security key works

key_engine.py

@@ -0,0 +1,93 @@
+import hashlib
+import secrets
+from mnemonic import Mnemonic # 仅用于标准的助记词转换
+
+class SentinelKeyEngine:
+    def __init__(self):
+        self.mnemo = Mnemonic("english")
+
+    def generate_vault_keys(self):
+        """
+        1. 生成原始 12 助记词 (Master Key)
+        """
+        words = self.mnemo.generate(strength=128)
+        entropy = self.mnemo.to_entropy(words)
+        return words, entropy
+
+    def split_to_shares(self, entropy):
+        """
+        2. SSS (3,2) 门限分片逻辑
+        公式: f(x) = S + a*x (直线方程，S为秘密，a为随机斜率)
+        我们将秘密 S 分成 3 份，任选 2 份即可恢复
+        """
+        # 将熵转换为大整数
+        secret_int = int.from_bytes(entropy, 'big')
+        
+        # 生成一个随机系数 a (安全性需与秘密强度一致)
+        # 这里使用 secrets 保证加密级随机
+        a = int.from_bytes(secrets.token_bytes(16), 'big')
+        
+        # 定义 3 个点: x=1, x=2, x=3
+        # Share = (x, f(x))
+        def f(x): return secret_int + a * x
+        
+        share1 = (1, f(1)) # 手机分片
+        share2 = (2, f(2)) # 云端分片
+        share3 = (3, f(3)) # 传承卡分片
+        
+        return [share1, share2, share3]
+
+    def recover_from_shares(self, share_a, share_b):
+        """
+        3. 恢复逻辑：拉格朗日插值还原
+        已知 (x1, y1) 和 (x2, y2)，求 f(0) 即秘密 S
+        公式: S = (x2*y1 - x1*y2) / (x2 - x1)
+        """
+        x1, y1 = share_a
+        x2, y2 = share_b
+        
+        # 还原常数项 S
+        secret_int = (x2 * y1 - x1 * y2) // (x2 - x1)
+        
+        # 转回字节并生成助记词
+        recovered_entropy = secret_int.to_bytes(16, 'big')
+        return self.mnemo.to_mnemonic(recovered_entropy)
+if __name__ == "__main__":
+    # --- Sentinel 协议业务流程模拟 ---
+
+    engine = SentinelKeyEngine()
+
+    # [生前]：初始化金库
+    master_words, entropy = engine.generate_vault_keys()
+    print(f"【1. 生成原始助记词】: {master_words}")
+
+    shares = engine.split_to_shares(entropy)
+    print(f"【2. SSS 分片完成】:")
+    print(f"   - 分片1 (手机安全区): {shares[0]}")
+    print(f"   - 分片2 (Sentinel云): {shares[1]}")
+    print(f"   - 分片3 (传承卡单词): {shares[2]}")
+
+    print("-" * 50)
+
+    # [死后/传承]：模拟用户失联，触发被动验证
+    # 假设继承人拿着卡片 (Share 3)，向服务器请求分片 (Share 2)
+    successor_share = shares[2]
+    server_share = shares[1]
+
+    # 执行恢复
+    recovered_words = engine.recover_from_shares(shares[0], shares[1])
+    print(f"【1. 手机+云     : {recovered_words}")
+
+    recovered_words = engine.recover_from_shares(shares[0], shares[2])
+    print(f"【2. 手机+传承卡 : {recovered_words}")
+
+    recovered_words = engine.recover_from_shares(shares[1], shares[2])
+    print(f"【3. 云+传承卡   : {recovered_words}")
+
+    # 校验一致性
+    assert recovered_words == master_words
+    print("\n结果：恢复出的助记词与原始完全一致。")
+
+
+    with open("words.txt", "w") as f:
+        f.write("%s\n"%master_words)