1. A digital signature method is applied to a first electronic device and comprises the following steps:

acquiring a file to be transmitted, a private key used by the first electronic device for digital signature and first compressed data, wherein the first compressed data is obtained by compressing a first symmetric tensor which is randomly generated, the order of the first symmetric tensor is greater than 2, and the private key comprises a first reversible matrix;

generating L second compressed data of L second symmetric tensors based on the first invertible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1;

performing digital signature on the file to be sent based on a second reversible matrix generated randomly and the first compressed data to obtain a first character string;

constructing a hash value of a root node of a hash tree based on L pieces of construction data, where the L pieces of construction data are the L pieces of second compressed data or the L pieces of second symmetric tensors;

and generating signature information of the first electronic device for the file to be sent based on the first character string, the first reversible matrix, the second reversible matrix, the L pieces of second compressed data and the hash value of the root node of the hash tree.

2. The method according to claim 1, wherein the generating signature information of the first electronic device for the file to be sent based on the first character string, the first invertible matrix, the second invertible matrix, the L second compressed data, and a hash value of a root node of the hash tree comprises:

segmenting the first character string to obtain P character strings, wherein P is a positive integer greater than 1;

performing matrix multiplication processing on the inverse matrix of the first reversible matrix and the second reversible matrix based on the P character strings to generate a target matrix;

based on the P character strings, selecting N second compressed data from the L second compressed data, wherein N is a positive integer;

for each piece of second compressed data in the N pieces of second compressed data, determining an authentication path corresponding to the second compressed data based on a hash value of a root node of the hash tree and the second compressed data, where the authentication path is an authentication path of the constructed data relative to the root node of the hash tree;

the signature information comprises the P character strings, the target matrix, the N second compressed data and authentication paths corresponding to the N second compressed data.

3. The method according to claim 2, wherein the N second compressed data include target compressed data, the target compressed data is any one of the N second compressed data, and the determining, for each of the N second compressed data, an authentication path corresponding to the second compressed data based on the hash value of the root node of the hash tree and the second compressed data includes:

determining a target hash value of a node from a leaf node corresponding to the target data in the hash tree to a root node based on the hash value of the leaf node corresponding to the target data in the hash tree and the hash value of the root node of the hash tree;

the target data is the constructed data corresponding to the target compressed data, and an authentication path of the target data relative to a root node of the hash tree includes: the target hash value and the position of a node in the hash tree, which is from a leaf node corresponding to the target data to a root node, in the hash tree.

4. The method of claim 1, wherein digitally signing the file to be transmitted based on the randomly generated second invertible matrix and the first compressed data to obtain a first string comprises:

generating first signature data based on the first compressed data and a randomly generated second invertible matrix, the first signature data being: a third symmetric tensor that is isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor;

and carrying out digital signature on the file to be sent based on the first signature data to obtain a first character string.

5. The method of claim 1, wherein the constructing the hash value of the root node of the hash tree based on the L constructed data comprises:

based on the L pieces of construction data and the randomly generated first target character string, constructing hash values of leaf nodes of a hash tree;

and constructing hash values of other nodes except the leaf nodes in the nodes of the hash tree based on the hash values of the leaf nodes of the hash tree and the first target character string, wherein the other nodes comprise root nodes of the hash tree.

6. The method of claim 5, before the obtaining the file to be sent, the private key used by the first electronic device for digital signature, and the first compressed data, further comprising:

generating a public key corresponding to the private key, the public key including the first target string and a hash value of a root node of a hash tree;

and publishing the public key.

7. A method for verifying signature information, which is applied to a second electronic device, comprises the following steps:

acquiring a file to be sent, signature information of the file to be sent and a public key used by the second electronic device for verifying the signature information, wherein the public key corresponds to a private key associated with the signature information, the public key comprises a hash value of a root node of a hash tree, the signature information comprises N pieces of second compressed data of N pieces of second symmetric tensors and N authentication paths of constructed data relative to the root node of the hash tree, and one piece of constructed data is one piece of second compressed data or one piece of second symmetric tensor corresponding to the second compressed data;

generating Q second target character strings based on the N second compressed data and the authentication path, wherein Q is a positive integer;

under the condition that the hash value of the root node of the hash tree is the same as each second target character string, performing matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

performing digital signature on the file to be sent based on the second signature data to obtain a second character string;

verifying the signature information based on the second string.

8. The method of claim 7, wherein the type of the second signature data corresponds to a type of first signature data, the first signature data being third compressed data of a third symmetry tensor isomorphic with the first symmetry tensor or the third symmetry tensor, the first signature data being used for digitally signing the file to be transmitted.

9. The method of claim 7, wherein the signature information includes P strings, P being a positive integer greater than 1, the verifying the signature information based on the second string comprising:

segmenting the second character string to obtain K character strings, wherein P is equal to K;

determining that the signature information is verified successfully under the condition that the P character strings are the same as the K character strings one by one; or, determining that the signature information verification fails when a third target character string in the P character strings is different from a fourth target character string in the K character strings;

the position of the third target character string in the P character strings corresponds to the position of the fourth target character string in the K character strings, and the third target character string is any character string in the P character strings.

10. A digital signature device, which is applied to a first electronic device, comprises:

the first acquisition module is used for acquiring a file to be transmitted, a private key for digital signature of the first electronic device and first compressed data, wherein the first compressed data is obtained by compressing a first symmetric tensor which is randomly generated, the order of the first symmetric tensor is greater than 2, and the private key comprises a first reversible matrix;

a first generating module, configured to generate L second compressed data of L second symmetric tensors based on the first reversible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1;

the first digital signature module is used for carrying out digital signature on the file to be sent based on a second reversible matrix generated randomly and the first compressed data to obtain a first character string;

a building module, configured to build a hash value of a root node of a hash tree based on L pieces of build data, where the L pieces of build data are the L pieces of second compressed data or the L pieces of second symmetric tensors;

and a second generating module, configured to generate signature information of the first electronic device for the file to be sent, based on the first character string, the first reversible matrix, the second reversible matrix, the L second compressed data, and a hash value of a root node of the hash tree.

11. The apparatus of claim 10, wherein the second generating means comprises:

the segmentation unit is used for segmenting the first character string to obtain P character strings, wherein P is a positive integer greater than 1;

a processing unit, configured to perform matrix multiplication processing on an inverse matrix of the first invertible matrix and the second invertible matrix based on the P character strings to generate a target matrix;

a selecting unit, configured to select N second compressed data from the L second compressed data based on the P character strings, where N is a positive integer;

a determining unit, configured to determine, for each of the N pieces of second compressed data, an authentication path corresponding to the second compressed data based on a hash value of a root node of the hash tree and the second compressed data, where the authentication path is an authentication path of the constructed data with respect to the root node of the hash tree;

the signature information comprises the P character strings, the target matrix, the N second compressed data and authentication paths corresponding to the N second compressed data.

12. The apparatus according to claim 11, wherein the N second compressed data include target compressed data, and the target compressed data is any one of the N second compressed data, and the determining unit is specifically configured to:

determining a target hash value of a node from a leaf node corresponding to the target data in the hash tree to a root node based on the hash value of the leaf node corresponding to the target data in the hash tree and the hash value of the root node of the hash tree;

the target data is the constructed data corresponding to the target compressed data, and an authentication path of the target data relative to a root node of the hash tree includes: the target hash value and the position of a node in the hash tree, which is from a leaf node corresponding to the target data to a root node, in the hash tree.

13. The apparatus of claim 10, wherein the first digital signature module is specifically configured to:

generating first signature data based on the first compressed data and a randomly generated second invertible matrix, the first signature data being: a third symmetric tensor that is isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor;

and carrying out digital signature on the file to be sent based on the first signature data to obtain a first character string.

14. The apparatus according to claim 10, wherein the building block is specifically configured to:

based on the L pieces of construction data and the randomly generated first target character string, constructing hash values of leaf nodes of a hash tree;

and constructing hash values of other nodes except the leaf nodes in the nodes of the hash tree based on the hash values of the leaf nodes of the hash tree and the first target character string, wherein the other nodes comprise root nodes of the hash tree.

15. The apparatus of claim 14, further comprising:

a third generating module, configured to generate a public key corresponding to the private key, where the public key includes the first target string and a hash value of a root node of a hash tree;

and the publishing module is used for publishing the public key.

16. An apparatus for verifying signature information, the apparatus being applied to a second electronic device, comprising:

a second obtaining module, configured to obtain a file to be sent, signature information of the file to be sent, and a public key used by the second electronic device to verify the signature information, where the public key corresponds to a private key associated with the signature information, the public key includes a hash value of a root node of a hash tree, the signature information includes N second compressed data of N second symmetric tensors and N authentication paths of constructed data with respect to the root node of the hash tree, and one constructed data is one second compressed data or one second symmetric tensor corresponding to the second compressed data;

a fourth generating module, configured to generate Q second target character strings based on the N second compressed data and the authentication path, where Q is a positive integer;

a matrix multiplication processing module, configured to perform matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data when a hash value of a root node of the hash tree is the same as that of each second target character string, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

the second digital signature module is used for carrying out digital signature on the file to be sent based on the second signature data to obtain a second character string;

and the verification module is used for verifying the signature information based on the second character string.

17. The apparatus of claim 16, wherein the type of the second signature data corresponds to a type of first signature data, the first signature data being third compressed data of a third symmetry tensor that is isomorphic with the first symmetry tensor or the third symmetry tensor, the first signature data being used to digitally sign the file to be transmitted.

18. The apparatus according to claim 16, wherein the signature information includes P character strings, P being a positive integer greater than 1, and the verification module is specifically configured to:

segmenting the second character string to obtain K character strings, wherein P is equal to K;

determining that the signature information is verified successfully under the condition that the P character strings are the same as the K character strings one by one; or, determining that the signature information verification fails when a third target character string in the P character strings is different from a fourth target character string in the K character strings;

the position of the third target character string in the P character strings corresponds to the position of the fourth target character string in the K character strings, and the third target character string is any character string in the P character strings.

19. An electronic device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6 or to perform the method of any one of claims 7-9.

20. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-6 or to perform the method of any one of claims 7-9.

21. A computer program product comprising a computer program which, when executed by a processor, implements the method of any of claims 1-6 or performs the method of any of claims 7-9.

Background

The digital signature is a basic task of public key cryptography, and the public key cryptography means that a cryptographic scheme comprises a public key and a private key, and the public key can be published, so that two users can carry out encryption and decryption and identity authentication on the premise of not establishing communication. The goal of digital signatures, in turn, is to authenticate the sender of the document, thereby ensuring that the sender of the document is authentic, which is of fundamental importance in e-commerce and internet protocols.

At present, in internet communication, a commonly used digital signature scheme is based on the difficulty of large number decomposition and discrete logarithm, such as an asymmetric encryption algorithm based on diffie-hellman key exchange.

Disclosure of Invention

The disclosure provides a digital signature method, a signature information verification method, a related device and electronic equipment.

According to a first aspect of the present disclosure, there is provided a digital signature method, applied to a first electronic device, including:

acquiring a file to be transmitted, a private key used by the first electronic device for digital signature and first compressed data, wherein the first compressed data is obtained by compressing a first symmetric tensor which is randomly generated, the order of the first symmetric tensor is greater than 2, and the private key comprises a first reversible matrix;

generating L second compressed data of L second symmetric tensors based on the first invertible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1;

performing digital signature on the file to be sent based on a second reversible matrix generated randomly and the first compressed data to obtain a first character string;

constructing a hash value of a root node of a hash tree based on L pieces of construction data, where the L pieces of construction data are the L pieces of second compressed data or the L pieces of second symmetric tensors;

and generating signature information of the first electronic device for the file to be sent based on the first character string, the first reversible matrix, the second reversible matrix, the L pieces of second compressed data and the hash value of the root node of the hash tree.

According to a second aspect of the present disclosure, there is provided a method for verifying signature information, the method being applied to a second electronic device, including:

acquiring a file to be sent, signature information of the file to be sent and a public key used by the second electronic device for verifying the signature information, wherein the public key corresponds to a private key associated with the signature information, the public key comprises a hash value of a root node of a hash tree, the signature information comprises N pieces of second compressed data of N pieces of second symmetric tensors and N authentication paths of constructed data relative to the root node of the hash tree, and one piece of constructed data is one piece of second compressed data or one piece of second symmetric tensor corresponding to the second compressed data;

generating Q second target character strings based on the N second compressed data and the authentication path, wherein Q is a positive integer;

under the condition that the hash value of the root node of the hash tree is the same as each second target character string, performing matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

performing digital signature on the file to be sent based on the second signature data to obtain a second character string;

verifying the signature information based on the second string.

According to a third aspect of the present disclosure, there is provided a digital signature apparatus, which is applied to a first electronic device, including:

the first acquisition module is used for acquiring a file to be transmitted, a private key for digital signature of the first electronic device and first compressed data, wherein the first compressed data is obtained by compressing a first symmetric tensor which is randomly generated, the order of the first symmetric tensor is greater than 2, and the private key comprises a first reversible matrix;

a first generating module, configured to generate L second compressed data of L second symmetric tensors based on the first reversible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1;

the first digital signature module is used for carrying out digital signature on the file to be sent based on a second reversible matrix generated randomly and the first compressed data to obtain a first character string;

a building module, configured to build a hash value of a root node of a hash tree based on L pieces of build data, where the L pieces of build data are the L pieces of second compressed data or the L pieces of second symmetric tensors;

and a second generating module, configured to generate signature information of the first electronic device for the file to be sent, based on the first character string, the first reversible matrix, the second reversible matrix, the L second compressed data, and a hash value of a root node of the hash tree.

According to a fourth aspect of the present disclosure, there is provided an apparatus for verifying signature information, the apparatus being applied to a second electronic device, including:

a second obtaining module, configured to obtain a file to be sent, signature information of the file to be sent, and a public key used by the second electronic device to verify the signature information, where the public key corresponds to a private key associated with the signature information, the public key includes a hash value of a root node of a hash tree, the signature information includes N second compressed data of N second symmetric tensors and N authentication paths of constructed data with respect to the root node of the hash tree, and one constructed data is one second compressed data or one second symmetric tensor corresponding to the second compressed data;

a fourth generating module, configured to generate Q second target character strings based on the N second compressed data and the authentication path, where Q is a positive integer;

a matrix multiplication processing module, configured to perform matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data when a hash value of a root node of the hash tree is the same as that of each second target character string, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

the second digital signature module is used for carrying out digital signature on the file to be sent based on the second signature data to obtain a second character string;

and the verification module is used for verifying the signature information based on the second character string.

According to a fifth aspect of the present disclosure, there is provided an electronic device comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any one of the methods of the first aspect or to perform any one of the methods of the second aspect.

According to a sixth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform any one of the methods of the first aspect or to perform any one of the methods of the second aspect.

According to a seventh aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements any of the methods of the first aspect or performs any of the methods of the second aspect.

The technology disclosed by the invention solves the problem of low security of the digital signature, and improves the security of the digital signature.

It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.

Drawings

The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:

fig. 1 is a schematic flow chart of a digital signature method according to a first embodiment of the present disclosure;

FIG. 2 is a schematic diagram of a computational implementation of an authentication path to construct a root node of a hash tree against data;

fig. 3 is a flowchart illustrating a method of verifying signature information according to a second embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of a digital signature apparatus according to a third embodiment of the present disclosure;

fig. 5 is a schematic configuration diagram of a signature information verification apparatus according to a fourth embodiment of the present disclosure;

FIG. 6 illustrates a schematic block diagram of an example electronic device that can be used to implement embodiments of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

First embodiment

As shown in fig. 1, the present disclosure provides a digital signature method, which is applied to a first electronic device, and includes the following steps:

step S101: the file to be sent, a private key used by the first electronic device for digital signature and first compressed data are obtained, the first compressed data are obtained by compression based on a first symmetric tensor which is randomly generated, the order of the first symmetric tensor is greater than 2, and the private key comprises a first reversible matrix.

In the embodiment, the digital signature method relates to the technical field of quantum computing, in particular to the field of information security related to quantum computing, and can be widely applied to a plurality of scenes such as electronic commerce, identity verification, software distribution and the like.

For example, in an authentication application scenario, party a needs to send a file to party b, and party b needs to verify that the file was indeed sent by party a and not others. At this time, party A can digitally sign the file, and party B can verify that the sender of the file is party A after receiving the file and the corresponding signature information and obtaining the public key of the public broadcast of party A.

For another example, in an application scenario of software distribution, the obtained software may be subjected to publisher authentication, so as to determine the source of the software.

In practical use, the digital signature method according to the embodiment of the present disclosure may be executed by the digital signature apparatus according to the embodiment of the present disclosure. The digital signature device of the embodiment of the present disclosure may be configured in any first electronic device to execute the digital signature method of the embodiment of the present disclosure. The first electronic device may be a server or a terminal, and is not limited specifically here.

The first electronic device serves as a communication sender and can communicate with other electronic devices to send files. In order to enable the other electronic devices to verify that the received file was indeed sent by the first electronic device and to verify the authenticity of the sender, the first electronic device may digitally sign the file to be sent using digital signature techniques, before sending the file.

The file to be sent refers to a file which needs to be sent to other electronic devices by the first electronic device, and the type of the file can be a text, a compressed packet, audio and video and the like.

The private key may be pre-stored for the first electronic device, and is used to encrypt and digitally sign a file to be sent of the first electronic device. The private key may correspond to a public key, a combination of the private key and the public key may be referred to as a key pair, and the public key is usually disclosed by the first electronic device to the other electronic devices, so that the other electronic devices may use the public key to verify signature information of the first electronic device.

As a task in public key cryptography, digital signature schemes require the difficulty of being based on some algorithmic problem to guarantee the security of digital signatures. With the development of quantum computers, the algorithm problem on which the existing digital signature scheme is based may not be difficult for the quantum computers in general, i.e. the algorithm problem on which the scheme is based may not be able to resist quantum attacks, and therefore, the security of the digital signature is threatened.

Among them, the above-mentioned difficulty is a delicate concept. First, unlike what is generally considered worst-case, what is needed here is a difficulty in the average sense, i.e., there is no effective algorithm for most of the inputs. Secondly, since not all difficult problems correspond to a proper digital signature protocol, it is necessary to design a corresponding protocol based on the problem. Finally, the usability of this problem in the context of post-quantum cryptography, such as the problem of large number decomposition, has to be explored also from the point of view of quantum algorithm design, which is difficult from the point of view of classical computers, but easy from the point of view of quantum computing.

From the viewpoint of computational complexity, the tensor isomorphic problem can be considered as a more difficult problem in isomorphic type problems, and the tensor isomorphic problem can be described as follows.

Let p be a prime number, gf (p) denotes the modulo p domain, and GL (n, p) denotes the set of invertible matrices of size n × n over gf (p). The multi-order matrix over gf (p) may be referred to as a tensor, where the order of the tensor is typically greater than 2.

Taking the tensor as a third-order matrix as an example, the tensor can be referred to as an n × n × n matrix, which has n × n × n components, and n can be referred to as the dimension of the tensor. Let A be one tensor, with A ═ a_ijk) Another tensor is denoted by B, with B ═ B_ijk) It is shown that the length of each order of data is n,i.e., the indices i, j, and k of the tensor can take 1 to n, respectively, denoted by i, j, k e {1,2_ijk,b_ijkE GF (p) is respectively two tensors of the ith sheet, the jth line and the kth column, and the tensors (a) can be formed by the arrangement of the elements_ijk) And (b)_ijk). The tensor isomorphism problem is to solve whether an invertible matrix exists, and the invertible matrix is obtained by using C ═ C_ij) Is expressed by epsilon GL (n, p) such thatThat is, the tensor isomorphic problem is to determine whether two tensors are isomorphic tensors, and to solve an invertible matrix in which the two tensors are transformed into each other when the two tensors are isomorphic tensors.

Wherein, the formulaIn (1)It is shown that the three matrices are multiplied from the three directions of the tensor, respectively, that is, the three matrices can be simultaneously multiplied in the three directions of the tensor, and the three matrices can be the same reversible matrix C. The result of this multiplication is also a tensor, which can be represented by B', where B ═ B (B)_i'_jk) And b is_i'_jkIs a number of the corresponding positions of the subscripts in the tensor B',

the definition of the isomorphic tensor problem is continued by the isomorphic tensor isomorphic problem, and the isomorphic tensor is a symmetrical tensor which is different from the isomorphic tensor problemIn (3), tensor a and tensor B are both symmetric tensors, and the definition of symmetric tensor is: setting a quantity A which satisfies a_ijk＝a_ikj＝a_jik＝a_jki＝a_kij＝a_kji。

From the quantum computation angle, due to the difficulty in solving the tensor isomorphic problem, the security of the digital signature designed by adopting the tensor isomorphic problem in the quantum algorithm angle provides guarantee. When the two problems are solved by adopting algorithms such as a Grubesynebar base and the like respectively, on one hand, the data symmetry and the relation of the symmetrical tensors are better relative to other tensors, on the other hand, whether the two symmetrical tensors are isomorphic tensors or not is solved due to the problem of attacking the precision of the algorithm, and on the condition that the two symmetrical tensors are isomorphic tensors, a reversible matrix of mutual transformation of the two symmetrical tensors is solved, and the convergence speed of the isomorphic problems of the symmetrical tensors is slower relative to the isomorphic problems of the tensors in operation.

This shows that the digital signature is designed based on the algorithm problem by using the symmetric tensor isomorphic problem, and the digital signature is more secure than the digital signature designed by using the tensor isomorphic problem. Therefore, in the embodiment of the present disclosure, the algorithm problem based on may adopt a symmetric tensor isomorphic problem, and the design of the digital signature may be performed by using the difficulty in solving the angles of most computers (including quantum computers) by using the symmetric tensor isomorphic problem.

It should be noted that, in the case that the symmetric tensor is the higher-order matrix, the isomorphic problem of the symmetric tensor can be further generalized to the symmetric tensor that is the higher-order matrix, that is, the isomorphic problem of the symmetric tensor of the higher-order matrix can be analogized according to the isomorphic problem of the symmetric tensor of the third-order matrix. For example, for two symmetric tensors that are fourth-order matrices, a ═ can be used for each of the two symmetric tensors_ijkl) And B ═ B_ijkl) To express, the isomorphic problem of the symmetric tensor is to refer to whether the invertible matrix C exists or not, so that

On the premise of the isomorphic problem of the symmetric tensors, even if two symmetric tensors are known to be isomorphic tensors, the reversible matrix transformed between the two symmetric tensors is difficult to solve, so that in order to ensure the security of the digital signature, the private key of the first electronic device for the digital signature can be set to be in a matrix form, so as to ensure the difficulty of breaking the private key.

Specifically, the private key may include a first reversible matrix, and the public key may be set to a compressed form of the symmetric tensor, and the public key is published. Therefore, if other electronic devices need to forge the signature information of the first electronic device for the file to be sent, the private key needs to be obtained by cracking according to the public key, which is equivalent to that the other electronic devices need to solve the isomorphic problem of the symmetric tensor. Due to the difficulty in solving the isomorphic problem of the symmetric tensor, the private key of the first electronic device is difficult to crack by other electronic devices according to the public key, and thus the signatures of the first electronic device are difficult to forge by the other electronic devices, so that the security of the digital signatures can be ensured.

In practical application, an identity authentication protocol can be constructed by adopting a zero-knowledge interaction protocol of a classical graph isomorphism problem based on a symmetric tensor isomorphism problem. Depending on the security required, the protocol may be run through several rounds with multiple symmetric tensors generated in each round. Based on the identity authentication protocol, a digital signature scheme can be constructed by using a classic identity recognition protocol Fiat-Shamir conversion process.

In a digital signature scheme, important parameters may include the length of the signature, the length of the public key, and the run times for generating the key, generating the signature, and verifying the signature. According to the main parameters in the protocol (for example, n is the dimension of the symmetric tensor, namely the symmetric tensor scale, p is the domain size, namely the number domain scale, r is the round number, namely the signature length parameter, lambda is the safety parameter, s is the hash tree depth, and t is 2^sThe number of leaf nodes of the hash tree, which is also the number of symmetric tensors involved in generating the public key), and an understanding of the best algorithm runtime of the symmetric tensor isomorphic problem, appropriate parameter selection can be made to achieve the required security of the digital signature, for example, to achieve the security of 128 bits or 256 bits. Meanwhile, the protocol can be prototype-realized, and the actual running time of generating the key, generating the signature and verifying the signature can be tested.

The file to be sent can be acquired in various ways, for example, the file to be sent can be acquired from a file stored in advance, and for example, the file to be sent can be actively generated.

The private key may be generated in advance by the first electronic device and stored in the database, or may be set in advance by a developer and stored in the database, which is not specifically limited herein.

The private key is, for example, pre-generated by a first electronic device and stored in a database, and the first electronic device may randomly generate at least one first reversible matrix, for example, randomly generate t-1 first reversible matrices, and use C_iE GL (n, p), i e {1, 2., t-1}, where t can be set according to the actual situation, and t is greater than or equal to 2. The private key of the first electronic device may include a plurality of reversible matrices, each of which may be C₀,C₁,...,C_t-1Wherein, C₀Is an identity matrix of size n.

The first compressed data may be compressed data of a first symmetric tensor, and taking design of a digital signature scheme by using a isomorphic problem of a symmetric tensor of a third-order matrix as an example, when constructing a private key and a public key of the first electronic device, a first symmetric tensor may be randomly generated, and a may be used₀Representing a first symmetric tensor A₀＝(a_ijk)，i,j,k∈{1,2,...,n}，a_ijkE gf (p), which may be isomorphic as an initial symmetric tensor. Wherein, the data in the first symmetric tensor has a symmetric relation a_ijk＝a_ikj＝a_jik＝a_jki＝a_kij＝a_kji。

The first symmetric tensor can be compressed to obtain first compressed data, wherein the data volume in the first compressed data is smaller than the data volume in the first symmetric tensor. That is, compressing the first symmetric tensor means removing part or all of redundant data in the first symmetric tensor to obtain first compressed data, and the first symmetric tensor can be accurately restored based on the first compressed data.

In an alternative embodiment, due to the symmetry of the first symmetry tensor, a satisfying i ≦ j ≦ k may be assigned_ijkIs eliminated, or a satisfying i > j or j > k is eliminated_ijkThe values of (A) are removed, namely half of the data with the symmetrical relation is reserved, and the other half of the data can be obtained according to the symmetrical relation.

For example, when reserving a_ijkWhen the data (i is more than or equal to j is less than or equal to k), calling a if necessary_jkiJki may be reordered to ijk based on a_ijk＝a_jkiI.e. a can be derived from the first compressed data_jkiThe value of (c). For example, if i is 1, j is 2, and k is 3, call a is required₂₃₁Can be reordered based on a₁₂₃＝a₂₃₁I.e. a can be derived from the first compressed data₂₃₁The value of (c).

The whole of the first compressed data may be referred to as a compressed representation of the first symmetric tensor, and a specific data structure may be used to store the compressed representation of the first symmetric tensor, such as a key value-content value data structure, where key is used to store the subscript of the data, i.e., ijk, and value is used to store the value corresponding to the subscript, so that it is possible to avoid repeatedly storing the values that should be the same, and thus the storage space of the first electronic device may be greatly reduced.

Step S102: generating L second compressed data of L second symmetric tensors based on the first invertible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1.

The first electronic device may generate compressed data of a symmetry tensor isomorphic with the first symmetry tensor based on the first compressed data and the first invertible matrix in the private key, and may be structured by: for i e {1,. eta., t-1},finally, L second compressed data of L second symmetric tensors are obtained, where the L second symmetric tensors may include the first symmetric tensor and also include a symmetric tensor isomorphic with the first symmetric tensor.

Specifically, other data in the first symmetric tensor except the first compressed data may be constructed based on the first compressed data, the first symmetric tensor may be constructed by the first compressed data and the other data, and then the first reversible matrix and the first symmetric tensor may be matrix-multiplied to obtain the second compressed data of the second symmetric tensor, that is, only a part of data of the second symmetric tensor is calculated, for example, only a satisfying that i is less than or equal to j and is less than or equal to k is calculated_ijkThe amount of calculation can be reduced, and the processing speed of the digital signature is improved.

The first reversible matrix and the first symmetric tensor can also be subjected to matrix multiplication, and under the condition that other data in the first symmetric tensor need to be called, corresponding data can be obtained from the first compressed data and substituted and calculated based on the symmetric relation between the other data and the first compressed data, and finally second compressed data of the second symmetric tensor is obtained.

In practical applications, the value of L may be t. The L second compressed data may be sent to other electronic devices as public keys, and the largest problem in sending the L second compressed data to other electronic devices as public keys is that the public keys have a relatively large length, and the efficiency of the electronic devices is greatly affected when the electronic devices are applied in a scene where the public keys need to interact. Therefore, a character string converted from the L pieces of second compressed data may be transmitted to another device as a public key, and the character string may be a hash value set based on a tensor, which will be described in detail below, but is not particularly limited herein.

Step S103: and performing digital signature on the file to be sent based on a second reversible matrix generated randomly and the first compressed data to obtain a first character string.

The file to be sent may be digitally signed by using a hash function based on the randomly generated second reversible matrix and the first compressed data, so as to obtain a first character string.

Specifically, first signature data may be generated based on a second reversible matrix that is randomly generated and the first compressed data; and carrying out digital signature on the file to be sent based on the first signature data to obtain a first character string. Wherein the first signature data may be: a third symmetric tensor isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor.

In practical applications, for i e { 1.,. r }, r } which may be a positive integer, the first electronic device may randomly generate at least one second invertible matrix, which may be represented by D_iAnd epsilon GL (n, p). That is, the first signature data may be constructed based on the second reversible matrix generated at random and the first compressed data, and the first signature data may be at least one third symmetry tensor isomorphic with the first symmetry tensor or third compressed data of the at least one third symmetry tensor, and may be constructed by the formulaThe construction is similar to that of the second compressed data and will not be described here.

Then, a hash function (denoted by H) may be used to digitally sign the file to be sent (denoted by M), specifically, the file to be sent M and the first signature data may be used as a character string to be connected in series, and a hash operation may be performed on the character string after the series connection to obtain the first character string.

Under the condition that the first signature data is the third symmetrical tensor, the file M to be sent and the third symmetrical tensor B can be sent₁，…，B_rThe strings are concatenated, and then the concatenated string is hashed to obtain a first string, which is then processed by H (M | B)₁|...|B_r) Denotes, M | B₁|...|B_rRepresenting the file M to be transmitted and a second symmetric tensor B₁，…，B_rAs a string concatenation. Wherein, the file M to be sent and the third symmetrical tensor B₁，…，B_rThe hash operation is performed after the serial connection of the character strings, so that the data volume can be increased, and the safety of the first character string generated by the hash function can be improved.

Under the condition that the first signature data is the third compressed data, the file M to be sent and the third compressed data can be used as character strings to be connected in series, and then the character strings after being connected in series are subjected to hash operation to obtain the first character string. The file M to be sent and the third compressed data are used as character strings to be connected in series and then subjected to Hash operation, so that the calculation speed is high.

The first string may be a binary string, i.e. 01 string, and its length may be r × s, and the parameter s is also a parameter of the authentication protocol, and satisfies t ═ 2 with the parameter t^s. And H is a hash function whose input may be a string of arbitrary length, and whose output is r × s in length and outputs a 01 string.

Step S104: and constructing a hash value of a root node of a hash tree based on L pieces of construction data, wherein the L pieces of construction data are the L pieces of second compressed data or the L pieces of second symmetric tensors.

In the step, in cryptography and computer science, the hash tree is a tree-type data structure, which may include a plurality of layers, each layer being composed of at least one node, each node having as a label the hash of a data block, and nodes other than leaf nodes having as labels the encrypted hashes of their child node labels.

The hash value of the root node of the hash tree may be constructed by using a hash function based on the L pieces of construction data, and the hash tree may be constructed directly based on the L pieces of construction data, or may be constructed based on the L pieces of construction data and the first target character string that is generated randomly.

One of the construction data may be a second symmetric tensor, or may be a second compressed data, which is not specifically limited herein. It should be noted that, when the hash tree is constructed, the type of the data needs to be uniformly constructed, that is, the hash values of all leaf nodes of the hash tree are directly constructed based on the second symmetry tensor, or the hash values of all leaf nodes of the hash tree are directly constructed based on the second compressed data.

Taking the example of constructing the hash tree based on L pieces of construction data and the first target character string generated randomly, specifically, the first target character string may be generated randomly, may be represented by a MerkleKey, and specifically, may generate the MerkleKey based on a random function such as unifonm or random.

Wherein, MerkleKey can be for the 01 string that length is lambda, and lambda can be the security parameter, can set up lambda according to the security that digital signature needs reached, if digital signature needs to reach 128 bit's security, lambda can set up to 128.

The leaf nodes of the hash tree may be constructed based on L pieces of construction data, specifically, the s-th layer of the hash tree, that is, a layer corresponding to the leaf nodes may be constructed using a hash function H, and when the construction data is the second symmetric tensor, the formula H may be used_s,i＝H(A_i|(2^s+ i) | MerkleKey) to calculate the hash value of the leaf node in the s-th layer of the hash tree, wherein i is more than or equal to 0 and less than or equal to t-1, h_s,iThe symbol | represents the connection of the character string for the hash value of the ith leaf node of the layer corresponding to the leaf node, i.e., the s-th layer. In this way, the data volume can be increased, and the security of the first character string generated by the hash function can be improved.

And when the constructed data is the second compressed data, formula h_s,i＝H(A_i|(2^s+ i) | MerkleKey) of_iThe second compressed data may be replaced so that its calculation speed is relatively fast.

Continuing to use the hash function H to construct other internal nodes of the hash tree by using the formula H_k,i＝H(h_k+1,2i|h_k+1,2i+1|(2^k+ i) | MerkleKey), wherein k is more than or equal to 0 and less than s, and i is more than or equal to 0 and less than 2^k，h_k,iIs the hash value of the ith node of the k-th layer, and h_k+1,2iAnd h_k+1,2i+1Which are the hash values of the two children of the node, respectively, the node may be referred to as the parent of the two children. All elements of the hash tree can thus be constructed, including the root node of the hash tree, with h_0,0Is shown by_0,0May be part of a public key.

Step S105: and generating signature information of the first electronic device for the file to be sent based on the first character string, the first reversible matrix, the second reversible matrix, the L pieces of second compressed data and the hash value of the root node of the hash tree.

The signature information may include a first character string, a target matrix generated by the first character string, a first reversible matrix, and a second reversible matrix, N pieces of second compressed data selected from the L pieces of second compressed data based on the first character string, and an authentication path corresponding to each piece of second compressed data in the N pieces of second compressed data, where the authentication path is an authentication path of the constructed data with respect to a root node of the hash tree. The authentication path of the constructed data relative to the root node of the hash tree comprises a series of hash values, namely all information required for calculating the hash value from the construction data to the root node in the hash tree.

In an alternative embodiment, the signature information may include a plurality of character strings into which the first character string is cut, a target matrix generated from the plurality of character strings, the first invertible matrix and the second invertible matrix, N pieces of second compressed data, and an authentication path corresponding to each piece of second compressed data.

In this embodiment, digital signature is performed by using the symmetric tensor isomorphic problem and combining the hash tree, if other electronic devices need to forge signature information of the first electronic device for a file to be sent, the first electronic device needs to crack according to the public key (which may include compressed data of the isomorphic symmetric tensor or a hash value generated based on the compressed data of the isomorphic symmetric tensor) to obtain the private key, which is equivalent to that the other electronic devices need to solve the decryption problem and the symmetric tensor isomorphic problem of the hash tree, so that the private key is very difficult to forge by using the public key when the other electronic devices do not know the private key, and thus the digital signature is very difficult to forge, and the security of the digital signature can be improved.

And when the isomorphic problem of the tensor and the isomorphic problem of the symmetric tensor are respectively solved by adopting algorithms such as the Grubbania base and the like, on one hand, the data symmetry and the relationship of the symmetric tensor are better relative to other tensors, on the other hand, whether the two symmetric tensors are isomorphic tensors or not is solved due to the problem of attacking algorithm precision, and on the condition that the two symmetric tensors are isomorphic tensors, a reversible matrix of mutual transformation of the two symmetric tensors is solved, and the convergence speed of the isomorphic problem of the symmetric tensor is slower relative to the isomorphic problem of the tensor during operation. Therefore, the digital signature is designed by adopting the symmetric tensor isomorphic problem in the algorithm problem, and the digital signature is higher in safety compared with the digital signature designed by adopting the tensor isomorphic problem.

Table 1 is a cracking time table for attacking different digital signature schemes by using a roboran base, and algorithms based on the digital signature schemes are respectively a symmetric tensor isomorphic problem and a tensor isomorphic problem, wherein N/a in table 1 indicates that cracking cannot be performed. As shown in table 1 below, under different parameters in the protocol, the difficulty is higher in solving the symmetric tensor isomorphic problem relative to the tensor isomorphic problem.

TABLE 1 cracking timetable for different digital signature schemes using the Gerburan-based attack

Parameters in protocol	(n＝4，p＝5)	(n＝5，p＝5)
			Tensor isomorphic problem	0.076s	94.448s
Isomorphic problem of symmetric tensor	N/A	N/A

Optionally, step S105 specifically includes:

segmenting the first character string to obtain P character strings, wherein P is a positive integer greater than 1;

performing matrix multiplication processing on the inverse matrix of the first reversible matrix and the second reversible matrix based on the P character strings to generate a target matrix;

based on the P character strings, selecting N second compressed data from the L second compressed data, wherein N is a positive integer;

for each piece of second compressed data in the N pieces of second compressed data, determining an authentication path corresponding to the second compressed data based on a hash value of a root node of the hash tree and the second compressed data, where the authentication path is an authentication path of the constructed data relative to the root node of the hash tree;

the signature information comprises the P character strings, the target matrix, the N second compressed data and authentication paths corresponding to the N second compressed data.

In this embodiment, the first character string may be segmented to obtain a plurality of character strings, for example, r 01 character strings with a length of s may be obtained, and the r character strings may be respectively represented by f₁,...,f_rMeaning that when r is greater than 1, and the decimal values of the r character strings are all between 0 and t-1, the value of P is equal to r.

A target matrix may be generated based on the P character strings, the first invertible matrix, and the second invertible matrix, and specifically, for i ∈ { 1.,. r }, a subscript f may be obtained from the first invertible matrix_iThe first reversible matrix of (1), after which the first electronic device may employ the formulaAnd calculating an object matrix. Wherein E is_iIs an object matrix, which may be plural in number,denotes the f-th of the private key_iThe inverse of the first invertible matrix, e.g. when the 01 string f_iWhen it is 1, thenIs a first invertible matrix C in the private key₁I.e. the target matrix may be based on a second invertible matrix D_iWith the first invertible matrix in the private keyThe inverse matrix of (2) is obtained by matrix multiplication.

Then, based on the P character strings, N second compressed data may be selected from the L second compressed data, and specifically, the second symmetric tensor a may be selected₀,A₁,...,A_t-1N second compressed data are selected from the second compressed data, respectivelyN equals r.

For i ∈ {1,.., r }, based on the second symmetry tensor, respectivelyAnd the hash value of the root node of the hash tree, calculating an authentication path corresponding to the second compressed data, and using the path_iThat means, the authentication path may be an authentication path of the construction data (the construction data is the second compressed data or the second symmetry tensor) with respect to the root node of the hash tree. It comprises a series of hash values, i.e. all the information needed to compute the hash value to the root node of the hash value, starting from the building of the data.

That is, the calculated path based on the build data_iWhen the data is constructed as the second symmetric tensor, the method can enableWherein the above formula is derived fromIs calculated to h_0,0Is based on a short hand of processesAnd hash value in authentication path, repeatedly adjustedAnd using a hash function until the hash value of the root node of the hash tree is obtained. In other words, it is essentially based on the authentication path_iTour hash tree, enabling it to be based on the second symmetric tensorObtaining corresponding leaf nodes in the hash treeAnd can be from a leaf nodeRoot node h of travel to hash tree_0,0To obtain the hash value of the root node of the hash tree. And when the constructed data is the second compressed data, the constructed data will beIn (1)And replacing with the second compressed data.

Finally, signature information of the first electronic device for the file to be sent can be determined based on the r character strings, the plurality of target matrices, the N second compressed data and the authentication path corresponding to each second compressed data, where the signature information is the signature informationWherein the content of the first and second substances,respectively a second symmetric tensorIs a compressed representation of the second symmetric tensor.

If another electronic device, for example a third electronic device, wishes to impersonate the first electronic device, wishes to generate a signature for the file M to be transmitted, since the third electronic device does not have a private key, it does not have any private keyThe target matrix cannot be generated based on the private key, i.e. the formula cannot be adoptedGenerating an object matrix E₁,...,E_rAnd solving a symmetric tensor isomorphism problem is needed to crack the private key, so that the private key of the first electronic device is difficult to be taken by the third electronic device. Meanwhile, the public key taken by the third electronic device is generated based on the isomorphic symmetrical tensor combined with the hash tree, and comprises the hash value of the root node of the hash tree, so that if the third electronic device wants to forge a signature, the third electronic device needs to break the hash tree, and the third electronic device is very difficult to forge signature information due to the difficulty in designing the original image of the hash function.

In addition, the direct attack method of the third electronic device on the protocol can be attributed to the following problems: it is desirable to find a way to generate multiple 01 strings, using g₁,...,g_rE {0, 1.,. t-1} representation, such that in the calculationThen, H (M | B) is calculated₁|...|B_r) Obtained f₁,...,f_rSatisfy, for all i ∈ { 1.,. r }, such that f_i＝g_i. And the probability of success of such an attack does not significantly exceed 1/2, depending on the nature of the hash function^rs。

Therefore, based on the above two points, it is very difficult for the third electronic device to forge the signature information of the first electronic device.

Further, the combination of parameters in the protocol can be set as follows to achieve a security of 128 bits, as shown in table 2 below.

Table 2 some parameter combinations to achieve 128bit security

	n	p	r	s	Length of public key	Signature length
							Combination 1	9	8191	128	1	32	55280
Combination 2	9	8191	16	8	32	10508
							Combination 3	9	8191	10	12	32	7852

In table 2 above, the unit of the public key length and the signature length is Bytes.

In this embodiment, the first character string is segmented to obtain P character strings; performing matrix multiplication processing on the inverse matrix of the first reversible matrix and the second reversible matrix based on the P character strings to generate a target matrix; selecting N second compressed data from the L second compressed data based on the P character strings; for each piece of second compressed data in the N pieces of second compressed data, determining an authentication path corresponding to the second compressed data based on a hash value of a root node of the hash tree and the second compressed data, where the authentication path is an authentication path of the constructed data relative to the root node of the hash tree; the signature information comprises the P character strings, the target matrix, the N second compressed data and authentication paths corresponding to the N second compressed data. Therefore, under the condition that other electronic equipment does not know the private key, the public key generated by combining the symmetric tensor isomorphic problem with the hash tree is very difficult to forge the reversible matrix between the electronic equipment and the public key, and meanwhile, the root node based on the hash tree is also very difficult to crack the hash tree, so that the digital signature is very difficult to forge, and the safety of the digital signature can be improved.

Optionally, the determining, by the N pieces of second compressed data, an authentication path corresponding to the second compressed data based on the hash value of the root node of the hash tree and the second compressed data includes:

determining a target hash value of a node from a leaf node corresponding to the target data in the hash tree to a root node based on the hash value of the leaf node corresponding to the target data in the hash tree and the hash value of the root node of the hash tree;

the target data is the constructed data corresponding to the target compressed data, and an authentication path of the target data relative to a root node of the hash tree includes: the target hash value and the position of a node in the hash tree, which is from a leaf node corresponding to the target data to a root node, in the hash tree.

The present embodiment specifically describes an authentication path of target data relative to a root node of the hash tree, where the target data may be constructed data corresponding to target compressed data. When the hash tree is constructed, each node in the hash tree stores a value of a hash function, i.e., a hash value, for example, the hash value stored by the node a is a function of the hash values of only two sub-nodes below the node a, the position of the node a, and the first target character string MerkleKey. Therefore, as long as the hash values of the two child nodes, the location of the node a, and the MerkleKey are known, the hash value stored in the node a can be calculated by the hash function H. The authentication path is all information required to compute the nodes that are routed through, so that the hash value of the root node can be computed. It should be noted that, the hash function used in the signature process of the first electronic device and the signature verification process of the second electronic device should be unified.

Referring to fig. 2, fig. 2 is a schematic diagram illustrating calculation of an authentication path of constructed data corresponding to target compressed data relative to a root node of a hash tree, and as shown in fig. 2, first, based on the constructed data corresponding to the target compressed data (the constructed data may be the target compressed data or a second symmetric tensor corresponding to the target compressed data), a hash function is called to determine a hash value of a leaf node 201 corresponding to the target data in the hash tree, and the hash value travels from the leaf node 201 to the root node 202, and needs to go to the leaf node 203, the node 204, and the node 205.

The node that travels from the leaf node 201 to the root node 202 is different from other nodes in the hash tree, such as the node 206, in that the node 206 can be calculated based on the hash values of the leaf node 201 and the leaf node 203, and the node that travels needs to obtain the hash value of the node in the hash tree according to its position. The hash values of these traversed nodes may be used to compute a hash value for the root node of the hash tree in conjunction with the target data.

In the case of obtaining the hash value of the leaf node 201, the position of the leaf node 203 and the hash value may be obtained, for example, the leaf node 203 is on the left of the leaf node 201, and the hash value of the leaf node 203 adjacent to the left of the leaf node 201 is correspondingly obtained, where the authentication path of the target data relative to the hash tree root node includes the position of the leaf node 203 and the hash value.

Then, based on the hash value of the leaf node 201 and the hash value of the leaf node 203, the hash value of its parent node, correspondingly, the node 204 of the path node including the position right of its parent node, correspondingly, the hash value of the node 204 of the position in the hash tree may be obtained, and the authentication path of the target data with respect to the root node of the hash tree includes the position of the node 204 and the hash value.

The hash value of the node 205 is obtained in a similar manner to the hash value of the node 204, and will not be described herein again. Finally, a hash value may be calculated based on the hash value of the parent node of node 204 and the hash value of node 205 such that the hash value is equal to the hash value of the root node of the hash tree, and the authentication path of the target data with respect to the root node of the hash tree includes the location and hash value of node 203, the location and hash value of node 204, and the location and hash value of node 205.

In this embodiment, the target hash value of the node from the leaf node corresponding to the target data to the root node in the hash tree is determined based on the hash value of the leaf node corresponding to the target data in the hash tree and the hash value of the root node of the hash tree, so that an authentication path of the target data with respect to the root node of the hash tree can be obtained, and the digital signature of the first electronic device can be realized based on the authentication path.

Optionally, the step 103 specifically includes:

generating first signature data based on the first compressed data and a randomly generated second invertible matrix, the first signature data being: a third symmetric tensor that is isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor;

and carrying out digital signature on the file to be sent based on the first signature data to obtain a first character string.

In this embodiment, for i ∈ { 1.,. r }, where r may be a positive integer, the first electronic device may randomly generate at least one second invertible matrix, which may be represented by D_iAnd epsilon GL (n, p). That is, the first signature data may be constructed based on the second reversible matrix generated at random and the first compressed data, and the first signature data may be at least one third symmetry tensor isomorphic with the first symmetry tensor or third compressed data of the at least one third symmetry tensor, and may be constructed by the formulaThe construction is similar to that of the second compressed data and will not be described here.

Then, a hash function (denoted by H) may be used to digitally sign the file to be sent (denoted by M), specifically, the file to be sent M and the first signature data may be used as a character string to be connected in series, and a hash operation may be performed on the character string after the series connection to obtain the first character string.

Under the condition that the first signature data is the third symmetrical tensor, the file M to be sent and the third symmetrical tensor B can be sent₁，…，B_rThe strings are concatenated, and then the concatenated string is hashed to obtain a first string, which is then processed by H (M | B)₁|...|B_r) Denotes, M | B₁|...|B_rRepresenting the file M to be transmitted and a second symmetric tensor B₁，…，B_rAs a string concatenation. Wherein, the file M to be sent and the third symmetrical tensor B₁，…，B_rThe hash operation is performed after the serial connection of the character strings, so that the data volume can be increased, and the safety of the first character string generated by the hash function can be improved.

Under the condition that the first signature data is the third compressed data, the file M to be sent and the third compressed data can be used as character strings to be connected in series, and then the character strings after being connected in series are subjected to hash operation to obtain the first character string. The file M to be sent and the third compressed data are used as character strings to be connected in series and then subjected to Hash operation, so that the calculation speed is high.

The first string may be a binary string, i.e. 01 string, and its length may be r × s, and the parameter s is also a parameter of the authentication protocol, and satisfies t ═ 2 with the parameter t^s. And H is a hash function whose input may be a string of arbitrary length, and whose output is r × s in length and outputs a 01 string.

In this embodiment, first signature data is generated based on the first compressed data and a second invertible matrix that is randomly generated, where the first signature data is: a third symmetric tensor that is isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor; and performing digital signature on the file to be sent based on the first signature data to obtain a first character string, so that digital signature can be realized.

Optionally, the step S104 specifically includes:

based on the L pieces of construction data and the randomly generated first target character string, constructing hash values of leaf nodes of a hash tree;

and constructing hash values of other nodes except the leaf nodes in the nodes of the hash tree based on the hash values of the leaf nodes of the hash tree and the first target character string, wherein the other nodes comprise root nodes of the hash tree.

The present embodiment describes a specific process of constructing a hash tree based on the L pieces of construction data and the randomly generated first target character string.

The first target character string may be randomly generated, may be represented by a MerkleKey, and specifically may be generated based on a random function such as unifonm or random.

Wherein, MerkleKey can be for the 01 string that length is lambda, and lambda can be the security parameter, can set up lambda according to the security that digital signature needs reached, if digital signature needs to reach 128 bit's security, lambda can set up to 128.

The leaf nodes of the hash tree may be constructed based on L pieces of construction data, specifically, the s-th layer of the hash tree, that is, a layer corresponding to the leaf nodes may be constructed using a hash function H, and when the construction data is the second symmetric tensor, the formula H may be used_s,i＝H(A_i|(2^s+ i) | MerkleKey) to calculate the hash value of the leaf node in the s-th layer of the hash tree, wherein i is more than or equal to 0 and less than or equal to t-1, h_s,iThe symbol | represents the connection of the character string for the hash value of the ith leaf node of the layer corresponding to the leaf node, i.e., the s-th layer.

And when the constructed data is the second compressed data, formula h_s,i＝H(A_i|(2^s+ i) | MerkleKey) of_iThe second compressed data may be replaced.

Continuing to use the hash function H to construct other internal nodes of the hash tree by using the formula H_k,i＝H(h_k+1,2i|h_k+1,2i+1|(2^k+ i) | MerkleKey), wherein k is more than or equal to 0 and less than s, and i is more than or equal to 0 and less than 2^k，h_k,iIs the hash value of the ith node of the k-th layer, and h_k+1,2iAnd h_k+1,2i+1Which are the hash values of the two children of the node, respectively, the node may be referred to as the parent of the two children. All elements of the hash tree can thus be constructed, including the root node of the hash tree, with h_0,0Is shown by_0,0May be part of a public key.

In this embodiment, the hash value of the root node of the hash tree is constructed based on the L pieces of construction data and the randomly generated first target character string, so that the difficulty in cracking the hash tree can be increased, and the security of the digital signature can be further improved.

Optionally, before step S101, the method further includes:

generating a public key corresponding to the private key, the public key including the first target string and a hash value of a root node of a hash tree;

and publishing the public key.

The embodiment is a process of generating a public key based on a private key, and in order to enable other electronic devices to perform identity verification on a sender of a file to be sent, namely the first electronic device, under the condition that the signature information and the file to be sent are received by the first electronic device, the public key corresponding to the private key needs to be published.

The private key comprises a first invertible matrix C_iE GL (n, p), i e {1, 2.., t-1} and an identity matrix C of size n₀Generating compressed data of a symmetric tensor isomorphic to the first symmetric tensor based on the first reversible matrix and the first compressed data to finally obtain L second compressed data, where L may be equal to t and may be V correspondingly_iI ∈ { 0.,. t-1 }.

Randomly generating a first target character string MerkleKey, and constructing hash values of leaf nodes of a hash tree by adopting a hash function based on the MerkleKey and the L pieces of construction data, wherein the construction process is described in detail above and is not described herein again. It should be noted that the signature process of the first electronic device and the signature verification process of the second electronic device, which employ the first target character string, should be unified.

And continuously constructing hash values of other nodes in the hash tree by adopting a hash function based on the hash value of the leaf node and the MerkleKey, and finally constructing the hash value of the root node of the hash tree. And the public key corresponding to the private key comprises the first target character string and the hash value of the root node of the hash tree.

Then, the generated public key may be published, and accordingly, the public key of the first electronic device may be obtained by other electronic devices.

In this embodiment, second compressed data of a symmetric tensor isomorphic with an initial symmetric tensor is constructed by a private key and randomly generated first compressed data of the initial symmetric tensor to obtain L second compressed data, a hash value of a root node of a hash tree is constructed based on the L second compressed data and a first target character string, and the hash value of the root node of the hash tree and the first target character string are published as a public key of a first electronic device. Therefore, the length of the public key can be greatly reduced, and the application efficiency of the public key in a scene needing interaction can be improved.

Second embodiment

As shown in fig. 3, the present disclosure provides a method for verifying signature information, which is applied to a second electronic device, and includes the following steps:

step S301: acquiring a file to be sent, signature information of the file to be sent and a public key used by the second electronic device for verifying the signature information, wherein the public key corresponds to a private key associated with the signature information, the public key comprises a hash value of a root node of a hash tree, the signature information comprises N pieces of second compressed data of N pieces of second symmetric tensors and N authentication paths of constructed data relative to the root node of the hash tree, and one piece of constructed data is one piece of second compressed data or one piece of second symmetric tensor corresponding to the second compressed data;

step S302: generating Q second target character strings based on the N second compressed data and the authentication path, wherein Q is a positive integer;

step S303: under the condition that the hash value of the root node of the hash tree is the same as each second target character string, performing matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

step S304: performing digital signature on the file to be sent based on the second signature data to obtain a second character string;

step S305: verifying the signature information based on the second string.

In this embodiment, the second electronic device is an electronic device that receives a file to be sent, the first electronic device may send the file to be sent and signature information of the file to be sent to the second electronic device, and accordingly, the second electronic device may receive the file to be sent and the signature information of the file to be sent.

And the first electronic device publishes the public key for verifying the identity of the file to be sent and the signature information of the file to be sent before sending the file to be sent, and correspondingly, the second electronic device can obtain the public key published by the first electronic device.

The public key corresponds to a private key associated with the signature information, that is, the public key and the private key for generating the signature information are a key pair, and the public key may include a hash value of a root node of a hash tree, and may also include a first target character string.

The signature information may include N second compressed data of the N second symmetric tensors and N authentication paths of construction data with respect to a root node of the hash tree, one construction data being one second compressed data or one second symmetric tensor corresponding to the second compressed data. In the signature verification process and the digital signature process of the signature information, the types of construction data used for constructing the hash values of the nodes in the hash tree should be consistent.

That is, when the hash value of the node in the hash tree is constructed using the second compressed data in the digital signature process, the signature verification process of the signature information should also directly use the second compressed data to generate Q second target character strings. And when the second symmetric tensor is adopted to construct the hash value of the node in the hash tree in the digital signature process, the signature verification process of the signature information needs to restore the second compressed data into the second symmetric tensor, and then the second symmetric tensor is adopted to generate Q second target character strings.

Specifically, the second symmetric tensor is the constructed data, and for i ∈ { 1., r }, the second compressed data can be restored to the second symmetric tensor. Based on the second symmetrical tensorAnd its authentication path_iBy the formulaThat is, the hash function is repeatedly called until a second target string is obtained. In case the signature information is not forged, it may be based on the second symmetry tensorAnd its authentication path_iAnd obtaining the hash value of the root node of the hash tree. Therefore, the first re-verification of the signature information can be performed by comparing whether the second target string is identical to the hash value of the root node of the hash tree.

When the constructed data is the second compressed data, the calculation method is similar, but the constructed data is only to be the second compressed dataIn (1)Directly replaced with the second compressed data, and path_iAnd the authentication path of the second compressed data relative to the root node of the hash tree is obtained.

In this way, the hash function is repeatedly called to obtain a second target character string through the second compressed data and the authentication path of the constructed data relative to the root node of the hash tree in the signature information, and the second target character string is compared with the hash value of the root node of the hash tree, so that the first re-verification of the signature information can be realized.

And when the hash values of the root nodes of the hash tree in each second target character string and the public key are the same, the first re-verification is passed, and the second re-verification is performed under the condition that the first re-verification is passed, otherwise, the verification fails under the condition that at least one second target character string is different from the hash values of the root nodes of the hash tree.

In the second verification, the signature information may be matrix-multiplied by the N second symmetry tensors based on the N second compressed data to generate second signature data. In particular, formulas can be adoptedGenerating second signature data, which may be at least one fourth symmetry tensor, or a fourth compressed data of the at least one fourth symmetry tensor, B_i' may denote a fourth symmetric tensor, E_iIs the target matrix.

Specifically, based on the N second compressed data, the target matrix in the signature information may be subjected to matrix multiplication with the N second symmetric tensors to generate second signature data. The second signature data is generated in a manner similar to that of the first signature data, and is not described in detail here.

And then, based on the second signature data, performing digital signature on the file to be sent by adopting a hash function to obtain a second character string. The generation manner of the second character string is similar to that of the first character string, and is not specifically limited herein, and the hash function for performing digital signature in the digital signature process is the same as the hash function for performing digital signature in the signature verification process.

The second string may also be a binary string, i.e. a 01 string, which may also be r s in length.

Finally, the signature information may be verified based on the second character string, and when the second character string is the same as the character string in the signature information, the signature information is successfully verified, that is, the file to be sent is indeed sent by the first electronic device. And under the condition that the second character string is not identical to the character string in the signature information, the signature information fails to verify, namely the file to be sent is sent by other electronic equipment but not the first electronic equipment. Therefore, the second electronic equipment ensures the accuracy of the verification by performing double verification on the signature information.

In this embodiment, the second electronic device, when acquiring the public key published by the first electronic device, can verify the signature information very conveniently based on the public key and the received file to be sent and the signature information of the file to be sent, so as to verify the identity of the sender of the file to be sent. Meanwhile, the signature information is subjected to double verification, so that the verification accuracy can be further ensured.

Optionally, the type of the second signature data corresponds to the type of the first signature data, the first signature data is a third symmetric tensor isomorphic with the first symmetric tensor or third compressed data of the third symmetric tensor, and the first signature data is used for digitally signing the file to be sent.

In this embodiment, the correspondence between the type of the second target data and the type of the first target data can be understood as that, when the first signature data is in the form of a symmetric tensor, the second signature data should also be in the form of a symmetric tensor, and when the first signature data is in the compressed representation of a symmetric tensor, the second signature data should also be in the compressed representation of a symmetric tensor, so that consistency between digital signature and signature verification by using a hash function can be ensured.

Optionally, the signature information includes P character strings, where P is a positive integer greater than 1, and step S305 specifically includes:

segmenting the second character string to obtain K character strings, wherein P is equal to K;

determining that the signature information is verified successfully under the condition that the P character strings are the same as the K character strings one by one; or, determining that the signature information verification fails when a third target character string in the P character strings is different from a fourth target character string in the K character strings;

the position of the third target character string in the P character strings corresponds to the position of the fourth target character string in the K character strings, and the third target character string is any character string in the P character strings.

In this embodiment, the second character string may be segmented to obtain a plurality of character strings, for example, r 01 character strings with a length of s may be obtained, and the r character strings may be respectively represented by f₁',...,f_r' means.

For i ∈ { 1.,. r }, if there are f all_i＝f_i', the verification of the signature information is successful, otherwise, the verification of the signature information is failed.

In this embodiment, the second character string is segmented to obtain a plurality of character strings, and the plurality of character strings are compared with the plurality of character strings in the signature information one by one, so that the signature information is successfully verified under the condition that the character strings are the same, and the signature information is unsuccessfully verified under the condition that at least one character string is different, so that the signature information can be conveniently verified.

In order to verify the advantages of the digital signature method and the signature information verification method in the embodiment of the present disclosure, the scheme of the embodiment of the present disclosure and other schemes may be compared in terms of running time, public key length, signature length, and the like, where the scheme of the embodiment of the present disclosure is 2.4GHz for processor master frequency based on a symmetric tensor isomorphism scheme (adding hash tree technology), and other schemes may include 3.3GHz for signature scheme Falcon processor master frequency based on lattice problem, 2.4GHz for signature scheme processor based on symmetric tensor isomorphism, and 3.5GHz for signature scheme sphings + processor master frequency based on hash function.

The scheme of the embodiment of the present disclosure is implemented based on a Python prototype, the runtime table of each scheme is shown in table 3 below, and the public key length and signature length table of each scheme is shown in table 4 below.

TABLE 3 runtime tables for various scenarios

Table 4 public key length and signature length table for each scheme

As can be seen from table 3, the operation time of the scheme is significantly improved compared to other schemes, and as can be seen from table 4, the length of the public key can be greatly reduced compared to other schemes.

Third embodiment

As shown in fig. 4, the present disclosure provides a digital signature apparatus 400, which is applied to a first electronic device, and includes:

a first obtaining module 401, configured to obtain a file to be sent, a private key used by the first electronic device for digital signature, and first compressed data, where the first compressed data is obtained by compressing a first symmetric tensor generated randomly, an order of the first symmetric tensor is greater than 2, and the private key includes a first reversible matrix;

a first generating module 402, configured to generate L second compressed data of L second symmetric tensors based on the first reversible matrix and the first compressed data, the L second symmetric tensors including the first symmetric tensor and further including a symmetric tensor isomorphic with the first symmetric tensor, L being a positive integer greater than 1;

a first digital signature module 403, configured to digitally sign the file to be sent based on a second reversible matrix generated randomly and the first compressed data, to obtain a first character string;

a constructing module 404, configured to construct a hash value of a root node of a hash tree based on L pieces of construction data, where the L pieces of construction data are the L pieces of second compressed data or the L pieces of second symmetric tensors;

a second generating module 405, configured to generate signature information of the first electronic device for the file to be sent, based on the first character string, the first reversible matrix, the second reversible matrix, the L second compressed data, and a hash value of a root node of the hash tree.

Optionally, the second generating module 405 includes:

the segmentation unit is used for segmenting the first character string to obtain P character strings, wherein P is a positive integer greater than 1;

a processing unit, configured to perform matrix multiplication processing on an inverse matrix of the first invertible matrix and the second invertible matrix based on the P character strings to generate a target matrix;

a selecting unit, configured to select N second compressed data from the L second compressed data based on the P character strings, where N is a positive integer;

a determining unit, configured to determine, for each of the N pieces of second compressed data, an authentication path corresponding to the second compressed data based on a hash value of a root node of the hash tree and the second compressed data, where the authentication path is an authentication path of the constructed data with respect to the root node of the hash tree;

the signature information comprises the P character strings, the target matrix, the N second compressed data and authentication paths corresponding to the N second compressed data.

Optionally, the N second compressed data include target compressed data, where the target compressed data is any one of the N second compressed data, and the determining unit is specifically configured to:

determining a target hash value of a node from a leaf node corresponding to the target data in the hash tree to a root node based on the hash value of the leaf node corresponding to the target data in the hash tree and the hash value of the root node of the hash tree;

the target data is the constructed data corresponding to the target compressed data, and an authentication path of the target data relative to a root node of the hash tree includes: the target hash value and the position of a node in the hash tree, which is from a leaf node corresponding to the target data to a root node, in the hash tree.

Optionally, the first digital signature module 403 is specifically configured to:

generating first signature data based on the first compressed data and a randomly generated second invertible matrix, the first signature data being: a third symmetric tensor that is isomorphic with the first symmetric tensor, or third compressed data of the third symmetric tensor;

and carrying out digital signature on the file to be sent based on the first signature data to obtain a first character string.

Optionally, the building module 404 is specifically configured to:

based on the L pieces of construction data and the randomly generated first target character string, constructing hash values of leaf nodes of a hash tree;

and constructing hash values of other nodes except the leaf nodes in the nodes of the hash tree based on the hash values of the leaf nodes of the hash tree and the first target character string, wherein the other nodes comprise root nodes of the hash tree.

Optionally, the apparatus further comprises:

a third generating module, configured to generate a public key corresponding to the private key, where the public key includes the first target string and a hash value of a root node of a hash tree;

and the publishing module is used for publishing the public key.

The digital signature apparatus 400 provided by the present disclosure can implement each process implemented by the digital signature method embodiment, and can achieve the same beneficial effects, and for avoiding repetition, the details are not repeated here.

Fourth embodiment

As shown in fig. 5, the present disclosure provides an apparatus 500 for verifying signature information, the apparatus being applied to a second electronic device, including:

a second obtaining module 501, configured to obtain a file to be sent, signature information of the file to be sent, and a public key used by the second electronic device to verify the signature information, where the public key corresponds to a private key associated with the signature information, the public key includes a hash value of a root node of a hash tree, the signature information includes N second compressed data of N second symmetric tensors and N authentication paths of constructed data relative to the root node of the hash tree, and one constructed data is one second compressed data or one second symmetric tensor corresponding to the second compressed data;

a fourth generating module 502, configured to generate Q second target character strings based on the N second compressed data and the authentication path, where Q is a positive integer;

a matrix multiplication processing module 503, configured to perform matrix multiplication processing on the signature information and the N second symmetric tensors based on the N second compressed data to generate second signature data when a hash value of a root node of the hash tree is the same as each second target character string, where the second signature data is a fourth symmetric tensor isomorphic with the N second symmetric tensors or fourth compressed data of the fourth symmetric tensor;

a second digital signature module 504, configured to digitally sign the file to be sent based on the second signature data, so as to obtain a second character string;

a verification module 505, configured to verify the signature information based on the second character string.

Optionally, the type of the second signature data corresponds to the type of the first signature data, the first signature data is a third symmetric tensor isomorphic with the first symmetric tensor or a third compressed data of the third symmetric tensor, and the first signature data is used for digitally signing the file to be sent

Optionally, the signature information includes P character strings, where P is a positive integer greater than 1, and the verification module 505 is specifically configured to:

segmenting the second character string to obtain K character strings, wherein P is equal to K;

determining that the signature information is verified successfully under the condition that the P character strings are the same as the K character strings one by one; or, determining that the signature information verification fails when a third target character string in the P character strings is different from a fourth target character string in the K character strings;

the position of the third target character string in the P character strings corresponds to the position of the fourth target character string in the K character strings, and the third target character string is any character string in the P character strings.

The signature information verification apparatus 500 provided by the present disclosure can implement each process implemented by the signature information verification method embodiment, and can achieve the same beneficial effects, and for avoiding repetition, the details are not repeated here.

In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the good customs of the public order.

The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.

FIG. 6 illustrates a schematic block diagram of an example electronic device 600 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.

As shown in fig. 6, the apparatus 600 includes a computing unit 601, which can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)602 or a computer program loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the device 600 can also be stored. The calculation unit 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

A number of components in the device 600 are connected to the I/O interface 605, including: an input unit 606 such as a keyboard, a mouse, or the like; an output unit 607 such as various types of displays, speakers, and the like; a storage unit 608, such as a magnetic disk, optical disk, or the like; and a communication unit 609 such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the device 600 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.

The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 601 performs the respective methods and processes described above, such as the digital signature method or the verification method of signature information. For example, in some embodiments, the digital signature method or the verification method of the signature information may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as the storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM 602 and/or the communication unit 609. When the computer program is loaded into the RAM 603 and executed by the computing unit 601, one or more steps of the above-described digital signature method or verification method of signature information may be performed. Alternatively, in other embodiments, the computing unit 601 may be configured to perform the digital signature method or the verification method of the signature information by any other suitable means (e.g., by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel or sequentially or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved.

The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.