Threshold secret share authentication proof and secure blockchain voting with hardware security modules
First Claim
Patent Images
1. A method for secure voting among M peers in a channel on an action proposal, comprising:
- a) selecting a secret ;
b) dividing the secret into M unique shares by using a threshold secret sharing scheme;
c) providing M hardware security modules with secure storage and firmware;
d) provisioning each of said M hardware security modules with a distinct one of the M unique shares, and the secret , and storing said distinct unique share and secret in the hardware security module'"'"'s secure storage;
e) controlling login to each said provisioned hardware security module as a function of that hardware security module'"'"'s provisioned distinct unique share;
enabling calculation of a trial secret ′
as a function of that hardware security module'"'"'s provisioned distinct unique share;
g) further enabling each of the M hardware security modules to compare the trial secret ′
with the stored provisioned secret and if identical, to compute a credential by concatenation of a nonce with the provisioned secret and one or more identity factors to create a concatenation value, and thereafter computing a one-way hash of the concatenation value, resulting in a KNAP credential;
h) assigning each of the provisioned and enabled hardware security modules to a distinct one of the M peers;
i) facilitating the transmission of the action proposal from one of the M peers, together with that peer'"'"'s KNAP credential, identity factors, and the nonce used to compute said KNAP credential to all other peers in the channel;
j) still further enabling each of the M peers to authenticate the received action proposal using the sender'"'"'s KNAP credential, and transmitted identity factors and nonce;
k) receiving a vote on the action proposal from one of the M peers; and
l) recording said vote in a distributed ledger.
2 Assignments
0 Petitions
Accused Products
Abstract
For an encryption-protected decentralized and replicated blockchain file storage system maintained and managed by a channel of peers, the invention creates the additional levels of trust that are needed for peer voter authentication and transaction proposal endorsement. The invention effectively excludes hostile agents from influencing or impersonating legitimate voter peers through the mathematical strength of the K-of-N mechanism based on secret sharing with cryptographic hashing. In a further embodiment an extension to nested signatures is disclosed to enforce signing order.
22 Citations
7 Claims
-
1. A method for secure voting among M peers in a channel on an action proposal, comprising:
-
a) selecting a secret ; b) dividing the secret into M unique shares by using a threshold secret sharing scheme; c) providing M hardware security modules with secure storage and firmware; d) provisioning each of said M hardware security modules with a distinct one of the M unique shares, and the secret , and storing said distinct unique share and secret in the hardware security module'"'"'s secure storage; e) controlling login to each said provisioned hardware security module as a function of that hardware security module'"'"'s provisioned distinct unique share; enabling calculation of a trial secret ′
as a function of that hardware security module'"'"'s provisioned distinct unique share;g) further enabling each of the M hardware security modules to compare the trial secret ′
with the stored provisioned secret and if identical, to compute a credential by concatenation of a nonce with the provisioned secret and one or more identity factors to create a concatenation value, and thereafter computing a one-way hash of the concatenation value, resulting in a KNAP credential;h) assigning each of the provisioned and enabled hardware security modules to a distinct one of the M peers; i) facilitating the transmission of the action proposal from one of the M peers, together with that peer'"'"'s KNAP credential, identity factors, and the nonce used to compute said KNAP credential to all other peers in the channel; j) still further enabling each of the M peers to authenticate the received action proposal using the sender'"'"'s KNAP credential, and transmitted identity factors and nonce; k) receiving a vote on the action proposal from one of the M peers; and l) recording said vote in a distributed ledger. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification