Cross-platform enclave identity
US-2018211067-A1 · Jul 26, 2018 · US
Secure dynamic threshold signature scheme employing trusted hardware
US12034865B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12034865-B2 |
| Application number | US-202217576779-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 14, 2022 |
| Priority date | May 5, 2017 |
| Publication date | Jul 9, 2024 |
| Grant date | Jul 9, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention provide enhanced security solutions which are enforced through the use of cryptographic techniques. It is suited for, but not limited to, use with blockchain technologies such as the Bitcoin blockchain. Methods and devices for generating an elliptic curve digital signature algorithm signature (r, w) are described. In one embodiment, a method includes: i) forming, by a node, a signing group with other nodes; ii) obtaining, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; iii) determining, by the node, a partial signature based on a private secret share, the multiplicative inverse of the secure random number and the first signature component; iv) receiving, by the node, partial signatures from other nodes of the signing group; and v) generating, by the node, the second signature component, w, based on determined and received partial signatures.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented security method comprising the step of: generating an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, wherein generating comprises: forming, by a node, a signing group with other nodes; obtaining, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point, wherein obtaining comprises generating the multiplicative inverse and the first signature component and provisioning an enclave associated with a trusted execution environment of the node to generate the secure random number; generating the secure random number using the enclave; determining, by the enclave, a partial signature based on a private secret share, the multiplicative inverse of the secure random number and the first signature component, wherein the enclave is configured to provide an attestation to prove the partial signature is being generated correctly; receiving, by the node, partial signatures from other nodes of the signing group; generating, by the node, the second signature component, w, based on determined and received partial signatures, wherein the second signature component is generated based on a threshold signature scheme using a threshold number of received partial signatures; and sending the multiplicative inverse to the other nodes. 2. The computer-implemented method according to claim 1 , wherein obtaining comprises receiving the multiplicative inverse and the first signature component from one of the other nodes. 3. The computer-implemented method according to claim 1 , further comprising, prior to forming the signing group, signalling an intention to participate in distributed signature generation. 4. The computer-implemented method according to claim 1 , wherein the partial signature is determined by performing Lagrangian interpolation. 5. The computer-implemented method according to claim 1 , wherein the second signature component is generated within an enclave associated with a trusted execution environment and wherein the method further includes, after generating the second signature component, sending the elliptic curve digital signature algorithm from the enclave to a host portion of the node. 6. The computer-implemented method according to claim 1 , further comprising adding the signature to a transaction and broadcasting the transaction to a blockchain network. 7. The computer-implemented method according to claim 1 , further comprising, prior to forming the signing group, obtaining the secret share by based on secret share data received from a plurality of existing members of the signing group. 8. The computer-implemented method according to claim 7 , wherein the secret share is determined within an enclave associated with a trusted execution environment of the node. 9. The computer-implemented method according to claim 1 , wherein the partial signature, v i , is determined as: v i =k −1 rb i s i mod p, where b i is a Lagrangian interpolation coefficient, k −1 is the multiplicative inverse of the secure random number, s i is the secret share, r is the first signature component, and p is an order. 10. A computer readable storage medium storing computer-executable instructions which, when executed, configure a processor to: form, by a node, a signing group with other nodes; obtain, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; and b) a first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point, wherein obtaining comprises: generating the multiplicative inverse and the first signature component and send the multiplicative inverse to the other nodes; and provisioning an enclave associated with a trusted execution environment of the node to generate the secure random number; generate the secure random number using the enclave; determine, by the enclave, a partial signature based on a private secret share, the multiplicative inverse of the secure random number and the first signature component, wherein the enclave is configured to provide an attestation to prove the partial signature is being generated correctly; receive, by the node, partial signatures from other nodes of the signing group; generate, by the node, a second signature component, w, based on determined and received partial signatures, wherein the second signature component is generated based on a threshold signature scheme using a threshold number of received partial signatures; and generate an elliptic curve digital signature algorithm signature based on the first signature component, r, and the second signature component, w. 11. An electronic device comprising: an interface device; a processor coupled to the interface device; and a memory coupled to the processor, the memory having stored thereon computer executable instructions that, when executed, cause the processor to: generate an elliptic curve digital signature algorithm signature comprising a first signature component, r, and a second signature component, w, wherein generating comprises: forming, by a node, a signing group with other nodes; obtaining, by the node, based on a secure random number: a) a multiplicative inverse of the secure random number; b) the first signature component, r, wherein the first signature component is determined based on the secure random number and an elliptic curve generator point; and wherein obtaining comprises generating the multiplicative inverse and the first signature component, and provisioning an enclave associated with a trusted execution environment of the node to generate the secure random number; generating the secure random number using the enclave; determining, by the enclave, a partial signature based on a private secret share, the multiplicative inverse of the secure random number and the first signature component, wherein the enclave is configured to provide an attestation to prove the partial signature is being generated correctly; receiving, by the node, partial signatures from other nodes of the signing group; generating, by the node, the second signature component, w, based on determined and received partial signatures, wherein the second signature component is generated based on a threshold signature scheme using a threshold number of received partial signatures; and sending the multiplicative inverse to the other nodes. 12. The electronic device of claim 11 , wherein the processor includes a trusted execution environment and wherein the computer executable instructions are executed within the trusted execution environment.
Assignees
Inventors
Classifications
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
for controlling access to devices or network resources · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Trusted platform modules [TPM] · CPC title
- H04L9/3255Primary
using group based signatures, e.g. ring or threshold signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12034865B2 cover?
- Embodiments of the invention provide enhanced security solutions which are enforced through the use of cryptographic techniques. It is suited for, but not limited to, use with blockchain technologies such as the Bitcoin blockchain. Methods and devices for generating an elliptic curve digital signature algorithm signature (r, w) are described. In one embodiment, a method includes: i) forming, by…
- Who is the assignee on this patent?
- Nchain Licensing Ag
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3255. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 09 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).