CN112287040A

CN112287040A - Rights and interests combination method and device based on block chain

Info

Publication number: CN112287040A
Application number: CN202011192135.4A
Authority: CN
Inventors: 李昊轩; 严强; 廖飞强; 王朝阳; 李辉忠; 张开翔; 范瑞彬
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2020-10-30
Filing date: 2020-10-30
Publication date: 2021-01-29
Anticipated expiration: 2040-10-30
Also published as: CN112287040B

Abstract

The embodiment of the invention provides a method and a device for combining rights and interests based on a block chain, wherein the method comprises the steps that a server receives m rights and interests combining requests sent by m client sides, the promised fragments of the same type are aggregated, n promised certificates are determined, clustering processing is carried out on rights and interests of the same type, n rights and interests certificate records are determined, promised factors aiming at the m rights and interests combining requests are generated and are aggregated on the basis of the n promised certificates and the n rights and interests certificate records, k zero knowledge certificates are determined, and verification requests are sent to the block chain. Because a plurality of users interact on the server to jointly generate k zero-knowledge proofs, other people can be prevented from acquiring the identity information of the users through the relevance of the rights and interests voucher, and therefore the privacy safety of the identity information of the users can be improved. And the privacy security of the rights and interests voucher data can be ensured when the voucher key is not locally left from the client.

Description

Rights and interests combination method and device based on block chain

Technical Field

The embodiment of the invention relates to the field of financial technology (Fintech), in particular to a block chain-based rights and interests combination method and device.

Background

With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies.

At present, the existing hiding payment merging method is mainly based on the third-party platform or the user to independently carry out hiding payment merging. Specifically, one method is to rely on a third-party platform to complete the operation of hiding payment combination, namely, when the third-party platform combines the right and interest certificates of a plurality of transfer users, the third-party platform firstly requests to obtain the user keys of the plurality of transfer users, and generates a combined transfer zero knowledge certificate based on the user keys of the plurality of transfer users, so as to complete the combination of the right and interest certificates of the plurality of transfer users. However, since the user key is sent to the third-party platform, the user key is separated from the user, which may cause the user key to be leaked, and thus the security and privacy of the transfer data of the user cannot be ensured. The other method is to finish the operation of hiding payment combination by the user, and does not interact with other users, namely the user generates transfer zero knowledge proof based on the user key, so as to finish the combination of the user's rights and interests certificate. However, since the processing method only merges the user's own rights and interests voucher, the identity information of the user can be obtained by tracing the relevance of the rights and interests voucher, which may cause the risk of the identity information of the user being leaked.

In summary, there is a need for a method for combining rights and interests based on a block chain to ensure the privacy and security of the user's identity information and rights and interests voucher data.

Disclosure of Invention

The embodiment of the invention provides a rights and interests combination method and device based on a block chain, which are used for ensuring the privacy security of identity information and rights and interests voucher data of a user.

In a first aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the server receives m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the server carries out aggregation processing on the same type of commitment fragments to determine n commitment certificates, and carries out clustering processing on the same type of equity vouchers to determine n equity voucher records;

the server generates commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records and respectively sends the commitment factors to the m clients;

the server receives m k-class zero-knowledge proof fragments sent by the m clients, and performs aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client;

the server sends a verification request to the blockchain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the blockchain to verify the matching of the n equity voucher records and the commitment factor.

In the technical scheme, because the zero-knowledge proof is generated based on the user, the identity information of the user can be easily acquired through tracing the relevance of the rights and interests voucher, so that the risk of leakage of the identity information of the user exists. Therefore, multiple users interact on the server to safely complete the merging of the equity certificates, namely, the server performs aggregation processing on the same type commitment fragments in the m n types of commitment fragments, so that the condition that other people can acquire the identity information of the users through tracing the relevance of the equity certificates can be avoided, and the privacy safety of the identity information of the users can be improved. Furthermore, based on n commitment certificates and n equity voucher records, a commitment factor aiming at m equity merging requests is generated, wherein the commitment factor is used for the client to generate k zero-knowledge certification fragments based on the commitment factor and voucher keys of n equity vouchers, namely, in the process of generating the k zero-knowledge certification fragments, the voucher key of the user does not leave the local part of the client of the user, so that the risk of leakage of the voucher key of the user can be avoided, and the privacy security of equity voucher data of the user can be ensured. And then, carrying out aggregation processing on the similar zero knowledge certification fragments in the m k-class zero knowledge certification fragments sent by the m clients to determine k zero knowledge certifications for verifying the matching between the n right certificate records and the commitment factor by the block chain, so that whether the right certificate of the user is falsified or not can be verified through the block chain, namely whether the right certificate of the user is accurate or not, thereby verifying that the right certificate of the user is real and effective, and improving the experience of the user. Therefore, the problem that identity information and rights and interests voucher data of a user are leaked in the prior art can be solved.

Optionally, the server performs clustering processing on the similar rights and interests certificates to determine n rights and interests certificate records, including:

the server carries out clustering processing on the same type of rights and interests certificates in the m n types of rights and interests certificates to obtain n clustered rights and interests certificate records;

and aiming at any one clustered right and interest certificate record, the server updates the sequence of the right and interest certificates in the right and interest certificate record according to a preset sequence rule to obtain the updated right and interest certificate record.

In the technical scheme, the order of the rights and interests voucher in the rights and interests voucher record is updated according to the preset order rule, so that the updated rights and interests voucher record is obtained. Therefore, the identity information of the user can be avoided being calculated based on the sequence of the rights and interests voucher, and the privacy safety of the identity information of the user can be ensured.

Optionally, the server generates a commitment factor for the m equity merge requests based on the n commitment certificates and the n equity voucher records, including:

and the server performs hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests.

In the above technical solution, the hash operation is performed on n commitment certificates and n equity voucher records to obtain commitment factors for m equity merge requests. Therefore, each user can generate respective zero-knowledge proof fragments based on the commitment factor, and support is provided for verifying the correctness of the rights and interests voucher by verifying the zero-knowledge proof of the subsequent block chain.

In a second aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the client generates n types of rights and interests certificates according to the rights and interests certificate generation mode; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

the client determines n types of commitment fragments according to the rights and interests voucher generation mode; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the client sends a rights and interests combination request to the server; the right merging request comprises n types of commitment fragments and n types of right vouchers;

the client receives the commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients;

the client generates k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights and interests to be merged and the certificate key of the n classes of rights and interests certificates and sends the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1 class to-be-merged right as that of the client.

In the technical scheme, n types of commitment fragments are determined according to the rights and interests voucher generating mode, the n types of commitment fragments are used for generating commitment factors by the server, and support can be provided for subsequently proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria. And generating k-class zero-knowledge proof fragments based on the commitment factor, the n-1 class rights to be merged and the certificate key of the n-class rights to be merged certificate. Therefore, in the process of generating the k-class zero-knowledge proof fragment, the credential key of the user does not leave the local of the user client, so that the risk of leakage of the credential key of the user can be avoided, and the privacy security of the rights and interests credential data of the user can be ensured. In addition, the k-class zero-knowledge proof fragments are used for verifying the matching between n right and interest certificate records and the commitment factor through the block chain, so that whether the right and interest certificate of the user is falsified or not can be verified through the block chain, namely whether the right and interest certificate of the user is accurate or not is verified, the right and interest certificate of the user is real and effective, and the user experience can be improved.

Optionally, the determining, by the client, n types of commitment fragments according to the rights and interests credential generation manner includes:

the client generates k random numbers;

the client determines a first type of commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

the client determines a second type of commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of the elliptic curve;

and the client determines a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve.

In the above technical solution, a first type of commitment fragment is determined based on a first random number and a second random number in the k random numbers and a first disclosure point and a second disclosure point of an elliptic curve; determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of an elliptic curve; and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve. The three types of commitment fragments are used for generating commitment factors by the server and can provide support for subsequently proving that n types of equity in n types of equity certificates meet the equity merging criteria.

Optionally, the client generates k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights to be merged, and the credential key of the n classes of rights vouchers, including:

the client generates a first zero knowledge proof fragment according to the commitment factor, the first voucher amount and a first random number in the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged;

the client generates a second zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n types of rights and interests certificates and a second random number in the k random numbers; the first certificate key is a key used for generating the first class of rights and interests certificate;

the client generates a third class of zero knowledge proof fragments according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of equity certificates in the n-1 type of equity to be merged;

the client generates a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating the second type of rights and interests certificate;

the client generates a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of rights and interests certificates and a fifth random number in the k random numbers; the third certificate key is a key used for generating the n-1 type right certificate after the right and the interest are merged.

In the technical scheme, a first-class zero-knowledge proof fragment is generated through a root commitment factor, the amount of a first voucher and a first random number in k random numbers; generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; generating a third type of zero knowledge proof fragment according to the commitment factor, the second voucher amount and a third random number in the k random numbers; generating a fourth type zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n types of rights and interests certificates and a fourth random number in the k random numbers; and generating a fifth zero-knowledge proof fragment according to the commitment factor, a third certificate key in the certificate keys of the n types of rights and interests certificates and a fifth random number in the k random numbers, so that whether the rights and interests certificates of the user are real and effective can be judged by verifying the three types of zero-knowledge proof fragments.

In a third aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the block chain receives a verification request sent by the server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

the block chain verifies the matching of the n equity voucher records and the commitment factor through the k zero knowledge proofs; the commitment factor is generated by the server based on the n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generating mode.

In the technical scheme, the matching between the n right and interest certificate records and the commitment factor is verified through k zero knowledge proofs. Therefore, whether the rights and interests certificate of the user is tampered in the rights and interests combination process or not can be verified, namely whether the rights and interests certificate of the user is accurate or not can be verified, so that the rights and interests certificate of the user is verified to be real and effective, and the user experience can be improved.

Optionally, the verifying, by the blockchain, the matching of the n equity voucher records to the commitment factor through the k zero knowledge proofs includes:

the block chain determines first verification information according to the commitment factor, a first entitlement voucher record in the n entitlement voucher records, and a first zero knowledge proof in the k zero knowledge proofs;

the block chain determines second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs;

the block chain determines third verification information according to the commitment factor, a third entitlement voucher record in the n entitlement voucher records, and a first zero knowledge proof, a third zero knowledge proof and a fifth zero knowledge proof in the k zero knowledge proofs;

and the block chain verifies the matching of the n right certificate records and the commitment factor according to the first verification information, the second verification information, the third verification information and the commitment factor.

In the above technical scheme, the matching between the n right and interest certificate records and the commitment factor is verified according to the first verification information, the second verification information, the third verification information and the commitment factor, so that whether the user falsifies the right and interest certificate in the right and interest combination process can be verified, and the non-falsification, verifiability and safety of the right and interest certificate of the user can be ensured, so that the right and interest certificate of the user is verified to be real and effective.

Optionally, the verifying, by the blockchain, the matching of the n equity voucher records and the commitment factor according to the first verification information, the second verification information, the third verification information, and the commitment factor includes:

the block chain carries out Hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;

the blockchain determines whether the commitment factor is consistent with the comprehensive verification of the verification information.

In the technical scheme, whether the commitment factor is consistent with the comprehensive verification of the verification information or not can be verified, whether the user falsifies the rights and interests voucher or whether the rights and interests voucher is badly done or not can be verified, whether the rights and interests voucher of the user is real and effective or not can be verified, and therefore the correctness and verifiability of the rights and interests voucher of the user can be guaranteed.

Optionally, the determining, by the blockchain, whether the commitment factor is consistent with the comprehensive verification of the verification information includes:

and after determining that the commitment factor is consistent with the comprehensive verification of the verification information, the block chain generates a combined rights and interests voucher and deletes the old rights and interests voucher.

In the technical scheme, after determining that the commitment factor is consistent with the comprehensive verification of the verification information, generating the combined rights and interests voucher, and deleting the old rights and interests voucher. Therefore, the user can conveniently and accurately use the new rights and interests voucher in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

In a fourth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

the first receiving unit is used for receiving m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the first processing unit is used for carrying out aggregation processing on the same type of commitment fragments to determine n commitment certificates, carrying out clustering processing on the same type of equity certificates to determine n equity certificate records; generating commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records, and respectively sending the commitment factors to the m clients; receiving m k-class zero-knowledge proof fragments sent by the m clients, and performing aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; sending a verification request to the blockchain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the blockchain to verify the matching of the n equity voucher records and the commitment factor.

Optionally, the first processing unit is specifically configured to:

clustering the same type of rights and interests certificates in the m n types of rights and interests certificates to obtain n clustered rights and interests certificate records;

and updating the order of the rights and interests in the rights and interests voucher records according to a preset order rule aiming at any one of the clustered rights and interests voucher records to obtain the updated rights and interests voucher records.

Optionally, the first processing unit is specifically configured to:

and carrying out hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests.

In a fifth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

the generating unit is used for generating n types of rights and interests certificates according to the rights and interests certificate generating mode; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

the second processing unit is used for determining n types of commitment fragments according to the rights and interests voucher generation mode; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria; sending a rights and interests combination request to a server; the right merging request comprises n types of commitment fragments and n types of right vouchers; receiving a commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients; generating k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights and interests to be merged and the certificate key of the n classes of rights and interests certificates, and sending the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1 class to-be-merged right as that of the client.

Optionally, the second processing unit is specifically configured to:

generating k random numbers;

determining a first type of commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of the elliptic curve;

and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve.

Optionally, the second processing unit is specifically configured to:

generating a first class of zero knowledge proof fragments according to the commitment factor, the first voucher amount and a first random number in the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged;

generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; the first certificate key is a key used for generating the first class of rights and interests certificate;

generating a third class of zero knowledge proof fragments according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of equity certificates in the n-1 type of equity to be merged;

generating a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating the second type of rights and interests certificate;

generating a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of rights and interests certificates and a fifth random number in the k random numbers; the third certificate key is a key used for generating the n-1 type right certificate after the right and the interest are merged.

In a sixth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

the second receiving unit is used for receiving the verification request sent by the server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

the verification unit is used for verifying the matching of the n equity voucher records and the commitment factor through the k pieces of zero knowledge proofs; the commitment factor is generated by the server based on the n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generating mode.

Optionally, the verification unit is specifically configured to:

determining first verification information according to the commitment factor, a first equity certificate record in the n equity certificate records, and a first zero knowledge certificate in the k zero knowledge certificates;

determining second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs;

determining third verification information according to the commitment factor, a third right certificate record in the n right certificate records, and a first zero knowledge proof, a third zero knowledge proof and a fifth zero knowledge proof in the k zero knowledge proofs;

and verifying the matching of the n right certificate records and the commitment factor according to the first verification information, the second verification information, the third verification information and the commitment factor.

Optionally, the verification unit is specifically configured to:

performing hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of verification information;

determining whether the commitment factor is consistent with the comprehensive verification of the verification information.

Optionally, the verification unit is specifically configured to:

and after determining that the commitment factor is consistent with the comprehensive verification of the verification information, generating a combined rights and interests voucher, and deleting the old rights and interests voucher.

In a seventh aspect, an embodiment of the present invention provides a computing device, including:

a memory for storing a computer program;

and the processor is used for calling the computer program stored in the memory and executing the rights and interests combination method based on the block chain according to the obtained program.

In an eighth aspect, an embodiment of the present invention provides a computer-readable storage medium storing a computer-executable program for causing a computer to execute a method for combining rights based on a block chain.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a block chain-based equity combining method according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of a block chain-based equity combining device according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a block chain-based equity combining device according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a device for combining rights and interests based on a block chain according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In the following, some terms related to the embodiments of the present invention are first explained to facilitate understanding by those skilled in the art.

(1) Confidential transaction: a confidential transaction is a transaction in which the amount of the transaction is completely concealed when transferring between accounts in a blockchain, while allowing the blockchain nodes to verify the correctness of the transaction data. For example, a transfer a is split into b + c, allowing the node to verify that a is b + c, and b >0, c > 0. Confidential transactions may be implemented using the perseder commit and the butletprofoms.

(2) And (4) hiding payment: the secret payment is a special payment mode and is characterized in that: 1. identity hiding: the equity and equity owner may not reveal their identity when making transfers, but may verify their ownership of the equity and may give proof that the equity is associated with their identity. 2. Resisting double flowers: the same rights voucher cannot be spent twice. 3. Hiding rights and interests: in addition to the rights-holder, and the transaction initiator, the contents of the rights voucher, such as the transaction amount, are not known by other authorities. 4. Transaction hiding: except for the transaction participants, the third party cannot know the specific details of the transaction, such as information of the transaction participants, the transaction initiation time, the signature and the like; note that the uplink time is published. 5. The supervision is friendly: the supervisor can obtain the necessary arbitration information at a time after the transaction has occurred.

The basic functional profile of the suppressed payment is as follows:

a. opening: after necessary online and offline auditing by a financial institution, the certificate is used as a certificate with a fixed sum which can be redeemed, and the rights and interests certificate is issued.

b. Cashing: each circulating right certificate binds a right exchange service side public key, and the right owner exchanges right with the right exchange service side through the right certificate and the right certificate is invalidated.

c. And (4) paying the amount:

splitting: each right and interest voucher can be split into a plurality of shares, and the total face value of the split plurality of right and interest vouchers is equal to the original face value.

Merging: can be realized before payment by the service side. Multiple rights vouchers may be combined into one share. The combined total face value of the rights and interests voucher is equal to the original face value.

And (4) paying the rights and interests: string-type entitlement vouchers may be fully transferred to others.

(3) Digital certificate: the digital certificate is a string of numbers which mark identity information of each communication party in Internet communication and provides a way of verifying the identity of a communication entity on the Internet, and the digital certificate is not a digital identity card, but a seal or stamp (or a signature added to the digital identity card) covered on the digital identity card by an identity authentication mechanism. It is issued by an Authority, CA, also known as Certificate Authority (Certificate Authority), which people can use over the internet to identify the other party.

(4) Block chains: the block chain is a chain formed by a series of blocks, and the Hash value of each block is recorded on each block in addition to the data of the block, so that the chain is formed. In addition, the core concept of blockchains is two: one is cryptography and the other is a decentralization idea. Based on the two concepts, historical information on the blockchain cannot be tampered. One block in the block chain is composed of a block head and a block body. The block head mainly comprises the height h of the block, the hash of the previous block and the like, and the block mainly stores transaction data.

(5) Zero knowledge proves that: a zero knowledge proof means that the prover can convince the verifier that some argument is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.

(6) Federation chain: in the blockchain technology, blockchains can be classified into public chains, private chains and alliance chains according to different access control permissions of the blockchain network. The public chain node is a block chain structure which can be participated by anyone and can be accessed by anyone; a private chain is a block chain structure that is open only to individual individuals (e.g., inside a company, school, etc.); the alliance chain is a block chain structure which is widely applied at present and is very popular. In this architecture, the blockchain is maintained by certain organizations, is open to certain individuals, and can incorporate a policing node to make the blockchain tamper-proof while meeting the corresponding policing requirements.

As described above, some terms related to the embodiments of the present invention are described, and the technical features related to the embodiments of the present invention are described below.

To facilitate understanding of the embodiments of the present invention, first, a rights integration system architecture suitable for the embodiments of the present invention is described by taking the system architecture shown in fig. 1 as an example. The rights and interests merging system architecture can be applied to transfer transactions, payment transactions and the like among accounts of a block chain, and in an actual application scenario, the rights and interests merging system architecture is not limited in this respect. As shown in fig. 1, the system architecture may include at least one user client (user client 111, user client 112, user client 113, etc.), server 120, and blockchain 130. Each user client corresponds to one user, each user client is connected to the server 120, and the server is connected to the block chain 130, for example, the server may be connected in a wired manner or in a wireless manner, which is not limited specifically. It should be noted that, since the at least one user client (the user client 111, the user client 112, the user client 113, and the like) respectively corresponds to one user, the user client 111, the user client 112, the user client 113, and the like may respectively represent one user.

The user uses the user client to complete the transfer operation of the rights and interests voucher, the representation form of the rights and interests voucher is vG + rH, v is the voucher amount (such as 7), r is the voucher secret key and is a 256-bit random number. G and H are the points disclosed on the elliptic curve. The user interacts with other user clients and the affiliated bank uplink front end (server 120) on the user client to jointly generate a merged zero-knowledge proof for verification by the blockchain 130.

The user can send the self-generated zero-knowledge proof fragment to the uplink front of the affiliated bank (the server 120) through the user client. The affiliated uplink front bank (server 120) performs negotiation calculation on zero proof of knowledge fragments transmitted by a plurality of users, and sends the confusion processed zero proof of knowledge fragments to the blockchain 130, so that the blockchain 130 verifies the confusion processed zero proof of knowledge fragments. The server 120 has functions of information processing and information forwarding. The server 120 may be a cluster of servers or may be a single server. For example, the server 120 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud services, a cloud database, cloud computing, cloud storage, network services, cloud communication, and security services.

The block chain 130 records the equity voucher of the user on the chain, verifies the correctness of the zero-knowledge proof, destroys the originally used equity voucher after the verification is passed, and generates a new equity voucher.

It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention is not limited thereto.

Based on the above description, fig. 2 exemplarily shows a flow of a method for merging rights and interests based on a blockchain according to an embodiment of the present invention, where the flow may be performed by a device for merging rights and interests based on a blockchain.

As shown in fig. 2, the process specifically includes:

step 201, the client generates n types of rights and interests voucher according to the rights and interests voucher generating mode.

Step 202, the client determines n types of commitment fragments according to the rights and interests voucher generation mode.

Step 203, the client sends a rights and interests combination request to the server.

And 204, the server performs aggregation processing on the same type of commitment fragments to determine n commitment certificates, performs clustering processing on the same type of equity certificates to determine n equity certificate records.

In step 205, the server generates a commitment factor for the m equity merge requests based on the n commitment certificates and the n equity voucher records.

Step 206, the server sends a commitment factor to the client.

And step 207, the client generates k-class zero-knowledge proof fragments according to the commitment factor, the n-1 class rights and interests to be merged and the certificate key of the n class rights and interests certificate.

Step 208, the client sends k-class zero-knowledge proof fragments to the server.

And step 209, the server performs aggregation processing on the similar zero-knowledge proof fragments to determine k zero-knowledge proofs.

Step 210, the server sends a validation request to the blockchain.

And step 211, the block chain verifies the matching between the n equity voucher records and the commitment factor through the k zero knowledge proofs.

In the above step 201 and step 202, the client generates n types of right vouchers according to the right voucher generation mode, that is, n types of right vouchers are generated according to the voucher amount corresponding to the right voucher, the voucher key of the right voucher and the public point on the elliptic curve. The n types of right and interest certificates can comprise n-1 types of right and interest certificates to be merged and n-1 types of right and interest certificates after being merged. And determining n types of commitment fragments according to the rights and interests voucher generation mode. Namely, the client generates k random numbers, and determines a first type commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve; determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of an elliptic curve; and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve. The three types of commitment fragments are used for generating commitment factors by the server and can provide support for subsequently proving that n types of equity in n types of equity certificates meet the equity merging criteria. Wherein, the n classes of commitment fragments are used for proving that n classes of rights in n classes of rights vouchers accord with the rights combination criterion; the right and interest combination criterion may refer to a rule that the right and interest certificates of n-1 types of rights and interests to be combined are combined into a total right and interest certificate (the total right and interest certificate can replace the right and interest certificates of n-1 types of rights and interests to be combined), that is, the sum of the certificate amounts corresponding to the right and interest certificates of n-1 types of rights and interests to be combined is added and classified into a total certificate amount.

In the above step 203, step 204 and step 205, the server receives m equity merge requests sent by m clients, where the equity merge requests may include n-type commitment fragments and n-type equity vouchers. And then aggregating the same type commitment fragments in the m n types of commitment fragments sent by the m clients to determine n commitment certificates, and clustering the same type equity certificates in the m n types of equity certificates sent by the m clients to obtain n clustered equity certificate records. Therefore, the condition that other people can obtain the identity information of the user through tracing the relevance of the rights and interests voucher can be avoided, and the privacy safety of the identity information of the user can be improved. And updating the order of the rights and interests in the rights and interests voucher records according to a preset order rule aiming at any one of the clustered rights and interests voucher records to obtain an updated rights and interests voucher record. Therefore, the identity information of the user can be avoided being calculated based on the sequence of the rights and interests voucher, and the privacy safety of the identity information of the user can be ensured. And then carrying out hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests. Therefore, each user can generate respective zero-knowledge proof fragments based on the commitment factor, and support is provided for verifying the correctness of the rights and interests voucher by verifying the zero-knowledge proof of the subsequent block chain.

In the above step 206 and step 207, the client receives the commitment factor sent by the server, and generates a first class of zero knowledge proof fragments according to the commitment factor, the first voucher amount, and the first random number of the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged; generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; the first certificate key is a key used for generating a first class of rights and interests certificate; generating a third type of zero knowledge proof fragment according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of right and interest certificates in the n-1 type of rights and interests to be merged; generating a fourth type zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n types of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating a second type of rights and interests certificate; generating a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of rights and interests certificates and a fifth random number in the k random numbers; the third certificate key is used for generating the n-1 type rights and interests certificate after the rights and interests are merged. Therefore, in the process of generating the k-class zero-knowledge proof fragment, the credential key of the user does not leave the local part of the user client, so that the risk of leakage of the credential key of the user can be avoided, and the privacy security of the rights and interests credential data of the user can be ensured. In addition, the k-class zero-knowledge proof fragments are used for verifying the matching between n right and interest certificate records and the commitment factor through the block chain, so that whether the right and interest certificate of the user is falsified or not can be verified through the block chain, namely whether the right and interest certificate of the user is accurate or not is verified, the right and interest certificate of the user is real and effective, and the user experience can be improved.

In the above step 208 and step 209, the server receives m k-class zero-knowledge-certificate fragments sent by m clients, and performs aggregation processing on the same class of zero-knowledge-certificate fragments in the m k-class zero-knowledge-certificate fragments to determine k zero-knowledge certificates. The k zero knowledge proofs are used for verifying the matching between the n right and interest certificate records and the commitment factor through the block chain, so that whether the right and interest certificate of the user is falsified or not can be verified through the block chain, namely whether the right and interest certificate of the user is accurate or not, the right and interest certificate of the user is verified to be real and effective, and the user experience can be improved.

In the above steps 210 and 211, the blockchain receives the verification request sent by the server, where the verification request may include a commitment factor, n entitlement credential records, and k zero knowledge proofs. Then, determining first verification information according to the commitment factor, a first equity certificate record in the n equity certificate records, and a first zero knowledge certificate in the k zero knowledge certificates; determining second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs; determining third verification information according to the commitment factor, a third equity certificate record in the n equity certificate records, and a first zero knowledge certificate, a third zero knowledge certificate and a fifth zero knowledge certificate in the k zero knowledge certificates; and then carrying out Hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information, determining whether the commitment factor is consistent with the comprehensive verification of the verification information, if the commitment factor is consistent with the comprehensive verification of the verification information, generating a combined right certificate, and deleting the old right certificate. Therefore, whether the rights and interests certificate of the user is tampered in the rights and interests combination process or not can be verified, namely whether the rights and interests certificate of the user is accurate or not can be verified, so that the rights and interests certificate of the user is verified to be real and effective, and the user experience can be improved. Meanwhile, the user can use the new rights and interests voucher accurately in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

Illustratively, the implementation of an impersonated payment consolidated transfer (entitlement voucher consolidation) is described with three users in the federation chain as an example. For example, there are user a, user B and user C in the federation chain, and user a, user B and user C wish to merge the rights and interests credentials that already exist in the federation chain. That is, user A wishes to have his own rights voucher C_a1、C_a2Are combined into C_a3Wherein, C_a1Amount v of the corresponding certificate_a1，C_a2Amount v of the corresponding certificate_a2，C_a3Amount v of the corresponding certificate_a3Then v will exist_a1+v_a2＝v_a3. Similarly, user B wishes to have his own rights and interests voucher C_b1、C_b2Are combined into C_b3Wherein, C_b1Amount v of the corresponding certificate_b1，C_b2Amount v of the corresponding certificate_b2，C_b3Amount v of the corresponding certificate_b3Then v will exist_b1+v_b2＝v_b3. User C wishes to give his own rightCertificate of interest C_c1、C_c2Are combined into C_c3Wherein, C_c1Amount v of the corresponding certificate_c1，C_c2Amount v of the corresponding certificate_c2，C_c3Amount v of the corresponding certificate_c3Then v will exist_c1+v_c2＝v_c3. The user A, the user B and the user C generate respective zero knowledge proof fragments in a negotiation mode, namely the zero knowledge proof fragment generated by the user A is (m)_a1,m_a2,m_a3,m_a4,m_a5) (ii) a User B generated zero knowledge proof slice is (m)_b1,m_b2,m_b3,m_b4,m_b5) (ii) a User C generates a zero knowledge proof slice of (m)_c1,m_c2,m_c3,m_c4,m_c5) (ii) a Then, the zero knowledge proof fragments generated by the user A, the user B and the user C are aggregated to obtain a zero knowledge proof (m)₁，m₂,m₃,m₄,m₅). The correctness of the equity voucher amount is then verified by the federation chain for correctness of the zero knowledge proof. Thus, in the event that the user's credential key is not local to the client, the batch will [ C_a1,C_a2,C_b1,C_b2,C_c1,C_c2]Are combined into [ C_a3,C_b3,C_c3]The method and the device can help to avoid the leakage of the identity information of the user based on historical query, and can improve the privacy security of the transfer amount data of the user.

In view of this, the following describes the implementation process of rights and credentials merging in the embodiment of the present invention. For example, the embodiment of the present invention describes a process of merging the user's right certificate, taking the right certificate owned by each user as an example of belonging to the same financial institution (such as the bank 1). Of course, in an actual application scenario, a certain user (or multiple users) may own multiple equity certificates, and the multiple equity certificates may belong to multiple financial institutions (such as bank 1, bank 2, bank 3, etc.), and for this case, the equity certificate of the user needs to be sent to the corresponding financial institution for equity certificate merging processing. It should be noted that, since each financial institution processes its corresponding equity certificate, the user needs to send the equity certificate to the corresponding financial institution for equity certificate merging processing, so that each user interacts on the uplink front of the financial institution to securely complete the merger of the equity certificates.

Step 1: each user generates a respective commitment fragment and sends the respective commitment fragment to the uplink front of the bank 1. The uplink front of the bank 1 can be regarded as a server of the bank 1.

Illustratively, the process of generating the commitment fragment is described by taking the user a as an example. Wherein, user A has right certificate C_a1、C_a2、C_a3I.e. C_a1＝v_a1*G+r_a1*H，C_a2＝v_a2*G+r_a2*H，C_a3＝v_a3*G+r_a3H. Due to C_a1Amount v of the corresponding certificate_a1，C_a2Amount v of the corresponding certificate_a2，C_a3Amount v of the corresponding certificate_a3If so, the right certificate C_a1、C_a2Are combined into C_a3There will be v_a1+v_a2＝v_a3. Wherein r is_a1Is C_a1Corresponding credential key, r_a2Is C_a2Corresponding credential key, r_a3Is C_a3The corresponding credential key.

The process of generating the commitment fragment specifically comprises the following steps:

a. user A generates a plurality of random numbers based on the user client, namely a_a、b_a、d_a、e_a、f_a. Wherein, a_a、b_a、d_a、e_a、f_aAre all 256-bit random numbers.

b. The user client calculates the commitment fragment 1 according to a plurality of random numbers and the disclosure points of the elliptic curves: t is t_a1＝a_a*G+b_aH, commitment fragment 2: t is t_a2＝d_a*G+e_aH, commitment fragment 3: t is t_a3＝(a_a+d_a)*G+f_aH. Wherein G, H is the point of the disclosure on the elliptic curve.

c. User A segments user A's commitment (t) based on user client_a1,t_a2,t_a3) The uplink preamble sent to bank 1.

Step 2: the uplink of the bank 1 receives the commitment fragment and the equity certificate sent by each user (for example, n users), and processes the commitment fragment and the equity certificate of each user to determine a commitment factor. The process of determining the commitment factor specifically comprises the following steps:

a. the uplink of the bank 1 is preposed based on the promised segment of each user, and the promised segments of the same type in the promised segments of each user are aggregated to calculate a promised certificate 1: t is t₁＝(t_a1+t_b1+…+t_n1) The commitment proves 2: t is t₂＝(t_a2+t_b2+…+t_n2) The acceptance certificate 3: t is t₃＝(t_a3+t_b3+…+t_n3)。

b. The uplink of the bank 1 is preposed and based on the equity certificate of each user, an equity certificate list 1 is set: c_1list＝[C_a1,C_b1,…,C_n1]Rights voucher list 2: c_2list＝[C_a2,C_b2,…,C_n2]Rights voucher list 3: c_3list＝[C_a3，C_b3，…,C_n3]And respectively lists the rights and interests voucher 1 (C)_1list) Rights voucher list 2 (C)_2list) Rights voucher list 3 (C)_3list) The order of the rights and interests voucher is disordered, so that the identity information of the user can be avoided being calculated based on the order of the rights and interests voucher, and the privacy security of the identity information of the user can be ensured.

c. Bank 1's uplink prefix pair entitlement voucher list 1 (C)_1list) Rights voucher list 2 (C)_2list) Rights voucher list 3 (C)_3list) And proof of promise 1 (t)₁) Proof of promise 2 (t)₂) Proof of promise 3 (t)₃) Performing Hash operation to calculate out a commitment factor C as Hash (C)_1list,C_2list,C_3list,t₁,t₂,t₃). Thus, each user can generate respective zero knowledge based on the commitment factorAnd the certification fragmentation provides support for verifying the correctness of the amount of the interest voucher by verifying zero knowledge certification by a subsequent alliance chain.

d. The uplink preamble of bank 1 sends the commitment factor c to each user (i.e. each ue) separately.

Step 3: each user receives the commitment factor c sent by the uplink prefix of the bank 1, and generates a respective zero-knowledge proof fragment based on the commitment factor c.

Illustratively, continuing with user A as an example, a process for generating zero-knowledge proof shards is described. The process of generating the zero knowledge proof fragment specifically comprises the following steps:

a. the user client side receives the commitment factor c and the voucher amount (v) based on the received commitment factor c_a1,v_a2) Certificate key (r)_a1,r_a2,r_a3) A plurality of random numbers (a)_a,b_a,d_a,e_a,f_a) And (3) carrying out statistical processing, and calculating a zero knowledge proof fragment 1: m is_a1＝a_a-c*v_a1Zero knowledge proof fragmentation 2: m is_a2＝b_a-c*r_a1Zero knowledge proof fragmentation 3: m is_a3＝d_a-c*v_a2Zero knowledge proof fragmentation 4: m is_a4＝e_a-c*r_a2Zero knowledge proof fragmentation 5: m is_a5＝f_a-c*r_a3。

b. User A shards zero knowledge proof based on user client (m)_a1，m_a2,m_a3,m_a4,m_a5) The uplink preamble sent to bank 1.

Step 4: the uplink front of the bank 1 receives the zero knowledge proof fragments sent by each user, and performs aggregation processing on the zero knowledge proof fragments sent by each user to generate a zero knowledge proof. The process of generating the zero knowledge proof specifically comprises the following steps:

a. the upstream of the bank 1 is based on the zero knowledge proof fragmentation of each user, and the similar zero knowledge proof fragmentation of each user is aggregated to calculate the zero knowledge proof 1: m is₁＝m_a1+m_b1+…+m_n1Zero knowledge proof 2: m is₂＝m_a2+m_b2+…+m_n2Zero knowledge proof 3: m is₃＝m_a3+m_b3+…+m_n3Zero knowledge proof 4: m is₄＝m_a4+m_b4+…+m_n4Zero knowledge proof 5: m is₅＝m_a5+m_b5+…+m_n5。

b. Bank 1's uplink prefix will promise factor C, rights and interests voucher list (C)_1list,C_2list,C_3list) And zero knowledge proof (m)₁,m₂,m₃,m₄,m₅) And sending to the federation chain.

Step 5: the federation chain verifies zero knowledge proof. The process of verifying the zero knowledge proof specifically comprises the following steps:

a. the alliance chain receives the commitment factor C and the rights and interests voucher list (C)_1list,C_2list,C_3list) Zero knowledge proof (m)₁,m₂,m₃,m₄,m₅) Performing statistical processing, and calculating verification information 1: t is t₁′＝m₁*G+m₂*H+c*∑C_1listVerification information 2: t is t₂′＝m₃*G+m₄*H+c*∑C_2listVerification information 3: t is t₃′＝(m₁+m₃)*G+m₅*H+c*∑C_3list. In this way, the correctness of the zero-knowledge proof can be verified based on the verification information 1, the verification information 2, and the verification information 3, and the correctness of the amount of the right voucher can be verified. Wherein, sigma C_1list、∑C_2list、∑C_3listAll represent the summation of rights vouchers in the respective voucher lists.

b. Judging whether C is Hash (C)_1list,C_2list,C_3list,t₁′,t₂′,t₃'). If so, the verification is successful, and the rights voucher can then be listed as 1 (C)_1list) And rights voucher list 2 (C)_2list) Set to invalid, i.e. destroy the originally used entitlement voucher list 1 (C)_1list) Rights voucher list 2 (C)_2list) The right and interest vouchers in (1),and generates a new rights voucher, i.e., rights voucher list 3 (C)_3list) The rights voucher in (1). Therefore, the user can conveniently and accurately use the new rights and interests voucher in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

The embodiment shows that the identity information of the user can be easily acquired through tracing the relevance of the rights and interests voucher based on the zero-knowledge proof generated by the user, so that the risk of leakage of the identity information of the user exists. Therefore, multiple users interact on the server to safely complete the merging of the equity certificates, namely, the server performs aggregation processing on the same type commitment fragments in the m n types of commitment fragments, so that the condition that other people can acquire the identity information of the users through tracing the relevance of the equity certificates can be avoided, and the privacy safety of the identity information of the users can be improved. Furthermore, based on n commitment certificates and n equity voucher records, a commitment factor aiming at m equity merging requests is generated, wherein the commitment factor is used for the client to generate k zero-class knowledge certification fragments based on the commitment factor and voucher keys of n classes of equity vouchers, namely in the process of generating the k zero-class knowledge certification fragments, the voucher key of the user does not leave the local part of the client of the user, so that the risk of leakage of the voucher key of the user can be avoided, and the privacy security of equity voucher data of the user can be ensured. And then, carrying out aggregation processing on the similar zero knowledge certification fragments in the m k-class zero knowledge certification fragments sent by the m clients to determine k zero knowledge certifications for verifying the matching between the n right certificate records and the commitment factor by the block chain, so that whether the right certificate of the user is falsified or not can be verified through the block chain, namely whether the right certificate of the user is accurate or not, thereby verifying that the right certificate of the user is real and effective, and improving the experience of the user. Therefore, the problem that identity information and rights and interests voucher data of a user are leaked in the prior art can be solved.

Based on the same technical concept, fig. 3 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device can execute a flow of a block chain based equity combining method.

As shown in fig. 3, the apparatus includes:

a first receiving unit 301, configured to receive m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

a first processing unit 302, configured to aggregate commitment fragments of the same type, determine n commitment certificates, perform clustering processing on equity vouchers of the same type, and determine n equity voucher records; generating commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records, and respectively sending the commitment factors to the m clients; receiving m k-class zero-knowledge proof fragments sent by the m clients, and performing aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; sending a verification request to the blockchain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the blockchain to verify the matching of the n equity voucher records and the commitment factor.

Optionally, the first processing unit 302 is specifically configured to:

Based on the same technical concept, fig. 4 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device can execute a flow of a block chain based equity combining method.

As shown in fig. 4, the apparatus includes:

a generating unit 401, configured to generate n types of rights and interests vouchers according to the rights and interests voucher generating manner; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

a second processing unit 402, configured to determine n types of commitment fragments according to the rights and interests credential generation manner; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria; sending a rights and interests combination request to a server; the right merging request comprises n types of commitment fragments and n types of right vouchers; receiving a commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients; generating k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights and interests to be merged and the certificate key of the n classes of rights and interests certificates, and sending the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1 class to-be-merged right as that of the client.

Optionally, the second processing unit 402 is specifically configured to:

generating k random numbers;

Optionally, the second processing unit 402 is specifically configured to:

Based on the same technical concept, fig. 5 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device can execute a flow of a block chain based equity combining method.

As shown in fig. 5, the apparatus includes:

a second receiving unit 501, configured to receive an authentication request sent by a server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

a verification unit 502, configured to verify matching of the n equity voucher records and the commitment factor through the k zero knowledge proofs; the commitment factor is generated by the server based on the n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generating mode.

Optionally, the verification unit 502 is specifically configured to:

Based on the same technical concept, an embodiment of the present invention provides a computing device, including:

a memory for storing a computer program;

Based on the same technical concept, an embodiment of the present invention provides a computer-readable storage medium storing a computer-executable program for causing a computer to perform a block chain based entitlement merging method.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-RON, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present application and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A method for combining rights and interests based on a block chain is characterized by comprising the following steps:

2. The method of claim 1, wherein the server performs clustering processing on the similar equity certificates to determine n equity certificate records, comprising:

3. The method of claim 1, wherein the server generating commitment factors for the m equity merge requests based on the n commitment certificates and the n equity voucher records, comprising:

4. A method for combining rights and interests based on a block chain is characterized by comprising the following steps:

5. The method of claim 4, wherein the determining, by the client, n types of commitment fragments according to the rights and interests voucher generating manner comprises:

the client generates k random numbers;

6. The method of claim 4, wherein the client generating a class k zero proof of knowledge fragment according to the commitment factor, the class n-1 pending equity and a credential key of the class n equity credentials comprises:

7. A method for combining rights and interests based on a block chain is characterized by comprising the following steps:

8. The method of claim 7, wherein the blockchain verifying the matching of the n equity voucher records to the commitment factor as evidenced by the k zero knowledge certificates comprises:

9. The method of claim 8, wherein the block chain verifying the matching of the n entitlement credential records to the commitment factor based on the first verification information, the second verification information, the third verification information and the commitment factor comprises:

10. The method of claim 9, wherein the blockchain determining whether the commitment factor is consistent with the integrated verification of the verification information comprises:

11. A block chain based equity merging device, comprising:

12. A block chain based equity merging device, comprising:

13. A block chain based equity merging device, comprising:

14. A computing device, comprising:

a memory for storing a computer program;

a processor for invoking a computer program stored in said memory for performing the method of any of claims 1 to 10 in accordance with the obtained program.

15. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program for causing a computer to execute the method of any one of claims 1 to 10.