CN112989409A - Block chain privacy protection scheme based on blind mixed currency on lattice - Google Patents

Block chain privacy protection scheme based on blind mixed currency on lattice Download PDF

Info

Publication number
CN112989409A
CN112989409A CN202110273632.5A CN202110273632A CN112989409A CN 112989409 A CN112989409 A CN 112989409A CN 202110273632 A CN202110273632 A CN 202110273632A CN 112989409 A CN112989409 A CN 112989409A
Authority
CN
China
Prior art keywords
blind
mixed
signature
user
currency
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110273632.5A
Other languages
Chinese (zh)
Inventor
石少全
王凤和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Jianzhu University
Original Assignee
Shandong Jianzhu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Jianzhu University filed Critical Shandong Jianzhu University
Priority to CN202110273632.5A priority Critical patent/CN112989409A/en
Publication of CN112989409A publication Critical patent/CN112989409A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Economics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a block chain privacy protection scheme based on blind mixed currency on a lattice, which comprises the following steps: setting, blind message interaction, customer application for mixed coins, agreement for mixed coins, customer transfer, issuing blind signatures, customer issuing blind removal signatures, mixed coin facilitator transfer, customer transfer and common fund extraction. Based on the design of a lattice password tool, the invention provides the quantum attack resistance characteristic for the blind mixed currency service scheme on the basis of realizing the functions of the existing blind mixed currency method, and realizes the long-term safety of the block chain privacy protection service.

Description

Block chain privacy protection scheme based on blind mixed currency on lattice
Technical Field
The invention relates to the technical field of block chain privacy protection, in particular to a blind coin mixing method based on lattices.
Background
The block chain is a distributed account book technology and has the characteristics of decentralization, data disclosure, verifiability, non-falsification and the like. According to the openness degree, the blockchains can be classified into public chains, alliance chains, and private chains. Public chains provide public verifiability and non-tamper-resistance of data, but also increase the risk of privacy disclosure. For example, public verifiability allows a potential attacker to easily obtain all transaction information in a blockchain. The block chain has non-tampering property, so that once privacy is leaked after transaction information is written into the block chain, the transaction information cannot be modified or deleted, and the privacy of a user is permanently leaked. Compared with the traditional field, the privacy disclosure problem faced by the block chain system is more prominent by deleting related revealed data to reduce the harm of privacy disclosure. Therefore, it is an important ring of research on block chains to improve the privacy protection capability and provide anonymization service of transaction information for users.
The mixed currency is a privacy protection method which is effectively compatible with the current mainstream block chain system (bitcoin, Ether shop). By confusing the mapping relation between the transaction input and output addresses, an attacker cannot obtain accurate transaction information, and the effect of protecting the privacy of users in the block chain is achieved. The mixed coins can be divided into centralized mixed coins and non-centralized mixed coins according to whether the mixed coins service provider needs to participate or not. However, in centralized mixed currency, the problem that a mixed currency service provider may reveal a mixed currency process or steal user funds exists, and potential threats are caused to the anonymity of users and the security of transaction funds. The blind mixed coin combines the blind signature technology with a centralized coin mixing mechanism, can ensure that even a coin mixing service provider cannot master the mapping relation between transaction addresses, and effectively solves the problem that the coin mixing service provider leaks the coin mixing process. Further, multiple signature technologies are used in blind mixed coins to guarantee the safety of transaction funds of mixed coin users.
With the rapid development of quantum science, the realization of the quantum security of the blind mixed currency service is beneficial to the realization of the long-term security of the blind mixed currency service, thereby ensuring the long-term security of the block chain privacy protection service. The existing blind mixed currency scheme relies on a cryptosystem which is not safe in the quantum environment and cannot provide the safety in the quantum environment. The lattice cipher tool is a well-known post-quantum cipher system capable of realizing quantum security, and in recent years, rapid development is achieved. However, the existing lattice-based blind signature protocol has a problem that it may be restarted. In other words, after the user and the signer perform the blind signature protocol interaction, the legal blind signature may not be obtained, and further, the blind signature protocol needs to be performed for many times until the legal blind signature is obtained. This results in increased computation and storage costs between the user and the signer, while also bringing the user with a poor interactive experience, i.e. multiple interactions may be required to achieve the goal. BOUAZIZ-ERMANN et al [ BOUAZIZ-ERMANN S, CANARD S, EBERHART G, et al.Lattice-based (Partialy) bland Signature with out Restart [ EB/OL ]. https: the restart problem in the lattice-based blind signature is solved, the interaction times between a user and a signer are effectively reduced, and the execution efficiency of the lattice-based blind signature protocol is improved. Further, DUCAS et al [ DUCAS L, DURMUS A, LEPOINT T, et al.Lattice Signatures and Bimodal Gaussians [ C ]// Advances in cryptography-CRYPTO 2013. Berlin: springer, 2013: 40-56 ] the double-peak Gaussian rejection sampling technology is applied to a blind signature protocol constructed by BOUAZIZ-ERM ANN and the like, so that the calculation efficiency can be further improved, and the calculation consumption between a coin mixing user and a coin mixing service provider (signer) can be greatly reduced.
Disclosure of Invention
The existing blind coin-mixing scheme cannot realize the security in the quantum environment. Therefore, the invention provides a blind mixed currency scheme capable of resisting quantum attack for privacy protection service in a block chain. Compared with the existing blind mixed-coin scheme, the scheme realizes the characteristics of anonymity, unlinkability, auditability, anti-theft-coin attack and the like, and also provides the quantum-attack-resistant characteristic for the blind mixed-coin service scheme. The safety protection level of the block chain privacy protection service can be effectively improved, and the long-term safe privacy protection service is provided for block chain users.
The purpose of the invention is realized by the following technical scheme:
a block chain privacy protection scheme based on blind mixed currency on lattices comprises the following steps:
firstly, a description is made of roles in the scheme: mixed currency facilitator S: and a facilitator providing a mixed currency service. Mixed currency user U: and (4) participating in the mixed currency. And (4) auditing a block chain: only unmodified bulletin boards can be added, which can be implemented by bitcoin blockchains.
A setting stage: the mixed currency facilitator S discloses mixed currency related parameters and generates a key pair (pk, sk) for signature and blind signature operations.
Message blinding interaction: user U and mixed coin service provider S carry out blind interaction to generate message m ═ koutOf (d), wherein koutAnd the final mixed coin output address represents the user.
The user applies for mixed coins: and the user U applies for the mixed coin to a mixed coin service provider.
Agreeing to mix coins: if the mixed coin service provider S agrees to apply for mixed coins, the mixed coin service provider S generates a multiple signature transaction address kUSAnd sent to the user.
Transferring accounts by the user: after receiving the multiple signature transaction address from the mixed currency service provider S, the user U sends the multiple signature transaction address k to the anonymous addressUSAnd (6) transferring accounts.
Issuing a blind signature: when the user successfully sends the transaction address kUSAnd after transferring accounts, the mixed currency service provider S issues the blind signature to an audit block chain.
The user issues a blind signature removal: and the user carries out blind removal operation on the blind signature and sends the blind removed signature to the audit block chain.
And (4) transferring accounts of the mixed currency service provider: the mixed coin service provider S verifies the validity of the blind-removal signature issued by the user, and if the blind-removal signature is legal, the mixed coin service provider S transfers the money to a mixed coin output address provided by the user; if the mixed currency service provider S does not transfer money, the user can provide a transfer transaction and a legal blind signature of a message e to audit and take charge of the S.
Transferring accounts by the user: transaction address k of customer to mixed currency service providerescAnd (4) transferring money.
Taking out the common fund: user and mixed currency service provider take out multiple signature transaction address kUSThe mixed currency ends.
Further, S performs the following steps to generate a key pair: selecting randomly uniform matrix
Figure BDA0002975600260000031
Calling trapdoor generation algorithm
Figure BDA0002975600260000032
Generating a statistically near uniform matrix
Figure BDA0002975600260000033
And corresponding G-trap door
Figure BDA0002975600260000034
② running the primitive sampling algorithm n timesst←SampleD(A,R,ut2) Wherein u istIs a matrix qInT column of (d), t e [ n],InIs an n-order unit square matrix. Order matrix
Figure BDA0002975600260000035
Then AS qIn(mod2 q). The public key pk of the coin facilitator S is (a, P) and the private key sk is (S, R). Selecting a Hash function H: {0,1} → { v ∈ {0,1}n,||v||1≤κ}。
Further, to blinde the message, U and S interact. S is composed of
Figure BDA0002975600260000036
x ← Ay generates x and sends it to U, which executes the following step complete message m ═ koutBlinding: selecting g ← -1,1},
Figure BDA0002975600260000037
if it is
Figure BDA0002975600260000038
Regeneration of t2(ii) a ② calculating e ← H (x-Pt)1-At2mod2q,m),e*=ge-t1To do so by
Figure BDA0002975600260000039
Is accepted e, otherwise, from
Figure BDA00029756002600000310
And the process is restarted. Therein, like
Figure BDA00029756002600000311
The formal representation y follows an m-dimensional gaussian distribution.
Further, after receiving the user' S request for mixed coins, the mixed coins server S uses the information kUAnd kSGenerating a 2-of-2 multiple signature address kUS. The mixed currency service provider S uses the private key S in the sk and adopts a digital signature scheme based on rejection sampling on the grid to pair the tuples { e x, kesc,kUSD signature and send to the userFamily U, and denote the common signature as { e, kesc,kUS,D}S. Wherein k isUAnd kSAre transaction addresses belonging to the user U and the mixed currency facilitator S, respectively.
Further, the mixed currency facilitator S issues the blind signature by: b ← 1,1 }; (vii) z ← bSe ÷ y, with probability
Figure BDA0002975600260000041
Accept z, else perform z ← SampleD (a, R, bPe + x, σ). And the mixed currency service provider S issues the blind signature z of the blind message e to the audit block chain in a minuscule bitcoin transfer mode.
Further, the user U completes signature blinding and publishing as follows. User U calculates z ← z x-t2Generating a message m ═ koutIs given by the anonymous transaction address k 'by way of minuscule bitcoin transfer'UGet the message m koutAnd the signature s ═ z, e) is issued to the chain of audit blocks.
Further, the mixed currency service provider S verifies the validity of the user issuing the blind signature by the following means: firstly
Figure BDA0002975600260000042
② e ═ H (Az-Pe mod2q, m). And if the verification is passed, the mixed currency service provider S completes the transfer transaction before the appointed time.
Compared with the prior art, the invention mainly has the following advantages:
1. and (4) resisting quantum attack. The invention is designed based on a lattice code tool, and has the advantage of the quantum attack resistance of the lattice code, so that the invention still has safety in a quantum environment and can provide long-term safe privacy protection service for a block chain.
2. High efficiency. The blind signature scheme designed in the invention has no restart problem, and has higher calculation efficiency compared with the existing lattice-based blind signature.
3. And (5) resisting the attack of the stolen currency. The user first transfers funds into utilization kUAnd kSMultiple signature address k for information generationUSIn addition, the fund in the address can be spent only after the user and the mixed coin service provider are signed by the corresponding private keys, so that the mixed coin service provider cannot steal the fund of the user, and the anti-theft coin attack is realized.
Drawings
Fig. 1 is a blind mixed coin model architecture diagram according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a lattice blind coin mixing scheme according to an embodiment of the present invention.
Detailed Description
In order to better understand the technical solution of the present invention, the following describes the present invention with reference to the embodiments and the accompanying drawings.
The block chain privacy protection scheme based on blind mixed currency in the embodiment specifically comprises the following steps: where, transfer (v, in, out) denotes that v BTCs (bitcoins) are transferred from the input address in to the output address out.
Step 1, setting stage. Mixed currency facilitator S discloses mixed currency related parameters v, T1,T2,T3,T4,T5,T6,T7τ, λ, r }, where v is the amount of the meld; t isiAt some agreed point in time; tau is the number of block confirmation needed for successful transfer transaction; lambda is the mixed currency service rate paid from U to S; r is a pre-deposit ratio for preventing a user from malicious attack. Meanwhile, S performs the following steps: selecting randomly uniform matrix
Figure BDA0002975600260000051
Calling trapdoor generation algorithm
Figure BDA0002975600260000052
Generating a statistically near uniform matrix
Figure BDA0002975600260000053
And corresponding G-trap door
Figure BDA0002975600260000054
② running the primary image sampling algorithm s n timest←SampleD(A,R,ut2),Wherein u istIs a matrix qInT column of (d), t e [ n],InIs an n-order unit square matrix. Order matrix
Figure BDA0002975600260000055
Then AS qIn(mod2 q). The public key pk of the coin facilitator S is (a, P) and the private key sk is (S, R). Selecting a Hash function H: {0,1} → { v ∈ {0,1}n,||v||1≤κ}。
And 2, blinding and interacting the messages. To blind the message, U and S interact. S is composed of
Figure BDA0002975600260000056
x ← Ay generates x and sends it to U, which executes the following step complete message m ═ koutBlinding: selecting g ← -1,1},
Figure BDA0002975600260000057
Figure BDA0002975600260000058
if it is
Figure BDA0002975600260000059
Regeneration of t2(ii) a ② calculating e ← H (x-Pt)1-At2mod2q,m),e*=ge-t1To do so by
Figure BDA00029756002600000510
Is accepted e, otherwise from
Figure BDA00029756002600000511
And the process is restarted.
And step 3, the user applies for the mixed currency. Ugeneral tuple<D={v,T1,T2,T3,T4,T5,T6,T7,τ,λ,r,kU},e*>Is sent to S, where D is publicly visible and e is m ═ koutThe blinding message. Thus, the transaction output address m is koutNot visible to S.
And 4, agreeing to mix coins. Mixed currency facilitator S utilization information kUAnd kSGenerating a 2-of-2 multiple signature address kUSFunds in the address can only be spent if U and S are respectively signed with corresponding private keys (the private key here is the private key corresponding to the transaction address in the blockchain and is not related to sk generated in the present invention). The mixed currency service provider S uses the private key S in the sk and adopts a digital signature scheme based on rejection sampling on the grid to pair the tuples { e x, kesc,kUSD signature is sent to U, and the common signature is marked as { e, kesc,kUS,D}SWherein k isescIs the transaction address of the mixed currency facilitator S.
And 5, transferring accounts by the user. At a contracted time T1Previously, U would vr BTCs from address k'inSwitching to multiple signature addresses kUSThe transaction is denoted as transfer (vr, k'in,kUS) Of which k'inAn anonymous address for user U.
And 6a, releasing the blind signature. Transfer (vr, k's) in trade'in,kUS) After being written into the block chain, S waits for τ blocks to be acknowledged, at a predetermined time T2Before, the following steps are executed to generate blind signature and the blind signature is issued to an audit block chain: b ← 1,1 }; (vii) z ← bSe ÷ y, with probability
Figure BDA0002975600260000061
Accept z, else perform z ← SampleD (a, R, bPe + x, σ). And S, issuing the blind signature z of the blind message e to an audit block chain in a minuscule bitcoin transfer mode.
And 6b, not issuing the blind signature. If S does not issue the blind signature of the blind message e, U publishes the evidence { e, kesc,kUS,D}SAnd transaction transfer (vr, k ') in the Block chain'in,kUS). Any third party can verify the validity of the signature and whether e-th blind signature exists in the audit block chain, so that the S is audited and tracked.
And 7, the user issues the blindness-removing signature. At a contracted time T3Before, the U carries out blindness removal on the blind signature and issues the blind signature to an audit block chain. U calculates z ← z x-t2Generating a message m ═koutIs given by the anonymous transaction address k 'by way of minuscule bitcoin transfer'UGet the message m koutAnd the signature s ═ z, e) is issued to the chain of audit blocks.
And 8a, transferring accounts by a mixed currency service provider. When a message m and a signature S thereof appear in an audit block chain, the validity of a blind signature S of the message m is verified by S in the following way: firstly
Figure BDA0002975600260000062
② e ═ H (Az-Pe mod2q, m). If the verification is passed, S is at the appointed time T4Before, transaction transfer (v, k 'is completed'esc,kout)。
And 8b, the money is not transferred by the mixed currency service provider. If S does not complete transaction transfer (v, k'esc,kout) Any third party can verify the validity of the signature S of the message m, namely (z, e), and the verification mode is consistent with the step 8a, so that the audit of the message m can be performed.
And 9a, transferring accounts by the user. Transfer (v, k 'was traded'esc,kout) After being written to the block chain, U waits for τ blocks to be acknowledged. At a contracted time T5Before, U completes the transaction transfer (v, k)in,kesc)。
And 9b, the user does not transfer money. If U does not complete the transaction transfer (v, k)in,kesc) Then U will lose (rv-v) BTCs and S will lose v BTCs. Both parties suffer different levels of loss, so this situation occurs with a lower probability.
And step 10, taking out the common fund. U at appointed time T6Previously, a multiple signature address k was constructedUSA transaction to transfer funds. The transaction content is as follows: will address kUSTransferring v lambda BTCs into the transaction address of S, transferring vr-v lambda BTCs into the transaction address of U, signing the transaction by the U with corresponding private key and sending the constructed transaction to S, and sending S to S at time T7The transaction, which was previously signed by the corresponding private key, is denoted transfer (vr, k)USV λ → S; vr-v lambda → U), and mixing coins.

Claims (7)

1. A block chain privacy protection scheme based on blind mixed currency on lattices is characterized by comprising the following steps:
a setting stage: the mixed currency service provider S discloses the related parameters of the mixed currency and generates a key pair (pk, sk) for signature and blind signature;
message blinding interaction: user U and mixed coin service provider S carry out blind interaction to generate message m ═ koutBlind message e of*
The user applies for mixed coins: a user U applies for the mixed coin from a mixed coin service provider;
agreeing to mix coins: if the mixed coin service provider S agrees to apply for mixed coins, the mixed coin service provider S generates a multiple signature transaction address kUSAnd sending to the user;
transferring accounts by the user: after receiving the multiple signature transaction address from the mixed currency service provider S, the user U sends the multiple signature transaction address k to the anonymous addressUSTransferring accounts;
issuing a blind signature: when the user successfully sends the transaction address kUSAfter transferring accounts, the mixed currency service provider S issues a blind signature;
the user issues a blind signature removal: after receiving the blind signature, the user performs blind removing operation and sends a blind removing result to the audit block chain;
and (4) transferring accounts of the mixed currency service provider: the mixed coin service provider S verifies the validity of the blind-removal signature issued by the user, and if the blind-removal signature is legal, the mixed coin service provider S transfers the money to a mixed coin output address provided by the user; if the mixed currency facilitator S does not transfer money, the user may provide a transfer transaction and message e*Carrying out audit tracing on the S by the legal blind signature name;
transferring accounts by the user: transaction address k of customer to mixed currency service providerescAnd (4) transferring money.
Taking out the common fund: user and mixed currency service provider take out multiple signature transaction address kUSThe mixed currency ends.
2. The block chain privacy protection scheme based on blind mixed currency on a grid according to claim 1, wherein in the setting stage, the mixed currency facilitator S generates the key pair comprising the following steps:
selecting randomly uniform matrix
Figure FDA0002975600250000011
Calling trapdoor generation algorithm
Figure FDA0002975600250000012
Generating a statistically near uniform matrix
Figure FDA0002975600250000013
And corresponding G-trap door
Figure FDA0002975600250000014
② running the primary image sampling algorithm s n timest←SampleD(A,R,ut2) Wherein u istIs a matrix qInT column of (d), t e [ n],InIs an n-order unit square matrix. Order matrix
Figure FDA0002975600250000015
Then AS qIn(mod2 q). The public key pk of the coin facilitator S is (a, P) and the private key sk is (S, R). Selecting a Hash function H: {0,1}*→{v∈{0,1}n,||v||1≤κ}。
3. The block chain privacy protection scheme based on blind mixed currency according to claim 1, wherein the message blind interaction phase comprises the following steps:
s is composed of
Figure FDA0002975600250000021
x ← Ay generates x and sends it to U, which executes the following step complete message m ═ koutBlinding: selecting g ← -1,1},
Figure FDA0002975600250000022
if it is
Figure FDA0002975600250000023
Regeneration of t2(ii) a ② calculating e ← H (x-Pt)1-At2 mod 2q,m),e*=ge-t1To do so by
Figure FDA0002975600250000024
Probability acceptance e of*Otherwise, from
Figure FDA0002975600250000025
And the process is restarted. Therein, like
Figure FDA0002975600250000026
The formal representation y follows an m-dimensional gaussian distribution.
4. The block chain privacy protection scheme based on blind mixed currency according to claim 1, wherein in the agreed mixed currency phase, the following steps are included:
mixed currency facilitator S utilization information kUAnd kSGenerating a 2-of-2 multiple signature address kUS. The mixed currency service provider S uses the private key S in the sk to adopt a digital signature scheme based on rejection sampling on the tuple e*,kesc,kUSD signature is sent to user U, and the common signature is marked as e*,kesc,kUS,D}S. Wherein k isUAnd kSAre transaction addresses belonging to the user U and the mixed currency facilitator S, respectively.
5. The lattice blind mixed currency based blockchain privacy protection scheme according to claim 1, wherein the issuing blind signature phase comprises the following steps:
the mixed currency facilitator S issues the blind signature as follows: b ← 1,1 }; (z)*←bSe*+ y, by probability
Figure FDA0002975600250000027
Receiving z*Otherwise, perform z*←SampleD(A,R,bPe*+ x, σ). The mixed currency service provider S transfers the blinded message e in a way of transferring the minuscule bitcoin*Blind signature z*And issuing to an audit block chain.
6. The block chain privacy protection scheme based on blind mixed coins on a grid according to claim 1, wherein in the user release blind signature removal stage, the method comprises the following steps:
user U calculates z ← z*-t2Generating a message m ═ koutIs given by the anonymous transaction address k 'by way of minuscule bitcoin transfer'UGet the message m koutAnd the signature s ═ z, e) is issued to the chain of audit blocks.
7. The block chain privacy protection scheme based on blind mixed currency according to claim 1, wherein in the mixed currency facilitator transfer stage, the following steps are included:
Figure FDA0002975600250000028
② e ═ H (Az-Pe mod2q, m). And if the verification is passed, the mixed currency service provider S completes the transfer transaction before the appointed time.
CN202110273632.5A 2021-03-15 2021-03-15 Block chain privacy protection scheme based on blind mixed currency on lattice Withdrawn CN112989409A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110273632.5A CN112989409A (en) 2021-03-15 2021-03-15 Block chain privacy protection scheme based on blind mixed currency on lattice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110273632.5A CN112989409A (en) 2021-03-15 2021-03-15 Block chain privacy protection scheme based on blind mixed currency on lattice

Publications (1)

Publication Number Publication Date
CN112989409A true CN112989409A (en) 2021-06-18

Family

ID=76335190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110273632.5A Withdrawn CN112989409A (en) 2021-03-15 2021-03-15 Block chain privacy protection scheme based on blind mixed currency on lattice

Country Status (1)

Country Link
CN (1) CN112989409A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113450091A (en) * 2021-06-21 2021-09-28 北京理工大学 Alliance chain privacy protection method based on mixer technology

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113450091A (en) * 2021-06-21 2021-09-28 北京理工大学 Alliance chain privacy protection method based on mixer technology

Similar Documents

Publication Publication Date Title
CN109858281B (en) Block chain account model privacy protection method based on zero knowledge proof
CN111143885B (en) Block chain transaction processing method and device and block chain link points
Ateniese et al. Certified bitcoins
CN110612547A (en) System and method for information protection
CN110912705B (en) Distributed electronic voting method and system based on block chain
JPH07502346A (en) digital signature algorithm
CN109447602B (en) Multi-center collaborative distributed digital currency mixing method for protecting privacy
Tomescu et al. Utt: Decentralized ecash with accountable privacy
CN110505067A (en) Processing method, device, equipment and the readable storage medium storing program for executing of block chain
CN110599164A (en) Method for rapidly paying by any payee under supervision chain
CN113095826A (en) Covert communication method and system based on block chain multi-signature
CN113947394A (en) Block chain-based fair payment method for deletable duplicate data in cloud storage
CN111260348B (en) Fair payment system based on intelligent contract in Internet of vehicles and working method thereof
CN112073196A (en) Service data processing method and device, electronic equipment and storage medium
CN115238294A (en) Digital RMB transaction privacy protection method, system and device based on mixed currency protocol
CN112989409A (en) Block chain privacy protection scheme based on blind mixed currency on lattice
CN113645036A (en) Ether shop transaction privacy protection method based on ring signature and intelligent contract
CN111191262B (en) Block chain wallet client private key protection method based on two-party signature
CN113591103A (en) Identity authentication method and system between intelligent terminals of power internet of things
WO2019174404A1 (en) Digital group signature method, device and apparatus, and verification method, device and apparatus
CN111064557A (en) Distributed trusteeship digital currency threshold signature key distribution method
CN111353780A (en) Authorization verification method, device and storage medium
CN110992010B (en) Digital currency issue total amount control method and verification method
CN109274506B (en) Certificateless signature method based on SM2 secret
CN114124346A (en) Method for realizing ElGamal multiple decryption by using block chain endorsement mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210618

WW01 Invention patent application withdrawn after publication