CN112132578B

CN112132578B - Efficient transaction processing method, tracking method and device based on block chain

Info

Publication number: CN112132578B
Application number: CN202010974508.7A
Authority: CN
Inventors: 李武璐
Original assignee: CCB Finetech Co Ltd
Current assignee: CCB Finetech Co Ltd
Priority date: 2020-09-16
Filing date: 2020-09-16
Publication date: 2022-05-06
Anticipated expiration: 2040-09-16
Also published as: CN112132578A

Abstract

The invention provides a block chain-based efficient transaction processing method, a tracking method and a device, wherein the method comprises the following steps: constructing an address list according to the address of the transaction receiver and the n-1 other addresses; obtaining a temporary public key of the transaction fund held by the transaction initiator, obtaining a first parameter, obtaining a second parameter and obtaining an intermediate parameter of each supervisor; obtaining a first public key set and a second public key set; encrypting to obtain a random number ciphertext; performing double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; generating and issuing a bill of transaction to the blockchain. The device is used for executing the method. The efficient transaction processing method, the efficient transaction tracking method and the efficient transaction tracking device based on the block chain improve the transaction efficiency.

Description

Efficient transaction processing method, tracking method and device based on block chain

Technical Field

The invention relates to the technical field of block chains, in particular to a block chain-based efficient transaction processing method, a block chain-based efficient transaction tracking method and a block chain-based efficient transaction tracking device.

Background

In the prior art, a method for implementing a privacy protection blockchain that can use a one-time-varying receiving address is implemented, and a transaction initiator uses a key agreement protocol to newly generate a receiving address for a receiver, so as to protect the privacy of the receiver. Encryption methods may also be employed for protecting the privacy of the recipient.

For an existing privacy protection blockchain system, a long-term address of each user comprises a view key and a consumption key, a transaction initiator generates a new temporary public key by using address information of a transaction receiver, and the requirements of generation of the new temporary public key, inquiry of the transaction receiver and recovery of the new private key in a privacy mode are met. However, in the process of determining whether there is a transaction for the transaction receiver, the transaction receiver needs to use the private key of the transaction receiver to perform analysis calculation on all transactions on the chain, which results in a large calculation amount for searching by the transaction receiver, a long time for searching the transaction process, and low transaction efficiency.

Disclosure of Invention

For solving the problems in the prior art, embodiments of the present invention provide an efficient transaction processing method, tracking method and apparatus based on a blockchain, which can at least partially solve the problems in the prior art.

In a first aspect, the present invention provides a block chain-based efficient transaction processing method, including:

constructing an address list according to the address of the transaction receiver and the n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key;

obtaining a temporary public key of the transaction fund held by a transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of a transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor;

obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

encrypting a random number corresponding to a transaction fund held by the transaction initiator through a shared key of the transaction initiator and a shared key of the transaction receiver to obtain a random number ciphertext;

performing position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information;

generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of respective supervisors, the shared parameter, the address list, the nonce cryptogram, the double-ring signature result, and the other transaction related information.

In a second aspect, the present invention further provides a method for receiving a transaction bill generated by the block chain-based efficient transaction processing method according to any of the above embodiments, including:

acquiring a transaction bill which is linked up from a block chain, wherein the transaction bill comprises an address list, a first parameter, a temporary public key of transaction funds held by a transaction initiator and a random number ciphertext;

if the local address exists in the address list, obtaining a public key to be matched according to the first parameter, the local query private key and the local consumption public key;

if the public key to be matched is judged to be equal to the temporary public key of the transaction fund held by the transaction initiator, decrypting the random number ciphertext through the shared secret keys of the transaction initiator and the transaction receiver to obtain a random number corresponding to the transaction fund held by the transaction initiator;

obtaining a temporary private key according to a random number corresponding to the transaction fund held by the transaction initiator and a local consumption private key;

and if the temporary private key is judged to be matched with the temporary public key of the transaction fund held by the transaction initiator, performing collection operation.

In a third aspect, the present invention further provides a method for verifying a transaction bill generated by the block chain-based efficient transaction processing method according to any of the above embodiments, including:

acquiring a issued transaction bill from a block chain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, a first parameter, a second parameter, intermediate parameters of each supervisor, an address list and a double-ring signature result;

obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

and verifying the double-ring signature result based on the first public key set and the second public key set.

In a fourth aspect, the present invention provides a method for performing transaction tracking based on a transaction bill generated by the block chain-based efficient transaction processing method according to any of the above embodiments, including:

acquiring a transaction bill which is linked up from a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, intermediate parameters and an address list of each supervisor;

obtaining a temporary address according to a temporary public key of transaction funds held by the transaction initiator, intermediate parameters of a local supervisor and a local supervision private key;

and if judging that the address list has the address matched with the temporary address, outputting the address matched with the temporary address.

In a fifth aspect, the present invention provides a blockchain-based efficient transaction processing apparatus, comprising:

the construction unit is used for constructing an address list according to the address of the transaction receiver and the n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key;

the first obtaining unit is used for obtaining a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor;

a second obtaining unit, configured to obtain a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set, and the first random number, and obtain a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, a supervision public key of each supervisor, the random number set, and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

the encryption unit is used for encrypting the random number corresponding to the transaction fund held by the transaction initiator through the shared secret key of the transaction initiator and the transaction receiver to obtain a random number ciphertext;

the signature unit is used for carrying out position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information;

the issuing unit is used for generating and issuing a transaction bill to a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of each supervisor, the shared parameter, the address list, the random number ciphertext, the double-ring signature result and other transaction related information.

In a sixth aspect, the present invention further provides an apparatus for receiving a transaction bill generated by a blockchain-based efficient transaction processing apparatus according to any of the above embodiments, including:

the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a transaction bill which is linked from a block chain, and the transaction bill comprises an address list, a first parameter, a temporary public key of transaction funds held by a transaction initiator and a random number ciphertext;

the first judging unit is used for obtaining a public key to be matched according to the first parameter, the local query private key and the local consumption public key after judging that the local address exists in the address list;

the decryption unit is used for decrypting the random number ciphertext through the shared key of the transaction initiator and the transaction receiver after judging that the public key to be matched is equal to the temporary public key of the transaction fund held by the transaction initiator, so as to obtain a random number corresponding to the transaction fund held by the transaction initiator;

a third obtaining unit, configured to obtain a temporary private key according to the random number corresponding to the transaction fund held by the transaction initiator and the local consumption private key;

and the second judgment unit is used for performing money collection operation after judging and knowing that the temporary private key is matched with the temporary public key of the transaction fund held by the transaction initiator.

In a seventh aspect, the present invention further provides an apparatus for verifying a transaction bill generated by a blockchain-based efficient transaction processing apparatus according to any of the above embodiments, including:

the second acquisition unit is used for acquiring the issued transaction bill from the block chain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, a first parameter, a second parameter, intermediate parameters of each supervisor, an address list and a double-ring signature result;

a fourth obtaining unit, configured to obtain a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set, and the first random number, and obtain a second public key set according to an inquiry public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set, and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

and the verification unit is used for verifying the double-ring signature result based on the first public key set and the second public key set.

In an eighth aspect, the present invention provides an apparatus for transaction tracking based on a transaction bill generated by a blockchain-based efficient transaction processing apparatus according to any of the above embodiments, including:

the third acquisition unit is used for acquiring the transaction bill which is linked from the block chain, wherein the transaction bill comprises the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameters of each supervisor and the address list;

a fifth obtaining unit, configured to obtain a temporary address according to the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameter of the local supervisor, and the local supervision private key;

and the output unit is used for outputting the address matched with the temporary address after judging and knowing that the address matched with the temporary address exists in the address list.

In a ninth aspect, the present invention provides an electronic device, comprising a first memory, a first processor and a first computer program stored in the first memory and executable on the first processor, wherein the first processor implements the following method when executing the first computer program:

Or

Acquiring a transaction bill which is linked from a blockchain, wherein the transaction bill comprises an address list, a first parameter, a temporary public key of transaction funds held by a transaction initiator and a random number ciphertext;

and if the temporary private key is judged to be matched with the temporary public key of the transaction fund held by the transaction initiator, performing collection operation. Or

In a tenth aspect, the present invention provides a computer readable storage medium having stored thereon a first computer program which, when executed by a first processor, implements a method of:

generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of respective supervisors, the shared parameter, the address list, the nonce ciphertext, the double ring signature result, and the other transaction-related information.

Or

In an eleventh aspect, the present invention further provides an electronic device, including a second memory, a second processor, and a second computer program stored on the second memory and executable on the second processor, wherein the second processor, when executing the second computer program, implements the following method for tracking transactions based on a blockchain:

In a twelfth aspect, the present invention also provides a computer-readable storage medium having stored thereon a second computer program which, when executed by a second processor, implements a blockchain-based transaction tracking method as follows:

According to the efficient transaction processing method, the efficient transaction tracking method and the efficient transaction processing device based on the block chain, an address list is constructed according to the address of a transaction receiver and n-1 other addresses; obtaining a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap door public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by a transaction initiator, a consumption public key of each address in an address list, a second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to an inquiry public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; encrypting a random number corresponding to a transaction fund held by a transaction initiator through a shared key of the transaction initiator and a shared key of a transaction receiver to obtain a random number ciphertext; carrying out position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the transaction bill is generated and issued to the blockchain, and the transaction search calculation amount of the transaction receiver can be reduced while the transaction safety is ensured through the temporary public key of the transaction fund held by the transaction initiator, so that the transaction efficiency is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:

fig. 1 is a schematic structural diagram of a blockchain-based efficient transaction processing system according to a first embodiment of the present invention.

Fig. 2 is a flowchart illustrating a method for processing efficient transactions based on blockchains according to a second embodiment of the present invention.

Fig. 3 is a flowchart illustrating a method for collecting money based on a transaction bill according to a third embodiment of the present invention.

Fig. 4 is a flowchart illustrating a method for performing verification based on a transaction bill according to a fourth embodiment of the present invention.

Fig. 5 is a flowchart illustrating a method for transaction tracking based on a transaction bill according to a fifth embodiment of the invention.

Fig. 6 is a schematic structural diagram of a block chain-based efficient transaction processing device according to a sixth embodiment of the present invention.

Fig. 7 is a schematic structural diagram of an apparatus for collecting payment based on a transaction bill according to a seventh embodiment of the present invention.

Fig. 8 is a schematic structural diagram of an apparatus for performing verification based on a transaction bill according to an eighth embodiment of the present invention.

Fig. 9 is a schematic structural diagram of an apparatus for transaction tracking based on a transaction bill according to a ninth embodiment of the present invention.

Fig. 10 is a schematic physical structure diagram of an electronic device according to a tenth embodiment of the present invention.

Fig. 11 is a schematic physical structure diagram of an electronic device according to an eleventh embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.

In order to facilitate understanding of the technical solutions provided in the present application, the following first describes relevant contents of the technical solutions in the present application. For the prior art, in the process of searching local related transactions, the whole quantity of blockchain data needs to be stored for query, the searching efficiency is low, the data storage capacity is large, and the practicability is not high especially on equipment with limited resources such as a mobile terminal. Therefore, a key generation and transaction search method with higher efficiency needs to be supported, privacy and security are maintained, and the method has a higher application prospect in devices with limited resources, such as a mobile terminal. In addition, in an existing chain of privacy-preserving blocksIn the system, if the temporary public key PK_newIs not provided with

In a form that cannot be detected by the verifier, and also presents a potential risk of an irregular transaction to some extent, such as random PK calculation by the transaction initiator_new＝g^zB, and z is sent to the recipient separately, the recipient can recover SK_newHowever, such a transaction that does not conform to the existing standard format cannot be verified by the verifier, which may cause unstable factors such as failure to withdraw the transaction and repudiation. Therefore, it is also desirable to enable the verifier to verify the validity of the new temporary public key generation process, and avoid the potential risk of incorrect transaction format. For supervision and audit, the existing privacy protection blockchain system does not have a traceable function and cannot adapt to supervision, so a transaction system with a long-term address tracing function is also needed, and a stronger multiple supervision and audit function is supported.

According to the technical scheme provided by the embodiment of the invention, as the newly generated temporary public and private keys are required to be generated in each transaction process, the common nodes on the blockchain cannot reversely deduce the account information of the transaction receiver through the new temporary public key, but each supervisor on the blockchain can respectively track the account information of the transaction receiver without extra communication and calculation, so that the supervision of the fund flow is realized.

Fig. 1 is a schematic structural diagram of a block chain-based efficient transaction processing system according to a first embodiment of the present invention, as shown in fig. 1, the block chain-based efficient transaction processing system according to the first embodiment of the present invention includes a transaction initiating node 1, a transaction receiving node 2, a verification node 3, and at least one supervision node 4, where:

the transaction initiating node 1, the transaction receiving node 2, the verifying node 3 and each monitoring node 4 are in communication connection with each other, namely, the transaction initiating node 1 is in communication connection with the transaction receiving node 2, the verifying node 3 and each monitoring node 4 respectively, the transaction receiving node 2 is in communication connection with the verifying node 3 and each monitoring node 4 respectively, and the verifying node 3 is in communication connection with each monitoring node 4.

The transaction initiation node 1 generates and issues a transaction bill onto the blockchain. The verification node 3 verifies the transaction bill issued to the blockchain and links the transaction bill up after the transaction bill is verified. The transaction receiving node 2 obtains the transaction bill related to the local from the transaction bills which are linked up and processes the transaction bills. The supervision node 4 performs tracking audit on the transaction bill, can restore the address of the transaction receiver of the transaction bill, and realizes supervision on the address of the transaction receiver.

One node in the efficient transaction processing system based on the block chain may be set as a transaction initiating node 1 and a transaction receiving node 2, or may be set as a verification node 3 according to actual needs, which is not limited in the embodiment of the present invention. In the efficient transaction processing system based on the block chain, at least one monitoring node 4 exists for auditing the transaction bill, when the number of the monitoring nodes 4 is more than or equal to 2, the multiple auditing of the transaction bill can be realized, the number of the monitoring nodes 4 is set according to actual needs, and the embodiment of the invention is not limited.

It is noted that in the block chain based multi-supervised transaction processing system, common parameters are disclosed

Wherein the content of the first and second substances,

g is a common generator for the set elliptic curve group,

setting m supervisors in the system, each supervisor can independently supervise the privacy data on the chain, and each supervisor is Q_jJ is 1, …, m is positive integer, and each supervisor Q_jRandom selection

As supervisor Q_jOf a supervision private keyCalculating

h₁，…，h_mRandomly selecting trap door public parameters for supervising public keys

So that anyone cannot obtain the discrete logarithm relation between g and H, optionally using random Hash to generate H, namely calculating H-H by using Hash-to-Point_p(g，h₁，…，h_m)，H_pIs preset, H_pIs a hash function that can generate random elliptic curve group elements.

The representation represents a modulo q non-zero integer ring.

Fig. 2 is a schematic flow chart of a block chain-based efficient transaction processing method according to a second embodiment of the present invention, and as shown in fig. 2, the block chain-based efficient transaction processing method according to the embodiment of the present invention includes:

s201, constructing an address list according to the address of the transaction receiver and n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key;

specifically, the transaction initiating node may obtain the address of the transaction recipient, and obtain n-1 other addresses from the blockchain, and construct an address list according to the address of the transaction recipient and the n-1 other addresses. The other addresses are addresses irrelevant to the transaction, namely n-1 other addresses are not addresses of the receiver of the transaction, and the privacy protection effect on the address of the receiver of the transaction is achieved. Each address in the address list includes a query public key and a consumption public key.

For example, the address of the recipient of the transaction and n-1 other addresses form an address list, denoted L_Add＝{Add₁，…，Add_nAnd (c) the step of (c) in which,

Add_irepresents an address list L_AddThe ith address of (2)_iIs Add_iQuery public key of, B_iIs Add_iConsumption public key of a_iIs Add_iQuerying private key of b_iIs Add_iI ═ 1, …, n. Wherein the address of the transaction recipient can be represented as Add_γ，

Gamma is 1, …, a specific value of n, A_γFor inquiring public keys of transaction recipients, B_γIs a consumption public key of a transaction receiver, a_γA private key for the inquiry of the transaction receiver, b_γIs the consumption private key of the transaction recipient.

S202, obtaining a temporary public key of the transaction fund held by the transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor;

specifically, the transaction initiating node randomly generates a random number as a random number corresponding to the transaction fund held by the transaction initiating party, and then obtains the temporary public key of the transaction fund held by the transaction initiating party according to the random number corresponding to the transaction fund held by the transaction initiating party and the consumption public key of the transaction receiving party. And the transaction initiating node acquires a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver. And the transaction initiating node acquires a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap door common parameter. And the transaction initiating node acquires the intermediate parameters of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiating node and the supervision public key of each supervisor.

For example, the transaction funds held by the transaction initiator may be in digital currency, randomly generated by the transaction initiator node I

Taking r as a random number corresponding to a transaction fund held by a transaction initiator, and calculating PK by using a transaction initiating node I_new＝g^r·B_γ，PK_newTemporary public key of transaction fund held by transaction initiator, g is public generator, B_γIs the public key of the transaction recipient's consumption. Transaction initiating node I calculates R₁＝A_γ ^r，R₁As a first parameter, A_γA query public key for the transaction recipient. Transaction initiating node I calculates R₂＝h^r，R₂H is a second parameter and h is a trapdoor common parameter. Transaction initiating node I computation

S_jIs an intermediate parameter of the jth supervisor, h_jFor the supervision public key of the jth supervisor, the intermediate parameters S of the m supervisors can be obtained₁，…，S_m，j＝1，…，m。

S203, obtaining a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

specifically, the transaction initiation node obtains a random number set and a first random number, then obtains a first public key set from a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and the first random number, and obtains a second public key set from a query public key of each address in the address list, the trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number. Wherein the set of random numbers and the first random number are obtained in advance.

For example, the transaction initiating node I is based on the formula

Calculate and obtain the address list L_AddThe ith address Add of_iCorresponding first public key L_i，PK_newTemporary public key of transaction funds held by the transaction initiator, B_iIs an address list L_AddThe ith address Add of_iOf consumption public key, R₂Is a second parameter, e_m+1Is a first random number, S_jAs an intermediate parameter for the jth supervisor, e_jIs j-th random number in the random number set, i is 1, …, n, j is 1, …, m. The transaction initiating node I calculates and obtains n first public keys, and the n first public keys form a first public key set L.

For example, the transaction initiating node I is based on the formula

Calculate and obtain the address list L_AddThe ith address Add of_iCorresponding second public key L'_i，A_iIs an address list L_AddThe ith address Add of_iH is a trap door public parameter, e_m+1Is a first random number, h_jIs the supervision public key of the jth supervisor, e_jIs the j-th random number in the random number set, i is 1, …, n, j is 1, …,and m is selected. And the transaction initiating node I calculates and obtains n second public keys, and the n second public keys form a second public key set L'.

Wherein the transaction initiating node I can be according to formula e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_mK) calculating to obtain each random number e in the random number set₁，…，e_mAnd a first random number e_m+1，L_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mAn intermediate parameter representing m supervisors, m representing the number of said supervisors, H () representing a hash function, k being 1, …, m + 1.

S204, encrypting a random number corresponding to the transaction fund held by the transaction initiator through the shared secret key of the transaction initiator and the transaction receiver to obtain a random number ciphertext;

specifically, the transaction initiating node may obtain the shared key of the transaction initiator and the transaction receiver, and then encrypt the random number corresponding to the transaction fund held by the transaction initiator through the shared key of the transaction initiator and the transaction receiver to obtain a random number ciphertext.

For example, the transaction initiating node I is based on the formula

Calculating to obtain the shared secret key alpha, B of the transaction initiator and the transaction receiver_γIs the consumption public key of the transaction receiver, w is the random number corresponding to the shared secret key alpha,

the transaction initiating node I will also calculate a sharing parameter R₃＝g^w. The random number ciphertext may be denoted as ct ═ Enc_k(r), r is a random number corresponding to the transaction fund held by the transaction initiator, Enc_k() Representing an encryption algorithm based onThe present invention is not limited to the above embodiments.

S205, performing position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; wherein the double-ring signature result includes the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, the shared parameter, an intermediate parameter of each supervisor, the address list, the random number ciphertext, and other transaction related information;

specifically, the transaction initiation node performs double-ring signature on the holding positions of the first public key set and the second public key set, so as to obtain a double-ring signature result, where the double-ring signature result may include the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, the shared parameter, an intermediate parameter of each supervisor, the address list, the random number ciphertext, and other transaction related information. The signature algorithm used by the dual-ring signature is set according to actual needs, and the embodiment of the invention is not limited. The other transaction related information includes, but is not limited to, a transaction fund commitment set, a traceable interval certification, a traceable linkable ring signature, a first public key set, a second public key set, and the like, and is set according to actual needs, which is not limited in the embodiment of the present invention.

For example, the transaction initiating node I executes a double ring signature of holding positions to sign the first public key set L and the second public key set L ', and obtains a double ring signature result σ ═ Rsign (L, L', R)₁，R₂，R₃，S₁，…，S_m，L_AddCt, mu), R is a random number corresponding to the transaction fund held by the transaction initiator, R₁Is a first parameter, R₂Is a second parameter, R₃To share parameters, S₁，…，S_mIntermediate parameters for m supervisors, L_AddAnd the address list is ct, the random number ciphertext is ct, and the related information of other transactions is μ. Wherein the first public key set L is signedIn the course of course, can use

As the generator for signing, in the process of signing the second public key set L', the use of

The signature is generated as a generator.

S206, generating and issuing a transaction bill to a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, the sharing parameter, intermediate parameters of each supervisor, the address list, the random number ciphertext, the double-ring signature result and other transaction related information.

Specifically, the transaction initiation node may generate a transaction bill according to the temporary public key of the transaction fund held by the transaction initiator, the first parameter, the second parameter, the shared parameter, the intermediate parameters of the respective supervisors, the address list, the random number ciphertext, the double ring signature result, and the other transaction-related information, and then issue the transaction bill onto a blockchain. The verification node acquires a transaction bill issued by the transaction initiating node, then verifies the transaction bill, and after the transaction bill passes the verification, the transaction bill is linked up and can be acquired by the transaction receiving node.

According to the efficient transaction processing method based on the block chain, provided by the embodiment of the invention, an address list is constructed according to the address of a transaction receiver and n-1 other addresses; obtaining a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap door public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by a transaction initiator, a consumption public key of each address in an address list, a second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to an inquiry public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; encrypting a random number corresponding to a transaction fund held by a transaction initiator through a shared key of the transaction initiator and a shared key of a transaction receiver to obtain a random number ciphertext; carrying out position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the transaction bill is generated and issued to the blockchain, and the transaction search calculation amount of the transaction receiver can be reduced while the transaction safety is ensured through the temporary public key of the transaction fund held by the transaction initiator, so that the transaction efficiency is improved. In addition, recipient account identity privacy and multi-monitoring auditing can be achieved through the dual-ring signature.

On the basis of the foregoing embodiments, further, the double-ring signature for holding the first public key set and the second public key set includes:

taking a third parameter as a generator to sign the first public key set, and taking a fourth parameter as a generator to sign the second public key set; wherein the third parameter is obtained according to a common generator, the trapdoor common parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor; the fourth parameter is obtained according to the first parameter, the second parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor.

Specifically, the transaction initiation node may obtain a third parameter according to a common generator, the trapdoor common parameter, the first random number, the random number set, and intermediate parameters of each supervisor, and obtain a fourth parameter according to the first parameter, the second parameter, the first random number, the random number set, and intermediate parameters of each supervisor. And when double-ring signature is carried out, signing the first public key set by taking the third parameter as a generator, and signing the second public key set by taking the fourth parameter as a generator.

For example, the transaction initiating node I follows the formula

Calculating to obtain a generator p of a first public key set L₁G is a common generator, h is a trap door common parameter, h_jIs the supervision public key of the jth supervisor, e_m+1Is a first random number, e_jJ is 1, …, m, which is the jth random number in the random number set.

For example, the transaction initiating node I is based on the formula

Calculating to obtain a generator p of a second public key set L₂，R₁Is a first parameter, R₂Is a second parameter, e_m+1Is a first random number, S_jAs an intermediate parameter for the jth supervisor, e_jJ is 1, …, m, which is the jth random number in the random number set.

On the basis of the foregoing embodiments, further, the obtaining a first public key set according to the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, the intermediate parameter of each supervisor, a random number set, and a first random number includes:

according to the formula

Calculating the ith first public key PK of the first public key set_iWherein, PK_newTemporary public key representing transaction funds held by the transaction initiator, B_iA consumption public key, R, representing the ith address in the address list₂Represents said second parameter, e_m+1Representing said first random number, e_jRepresents the jth random number, S, in the set of random numbers_jDenotes the jth monitorIntermediate parameters of the tube.

Specifically, the transaction initiation node acquires a temporary public key PK of transaction funds held by the transaction initiator_newConsumption public key B of ith address in the address list_iSaid second parameter R₂The first random number e_m+1The set of random numbers, and intermediate parameters of the respective supervisors, then according to a formula

Calculating the ith first public key PK of the first public key set_iN first public keys may be computed, forming a first public key set L,

on the basis of the foregoing embodiments, further, the obtaining a second public key set according to the query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set, and the first random number includes:

according to the formula

Calculating to obtain ith second public key PK 'of the second public key set'_iWherein, PK_newTemporary public key representing transaction funds held by the transaction initiator, A_iA query public key representing the ith address in the address list, h represents the trapdoor public parameter, e_m+1Representing said first random number, e_jRepresents the jth random number, S, in the set of random numbers_jRepresenting the intermediate parameter of the jth supervisor.

Specifically, the transaction initiation node obtains the transactionTemporary public key PK for transaction funds held by easy initiator_newQuery public key A of ith address in the address list_iThe trapdoor common parameter h, the first random number e_m+1The set of random numbers and intermediate parameters of the respective supervisor, then according to a formula

Calculating to obtain ith second public key PK 'of second public key set'_iN second public keys can be obtained through calculation to form a second public key set L',

on the basis of the foregoing embodiments, further, the formula for obtaining the random number set and the first random number is as follows:

e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_m，k)

wherein L is_AddRepresents the address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mIntermediate parameters representing m supervisors, e_m+1Representing said first random number, e₁，…，e_mAnd (c) forming the random number set, wherein m represents the number of the supervisors, H () represents a hash function, and k is 1, …, and m + 1.

In particular, the transaction initiating node may be in accordance with formula e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_mK) generating each random number e in the set of random numbers₁，…，e_mAnd a first random number e_m+1，L_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mAn intermediate parameter representing m supervisors, m representing the number of said supervisors, H () representing a hash function, k being 1, …, m + 1.

Fig. 3 is a schematic flow chart of a method for collecting money based on a transaction bill according to a third embodiment of the present invention, which is applied to a transaction bill generated by the block chain-based efficient transaction processing method according to any of the embodiments described above, and as shown in fig. 3, the method for collecting money based on a transaction bill according to the embodiment of the present invention includes:

s301, acquiring a linked transaction bill from a block chain, wherein the transaction bill comprises an address list, a first parameter, a sharing parameter, a temporary public key of a transaction fund held by a transaction initiator and a random number ciphertext;

specifically, the transaction receiving node may obtain the transaction bill that has been linked from the blockchain, where the transaction bill may include the temporary public key of the transaction funds held by the transaction initiator, the first parameter, the second parameter, the shared parameter, the intermediate parameters of each supervisor, the address list, the random number ciphertext, the double-ring signature result, and other transaction-related information.

S302, if judging that the local address exists in the address list, obtaining a public key to be matched according to the first parameter, the local query private key and the local consumption public key;

specifically, after obtaining the transaction bill, the transaction receiving node compares a local address with each address in the address list, and if one address in the address list is the same as the local address, the local address exists in the address list, and the transaction receiving node is a potential payee and needs to further verify whether the transaction bill is a transaction bill transferred to a local account. And the transaction receiving node obtains the public key to be matched according to the first parameter, the local consumption public key and the local inquiry private key.

For example, the transaction receiving node II traverses the address list L_Add＝{Add₁，…，Add_nInquiring whether the local address Add exists or not_γ＝(A_γ，B_γ) The same address, ifList L_AddIn which there is an address Add₈And local address Add_γ＝(A_γ，B_γ) If the two parameters are the same, the transaction receiving node II obtains the first parameter R from the transaction bill₁And obtaining a local query private key a_γAnd local consumption public key B_γThen calculate

PK′_newIs the public key to be matched.

S303, if the public key to be matched is judged to be equal to the temporary public key of the transaction fund held by the transaction initiator, decrypting the random number ciphertext through the shared secret keys of the transaction initiator and the transaction receiver to obtain a random number corresponding to the transaction fund held by the transaction initiator;

specifically, after obtaining the public key to be matched, the transaction receiving node compares the public key to be matched with the temporary public key of the transaction fund held by the transaction initiator, and if the public key to be matched is equal to the temporary public key of the transaction fund held by the transaction initiator, the transaction bill is the transaction bill transferred to local. And the transaction receiving node decrypts the random number ciphertext through the shared key of the transaction initiator and the transaction receiver to obtain the random number corresponding to the transaction fund held by the transaction initiator.

For example, the transaction receiving node II calculates

According to

PK_new＝g^r·B_γCan deduce

Thereby ensuring that the recipient of the transaction bill can correctly receive the money.

For example, the transaction receiving node II may compute

Due to the value of R₃＝g^w，

Then

Thus, the transaction receiving node II may obtain the shared secret α of the transaction initiator and the transaction receiver, and then decrypt the random number ciphertext ct using the shared secret α, Dec_k(ct)＝Dec_k(r) capable of obtaining a random number r corresponding to a transaction fund held by the transaction initiator.

S304, obtaining a temporary private key according to the random number corresponding to the transaction fund held by the transaction initiator and the local consumption private key;

specifically, after obtaining the random number corresponding to the transaction fund held by the transaction initiator, the transaction receiving node obtains the temporary private key according to the random number corresponding to the transaction fund held by the transaction initiator and the local consumption private key.

For example, transaction receiving node II follows formula SK_new＝r+b_γComputing the temporal private key SK_newR is a random number corresponding to the transaction fund held by the transaction initiator, b_γThe private key is consumed locally.

S305, if the temporary private key is judged to be matched with the temporary public key of the transaction fund held by the transaction initiator, performing collection operation.

Specifically, after obtaining the temporary private key, the transaction receiving node checks whether the temporary private key matches the temporary public key of the transaction fund held by the transaction initiator, and if the temporary private key matches the temporary public key of the transaction fund held by the transaction initiator, a money receiving operation can be performed. If the temporary private key does not match the temporary public key of the transaction funds held by the transaction initiator, then a cash-up operation cannot be performed.

For example, transaction receiving node II calculates

Therefore, the temporary private key can be judged to be matched with the temporary public key of the transaction fund held by the transaction initiator, and the money receiving operation can be carried out.

The efficient transaction processing method based on the block chain can search related transaction bills based on the address list in the transaction bills, reduce the calculation amount of transaction bill search and improve the processing efficiency of the transaction bills.

On the basis of the foregoing embodiments, further, the efficient transaction processing method based on the blockchain according to the embodiment of the present invention further includes:

and if the local address does not exist in the address list, ignoring the transaction bill corresponding to the address list.

Specifically, the transaction receiving node compares a local address with each address in the address list, if the address list does not have an address identical to the local address, then the address list does not have a local address, which indicates that the transaction bill does not transfer locally in the transaction bill, and the transaction receiving node can ignore the transaction bill corresponding to the address list and does not need to process the transaction bill.

Fig. 4 is a schematic flow chart of a method for performing verification based on a transaction bill according to a fourth embodiment of the present invention, which is applied to a transaction bill generated by the efficient transaction processing method based on a blockchain according to any of the embodiments described above, and as shown in fig. 4, the method for performing verification based on a transaction bill according to the embodiment of the present invention includes:

s401, obtaining a issued transaction bill from a block chain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, a first parameter, a second parameter, intermediate parameters of each supervisor, an address list and a double-ring signature result;

specifically, after the transaction initiation node issues the transaction bill onto the blockchain, the verification node may obtain the transaction bill from the blockchain, where the transaction bill may include a temporary public key of transaction funds held by the transaction initiation node, a first parameter, a second parameter, a shared parameter, intermediate parameters of each supervisor, an address list, a random number ciphertext, a double-ring signature result, and other transaction related information.

S402, obtaining a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

specifically, the verification node obtains a random number set and a first random number, and obtains, from the transaction bill, a temporary public key of the transaction fund held by the transaction initiator, a public key consumed by each address in the address list, the second parameter, and an intermediate parameter of each supervisor, and then obtains a first public key set according to the temporary public key of the transaction fund held by the transaction initiator, the public key consumed by each address in the address list, the second parameter, the intermediate parameter of each supervisor, the random number set, and the first random number. The verification node acquires the inquiry public key of each address in the address list and the supervision public key of each supervisor from the transaction bill, and then acquires a second public key set according to the inquiry public key, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number of each address in the address list.

For example, verification node III is based on the formula

Calculating to obtain the ith first public key L of the first public key set L_i，PK_newTemporary public key of transaction funds held by the transaction initiator, B_iIs an address list L_AddThe ith address Add of_iOf consumption public key, R₂Is a second parameter, e_m+1Is a first random number, S_jIntermediate parameter for the jth supervisor, e_jAnd j is the j-th random number in the random number set, i is 1, …, n, j is 1, …, m. The verification node III may compute n first public keys.

For example, verification node III is based on the formula

Calculating to obtain ith second public key L 'of second public key set L'_i，A_iIs an address list L_AddThe ith address Add of_iH is a trapdoor public parameter, e_m+1Is a first random number, h_jIs the supervision public key of the jth supervisor, e_jIs j-th random number in the random number set, i is 1, …, n, j is 1, …, m. The verification node III may calculate n second public keys.

S403, verifying the double-ring signature result based on the first public key set and the second public key set.

Specifically, after obtaining the first public key set and the second public key set, the verification node may verify the double-ring signature result based on the first public key set and the second public key set. Wherein, in the process of signature verification of the first public key set L, the first public key set L can be used

As the generator for signature verification, the signature verification of the second public key set L' may use

And performing signature verification as a generator.

On the basis of the foregoing embodiments, further, the verifying the double-ring signature result based on the first set of public keys and the second set of public keys includes:

taking a third parameter as a generator to perform signature verification on the first public key set, and taking a fourth parameter as a generator to perform signature verification on the second public key set; wherein the third parameter is obtained according to a common generator, the trapdoor common parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor; the fourth parameter is obtained according to the first parameter, the second parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor.

Specifically, the verification node may obtain a third parameter according to a common generator, the trapdoor common parameter, the first random number, the random number set, and an intermediate parameter of each supervisor, and obtain a fourth parameter according to the first parameter, the second parameter, the first random number, the random number set, and the intermediate parameter of each supervisor. And when double-ring signature verification is carried out, signature verification is carried out on the first public key set by taking the third parameter as a generator, and signature verification is carried out on the second public key set by taking the fourth parameter as a generator.

For example, verification node III may be according to a formula

For example, verification node III may be according to a formula

e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_m，k)

wherein L is_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mIntermediate parameters representing m supervisors, e_m+1Representing said first random number, e₁，…，e_mAnd constructing the random number set, wherein m represents the number of the supervisors, H () represents a hash function, and k is 1, …, and m + 1.

In particular, the verification node may be according to formula e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_mK) obtaining each random number e in the set of random numbers₁，…，e_mAnd a first random number e_m+1，L_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mAn intermediate parameter representing m supervisors, m representing the number of said supervisors, H () representing a hash function, k being 1, …, m + 1.

Fig. 5 is a schematic flow chart of a method for transaction tracking based on a transaction bill according to a fifth embodiment of the present invention, and as shown in fig. 5, the method for transaction tracking based on a transaction bill according to the embodiment of the present invention includes:

s501, acquiring a transaction bill which is linked up from a block chain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, and intermediate parameters and an address list of each supervisor;

specifically, after the chain is linked to the transaction bill, the monitoring node may obtain the transaction bill from the block chain, where the transaction bill may include the temporary public key of the transaction funds held by the transaction initiator, the first parameter, the second parameter, the shared parameter, the intermediate parameters of each monitor, the address list, the random number ciphertext, the double ring signature result, and the other transaction related information.

S502, obtaining a temporary address according to the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameter of the local supervisor and the local supervision private key;

specifically, the monitoring node may obtain the temporary public key of the transaction fund held by the transaction initiator and the intermediate parameters of each monitor from the transaction bill, then obtain the intermediate parameters of the local monitor from the intermediate parameters of each monitor, and then obtain the temporary address according to the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameters of the local monitor and the local monitor private key.

For example, the supervision node IV is according to the formula

Calculating to obtain a temporary address B^*，PK_newTemporary public key of transaction funds held by the transaction initiator, S_γAs an intermediate parameter of the local supervisor, y_γFor local supervision of private keys, since PK_new＝g^r·B_γ，

Brought into temporary address B^*The formula for the calculation of (a) is,

s503, if the address matched with the temporary address exists in the address list, outputting the address matched with the temporary address.

Specifically, after obtaining the temporary address, the supervisory node compares the temporary address with the consumption public key of each address in the address list, and if the temporary address matches with the consumption public key of one address in the address list, it indicates that an address matching the temporary address exists in the address list, and the address of the transaction receiver of the transaction bill is tracked, and the supervisory node may output an address matching the temporary address, that is, the address of the transaction receiver of the transaction bill is output.

Each supervisor can track the address of the transaction receiver through steps S501, S502, and S503, so that the transaction initiator only needs to initiate a transaction once, and each supervisor can independently track and audit the position of the address of the transaction receiver in the address list. When the number of the supervisors is multiple, the supervisors do not need to communicate with each other or calculate together, and therefore supervision efficiency is improved.

Compared with the existing privacy protection blockchain system, the efficient transaction processing method and the tracking method based on the blockchain provided by the embodiment of the invention have the advantages that the accuracy and verifiability of the temporary public key can be ensured by the temporary public key generation algorithm of the temporary public key of the transaction fund held by the transaction initiator according to the technical scheme provided by the embodiment of the invention; compared with the supervision scheme in the prior art, the technical scheme of the embodiment of the invention can support multi-party supervision audit, and multiple supervisors which are not trusted with each other can track the address of the transaction receiver without extra communication and calculation.

The correctness of the technical scheme provided by the embodiment of the invention comes from

The correct collection of money by the transaction receiver of the transaction bill can be ensured. The security of the technical scheme is derived from computing the SK of the private key_newR + b, requiring use of the address of the recipient of the transactionConsumption of private key, inability to compute SK at other addresses_new. The privacy of the technical scheme is derived from the anonymity of the double-ring signature, namely, any other node cannot know the address Add of the real transaction receiver_γAt L_Add＝{Add₁，…，Add_nSpecific position in.

The binding property of the technical scheme is derived from double-ring signature binding property of a holding position, and the position of a first public key corresponding to the temporary public key of the transaction fund held by the transaction initiator in a first public key set is required to be the same as the position of a second public key corresponding to the temporary public key of the transaction fund held by the transaction initiator in a second public key set, namely, Add is assumed_γ∈L_AddIn the gamma position, then Add_γCorresponding first public key L_γe.L in the gamma-th position of the first public key set L, Add_γCorresponding second public key L'_γE L 'is in the gamma-th position of the second set of public keys L', so a double ring signature can be completed using the third and fourth parameters, respectively. Binding is required because the generation of a new public key must use Add at the same time_γ＝(A_γ，B_γ) A in (1)_γAnd B_γ. If Add_γThe position of the corresponding first public key in the first public key set is different from the position of the corresponding second public key in the second public key set, wherein the second public key corresponds to the temporary public key of the transaction fund held by the transaction initiator, so that any receiver cannot identify own transaction according to a preset method and cannot normally collect money, and the bill risk with an incorrect format is caused.

The format correctness of the technical scheme is derived from a plurality of random numbers e_kUnder the cryptographic guarantee, the transaction initiator must be PK-compliant_new＝g^r·B，R₁＝A^r，R₂＝h^r，

The format generation transaction can pass the verification, thus ensuring the format correctness of the technical scheme. The traceability of the technical scheme comes from

Therefore, the supervisor can calculate the address of the real transaction receiver, and the supervision of the address of the transaction receiver is realized.

Fig. 6 is a schematic structural diagram of a block chain-based efficient transaction processing apparatus according to a sixth embodiment of the present invention, and as shown in fig. 6, the block chain-based efficient transaction processing apparatus according to the embodiment of the present invention includes a building unit 601, a first obtaining unit 602, a second obtaining unit 603, an encrypting unit 604, a signing unit 605, and an issuing unit 606, where:

the construction unit 601 is used for constructing an address list according to the address of the transaction receiver and n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key; the first obtaining unit 602 is configured to obtain a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtain a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtain a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap public parameter, and obtain an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; the second obtaining unit 603 is configured to obtain a first public key set according to the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, the intermediate parameter of each supervisor, the random number set, and the first random number, and obtain a second public key set according to the query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set, and the first random number; wherein the set of random numbers and the first random number are obtained in advance; the encrypting unit 604 is configured to encrypt a random number corresponding to a transaction fund held by the transaction initiator through a shared key of the transaction initiator and a shared key of the transaction receiver, so as to obtain a random number ciphertext; the signature unit 605 is configured to perform double-ring signature on the first public key set and the second public key set, and obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information; the issuing unit 606 is configured to generate and issue a transaction bill onto the blockchain, where the transaction bill includes the temporary public key of the transaction funds held by the transaction initiator, the first parameter, the second parameter, the intermediate parameters of the respective supervisors, the shared parameter, the address list, the nonce ciphertext, the double-ring signature result, and the other transaction-related information.

Specifically, the building unit 601 may obtain the address of the transaction receiver, and obtain n-1 other addresses from the blockchain, and build the address list according to the address of the transaction receiver and the n-1 other addresses. The other addresses are addresses irrelevant to the transaction, namely n-1 other addresses are not addresses of the receiver of the transaction, and the privacy protection effect on the address of the receiver of the transaction is achieved. Each address in the address list includes a query public key and a consumption public key.

The first obtaining unit 602 randomly generates a random number as a random number corresponding to the transaction fund held by the transaction initiator, and then obtains the temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver. The first obtaining unit 602 obtains a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver. The first obtaining unit 602 obtains a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trapdoor common parameter. The first obtaining unit 602 obtains the intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor.

The second obtaining unit 603 obtains a random number set and a first random number, then obtains a first public key set from a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set, and the first random number, and obtains a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, a supervision public key of each supervisor, the random number set, and the first random number. Wherein the set of random numbers and the first random number are obtained in advance.

The encryption unit 604 may obtain the shared key of the transaction initiator and the transaction receiver, and then encrypt the random number corresponding to the transaction fund held by the transaction initiator through the shared key of the transaction initiator and the transaction receiver to obtain a random number ciphertext.

The signature unit 605 performs double-ring signature on the first public key set and the second public key set at the holding positions, so as to obtain a double-ring signature result, where the double-ring signature result may include the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, the shared parameter, an intermediate parameter of each supervisor, the address list, the random number ciphertext, and other transaction related information. The signature algorithm used by the dual-ring signature is set according to actual needs, and the embodiment of the invention is not limited. The other transaction related information includes, but is not limited to, a transaction fund commitment set, a traceable interval certification, a traceable linkable ring signature, a first public key set, a second public key set, and the like, and is set according to actual needs, which is not limited in the embodiment of the present invention.

The issuing unit 606 may generate a transaction bill according to the temporary public key of the transaction fund held by the transaction initiator, the first parameter, the second parameter, the sharing parameter, the intermediate parameters of each supervisor, the address list, the random number cipher text, the double-ring signature result, and the other transaction-related information, and then issue the transaction bill onto a blockchain. The verification node acquires the transaction bill issued by the transaction initiating node, then verifies the transaction bill, and after the transaction bill passes the verification, the transaction bill is linked up and can be acquired by the transaction receiving node.

According to the efficient transaction processing device based on the block chain, provided by the embodiment of the invention, an address list is constructed according to the address of a transaction receiver and n-1 other addresses; obtaining a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap door public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by a transaction initiator, a consumption public key of each address in an address list, a second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to an inquiry public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; encrypting a random number corresponding to a transaction fund held by a transaction initiator through a shared key of the transaction initiator and a shared key of a transaction receiver to obtain a random number ciphertext; carrying out position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the transaction bill is generated and issued to the blockchain, and the transaction search calculation amount of the transaction receiver can be reduced while the transaction safety is ensured through the temporary public key of the transaction fund held by the transaction initiator, so that the transaction efficiency is improved. In addition, recipient account identity privacy and multi-monitoring auditing can be achieved through the dual-ring signature.

Fig. 7 is a schematic structural diagram of a device for collecting payment based on a transaction bill according to a seventh embodiment of the present invention, which is applied to a transaction bill generated by the block chain-based efficient transaction processing device according to any of the above embodiments, and as shown in fig. 7, the device for collecting payment based on a transaction bill according to the embodiment of the present invention includes a first obtaining unit 701, a first determining unit 702, a decrypting unit 703, a third obtaining unit 704, and a second determining unit 705, where:

the first obtaining unit 701 is configured to obtain a transaction bill that has been linked from a blockchain, where the transaction bill includes an address list, a first parameter, a temporary public key of a transaction fund held by a transaction initiator, and a random number ciphertext; the first judging unit 702 is configured to, after judging that a local address exists in the address list, obtain a public key to be matched according to the first parameter, the local query private key, and the local consumption public key; the decryption unit 703 is configured to decrypt the random number ciphertext through the shared key of the transaction initiator and the transaction receiver after it is determined that the to-be-matched public key is equal to the temporary public key of the transaction fund held by the transaction initiator, so as to obtain a random number corresponding to the transaction fund held by the transaction initiator; the third obtaining unit 704 is configured to obtain a temporary private key according to the random number corresponding to the transaction fund held by the transaction initiator and the local consumption private key; the second determining unit 705 is configured to perform a money receiving operation after determining that the temporary private key matches the temporary public key of the transaction fund held by the transaction initiator.

Specifically, the first obtaining unit 701 may obtain the transaction bill that is linked up from the blockchain, where the transaction bill may include a temporary public key of the transaction funds held by the transaction initiator, a first parameter, a second parameter, a shared parameter, an intermediate parameter of each supervisor, an address list, a random number ciphertext, a double-ring signature result, and other transaction related information.

After obtaining the transaction bill, the first determining unit 702 compares the local address with each address in the address list, and if there is an address in the address list that is the same as the local address, then there is a local address in the address list, which needs to further verify whether the transaction bill is a transaction bill for local account transfer. And the transaction receiving node obtains a public key to be matched according to the first parameter, the local consumption public key and the local inquiry private key.

After obtaining the public key to be matched, the decryption unit 703 compares the public key to be matched with the temporary public key of the transaction fund held by the transaction initiator, and if the public key to be matched is equal to the temporary public key of the transaction fund held by the transaction initiator, it indicates that the transaction bill is a transaction bill transferred to local. The decryption unit 703 decrypts the random number cipher text by using the shared key of the transaction initiator and the transaction receiver, so as to obtain a random number corresponding to the transaction fund held by the transaction initiator.

After obtaining the random number corresponding to the transaction fund held by the transaction initiator, the third obtaining unit 704 obtains the temporary private key according to the random number corresponding to the transaction fund held by the transaction initiator and the local consumption private key.

After obtaining the temporary private key, the second decision unit 705 checks if the temporary private key matches the temporary public key of the transaction funds held by the transaction initiator, and if the temporary private key matches the temporary public key of the transaction funds held by the transaction initiator, a money receiving operation may be performed. If the temporary private key does not match the temporary public key of the transaction funds held by the transaction initiator, then a cash-up operation cannot be performed.

The efficient transaction processing device based on the block chain can search related transaction bills based on the address list in the transaction bills, reduce the calculation amount of transaction bill search and improve the processing efficiency of the transaction bills.

Fig. 8 is a schematic structural diagram of an apparatus for performing verification based on a transaction bill according to an eighth embodiment of the present invention, and as shown in fig. 8, the apparatus is applied to a transaction bill generated by a block chain based efficient transaction processing apparatus according to any of the above embodiments, and the apparatus for performing verification based on a transaction bill according to the embodiment of the present invention includes a second obtaining unit 801, a fourth obtaining unit 802, and a verification unit 803, where:

the second obtaining unit 801 is configured to obtain a released transaction bill from the blockchain, where the transaction bill includes a temporary public key of a transaction fund held by a transaction initiator, a first parameter, a second parameter, an intermediate parameter of each supervisor, an address list, and a double-ring signature result; the fourth obtaining unit 802 is configured to obtain a first public key set according to the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, the intermediate parameter of each administrator, the random number set, and the first random number, and obtain a second public key set according to the query public key of each address in the address list, the trapdoor public parameter, the administration public key of each administrator, the random number set, and the first random number; wherein the set of random numbers and the first random number are obtained in advance; the verifying unit 803 is configured to verify the double-ring signature result based on the first public key set and the second public key set.

Specifically, after the transaction initiation node issues the transaction bill to the blockchain, the second obtaining unit 801 may obtain the transaction bill from the blockchain, where the transaction bill may include a temporary public key of the transaction fund held by the transaction initiation node, the first parameter, the second parameter, the shared parameter, intermediate parameters of each supervisor, an address list, a random number ciphertext, a double-ring signature result, and other transaction related information.

The fourth obtaining unit 802 obtains the random number set and the first random number, and obtains the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, and the intermediate parameter of each supervisor from the transaction bill, and then obtains the first public key set according to the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, the intermediate parameter of each supervisor, the random number set, and the first random number. The fourth obtaining unit 802 obtains the query public key of each address in the address list and the supervision public key of each supervisor from the transaction bill, and then obtains a second public key set according to the query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set, and the first random number.

After obtaining the first set of public keys and the second set of public keys, the verification unit 803 may verify the double-ring signature result based on the first set of public keys and the second set of public keys. In the process of signature verification on the first public key set L, the signature verification method can use

And performing signature verification as a generator.

Fig. 9 is a schematic structural diagram of an apparatus for transaction tracking based on transaction bills according to a ninth embodiment of the present invention, which is applied to a transaction bill generated by the block chain based efficient transaction processing apparatus according to any of the above embodiments, and as shown in fig. 9, the apparatus for transaction tracking based on transaction bills according to the embodiment of the present invention includes a third obtaining unit 901, a fifth obtaining unit 902, and an output unit 903, where:

the third obtaining unit 901 is configured to obtain a transaction bill that has been linked from the blockchain, where the transaction bill includes the temporary public key of the transaction funds held by the transaction initiator, the intermediate parameters of each supervisor, and the address list; the fifth obtaining unit 902 is configured to obtain a temporary address according to the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameter of the local administrator, and the local administration private key; the output unit 903 is configured to output an address matching the temporary address after judging that an address matching the temporary address exists in the address list.

Specifically, after the chain is linked to the transaction bill, the third obtaining unit 901 may obtain the transaction bill from the block chain, where the transaction bill may include the temporary public key of the transaction funds held by the transaction initiator, the first parameter, the second parameter, the shared parameter, the intermediate parameters of each supervisor, the address list, the random number ciphertext, the double ring signature result, and the other transaction related information.

The fifth obtaining unit 902 may obtain the temporary public key of the transaction fund held by the transaction initiator and the intermediate parameters of each supervisor from the transaction bill, then obtain the intermediate parameters of the local supervisor from the intermediate parameters of each supervisor, and then obtain the temporary address according to the temporary public key of the transaction fund held by the transaction initiator, the intermediate parameters of the local supervisor, and the local supervision private key.

After obtaining the temporary address, the output unit 903 compares the temporary address with the consumption public key of each address in the address list, if the temporary address matches with the consumption public key of one address in the address list, it indicates that there is an address matching with the temporary address in the address list, and the address of the transaction receiver of the transaction bill is tracked, and the supervisory node may output the address matching with the temporary address, that is, the address of the transaction receiver of the transaction bill is output.

The transaction tracking device based on the block chain provided by the embodiment of the invention realizes the tracking of the address of the transaction receiver, the transaction initiator only needs to initiate one transaction, and each supervisor can independently track and audit the position of the address of the transaction receiver in the address list. When the number of the supervisors is multiple, the supervisors do not need to communicate with each other or calculate together, and therefore supervision efficiency is improved.

The embodiment of the apparatus provided in the embodiment of the present invention may be specifically configured to execute the processing flows of the above method embodiments, and the functions of the apparatus are not described herein again, and refer to the detailed description of the above method embodiments.

Fig. 10 is a schematic physical structure diagram of an electronic device according to a tenth embodiment of the present invention, and as shown in fig. 10, the electronic device may include: a first Processor (Processor)1001, a first communication Interface (Communications Interface)1002, a first Memory (Memory)1003 and a first communication bus 1004, wherein the first Processor 1001, the first communication Interface 1002 and the first Memory 1003 complete communication with each other through the first communication bus 1004. The first processor 1001 may call logic instructions in the first memory 1003 to perform methods, including, for example: constructing an address list according to the address of the transaction receiver and the n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key; obtaining a temporary public key of the transaction fund held by a transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of a transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance; encrypting a random number corresponding to a transaction fund held by the transaction initiator through a shared key of the transaction initiator and a shared key of the transaction receiver to obtain a random number ciphertext; performing position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information; generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of respective supervisors, the shared parameter, the address list, the nonce cryptogram, the double-ring signature result, and the other transaction related information. Or

Acquiring a transaction bill which is linked from a blockchain, wherein the transaction bill comprises an address list, a first parameter, a temporary public key of transaction funds held by a transaction initiator and a random number ciphertext; if the local address exists in the address list, obtaining a public key to be matched according to the first parameter, the local query private key and the local consumption public key; if the public key to be matched is judged to be equal to the temporary public key of the transaction fund held by the transaction initiator, decrypting the random number ciphertext through the shared secret keys of the transaction initiator and the transaction receiver to obtain a random number corresponding to the transaction fund held by the transaction initiator; obtaining a temporary private key according to a random number corresponding to the transaction fund held by the transaction initiator and a local consumption private key; and if the temporary private key is matched with the temporary public key of the transaction fund held by the transaction initiator, performing money collection operation. Or

Acquiring a issued transaction bill from a block chain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, a first parameter, a second parameter, intermediate parameters of each supervisor, an address list and a double-ring signature result; obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance; and verifying the double-ring signature result based on the first public key set and the second public key set.

The present embodiments disclose a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, the computer is capable of performing a method comprising, for example: constructing an address list according to the address of the transaction receiver and the n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key; obtaining a temporary public key of the transaction fund held by a transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of a transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance; encrypting a random number corresponding to a transaction fund held by the transaction initiator through a shared key of the transaction initiator and a shared key of the transaction receiver to obtain a random number ciphertext; performing position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information; generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of respective supervisors, the shared parameter, the address list, the nonce cryptogram, the double-ring signature result, and the other transaction related information.

Or

Acquiring a transaction bill which is linked up from a block chain, wherein the transaction bill comprises an address list, a first parameter, a temporary public key of transaction funds held by a transaction initiator and a random number ciphertext; if the local address exists in the address list, obtaining a public key to be matched according to the first parameter, the local query private key and the local consumption public key; if the public key to be matched is judged to be equal to the temporary public key of the transaction fund held by the transaction initiator, decrypting the random number ciphertext through the shared secret keys of the transaction initiator and the transaction receiver to obtain a random number corresponding to the transaction fund held by the transaction initiator; obtaining a temporary private key according to a random number corresponding to the transaction fund held by the transaction initiator and a local consumption private key; and if the temporary private key is judged to be matched with the temporary public key of the transaction fund held by the transaction initiator, performing collection operation. Or alternatively

The present embodiments provide a computer-readable storage medium storing first computer instructions that cause a computer to perform a method, for example, comprising: constructing an address list according to the address of the transaction receiver and the n-1 other addresses; wherein, the other addresses are addresses irrelevant to the transaction; each address in the address list comprises a query public key and a consumption public key; obtaining a temporary public key of the transaction fund held by a transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of a transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance; encrypting a random number corresponding to a transaction fund held by the transaction initiator through a shared key of the transaction initiator and a shared key of the transaction receiver to obtain a random number ciphertext; performing position-keeping double-ring signature on the first public key set and the second public key set to obtain a double-ring signature result; the double-ring signature result comprises the first public key set, the second public key set, a random number corresponding to a transaction fund held by the transaction initiator, the first parameter, the second parameter, a shared parameter, an intermediate parameter of each supervisor, the address list, a random number ciphertext and other transaction related information; generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of respective supervisors, the shared parameter, the address list, the nonce cryptogram, the double-ring signature result, and the other transaction related information. Or

Fig. 11 is a schematic physical structure diagram of an electronic device according to an eleventh embodiment of the present invention, and as shown in fig. 11, the electronic device may include: a second Processor (Processor)1101, a second communication Interface (Communications Interface)1102, a second Memory (Memory)1103 and a second communication bus 1104, wherein the second Processor 1101, the second communication Interface 1102 and the second Memory 1103 complete communication with each other through the second communication bus 1104. The second processor 1101 may call logic instructions in the second memory 1103 to perform a method, for example, comprising: acquiring a transaction bill which is linked up from a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, intermediate parameters and an address list of each supervisor; obtaining a temporary address according to a temporary public key of transaction funds held by the transaction initiator, intermediate parameters of a local supervisor and a local supervision private key; and if judging that the address list has the address matched with the temporary address, outputting the address matched with the temporary address.

The present embodiments disclose a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, the computer is capable of performing a method comprising, for example: acquiring a transaction bill which is linked up from a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, intermediate parameters and an address list of each supervisor; obtaining a temporary address according to a temporary public key of transaction funds held by the transaction initiator, intermediate parameters of a local supervisor and a local supervision private key; and if judging that the address list has the address matched with the temporary address, outputting the address matched with the temporary address.

The present embodiments provide a computer readable storage medium storing second computer instructions that cause the computer to perform a method, for example, comprising: acquiring a transaction bill which is linked up from a blockchain, wherein the transaction bill comprises a temporary public key of transaction funds held by a transaction initiator, intermediate parameters and an address list of each supervisor; obtaining a temporary address according to a temporary public key of transaction funds held by the transaction initiator, intermediate parameters of a local supervisor and a local supervision private key; and if judging that the address list has the address matched with the temporary address, outputting the address matched with the temporary address.

In addition, the logic instructions in the first memory 1003 and the second memory 1103 can be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer (which may be a personal computer, an apparatus, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In the description herein, reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims

1. An efficient transaction processing method based on a blockchain is characterized by comprising the following steps:

obtaining a temporary public key of the transaction fund held by a transaction initiator according to a random number corresponding to the transaction fund held by the transaction initiator and a consumption public key of a transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a query public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and a trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; wherein the random number corresponding to the transaction fund held by the transaction initiator is randomly generated;

obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set and the first random number; the random number set and the first random number are obtained in advance based on a preset formula, and the first random number is different from the random numbers included in the random number set;

generating and issuing a transaction bill onto a blockchain, the transaction bill including a temporary public key of transaction funds held by the transaction initiator, the first parameter, the second parameter, intermediate parameters of each supervisor, the shared parameter, the address list, the nonce cryptogram, the dual ring signature result, and the other transaction related information;

wherein the obtaining a first set of public keys according to the temporary public key of the transaction fund held by the transaction initiator, the consumption public key of each address in the address list, the second parameter, the intermediate parameter of each supervisor, a set of random numbers, and the first random number comprises:

according to the formula

Calculating the ith first public key PK of the first public key set_iWherein, PK_newTemporary public key representing transaction funds held by the transaction initiator, B_iA consumption public key, R, representing the ith address in the address list₂Represents the second parameter, e_m+1Representing said first random number, e_jRepresents the jth random number, S, in the set of random numbers_jIntermediate parameters representing the jth supervisor;

wherein the obtaining a second public key set according to the query public key of each address in the address list, the trapdoor public parameter, the supervision public key of each supervisor, the random number set, and the first random number comprises:

according to the formula

Calculating to obtain ith second public key PK 'of the second public key set'_iWherein, PK_newTemporary public key representing transaction funds held by the transaction initiator, A_iA query public key representing the ith address in the address list, h represents the trapdoor public parameter, e_m+1Representing said first random number, e_jRepresents the jth random number, S, in the set of random numbers_jIntermediate parameter, h, representing the jth supervisor_jRepresenting the jth supervision public key.

2. The method of claim 1, wherein the double-ring signature that holds the first set of public keys and the second set of public keys comprises:

taking a third parameter as a generator to sign the first public key set, and taking a fourth parameter as a generator to sign the second public key set; wherein the third parameter is obtained according to a common generator, the trapdoor common parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor; the fourth parameter is obtained according to the first parameter, the second parameter, the first random number, the random number set and intermediate parameters of each supervisor.

3. The method according to claim 1 or 2, wherein the formula for obtaining the set of random numbers and the first random number is as follows:

e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_m，k)

wherein L is_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mIntermediate parameters representing m supervisors, e_m+1Represents the first random number, e₁，…，e_mAnd (c) forming the random number set, wherein m represents the number of the supervisors, H () represents a hash function, and k is 1, …, and m + 1.

4. A method for receiving transaction bills generated by the block chain-based efficient transaction processing method according to any one of claims 1 to 3, comprising:

5. The method of claim 4, further comprising:

6. A method for verifying a transaction bill generated based on the block chain based efficient transaction processing method according to any one of claims 1 to 3, comprising:

obtaining a first public key set according to a temporary public key of transaction funds held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set and a first random number, and obtaining a second public key set according to a query public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set and the first random number; wherein the set of random numbers and the first random number are obtained in advance based on a preset formula;

7. The method of claim 6, wherein the verifying the double-ring signature result based on the first set of public keys and the second set of public keys comprises:

taking a third parameter as a generator to perform signature verification on the first public key set, and taking a fourth parameter as a generator to perform signature verification on the second public key set; wherein the third parameter is obtained according to a common generator, the trapdoor common parameter, the first random number, the set of random numbers, and an intermediate parameter of each supervisor; the fourth parameter is obtained according to the first parameter, the second parameter, the first random number, the set of random numbers, and intermediate parameters of each supervisor.

8. The method according to claim 6 or 7, wherein the formula for obtaining the set of random numbers and the first random number is as follows:

e_k＝H(L_Add，PK_new，R₁，R₂，S₁，…，S_m，k)

wherein L is_AddIndicating said address list, PK_newTemporary public key, R, representing transaction funds held by the transaction initiator₁Denotes a first parameter, R₂Represents the second parameter, S₁，…，S_mIntermediate parameters representing m supervisors, e_m+1Representing said first random number, e₁，…，e_mAnd (c) forming the random number set, wherein m represents the number of the supervisors, H () represents a hash function, and k is 1, …, and m + 1.

9. A method for transaction tracking based on a transaction bill generated by the block chain based efficient transaction processing method according to any one of claims 1 to 3, comprising:

obtaining a temporary address according to a temporary public key of the transaction fund held by the transaction initiator, intermediate parameters of a local supervisor and a local supervision private key;

10. An efficient transaction processing device based on blockchains, comprising:

the first obtaining unit is used for obtaining a temporary public key of the transaction fund held by the transaction initiator according to the random number corresponding to the transaction fund held by the transaction initiator and the consumption public key of the transaction receiver, obtaining a first parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the inquiry public key of the transaction receiver, obtaining a second parameter according to the random number corresponding to the transaction fund held by the transaction initiator and the trap public parameter, and obtaining an intermediate parameter of each supervisor according to the random number corresponding to the transaction fund held by the transaction initiator and the supervision public key of each supervisor; wherein the random number corresponding to the transaction fund held by the transaction initiator is randomly generated;

a second obtaining unit, configured to obtain a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set, and the first random number, and obtain a second public key set according to a query public key of each address in the address list, the trapdoor public parameter, a supervision public key of each supervisor, the random number set, and the first random number; the random number set and the first random number are obtained in advance based on a preset formula, and the first random number is different from the random numbers included in the random number set;

an issuing unit, configured to generate and issue a transaction bill onto a blockchain, where the transaction bill includes a temporary public key of a transaction fund held by the transaction initiator, the first parameter, the second parameter, an intermediate parameter of each supervisor, the shared parameter, the address list, the nonce ciphertext, the double-ring signature result, and the other transaction-related information;

wherein the second obtaining unit is specifically configured to obtain the second value according to a formula

Calculating the ith first public key PK of the first public key set_iWherein, PK_newTemporary public key representing transaction funds held by the transaction initiator, B_iA consumption public key, R, representing the ith address in the address list₂Represents said second parameter, e_m+1Representing said first random number, e_jRepresents the jth random number, S, in the set of random numbers_jRepresenting the intermediate parameter of the jth supervisor according to a formula

11. An apparatus for receiving a transaction bill generated by the blockchain-based efficient transaction processing apparatus according to claim 10, comprising:

12. An apparatus for validating a transaction bill generated by the blockchain-based efficient transaction processing apparatus according to claim 10, comprising:

a fourth obtaining unit, configured to obtain a first public key set according to a temporary public key of a transaction fund held by the transaction initiator, a consumption public key of each address in the address list, the second parameter, an intermediate parameter of each supervisor, a random number set, and the first random number, and obtain a second public key set according to a query public key of each address in the address list, a trapdoor public parameter, a supervision public key of each supervisor, the random number set, and the first random number; wherein the set of random numbers and the first random number are obtained in advance;

13. An apparatus for transaction tracking based on the transaction bill generated by the blockchain-based efficient transaction processing apparatus according to claim 10, comprising:

14. An electronic device comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, wherein the first processor implements the method of any one of claims 1 to 3, implements the method of claim 4 or 5, or implements the method of any one of claims 6 to 8 when executing the first computer program.

15. A computer-readable storage medium, on which a first computer program is stored, which, when being executed by a first processor, carries out the method of any one of claims 1 to 3, carries out the method of claim 4 or 5, or carries out the method of any one of claims 6 to 8.

16. An electronic device comprising a second memory, a second processor, and a second computer program stored on the second memory and executable on the second processor, wherein the second processor implements the method of claim 9 when executing the second computer program.

17. A computer-readable storage medium, on which a second computer program is stored, which, when being executed by a second processor, carries out the method of claim 9.