Block chain transaction privacy protection method and system
Technical Field
The invention relates to the field of blockchain, in particular to the safety of blockchain transaction privacy and application of the technology in the fields of blockchain finance and the like.
Background
The blockchain technology is a decentralized distributed account book technology originated from bitcoin, facilitates transactions through a technical endorsement rather than a centralized credit mechanism, and has the characteristics of decentralization, no need of central trust, no tampering, encryption safety and the like. The nodes are used as participants of the blockchain system and respectively maintain a copy of data. And the nodes keep the consistency of the backup database data through a consensus algorithm. The reliability of the data of the participants is improved on the premise that the trust is not established among the participants. In the traditional blockchain or bitcoin technology, all data is transparent, including the content of the transaction, the addresses of the sender and the receiver (the addresses of the sender and the receiver in bitcoin provide certain privacy protection, but still reveal some privacy information).
In the financial industry, complete disclosure of data is not feasible and protection of private information is particularly important because of the large number of business secrets and benefits involved with data, sender and receiver information. On the one hand, authorities want to be able to supervise the blockchain and verify illegal transaction activities, and on the other hand, users are concerned about the exposure of details of their transaction activities, which results in that details of personal data and lifestyle may be exposed to unauthorized parties. The challenge posed by the conflict between the need for privacy protection by the user and the authority's right to know and supervise is not trivial. Therefore, the core problem to be solved by the blockchain is: on the premise of providing privacy and data protection, distributed right confirmation and storage are carried out on data, meanwhile, a management node is involved to supervise the transaction, so that the transaction can be tracked and audited.
In the block chain system, a consistent public account book is maintained among all nodes, the account book records relevant information of each node in the system, and the nodes operate the public account book through a certain consensus mechanism. In this case, transaction information of all users in the account book, including other information recorded on the blockchain, is exposed, and the privacy protection problem of the users is generated. The system needs to realize the characteristics of verifiability, history verifiability and the like of the blockchain transaction under the condition of ensuring the privacy of the user, and the validity and the monitorability of the transaction are ensured. The privacy protection methods of the current block chain mainly include the following methods:
the first method comprises the following steps: the privacy protection technology used in the existing block chain system such as bitcoin and ether house only uses a pseudo-anonymity technology for a trading node, a trading party can create a plurality of addresses for trading, each address corresponds to a public key in asymmetric encryption and has no binding relation with the real identity of the trading party, namely, the address of the node is anonymized, the trade details are public and transparent, and the balance of the two trading nodes is directly operated during trading. However, this method does not really guarantee that the node is "anonymous", for example, in the transaction of bitcoin system, the user does not need to use the true name, but uses the public key hash value as the transaction identifier. However, by associating the transaction information with personal information in real life and combining the address information of the service provider and the like with the public account book, the address can correspond to the personal user, all consumption records and the like of the personal user are exposed without leaving behind, and serious privacy problems of the user are brought.
And the second method comprises the following steps: the balance on the public ledger is directly encrypted, only the node or the related party giving the right can see the transaction information, the other nodes cannot operate the data, and the ledger information is difficult to keep consistency. For example, Chinaledger proposes a scheme based on a Central Counterparty (CCP), wherein a transaction initiator encrypts a transaction by using a public key of the CCP, submits the transaction to the CCP after signing, and the CCP realizes decryption, signature verification and balance verification and realizes transfer amount transfer after a user passes the account if the transaction is valid. In the method, other nodes can only carry out endorsement transaction but cannot carry out endorsement balance, the scheme protects the privacy of node users, but is over centralized, and the whole system depends on credit transaction of CCP. A privacy protection scheme based on a state bypass (Statechannel) is also provided by the Ethengfang community, in the transaction process of the scheme, the nodes in the block chain submit the transaction to an intelligent contract, the intelligent contract realizes the encryption of the detail of the intermediate flow, and the other nodes are invisible; when the transaction is completed, the final value allocation scheme is decrypted and returned to the rest of the blockchain nodes. But this method only protects the privacy of the intermediate process part and the gross change of the transaction is also transparent to all nodes.
Thirdly, the method comprises the following steps: and the privacy is ensured by using an encryption method such as addition homomorphic encryption technology or zero-knowledge proof. The additive homomorphic encryption is an asymmetric encryption for numerical values, and ciphertexts obtained after the numerical value A, B, C is encrypted are Enc (A), Enc (B) and Enc (C), and have the characteristics that: if a + B ═ C, enc (a) + enc (B) ═ enc (C). For example, in the invention patent "a block chain privacy protection method based on addition homomorphic encryption" with patent number "CN 106549749A", the following scheme is disclosed: on a block chain network, a transaction request node initiates a transaction, and after the verification of the whole network node, a transaction receiver receives a transaction amount and completes the transaction, wherein the transaction encryption method specifically comprises the following steps: generating a homomorphic key; splitting the visible balance of the account of the sender into a transaction amount and a residual balance; encrypting the transaction amount and the residual balance by using the homomorphic public key of the whole network, and recording as ciphertexts X1 and X2; encrypting the transaction amount by using the public key of the receiver to obtain a ciphertext Y1; the sender initiates a transaction, and the transaction content comprises three fields of X1, X2 and Y1; the whole network node verifies the transaction information and maintains a public account book; the visible balance of the recipient is updated. The scheme realizes the function of hiding the transaction amount and the user balance on the blockchain by using the addition homomorphic encryption technology, and hopefully solves the problem that the real transfer amount is exposed in the traditional blockchain transaction to realize the privacy protection function on the blockchain. However, the scheme cannot confirm the consistency of the transaction and lacks a verification link for the transaction validity. In addition, ZCAh provides complete identity privacy protection and transaction content privacy protection by using a zero-knowledge proof technology on the basis of bitcoin. In the ZCAh system, the transaction has "zero knowledge" and neither the address of the transaction parties nor the transaction amount is exposed. Since the zero knowledge proof belongs to a complex cryptographic protocol, its introduction can greatly affect performance and lack supervision of relevant authorities.
In summary, in the existing block chain privacy protection schemes, none of the existing block chain privacy protection schemes can provide privacy data protection, and at the same time, distributed right confirmation and management can be performed on data, and the efficacy of monitoring transactions can be further satisfied.
Disclosure of Invention
The invention aims to provide a block chain transaction privacy protection method, which aims to solve the technical problems that no scheme in the prior art provides privacy data protection, distributed right confirmation and management can be performed on data, and transaction supervision can be met.
That is, in existing blockchain systems, all nodes maintain one and the same common ledger. If the account book information changes, the consistency is kept through a certain consensus mechanism. In this process, if the private information recorded in the account book is publicly transparent, the privacy of the node user is seriously damaged. In some scenarios, particularly in the financial industry, strict privacy protection of private information between blockchain system nodes is desirable because of the large number of business secrets and interests involved. While privacy protection is carried out, third-party supervision and audit are also guaranteed to prevent illegal behaviors.
The invention provides a block chain transaction privacy protection method, which is characterized by comprising the following steps:
creating a transaction group among nodes of the block chain system, wherein a user can create an account on the block chain node, and the node generates account public and private key information and then joins the transaction group; the management node issues a group public key and a group certificate for each node, and the management node holds a group private key;
the transaction request node encrypts transaction information by using a broadcast encryption algorithm, wherein the broadcast encryption algorithm specifies a billing node and a management node to allow the encrypted content to be viewed; performing group signature on the encrypted transaction information by using a group signature algorithm so that the transaction information can be anonymously transmitted; then, the transaction information which is encrypted and group-signed is broadcasted;
the common non-accounting node broadcasts transaction information after using the group public key for verification; the accounting node decrypts the transaction information and executes the intelligent contract to perform accounting processing, the intelligent contract stores the processing result, meanwhile, the public keys of the transaction request node, the accounting node and the management node are used for broadcasting encryption and then are recorded into a public account book, and the stored data only allows the accounting node, the transaction request node and the management node to be opened.
The management node uses the group private key to solve a real account address, tracks the group signature of the group user, and exposes the identity of the signer to realize supervision.
In short, the present invention uses a broadcast encryption algorithm and a group signature algorithm to solve the privacy protection problem in the blockchain system. After the transaction request node packages the transaction, a plurality of receivers can be appointed to view the encrypted content by using a broadcast encryption algorithm, and the group signature allows the node members to send the transaction request in an anonymous mode and supports supervision and audit of a third party.
Firstly, the invention uses a broadcast encryption algorithm, the transaction whole information selects a transaction initiator, a billing node and a management node public key to carry out broadcast encryption, the billing node carries out billing processing by executing an intelligent contract after using a self private key for decryption, and when the intelligent contract stores a processing result, the public key of the transaction initiator, the billing node and the management node is used for carrying out broadcast encryption and then is recorded into a public account book. Only the accounting node, the transaction initiator and the management node can be unlocked and viewed.
Secondly, the invention uses the group signature algorithm, the initiator uses the group signature to replace the digital signature in the transaction, the common non-accounting node can use the group public key to verify the signature, the management node can use the group private key to solve the real account address, track the group signature of the group user and expose the signer identity, thereby realizing the supervision.
Drawings
FIG. 1 is a schematic flow chart of a method for privacy protection of blockchain transactions according to the present invention;
FIG. 2 is a flow chart of an example of a blockchain transaction according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings. The technical scheme of the invention uses broadcast encryption and group signature algorithms to encrypt the private data in the blockchain, four types of nodes are involved in the blockchain system, namely a transaction request node, a non-accounting node (also called a common non-accounting node), an accounting node and a management node, wherein the functions of each type of node in the system are respectively as follows:
firstly, a transaction request node is defined as: node for initiating transaction
In the system, one transaction comprises a transaction request node, an account address of a receiver and transaction content, wherein the account address of the transaction receiver is an intelligent contract address, and the transaction content comprises transaction amount and the like.
The transaction request node needs to encrypt the transaction information, and the structure of encryption is shown in table 1:
TABLE 1
The transaction information is firstly broadcast and encrypted, and then group signature is added, and the specific processing is as follows:
● signing the entire transaction information using the account private key
● transaction information is broadcast encrypted (using the transaction initiator, all accounting nodes, management node public key)
● group-sign the encrypted transaction message ciphertext.
II, common non-accounting nodes: or called non-accounting node, which completes the main function of broadcasting after transaction verification is passed.
And the common non-accounting node needs to import the group public key, after receiving the transaction, the common non-accounting node needs to verify the group signature of the transaction by using the group public key, if the verification is successful, the common non-accounting node broadcasts the group signature, and otherwise, the common non-accounting node does not spread the data.
Thirdly, accounting node: accounting transactions
The accounting node needs to import the group public key, and the accounting node processes as follows:
● verifying the group signature using the group public key, if the verification is successful, proceeding to the next step, otherwise discarding the transaction
● Using the accounting node private key to decrypt the broadcast encrypted transaction ciphertext to prove the internal transaction signature
● checking the account status of the transaction request node from the built-in intelligent contract, and if the account does not exist or the status is abnormal, directly discarding the transaction; checking the state of intelligent contract, if the contract has been deleted, directly discarding the transaction, returning an exception
● executing intelligent contract, modifying according to transaction data, encrypting with public key of account, accounting node and management node, and updating into public account book.
Fourthly, managing the nodes: transaction supervision
The management node has a group private key and can derive the account public key of the group member node from the group signature, so that transaction tracing and auditing are performed.
To sum up, a blockchain transaction privacy protection system includes a plurality of blockchain nodes, where the blockchain system has one or more transaction groups, and a user may create an account on the blockchain node, and join the blockchain node into a group to become a group signature permission node after generating account public and private key information, where the group signature permission node further includes: trade request node, ordinary non-accounting node, accounting node and management node, wherein:
the transaction request node: the system comprises a broadcast encryption algorithm, a group signature algorithm and a group signature algorithm, wherein the broadcast encryption algorithm is used for encrypting transaction information, the group signature algorithm is used for signing the encrypted transaction information, and then the encrypted and group signed transaction information is broadcast; the broadcast encryption algorithm specifies accounting nodes and management nodes to allow the encrypted content to be viewed;
accounting node: the system is used for decrypting the transaction information and executing the intelligent contract to carry out accounting processing, and the intelligent contract stores the processing result, and simultaneously carries out broadcast encryption by using account public keys of the transaction request node, the accounting node and the management node and then records the encrypted result into a public account book;
common non-accounting nodes: for verifying and broadcasting transaction information using the group public key;
a management node: the method is used for solving a real account address by using the group private key, tracking the group signature of the group user and exposing the identity of a signer so as to realize supervision.
Referring to fig. 1, a flow chart of a method for privacy protection of blockchain transactions is shown. It comprises the following steps:
s110: creating a transaction group capable of realizing group signature among nodes of a block chain system;
group signature (group signature) is a prior art, but the applicant applies the group signature technology to the field of blockchain transactions to solve the problem of privacy protection. The implementation of the group signature scheme is done by both group members and group managers, the group management consisting of a group membership manager and a group membership revocation manager. The group membership manager is responsible for the set-up of the system and the joining of the group members. In a group signature scheme, any member of a group can sign a message anonymously on behalf of the entire group, anyone can verify the signature, the signature does not reveal the identity of the signer, and administrators have the ability to trace back the identity of the signer. Like other digital signatures, group signatures are publicly verifiable and can be verified with only a single group public key.
In addition, the invention also adds broadcast encryption to realize the safety of transaction in the transaction data communication process, the broadcast encryption is a cryptosystem for transmitting encryption information to a group of users on an unsafe channel, and the broadcast encryption can lead a sender to select any user set to carry out broadcast encryption, and only authorized users can decrypt ciphertext. Broadcast encryption uses public key encryption of a group of users, and users in the group can decrypt with their own private keys.
In the invention, a transaction group is created among nodes of a blockchain system: the user can create an account on a block chain node, the node generates account public and private key information and then joins in a group, a group public key and a group certificate can be introduced after the audit is passed, the group signature allowing node becomes a group signature allowing node, the group signature allowing node can be divided into a common non-accounting node, a transaction request node, an accounting node and a management node in the group respectively, similarly, all the group signature allowing nodes in the same group have the same group certificate, the group public key can be used for verifying the group signature of the transaction, the verification can be successful, and the transaction data can be broadcasted by the group. The accounting node imports the group public key and the group certificate, and the group private key is only stored by the management node.
S120: the transaction request node encrypts the transaction information by using a broadcast encryption algorithm, performs group signature on the encrypted transaction information by using a group signature algorithm, and then broadcasts the transaction information which is encrypted by the broadcast and subjected to the group signature.
The broadcast encryption algorithm specifies that the accounting node, the management node, is allowed to view the encrypted content.
S130: the group signature allows common non-billing nodes in the nodes to verify and broadcast transaction information using the group public key.
S140: the accounting node decrypts the transaction information and executes the intelligent contract to perform accounting processing, the intelligent contract stores the processing result, meanwhile, the public keys of the transaction request node, the accounting node and the management node are used for broadcasting encryption and then are recorded into a public account book, and the stored data only allows the accounting node, the transaction request node and the management node to be opened.
S150: if necessary, the management node uses the group private key to solve a real account address, tracks the group signature of the group user, and exposes the identity of the signer to realize supervision.
Compared with the existing privacy protection method in the industry, the method has the following advantages:
1) the transaction request node can protect identity privacy in an anonymous mode, meanwhile, examination of the management node is supported, and transaction privacy and traceability are improved.
2) The transaction request node can designate a plurality of receivers to view the encrypted content, and flexibility is improved.
3) The combination of the broadcast encryption technology and the group signature technology can ensure the supervision and audit of a third party on the premise of protecting the privacy of the block chain system.
Examples
In group signature, each user in the same group needs to have a public key, a private key and a group certificate, a group administrator also has the group private key, and all related accounts are in the same group and are uniformly managed by the group administrator.
Account establishment: users can create accounts on the block link points, and the nodes automatically generate public and private key pairs and join in the group. One specific example process is as follows:
a1: a user creates an account on an institution node;
a2: a node generates an account public and private key pair and prompts a user to input a password;
a3: the node generates a public and private key file and stores the public and private key file to the local, and the private key file is encrypted by a password (the password encryption is only one encryption algorithm);
a4: the node initiates an account creation application transaction, the receiver is a built-in intelligent contract and carries an organization ID and an account public key, the intelligent contract stores the account state to be audited, and the key value is an account address, namely the account public key;
a5: for the audit-free mechanism, the next step is directly carried out, otherwise, the group management node needs to call the intelligent contract audit account to add the application of the group;
a6: and issuing a group certificate to the account according to the group private key, and storing the account state as approved by the intelligent contract and storing the group certificate after the member public key is encrypted.
(II) Account logout
B1: the group administrator initiates an account logout transaction, and the receiver is a built-in intelligent contract;
b2: the related nodes execute the intelligent contract and modify the account state into logout;
b3: clearing the account state and simultaneously cleaning the asset account related information;
(III) transaction flow management
During the transaction, three types of participating subjects are mainly involved: transaction nodes, ordinary non-accounting nodes and accounting nodes. The specific transaction flow of the present invention is shown in FIG. 2 below:
s210: the transaction request node locally generates a transaction, and after broadcast encryption and group signature are carried out, the transaction is sent to the network, and the node can select an adjacent ordinary non-accounting node to transmit and route the transaction (or directly connect to an accounting node);
s220: after the ordinary non-accounting node receives the transaction, the transaction is verified by using the group public key. The content of the verification may include the format of the data, the authenticity of the source, etc. If the verification fails, the data is discarded from propagation.
S230: if the verification is passed, the transaction data are forwarded to the adjacent nodes for transaction synchronization. The forwarding node can be a common non-accounting node or an accounting node, and if the common non-accounting node exists, the action of S220 is repeated; if it is a billing node S240 is triggered.
S240: the accounting node first verifies the transaction and if the verification fails, discards the transaction. If the verification is successful, S250 is performed.
S250: and the accounting node uses the node account private key to unlock the transaction ciphertext, reads the transaction content for calculation, and reads and modifies the data of the database according to the result.
S260: the accounting node packs the updated state and the transaction into blocks, and one block comprises one or more transaction messages;
s270: the accounting node synchronizes the block to the neighboring nodes.
S280: and the common non-accounting node verifies the block and stores the block to the local after passing.
S290: when the transaction request node needs to query data, information query is carried out on adjacent (non-accounting or accounting) nodes.
S300: the inquired node returns corresponding data to the transaction request node.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions of one or more of the flowcharts of the above-described flow diagrams.
Although the present invention has been described with reference to the preferred embodiments, it is not intended to limit the scope of the claims, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the invention.