CN112291062B - Voting method and device based on block chain - Google Patents

Voting method and device based on block chain Download PDF

Info

Publication number
CN112291062B
CN112291062B CN202011173771.2A CN202011173771A CN112291062B CN 112291062 B CN112291062 B CN 112291062B CN 202011173771 A CN202011173771 A CN 202011173771A CN 112291062 B CN112291062 B CN 112291062B
Authority
CN
China
Prior art keywords
voting
commitment
votes
server
certificates
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011173771.2A
Other languages
Chinese (zh)
Other versions
CN112291062A (en
Inventor
李昊轩
严强
廖飞强
王朝阳
李辉忠
张开翔
范瑞彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202011173771.2A priority Critical patent/CN112291062B/en
Publication of CN112291062A publication Critical patent/CN112291062A/en
Application granted granted Critical
Publication of CN112291062B publication Critical patent/CN112291062B/en
Priority to PCT/CN2021/126373 priority patent/WO2022089420A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C13/00Voting apparatus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs

Abstract

The embodiment of the invention provides a voting method and a voting device based on a block chain. Because complex ciphertext operation is carried out on the server, the pressure of the client can be reduced, and the efficiency of anonymous voting of the user can be improved. The fragmented votes received by the server are determined by obfuscating the voting information of the user through the client, which can help to ensure the privacy and security of the voting information of the user. In addition, whether the block chain verification server falsifies the fragment votes sent by the client in the process of processing the fragment votes or not can ensure the non-tampering property and verifiability of the user voting information.

Description

Voting method and device based on block chain
Technical Field
The embodiment of the invention relates to the field of financial technology (Fintech), in particular to a voting method and a voting device based on a block chain.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies.
At present, the existing anonymous voting method is mainly based on anonymous voting by a client or a background server. Specifically, in order to ensure the security of the voting data of the mobile client, the mobile client is relied on to complete the whole voting encryption process, i.e. the mobile client is relied on to perform complex cryptograph operation on the voting data. However, the architecture of the mobile client is different from that of the server, that is, the operation performance of the mobile client is greatly different from that of the background server, so that when the mobile client performs complex ciphertext operation on the voting data, the operation process is slow, the voting encryption efficiency of the mobile client is low, and great inconvenience is brought to the user. The other method is that the client side hosts the voting data to a background server, and the background server is used for completing the whole voting encryption process, namely the background server is used for performing complex ciphertext operation on the voting data. However, in this processing method, because the voting data is hosted to the background server, the user loses control over the voting data, and when the background server fails or is attacked, the voting data is easily leaked or stolen, so that the privacy security of the voting data cannot be ensured.
In summary, there is a need for a voting method based on a block chain to ensure privacy security of voting data and to ensure non-tamper-ability and verifiability of the voting data.
Disclosure of Invention
The embodiment of the invention provides a voting method and a voting device based on a block chain, which are used for ensuring the privacy security of voting data and the non-tampering property and the verifiability of the voting data.
In a first aspect, an embodiment of the present invention provides a voting method based on a block chain, including:
the server receives the fragment votes which are sent by the client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is determined according to the number of servers;
the server generates ciphertext votes of the fragment votes;
the server generates k classes of zero knowledge proofs aiming at the fragment voting based on the fragment voting, k random numbers conforming to a voting mechanism and k commitment proofs corresponding to the k random numbers; the k commitment certificates are obtained by aggregating k types of commitment fragments generated by the block chain on the basis of respective k random numbers;
the server sends a voting result to the block chain, wherein the voting result comprises the ciphertext vote and the k-class zero knowledge proof; and the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and the k commitment proofs after the block chain clusters the voting results of each server.
In the technical scheme, as long time is consumed for performing complex ciphertext operation on the client and the operation efficiency is low, performing complex ciphertext operation on the server can help to reduce the pressure of performing complex ciphertext operation on the client and improve the efficiency of performing anonymous voting by the user. In addition, the fragmented votes received by the server are determined by confusion processing of the client on the voting information of the user, so that the risk of leakage of the voting information of the user can be avoided, and the privacy security of the voting information of the user can be ensured. And then, the corresponding ciphertext voting is generated based on the fragment voting, so that the privacy safety of the voting information of the user can be further ensured. And then based on the fragment voting, the k random numbers conforming to the voting mechanism and the k commitment certificates corresponding to the k random numbers, generating k-class zero-knowledge certificates aiming at the fragment voting, so that after the block chain clusters the voting results of each server, the matching between the clustered ciphertext voting and the k commitment certificates is determined, and thus whether the fragment voting sent by the client is falsified or not in the process of processing the fragment voting by the block chain verification server can be ensured, thereby ensuring the non-falsification property and the verifiability of the voting information of the user, verifying that the voting information of the user is real and effective, and improving the experience of the user. And then can solve the problem that the voting data of the user in the prior art has low operation efficiency, easy leakage, tampering and non-verifiability.
Optionally, before the generating a k-class zero knowledge proof voted for the segment, further includes:
the server generates k random numbers which accord with a voting mechanism and generates k types of commitment fragments based on the k random numbers;
the server sends the k-type commitment fragment to the block chain;
the server obtaining k commitment certificates from the blockchain; the k commitment certificates are generated after the block chain carries out aggregation processing on the same type commitment fragments in the k types commitment fragments of each server.
In the above technical solution, by generating the k-class commitment fragments based on the k random numbers, randomness and unpredictability of the k-class commitment fragments can be ensured, and the k-class commitment fragments are sent to the block chain, so that the block chain aggregates the same-class commitment fragments in the k-class commitment fragments of each server to generate k commitment certificates, thereby ensuring non-tamper-proof property and verifiability of the k commitment certificates, and being helpful for subsequently judging whether voting information of a user is true and valid by verifying the k commitment certificates.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the slicing votes comprise obfuscated votes and obfuscated interests;
the server generates k classes of zero knowledge proofs for the segment vote based on the segment vote, k random numbers conforming to a voting mechanism, and k commitment proofs corresponding to the k random numbers, including:
the server determines a first zero knowledge proof according to a first random number in the k random numbers, a comprehensive commitment of the k commitment proofs and the confusion vote;
the server determines a second zero knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote; the obfuscated remaining votes are determined from the obfuscated votes and the obfuscation benefits;
and the server determines a third zero-knowledge proof according to a third random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion right.
In the technical scheme, a first zero knowledge proof is determined according to a first random number in k random numbers, a comprehensive commitment of k commitment proofs and confusion votes; determining a second zero-knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote; and determining a third zero knowledge proof according to a third random number in the k random numbers, the comprehensive commitment of the k commitment proofs and the confusion right, so that whether the voting information of the user is real and effective can be judged by verifying the three zero knowledge proofs subsequently.
Optionally, the generating, by the server, a ciphertext vote of the fragment vote includes:
the server generates first encryption information of the confusion vote and second encryption information of the confusion residual vote based on a first public point and a second public point of an elliptic curve; wherein the second disclosure point is determined by the block chain according to the ciphertext private key of each server; the ciphertext private key of each server is generated by each server according to the private key of each server and the third public point of the elliptic curve;
the k-class commitment fragment is determined by the following method:
and the server determines the k-class commitment fragments based on each random number in the k random numbers and the first public point.
In the technical scheme, the first encryption information for confusing votes and the second encryption information for confusing remaining votes are generated based on the first disclosure point and the second disclosure point of the elliptic curve, so that the confusing votes and the confusing remaining votes can be encrypted to generate ciphertext votes of the piece votes, and the privacy security of the voting information of the user can be ensured.
Optionally, the comprehensive commitment of the k commitment certificates is obtained by performing a hash operation on the user identifier and the k commitment certificates by the server.
In the technical scheme, the hash operation is performed on the user identifier and the k commitment certificates to determine the comprehensive commitment of the k commitment certificates, so that the privacy security of the k commitment certificates can be ensured, the follow-up judgment of whether the server has tampered the user segment voting by verifying the comprehensive commitment of the k commitment certificates can be facilitated, and whether the voting information of the user is real and effective can be further verified.
In a second aspect, an embodiment of the present invention provides a voting method based on a block chain, including:
the block chain receives m k-type commitment fragments sent by m servers; the k-type commitment fragments are generated by each server based on respective k random numbers which accord with a voting mechanism;
the block chain clusters the m promised fragments of the same type in the m k promised fragments to obtain k promised certificates and chains the k promised certificates;
the block chain receives m voting results sent by the m servers; each voting result comprises ciphertext voting and k-class zero knowledge proof; the ciphertext voting is determined by the server according to the fragment voting which is taken as confusion information;
the block chain clusters the m ciphertext votes to obtain a comprehensive vote, and clusters the same zero knowledge proof in the m k zero knowledge proofs to obtain k comprehensive proofs;
and the block chain determines the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates.
In the technical scheme, the k-type commitment certificates are obtained and linked up by clustering the same type m commitment fragments in the m k-type commitment fragments, so that the openness and verifiability of the k-type commitment certificates can be ensured, and the server is facilitated to generate the k-type zero-knowledge certificate for fragment voting based on the k-type commitment certificates. And clustering the m ciphertext votes to obtain comprehensive votes, clustering similar zero-knowledge proofs in the m k-class zero-knowledge proofs to obtain k-class comprehensive proofs, and verifying the matching of the comprehensive votes and the k commitment proofs through the k-class comprehensive proofs. Therefore, whether the server tampers the fragment votes sent by the client in the process of processing the fragment votes can be verified, so that the non-tamperability and verifiability of the voting information of the user can be ensured, the voting information of the user is verified to be real and effective, and the user experience can be improved.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the ciphertext votes comprise first encryption information determined according to confusion votes of the fragment votes and second encryption information determined according to confusion residual votes; the obfuscated remaining votes are determined according to obfuscation interests of the obfuscated votes and the sliced votes;
the determining, by the blockchain through the k types of comprehensive proofs, the matching of the comprehensive vote and the k commitment proofs includes:
the block chain determines first verification information according to a first comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and first encryption information;
the blockchain determines second verification information according to a second type comprehensive certificate in the k types of comprehensive certificates, the comprehensive commitments of the k commitment certificates and second encryption information;
the blockchain determines third verification information according to a third type comprehensive certificate in the k types of comprehensive certificates, the comprehensive commitments of the k commitment certificates and the voting rights and interests of the user;
and the block chain determines the matching of the comprehensive vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information and the comprehensive commitment of the k commitment certificates.
In the above technical solution, the matching between the comprehensive vote and the k commitment certificates is verified according to the first verification information, the second verification information, the third verification information and the k commitment certificates, so that whether the server falsifies the fragment vote sent by the client in the process of processing the fragment vote can be verified, and thus, the non-falsification and verifiability of the user voting information can be ensured, and the user voting information is verified to be true and valid.
Optionally, the comprehensive commitment of the k commitment certificates is obtained by performing hash operation on the user identifier and the k commitment certificates;
the determining, by the blockchain, the matching of the integrated vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information, and the k commitment certificates includes:
the block chain carries out Hash operation according to the user identification, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;
the blockchain determines whether a combined commitment of the k commitment certificates is consistent with a combined verification of the verification information, and determines whether a sum of the first verification information and the second verification information is equal to the third verification information.
In the above technical solution, by determining whether the comprehensive commitment proved by the k commitments is consistent with the comprehensive verification of the verification information, and determining whether the sum of the first verification information and the second verification information is equal to the third verification information, it can be verified whether the server falsifies or badly processes the fragment vote sent by the client in the process of processing the fragment vote, and it can be verified whether the user's vote information is true and valid, so that the correctness and verifiability of the user's vote information can be ensured.
Optionally, before the determining the matching of the composite vote and the k proof of commitment, further comprising:
the block chain receives a verification request sent by a client and passes the verification request; the verification request is used for verifying that all the fragment votes are sent to all the servers by the user;
after determining the matching of the composite vote and the k commitment certificates, the method further comprises:
and the block chain determines that the comprehensive vote matches the k commitment certificates, and then the comprehensive vote is issued.
In the technical scheme, after the comprehensive voting is determined to be matched with the k commitment certificates, the real validity of the voting information of the user can be determined, and then the comprehensive voting is issued to complete the voting.
In a third aspect, an embodiment of the present invention provides a voting method based on a block chain, including:
the client generates m fragmented votes based on the voting information of the user; m is determined according to the number of servers;
the client side sends the m fragment votes to m servers respectively; the fragment voting is used for generating a voting result by the server and sending the voting result to the block chain; the voting result comprises encrypted ciphertext voting for encrypting the fragment voting and k-class zero knowledge proof; the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server; the k commitment proofs are obtained by aggregating k types of commitment fragments generated by the server based on k random numbers which respectively accord with the voting mechanism.
In the technical scheme, as long time is consumed for performing complex ciphertext operation on the client and the operation efficiency is low, the complex ciphertext operation is performed on the server, and only simple operation is performed on the client, so that the pressure of performing the complex ciphertext operation on the client can be reduced, and the efficiency of performing anonymous voting by the user can be improved. In addition, the piece voting is determined by confusing the voting information of the user, so that the voting information is sent to a plurality of servers for complex operation, the risk of leakage of the voting information of the user can be avoided, and the privacy security of the voting information of the user can be ensured.
Optionally, after the client sends the m fragment votes to the m servers respectively, the method further includes:
the client sends a verification request to the blockchain; and the verification request is used for verifying that each fragment vote is sent to each server for the user.
In the above technical solution, the verification request is sent to the blockchain for the blockchain to verify that the fragment vote is sent by the user, that is, to verify the relevance between the user and the fragment vote, which can help to ensure the validity of the user vote.
In a fourth aspect, an embodiment of the present invention provides a voting apparatus based on a block chain, including:
the system comprises a first receiving unit, a second receiving unit and a sending unit, wherein the first receiving unit is used for receiving fragment votes which are sent by a client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is determined according to the number of servers;
the first processing unit is used for generating ciphertext votes of the fragment votes; generating k classes of zero knowledge proofs for the fragment voting based on the fragment voting, k random numbers conforming to a voting mechanism and k commitment proofs corresponding to the k random numbers; the k commitment certificates are obtained by aggregating k types of commitment fragments generated by the block chain on the basis of respective k random numbers; sending a voting result to the block chain, wherein the voting result comprises the ciphertext vote and the k-class zero knowledge proof; and the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and the k commitment proofs after the block chain clusters the voting results of each server.
Optionally, the first processing unit is further configured to:
generating k random numbers conforming to a voting mechanism and generating k types of commitment fragments based on the k random numbers before generating k types of zero knowledge proofs voting aiming at the fragments;
sending the k-type commitment fragment to the block chain;
obtaining k commitment certificates from the blockchain; the k commitment certificates are generated after the block chain carries out aggregation processing on the same type commitment fragments in the k types commitment fragments of each server.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the slicing votes comprise obfuscated votes and obfuscated interests;
the first processing unit is specifically configured to:
determining a first zero knowledge proof according to a first random number in the k random numbers, a comprehensive commitment of the k commitment proofs and the confusion vote;
determining a second zero-knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote; the obfuscated remaining votes are determined from the obfuscated votes and the obfuscation benefits;
and determining a third zero-knowledge proof according to a third random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion right.
Optionally, the first processing unit is specifically configured to:
generating first encryption information of the confusion vote and second encryption information of the confusion residual vote based on a first public point and a second public point of an elliptic curve; wherein the second disclosure point is determined by the block chain according to the ciphertext private key of each server; the ciphertext private key of each server is generated by each server according to the private key of each server and the third public point of the elliptic curve;
the k-class commitment fragment is determined by the following method:
and determining the k-class commitment fragment based on each random number in the k random numbers and the first public point.
Optionally, the first processing unit is specifically configured to:
the comprehensive commitment of the k commitment certificates is obtained by carrying out hash operation on the user identification and the k commitment certificates by the server.
In a fifth aspect, an embodiment of the present invention provides a voting apparatus based on a block chain, including:
a second receiving unit, configured to receive m k-class commitment fragments sent by m servers; the k-type commitment fragments are generated by each server based on respective k random numbers which accord with a voting mechanism;
a second processing unit, configured to cluster m commitment fragments of the same class in the m k commitment fragments, to obtain k commitment certificates and link the chains; receiving m voting results sent by the m servers; each voting result comprises ciphertext voting and k-class zero knowledge proof; the ciphertext voting is determined by the server according to the fragment voting which is taken as confusion information; clustering the m ciphertext votes to obtain comprehensive votes, and clustering similar zero knowledge proofs in the m k-type zero knowledge proofs to obtain k-type comprehensive proofs; and determining the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the ciphertext votes comprise first encryption information determined according to confusion votes of the fragment votes and second encryption information determined according to confusion residual votes; the obfuscated remaining votes are determined according to obfuscation interests of the obfuscated votes and the sliced votes;
the second processing unit is specifically configured to:
determining first verification information according to a first comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and first encryption information;
determining second verification information according to a second comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and second encryption information;
determining third verification information according to a third comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and the voting rights and interests of the user;
and determining the matching of the comprehensive vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information and the comprehensive commitment of the k commitment certificates.
Optionally, the comprehensive commitment of the k commitment certificates is obtained by performing hash operation on the user identifier and the k commitment certificates by the server;
the second processing unit is further configured to:
performing hash operation according to the user identifier, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;
determining whether a combined commitment of the k commitment certificates is consistent with a combined verification of the verification information, and determining whether a sum of the first verification information and the second verification information is equal to the third verification information.
Optionally, the second processing unit is further configured to:
before the determining of the matching of the comprehensive vote and the k commitment certificates, receiving a verification request sent by a client and passing the verification request; the verification request is used for verifying that all the fragment votes are sent to all the servers by the user;
the second processing unit is further configured to:
after determining that the composite vote matches the k commitment certificates, and issuing the composite vote.
In a sixth aspect, an embodiment of the present invention provides a voting apparatus based on a block chain, including:
the generating unit is used for generating m piece votes based on the voting information of the users; m is determined according to the number of servers;
a sending unit, configured to send the m piece votes to m servers respectively; the fragment voting is used for generating a voting result by the server and sending the voting result to the block chain; the voting result comprises encrypted ciphertext voting for encrypting the fragment voting and k-class zero knowledge proof; the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server; the k commitment proofs are obtained by aggregating k types of commitment fragments generated by the server based on k random numbers which respectively accord with the voting mechanism.
Optionally, the sending unit is further configured to:
after the m fragment votes are respectively sent to m servers, a verification request is sent to the block chain; and the verification request is used for verifying that each fragment vote is sent to each server for the user.
In a seventh aspect, an embodiment of the present invention provides a computing device, including:
a memory for storing a computer program;
and the processor is used for calling the computer program stored in the memory and executing the voting method based on the block chain according to the obtained program.
In an eighth aspect, an embodiment of the present invention provides a computer-readable storage medium storing a computer-executable program for causing a computer to execute a voting method based on a block chain.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a voting method based on a block chain according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a voting apparatus based on a block chain according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another voting apparatus based on a block chain according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another voting apparatus based on a block chain according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the following, some terms related to the embodiments of the present invention are first explained to facilitate understanding by those skilled in the art.
(1) Outsourcing calculation: outsource computer is similar to secure multiparty computing. The method is a mode which entrusts data to a plurality of third-party institutions for operation on one hand and can ensure the security of private data on the other hand under the condition that the local computing capability is limited. That is, since the user a wants to calculate the result R using the data v, it is difficult to calculate the final result locally, and therefore, v is divided into a plurality of pieces, such as v1, v2, v3, and the like, the data is hosted by the third-party services a, b, and c to be calculated, the result pieces R1, R2, and R3 are locally aggregated, and it is verified whether the R final calculation is correct.
(2) Digital certificate: the digital certificate is not a digital identity card, but a seal or stamp (or a signature added to the digital identity card) covered on the digital identity card by an identity authentication mechanism. It is issued by an Authority, CA, also known as Certificate Authority (Certificate Authority), which people can use over the internet to identify the other party.
(3) Federation chain: in the blockchain technology, blockchains can be classified into public chains, private chains and alliance chains according to different access control permissions of the blockchain network. The public chain node is a block chain structure which can be participated by anyone and can be accessed by anyone; a private chain is a block chain structure that is open only to individual individuals (e.g., inside a company, school, etc.); the alliance chain is a block chain structure which is widely applied at present and is very popular. In this architecture, the blockchain is maintained by certain organizations, is open to certain individuals, and can incorporate a policing node to make the blockchain tamper-proof while meeting the corresponding policing requirements.
(4) Zero knowledge proves that: meaning that the prover can convince the verifier that some assertion is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.
(5) Anonymous voting: the voting method is characterized in that the identity and the voting choice of a voter are protected in the voting process, the voter can independently verify whether the votes cast by the voter are correctly included in the result, and meanwhile, the vote counting result is public and verifiable.
As described above, some terms related to the embodiments of the present invention are described, and the technical features related to the embodiments of the present invention are described below.
To facilitate understanding of the embodiment of the present invention, a voting system architecture suitable for the embodiment of the present invention is first described by taking the system architecture shown in fig. 1 as an example. The voting system architecture can be applied to small school groups for voting, voting in companies, voting for shareholders in companies, and the like, and in an actual application scenario, the invention is not limited to this. As shown in fig. 1, the system architecture may include a client 100, a blockchain 110, and at least one service provider (such as service provider 121, service provider 122, and service provider 123, etc.). The client 100 is connected to the blockchain 110 and each service provider, and each service provider is connected to the blockchain 110, for example, the connection may be through a wired connection or a wireless connection, which is not limited in detail.
The client 100 is an owner of the voting data, and for a certain resolution, the client will cast a ciphertext vote to the candidate, where the ciphertext vote is represented by vG + rH, v is a voting share (e.g., 8), and r is obfuscated privacy and is a 256-bit random number. G and H are the points disclosed on the elliptic curve. The client hosts the content posted by the user to a plurality of service providers (such as the service provider 121, the service provider 122, the service provider 123, and the like), and the service providers collectively complete the process of generating the final vote. Moreover, the whole process is guaranteed to be non-falsifiable and publicly verifiable by the blockchain 110, and finally, the zero knowledge proof generated by the user guarantees the correctness of the result. The client is a client with certain computing capacity; the service provider may be equivalent to a server.
The service providers (such as the service provider 121, the service provider 122, and the service provider 123) jointly complete the processes of voting initialization, user ciphertext vote generation, vote counting process, and result publishing. All processes need to be completed jointly by all service providers, and the resolution put by the user is safe as long as any service provider is not malicious.
The blockchain 110 records the result of the calculation process, and anyone can know the correctness of the voting process through the blockchain. When the service provider puts the votes into the user client, the blockchain aggregates the votes of the users, and finally the users confirm the correctness of the voting process.
It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 exemplarily shows a flow of a voting method based on a block chain according to an embodiment of the present invention, where the flow may be performed by a voting apparatus based on a block chain.
As shown in fig. 2, the process specifically includes:
in step 201, the client generates m segment votes based on the voting information of the user.
Step 202, the client sends the fragment vote to the server.
Step 203, the server generates a ciphertext vote of the segment vote based on the segment vote.
Step 204, the server generates k classes of zero knowledge proofs for the segment vote based on the segment vote, k random numbers conforming to a voting mechanism, and k commitment proofs corresponding to the k random numbers.
In step 205, the server sends the ciphertext vote and the k-class zero-knowledge proof to the blockchain.
And step 206, clustering the m ciphertext votes by the block chain to obtain a comprehensive vote, and clustering the similar zero knowledge proof in the m k-class zero knowledge proofs to obtain k-class comprehensive proofs.
And step 207, determining the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates by the block chain.
In the above step 201 and step 202, the client performs obfuscation processing on the voting information of the user based on the number m of servers, and determines m piece votes. And then the m fragment votes are respectively sent to the m servers. In an actual application scenario, this is not specifically limited in the embodiment of the present invention, where m may be a positive integer greater than or equal to 1, for example, m may be 1, 2, or 3. In addition, after the m fragment votes are respectively sent to the m servers, the client sends an authentication request to the blockchain, and the authentication request is used for authenticating that each fragment vote is sent to each server for the user, namely, the association between the user and the fragment vote is authenticated, which can help to ensure the validity of the user vote. The complex ciphertext operation is carried out on the server, and only simple operation is carried out on the client, so that the method can help to reduce the pressure of the client for carrying out the complex ciphertext operation and improve the efficiency of the user for carrying out anonymous voting. In addition, the piece voting is determined by confusing the voting information of the user, so that the voting information is sent to a plurality of servers for complex operation, the risk of leakage of the voting information of the user can be avoided, and the privacy security of the voting information of the user can be ensured.
In step 203, the server receives the segment vote, which is sent by the client and is used as the confusion information, where the segment vote is one of m segment votes generated by the client based on the voting information of the user. And generating the ciphertext vote of the fragment vote based on the fragment vote. The ciphertext votes are used for clustering the block chains, and after clustering, the block chains determine the matching of the clustered ciphertext votes and the k commitment certificates. Specifically, the server generates first encryption information for confusing votes and second encryption information for confusing remaining votes based on a first disclosure point and a second disclosure point of the elliptic curve, wherein the first encryption information for confusing votes and the second encryption information for confusing remaining votes are ciphertext votes of the fragmented votes. The second public point is determined by the block chain according to the ciphertext private key of each server; the ciphertext private key of each server is generated by each server according to the private key of each server and the third public point of the elliptic curve; k is a positive integer greater than or equal to 1, for example, k may be 1, 2, or 3, and the like, and in an actual application scenario, this is not specifically limited in the embodiment of the present invention; the obfuscated remaining votes are determined from obfuscation interests of the obfuscated votes and the sliced votes.
In step 204, before generating the k-class zero knowledge certificates for the fragment voting, the server needs to generate k-class commitment fragments and send the k-class commitment fragments to the block chain, so that the block chain performs aggregation processing on the similar commitment fragments in the k-class commitment fragments of each server to generate k commitment certificates. Specifically, the server generates k random numbers conforming to a voting mechanism, generates k types of commitment fragments based on the k random numbers, and sends the k types of commitment fragments to the block chain, and the block chain clusters m commitment fragments of the same type in the m types of commitment fragments after receiving the m types of k types of commitment fragments sent by the m servers, obtains k types of commitment certificates and links the k types of commitment certificates, so that each server can inquire and acquire the commitments. Then the server obtains k commitment certificates from the block chain, and determines a first zero knowledge certificate according to a first random number in the k random numbers, the comprehensive commitment of the k commitment certificates and the confusion vote; determining a second zero-knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote, wherein the confusion residual vote is determined according to the confusion vote and the confusion right; and determining a third zero-knowledge proof according to a third random number in the k random numbers, the comprehensive commitment of the k commitment proofs and the confusion rights and interests, so that the privacy security of the k commitment proofs can be ensured, the subsequent judgment of whether the server has tampered the fragment voting of the user by verifying the comprehensive commitment of the k commitment proofs can be facilitated, and whether the voting information of the user is real and effective can be further verified. The voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the segment votes comprise obfuscated votes and obfuscated interests; the k-type commitment fragment is determined by the server based on each random number in the k random numbers and the first public point; the comprehensive commitment of the k commitment certificates is obtained by carrying out hash operation on the user identification and the k commitment certificates by the server.
In step 205, the server sends the voting result to the blockchain, where the voting result includes the ciphertext vote and the k-class zero-knowledge proof. The k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server.
In the above step 206 and step 207, after receiving the m voting results sent by the m servers, the block chain clusters the m ciphertext votes to obtain a comprehensive vote, and clusters the similar zero knowledge proof of the m k-class zero knowledge proofs to obtain the k-class comprehensive proof. Determining first verification information according to a first type comprehensive certificate in the k types of comprehensive certificates, the comprehensive commitments of the k commitment certificates and the first encryption information; determining second verification information according to a second comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and second encryption information; and determining third verification information according to a third comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and the voting rights and interests of the user. And then carrying out Hash operation according to the user identification, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information, determining whether the comprehensive commitment of the k commitment certificates is consistent with the comprehensive verification of the verification information, and determining whether the sum of the first verification information and the second verification information is equal to the third verification information. Therefore, whether the server falsifies the fragment voting sent by the client or does malicious work in the process of processing the fragment voting can be verified, and whether the user voting information is real and effective can be verified, so that the correctness and verifiability of the user voting information can be ensured, and the user experience can be improved.
In addition, before the matching of the comprehensive votes and the k commitment certificates is determined, the blockchain receives a verification request sent by the client and passes the verification request; the verification request is used for verifying that each fragment vote is sent to each server by the user, and after the matching between the comprehensive vote and the k commitment certificates is determined, the comprehensive vote is determined to be matched with the k commitment certificates, and then the comprehensive vote is issued.
It should be noted that fig. 2 is a flowchart illustrating a voting method based on a block chain, taking a server as an example. In an actual application scenario, two servers or three servers or more than three servers may participate in the process of anonymous voting, which is not limited in the embodiment of the present invention.
A specific implementation procedure relating to voting in the embodiment of the present invention will be described below with three service providers (servers) as an example, such as a service provider a, a service provider B, and a service provider C. In an actual application scenario, 3 to any multiple service providers may be deployed, which is not specifically limited in the embodiment of the present invention. It should be noted that, in the embodiment of the present invention, the service provider may be understood as a server.
Illustratively, the client confuses the vote amount v cast by the user to generate v-r1、v-r2、v+r1+r2And generates a random factor r-r3、r-r4、r+r3+r4Then v-r is added1、v-r2、v+r1+r2、r-r3、r-r4、r+r3+r4To multiple service providers (such as service provider a, service provider B, and service provider C). Wherein r, r1、r2、r3、r4Is a 256-bit random number. Each service provider respectively processes the received data to generate a corresponding ciphertext vote Ca、Cb、CcWith simultaneous generation of respective proof of zero knowledgea、proofb、proofcAnd respective ciphertext vote Ca、Cb、CcAnd respective zero knowledge proof of knowledgea、proofb、proofcSending the data to a block chain, and respectively carrying out aggregation processing on ciphertext vote and zero knowledge proof sent by each server by the block chain to obtain C ═ Ca+Cb+Cc,proof=proofa+proofb+proofc. Finally, the user generates a proof of zero knowledge proof _ user confirmation result C and the correctness of the proof of zero knowledge proof, and finally confirms that the voting is successful.
Before the user client confuses the amount of votes cast by the user, a voting initialization process is required. The following describes a specific implementation process of the voting initialization jointly performed by the three service providers.
Step 1: the service provider A, the service provider B and the service provider C respectively generate private keys x1、x2、x3And is based on the private key x1、x2、x3Respectively calculate s1=x1*P、s2=x2*P、s3=x3P. Wherein P is a public point on the elliptic curve.
Step 2: the service provider A, the service provider B and the service provider C respectively calculate s1、s2、s3Sent to a blockchain, the blockchain based on s1、s2、s3Calculating H ═ s1+s2+s3And publishes the value of H. The value of H is used as the disclosure point of the elliptic curve of the vote.
Step 3: for any user, such as user1, a third party coordinator (such as a CA organization) processes the weight v _ init of the user1 to generate a blank vote, namely C1_init=v_init*G+r_init*H,C2R _ init _ P. And selecting the blank (C)1_init,C2_init) to generate a digital signature delta _ init. The digital certificate (including the blank ballot (C) is then applied1_init,C2Init), digitally signed delta init, etc.) to the client of user 1. Wherein r _ init is a 256-bit random number and is a key of a blank vote; g is a public point on the elliptic curve.
After the above description of the process of the voting initialization process, a specific implementation process of package calculation (i.e., a specific implementation process of anonymous voting by the user) is described below. Illustratively, the specific implementation process of the anonymous voting of the user is described by taking the user client as an applet, such as an XX applet. In an actual application scenario, the user client may also be other clients with certain computing capability (such as other application programs APP or Web clients), and the embodiment of the present invention does not specifically limit this.
Continuing with the example of user1 above, user1 has a weight v _ init that indicates that the maximum votes that the user can cast are v _ init, and also has blank votes (C)1_init,C2Init), digitally signed delta init, key r init for the blank vote, and applet OpenID.
Step 1: the user client selects a plurality of random numbers, i.e. r, r1、r2、r3、r4、r5、r6. Wherein r, r1、r2、r3、r4、r5、r6Is a 256-bit random number.
Step 2: and the user client performs resolution on the candidate according to the voting amount, such as selecting the voting amount v as the resolution of the user client. The user client then bases on multiple random numbers (r, r)1、r2、r3、r4、r5、r6) Confusing the voting amount v, i.e. calculating a plurality of voting segments, the voting segment 1 being v-r1Voting shard 2 ═ v-r2Voting division 3 ═ v + r1+r2Voting shard 4 ═ r-r3Voting shard 5 ═ r-r4Voting division 6 ═ r + r3+r4Voting segment 7 ═ v _ init-r5Voting segment 8 ═ v _ init-r6Voting segment 9 ═ v _ init + r5+r6
Step 3: user client side will (OpenID, v-r)1、r-r3、v_init-r5) Sends the data to the service provider A and sends (OpenID, v-r)2、r-r4、v_init-r6) Sending the result to a service provider B, and sending (OpenID, v + r)1+r2、r+r3+r4、v_init+r5+r6) To the service provider C. In addition, the user client will also be blankWhite ballot (C)1_init,C2_init), digital signature delta _ init to service provider a, service provider B and service provider C, respectively.
Step 4: and each service provider processes the voting segments and the blank votes sent by the user client so as to determine the ciphertext votes and the zero-knowledge proof corresponding to each service provider. By way of example, the following describes a specific implementation process of the service provider for processing the voting segments and the blank votes sent by the user client, taking the service provider a as an example. It should be noted that, the processing procedures of the service provider B and the service provider C for determining the ciphertext vote and the zero knowledge proof corresponding to each other are the same as the processing procedures of the service provider a, and are not described herein again.
(1) The service provider A checks the blank ticket according to the digital signature delta _ init (C)1_init,C2Init) to confirm whether the user has the right to vote. If the verification is successful, entering the next step; if the verification fails, the flow is terminated, and an error code is returned to the user client.
(2) The service provider A judges whether the received OpenID sent by the user client is processed or not based on the OpenID list recorded locally. If not, entering the next step; if so, the flow is terminated and an error code is returned to the user client.
(3) Service provider A sends (OpenID, v-r) based on receiving user client1、r-r3、v_init-r5) Calculating out cipher text vote Ca=(v-r1)*G+(r-r3) H, ciphertext residual vote Ca_rest=(v_init-r5-v+r1)*G+(ra-rest) H. Wherein r isaRes is a 256-bit random number.
Further, the service provider A is based on the (OpenID, v-r) sent by the user client1、r-r3、v_init-r5) And generating zero knowledge proof fragments. The zero knowledge proof fragment generation process specifically comprises the following steps:
a. the service provider a selects a random number ra1、ra2、ra3. Wherein r isa1+ra2=ra3
b. Service provider A discloses points G and r based on elliptic curvesa1、ra2、ra3Respectively calculating a commitment fragment 1: t is t1a=ra1G, commitment fragment 2: t is t2a=ra2G, commitment fragment 3: t is t3a=ra3*G。
c. The service provider a divides the commitment fragment 1: t is t1aAnd the commitment fragment 2: t is t2aAnd the commitment fragment 3: t is t3aAnd sending to the block chain.
d. The block chain receives a commitment fragment A (commitment fragment 1: t) sent by each service provider (service provider A, service provider B and service provider C)1aAnd the commitment fragment 2: t is t2aAnd the commitment fragment 3: t is t3a) And a commitment fragment B (commitment fragment 1: t is t1bAnd the commitment fragment 2: t is t2bAnd the commitment fragment 3: t is t3b) And a commitment fragment C (commitment fragment 1: t is t1cAnd the commitment fragment 2: t is t2cAnd the commitment fragment 3: t is t3c). And in the intelligent contract, calculating t1=(t1a+t1b+t1c),t2=(t2a+t2b+t2c),t3=(t3a+t3b+t3c). Then prove promise (t)1,t2,t3) Publishing is performed for each service provider or user client to query.
e. Service provider A publishes a commitment certificate in a deterministic blockchain (t)1,t2,t3) After, based on proof of promise (t)1,t2,t3) Calculate the hash value ca_hash=Hash(OpenID,t1,t2,t3) And calculating the first zero proof of knowledge fragment z1a=ra1-ca_hash*(v-r1) Second zero proof of knowledge slice z2a=ra2-ca_hash*(v_init-r5-v+r1) Third zero proof of knowledge slice z3a=ra3-ca_hash*(v_init-r5)。
f. Service provider A will (C)a,Ca_rest,ca_hash,z1a,z2a,z3a) And sending to the block chain.
(4) The blockchain receives data (C) transmitted by each service provider (i.e., service provider A, service provider B, and service provider C)a,Ca_rest,ca_hash,z1a,z2a,z3a),(Cb,Cb_rest,cb_hash,z1b,z2b,z3b),(Cc,Cc_rest,cc_hash,z1c,z2c,z3c) And verifying the presence or absence of ca_hash=cb_hash=ccAnd (4) hash. If not, the flow is terminated. If the encrypted ticket exists, the encrypted ticket C after the aggregation is calculated based on the received data transmitted by each service provider (C ═ C)a+Cb+Cc) The ciphertext residual vote after aggregation is C _ rest ═ Ca_rest+Cb_rest+Cc_rest), the first zero knowledge proof of knowledge Z1=(z1a+z1b+z1c) Second zero knowledge proof Z2=(z2a+z2b+z2c) Third zero proof of knowledge Z3=(z3a+z3b+z3c) And recording (C, C _ rest, C) in the smart contract1_init,C2_init,Z1,Z2,Z3C _ hash) for each service provider or user client to query. It should be noted that c _ hash recorded in the smart contract means ca_hash=cb_hash=ccHash is any one of three hash values.
Step 5: user client end inquiring blank vote C on contract1And (4) init, and the ciphertext vote C calculated by each service provider can be obtained. And generating a zero-knowledge proof _ user according to the local resolution v and the private key r of the user client, so that the ciphertext vote C calculated by all the service providers together can be proved to be in accordance with the resolution of the user. That is, the user client can compute the null awareness that is common to each service provider based on this chain of permission blocksThe identification is verified to verify that the user resolution is authentic and valid.
Step 6: block chains can verify C _ rest, C as follows1Balanced proofs of init and C, i.e. proofs C, C _ rest, C1Whether the voting amount of each of _initand C satisfies v + v _ rest ═ v _ init. Now there is (C, C _ rest, C) on the block chain1_init,C2_init,Z1,Z2,Z3C _ hash). Wherein v is the voting amount corresponding to the ciphertext vote, v _ rest is the voting amount corresponding to the remaining ciphertext vote, and v _ init is the blank vote C1User1 for _ init (i.e., the maximum votes that the user can cast are v _ init). The verification mode of the block chain specifically comprises the following steps:
a. according to the data recorded on the intelligent contract, the block chain calculates t1′=Z1*G+c_hash*C,t2′=Z2*G+c_hash*C_rest,t3′=Z3*G+c_hash*C1_init。
b. Determining whether c _ Hash ═ Hash (OpenID, t) is satisfied1′,t2′,t3') and whether Z is satisfied1+Z2-Z30. If so, the verification is successful and C, C _ rest, C can be certified1The voting amount of each of _initand C satisfies v + v _ rest ═ v _ init.
Step 7: after the block chain determines that the verification is successful, the ciphertext vote C cast by the user can be confirmed to be effective, and the ciphertext votes C cast by all the other voters are recorded. Then, for any service provider (namely, the service provider A, the service provider B or the service provider C), the service provider inquires all votes C on the block chain, performs distributed vote counting on all inquired votes C to obtain distributed vote counting fragments, and uploads the distributed vote counting fragments to the block chain for statistical processing to obtain a final voting result.
The above embodiment shows that, since it takes a long time to perform a complex ciphertext operation on the client and the operation efficiency is low, performing a complex ciphertext operation on the server can help to reduce the pressure of performing a complex ciphertext operation on the client and improve the efficiency of performing anonymous voting by the user. In addition, the fragmented votes received by the server are determined by confusion processing of the client on the voting information of the user, so that the risk of leakage of the voting information of the user can be avoided, and the privacy security of the voting information of the user can be ensured. And then, the corresponding ciphertext voting is generated based on the fragment voting, so that the privacy safety of the voting information of the user can be further ensured. And then based on the fragment voting, the k random numbers conforming to the voting mechanism and the k commitment certificates corresponding to the k random numbers, generating k-class zero-knowledge certificates aiming at the fragment voting, so that after the block chain clusters the voting results of each server, the matching between the clustered ciphertext voting and the k commitment certificates is determined, and thus whether the fragment voting sent by the client is falsified or not in the process of processing the fragment voting by the block chain verification server can be ensured, thereby ensuring the non-falsification property and the verifiability of the voting information of the user, verifying that the voting information of the user is real and effective, and improving the experience of the user. And then can solve the problem that the voting data of the user in the prior art has low operation efficiency, easy leakage, tampering and non-verifiability.
Based on the same technical concept, fig. 3 exemplarily illustrates a block chain based voting apparatus that can execute the flow of a block chain based voting method according to an embodiment of the present invention.
As shown in fig. 3, the apparatus includes:
a first receiving unit 301, configured to receive a fragment vote sent by a client as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is determined according to the number of servers;
a first processing unit 302, configured to generate a ciphertext vote of the fragment vote; generating k classes of zero knowledge proofs for the fragment voting based on the fragment voting, k random numbers conforming to a voting mechanism and k commitment proofs corresponding to the k random numbers; the k commitment certificates are obtained by aggregating k types of commitment fragments generated by the block chain on the basis of respective k random numbers; sending a voting result to the block chain, wherein the voting result comprises the ciphertext vote and the k-class zero knowledge proof; and the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and the k commitment proofs after the block chain clusters the voting results of each server.
Optionally, the first processing unit 302 is further configured to:
generating k random numbers conforming to a voting mechanism and generating k types of commitment fragments based on the k random numbers before generating k types of zero knowledge proofs voting aiming at the fragments;
sending the k-type commitment fragment to the block chain;
obtaining k commitment certificates from the blockchain; the k commitment certificates are generated after the block chain carries out aggregation processing on the same type commitment fragments in the k types commitment fragments of each server.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the slicing votes comprise obfuscated votes and obfuscated interests;
the first processing unit 302 is specifically configured to:
determining a first zero knowledge proof according to a first random number in the k random numbers, a comprehensive commitment of the k commitment proofs and the confusion vote;
determining a second zero-knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote; the obfuscated remaining votes are determined from the obfuscated votes and the obfuscation benefits;
and determining a third zero-knowledge proof according to a third random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion right.
Optionally, the first processing unit 302 is specifically configured to:
generating first encryption information of the confusion vote and second encryption information of the confusion residual vote based on a first public point and a second public point of an elliptic curve; wherein the second disclosure point is determined by the block chain according to the ciphertext private key of each server; the ciphertext private key of each server is generated by each server according to the private key of each server and the third public point of the elliptic curve;
the k-class commitment fragment is determined by the following method:
and determining the k-class commitment fragment based on each random number in the k random numbers and the first public point.
Optionally, the first processing unit 302 is specifically configured to:
the comprehensive commitment of the k commitment certificates is obtained by carrying out hash operation on the user identification and the k commitment certificates by the server.
Based on the same technical concept, fig. 4 exemplarily shows a block chain based voting apparatus that can execute the flow of the block chain based voting method according to an embodiment of the present invention.
As shown in fig. 4, the apparatus includes:
a second receiving unit 401, configured to receive m k-class commitment fragments sent by m servers; the k-type commitment fragments are generated by each server based on respective k random numbers which accord with a voting mechanism;
a second processing unit 402, configured to cluster m commitment fragments of the same class in the m k commitment fragments, to obtain k commitment certificates and link the chains; receiving m voting results sent by the m servers; each voting result comprises ciphertext voting and k-class zero knowledge proof; the ciphertext voting is determined by the server according to the fragment voting which is taken as confusion information; clustering the m ciphertext votes to obtain comprehensive votes, and clustering similar zero knowledge proofs in the m k-type zero knowledge proofs to obtain k-type comprehensive proofs; and determining the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates.
Optionally, the voting mechanism is that the sum of the voting information and the rest votes is equal to the voting interest; the ciphertext votes comprise first encryption information determined according to confusion votes of the fragment votes and second encryption information determined according to confusion residual votes; the obfuscated remaining votes are determined according to obfuscation interests of the obfuscated votes and the sliced votes;
the second processing unit 402 is specifically configured to:
determining first verification information according to a first comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and first encryption information;
determining second verification information according to a second comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and second encryption information;
determining third verification information according to a third comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and the voting rights and interests of the user;
and determining the matching of the comprehensive vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information and the comprehensive commitment of the k commitment certificates.
Optionally, the comprehensive commitment of the k commitment certificates is obtained by performing hash operation on the user identifier and the k commitment certificates by the server;
the second processing unit 402 is further configured to:
performing hash operation according to the user identifier, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;
determining whether a combined commitment of the k commitment certificates is consistent with a combined verification of the verification information, and determining whether a sum of the first verification information and the second verification information is equal to the third verification information.
Optionally, the second processing unit 402 is further configured to:
before the determining of the matching of the comprehensive vote and the k commitment certificates, receiving a verification request sent by a client and passing the verification request; the verification request is used for verifying that all the fragment votes are sent to all the servers by the user;
the second processing unit 402 is further configured to:
after determining that the composite vote matches the k commitment certificates, and issuing the composite vote.
Based on the same technical concept, fig. 5 exemplarily shows a block chain based voting apparatus that can perform a flow of a block chain based voting method according to an embodiment of the present invention.
As shown in fig. 5, the apparatus includes:
a generating unit 501, configured to generate m piece votes based on the voting information of the user; m is determined according to the number of servers;
a sending unit 502, configured to send the m piece votes to m servers respectively; the fragment voting is used for generating a voting result by the server and sending the voting result to the block chain; the voting result comprises encrypted ciphertext voting for encrypting the fragment voting and k-class zero knowledge proof; the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server; the k commitment proofs are obtained by aggregating k types of commitment fragments generated by the server based on k random numbers which respectively accord with the voting mechanism.
Optionally, the sending unit 502 is further configured to:
after the m fragment votes are respectively sent to m servers, a verification request is sent to the block chain; and the verification request is used for verifying that each fragment vote is sent to each server for the user.
Based on the same technical concept, an embodiment of the present invention provides a computing device, including:
a memory for storing a computer program;
and the processor is used for calling the computer program stored in the memory and executing the voting method based on the block chain according to the obtained program.
Based on the same technical concept, embodiments of the present invention provide a computer-readable storage medium storing a computer-executable program for causing a computer to perform a block chain based voting method.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present application and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (16)

1. A voting method based on a block chain, comprising:
the server receives the fragment votes which are sent by the client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is used to represent the number of servers;
the server generates ciphertext votes of the fragment votes;
the server generates k classes of zero knowledge proofs aiming at the fragment voting based on the fragment voting, k random numbers conforming to a voting mechanism and k commitment proofs corresponding to the k random numbers; the k commitment certificates are obtained by aggregating k types of commitment fragments generated by the block chain on the basis of respective k random numbers;
the server sends a voting result to the block chain, wherein the voting result comprises the ciphertext vote and the k-class zero knowledge proof; and the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and the k commitment proofs after the block chain clusters the voting results of each server.
2. The method of claim 1, wherein prior to the generating class k zero knowledge proofs for the sharded vote, further comprising:
the server generates k random numbers which accord with a voting mechanism and generates k types of commitment fragments based on the k random numbers;
the server sends the k-type commitment fragment to the block chain;
the server obtaining k commitment certificates from the blockchain; the k commitment certificates are generated after the block chain carries out aggregation processing on the same type commitment fragments in the k types commitment fragments of each server.
3. The method of claim 1, wherein the voting mechanism is that the sum of the voting information and the remaining votes equals the voting benefit; the slicing votes comprise obfuscated votes and obfuscated interests;
the server generates k classes of zero knowledge proofs for the segment vote based on the segment vote, k random numbers conforming to a voting mechanism, and k commitment proofs corresponding to the k random numbers, including:
the server determines a first zero knowledge proof according to a first random number in the k random numbers, a comprehensive commitment of the k commitment proofs and the confusion vote;
the server determines a second zero knowledge proof according to a second random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion residual vote; the obfuscated remaining votes are determined from the obfuscated votes and the obfuscation benefits;
and the server determines a third zero-knowledge proof according to a third random number in the k random numbers, the comprehensive commitment proved by the k commitments and the confusion right.
4. The method of claim 1, wherein the server generating the ciphertext vote of the sharded vote comprises:
the server generates first encryption information of the confusion vote and second encryption information of the confusion residual vote based on a first public point and a second public point of an elliptic curve; wherein the second disclosure point is determined by the block chain according to the ciphertext private key of each server; the ciphertext private key of each server is generated by each server according to the private key of each server and the third public point of the elliptic curve;
the k-class commitment fragment is determined by the following method:
and the server determines the k-class commitment fragments based on each random number in the k random numbers and the first public point.
5. The method of claim 3, wherein the integrated commitment of k commitment certificates is a hash of a user identification and k commitment certificates by the server.
6. A voting method based on a block chain, comprising:
the block chain receives m k-type commitment fragments sent by m servers; the k-type commitment fragments are generated by each server based on respective k random numbers which accord with a voting mechanism; each server receives the fragment votes which are sent by the client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is used to represent the number of servers;
the block chain clusters the m promised fragments of the same type in the m k promised fragments to obtain k promised certificates and chains the k promised certificates;
the block chain receives m voting results sent by the m servers; each voting result comprises ciphertext voting and k-class zero knowledge proof; the ciphertext voting is determined by the server according to the fragment voting which is taken as confusion information;
the block chain clusters the m ciphertext votes to obtain a comprehensive vote, and clusters the same zero knowledge proof in the m k zero knowledge proofs to obtain k comprehensive proofs;
and the block chain determines the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates.
7. The method of claim 6, wherein the voting mechanism is that the sum of the voting information and the remaining votes equals the voting benefit; the ciphertext votes comprise first encryption information determined according to confusion votes of the fragment votes and second encryption information determined according to confusion residual votes; the obfuscated remaining votes are determined according to obfuscation interests of the obfuscated votes and the sliced votes;
the determining, by the blockchain through the k types of comprehensive proofs, the matching of the comprehensive vote and the k commitment proofs includes:
the block chain determines first verification information according to a first comprehensive certificate in the k comprehensive certificates, the comprehensive commitments of the k commitment certificates and first encryption information;
the blockchain determines second verification information according to a second type comprehensive certificate in the k types of comprehensive certificates, the comprehensive commitments of the k commitment certificates and second encryption information;
the blockchain determines third verification information according to a third type comprehensive certificate in the k types of comprehensive certificates, the comprehensive commitments of the k commitment certificates and the voting rights and interests of the user;
and the block chain determines the matching of the comprehensive vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information and the comprehensive commitment of the k commitment certificates.
8. The method of claim 7, wherein the integrated commitment of k commitment certificates is obtained by a server performing a hash operation on a user identifier and k commitment certificates;
the determining, by the blockchain, the matching of the integrated vote and the k commitment certificates according to the first verification information, the second verification information, the third verification information, and the k commitment certificates includes:
the block chain carries out Hash operation according to the user identification, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;
the blockchain determines whether a combined commitment of the k commitment certificates is consistent with a combined verification of the verification information, and determines whether a sum of the first verification information and the second verification information is equal to the third verification information.
9. The method of any of claims 6 to 8, wherein prior to said determining a match of the composite vote and the k commitment certificates, further comprising:
the block chain receives a verification request sent by a client and passes the verification request; the verification request is used for verifying that all the fragment votes are sent to all the servers by the user;
after determining the matching of the composite vote and the k commitment certificates, the method further comprises:
and the block chain determines that the comprehensive vote matches the k commitment certificates, and then the comprehensive vote is issued.
10. A voting method based on a block chain, comprising:
the client generates m fragmented votes based on the voting information of the user; m is used to represent the number of servers;
the client side sends the m fragment votes to m servers respectively; the fragment voting is used for generating a voting result by the server and sending the voting result to the block chain; the voting result comprises encrypted ciphertext voting for encrypting the fragment voting and k-class zero knowledge proof; the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server; the k commitment proofs are obtained by aggregating k types of commitment fragments generated by the server based on k random numbers which respectively accord with the voting mechanism.
11. The method of claim 10, wherein after the client sends the m sharded votes to m servers, respectively, further comprising:
the client sends a verification request to the blockchain; and the verification request is used for verifying that each fragment vote is sent to each server for the user.
12. A blockchain-based voting apparatus, comprising:
the system comprises a first receiving unit, a second receiving unit and a sending unit, wherein the first receiving unit is used for receiving fragment votes which are sent by a client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is used to represent the number of servers;
the first processing unit is used for generating ciphertext votes of the fragment votes; generating k classes of zero knowledge proofs for the fragment voting based on the fragment voting, k random numbers conforming to a voting mechanism and k commitment proofs corresponding to the k random numbers; the k commitment certificates are obtained by aggregating k types of commitment fragments generated by the block chain on the basis of respective k random numbers; sending a voting result to the block chain, wherein the voting result comprises the ciphertext vote and the k-class zero knowledge proof; and the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and the k commitment proofs after the block chain clusters the voting results of each server.
13. A blockchain-based voting apparatus, comprising:
a second receiving unit, configured to receive m k-class commitment fragments sent by m servers; the k-type commitment fragments are generated by each server based on respective k random numbers which accord with a voting mechanism; each server receives the fragment votes which are sent by the client and serve as confusion information; the segment vote is one of m segment votes generated by the client based on the voting information of the user; m is used to represent the number of servers;
a second processing unit, configured to cluster m commitment fragments of the same class in the m k commitment fragments, to obtain k commitment certificates and link the chains; receiving m voting results sent by the m servers; each voting result comprises ciphertext voting and k-class zero knowledge proof; the ciphertext voting is determined by the server according to the fragment voting which is taken as confusion information; clustering the m ciphertext votes to obtain comprehensive votes, and clustering similar zero knowledge proofs in the m k-type zero knowledge proofs to obtain k-type comprehensive proofs; and determining the matching of the comprehensive votes and the k commitment certificates through the k types of comprehensive certificates.
14. A blockchain-based voting apparatus, comprising:
the generating unit is used for generating m piece votes based on the voting information of the users; m is used to represent the number of servers;
a sending unit, configured to send the m piece votes to m servers respectively; the fragment voting is used for generating a voting result by the server and sending the voting result to the block chain; the voting result comprises encrypted ciphertext voting for encrypting the fragment voting and k-class zero knowledge proof; the k-class zero-knowledge proof is used for determining the matching between the clustered ciphertext votes and k commitment proofs after the block chain clusters the voting results of each server; the k commitment proofs are obtained by aggregating k types of commitment fragments generated by the server based on k random numbers which respectively accord with the voting mechanism.
15. A computing device, comprising:
a memory for storing a computer program;
a processor for calling a computer program stored in said memory and executing the method of any one of claims 1 to 11 in accordance with the obtained program.
16. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program for causing a computer to execute the method of any one of claims 1 to 11.
CN202011173771.2A 2020-10-28 2020-10-28 Voting method and device based on block chain Active CN112291062B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011173771.2A CN112291062B (en) 2020-10-28 2020-10-28 Voting method and device based on block chain
PCT/CN2021/126373 WO2022089420A1 (en) 2020-10-28 2021-10-26 Voting method and apparatus based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011173771.2A CN112291062B (en) 2020-10-28 2020-10-28 Voting method and device based on block chain

Publications (2)

Publication Number Publication Date
CN112291062A CN112291062A (en) 2021-01-29
CN112291062B true CN112291062B (en) 2021-07-27

Family

ID=74372348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011173771.2A Active CN112291062B (en) 2020-10-28 2020-10-28 Voting method and device based on block chain

Country Status (2)

Country Link
CN (1) CN112291062B (en)
WO (1) WO2022089420A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291062B (en) * 2020-10-28 2021-07-27 深圳前海微众银行股份有限公司 Voting method and device based on block chain
CN112968881B (en) * 2021-02-01 2022-05-24 杭州复杂美科技有限公司 Block chain anonymous voting method, computer device and storage medium
CN115147975B (en) * 2022-05-19 2024-02-02 重庆移通学院 Encryption network voting method based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107833135A (en) * 2017-10-30 2018-03-23 中山大学 A kind of fair Protocol of Electronic Voting based on block chain
KR102144614B1 (en) * 2018-07-16 2020-08-13 한양대학교 산학협력단 Terminal device and Server for performing electronic voting based on a block chain ensuring secret election, and Electronic voting method
CN109523683B (en) * 2018-12-29 2021-05-04 杭州趣链科技有限公司 Anonymous electronic voting method based on block chain technology
CN110110555B (en) * 2019-04-24 2023-05-12 深圳前海微众银行股份有限公司 Voting method and device in block chain
CN110400410A (en) * 2019-07-31 2019-11-01 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of electronic voting system
CN110855443B (en) * 2019-10-29 2022-07-01 上海唯链信息科技有限公司 Voting method and device based on block chain and zero knowledge proof
CN112291062B (en) * 2020-10-28 2021-07-27 深圳前海微众银行股份有限公司 Voting method and device based on block chain

Also Published As

Publication number Publication date
WO2022089420A1 (en) 2022-05-05
CN112291062A (en) 2021-01-29

Similar Documents

Publication Publication Date Title
Xu et al. EVchain: an anonymous blockchain-based system for charging-connected electric vehicles
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
RU2652443C1 (en) Voters votes quantity collected by electronic voting determining system and method
CN109067801B (en) Identity authentication method, identity authentication device and computer readable medium
Chaieb et al. Verify-your-vote: A verifiable blockchain-based online voting protocol
CN111914027B (en) Block chain transaction keyword searchable encryption method and system
CN112291062B (en) Voting method and device based on block chain
CN109687976A (en) Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
Cai et al. Towards private, robust, and verifiable crowdsensing systems via public blockchains
Lyu et al. A secure decentralized trustless E-voting system based on smart contract
CN113129518B (en) Electric vehicle charging system and resource management method thereof
CN108462696B (en) Decentralized block chain intelligent identity authentication system
Xu et al. Multi-candidate voting model based on blockchain
CN116049897B (en) Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
Qu et al. A electronic voting protocol based on blockchain and homomorphic signcryption
CN113468570A (en) Private data sharing method based on intelligent contract
Zhu et al. Anonymous voting scheme for boardroom with blockchain
CN112801606A (en) Electronic contract system of cone block chain
CN112287040B (en) Rights and interests combination method, device, equipment and medium based on block chain
Salman et al. A Review on E-Voting Based on Blockchain Models
CN115174087A (en) Apparatus and system for zero knowledge proof with multi-party computation execution
CN111711607B (en) Block chain-based flow type micro-service trusted loading and verifying method
CN111931230A (en) Data authorization method and device, storage medium and electronic device
CN115147975B (en) Encryption network voting method based on block chain
CN115277010A (en) Identity authentication method, system, computer device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant