CN112990928B - Safety protection method for digital currency transaction data - Google Patents
Safety protection method for digital currency transaction data Download PDFInfo
- Publication number
- CN112990928B CN112990928B CN202110502915.2A CN202110502915A CN112990928B CN 112990928 B CN112990928 B CN 112990928B CN 202110502915 A CN202110502915 A CN 202110502915A CN 112990928 B CN112990928 B CN 112990928B
- Authority
- CN
- China
- Prior art keywords
- transaction
- amount
- tracking
- key
- initiator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 239000003999 initiator Substances 0.000 claims abstract description 47
- 238000004422 calculation algorithm Methods 0.000 claims description 35
- 238000012795 verification Methods 0.000 claims description 35
- 238000012546 transfer Methods 0.000 claims description 14
- 238000003860 storage Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims 1
- 238000000638 solvent extraction Methods 0.000 claims 1
- 239000000126 substance Substances 0.000 claims 1
- 238000012360 testing method Methods 0.000 description 7
- 230000006399 behavior Effects 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000002474 experimental method Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 239000000654 additive Substances 0.000 description 2
- 230000000996 additive effect Effects 0.000 description 2
- 238000004900 laundering Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a security protection method of digital currency transaction data, wherein, the currency issuing transaction and the circulation transaction are recorded in a table format distributed type account book, each row of the account book represents a system participant, each row represents a transaction information, and the system participant comprises: the central bank, commercial bank, general user; when a transaction is initiated, the following is recorded in its corresponding column: pedersen commitments to transaction amounts, commitments to account balances, scope attestation, tracking keys, and tracking key attestation; and during transaction, verifying whether the sum of all transaction amounts which are promised to be hidden in each transaction is 0, and verifying whether the scope certification and the tracking key certification which are created by the transaction initiator are correct.
Description
Technical Field
The invention belongs to the technical field of digital currency, and particularly relates to a security protection method for digital currency transaction data.
Background
With the development of modern technology, electronic payment mode has gradually become an important payment means in people's life, and the use scene of traditional paper currency has gradually shriveled due to lack of portability. Secondly, the printing, issuing and circulating links of the paper money are high in cost. In addition, the traditional paper money is easy to forge, the identity of a currency owner cannot be confirmed, supervision is difficult, and the risk of being used for money laundering, terrorist financing and the like exists. Thus, in today's highly digital age, it has been a trend to implement monitorable anonymous digital currency.
Today, digital currencies are largely divided into three categories, centralized digital currency, decentralized digital currency, and legal digital currency. Among them, a typical representative of centralized digital currency is the E-Cash scheme proposed by Chaum, which is a trusted "bank-person-merchant" based cryptographic digital currency model proposed in 1982, which is considered to be the earliest cryptographic digital currency system. In the model, the transaction of the individual and the merchant depends on an authoritative centralized institution bank, and the bank cannot acquire the transaction information by using the blind signature technology, so that the anonymity and privacy of both transaction parties are ensured, but the scheme is difficult to realize currency tracking. Later, although the E-Cash scheme proposed by Jules realizes the tracking of anonymous currency by introducing a trusted authority, the scheme requires the bank to participate in the currency circulation, and cannot complete large-scale transactions. A typical representation of decentralized digital currency is Bitcoin, the first fully decentralized encrypted digital currency system proposed by Satoshi Nakamoto in 2008. In the scheme, the issuing and circulation of the digital currency are independent of any centralized mechanism of a third party, transaction information is stored in a distributed account book called a block chain, and the account book is commonly maintained by nodes in a P2P network by means of technologies such as cryptography, distributed account book storage technology, P2P consensus and the like. Although bitjoin uses a pseudonym, it cannot be guaranteed that private information of the user is not leaked. A large number of decentralized encrypted digital currency systems such as Monero, Zerocoin and Zerocash are proposed later on the basis of the Bitcoin idea, but the schemes are difficult to realize currency supervision, the currency value fluctuates severely, and the currency is difficult to maintain stable.
Unlike the two kinds of digital currencies, the legal digital currency takes the national credit as endorsement, and the issuance of the currency is regulated by the central line, so the legal digital currency can maintain the stability of the currency economic system. Currently, many countries are taking active attitudes towards studying legal digital currency. Although the legal digital currency takes national credit as endorsement and the issuance of the currency is controlled by the central row, the client-server architecture of the public-to-central row is not suitable for the technical application, otherwise, a single point of failure occurs and the currency is easy to attack by an attacker, thereby causing disastrous results. The blockchain is used as a distributed storage technology, the distributed ledger is commonly maintained by each node in the P2P network, and has the characteristics of non-tampering, public verifiability and the like, so that compared with a client-server architecture, the blockchain has better transparency and stability. However, while the data is publicly verifiable, the privacy information of the user is difficult to be protected, so how to construct a block chain-based legal digital currency system which can protect the privacy of the user and realize supervision is necessary.
Disclosure of Invention
The invention aims to solve the following technical problems:
1. how to protect the privacy of the transaction of the system participants from being divulged, namely, the identity of the transaction participants and the transaction amount need to be hidden, and the transaction is guaranteed not to be tracked by other system participants at the center.
2. The method is used for verifying the validity of the transaction on line under the conditions that the identity of a transaction participant is hidden and the transaction amount is in a secret state.
3. When illegal criminal behaviors such as money laundering or terrorist financing occur, the central bank has a certain checking means to track related transaction information.
4. On the premise of realizing anonymous traceability, the throughput rate of the system is improved as much as possible, and the redundancy of the account book storage is reduced as much as possible.
The invention is realized by the following technical scheme:
a security protection method of digital currency transaction data,
the digital currency transaction data is recorded in a table format distributed account book, each row of the account book represents a system participant, and each row represents a transaction message;
when initiating a transaction alpha, the transaction initiator first randomly selects k using a cistern algorithmTxIDA non-trading participant, which together with the trading participant form a set of members CSetTxID(ii) a Then for each member β ∈ CSetTxIDThe following is recorded in its corresponding column: (1) pedersen commitment Comm for transaction amountsα,β(vα,β,rα,β) (2) acceptance of Account balance Balancecomα,β(v′α,β,r′α,β) (3) a range attestation, (4) a tracking key, and (5) a tracking key attestation; wherein v isα,βThe transaction amount in a transaction alpha being a member beta, rα,βIs a random value which is not disclosed, when being handed overPedersen acceptance Comm for easy sumα,β(vα,β,rα,β) Middle vα,βAcceptance Balancecom of Account balance when not less than 0α,β(v′α,β,r′α,β) Is prepared from a new random value r'α,βFor vα,βMade a further Pedersen commitment, at which time the monetary parameter v'α,β=vα,β(ii) a Pedersen commitment Comm as transaction amountα,β(vα,β,rα,β) Middle vα,β Below 0, the acceptance Balancecom of the Account balanceα,β(v′α,β,r′α,β) Is to calculate the Pedersen commitment sum of all current transactions in column beta, when the amount parameterl is TxID of the current transaction, and TxID represents the transaction ID;
and (3) verifying the validity of the transaction during the transaction: (1) verifying whether the sum of all transaction amounts promised to be hidden in each transaction is 0; (2) and verifying whether the scope certificate and the tracking key certificate created by the transaction initiator are correct.
In the above technical solution, the Pedersen commitment Comm for the transaction amountα,β(vα,β,rα,β) If the member beta is the sender of the transaction alpha; the transaction amount vα,βNegative, if the member beta is the recipient of the transaction alpha, the transaction amount vα,βIs a positive value; if the member beta is not a participant in the transaction alpha, the transaction amount vα,βIs 0.
In the above technical solution, the scope certification is to certify the acceptance Balancecom of the account balanceα,β(v′α,β,r′α,β) Amount parameter v 'of'α,βIf the value of (1) is in the set range, the participant in the transaction is proved not to create or destroy an asset by default, and the balance of the digital currency transferring party is enough to complete the transfer transaction.
In the technical scheme, during transaction supervision, a specific value of a transaction amount concealed by using Pedersen commitments is tracked through a tracking key calculated by a Bit traceable Bulletprofof zero knowledge range proof cryptographic algorithm and a supervision trapdoor owned by a supervisor;
the Bit traceable Bulletprof zero knowledge range proof cryptographic algorithm comprises the following steps:
the method comprises the following steps:
generating parameters, performing at system initialization, inputting security parameters λ and supervisor generated supervision traps y0,y1,...yn-1Outputting public parametersThe specific description is as follows:
(1) the system randomly selects the generator g, h, g0,…,gn-1∈G;
step two:
generating a certified algorithm, executed by a transaction initiator when creating a transaction, inputting a transaction amount and an amount range to be certified by the algorithm, and outputting a range certification, a tracking key and a tracking key certification; the transaction initiator performs the following steps to calculate the proof under each member correspondence column:
(1) for a transaction amount v ∈ [0, 2 ]32-1]The transaction initiator selects a random numberγ∈Calculating a commitment V of the transaction amount V: h isvgγ∈G;
(2) The transaction initiator divides the transaction amount v into bits: v ═ v0+2v1+…+2n-1vn-1,vL=(v0,...,vn-1),vR=vL-1n=(v0-1,...,vn-1-1);vLRepresenting a binary vector representation of an amount v, vRVector is composed of vLThe vector is induced and generated according to the rule defined by the formula;
(3) random number r epsilon randomly selected by transaction initiatorCommitment to each bit of the transaction amount v yields a:
(4) random number selection by transaction initiatorFor blind vectorMaking a commitment to obtain S:
(5) the transaction verifier sends the random number x, y, z of the challenge to the transaction initiator, and the transaction initiator makes the inner product proof and generates the proofWherein:
Wherein δ (y, z) ═ z-z2)·<1n,yn>-z3<1n,2n>;
(6) random number tau is selected by the transaction initiator1,τ2∈Generating a proof T1,T2,τxTo a verifier, wherein:
(7) the transaction initiator will commit V, A, S and prove mu, l, rT1,T2,τxSending to a transaction verifier;
(8) transaction initiator adds tracking key TK to each bit of moneyiAnd TK'iAnd giving a tracking key certificate pi for all tracking keys:
(9) the transaction initiator is in each member of the transaction alpha, beta ∈ CSetTxIDCorresponding to the following write Range certificateTracking key Tkα,βAnd TK'α,βAnd tracking the key proof pi to construct a transaction;
step three:
the algorithm of the verification certification is executed by the transaction verifier, and whether the range certification and the tracking key certification generated by the transaction initiator during the transaction creation are correct or not is verified; the public parameters G, q, G, h,and range certification and tracking key certification, wherein output 1 represents that certification verification is passed, and output 0 represents that certification verification is not passed; for each member β of the transaction α listed below, the transaction verifier performs the following steps:
(2) The verifier calculates δ (y, z) to (z-z)2)·<1n,yn>-z3<1n,2n>;
(3) Verifier calculates A pii∈[0,n-1]hi;
(4) Verifier calculates pii∈[0,n-1](TKi·TK′i);
(5) The verifier verifies whether the following equation is true, if true, the verification is passed, otherwise the verification is not passed:
(6) the verifier checks the validity of the tracking key to prove pi and judges an equation A.pi.pii∈[0,n-1]hi=Πi∈[0,n-1](TKi·TK′i) If the equation is true, the verification is passed, otherwise the verification is not passed, and the proof of the equation is as follows:
(7) after the verifier verifies the transaction, the range certificate, the tracking key and the tracking secret key certificate are recorded in the distributed account book;
step four:
the algorithm for tracking the transaction amount is executed by a transaction supervisor during transaction supervision, a supervision trap and a tracking key which are only mastered by the supervisor are input, the transaction amount which is promised to be hidden is output, and for the following columns of each member of each transaction, the transaction tracker executes the following steps to track the transaction amount of each member corresponding to each transaction:
(1) for each i-0, n-1, the supervisor reads the tracking key TK recorded for each beta column of the transaction a in the ledgeri&TK′iUsing supervision trapdoors y known only by themselvesiCalculating the column corresponding to each member beta of each transaction alpha respectively
(2) Tracking key TK used by supervisori、TK′iAnd supervision trapdoor yiFor each bit viA tracking calculation is performed, specifically, for each i ═ 0.., n-1:
The invention has the advantages and beneficial effects that:
(1) transaction details can be hidden: the invention provides a table format distributed account book, and the Pedersen promises with homomorphic property are used, so that the identity information and the transaction amount of transaction participants can be effectively hidden when a user initiates a transaction; moreover, the invention does not directly select the Pedersen commitment with the sum of 0 from the column record of all the non-trading participants, but randomly selects k from all the non-trading participants by using the impounding reservoir algorithmTxIDThe column in which the individual non-trading participant is located records the commitment to 0, specifically kTxIDThe value of (c) is determined by the user. Thus the storage redundancy of the distributed ledger is not large, and kTxIDThe larger the value, the more privacy of the transaction, but the slower the transaction speed.
(2) The digital currency is controlled to be transferred out: in the transaction content, the invention records a new commitment Balancecom under the transaction content of the corresponding column of each system participantα,βSuch that Range proof only needs to be used onceα,βIt may be determined whether the concealed transaction amount is within a specific range or not, and whether the sum of each column of the tabular ledger, i.e., the user account balance, is greater than 0. Thus, the certification can be used for on-line verificationWhether the total amount of digital currency currently converted by the commercial bank is within the amount specified by the central bank and whether the balance of the digital currency-accepting party is sufficient to complete the transfer transaction.
(3) Supervision can be carried out: the invention provides a Bit traceable Bulletprofof zero knowledge range certification cipher algorithm (BTBURP), which can not only prove that the transaction amount v concealed by using Pedersen promises in a transaction by a user is in a certain specific range, but also can know the specific value of the transaction amount, so that when the user needs to check the transaction behavior of a system participant, the traceable secret key of the transaction content and the supervision trapdoor mastered by a supervisor can be used for checking the historical transaction amount of a certain column in a table format distributed account book, thereby checking the transaction behavior of the corresponding column of the user.
(4) A malicious node cannot create or destroy an asset of a certain user by means of vacancy: when the verifier verifies the transaction, the invention can verify all Comms of one transactionα,βA cumulative calculation is performed to prove that the sum of all committed transaction amounts concealed by row alpha is 0. In addition, the invention introduces a range proof Range proofα,βProve Commα,β(vα,β,rα,β) Hidden transaction amount vα,βWithin a certain range, this means that a piece of assets is not created or destroyed by the system.
Drawings
FIG. 1 is a table format distributed ledger detail view of the present invention;
FIG. 2 is a transaction type and transaction example ledger diagram of the present invention;
FIG. 3 is a data diagram of generation time, verification time, and trace time for a traceable Bulletprof zero knowledge range proof of knowledge cryptographic algorithm used in the present invention;
FIG. 4 is a diagram of time data generated for each content included in a row in a transaction according to the present invention;
FIG. 5 is a diagram showing the relationship between the transaction creation time and the number of columns included in a transaction according to the present invention;
FIG. 6 is a graph of verification time data for each content included in a row in a transaction according to the present invention;
FIG. 7 is a diagram showing the relationship between the transaction verification time and the number of columns included in a transaction according to the present invention.
Detailed Description
In order to make the technical solution of the present invention better understood, the technical solution of the present invention is further described below with reference to specific examples.
A security protection method of digital currency transaction data, currency issue transaction and circulation transaction are all recorded in a form distributed account book, the content of the account book is designed as a form distributed account book, each column of the account book represents a system participant, and each row represents a transaction information; the system participants include: central bank, commercial bank, general user.
In the system, a double-layer operation system of a central bank to a commercial bank and the commercial bank to the public is formed. The central bank and the commercial bank respectively and independently maintain a distributed account book, and the account book ensures the consistency of storage by means of the consensus of the banks. The specific functions of the three system participants are described below:
(1) in the central row: there are two main functions in the central row: firstly, the system plays a role in issuing currencies and issues currencies of different limits to different commercial banks according to economic trends; and the second is to use the monitoring means as a monitor to monitor the transaction behaviors of the commercial bank and the common users.
(2) Commercial banks have two main functions: firstly, exchanging the same amount of digital currency for the user according to the assets owned by the user, namely initiating a currency exchange transaction; and secondly, when a transaction is initiated in the system, the validity of the transaction is verified, and the system is responsible for consistency consensus of the account book.
(3) The ordinary user has two main functions: firstly, the commercial bank is exchanged with cash or assets in the existing bank account for the same amount of digital currency, and the transaction is initiated by the commercial bank; secondly, the ordinary users initiate transfer transactions and submit the transactions to the network.
Fig. 1 shows the details of the ledger of the present invention. Unlike the account book structure of the bitcoin and Ether house, the invention uses a unique table format distributed typeThe account book, the table format account book structure can hide the identity of a transaction participant, hide the transaction amount and ensure that the transaction cannot be tracked. The central bank serves as a supervisor, and can track the transaction amount according to the tracking key when needing supervision. In the account, each row of the account represents one transaction, and the figure has 3 transactions (TxID is 0 to 2); each column of the ledger represents an attribute or a system participant, with the first two columns representing transaction ID (TxID) and transaction timestamp (Time), and each column starting with the third (i.e., P in the table)0To Pw+m) Represents a system participant, wherein C0Represents the central row, B1To BwRepresenting w commercial banks, U1To UmRepresenting m ordinary users, m being much larger than w. When a transaction is initiated, the Pedersen commitments for the transaction amount are recorded under the column corresponding to the transaction participants, and a series of proofs are generated corresponding to each Pedersen commitment.
For each transaction α, the transaction content in the column corresponding to the system participant β contains the following information, as shown in fig. 1:
1. pedersen acceptance Comm for transaction amountα,β(vα,β,rα,β)
The invention uses the Pedersen promise to hide the transaction amount, and the Pedersen promise algorithm is realized based on an elliptic curve cycle group G, and the main form is cm: comm (v, r) ═ hvgrWhere v is the secret value promised to be concealed, i.e. the transaction amount;is an undisclosed random number; g, h are the random generator of G. The commitment has the following characteristics: (1) perfect concealment: since r is a random number, cm1:=Comm(v,r1) And cm2:=Comm(v,r2) Computationally indistinguishable, so the commitment value perfectly hides the secret value v; (2) calculating binding property: after the commitment is made, the commitment cannot change the secret value v of the commitment, namely, the commitment cannot generate the same commitment value by using a new secret value v', and the non-repudiation is achieved. Computing bindingsThe difficulty assumption that the sex is based on discrete logarithms, i.e. that v ', r' are assumed to exist such that hvgr=hv′gr′Then there is h(v-v′)=g(r′-r)This is not possible under the difficult assumption of discrete logarithms; (3) in addition to meeting the basic characteristics of the two commitments, the Pedersen commitment also has additive homomorphism, namely: comm (v)1,r1)·With the additive homomorphism of the Pedersen commitment, the verifier can calculate the linear combination of transaction amounts hidden by Pedersen commitments in different rows and columns in the distributed ledger.
Further, rather than directly selecting the Pedersen commitment with the amount of 0 from the column record of all the non-trading participants, the invention randomly selects k from all the non-trading participants by using the impounding reservoir algorithmTxIDThe column record of the individual non-trading participant is the Pedersen commitment to 0, the specific size of the retention reservoir kTxIDIs determined by the user (k)TxIDThe larger the value, the more private the user information is, but the slower the transaction speed). The impounding reservoir algorithm is mainly used for big data sampling and aims to randomly select non-repeating k from (w + m-2) system participants according to equal probabilityTxIDEach system participant records the commitment of the amount of 0, and the idea of the algorithm is as follows: (1) constructing a size of kTxIDThe water reservoir; (2) will be 0 th to k thTxIDSequentially putting the data (transaction participants) into a reservoir; (3) when the j-th data is calculated, and j > kTxIDWhen it is in the range [0, j]Selecting a random number d; (4) if d falls on [0, kTxID-1]And (4) within the range, replacing the d data in the water reservoir with the j data, and otherwise, repeating the step (3).
Here, Commα,β(vα,β,rα,β) Is for the transaction amount vα,βPedersen commitment of rα,βIs a random value. When a transaction is initiated, the transaction amount v involved for the system participantα,βEncrypting using the Pedersen commitment and writing the commitment value into the ledgerThe trading participant β corresponds to the lower side of the column. For example, when a central row issues a 500-line amount of money to the commercial bank 1, the corresponding column at the central row records the commitment value made to "-500", the corresponding column at the commercial bank 1 records the commitment value made to "500", and then optionally kTxIDThe column in which each non-trading participant resides records the commitment value to "0". Thus, in one transaction, the column containing the transaction amount and the column with the transaction amount of 0 cannot be distinguished, so that other people cannot analyze the participant identity of the transaction and the transaction amount through the account.
2. Balance acceptance Balancecomα,β(v′α,β,r′α,β)
The invention records the Pedersen promise Comm under the trade content of the corresponding column of each system participantα,β(vα,β,rα,β) And recording a balance commitment Balancecom under the transaction content of the corresponding column of each system participantα,β(v′α,β,r′α,β)。
When Commα,β(vα,β,rα,β) Middle vα,βAcceptance Balancecom of balance at > 0 (i.e. receive transaction amount)α,β(v′α,β,r′α,β) Is to use a new random value pair vα,βMaking another Pedersen commitment to obtain Balancecomα,β(v′α,β,r′α,β) At this time v'α,β=vα,β。
When Commα,β(vα,β,rα,β) Middle vα,βThe commitment of balance Balancecom α, β (v) 'at < 0 (i.e., the amount of the transaction to be transferred)'α,β,r′α,β) Is to calculate the Pedersen commitment sum of all current transactions in column beta, i.e.At this timel is current transactionTxID。
By using Balancecomα,β(v′α,β,r′α,β) Only once range proof of Range proofα,βCan both judge Commα,β(vα,β,rα,β) V in (1)α,β∈[c,d]The total of the commitments in column beta, i.e., the account balance, may be determined to be greater than 0.
3. Range proofα,β
Range proofα,βIs to use the Bulletprof range-proving cryptographic algorithm to prove BalanceFommα,β(v′α,β,r′α,β) V of'α,βIs of value [ c, d]. By checking this range proof, it is possible to check online:
(1) when Commα,β(vα,β,rα,β) Middle vα,βWhen greater than 0, Commα,β(vα,β,rα,β) Hidden transaction amount vα,βIn [ c, d]Within range, a participant in a transaction cannot create or destroy an asset by default;
(2) when Commα,β(vα,β,rα,β) Middle vα,βLess than 0, Balancecomα,β(v′α,β,r′α,β) Hidden transaction amount v'α,βIn [ c, d]Within, because v'α,βThe sum of all historical transaction amounts of the participants of the beta column system is calculated, so that the proof can be used for on-line checking whether the total amount of digital currency currently exchanged by the commercial bank is within the total amount range specified by the central row and whether the balance of the digital currency roll-out party is enough to complete the transfer transaction.
4. Tracking key TKα,β&TK′α,βAnd tracking the legality proof of the key pi (TK)α,β&TK′α,β)
Under the condition that the identity of the transaction participant and the transaction amount are hidden, illegal criminal phenomena can occur, so that the central bank is taken as a supervisor and needs to wash money or threaten to occurThe identity of the transaction participant and the transaction amount are checked during illegal criminal activities such as financing. Because the identity of the transaction participants corresponds to each column in the tabular ledger, the transaction amount of a certain column of users only needs to be checked at the time of needing supervision of the central row, and therefore, the tracking key TK is introduced based on range certificationα,β&TK′α,βAnd its corresponding proof of validity pi (TK)α,β&TK′α,β) Through the tracking key and the supervision trap door, the supervisor can check the range certification RangeProof corresponding columns of the transaction participantsα,βThe specific amount of money.
Specifically, the present invention uses a Bit traceable Bulletprof zero knowledge Range proof of cryptography algorithm (hereinafter BTBuPR) that is correct, cryptic, and binding. Because the commitment value is on an elliptic curve cycle group and depends on the order number N of the base point of the elliptic curve group, the same random value r is selected, the commitment value of the transaction amount v is equal to the commitment value of v + N, namely Comm (v, r) ═ Comm (v + N, r), which means that a system participant can create an asset by virtue of the vacancy in the digital currency application. Therefore, in a transaction, the BTBurP algorithm can prove that the transaction amount concealed by the user using Pedersen in the transaction is within a certain specific range, and the BTBurP used by the supervisor at the central row only needs to generate the supervision trapdoor in advance, so that the specific amount concealed by the range proof can be calculated according to the tracking key under the condition of not interacting with the related system participants, and the transaction behaviors of the system participants are tracked. The BTBuRP algorithm is divided into four steps, and the implementation of the four steps is described below:
the method comprises the following steps:
algorithm to generate parameters, executed at system initialization, input security parameters λ and supervisor trap-gate y generated by supervisor (central row)0,y1,...yn-1Outputting public parametersThe specific description is as follows:
(1) the system randomly selects the generator g, h, g0,…,gn-1∈G;
step two:
the algorithm for generating the proof is executed by the transaction initiator when creating the transaction, the transaction amount v and the amount range to be proved by the algorithm are input, and the range proof and the tracking key proof are output. For transaction α, the transaction initiator performs the following steps to calculate proof of each member β as follows:
(1) for a transaction amount v ∈ [0, 2 ]32-1]The transaction initiator selects a random numberCalculating a commitment V of the transaction amount V: h isvgγ∈G;
(2) The transaction initiator divides the transaction amount v into bits:vL=(v0,...,vn-1),vR=vL-1n=(v0-1,...,vn-1-1);vLrepresenting a binary vector representation of an amount v, vRVector is composed of vLThe vector is induced and generated according to the rule defined by the formula;
(3) random number is randomly selected by transaction initiatorCommitment to each bit of the transaction amount v yields a:
(4) random number selection by transaction initiatorFor blind vectorMaking a commitment to obtain S:
(5) the transaction verifier sends the random number x, y, z of the challenge to the transaction initiator, and the transaction initiator makes inner product proof to generate proof mu, l, r,wherein:
Wherein δ (y, z) ═ z-z2)·<1n,yn>-z3<1n,2n>;
(6) random number tau is selected by the transaction initiator1,τ2∈Generating a proof T1,T2,τxTo a verifier, wherein:
(7) the transaction initiator will send the commitments V, a, S and the certificates μ, l, r,T1,T2,τxand sending to the transaction verifier.
(8) Transaction initiator adds tracking key TK to each bit of moneyi,TK′iAnd a validity proof is given to all tracking keys:
(9) transaction initiator at transaction alphaIs each member of (e ∈ CSet)TxIDRange proof of write marginα,β(V,A,S,μ,l,r,T1,T2,τx) TK for tracking keyα,βAnd TK'α,βAnd tracking key attestation pi (TK)α,β&TK′α,β) To build a transaction. Here TKα,β、TK′α,βRefers to a tracking key for all bits of the alpha row and beta column transaction amount, i.e.
Step three:
an algorithm for verifying a proof, performed by a transaction verifier (transaction consensus bank), verifies a Range proof generated by a transaction initiator when creating a transactionα,βAnd tracking key proof pi (TK)α,β&TK′α,β) Whether it is correct. The public parameters G, q, G, h,and scope certification and tracking key certification, output 1 representing certification verification passed and output 0 representing certification verification failed. For each member β of the transaction α listed below, the transaction verifier performs the following steps:
(2) The verifier calculates δ (y, z) to (z-z)2)·<1n,yn>-z3<1n,2n>;
(3) Verifier calculates A pii∈[0,n-1]hi;
(4) Verifier calculates pii∈[0,n-1](TKi·TK′i);
(5) The verifier verifies whether the following equation is true, if true, the verification is passed, otherwise the verification is not passed:
(6) the verifier checks the validity of pi and judges the equation A pii∈[0,n-1]hi=Πi∈[0,n-1](TKi·TK′i) If the equation is true, the verification is passed, otherwise the verification is not passed, and the proof of the equation is as follows:
(7) after the verifier verifies the transaction, the Range proof is provedα,βTK for tracking keyα,β&TK′α,βAnd tracking key attestation pi (TK)α,β&TK′α,β) And recording the data into the distributed account book.
Step four:
Trace(y0,y1,…yn-1,TKi,TK′i) → (v): an algorithm for tracking transaction amount is executed by transaction supervisor while supervising transaction, and the supervision trap door y only mastered by supervisor is input0,y1,...yn-1And tracking key TKi,TK′iAnd outputting a transaction amount v with hidden commitment, wherein for the following column of each member beta of the transaction alpha, the transaction tracker executes the following steps to track the transaction amount of each member corresponding column of each transaction:
(1) for each i-0, n-1, the supervisor reads the tracking key TK recorded for each beta column of the transaction a in the ledgeri&TK′iUsing supervision trapdoors y known only by themselvesiCalculating the column corresponding to each member beta of each transaction alpha respectively
(2) Tracking key TK used by supervisori、TK′iAnd supervision trapdoor yiFor each bit viA tracking calculation is performed, specifically, for each i ═ 0.., n-1:
For the (2) th step of the fourth step, the following steps can be also optimized: tracking key TK used by supervisori、TK′iAnd supervision trapdoors (y)0,y1,…yn-1) For each bit viPerforming tracking calculation: for each i ═ 0.., n-1, if TK′iWhen 1, then output viOtherwise, output viThe supervisor then calculates the amount of money as 1
Further, in the distribution of legal digital currency based on block chain, we need to guarantee: ordinary users cannot add an amount under their own account at will. Therefore, our verifier will prove the transaction TxID in the verificationNamely proving thatThe sum of all committed and concealed transaction amounts in the alpha transactions is 0. Therefore, the transaction initiator chooses to generate a committed Commα,β(vα,β,rα,β) Random number r ofα,βWhen it is needed to satisfyThus, the verifier only needs to verifyAnd (4) finishing.
The symbols referred to above correspond to the descriptions given in the following table:
as shown in fig. 2, which is an example of a distributed ledger designed in the present invention, in the ledger, each column represents a system participant, each row represents a transaction, the ledger contents cannot be deleted and changed, and when a new transaction is verified, a new record is added to the ledger contents. There are three transactions in the account, a central bank currency issuance transaction, a currency exchange transaction and a public transfer transaction, and each transaction in the system includes a Pedersen commitment Comm of the transaction amountα,β(vα,β,rα,β) The transaction proof and tracking key described in fig. 1 is generated for each commitment, and the functions exercised by the three transactions and examples of the three transactions are described below:
money issuance transactions
In accordance with the present scenario, currency issuance generally involves two situations, namely the central bank issuing digital currency to commercial banks and the central bank issuing digital currency to specific institutions based on specific uses. The first type of currency issue is illustrated and discussed below, and for the second type of currency issue, the transaction is structured in the same manner as set forth below.
The transaction with TxID of 0 shown in figure 2 shows the central bank issuing a total of 500 digital currencies to the commercial bank 1. In the transaction data, it can be seen that a promise of "-500" transaction amount is written in the column corresponding to the central row, a promise of "500" transaction amount is written in the column corresponding to the commercial bank 1, and then k is arbitrarily selected from all non-transaction participants by using a reservoir algorithmTxIDA user and in its corresponding column P2,Pw,Pw+1,Pw+m-1A commitment to a transaction amount of "0" is written. From this transaction data, we cannot know the identity of the initiator and recipient of the transaction, nor the transaction amount.
Currency conversion transactions
The currency conversion transaction is initiated by the commercial bank, converting the cash of the ordinary user or assets in the bank account into digital currency. The transactions of TxID 1 and TxID 2 in fig. 2 are money exchange transactions, where the money exchange transaction of TxID 1 succeeds and the money exchange transaction of TxID 2 fails.
In a transaction with TxID of 1, user U1To commercial bank B1Exchange amount of 300 digital currency, commercial bank B1Writing a commitment of transaction amount of-300' in the corresponding column of the user U1The corresponding column writes a commitment to the transaction amount "300" and optionally kTxIDA further non-trading participant P0,P2,Pw+mThe column writes a commitment to the transaction amount of "0". From this transaction data, we cannot know the identity of the initiator and recipient of the transaction, nor the transaction amount. However, the commercial Bank B can validate the cryptographic algorithm using the Pedersen promised homomorphism and scope certificate1To user U1The total 300 of the roll-out is less than that of the central bank B 1500, commercial Bank B1The transaction amount does not exceed the commercial bank B1The total amount of money held. Thus, the transaction can be verified forHousehold U1To commercial bank B1The conversion of digital currency was successful.
In a transaction with TxID of 2, commercial Bank B1Transfer of funds to three recipients in a transaction, wherein user U is presented with1And UmThe transfer of (2) is currency conversion, and the amount is 100; to commercial bank Bw-1The transfer amount is 200. Commercial Bank B1Writing a commitment of transaction amount-400' in its corresponding column, and writing the commitment in user U1And UmThe corresponding column writes a commitment to the transaction amount of "100" at the commercial bank Bw-1The corresponding column writes a commitment to the transaction amount "200" and optionally kTxIDThe column in which the other non-trading participants are located writes a commitment to the trade amount of "0". From this transaction data, we cannot know the identity of the initiator and recipient of the transaction, nor the transaction amount. However, the merchant bank B can validate in a TxID 2 transaction using the Pedersen promised homomorphism and scope proof cryptographic algorithm1The amount 400 of the roll-out account is greater than the amount of the central bank to commercial bank B1Over the commercial bank B1The total amount of money currently held. Thus commercial Bank B1The transaction verification is not passed, and the distributed account book is not counted
Public account transfer transaction
The public transfer transaction is initiated by the public for daily payment transfer and the like, for example, the transaction with TxID of 3 and TxID of 4 in fig. 2 is the public transfer transaction, and in the two transactions, the transaction with TxID of 3 is successful, and the transaction with TxID of 4 is failed (because the transaction amount exceeds the total amount of money held by the account). The specific transaction flow and verification process are the same as the above digital currency conversion transaction, and are not described herein again.
Fig. 3 shows generation time (pro), verification time (Verify), and tracking time (Trace) of the traceable Bulletproof range algorithm (BTBuRP) based on the secret SM2 used in the present invention. The experiment is operated in the environment of Intel i7-8556U 1.80GHz processor, 8G memory and 64-bit Windows10 operating system, and the scheme is realized by using go language. In the experiment, the amount v is set∈[0,2mn-1]And selecting n as 16, 32, 64 and 128 to test respectively. It can be seen that the larger the value of n (i.e., the larger the range that the BTBuRP algorithm can prove), the larger the generation time of the proof, the verification time, and the tracking time of the supervisor tracking key. When v ∈ [0, 2 ]32-1]In the invention, the maximum transaction amount which can be supported reaches more than 42 hundred million, and the transfer transaction in the legal digital currency issuing and circulating process can be basically met, so the provable range of the selection range certification recommended by the legal digital currency scheme of the invention is [0, 2 ]32-1]. In the Bulletprofof range certification, multiple range certifications may be aggregated into one range certification, and thus, when the Bulletprofof range aggregation certification is used, the average time of the Prove and Verify of the above experiment may be shorter.
FIG. 4 shows the generation time of each content included in a row in a transaction. Each row in a transaction contains a committed Commα,βBalance commitment Balancecomα,βAnd a Bit traceable Bulletprof range attestation, wherein the Bit traceable Bulletprof range attestation comprises: (1) range proofα,β(2) tracking key TKα,β&TKα′,β(3) tracking key proof pi (TK)α,β&TKα′,β). In the experimental test, the test generation commitment, the tracking key and the time (Create) of the tracking key certification are selected to be n ═ 32. It can be seen that the generation time of the range certificate substantially determines the generation time of a single column in a transaction.
FIG. 5 shows the relationship between the transaction creation time and the number of columns included in a transaction. In the experiment, a plurality of BTBURP range proving times are created by single-thread testing and multi-thread testing respectively. As can be seen, the transaction is created in multiple threads faster than in a single thread, and as the number of columns included in a transaction increases, the transaction is created in a slower time.
FIG. 6 shows the verification time for each content included in a row in a transaction. In the experimental test, n is 32 test range certificate and verification time (Verify) of tracking key certificate are selected. It can be seen that the validation time of the range certificate substantially determines the validation time of a single column in a transaction.
FIG. 7 shows the relationship between the transaction verification time and the number of columns included in a transaction. In the experiment, the times proved by a plurality of BTBURP ranges are verified by single thread and multithreading respectively. As can be readily seen, the time for a multi-threaded verification transaction is faster than the time for a single threaded verification transaction, and as the number of columns included in a transaction increases, the verification time for the transaction becomes slower.
The invention has been described in an illustrative manner, and it is to be understood that any simple variations, modifications or other equivalent changes which can be made by one skilled in the art without departing from the spirit of the invention fall within the scope of the invention.
Claims (4)
1. A security protection method for digital currency transaction data is characterized in that:
the digital currency transaction data is recorded in a table format distributed account book, each row of the account book represents a system participant, and each row represents a transaction message;
after initiating a transactionAt first, the transaction initiator randomly selects a reservoir algorithmA non-trading participant forming a member set together with the trading participant(ii) a And then for each memberThe following is recorded in its corresponding column: (1) pedersen commitments to transaction amountsAnd (2) commitments to account balances(3) a range attestation, (4) a tracking key, and (5) a tracking key attestation; wherein the content of the first and second substances,is a member ofOne transaction ofThe amount of the transaction in (1) is,is a random value that is not disclosed, as is the Pedersen commitment to the transaction amountInAcceptance of account balance at > 0Is to use a new random valueTo pairAnother Pedersen commitment is made, the amount parameter is(ii) a Pedersen commitments as transaction amountInBelow 0, commitment of account balanceIs to calculatePedersen commitment sum of all current transactions of column, when amount parameter,TxID of the current transaction, wherein TxID represents transaction ID;
and (3) verifying the validity of the transaction during the transaction: (1) verifying whether the sum of all transaction amounts promised to be hidden in each transaction is 0; (2) verifying whether the range certificate and the tracking key certificate created by the transaction initiator are correct or not;
during transaction supervision, tracking a specific value of a transaction amount concealed by using Pedersen commitment through a tracking key calculated by a Bit traceable Bulletprofof zero knowledge range proof cryptographic algorithm and a supervision trap owned by a supervisor;
the Bit traceable Bulletprof zero knowledge range proof cryptographic algorithm comprises the following steps:
the method comprises the following steps:
generating parameters, performing at system initialization, inputting security parametersAnd supervisor generated supervision trapdoorsOutputting public parametersThe details are as follows:
(3) System disclosure parameterWherein,Is a large number of prime numbers,is a groupThe order of (1);
step two:
generating a certified algorithm, executed by a transaction initiator when creating a transaction, inputting a transaction amount and an amount range to be certified by the algorithm, and outputting a range certification, a tracking key and a tracking key certification; the transaction initiator performs the following steps to calculate the proof under each member correspondence column:
(1) for transaction amountThe transaction initiator selects a random numberCalculating the transaction amountPromise of (1): ;
(2) The transaction initiator will exchange the transaction amountBit-by-bit partitioning:,, ;indicating an amount of moneyIs represented by a binary vector of (a),vector is composed ofThe vector is induced and generated according to the rule defined by the formula;
(3) random number is randomly selected by transaction initiatorFor the amount of the transactionIs committed to:;
(5) Random number for a challenge sent by a transaction verifierMaking inner product proof for transaction initiator and transaction initiator to generate proofWherein:
(8) transaction initiationThe person adds a tracking key to each bit of the amountAndand giving a tracing key certificate for all tracing keys:
(9) transaction initiator in transactionEach member ofCorresponding to the following write Range certificate() Tracking a keyAndand tracing key attestationTo build a transaction;
step three:
the algorithm of the verification certification is executed by the transaction verifier, and whether the range certification and the tracking key certification generated by the transaction initiator during the transaction creation are correct or not is verified; inputting public parametersAnd range certification and tracking key certification, wherein output 1 represents that certification verification is passed, and output 0 represents that certification verification is not passed; for transactionsEach member ofThe following steps are performed by the transaction verifier:
(5) The verifier verifies whether the following equation is true, if true, the verification is passed, otherwise the verification is not passed:
(6) verifier verification tracking key attestationJudging the legitimacy ofIf the equation is true, the verification is passed, otherwise the verification is not passed, and the proof of the equation is as follows:
(7) after the verifier verifies the transaction, the range certificate, the tracking key and the tracking secret key certificate are recorded in the distributed account book;
step four:
the algorithm for tracking the transaction amount is executed by a transaction supervisor during transaction supervision, a supervision trap and a tracking key which are only mastered by the supervisor are input, the transaction amount which is promised to be hidden is output, and for the following columns of each member of each transaction, the transaction tracker executes the following steps to track the transaction amount of each member corresponding to each transaction:
(1) for each oneThe supervisor reads the transaction in the account bookEach of (1)Tracking key for column recordsUsing supervision trapdoors known only by themselvesCalculating each transaction separatelyEach member ofOf corresponding column;
(2) Supervisor use tracking key、And a supervisory trapdoorFor each bitPerforming a tracking calculation, in particular for each:
2. The method for securing digital currency transaction data according to claim 1, wherein: pedersen commitments for transaction amountsIs calculated as member ofIs a transactionThe sender of (1); the transaction amountIs negative, if memberIs a transactionThe recipient of (2), the transaction amountIs a positive value; if memberIs not a transactionThe participant of (2), the transaction amountIs 0.
3. The method for securing digital currency transaction data according to claim 1, wherein: scope certification is a commitment to certify an account balanceAmount of money parameter ofIf the value of (1) is in the set range, the participant in the transaction is proved not to create or destroy an asset by default, and the balance of the digital currency transferring party is enough to complete the transfer transaction.
4. A computer-readable storage medium, characterized in that a computer program is stored which, when executed, implements the method of any one of claims 1 to 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110502915.2A CN112990928B (en) | 2021-05-10 | 2021-05-10 | Safety protection method for digital currency transaction data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110502915.2A CN112990928B (en) | 2021-05-10 | 2021-05-10 | Safety protection method for digital currency transaction data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112990928A CN112990928A (en) | 2021-06-18 |
CN112990928B true CN112990928B (en) | 2021-08-24 |
Family
ID=76337343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110502915.2A Active CN112990928B (en) | 2021-05-10 | 2021-05-10 | Safety protection method for digital currency transaction data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112990928B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115906183B (en) * | 2023-01-06 | 2023-05-26 | 南京理工大学 | Block chain privacy protection system and method capable of audit traceability |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108628889B (en) * | 2017-03-21 | 2021-05-25 | 北京京东尚科信息技术有限公司 | Time slice-based data sampling method, system and device |
CN111783114B (en) * | 2018-08-06 | 2024-04-02 | 创新先进技术有限公司 | Block chain transaction method and device and electronic equipment |
CN109325747B (en) * | 2018-08-30 | 2020-06-09 | 阿里巴巴集团控股有限公司 | Remittance method and device based on block chain |
CN110009318A (en) * | 2019-03-22 | 2019-07-12 | 陕西师范大学 | A kind of digital cash method for tracing based on door sieve coin |
CN112771562A (en) * | 2019-10-31 | 2021-05-07 | 深圳市网心科技有限公司 | Account model-based transaction method, device, system and storage medium |
CN111079190A (en) * | 2019-12-31 | 2020-04-28 | 深圳市网心科技有限公司 | Block chain supply chain transaction hiding dynamic supervision system and method |
CN111160909B (en) * | 2019-12-31 | 2024-01-16 | 深圳市迅雷网络技术有限公司 | Hidden static supervision system and method for blockchain supply chain transaction |
CN111340488B (en) * | 2020-02-21 | 2023-11-14 | 数据通信科学技术研究所 | Method and device for generating manageable secret transaction amount |
CN111401875B (en) * | 2020-05-29 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | Block chain transfer method and device based on account model |
CN111815322B (en) * | 2020-06-08 | 2023-11-07 | 北京邮电大学 | Distributed payment method with selectable privacy service based on Ethernet |
-
2021
- 2021-05-10 CN CN202110502915.2A patent/CN112990928B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN112990928A (en) | 2021-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111008836B (en) | Privacy security transfer payment method, device, system and storage medium | |
KR102170346B1 (en) | Systems and methods for information protection | |
CA3040611C (en) | System and method for information protection | |
KR102150814B1 (en) | Systems and methods for information protection | |
US11257077B2 (en) | Blockchain system for confidential and anonymous smart contracts | |
US11282325B2 (en) | System and method for information protection | |
TW200820108A (en) | Method for automatically validating a transaction, electronic payment system and computer program | |
CN112990928B (en) | Safety protection method for digital currency transaction data | |
Islam | A privacy-preserving transparent central bank digital currency system based on consortium blockchain and unspent transaction outputs | |
Blanton | Improved conditional e-payments | |
CN111523892B (en) | Block chain cross-chain transaction method and device | |
Dogan et al. | KAIME: Central bank digital currency with realistic and modular privacy | |
Tomov | Challenges of blockchain technologies in the future | |
AU2019101590A4 (en) | System and method for information protection | |
Xue | Privacy-Preserving and Regulation-Enabled Mechanisms for Blockchain-based Financial Services | |
Sun | Feasibility Study of Future Digital Currency Based on Blockchain Technology | |
Sahu et al. | SeDe: Balancing Blockchain Privacy and Regulatory Compliance by Selective De-Anonymization | |
Rahman | Sancus: Cryptographic Audits for Virtual Currency Institutions | |
Chawdhuri et al. | Acceptable Privacy for XAND Blockchain | |
Cribäck | Micro payments: Viable technical platforms and models for a bankto provide payments on micro amounts | |
Rivera et al. | Distributed Consensus Technologies in Cryptocurrency Applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
OL01 | Intention to license declared | ||
OL01 | Intention to license declared |