| CPC H04L 9/088 (2013.01) [H04L 9/0631 (2013.01)] | 20 Claims |
|
1. A method for signing blockchain transactions, the method comprising:
with online computer system operating within an online computing environment:
in response to receiving a blockchain transaction to be signed, determining, by the online computer system, a key shard threshold, the key shard threshold being (i) a number of key shards required for reconstructing a signing private key and (ii) less than a number of key shards derived from the signing private key using a ceremony key;
obtaining, by the online computer system, based on the key shard threshold, signing key shards corresponding to the signing private key from a plurality of account managers, each of the plurality of account managers storing a different one of the signing key shards; and
storing, by the online computer system, the signing key shards and the blockchain transaction at a removable computer-readable storage medium; and
with an offline computer system operating within an offline computing environment:
obtaining, by the offline computer system in the offline computing environment, from the removable computer-readable storage medium, the signing key shards and the blockchain transaction;
forming, by the offline computer system in the offline computing environment, a ciphertext of the signing private key using the signing key shards that satisfy the key shard threshold;
reconstructing, by the offline computer system in the offline computing environment, the signing private key by obtaining the ceremony key from a hardware security module (HSM) and decrypting the ciphertext, derived from the signing key shards that satisfy the key shard threshold, using the ceremony key, wherein the ceremony key is a same symmetric private key previously used to encrypt the signing private key to generate a prior ciphertext from which the signing key shards were derived;
signing, by the offline computer system in the offline computing environment, the blockchain transaction using the signing private key; and
providing the signed blockchain transaction to the online computer system.
|