CN113645036A - Ether shop transaction privacy protection method based on ring signature and intelligent contract - Google Patents

Ether shop transaction privacy protection method based on ring signature and intelligent contract Download PDF

Info

Publication number
CN113645036A
CN113645036A CN202110656722.2A CN202110656722A CN113645036A CN 113645036 A CN113645036 A CN 113645036A CN 202110656722 A CN202110656722 A CN 202110656722A CN 113645036 A CN113645036 A CN 113645036A
Authority
CN
China
Prior art keywords
address
account
contract
transaction
ring signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110656722.2A
Other languages
Chinese (zh)
Inventor
黄杰
王威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN202110656722.2A priority Critical patent/CN113645036A/en
Publication of CN113645036A publication Critical patent/CN113645036A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an Ethernet workshop transaction privacy protection method based on a ring signature and an intelligent contract, which is used for hiding an original account address of a user and realizing Ethernet workshop transaction privacy protection and comprises the following steps: (1) a production account address; (2) deploying an intelligent contract; (3) calculating a ring signature; (4) transferring the account to the contract; (5) sending a public key and a ring signature to the contract; (6) verifying the public key; (7) verifying the ring signature; (8) the invention can finish the purpose of transferring accounts to the target account address under the condition of hiding the original account address of the user and simultaneously ensure the traceability of the transaction.

Description

Ether shop transaction privacy protection method based on ring signature and intelligent contract
Technical Field
The invention relates to the technical field of cryptography and information security, in particular to an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract.
Background
With the advent of blockchain systems such as etherhouses, how to protect the transaction privacy of users in an open blockchain system has become an important research topic. The public account book maintained by the blockchain records all transaction data, including an initiating account and a receiving account of the transaction. Although these account addresses do not have any relationship to the user's information in the real world, an attacker can correlate to the user's IP or other identifiable identity information in the real world by analyzing the transaction and account data in the blockchain.
For example, if a user pays in ethernet coins while online, the merchant may in fact associate the user's online ethernet account address with the user's offline identity. Once the attacker has locked out a particular account address from which a transfer was received by analyzing the transaction data in the Etherhouse, the account address of the merchant is the account address of the attacker. An attacker can acquire the associated information of the Ethernet house account address and the real world identity of the user by invading a data system of a merchant, and the security of the digital currency assets of the user is seriously threatened.
In the field of research on privacy protection of blockchain transactions, the ring signature technology is a hotspot for research and attention. The ring signature algorithm is a novel digital signature algorithm proposed in 2001 by Rivest et al, and in the generation process of the signature, the signatures need to be connected end to end according to a certain rule to form a ring structure, so the algorithm is called a ring signature. Unlike group signatures, there is no management system in ring signatures, so the anonymity of individual signatures cannot be revoked. In addition, the generation of the ring signature does not need a group establishment process required in the group signature, so that the generation efficiency of the signature is greatly increased.
Ring signatures can be performed by any member of a set of signer collections having public-private key pairs without the involvement of other members. The actual signer can use its own private key and the public keys of all the members in the set of signers to generate the ring signature, and any verifier can verify whether the ring signature is signed by the members in the set of signers through the public keys in the set of signers. If the signature is verified, the verifier can only know that the signer belongs to the set of signers, but cannot determine which member of the set the signer is. Therefore, the ring signature can well protect the privacy of the user and realize the anonymity.
An intelligent contract is code running in an Ethernet Virtual Machine (EVM), and may be understood as a collection of functional modules that exist at a particular account address. Based on the currently mainstream solidity programming language, users can develop intelligent contracts that implement customized operations. After the smart contract is deployed to the ethernet host network, a specific contract account address is generated. When a user in the etherhouse needs to invoke a function in a contract, it can communicate with the contract account address using a means of sending transaction information. The function to be called and the corresponding function parameter to be transferred are indicated in the message field, and the successful execution of the function represents that the transaction is successful. This transaction differs from a traditional ethernet transfer transaction and does not involve the transfer of balance between wallets, but still costs gas, and each transaction also generates a hash value and is stored in a block as in a normal transaction.
As the current popular blockchain system, the transaction data in the Ethernet house is public, so any transaction initiated by the user in the Ethernet house is public and transparent. The invention tries to protect the ether house transaction privacy of the user through the ring signature technology and the intelligent contract technology, finishes the purpose of transferring accounts to the target account address under the condition of hiding the original account address of the user and simultaneously ensures the traceability of the transaction.
Disclosure of Invention
Based on the background and the existing problems, the invention aims to provide an Etherhouse transaction privacy protection method based on a ring signature and an intelligent contract, which can fulfill the aim of transferring to a target account address under the condition of hiding the original account address of a user and simultaneously ensure the traceability of transactions.
In order to solve the technical problem, the invention provides an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract, which comprises the following steps:
(1) generating an account address: the user needs to generate n additional account addresses by using an elliptic curve encryption algorithm, which is specifically as follows:
addressPool={address0,address1,...,addressn-2,addressn-1}
each account address in the address pool corresponds to an account public key, namely addressiThe corresponding account public key is
Figure RE-GDA0003260797070000022
Each account address in the address pool corresponds to an account private key, and each transaction initiated by the account address needs to be signed by the corresponding account private key, namely, the addressiThe corresponding account private key is
Figure RE-GDA0003260797070000023
The user uses the account address of the userAReplace address in Address pooljWhere j is ∈ [0, n-1 ]]Generating an address group; an account public key set corresponding to the account address in the addressGroup is pubicicekeygroup, which is specifically as follows:
addressGroup={address0,...,addressj-1,addressA,addressj+1,...,addressn-1}
Figure RE-GDA0003260797070000021
(2) deploying intelligent contracts: user uses account addressjDeploying a transaction privacy protection contract into an Ethernet host network and generating a contract account addresscontract. Account addressjIs the owner of the contract, i.e. owner ═ addressj. The owner variable will be stored in the contract for protecting transaction privacy, the function in the contract for protecting transaction privacy needs to judge whether the account address of the caller is the same as the owner variable when calling, and only the address of the contract owner is availablejThe function in the contract can be called.
(3) Calculating a ring signature: public key set publishgroup and address are utilizedACorresponding account private key
Figure RE-GDA0003260797070000031
Generates a ring signature sigma by using the AOS ring signature algorithm, the ring signature sigma is expressed as
Figure RE-GDA0003260797070000032
(e0,s0,s1,......,sn-1) Public key
Figure RE-GDA0003260797070000033
Wherein
Figure RE-GDA0003260797070000034
Is addressACorresponding account private key and
Figure RE-GDA0003260797070000035
prime order q cyclic group
Figure RE-GDA0003260797070000036
Figure RE-GDA0003260797070000037
Is a circulating group
Figure RE-GDA0003260797070000038
A generator of (2); waiting for the signed message M ═ keccak256(pwd), where keccak256 is the hash function and pwd is the one-time password that the user set for computing the ring signature, which is not disclosed throughout the process, only the user knows the contents of password pwd.
(4) Transferring the account to the contract: transaction privacy protection contracts utilize contract addresscontractTo help the user perform the transfer transaction, but the user needs to use the account address in advancejSending an amount of money (in units of wei) to the contract account addresscontractThe transaction privacy protection contract thus will have an amount of ethernet (in wei) for performing transfer transactions on behalf of the user.
(5) Sending the public key and the ring signature to the contract: user uses account addressjCorresponding account private key xjTo sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that the user needs to transfer to the function are an account address set addressGroup, an account public key set publicKeyGroup, a ring signature σ, and a signed numberThe named message keccak256(pwd), the account address of the transaction recipientBThe amount of the Ethernet money transferred for the transaction, the transaction will be broadcast to the account address of the transaction privacy protection contractcontractAnd calls sendRingSignature function, and sendRingSignature function will call 3 functions in the contract in turn, which are respectively verifyPublicKey function for verifying public key, verifyrringsignature function for verifying ring signature, and transferetherther function for executing transaction.
(6) Verifying the public key: first, the verifyPublicKey function obtains the account address of the transaction initiator using the msg. Only if the caller's account address is the same as the winner variable, that is, the caller's address is addressjAnd when the function is successfully called, the ms g.sender global variable in the solid intelligent contract can be used for acquiring the account address of the calling contract, and the variable acquires the real account address of the contract caller.
Then, the verifyPublicKey function will determine whether each account address in the incoming account address set address group corresponds to each public key in the account public key set public Key group, and the pseudo code of the determination method is as follows:
Figure RE-GDA0003260797070000041
(7) verifying the ring signature: the verifyrringsignature function is then called to determine the incoming ring signature σ ═ (e)0,s0,s1,......,sn-1) The integrity of (c).
(8) Performing a transfer transaction: the transferetherfunction may be invoked to transfer to a particular account address. Once the ring signature authentication is successful, the transaction privacy protection contract date uses the contract account address of the transaction privacy protection contract datecontractAddress of the accountBA transfer transaction is initiated and the amount transferred is in amount of ethernet (in units of wei). Transaction privacy protection contract uses its contract addresscontractTo help the user make a transaction, successfully hiding the useThe original account address of the user realizes the purpose of protecting the transaction privacy of the user Ether house. .
Preferably, the specific generation process of the AOS ring signature algorithm in step (3) is as follows:
1) the signer selects a public key set public key group with the length of n as { P }0,P1,......,Pn-2,Pn-1H, wherein Pi has the following values:
Figure RE-GDA0003260797070000042
2) generating random numbers
Figure RE-GDA0003260797070000043
Computing
Figure RE-GDA0003260797070000044
ej+1=keccak256(Q||M);
3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do
Generating random numbers
Figure RE-GDA0003260797070000045
And sequentially calculate
Figure RE-GDA0003260797070000046
4) Is provided with
Figure RE-GDA0003260797070000047
So that
Figure RE-GDA0003260797070000048
Is equal to
Figure RE-GDA0003260797070000049
Figure RE-GDA00032607970700000410
5) Generated AOS Ring signature as σ=(e0,s0,s1,......,sn-1);
Preferably, the method for judging the integrity of the ring signature σ in the step (7) specifically includes the following steps:
1) the signed message M is known from the parameters passed in by the function as keccak256 (pwd).
2) Calculating in sequence according to the values in the AOS ring signature, and finally solving e0. Wherein P isi=publicKeyGroup[i]The calculation process is as follows:
Figure RE-GDA0003260797070000051
3) will find e0And e in AOS Ring signature0And comparing, and if the two are the same, representing that the ring signature sigma is valid. The verifier cannot know which s of the ring signature σ isiThe signature is generated by using the private key of the signer, so that the function of hiding the identity of the signer is realized.
Preferably, the undisclosed password pwd used in generating the ring signature in step (3) can ensure the traceability of the transaction. The password pwd used in calculating the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced later, the user can prove that the user is the generator of the ring signature by disclosing the password pwd to the transaction receiver or a third party institution, thereby proving that the user is the true sender of the transaction.
The invention has the beneficial effects that: the invention provides an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract. Ring signature technology can hide a user's original account address in a set of account addresses that contains multiple account addresses; if the computed ring signature passes the verification of the smart contract, the smart contract transfers to the designated recipient address using its own contract account address. An external observer in the ether house can only judge that the original account address of the account transfer transaction is one of the account addresses in the account address set through the ring signature, but cannot accurately analyze which account address is specific, so that the purpose of hiding the original account address of the user is achieved, and the ether house transaction privacy of the user is effectively protected. In addition, the method can ensure the traceability of the transaction while realizing the Ethernet transaction privacy protection. If the transaction needs to be traced in the future, the user can prove that the user is the generator of the ring signature by publicly calculating the password used in the ring signature process, thereby proving that the user is the true sender of the transaction.
Drawings
FIG. 1 is a process diagram of the practice of the method of the present invention.
Fig. 2 is a schematic diagram of deploying an intelligent contract in the present invention.
Fig. 3 is a schematic diagram of ring signature generation in the present invention.
FIG. 4 is a diagram illustrating invoking an intelligent contract in accordance with the present invention.
Detailed Description
Fig. 1 shows a method for protecting privacy of an ethernet transaction based on a ring signature and an intelligent contract, which includes the following steps:
(1) generating an account address: alice needs to additionally generate n account addresses by using an Elliptic Curve Cryptography (ECC for short), which is specifically shown as follows:
addressPool={address0,address1,...,addressn-2,addressn-1}
each account address in the address pool corresponds to an account public key, namely addressiThe corresponding account public key is
Figure RE-GDA0003260797070000061
Each account address in the address pool corresponds to an account private key, and each transaction initiated by the account address needs to be signed by the corresponding account private key, namely, the addressiThe corresponding account private key is
Figure RE-GDA0003260797070000062
Alice uses his own account addressATo replaceAddress in the Address PooljWhere j is ∈ [0, n-1 ]]Generating an address group; an account public key set corresponding to the account address in the addressGroup is pubicicekeygroup, which is specifically as follows:
addressGroup={address0,...,addressj-1,addressA,addressj+1,...,addressn-1}
Figure RE-GDA0003260797070000063
(2) deploying intelligent contracts: the role of the transaction privacy protection contract is to verify the authenticity of the ring signature provided by the user and then to utilize the contract address to assist the user in performing the transaction to hide the user's original account address. As shown in FIG. 2, Alice uses the account addressjDeploying a transaction privacy protection contract into an Ethernet host network and generating a contract account addresscontract. Account addressjIs the owner of the contract, i.e. owner ═ addressj. The owner variable will be stored in the contract for protecting privacy of trade, the function in the contract needs to judge whether the account address of the caller is the same as the owner variable when calling, only the address of the owner of the contractjThe function in the contract can be called.
(3) Calculating a ring signature: alice uses public key set public Key group and addressACorresponding account private key
Figure RE-GDA0003260797070000064
To generate a ring signature σ. The algorithm of AOS (Abe-Ohkubo-Suzuki, AOS for short) ring signature is adopted, wherein the related parameters are as follows: prime order q cyclic group
Figure RE-GDA0003260797070000065
Figure RE-GDA0003260797070000066
Is a circulating group
Figure RE-GDA0003260797070000067
A generator of (2); public key
Figure RE-GDA0003260797070000068
Wherein
Figure RE-GDA0003260797070000069
Is addressACorresponding account private key and
Figure RE-GDA00032607970700000610
the hash function adopts a keccak256 hash function; waiting for the signed message M — keccak256(pwd), where pwd is the one-time password that Alice sets for computing the ring signature, which is not disclosed throughout, only Alice knows the contents of password pwd.
The generation of AOS ring signature is schematically shown in fig. 3, and includes the following steps:
1) the signer selects a public key set public key group with the length of n as { P }0,P1,......,Pn-2,Pn-1In which P isiThe values of (A) are as follows:
Figure RE-GDA0003260797070000071
2) generating random numbers
Figure RE-GDA0003260797070000072
Computing
Figure RE-GDA0003260797070000073
ej+1=keccak256(Q||M);
3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do
Generating random numbers
Figure RE-GDA0003260797070000074
And sequentially calculate
Figure RE-GDA0003260797070000075
4) Is provided with
Figure RE-GDA0003260797070000076
So that
Figure RE-GDA0003260797070000077
Is equal to
Figure RE-GDA0003260797070000078
Figure RE-GDA0003260797070000079
5) The generated AOS ring signature is σ ═ (e)0,s0,s1,......,sn-1);
(4) Transferring the account to the contract: transaction privacy protection contracts utilize contract addresscontractTo help the user perform the transfer transaction, but the user needs to use the account address in advancejSending an amount of money (in units of wei) to the contract account addresscontractThe transaction privacy protection contract thus will have an amount of ethernet (in wei) for performing transfer transactions on behalf of the user.
(5) Sending the public key and the ring signature to the contract: as shown in FIG. 4, Alice uses the account addressjCorresponding account private key xjTo sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that Alice needs to transfer to the function are an account address set address, an account public key set public key, a ring signature σ, a signed message keccak256(pwd), and an account address of the transaction receiverBThe amount of ethernet money to transfer the transaction, amount.
The transaction is broadcast to the account address of the transaction privacy protection contractcontractAnd calls sendRingSignature function, and sendRingSignature function will call 3 functions in the contract in turn, which are verifyPublicKey function for verifying public key, ver for verifying ring signature respectivelyifyRingSignature function, transferEther function to execute transactions.
(6) Verifying the public key: first, the verifyPublicKey function obtains the account address of the transaction initiator using the msg. Only if the caller's account address is the same as the winner variable, that is, the caller's address is addressjThe function can only be called successfully. (the msg. sender global variable in the solid intelligent contract can be used to get the account address of the calling contract, which gets the real account address of the contract caller).
Then, the verifyPublicKey function will determine whether each account address in the incoming account address set address group corresponds to each public key in the account public key set public Key group, and the pseudo code of the determination method is as follows:
Figure RE-GDA0003260797070000081
(7) verifying the ring signature: the verifyrringsignature function is then called to determine the incoming ring signature σ ═ (e)0,s0,s1,......,sn-1) The integrity of (2) is judged by the following method:
1) the signed message M is known from the parameters passed in by the function as keccak256 (pwd).
2) Calculating in sequence according to the values in the AOS ring signature, and finally solving e0. Wherein P isi=publicKeyGroup[i]The calculation process is as follows:
Figure RE-GDA0003260797070000082
3) will find e0And e in AOS Ring signature0And comparing, and if the two are the same, representing that the ring signature sigma is valid. The verifier cannot know which s of the ring signature σ isiThe signature is generated by using the private key of the signer, so that the function of hiding the identity of the signer is realized.
(8) Performing a transfer transaction: then, the process of the present invention is carried out,the transferetherfunction may be invoked to transfer to a particular account address. Once the ring signature authentication is successful, the transaction privacy protection contract date uses the contract account address of the transaction privacy protection contract datecontractAddress of the accountBA transfer transaction is initiated and the amount transferred is in amount of ethernet (in units of wei). Transaction privacy protection contract uses its contract addresscontractThe method helps the user to carry out transaction, successfully hides the original account address of the user, and achieves the purpose of protecting the privacy of the user Ethernet transaction.
The Etherhouse transaction privacy protection method based on the ring signature and the intelligent contracts can protect the transaction privacy and ensure the openness and traceability of transaction records. All transaction information in the ether house is public, and calling the function on the intelligent contract is also conducted in a transaction mode, which means that parameters transmitted to the function in the process of calling the intelligent contract function are also publicly visible. Any observer in the ether house can conclude by viewing and validating the transaction record: an account address in the address group is addressBEther money (in wei) is transferred in the amount of amount, but the real account address of the transfer is not clear; in addition, the password pwd used by Alice in computing the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced later, Alice can prove that himself is the generator of the ring signature by disclosing the password pwd to the transaction receiver Bob or a third party authority, thereby proving that himself is the true sender of the transaction.
The invention provides an Ethernet workshop transaction privacy protection method based on a ring signature and an intelligent contract, which can effectively protect the Ethernet workshop transaction privacy. Ring signature technology can hide a user's original account address in a set of account addresses that contains multiple account addresses; if the computed ring signature passes the verification of the smart contract, the smart contract transfers to the designated recipient address using its own contract account address. An external observer in the ether house can only judge that the original account address of the account transfer transaction is one of the account addresses in the account address set through the ring signature, but cannot accurately analyze which account address is specific, so that the purpose of hiding the original account address of the user is achieved, and the ether house transaction privacy of the user is effectively protected. In addition, the method can ensure the traceability of the transaction while realizing the Ethernet transaction privacy protection. If the transaction needs to be traced in the future, the user can prove that the user is the generator of the ring signature by publicly calculating the password used in the ring signature process, thereby proving that the user is the true sender of the transaction.
The above-mentioned embodiments, objects, technical solutions and advantages of the present application are further described in detail, it should be understood that the above-mentioned embodiments are only examples of the present application, and are not intended to limit the scope of the present application, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present application should be included in the scope of the present application.

Claims (4)

1. A Ether shop transaction privacy protection method based on ring signature and intelligent contracts is characterized in that: the method comprises the following steps:
(1) generating an account address: the user needs to generate n additional account addresses by using an elliptic curve encryption algorithm, which is specifically as follows:
addressPool={address0,address1,...,addressn-2,addressn-1}
each account address in the address pool corresponds to an account public key, namely addressiThe corresponding account public key is
Figure FDA0003113243620000011
Each account address in the address pool corresponds to an account private key, and each transaction initiated by the account address needs to be signed by the corresponding account private key, namely, the addressiThe corresponding account private key is
Figure FDA0003113243620000012
The user uses the account address of the userAReplace address in Address pooljWhere j is ∈ [0, n-1 ]]Generating an address group; an account public key set corresponding to an account address in the addressGroup is pubiciccoygroup, which is specifically shown as follows:
addressGroup={address0,...,addressj-1,addressA,addressj+1,…,addressn-1}
Figure FDA0003113243620000013
(2) deploying intelligent contracts: user uses account addressjDeploying a transaction privacy protection contract into an Ethernet host network and generating a contract account addresscontract. Account addressjIs the owner of the contract, i.e. owner ═ addressj. The owner variable will be stored in the contract for protecting transaction privacy, the function in the contract for protecting transaction privacy needs to judge whether the account address of the caller is the same as the owner variable when calling, and only the address of the contract owner is availablejThe function in the contract can be called.
(3) Calculating a ring signature: public key set publishgroup and address are utilizedACorresponding account private key
Figure FDA0003113243620000014
A ring signature σ is generated using the AOS ring signature algorithm, and the ring signature σ is expressed as σ ═ (e)0,s0,s1,......,sn-1) Public key
Figure FDA0003113243620000015
Wherein
Figure FDA0003113243620000016
Is addressACorresponding account private key and
Figure FDA0003113243620000017
prime order q cyclic group
Figure FDA0003113243620000018
Figure FDA0003113243620000019
Is a circulating group
Figure FDA00031132436200000110
A generator of (2); (ii) a Waiting for the signed message M ═ keccak256(pwd), where keccak256 is the hash function and pwd is the one-time password that the user set for computing the ring signature, which is not disclosed throughout the process, only the user knows the contents of password pwd.
(4) Transferring the account to the contract: transaction privacy protection contracts utilize contract addresscontractTo help the user perform the transfer transaction, but the user needs to use the account address in advancejSending an amount of money (in units of wei) to the contract account addresscontractThe transaction privacy protection contract thus will have an amount of ethernet (in wei) for performing transfer transactions on behalf of the user.
(5) Sending the public key and the ring signature to the contract: user uses account addressjCorresponding account private key xjTo sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that the user needs to transfer to the function are the account address set address, the account public key set public key, the ring signature σ, the signed message keccak256(pwd), and the account address of the transaction receiverBThe amount of the Ethernet money transferred for the transaction, the transaction will be broadcast to the account address of the transaction privacy protection contractcontractAnd calls sendRingSignature function, and sendRingSignature function calls 3 functions in the contract in sequence, which are respectively verifyPublicKey function for verifying public key, verifRingSignature function for verifying ring signature, and executing transactionThe transferEther function of (c).
(6) Verifying the public key: first, the verifyPublicKey function obtains the account address of the transaction initiator using the msg. Only if the caller's account address is the same as the winner variable, that is, the caller's address is addressjAnd when the function is successfully called, a global variable msg.sender in the solid intelligent contract can be used for acquiring an account address of the calling contract, and the variable acquires a real account address of a contract caller.
Then, the verifyPublicKey function will determine whether each account address in the incoming account address set address group corresponds to each public key in the account public key set public Key group, and the pseudo code of the determination method is as follows:
for i=0;i<n;i=i+1 do
Pi=publicKeyGroup[i],addressi=addressGroup[i];
Base=0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
if(uint(keccak256(Pi))&Base)≠uint(addressi)then
return false;
return true;
(7) verifying the ring signature: the verifyrringsignature function is then called to determine the incoming ring signature σ ═ (e)0,s0,s1,......,sn-1) The integrity of (c).
(8) Performing a transfer transaction: the transferetherfunction may be invoked to transfer to a particular account address. Once the ring signature authentication is successful, the transaction privacy protection contract date uses the contract account address of the transaction privacy protection contract datecontractAddress of the accountBA transfer transaction is initiated and the amount transferred is in amount of ethernet (in units of wei). Transaction privacy protection contract uses its contract addresscontractThe method helps the user to carry out transaction, successfully hides the original account address of the user, and achieves the purpose of protecting the privacy of the user Ethernet transaction.
2. The etherhouse transaction privacy protection method based on ring signatures and smart contracts according to claim 1, wherein: the specific generation process of the AOS ring signature algorithm in step (3) is as follows:
1) the signer selects a public key set public key group with the length of n as { P }0,P1,......,Pn-2,Pn-1In which P isiThe values of (A) are as follows:
Figure FDA0003113243620000031
2) generating random numbers
Figure FDA0003113243620000032
Computing
Figure FDA0003113243620000033
ej+1=keccak256(Q||M);
3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do
Generating random numbers
Figure FDA0003113243620000034
And sequentially calculate
Figure FDA0003113243620000035
4) Is provided with
Figure FDA0003113243620000036
So that
Figure FDA0003113243620000037
Is equal to
Figure FDA0003113243620000038
Figure FDA0003113243620000039
5) The generated AOS ring signature is σ ═ (e)0,s0,s1,......,sn-1)。
3. The etherhouse transaction privacy protection method based on ring signatures and smart contracts according to claim 1, wherein: the method for judging the integrity of the ring signature sigma in the step (7) specifically comprises the following steps:
1) the signed message M is known from the parameters passed in by the function as keccak256 (pwd).
2) Calculating in sequence according to the values in the AOS ring signature, and finally solving e0. Wherein P isi=publicKeyGroup[i]The calculation process is as follows:
Figure FDA00031132436200000310
3) will find e0And e in AOS Ring signature0And comparing, and if the two are the same, representing that the ring signature sigma is valid. The verifier cannot know which s of the ring signature σ isiThe signature is generated by using the private key of the signer, so that the function of hiding the identity of the signer is realized.
4. The etherhouse transaction privacy protection method based on ring signatures and smart contracts according to claim 1, wherein: the undisclosed password pwd used in generating the ring signature in step (3) can ensure the traceability of the transaction. The password pwd used in calculating the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced later, the user can prove that the user is the generator of the ring signature by disclosing the password pwd to the transaction receiver or a third party institution, thereby proving that the user is the true sender of the transaction.
CN202110656722.2A 2021-06-11 2021-06-11 Ether shop transaction privacy protection method based on ring signature and intelligent contract Pending CN113645036A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110656722.2A CN113645036A (en) 2021-06-11 2021-06-11 Ether shop transaction privacy protection method based on ring signature and intelligent contract

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110656722.2A CN113645036A (en) 2021-06-11 2021-06-11 Ether shop transaction privacy protection method based on ring signature and intelligent contract

Publications (1)

Publication Number Publication Date
CN113645036A true CN113645036A (en) 2021-11-12

Family

ID=78416024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110656722.2A Pending CN113645036A (en) 2021-06-11 2021-06-11 Ether shop transaction privacy protection method based on ring signature and intelligent contract

Country Status (1)

Country Link
CN (1) CN113645036A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363013A (en) * 2021-12-15 2022-04-15 武汉大学 Supervision-friendly block chain content privacy protection system, message sending method and query method
CN115276982A (en) * 2022-07-29 2022-11-01 武汉科技大学 Ethernet workshop key management method and system based on SGX

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363013A (en) * 2021-12-15 2022-04-15 武汉大学 Supervision-friendly block chain content privacy protection system, message sending method and query method
CN114363013B (en) * 2021-12-15 2024-04-26 武汉大学 Supervision-friendly blockchain content privacy protection system, message sending and query method
CN115276982A (en) * 2022-07-29 2022-11-01 武汉科技大学 Ethernet workshop key management method and system based on SGX
CN115276982B (en) * 2022-07-29 2024-04-16 武汉科技大学 SGX-based Ethernet key management method and system

Similar Documents

Publication Publication Date Title
CN108418689B (en) Zero-knowledge proof method and medium suitable for block chain privacy protection
CA3044907C (en) Blockchain-based system and method for concealing sender and receiver identities
CN106911470B (en) Bit currency transaction privacy enhancement method
CN111064734B (en) Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device
EP3646563A1 (en) Method, system, and computer program product for determining solvency of a digital asset exchange
CN110009318A (en) A kind of digital cash method for tracing based on door sieve coin
CN113645036A (en) Ether shop transaction privacy protection method based on ring signature and intelligent contract
CN115564434A (en) Block chain supervision privacy protection method based on zero knowledge proof
CN113360943A (en) Block chain private data protection method and device
CN116566626A (en) Ring signature method and apparatus
CN112184245B (en) Transaction identity confirmation method and device for cross-region block chain
CN111311260A (en) Method and device for resetting account private key
WO2019174404A1 (en) Digital group signature method, device and apparatus, and verification method, device and apparatus
CN114389822B (en) Block chain based signature generation method, device, equipment and storage medium
CN111159774A (en) Decentralized intelligent contract escrow wallet method and system
CN102833239B (en) Method for implementing nesting protection of client account information based on network identity
Aravind et al. Combined Digital Signature with SHA Hashing Technique-based Secure System: An Application of Blockchain using IoT
CN115131018A (en) Block chain based private transaction method and related product
Reddy et al. Block Chain for Financial Application using IOT
Qin et al. A distributed authentication scheme based on zero-knowledge proof
CN110992010A (en) Digital currency issuing total amount control method and verification method
CN111539031A (en) Data integrity detection method and system for privacy protection of cloud storage tag
CN111340489A (en) Custodable transaction recipient protection method and apparatus
CN115473635B (en) SM2 two-party adapter signature generation method and device for preventing malicious enemy
CN118555077B (en) Adapter signature generation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211112