Hayi Habr!
В Kweli nqaku, siye saxubusha ukuba kutheni kunokuba yimfuneko ukuvelisa amanani angaqhelekanga kubathathi-nxaxheba abangathembaniyo, zeziphi iimfuno ezibekwe phambili kwiijeneretha zamanani anjalo, kwaye ziqwalaselwe iindlela ezimbini zokuphunyezwa kwazo.
Kule nxalenye yenqaku, siza kujonga ngakumbi enye indlela esebenzisa iisignesha ze-threshold.
Intwana ye-cryptography
Ukuze uqonde indlela iisignesha ze-threshold zisebenza ngayo, kufuneka uqonde i-cryptography encinci. Siza kusebenzisa iikhonsepthi ezimbini: i-scalar, okanye amanani nje, esiya kuwachaza ngoonobumba abancinci (x, y) kunye namanqaku kwi-elliptic curve, esiya kuyichaza ngoonobumba abakhulu.
Ukuze uqonde iziseko zokusayinwa komda, awudingi ukuqonda ukuba zisebenza njani iijika ezijikelezayo, ngaphandle kwezinto ezimbalwa ezisisiseko:
-
Amanqaku akwijika elijiko anokongezwa kwaye aphindaphindwe ngesikali (siya kuthetha ukuphindaphinda ngesikali njenge xG, nangona ubhalo Gx ikwasetyenziswa rhoqo kuncwadi). Isiphumo sokudibanisa kunye nokuphindaphinda nge-scalar linqaku elikwi-elliptic curve.
-
Ukwazi inqaku kuphela G kunye nemveliso yayo kunye nesikali xG ayinakubalwa x.
Siza kusebenzisa ingqikelelo yepolynomial p(x) degrees k-1. Ngokukodwa, siya kusebenzisa le propati ilandelayo yeepolynomials: ukuba siyalazi ixabiso p(x) ngayo nayiphi na k различных x (kwaye asinalo ulwazi ngakumbi malunga p(x)), singabala p(x) nakubani na x.
Kuyathakazelisa ukuba kuyo nayiphi na i-polynomial p(x) kunye nenqaku elithile kwigophe Geyazi intsingiselo p(x)G ngayo nayiphi na k iintsingiselo ezahlukeneyo x, singakwazi nokubala p(x)G ngayo nayiphi na x.
Olu lwazi olwaneleyo lokumba kwiinkcukacha zendlela iisignesha ze-threshold zisebenza ngayo kunye nendlela yokuzisebenzisa ukuvelisa amanani angaqhelekanga.
Random inombolo generator kwiisignesha threshold
Masithethe lonto n abathathi-nxaxheba bafuna ukuvelisa inani elingacwangciswanga, kwaye sifuna nabani na athathe inxaxheba k kwakukho ngokwaneleyo kubo ukuvelisa inani, kodwa ukuze abahlaseli abalawulayo k-1 okanye abambalwa abathathi-nxaxheba abakwazanga ukuqikelela okanye ukuphembelela inani elenziweyo.
Masithi kukho ipolynomial enjalo p(x) degrees k-1 into eyaziwa ngumthathi-nxaxheba wokuqala p (1), owesibini uyazi p(2), kwaye nangokunjalo (n- uyazi p(n)). Sikwacinga ukuba ngenqaku elithile elimiselwe kwangaphambili G wonke umntu uyazi p(x)G kuwo onke amaxabiso x. Siza kufowuna p(i) "icandelo labucala" ith umthathi-nxaxheba (kuba kuphela iumthathi-nxaxheba uyamazi), kwaye p(i)G "icandelo likawonke-wonke" i-umthathi-nxaxheba (kuba bonke abathathi-nxaxheba bayamazi). Njengoko ukhumbula, ulwazi p(i)G akwanelanga ukubuyisela p(i).
Ukudala i-polynomial enjalo ukuze kuphela i-Umthathi-nxaxheba wokuqala kwaye akukho mntu wayesazi icandelo lakhe labucala - le yeyona nto inzima kwaye inomdla kwiprotocol, kwaye siya kuyihlalutya ngezantsi. Okwangoku, masicinge ukuba sinepolynomial enjalo kwaye bonke abathathi-nxaxheba bayawazi amacandelo abo abucala.
Singayisebenzisa njani ipolynomial ukuvelisa inani elingaqhelekanga? Ukuqala, sifuna umtya othile ongazange usetyenziswe ngaphambili njengegalelo kwijenereyitha. Kwimeko ye-blockchain, i-hash yebhloko yokugqibela h ngumgqatswa olungileyo kumgca onjalo. Vumela abathathi-nxaxheba bafune ukwenza inombolo engacwangciswanga besebenzisa h njengembewu. Abathathi-nxaxheba bayaguquka kuqala h ukuya kwindawo kwigophe usebenzisa nawuphi na umsebenzi ochazwe kwangaphambili:
H = scalarToPoint(h)
Emva koko umthathi-nxaxheba ngamnye i ubala kwaye upapashe Molo = p(i)H, bangenza ntoni kuba bayazi p(i) kunye no-H. Ukuxela Handibavumeli abanye abathathi-nxaxheba ukuba babuyisele icandelo labucala ith umthathi-nxaxheba, kwaye ke ngoko iseti enye yamacandelo abucala ingasetyenziswa ukusuka kwibhloko ukuya kwibhloko. Ngaloo ndlela, i-algorithm yesizukulwana se-polynomial ebiza kakhulu echazwe ngezantsi kufuneka iqhutywe kube kanye kuphela.
Xa k abathathi-nxaxheba baxilongwa Molo = p(i)H, wonke umntu angabala Hx = p(x)H yabo bonke x enkosi kwipropathi yeepolynomials esixoxe ngazo kwicandelo lokugqibela. Ngeli xesha, bonke abathathi-nxaxheba bayabala H0 = p(0)H, kwaye eli lisiphumo senani elingakhethiyo. Nceda uqaphele ukuba akukho mntu waziyo p(0), kwaye ke ngoko kuphela kwendlela yokubala Ip(0)H - oku kufakelelwa p(x)H, enokwenzeka kuphela xa k amaxabiso p(i)H eyaziwayo. Ukuvula nayiphi na into encinci p(i)H ayinikezeli naluphi na ulwazi malunga p(0)H.
Ijenereyitha engentla inazo zonke iimpawu esizifunayo: abahlaseli balawula kuphela k-Abathathi-nxaxheba be-1 okanye ngaphantsi abanalo ulwazi okanye impembelelo kwisigqibo, ngelixa nayiphi na k abathathi-nxaxheba bangabala inani lesiphumo, kunye naliphi na iseti esezantsi ye k abathathi-nxaxheba baya kuhlala beza kwisiphumo esifanayo sembewu efanayo.
Kukho ingxaki enye esiye sayiphepha ngokucophelela ngasentla. Ukuze i-interpolation isebenze, kubalulekile ukuba ixabiso Hi epapashwe ngumthathi-nxaxheba ngamnye i ngenene kwakufana p(i)H. Kuba akukho mntu ngaphandle iUmthathi-nxaxheba akazi p(i), akukho mntu ngaphandle i-Umthathi-nxaxheba akanakuqinisekisa oko Hi ngokwenyani ibalwe ngokuchanekileyo, kwaye ngaphandle kobungqina obufihlakeleyo bokuchaneka Hmna umhlaseli unokupapasha naliphi na ixabiso njenge Mholo, kunye nefuthe elingenasizathu kwimveliso ye-random number generator:
Amaxabiso awohlukeneyo e-H_1 athunyelwe ngumthathi-nxaxheba wokuqala akhokelela kwiziphumo ezahlukeneyo H_0
Zimbini iindlela zokungqina ubunyani Hmna, siya kuziqwalasela emva kokuba sihlalutye isizukulwana sepolynomial.
Isizukulwana sePolynomial
Kwicandelo lokugqibela sicinge ukuba sinepolynomial enjalo p(x) degrees k-1 ukuba umthathi-nxaxheba i uyazi p(i), kwaye akukho mntu wumbi unolwazi malunga neli xabiso. Kwicandelo elilandelayo siya kuyidinga kwakhona loo nto kwinqaku elimiselwe kwangaphambili G wonke umntu wayesazi p(x)G yabo bonke x.
Kweli candelo siya kucinga ukuba umthathi-nxaxheba ngamnye ekuhlaleni unesitshixo sabucala xi, kangangokuba wonke umntu uyazi isitshixo sikawonke-wonke esihambelanayo Xi.
Enye iprotocol yokuvelisa i-polynomial yile ilandelayo:
-
Umthathi-nxaxheba ngamnye i ekuhlaleni idala ipolynomial engenasizathu pi(x) isidanga k-1. Bathumela ke umthathi-nxaxheba ngamnye j intsingiselo pi(j), iguqulelwe ngokuntsonkothileyo ngesitshixo sikawonke-wonke Xj. Ngaloo ndlela kuphela i-ый и j-ый umthathi-nxaxheba uyazi pmna (j). Umthathi-nxaxheba i ikwabhengeza esidlangalaleni ipi(j)G yabo bonke j ukusuka 1 до k equkayo.
-
Bonke abathathi-nxaxheba basebenzisa imvumelwano ethile ukukhetha k abathathi-nxaxheba abaya kusetyenziswa iipolynomials. Kuba abanye abathathi-nxaxheba basenokuba abakho kwi-intanethi, asinakulinda de kube wonke umntu n abathathi-nxaxheba baya kupapasha iipolynomials. Isiphumo sesi nyathelo siseti Z ebandakanya ubuncinane k iipolynomials ezenziwe kwinqanaba (1).
-
Abathathi-nxaxheba baqinisekisa ukuba iinqobo ezisemgangathweni abazaziyo pi(j) ihambelana nesaziso esidlangalaleni ipi(j)G. Emva kweli nyathelo Z kuphela iipolynomials ezisasazwa ngasese pi(j) ihambelana nesaziso esidlangalaleni ipi(j)G.
-
Umthathi-nxaxheba ngamnye j ibala icandelo layo labucala p(j) njengesixa pi(j) kubo bonke i в Z. Umthathi-nxaxheba ngamnye ukwabala onke amaxabiso p(x)G njengesixa pi(x)G kubo bonke i в Z.
Qaphela oko p(x) - ngenene yipolynomial k-1, kuba sisimbuku somntu ngamnye pi(x), enye nenye inepolynomial yesidanga k-1. Emva koko, qaphela ukuba ngelixa umthathi-nxaxheba ngamnye j uyazi p(j), abanalo ulwazi malunga p(x) kuba x ≠ j. Enyanisweni, ukubala eli xabiso, kufuneka bazi yonke into ipi(x), kwaye okoko nje umthathi-nxaxheba j akazi nokuba enye yeepolynomials ezikhethiweyo, abanalo ulwazi olwaneleyo malunga p(x).
Le yinkqubo yokuvelisa i-polynomial yonke eyayifuneka kwicandelo lokugqibela. Amanyathelo 1, 2 kunye ne-4 apha ngasentla anokuphunyezwa okucacileyo. Kodwa inyathelo lesi-3 alibalulekanga kangako.
Ngokukodwa, kufuneka sikwazi ukungqina loo nto ifihliweyo pi(j) ihambelana ngokwenene nezipapashiweyo ipi(j)G. Ukuba asikwazi ukubonisa, umhlaseli i inokuthumela inkunkuma endaweni yoko pi(j) kumthathi-nxaxheba j, kunye nomthathi-nxaxheba j ayizukwazi ukufumana eyona ntsingiselo ipi(j), kwaye ayizukwazi ukubala icandelo layo labucala.
Kukho i-cryptographic protocol ekuvumela ukuba wenze umyalezo owongezelelweyo Ubungqinai(j), ukwenzela ukuba nawuphi na umthathi-nxaxheba, onexabiso elithile e, а также ubungqina(j) и pi(j)G, inokuqinisekisa ekuhlaleni oko e - yinyani ipi(j), iguqulelwe ngokuntsonkothileyo ngeqhosha lomthathi-nxaxheba j. Ngelishwa, ubukhulu bobungqina obunjalo bukhulu ngokumangalisayo, kwaye kunikwe ukuba kuyimfuneko ukupapasha O(nk) Ubungqina obunjalo abunakusetyenziselwa le njongo.
Endaweni yokungqina oko ipi(j) соответствует pi(j)G singakwazi ukwaba ixesha elide kakhulu kwiprotocol yokwenziwa kwepolynomial, apho bonke abathathi-nxaxheba bajonga okufunyenweyo okufihliweyo. ipi(j), kwaye ukuba umyalezo okhutshiweyo awuhambelani noluntu pi(j)G, bapapasha ubungqina obubambekayo bokuba umyalezo ofihliweyo abawufumeneyo awuchanekanga. Ngqina ukuba umyalezo hayi соответствует pi(G) kulula kakhulu kunokungqina ukuba iyahambelana. Kufuneka kuqatshelwe ukuba oku kufuna ukuba umthathi-nxaxheba ngamnye avele kwi-intanethi ubuncinane kanye kanye ngexesha elabelwe ukudala ubungqina obunjalo, kwaye uthembele ekucingeni ukuba ukuba bapapasha ubungqina obunjalo, kuya kufikelela kubo bonke abanye abathathi-nxaxheba ngexesha elifanayo.
Ukuba umthathi-nxaxheba akabonakalanga kwi-intanethi ngeli xesha, kwaye unecandelo elinye elingachanekanga, ngoko ke loo mthathi-nxaxheba akayi kuba nako ukuthatha inxaxheba ekuveliseni inani elongezelelweyo. Iprotocol iya, nangona kunjalo, isasebenza ukuba kukho ubuncinci k abathathi-nxaxheba abathe bafumana amacandelo achanekileyo okanye abakwazileyo ukushiya ubungqina bokuchaneka ngexesha elinikiweyo.
Ubungqina bokuchaneka kwe-H_i
Inxalenye yokugqibela ekusafuneka ixoxwe yindlela yokungqina ukuchaneka kokupapashiweyo Hmna, oko kukuthi Molo = p(i)H, ngaphandle kokuvula p(i).
Masikhumbule ukuba ixabiso H, G, p(i)G esidlangalaleni kwaye yaziwa ngumntu wonke. Fumana ukusebenza p(i) ukwazi p(i)G и G ebizwa ngokuba yi-discrete logarithm, okanye dlog, kwaye sifuna ukubonisa ukuba:
idlog(p(i)G, G) =dlog(Hi, H)
ngaphandle kokuveza p(i). Ulwakhiwo lobungqina obunjalo bukhona, umzekelo.
Ngolu yilo, umthathi-nxaxheba ngamnye, kunye Hi ithumela ubungqina bokuchaneka ngokoyilo.
Nje ukuba kuveliswe inani elingacwangciswanga, lihlala lifuna ukusetyenziswa ngabathathi-nxaxheba ngaphandle kwabo balivelisayo. Abathathi-nxaxheba abanjalo, kunye nenombolo, kufuneka bathumele bonke Hi kunye nobungqina obunxulumeneyo.
Umfundi onolwazi unokubuza: kuba inani lokugqibela elingakhethiyo li H0, kwaye Ip(0)G - Olu lulwazi loluntu, kutheni sifuna ubungqina kumntu ngamnye Hi, kutheni ungathumeli ubungqina bokuba endaweni yoko
dlog (p(0)G, G) = idlog(H0, H)
Ingxaki kukuba ubungqina obunjalo abunakudalwa kusetyenziswa iProtocol yeSchnorr kuba akukho mntu uyazi ixabiso p (0), kuyimfuneko ukudala ubungqina, kwaye ngaphezu koko, i-random number generator yonke isekelwe kwinto yokuba akukho mntu uyazi le xabiso. Ngoko ke kuyimfuneko ukuba nawo onke amaxabiso Hi kunye nobungqina babo bomntu ngamnye ukubonisa ukuchaneka H0.
Nangona kunjalo, ukuba bekukho umsebenzi othile kumanqaku akwigophe elingqindilili afana nentsingiselo yokuphindaphinda, ubungqina bokuchaneka. H0 iya kuba yinto encinci, siya kuqinisekisa ukuba
HI-0 × G = p(0)G × H
Ukuba ijika elikhethiweyo liyaxhasa , obu bungqina buyasebenza. Kule meko HI-0 ayiyomveliso kuphela ye-random ye-generator, enokuqinisekiswa nguye nawuphi na umthathi-nxaxheba owaziyo. G, H и p(0)G. HU-0 ukwangutyikityo kumyalezo owawusetyenziswa njengembewu, eqinisekisa oko k и n abathathi-nxaxheba batyikitye lo myalezo. Ngoko ke, ukuba imbewu - yi-hash yebhloko kwi-protocol ye-blockchain, ngoko H0 Zombini umsayino kaninzi kwibhloko kunye nenani elihle kakhulu elingakhethiyo.
Ekugqibeleni
Eli nqaku liyinxalenye yochungechunge lweblogi yobugcisa . KUFUTSHANE iprotocol yebhloko kunye neqonga lokuphuhlisa izicelo ezibekwe phantsi kolawulo kunye nogxininiso ekuphuhliseni lula kunye nokusebenziseka ngokulula kubasebenzisi bokugqibela.
Ikhowudi yeprotocol ivuliwe, ukuphunyezwa kwethu kubhalwe kwi-Rust, inokufumaneka .
Ungalubona ukuba uphuhliso lwe-KUFUTSHANE lujongeka njani kwaye ulinge kwi-IDE ekwi-intanethi .
Ungalandela zonke iindaba ngesiRashiya kunye , nangesiNgesi kwigosa .
Ndizokubona ngokukhawuleza!
umthombo: www.habr.com