CN108737068B - Cryptocurrency transaction privacy protection method and system based on block chain - Google Patents

Cryptocurrency transaction privacy protection method and system based on block chain Download PDF

Info

Publication number
CN108737068B
CN108737068B CN201810332361.4A CN201810332361A CN108737068B CN 108737068 B CN108737068 B CN 108737068B CN 201810332361 A CN201810332361 A CN 201810332361A CN 108737068 B CN108737068 B CN 108737068B
Authority
CN
China
Prior art keywords
mixed
coin
currency
transaction
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810332361.4A
Other languages
Chinese (zh)
Other versions
CN108737068A (en
Inventor
任伟
肖睿阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Youxin Electronics Co ltd
Original Assignee
China University of Geosciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China University of Geosciences filed Critical China University of Geosciences
Priority to CN201810332361.4A priority Critical patent/CN108737068B/en
Publication of CN108737068A publication Critical patent/CN108737068A/en
Application granted granted Critical
Publication of CN108737068B publication Critical patent/CN108737068B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a cryptocurrency transaction privacy protection method and a cryptocurrency transaction privacy protection system based on a block chain, wherein the method comprises the following steps: forming a mixed currency group, creating a money mixer wallet, currency summarization, sending mixed currency requirements, receiving mixed currency requirements, creating mixed currency transactions, mixing currency transaction signatures, transaction information sending and mixed currency information verification. The method can be used for protecting block chain transaction privacy information, and the designed mixed currency method based on the random node can be used for splitting direct contact between two transaction parties and eliminating the relevance between a sender and a receiver between transaction information, so that the aim of protecting cryptocurrency transaction privacy is fulfilled.

Description

Cryptocurrency transaction privacy protection method and system based on block chain
Technical Field
The invention relates to the technical field of block chains, in particular to a cryptocurrency transaction privacy protection method and system based on a block chain.
Background
For block chain cryptocurrency (e.g., bitcoin) based ledgers, all transaction information is recorded at each participating node in the form of a public ledger. In the public ledger, each transaction message includes: the hash value of the last transaction, the signature of the payer, the wallet address of the payee, the hash value of the transaction and the like. The malicious user can identify the receiver and the sender of the transaction to form association through means of background knowledge attack, transaction map analysis attack and the like, once real account information is leaked, the transaction loses the anonymity effect, and the data privacy security is damaged. How to effectively protect the security of the transaction privacy information on the blockchain is a technical problem which needs to be solved urgently.
Disclosure of Invention
Aiming at the technical problem of effectively protecting the safety of transaction privacy information on a block chain, the invention provides a cryptocurrency transaction privacy protection method and a cryptocurrency transaction privacy protection system based on the block chain, wherein the method comprises the following steps:
s1, forming a mixed coin group: the mixed coin node P of the block chain broadcasts a mixed coin REQUEST MSG _ REQUEST to the nodes of the whole network, m mixed coin nodes P which broadcast the mixed coin REQUEST MSG _ REQUEST in the same time period form a mixed coin group PGROUP, and all mixed coin nodes P randomly generate non-repeated coding in sequenceNumber PiWherein i is more than or equal to 1 and less than or equal to m;
s2, creating a coin mixer wallet, selecting a public large prime number P and a public primitive element g ∈ Zp randomly by a coin mixing group PGROUP, wherein the Zp is a cyclic multiplication group of P-1 order, and each coin mixing node PiAll randomly choose an integer xiAs a piece of the private key of the coin mixer, a coin mixing node P1Calculate out
Figure GDA0002470729490000011
And will y1Is sent to P2,P2Calculate out
Figure GDA0002470729490000012
Figure GDA0002470729490000013
And will y2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure GDA0002470729490000014
Figure GDA0002470729490000015
Mixed bank of coins PGROUP and ymRecording as the complete public key pubkey of the coin mixer, and obtaining the mixed coin group PGROUP through Hash operation according to the complete public key pubkey of the coin mixer
Figure GDA0002470729490000016
Recording as the Address of the wallet of the coin mixer, wherein i is more than or equal to 1 and less than or equal to m, and x is more than or equal to 1 and less than or equal to xi≤p-2;
S3, currency summarization: each node P in the mixed bank of coins PGROUPiThe currencies participating in the mixed currency are generated into the same transaction Co _ Mes and respectively form signatures SIGNPiAfter the Co _ MES is consistent, the output Address of the transaction is the public key Address of the coin mixer, wherein i is more than or equal to 1 and less than or equal to m;
s4, sending a mixed coin requirement: mix coin node PiRandomly selecting any mixed coin node P in the mixed coin group PGROUPjNeed for sending mixed coinsInformation obtaining MiWherein i is more than or equal to 1, j is more than or equal to m, and i is not equal to j;
s5, receiving a mixed coin requirement: mix coin node PjReceiving mixed coin node PiTransmitted mixed currency demand information MiIf mixed money node PjThe residual amount L AST _ Sj participating in the mixed currency is greater than or equal to the mixed currency requirement information MiThe sum Mi _ Si of the money-mixing requirement in (1), then PjReceiving the mixed bank note demand information MiBroadcasting receiving information Rj in PGROUP; if mix coin node PjThe residual amount L AST _ Sj participating in the mixed currency is less than the mixed currency requirement information MiAmount M of money to be mixedi_SiThen P isjPartially receiving the mixed currency demand information MiAnd broadcasting part of the received information Rj in PGROUP, while P isjThe unmet mixed currency demand information Mi' continuously sending the mixed coin request according to step S4, after which PjThe mixed coin is not required to be continuously accessed, wherein i is not less than 1, j is not more than m, and i is not equal to j;
s6, mixed currency transaction creation: when mixing the coin node PiAfter receiving all the received information Rj, verifying whether the received information exists or not, so that the mixed currency node PiAll the sent mixed money requirements are met, whether the target sum on all the received information is equal to all the sum on the money mixer wallet is verified, and if all the received information is verified, one mixed money node P is randomly selectediGenerating mixed currency transaction information FINA L according to all the receiving information R, broadcasting FINA L in PGROUP, returning to the step S4 to resend all mixed currency requirements if the mixed currency transaction information can not pass the verification, wherein i is more than or equal to 1 and less than or equal to m;
s7, mixed currency transaction signature: each mixed coin node PiAll randomly select a secret integer ki,kiAre all relatively prime with P-1, mix coin node P1Calculate out
Figure GDA0002470729490000021
And
Figure GDA0002470729490000022
and will r1、v1Is sent to P2,P2Calculate out
Figure GDA0002470729490000023
Figure GDA0002470729490000024
And
Figure GDA0002470729490000025
and will r2、v2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure GDA0002470729490000026
And
Figure GDA0002470729490000027
Figure GDA0002470729490000028
mix the coin group PGROUP and rmNote as mixed currency device signature 1, mixed currency node P1Calculate s1=(FINAL-vm)*k1 -1mod (p-1) and convert s1Is sent to P2,P2Calculate out
s2=s1*k2 -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1mod (P-1), and so on, and finally mix the currency node PmCalculate sm=(sm-1)*km -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1*...*km -1mod (p-1), mix bank of coins PGROUP and smNote as mixed currency device signature 3, mixed currency node PmCalculate out
Figure GDA0002470729490000029
And d ismIs sent to (P)m-1),(Pm-1) Calculate out
Figure GDA00024707294900000210
And will be (d)m-1) SendingTo (P)m-2) By analogy, the final mixed currency node PmCalculate out
Figure GDA00024707294900000211
Mixed coin set PGROUP and d1Is recorded as a signature 2 of the coin blender,
obtain mixed currency transaction signature SIGN _ FINA L ═ (r)m,d1,sm) Wherein i is more than or equal to 1 and less than or equal to m, and k is more than or equal to 1 and less than or equal to ki≤p-2;
S8, transaction information sending: mix any one of mixed coin node P in coin group PGROUPiThe transaction information FINA L and the mixed currency transaction signature SIGN _ FINA L may be all equal (r)m,d1,sm) Sending the information to an uplink node BP, wherein i is more than or equal to 1 and less than or equal to m;
s9, verifying the mixed currency information, namely obtaining the public key pubkey, the public big prime number p, the public primitive element g, the transaction information FINA L and the signature SIGN _ FINA L by the uplink node BP, and calculating
Figure GDA0002470729490000031
And judging whether ANS is equal to gFINALIf equal, BP puts FINA L into the tile, and if not, BP rejects putting FINA L into the tile.
In the privacy protection method for cryptocurrency transaction based on blockchain of the present invention, the same transaction Co _ Mes in step S3 includes: the mixed currency input address Co _ IP of the transactioniThe amount of mixed currency Co _ S of the transactioniAnd outputting the address Co _ OP of the mixed currency of the transaction and the Hash value Hash _ Co of the mixed currency of the transaction.
In the cryptocurrency transaction privacy protection method based on the blockchain, the mixed currency requirement M in S4iThe method comprises the following steps: mixed currency demand target output address Mi_OPiThe amount M of the mixed bank note required targeti_SiHASH value HASH _ M of mixed currency demand informationi(ii) a The mixed currency requirement MiTarget output address M of medium-mixed currency demandi_OpiSatisfies the following conditions: mix coin node PiHaving at least 2 mutually different output addresses.
In the inventionIn the privacy protection method for cryptocurrency transaction based on the block chain, the residual amount L AST _ Sj participating in mixed currency in S5 comprises the total amount PRE _ S of mixed currency participated by a mixed currency node PjiThe amount of quasi-transaction Rj _ Sj in all the received information Rj broadcast by Pj is subtracted.
In the privacy protection method for the cryptocurrency transaction based on the blockchain, the receiving information Rj in S5 includes: the quasi-input address Rj _ IPj, the quasi-output address Rj _ OPj, the quasi-transaction amount Rj _ Sj and the received information HASH value HASH _ Rj.
In the cryptocurrency transaction privacy protection method based on the blockchain, the unsatisfied mixed currency demand information M in S5i' comprising: unsatisfied output address Mi’_OPi', amount of unsatisfied mixed coins Mi’_Si', unsatisfied HASH value of mixed banknote request information HASH _ Mi’。
In the cryptocurrency transaction privacy protection method based on the blockchain, the mixed currency transaction information FINA L in S6 comprises a mixed currency transaction information input address FINA L _ IPiMixed currency transaction information output address FINA L _ OPiTransaction amount FINA L _ S of mixed currency transaction informationiThe HASH value HASH _ FINA L.
Preferably, the invention further provides a cryptocurrency transaction privacy protection system based on the blockchain, and any one of the cryptocurrency transaction privacy protection methods based on the blockchain is adopted to perform cryptocurrency transaction privacy protection.
The method provides a cryptocurrency transaction privacy protection method and system based on a block chain, which are used for protecting block chain transaction privacy information, and designs a mixed currency method based on random nodes, so that direct contact between two transaction parties can be split, the relevance between a sender and a receiver between transaction information is eliminated, and the aim of protecting cryptocurrency transaction privacy is fulfilled.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of the implementation of an embodiment of the present invention.
Detailed Description
For a more clear understanding of the technical features, objects and effects of the invention, specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings. FIG. 1 is a flow chart of an embodiment of the present invention, including the following steps:
(1) forming a mixed coin group:
in a certain fixed time period, 3 nodes are randomly selected TO broadcast mixed COIN requests (such as IWANT TO MIX SOME COIN) TO nodes of the whole network respectively, the 3 nodes can form a mixed COIN group PGROUP, and the 3 nodes randomly generate serial numbers P in sequence1、P2And P3
(2) Creating a money mixer wallet:
the mixed coin group PGROUP randomly selects 1 mixed coin node, the mixed coin group PGROUP selects a prime number P and a public primitive element g ∈ Zp (for example, randomly selects the mixed coin node P1P is 19 and g is 3).
Each mixed coin node Pi(i ═ 1,2,3) an integer x is randomly choseniAs a chip of a private key of a coin blender (e.g.: x)1=5,x2=7,x3=11)。
Mix coin node P1Calculate out
Figure GDA0002470729490000041
And will y1Is sent to P2,P2Calculate out
Figure GDA0002470729490000042
Figure GDA0002470729490000043
And will y2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure GDA0002470729490000044
Figure GDA0002470729490000045
Mixed bank of coins PGROUP and ymRecording as the complete public key pubkey of the coin mixer, and obtaining the mixed coin group PGROUP through Hash operation according to the complete public key pubkey of the coin mixer
Figure GDA0002470729490000046
Marked as the Address of the wallet of the coin mixer, in the embodiment of the invention, the coin mixing node P1First calculate y1=35mod19 equal to 15 and x is equal to115 to P2,P2Calculate y2=157mod19 equal to 13 and x is equal to213 to P3,P3Calculate y3=1311mod 19-2. mixed bank of coins PGROUP with y3And 2 is recorded as a complete public key pubkey of the currency mixer. And carrying out hash operation on the pubkey by the mixed coin group to obtain a hash (2), and recording the hash (2) as the Address of the coin mixer wallet.
(3) Currency summarization:
each node P in the mixed bank of coins PGROUPi(i 1,2,3) all currencies PRE _ S that each participate in the mixed currencyiGenerating and signing the same transaction Co _ Mes (e.g. input address Co _ Mes _ IP)1Is P1The last transaction hash value, the input amount Co _ Mes _ S1Is P1All money obtained from the previous transaction is inputted to the address Co _ Mes _ IP2Is P2The last transaction hash value, the input amount Co _ Mes _ S2Is P2All money obtained from the previous transaction is inputted to the address Co _ Mes _ IP3Is P3The last transaction hash value, the input amount Co _ Mes _ S3Is P3The output Address Co _ Mes _ OP of all the currencies obtained in the previous transaction is the Address of the money mixer wallet, the HASH value is HASH (Co _ Mes)), and a signature HASH _ Co of the transaction is generated
HashCo_Mes_IP1||Co_Mes_S1||Co_Mes_IP2||Co_Mes_S2||Co_Mes_IP3||Co_Mes_S3| Co _ Mes _ OP), the output Address of the transaction is the Address of the public key of the coin mixer.
(4) Sending a mixed coin requirement:
mix coin node Pi(i ═ 1,2,3) each generate a mixed banknote request MiAnd randomly selecting another mixed coin node P in the mixed coin group PFROUP separatelyj(i ≠ j) sending mixed currency requirement Mi
The following mixed coin node P1Sending the mixed currency requirement as an example:
suppose mixed currency node P1The original plan uses 5 coins for coin mixing.
Thus, the coin mixing node P1Creating a Mixed banknote requirement M1(wherein: the mixed currency demand target output address M1_ OP1Is W1The amount M of the mixed currency required target1_S1Is 5 coins, information hash value M1_HASH1Is hash (W)1||5))。
Mix coin node P1Randomly selecting another mixed coin node P in PGROUP2Sending mixed currency demand M1
(5) Receiving a mixed coin requirement:
mix coin node Pi(i ≠ 1,2,3) receives different mixed currency demands Mj (i ≠ j) independently, and sends different receiving information R after the money amount is judgedjAnd the unsatisfied mixed currency demand information Mi’。
In the following with P2Receive P successively3Transmitted mixed currency requirement M3And P1Transmitted mixed currency requirement M1For example, the following steps are carried out:
suppose mixed currency node P2The original plan uses 6 coins for coin mixing.
Suppose mixed currency node P3Originally planned to use 2 coins to mix coins. Wherein, the mixed currency requests M3Comprises the following steps: mixed currency demand target output address M3_OP3Is W3The amount M of the mixed currency required target3_S3Is 2 coins, information HASH value HASH3Is hash (W)3||2)。
When P is present2Receive M3After, because of P 26 coins participating in mixed coins are larger than M3The number of the mixed coins is 2, so P2Selecting to receive the mixed currency demand information M3And broadcasting reception information R in PGROUP21(wherein: the quasi-input address R21_IP21Is Co _ Mes _ IP2Quasi output address R21_OP21Is w3Quasi-transaction amount R21_S21For 2 coins, receive information HASH value HASH _ R21Is hash (Co _ Mes _ IP)2||w3||2))。
When P is present3Receive M1After, because of P2Has broadcast reception information R21Giving 4 coins, so P2The remaining sum of the participating mixed coins is L AST _ S26-2-4 coins. But 4 coins are less than M1Mixed currency demand information M of Zhonghui1The mixed coins in (1) are 5, so P2Partially receiving the mixed currency demand information M1And broadcasts partial reception information R in PGROUP22(wherein: the quasi-input address R21_IP22Is Co _ Mes _ IP2Quasi output address R21_OP22Is w1Quasi-transaction amount R21_S22For 4 coins, receive information HASH value HASH _ R22Is hash (Co _ Mes _ IP)2||w1||4))。
Because M is1Above 1 coin is not received, so P2For this purpose, unmet mixed currency requirement information M is created2' (where the output address M is not satisfied2’_OP2Is' w1Amount of unsatisfied mixed banknotes M2’_S2' 1 currency, unsatisfied HASH value of mixed currency requirement information HASH _ M2' is hash (w)11)) and randomly selects another node to send the message M2’。
(6) Creating a mixed currency transaction:
all mixed money node PiAll broadcasted information can be received (i-1, 2, 3). Each mixed coin node PiWhether all the coin mixing requirements sent by the coin mixer are met or not is verified, and whether the target sum on all the received information is equal to all the sums on the coin mixer or not is verified.
When each mixed coin node PiAfter (i ═ 1,2 and 3) verification is successful, one mixed coin node (for example, P) is randomly selected3) Generating mixed currency transaction information FINA L (wherein, the mixed currency transaction information input Address FINA L _ IP is Address, the mixed currency transaction output Address FINA L _ OP is the mixed currency transaction) according to all the received information RiFor receiving the information R in its entiretyiAll quasi output addresses (e.g., w)1,w2,w3,w4,w5,w6,w7) The HASH value HASH _ FINA L of the mixed currency transaction information is HASH (Address | | | w)1||w2||w3||w4||w5||w6||w7))。
(7) Mixed currency transaction signature:
each mixed coin node PiAll randomly select a secret integer ki,kiAre all coprime with P-1, and each mixed coin node P in the embodiment of the inventioni(i ═ 1,2,3) each randomly chosen a secret integer kiWherein k isiCoprime with p-1 ═ 18 (e.g.: k)1=5,k2=7,k313). Then k is1 -1=6,k2 -1=3,k3 -1=3.
Mix coin node P1Calculate out
Figure GDA0002470729490000061
And
Figure GDA0002470729490000062
and will r1、v1Is sent to P2,P2Calculate out
Figure GDA0002470729490000063
And
Figure GDA0002470729490000064
and will r2、v2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure GDA0002470729490000065
And
Figure GDA0002470729490000066
Figure GDA0002470729490000067
mix the coin group PGROUP and rmS is calculated by a mixed coin node P1 and is marked as a mixed coin device signature 11=(FINAL-vm)*k1 -1mod (p-1) and convert s1Is sent to P2,P2Calculate out
s2=s1*k2 -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1mod (P-1), and so on, and finally mix the currency node PmCalculate sm=(sm-1)*km -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1*...*km -1mod (p-1), mix bank of coins PGROUP and smNote as mixed currency device signature 3, mixed currency node PmCalculate out
Figure GDA0002470729490000068
And d ismIs sent to (P)m-1),(Pm-1) Calculate out
Figure GDA0002470729490000069
And will be (d)m-1) Is sent to (P)m-2) By analogy, the final mixed currency node PmCalculate out
Figure GDA00024707294900000610
Mixed coin set PGROUP and d1Is recorded as a signature 2 of the coin blender,
obtain mixed currency transaction signature SIGN _ FINA L ═ (r)m,d1,sm) Wherein i is more than or equal to 1 and less than or equal to m, and k is more than or equal to 1 and less than or equal to ki≤p-2;
In the embodiment of the invention, the mixed currency node P1Calculate r1=35mod19=15,v1=5*35mod19 to 18, and r is1=15,v118 to P2,P2Calculate r2=157mod19=13,v2=18*7*37mod19 to 5 and r2=13,v2Is sent to P53,P3Calculate r3=1313mod19=15,v3=5*11*313mod19 ═ 10. Thus, the mixer signature 1 is 15.
Mix coin node P1Calculate s1(FINA L-10) × 6mod18 and send to P2,P2Calculate s2(FINA L-10) × 18mod18 and sent to P3,P3Calculate s3(FINA L-10) × 54mod18, then s3Signature 3 for the banknote mixer.
Mix coin node P3Calculate d3=35mod19 equal to 15 and d3Is sent to P2,P2Calculate d2=157mod19 ═ 13 and d2Is sent to P1,P1Calculate d1=1313mod 19-15. Thus, the mixer signature 2 is 15.
Finally, the mixed currency transaction signature is (15,15, (FINA L-10) × 54mod 18).
(8) And (3) sending transaction information:
any one mixed coin node P in mixed coin group PGROUPi(i ═ 1,2,3) can each send transaction information FINA L and a mixed currency transaction signature (15,15, (FINA L-10) × 54mod18) to the uplink node BP.
(9) And (3) mixed currency information verification:
after receiving the transaction information FINA L and the mixed currency transaction signature (15,15, (FINA L-10) × 54mod18), the uplink node BP calculates ANS 2 according to the public key pubkey 2, p 19, g 315*15(FINAL-10)*54Because ANS 2FINALEqual, BP puts FINA L into the tile.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (7)

1. A cryptocurrency transaction privacy protection method based on a block chain is characterized by comprising the following steps:
s1, forming a mixed coin group: the mixed coin node P of the block chain broadcasts a mixed coin REQUEST MSG _ REQUEST to the nodes of the whole network, m mixed coin nodes P which broadcast the mixed coin REQUEST MSG _ REQUEST in the same time period form a mixed coin group PGROUP, and all mixed coin nodes P randomly generate non-repeated serial numbers P in sequenceiWherein i is more than or equal to 1 and less than or equal to m;
s2, creating a coin mixer wallet, selecting a public large prime number P and a public primitive element g ∈ Zp randomly by a coin mixing group PGROUP, wherein the Zp is a cyclic multiplication group of P-1 order, and each coin mixing node PiAll randomly choose an integer xiAs a piece of the private key of the coin mixer, a coin mixing node P1Calculate out
Figure FDA0002470729480000011
And will y1Is sent to P2,P2Calculate out
Figure FDA0002470729480000012
Figure FDA0002470729480000013
And will y2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure FDA0002470729480000014
Figure FDA0002470729480000015
Mixed bank of coins PGROUP and ymRecording as the complete public key pubkey of the coin mixer, and obtaining the mixed coin group PGROUP through Hash operation according to the complete public key pubkey of the coin mixer
Figure FDA0002470729480000016
Recording as the Address of the wallet of the coin mixer, wherein i is more than or equal to 1 and less than or equal to m, and x is more than or equal to 1 and less than or equal to xi≤p-2;
S3, currency summarization: each node P in the mixed bank of coins PGROUPiThe currencies participating in the mixed currency are generated into the same transaction Co _ Mes and respectively form signatures SIGNPiAfter the Co _ MES is consistent, the output Address of the transaction is the public key Address of the coin mixer, wherein i is more than or equal to 1 and less than or equal to m;
s4, sending a mixed coin requirement: mix coin node PiRandomly selecting any mixed coin node P in the mixed coin group PGROUPjSending mixed currency demand information MiWherein i is more than or equal to 1, j is more than or equal to m, and i is not equal to j;
s5, receiving a mixed coin requirement: mix coin node PjReceiving mixed coin node PiTransmitted mixed currency demand information MiIf mixed money node PjResidual L AST _ S of participating in mixed coinsjGreater than or equal to mixed currency demand information MiAmount M of money to be mixedi_SiThen P isjReceiving the mixed bank note demand information MiAnd broadcasting reception information R in PGROUPj(ii) a If mix coin node PjResidual L AST _ S of participating in mixed coinsjLess than mixed currency demand information MiAmount M of money to be mixedi_SiThen P isjPartially receiving the mixed currency demand information MiAnd broadcasts partial reception information R in PGROUPjWhile P isjThe unmet mixed currency demand information Mi' continuously sending the mixed coin request according to step S4, after which PjThe mixed coin is not required to be continuously accessed, wherein i is not less than 1, j is not more than m, and i is not equal to j;
s6, mixed currency transaction creation: when mixing the coin node PiReceiving all reception information RjThen, whether the receiving information exists is verified, so that the mixed currency node PiAll the sent mixed money requirements are met, whether the target sum on all the received information is equal to all the sum on the money mixer wallet is verified, and if all the received information is verified, one mixed money node P is randomly selectediGenerating mixed currency transaction letter according to all received information RF, FINA L, and broadcasting FINA L in PGROUP, if the verification can not be passed, returning to the step S4 to resend all mixed coin requirements, wherein i is more than or equal to 1 and less than or equal to m;
s7, mixed currency transaction signature: each mixed coin node PiAll randomly select a secret integer ki,kiAre all relatively prime with P-1, mix coin node P1Calculate out
Figure FDA0002470729480000021
And
Figure FDA0002470729480000022
and will r1、v1Is sent to P2,P2Calculate out
Figure FDA0002470729480000023
Figure FDA0002470729480000024
And
Figure FDA0002470729480000025
and will r2、v2Is sent to P3By analogy, the final mixed currency node PmCalculate out
Figure FDA0002470729480000026
And
Figure FDA0002470729480000027
Figure FDA0002470729480000028
mix the coin group PGROUP and rmNote as mixed currency device signature 1, mixed currency node P1Calculate s1=(FINAL-vm)*k1 -1mod (p-1) and convert s1Is sent to P2,P2Calculate s2=s1*k2 -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1mod (P-1), and so on, and finally mix the currency node PmCalculate sm=(sm-1)*km -1mod(p-1)=(FINAL-vm)*k1 -1*k2 -1*...*km -1mod (p-1), mix bank of coins PGROUP and smNote as mixed currency device signature 3, mixed currency node PmCalculate out
Figure FDA0002470729480000029
And d ismIs sent to (P)m-1),(Pm-1) Calculate out
Figure FDA00024707294800000210
And will be (d)m-1) Is sent to (P)m-2) By analogy, the final mixed currency node PmCalculate out
Figure FDA00024707294800000211
Mixed coin set PGROUP and d1Is recorded as a signature 2 of the coin blender,
obtain mixed currency transaction signature SIGN _ FINA L ═ (r)m,d1,sm) Wherein i is more than or equal to 1 and less than or equal to m, and k is more than or equal to 1 and less than or equal to ki≤p-2;
S8, transaction information sending: mix any one of mixed coin node P in coin group PGROUPiThe transaction information FINA L and the mixed currency transaction signature SIGN _ FINA L may be all equal (r)m,d1,sm) Sending the information to an uplink node BP, wherein i is more than or equal to 1 and less than or equal to m;
s9, verifying the mixed currency information, namely obtaining the public key pubkey, the public big prime number p, the public primitive element g, the transaction information FINA L and the signature SIGN _ FINA L by the uplink node BP, and calculating
Figure FDA00024707294800000212
And judging whether ANS is equal to gFINALIf the two blocks are equal, the BP puts FINA L into the block, and if the two blocks are not equal, the BP refuses to put FINA L into the block;
the mixed currency transaction information FINA L in S6 comprises a mixed currency transaction information input address FINA L _ IPiMixed currency transaction information output address FINA L _ OPiTransaction amount FINA L _ S of mixed currency transaction informationiThe HASH value HASH _ FINA L.
2. The method according to claim 1, wherein the same transaction Co _ Mes in step S3 includes: the mixed currency input address Co _ IP of the transactioniThe amount of mixed currency Co _ S of the transactioniAnd outputting the address Co _ OP of the mixed currency of the transaction and the Hash value Hash _ Co of the mixed currency of the transaction.
3. The method according to claim 1, wherein the cryptocurrency transaction privacy protection method based on the blockchain is characterized in that the mixed currency requirement M in S4iThe method comprises the following steps: mixed currency demand target output address Mi_OPiThe amount M of the mixed bank note required targeti_SiHASH value HASH _ M of mixed currency demand informationi(ii) a The mixed currency requirement MiTarget output address M of medium-mixed currency demandi_OpiSatisfies the following conditions: mix coin node PiHaving at least 2 mutually different output addresses.
4. The method of claim 1, wherein the cryptocurrency transaction privacy protection based on block chaining,
s5, the surplus L AST _ S of the mixed currencyjThe method comprises the following steps: mix coin node PjTotal amount PRE _ S participating in mixed currencyiMinus PjBroadcast total reception information RjAmount of quasi-transaction R in (1)j_Sj
5. The method of claim 1, wherein the cryptocurrency transaction privacy protection based on block chaining,
receiving information R in S5jThe method comprises the following steps: quasi-input address Rj_IPjQuasi-output address Rj_OPjAmount of transaction Rj_SjReceiving information HASH value HASH _ Rj
6. The method for privacy protection of cryptocurrency transactions according to claim 1, characterized in that the unmet mixed currency requirement information M in S5i' comprising: unsatisfied output address Mi’_OPi', amount of unsatisfied mixed coins Mi’_Si', unsatisfied HASH value of mixed banknote request information HASH _ Mi’。
7. A block chain-based cryptocurrency transaction privacy protection system, characterized in that the cryptocurrency transaction privacy protection method according to any one of claims 1 to 6 is adopted to perform cryptocurrency transaction privacy protection.
CN201810332361.4A 2018-04-13 2018-04-13 Cryptocurrency transaction privacy protection method and system based on block chain Active CN108737068B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810332361.4A CN108737068B (en) 2018-04-13 2018-04-13 Cryptocurrency transaction privacy protection method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810332361.4A CN108737068B (en) 2018-04-13 2018-04-13 Cryptocurrency transaction privacy protection method and system based on block chain

Publications (2)

Publication Number Publication Date
CN108737068A CN108737068A (en) 2018-11-02
CN108737068B true CN108737068B (en) 2020-08-07

Family

ID=63938886

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810332361.4A Active CN108737068B (en) 2018-04-13 2018-04-13 Cryptocurrency transaction privacy protection method and system based on block chain

Country Status (1)

Country Link
CN (1) CN108737068B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110033261B (en) * 2018-12-26 2021-07-13 创新先进技术有限公司 Block chain data processing method, device and system
WO2021081866A1 (en) * 2019-10-31 2021-05-06 深圳市网心科技有限公司 Transaction method, device, and system based on account model, and storage medium
CN111680735B (en) * 2020-06-02 2022-09-06 浙江大学 Mixed currency service analysis method based on heuristic transaction analysis
CN111698084B (en) * 2020-06-04 2021-02-05 电子科技大学 Block chain-based concealed communication method
CN113450091B (en) * 2021-06-21 2023-06-02 北京理工大学 Alliance chain privacy protection method based on mixer technology
CN115021946B (en) * 2022-08-09 2022-10-21 西南石油大学 Method for removing centralized mixed coins based on ring signature

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11488147B2 (en) * 2015-07-14 2022-11-01 Fmr Llc Computationally efficient transfer processing and auditing apparatuses, methods and systems
JP6355168B2 (en) * 2015-11-09 2018-07-11 日本電信電話株式会社 Block chain generation device, block chain generation method, block chain verification device, block chain verification method and program
CN106097073A (en) * 2016-06-20 2016-11-09 深圳市淘淘谷信息技术有限公司 A kind of block chain gives the method for the numeral exclusive ID of account trading process
CN106296138A (en) * 2016-08-09 2017-01-04 西安电子科技大学 Bit coin payment system based on Partial Blind Signature technology and method thereof
CN106549749B (en) * 2016-12-06 2019-12-24 杭州趣链科技有限公司 Block chain privacy protection method based on addition homomorphic encryption
CN106651331B (en) * 2016-12-22 2019-11-29 飞天诚信科技股份有限公司 A kind of electronic trade method and system based on digital cash
CN107833052B (en) * 2017-10-27 2021-02-02 南京物联传感技术有限公司 Block chain-based aggregated payment system and working method

Also Published As

Publication number Publication date
CN108737068A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
CN108737068B (en) Cryptocurrency transaction privacy protection method and system based on block chain
CN110391911B (en) System and method for anonymously voting block chain
Chen et al. Concurrent signatures
US6292897B1 (en) Undeniable certificates for digital signature verification
CA2330749C (en) Private key validity and validation
Gennaro et al. RSA-based undeniable signatures
Gennaro et al. RSA-based undeniable signatures
US9240884B2 (en) Method and apparatus for verifiable generation of public keys
KR960042341A (en) Authentication exchange method, restoration digital signature method, supplementary digital signature method, key exchange method, restoration multiple digital signature method, supplementary multiple digital signature method and blind digital signature method
GB2490407A (en) Joint encryption using base groups, bilinear maps and consistency components
Naganuma et al. Auditable zerocoin
CN114219491A (en) Block chain-oriented privacy transaction method and related device
CN115238294A (en) Digital RMB transaction privacy protection method, system and device based on mixed currency protocol
Krawczyk et al. Chameleon hashing and signatures
Alupotha et al. Aggregable confidential transactions for efficient quantum-safe cryptocurrencies
LU100142B1 (en) Electronic communication and access-control method
JP2003513480A (en) A method for proving the authenticity of an entity and / or the integrity of a message
CN115549890A (en) Block chain secret transaction method
JP2004526387A (en) Ring-based signature scheme
Huang et al. Ambiguous optimistic fair exchange: Definition and constructions
CN114844622A (en) Private transaction generation and verification method and system based on block chain
CN114362962A (en) Block chain workload proof generation method
KR100349418B1 (en) Method for preventing abuse in blind signatures
CN111539719A (en) Auditable mixed currency service method and system model based on blind signature
Wirachantika et al. Strengthening fawkescoin against double spending attack using merkle tree

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210419

Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Yami Technology (Guangzhou) Co.,Ltd.

Address before: 430000 No. 388 Lu Lu, Hongshan District, Hubei, Wuhan

Patentee before: CHINA University OF GEOSCIENCES (WUHAN CITY)

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221125

Address after: 518000 Room 101, science and technology building, Futian international e-commerce Industrial Park, 105 Meihua Road, Meilin street, Futian District, Shenzhen, Guangdong Province

Patentee after: Shenzhen Youxin Electronics Co.,Ltd.

Address before: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Yami Technology (Guangzhou) Co.,Ltd.