CN109447602A - A kind of mixed coin method of the collaborative distributed digital cash of multicenter that protecting privacy - Google Patents

A kind of mixed coin method of the collaborative distributed digital cash of multicenter that protecting privacy Download PDF

Info

Publication number
CN109447602A
CN109447602A CN201811203714.7A CN201811203714A CN109447602A CN 109447602 A CN109447602 A CN 109447602A CN 201811203714 A CN201811203714 A CN 201811203714A CN 109447602 A CN109447602 A CN 109447602A
Authority
CN
China
Prior art keywords
digital cash
committee
hun
coin
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811203714.7A
Other languages
Chinese (zh)
Other versions
CN109447602B (en
Inventor
张宗洋
喻辉
刘建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201811203714.7A priority Critical patent/CN109447602B/en
Publication of CN109447602A publication Critical patent/CN109447602A/en
Application granted granted Critical
Publication of CN109447602B publication Critical patent/CN109447602B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a kind of collaborative distributed digital cash of multicenter for protecting privacy to mix coin method, belongs to Computer Applied Technology.The method of the present invention includes: that digital cash fund is transferred to Hun Bi committee address by (1) digital cash user;(2) transaction of Hun Bi committee confirmation digital cash user, and value is blinded to digital cash drawing sequence number and is signed;(3) mixed coin committeeman is blinded value signature to digital cash drawing sequence number and goes to blind by digital cash user, and is sent to the Hun Bi committee and taken out fund to the request of final gathering address;(4) the Hun Bi committee checks to take out fund to generate and sign to the request of final gathering address and produce to the transaction of final gathering address.The present invention is using multiple mixed coin center cooperations, effective protection user security and privacy and avoids center single point failure;Without cooperating, effectively reducing cost and improving efficiency between participant, while being effective against Denial of Service attack.

Description

A kind of mixed coin method of the collaborative distributed digital cash of multicenter that protecting privacy
Technical field
The present invention relates to a kind of collaborative distributed digital cash of multicenter for protecting privacy to mix coin method, more particularly to a kind of The distributed digital currency of multicenter cooperative achievement mixes coin method, belongs to Computer Applied Technology.
Background technique
Middle acute hearing is first digital cash based on block chain in the bit coin of invention in 2008.Hereafter, Lay spy coin, with The too appearance in mill etc. is further enriched and perfect digital cash ecology.Due to have decentralization, it is transnational, without trust etc. Feature, digital cash use scope constantly expand, including China with Britain including government start to consider that legal digital cash is set Meter.
However, most of digital cash haves the defects that privacy of user can not be protected.With the most widely used bit coin For, although being taken as a kind of anonymous payment means at the beginning of release, the practical secret protection that can be provided extremely has Limit.Bit coin protects privacy of user using assumed name mechanism, without using true identity when user transfers accounts, therefore only hands over from bit coin It can not easily learn the identity of user.However, to ensure that the characteristic of decentralization, bit coin must safeguard that a public account book is (logical Cross the realization of block chain), all bit coin transaction are maintained on block chain.Anyone can access bit coin block chain, attack The person of hitting can identify the bit coin address for belonging to same user by analysis transaction.Once the true identity of user and certain ratio Special coin address link, attacker can spy upon user's All Activity behavior.Therefore, in the actual use of such digital cash In, the All Activity record of user is all open to be inquired.
To solve drawbacks described above, design and deployment digital cash secret protection scheme are most important.A solution is The identity of fund holder is obscured by mixing coin.Existing mixed coin scheme is broadly divided into two kinds, one is the scheme of decentralization, Mixed coin process is completed in peer node environment, this mode efficiency is more low, and influences vulnerable to Denial of Service attack;Separately One is completing mixed coin using mixed coin center, but needing to design complicated agreement ensures that mixed coin center can not steal fund, nothing Method link input and output.For the defect for solving the mixed coin scheme of tradition, we have invented this method, the major technique being related to includes Block chain technology, Boneh-Lynn-Shacham (BLS) signature algorithm etc..
Firstly, block chain technology has been applied in all kinds of digital cash since this acute hearing invention bit coin in 2008, It is substantially a kind of distributed data base.Block chain is made of a series of blocks (block), is included at least in each block " previous block Hash Value " and " this block data Mei Keer tree root (Merkle root) " two parts.Wherein, previous block hash Value is considered as being directed toward the pointer of a block, it is ensured that the sequencing of block on block chain, Mei Keer tree root ensure this The data of block will not be tampered.Block chain can provide anti-tamper account book for distributed system, as long as holding last The Hash Value of a block, so that it may verify all data on whole block chain.
Secondly, BLS algorithm is that a kind of short signature that Boneh, Lynn and Shacham are proposed on ASIACRYPT 2001 is calculated Method, under same safety, signature length is only the half of DSA algorithm.On PKC 2003, Boldyreva is proposed Based on the blind signature scheme of BLS algorithm, signer is given after allowing user to blind message m and is signed, when user takes After the signature for blinding message, it can be gone to blind, obtain the signature to origination message m, to allow to obtain while not revealing m To signature.Boneh, Drijvers and Neven were in compact multi-signature (Compact of the proposition based on BLS algorithm in 2018 Multi-Signatures) scheme allows multiple entities to synthesize a single signature to the signature of same message, more for having The case where a participant, significantly reduces signature total length.
Summary of the invention
The purpose of the present invention is to propose to it is a kind of protect privacy the collaborative distributed digital cash of multicenter mix coin method, with gram Deficiency of the prior art in terms of efficiency and cost is taken, guarantees that amount of money transfer of the user on block chain can not be supervised by third party Control can be used for solving the problems, such as user's identity exposure in process of exchange.
The collaborative distributed digital cash of multicenter of protection privacy proposed by the present invention mixes coin method, comprising the following steps:
(1) digital cash fund is transferred to Hun Bi committee address, detailed process is as follows:
(1-1) generates a digital cash drawing sequence number, comprising the following steps:
(1-1-1) the first digital cash user sequentially generates private key sk using digital cash address generating methodend, it is public Key pkendWith final gathering address addr, and store spare;
Or second digital cash user using digital cash address generating method sequentially generate private key skend, public key pkend With final gathering address addr, and the final gathering address addr of generation is sent to the first digital cash user;
(1-1-2) calculates digital cash drawing sequence number sn according to the final gathering address addr of above-mentioned steps (1-1), Sn ← H (addr), wherein H () represents hash algorithm, any input is mapped in p rank cyclic group, g is the generation of cyclic group Member;
Random number r is chosen from { 1,2 ..., p-1 }, digital cash drawing sequence number is obtained and blinds value
(1-2) generates the transaction that Hun Bi committee address is transferred to from the first digital cash user, comprising the following steps:
(1-2-1) the first digital cash user trades according to existing digital cash and exports, and generates a digital cash and hands over Easy txin, digital cash transaction txinOutput be address that the Hun Bi committee specifies, and be embedded in above-mentioned steps in this transaction The digital cash drawing sequence number of (1-2) blinds value
(1-2-2) the first digital cash user is to digital moneytary operations txinSignature, signature is denoted asAnd it will It is sent to digital cash block chain, and will be withCorresponding identification code is denoted as txid;
(1-3) issues the request of the transaction of verifying above-mentioned steps (2) to the Hun Bi committee, and the first digital cash user will It is sent to the Hun Bi committee, waits the confirmation of the Hun Bi committee and signature;
(2) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user, and blind to digital cash drawing sequence number Change value is signed, comprising the following steps:
(2-1) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user:
Member in the Hun Bi committee receives messageAfterwards, it is obtained from the block chain of Hun Bi committee internal maintenance Take the list comprising All Activity identification code, and txid judged, if txid not in above-mentioned transaction identification code list, It willOther all members being forwarded in the Hun Bi committee wait transaction tx corresponding with txidinIn number It is identified on currency block chain, and carries out step (2-2), if txid is reported in the inside block chain of Hun Bi committee maintenance, Or the confirmation of digital cash block chain waits time-out, then terminates operation;
(2-2) the Hun Bi committee checks the transaction of above-mentioned first digital cash user:
(2-2-1) mixes coin committeeman and checks txinOutput address, if txinOutput be the Hun Bi committee ground Location then carries out step (2-2-2), if txinOutput be not the Hun Bi committee address, then terminate operation;
(2-2-2) mixes coin committeeman and checks txinThe output amount of money, if to meet the setting of the Hun Bi committee mixed for the output amount of money Coin requirement, then carry out step (2-2-3), if the output amount of money is unsatisfactory for the mixed coin requirement of Hun Bi committee setting, terminates operation;
(2-2-3) mixes coin committeeman and checks txinIn embedding data, if txinIt is embedded in and is only embedded inThen into Row step (2-3), if txinIt is not embedded intoOr be embedded in other data, then terminate operation;
(2-3) mixes coin committeeman and blinds value signature to digital cash drawing sequence number:
Mixed coin committeeman blinds value to digital cash drawing sequence numberIt signs, is signedWherein i Coin committeeman number is mixed for this, and willTriple be sent to the Hun Bi committee it is every other at Member;
(2-4) mixes coin committeeman and blinds value signature synthesis to digital cash drawing sequence number:
Mixed coin committeeman receives more than n/2'sWhen, using compact multi-signature method by institute There is signatureSynthesize single signatureAnd all members list list for receiving signature are recorded, it willThe inside block chain of Hun Bi committee maintenance is charged to, it willIt returns To the first digital cash user, wherein n is all number of members in the Hun Bi committee;
(3) first digital cash users by mixed coin committeeman to digital cash drawing sequence number blind value signature go it is blind Change, the first digital cash user or the second digital cash user send to the Hun Bi committee and take out fund to final gathering address Request, comprising the following steps:
Mixed coin committeeman is blinded value signature to digital cash drawing sequence number by (3-1) the first digital cash user It blinds:
(3-1-1) the first digital cash user receives what mixed coin committeeman returned It willIt goes to blind, obtains σ,Wherein, pk be the Hun Bi committee public key, r be step (1-1-2) in from 1, 2 ..., p-1 } choose random number;
(3-1-2) if in above-mentioned steps (1-1-1), the final address addr that collects money is generated by the second digital cash user, Then (addr, σ) is sent to the second digital cash user by the first digital cash user;
(3-2) the first digital cash user or the second digital cash user send to the Hun Bi committee takes out fund to most The request of gathering address eventually:
If the final address addr that collects money is generated by the first digital cash user, then the first number in above-mentioned steps (1-1-1) Word currency user submits (σ, addr) to the Hun Bi committee, and the Hun Bi committee is waited to send final gathering ground for corresponding fund Location addr;
If the final address addr that collects money is generated by the second digital cash user, then the second number in above-mentioned steps (1-1-1) After word currency user receives (addr, σ) from the first digital cash user, storage (addr, σ) is spare;When the second digital goods When coin user needs fund to produce, request (σ, addr) is submitted to the Hun Bi committee, and the Hun Bi committee is waited to send fund To address addr;
(4) the Hun Bi committee checks that the first digital cash user or the second digital cash user take out fund to final and receives The request of money address, generation are produced to the transaction of final gathering address, and to producing to the trading signature of final gathering address, are wrapped Include following steps:
(4-1) the Hun Bi committee, which checks, takes out fund to the request of final gathering address, and generates to produce to final and receive The transaction of money address:
(4-1-1) mixes coin committeeman and receives (σ, addr), and digital cash is calculated according to addr therein and mentions Money sequence number sn;
The processed list of sequence numbers l in the block chain of inside that (4-1-2) safeguards the Hun Bi committeesnJudged, if (4-1-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-1-3) mixes coin committeeman and carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then (4-1-4) is entered step, if σ is notLegitimate signature, then terminate operation;
(4-1-4) mixes coin committeeman and generates the transaction tx produced to final gathering address, and the input for the tx that trades is mixed The address of the coin committee exports as the address addr that finally collects money, (addr, σ, tx) is sent to the every other of the Hun Bi committee Member;
(4-2) the Hun Bi committee checks the transaction tx produced to final gathering address:
(4-2-1) mixes (addr, σ, the tx) that coin committeeman sends according to other the mixed coin committeemans received, root Digital cash drawing sequence number sn is calculated according to addr therein;
The processed list of sequence numbers l in the block chain of inside that (4-2-2) safeguards the Hun Bi committeesnJudged, if (4-2-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-2-3) carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then enter step (4-2- 4), if σ is notLegitimate signature, then terminate operation;
(4-2-4) mixes coin committeeman according to all output informations on digital cash block chain, to (addr, σ, tx) In transaction tx judged, if transaction tx is legal digital cash transaction, (4-3) is entered step, if transaction tx is not Legal digital cash transaction, then terminate operation;
(4-3) the Hun Bi committee signs to the transaction tx produced to final gathering address:
(4-3-1) mixes coin committeeman and carries out digital goods to the transaction tx produced to final gathering address being verified Coin block chain trading signature, obtains σtx,i
(4-3-2) is by (addr, tx, σtx,i) it is sent to the every other member of the Hun Bi committee;
The transaction tx produced to final gathering address is committed to digital cash block chain by (4-4) the Hun Bi committee:
Any member of (4-4-1) the Hun Bi committee receives n/2 or more σtx,iAfterwards, multi-signature σ is obtainedtx:
σtx={ σtx,i}i∈list’,
Wherein list ' is the mixed coin committeeman list that the mixed coin committeeman receives signature;
(4-4-2) is by (sn, tx, σtx) charge to the inside block chain that the Hun Bi committee safeguards;
(4-4-3), which will sign, to be produced to transaction (tx, the σ of final gathering addresstx) it is sent to digital cash block chain.
The collaborative distributed digital cash of multicenter of protection privacy proposed by the present invention mixes coin method, its advantage is that:
1, the method for the present invention this have fund and be transferred to and produce function with fund anonymity, can be used for realizing that single user's is existing Currency mixes coin or the anonymous payment of multi-user.Further application block chain technology, realization it can mix the coordinations at coin centers more.
2, in the method for the present invention, without cooperating and interact, reducing the communication of participating user and calculating cost between participant Without having to worry about single point failure, there are multiple mixed coin centers and mutually alternative, avoid service pause caused by single central fault.
3, the fast response time of the method for the present invention, fund are transferred to the output speed no more than digital cash block chain, reduce Waiting time.
4, the method for the present invention resists Denial of Service attack, and the participant of malice can not terminate the behaviour of other honest participants Make, without trusting mixed coin center, mixed coin center is mutually restricted, and a small number of malice centers can not successfully steal user's currency or snooping is handed over Easy privacy.
Detailed description of the invention
Fig. 1 is that digital cash drawing sequence number blinds value signature phase flow schematic diagram in the method for the present invention.
Fig. 2 is that the transaction that digital cash is produced to final gathering address in the method for the present invention generates and shows with phase flow of signing It is intended to.
In Fig. 1 and Fig. 2, serial number (2-1) to (2-4), (4-1) to (4-4) represent corresponding step in the method for the present invention, respectively Step is completed by the Hun Bi committee.
Specific embodiment
The collaborative distributed digital cash of multicenter of protection privacy proposed by the present invention mixes coin method, comprising the following steps:
(1) digital cash fund is transferred to Hun Bi committee address, detailed process is as follows:
(1-1) generates a digital cash drawing sequence number, comprising the following steps:
(1-1-1) the first digital cash user sequentially generates private key sk using digital cash address generating methodend, it is public Key pkendWith final gathering address addr, and store spare;
Or second digital cash user using digital cash address generating method sequentially generate private key skend, public key pkend With final gathering address addr, and the final gathering address addr of generation is sent to the first digital cash user;
(1-1-2) calculates digital cash drawing sequence number sn according to the final gathering address addr of above-mentioned steps (1-1), Sn ← H (addr), wherein H () represents hash algorithm, any input is mapped in p rank cyclic group, g is the generation of cyclic group Member;
Random number r is chosen from { 1,2 ..., p-1 }, digital cash drawing sequence number is obtained and blinds value
(1-2) generates the transaction that Hun Bi committee address is transferred to from the first digital cash user, comprising the following steps:
(1-2-1) the first digital cash user trades according to existing digital cash and exports, and generates a digital cash and hands over Easy txin, digital cash transaction txinOutput be address that the Hun Bi committee specifies, and be embedded in above-mentioned steps in this transaction The digital cash drawing sequence number of (1-2) blinds value
(1-2-2) the first digital cash user is to digital moneytary operations txinSignature, signature is denoted asAnd it will It is sent to digital cash block chain, and will be withCorresponding identification code is denoted as txid;
(1-3) issues the request of the transaction of verifying above-mentioned steps (2) to the Hun Bi committee, and the first digital cash user will It is sent to the Hun Bi committee, waits the confirmation of the Hun Bi committee and signature;
(2) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user, and blind to digital cash drawing sequence number Change value is signed, and is included the following steps, as shown in Figure 1:
(2-1) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user:
Member in the Hun Bi committee receives messageAfterwards, it is obtained from the block chain of Hun Bi committee internal maintenance Take the list comprising All Activity identification code, and txid judged, if txid not in above-mentioned transaction identification code list, It willOther all members being forwarded in the Hun Bi committee wait transaction tx corresponding with txidinIn number It is identified on currency block chain, and carries out step (2-2), if txid is reported in the inside block chain of Hun Bi committee maintenance, Or the confirmation of digital cash block chain waits time-out, then terminates operation;
(2-2) the Hun Bi committee checks the transaction of above-mentioned first digital cash user:
(2-2-1) mixes coin committeeman and checks txinOutput address, if txinOutput be the Hun Bi committee ground Location then carries out step (2-2-2), if txinOutput be not the Hun Bi committee address, then terminate operation;
(2-2-2) mixes coin committeeman and checks txinThe output amount of money, if to meet the setting of the Hun Bi committee mixed for the output amount of money Coin requirement, then carry out step (2-2-3), if the output amount of money is unsatisfactory for the mixed coin requirement of Hun Bi committee setting, terminates operation;
(2-2-3) mixes coin committeeman and checks txinIn embedding data, if txinIt is embedded in and is only embedded inThen into Row step (2-3), if txinIt is not embedded intoOr be embedded in other data, then terminate operation;
(2-3) mixes coin committeeman and blinds value signature to digital cash drawing sequence number:
Mixed coin committeeman blinds value to digital cash drawing sequence numberIt signs, is signedWherein i is The mixed coin committeeman number, and willTriple is sent to the every other member of the Hun Bi committee;
(2-4) mixes coin committeeman and blinds value signature synthesis to digital cash drawing sequence number:
Mixed coin committeeman receives more than n/2'sWhen, using compact multi-signature method by institute There is signatureSynthesize single signatureAnd all members list list for receiving signature are recorded, it willThe inside block chain of Hun Bi committee maintenance is charged to, it willIt returns To the first digital cash user, wherein n is all number of members in the Hun Bi committee;
(3) first digital cash users by mixed coin committeeman to digital cash drawing sequence number blind value signature go it is blind Change, the first digital cash user or the second digital cash user send to the Hun Bi committee and take out fund to final gathering address Request, comprising the following steps:
Mixed coin committeeman is blinded value signature to digital cash drawing sequence number by (3-1) the first digital cash user It blinds:
(3-1-1) the first digital cash user receives what mixed coin committeeman returned It willIt goes to blind, obtains σ,Wherein, pk is the public key of the Hun Bi committee, is anyone a known disclosure Value, r are the random number chosen in step (1-1-2) from { 1,2 ..., p-1 };
(3-1-2) if in above-mentioned steps (1-1-1), the final address addr that collects money is generated by the second digital cash user, Then (addr, σ) is sent to the second digital cash user by the first digital cash user;
(3-2) the first digital cash user or the second digital cash user send to the Hun Bi committee takes out fund to most The request of gathering address eventually:
If the final address addr that collects money is generated by the first digital cash user, then the first number in above-mentioned steps (1-1-1) Word currency user submits (σ, addr) to the Hun Bi committee, and the Hun Bi committee is waited to send final gathering ground for corresponding fund Location addr;
If the final address addr that collects money is generated by the second digital cash user, then the second number in above-mentioned steps (1-1-1) After word currency user receives (addr, σ) from the first digital cash user, storage (addr, σ) is spare;When the second digital goods When coin user needs fund to produce, request (σ, addr) is submitted to the Hun Bi committee, and the Hun Bi committee is waited to send fund To address addr;
(4) the Hun Bi committee checks that the first digital cash user or the second digital cash user take out fund to final and receives The request of money address, generation are produced to the transaction of final gathering address, and to producing to the trading signature of final gathering address, are wrapped Following steps are included, as shown in Figure 2:
(4-1) the Hun Bi committee, which checks, takes out fund to the request of final gathering address, and generates to produce to final and receive The transaction of money address:
(4-1-1) mixes coin committeeman and receives (σ, addr), and digital cash is calculated according to addr therein and mentions Money sequence number sn;
The processed list of sequence numbers l in the block chain of inside that (4-1-2) safeguards the Hun Bi committeesnJudged, if (4-1-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-1-3) mixes coin committeeman and carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then (4-1-4) is entered step, if σ is notLegitimate signature, then terminate operation;
(4-1-4) mixes coin committeeman and generates the transaction tx produced to final gathering address, and the input for the tx that trades is mixed The address of the coin committee exports as the address addr that finally collects money, (addr, σ, tx) is sent to the every other of the Hun Bi committee Member;
(4-2) the Hun Bi committee checks the transaction tx produced to final gathering address:
(4-2-1) mixes (addr, σ, the tx) that coin committeeman sends according to other the mixed coin committeemans received, root Digital cash drawing sequence number sn is calculated according to addr therein;
The processed list of sequence numbers l in the block chain of inside that (4-2-2) safeguards the Hun Bi committeesnJudged, if (4-2-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-2-3) carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then enter step (4-2- 4), if σ is notLegitimate signature, then terminate operation;
(4-2-4) mixes coin committeeman according to all output informations on digital cash block chain, to (addr, σ, tx) In transaction tx judged, if transaction tx is legal digital cash transaction, (4-3) is entered step, if transaction tx is not Legal digital cash transaction, then terminate operation;
(4-3) the Hun Bi committee signs to the transaction tx produced to final gathering address:
(4-3-1) mixes coin committeeman and carries out digital goods to the transaction tx produced to final gathering address being verified Coin block chain trading signature, obtains σtx,i
(4-3-2) is by (addr, tx, σtx,i) it is sent to the every other member of the Hun Bi committee;
The transaction tx produced to final gathering address is committed to digital cash block chain by (4-4) the Hun Bi committee:
Any member of (4-4-1) the Hun Bi committee receives n/2 or more σtx,iAfterwards, multi-signature σ is obtainedtx:
σtx={ σtx,i}i∈list’,
Wherein list ' is the mixed coin committeeman list that the mixed coin committeeman receives signature;
(4-4-2) is by (sn, tx, σtx) charge to the inside block chain that the Hun Bi committee safeguards;
(4-4-3), which will sign, to be produced to transaction (tx, the σ of final gathering addresstx) it is sent to digital cash block chain.

Claims (1)

1. a kind of collaborative distributed digital cash of multicenter for protecting privacy mixes coin method, it is characterised in that this method includes following Step:
(1) digital cash fund is transferred to Hun Bi committee address, detailed process is as follows:
(1-1) generates a digital cash drawing sequence number, comprising the following steps:
(1-1-1) the first digital cash user sequentially generates private key sk using digital cash address generating methodend, public key pkendWith final gathering address addr, and store spare;
Or second digital cash user using digital cash address generating method sequentially generate private key skend, public key pkendMost Gathering address addr eventually, and the final gathering address addr of generation is sent to the first digital cash user;
(1-1-2) calculates digital cash drawing sequence number sn, sn ← H according to the final gathering address addr of above-mentioned steps (1-1) (addr), wherein H () represents hash algorithm, and any input is mapped in p rank cyclic group, and g is the generation member of cyclic group;
Random number r is chosen from { 1,2 ..., p-1 }, digital cash drawing sequence number is obtained and blinds value
(1-2) generates the transaction that Hun Bi committee address is transferred to from the first digital cash user, comprising the following steps:
(1-2-1) the first digital cash user trades according to existing digital cash and exports, and generates a digital moneytary operations txin, digital cash transaction txinOutput be the Hun Bi committee specify address, and in this transaction be embedded in above-mentioned steps (1- 2) digital cash drawing sequence number blinds value
(1-2-2) the first digital cash user is to digital moneytary operations txinSignature, signature is denoted asAnd it will It is sent to digital cash block chain, and will be withCorresponding identification code is denoted as txid;
(1-3) issues the request of the transaction of verifying above-mentioned steps (2) to the Hun Bi committee, and the first digital cash user will It is sent to the Hun Bi committee, waits the confirmation of the Hun Bi committee and signature;
(2) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user, and blinds value to digital cash drawing sequence number It signs, comprising the following steps:
(2-1) the Hun Bi committee confirms the transaction of above-mentioned first digital cash user:
Member in the Hun Bi committee receives messageAfterwards, it obtains and wraps from the block chain of Hun Bi committee internal maintenance The list of the identification code containing All Activity, and txid is judged, if txid not in above-mentioned transaction identification code list, is incited somebody to actionOther all members being forwarded in the Hun Bi committee wait transaction tx corresponding with txidinIn digital goods It is identified on coin block chain, and carries out step (2-2), if txid is reported in the inside block chain of Hun Bi committee maintenance, or The confirmation of digital cash block chain waits time-out, then terminates operation;
(2-2) the Hun Bi committee checks the transaction of above-mentioned first digital cash user:
(2-2-1) mixes coin committeeman and checks txinOutput address, if txinOutput be the Hun Bi committee address, then into Row step (2-2-2), if txinOutput be not the Hun Bi committee address, then terminate operation;
(2-2-2) mixes coin committeeman and checks txinThe output amount of money, set mixed coin if the output amount of money meets the Hun Bi committee and want It asks, then carries out step (2-2-3), if the output amount of money is unsatisfactory for the mixed coin requirement of Hun Bi committee setting, terminate operation;
(2-2-3) mixes coin committeeman and checks txinIn embedding data, if txinIt is embedded in and is only embedded inThen walked Suddenly (2-3), if txinIt is not embedded intoOr be embedded in other data, then terminate operation;
(2-3) mixes coin committeeman and blinds value signature to digital cash drawing sequence number:
Mixed coin committeeman blinds value to digital cash drawing sequence numberIt signs, is signedWherein i is mixed for this Coin committeeman number, and willTriple is sent to the every other member of the Hun Bi committee;
(2-4) mixes coin committeeman and blinds value signature synthesis to digital cash drawing sequence number:
Mixed coin committeeman receives more than n/2'sWhen, using compact multi-signature method by all label NameSynthesize single signatureAnd all members list list for receiving signature are recorded, it will The inside block chain of Hun Bi committee maintenance is charged to, it willThe first digital cash user is returned to, Wherein n is all number of members in the Hun Bi committee;
Mixed coin committeeman is blinded value signature to digital cash drawing sequence number and goes to blind by (3) first digital cash users, First digital cash user or the second digital cash user send to the Hun Bi committee takes out fund to final gathering address Request, comprising the following steps:
(3-1) the first digital cash user by mixed coin committeeman to digital cash drawing sequence number blind value signature go it is blind Change:
(3-1-1) the first digital cash user receives what mixed coin committeeman returnedIt willIt goes It blinds, obtains σ,Wherein, pk is the public key of the Hun Bi committee, and r is in step (1-1-2) from { 1,2 ..., p- 1 } random number chosen;
(3-1-2) if in above-mentioned steps (1-1-1), the final address addr that collects money is generated by the second digital cash user, then and the (addr, σ) is sent to the second digital cash user by one digital cash user;
(3-2) the first digital cash user or the second digital cash user, which send to take out fund to final to the Hun Bi committee, to receive The request of money address:
If the final address addr that collects money is generated by the first digital cash user, then the first digital goods in above-mentioned steps (1-1-1) Coin user submits (σ, addr) to the Hun Bi committee, and the Hun Bi committee is waited to send final gathering address for corresponding fund addr;
If the final address addr that collects money is generated by the second digital cash user, then the second digital goods in above-mentioned steps (1-1-1) After coin user receives (addr, σ) from the first digital cash user, storage (addr, σ) is spare;When the second digital cash is used When family needs fund to produce, request (σ, addr) is submitted to the Hun Bi committee, and the Hun Bi committee is waited to be sent to ground for fund Location addr;
(4) the Hun Bi committee checks that the first digital cash user or the second digital cash user take out fund to final gathering ground The request of location, generates the transaction produced to final gathering address, and to producing to the trading signature of final gathering address, including with Lower step:
(4-1) the Hun Bi committee, which checks, takes out fund to the request of final gathering address, and generates and produce to final gathering ground The transaction of location:
(4-1-1) mixes coin committeeman and receives (σ, addr), and digital cash drawing sequence is calculated according to addr therein Row number sn;
The processed list of sequence numbers l in the block chain of inside that (4-1-2) safeguards the Hun Bi committeesnJudged, if (4-1-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-1-3) mixes coin committeeman and carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then enter Step (4-1-4), if σ is notLegitimate signature, then terminate operation;
(4-1-4) mixes coin committeeman and generates the transaction tx produced to final gathering address, and the input for the tx that trades is mixed coin committee Member can address, export as the address addr that finally collects money, by (addr, σ, tx) be sent to the Hun Bi committee it is every other at Member;
(4-2) the Hun Bi committee checks the transaction tx produced to final gathering address:
(4-2-1) mixes (addr, σ, the tx) that coin committeeman sends according to other the mixed coin committeemans received, according to it In addr digital cash drawing sequence number sn is calculated;
The processed list of sequence numbers l in the block chain of inside that (4-2-2) safeguards the Hun Bi committeesnJudged, if (4-2-3) is then entered step, if sn ∈ lsn, then operation is terminated;
(4-2-3) carries out signature verification to (σ, addr) is received, if σ isLegitimate signature, then (4-2-4) is entered step, if σ It is notLegitimate signature, then terminate operation;
(4-2-4) mixes coin committeeman according to all output informations on digital cash block chain, in (addr, σ, tx) Transaction tx is judged, if transaction tx is legal digital cash transaction, enters step (4-3), if transaction tx is not legal Digital cash transaction, then terminate operation;
(4-3) the Hun Bi committee signs to the transaction tx produced to final gathering address:
(4-3-1) mixes coin committeeman and carries out digital cash area to the transaction tx produced to final gathering address being verified Block chain trading signature, obtains σtx,i
(4-3-2) is by (addr, tx, σtx,i) it is sent to the every other member of the Hun Bi committee;
The transaction tx produced to final gathering address is committed to digital cash block chain by (4-4) the Hun Bi committee:
Any member of (4-4-1) the Hun Bi committee receives n/2 or more σtx,iAfterwards, multi-signature σ is obtainedtx:
σtx={ σtx,i}i∈list’,
Wherein list ' is the mixed coin committeeman list that the mixed coin committeeman receives signature;
(4-4-2) is by (sn, tx, σtx) charge to the inside block chain that the Hun Bi committee safeguards;
(4-4-3), which will sign, to be produced to transaction (tx, the σ of final gathering addresstx) it is sent to digital cash block chain.
CN201811203714.7A 2018-10-16 2018-10-16 Multi-center collaborative distributed digital currency mixing method for protecting privacy Active CN109447602B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811203714.7A CN109447602B (en) 2018-10-16 2018-10-16 Multi-center collaborative distributed digital currency mixing method for protecting privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811203714.7A CN109447602B (en) 2018-10-16 2018-10-16 Multi-center collaborative distributed digital currency mixing method for protecting privacy

Publications (2)

Publication Number Publication Date
CN109447602A true CN109447602A (en) 2019-03-08
CN109447602B CN109447602B (en) 2021-11-02

Family

ID=65545660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811203714.7A Active CN109447602B (en) 2018-10-16 2018-10-16 Multi-center collaborative distributed digital currency mixing method for protecting privacy

Country Status (1)

Country Link
CN (1) CN109447602B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109961288A (en) * 2019-03-22 2019-07-02 北京沃东天骏信息技术有限公司 Method of commerce and device based on Proxy Signature
CN110175912A (en) * 2019-04-08 2019-08-27 西安西电链融科技有限公司 Across the chain assets transfer method of block chain, block chain information terminal based on the committee
CN111698084A (en) * 2020-06-04 2020-09-22 电子科技大学 Block chain-based concealed communication method
WO2021077762A1 (en) * 2020-06-02 2021-04-29 浙江大学 Coin-mixing service analysis method based on heuristic trading analysis
WO2021081866A1 (en) * 2019-10-31 2021-05-06 深圳市网心科技有限公司 Transaction method, device, and system based on account model, and storage medium
CN113450091A (en) * 2021-06-21 2021-09-28 北京理工大学 Alliance chain privacy protection method based on mixer technology
TWI773161B (en) * 2021-03-02 2022-08-01 雲想科技股份有限公司 Digital signature private key verification method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160358165A1 (en) * 2015-06-08 2016-12-08 Blockstream Corporation Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160358165A1 (en) * 2015-06-08 2016-12-08 Blockstream Corporation Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
TIM RUFFING 等: "CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin", 《ESORICS 2014,PART II》 *
吴进喜 等: "基于区块链的多方隐私保护公平合同签署协议", 《信息安全学报》 *
张宪等: "区块链隐私技术综述", 《信息安全研究》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109961288A (en) * 2019-03-22 2019-07-02 北京沃东天骏信息技术有限公司 Method of commerce and device based on Proxy Signature
WO2020192236A1 (en) * 2019-03-22 2020-10-01 北京沃东天骏信息技术有限公司 Blind signature-based transaction method and device
CN109961288B (en) * 2019-03-22 2022-04-26 北京沃东天骏信息技术有限公司 Transaction method and device based on blind signature
CN110175912A (en) * 2019-04-08 2019-08-27 西安西电链融科技有限公司 Across the chain assets transfer method of block chain, block chain information terminal based on the committee
CN110175912B (en) * 2019-04-08 2023-05-05 西安链融科技有限公司 Committee-based blockchain cross-chain asset transfer method and blockchain information terminal
WO2021081866A1 (en) * 2019-10-31 2021-05-06 深圳市网心科技有限公司 Transaction method, device, and system based on account model, and storage medium
WO2021077762A1 (en) * 2020-06-02 2021-04-29 浙江大学 Coin-mixing service analysis method based on heuristic trading analysis
CN111698084A (en) * 2020-06-04 2020-09-22 电子科技大学 Block chain-based concealed communication method
CN111698084B (en) * 2020-06-04 2021-02-05 电子科技大学 Block chain-based concealed communication method
TWI773161B (en) * 2021-03-02 2022-08-01 雲想科技股份有限公司 Digital signature private key verification method
CN113450091A (en) * 2021-06-21 2021-09-28 北京理工大学 Alliance chain privacy protection method based on mixer technology
CN113450091B (en) * 2021-06-21 2023-06-02 北京理工大学 Alliance chain privacy protection method based on mixer technology

Also Published As

Publication number Publication date
CN109447602B (en) 2021-11-02

Similar Documents

Publication Publication Date Title
CN109447602A (en) A kind of mixed coin method of the collaborative distributed digital cash of multicenter that protecting privacy
CN106911470B (en) Bit currency transaction privacy enhancement method
US20240078541A1 (en) Computer-implemented system and method for exchange of data
CN109377360A (en) Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm
TWI684100B (en) Consensus system and method for public distributed ledgers
CN110612547A (en) System and method for information protection
CN105959307A (en) Existence certification and authentication service method and system based on block chain technology
CN110912705B (en) Distributed electronic voting method and system based on block chain
CN111191280A (en) Block chain transaction method based on encrypted data, electronic equipment and storage medium
CN113691361A (en) Alliance chain privacy protection method and system based on homomorphic encryption and zero knowledge proof
CN109919614A (en) A kind of method for protecting intelligent contract privacy using zero-knowledge proof in block chain
CN110443608A (en) Big data justice and method for secure transactions based on block chain
CN111738857B (en) Generation and verification method and device of concealed payment certificate applied to block chain
CN113095826A (en) Covert communication method and system based on block chain multi-signature
CN106909852A (en) Intelligent contract encryption method and device based on triple md5 encryption algorithms
CN115238294A (en) Digital RMB transaction privacy protection method, system and device based on mixed currency protocol
CN113645036A (en) Ether shop transaction privacy protection method based on ring signature and intelligent contract
CN112184245A (en) Cross-block-chain transaction identity confirmation method and device
CN110889793A (en) Block chain-based digital lottery issuing method and block chain link points
CN105072092A (en) Improved first-price sealed auction method with comparable encryption
CN112989409A (en) Block chain privacy protection scheme based on blind mixed currency on lattice
CN113939800A (en) Computer-implemented method and system for pseudo-random data generation
Sariboz et al. FIRST: frontrunning resilient smart contracts
CN110414951A (en) Digital asset based on intelligent contract circulates method, apparatus and system
Mufleh Bitcoin Eclipse Attack-Statistic Analysis on Selfish Mining and Double-Spending Attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant