CN112287040B

CN112287040B - Rights and interests combination method, device, equipment and medium based on block chain

Info

Publication number: CN112287040B
Application number: CN202011192135.4A
Authority: CN
Inventors: 李昊轩; 严强; 廖飞强; 王朝阳; 李辉忠; 张开翔; 范瑞彬
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2020-10-30
Filing date: 2020-10-30
Publication date: 2022-11-04
Anticipated expiration: 2040-10-30
Also published as: CN112287040A

Abstract

The embodiment of the invention provides a method and a device for combining rights and interests based on a block chain, wherein the method comprises the steps that a server receives m rights and interests combining requests sent by m client sides, the promised fragments of the same type are aggregated, n promised certificates are determined, clustering processing is carried out on rights and interests of the same type, n rights and interests certificate records are determined, promised factors aiming at the m rights and interests combining requests are generated and are aggregated on the basis of the n promised certificates and the n rights and interests certificate records, k zero knowledge certificates are determined, and verification requests are sent to the block chain. Because a plurality of users interact on the server to jointly generate k zero-knowledge proofs, other people can be prevented from acquiring the identity information of the users through the relevance of the rights and interests voucher, and therefore the privacy safety of the identity information of the users can be improved. And the privacy security of the rights and interests voucher data can be ensured when the voucher key does not leave the local part of the client.

Description

Rights and interests combination method, device, equipment and medium based on block chain

Technical Field

The embodiment of the invention relates to the field of financial science and technology (Fintech), in particular to a block chain-based rights and interests combination method and device.

Background

With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies.

In the present stage, the existing hiding payment merging method is mainly based on the third-party platform or the user to separately perform hiding payment merging. Specifically, one method is to rely on a third-party platform to complete the operation of hiding payment combination, namely, when the third-party platform combines the right and interest certificates of a plurality of transfer users, the third-party platform firstly requests to obtain the user keys of the plurality of transfer users, and generates a combined transfer zero knowledge certificate based on the user keys of the plurality of transfer users, so as to complete the combination of the right and interest certificates of the plurality of transfer users. However, since the user key is sent to the third-party platform, the user key is separated from the user, which may cause the user key to be leaked, and thus the security and privacy of the transfer data of the user cannot be ensured. The other method is to finish the operation of hiding payment combination by the user, and does not interact with other users, namely the user generates transfer zero knowledge proof based on the user key, so as to finish the combination of the user's rights and interests certificate. However, since the processing method only merges the user's own rights and interests voucher, the identity information of the user can be obtained by tracing the relevance of the rights and interests voucher, which may cause the risk of the identity information of the user being leaked.

In summary, there is a need for a method for combining rights and interests based on a block chain to ensure the privacy and security of the user's identity information and rights and interests voucher data.

Disclosure of Invention

The embodiment of the invention provides a rights and interests combination method and device based on a block chain, which are used for ensuring the privacy security of identity information and rights and interests voucher data of a user.

In a first aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the server receives m rights and interests combination requests sent by m clients; the rights and interests combination request comprises n types of commitment fragments and n types of rights and interests vouchers; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the server carries out aggregation processing on the similar commitment fragments to determine n commitment certificates, and carries out clustering processing on the similar equity vouchers to determine n equity voucher records;

the server generates commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records and respectively sends the commitment factors to the m clients;

the server receives m k-class zero-knowledge proof fragments sent by the m clients, and performs aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client;

the server sends a verification request to the blockchain; the validation request comprises the commitment factor, the n entitlement voucher records and the k zero knowledge proofs; the k zero knowledge proofs are used for the block chain to verify the matching of the n entitlement voucher records and the commitment factor.

In the technical scheme, because the zero-knowledge proof generated by the user is used, the identity information of the user can be easily acquired through tracing the relevance of the rights and interests voucher, so that the risk of leakage of the identity information of the user exists. Therefore, multiple users interact with the server to safely complete the merging of the rights and interests certificates, namely, the server performs aggregation processing on the same type committed fragments in the m n types of committed fragments, so that the condition that other people can acquire the identity information of the users through tracing the relevance of the rights and interests certificates can be avoided, and the privacy security of the identity information of the users can be improved. Moreover, based on n commitment certificates and n equity voucher records, a commitment factor aiming at m equity combination requests is generated, wherein the commitment factor is used for generating k zero knowledge proof fragments by a client based on the commitment factor and voucher keys of n equity vouchers, namely in the process of generating the k zero knowledge proof fragments, the voucher key of a user does not leave the local part of the client of the user, so that the risk of leakage of the voucher key of the user can be avoided, and the privacy safety of equity voucher data of the user can be ensured. And then, aggregation processing is carried out on similar zero knowledge certification fragments in m types of k zero knowledge certification fragments sent by m clients, and k zero knowledge certifications are determined and used for verifying the matching between n right certificate records and commitment factors through a block chain, so that whether the right certificate of the user is tampered or not can be verified through the block chain, namely whether the right certificate of the user is accurate or not, the right certificate of the user is verified to be real and effective, and the user experience can be improved. Therefore, the problem that identity information and rights and interests voucher data of a user are leaked in the prior art can be solved.

Optionally, the server performs clustering on similar rights and interests vouchers to determine n rights and interests voucher records, including:

the server carries out clustering processing on the same type of right and interest certificates in the m n types of right and interest certificates to obtain n clustered right and interest certificate records;

and aiming at any one clustered right and interest certificate record, the server updates the sequence of the right and interest certificates in the right and interest certificate record according to a preset sequence rule to obtain the updated right and interest certificate record.

In the technical scheme, the order of the rights and interests voucher in the rights and interests voucher record is updated according to the preset order rule, so that the updated rights and interests voucher record is obtained. Therefore, the identity information of the user can be avoided being calculated based on the sequence of the rights and interests voucher, and the privacy safety of the identity information of the user can be ensured.

Optionally, the server generates commitment factors for the m rights and interests merged requests based on the n commitment proofs and the n rights and interests voucher records, including:

and the server performs hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests.

In the above technical solution, the hash operation is performed on n commitment certificates and n equity voucher records to obtain commitment factors for m equity merge requests. Therefore, each user can generate respective zero-knowledge proof fragments based on the commitment factor, and support is provided for verifying the correctness of the rights and interests voucher by verifying the zero-knowledge proof of the subsequent block chain.

In a second aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the client generates n types of rights and interests certificates according to the rights and interests certificate generation mode; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

the client determines n types of commitment fragments according to the rights and interests voucher generation mode; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the client sends a rights and interests combination request to the server; the right merging request comprises n types of commitment fragments and n types of right vouchers;

the client receives the commitment factor sent by the server; the commitment factor is generated by the server based on m rights and interests combination requests of m clients;

the client generates k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights and interests to be merged and the certificate key of the n classes of rights and interests certificates and sends the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1-class rights to be merged as the client.

In the technical scheme, n types of commitment fragments are determined according to a rights and interests voucher generating mode, the n types of commitment fragments are used for generating commitment factors by the server, and support can be provided for subsequently proving that n types of rights and interests in the n types of rights and interests vouchers accord with rights and interests merging criteria. And generating k-class zero-knowledge proof fragments based on the commitment factor, the n-1 class rights to be merged and the certificate key of the n-class rights to be merged certificate. Therefore, in the process of generating the k-class zero-knowledge proof fragment, the credential key of the user does not leave the local of the user client, so that the risk of leakage of the credential key of the user can be avoided, and the privacy security of the rights and interests credential data of the user can be ensured. In addition, the k-class zero-knowledge proof fragments are used for verifying the matching between n right and interest certificate records and the commitment factor through the block chain, so that whether the right and interest certificate of the user is falsified or not can be verified through the block chain, namely whether the right and interest certificate of the user is accurate or not is verified, the right and interest certificate of the user is real and effective, and the user experience can be improved.

Optionally, the determining, by the client according to the rights and interests voucher generating manner, n types of commitment fragments includes:

the client generates k random numbers;

the client determines a first type of commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

the client determines a second type of commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of the elliptic curve;

and the client determines a third class commitment fragment based on a first random number, a third random number and a fifth random number in the k random numbers and a first public point and a second public point of the elliptic curve.

In the above technical solution, a first type of commitment fragment is determined based on a first random number and a second random number in the k random numbers and a first disclosure point and a second disclosure point of an elliptic curve; determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of an elliptic curve; and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve. The three types of commitment fragments are used for generating commitment factors by the server and can provide support for subsequently proving that n types of rights and interests in n types of rights and interests certificates meet the rights and interests combination criterion.

Optionally, the client generates k classes of zero knowledge proof fragments according to the commitment factor, the n-1 classes of rights to be merged, and the credential key of the n classes of rights vouchers, including:

the client generates a first-class zero-knowledge proof fragment according to the commitment factor, the first voucher amount and a first random number in the k random numbers; the sum of the first certificate is the sum corresponding to the first type of right certificate in the n-1 types of rights and interests to be merged;

the client generates a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of right and benefit certificates and a second random number in the k random numbers; the first certificate key is a key used for generating the first class of rights and interests certificate;

the client generates a third class of zero knowledge proof fragments according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of right and interest certificates in the n-1 type of right and interest to be merged;

the client generates a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is used for generating the second type rights and interests certificate;

the client generates a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of right and benefit certificates and a fifth random number in the k random numbers; the third certificate key is used for generating the n-1 type rights and interests certificate after the rights and interests are merged.

In the technical scheme, a first-class zero-knowledge proof fragment is generated through a root commitment factor, the amount of a first voucher and a first random number in k random numbers; generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; generating a third type of zero knowledge proof fragment according to the commitment factor, the second voucher amount and a third random number in the k random numbers; generating a fourth type zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n types of rights and interests certificates and a fourth random number in the k random numbers; and generating a fifth zero-knowledge proof fragment according to the commitment factor, a third certificate key in the certificate keys of the n types of rights and interests certificates and a fifth random number in the k random numbers, so that whether the rights and interests certificates of the user are real and effective can be judged by verifying the three types of zero-knowledge proof fragments.

In a third aspect, an embodiment of the present invention provides a method for combining rights and interests based on a block chain, including:

the block chain receives a verification request sent by the server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

the block chain verifies the matching of the n equity voucher records and the commitment factor through the k zero knowledge proofs; the commitment factor is generated by the server based on the n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generation mode.

In the technical scheme, the matching between the n equity voucher records and the commitment factor is verified through k zero knowledge proofs. Therefore, whether the rights and interests voucher of the user is falsified in the rights and interests combination process or not can be verified, namely whether the rights and interests voucher of the user is accurate or not can be verified, the rights and interests voucher of the user is verified to be real and effective, and the user experience can be improved.

Optionally, the verifying, by the blockchain, matching of the n equity voucher records to the commitment factor through the k zero knowledge proofs includes:

the block chain determines first verification information according to the commitment factor, a first entitlement voucher record in the n entitlement voucher records, and a first zero knowledge proof in the k zero knowledge proofs;

the block chain determines second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs;

the block chain determines third verification information according to the commitment factor, a third entitlement voucher record in the n entitlement voucher records, and a first zero knowledge proof, a third zero knowledge proof and a fifth zero knowledge proof in the k zero knowledge proofs;

and the block chain verifies the matching of the n right and interest voucher records and the commitment factor according to the first verification information, the second verification information, the third verification information and the commitment factor.

In the above technical scheme, the matching between the n right and interest certificate records and the commitment factor is verified according to the first verification information, the second verification information, the third verification information and the commitment factor, so that whether the user falsifies the right and interest certificate in the right and interest combination process can be verified, and the non-falsification, verifiability and safety of the right and interest certificate of the user can be ensured, so that the right and interest certificate of the user is verified to be real and effective.

Optionally, the verifying, by the blockchain, the matching of the n equity voucher records and the commitment factor according to the first verification information, the second verification information, the third verification information, and the commitment factor includes:

the block chain carries out Hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information;

the blockchain determines whether the commitment factor is consistent with the comprehensive verification of the verification information.

In the technical scheme, whether the commitment factor is consistent with the comprehensive verification of the verification information or not can be verified, whether the user falsifies the right certificate or whether the right certificate is badly done or not in the right combination process can be verified, whether the right certificate of the user is real and effective or not can be verified, and therefore the correctness and verifiability of the right certificate of the user can be guaranteed.

Optionally, the determining, by the blockchain, whether the commitment factor is consistent with the comprehensive verification of the verification information includes:

and after determining that the commitment factor is consistent with the comprehensive verification of the verification information, the block chain generates a combined rights and interests voucher and deletes the old rights and interests voucher.

In the technical scheme, after the commitment factor is determined to be consistent with the comprehensive verification of the verification information, the combined rights and interests voucher is generated, and the old rights and interests voucher is deleted. Therefore, the user can conveniently and accurately use the new rights and interests voucher in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

In a fourth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

the first receiving unit is used for receiving m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and interest certificates comprise n-1 types of right and interest certificates with right and interest to be merged and n-1 types of right and interest certificates with right and interest to be merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria;

the first processing unit is used for carrying out aggregation processing on the same type of commitment fragments to determine n commitment certificates, carrying out clustering processing on the same type of equity certificates to determine n equity certificate records; generating commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records, and respectively sending the commitment factors to the m clients; receiving m k-class zero-knowledge proof fragments sent by the m clients, and performing aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; sending a verification request to a block chain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the blockchain to verify the matching of the n equity voucher records and the commitment factor.

Optionally, the first processing unit is specifically configured to:

clustering the same type of rights and interests certificates in the m n types of rights and interests certificates to obtain n clustered rights and interests certificate records;

and updating the order of the rights and interests in the rights and interests voucher records according to a preset order rule aiming at any one of the clustered rights and interests voucher records to obtain the updated rights and interests voucher records.

Optionally, the first processing unit is specifically configured to:

and carrying out hash operation on the n commitment certificates and the n rights and interests voucher records to obtain commitment factors aiming at the m rights and interests combination requests.

In a fifth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

the generating unit is used for generating n types of rights and interests certificates according to the rights and interests certificate generating mode; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

the second processing unit is used for determining n types of commitment fragments according to the rights and interests voucher generation mode; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests combination criterion; sending a rights and interests combination request to a server; the rights and interests combination request comprises n types of commitment fragments and n types of rights and interests vouchers; receiving a commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients; generating k types of zero knowledge proof fragments according to the commitment factor, the n-1 types of rights and interests to be merged and the certificate key of the n types of rights and interests certificates, and sending the k types of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1-class rights to be merged as the client.

Optionally, the second processing unit is specifically configured to:

generating k random numbers;

determining a first type of commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of the elliptic curve;

and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve.

Optionally, the second processing unit is specifically configured to:

generating a first class zero knowledge proof fragment according to the commitment factor, the first voucher amount and a first random number in the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged;

generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; the first certificate key is used for generating the first type rights and interests certificate;

generating a third class of zero knowledge proof fragments according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of equity certificates in the n-1 type of equity to be merged;

generating a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of right and benefit certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating the second type of rights and interests certificate;

generating a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of right and benefit certificates and a fifth random number in the k random numbers; the third certificate key is a key used for generating the n-1 type right certificate after the right and the interest are merged.

In a sixth aspect, an embodiment of the present invention provides a device for combining rights and interests based on a block chain, including:

a second receiving unit, configured to receive an authentication request sent by a server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

the verification unit is used for verifying the matching of the n right certificate records and the commitment factor through the k pieces of zero knowledge proof; the commitment factor is generated by the server based on the n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generating mode.

Optionally, the verification unit is specifically configured to:

determining first verification information according to the commitment factor, a first equity certificate record in the n equity certificate records, and a first zero knowledge certificate in the k zero knowledge certificates;

determining second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, and a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs;

determining third verification information according to the commitment factor, a third right certificate record in the n right certificate records, and a first zero knowledge proof, a third zero knowledge proof and a fifth zero knowledge proof in the k zero knowledge proofs;

and verifying the matching of the n right certificate records and the commitment factor according to the first verification information, the second verification information, the third verification information and the commitment factor.

Optionally, the verification unit is specifically configured to:

performing hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of verification information;

determining whether the commitment factor is consistent with the comprehensive verification of the verification information.

Optionally, the verification unit is specifically configured to:

and after the commitment factor is determined to be consistent with the comprehensive verification of the verification information, generating a combined rights and interests voucher, and deleting the old rights and interests voucher.

In a seventh aspect, an embodiment of the present invention provides a computing device, including:

a memory for storing a computer program;

and the processor is used for calling the computer program stored in the memory and executing the rights and interests combination method based on the block chain according to the obtained program.

In an eighth aspect, an embodiment of the present invention provides a computer-readable storage medium storing a computer-executable program for causing a computer to execute a method for combining rights based on a block chain.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a block chain-based equity combining method according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of a block chain-based rights and interests merging apparatus according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a block chain-based equity combining device according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a device for combining rights and interests based on a block chain according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.

In the following, some terms related to the embodiments of the present invention will be explained first to facilitate understanding by those skilled in the art.

(1) Confidential transaction: confidential transactions are transactions that completely hide the amount of the transaction when transferring between accounts in a block chain, while allowing block chain links to verify the correctness of the transaction data. For example, a transfer a splits into b + c, allowing the node to verify that a = b + c, and b >0, c >.0. Confidential transactions may be implemented using the perseder commit and the butletprofoms.

(2) And (4) hiding payment: the secret payment is a special payment mode and is characterized in that: 1. identity hiding: the equity and equity owner may not reveal their identity when making transfers, but may verify their ownership of the equity and may give proof that the equity is associated with their identity. 2. Resisting double flowers: the same rights voucher cannot be spent twice. 3. Hiding rights and interests: other than the rights-holder, and the transaction initiator, the contents of the rights voucher, such as the transaction amount, are not known. 4. Transaction hiding: except for the transaction participants, the third party cannot know the specific details of the transaction, such as information of the transaction participants, the transaction initiation time, the signature and the like; note that the trade link time is public. 5. The supervision is friendly: the supervisor can obtain the necessary arbitration information at a time after the transaction has occurred.

The basic functional profile of the suppressed payment is as follows:

a. opening: after necessary online and offline auditing by a financial institution, the certificate is used as a certificate with a fixed sum which can be redeemed, and the rights and interests certificate is issued.

b. Cashing: each circulating right certificate binds a right cash cashing server public key, and the right owner cashes the right certificate to the right cash cashing server for cashing, and the right certificate is invalidated.

c. And (4) paying the amount:

splitting: each right and interest voucher can be split into a plurality of shares, and the total face value of the split plurality of right and interest vouchers is equal to the original face value.

Merging: can be realized before payment by the service side. Multiple rights vouchers may be combined into one share. The combined total face value of the rights and interests voucher is equal to the original face value.

And (4) right and benefit payment: string-type entitlement vouchers may be fully transferred to others.

(3) Digital certificate: the digital certificate is a string of numbers which mark identity information of each communication party in Internet communication and provides a way of verifying the identity of a communication entity on the Internet, and the digital certificate is not a digital identity card, but a seal or stamp (or a signature added to the digital identity card) covered on the digital identity card by an identity authentication mechanism. It is issued by an Authority, CA, also called Certificate Authority (Certificate Authority), which people can use over the network to identify the identity of the other party.

(4) Block chains: the block chain is a chain formed by a series of blocks, and the Hash value of each block is recorded in addition to the data of the block, so that the blocks form the chain. In addition, the core concept of block chains is two: one is cryptography and the other is a decentralization idea. Based on the two concepts, historical information on the blockchain cannot be tampered. One block in the block chain is composed of a block head and a block body. The block head mainly comprises the height h of the block, the hash of the previous block and the like, and the block mainly stores transaction data.

(5) Zero knowledge proves that: a zero knowledge proof means that the prover can convince the verifier that some argument is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.

(6) Federation chain: in the blockchain technology, blockchains can be classified into public chains, private chains and alliance chains according to different access control permissions of the blockchain network. The public chain node is a block chain structure which can be participated by anyone and can be accessed by anyone; a private chain is a block chain structure that is open only to individual individuals (e.g., companies, school interiors, etc.); the alliance chain is a block chain structure which is widely applied at present and is very popular. In this architecture, the blockchain is maintained by certain organizations, is open to certain individuals, and can incorporate a policing node to make the blockchain tamper-proof while meeting the corresponding policing requirements.

As described above, some terms related to the embodiments of the present invention are described, and technical features related to the embodiments of the present invention are described below.

To facilitate understanding of the embodiment of the present invention, first, the rights management system architecture applicable to the embodiment of the present invention is described by taking the system architecture shown in fig. 1 as an example. The rights and interests merging system architecture can be applied to transfer transactions, payment transactions and the like among accounts of a block chain, and in an actual application scenario, the rights and interests merging system architecture is not limited in this respect. As shown in fig. 1, the system architecture may include at least one user client (user client 111, user client 112, user client 113, etc.), server 120, and blockchain 130. Each user client corresponds to one user, each user client is connected to the server 120, and the server is connected to the block chain 130, for example, the server may be connected in a wired manner or in a wireless manner, which is not limited specifically. It should be noted that, since the at least one user client (the user client 111, the user client 112, the user client 113, and the like) respectively corresponds to one user, the user client 111, the user client 112, the user client 113, and the like may respectively represent one user.

The user uses the user client to complete the transfer operation of the rights and interests voucher, the representation form of the rights and interests voucher is vG + rH, v is the voucher amount (such as 7), r is the voucher secret key and is a 256-bit random number. G and H are the points disclosed on the elliptic curve. The user interacts with other user clients and the affiliated bank uplink front end (server 120) on the user client to jointly generate a merged zero-knowledge proof for verification by the blockchain 130.

The user can send the self-generated zero-knowledge proof fragment to the uplink front of the affiliated bank (the server 120) through the user client. The affiliated uplink front bank (server 120) performs negotiation calculation on zero proof of knowledge fragments transmitted by a plurality of users, and sends the confusion processed zero proof of knowledge fragments to the blockchain 130, so that the blockchain 130 verifies the confusion processed zero proof of knowledge fragments. The server 120 has functions of information processing and information forwarding. The server 120 may be a cluster of servers or may be a single server. For example, the server 120 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud services, a cloud database, cloud computing, cloud storage, network services, cloud communication, and security services.

The block chain 130 records the equity voucher of the user on the chain, verifies the correctness of the zero-knowledge proof, destroys the originally used equity voucher after the verification is passed, and generates a new equity voucher.

It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention does not limit this.

Based on the above description, fig. 2 exemplarily shows a flow of a method for combining rights and interests based on a blockchain according to an embodiment of the present invention, where the flow can be performed by a device for combining rights and interests based on a blockchain.

As shown in fig. 2, the process specifically includes:

step 201, the client generates n types of rights and interests vouchers according to the rights and interests voucher generation mode.

Step 202, the client determines n types of commitment fragments according to the rights and interests voucher generation mode.

Step 203, the client sends a rights and interests combination request to the server.

And 204, the server performs aggregation processing on the same type of commitment fragments to determine n commitment certificates, performs clustering processing on the same type of equity certificates to determine n equity certificate records.

In step 205, the server generates commitment factors for the m equity merge requests based on the n commitment certificates and the n equity voucher records.

Step 206, the server sends a commitment factor to the client.

Step 207, the client generates k-class zero knowledge proof fragments according to the commitment factor, the n-1 class rights and interests to be merged and the certificate key of the n classes of rights and interests certificates.

Step 208, the client sends k-class zero proof of knowledge fragments to the server.

And step 209, the server performs aggregation processing on the similar zero-knowledge proof fragments to determine k zero-knowledge proofs.

Step 210, the server sends a validation request to the blockchain.

And step 211, the block chain verifies the matching between the n equity voucher records and the commitment factor through the k zero knowledge proofs.

In the above step 201 and step 202, the client generates n types of rights and interests vouchers according to the rights and interests voucher generation mode, that is, generates n types of rights and interests vouchers according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve. The n types of right and interest certificates can comprise n-1 types of right and interest certificates with right and interest to be merged and n-1 types of right and interest certificates with right and interest to be merged. And determining n types of commitment fragments according to the rights and interests voucher generation mode. Namely, the client generates k random numbers, and determines a first type commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve; determining a second type commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of an elliptic curve; and determining a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve. The three types of commitment fragments are used for generating commitment factors by the server and can provide support for subsequently proving that n types of equity in n types of equity certificates meet the equity merging criteria. The n types of commitment fragments are used for proving that n types of rights in n types of rights vouchers accord with the rights combination criterion; the right and interest combination criterion may refer to a rule that the right and interest certificates of n-1 types of rights and interests to be combined are combined into a total right and interest certificate (the total right and interest certificate can replace the right and interest certificates of n-1 types of rights and interests to be combined), that is, the sum of the certificate amounts corresponding to the right and interest certificates of n-1 types of rights and interests to be combined is added and classified into a total certificate amount.

In the above step 203, step 204 and step 205, the server receives m equity merge requests sent by m clients, where the equity merge requests may include n-type commitment fragments and n-type equity vouchers. And then aggregating the same type commitment fragments in the m n types of commitment fragments sent by the m clients to determine n commitment certificates, and clustering the same type equity certificates in the m n types of equity certificates sent by the m clients to obtain n clustered equity certificate records. Therefore, other people can be prevented from obtaining the identity information of the user through tracing the relevance of the rights and interests voucher, and the privacy security of the identity information of the user can be improved. And updating the order of the rights and interests in the rights and interests voucher records according to a preset order rule aiming at any one of the clustered rights and interests voucher records to obtain an updated rights and interests voucher record. Therefore, the identity information of the user can be avoided being calculated based on the sequence of the rights and interests voucher, and the privacy safety of the identity information of the user can be ensured. And then carrying out hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests. Therefore, each user can generate respective zero-knowledge proof fragments based on the commitment factor, and support is provided for verifying the correctness of the rights and interests voucher by verifying the zero-knowledge proof of the subsequent block chain.

In the above step 206 and step 207, the client receives the commitment factor sent by the server, and generates a first zero knowledge certification fragment according to the commitment factor, the first voucher amount, and a first random number of the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged; generating a second class of zero-knowledge proof fragments according to the commitment factor, a first certificate key in the certificate keys of the n classes of right and benefit certificates and a second random number in the k random numbers; the first certificate key is a key used for generating a first class of rights and interests certificate; generating a third type of zero-knowledge proof fragment according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of right and interest certificates in the n-1 type of right and interest to be merged; generating a fourth class of zero-knowledge proof fragments according to the commitment factor, a second certificate key in the certificate keys of the n classes of right and benefit certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating a second type of rights and interests certificate; generating a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of right and benefit certificates and a fifth random number in the k random numbers; the third certificate key is used for generating the n-1 type rights and interests certificate after the rights and interests are merged. Therefore, in the process of generating the k-class zero-knowledge proof fragment, the credential key of the user does not leave the local part of the user client, so that the risk of leakage of the credential key of the user can be avoided, and the privacy security of the rights and interests credential data of the user can be ensured. In addition, the k-type zero-knowledge proof fragments are used for verifying the matching between the n equity voucher records and the commitment factor through the block chain, so that whether the equity voucher of the user is falsified or not can be verified through the block chain, namely whether the equity voucher of the user is accurate or not, the equity voucher of the user is verified to be real and effective, and the user experience can be improved.

In the above step 208 and step 209, the server receives m k-class zero-knowledge-certificate fragments sent by m clients, and performs aggregation processing on the same class of zero-knowledge-certificate fragments in the m k-class zero-knowledge-certificate fragments to determine k zero-knowledge certificates. The k zero knowledge proofs are used for verifying the matching between the n right and interest certificate records and the commitment factor through the block chain, so that whether the right and interest certificate of the user is falsified or not can be verified through the block chain, namely whether the right and interest certificate of the user is accurate or not, the right and interest certificate of the user is verified to be real and effective, and the user experience can be improved.

In the above steps 210 and 211, the blockchain receives the verification request sent by the server, where the verification request may include a commitment factor, n entitlement credential records, and k zero knowledge proofs. Then, determining first verification information according to the commitment factor, a first equity certificate record in the n equity certificate records, and a first zero knowledge certificate in the k zero knowledge certificates; determining second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs; determining third verification information according to the commitment factor, a third equity certificate record in the n equity certificate records, and a first zero knowledge certificate, a third zero knowledge certificate and a fifth zero knowledge certificate in the k zero knowledge certificates; and then carrying out Hash operation on the n right certificate records, the first verification information, the second verification information and the third verification information to obtain comprehensive verification of the verification information, determining whether the commitment factor is consistent with the comprehensive verification of the verification information, if the commitment factor is consistent with the comprehensive verification of the verification information, generating a combined right certificate, and deleting the old right certificate. Therefore, whether the rights and interests voucher of the user is falsified in the rights and interests combination process or not can be verified, namely whether the rights and interests voucher of the user is accurate or not can be verified, the rights and interests voucher of the user is verified to be real and effective, and the user experience can be improved. Meanwhile, the user can use the new rights and interests voucher accurately in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

Illustratively, the implementation of the concealed payment merge transfer (rights voucher merge) is described with three users in the federation chain as an example. For example, there are user a, user B and user C in the federation chain, and user a, user B and user C wish to merge the rights and interests credentials that exist on the federation chain. That is, user A wishes to have his own rights voucher C _a1 、C _a2 Are combined into C _a3 Wherein, C _a1 Amount v of the corresponding certificate _a1 ，C _a2 Amount v of the corresponding certificate _a2 ，C _a3 Amount v of the corresponding certificate _a3 Then v will exist _a1 +v _a2 ＝v _a3 . Similarly, user B wishes to have his own rights and interests voucher C _b1 、C _b2 Are combined into C _b3 Wherein, C _b1 Amount v of the corresponding voucher _b1 ， C _b2 Amount v of the corresponding certificate _b2 ，C _b3 Amount v of the corresponding voucher _b3 Then v will exist _b1 +v _b2 ＝v _b3 . User C wishes to have his own rights voucher C _c1 、C _c2 Are combined into C _c3 Wherein, C _c1 Amount v of the corresponding voucher _c1 ， C _c2 Amount v of the corresponding voucher _c2 ，C _c3 Amount v of the corresponding voucher _c3 Then v will exist _c1 +v _c2 ＝v _c3 . The user A, the user B and the user C generate respective zero knowledge proof fragments in a negotiation mode, namely the zero knowledge proof fragment generated by the user A is (m) _a1 ,m _a2 ,m _a3 ,m _a4 ,m _a5 ) (ii) a User B generated zero knowledge proof slice is (m) _b1 ,m _b2 ,m _b3 ,m _b4 ,m _b5 ) (ii) a User C generated zero knowledge proof slice is (m) _c1 ,m _c2 ,m _c3 ,m _c4 ,m _c5 ) (ii) a Then, zero knowledge proof (m) is obtained by carrying out aggregation processing on the zero knowledge proof fragments generated by the user A, the user B and the user C ₁ ，m ₂ ,m ₃ ,m ₄ ,m ₅ ). The correctness of the equity voucher amount is then verified by the federation chain for correctness of the zero knowledge proof. Thus, in the event that the user's credential key is not local to the client, the batch will [ C _a1 ,C _a2 ,C _b1 ,C _b2 ,C _c1 ,C _c2 ]Are combined into [ C _a3 ,C _b3 ,C _c3 ]The method and the device can help to avoid the leakage of the identity information of the user based on historical query, and can improve the privacy security of the transfer amount data of the user.

In view of this, the following describes the implementation process of rights and credentials merging in the embodiment of the present invention. For example, the embodiment of the present invention describes a process of merging rights and interests vouchers of users by taking an example that the rights and interests vouchers owned by each user belong to the same financial institution (such as a bank 1). Certainly, in an actual application scenario, a certain user (or multiple users) may own multiple right and interest vouchers, and the multiple right and interest vouchers may belong to multiple financial institutions (for example, a bank 1, a bank 2, a bank 3, and the like), and for this situation, the right and interest voucher of the user needs to be sent to the corresponding financial institution to perform right and interest voucher merging processing. It should be noted that, since each financial institution processes its corresponding right certificate, the user needs to send the right certificate to the corresponding financial institution to perform the right certificate merging process, so that each user interacts on the uplink of the financial institution to securely complete the merging of the right certificates.

Step1: each user generates a respective commitment fragment and sends the respective commitment fragment to the uplink front of the bank 1. The uplink front of the bank 1 can be regarded as a server of the bank 1.

Illustratively, taking user a as an example, the process of generating the commitment fragment is described. Wherein, user A has right certificate C _a1 、C _a2 、C _a3 I.e. C _a1 ＝v _a1 *G+r _a1 *H，C _a2 ＝v _a2 *G+r _a2 * H，C _a3 ＝v _a3 *G+r _a3 * H. Due to C _a1 Corresponding certificateAmount of certificate v _a1 ，C _a2 Amount v of the corresponding voucher _a2 ， C _a3 Amount v of the corresponding certificate _a3 If so, the right certificate C _a1 、C _a2 Are combined into C _a3 There will be v _a1 +v _a2 ＝v _a3 . Wherein r is _a1 Is C _a1 Corresponding voucher key, r _a2 Is C _a2 Corresponding voucher key, r _a3 Is C _a3 The corresponding credential key.

The process of generating the commitment fragment specifically comprises the following steps:

a. user A generates a plurality of random numbers based on the user client, namely a _a 、b _a 、d _a 、e _a 、f _a . Wherein, a _a 、b _a 、d _a 、e _a 、f _a Are all 256-bit random numbers.

b. The user client calculates the commitment fragment 1 according to a plurality of random numbers and the disclosure points of the elliptic curves: t is t _a1 ＝a _a *G+b _a * H, commitment fragment 2: t is t _a2 ＝d _a *G+e _a * H, commitment fragment 3: t is t _a3 ＝(a _a +d _a )*G+f _a * H. Wherein G and H are public points on the elliptic curve.

c. User A fragments user A's commitment (t) based on user client _a1 ,t _a2 ,t _a3 ) The uplink preamble sent to bank 1.

Step2: the uplink of the bank 1 receives the commitment fragment and the equity certificate sent by each user (for example, n users), and processes the commitment fragment and the equity certificate of each user to determine a commitment factor. The process of determining the commitment factor specifically comprises the following steps:

a. the uplink of the bank 1 is preposed based on the promised segment of each user, and the promised segments of the same type in the promised segments of each user are aggregated to calculate a promised certificate 1: t is t ₁ ＝(t _a1 +t _b1 +…+t _n1 ) The acceptance certification 2: t is t ₂ ＝(t _a2 +t _b2 +…+t _n2 ) The acceptance certification 3: t is t ₃ ＝(t _a3 +t _b3 +…+t _n3 )。

b. The uplink of the bank 1 is preposed and based on the equity certificate of each user, an equity certificate list 1 is set: c _1list ＝[C _a1 ,C _b1 ,…,C _n1 ]Rights voucher list 2: c _2list ＝[C _a2 ,C _b2 ,…,C _n2 ]Right voucher list 3: c _3list ＝[C _a3 ，C _b3 ，…,C _n3 ]And respectively lists the rights and interests voucher 1 (C) _1list ) Claim of rights voucher list 2 (C) _2list ) Rights voucher list 3 (C) _3list ) The order of the right and interest certificates is disturbed, so that the identity information of the user can be prevented from being calculated based on the order of the right and interest certificates, and the privacy security of the identity information of the user can be ensured.

c. Bank 1's uplink prefix pair entitlement voucher list 1 (C) _1list ) Rights voucher list 2 (C) _2list ) Rights voucher list 3 (C) _3list ) And proof of promise 1 (t) ₁ ) Proof of promise 2 (t) ₂ ) Proof of promise 3 (t) ₃ ) Performing Hash operation to calculate out a commitment factor C = Hash (C) _1list ,C _2list ,C _3list ,t ₁ ,t ₂ ,t ₃ ). Therefore, each user can conveniently generate respective zero knowledge proof fragments based on the commitment factor, and support is provided for verifying the correctness of the equity voucher money by verifying the zero knowledge proof in the subsequent alliance chain.

d. The uplink preamble of bank 1 sends the commitment factor c to each user (i.e. each ue) separately.

Step3: each user receives the commitment factor c sent by the uplink prefix of the bank 1 and generates a respective zero knowledge proof fragment based on the commitment factor c.

Illustratively, continuing with user A as an example, a process for generating zero-knowledge proof shards is described. The process of generating the zero knowledge proof fragment specifically comprises the following steps:

a. the user client side receives the commitment factor c and the voucher amount (v) based on the received commitment factor c _a1 ,v _a2 ) Certificate key (r) _a1 ,r _a2 ,r _a3 ) A plurality of random numbers (a) _a ,b _a ,d _a ,e _a ,f _a ) And (3) performing statistical processing, and calculating a zero knowledge proof fragment 1: m is _a1 ＝a _a -c*v _a1 Zero knowledge proof fragmentation 2: m is _a2 ＝b _a -c*r _a1 Zero knowledge proof fragmentation 3: m is _a3 ＝d _a -c*v _a2 Zero knowledge proof fragmentation 4: m is a unit of _a4 ＝e _a -c*r _a2 Zero knowledge proof fragmentation 5: m is _a5 ＝f _a -c*r _a3 。

b. User A shards zero knowledge proof (m) based on user client _a1 ，m _a2 ,m _a3 ,m _a4 ,m _a5 ) The uplink preamble sent to bank 1.

Step4: the uplink front of the bank 1 receives the zero knowledge proof fragments sent by each user, and carries out aggregation processing on the zero knowledge proof fragments sent by each user to generate a zero knowledge proof. The process of generating the zero knowledge proof specifically comprises the following steps:

a. the upstream of the bank 1 is based on the zero knowledge proof fragmentation of each user, and the similar zero knowledge proof fragmentation of each user is aggregated to calculate the zero knowledge proof 1: m is ₁ ＝m _a1 +m _b1 +…+m _n1 Zero knowledge proof 2: m is ₂ ＝m _a2 +m _b2 +…+m _n2 Zero knowledge proof 3: m is ₃ ＝m _a3 +m _b3 +…+m _n3 Zero knowledge proof 4: m is a unit of ₄ ＝m _a4 +m _b4 + …+m _n4 Zero knowledge proof 5: m is ₅ ＝m _a5 +m _b5 +…+m _n5 。

b. Bank 1's uplink prefix will promise factor C, rights voucher list (C) _1list ,C _2list ,C _3list ) And zero knowledge proof (m) ₁ ,m ₂ ,m ₃ ,m ₄ ,m ₅ ) And sending to the federation chain.

Step5: the federation chain verifies zero knowledge proof. The process of verifying the zero knowledge proof specifically comprises the following steps:

a. the acceptance factor c and the rights and interests voucher received by the alliance chainListing (C) _1list ,C _2list ,C _3list ) Zero knowledge proof (m) ₁ ,m ₂ ,m ₃ ,m ₄ ,m ₅ ) Performing statistical processing, and calculating verification information 1: t is t ₁ ′＝m ₁ *G+ m ₂ *H+c*∑C _1list Verification information 2: t is t ₂ ′＝m ₃ *G+m ₄ *H+c*∑C _2list Verification information 3: t is t ₃ ′＝(m ₁ +m ₃ )*G+m ₅ *H+c*∑C _3list . In this way, the correctness of the zero-knowledge proof can be verified based on the verification information 1, the verification information 2, and the verification information 3, and the correctness of the amount of the right voucher can be verified. Wherein, sigma C _1list 、∑C _2list 、∑C _3list All represent the summation of rights vouchers in the respective voucher lists.

b. Determine if C = Hash (C) is present _1list ,C _2list ,C _3list ,t ₁ ′,t ₂ ′,t ₃ '). If so, the verification is successful, and the rights voucher can then be listed as 1 (C) _1list ) And rights voucher list 2 (C) _2list ) Set to invalid, i.e. destroy the originally used entitlement voucher list 1 (C) _1list ) Claim of rights voucher list 2 (C) _2list ) And generates a new rights voucher, i.e., rights voucher list 3 (C) _3list ) The rights voucher in (1). Therefore, the user can conveniently and accurately use the new rights and interests voucher in time, and the problem that the rights and interests voucher managed by the user expands can be avoided.

The embodiment shows that the identity information of the user can be easily acquired through tracing the relevance of the rights and interests voucher based on the zero-knowledge proof generated by the user, so that the risk of leakage of the identity information of the user exists. Therefore, multiple users interact with the server to safely complete the merging of the rights and interests certificates, namely, the server performs aggregation processing on the same type committed fragments in the m n types of committed fragments, so that the condition that other people can acquire the identity information of the users through tracing the relevance of the rights and interests certificates can be avoided, and the privacy security of the identity information of the users can be improved. And moreover, based on n commitment certificates and n right voucher records, a commitment factor aiming at m right and left right combination requests is generated, wherein the commitment factor is used for generating k-class zero knowledge certificate fragments by the client based on the commitment factor and voucher keys of n-class right vouchers, namely in the process of generating the k-class zero knowledge certificate fragments, the voucher key of the user does not leave the local part of the client of the user, so that the risk of leakage of the voucher key of the user can be avoided, and the privacy security of right voucher data of the user can be ensured. And then, aggregation processing is carried out on similar zero knowledge certification fragments in m types of k zero knowledge certification fragments sent by m clients, and k zero knowledge certifications are determined and used for verifying the matching between n right certificate records and commitment factors through a block chain, so that whether the right certificate of the user is tampered or not can be verified through the block chain, namely whether the right certificate of the user is accurate or not, the right certificate of the user is verified to be real and effective, and the user experience can be improved. Therefore, the problem that identity information and rights and interests voucher data of a user are leaked in the prior art can be solved.

Based on the same technical concept, fig. 3 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device can execute a flow of a block chain based equity combining method.

As shown in fig. 3, the apparatus includes:

a first receiving unit 301, configured to receive m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests combination criterion;

a first processing unit 302, configured to aggregate commitment fragments of the same type, determine n commitment certificates, perform clustering processing on equity vouchers of the same type, and determine n equity voucher records; generating commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records, and respectively sending the commitment factors to the m clients; receiving m k-class zero-knowledge proof fragments sent by the m clients, and performing aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; sending a verification request to a block chain; the validation request comprises the commitment factor, the n entitlement voucher records and the k zero knowledge proofs; the k zero knowledge proofs are used for the block chain to verify the matching of the n entitlement voucher records and the commitment factor.

Optionally, the first processing unit 302 is specifically configured to:

and carrying out hash operation on the n commitment certificates and the n right certificate records to obtain commitment factors aiming at the m right combination requests.

Based on the same technical concept, fig. 4 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device may execute a flow of a block chain based equity combining method.

As shown in fig. 4, the apparatus includes:

a generating unit 401, configured to generate n types of rights and interests vouchers according to the rights and interests voucher generating manner; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged;

a second processing unit 402, configured to determine n types of commitment fragments according to the rights and interests credential generation manner; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria; sending a rights and interests combination request to a server; the right merging request comprises n types of commitment fragments and n types of right vouchers; receiving a commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients; generating k types of zero knowledge proof fragments according to the commitment factor, the n-1 types of rights and interests to be merged and the certificate key of the n types of rights and interests certificates, and sending the k types of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1 class to-be-merged right as that of the client.

Optionally, the second processing unit 402 is specifically configured to:

generating k random numbers;

determining a first type commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

determining a second class commitment fragment based on a third random number and a fourth random number in the k random numbers and a first public point and a second public point of the elliptic curve;

Optionally, the second processing unit 402 is specifically configured to:

generating a second class zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n classes of rights and interests certificates and a second random number in the k random numbers; the first certificate key is a key used for generating the first class of rights and interests certificate;

generating a third class of zero knowledge proof fragments according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of right and interest certificates in the n-1 type of right and interest to be merged;

generating a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating the second type of rights and interests certificate;

generating a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of rights and interests certificates and a fifth random number in the k random numbers; the third certificate key is a key used for generating the n-1 type right certificate after the right and the interest are merged.

Based on the same technical concept, fig. 5 exemplarily shows a block chain based equity combining device provided by an embodiment of the present invention, and the device can execute a flow of a block chain based equity combining method.

As shown in fig. 5, the apparatus includes:

a second receiving unit 501, configured to receive an authentication request sent by a server; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs;

a verification unit 502, configured to verify matching of the n equity voucher records and the commitment factor through the k pieces of zero knowledge proofs; the commitment factor is generated by the server based on the n commitment proofs and the n entitlement voucher records; the n acceptance certificates are determined by the server according to the aggregation processing of the acceptance fragments of the same type; the commitment fragment is generated by the client according to the rights and interests voucher generating mode.

Optionally, the verification unit 502 is specifically configured to:

determining first verification information according to the commitment factor, a first rights and interests voucher record in the n rights and interests voucher records, and a first zero knowledge proof in the k zero knowledge proofs;

determining second verification information according to the commitment factor, a second rights and interests voucher record in the n rights and interests voucher records, a third zero knowledge proof and a fourth zero knowledge proof in the k zero knowledge proofs;

Optionally, the verification unit 502 is specifically configured to:

and after determining that the commitment factor is consistent with the comprehensive verification of the verification information, generating a combined rights and interests voucher, and deleting the old rights and interests voucher.

Based on the same technical concept, an embodiment of the present invention provides a computing device, including:

a memory for storing a computer program;

Based on the same technical concept, embodiments of the present invention provide a computer-readable storage medium storing a computer-executable program for causing a computer to perform a block chain-based rights and interests merging method.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-RON, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the invention.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present application and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A method for combining rights and interests based on a block chain is characterized by comprising the following steps:

the server receives m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of right and interest certificates are generated by the client according to a right and interest certificate generation mode; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve; the n types of right and interest certificates comprise n-1 types of right and interest certificates with right and interest to be merged and n-1 types of right and interest certificates with right and interest to be merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests combination criterion; each n-type commitment fragment is determined by the client according to a rights and interests voucher generation mode and based on the generated k random numbers;

the server receives m k-class zero-knowledge proof fragments sent by the m clients, and performs aggregation processing on the same class of zero-knowledge proof fragments to determine k zero-knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; the k-class zero-knowledge proof fragment is determined by the client based on the commitment factor, k random numbers generated by the client, n-1 classes of rights and interests to be merged corresponding to the client and a credential key of n classes of rights and interests credentials corresponding to the client;

the server sends a verification request to the blockchain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the block chain to verify the matching of the n entitlement voucher records and the commitment factor.

2. The method of claim 1, wherein the server performs clustering on similar rights and interests vouchers to determine n rights and interests voucher records, comprising:

the server carries out clustering processing on the same type of rights and interests certificates in the m n types of rights and interests certificates to obtain n clustered rights and interests certificate records;

3. The method of claim 1, wherein the server generates commitment factors for the m entitlement merge requests based on the n commitment certificates and the n entitlement voucher records, comprising:

4. A method for combining rights and interests based on a block chain is characterized by comprising the following steps:

the client generates n types of right and interest vouchers according to the right and interest voucher generation mode; the n types of right and interest certificates comprise n-1 types of right and interest certificates with right and interest to be merged and n-1 types of right and interest certificates with right and interest to be merged; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve;

the client determines n types of commitment fragments according to the rights and interests voucher generation mode and based on the generated k random numbers; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests combination criterion;

the client receives the commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients;

the client generates k classes of zero knowledge proof fragments according to the commitment factor, the k random numbers, the n-1 classes of rights and interests to be merged and the certificate keys of the n classes of rights and interests vouchers and sends the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1 class to-be-merged right as that of the client.

5. The method of claim 4, wherein the determining, by the client, n types of commitment fragments according to the rights and interests voucher generating manner comprises:

the client generates k random numbers;

the client determines a first type commitment fragment based on a first random number and a second random number in the k random numbers and a first public point and a second public point of an elliptic curve;

and the client determines a third type commitment fragment based on the first random number, the third random number and the fifth random number in the k random numbers and the first public point and the second public point of the elliptic curve.

6. The method of claim 4, wherein the client generating a class k zero proof of knowledge fragment according to the commitment factor, the class n-1 pending equity, and a credential key for the class n equity credentials comprises:

the client generates a first-class zero-knowledge proof fragment according to the commitment factor, the first voucher amount and a first random number in the k random numbers; the sum of the first certificate is the sum corresponding to the first class of equity certificates in the n-1 classes of equity to be merged;

the client generates a second zero-knowledge proof fragment according to the commitment factor, a first certificate key in the certificate keys of the n types of rights and interests certificates and a second random number in the k random numbers; the first certificate key is a key used for generating the first class of rights and interests certificate;

the client generates a third type of zero-knowledge proof fragment according to the commitment factor, the second voucher amount and a third random number in the k random numbers; the sum of the second certificate is the sum corresponding to the second type of equity certificates in the n-1 type of equity to be merged;

the client generates a fourth class zero-knowledge proof fragment according to the commitment factor, a second certificate key in the certificate keys of the n classes of rights and interests certificates and a fourth random number in the k random numbers; the second certificate key is a key used for generating the second type of rights and interests certificate;

the client generates a fifth class of zero-knowledge proof fragments according to the commitment factor, a third certificate key in the certificate keys of the n classes of rights and interests certificates and a fifth random number in the k random numbers; the third certificate key is used for generating the n-1 type rights and interests certificate after the rights and interests are merged.

7. A block chain-based rights and interests combination method is characterized by comprising the following steps:

the block chain receives a verification request sent by the server; the verification request comprises a commitment factor, n equity voucher records and k zero knowledge proofs; the k zero knowledge proofs are determined by the server through aggregation processing aiming at homogeneous zero knowledge proof fragments in m k types of zero knowledge proof fragments sent by m clients; the k-class zero-knowledge proof fragment is determined by the client based on the commitment factor, k random numbers generated by the client, n-1 classes of rights and interests to be merged corresponding to the client and a credential key of n classes of rights and interests credentials corresponding to the client;

the block chain verifies the matching of the n equity voucher records and the commitment factor through the k zero knowledge proofs; the commitment factor is generated by the server based on n commitment certificates and the n equity voucher records; the n acceptance certificates are determined by the server through aggregation processing aiming at the same type acceptance fragments in the m n types of acceptance fragments sent by the m clients; each n-type commitment fragment is determined by the client according to a rights and interests voucher generation mode and based on the generated k random numbers; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve.

8. The method of claim 7, wherein the blockchain verifying the matching of the n equity voucher records to the commitment factor as evidenced by the k zero knowledge, comprising:

the block chain determines third verification information according to the commitment factor, a third rights and interests voucher record in the n rights and interests voucher records, and a first zero knowledge proof, a third zero knowledge proof and a fifth zero knowledge proof in the k zero knowledge proofs;

9. The method of claim 8, wherein the block chain verifying the matching of the n entitlement credential records to the commitment factor based on the first verification information, the second verification information, the third verification information and the commitment factor comprises:

10. The method of claim 9, wherein the blockchain determining whether the commitment factor is consistent with the integrated verification of the verification information comprises:

11. A block chain-based equity merging device, comprising:

the first receiving unit is used for receiving m rights and interests combination requests sent by m clients; the right merging request comprises n types of commitment fragments and n types of right vouchers; the n types of rights and interests certificates are generated by the client according to the rights and interests certificate generation mode; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve; the n types of right and interest certificates comprise n-1 types of right and interest certificates with right and interest to be merged and n-1 types of right and interest certificates with right and interest to be merged; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests merging criteria; each n-type commitment fragment is determined by the client according to a rights and interests voucher generation mode and based on the generated k random numbers;

the first processing unit is used for carrying out aggregation processing on the promised fragments of the same type, determining n promised certificates, carrying out clustering processing on the rights and interests certificates of the same type and determining n rights and interests certificate records; generating commitment factors aiming at the m rights and interests merging requests based on the n commitment certificates and the n rights and interests voucher records, and respectively sending the commitment factors to the m clients; receiving m k-class zero knowledge proof fragments sent by the m clients, and performing aggregation processing on the similar zero knowledge proof fragments to determine k zero knowledge proofs; the k-class zero-knowledge proof fragment is generated by a client based on the commitment factor and is used for verifying the n-1 class to-be-merged right as the client; the k-class zero-knowledge proof fragment is determined by the client based on the commitment factor, k random numbers generated by the client, n-1 classes of rights and interests to be merged corresponding to the client and a credential key of n classes of rights and interests credentials corresponding to the client; sending a verification request to the blockchain; the validation request includes the commitment factor, the n entitlement credential records, and the k zero knowledge proofs; the k zero knowledge proofs are used for the blockchain to verify the matching of the n equity voucher records and the commitment factor.

12. A block chain based equity merging device, comprising:

the generating unit is used for generating n types of rights and interests certificates according to the rights and interests certificate generating mode; the n types of right and benefit certificates comprise n-1 types of right and benefit certificates to be merged and n-1 types of right and benefit certificates after being merged; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve;

the second processing unit is used for determining n types of commitment fragments according to the rights and interests voucher generation mode and based on the generated k random numbers; the n types of commitment fragments are used for proving that n types of rights and interests in the n types of rights and interests vouchers accord with the rights and interests combination criterion; sending a rights and interests combination request to a server; the right merging request comprises n types of commitment fragments and n types of right vouchers; receiving a commitment factor sent by the server; the commitment factor is generated by the server based on m equity merging requests of m clients; generating k classes of zero knowledge proof fragments according to the commitment factor, the k random numbers, the n-1 classes of rights and interests to be merged and the certificate keys of the n classes of rights and interests certificates, and sending the k classes of zero knowledge proof fragments to the server; the k-class zero-knowledge proof fragment is used for verifying the n-1-class rights to be merged as the client.

13. A block chain-based equity merging device, comprising:

the second receiving unit is used for receiving the verification request sent by the server; the verification request comprises a commitment factor, n equity voucher records and k zero knowledge proofs; the k zero knowledge proofs are determined by the server by carrying out aggregation processing on the same type of zero knowledge proof fragments in m types of k zero knowledge proof fragments sent by m clients; the k-class zero-knowledge proof fragment is determined by the client based on the commitment factor, k random numbers generated by the client, n-1 classes of rights and interests to be merged corresponding to the client and a credential key of n classes of rights and interests credentials corresponding to the client;

the verification unit is used for verifying the matching of the n right certificate records and the commitment factor through the k pieces of zero knowledge proof; the commitment factor is generated by the server based on n commitment certificates and the n equity voucher records; the n commitment proofs are determined by the server through aggregation processing aiming at homogeneous commitment fragments in m n types of commitment fragments sent by the m clients; each n-type commitment fragment is determined by the client according to a rights and interests voucher generation mode and based on the generated k random numbers; the rights and interests voucher is generated according to the voucher amount corresponding to the rights and interests voucher, the voucher key of the rights and interests voucher and the public point on the elliptic curve.

14. A computing device, comprising:

a memory for storing a computer program;

a processor for invoking a computer program stored in said memory for performing the method of any of claims 1 to 10 in accordance with the obtained program.

15. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program for causing a computer to execute the method of any one of claims 1 to 10.