 is a flowchart illustrating a multi-signature authentication process of the electronic authentication method according to the exemplary embodiment of the present invention.

DETAILED DESCRIPTION

Hereinafter, exemplary embodiments according to the present invention will be described in detail with reference to the accompanying drawings in order to clarify solutions corresponding to the technical problems of the present invention. However, in the description of the present invention, if the description of the related known technology rather obscures the gist of the present invention, the description thereof may be omitted. In addition, the terms used in this specification are terms defined in consideration of functions in the present invention, and the terms may vary according to the intentions or customs of designers, manufacturers, and the like. Therefore, definitions of terms to be described below should be made based on the content throughout this specification.

FIG. 1 is a diagram illustrating an electronic authentication system 10 according to an exemplary embodiment of the present invention.

As illustrated in FIG. 1, the electronic authentication system 10 according to the exemplary embodiment of the present invention may include a plurality of authentication terminals 100, an authentication management server 200, and a virtual user server 300.

The authentication terminal 100 is a communication terminal used by a user participating in multi-signature, and may be configured to support generation and management of a private key and a public key of a corresponding user, and to perform an electronic signature. The authentication terminal 100 may be configured as a mobile terminal, such as a smart phone, a tablet PC, a laptop computer, a notebook computer, or the like, or may be configured as a fixed terminal, such as a desktop PC.

The authentication management server 200 is a server that manages a multi-signature procedure and a multi-signature authentication procedure, and may be configured to support exchange of information of each authentication terminal 100, such as a public key and an encoding key, local reconstruction of user signatures, and signature validity verification.

The virtual user server 300 may be configured to participate in a multi-signature procedure and an authentication procedure as a virtual user to be delegated the authority of users who are to actually perform multi-signature. That is, the virtual user server 300 may be configured to authenticate the validity of multi-signature on behalf of real users or to stop the multi-signature procedure according to specific conditions. To this end, the virtual user server 300 may operate as a kind of terminal with respect to the authentication management server 200. The virtual user server 300 may be operated by a public trustworthy institution or company.

FIG. 2 is a diagram illustrating an authentication terminal 100 of the electronic authentication system according to the exemplary embodiment of the present invention.

As illustrated in FIG. 2, the authentication terminal 100 may be configured to support private key/public key management and to perform multiple signatures on a signature target, such as a transaction. To this end, the authentication terminal 100 may include a key generation module 110, an encryption module 120, a transaction generation module 130, a signing module 140, a communication module 150, a verification module 160, and the like.

The key generation module 110 may be configured to generate a private key and a public key of a user who uses the corresponding authentication terminal 100. In addition, the key generation module 110 may be configured to generate a common public key by recombining of public keys of all users participating in the multi-signature. As will be described again below, the key generation module 110 may be configured to further generate a private key for multi-signature, an encoding key, a decoding key, and the like in addition to the private key of the user.

The encryption module 120 may be configured to encode the corresponding information or to decode the encoded information so that the specific information is not exposed according to the progress of the multi-signature procedure and the authentication procedure.

The transaction generation module 130 may be configured to generate a transaction of a block chain, such as Bitcoin or Ethereum. As will be described again below, the transaction generation module 130 may be configured to store a Bloom-filter for authenticating the validity of the multi-signature in a transaction.

The signing module 140 is configured to generate a user's local signature for multi-signature and to generate a single signature by reconstructing local signatures for each user of a user group to participate in the multi-signature, to perform multi-signature on a signature target. In this case, the signing module 140 may be configured to generate a single signature by reconstructing local signatures for each user through Threshold Elliptic Curve Digital Signature Algorithm (T-ECDSA).

The communication module 150 may be configured to perform data communication with the authentication management server 200, other authentication terminals, or the virtual user server 300 through a communication channel provided by the authentication management server 200, and transmit and receives data or information.

The verification module 160 may be configured to verify whether the information of the authentication terminal 100 is forged. When the corresponding information is forged, the verification module 160 is configured to stop the multi-signature process. That is, the verification module 160 may be configured to generate and store multi-signer authentication information by using the Bloom filter, which will be described below, and to authenticate the validity of the multi-signature through the stored multi-signer authentication information.

As will be described again below, the multi-signer authentication information may include a plurality of hash values calculated by inputting the public key of the user who has performed the multi-signature into each of a plurality of different hash functions, or a bit string value of a binary number generated by mapping each of the plurality of calculated hash values with a specific bit in a predetermined bit string and setting the value of the mapped bit to 1 and setting the value of the unmapped bit to 0. The multi-signer authentication information may be generated and stored by the Bloom-filter which calculates a plurality of hash values by inputting the public key of the user who has performed the multi-signature into a plurality of different hash functions, and sets a bit value of a position corresponding to each of the plurality of hash values among bits of a predetermined bit string to a value of 1. The verification module 160 may be configured to authenticate the validity of the multi-signature or the validity of the multi-signer authentication information through the Bloom-filter.

According to the exemplary embodiment, the verification module 160 may also be configured to request the virtual user to authenticate the validity of the multi-signature or multi-signer authentication information, and to perform the corresponding authentication through the virtual user.

FIG. 3 is a diagram illustrating the authentication management server 200 of the electronic authentication system according to the exemplary embodiment of the present invention.

As illustrated in FIG. 3, the authentication management server 200 may be configured to support exchange of information, such as the public key and the encoding key, of each authentication terminal 100, local reconstruction of a user's signature, signature validity verification, and the like. To this end, the authentication management server 200 may include a policy storage module 210, a user group designation module 220, a channel generation module 230, a channel connection module 240, an information storage module 250, and an information providing module. 260.

The policy storage module 210 may be configured to store and manage various policies, such as a multi-signature policy, a policy related to authentication required for a multi-signature procedure, a multi-signature time limit, and the number of multi-signers required for each signature target, applied to the electronic authentication system 10.

The user group designation module 220 may be configured to designate a user group including a plurality of users to participate in multi-signature according to a type of a signature target or the policy stored in the policy storage module 210. In addition, the user group designation module 220 may be configured to further include a virtual user in the user group according to a predetermined policy or a request of one or two or more of the plurality of users. As described above, the virtual user may be configured to have an authentication authority in the multi-signature procedure and an authority to stop the multi-signature process according to circumstances.

The channel generation module 230 may be configured to generate a communication channel for communication between authentication terminals or between the authentication terminals and the virtual user server 300 serving as a virtual user. As a result, the authentication terminals and the virtual user server 300 may perform a pre-processing operation for safe information exchange, such as exchanging the encoding keys with each other, through the communication channel before performing the multi-signature.

The channel connection module 240 connects the authentication terminals and the virtual user server 300 to the generated communication channel to make it possible to exchange information or share information between the authentication terminals or between the authentication terminals and the virtual user server 300. For example, authentication terminals may generate a common public key of a multi-signature wallet through the communication channel. In this case, the common public key may be used as a representative address of the multi-signature wallet. These addresses may be used to send and receive digital assets on the blockchain network.

Meanwhile, the information storage module 250 may be configured to store information generated by each authentication terminal 100 or the virtual user server 300 in the authentication management server 200. All information stored in the authentication management server 200 may be encrypted to protect the corresponding information from a malicious server manager.

The information providing module 260 may be configured to transmit user information stored in the information storage module 250 to the authentication terminals or the virtual user server 300. For example, the information storage module 250 may store and manage the public keys or the encoding keys of the user, and the like. In this case, each authentication terminal 100 may request a public key or encoding key of a specific user from the information providing module 260, and the information providing module 260 may receive the requested key from the information storage module 250 and provide the received key to the corresponding authentication terminal 100.

For reference, the encoding key may be used to encrypt information required for the multi-signature for high security. In order to verify that the corresponding encoding key is correct, zero-knowledge proof that is a method capable of verifying data without revealing the data may be used. When the proof is not valid, the key generation process or the signing process may be stopped.

FIG. 4 is a diagram illustrating the virtual user server 300 of the electronic authentication system according to the exemplary embodiment of the present invention.

As illustrated in FIG. 4, the virtual user server 300 may be configured to support authentication of validity of the multi-signature, stop of multi-signature procedures, and the like. To this end, the virtual user server 300 may include a communication module 310, an authentication information storage module 320, a multi-signature authentication module 330, and a signature procedure management module 340.

The communication module 310 may be configured to perform data communication with the authentication management server 200 or the authentication terminals through the communication channel provided by the authentication management server 200, and to transmit and receive data or information.

The authentication information storage module 320 may be configured to store the public keys of the users transmitted from the authentication terminals, the Bloom-filter that stores the multi-signer authentication information, the hash function set used in the Bloom filter, and the signature time limit information specified by the authentication management server 200.

The multi-signature authentication module 330 may be configured to generate and store multi-signer authentication information for authenticating the validity of the multi-signature when a user who has performed multi-signature occurs, compare the value of the multi-signer authentication information with a value generated by using the public key shared in the user group and the predetermined hash function, and authenticate the validity of the multi-signer authentication information or the validity of the corresponding multi-signature. The multi-signer authentication information may be generated and stored by using the Bloom filter.

As described above, the multi-signer authentication information may include a plurality of hash values calculated by inputting the public key of the user who has performed the multi-signature into each of a plurality of different hash functions, or a bit string value of a binary number generated by mapping each of the plurality of calculated hash values with a specific bit in a predetermined bit string and setting the value of the mapped bit to 1 and setting the value of the unmapped bit to 0. The multi-signer authentication information may be generated and stored by the Bloom-filter which calculates a plurality of hash values by inputting the public key of the user who has performed the multi-signature into a plurality of different hash functions, and sets a bit value of a position corresponding to each of the plurality of hash values among bits of a predetermined bit string to a value of 1.

The multi-signature authentication module 330 may be configured to authenticate the validity of the multi-signature or the validity of the multi-signer authentication information through the Bloom-filter.

In addition, when the multi-signature procedure is stopped due to the occurrence of a specific event, the multi-signature authentication module 330 may update and store the multi-signer authentication information by using the public key of the user who has performed the multi-signature before stopping the multi-signature procedure, a public key of a user who has not performed the multi-signature, and the predetermined hash function, or generate and store new multi-signer authentication information.

The signature procedure management module 340 may be configured to monitor the progress of the multi-signature procedure, and to stop the corresponding multi-signature procedure when the authentication of the validity of multi-signature or the authentication of the validity of the multi-signer authentication information fails, or when the multi-signature procedure is not completed within a predetermined time limit.

FIG. 5 is a diagram illustrating an example of the Bloom filter for storing the multi-signer authentication information.

As illustrated in FIG. 5, in order to authenticate the validity of the multi-signature or to authenticate the validity of the multi-signer authentication information, the verification module 160 of the authentication terminal 100 or the multi-signature authentication module 330 of the virtual user server 300 may generate and store multi-signer authentication information by using the Bloom filter.

The Bloom filter corresponds to a space-efficient probabilistic data structure and may be used to check whether a specific element is a member of a set. The Bloom filter is composed of a bit string structure of m bit size, and may use k different hash functions. The size of the Bloom filter may be determined by using Equation 1 with an m-bit size bit string and k hash functions.

m=ceil((N*log(P))/log(1/pow(2, log(2))))
k=round((m/N)*log(2))| [Equation 1]

In Equation 1, m is the number of bits of the Bloom filter, k is the number of hash functions used in the Bloom filter, N is the maximum number of items added to the filter, and P is the probability of false-positive.

The Bloom filter includes two processes. First, an element is added to the filter and whether the corresponding element is included in the set is validated. In order to add the element, the Bloom filter obtains k array positions by using k hash functions.

Next, the Bloom filter sets the bit values of all the positions to 1 in an array of m bit size. In order to check whether the element is in the set, the Bloom filter obtains k array positions by using each of the k hash functions. If the bit at the corresponding position is 0, this means that the element is definitely not in the set. On the other hand, when the bit at the corresponding position is 1, this means that the element is probably in the set.

In the present invention, the Bloom filter is used to authenticate the validity of the multi-signature. By storing the Bloom filter on the blockchain instead of the information (public key or address) of the user, it is possible to provide higher reliability and reduce the transaction size.

By applying the determined number of participants and the false positive probability to Equation 1, it is possible to calculate the bit size of the Bloom filter and the number of hash functions used to generate the Bloom filter.

If the probabilistically safe state is set to 2⁻²⁰and the maximum number of participants in the transaction is set to 10, the Bloom filter has a size from 29 bits that is the optimal number of Bloom filters up to a maximum of 289 bits and 20 hash functions.

As illustrated in FIG. 5, when each authentication terminal calculates the bit size by the number of users (that is, 2), the size of the Bloom filter is 58 bits. Next, each authentication terminal calculates its 20 hash values (H1 to H20) with each user's public key (that is, A_pub and B_pub) and sets a value of a bit corresponding to each hash value to 1 (500). Each authentication terminal may exchange and verify the generated Bloom filter by using a commitment scheme.

For example, in order to check whether user A has performed multi-signature, all authentication terminals calculate each of 20 hash values (H1 to H20) with the public key of user

A shared in advance. Then, the value of the bit corresponding to each hash value is checked (510). If all of the checked values are 1, this indicates that user A has performed the multi-signature. This process may be performed in the same way for user B. After authenticating that all users (users A and B) have participated in the multi-signature process through the Bloom filter, the authentication terminal may store the Bloom filter. When the verification of the validity fails, the multi-signature process may be stopped.

Meanwhile, although it is illustrated in FIG. 5 that the Bloom filter includes one bit string, but according to the exemplary embodiment, the Bloom filter may include a plurality of bit strings corresponding to the number of users to participate in multi-signature. In this case, each bit string may be configured to store multi-signer authentication information about any one of the users to participate in the multi-signature.

In this way, the authentication terminals may perform the multi-signature process after generating the Bloom filter. In the present invention, in order to ensure high security, a signature authority may be distributed by using Threshold Elliptic Curve Digital Signature Algorithm (T-ECDSA). The T-ECDSA uses Multi-party Computation (MPC). This is a method of generating a single signature by distributing the authority to multiple authentication terminals. In this process, each authentication terminal may generate random numbers and local signatures in order to distribute the authority and hide information.

FIG. 6 is a flowchart illustrating a multi-signature process of an electronic authentication method according to an exemplary embodiment of the present invention. Detailed operations of the above-described electronic authentication system 10 will be described in time series with reference to FIG. 6.

As illustrated in FIG. 6, when a user group including a plurality of users to participate in a multi-signature procedure is designated by the authentication management server 200, the authentication terminal 100 of the user included in the user group may generate a private key and a public key of the corresponding user (S610).

In this case, the authentication management server 200 may further include a virtual user in the user group according to a predetermined policy or a request of one or two or more of the plurality of users. Also, the authentication management server 200 may allocate a time stamp to the user group and transmit the allocated time stamp to each authentication terminal.

Then, the authentication terminal 100 of each of the plurality of users may generate a plurality of private key fragments by dividing the private key of the corresponding user into the number corresponding to the plurality of users (S620).

Then, each authentication terminal 100 may generate an encoding key and a decoding key of the corresponding user by using one private key fragment among the plurality of private key fragments and a time stamp allocated by the authentication management server 200 (S630).

Next, each authentication terminal 100 may share the public key and the encoding key with other authentication terminals (S640). In this case, each authentication terminal 100 may distribute the public key and the encoding key of the corresponding user to other authentication terminals through the authentication management server 200.

Then, each authentication terminal 100 may retain one of the plurality of private key fragments, and encode each of the rest private key fragments with the encoding keys of other users to distribute the encoded private key fragment to the other corresponding user (S650). For example, the authentication terminal of user A encodes the private key fragment of user A with the encoding key of user B and transmits the encoded private key fragment to user B through the authentication management server 200, but may encode another private key fragment of user A with the encoding key of user C and transmit the encoded private key fragment to user C through the authentication management server 200.

Then, each authentication terminal 100 may receive the other user's private key fragments encrypted with the encoding key of the corresponding user (S660). For example, user A may receive a user B's private key fragment and a user C's private key fragment each encoded with the user A's encoding key. In this case, user A may decode the received private key fragments with his/her own decoding key that is being stored.

Then, each authentication terminal 100 may generate a private key for multi-signature by combining the user-specific private key fragments (S670).

Then, each authentication terminal 100 may generate a local signature by using the multi-signature private key, and share the generated local signature with other authentication terminals through the authentication management server 200 (S680).

Then, each authentication terminal 100 may generate a single signature by reconstructing the shared user-specific local signatures through the Threshold Elliptic Curve Digital Signature Algorithm (T-ECDSA) (S690).

In this case, each authentication terminal 100 may encode the generated local signature with an encoding key generated with the time stamp and the one private key fragment, and share the encoded local signature.

Meanwhile, t of T-ECDSA is defined as a threshold value at which t+1 users complete multi-signature. In T-ECDSA, t+1 multi-user local signature is performed, and a single signature is generated by using local signatures that are encoded and shared for each user. For the generated single signature, the validity of the signature may be validated with the common public key. ECDSA, which is the basis of T-ECDSA, may be expressed as in Equation 2.

Pxy=k·G,r=Pxmodn
s=k−1(z+rpk)modn [Equation 2]

In Equation 2, Pxy is a point on the elliptic curve, G is a generation point of the elliptic curve, Px is the x-coordinate of the point P, n is the degree of G, r is the signature (the remainder of dividing the value of Px by n), s is the signature value, k is a random number used to obtain the signature r, z is the hash value of the signature target, and Pk is the private key.

FIG. 7 is a flowchart illustrating a multi-signature authentication process of the electronic authentication method according to the exemplary embodiment of the present invention. Detailed operations of the above-described electronic authentication system 10 will be described in time series with reference to FIG. 7.

As illustrated in FIG. 7, the authentication management server 200 may store and manage various policies, such as a multi-signature authentication policy, a signature time limit, and the number of multiple signers required for a signature target in advance (S700).

Next, the authentication management server 200 may designate a user group including a plurality of users to participate in multi-signature (S710). In this case, the authentication management server 200 may further include a virtual user in the user group according to a predetermined policy or a request of one or two or more users among a plurality of users.

Then, the authentication management server 200 may generate a communication channel for communication with the user group (S712, S714).

Then, the authentication terminal 100 may generate a public key of the corresponding user (S720), and may share the public key with the remaining users or the virtual user included in the user group (S722, S724). In this case, the authentication management server 200 receives each user-specific public key from the authentication terminals of the user group through the communication channel and distributes the received public key to the entire user group or virtual user, thereby allowing the users or virtual users of the user group to share the corresponding public keys.

Then, when the authentication management server 200 requests the authentication terminal 100 to perform multi-signature, the authentication terminal 100 generates a private key for multi-signature as illustrated in FIG. 6 and proceeds with a multi-signature process (S730).

When there is another user who has already performed the multi-signature, and multi-signer authentication information for authenticating the validity of the multi-signature is generated and stored (S740), the authentication terminal 100 may request the authentication of validity of the corresponding multi-signer authentication information from the virtual user 300 (S742). In this case, the virtual user 300 may be implemented through a separate server or computer device distinct from the authentication management server 200. According to the exemplary embodiment, the authentication terminal 100 may be configured to directly perform the authentication of the validity of the multi-signer authentication information.

Then, when the predetermined signature time limit has elapsed, the virtual user 300 may stop the corresponding multi-signature procedure (S752). In this case, the virtual user 300 may update and store the multi-signer authentication information, or generate and store new multi-signer authentication information by using the public key of the user who has performed the multi-signature among the previously shared public keys, a public key of a user who has not performed the multi-signature, and a predetermined hash function. In this case, the multi-signer authentication information or the new multi-signer authentication information may be stored as a Bloom filter as described above. In this case, a bit indicating whether the signature is performed may be added to the bit string of the Bloom filter.

On the other hand, when the signature time limit has not elapsed, the virtual user 300 may generate new multi-signer authentication information by using the public key of another user who has performed the multi-signature and the predetermined hash function, and authenticate the validity of pre-stored multi-signer authentication information by comparing the generated multi-signer authentication information with the pre-stored multi-signer authentication information to authenticate the validity of the multi-signature performed by the other user (S760). In this case, each multi-signer authentication information may include a Bloom filter value.

When the authentication of the validity of the multi-signer authentication information fails (S770), the corresponding multi-signature procedure may be stopped (S752). On the other hand, when the authentication of the validity of the multi-signer authentication information is successful, the authentication terminal 100 may continue the multi-signature procedure (S780).

When the multi-signature is completed, the authentication terminal 100 may transmit a multi-signature result including the public key of the corresponding user to the virtual user 300 (S782).

Then, the virtual user 300 may update and store the existing multi-signer authentication information or generate and store new multi-signer authentication information by using the transmitted public key and the predetermined hash function (S790). As mentioned above, the corresponding multi-signer authentication information may be stored as the Bloom filter.

Meanwhile, the exemplary embodiments according to the present invention may be implemented as a computer system and a computer program for driving the computer system. When the exemplary embodiments of the present invention are implemented as a computer program, the constituent elements of the present invention may include program segments that execute corresponding operations or tasks through a corresponding computer system. The computer programs or program segments may be stored in various computer-readable recording media. The computer-readable recording medium may include any type of medium for recording data readable by a computer system. For example, the computer-readable recording medium may include a ROM, a RAM, an EEPROM, registers, a flash memory, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, or an optical data recording device. In addition, such a recording medium may be distributed in various network-connected computer systems to store or execute program codes in a distributed manner.

As described above, according to the present invention, the security and reliability of multi-signature may be strengthened by performing authentication for multi-signature while storing and managing multi-signer authentication information for authenticating the validity of multi-signature by a trusted virtual user.

Furthermore, it is a matter of course that the exemplary embodiments according to the present invention may solve various technical problems other than those mentioned in this specification in the relevant technical field as well as the related technical field.

So far, the present invention has been described with reference to the specific exemplary embodiments. However, those skilled in the art will clearly understand that various modified exemplary embodiments may be implemented within the technical scope of the present invention. Therefore, the exemplary embodiments disclosed above should be considered in an illustrative point of view, rather than a restrictive point of view. That is, the scope of the true technical spirit of the present invention is indicated in the claims, and all differences within the scope of equivalents thereto should be construed as being included in the present invention.

Claims

1. An electronic authentication method of a server supporting a multi-signature authentication, the electronic authentication method comprising: designating, by the server, a user group including a plurality of users to participate in the multi-signature authentication;designating, by the server, a virtual user in the user group according to a predetermined policy or a request of one or two or more users of the plurality of users;generating, by the server, a communication channel for communication with the user group;receiving, by the server, from a respective electronic terminal of a respective user of the plurality of users of the user group, a respective public key for the respective user of the plurality of users of the user group, through the communication channel;sharing the received public keys with electronic terminals of the plurality of users of the user group, including the virtual user;generating a private key fragment by dividing a private key of the user into a number corresponding to a number of the plurality of users of the user group;encoding a local signature generated by the user of the user group by using a time stamp assigned to the user group and also using the private key fragment;sharing, by the server, the local signature generated by the user of the user group, with the electronic terminals of the plurality of users of the user group, through the communication channel;performing the multi-signature authentication by using the local signature and the private key for the multi-signature authentication;generating multi-signer authentication information capable of authenticating validity of the performed multi-signature authentication; andauthenticating the validity of the performed multi-signature authentication by using the public key, a predetermined hash function, and the multi-signer authentication information,wherein when the multi-signature authentication is not completed within a predetermined time limit, stopping a progress of the multi-signature authentication; and storing new multi-signer authentication information by using the public key of the user who has performed the multi-signature within the time limit, the public key of the user who has not performed the multi-signature within the time limit, and the predetermined hash function.
2. The electronic authentication method of claim 1, wherein the multi-signer authentication information is stored as a Bloom filter.
3. The electronic authentication method of claim 2, wherein the Bloom filter is composed of a bit string structure of m bit size and uses k different hash functions, wherein a size of the Bloom filter is determined by using Equation 1: m=ceil((N*log(P))/log(1/pow(2, log(2))))k=round((m/N)*log(2)), [Equation 1]
4. The electronic authentication method of claim 1, wherein the authentication of the multi-signer authentication information is performed by requesting, by the user performing the multi-signature authentication, the authentication from the virtual user.
5. The electronic authentication method of claim 1, wherein the performing the multi-signature comprises: generating a single signature by using a Threshold Elliptic Curve Digital Signature Algorithm (T-ECDSA) method by using a local signature shared by other electronic terminals of the user group and the private key for the multi-signature.
6. The electronic authentication method of claim 5, wherein t of the T-ECDSA method is defined as a threshold value at which t+1 users complete multi-signature, wherein in the T-ECDSA method, t+1 multi-user local signature is performed, and a single signature is generated by using local signatures that are encoded and shared for each user,wherein for the generated single signature, the validity of the signature is validated with the public key, and an Elliptic Curve Digital Signature Algorithm (ECDSA) is expressed as in Equation 2: Pxy=k·G,r=Pxmodn s=k−1(z+rpk)modn, [Equation 2]
7. The electronic authentication method of claim 1, wherein the authenticating comprises: requesting, by one or more of the electronic terminals, the authentication from the virtual user and performing the authentication.

Priority Claims (1)

Number	Date	Country	Kind
10-2021-0113306	Aug 2021	KR	national

US Referenced Citations (335)

Number	Name	Date	Kind
4914698	Chaum	Apr 1990	A
4926480	Chaum	May 1990	A
4996711	Chaum	Feb 1991	A
5016274	Micali	May 1991	A
5537475	Micali	Jul 1996	A
5588061	Ganesan	Dec 1996	A
5610982	Micali	Mar 1997	A
5799088	Raike	Aug 1998	A
5825880	Sudia	Oct 1998	A
5867578	Brickell	Feb 1999	A
5905799	Ganesan	May 1999	A
6038317	Magliveras	Mar 2000	A
6088454	Nagashima	Jul 2000	A
6151676	Cuccia	Nov 2000	A
6154841	Oishi	Nov 2000	A
6298153	Oishi	Oct 2001	B1
6341349	Takaragi	Jan 2002	B1
6446207	Vanstone	Sep 2002	B1
7020282	Chang	Mar 2006	B1
7526651	Arditti Modiano	Apr 2009	B2
7607019	Crandall	Oct 2009	B2
7890763	Law	Feb 2011	B1
7986778	Harrison	Jul 2011	B2
8151332	Cross	Apr 2012	B2
8316237	Felsher	Nov 2012	B1
8826025	Sakumoto	Sep 2014	B2
8959355	Sakumoto	Feb 2015	B2
9129122	Sakumoto	Sep 2015	B2
9160972	Yoshioka	Oct 2015	B2
9401811	Asim	Jul 2016	B2
9455832	Brown	Sep 2016	B2
9690845	Araki	Jun 2017	B2
10057243	Kumar	Aug 2018	B1
10250395	Borne-Pons	Apr 2019	B1
10505723	Griffin	Dec 2019	B1
10608824	Praus	Mar 2020	B1
10630467	Gilbert	Apr 2020	B1
10630655	Becker	Apr 2020	B2
10685353	Burke	Jun 2020	B2
10735205	Wentz	Aug 2020	B1
10740474	Ghetti	Aug 2020	B1
10790976	Raevsky	Sep 2020	B1
10887113	Queralt	Jan 2021	B2
10951417	Qi	Mar 2021	B2
10992469	Cheng	Apr 2021	B2
11102204	Jacques de Kadt	Aug 2021	B1
11133942	Griffin	Sep 2021	B1
11204996	Permeh	Dec 2021	B2
11228446	Wang	Jan 2022	B2
11238447	Zhang	Feb 2022	B2
11239996	Masters	Feb 2022	B2
11263605	Chalkias	Mar 2022	B2
11290273	Ding	Mar 2022	B2
11316662	Qu	Apr 2022	B2
11372986	Doherty	Jun 2022	B1
11398916	Griffin	Jul 2022	B1
11411738	Agrawal	Aug 2022	B2
11418347	Griffin	Aug 2022	B1
11477006	Williams	Oct 2022	B2
11588645	Yavuz	Feb 2023	B1
11770260	Pamucci	Sep 2023	B1
11836688	Lawrence	Dec 2023	B1
11887072	Ornelas	Jan 2024	B2
11954672	Hamera	Apr 2024	B1
12082276	Guild	Sep 2024	B1
20020013898	Sudia	Jan 2002	A1
20020108044	Miyazaki	Aug 2002	A1
20020152389	Horita	Oct 2002	A1
20030177352	Camenisch	Sep 2003	A1
20040073814	Miyazaki	Apr 2004	A1
20040111607	Yellepeddy	Jun 2004	A1
20040123110	Zhang	Jun 2004	A1
20050022102	Gentry	Jan 2005	A1
20050076215	Dryer	Apr 2005	A1
20050152542	Zheng	Jul 2005	A1
20050201561	Komano	Sep 2005	A1
20050262353	Gentry	Nov 2005	A1
20050262354	Komano	Nov 2005	A1
20060010079	Brickell	Jan 2006	A1
20060104447	Lauter	May 2006	A1
20060140400	Brown	Jun 2006	A1
20060155985	Canard	Jul 2006	A1
20060159259	Gentry	Jul 2006	A1
20060159269	Braun	Jul 2006	A1
20060177051	Lauter	Aug 2006	A1
20060215837	Chen	Sep 2006	A1
20060236098	Gantman	Oct 2006	A1
20060248338	Jao	Nov 2006	A1
20060280308	Anshel	Dec 2006	A1
20070028114	McCullagh	Feb 2007	A1
20070121933	Futa	May 2007	A1
20070143608	Zeng	Jun 2007	A1
20070165843	Lauter	Jul 2007	A1
20070168672	Izu	Jul 2007	A1
20070198840	Lee	Aug 2007	A1
20080069347	Brown	Mar 2008	A1
20080089514	Futa	Apr 2008	A1
20080152132	Sung	Jun 2008	A1
20080155265	Yi	Jun 2008	A1
20080178005	Gentry	Jul 2008	A1
20080181413	Yi	Jul 2008	A1
20080226066	Yi	Sep 2008	A1
20080270786	Brickell	Oct 2008	A1
20080270790	Brickell	Oct 2008	A1
20090019285	Chen	Jan 2009	A1
20090034739	Teranishi	Feb 2009	A1
20090044017	Teranishi	Feb 2009	A1
20090089575	Yonezawa	Apr 2009	A1
20090112956	Cheon	Apr 2009	A1
20090129600	Brickell	May 2009	A1
20090180612	Leu	Jul 2009	A1
20090222668	Zaccone	Sep 2009	A1
20090276630	Teranishi	Nov 2009	A1
20100023771	Struik	Jan 2010	A1
20100180119	Furukawa	Jul 2010	A1
20100217710	Fujita	Aug 2010	A1
20100235727	Ashton	Sep 2010	A1
20100308978	Brown	Dec 2010	A1
20110016325	Futa	Jan 2011	A1
20110040960	Deierling	Feb 2011	A1
20110093210	Matsuzaki	Apr 2011	A1
20110154025	Spalka	Jun 2011	A1
20110154045	Lee	Jun 2011	A1
20110173455	Spalka	Jul 2011	A1
20120084567	Hwang	Apr 2012	A1
20120159153	Shim	Jun 2012	A1
20120239567	Choi	Sep 2012	A1
20120324240	Hattori	Dec 2012	A1
20130010950	Kerschbaum	Jan 2013	A1
20130073860	Ibraimi	Mar 2013	A1
20130080771	Brickell	Mar 2013	A1
20130091360	Hwang	Apr 2013	A1
20130097420	Zaverucha	Apr 2013	A1
20130129090	Kipnis	May 2013	A1
20130179675	Yoshida	Jul 2013	A1
20130179951	Broustis	Jul 2013	A1
20130212393	D'Souza	Aug 2013	A1
20130212395	D'Souza	Aug 2013	A1
20130287206	Hattori	Oct 2013	A1
20140050318	Hayashi	Feb 2014	A1
20140098960	Xu	Apr 2014	A1
20140164765	Hernandez	Jun 2014	A1
20140164780	Sakumoto	Jun 2014	A1
20140173281	Hwang	Jun 2014	A1
20140208104	Yoon	Jul 2014	A1
20140237252	Hursti	Aug 2014	A1
20150012738	Shah	Jan 2015	A1
20150180661	Fujii	Jun 2015	A1
20150222604	Ylonen	Aug 2015	A1
20150358167	Wang	Dec 2015	A1
20160072623	Joye	Mar 2016	A1
20160105287	Joye	Apr 2016	A1
20160127128	Chen	May 2016	A1
20160226665	Wuidart	Aug 2016	A1
20160255056	Shalunov	Sep 2016	A1
20160292680	Wilson, Jr.	Oct 2016	A1
20160306966	Srivastava	Oct 2016	A1
20160373260	Jerkeby	Dec 2016	A1
20160380767	Hayashi	Dec 2016	A1
20160380768	Koike	Dec 2016	A1
20170083717	Medvedev	Mar 2017	A1
20170091750	Maim	Mar 2017	A1
20170154331	Voorhees	Jun 2017	A1
20170213041	Medvedev	Jul 2017	A1
20170244567	Smeets	Aug 2017	A1
20170277911	Boldyrev	Sep 2017	A1
20170302457	Nakamoto	Oct 2017	A1
20170317833	Smith	Nov 2017	A1
20170317834	Smith	Nov 2017	A1
20170344758	Matsuo	Nov 2017	A1
20170344987	Davis	Nov 2017	A1
20170357496	Smith	Dec 2017	A1
20170366358	Lyubashevsky	Dec 2017	A1
20180026796	Oberheide	Jan 2018	A1
20180026799	Pottier	Jan 2018	A1
20180054316	Tomlinson	Feb 2018	A1
20180068280	Micali	Mar 2018	A1
20180082050	Flink	Mar 2018	A1
20180097638	Haldenby	Apr 2018	A1
20180101684	Murphy	Apr 2018	A1
20180101842	Ventura	Apr 2018	A1
20180139056	Imai	May 2018	A1
20180144233	Chen	May 2018	A1
20180191503	Alwar	Jul 2018	A1
20180198627	Mullins	Jul 2018	A1
20180198629	Deymonnaz	Jul 2018	A1
20180278426	Tang	Sep 2018	A1
20180307573	Abraham	Oct 2018	A1
20180316495	Wall	Nov 2018	A1
20180331824	Racz	Nov 2018	A1
20180331832	Pulsifer	Nov 2018	A1
20180343126	Fallah	Nov 2018	A1
20190013943	Maim	Jan 2019	A1
20190013950	Becker	Jan 2019	A1
20190020486	Hoffstein	Jan 2019	A1
20190037469	Krishnan	Jan 2019	A1
20190044732	Reinders	Feb 2019	A1
20190052461	Kreder, III	Feb 2019	A1
20190068567	Bhatnagar	Feb 2019	A1
20190108109	Ghosh	Apr 2019	A1
20190114860	Eckelmann-Wendt	Apr 2019	A1
20190132138	Finlow-Bates	May 2019	A1
20190149334	Van Der Velden	May 2019	A1
20190163911	Kliewer	May 2019	A1
20190188702	Bolla	Jun 2019	A1
20190205873	Kamalsky	Jul 2019	A1
20190236726	Unagami	Aug 2019	A1
20190260715	Suzuki	Aug 2019	A1
20190273607	Van Der Velden	Sep 2019	A1
20190295050	Chalkias	Sep 2019	A1
20190305962	Takemori	Oct 2019	A1
20190318356	Martin	Oct 2019	A1
20190319798	Chalkias	Oct 2019	A1
20190327096	Liu	Oct 2019	A1
20190334715	Gray	Oct 2019	A1
20190354968	Sato	Nov 2019	A1
20190372781	Ra	Dec 2019	A1
20200008095	Patil	Jan 2020	A1
20200014531	Falco	Jan 2020	A1
20200014546	Karame	Jan 2020	A1
20200027080	Holland	Jan 2020	A1
20200044863	Yadlin	Feb 2020	A1
20200053054	Ma	Feb 2020	A1
20200076586	Zhang	Mar 2020	A1
20200076620	Ogura	Mar 2020	A1
20200084042	Nelson	Mar 2020	A1
20200084049	Lindell	Mar 2020	A1
20200084483	Brown	Mar 2020	A1
20200111080	Metcalfe	Apr 2020	A1
20200126075	Fisch	Apr 2020	A1
20200126441	Garg	Apr 2020	A1
20200127835	Fletcher	Apr 2020	A1
20200134205	Hsiao	Apr 2020	A1
20200134719	Malik	Apr 2020	A1
20200153640	Ranellucci	May 2020	A1
20200153837	Lesimple	May 2020	A1
20200177394	Suzuki	Jun 2020	A1
20200202345	Zhang	Jun 2020	A1
20200213134	Zhang	Jul 2020	A1
20200218512	Chen	Jul 2020	A1
20200218984	Thornton	Jul 2020	A1
20200228349	Basu	Jul 2020	A1
20200244728	Jha	Jul 2020	A1
20200250339	Rosedale	Aug 2020	A1
20200252211	Chen	Aug 2020	A1
20200264843	Schwarz	Aug 2020	A1
20200264864	Yang	Aug 2020	A1
20200266999	Schwarz	Aug 2020	A1
20200267000	Schwarz	Aug 2020	A1
20200267001	Schwarz	Aug 2020	A1
20200267002	Yuan	Aug 2020	A1
20200294011	Robertson	Sep 2020	A1
20200295935	Kayan	Sep 2020	A1
20200310875	Ragnoli	Oct 2020	A1
20200313856	Basu	Oct 2020	A1
20200320529	Lyadvinsky	Oct 2020	A1
20200322164	Shirai	Oct 2020	A1
20200322168	Su	Oct 2020	A1
20200322175	Chen	Oct 2020	A1
20200349616	El Kaafarani	Nov 2020	A1
20200351083	Bartolucci	Nov 2020	A1
20200353167	Vivek	Nov 2020	A1
20200366667	Cebe	Nov 2020	A1
20200374114	Okano	Nov 2020	A1
20200394176	Wu	Dec 2020	A1
20200394177	Maurer	Dec 2020	A1
20200396072	Maurer	Dec 2020	A1
20200396212	Schiffman	Dec 2020	A1
20200403776	Oh	Dec 2020	A1
20200412546	Larmuseau	Dec 2020	A1
20200412550	Zhang	Dec 2020	A1
20210006414	Sanders	Jan 2021	A1
20210037008	Swaminath	Feb 2021	A1
20210049591	Lamesh	Feb 2021	A1
20210067345	Shamai	Mar 2021	A1
20210083872	Desmarais	Mar 2021	A1
20210097528	Wang	Apr 2021	A1
20210099283	Schvey	Apr 2021	A1
20210099312	Guo	Apr 2021	A1
20210105138	Tysor	Apr 2021	A1
20210105144	Borne-Pons	Apr 2021	A1
20210111889	Higley	Apr 2021	A1
20210111902	Lee	Apr 2021	A1
20210117555	Bernat	Apr 2021	A1
20210158342	Bartolucci	May 2021	A1
20210160222	Bartolucci	May 2021	A1
20210174243	Angel	Jun 2021	A1
20210182869	Davis	Jun 2021	A1
20210201328	Gunther	Jul 2021	A1
20210234684	Maruyama	Jul 2021	A1
20210243020	Mukherjee	Aug 2021	A1
20210243604	Lepp	Aug 2021	A1
20210248675	Guo	Aug 2021	A1
20210256513	Lu	Aug 2021	A1
20210273814	Lee	Sep 2021	A1
20210297242	Li	Sep 2021	A1
20210312431	Ravinathan	Oct 2021	A1
20210314161	Voit	Oct 2021	A1
20210336770	Ahmed	Oct 2021	A1
20210344510	Wright	Nov 2021	A1
20210383363	Smirnov	Dec 2021	A1
20210385069	Reid	Dec 2021	A1
20210391987	Badrinarayanan	Dec 2021	A1
20210406877	Wu	Dec 2021	A1
20220021521	Shamai	Jan 2022	A1
20220027970	Kim	Jan 2022	A1
20220029827	Wright	Jan 2022	A1
20220052843	Carver	Feb 2022	A1
20220058652	Wilson, Jr.	Feb 2022	A1
20220076253	Chaum	Mar 2022	A1
20220078024	Misoczki	Mar 2022	A1
20220092686	Sekar	Mar 2022	A1
20220094555	Roy	Mar 2022	A1
20220123929	Johnson	Apr 2022	A1
20220141014	Britto	May 2022	A1
20220198444	Mee	Jun 2022	A1
20220237287	Vigilant	Jul 2022	A1
20220253933	Sako	Aug 2022	A1
20220278828	Wang	Sep 2022	A1
20220278854	Tobkin	Sep 2022	A1
20220311621	Uchida	Sep 2022	A1
20220329584	Sharma	Oct 2022	A1
20220398601	Anastas	Dec 2022	A1
20220400020	Davies	Dec 2022	A1
20230004946	Fujimoto	Jan 2023	A1
20230006836	Carter	Jan 2023	A1
20230043095	Milam	Feb 2023	A1
20230048174	Priisalu	Feb 2023	A1
20230179409	Camenisch	Jun 2023	A1
20230198758	Castelluccia	Jun 2023	A1
20230231725	Ammar	Jul 2023	A1
20230308299	Wattiau	Sep 2023	A1
20230344643	Priisalu	Oct 2023	A1
20240048393	Beckwith	Feb 2024	A1
20240236075	Breitner	Jul 2024	A1

Foreign Referenced Citations (2)

Number	Date	Country
108476139	Aug 2018	CN
WO-2019194803	Oct 2019	WO

Non-Patent Literature Citations (8)

Entry
Van Der Merwe et al “A Public Key Management Scheme and Threshold-Multisignature Scheme for Mobile Ad Hoc Networks,” South African Institute of Electrical Engineers, pp. 82-92 (Year: 2006).
Yang et al “Improvement of an Efficient ID-based RSA Multisignature, 2010 International Conference on Complex, Intelligent and Software Intensive Systems,” IEEE Computer Society, pp. 822-826 (Year: 2010).
Wang et al “A New Type of Digital Multisignature,” The 9th International Conference on Computer Supported Cooperative Work in Design Proceedings, pp. 750-754 (Year: 2005).
Qian et al “Cryptanalysis of Chang-Lin-Lam's ID-based Multisignature Scheme,” IEEE Computer Society, pp. 1-4 (Year: 2006).
Aumasson et al “A Survey of ECDSA Threshold Signing,” pp. 1-20 (Year: 2020).
Google Patents Translation of CN108476139A, pp. 1-15 (Year: 2018).
Zhang et al “Improving Efficiency of Pseudonym Revocation in VANET Using Cuckoo Filter,” 2020 IEEE 20th International Conference on Communication Technology, pp. 763-769 (Year: 2020).
Ren et al “Multi-User Broadcast Authentication in Wireless Sensor Networks,” IEEE, pp. 223-232 (Year: 2007).

Related Publications (1)

	Number	Date	Country
	20230060347 A1	Mar 2023	US

Electronic authentication system and method of supporting multi-signature

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

International Classifications

Term Extension