CN107358424B - Transaction method and device based on digital currency - Google Patents

Abstract

The invention discloses a transaction method and a transaction device based on digital currency, and relates to the technical field of computers. One embodiment of the method comprises: in the process of receiving and paying transactions based on the distributed account book technology, a collection end and a payment end encrypt plaintext amount related in the transactions to obtain ciphertext amount, and generate corresponding verification information for verifying or decrypting the ciphertext amount. The implementation mode solves the technical problem that funds are difficult to keep secret in the existing distributed account book technology, and achieves the technical effects of guaranteeing cooperative sharing and protecting transaction privacy.

Description

Transaction method and device based on digital currency

Technical Field

The invention relates to the technical field of computers, in particular to a transaction method and a transaction device based on digital currency.

Background

The blockchain is a novel distributed technology, a protocol maker formulates and publishes rules before a system runs, a client following the protocol is developed, then a plurality of organizations or individuals serve as nodes to be connected with each other and run the client, data which are generated by malicious nodes and do not conform to the protocol can be discarded by other honest nodes, a general ledger is maintained by adopting the method of adversarial consensus, and the assumption that no centralized right organization or individual can falsify the initial protocol is achieved.

The application scenario of the first block chain is bitcoin, which realizes a currency system that specifies the issuing rule and transfer logic in advance, the source of the currency issuing is the outbound reward Coinbase of the accounting node, and the transfer logic is called an Unspent Transaction Output (UTXO) model. Suppose user A currently has money

The sources of these currencies are from the payout award, user A wishes to transfer 7 dollars to user B, user A collects his/her own currency, finds a combination of 7 or more, initiates an input of A1 and A2 to change the currency

And new money

For transactions being outputs (output), i.e.

This equality requires first verification by the accounting node, and after passing and writing to the block chain, a1 and a2 become spent currency and a4 and B1 become new unspent currency, which can be used as inputs for the UTXO configuration at a later time.

Since the accounting node needs to verify whether each transaction has negative value currency, whether excess transfer occurs, whether currency creation exists, and the like, the blockchain system represented by bitcoin selects to store the unused currency information of all users in plain text, and the newly generated currency information in the transaction also needs plain text statement, so that the node can verify the input and output equivalent relation of all UTXOs.

However, in the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art: in real life, the amount of point-to-point transactions among users (enterprises or individuals) generally has a privacy requirement, and the total balance of the users in the system also has a privacy requirement. The traditional centralized scheme can conveniently set data access authority without cooperative accounting, can well solve the privacy problem, but a user still wants to store other documents and data cooperated by multiple parties by virtue of the advantages of distributed technologies such as block chains and the like for cooperative accounting, and a complete service closed loop needs funds to participate in real-time clearing and settlement, so that the problem that cooperative sharing and transaction privacy cannot coexist is caused.

Disclosure of Invention

In view of this, embodiments of the present invention provide a transaction method and apparatus based on digital currency, which can implement encryption of transaction amount in a transaction process based on digital currency, so as to protect privacy interests of users.

To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a digital currency based transaction method including:

the method comprises the steps that a receiving end encrypts received plaintext transaction amount to obtain ciphertext transaction amount, first verification information used for verifying the ciphertext transaction amount is generated, then a receiving request is generated, and the receiving request is broadcasted; the receiving request comprises the ciphertext transaction amount and the first verification information;

after receiving the money receiving request, the node confirms that the cipher text transaction amount accords with the rule according to the first verification information, then stores the money receiving request in a block chain, and updates a money list according to the money receiving request;

after the payment end acquires the payment request from the block chain, decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount, calculating a plaintext change amount according to the plaintext transaction amount and the currency list, encrypting the plaintext change amount to obtain a ciphertext change amount, generating second verification information for verifying the ciphertext change amount, generating a transfer data structure, and then generating a payment request and broadcasting the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure;

after receiving the payment request, the node confirms that the cryptograph transaction amount accords with the rule according to the second verification information, confirms that the currency list accords with the rule according to the transfer data structure, stores the payment request to the block chain, and updates the currency list according to the transfer data structure.

In some optional embodiments, the step of encrypting the received plaintext transaction amount by the recipient to obtain a ciphertext transaction amount comprises:

the receiving end generates a transaction private key used for receiving the money;

the collection end stores a base point value, and the base point value is encrypted and calculated by using a base point encryption algorithm to obtain a base point check value;

the receiving end calculates the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value.

In some of the alternative embodiments, the first and second,

the first authentication information comprises a first transaction proof;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the receiving end carries out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n;

the receiving end randomly splits the transaction private key x according to a preset number n to obtain

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

the receiving end is according to P (x) for each index bit_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ；

The receiving end uses the x for each index bit_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i；

The receiving end transmits all the index bits and the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

In some optional embodiments, the step of the node confirming that the ciphertext transaction amount meets the rule according to the first verification information comprises:

the node disassembles the first transaction certificate to obtain all the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_i；

Node confirms for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, then confirm that

To confirm that the cryptograph transaction amount meets the rules; wherein k is_i＝2ⁱ。

In some of the alternative embodiments, the first and second,

the first authentication information comprises a first communication message;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the method comprises the steps that a collecting end generates a collecting end fixed private key, a paying end fixed public key is obtained, the product of the collecting end fixed private key and the paying end fixed public key is encrypted and calculated by using the base point encryption algorithm to obtain a shared key, then the plaintext transaction amount is spliced with the transaction private key, and the spliced result is encrypted and calculated by using the shared key to generate the first communication message.

In some optional embodiments, the step of the payer decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount includes:

the payment terminal stores the base point value and uses the base point encryption algorithm to encrypt and calculate the base point value to obtain the base point verification value;

and the payment end generates a payment end fixed private key, acquires a collection end fixed public key, uses the base point encryption algorithm to carry out encryption calculation on the product of the payment end fixed private key and the collection end fixed public key so as to obtain a shared key, and then splits the result of carrying out decryption calculation on the first communication message by using the shared key so as to obtain the plaintext transaction amount.

In some optional embodiments, the step of the payer calculating the clear text change amount according to the clear text transaction amount and the currency list comprises:

and the payment end selects the digital currency with the payee as the payment end and the total clear text amount greater than or equal to the clear text transaction amount from the currency list, then the digital currency forms the currency subset, and the clear text transaction amount is subtracted from the total clear text amount to obtain the clear text change amount.

In some of the alternative embodiments, the first and second,

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information;

the step of generating the transfer data structure by the payment terminal comprises the following steps:

the payment end generates a transfer data structure containing the hash value of the transaction currency, the hash value of the change currency, and the hash values of each digital currency in the subset of currency.

In some of the alternative embodiments, the first and second,

before the step of updating the currency list by the node according to the collection request, the method further comprises the following steps: the node establishes a currency list for storing currency, currency hash values and corresponding relations of the currency and the currency hash values; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the step that the node updates the currency list according to the collection request comprises the following steps: the node stores the transaction currency and the hash value of the transaction currency to the confirmed currency list;

before the step of the node storing the payment request to the blockchain, the method further comprises the following steps: the node searches and confirms the transaction currency to be stored in the confirmed currency list according to the hash value of the transaction currency, searches and confirms the digital currency in the currency subset to be stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirms that the sum of the cryptograph transaction amount and the cryptograph change amount is equal to the cryptograph total amount of the digital currency in the currency subset;

the step of the node updating the currency list according to the transfer data structure comprises: after the node finds the transaction currency according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the unconsumed currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the unconsumed currency list to the consumed currency list, and the change-making currency and the hash value thereof are stored in the unconsumed currency list.

To achieve the above object, according to another aspect of an embodiment of the present invention, there is provided a digital money-based transaction apparatus including:

the transaction amount encryption module is used for encrypting the received plaintext transaction amount to obtain a ciphertext transaction amount;

the first verification information generation module is used for generating first verification information used for verifying the cryptograph transaction amount;

the collection request sending module is used for generating a collection request and broadcasting the collection request; the receiving request comprises the ciphertext transaction amount and the first verification information;

a receiving module for receiving the receiving request;

the transaction amount decryption module is used for decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount;

the change-making amount calculation module is used for calculating the plaintext change-making amount according to the plaintext transaction amount and the currency list;

the change-making amount encryption module is used for encrypting the plaintext change-making amount to obtain a ciphertext change-making amount;

the second verification information generation module is used for generating second verification information used for verifying the ciphertext change-making amount;

the transfer data structure generating module is used for generating a transfer data structure;

the payment request sending module is used for generating a payment request and broadcasting the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure.

In some optional embodiments, the transaction amount encryption module is further to: generating a transaction private key used for the collection; storing a base point value, and carrying out encryption calculation on the base point value by using a base point encryption algorithm to obtain a base point check value; calculating the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value.

In some of the alternative embodiments, the first and second,

the first authentication information comprises a first transaction proof;

the first verification information generation module is further configured to: carrying out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n; randomly splitting the transaction private key x according to a preset digit n to obtain the transaction private key x

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

for each index bit, according to P (x)_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ(ii) a For each of the index bits, using the x_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i(ii) a All the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

In some of the alternative embodiments, the first and second,

the first authentication information comprises a first communication message;

the first verification information generation module is further configured to: generating a fixed private key of a collection end, acquiring a fixed public key of a payment end, carrying out encryption calculation on the product of the fixed private key of the collection end and the fixed public key of the payment end by using the base point encryption algorithm to obtain a shared key, splicing the plaintext transaction amount with the transaction private key, and carrying out encryption calculation on the spliced result by using the shared key to generate the first communication message.

In some optional embodiments, the transaction amount decryption module is further to: storing the base point value, and carrying out encryption calculation on the base point value by using the base point encryption algorithm to obtain the base point check value; generating a fixed private key of a payment end, acquiring a fixed public key of a collection end, carrying out encryption calculation on the product of the fixed private key of the payment end and the fixed public key of the collection end by using the base point encryption algorithm to obtain a shared key, and then splitting the result of carrying out decryption calculation on the first communication message by using the shared key to obtain the plaintext transaction amount.

In some optional embodiments, the change amount calculation module is further configured to: and selecting the digital currency with the payee as the payment end and the total clear text amount greater than or equal to the clear text transaction amount from the currency list, then forming the currency subset, and subtracting the clear text transaction amount from the total clear text amount to obtain the clear text change amount.

In some of the alternative embodiments, the first and second,

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information;

the transfer data structure generation module is further configured to: generating a transfer data structure containing the hash value of the transaction currency, the hash value of the change currency, and the hash values of each digital currency in the subset of currencies.

To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a digital money-based transaction apparatus including:

a receiving module for receiving a receiving request; the collection request comprises a ciphertext transaction amount and first verification information;

the collection request verification module is used for confirming that the cryptograph transaction amount accords with the rule according to the first verification information;

the collection request chaining module is used for storing the collection request to a block chain;

the money receiving updating module is used for updating a money list according to the money receiving request;

a payment request receiving module for receiving a payment request; the payment request comprises a ciphertext change making amount, second verification information and a transfer data structure;

the payment request verification module is used for confirming that the cryptograph transaction amount accords with the rule according to the second verification information and confirming that the currency list accords with the rule according to the transfer data structure;

a payment request chaining module for storing the payment request to the blockchain;

and the payment updating module is used for updating the currency list according to the transfer data structure.

In some of the alternative embodiments, the first and second,

the first authentication information comprises a first transaction proof;

the collection request verification module is further configured to: splitting the first transaction certificate to obtain all index bits i, P (x)_i,m_i)、P(x_i,m_i-k_i) And S_i(ii) a Confirming that for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, then confirm that

To confirm that the cryptograph transaction amount meets the rules; wherein k is_i＝2ⁱ。

In some optional embodiments, the apparatus further comprises a currency list establishment module, wherein,

the currency list establishing module is used for establishing a currency list for storing currency, currency hash values and corresponding relations of the currency and the currency hash values; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information;

the collection updating module is also used for: storing the transaction currency and the hash value of the transaction currency to the confirmed currency list;

the transfer data structure including a hash value of the transaction currency, the transfer data structure further including a hash value of the change currency and a hash value of the digital currency within the currency subset;

the payment request validation module is further to: searching and confirming that the transaction currency is stored in the confirmed currency list according to the hash value of the transaction currency, searching and confirming that the currency in the currency subset is stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirming that the sum of the ciphertext transaction amount and the ciphertext change amount is equal to the total ciphertext amount of the digital currency in the currency subset;

the payment update module is further to: after the transaction currency is found according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the non-spent currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the non-spent currency list to the spent currency list, and the change-making currency and the hash value thereof are stored in the non-spent currency list.

To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a computer-readable storage medium having computer instructions stored therein, wherein the computer instructions are executable by a computer or a computer system, thereby enabling the computer or the computer system to execute the digital currency-based transaction method.

One embodiment of the above invention has the following advantages or benefits: in the process of receiving and paying transactions based on the distributed account book technology, the collection end and the payment end encrypt plaintext amount related in the transactions to obtain ciphertext amount and generate corresponding verification information for verifying or decrypting the ciphertext amount, so that the technical problem that funds in the existing distributed account book technology are difficult to keep secret is solved, and the technical effects of guaranteeing cooperative sharing and protecting transaction privacy are achieved.

Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.

Drawings

The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:

FIG. 1 is a schematic diagram of the main steps of a digital currency based transaction method according to an embodiment of the invention;

FIG. 2 is a schematic diagram of the main modules of a digital currency based transaction apparatus according to an embodiment of the present invention;

fig. 3 is a schematic diagram of main modules of a digital money-based transaction apparatus according to another embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

Fig. 1 is a schematic diagram of main steps of a digital currency based transaction method according to an embodiment of the present invention.

As shown in fig. 1, a digital currency based transaction method according to an embodiment of the present invention includes:

s10, the receiving end encrypts the received plaintext transaction amount to obtain a ciphertext transaction amount, generates first verification information for verifying the ciphertext transaction amount, and then generates a receiving request and broadcasts the receiving request; the receiving request comprises the ciphertext transaction amount and the first verification information.

And S11, after receiving the money receiving request, the node confirms that the ciphertext transaction amount meets the rule according to the first verification information, then stores the money receiving request in a block chain, and updates a money list according to the money receiving request.

S12, after the payment end obtains the collection request from the block chain, the payment end decrypts the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount, calculates the plaintext change amount according to the plaintext transaction amount and the currency list, encrypts the plaintext change amount to obtain the ciphertext change amount, generates second verification information for verifying the ciphertext change amount, generates a transfer data structure, and then generates a payment request and broadcasts the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure.

And S13, after receiving the payment request, the node confirms that the cryptograph transaction amount accords with the rule according to the second verification information, confirms that the currency list accords with the rule according to the transfer data structure, stores the payment request into the block chain, and updates the currency list according to the transfer data structure.

In some optional embodiments, the collection request further includes a collection timestamp, and for convenience of sending, receiving and recording, the collection request further includes a collection party address and a payment party address. For identification, the collection request is signed by the collection end using a collection end fixed private key before broadcast. A payment timestamp is also included in the payment request. The payment request also includes a payee address and a payer address for ease of sending and receiving and recording. For identification purposes, the payment request is signed by the payment end using a payment end fixed private key before broadcast.

As can be seen from the above, in the embodiment of the present invention, in the process of a receipt and payment transaction based on the distributed ledger technology, the receiving end and the paying end encrypt the plaintext amount involved in the transaction to obtain the ciphertext amount, and generate the corresponding verification message to verify or decrypt the ciphertext amount, so that the technical problem that the fund in the existing distributed ledger technology is difficult to be kept secret is overcome, and the technical effects of ensuring cooperative sharing and protecting the transaction privacy are achieved.

In some optional embodiments, the step of encrypting the received plaintext transaction amount by the recipient to obtain a ciphertext transaction amount comprises:

the receiving end generates a transaction private key used for receiving the money; the collection end stores a base point value, and the base point value is encrypted and calculated by using a base point encryption algorithm to obtain a base point check value; the receiving end calculates the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value. The transaction private key is only used for receiving and paying the current time, and a new transaction private key is generated every time a new transaction is carried out.

The Base point encryption algorithm may be, for example, the SHA256 algorithm, the RIPEMD-160 algorithm, or the Base58 encoding, etc. The basic point encryption algorithm aims to obtain a public key of an unknown private key, namely a basic point verification value H, by calculation through a preset basic point value G; the base check value H obtained by using a hash algorithm such as SHA256 is relatively confident, but other algorithms that achieve the same or similar effect may be used. The base point encryption algorithm needs to ensure that there is no simple correspondence between H and G, which is obtained by calculation, and H ═ kG, so that when q ═ xG + mH is known, the values of x and m have unique solutions.

In some optional embodiments, the first verification information comprises a first proof of transaction;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the receiving end carries out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n;

the receiving end randomly splits the transaction private key x according to a preset number n to obtain

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

during splitting, the larger the preset digit n is, the higher the encryption degree is, but the calculation cost is also increased, and the redundant digits do not have practical applicability, so that the value of n is usually more suitable at 64, and 32 or 128 can be selected according to the situation;

the receiving end is according to P (x) for each index bit_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ；

The receiving end uses the x for each index bit_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i；

The receiving end transmits all the index bits and the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

In some optional embodiments, the step of the node confirming that the ciphertext transaction amount meets the rule according to the first verification information comprises:

the node disassembles the first transaction certificate to obtain all the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_i；

Node confirms for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, then confirm that

Thereby confirming that the plaintext transaction amount corresponding to the ciphertext transaction amount q is 0-2ⁿWithin the range, to confirm that the cryptograph transaction amount meets the rules; wherein k is_i＝2ⁱ。

In some optional embodiments, the first authentication information comprises a first communication message;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the method comprises the steps that a collecting end generates a collecting end fixed private key, a paying end fixed public key is obtained, the product of the collecting end fixed private key and the paying end fixed public key is encrypted and calculated by using the base point encryption algorithm to obtain a shared key, then the plaintext transaction amount is spliced with the transaction private key, and the spliced result is encrypted and calculated by using the shared key to generate the first communication message.

In some optional embodiments, the step of the payer decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount includes:

the payment terminal stores the base point value and uses the base point encryption algorithm to encrypt and calculate the base point value to obtain the base point verification value;

and the payment end generates a payment end fixed private key, acquires a collection end fixed public key, uses the base point encryption algorithm to carry out encryption calculation on the product of the payment end fixed private key and the collection end fixed public key so as to obtain a shared key, and then splits the result of carrying out decryption calculation on the first communication message by using the shared key so as to obtain the plaintext transaction amount.

It should be noted that, because the first communication message is encrypted by using the fixed private key at one end of the payment end and the collection end and the fixed public key at the other end, only the payment end and the collection end can decrypt the first communication message, thereby decrypting the cryptograph transaction amount. Similarly, any user side can only decrypt and obtain the plaintext amount in the digital currency (which is a payer or a payee) related to the user side, but cannot obtain the plaintext transaction amount in the digital currency unrelated to the user side, so that the privacy of the transaction process and the transaction account book is ensured.

In some optional embodiments, the step of the payer calculating the clear text change amount according to the clear text transaction amount and the currency list comprises:

and the payment end selects the digital currency with the payee as the payment end and the total clear text amount greater than or equal to the clear text transaction amount from the currency list, then the digital currency forms the currency subset, and the clear text transaction amount is subtracted from the total clear text amount to obtain the clear text change amount. It should be noted that, if the total plaintext amount of the digital currency in the currency subset is equal to the plaintext transaction amount, the calculated plaintext change amount is zero; in this case, the subsequent processing may still be performed according to a method in which the plaintext change amount is not 0, or an individual determination condition may be set, and the plaintext change amount and the content related thereto appearing subsequently may not be processed any more. If the subsequent processing is carried out according to the method that the plaintext change amount is not 0, the verification of the node in the subsequent step on the ciphertext transaction amount, the ciphertext change amount and the plaintext total amount of the digital currency in the currency subset can be kept consistent, and the integrity and the safety of the method can be improved.

In some optional embodiments, the ciphertext transaction amount is referenced by the manner of generating, decrypting and verifying the ciphertext change amount; the generation and use of the second authentication information refers to the first authentication information. It should be noted that, when the second verification information is generated, the payment end generates the payment transaction private key used for the current payment, in some other embodiments, in order to meet the verification condition, the payment transaction private key also meets a certain condition, which is described in the following embodiments; and if the second communication message needs to be generated, the payment terminal generates the second communication message according to the fixed private key and the fixed public key of the payment terminal and by referring to the generation mode of the first verification message.

In some of the alternative embodiments, the first and second,

before the step of updating the currency list by the node according to the collection request, the method further comprises the following steps: the node establishes a currency list for storing currency, currency hash values and corresponding relations of the currency and the currency hash values; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the step that the node updates the currency list according to the collection request comprises the following steps: the node stores the transaction currency and the hash value of the transaction currency to the confirmed currency list;

before the step of the node storing the payment request to the blockchain, the method further comprises the following steps: the node searches and confirms the transaction currency to be stored in the confirmed currency list according to the hash value of the transaction currency, searches and confirms the digital currency in the currency subset to be stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirms that the sum of the cryptograph transaction amount and the cryptograph change amount is equal to the cryptograph total amount of the digital currency in the currency subset;

the step of the node updating the currency list according to the transfer data structure comprises: after the node finds the transaction currency according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the unconsumed currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the unconsumed currency list to the consumed currency list, and the change-making currency and the hash value thereof are stored in the unconsumed currency list.

In this embodiment, since it is determined that the sum of the ciphertext transaction amount and the ciphertext change amount is equal to the total ciphertext amount of the digital currency in the currency subset, when the total plaintext amount of the digital currency in the currency subset is equal to the plaintext transaction amount, that is, the value of the plaintext change amount is 0, the plaintext change amount is still encrypted by referring to the method for encrypting the plaintext transaction amount; in addition, when the plaintext change amount is encrypted, a payment transaction private key is generated by a payment end, the generation mode of the payment transaction private key is different from the generation mode of the transaction private key by a collection end, the payment transaction private key is not randomly generated, and the result obtained by subtracting the transaction private key of the payment end from the sum of the transaction private keys of the digital currencies in the currency subset is used as the payment transaction private key of the payment end, so that the sum of the ciphertext transaction amount and the ciphertext change amount can still meet the requirement that the total ciphertext amount of the digital currencies in the currency subset is equal to the total ciphertext amount of the digital currencies in the currency subset when the plaintext change amount is 0, and the verification process is.

It should be noted that, if any user needs to query the account balance of itself, the money whose payee address is the address of itself in the unspent money list of the money list may be collected, the shared key of each money is calculated one by one according to the public keys of the money payers, and the ciphertext amounts in the money are decrypted respectively by using the shared key to obtain the plaintext amount of each money, and the account balance of itself may be obtained by adding the plaintext amounts.

In some optional embodiments, after obtaining the collection request from the blockchain, the payment terminal may further refuse to make a payment; at this time, the method further includes:

the payment terminal acquires the transaction currency contained in the collection request, calculates the hash value of the transaction currency, then generates a payment refusal request and broadcasts the payment refusal request; the request for refusal payment comprises a hash value of the transaction currency;

and after the node side receives the payment rejection request, searching the transaction currency in the currency list according to the hash value of the transaction currency, and deleting the transaction currency from the currency list after determining that the transaction currency exists in the confirmed currency list and the address of the payer of the transaction currency is the address of the payment side.

In some optional embodiments, the payee may also initiate a withdrawal receipt request before the payer initiates no payment request or rejects the payment request; at this time, the method further includes:

the receiving end calculates the hash value of the transaction currency, then generates a withdrawal request and broadcasts the withdrawal request; the withdrawal request comprises a hash value of the transaction currency;

and after the node end receives the withdrawal request, searching the transaction currency in the currency list according to the hash value of the transaction currency, and deleting the transaction currency from the currency list after determining that the transaction currency exists in the confirmed currency list and the address of a payee of the transaction currency is the address of the payee.

In some alternative embodiments, the data structures for the transaction currency, change currency, and digital currency are shown in Table 1:

table 1 currency data structure table

Field(s)	Abbreviations	Type (B)	Explanation of the invention
				AddressFrom	Dx	Address	Payer address
AddressTo	Dx	Address	Payee address
				Money	q	Public key	Amount of cipher text
Proof	f	Bytes	Transaction proof
				Message	c	Bytes	Communicating messages
Timestamp	s	Time of day	Millisecond time stamp

In some alternative embodiments, the data structure of the transaction certificate is shown in table 2:

table 2 transaction verification data structure table

In some alternative embodiments, the alternative data structures of the transfer data structure are shown in Table 3:

table 3 transfer data structure table

Field(s)	Type (B)	Explanation of the invention
			Inputs	Hash list	Inputting currency hash lists
Outputs	Hash list	Exporting currency hash lists

Wherein the input currency hash list comprises hash values of digital currencies in the currency subset; the output currency hash list comprises the hash value of the transaction currency and also comprises the hash value of the change currency when the change exists.

Fig. 2 is a schematic diagram of main modules of a digital money-based transaction apparatus according to an embodiment of the present invention.

As shown in fig. 2, an embodiment of the invention provides a transaction apparatus 200 based on digital money, which is mainly applied to a user side with functions of collecting money and paying, and includes:

a transaction amount encryption module 201, configured to encrypt the received plaintext transaction amount to obtain a ciphertext transaction amount;

a first verification information generation module 202, configured to generate first verification information used for verifying the ciphertext transaction amount;

a collection request sending module 203, configured to generate a collection request and broadcast the collection request; the receiving request comprises the ciphertext transaction amount and the first verification information;

a receiving module 204 for receiving the receiving request;

the transaction amount decryption module 205 is configured to decrypt the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount;

a change amount calculation module 206, configured to calculate a plaintext change amount according to the plaintext transaction amount and the currency list;

a change-making amount encryption module 207 for encrypting the plaintext change-making amount to obtain a ciphertext change-making amount;

a second verification information generation module 208, configured to generate second verification information used for verifying the ciphertext change-making amount;

a transfer data structure generating module 209 for generating a transfer data structure;

a payment request transmitting module 210 for generating a payment request and broadcasting the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure.

In some optional embodiments, the transaction amount encryption module 201 is further configured to: generating a transaction private key used for the collection; storing a base point value, and carrying out encryption calculation on the base point value by using a base point encryption algorithm to obtain a base point check value; calculating the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value.

The first authentication information comprises a first transaction proof;

the first verification information generation module 202 is further configured to: carrying out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n; randomly splitting the transaction private key x according to a preset digit n to obtain the transaction private key x

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

for each index bit, according to P (x)_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ(ii) a For each of the index bits, using the x_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i(ii) a All the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

The first authentication information comprises a first communication message;

the first verification information generation module 202 is further configured to: generating a fixed private key of a collection end, acquiring a fixed public key of a payment end, carrying out encryption calculation on the product of the fixed private key of the collection end and the fixed public key of the payment end by using the base point encryption algorithm to obtain a shared key, splicing the plaintext transaction amount with the transaction private key, and carrying out encryption calculation on the spliced result by using the shared key to generate the first communication message.

In some optional embodiments, the transaction amount decryption module 205 is further configured to: storing the base point value, and carrying out encryption calculation on the base point value by using the base point encryption algorithm to obtain the base point check value; generating a fixed private key of a payment end, acquiring a fixed public key of a collection end, carrying out encryption calculation on the product of the fixed private key of the payment end and the fixed public key of the collection end by using the base point encryption algorithm to obtain a shared key, and then splitting the result of carrying out decryption calculation on the first communication message by using the shared key to obtain the plaintext transaction amount.

In some optional embodiments, the change amount calculation module 206 is further configured to: and selecting the digital currency with the payee as the payment end and the total clear text amount greater than or equal to the clear text transaction amount from the currency list, then forming the currency subset, and subtracting the clear text transaction amount from the total clear text amount to obtain the clear text change amount.

In some of the alternative embodiments, the first and second,

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information;

the transfer data structure generation module 209 is further configured to: generating a transfer data structure containing the hash value of the transaction currency, the hash value of the change currency, and the hash values of each digital currency in the subset of currencies.

Fig. 3 is a schematic diagram of main modules of a digital money-based transaction apparatus according to another embodiment of the present invention.

As shown in fig. 3, another embodiment of the present invention provides a transaction apparatus 300 based on digital currency, which is mainly applied to a node with a verification function, and includes:

a receiving request receiving module 301, configured to receive a receiving request; the collection request comprises a ciphertext transaction amount and first verification information;

a receiving request verification module 302, configured to confirm that the ciphertext transaction amount meets a rule according to the first verification information;

a receive request chaining module 303, configured to store the receive request to a block chain;

a money receiving update module 304, configured to update the money list according to the money receiving request;

a payment request receiving module 305 for receiving a payment request; the payment request comprises a ciphertext change making amount, second verification information and a transfer data structure;

a payment request verification module 306, configured to confirm that the ciphertext transaction amount complies with a rule according to the second verification information, and confirm that the currency list complies with a rule according to the transfer data structure;

a payment request chaining module 307 for storing the payment request to the blockchain;

a payment update module 308 for updating the currency list according to the transfer data structure.

In some optional embodiments, the first verification information comprises a first proof of transaction;

the receipt request verification module 302 is further configured to: splitting the first transaction certificate to obtain all index bits i, P (x)_i,m_i)、P(x_i,m_i-k_i) And S_i(ii) a Confirming that for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, then confirm that

To confirm that the cryptograph transaction amount meets the rules; wherein k is_i＝2ⁱ。

In some alternative embodiments, the apparatus further comprises a currency list creation module 309,

the currency list establishing module 309 is configured to establish a currency list for storing currency, a currency hash value, and a corresponding relationship therebetween; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information;

the collection update module 304: storing the transaction currency and the hash value of the transaction currency to the confirmed currency list;

the transfer data structure including a hash value of the transaction currency, the transfer data structure further including a hash value of the change currency and a hash value of the digital currency within the currency subset;

the payment request validation module 306 is further configured to: searching and confirming that the transaction currency is stored in the confirmed currency list according to the hash value of the transaction currency, searching and confirming that the currency in the currency subset is stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirming that the sum of the ciphertext transaction amount and the ciphertext change amount is equal to the total ciphertext amount of the digital currency in the currency subset;

the payment update module 308 is further configured to: after the transaction currency is found according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the non-spent currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the non-spent currency list to the spent currency list, and the change-making currency and the hash value thereof are stored in the non-spent currency list.

The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (16)

1. A digital currency based transaction method, comprising:

the method comprises the steps that a receiving end encrypts received plaintext transaction amount to obtain ciphertext transaction amount, first verification information used for verifying the ciphertext transaction amount is generated, then a receiving request is generated, and the receiving request is broadcasted; the receiving request comprises the ciphertext transaction amount and the first verification information;

after receiving the money receiving request, the node confirms that the cipher text transaction amount accords with the rule according to the first verification information, then stores the money receiving request in a block chain, and updates a money list according to the money receiving request;

after the payment end acquires the payment request from the block chain, decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount, calculating a plaintext change amount according to the plaintext transaction amount and the currency list, encrypting the plaintext change amount to obtain a ciphertext change amount, generating second verification information for verifying the ciphertext change amount, generating a transfer data structure, and then generating a payment request and broadcasting the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure;

after receiving the payment request, the node confirms that the ciphertext change amount accords with the rule according to the second verification information, confirms that the currency list accords with the rule according to the transfer data structure, stores the payment request into the block chain, and updates the currency list according to the transfer data structure;

wherein, the step that the payment terminal calculates the clear text change amount according to the clear text transaction amount and the currency list comprises the following steps: the payment end selects the digital currency with the payee as the payment end and the total clear text amount greater than or equal to the clear text transaction amount from the currency list, then the digital currency forms a currency subset, and the clear text transaction amount is subtracted from the total clear text amount to obtain the clear text change amount;

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information; the step of generating the transfer data structure by the payment terminal comprises the following steps: the payment end generates a transfer data structure containing the hash value of the transaction currency, the hash value of the change currency, and the hash values of each digital currency in the subset of currency.

2. The method of claim 1, wherein the step of the recipient encrypting the received plaintext transaction amount to obtain the ciphertext transaction amount comprises:

the receiving end generates a transaction private key used for receiving the money;

the collection end stores a base point value, and the base point value is encrypted and calculated by using a base point encryption algorithm to obtain a base point check value;

the receiving end calculates the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value.

3. The method of claim 2,

the first authentication information comprises a first transaction proof;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the receiving end carries out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n;

the receiving end randomly splits the transaction private key x according to a preset number n to obtain

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

the receiving end is according to P (x) for each index bit_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ；

The receiving end uses the x for each index bit_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i；

The receiving end transmits all the index bits and the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

4. The method of claim 3, wherein the step of the node confirming that the ciphertext transaction amount complies with the rule based on the first verification information comprises:

the node disassembles the first transaction certificate to obtain all the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_i；

Node confirms for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, then confirm that

To confirm that the cryptograph transaction amount meets the rules; wherein k is_i＝2ⁱ。

5. The method of claim 2,

the first authentication information comprises a first communication message;

the step that the receiving end generates first verification information used for verifying the cryptograph transaction amount comprises the following steps:

the method comprises the steps that a collecting end generates a collecting end fixed private key, a paying end fixed public key is obtained, the product of the collecting end fixed private key and the paying end fixed public key is encrypted and calculated by using the base point encryption algorithm to obtain a shared key, then the plaintext transaction amount is spliced with the transaction private key, and the spliced result is encrypted and calculated by using the shared key to generate the first communication message.

6. The method of claim 5, wherein the step of the payer terminal decrypting the ciphertext transaction amount to obtain the plaintext transaction amount based on the first authentication information comprises:

the payment terminal stores the base point value and uses the base point encryption algorithm to encrypt and calculate the base point value to obtain the base point verification value;

and the payment end generates a payment end fixed private key, acquires a collection end fixed public key, uses the base point encryption algorithm to carry out encryption calculation on the product of the payment end fixed private key and the collection end fixed public key so as to obtain a shared key, and then splits the result of carrying out decryption calculation on the first communication message by using the shared key so as to obtain the plaintext transaction amount.

7. The method of claim 1,

before the step of updating the currency list by the node according to the collection request, the method further comprises the following steps: the node establishes a currency list for storing currency, currency hash values and corresponding relations of the currency and the currency hash values; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the step that the node updates the currency list according to the collection request comprises the following steps: the node stores the transaction currency and the hash value of the transaction currency to the confirmed currency list;

before the step of the node storing the payment request to the blockchain, the method further comprises the following steps: the node searches and confirms the transaction currency to be stored in the confirmed currency list according to the hash value of the transaction currency, searches and confirms the digital currency in the currency subset to be stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirms that the sum of the cryptograph transaction amount and the cryptograph change amount is equal to the cryptograph total amount of the digital currency in the currency subset;

the step of the node updating the currency list according to the transfer data structure comprises: after the node finds the transaction currency according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the unconsumed currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the unconsumed currency list to the consumed currency list, and the change-making currency and the hash value thereof are stored in the unconsumed currency list.

8. A digital currency based transaction apparatus, comprising:

the transaction amount encryption module is used for encrypting the received plaintext transaction amount to obtain a ciphertext transaction amount;

the first verification information generation module is used for generating first verification information used for verifying the cryptograph transaction amount;

the collection request sending module is used for generating a collection request and broadcasting the collection request; the receiving request comprises the ciphertext transaction amount and the first verification information;

a receiving module for receiving the receiving request;

the transaction amount decryption module is used for decrypting the ciphertext transaction amount according to the first verification information to obtain the plaintext transaction amount;

the change-making amount calculation module is used for calculating the plaintext change-making amount according to the plaintext transaction amount and the currency list;

the change-making amount encryption module is used for encrypting the plaintext change-making amount to obtain a ciphertext change-making amount;

the second verification information generation module is used for generating second verification information used for verifying the ciphertext change-making amount;

the transfer data structure generating module is used for generating a transfer data structure;

the payment request sending module is used for generating a payment request and broadcasting the payment request; the payment request comprises the ciphertext change making amount, the second verification information and the transfer data structure;

wherein, the change amount calculation module is further used for: selecting digital currency with a payee as a payment end and a total plaintext amount greater than or equal to the plaintext transaction amount from the currency list, forming a currency subset, and subtracting the plaintext transaction amount from the total plaintext amount to obtain a plaintext change amount;

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information; the transfer data structure generation module is further configured to: generating a transfer data structure containing the hash value of the transaction currency, the hash value of the change currency, and the hash values of each digital currency in the subset of currencies.

9. The apparatus of claim 8, wherein the transaction amount encryption module is further configured to: generating a transaction private key used for the collection; storing a base point value, and carrying out encryption calculation on the base point value by using a base point encryption algorithm to obtain a base point check value; calculating the cipher text transaction amount according to a formula q ═ xG + mH; wherein q is the ciphertext transaction amount, x is the transaction private key, m is the received plaintext transaction amount, G is the base point value, and H is the base point verification value.

10. The apparatus of claim 9,

the first authentication information comprises a first transaction proof;

the first verification information generation module is further configured to: carrying out binary splitting on the plaintext transaction amount m according to a preset digit n to obtain

Wherein m is_i＝2ⁱOr m_i0, i represents an index bit, and 0 ≦ i < n; randomly splitting the transaction private key x according to a preset digit n to obtain the transaction private key x

Wherein x₀To x_n-2Are all generated at random and are all generated at random,

for each index bit, according to P (x)_i,m_i)＝x_iG+m_iH and P (x)_i,m_i-k_i)＝x_iG+(m_i-k_i) H calculates P (x)_i,m_i) And P (x)_i,m_i-k_i) (ii) a Wherein k is_i＝2ⁱ(ii) a For each of the index bits, using the x_iThe P (x)_i,m_i) And said P (x)_i,m_i-k_i) Generate ring signature S of the index bit_i(ii) a All the index bits, the P (x)_i,m_i) The P (x)_i,m_i-k_i) And said S_iStitching is performed to obtain the first proof of transaction.

11. The apparatus of claim 9,

the first authentication information comprises a first communication message;

the first verification information generation module is further configured to: generating a fixed private key of a collection end, acquiring a fixed public key of a payment end, carrying out encryption calculation on the product of the fixed private key of the collection end and the fixed public key of the payment end by using the base point encryption algorithm to obtain a shared key, splicing the plaintext transaction amount with the transaction private key, and carrying out encryption calculation on the spliced result by using the shared key to generate the first communication message.

12. The apparatus of claim 11, wherein the transaction amount decryption module is further configured to: storing the base point value, and carrying out encryption calculation on the base point value by using the base point encryption algorithm to obtain the base point check value; generating a fixed private key of a payment end, acquiring a fixed public key of a collection end, carrying out encryption calculation on the product of the fixed private key of the payment end and the fixed public key of the collection end by using the base point encryption algorithm to obtain a shared key, and then splitting the result of carrying out decryption calculation on the first communication message by using the shared key to obtain the plaintext transaction amount.

13. A digital currency based transaction apparatus, comprising:

a receiving module for receiving a receiving request; the collection request comprises a ciphertext transaction amount and first verification information;

the collection request verification module is used for confirming that the cryptograph transaction amount accords with the rule according to the first verification information;

the collection request chaining module is used for storing the collection request to a block chain;

the money receiving updating module is used for updating a money list according to the money receiving request;

a payment request receiving module for receiving a payment request; the payment request comprises a ciphertext change making amount, second verification information and a transfer data structure;

the payment request verification module is used for confirming that the ciphertext change making amount accords with the rule according to the second verification information and confirming that the currency list accords with the rule according to the transfer data structure;

a payment request chaining module for storing the payment request to the blockchain;

a payment update module for updating the currency list according to the transfer data structure;

the collection request comprises transaction currency, and the transaction currency comprises the ciphertext transaction amount and the first verification information; the payment request comprises change making currency, and the change making currency comprises the ciphertext change making amount and the second verification information; the transfer data structure including a hash value of the transaction currency, the transfer data structure further including a hash value of the change currency and a hash value of the digital currency within the currency subset; the currency subset is composed of digital currencies which select a payee as a payer from the currency list and have a total amount in plaintext greater than or equal to a transaction amount in plaintext.

14. The apparatus of claim 13,

the first authentication information comprises a first transaction proof;

the collection request verification module is further configured to: splitting the first transaction certificate to obtain all index bits i, P (x)_i,m_i)、P(x_i,m_i-k_i) And S_i(ii) a Confirming that for each of the index bits, the S_iIs the P (x)_i,m_i) And said P (x)_i,m_i-k_i) And confirming that P (x) is satisfied for each of the index bits_i,m_i)-P(x_i,m_i-k_i)＝k_iH, and then confirming that:

to confirm that the cryptograph transaction amount meets the rules; wherein q is the cryptogram transaction amount, k_i＝2ⁱ。

15. The apparatus of claim 13, further comprising a currency list creation module, wherein,

the currency list establishing module is used for establishing a currency list for storing currency, currency hash values and corresponding relations of the currency and the currency hash values; the currency list comprises an unconsumed currency list, a confirmed medium currency list and a spent currency list;

the collection updating module is also used for: storing the transaction currency and the hash value of the transaction currency to the confirmed currency list;

the payment request validation module is further to: searching and confirming that the transaction currency is stored in the confirmed currency list according to the hash value of the transaction currency, searching and confirming that the currency in the currency subset is stored in the unspent currency list according to the hash value of the digital currency in the currency subset, and confirming that the sum of the ciphertext transaction amount and the ciphertext change amount is equal to the total ciphertext amount of the digital currency in the currency subset;

the payment update module is further to: after the transaction currency is found according to the hash value of the transaction currency, the transaction currency and the hash value thereof are moved from the confirmed currency list to the non-spent currency list, then the currency in the currency subset is found according to the hash value of the digital currency in the currency subset, the currency in the currency subset and the hash value thereof are moved from the non-spent currency list to the spent currency list, and the change-making currency and the hash value thereof are stored in the non-spent currency list.

16. A computer-readable storage medium having computer instructions stored thereon, the computer instructions being executable by a computer or a computer system to cause the computer or computer system to perform the method of any one of claims 1 to 9.

Images