CN109272313A - Resist the bit coin rapid payment system and method for dual payment attack - Google Patents

Resist the bit coin rapid payment system and method for dual payment attack Download PDF

Info

Publication number
CN109272313A
CN109272313A CN201810894149.7A CN201810894149A CN109272313A CN 109272313 A CN109272313 A CN 109272313A CN 201810894149 A CN201810894149 A CN 201810894149A CN 109272313 A CN109272313 A CN 109272313A
Authority
CN
China
Prior art keywords
module
address
payment
payer
bit coin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810894149.7A
Other languages
Chinese (zh)
Inventor
高军涛
吴通
于海勇
刘奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810894149.7A priority Critical patent/CN109272313A/en
Publication of CN109272313A publication Critical patent/CN109272313A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A kind of bit coin rapid payment system and method resisting dual payment attack, system include payer module, recipient's module, authentication module, punishment module.Method and step are as follows: generate public, private key to, generate address, initialization address, payer authentication, authentication module judge the public key for paying address whether meet authentication condition, send signature information, the bit coin of recipient's module be sent to recipient's module, bit coin that the judgement of recipient's module receives in bit coin network with the presence or absence of two transaction, shift bit coin, exit payment system.System payer module and recipient's module of the invention is directly traded, and semi trusted third party participant will not be introduced.Method of the invention can resist dual payment attack, do not have trade confirmation time delay, can be realized rapid payment.

Description

Resist the bit coin rapid payment system and method for dual payment attack
Technical field
The invention belongs to art of cryptography, further relate to one of password currency technical field and resist dual payment The bit coin rapid payment system and method for attack.The present invention can be used in virtual network there are dual payment attack bit Coin pays scene.
Background technique
Nowadays, bit coin is often used in some rapid payment scenes, and in these scenes, both parties need quickly complete At transaction, and trading at this time is zero confirmation transaction, and payer is easily achieved dual payment attack.Therefore in order to protect recipient Equity, blocked using penalty mechanism payer dual payment attack is necessary, can effectively guarantee zero in this way Confirmation transaction smoothly completes.
Patent document " bit coin payment system based on Partial Blind Signature technology of the Xian Electronics Science and Technology University in its application And its method " public in (publication number: CN106296138A, application number: 2016106477117, applying date: on 08 09th, 2016) A kind of bit coin payment system based on Partial Blind Signature technology is opened.The system include line module, merchant module, can with half Believe third party's module.Line module is for generating user's bit coin public key and private key and sending information to other modules;Businessman's mould Block is for calculating reception information and determining to provide commodity to line module;Semi trusted third party module is for calculating line module Newest account balance signature, creation bit coin transaction.The system improves the anonymity of transaction, energy by Partial Blind Signature technology Enough realize quick payment.Shortcoming existing for the system is to introduce additional semi trusted third party participant as transaction Go-between, keep system more complicated.
A kind of patent document " the bit coin terminal money of embedded fixed gathering address of the Xian Electronics Science and Technology University in its application Packet and its bit coin method of payment " (publication number: CN103927656A, application number: 2014101856495, the applying date: 2014 May 05) in disclose a kind of bit coin method of payment of embedded fixed gathering address.This method will be in fixed gathering address Embedded in bit coin terminal wallet, bit coin and terminal are implemented in combination with the payment similar to currency, it is existing using bit coin network Mode of doing business, buy extensive stock and service.Shortcoming existing for this method is, in order to avoid dual payment attack, to hand over Easy both sides need to wait the trade confirmation time of six blocks, and there are exchange hour delays.
Paper document " the Double-spending Prevention that Cristina Perez-Sola et al. is delivered at it for Bitcoin zero-confirmation transactions”(IACR Cryptology ePrint Archive, 2017) method for preventing dual payment in a kind of confirmation transaction of bit coin zero is proposed in.This method is by utilizing bit coin foot One loophole of this language and Signing Schedules with Elliptic Curve Cryptography is attacked to prevent attacker from executing dual payment.The payment of this method Address uses special bit coin script format, once payer attempts to carry out dual payment attack to a certain address, owns User can calculate the private key of corresponding address according to ellipse curve signature loophole, and payer can lose all bits of the address Coin.Payer needs to be stored in additional fund on payment address, can obtain the trust of recipient in this way.Existing for this method Shortcoming is, will appear when punishing attacker, on network and the punishment of same address is largely spent to trade, will cause Network congestion, dual payment success attack.
Summary of the invention
It is an object of the invention in view of the above shortcomings of the prior art, propose a kind of bit coin for resisting dual payment attack Rapid payment system and method are prevented payer from carrying out dual payment attack, are not needed by the bit coin of transfer payment side The problem of introducing semi trusted third party, overcoming exchange hour delay and network congestion, realizes the rapid payment of bit coin.
To achieve the goals above, thinking of the invention is that payer module generates guarantee fund address and payment address, body Part authentication module carries out authentication to payer module, which is sent to recipient for bit coin by rear payer module Module, after the dual payment attack of recipient's module discovery payer module, by punishment module come transfer payment side's module Bit coin, which is characterized in that the bit coin of payer module is sent to recipient's module, punishment module shifts dual payment Bit coin.
The present invention resists the bit coin rapid payment system of dual payment attack to include payer module, recipient's module, It is characterized in that, further includes authentication module, punishment module;The payer module respectively with authentication module, recipient Module is connected with punishment module, and authentication module is connected with recipient's module, and recipient's module is connected with punishment module;Its In:
The payer module, for generating public, private key pair;Generate guarantee fund address and payment address;Selection is protected respectively The secret value for demonstrate,proving golden address and payment address calculates the corresponding temporary public key of secret value;By the public key of two addresses and interim public affairs Key is sent to authentication module and punishment module;Identity authentication message is calculated, and identity authentication message is sent to identity and is recognized Demonstrate,prove module and punishment module;The signature information of guarantee fund's public key is calculated, and signature information is sent to authentication module;It will branch The bit coin for paying square module is sent to recipient's module;
The authentication module, the public key and temporary public key of two addresses for receiving the transmission of payer module;It connects Receive the identity authentication message that payer is sent;Judge whether the public key for paying address meets authentication condition, if so, receiving payment Otherwise the signature information that square module is sent exits payment system;Signature information is sent to recipient's module;
Recipient's module, the public key and temporary public key of two addresses for receiving the transmission of payer module;It receives The signature information that authentication module is sent;Receive the bit coin that payer module is sent;Judge the bit coin received in bit With the presence or absence of two transaction in coin network, if so, signature information is sent to punishment module, otherwise, payment system is exited;
The punishment module, the public key and temporary public key of two addresses for receiving the transmission of payer module;Receive branch Pay the identity authentication message that square module is sent;Receive the signature information that recipient's module is sent;Calculate the payer of dual payment The private key and secret value of the payment address of module, sign to the transaction for shifting the address bit coin;Calculate dual payment The private key and secret value of the guarantee fund address of payer module sign to the transaction for shifting the address bit coin.
Specific step is as follows for the bit coin quick paying method that the present invention resists dual payment to attack:
(1) public, private key pair is generated:
Payer module randomly chooses two private keys, generates formula using elliptic curve key, it is corresponding to calculate two private keys Two public keys, form two public, private keys pair;
(2) address is generated:
Using safe impact resistant hash function, payer module calculates separately two public, private keys to the cryptographic Hash of public key, Bit coin address code is carried out to two cryptographic Hash respectively, regard one after coding as guarantee fund address, another is as branch Pay address;
(3) initialization address:
The low transaction of expense replaces with costly transaction in (3a) payer module bit coin network;
(3b) payer module randomly chooses two different positive integers, respectively as guarantee fund address and pays the secret of address Close value calculates separately the corresponding temporary public key of two secret values using elliptic curve temporary public key calculation formula;
(4) payer authentication:
The public key of two addresses and temporary public key are sent to authentication module and punishment respectively by (4a) payer module Module;
(4b) authentication module randomly chooses a positive integer, as inquiry message, is sent to payer module;
(4c) utilizes authentication calculation formula, and payer module calculates identity authentication message, and by identity authentication message It is sent to authentication module and punishment module;
(5) authentication module judges whether the public key for paying address meets authentication condition, if so, (6) are thened follow the steps, Otherwise, step (10) are executed;
(6) signature information is sent:
(6a) utilizes ellipse curve signature algorithm, and payer module calculates the signature information of guarantee fund's public key, and will signature Message is sent to authentication module;
The signature information of payer module is sent to recipient's module by (6b) authentication module;
(7) the bit coin of payer module is sent to recipient's module;
(8) the bit coin that the judgement of recipient's module receives is traded in bit coin network with the presence or absence of two, if so, holding Row step (9) otherwise executes step (10);
(9) bit coin is shifted:
The signature information of the payer module of dual payment is sent to punishment module by (9a) recipient module;
(9b) utilizes ellipse curve signature loophole formula, and punishment module calculates the paid place of the payer module of dual payment The private key and secret value of location;
(9c) punishes module using the private key and secret value of the payer module payment address of dual payment, by oval bent Line signature algorithm signs to the transaction for shifting the address bit coin;
(9d) utilizes identity private key calculation formula, and punishment module calculates the payer module guarantee fund address of dual payment Private key;
(9e) calculates the payer module guarantee fund address of dual payment using signature secret value calculation formula, punishment module Secret value;
(9f) punishes that module using the private key and secret value of the payer module guarantee fund address of dual payment, passes through ellipse Curve signature algorithm signs to the transaction for shifting the address bit coin;
(10) payment system is exited.
Compared with the prior art, the present invention has the following advantages:
First, since the system payer module in the present invention is directly connected with recipient's module, in process of exchange not Semi trusted third party is needed to strengthen the safety of transaction as the go-between of transaction, overcome system in the prior art and deposit The additional semi trusted third party participant the shortcomings that, so that system structure of the invention is simpler.
Second, since the bit coin of payer is sent to recipient by the method in the present invention, overcome in the prior art Method need the trade confirmation time for waiting six blocks to avoid dual payment from attacking, there are lacking for exchange hour delay Point realizes the rapid payment of bit coin so that method of the invention reduces the trade confirmation time.
Third, since the method in the present invention is signed by the transaction to transfer payment side's module bit coin, transfer The bit coin of the payment address and guarantee fund address of the payer of dual payment, prevents the dual payment of payer, overcomes The shortcomings that method in the prior art causes network congestion because of a large amount of punishment transaction, dual payment success attack, makes Dual payment attack can be resisted by obtaining method of the invention.
Detailed description of the invention
Fig. 1 is the block diagram of present system;
Fig. 2 is the flow chart of the method for the present invention.
Specific implementation measure
The present invention is described in further detail with reference to the accompanying drawing.
Referring to attached drawing 1, bit coin rapid payment system of the invention, including payer module, recipient's module, identity are recognized Demonstrate,prove module, punishment module;The payer module is connected with authentication module, recipient's module and punishment module respectively, body Part authentication module is connected with recipient's module, and recipient's module is connected with punishment module.
The payer module, for generating public, private key pair;Generate guarantee fund address and payment address;Selection is protected respectively The secret value for demonstrate,proving golden address and payment address calculates the corresponding temporary public key of secret value;By the public key of two addresses and interim public affairs Key is sent to authentication module and punishment module;Identity authentication message is calculated, and identity authentication message is sent to identity and is recognized Demonstrate,prove module and punishment module;The signature information of guarantee fund's public key is calculated, and signature information is sent to authentication module;It will branch The bit coin for paying square module is sent to recipient's module.
The authentication module, the public key and temporary public key of two addresses for receiving the transmission of payer module;It connects Receive the identity authentication message that payer is sent;Judge whether the public key for paying address meets authentication condition, if so, receiving payment Otherwise the signature information that square module is sent exits payment system;Signature information is sent to recipient's module.
Recipient's module, the public key and temporary public key of two addresses for receiving the transmission of payer module;It receives The signature information that authentication module is sent;Receive the bit coin that payer module is sent;Judge the bit coin received in bit With the presence or absence of two transaction in coin network, if so, signature information is sent to punishment module, otherwise, payment system is exited.
The punishment module, the public key and temporary public key of two addresses for receiving the transmission of payer module;Receive branch Pay the identity authentication message that square module is sent;Receive the signature information that recipient's module is sent;Calculate the payer of dual payment The private key and secret value of the payment address of module, sign to the transaction for shifting the address bit coin;Calculate dual payment The private key and secret value of the guarantee fund address of payer module sign to the transaction for shifting the address bit coin.
With reference to the accompanying drawing 2, method of the invention is further described.
Step 1, public, private key pair is generated.
Payer module randomly chooses two private keys, generates formula using elliptic curve key, it is corresponding to calculate two private keys Two public keys, form two public, private keys pair.
It is as follows that the elliptic curve key generates formula:
Q=qG
Wherein, Q indicates that the corresponding public key of private key, q indicate that private key, 0 < q < n, n indicate the rank of the basic point on elliptic curve Number, indicates multiplication operations, and G indicates the basic point on elliptic curve.
Step 2, address is generated.
Using safe impact resistant hash function, payer module calculates separately two public, private keys to the cryptographic Hash of public key, Bit coin address code is carried out to two cryptographic Hash respectively, regard one after coding as guarantee fund address, another is as branch Pay address.
Payer module uses guarantee fund address as guarantee, carries out the payment of bit coin using payment address.
Step 3, initialization address.
The low transaction of expense in bit coin network is replaced with costly transaction by payer module.
Payer module randomly chooses two different positive integers, respectively as the secret of guarantee fund address and payment address Value, using elliptic curve temporary public key calculation formula, calculates separately the corresponding temporary public key of two secret values.
The elliptic curve temporary public key calculation formula is as follows:
(x, y)=iG (modn)
J=x (modn)
Wherein, (x, y) indicates that the corresponding coordinate value of public key of secret value, i indicate secret value, and j indicates that secret value is corresponding Temporary public key, mod indicate modular multiplication.
When sending the bit coin on address, the private key and secret value using the address are needed, is signed to transaction.
Step 4, payer authentication.
The public key of two addresses and temporary public key are sent to authentication module and punishment module respectively by payer module.
Authentication module randomly chooses a positive integer, as inquiry message, is sent to payer module.
Using authentication calculation formula, payer module calculates identity authentication message, and identity authentication message is sent To authentication module and punishment module.
It is the identity for authenticating payer that identity authentication message, which is sent to authentication module, and being sent to punishment module is When the dual payment attack of payer module, for shift dual payment payer module bit coin.
The authentication calculation formula is as follows:
M=b+ca (modn)
Wherein, m indicates certificate message, and b indicates that the private key of payment address, c indicate the inquiry that recipient's module is sent Message, a indicate the private key of guarantee fund address.
Step 5, authentication module judges whether the public key for paying address meets authentication condition, if so, thening follow the steps 6, otherwise, execute step 10.
The authentication condition refers to:
B=mG-cA
Wherein, B indicates that the public key of payment address, A indicate the public key of guarantee fund address.
When pay address public key meet authentication condition when, illustrate payer module be ready using guarantee fund address come for branch Address is paid to be assured.Once dual payment attack occurs for payer module, punishment module can utilize identity authentication message meter Calculate the private key and secret value of the guarantee fund address of the payer module of dual payment.
Step 6, signature information is sent.
Using ellipse curve signature algorithm, payer module calculates the signature information of guarantee fund's public key, and by signature information It is sent to authentication module.
Specific step is as follows for the ellipse curve signature algorithm:
According to the following formula, the cryptographic Hash of message is calculated:
E=H (M)
Wherein, e indicates the cryptographic Hash of message, and H () indicates that safe impact resistant hash function, M indicate the message to be signed.
According to the following formula, calculate the signature message:
S=f-1(e+R·l)(modn)
Wherein, s indicates signature information, f-1It indicates the integer for being different from f, and meets f-1F=1 (modn), f are indicated should The secret value of address, R indicate that the corresponding temporary public key of secret value, l indicate the private key of the address.
Signature information is sent to recipient's module by authentication module.
Step 7, the bit coin of payer module is sent to recipient's module.
Step 8, the bit coin that the judgement of recipient's module receives is traded in bit coin network with the presence or absence of two, if so, Then think that payer module there are step (9) are executed after dual payment attack, otherwise, executes step (10).
Step 9, bit coin is shifted.
The signature information of the payer module of dual payment is sent to punishment module by recipient's module.
Using ellipse curve signature loophole formula, punish that module calculates the payment address of the payer module of dual payment Private key and secret value.
The ellipse curve signature loophole formula is as follows:
Wherein, k indicates the secret value of payment address, and u indicates the Transaction Information traded for the first time in dual payment attack, v Indicate that the Transaction Information of second of transaction in dual payment attack, w indicate the A.L.S. traded for the first time in dual payment attack Breath, z indicate the signing messages of second of transaction in dual payment attack.
Punish that module using the private key and secret value of the payer module payment address of dual payment, passes through elliptic curve label Name algorithm, signs to the transaction for shifting the address bit coin.
Specific step is as follows for the ellipse curve signature algorithm:
According to the following formula, the cryptographic Hash of message is calculated:
E=H (M)
Wherein, e indicates the cryptographic Hash of message, and H () indicates that safe impact resistant hash function, M indicate the message to be signed.
According to the following formula, calculate the signature message:
S=f-1(e+R·l)(modn)
Wherein, s indicates signature information, f-1It indicates the integer for being different from f, and meets f-1F=1 (modn), f are indicated should The secret value of address, R indicate that the corresponding temporary public key of secret value, l indicate the private key of the address.
Using identity private key calculation formula, punish that module calculates the private of the payer module guarantee fund address of dual payment Key.
The identity private key calculation formula is as follows:
A=c-1·(m-b)(modn)
Wherein, c-1It indicates the positive integer for being different from c, and meets c-1C=1 (modn).
Using signature secret value calculation formula, punishment module calculates the secret of the payer module guarantee fund address of dual payment Close value.
The signature secret value calculation formula is as follows:
D=s-1·(H(A)+D·a)(modn)
Wherein, d indicates the secret value of guarantee fund address, s-1It indicates the positive integer for being different from s, and meets s-1S=1 (modn), D indicates the corresponding temporary public key of guarantee fund's secret value.
Punish that module using the private key and secret value of the payer module guarantee fund address of dual payment, passes through elliptic curve Signature algorithm signs to the transaction for shifting the address bit coin.
Step 10, payment system is exited.

Claims (10)

1. a kind of bit coin rapid payment system for resisting dual payment attack, including payer module, recipient's module, feature It is, further includes authentication module, punishment module;The payer module respectively with authentication module, recipient's module It is connected with punishment module, authentication module is connected with recipient's module, and recipient's module is connected with punishment module;Wherein:
The payer module, for generating public, private key pair;Generate guarantee fund address and payment address;Guarantee fund is selected respectively The secret value of address and payment address calculates the corresponding temporary public key of secret value;By the public key and temporary public key hair of two addresses Give authentication module and punishment module;Identity authentication message is calculated, and identity authentication message is sent to authentication mould Block and punishment module;The signature information of guarantee fund's public key is calculated, and signature information is sent to authentication module;By payer The bit coin of module is sent to recipient's module;
The authentication module, the public key and temporary public key of two addresses for receiving the transmission of payer module;Receive branch Pay the identity authentication message just sent;Judge whether the public key for paying address meets authentication condition, if so, receiving payer mould Otherwise the signature information that block is sent exits payment system;Signature information is sent to recipient's module;
Recipient's module, the public key and temporary public key of two addresses for receiving the transmission of payer module;Receive identity The signature information that authentication module is sent;Receive the bit coin that payer module is sent;Judge the bit coin received in bit coin net With the presence or absence of two transaction in network, if so, signature information is sent to punishment module, otherwise, payment system is exited;
The punishment module, the public key and temporary public key of two addresses for receiving the transmission of payer module;Receive payer The identity authentication message that module is sent;Receive the signature information that recipient's module is sent;Calculate the payer module of dual payment Payment address private key and secret value, to shift the address bit coin transaction sign;Calculate the payment of dual payment The private key and secret value of the guarantee fund address of square module sign to the transaction for shifting the address bit coin.
2. a kind of bit coin quick paying method for resisting dual payment attack, which is characterized in that by the bit coin of payer module It is sent to recipient's module, punishment module shifts the bit coin of dual payment;The specific steps of this method include the following:
(1) public, private key pair is generated:
Payer module randomly chooses two private keys, generates formula using elliptic curve key, calculates two private keys corresponding two A public key forms two public, private keys pair;
(2) address is generated:
Using safe impact resistant hash function, payer module calculates separately two public, private keys to the cryptographic Hash of public key, respectively Bit coin address code is carried out to two cryptographic Hash, regard one after coding as guarantee fund address, another is as paid place Location;
(3) initialization address:
The low transaction of expense replaces with costly transaction in (3a) payer module bit coin network;
(3b) payer module randomly chooses two different positive integers, respectively as the secret of guarantee fund address and payment address Value, using elliptic curve temporary public key calculation formula, calculates separately the corresponding temporary public key of two secret values;
(4) payer authentication:
The public key of two addresses and temporary public key are sent to authentication module and punishment module respectively by (4a) payer module;
(4b) authentication module randomly chooses a positive integer, as inquiry message, is sent to payer module;
(4c) utilizes authentication calculation formula, and payer module calculates identity authentication message, and identity authentication message is sent To authentication module and punishment module;
(5) authentication module judges whether the public key for paying address meets authentication condition, if so, (6) are thened follow the steps, it is no Then, step (10) are executed;
(6) signature information is sent:
(6a) utilizes ellipse curve signature algorithm, and payer module calculates the signature information of guarantee fund's public key, and by signature information It is sent to authentication module;
The signature information of payer module is sent to recipient's module by (6b) authentication module;
(7) the bit coin of payer module is sent to recipient's module;
(8) the bit coin that the judgement of recipient's module receives is traded in bit coin network with the presence or absence of two, if so, executing step Suddenly (9) otherwise execute step (10);
(9) bit coin is shifted:
The signature information of the payer module of dual payment is sent to punishment module by (9a) recipient module;
(9b) utilizes ellipse curve signature loophole formula, and punishment module calculates the payment address of the payer module of dual payment Private key and secret value;
(9c) punishes that module using the private key and secret value of the payer module payment address of dual payment, passes through elliptic curve label Name algorithm, signs to the transaction for shifting the address bit coin;
(9d) utilizes identity private key calculation formula, and punishment module calculates the private of the payer module guarantee fund address of dual payment Key;
(9e) calculates the secret of the payer module guarantee fund address of dual payment using signature secret value calculation formula, punishment module Close value;
(9f) punishes that module using the private key and secret value of the payer module guarantee fund address of dual payment, passes through elliptic curve Signature algorithm signs to the transaction for shifting the address bit coin;
(10) payment system is exited.
3. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step (1) it is as follows that the elliptic curve key described in generates formula:
Q=qG
Wherein, Q indicates that the corresponding public key of private key, q indicate that private key, 0 < q < n, n indicate the order of the basic point on elliptic curve, Indicate multiplication operations, G indicates the basic point on elliptic curve.
4. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Elliptic curve temporary public key calculation formula described in (3b) is as follows:
(x, y)=iG (modn)
J=x (modn)
Wherein, (x, y) indicates that the corresponding coordinate value of public key of secret value, i indicate secret value, and j indicates that secret value is corresponding interim Public key, mod indicate modular multiplication.
5. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Authentication calculation formula described in (4c) is as follows:
M=b+ca (modn)
Wherein, m indicates certificate message, and b indicates that the private key of payment address, c indicate the inquiry message that recipient's module is sent, The private key of a expression guarantee fund address.
6. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step (5) authentication condition described in refers to:
B=mG-cA
Wherein, B indicates that the public key of payment address, A indicate the public key of guarantee fund address.
7. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Specific step is as follows for ellipse curve signature algorithm described in (6a), step (9c), step (9f):
The first step calculates the cryptographic Hash of message according to the following formula:
E=H (M)
Wherein, e indicates the cryptographic Hash of message, and H () indicates that safe impact resistant hash function, M indicate the message to be signed;
Second step, according to the following formula, calculate the signature message:
S=f-1(e+R·l)(modn)
Wherein, s indicates signature information, f-1It indicates the integer for being different from f, and meets f-1F=1 (modn), f indicates the address Secret value, R indicate that the corresponding temporary public key of secret value, l indicate the private key of the address.
8. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Ellipse curve signature loophole formula described in (9b) is as follows:
Wherein, k indicates the secret value of payment address, and u indicates that the Transaction Information traded for the first time in dual payment attack, v indicate The Transaction Information of second of transaction in dual payment attack, w indicate the signing messages traded for the first time in dual payment attack, z Indicate the signing messages of second of transaction in dual payment attack.
9. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Identity private key calculation formula described in (9d) is as follows:
A=c-1·(m-b)(modn)
Wherein, c-1It indicates the positive integer for being different from c, and meets c-1C=1 (modn).
10. the bit coin quick paying method according to claim 2 for resisting dual payment attack, which is characterized in that step Signature secret value calculation formula described in (9e) is as follows:
D=s-1·(H(A)+D·a)(modn)
Wherein, d indicates the secret value of guarantee fund address, s-1It indicates the positive integer for being different from s, and meets s-1S=1 (modn), D Indicate the corresponding temporary public key of guarantee fund's secret value.
CN201810894149.7A 2018-08-08 2018-08-08 Resist the bit coin rapid payment system and method for dual payment attack Pending CN109272313A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810894149.7A CN109272313A (en) 2018-08-08 2018-08-08 Resist the bit coin rapid payment system and method for dual payment attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810894149.7A CN109272313A (en) 2018-08-08 2018-08-08 Resist the bit coin rapid payment system and method for dual payment attack

Publications (1)

Publication Number Publication Date
CN109272313A true CN109272313A (en) 2019-01-25

Family

ID=65153406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810894149.7A Pending CN109272313A (en) 2018-08-08 2018-08-08 Resist the bit coin rapid payment system and method for dual payment attack

Country Status (1)

Country Link
CN (1) CN109272313A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110458554A (en) * 2019-03-31 2019-11-15 西安电子科技大学 The data fast transaction method of identity-based on block chain
CN112101930A (en) * 2020-08-27 2020-12-18 东南大学 NFC payment system based on elliptic curve password
CN112418834A (en) * 2020-10-21 2021-02-26 西安电子科技大学 Safe mixed currency processing method and system compatible with bit currency and supporting down-link transaction
CN113393242A (en) * 2021-04-27 2021-09-14 连通(杭州)技术服务有限公司 Method and equipment for safe off-line electronic payment of token model payables

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110458554A (en) * 2019-03-31 2019-11-15 西安电子科技大学 The data fast transaction method of identity-based on block chain
CN110458554B (en) * 2019-03-31 2022-03-22 西安电子科技大学 Identity-based data rapid transaction method on block chain
CN112101930A (en) * 2020-08-27 2020-12-18 东南大学 NFC payment system based on elliptic curve password
CN112418834A (en) * 2020-10-21 2021-02-26 西安电子科技大学 Safe mixed currency processing method and system compatible with bit currency and supporting down-link transaction
CN113393242A (en) * 2021-04-27 2021-09-14 连通(杭州)技术服务有限公司 Method and equipment for safe off-line electronic payment of token model payables

Similar Documents

Publication Publication Date Title
US11257077B2 (en) Blockchain system for confidential and anonymous smart contracts
CN109272313A (en) Resist the bit coin rapid payment system and method for dual payment attack
Pedersen Electronic payments of small amounts
Yi et al. A new blind ECDSA scheme for bitcoin transaction anonymity
Ateniese et al. Certified bitcoins
CN110612547A (en) System and method for information protection
JPH09505169A (en) Efficient electronic money
Jacobson et al. Mix-based electronic payments
Androulaki et al. PAR: Payment for anonymous routing
CN103444128B (en) Key PV signs
US9286602B2 (en) Secure financial transactions
Buttyán Removing the financial incentive to cheat in micropayment schemes
CN111738857B (en) Generation and verification method and device of concealed payment certificate applied to block chain
Horn et al. Authentication and payment in future mobile systems
CN111539719B (en) Audit coin-mixing service method and system model based on blind signature
Desmedt et al. Towards practical “proven secure” authenticated key distribution
Kokaras et al. The cost of privacy on blockchain: A study on sealed-bid auctions
Hanaoka et al. LITESET: A light-weight secure electronic transaction protocol
AU2020101863A4 (en) IoT-Based Micropayment Protocol for Wearable Devices with Unique Verification
CN114547695A (en) Block chain transaction privacy protection method based on homomorphic encryption in Internet of things
Jakobsson Mini-cash: A minimalistic approach to e-commerce
Tracz et al. Fair electronic cash withdrawal and change return for wireless networks
US20090327142A1 (en) Fair Payment Protocol with Semi-Trusted Third Party
Team Styx: Unlinkable Anonymous Atomic Payment Hub For Viacoin
He et al. A new signature scheme: joint-signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190125