CN108764874B

CN108764874B - Anonymous transfer method, system and storage medium based on block chain

Info

Publication number: CN108764874B
Application number: CN201810477299.8A
Authority: CN
Inventors: 李辉忠; 石翔; 张开翔; 范瑞彬; 马国俊; 刘雪峰; 裴庆祺
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2018-05-17
Filing date: 2018-05-17
Publication date: 2021-09-07
Anticipated expiration: 2038-05-17
Also published as: CN108764874A

Abstract

The invention discloses an anonymous transfer method based on a block chain, which comprises the following steps: the first node initiates a transfer transaction request to the second node and receives public key information returned by the second node; the first node generates transaction information of the transaction and sends the transaction information to the second node, wherein the transaction information comprises a new currency commitment generated based on public key information, a transaction amount encrypted based on the public key information and a zero knowledge certificate; the second node verifies the transaction amount encrypted based on the public key information, and if the transaction amount is verified, the transaction information is published in the block chain network so that the miner can verify and book the transaction; and verifying the certification content in the zero knowledge certification by the miner node, and if the certification is passed, determining that the transaction is valid and recording the transaction information into the block chain. The invention also discloses an anonymous transfer system based on the block chain and a computer readable storage medium. The invention realizes anonymous transfer and ensures the privacy of information of both sides of the transaction based on block chain transfer.

Description

Anonymous transfer method, system and storage medium based on block chain

Technical Field

The invention relates to the technical field of blockchain finance, in particular to a method and a system for anonymous transfer based on blockchain and a computer readable storage medium.

Background

The existing blockchain network is a distributed network consisting of a plurality of participating organizations. Every transaction that occurs between any of the institutions is published over the network and all participating institutions receive and record the transaction, thereby generating an account book. This ledger exists in one copy at each institution and is identical, it is composed in transaction time order and is not tamperproof.

Because the existing transaction information based on the blockchain technology is in a clear text form, and each transfer transaction has a complete information record in each node, the risk of transaction information leakage in non-transaction related parties exists, for example, the transfer transaction information between AB and C is not necessarily leaked to AB.

Disclosure of Invention

The invention mainly aims to provide a block chain-based anonymous transfer method, a block chain-based anonymous transfer system and a computer-readable storage medium, and aims to solve the technical problem of how to avoid non-transaction related parties from obtaining transaction information in block chain-based transfer transactions.

In order to achieve the above purpose, the invention provides an anonymous transfer method based on a block chain, which comprises the following steps:

the first node initiates a transfer transaction request to the second node and receives public key information returned by the second node;

the first node generates transaction information of the transaction and sends the transaction information to the second node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge proof;

the second node verifies the transaction amount encrypted based on the public key information, and if the transaction amount is verified, the second node publishes the transaction information in the block chain network so that a miner can verify and book the transaction;

and the miner node verifies the certification content in the zero knowledge certification, if the certification is passed, the transaction is determined to be valid, and the transaction information is recorded into the block chain.

Optionally, the transaction information further comprises: the old currency serial number, the commitment of the change currency generated for the self by using the self address public key, the first ciphertext obtained by encrypting the random number generating the new currency serial number by using the second node encryption public key, and the second ciphertext obtained by encrypting the transaction amount and the public keys of both parties of the transaction by using the supervision node public key.

Optionally, the verifying, by the second node, the transaction amount encrypted based on the public key information specifically includes:

the second node decrypts the transaction amount encrypted based on the second node encryption public key by using the own decryption private key, decrypts a new coin commitment generated for the second node by using the second node address public key by using the own address private key, and respectively obtains the transaction amount and the new coin denomination;

and verifying whether the current transaction amount is consistent with the new currency denomination, and if so, passing the verification.

Optionally, the verifying content corresponding to the verifying of the proof content in the zero-knowledge proof by the miner node includes:

A. verifying whether the data formats of the old currency and the new currency contain a promise, and if so, determining that the formats of the old currency and the new currency are complete;

B. verifying whether the address public key of the first node corresponds to the address private key one by one, and if so, determining that the identity information of the payer is real;

C. verifying whether the old coin serial number is in one-to-one correspondence with the first node address private key, and if so, determining that the old coin serial number is correctly calculated;

D. verifying whether the old currency promise of the first node exists in the promise Merkle tree or not, and if so, determining that the old currency promise is valid;

E. and verifying whether the sum of the old money sum in the whole block chain network is equal to the sum of the new money sum, and if so, determining that the transaction sum is valid.

Optionally, the anonymous transfer method based on the blockchain further includes:

and the supervision node decrypts the second ciphertext by using the private key of the own party to obtain the transaction amount and the address public keys of the two transaction parties so as to supervise the anonymous transfer transaction.

the first node sends a money purchasing transaction request to a money issuing node, and receives confirmed purchasing information returned by the money issuing node after the money purchasing transaction request is checked;

after receiving the purchase confirmation information, the first node respectively generates a currency serial number and a currency acceptance corresponding to the current currency purchase transaction by using an address private key and an address public key of the first node, and sends the currency serial number, the currency acceptance and a cast currency denomination required by the currency acceptance to a currency issuing node for verification;

the currency issuing node verifies whether the transaction denomination of the current currency purchasing transaction is consistent with the cast currency denomination, if so, cast currency transaction information is generated, and the cast currency transaction information is published in the blockchain network so that a miner can verify and account the current transaction;

wherein the coinage transaction information comprises: the transaction ID generated by the currency issuing node for the current transaction, the currency commitment and the digital signature generated by the currency issuing node for the current transaction.

Further, in order to achieve the above object, the present invention further provides an anonymous transfer method based on a block chain, where the anonymous transfer method based on a block chain includes the following steps:

generating transaction information of the transaction, and sending the transaction information to a second node so that the second node can verify the transaction amount encrypted based on the public key information, wherein the transaction information comprises a new currency commitment generated based on the public key information, the transaction amount encrypted based on the public key information and a zero knowledge certificate;

and if the transaction amount passes the verification, the second node publishes the transaction information in the blockchain network so that the mineworker node verifies the certification content in the zero knowledge certification, and if the zero knowledge certification passes the verification, the mineworker node determines that the transaction is valid and records the transaction information in the blockchain.

Optionally, the public key information includes: the second node address public key and the second node encryption public key;

the transaction information further includes: the old currency serial number, the commitment of the change currency generated for the self by using the self address public key, the first ciphertext obtained by encrypting the random number generating the new currency serial number by using the second node encryption public key, and the second ciphertext obtained by encrypting the transaction amount and the public keys of both parties of the transaction by using the supervision node public key.

after the confirmed purchasing information is received, the address private key and the address public key of the own party are used for respectively generating a currency serial number and a currency acceptance corresponding to the current currency purchasing transaction, and the currency serial number, the currency acceptance and the cast currency denomination required by the currency acceptance are sent to a currency issuing node for verifying whether the transaction denomination and the cast currency denomination of the current currency purchasing transaction are consistent;

if the verification is consistent, the currency issuing node generates coinage transaction information, and publishes the coinage transaction information in the block chain network so that a miner can verify and account the transaction, wherein the coinage transaction information comprises: the transaction ID generated by the currency issuing node for the current transaction, the currency commitment and the digital signature generated by the currency issuing node for the current transaction.

the second node receives the transfer transaction request initiated by the first node and returns public key information to the first node;

receiving transaction information of the transaction generated and sent by a first node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge certificate;

verifying the transaction amount encrypted based on the public key information;

if the transaction amount passes the verification, the transaction information is published in the block chain network so that the mineworker node can verify the certification content in the zero knowledge certification, and if the zero knowledge certification passes the verification, the mineworker node determines that the transaction is valid and records the transaction information into the block chain.

Optionally, the verifying the transaction amount encrypted based on the public key information includes:

Further, to achieve the above object, the present invention further provides an anonymous transfer system based on a blockchain, where the anonymous transfer system includes: a blockchain network, a blockchain, wherein the blockchain network comprises: the system comprises a first node, a second node and a miner node;

the first node is used for initiating a transfer transaction request to the second node and receiving public key information returned by the second node; generating transaction information of the transaction; sending the transaction information to a second node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge proof;

the second node is used for verifying the transaction amount encrypted based on the public key information, and if the transaction amount is verified, the second node publishes the transaction information in the block chain network so that a miner can verify and book the transaction;

and the miner node is used for verifying the certification content in the zero-knowledge certification, and if the certification is passed, the transaction is determined to be valid and the transaction information is recorded into the block chain.

Optionally, the block chain network further includes: a supervisory node; the public key information includes: the second node address public key and the second node encryption public key;

Optionally, the second node is further configured to:

decrypting the transaction amount encrypted based on the second node encryption public key by using the own decryption private key, decrypting a new currency commitment generated for the second node by using the second node address public key by using the own address private key, and respectively obtaining the transaction amount and the new currency denomination; and verifying whether the current transaction amount is consistent with the new currency denomination, and if so, passing the verification.

Optionally, the supervising node is configured to:

and decrypting the second ciphertext by using the private key of the own party to obtain the transaction amount and the public keys of the addresses of the two parties of the transaction so as to supervise the anonymous transfer transaction.

Optionally, the block chain network further includes: a currency-issuing node;

the first node is further configured to: initiating a money purchase transaction request to a money issuing node; after the confirmed purchase information is received, respectively generating a currency serial number and a currency acceptance corresponding to the current currency purchase transaction by using an address private key and an address public key of the own party, and sending the currency serial number, the currency acceptance and the cast currency denomination required by the currency acceptance to a currency issuing node for verification;

the currency-issuing node is for: returning confirmation purchase information to the first node after the currency purchase transaction request is audited; verifying whether the transaction denomination of the current money purchasing transaction is consistent with the cast money denomination, if so, generating cast money transaction information, and publishing the cast money transaction information in a block chain network so that a miner can verify and book the transaction;

Further, to achieve the above object, the present invention also provides a computer readable storage medium storing thereon a block chain-based anonymous transfer program, which when executed by a processor, implements the steps of the block chain-based anonymous transfer method as described in any one of the above.

In the invention, when a first node initiates a transfer transaction to a second node, transaction information of the transaction is generated, the transaction information comprises encrypted transaction amount and zero knowledge proof, and the second node is allowed to decrypt the transaction information for amount verification but not allowed to decrypt the transaction information by a miner node; the miners' nodes can only verify the validity of the transaction by verifying the zero-knowledge proof provided by the first node, so that the transfer transaction on the block chain can be only known by the two parties of the transaction and cannot be decrypted and obtained by other parties, the anonymous transfer is realized, and the privacy of the information of the two parties of the transaction based on the block chain transfer is ensured.

Drawings

FIG. 1 is a functional block architecture diagram of an embodiment of an anonymous transfer system of the present invention;

FIG. 2 is a schematic diagram of an entity structure corresponding to a system model of the anonymous transfer system of the present invention;

FIG. 3 is a schematic flow chart of a first embodiment of the anonymous transfer method based on a blockchain according to the present invention;

FIG. 4 is a flowchart illustrating a second embodiment of a blockchain-based anonymous transfer method according to the present invention;

FIG. 5 is a schematic representation of a coinage flow of an embodiment of the anonymous transfer method under the physical structure shown in FIG. 2;

FIG. 6 is a transfer flow diagram of an embodiment of an anonymous transfer method under the entity structure shown in FIG. 2;

FIG. 7 is a flowchart illustrating a third embodiment of a blockchain-based anonymous transfer method according to the present invention;

FIG. 8 is a schematic flow chart of a fourth embodiment of the anonymous transfer method based on a blockchain according to the present invention;

fig. 9 is a flowchart illustrating a fifth embodiment of the anonymous transfer method based on a blockchain according to the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The invention provides an anonymous transfer system based on a block chain.

Referring to fig. 1, fig. 1 is a functional module architecture diagram of an embodiment of an anonymous transfer system according to the present invention.

In this embodiment, the anonymous transfer system includes a blockchain network and a blockchain, where the blockchain network includes a plurality of nodes, and different nodes correspond to different blockchain participation mechanisms. For example, nodes A, B are each distinct user nodes, while node C is a currency-issuing node, node D is a mineworker node, and node E is a supervising node.

In this embodiment, the anonymous transfer system may implement anonymous transfer between different nodes, and ensure that the transfer transaction on the block chain is only known by both parties of the transaction, and cannot be decrypted and obtained by other parties. The following is an example of the transfer of money from a first node to a second node.

In this embodiment, the first node is configured to initiate a transfer transaction request to the second node, and receive public key information returned by the second node; generating transaction information of the transaction; sending the transaction information to a second node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge proof;

Further, in an embodiment, the public key information includes: the second node address public key and the second node encryption public key;

in this embodiment, the transaction information generated by the first node includes:

A. the first node uses the second node address public key to generate a new currency commitment for the second node;

B. the first node uses the own address public key to generate a change commitment for the own party;

C. the old currency serial number of the old currency promise related to the new currency promise and the change currency promise in the transaction;

D. the first node encrypts a transaction amount and a random number used for generating a new currency serial number by using a second node encryption public key to obtain a first ciphertext;

E. and the first node encrypts the transaction amount and the public keys of the addresses of the two parties of the transaction by using the public key of the monitoring node to obtain a second ciphertext.

In order to ensure that the anonymous transfer meets the financial regulation requirement, in this embodiment, a regulation node may be further accessed in the blockchain network, so as to perform financial regulation on all transactions in the blockchain network.

Optionally, the supervisory node is configured to: and decrypting the second ciphertext by using the private key of the own party to obtain the transaction amount and the public keys of the addresses of the two parties of the transaction so as to supervise the anonymous transfer transaction.

Further, in an embodiment, the second node is further configured to: decrypting the first ciphertext by using a private key of own decryption, and decrypting the promise of the new currency by using a private key of own address to respectively obtain the current transaction amount and the new currency denomination; and verifying whether the current transaction amount is consistent with the new currency denomination, and if so, passing the verification.

Further, in an embodiment, the verifying content corresponding to the verifying of the proof content in the zero-knowledge proof by the miner node includes:

Further, in an embodiment, to implement the management of the money in the blockchain network, the blockchain network further includes: a currency-issuing node;

In order to facilitate understanding of the invention, the relevant basic content of the anonymous transfer of the invention is explained below based on a system model corresponding to the anonymous transfer system of the invention.

In the invention, each node in the block chain network can be divided into three types of users, supervisors and issuers based on different roles. The entity structure corresponding to the system model of the anonymous transfer system of the present invention is shown in fig. 2.

(1) The supervisor supervises all the transactions of the whole system and can see the amount and the flow direction of each transaction clearly.

(2) An issuer is responsible for issuing digital currency to users.

(3) The user, the user in the system conducting a digital currency transaction.

(4) And the user information base stores the information of all users in the system and is independently maintained by a supervisor.

(5) The coinage information base stores information on digital money purchased by all users (assuming that the users purchase digital money from the issuer and then perform transactions in the system), and is maintained by the issuer.

(6) The wallet stores digital currency owned by the user and is independently maintained by the user.

The structural elements of the wallet include < SN, CM, V, ρ, >, where SN denotes a digital currency serial number, CM denotes a commitment: is a series of cryptograms representing a private fund, which may be understood as an encrypted fund. Other nodes cannot deduce the transferor and the transfer amount by commitment. Commitments belong to only one user and can only be spent once, avoiding the double-spending problem by spending the money sequence number that is generated. Other nodes also cannot deduce the corresponding monetary commitments from the currency serial number, V denotes the digital currency denomination, ρ denotes a 256-bit random number: for generating digital currency serial numbers, as well as other information.

(7) And the user public key pool stores public keys of all current legal users of the system.

The structure of the user public key pool is similar to the commitment pool, and a Merkle tree structure is adopted: each user public key is a leaf node in the user public key, and the value of the root node is stored in the block chain.

(8) The commitment pool is used for storing all commitments of the system.

The commitment pool is a Merkle tree structure, each commitment is a leaf node in the commitment pool, and the value of a root node is stored in a block chain.

(9) And the block chain is used for storing the transaction information of the system and the hash values of the commitment pool and the user public key pool.

Each block structure in the block chain comprises: the block sequence number of this block, the hash value of the previous block, the root value of the user public key pool, the root value of the commitment pool, the transaction type and the transaction information, wherein the transaction type comprises: the method comprises the steps of coin casting, whole coin transfer, zero coin transfer and public key pool updating.

(10) Structure of promise of coinage

CM_mint＝(k,g^v+ρV), wherein k ═ H)₂₅₆(a_pk||ρ||v)，a_pkThe user address public key is 256bits, ρ represents a random number of 256bits, and v represents the denomination of the digital currency cast. g is Z^* _pP is a prime number of 160 or more bits.

(11) Structure of transaction commitments

CM_pour＝(k,g^v+ρV), wherein k ═ H)₂₅₆(a_pk||ρ||v)，a_pkA user address public key of 256bits, ρ represents a random number of 256bits, and v represents the denomination of digital currency being traded. g is Z^* _pP is a prime number of 160 or more bits.

(12) Key description

The public key of the supervisor is used for encrypting the transaction amount and the user identity in the transaction information and verifying the signature when the user public key pool is updated;

the private key of the supervisor is used for decrypting the transaction amount and the user identity in the transaction information and signing when the user public key pool is updated;

the address public key of the user is used for generating coin commitment in coin casting and transaction;

the address private key of the user is used for generating the address public key and the coin serial number;

encrypted public key of user: the public key is used for encrypting and transmitting the secret information of the coin during the transaction of the user;

decryption private key of user: and the private key is used for decrypting the coin secret information ciphertext during the transaction of the user.

Based on the functional module architecture and the system model of the anonymous transfer system based on the block chain, the following embodiments of the anonymous transfer method based on the block chain are provided.

Referring to fig. 3, fig. 3 is a flowchart illustrating a first embodiment of an anonymous transfer method based on a blockchain according to the present invention. In this embodiment, the anonymous transfer method based on the blockchain includes the following steps:

step S110, the first node sends a transfer transaction request to the second node and receives public key information returned by the second node;

in this embodiment, after initiating the transfer transaction request, the first node discloses the second node for the anonymous transfer transaction content, so that the public key information provided by the second node is required to be used to encrypt the relevant transaction information, and the second node can decrypt the relevant transaction information, such as the transaction amount.

Step S120, the first node generates transaction information of the transaction, and sends the transaction information to the second node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge proof;

zero knowledge proves that: a proof concept of cryptography. The prover and the verifier negotiate a rule together, in the rule, the prover provides a series of ciphertext to the verifier under the condition that the prover does not expose own private evidence, and the verifier can trust that the prover has corresponding private evidence through verifying the ciphertext, but the verifier cannot know the content of the private evidence.

In this embodiment, to implement anonymous transfer and prevent transaction information from being leaked, the first node generates transaction information and a zero knowledge proof of the current transaction, where the first node may selectively encrypt the relevant transaction information based on a transfer flow requirement in a blockchain to form the transaction information. For example, based on the payee's validation requirements for the transaction amount, the transaction amount is encrypted; and based on the supervision requirements of the supervisor, encrypting the identity information of the two transaction parties and the transaction amount.

In this embodiment, the transaction information generated by the first node includes a commitment of a new currency generated based on the public key information, a transaction amount encrypted based on the public key information, and a zero knowledge proof. The zero-knowledge proof is also a cipher text and is used for verifying the validity of the transaction by the miner node.

Step S130, the second node verifies the transaction amount encrypted based on the public key information, and if the transaction amount is verified, the second node publishes the transaction information in the block chain network so that the miner can verify and book the transaction;

in this embodiment, before publishing the transaction information for the miner node to verify and account, the first node needs to send the generated transaction information and the zero knowledge certificate to the second node to verify the transaction amount, that is, verify whether the transaction amount initiated by the first node is consistent with the currency denomination obtained by the second node, and if so, the verification is passed.

In order to ensure that the second node can successfully decrypt the transaction information, in this embodiment, the first node preferably encrypts the relevant content in the transaction information by using the second node address public key and the encryption public key.

In this embodiment, after the transaction amount is verified, the second node publishes the transaction information and the zero-knowledge certificate to the block chain network, so that each miner node in the network verifies and accounts the transaction.

And step S140, the miner node verifies the certification content in the zero knowledge certification, if the verification is passed, the transaction is determined to be valid, and the transaction information is recorded in the block chain.

The specific content of the zero knowledge proof is not limited in this embodiment, and each mining node verifies the proof content in the zero knowledge proof to verify the validity of the transaction, and after the proof content of the zero knowledge proof is verified, determines that the transaction is valid, and accounts the transaction information in the block chain. Because the miners 'node can not obtain the plaintext contents of the transaction information, such as the identity information and the transaction amount of both transaction parties, and the transaction contents are not exposed to the miners' node in the zero-knowledge proof, the effect that the transaction between the first node and the second node is anonymous relative to other nodes is realized, and the privacy of the transaction information between the first node and the second node is ensured.

In this embodiment, when initiating a transfer transaction to a second node, a first node generates transaction information of the transaction, where the transaction information includes an encrypted transaction amount and a zero knowledge certificate, and allows the second node to decrypt the transaction information for amount verification but not allow a mineworker node to decrypt the transaction information; the miners' nodes can only verify the validity of the transaction by verifying the zero-knowledge proof provided by the first node, so that the transfer transaction on the block chain can be only known by the two parties of the transaction and cannot be decrypted and obtained by other parties, the anonymous transfer is realized, and the privacy of the information of the two parties of the transaction based on the block chain transfer is ensured.

Further, in an embodiment of the anonymous transfer method based on the block chain, in order to ensure that the second node can successfully decrypt the transaction information, in this embodiment, the first node preferably encrypts relevant content in the transaction information by using the second node address public key and the second node encryption public key, and specifically, when a transfer transaction request is initiated to the second node, the second node returns the own address public key and the encryption public key to the first node.

in this embodiment, the old currency commitment, the new currency commitment and the change currency commitment are all one commitment. The commitment is a series of cryptograms representing a private fund, which may be understood as an encrypted fund. Other nodes cannot deduce the transferor and the transfer amount by commitment. Commitments belong to only one user and can only be spent once, avoiding the double-spending problem by spending the money sequence number that is generated. Other nodes may not be able to deduce the corresponding monetary commitment based on the monetary serial number.

In this embodiment, when the first node spends the old coin commitment, it will generate a new coin commitment for the second node and a change coin commitment for itself. Wherein, if the old coin commitment is completely spent, the change coin commitment does not need to be generated.

in this embodiment, the first node encrypts the transaction amount using the encryption public key of the second node, and since only the second node in the whole blockchain network has the corresponding decryption private key, other nodes cannot obtain the private transaction information in the first ciphertext.

Wherein the random number is used for generating a new currency sequence number to avoid double-spending when the second node spends the new currency commitment.

In this embodiment, the first node encrypts the transaction amount using the public key of the supervision node, and since only the supervision node in the whole blockchain network has the corresponding private key, other nodes cannot obtain the private transaction information in the second ciphertext. In addition, the supervision node decrypts the second ciphertext by using the private key of the own party to obtain the transaction amount and the address public keys of the two transaction parties, so that the anonymous transfer transaction can be supervised.

Further, based on the foregoing embodiment, in another embodiment of the present invention, the verifying, by the second node, the transaction amount encrypted based on the public key information includes:

the second node decrypts the transaction amount encrypted based on the second node encryption public key by using the own decryption private key, decrypts a new coin commitment generated for the second node by using the second node address public key by using the own address private key, and respectively obtains the transaction amount and the new coin denomination; and verifying whether the current transaction amount is consistent with the new currency denomination, and if so, passing the verification.

In this embodiment, in order to avoid fraud in the transfer transaction, the second node needs to verify the amount of money of the transaction and the denomination of the new money obtained by the second node, and if the amount of money of the transaction and the denomination of the new money are consistent, the transaction is determined to be valid.

Because the first ciphertext is encrypted by the encryption private key provided by the second node, the second node can decrypt the first ciphertext by using the private key decrypted by the own party to obtain the transaction amount; because the new currency commitment adopts the encryption of the encryption public key provided by the second node, the second node can decrypt the new currency commitment by using the private key of the own address to obtain the new currency denomination.

Further, in another embodiment of the anonymous transfer method based on the blockchain, the verification content corresponding to the miner node corresponds to the certification content in the zero-knowledge certification in a one-to-one manner. In this embodiment, the verification content corresponding to the preferable miner node includes:

in this embodiment, the commitment represents an encrypted private fund, so the data format of the old currency and the new currency must include the commitment, and if the format is incomplete, the transaction is not allowed to be successful.

in this embodiment, the address public key may uniquely identify one node in the whole blockchain network, and therefore, it is only necessary to verify whether the address public key corresponds to the address private key one to one, and it is possible to determine whether the identity information of the payer is real.

In this embodiment, the blockchain network further includes a user public key pool, where the user public key pool adopts a Merkle tree structure and is used to store user public keys in the entire network, each user public key is a leaf node of the Merkle tree, and a value of a root node is stored in the blockchain.

in this embodiment, the currency serial number of the first node is generated by the private key of the own address, and therefore, whether the old currency serial number is correctly calculated can be determined by verifying whether the old currency serial number corresponds to the private key of the first node address one by one.

in this embodiment, the blockchain network further includes a commitment pool, where the commitment pool adopts a Merkle tree structure and is used to store commitments in the entire network, each commitment is a leaf node of the Merkle tree, and a value of the root node is stored in the blockchain. Thus, if the old coin commitment of the first node exists in the commitment Merkle tree, the old coin commitment is determined to be valid.

In this embodiment, new coins can only be generated by consuming old coins without considering new released coins, so if the transaction amount is valid, the sum of the old coins in the entire blockchain network should be equal to the sum of the new coins in the entire blockchain network.

Further, in this embodiment, when the supervisory node participates in the bookkeeping as a miner node, the supervisory node further verifies whether the address public key encrypted by the supervisory public key is the address public key of both the payment parties and whether the amount encrypted by the supervisory public key is the transaction amount, and when the supervisory node and other miner nodes pass the verification, the current transaction can be confirmed to be valid and the block chain bookkeeping is performed.

Referring to fig. 4, fig. 4 is a flowchart illustrating a second embodiment of the anonymous transfer method based on a block chain according to the present invention. In this embodiment, the anonymous transfer method based on the blockchain further includes:

step S210, a first node sends a money purchasing transaction request to a money issuing node, and receives confirmed purchasing information returned by the money issuing node after the money purchasing transaction request is checked;

in this embodiment, the blockchain network further includes a currency issuing node configured to issue digital currency to nodes in the blockchain network.

In this embodiment, after the first node issues the money purchasing transaction request to the money issuing node, the money issuing node needs to verify the money purchasing transaction request, for example, whether the identity of the purchaser is legal, whether the purchase denomination meets the regulatory requirement, and the like, and when the verification is passed, information for confirming the purchase is returned to the first node.

Step S220, after receiving the confirmed purchase information, the first node respectively generates a currency serial number and a currency acceptance corresponding to the current currency purchase transaction by using an address private key and an address public key of the first node, and sends the currency serial number, the currency acceptance and the cast currency denomination required by the currency acceptance to the currency issuing node for verification;

after receiving the confirmed purchase information returned by the currency issuing node, the first node generates a currency serial number corresponding to the current currency purchase transaction by using the address private key of the first node, generates a currency acceptance corresponding to the current currency purchase transaction by using the address public key of the first node, and then sends the currency acceptance to the currency issuing node.

Step S230, the currency issuing node verifies whether the transaction denomination of the current currency purchase transaction is consistent with the cast currency denomination, if so, cast currency transaction information is generated, and the cast currency transaction information is published in the blockchain network, so that a miner can verify and account the current transaction;

In this embodiment, before the current coin purchasing transaction is subjected to accounting, the currency issuing node further needs to verify whether the transaction denomination of the current coin purchasing transaction is consistent with the cast coin denomination, and if so, generates the cast coin transaction information and publishes the same to the blockchain network, so that the miners can verify and account the current transaction.

In order to better understand the anonymous transfer process of the present invention, the following description exemplifies the coinage process and the transfer process involved in the anonymous transfer based on the entity structure diagram corresponding to the system model of the anonymous transfer system shown in fig. 2.

One, coin casting process

As shown in fig. 5, a node user initiates a coinage transaction to an issuer node, and a miner node performs accounting, and the specific implementation flow is as follows:

(1) a user initiates a money purchasing request to an issuer, wherein the request comprises the denomination of all money purchased;

(2) the issuer checks the money purchasing request of the user;

(3) after the audit is passed, the issuer saves the money purchasing information of the user;

(4) the issuer returns confirmation purchase information to the user;

(5) after receiving the confirmed purchasing information, the user generates a promise of purchasing money, and sends the promise and the related information of the promise to the issuer;

(6) the issuer verifies commitments and denominations;

(7) after the verification is passed, the issuer generates the coinage transaction information of the current coin purchase, which comprises the following steps: the issuer is the transaction ID generated by the transaction, the user is the commitment generated by the currency purchase, and the issuer is the signature generated by the currency purchase, wherein the signature objects are the transaction ID generated by the transaction, the serial number of the currency cast at this time and the commitment generated by the currency purchase at this time.

(8) The issuer publishes the current coinage transaction information to the blockchain network;

(9) the miner node verifies whether the transaction is valid;

(10) if the transaction is valid, the miner node records the coin casting transaction information into the block chain.

Second, transfer process

As shown in fig. 6, the node user a performs anonymous transfer to the node user B, and the miner node performs accounting, and the specific implementation flow is as follows:

(1) a user A firstly initiates a transaction request to a user B;

(2) the user B returns the own address public key and the encrypted public key to the user A;

(3) user a generates transaction information, including: the old currency serial number of the new currency, the new currency commitment generated for the user B by using the address public key of the user B, the change currency commitment generated for the user B, a cipher text obtained by encrypting the transaction amount and the random number used for generating the new currency serial number by using the encryption public key of the user B, the cipher text obtained by encrypting the transaction amount by using the public key of a supervisor and the address public keys of both transaction parties, and a zero knowledge certificate;

(4) the user A sends the transaction information to the user B;

(5) the user B verifies the transaction amount in the transaction information;

(6) after the transaction amount passes the verification, the user B publishes the transaction information to the blockchain network;

(7) the miner node verifies whether the transaction is valid or not based on zero knowledge in the transaction information;

(8) if the transaction is valid, the miner node records the transaction information into the block chain.

Referring to fig. 7, fig. 7 is a flowchart illustrating a third embodiment of the anonymous transfer method based on a blockchain according to the present invention. In this embodiment, the anonymous transfer method based on the blockchain includes the following steps:

step S310, the first node sends a transfer transaction request to the second node and receives public key information returned by the second node;

Step S320, generating transaction information of the transaction, and sending the transaction information to a second node to verify the transaction amount encrypted based on the public key information by the second node, wherein the transaction information comprises a new currency commitment generated based on the public key information, the transaction amount encrypted based on the public key information and a zero knowledge proof;

before publishing the transaction information for the miner node to verify and account, the first node needs to send the generated transaction information and the zero knowledge certificate to the second node to verify the transaction amount, namely, whether the transaction amount initiated by the first node is consistent with the currency denomination obtained by the second node is verified, and if so, the verification is passed.

In this embodiment, to implement anonymous transfer and prevent transaction information from being leaked, the first node generates transaction information of the transaction, where the first node may selectively encrypt related transaction information based on a transfer flow requirement in a block chain to form transaction information. For example, based on the payee's validation requirements for the transaction amount, the transaction amount is encrypted; and based on the supervision requirements of the supervisor, encrypting the identity information of the two transaction parties and the transaction amount.

In this embodiment, if the transaction amount passes the verification, the second node publishes the transaction information and the zero knowledge certificate in the blockchain network, so that the mineworker node verifies the certificate content in the zero knowledge certificate, and if the zero knowledge certificate passes the verification, the mineworker node determines that the transaction is valid and records the transaction information in the blockchain.

In this embodiment, after the transaction amount is verified, the second node publishes the transaction information to the block chain network, so that each miner node in the network verifies and accounts the transaction.

Further, in an embodiment of the anonymous transfer method based on the blockchain, in order to ensure that the second node can successfully decrypt the transaction information, in this embodiment, the first node preferably encrypts relevant content in the transaction information by using the second node address public key and the encryption public key, and specifically, when a transfer transaction request is initiated to the second node, the second node returns the own address public key and the encryption public key to the first node.

Referring to fig. 8, fig. 8 is a flowchart illustrating a fourth embodiment of the anonymous transfer method based on a blockchain according to the present invention. In this embodiment, the anonymous transfer method based on the blockchain further includes:

step S410, the first node sends out a money purchasing transaction request to a money issuing node, and receives confirmed purchasing information returned after the money issuing node verifies the money purchasing transaction request;

Step S420, after the confirmed purchase information is received, the address private key and the address public key of the own party are used for respectively generating a currency serial number and a currency acceptance corresponding to the current currency purchase transaction, and the currency serial number, the currency acceptance and the cast currency denomination required by the currency acceptance are sent to a currency issuing node for verifying whether the transaction denomination and the cast currency denomination of the current currency purchase transaction are consistent;

In this embodiment, after receiving the confirmed purchase information returned by the currency issuing node, the first node generates a currency serial number corresponding to the current currency purchase transaction by using its own address private key, and generates a currency acceptance corresponding to the current currency purchase transaction by using its own address public key, and then sends the currency acceptance to the currency issuing node. Before the money issuing node performs accounting on the current money purchasing transaction, whether the transaction denomination of the current money purchasing transaction is consistent with the cast money denomination is verified, if so, cast money transaction information is generated and published to the block chain network, so that a miner can verify and account the current transaction.

Referring to fig. 9, fig. 9 is a flowchart illustrating a block chain-based anonymous transfer method according to a fifth embodiment of the present invention. In this embodiment, the anonymous transfer method based on the blockchain further includes:

step S510, the second node receives a transfer transaction request initiated by the first node and returns public key information to the first node;

in this embodiment, after receiving the transfer transaction request initiated by the first node, the second node returns public key information to the first node for use in encrypting the relevant transaction information generated by the first node, so that the second node can use the corresponding private key to decrypt and obtain the relevant transaction information, such as the transaction amount, and privacy of the transfer transaction information is ensured.

Step S520, receiving transaction information of the transaction generated and sent by the first node, wherein the transaction information comprises a new currency commitment generated based on the public key information, a transaction amount encrypted based on the public key information and a zero knowledge proof;

in this embodiment, to implement anonymous transfer and prevent transaction information from being leaked, the first node generates transaction information of the transaction, where the first node may selectively encrypt related transaction information based on a transfer flow requirement in a block chain to form transaction information. For example, based on the payee's validation requirements for the transaction amount, the transaction amount is encrypted; and based on the supervision requirements of the supervisor, encrypting the identity information of the two transaction parties and the transaction amount. In this embodiment, the transaction information generated by the first node includes the new currency information and the transaction amount encrypted based on the public key information provided by the second node.

Step S530, verifying the transaction amount encrypted based on the public key information;

before the second node publishes the transaction information for the miner node to verify and account, transaction amount verification is needed, namely whether the transaction amount initiated by the first node is consistent with the currency denomination obtained by the second node is verified, and if so, the verification is passed.

And S540, if the transaction amount passes the verification, the transaction information is published in the block chain network so that the miners can verify the certification content in the zero knowledge certification, and if the zero knowledge certification passes the verification, the miners determine that the transaction is valid and record the transaction information into the block chain.

In this embodiment, after the transaction amount is verified, the second node publishes the transaction information to the block chain network, so that each miner node in the network verifies and accounts the transaction. And each miner node verifies the verification content in the zero-knowledge proof to verify the validity of the transaction, determines that the transaction is valid after the verification content of the zero-knowledge proof is verified, and accounts the transaction information into the block chain. Because the miners 'node can not obtain the plaintext contents of the transaction information, such as the identity information and the transaction amount of both transaction parties, and the transaction contents are not exposed to the miners' node in the zero-knowledge proof, the effect that the transaction between the first node and the second node is anonymous relative to other nodes is realized, and the privacy of the transaction information between the first node and the second node is ensured.

the second node decrypts the first ciphertext by using the own private decryption key and decrypts the new currency commitment by using the own private decryption key to respectively obtain the current transaction amount and the new currency denomination; and verifying whether the current transaction amount is consistent with the new currency denomination, and if so, passing the verification.

The invention also provides a computer readable storage medium.

In this embodiment, the computer-readable storage medium has stored thereon a block chain-based anonymous transfer program, which when executed by a processor implements the steps of the block chain-based anonymous transfer method as described in any of the above embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM), and includes instructions for causing a terminal (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.

The present invention is described in connection with the accompanying drawings, but the present invention is not limited to the above embodiments, which are only illustrative and not restrictive, and those skilled in the art can make various changes without departing from the spirit and scope of the invention as defined by the appended claims, and all changes that come within the meaning and range of equivalency of the specification and drawings that are obvious from the description and the attached claims are intended to be embraced therein.

Claims

1. An anonymous transfer method based on a block chain is characterized by comprising the following steps:

the method comprises the steps that a first node initiates a transfer transaction request to a second node and receives public key information returned by the second node, wherein the public key information comprises a second node encryption public key and a second node address public key;

the first node generates transaction information of the transaction based on the public key information and sends the transaction information to a second node, wherein the transaction information comprises a new currency commitment generated based on an address public key of the second node, a transaction amount encrypted based on an encryption public key of the second node and a zero knowledge certificate, and the new currency commitment refers to encrypted funds;

the second node verifies the transaction amount encrypted based on the encrypted public key of the second node, and if the transaction amount is verified, the second node publishes the transaction information in the block chain network so that the miner can verify and book the transaction;

2. A blockchain-based anonymous transfer method as recited in claim 1 wherein said transaction information further comprises: the old currency serial number, the commitment of the change currency generated for the self by using the self address public key, the first ciphertext obtained by encrypting the random number generating the new currency serial number by using the second node encryption public key, and the second ciphertext obtained by encrypting the transaction amount and the public keys of both parties of the transaction by using the supervision node public key.

3. A blockchain-based anonymous transfer method as recited in claim 2, wherein the second node verifies the transaction amount encrypted based on the second node public encryption key, including:

4. A blockchain-based anonymous transfer method as recited in claim 2, wherein the verifying the verification content corresponding to the proof content in the zero-knowledge proof by the mineworker node comprises:

5. A blockchain-based anonymous transfer method as set forth in claim 2 wherein the blockchain-based anonymous transfer method further comprises:

6. A blockchain-based anonymous transfer method as set forth in claim 1, wherein the blockchain-based anonymous transfer method further comprises:

7. An anonymous transfer method based on a block chain is characterized by comprising the following steps:

generating transaction information of the transaction based on the public key information, and sending the transaction information to a second node so that the second node can verify the transaction amount encrypted based on the public key information, wherein the transaction information comprises a new currency commitment generated based on the public key encrypted by the second node, the transaction amount encrypted based on the public key information and a zero knowledge certificate, and the new currency commitment refers to encrypted funds;

8. A blockchain-based anonymous transfer method as recited in claim 7 wherein said transaction information further comprises: the old currency serial number, the commitment of the change currency generated for the self by using the self address public key, the first ciphertext obtained by encrypting the random number generating the new currency serial number by using the second node encryption public key, and the second ciphertext obtained by encrypting the transaction amount and the public keys of both parties of the transaction by using the supervision node public key.

9. A blockchain-based anonymous transfer method as set forth in claim 8 wherein the blockchain-based anonymous transfer method further comprises:

10. A blockchain-based anonymous transfer method as set forth in claim 7 wherein the blockchain-based anonymous transfer method further comprises:

11. An anonymous transfer method based on a block chain is characterized by comprising the following steps:

the second node receives a transfer transaction request initiated by the first node and returns public key information to the first node, wherein the public key information comprises a second node encryption public key and a second node address public key;

receiving transaction information of the transaction generated and sent by a first node based on the public key information, wherein the transaction information comprises a new currency commitment generated based on the address public key of a second node, a transaction amount encrypted based on the encryption public key of the second node and a zero knowledge proof, and the new currency commitment refers to encrypted funds;

verifying the transaction amount encrypted based on the second node encryption public key;

12. A blockchain-based anonymous transfer method as recited in claim 11 wherein said transaction information further comprises: the old currency serial number, the commitment of the change currency generated for the self by using the self address public key, the first ciphertext obtained by encrypting the random number generating the new currency serial number by using the second node encryption public key, and the second ciphertext obtained by encrypting the transaction amount and the public keys of both parties of the transaction by using the supervision node public key.

13. A blockchain-based anonymous transfer method as set forth in claim 12 wherein said verifying the transaction amount encrypted based on said second node cryptographic public key comprises:

14. A blockchain-based anonymous transfer method as set forth in claim 12 wherein the blockchain-based anonymous transfer method further comprises:

15. An anonymous transfer system based on blockchains, the anonymous transfer system comprising: a blockchain network, a blockchain, wherein the blockchain network comprises: the system comprises a first node, a second node and a miner node;

the first node is used for initiating a transfer transaction request to the second node and receiving public key information returned by the second node, wherein the public key information comprises a second node encryption public key and a second node address public key; generating transaction information of the transaction based on the public key information; sending the transaction information to a second node, wherein the transaction information comprises a new currency commitment generated based on the address public key of the second node, a transaction amount encrypted based on the encryption public key of the second node and a zero knowledge proof, and the new currency commitment refers to encrypted funds;

the second node is used for verifying the transaction amount encrypted based on the second node encryption public key, and if the transaction amount is verified, the second node publishes the transaction information in the block chain network so that a miner can verify and book the transaction;

16. A blockchain-based anonymous transfer system as recited in claim 15 wherein said blockchain network further comprises: a supervisory node;

17. A blockchain-based anonymous transfer system as recited in claim 16, wherein said second node is further configured to:

18. A blockchain-based anonymous transfer system as recited in claim 15, wherein said miner's verification of proof content in said zero-knowledge proof with corresponding verification content comprises:

19. A blockchain-based anonymous transfer system as recited in claim 16 wherein said supervisory node is operative to:

20. A blockchain-based anonymous transfer system as recited in claim 15 wherein said blockchain network further comprises: a currency-issuing node;

21. A computer readable storage medium having stored thereon a blockchain-based anonymous transfer program, which when executed by a processor performs the steps of the blockchain-based anonymous transfer method of any of claims 1-14.