CN110648229B - Semi-public block chain system and transaction method - Google Patents

Semi-public block chain system and transaction method Download PDF

Info

Publication number
CN110648229B
CN110648229B CN201910725064.0A CN201910725064A CN110648229B CN 110648229 B CN110648229 B CN 110648229B CN 201910725064 A CN201910725064 A CN 201910725064A CN 110648229 B CN110648229 B CN 110648229B
Authority
CN
China
Prior art keywords
transaction
amount
address
noise
balance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910725064.0A
Other languages
Chinese (zh)
Other versions
CN110648229A (en
Inventor
代文昊
顾小卓
王梦凡
魏本强
李文渊
贾世杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Institute of Information Engineering of CAS
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS, Data Assurance and Communication Security Research Center of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201910725064.0A priority Critical patent/CN110648229B/en
Publication of CN110648229A publication Critical patent/CN110648229A/en
Application granted granted Critical
Publication of CN110648229B publication Critical patent/CN110648229B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The invention discloses a semi-public block chain system and a transaction method, which are characterized in that when a transfer party transfers money to a receiving party, the transfer party selects a noise value to fuzzify the transaction amount, encrypts the noise value by using a multi-receiver signcryption technology and then sends the encrypted noise value to the receiving party; the payee decrypts the received encrypted noise value by using the private key of the payee, and obtains the transaction amount. Compared with the existing full-open blockchain, the method increases transaction noise, realizes partial hiding of transaction, ensures the transaction privacy of users, and ensures the safety of the scheme by using a multi-receiver signcryption and zero-knowledge proving technology. Compared with the existing fully-hidden block chain, the non-transaction participants in the invention can read the transaction part information (transaction amount and input/output amount after noise is added), thereby avoiding the problem of difficult supervision to a certain extent.

Description

Semi-public block chain system and transaction method
Technical Field
The invention belongs to the technical field of cryptography, and relates to a semi-public blockchain system and a transaction method.
Background
The block chain is a distributed account book technology which is jointly maintained by multiple parties, transmission and access safety is guaranteed by using cryptography, data can be stored consistently, tampering is difficult, and repudiation is prevented. The traditional block chain based on utxo (open Transaction output), such as bitcoin, uses a distributed database composed of many nodes in the whole P2P network to confirm and record all Transaction behaviors, except that private information of Transaction parties is encrypted, anyone can query each Transaction or the balance of a certain address through a public interface, and all Transaction data is publicly transparent. However, this open system feature creates a privacy-free statement that if account and transaction information is known for some commercial establishments, all of its wealth and commercial confidentiality, etc. can be known. To improve the anonymity of users, 2016, an open source community issued a decentralization anonymous payment scheme based on a bitcoin model: zcash, which is the most privacy currency in the blockchain UTXO model so far. Zcash hides the transaction information (sender address, receiver address, transaction amount) and only the person with the private key has the right to view the transaction information. Zcash uses zero knowledge proof to protect transaction privacy on the network to the maximum extent, but this completely hidden anonymous currency violates the most essential public transparency property of the blockchain, which brings about regulatory issues, and if lawbreakers use the method for illegal acts such as gambling, drug selling, money washing, etc., they cannot be traced, which causes a series of social problems.
The blockchain technique stems from the bitcoin proposed by the chinese tomb in 2008. The transactional nature of the bitcoin is UTXO, the unused transactional output. Each block in the blockchain account book of the bitcoin records a plurality of transaction inputs and transaction outputs, except for the money-creating transaction, all transaction fund sources must come from UTXO of one or more previous transactions, and the input total amount of any one transaction must be equal to the output total amount. The user's bitcoin balance is calculated by the bitcoin wallet by scanning the blockchain and aggregating all UTXOs belonging to the user, which are used to speed up blockchain transaction verification and sequence transactions.
The zero knowledge proof presented by s.goldwasser et al in the 80's 20 th century means that the prover is able to convince the verifier that some conclusion is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that two or more parties need to take to accomplish a task. In 2013, the non-interactive zero knowledge proof protocol named Pinocchio proposed by Bryan et al realizes minute-level proof and millisecond-level proof, proves that the evidence size is less than 300 bytes, and brings the non-interactive zero knowledge proof from theory to application.
Researchers have introduced the multi-receiver signcryption scheme by incorporating the digital signcryption technique proposed by Zheng et al in 1997 into the multi-receiver encryption concept proposed by Baudron in 2000. In the scheme, a sender only needs to carry out one-time signcryption operation, so that a plurality of authorized receivers can carry out correct decryption, and the source of a plaintext message is confirmed.
The blockchain is essentially a distributed public ledger, and all transaction information is recorded on the public ledger, which exposes much information, such as medical information, capital flow of merchants, and the like. In bitcoin, a user is identified by the hash value of the public key, but the user is just a 'pseudonym' and does not have 'anonymity', and some private information of the user can be analyzed by the user address in the transaction record. Therefore, a complete public blockchain ledger book similar to bitcoin has a hidden danger of privacy disclosure. While Zcash that achieves complete anonymity protects user privacy, it loses the most essential public transparency feature of the blockchain and may suffer from gambling, vending, money laundering, etc. Therefore, a scheme of a semi-hidden block chain system is designed, so that the privacy of a user is protected, other people can inquire a certain transaction amount, and potential safety hazards caused by complete anonymity or complete disclosure are avoided.
Disclosure of Invention
The invention constructs a blockchain system with semi-public transaction information and a transaction method, namely, participants of transaction (including a transfer party and a receiving party) can accurately acquire complete and exact transaction contents, and non-transaction participants (including an accounting person on the transaction chain and other nodes in the system) can acquire the complete transaction contents, but the transfer amount and the output amount in the transaction contents are added with certain noise, so that the real transfer amount and the output amount are hidden.
The technical scheme of the invention is as follows:
a block chain system transaction method with semi-public transaction information is characterized in that when a transfer party transfers money to a receiving party, the transfer party selects a noise value to fuzze the transaction amount, encrypts the noise value by using a multi-receiver signcryption technology and sends the encrypted noise value to the receiving party; the payee decrypts the received encrypted noise value by using the private key of the payee, and obtains the transaction amount.
Further, the transfer party proves that the transfer party has a balance for paying the transaction amount by using a zero-knowledge proof technology.
Further, the reward amount X obtained by the billers in the blockchain system obeys normal distribution N (mu, sigma)2) Mu is the desired award amount, sigma2Is the variance; the bookkeeper selects a set noise value to fuzze the reward amount X, encrypts the fuzzy value by using the public key of the bookkeeper to obtain a noise ciphertext, and then generates a zero knowledge proof to prove that the reward amount X is in a reasonable range.
Further, the method for verifying the forwarding transaction by the node or the bookkeeper in the blockchain system comprises the following steps: firstly, judging whether the sum of input amount of transaction is equal to the sum of output amount; if so, the proof of zero knowledge checks to see if the input address has a sufficient balance to cover the transaction amount.
Further, when the transfer party Miner transfers the amount M to the receiver Alice; miner selects a noiseMAnd encrypt noise with multiple recipient signcryption techniquesMObtain the ciphertext VMThen generates a transaction amount B1=M-noiseMAnd Miner generates zero proof of knowledge piMAnd a verification key VKFM(ii) a Transaction information is then generated and broadcast into the blockchain system.
Further, the transaction information comprises a transaction input AddresstransactionTransaction amount B1、AddressMinerObtaining Y1Amount of money, AddressAliceObtaining Y2Money, noise cipher text VMZero knowledge proof of evidence piMAnd a verification key VKFM(ii) a Wherein, Y1=Y-B1,Y=X-noiseX,Y2=B1
Further, when a user queries the balance of a user's address, if the user is the owner of the queried address, the blockchain system traverses from the newest block, looking up the output address where the queried address is not spent as { UiI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired; and then for each UiAnd the unspent amount recorded in the output address is recorded as OiBy looking back at the transactions associated with this unspent address, the noise { V } of all related transactions is recordedi,tT is more than or equal to 0 and less than or equal to j, the sum of the related transaction times is j, and the output address U is calculatediThe true unspent balance is Si=Oi+(-1)T*Dsk(Vi,t) T is more than or equal to 0 and less than or equal to j, wherein in the tth transaction, if the address of the user is in the input list of the transaction, T is 1, otherwise T is 2, and the real balance of the user is S-S0+…+Sk
Further, when the user inquires balance, if the user is not the owner of the balance inquiry address, the block chain system starts to traverse from the latest block, and the output address which is not spent for searching the inquiry address is marked as { UiI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired; and then for each UiAnd the unspent amount recorded in the output address is recorded as OiReturning the balance S ═ O of the balance inquiry address0+…+Ok
A block chain system with semi-public transaction information is characterized by comprising a transfer party and a receiving party; when the transfer party transfers money to the receiver, the transfer party selects a noise value to fuzzify the transaction amount, encrypts the noise value by using the signcryption technology of multiple receivers and sends the encrypted noise value to the receiver; the payee decrypts the received encrypted noise value by using the private key of the payee, and obtains the transaction amount.
For simplicity of presentation, locking scripts and unlocking script information are omitted. There are several scenarios that will be briefly described herein below.
Transfer transaction algorithm
When a transfer party transfers money to a receiving party, a proper noise value needs to be selected to obscure the transaction amount of the transaction, and in order to avoid the leakage of the noise value and ensure that the receiving party obtains the correct transfer amount, the transfer party encrypts the noise value by using the multi-receiver signcryption technology, so that only the transfer party and the receiving party are allowed to decrypt the noise value by using own private keys, and the real content of the transaction is obtained. Meanwhile, the transfer party needs to prove that the transfer party has enough balance to pay for the transaction by using zero knowledge proving technology. The noise ciphertext is stored in the block, each transaction message has a corresponding noise ciphertext, because the account transfer party uses the multi-receiver signcryption technology and uses the public keys of the participants to encrypt, and the participants can simply decrypt the ciphertext by only using the private key to obtain the ciphertext.
The noise value in the present invention is the degree to which the transaction initiator wants to disclose information to the outside, such as participant a transferring 10 money to participant B in a transaction, and a chooses to hide fifty percent, then the "noise value" for the transaction is 5. Except that the participants of the transaction can really read the real money of the transaction, other people read that 5 pieces of money are transferred to the bank B by the bank A, thus hiding the transaction to a certain extent and enabling other people to read an approximate range of the transaction.
The traditional complete hiding scheme cannot be supervised, but can be supervised to a certain extent, and the main innovation point of the scheme is that a semi-public scheme between a full-public scheme and a full-hiding scheme is safely constructed, and for participants of a transaction, the transaction is fully public, and the participants of the transaction can read the approximate range of the transaction amount (which is not possessed by the full-hiding scheme). The following algorithms work similarly.
Accounting reward transaction algorithm
To ensure the consistency and security of the scheme, the amount of the reward earned by the biller for the billing reward transaction follows a normal distribution N (mu, sigma)2) Mu is the expectation (the amount of the reward set by the system), sigma2Is the variance. The bookkeeper needs to select a proper noise to fuzze the reward amount, encrypt the fuzzy value by using the public key of the bookkeeper to obtain a noise ciphertext, and then generate a zero knowledge proof to prove that the reward amount is in a reasonable range.
Verifying transaction algorithms
When the node or the biller verifies the transfer transaction, the correctness of the transaction is verified through the following two steps: firstly, judging whether the sum of the input amount of the transaction is equal to the sum of the output amount; the input address is then checked for sufficient balance to cover the transaction by proof of zero knowledge. When the node or biller verifies the billed reward transaction, it checks whether the reward amount is within a reasonable range by proof of zero knowledge.
User balance inquiry algorithm
When a common user inquires the balance of a certain user address, the common user traverses from the latest block, searches all the uneconomical output addresses of the inquired address and accumulates the balance. When a user with a private key corresponding to the inquired address inquires balance, traversing from the latest block, searching all the uneconomical output addresses of the inquired address, backtracking and searching the noise value of related transaction aiming at each uneconomical output address, decrypting all the noise values, and removing noise to obtain correct account balance.
Compared with the prior art, the invention has the following positive effects:
1. compared with the existing full-open blockchain, the method increases transaction noise, realizes partial hiding of transaction, ensures the transaction privacy of users, and ensures the safety of the scheme by using a multi-receiver signcryption and zero-knowledge proving technology.
2. Compared with the existing fully-hidden block chain, the non-transaction participants in the invention can read the transaction part information (transaction amount and input/output amount after noise is added), thereby avoiding the problem of difficult supervision to a certain extent.
Drawings
FIG. 1 is a diagram of an example transaction;
FIG. 2 is a flow chart of a transfer transaction algorithm;
FIG. 3 is a flow chart of a verification transaction algorithm;
FIG. 4 is a flow chart of a balance inquiry algorithm.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
In order to describe the technical concept of the invention more simply, the transactions are input by simple single address, and the locking script and the unlocking script are omitted, and the multi-input transaction idea is similar. In the scheme, one piece of transaction information comprises a transaction input address, a transaction amount, a transaction output address, the amount obtained by the address, a noise ciphertext and zero knowledge proof information, and is shown in figure 1.
First, account keeping reward transaction algorithm
When a Miner packs a plurality of transactions to be integrated into block information for uplink, a reward transaction can be obtained, the reward transaction has no input, the Miner calculates a real account reward amount X according to the reward amount set by the system, and the X obeys normal distribution N (mu, sigma)2) Mu is the expectation (the amount of the reward set by the system), sigma2The variance is uniformly set in the system. Miner selects a noise after obtaining XXAnd will oiseXObtaining V after encryption by using public keyX. Miner generates zero proof of knowledge proof pi and verification key VKFF represents the function of the zero knowledge proof, i.e. the sum of money obtained by Miner on the proof block plus the noise ciphertext VXWithin a reasonable prize amount. The reward transaction Address is AddresstransactionThe reward transaction information is the transaction amount B (B ═ X-noise)X)、AddressMinerObtaining Y (Y ═ X-noiseX) Reward, noise cipher text VXZero proof of knowledge proof pi and experimentLicense key VKF
Second, account transfer transaction algorithm
As shown in fig. 2, when the user Miner makes a transaction (i.e., transfer) with Alice, it needs to transfer M amount to Alice. Miner selects noise of the transactionMEncrypt noise using multi-receiver signcryption (encrypt using Miner and Alice's public key and sign using Miner's private key)MObtain the ciphertext VMAt this time, both the transaction participants Miner and Alice can decrypt VMAnd verify VMThe source of (a). After adding noise, the transaction amount B1(B1=M-noiseM). Miner generates zero proof of knowledge evidence piMAnd a verification key VKFMFM stands for the balance of the user Miner sufficient to support the transaction, i.e.
Y+Dsk(VX)>B1+Dsk(VM)
Wherein D is a decryption algorithm, and sk is the private key of Miner, and belongs to a secret value. The transaction Address is Addresstransaction1The transaction information is a reward transaction AddresstransactionTransaction amount B1(B1=M-noiseM)、AddressMinerObtaining Y1(Y1=Y-B1) Amount of money, AddressAliceObtaining Y2(Y2=B1) Money, noise cipher text VMZero proof of knowledge proof piMAnd a verification key VKFM。AddressMinerFor the Address of the user Miner, AddressAliceIs the address of the user Alice.
Third, verify the trade algorithm
As shown in fig. 3, when an biller or a node in the blockchain obtains a transaction, the correctness of the transaction needs to be verified, and the transaction is forwarded or uplink is packaged after the verification is passed. Transactions are divided into two cases: firstly, the transaction of account keeping and reward is carried out, the node inputs the output amount and the ciphertext noise in the transaction, runs a zero-knowledge proof evidence pi and a verification key VKFChecking whether the amount of the account award meets the requirement.
When a transfer transaction is received, the transfer transaction,the node firstly judges whether the sum of the input amount of the transaction is equal to the sum of the output amount (the node in the block chain receives transaction information through the P2P technology, namely a data packet with a certain rule, the data packet has an input address and an output amount, the balance of the input address is found through the block chain, whether the balance is consistent with the output amount in the data packet or not is judged), then the transaction record times j of the input address are found through backtracking of local complete block chain information, and the noise ciphertext { V } of each transaction of the input address is recordedi0 ≦ i ≦ j (e.g., V for Miner in the transfer transaction described above)X) Node input ViRunning a zero-knowledge proof evidence pi and a verification key VK, and checking whether the input address has enough balance to pay for the transaction.
Fourth, user balance inquiry algorithm
As shown in fig. 4, the user balance query is divided into two cases: when the user is the owner of the balance inquiry address, namely, the user owns the private key sk, the block chain system starts to traverse from the newest block, and the output address which is not paid for and is searched for the inquiry address is marked as { UiI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired. For each UiThe amount of unspent money recorded in the address is OiBy looking back at the transactions associated with this unspent address, the noise { V } of all related transactions is recordedi,tT is more than or equal to 0 and less than or equal to j, the sum of the related transaction times is j, and the output address U is calculatediThe true unspent balance is Si(Si=Oi+(-1)T*Dsk(Vi,t) T is more than or equal to 0 and less than or equal to j), wherein in the tth transaction, if the address of the user is in the input list of the transaction, T is 1, otherwise T is 2, and the real balance of the user is S (S is S)0+…+Sk). The effect of T is that when the user address is in the input list of the transaction, S is calculated, O needs to be subtracted by noise, and when the user address is in the output list, noise needs to be added.
When the user is not the owner of the balance inquiry address, the latest block is traversed, and the inquiry address is searched for being not spentThe output address of the fee is recorded as { UiI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired. For each UiThe amount of unspent money recorded in the address is OiReturning the balance S (S ═ O) of the query address0+…+Ok)。
Although specific details of the invention, algorithms and figures are disclosed for illustrative purposes, these are intended to aid in the understanding of the contents of the invention and the implementation in accordance therewith, as will be appreciated by those skilled in the art: various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. The invention should not be limited to the preferred embodiments and drawings disclosed herein, but rather should be defined only by the scope of the appended claims.

Claims (8)

1. A semi-public block chain system transaction method is characterized in that when a transfer party transfers money to a receiving party, the transfer party selects a noise value to fuzze the transaction amount, encrypts the noise value by using a multi-receiver signcryption technology and sends the encrypted noise value to the receiving party; the payee decrypts the received encrypted noise value by using the private key of the payee to obtain the transaction amount; wherein, when the transfer party Miner transfers the amount M to the receiver Alice; miner selects a noiseMAnd encrypt noise with multiple recipient signcryption techniquesMObtain the ciphertext VMThen generates a transaction amount B1=M-noiseMAnd Miner generates zero proof of knowledge piMAnd a verification key VKFM(ii) a Then generating transaction information and broadcasting the transaction information to the block chain system; the transaction information comprises a transaction input AddresstransactionTransaction amount B1、AddressMinerObtaining Y1Amount of money, AddressAliceObtaining Y2Money, noise cipher text VMZero proof of knowledge proof piMAnd a verification key VKFM(ii) a Wherein, Y1=Y-B1,Y=X-noisex,Y2=B1
2. The blockchain system transaction method of claim 1, wherein the transfer party certifies itself with a balance to pay the transaction amount using zero knowledge proof.
3. The blockchain system transaction method according to claim 1 or 2, wherein the reward amount X obtained by the biller in the blockchain system obeys a normal distribution N (μ, σ)2) Mu is the desired award amount, sigma2Is the variance; the bookkeeper selects a set noise value to fuzze the reward amount X, encrypts the fuzzy value by using the public key of the bookkeeper to obtain a noise ciphertext, and then generates a zero knowledge proof to prove that the reward amount X is in a reasonable range.
4. The blockchain system transaction method of claim 1, wherein the verification method for the ledger transaction by the node or the booker in the blockchain system comprises: firstly, judging whether the sum of the input amount of the transaction is equal to the sum of the output amount of the transaction; if so, the proof of zero knowledge checks to see if the input address has a sufficient balance to cover the transaction amount.
5. The blockchain system transaction method of claim 1, wherein when the user queries the balance of a user's address, if the user is the owner of the queried address, the blockchain system traverses from the newest block, and the output address that is not spent searching the queried address is recorded as { U }iI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired; then for each uiAnd the unspent amount recorded in the output address is recorded as OiBy looking back at the transactions associated with this unspent address, the noise { V } of all related transactions is recordedi,tT is more than or equal to 0 and less than or equal to j, the sum of the related transaction times is j, and the output address U is calculatediThe true unspent balance is Si=Oi+(-1)T*Dsk(Vi,t) T is 0-j, wherein in the tth transaction, if the user's placeIf the address is in the input list of the transaction, T is 1, otherwise T is 2, and the real balance of the user is S ═ S0+…+Sk
6. The blockchain system transaction method of claim 1, wherein when the user queries the balance, if the user is not the owner of the balance query address, the blockchain system traverses from the newest block, and the output address looking up the query address that is not spent is marked as { U }iI is more than or equal to 0 and less than or equal to k, and k is the total number of the output addresses which are not spent after being inquired; and then for each UiAnd the amount of money not spent recorded on the output address is recorded as OiReturning the balance S ═ O of the balance inquiry address0+…+Ok
7. A semi-public blockchain system comprising a transfer party and a receiving party; when the transfer party transfers money to the receiver, the transfer party selects a noise value to fuzzify the transaction amount, encrypts the noise value by using the signcryption technology of multiple receivers and sends the encrypted noise value to the receiver; the payee decrypts the received encrypted noise value by using the private key of the payee to obtain the transaction amount; wherein, when the transfer party Miner transfers the amount M to the receiver Alice; miner selects a noiseMAnd encrypt noise with multiple recipient signcryption techniquesMObtain the ciphertext VMThen generates a transaction amount B1=M-noiseMAnd Miner generates zero proof of knowledge piMAnd a verification key VKFM(ii) a Then generating transaction information and broadcasting the transaction information to the block chain system; the transaction information comprises a transaction input AddresstransactionTransaction amount B1、AddressMinerObtaining Y1Amount of money, AddressAliceObtaining Y2Money and noise ciphertext VMZero proof of knowledge proof piMAnd a verification key VKFM(ii) a Wherein Y is1=Y-B1,Y=X-noiseX,Y2=B1
8.The blockchain system of claim 7, further comprising an account-biller, wherein the amount of the reward X earned by the account-biller follows a normal distribution N (μ, σ)2) Where μ is the desired award amount, σ2Is the variance; the bookkeeper selects a set noise value to fuzze the reward amount X, encrypts the fuzzy value by using the public key of the bookkeeper to obtain a noise ciphertext, and then generates a zero knowledge proof to prove that the reward amount X is in a reasonable range.
CN201910725064.0A 2019-08-07 2019-08-07 Semi-public block chain system and transaction method Active CN110648229B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910725064.0A CN110648229B (en) 2019-08-07 2019-08-07 Semi-public block chain system and transaction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910725064.0A CN110648229B (en) 2019-08-07 2019-08-07 Semi-public block chain system and transaction method

Publications (2)

Publication Number Publication Date
CN110648229A CN110648229A (en) 2020-01-03
CN110648229B true CN110648229B (en) 2022-05-17

Family

ID=68990028

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910725064.0A Active CN110648229B (en) 2019-08-07 2019-08-07 Semi-public block chain system and transaction method

Country Status (1)

Country Link
CN (1) CN110648229B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111428249B (en) * 2020-01-20 2022-06-28 中国科学院信息工程研究所 Anonymous registration method and system for protecting user privacy based on block chain
CN111797427A (en) * 2020-06-04 2020-10-20 中国科学院信息工程研究所 Block chain user identity supervision method and system considering privacy protection
CN111966976A (en) * 2020-07-22 2020-11-20 复旦大学 Anonymous investigation method based on zero knowledge proof and block chain
CN111988290B (en) * 2020-08-05 2022-10-14 上海交通大学 Transaction deletion method and system under user balance privacy protection and authorization supervision
CN112288434B (en) * 2020-11-20 2023-07-25 网易(杭州)网络有限公司 Privacy transaction method, device, zero knowledge proof system and privacy transaction architecture model
CN112598523A (en) * 2020-12-30 2021-04-02 广东微聚科技有限公司 Aggregation block chain system
CN113988863B (en) * 2021-12-28 2022-03-29 浙江大学 Supervision-capable online payment privacy protection method and device and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539425A (en) * 2014-12-25 2015-04-22 西北工业大学 Multi-receiver signcryption method based on multiple variables and multiple security properties
CN110089069A (en) * 2018-11-27 2019-08-02 阿里巴巴集团控股有限公司 System and method for information protection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539425A (en) * 2014-12-25 2015-04-22 西北工业大学 Multi-receiver signcryption method based on multiple variables and multiple security properties
CN110089069A (en) * 2018-11-27 2019-08-02 阿里巴巴集团控股有限公司 System and method for information protection

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Efficient and Anonymous Certificateless Multi-Message and Multi-Receiver Signcryption Scheme Based on ECC;LIAOJUN PANG等;《IEEE Access》;20190802;全文 *
Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture;Eli Ben-Sasson等;《eprint.iacr.org/2013/879.pdf》;20190205;全文 *
基于聚合签名与加密交易的全匿名区块链;王子钰等;《计算机研究与发展》;20181031;全文 *

Also Published As

Publication number Publication date
CN110648229A (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN110648229B (en) Semi-public block chain system and transaction method
CN108764874B (en) Anonymous transfer method, system and storage medium based on block chain
TWI706275B (en) System and method for information protection
JP6647731B2 (en) Managing blockchain sensitive transactions
CN109359974B (en) Block chain transaction method and device and electronic equipment
CN111008836B (en) Privacy security transfer payment method, device, system and storage medium
JP6966544B2 (en) Methods and equipment for distributed databases with anonymous entries
KR102332034B1 (en) Systems and methods for data protection
CN108171511B (en) Block chain system with privacy protection function
CN110337665B (en) System and method for information protection
JP2019511035A (en) Method and system for efficient transfer of cryptocurrency associated with payroll payments on blockchain resulting in an automatic payroll method and system based on smart contract
CN108418783A (en) A kind of protection method of block chain intelligence contract privacy, medium
Wu et al. A regulated digital currency
JPH07234904A (en) Method for execution of noncash transaction
Delgado-Mohatar et al. Blockchain-based semi-autonomous ransomware
Li et al. FPPB: A fast and privacy-preserving method based on the permissioned blockchain for fair transactions in sharing economy
CN108805574B (en) Transaction method and system based on privacy protection
CN113393225A (en) Digital currency encryption payment method and system
JP7349616B2 (en) Payment support system, payment support method and payment support program
Wang et al. A consumer scalable anonymity payment scheme with role based access control
CN113746645B (en) Public scene anonymous communication charging system and method based on chargeable digital certificate
CN111369251B (en) Block chain transaction supervision method based on user secondary identity structure
Quesnelle An analysis of anonymity in the zcash cryptocurrency
KR102475434B1 (en) Security method and system for crypto currency
Maxemchuk et al. The use of communications networks to increase personal privacy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant