Search

CN-122001592-A - Quantum collaborative signature system, chip, terminal and method based on physical event record

CN122001592ACN 122001592 ACN122001592 ACN 122001592ACN-122001592-A

Abstract

The invention discloses a quantum collaborative signature system, a chip, a terminal and a method based on physical event record, wherein the system is composed of a physical event signature terminal, a collaborative signature server and a verification server, the terminal core is a quantum biological safety chip, a three-domain hard isolation architecture of a biological characteristic processing domain, a physical entropy source domain and a safe storage calculation domain is adopted, the inter-domain unidirectional data flow is controlled through a hardware firewall, the chip verifies biological characteristics in real time and activates the physical entropy source to generate a unique event seed during signature, a cloud server binds an event and a file to a notarization, the terminal generates a signature certificate according to the event certificate, and the server independently executes a two-stage flow of file integrity verification and signature authenticity verification and can issue an audit report during verification, and the system transfers the safe root of a digital signature from mathematic to physical, thereby fundamentally realizing anti-quantum calculation safety and passing people Machine When in triple physical binding, an attacker needs to break through biological characteristics, specific hardware chips and real-time authorization triple defense lines at the same time, and the difficulty is extremely high.

Inventors

  • TONG YINGWEI

Assignees

  • 安徽云玺量子科技有限公司
  • 童迎伟

Dates

Publication Date
20260508
Application Date
20260210

Claims (19)

  1. 1. A quantum collaborative signature system based on physical event records, comprising: The physical event signature terminal is internally provided with a security chip and is used for verifying the biological characteristics of a signer, and after the verification is passed, a disposable event seed is generated based on a physical entropy source in the chip; The collaborative signature server is used for receiving a signature request from the terminal through a secure channel, wherein the request at least comprises an event promise value and a summary value of a file to be signed, which are calculated based on the event seed, and issuing an event certificate which carries out cryptographic binding on the event promise value, the file summary value and a time stamp; And the verification server is used for receiving the file to be verified and the corresponding digital signature, wherein the digital signature comprises the event certificate and the signature certificate generated by the terminal based on the event seed, and the verification of the validity of the digital signature is independently executed.
  2. 2. The system of claim 1, wherein the on-chip physical entropy source comprises a cloud entropy key material library preset in the chip secure storage area.
  3. 3. The system of claim 2, wherein the physical entropy source further comprises a quantum random number generator integrated within the chip.
  4. 4. A system according to claim 2 or 3, wherein the physical entropy source further comprises a physical unclonable function integrated within the chip.
  5. 5. The system of any one of claims 1 to 4, wherein the verification server is configured to perform a two-stage verification by first verifying whether a file digest value bound in the event voucher is consistent with a digest value of the received file to be verified, and if so, re-verifying the signature attests to validity for the event voucher and file digest value.
  6. 6. The system of claim 5, wherein the verification server is further configured to generate a structured audit report containing signature event time, terminal identification, file fingerprint information and itself with a digital signature after verification passes.
  7. 7. The system according to any of claims 1 to 6, wherein a secure channel between the terminal and a co-signing server is established based on a hardware identity of the secure chip.
  8. 8. A quantum biosafety chip for use with the system of any one of claims 1-7, characterized by employing a monolithically integrated hardware isolation design comprising: the biological feature processing domain is used for collecting and verifying biological features of living bodies and outputting an authorization token after verification is passed; a physical entropy source domain, isolated from the biometric processing domain by a hardware firewall, for being activated upon receipt of the authorization token and generating a disposable event seed based on at least one physical entropy source component; and the secure storage computing domain is isolated from the physical entropy source domain through a hardware firewall and is used for securely storing key materials and generating signature certificates corresponding to set event certificates and file digests according to the event seeds.
  9. 9. The chip of claim 8, wherein the physical entropy source domain comprises a quantum random number generator.
  10. 10. The chip of claim 8 or 9, wherein the physical entropy source domain comprises a physical unclonable function.
  11. 11. The chip of claim 8, wherein the secure storage computing domain comprises a non-volatile secure storage area for holding a cloud entropy key material library, and wherein the generation of the event seed or the generation of the signature proof is dependent on entropy material extracted from the cloud entropy key material library.
  12. 12. The chip of any one of claims 8 to 11, wherein the hardware firewall is configured to only allow transfer of the authorization token from the biometric processing domain to the physical entropy source domain and to only allow transfer of the event seed from the physical entropy source domain to the secure storage computing domain.
  13. 13. A physical event signature terminal, characterized by comprising the quantum biosafety chip of any one of claims 8-12, a man-machine interaction interface and a communication module.
  14. 14. The quantum collaborative signature method based on the physical event record is characterized by being executed by a physical event signature terminal and comprises the following steps: Verifying the living biological characteristics of the signer; After the biological characteristics pass verification, triggering a physical entropy source of a built-in security chip of the terminal to generate a disposable event seed; Calculating an event promise value of the event seed, and sending the event promise value and the abstract value of the file to be signed to a collaborative signature server through a secure channel; receiving an event certificate returned by the collaborative signature server, wherein the event certificate carries out cryptographic binding on the event promise value, the file abstract value and the timestamp; Generating a signature proof corresponding to the event voucher and file digest value using the event seed; A digital signature is output that includes the event credential and the signature credential.
  15. 15. The method of claim 14, wherein the quantum random number generator integrated within the chip is invoked when generating event seeds.
  16. 16. Method according to claim 14 or 15, characterized in that the response value of a physically unclonable function integrated in a chip is read when generating the event seed.
  17. 17. The method of claim 14, wherein the signature verification is generated by extracting cryptographic material from a cloud entropy key material library preset in a chip secure memory area according to the event seed.
  18. 18. A digital signature verification method, characterized by being executed by a verification server, comprising the steps of: receiving a file to be verified and a corresponding digital signature, wherein the digital signature comprises an event certificate and a signature certificate; verifying whether the digest value of the file bound in the event voucher is consistent with the digest value of the file to be verified obtained through calculation; If so, verifying the validity of the signature certification based on the public information in the event certification and the signature certification; and outputting a verification result.
  19. 19. The method of claim 18, further generating and outputting a structured audit report comprising signed event metadata after verification passes.

Description

Quantum collaborative signature system, chip, terminal and method based on physical event record Technical Field The invention relates to the technical fields of quantum information technology, cryptography and integrated circuits, in particular to a quantum collaborative signature system, a chip, a terminal and a method based on physical event recording. Background Digital signatures are a trust foundation of modern digital society. The security of the current mainstream digital signature schemes (such as RSA and ECDSA) is fully established on the calculation complexity of specific mathematical problems, and is easy to attack by quantum calculation. The security of Post Quantum Cryptography (PQC) schemes is based on new, unverified mathematical assumptions, whose long-term security is not deterministic. All the existing digital signature technologies are all in a mathematical proof model, and verification logic cannot directly prove that signature behaviors are finished by a specific natural person under real-time control at a specific moment. Although schemes for combining biological identification or hardware tokens exist, the schemes are often used as pre-arranged identification verification, so that the real-time strong binding of 'people' and 'signature keys' in the cryptography level is not realized, and logic separation exists. Thus, there is a need for a new generation digital signature paradigm that places root of trust in the physical world and naturally forms strong legal evidence. Disclosure of Invention Based on the technical problems in the background technology, the invention provides a quantum collaborative signature system, a chip, a terminal and a method based on physical event records, wherein a digital signature is constructed into a cryptographic evidence chain of a physical event which is authorized in real time by biological characteristics, is uniquely triggered by a physical entropy source in a special security chip, and is witnessed cooperatively by a cloud trusted server. The quantum collaborative signature system based on physical event record provided by the invention comprises the following components: The physical event signature terminal is internally provided with a security chip and is used for verifying the biological characteristics of a signer, and after the verification is passed, a disposable event seed is generated based on a physical entropy source in the chip; The collaborative signature server is used for receiving a signature request from the terminal through a secure channel, wherein the request at least comprises an event promise value and a summary value of a file to be signed, which are calculated based on the event seed, and issuing an event certificate which carries out cryptographic binding on the event promise value, the file summary value and a time stamp; And the verification server is used for receiving the file to be verified and the corresponding digital signature, wherein the digital signature comprises the event certificate and the signature certificate generated by the terminal based on the event seed, and the verification of the validity of the digital signature is independently executed. Further, the physical entropy source in the chip comprises a preset cloud entropy key material library. Further, the physical entropy source further comprises a quantum random number generator integrated within the chip. Further, the physical entropy source also includes a physical unclonable function integrated within the chip. Further, the verification server is configured to perform a two-stage verification by first verifying whether the digest value of the file bound in the event voucher is consistent with the digest value of the received file to be verified, and if so, verifying the signature proves validity for the event voucher and the file digest value. Further, the verification server is further configured to generate a structured audit report containing signature event time, terminal identification, file fingerprint information and itself with a digital signature after verification is passed. Further, a secure channel between the terminal and the collaborative signature server is established based on a hardware identity of the secure chip. A quantum biosafety chip for use in the system of claim 1 employing a monolithically integrated hardware isolation design comprising: the biological feature processing domain is used for collecting and verifying biological features of living bodies and outputting an authorization token after verification is passed; a physical entropy source domain, isolated from the biometric processing domain by a hardware firewall, for being activated upon receipt of the authorization token and generating a disposable event seed based on at least one physical entropy source component; and the secure storage computing domain is isolated from the physical entropy source domain through a hardware firewall and is used for securely stor