CN116633560B - Privacy protection and supervision method for block chain multicast transaction mode - Google Patents

Privacy protection and supervision method for block chain multicast transaction mode Download PDF

Info

Publication number
CN116633560B
CN116633560B CN202310697598.3A CN202310697598A CN116633560B CN 116633560 B CN116633560 B CN 116633560B CN 202310697598 A CN202310697598 A CN 202310697598A CN 116633560 B CN116633560 B CN 116633560B
Authority
CN
China
Prior art keywords
transaction
algorithm
key
receiver
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310697598.3A
Other languages
Chinese (zh)
Other versions
CN116633560A (en
Inventor
王伟
李洋
张大伟
徐光侠
田志宏
王斌
祝咏升
陈政
胡福强
杨柳
李超
段莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Guangzhou University
Original Assignee
Beijing Jiaotong University
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University, Guangzhou University filed Critical Beijing Jiaotong University
Priority to CN202310697598.3A priority Critical patent/CN116633560B/en
Publication of CN116633560A publication Critical patent/CN116633560A/en
Application granted granted Critical
Publication of CN116633560B publication Critical patent/CN116633560B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a privacy protection and supervision method for a block chain multicast transaction mode. Abstracting a secret verifiable manageable transaction model in a blockchain multicast transaction mode, and executing the following algorithm under the model: initializing an algorithm; adopting an autonomous confusion identity hiding strategy, respectively executing a disposable address derivation algorithm and a linkable revocable ring signature algorithm to realize supervision while protecting the identity privacy of a transaction receiver and a transaction sender; transaction content hiding, verification and supervision algorithms adopting a twist elgamal homomorphic encryption scheme and a zero knowledge proof technology; a ring signature and zero knowledge proof verification algorithm; the supervisor executes a transaction supervision algorithm; and a receiver discrimination algorithm. The method protects the identity privacy of the transaction sender and the transaction receiver in the multicast transaction mode, and simultaneously the supervisor can restore the true identity of the transaction party; the supervisor can recover the transaction plaintext content while realizing privacy protection and verification of the transaction content.

Description

Privacy protection and supervision method for block chain multicast transaction mode
Technical Field
The invention relates to the technical field of privacy protection and supervision in a chain multicast transaction mode, in particular to a privacy protection and supervision method for a block chain multicast transaction mode.
Background
Most of the current researches adopt an anonymous technology to protect identity privacy, but due to the characteristics of account book disclosure and multi-party confirmation of a blockchain transaction system, the problem of transaction identity privacy protection cannot be completely and effectively solved by simply using anonymous authentication. The technology of 'mixed coin' is a main method for realizing the identity privacy of a transaction party at present. The mixed coin transaction technology is characterized in that a plurality of transactions are mixed by adding an intermediate link in the transaction process, so that the analysis difficulty of an attacker is increased, and the identity privacy of a user is protected. The identity of the real transaction party is hidden in an identity anonymous set formed by the mixed transaction through a process of 'mixing coins', which is a basic idea for realizing transaction identity hiding in a blockchain system. The coin mixing technology can be classified into a collaborative coin mixing technology, an autonomous coin mixing technology and a global coin mixing technology.
Wherein the autonomous mixing technique is typically represented by the door coin. Each user in the door coin randomly generates two elliptic curve public keys (A, B) to be used as public identity marks of the user, and the corresponding private keys (a, B) are held by each user in a private mode and are used for generating signature information in the transaction process to finish identity authentication and payment confirmation of the user; secondly, the door coin realizes an identity hiding mechanism in the transaction process, which uses a ring signature to realize the identity hiding of a transaction sender and uses a hidden Address (health Address) to realize the identity hiding of a transaction receiver. But current research lacks a scheme for privacy protection and reliable supervision of transaction identities in a blockchain multicast transaction mode.
In the aspect of transaction content privacy protection, the current blockchain system mostly adopts information encryption and data isolation technology to realize transaction content hiding, generally realizes hidden transaction verification through homomorphic passwords and zero knowledge proof technology, and lacks in the aspect of hidden transaction supervision of transaction content supervision in a multicast transaction mode.
A typical representative of existing autonomous coinage technology in terms of transaction identity privacy is Monero (Monero). The method comprises the steps that a transaction identity hiding technology based on autonomous mixed coins is provided in the transaction process of the door coin, the identity hiding of a transaction receiver is realized through a hidden address technology, and under the condition that the total number of users of a system is set to be N, the probability that an observer effectively recognizes the identity of the receiver is 1/N; the autonomous coin mixing process of the transaction sender is completed through the linkable ring signature, and the identity hiding of the sender is realized.
But double key pair addresses are used in the door coin and reliable supervision is not achieved while the identity of the transaction party is hidden.
In terms of transaction content privacy protection, the PGC scheme adopts an improved twist ElGamal addition homomorphic algorithm to encrypt transaction amount, and can complete transaction amount transmission while supporting transaction balance verification, but the problem of proving the data consistency of a transaction receiver in a multicast transaction mode is not considered. In blockchain multicast transactions, privacy protection and reliable supervision of transaction identity and transaction content are required.
Currently, blockchain privacy protection in the prior art lacks reasonable supervision, and identity privacy protection in blockchains is still easily subjected to malicious link attack by simply using an anonymous technology. The current blockchain privacy protection scheme facing industry application lacks a privacy protection and supervision scheme facing a multicast transaction mode. Therefore, it is very important and significant to develop a privacy protection and supervision method for a blockchain multicast transaction mode.
Disclosure of Invention
The embodiment of the invention provides a privacy protection and supervision method for a block chain multicast transaction mode, which is used for effectively guaranteeing the security of the block chain multicast transaction.
In order to achieve the above purpose, the present invention adopts the following technical scheme.
A privacy protection and supervision method facing to a block chain multicast transaction mode comprises the following steps:
executing an initialization algorithm to generate a user key and a supervisor key;
executing a one-time address derivation algorithm, encrypting a transaction address by using a supervisor key and performing a zero knowledge proof algorithm, and performing privacy protection on the identity of a transaction receiver;
executing transaction amount encryption and zero knowledge proof algorithm by using the public key of the receiver, and performing privacy protection on transaction contents;
executing a linkable revocable ring signature key updating algorithm to perform transaction consistency verification, and executing a linkable revocable ring signature generating algorithm to perform privacy protection on the identity of a transaction sender;
executing an address encryption zero-knowledge proof verification algorithm and an amount encryption zero-knowledge proof verification algorithm to verify consistency of transaction contents and validity of a transaction amount range, and executing a ring signature verification algorithm to verify ring signature validity;
the supervisor obtains the confidential state transaction information, executes the transaction supervision algorithm, and recovers the identity of the transaction sender, the identity of the transaction receiver and the real transaction content;
the receiver executes a discrimination algorithm to judge whether the receiver of one transaction is self or not, if so, a disposable private key corresponding to the disposable address is calculated for the next transaction.
Preferably, the executing an initialization algorithm, generating a user key and a supervisor key, includes:
generating common parameters pp (q, G) from input security parameters lambda 1 ,G T ,Z q E, H, G), wherein G 1 ,G T For cyclic groups of two prime orders q, Z q For the q-order integer group, e is bilinear map G 1 ×G 1 →G T H is a cryptographic hash function G 1 →Z q G is G 1 Is a generator of (1); then generates a user key, user i selects a random number d i ∈Z q As a means ofPrivate key, calculate public key
Generating supervisor key rsk= (d) x ,d y )、rpk=(P X ,P Y ,P T ) Wherein d is x ,d y ∈Z q Simultaneously generating a supervision public and private key d of a supervisor u u And->Ring signature revocation parameter R revoke =g r
Preferably, the executing the one-time address derivation algorithm, encrypting the transaction address by using the supervisor key and performing the zero knowledge proof algorithm, and performing privacy protection on the identity of the transaction receiver comprises:
let public key of transaction receiver be P r Randomly select r tx Calculation ofCalculate->Calculating the one-time address P r ′=g t P r The sender encrypts the blockchain address of the receiver by using the supervision public key rpk to generate supervision ciphertext, i.e. the random numbers +.>And k 2 ∈Z q Calculate->And->Calculating k=k 1 +k 2 Calculation ofC 1 ,C 2 ,C 3 Constitute the anonymity revocation parameter C revokr
Preferably, the method for performing transaction amount encryption and zero knowledge proof algorithm by using the public key of the receiver to perform privacy protection on transaction content includes:
for a multicast transaction mode, the transaction amount is encrypted by using a plurality of public keys of receivers, and the existing stock quantity of a transaction sender in a commodity mortgage scene is set to be m in The mass of the mortgage is m out1 The residual quantity is m out2 The public keys of the multiple receiver addresses are P respectively 0 、P 1 、P 2 And P 3 Assume that the random number corresponding to the existing stock ciphertext is r 0 ∈Z q Selecting a random number r 1 ∈Z q Structure r 2 =r 0 -r 1 ∈Z q Using four twist ElGamal encryption algorithm, we obtained Wherein Y is i (i.e {0,1,2 }) for ring signature key update, transaction sender uses regulatory public key P u Encrypting the mortgage stock to obtain +.>
Executing a zero knowledge proof generation algorithm by a transaction sender to generate a proof, and generating a non-interactive zero knowledge proof based on a Schnorr protocol and a Fiat-Shamir heuristic;
based on Bulletproffs for range demonstration, the set amount range is V= (0, 2) p ) Can be expressed as->
For consistency verification, a random number r is selected 0 ′,r 1 ′,r 2 ′,r in ,r ou1 ,r out2 Calculation of
Calculation c equal
H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X′ 0 ||X′ 1 ||X′ 2 ||X′ 3 ||X′ u ||Y o ′||Y 1 ′||Y 2 ') to obtain
π equal =(c equal ,s 0 ,s 1 ,s 2 ,s in ,s out1 ,s out2 )。
Preferably, the executing the linkable revocable ring signature key updating algorithm performs transaction consistency verification, the executing the linkable revocable ring signature generating algorithm performs privacy protection on the identity of the transaction sender, and the method includes:
let signer public key be P π The private key is d π The public key obtained on the blockchain is P i (i=1..n, i+.pi.) taking TC i Y in (3) i Executing a key updating algorithm to obtain P i 'where the signer takes d' π P 'as an updated signature private key' π As a new public key;
obtaining n-1 user public keys from a blockchain and using a key update algorithm to obtain a set of obfuscated public keys s=
{P 1 ,P 2 ,…,P n And incorporate the supervisor public key P u Ring signature revocation parameter R revoke Signature private key d π The message M to be signed, the ring signature generation algorithm is called, the generated ring signature sigma comprises a key mirror image I, a ring signature main body and a anonymity withdrawal parameter E, and bilinear mapping calculation is usedAt Z q Is selected randomly { q } i I=1, …, n, i+.pi } and { w- i I=1, …, n, i+.pi }, and calculate +.>And->Selecting a random number k E Z q Calculate L π =g k And R is π =e(R revoke ,P u ) k Calculation of
c=H(M||L 1 ||…||L n ||R 1 ||…||R n ||S||P u ||R revoke I E), calculate w π =c-∑w i modq(i=
1,…,n,i≠π),q π =k-w π d π modq, generating signature σ= (I, w 1 ,…,w n ,q 1 ,…,q n )。
Preferably, the executing address encryption zero knowledge proof verification algorithm and the amount encryption zero knowledge proof verification algorithm verify consistency of transaction contents and validity of transaction amount range, and the executing ring signature verification algorithm verifies validity of ring signature, including:
uploading identity information of a transaction party to a blockchain, wherein a verification node on the blockchain acquires a ring signature sigma, a signature message M, a public confusion public key set S and a supervision public key P u After that, the following verification process is performed on the ring signature σ: for the following
i=1, …, n, calculationCalculation of
c =H(M||L 1 ||…||L n ||R 1 ||…||R n ||S||P u ||R revoke I E), if c ver =c If yes, outputting 1 by the algorithm, and passing signature verification; otherwise, the algorithm outputs 0 to indicate that verification fails, a key image I is obtained from the ring signature sigma, a historical key image list is searched for comparison, if the key image I appears in the list, the algorithm outputs 1 to indicate that the user performs double-flower behavior, and the signature is refused;
for consistency verification, verification node computation
Calculation c e qual =H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X 0 ″||X 1 ″||X 2 ″||X 3 ″||X u ″||Y o ″||Y 1 ″||Y 2 ") verifies equation c e qual =c equal Whether the consistency verification is established or not, if so, the consistency verification is passed; otherwise, the consistency verification fails, and after the consistency verification is passed, the secret transaction information is uploaded to the blockchain.
Preferably, the supervisor obtains the confidential transaction information, executes the transaction supervision algorithm, and recovers the identity of the transaction sender, the identity of the transaction receiver and the actual content of the transaction, including:
the supervisor obtains the confidential transaction information on the blockchain, wherein the confidential transaction information comprises a anonymity withdrawal parameter C revoke And a ring signature sigma, using a supervision private key (d x ,d y ) Restoring the one-time address of the transaction receiver: using the revocability of the ring signature, a revocation anonymity algorithm is performed, substituting the public keys P in the set S in sequence i
i=1, …, n, judgment formulaIf so, outputting a signature public key enabling the equation to be satisfied, recovering the true identities of a transaction sender and a transaction receiver from the secret transaction identity information by a supervisor, and taking TC in transaction content when the supervisor recovers the plaintext transaction amount u =(x u ,Y u ) Calculate->Where m is the amount of mortgage stock in the transaction, and plaintext is recovered within a given small range.
Preferably, the receiver executes a discrimination algorithm to determine whether the receiver of a transaction is itself, and if so, calculates a one-time private key corresponding to the one-time address for the next transaction, including:
let d be the private key of the receiver of the transaction r The public key is P r Calculation ofIf P r =P r If so, the receiver judges that the transaction belongs to the receiver and calculates a disposable private key corresponding to the transaction by using the private key of the receiver +.>
According to the technical scheme provided by the embodiment of the invention, the method realizes privacy protection and reliable supervision of the transaction based on the autonomous confusion reliable supervision transaction identity privacy protection technology and the homomorphic encryption and zero knowledge proof reliable supervision transaction content privacy protection technology. The supervisor can restore the true identity of the transaction party while protecting the identity privacy of the transaction sender and the transaction receiver; the supervisor can recover the plaintext content of the transaction while the privacy protection and verification of the transaction content are realized by using homomorphic passwords and zero knowledge proof technology.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a process flow diagram of a privacy protection and supervision method for a blockchain multicast transaction mode according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a linkable revocable ring signature generation algorithm according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a secret verifiable and manageable transaction model facing a multicast transaction mode according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for explaining the present invention and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the purpose of facilitating an understanding of the embodiments of the invention, reference will now be made to the drawings of several specific embodiments illustrated in the drawings and in no way should be taken to limit the embodiments of the invention.
The embodiment of the invention provides a new on-chain transaction mode, namely a multicast transaction mode. In order to realize the supervision transaction identity privacy protection in the on-chain multicast transaction mode, a new disposable address derivation algorithm and a linkable revocable ring signature scheme are used. Meanwhile, the data consistency of each receiver in the multicast transaction mode can be proved and verified.
Definition 1: multicast transaction mode. In the invention, unlike the traditional point-to-point transaction mode, multicast transaction refers to the existence of a transaction sender and a plurality of transaction receivers in one transaction.
Definition 2: disposable address derivation algorithm. In the invention, a defined one-time address derivation algorithm calculates a one-time transaction destination address using a long-term public key of a transaction receiver. The algorithm process is as follows:
(1) Random selection of r tx Calculation of
(2) Calculation ofThen calculate the disposable address P r =g t P r
Definition 3: the revocable ring signature scheme may be linked. In the invention, the defined linkable revocable ring signature scheme can autonomously confuse the identity of the transaction sender, so that the true identity of the transaction sender cannot be maliciously linked by a link observer. The linkable performance can prevent the user from using the same UTXO for double spending, and the revocability is used for the supervisor to recover the true identity of the signer.
Definition 4: data consistency. In the invention, the data consistency refers to consistency of the secret state data received by multiple receivers in a multicast transaction mode.
The invention abstracts the secret verifiable and supervision-based transaction model in the blockchain multicast transaction mode, and a transaction sender firstly needs to calculate transaction data and encrypt the transaction data when generating a transaction, calculates transaction rule evidence and supervision evidence data at the same time, and then packages and uploads the transaction data to the blockchain system. And the verification node in the blockchain system verifies the transaction according to the supervision rule and the transaction rule in the ciphertext state, and the transaction ciphertext data through verification is written into the blockchain. And the final transaction receiver receives the corresponding transaction through the secret state operation. The supervisor can recover the true information of the transaction through the confidential stored data of the blockchain when necessary.
The invention adopts an autonomous confusion identity hiding strategy in the aspect of transaction identity privacy protection, simplifies the door coin double-key pair address into a single-key pair address, designs a new disposable address derivation algorithm to protect the identity privacy of a receiver, and introduces an address restoration algorithm supervisor to restore the identity of the receiver; the scheme of the linkable and revocable ring signature is designed, and the identity privacy of the sender is protected through autonomous confusion, so that the supervisor can recover the true identity of the signer from the ring signature, and the identity privacy protection of the on-chain transaction supervision is realized.
The invention adopts a twist ElGamal homomorphic encryption scheme to realize transaction content hiding in the aspect of transaction content privacy protection, and completes hidden transaction verification and supervision under a multicast transaction mode by matching with a Schnorr protocol and zero knowledge proof technology, wherein the hidden transaction verification and supervision comprises transaction balance certification and verification, consistency certification and verification of multi-receiver received data and validity certification and verification of a transaction amount range.
The processing flow of the privacy protection and supervision method for the block chain multicast transaction mode provided by the embodiment of the invention is shown in fig. 1, and comprises the following processing steps:
step S1: an initialization algorithm is performed to generate a user key and a supervisor key.
Step S2: and executing a disposable address derivation algorithm, encrypting the transaction address by using a supervisor key and performing a zero knowledge proof algorithm, and performing privacy protection on the identity of the transaction receiver.
Step S3: and executing transaction amount encryption and zero knowledge proof algorithm by using the public key of the receiver, and performing privacy protection on transaction contents.
Step S4: and executing a linkable revocable ring signature key updating algorithm (used for transaction balance verification) and a linkable revocable ring signature generating algorithm to carry out privacy protection on the identity of the transaction sender.
Step S5: and verifying the zero knowledge proof and the ring signature, performing an address encryption zero knowledge proof verification algorithm and an amount encryption zero knowledge proof verification algorithm to verify consistency of transaction contents and validity of a transaction amount range, and performing a ring signature verification algorithm to verify validity of the ring signature and balance of the transaction.
Step S6: the supervisor restores the true identity and the transaction content of the transaction party, namely, the supervisor acquires the confidential transaction information and executes a transaction supervision algorithm to restore the identity of the transaction sender, the identity of the transaction receiver and the true transaction content.
Step S7: the receiver executes a discrimination algorithm to judge whether the receiver of one transaction is self or not, if so, a disposable private key corresponding to the disposable address is calculated for the next transaction.
Specifically, the step S1 includes: first, a public parameter is generated according to an input security parameter lambda
pp(q,G 1 ,G T ,Z q E, H, G), wherein G 1 ,G T For cyclic groups of two prime orders q, Z q For the group of integers of the order q,
e is bilinear map G 1 ×G 1 →G T H is a cryptographic hash function G 1 →Z q G is G 1 Is a generator of (1); then generates a user key, user i selects a random number d i ∈Z q As a private key, a public key is calculatedGenerating supervisor keys
rsk=(d x ,d y )、rpk=(P X ,P Y ,P T ) Wherein d is x ,d y ∈Z qSimultaneously generating a supervision public and private key d of a supervisor u u And->Ring signature revocation parameter R revoke =g r
Specifically, the step S2 includes: let the long term public key of the transaction receiver be P r Randomly select r tx Calculation ofCalculate->Then calculate the one-time address P r =g t P r . In order to realize reliable supervision of transaction identity, DLIN encryption is used, namely, a sender encrypts a blockchain address of a receiver by using a supervision public key rpk to generate supervision ciphertext, namely, random numbers are respectively selected +.>And k 2 ∈Z q Calculate->And->Calculating k=k 1 +k 2 Calculation ofC 1 ,C 2 ,C 3 Constitute the anonymity revocation parameter C revoke . To prevent fraud by the transaction sender for evasion of supervision, the transaction sender performs a zero knowledge proof generation algorithm to generate a proof to indicate that the sender uses the supervisor public key when encrypting and the encrypted content is the transaction receiver long term public key for computing the one-time address, based on the Schnorr protocol and Fiat-Shamir heuristic constructionNon-interactive zero knowledge proof.
Specifically, the step S3 includes: for the multicast transaction mode, the transaction amount needs to be encrypted using multiple recipient public keys. Considering commodity mortgage scene, the existing stock quantity of the transaction sender is m in The mass of the mortgage is m out1 The residual quantity is m out2 The public keys of the multiple receiver addresses are P respectively 0 、P 1 、P 2 、P 3 . Assume that the random number corresponding to the existing stock ciphertext is r 0 ∈Z q Selecting a random number r 1 ∈Z q Structure r 2 =r 0 -r 1 ∈Z q Using four twist ElGamal encryption algorithm, we obtained Wherein Y is i (i.e {0,1,2 }) can be used for ring signature key updates to verify the balance of the transaction amount. In order to facilitate the penetration supervision by the supervisor, the transaction sender also needs to use the supervision public key P u Encrypting the mortgage stock to obtain +.>To prevent fraud by the transaction sender for evasion of supervision, the transaction sender performs a zero knowledge proof generation algorithm to generate a proof to indicate that the amounts of mortgage inventory obtained by the recipients are equal and the amounts of mortgage inventory>0, the residual amount is more than or equal to 0. The transaction sender executes a zero knowledge proof generation algorithm to generate a proof, and generates a non-interactive zero knowledge proof of the proof equality relation based on a Schnorr protocol and a Fiat-Shamir heuristic;
bulletproffs-based range demonstrationThe sum range is set to be V= (0, 2) p ) Can be expressed as->
For consistency verification: selecting a random number r 0 ′,r 1 ′,r 2 ′,r in ,r ou1 ,r out2 . Calculation of
Calculation c equal =H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X′ 0 ||X′ 1 ||X′ 2 ||X′ 3 ||X′ u ||Y o ′||Y 1 ′||Y 2 '). To obtain pi equal =(c equal ,s 0 ,s 1 ,s 2 ,s in ,s out1 ,s out2 )。
Specifically, the step S4 includes: let signer public key be P π The private key is d π The public key obtained on the chain is P i (i=1..n, i+.pi.) taking TC i Y in (3) i . Executing a key updating algorithm to obtain P i ' (i=1..n, i+.pi.). Wherein the signer takes d' π P 'as an updated signature private key' π As a new public key.
Obtaining n-1 user public keys from a chain and using a key update algorithm to obtain a mixed public key set s= { P 1 ,P 2 ,…,P n And incorporate the supervisor public key P u Ring signature revocation parameter R revoke Signature private key d π The message M to be signed calls a ring signature generation algorithm, and the generated ring signature sigma comprises a key mirror image I, a ring signature main body and a withdrawal devicePin anonymity parameter E. In particular using bilinear map computationAt Z q Is selected randomly { q } i I=1, …, n, i+.pi } and { w- i I=1, …, n, i+.pi }, and calculate +.>And->Selecting a random number k E Z q Calculate L π =g k And R is π =e(R revoke ,P u ) k Calculate c=h (m||l 1 ||…||L n ||R 1 ||…||R′ n ||S||P u ||R revoke I E) and then calculating w π =c-∑w i modq(i=1,…,n,i≠π),q π =k-w π d π modq. Finally generating signature sigma= (I, w) 1 ,…,w n ,q 1 ,…,q n )。
Specifically, the step S5 includes: and packaging and linking the generated transaction identity information, wherein the on-chain verification node can verify zero knowledge proof and ring signature. Wherein for verification of a ring signature, the in-chain verification node is acquiring the ring signature sigma, the signed message M, the public obfuscated public key set S and the supervision public key P u After that, the following verification procedure is performed on σ, and for i=1, …, n, calculation is performedCalculate c '=h (M L%' 1 ||…||L′ n ||R′ 1 ||…||R′ n ||S||P u ||R revoke I E), if c ver And if the value of C 'is satisfied, outputting 1 by the algorithm, and if the value of C' is not satisfied, outputting 0 to indicate that the verification fails. At the same time, the key image I is obtained from the ring signature sigma, the history key image list is searched for comparison, if the I appears in the list, the algorithm outputs 1, which indicates that the user performs double-flower behavior, and the user refuses the double-flower behaviorAnd (5) signing. For consistency verification, calculate +.>
Calculate c' equal =H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X″ 0 ||X″ 1 ||X″ 2 ||X″ 3 ||X″ u ||Y o ″||Y 1 ″||Y 2 ″)
Validating equation c' eual =c equal If so, the verification is passed, otherwise, the verification fails. After the verification is passed, the confidential transaction information is uplink.
Specifically, the step S6 includes: the supervisor obtains the confidential transaction information on the chain, including the anonymity withdrawal parameter C rwvoke And a ring signature sigma. Then using the supervision private key (d x ,d y ) Restoring the one-time address of the transaction receiver:using the revocability of the ring signature, a revocation anonymity algorithm is performed, substituting the public keys P in the set S in sequence i I=1, …, n, judgment formula +.>If so, outputting a public key for enabling the equation to be satisfied, namely a signature public key, so that the supervisor recovers the true identities of the transaction sender and the transaction receiver from the secret transaction identity information. When the supervisor needs to recover the plaintext transaction amount, the supervisor firstly takes TC in the transaction content u =(X u ,Y u ) Calculation ofWhere m is the amount of mortgage stock in the transaction, and plaintext is recovered within a given small range.
Specifically, the step S7 includes: the recipient uses his own key to verify whether the transaction is self-owned. The private key of the transaction receiver is d r The public key is P r Calculation ofIf P r ′=P r If so, the transaction belongs to the recipient. Then use private key to calculate the corresponding one-time private key of trade +.>
In summary, the embodiment of the invention is designed by the multi-point-to-point transaction scheme of the blockchain privacy protection scheme applied to the industry at present, and the number of the manageable identity privacy protection and content privacy protection schemes in the multicast transaction mode is small. Current research in identity privacy is mostly implemented using anonymity. In addition, there is a challenge to guarantee the consistency, balance, and validity of the monetary range of the transaction contents in the multicast transaction mode.
The method abstracts a secret verifiable manageable transaction model facing to a block chain multicast transaction mode, simplifies the door coin double-key pair address into a single-key pair address and designs a new disposable address derivation algorithm to protect the identity privacy of a receiver, thereby saving the key storage space. The scheme of the linkable and revocable ring signature is designed, the identity privacy of a sender can be protected through autonomous confusion, the consistency of the confidential transaction content in a multicast transaction mode is ensured, and the supervisor can recover the true identity of the transaction party and the plaintext content of the transaction when necessary.
The invention provides a privacy protection and supervision method for a block chain multicast transaction mode, which can respectively carry out privacy protection on the identities of a transaction sender, a transaction receiver and transaction contents, and simultaneously ensure that a supervision person can recover the true identities of transaction participants and the plaintext contents of the transactions. The invention provides a block chain multicast transaction mode, abstracts a secret verifiable supervision transaction model of on-chain multicast transaction, and designs a privacy protection and reliable supervision scheme under the multicast transaction mode. The method used by the invention is based on an autonomous confusion strategy and introduces a supervision mechanism: the one-time address derivation algorithm of the single key pair is used for protecting the identity privacy of the receiver and simultaneously introducing an address recovery algorithm, so that a supervisor can recover the identity of the receiver; the transaction sender conceals the true identity in the randomly selected anonymous public key set through autonomous transaction confusion, ensures the integrity and non-repudiation of the transaction through a ring signature mechanism, and the supervisor can recover the true identity of the signer by utilizing the revocability of the ring signature. Furthermore, the linkable nature of the ring signature prevents the user from creating a double-flower behavior. For privacy protection of transaction contents, the invention provides a method for carrying out privacy protection of transaction contents based on homomorphic passwords and zero knowledge proof, which can verify consistency of transaction contents, transaction balance and validity of transaction amount range while protecting the privacy of the transaction contents, and can effectively recover the plaintext contents of the transaction by a supervisor when necessary.
Those of ordinary skill in the art will appreciate that: the drawing is a schematic diagram of one embodiment and the modules or flows in the drawing are not necessarily required to practice the invention.
From the above description of embodiments, it will be apparent to those skilled in the art that the present invention may be implemented in software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, with reference to the description of method embodiments in part. The apparatus and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (8)

1. The privacy protection and supervision method for the block chain multicast transaction mode is characterized by comprising the following steps of:
executing an initialization algorithm to generate a user key and a supervisor key;
executing a one-time address derivation algorithm, encrypting a transaction address by using a supervisor key and performing a zero knowledge proof algorithm, and performing privacy protection on the identity of a transaction receiver;
executing transaction amount encryption and zero knowledge proof algorithm by using the public key of the receiver, and performing privacy protection on transaction contents;
executing a linkable revocable ring signature key updating algorithm to perform transaction consistency verification, and executing a linkable revocable ring signature generating algorithm to perform privacy protection on the identity of a transaction sender;
executing an address encryption zero-knowledge proof verification algorithm and an amount encryption zero-knowledge proof verification algorithm to verify consistency of transaction contents and validity of a transaction amount range, and executing a ring signature verification algorithm to verify ring signature validity;
the supervisor obtains the confidential state transaction information, executes the transaction supervision algorithm, and recovers the identity of the transaction sender, the identity of the transaction receiver and the real transaction content;
the receiver executes a discrimination algorithm to judge whether the receiver of one transaction is self or not, if so, a disposable private key corresponding to the disposable address is calculated for the next transaction.
2. The method of claim 1, wherein said executing an initialization algorithm to generate a user key and a supervisor key comprises:
generating common parameters pp (q, G) from input security parameters lambda 1 ,G T ,Z q E, H, G), wherein G 1 ,G T For cyclic groups of two prime orders q, Z q For the q-order integer group, e is bilinear map G 1 ×G 1 →G T H is a cryptographic hash function G 1 →Z q G is G 1 Is a generator of (1); then generates a user key, user i selects a random number d i ∈Z q As a private key, a public key is calculated
Generating supervisor key rsk= (d) x ,d y )、rpk=(P X ,P Y ,P T ) Wherein d is x ,d y ∈Z q Simultaneously generating a supervision public and private key d of a supervisor u u And->Ring signature revocation parameter R revoke =g r
3. The method of claim 2, wherein said performing a one-time address derivation algorithm, encrypting the transaction address using the supervisor key and a zero knowledge proof algorithm, privacy protecting the transaction recipient identity, comprises:
let public key of transaction receiver be P r Randomly select r tx Calculation ofCalculate->Calculating the one-time address P r ′=g t P r The sender encrypts the blockchain address of the receiver by using the supervision public key rpk to generate supervision ciphertext, i.e. the random numbers +.>And k 2 ∈Z q Calculate->And->Calculating k=k 1 +k 2 Calculate->C 1 ,C 2 ,C 3 Constitute the anonymity revocation parameter C revoke
4. The method of claim 3, wherein the performing the transaction amount encryption and zero knowledge proof algorithm using the public key of the receiving party, privacy protecting the transaction content, comprises:
for a multicast transaction mode, using multiple receiver public keys to encrypt transaction amounts to set the existing stock quantity of a transaction sender in a commodity mortgage scene to m in The mass of the mortgage is m out1 The residual quantity is m out2 The public keys of the multiple receiver addresses are P respectively 0 、P 1 、P 2 And P 3 Assume that the random number corresponding to the existing stock ciphertext is r 0 ∈Z q Selecting a random number r 1 ∈Z q Structure r 2 =r 0 -r 1 ∈Z q T is obtained by using four TwittedElGamal encryption algorithms Wherein Y is i (i.e {0,1,2 }) for ring signature key update, transaction sender uses regulatory public key P u Encrypting the mortgage stock to obtain +.>
Executing a zero knowledge proof generation algorithm by a transaction sender to generate a proof, and generating a non-interactive zero knowledge proof based on a Schnorr protocol and a Fiat-Shamir heuristic; based on Bulletproffs range demonstration, the set monetary range is V= (0, 2 p), expressed as +.>
For consistency verification, a random number r is selected 0 ′,r 1 ′,r 2 ′,r in ,r ou1 ,r out2 Calculation of
Calculation c equal =H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X 0 ′||X 1 ′||X 2 ′||X 3 ′||X u ′||Y o ′||Y 1 ′||Y 2 ') to give pi equal =(c equal ,s 0 ,s 1 ,s 2 ,s in ,s out1 ,s out2 )。
5. The method of claim 4, wherein said executing the linkable revocable ring signature key update algorithm for transaction consistency verification, and executing the linkable revocable ring signature generation algorithm for privacy protection of the identity of the sender of the transaction, comprises:
let signer public key be P π The private key is d π The public key obtained on the blockchain is Pi (i=1..n, i+.pi), taking TC i Y in (3) i Executing a keyUpdating algorithm to obtain P i 'where the signer takes d' π P 'as an updated signature private key' π As a new public key;
obtaining n-1 user public keys from a blockchain and using a key update algorithm to obtain a mixed public key set s= { P 1 ,P 2 ,...,P n And incorporate the supervisor public key P u Ring signature revocation parameter R revoke Signature private key d π The message M to be signed, the ring signature generation algorithm is called, the generated ring signature sigma comprises a key mirror image I, a ring signature main body and a anonymity withdrawal parameter E, and bilinear mapping calculation is usedAt Z q Is selected randomly { q } i I=1,.. i I=1,..>And->Selecting a random number k E Z q Calculate L π =g k And R is π =e(R revoke ,P u ) k Calculate c=h (m||l 1 ||...||L n ||R 1 ||...||R′ n ||S||P u ||R revoke I E), calculate w π =c-∑w i mod q(i=1,...,n,i≠π),q π =k-w π d π mod q generates a signature σ= (I, w 1 ,...,w n ,q 1 ,...,q n )。
6. The method of claim 5, wherein the performing the address encryption zero-knowledge proof verification algorithm and the monetary encryption zero-knowledge proof verification algorithm verifies consistency of transaction contents, validity of a transaction monetary range, and the performing the ring signature verification algorithm verifies ring signature validity, comprising:
uploading identity information of a transaction party to a blockchain, wherein a verification node on the blockchain acquires a ring signature sigma, a signature message M, a public confusion public key set S and a supervision public key P u After that, the following verification process is performed on the ring signature σ: for i=1..n, n, calculationCalculate c '=h (M L%' 1 ||...||L′ n ||R 1 ′||...||R′ n ||S||P u ||R revoke I E) if c ver If c' is true, the algorithm outputs 1, and the signature verification passes; otherwise, the algorithm outputs 0 to indicate that verification fails, a key image I is obtained from the ring signature sigma, a historical key image list is searched for comparison, if the key image I appears in the list, the algorithm outputs 1 to indicate that the user performs double-flower behavior, and the signature is refused;
for consistency verification, verification node computation Calculate c' equal =H(X 0 ||X 1 ||X 2 ||X 3 ||X u ||Y 0 ||Y 1 ||Y 2 ||X 0 ″||X 1 ″||X 2 ″||X 3 ″||X u ″||Y o ″||Y 1 ″||Y 2 ") verifies equation c' equal =c equal Whether the consistency verification is established or not, if so, the consistency verification is passed; otherwise, the consistency verification fails, and after the consistency verification is passed, the secret transaction information is uploaded to the blockchain.
7. The method of claim 6, wherein the step of the supervisor obtaining the confidential transaction information, executing the transaction supervision algorithm, and recovering the identity of the transaction sender, the identity of the transaction receiver, and the actual content of the transaction comprises:
the supervisor obtains the confidential transaction information on the blockchain, wherein the confidential transaction information comprises a anonymity withdrawal parameter C revoke And a ring signature sigma, using a supervision private key (d x ,d y ) Restoring the one-time address of the transaction receiver: using the revocability of the ring signature, a revocation anonymity algorithm is performed, substituting the public keys P in the set S in sequence i I=1,..n, n, judgment formula +.>If so, outputting a signature public key enabling the equation to be satisfied, recovering the true identities of a transaction sender and a transaction receiver from the secret transaction identity information by a supervisor, and taking TC in transaction content when the supervisor recovers the plaintext transaction amount u =(X u ,Y u ) Calculate->Where m is the amount of mortgage stock in the transaction, and plaintext is recovered within a given small range.
8. The method of claim 7, wherein the receiving party performs a discrimination algorithm to determine whether the receiving party of a transaction is itself, and if so, calculates a one-time private key corresponding to the one-time address for the next transaction, comprising:
let d be the private key of the receiver of the transaction r The public key is P r Calculation ofIf P r ′=P r If so, the receiver judges that the transaction belongs to the receiver and calculates a disposable private key corresponding to the transaction by using the private key of the receiver>
CN202310697598.3A 2023-06-13 2023-06-13 Privacy protection and supervision method for block chain multicast transaction mode Active CN116633560B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310697598.3A CN116633560B (en) 2023-06-13 2023-06-13 Privacy protection and supervision method for block chain multicast transaction mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310697598.3A CN116633560B (en) 2023-06-13 2023-06-13 Privacy protection and supervision method for block chain multicast transaction mode

Publications (2)

Publication Number Publication Date
CN116633560A CN116633560A (en) 2023-08-22
CN116633560B true CN116633560B (en) 2024-03-08

Family

ID=87621216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310697598.3A Active CN116633560B (en) 2023-06-13 2023-06-13 Privacy protection and supervision method for block chain multicast transaction mode

Country Status (1)

Country Link
CN (1) CN116633560B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111709749A (en) * 2020-06-16 2020-09-25 西安安盟智能科技股份有限公司 Traceable blockchain transaction system with conditional privacy protection
WO2021018088A1 (en) * 2019-07-30 2021-02-04 华为技术有限公司 Trusted authentication method, network device, system and storage medium
CN115550073A (en) * 2022-11-30 2022-12-30 安徽中科晶格技术有限公司 Construction method capable of monitoring stealth address
CN115564434A (en) * 2022-09-23 2023-01-03 西南交通大学 Block chain supervision privacy protection method based on zero knowledge proof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021018088A1 (en) * 2019-07-30 2021-02-04 华为技术有限公司 Trusted authentication method, network device, system and storage medium
CN111709749A (en) * 2020-06-16 2020-09-25 西安安盟智能科技股份有限公司 Traceable blockchain transaction system with conditional privacy protection
CN115564434A (en) * 2022-09-23 2023-01-03 西南交通大学 Block chain supervision privacy protection method based on zero knowledge proof
CN115550073A (en) * 2022-11-30 2022-12-30 安徽中科晶格技术有限公司 Construction method capable of monitoring stealth address

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
按需披露的区块链隐私保护机制;李少卓等;网络与信息安全学报;第6卷(第3期);全文 *

Also Published As

Publication number Publication date
CN116633560A (en) 2023-08-22

Similar Documents

Publication Publication Date Title
CN111008836B (en) Privacy security transfer payment method, device, system and storage medium
JP2023120347A (en) Threshold digital signature method and system
Dikshit et al. Efficient weighted threshold ECDSA for securing bitcoin wallet
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
Chen et al. Light-weight and privacy-preserving authentication protocol for mobile payments in the context of IoT
US20120278609A1 (en) Joint encryption of data
CN109936456B (en) Anti-quantum computation digital signature method and system based on private key pool
CN109728906A (en) Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond
CN104754570B (en) Key distribution and reconstruction method and device based on mobile internet
EP2686978B1 (en) Keyed pv signatures
CN111010280A (en) Group signature-based construction method for monitorable block chain
KR20030062401A (en) Apparatus and method for generating and verifying id-based blind signature by using bilinear parings
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN116349203A (en) Identifying denial of service attacks
CN104539425B (en) Multi-receiver label decryption method based on multivariable, many security attributes
CN114219491A (en) Block chain-oriented privacy transaction method and related device
Diffie et al. New Directions in cryptography (1976)
Pu et al. Post quantum fuzzy stealth signatures and applications
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN110740034B (en) Method and system for generating QKD network authentication key based on alliance chain
CN116633560B (en) Privacy protection and supervision method for block chain multicast transaction mode
Zhang et al. 1-round distributed key generation with efficient reconstruction using decentralized cp-abe
Lueks et al. Vote to link: Recovering from misbehaving anonymous users
Chander The state-of-the-art cryptography techniques for secure data transmission
Longo Formal Proofs of Security for Privacy-Preserving Blockchains and other Cryptographic Protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant