CN113645036A - A privacy protection method for Ethereum transactions based on ring signatures and smart contracts - Google Patents

A privacy protection method for Ethereum transactions based on ring signatures and smart contracts Download PDF

Info

Publication number
CN113645036A
CN113645036A CN202110656722.2A CN202110656722A CN113645036A CN 113645036 A CN113645036 A CN 113645036A CN 202110656722 A CN202110656722 A CN 202110656722A CN 113645036 A CN113645036 A CN 113645036A
Authority
CN
China
Prior art keywords
address
contract
account
transaction
ring signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110656722.2A
Other languages
Chinese (zh)
Inventor
黄杰
王威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN202110656722.2A priority Critical patent/CN113645036A/en
Publication of CN113645036A publication Critical patent/CN113645036A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an Ethernet workshop transaction privacy protection method based on a ring signature and an intelligent contract, which is used for hiding an original account address of a user and realizing Ethernet workshop transaction privacy protection and comprises the following steps: (1) a production account address; (2) deploying an intelligent contract; (3) calculating a ring signature; (4) transferring the account to the contract; (5) sending a public key and a ring signature to the contract; (6) verifying the public key; (7) verifying the ring signature; (8) the invention can finish the purpose of transferring accounts to the target account address under the condition of hiding the original account address of the user and simultaneously ensure the traceability of the transaction.

Description

Ether shop transaction privacy protection method based on ring signature and intelligent contract
Technical Field
The invention relates to the technical field of cryptography and information security, in particular to an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract.
Background
With the advent of blockchain systems such as etherhouses, how to protect the transaction privacy of users in an open blockchain system has become an important research topic. The public account book maintained by the blockchain records all transaction data, including an initiating account and a receiving account of the transaction. Although these account addresses do not have any relationship to the user's information in the real world, an attacker can correlate to the user's IP or other identifiable identity information in the real world by analyzing the transaction and account data in the blockchain.
For example, if a user pays in ethernet coins while online, the merchant may in fact associate the user's online ethernet account address with the user's offline identity. Once the attacker has locked out a particular account address from which a transfer was received by analyzing the transaction data in the Etherhouse, the account address of the merchant is the account address of the attacker. An attacker can acquire the associated information of the Ethernet house account address and the real world identity of the user by invading a data system of a merchant, and the security of the digital currency assets of the user is seriously threatened.
In the field of research on privacy protection of blockchain transactions, the ring signature technology is a hotspot for research and attention. The ring signature algorithm is a novel digital signature algorithm proposed in 2001 by Rivest et al, and in the generation process of the signature, the signatures need to be connected end to end according to a certain rule to form a ring structure, so the algorithm is called a ring signature. Unlike group signatures, there is no management system in ring signatures, so the anonymity of individual signatures cannot be revoked. In addition, the generation of the ring signature does not need a group establishment process required in the group signature, so that the generation efficiency of the signature is greatly increased.
Ring signatures can be performed by any member of a set of signer collections having public-private key pairs without the involvement of other members. The actual signer can use its own private key and the public keys of all the members in the set of signers to generate the ring signature, and any verifier can verify whether the ring signature is signed by the members in the set of signers through the public keys in the set of signers. If the signature is verified, the verifier can only know that the signer belongs to the set of signers, but cannot determine which member of the set the signer is. Therefore, the ring signature can well protect the privacy of the user and realize the anonymity.
An intelligent contract is code running in an Ethernet Virtual Machine (EVM), and may be understood as a collection of functional modules that exist at a particular account address. Based on the currently mainstream solidity programming language, users can develop intelligent contracts that implement customized operations. After the smart contract is deployed to the ethernet host network, a specific contract account address is generated. When a user in the etherhouse needs to invoke a function in a contract, it can communicate with the contract account address using a means of sending transaction information. The function to be called and the corresponding function parameter to be transferred are indicated in the message field, and the successful execution of the function represents that the transaction is successful. This transaction differs from a traditional ethernet transfer transaction and does not involve the transfer of balance between wallets, but still costs gas, and each transaction also generates a hash value and is stored in a block as in a normal transaction.
As the current popular blockchain system, the transaction data in the Ethernet house is public, so any transaction initiated by the user in the Ethernet house is public and transparent. The invention tries to protect the ether house transaction privacy of the user through the ring signature technology and the intelligent contract technology, finishes the purpose of transferring accounts to the target account address under the condition of hiding the original account address of the user and simultaneously ensures the traceability of the transaction.
Disclosure of Invention
Based on the background and the existing problems, the invention aims to provide an Etherhouse transaction privacy protection method based on a ring signature and an intelligent contract, which can fulfill the aim of transferring to a target account address under the condition of hiding the original account address of a user and simultaneously ensure the traceability of transactions.
In order to solve the technical problem, the invention provides an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract, which comprises the following steps:
(1) generating an account address: the user needs to generate n additional account addresses by using an elliptic curve encryption algorithm, which is specifically as follows:
addressPool={address0,address1,...,addressn-2,addressn-1}
each account address in the address pool corresponds to an account public key, namely addressiThe corresponding account public key is
Figure RE-GDA0003260797070000022
Each account address in the address pool corresponds to an account private key, and each transaction initiated by the account address needs to be signed by the corresponding account private key, namely, the addressiThe corresponding account private key is
Figure RE-GDA0003260797070000023
The user uses the account address of the userAReplace address in Address pooljWhere j is ∈ [0, n-1 ]]Generating an address group; an account public key set corresponding to the account address in the addressGroup is pubicicekeygroup, which is specifically as follows:
addressGroup={address0,...,addressj-1,addressA,addressj+1,...,addressn-1}
Figure RE-GDA0003260797070000021
(2) deploying intelligent contracts: user uses account addressjDeploying a transaction privacy protection contract into an Ethernet host network and generating a contract account addresscontract. Account addressjIs the owner of the contract, i.e. owner ═ addressj. The owner variable will be stored in the contract for protecting transaction privacy, the function in the contract for protecting transaction privacy needs to judge whether the account address of the caller is the same as the owner variable when calling, and only the address of the contract owner is availablejThe function in the contract can be called.
(3) Calculating a ring signature: public key set publishgroup and address are utilizedACorresponding account private key
Figure RE-GDA0003260797070000031
Generates a ring signature sigma by using the AOS ring signature algorithm, the ring signature sigma is expressed as
Figure RE-GDA0003260797070000032
(e0,s0,s1,......,sn-1) Public key
Figure RE-GDA0003260797070000033
Wherein
Figure RE-GDA0003260797070000034
Is addressACorresponding account private key and
Figure RE-GDA0003260797070000035
prime order q cyclic group
Figure RE-GDA0003260797070000036
Figure RE-GDA0003260797070000037
Is a circulating group
Figure RE-GDA0003260797070000038
A generator of (2); waiting for the signed message M ═ keccak256(pwd), where keccak256 is the hash function and pwd is the one-time password that the user set for computing the ring signature, which is not disclosed throughout the process, only the user knows the contents of password pwd.
(4) Transferring the account to the contract: transaction privacy protection contracts utilize contract addresscontractTo help the user perform the transfer transaction, but the user needs to use the account address in advancejSending an amount of money (in units of wei) to the contract account addresscontractThe transaction privacy protection contract thus will have an amount of ethernet (in wei) for performing transfer transactions on behalf of the user.
(5) Sending the public key and the ring signature to the contract: user uses account addressjCorresponding account private key xjTo sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that the user needs to transfer to the function are an account address set addressGroup, an account public key set publicKeyGroup, a ring signature σ, and a signed numberThe named message keccak256(pwd), the account address of the transaction recipientBThe amount of the Ethernet money transferred for the transaction, the transaction will be broadcast to the account address of the transaction privacy protection contractcontractAnd calls sendRingSignature function, and sendRingSignature function will call 3 functions in the contract in turn, which are respectively verifyPublicKey function for verifying public key, verifyrringsignature function for verifying ring signature, and transferetherther function for executing transaction.
(6) Verifying the public key: first, the verifyPublicKey function obtains the account address of the transaction initiator using the msg. Only if the caller's account address is the same as the winner variable, that is, the caller's address is addressjAnd when the function is successfully called, the ms g.sender global variable in the solid intelligent contract can be used for acquiring the account address of the calling contract, and the variable acquires the real account address of the contract caller.
Then, the verifyPublicKey function will determine whether each account address in the incoming account address set address group corresponds to each public key in the account public key set public Key group, and the pseudo code of the determination method is as follows:
Figure RE-GDA0003260797070000041
(7) verifying the ring signature: the verifyrringsignature function is then called to determine the incoming ring signature σ ═ (e)0,s0,s1,......,sn-1) The integrity of (c).
(8) Performing a transfer transaction: the transferetherfunction may be invoked to transfer to a particular account address. Once the ring signature authentication is successful, the transaction privacy protection contract date uses the contract account address of the transaction privacy protection contract datecontractAddress of the accountBA transfer transaction is initiated and the amount transferred is in amount of ethernet (in units of wei). Transaction privacy protection contract uses its contract addresscontractTo help the user make a transaction, successfully hiding the useThe original account address of the user realizes the purpose of protecting the transaction privacy of the user Ether house. .
Preferably, the specific generation process of the AOS ring signature algorithm in step (3) is as follows:
1) the signer selects a public key set public key group with the length of n as { P }0,P1,......,Pn-2,Pn-1H, wherein Pi has the following values:
Figure RE-GDA0003260797070000042
2) generating random numbers
Figure RE-GDA0003260797070000043
Computing
Figure RE-GDA0003260797070000044
ej+1=keccak256(Q||M);
3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do
Generating random numbers
Figure RE-GDA0003260797070000045
And sequentially calculate
Figure RE-GDA0003260797070000046
4) Is provided with
Figure RE-GDA0003260797070000047
So that
Figure RE-GDA0003260797070000048
Is equal to
Figure RE-GDA0003260797070000049
Figure RE-GDA00032607970700000410
5) Generated AOS Ring signature as σ=(e0,s0,s1,......,sn-1);
Preferably, the method for judging the integrity of the ring signature σ in the step (7) specifically includes the following steps:
1) the signed message M is known from the parameters passed in by the function as keccak256 (pwd).
2) Calculating in sequence according to the values in the AOS ring signature, and finally solving e0. Wherein P isi=publicKeyGroup[i]The calculation process is as follows:
Figure RE-GDA0003260797070000051
3) will find e0And e in AOS Ring signature0And comparing, and if the two are the same, representing that the ring signature sigma is valid. The verifier cannot know which s of the ring signature σ isiThe signature is generated by using the private key of the signer, so that the function of hiding the identity of the signer is realized.
Preferably, the undisclosed password pwd used in generating the ring signature in step (3) can ensure the traceability of the transaction. The password pwd used in calculating the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced later, the user can prove that the user is the generator of the ring signature by disclosing the password pwd to the transaction receiver or a third party institution, thereby proving that the user is the true sender of the transaction.
The invention has the beneficial effects that: the invention provides an Ethernet shop transaction privacy protection method based on a ring signature and an intelligent contract. Ring signature technology can hide a user's original account address in a set of account addresses that contains multiple account addresses; if the computed ring signature passes the verification of the smart contract, the smart contract transfers to the designated recipient address using its own contract account address. An external observer in the ether house can only judge that the original account address of the account transfer transaction is one of the account addresses in the account address set through the ring signature, but cannot accurately analyze which account address is specific, so that the purpose of hiding the original account address of the user is achieved, and the ether house transaction privacy of the user is effectively protected. In addition, the method can ensure the traceability of the transaction while realizing the Ethernet transaction privacy protection. If the transaction needs to be traced in the future, the user can prove that the user is the generator of the ring signature by publicly calculating the password used in the ring signature process, thereby proving that the user is the true sender of the transaction.
Drawings
FIG. 1 is a process diagram of the practice of the method of the present invention.
Fig. 2 is a schematic diagram of deploying an intelligent contract in the present invention.
Fig. 3 is a schematic diagram of ring signature generation in the present invention.
FIG. 4 is a diagram illustrating invoking an intelligent contract in accordance with the present invention.
Detailed Description
Fig. 1 shows a method for protecting privacy of an ethernet transaction based on a ring signature and an intelligent contract, which includes the following steps:
(1) generating an account address: alice needs to additionally generate n account addresses by using an Elliptic Curve Cryptography (ECC for short), which is specifically shown as follows:
addressPool={address0,address1,...,addressn-2,addressn-1}
each account address in the address pool corresponds to an account public key, namely addressiThe corresponding account public key is
Figure RE-GDA0003260797070000061
Each account address in the address pool corresponds to an account private key, and each transaction initiated by the account address needs to be signed by the corresponding account private key, namely, the addressiThe corresponding account private key is
Figure RE-GDA0003260797070000062
Alice uses his own account addressATo replaceAddress in the Address PooljWhere j is ∈ [0, n-1 ]]Generating an address group; an account public key set corresponding to the account address in the addressGroup is pubicicekeygroup, which is specifically as follows:
addressGroup={address0,...,addressj-1,addressA,addressj+1,...,addressn-1}
Figure RE-GDA0003260797070000063
(2) deploying intelligent contracts: the role of the transaction privacy protection contract is to verify the authenticity of the ring signature provided by the user and then to utilize the contract address to assist the user in performing the transaction to hide the user's original account address. As shown in FIG. 2, Alice uses the account addressjDeploying a transaction privacy protection contract into an Ethernet host network and generating a contract account addresscontract. Account addressjIs the owner of the contract, i.e. owner ═ addressj. The owner variable will be stored in the contract for protecting privacy of trade, the function in the contract needs to judge whether the account address of the caller is the same as the owner variable when calling, only the address of the owner of the contractjThe function in the contract can be called.
(3) Calculating a ring signature: alice uses public key set public Key group and addressACorresponding account private key
Figure RE-GDA0003260797070000064
To generate a ring signature σ. The algorithm of AOS (Abe-Ohkubo-Suzuki, AOS for short) ring signature is adopted, wherein the related parameters are as follows: prime order q cyclic group
Figure RE-GDA0003260797070000065
Figure RE-GDA0003260797070000066
Is a circulating group
Figure RE-GDA0003260797070000067
A generator of (2); public key
Figure RE-GDA0003260797070000068
Wherein
Figure RE-GDA0003260797070000069
Is addressACorresponding account private key and
Figure RE-GDA00032607970700000610
the hash function adopts a keccak256 hash function; waiting for the signed message M — keccak256(pwd), where pwd is the one-time password that Alice sets for computing the ring signature, which is not disclosed throughout, only Alice knows the contents of password pwd.
The generation of AOS ring signature is schematically shown in fig. 3, and includes the following steps:
1) the signer selects a public key set public key group with the length of n as { P }0,P1,......,Pn-2,Pn-1In which P isiThe values of (A) are as follows:
Figure RE-GDA0003260797070000071
2) generating random numbers
Figure RE-GDA0003260797070000072
Computing
Figure RE-GDA0003260797070000073
ej+1=keccak256(Q||M);
3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do
Generating random numbers
Figure RE-GDA0003260797070000074
And sequentially calculate
Figure RE-GDA0003260797070000075
4) Is provided with
Figure RE-GDA0003260797070000076
So that
Figure RE-GDA0003260797070000077
Is equal to
Figure RE-GDA0003260797070000078
Figure RE-GDA0003260797070000079
5) The generated AOS ring signature is σ ═ (e)0,s0,s1,......,sn-1);
(4) Transferring the account to the contract: transaction privacy protection contracts utilize contract addresscontractTo help the user perform the transfer transaction, but the user needs to use the account address in advancejSending an amount of money (in units of wei) to the contract account addresscontractThe transaction privacy protection contract thus will have an amount of ethernet (in wei) for performing transfer transactions on behalf of the user.
(5) Sending the public key and the ring signature to the contract: as shown in FIG. 4, Alice uses the account addressjCorresponding account private key xjTo sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that Alice needs to transfer to the function are an account address set address, an account public key set public key, a ring signature σ, a signed message keccak256(pwd), and an account address of the transaction receiverBThe amount of ethernet money to transfer the transaction, amount.
The transaction is broadcast to the account address of the transaction privacy protection contractcontractAnd calls sendRingSignature function, and sendRingSignature function will call 3 functions in the contract in turn, which are verifyPublicKey function for verifying public key, ver for verifying ring signature respectivelyifyRingSignature function, transferEther function to execute transactions.
(6) Verifying the public key: first, the verifyPublicKey function obtains the account address of the transaction initiator using the msg. Only if the caller's account address is the same as the winner variable, that is, the caller's address is addressjThe function can only be called successfully. (the msg. sender global variable in the solid intelligent contract can be used to get the account address of the calling contract, which gets the real account address of the contract caller).
Then, the verifyPublicKey function will determine whether each account address in the incoming account address set address group corresponds to each public key in the account public key set public Key group, and the pseudo code of the determination method is as follows:
Figure RE-GDA0003260797070000081
(7) verifying the ring signature: the verifyrringsignature function is then called to determine the incoming ring signature σ ═ (e)0,s0,s1,......,sn-1) The integrity of (2) is judged by the following method:
1) the signed message M is known from the parameters passed in by the function as keccak256 (pwd).
2) Calculating in sequence according to the values in the AOS ring signature, and finally solving e0. Wherein P isi=publicKeyGroup[i]The calculation process is as follows:
Figure RE-GDA0003260797070000082
3) will find e0And e in AOS Ring signature0And comparing, and if the two are the same, representing that the ring signature sigma is valid. The verifier cannot know which s of the ring signature σ isiThe signature is generated by using the private key of the signer, so that the function of hiding the identity of the signer is realized.
(8) Performing a transfer transaction: then, the process of the present invention is carried out,the transferetherfunction may be invoked to transfer to a particular account address. Once the ring signature authentication is successful, the transaction privacy protection contract date uses the contract account address of the transaction privacy protection contract datecontractAddress of the accountBA transfer transaction is initiated and the amount transferred is in amount of ethernet (in units of wei). Transaction privacy protection contract uses its contract addresscontractThe method helps the user to carry out transaction, successfully hides the original account address of the user, and achieves the purpose of protecting the privacy of the user Ethernet transaction.
The Etherhouse transaction privacy protection method based on the ring signature and the intelligent contracts can protect the transaction privacy and ensure the openness and traceability of transaction records. All transaction information in the ether house is public, and calling the function on the intelligent contract is also conducted in a transaction mode, which means that parameters transmitted to the function in the process of calling the intelligent contract function are also publicly visible. Any observer in the ether house can conclude by viewing and validating the transaction record: an account address in the address group is addressBEther money (in wei) is transferred in the amount of amount, but the real account address of the transfer is not clear; in addition, the password pwd used by Alice in computing the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced later, Alice can prove that himself is the generator of the ring signature by disclosing the password pwd to the transaction receiver Bob or a third party authority, thereby proving that himself is the true sender of the transaction.
The invention provides an Ethernet workshop transaction privacy protection method based on a ring signature and an intelligent contract, which can effectively protect the Ethernet workshop transaction privacy. Ring signature technology can hide a user's original account address in a set of account addresses that contains multiple account addresses; if the computed ring signature passes the verification of the smart contract, the smart contract transfers to the designated recipient address using its own contract account address. An external observer in the ether house can only judge that the original account address of the account transfer transaction is one of the account addresses in the account address set through the ring signature, but cannot accurately analyze which account address is specific, so that the purpose of hiding the original account address of the user is achieved, and the ether house transaction privacy of the user is effectively protected. In addition, the method can ensure the traceability of the transaction while realizing the Ethernet transaction privacy protection. If the transaction needs to be traced in the future, the user can prove that the user is the generator of the ring signature by publicly calculating the password used in the ring signature process, thereby proving that the user is the true sender of the transaction.
The above-mentioned embodiments, objects, technical solutions and advantages of the present application are further described in detail, it should be understood that the above-mentioned embodiments are only examples of the present application, and are not intended to limit the scope of the present application, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present application should be included in the scope of the present application.

Claims (4)

1.一种基于环签名和智能合约的以太坊交易隐私保护方法,其特征在于:包括如下步骤:1. a method for protecting the privacy of ethereum transactions based on ring signature and smart contract, is characterized in that: comprise the steps: (1)生成账户地址:使用者需要采用椭圆曲线加密算法额外生成n个账户地址,具体如下所示:(1) Generate account addresses: The user needs to use the elliptic curve encryption algorithm to generate additional n account addresses, as follows: addressPool={address0,address1,...,addressn-2,addressn-1}addressPool={address 0 , address 1 , ..., address n-2 , address n-1 } addressPool中的每个账户地址都对应一个账户公钥,即addressi对应的账户公钥为
Figure FDA0003113243620000011
addressPool中的每个账户地址都对应一个账户私钥,账户地址发起的每一笔交易都需要依赖于对应账户私钥进行的签名,即addressi对应的账户私钥为
Figure FDA0003113243620000012
Each account address in addressPool corresponds to an account public key, that is, the account public key corresponding to address i is
Figure FDA0003113243620000011
Each account address in addressPool corresponds to an account private key, and each transaction initiated by the account address needs to rely on the signature of the corresponding account private key, that is, the account private key corresponding to address i is
Figure FDA0003113243620000012
 使用者使用自己的账户地址addressA来替代addressPool中的addressj,其中j∈[0,n-1],生成了addressGroup;addressGroup中的账户地址对应的账户公钥集合为publicKeyGroup,具体如下所示:The user uses his own account address address A to replace the address j in the addressPool, where j∈[0,n-1] generates an addressGroup; the account public key set corresponding to the account address in the addressGroup is publicKeyGroup, as shown below : addressGroup={address0,...,addressj-1,addressA,addressj+1,…,addressn-1}addressGroup={address 0 , ..., address j-1 , address A , address j+1 , ..., address n-1 }
Figure FDA0003113243620000013
Figure FDA0003113243620000013
 (2)部署智能合约:使用者使用账户地址addressj来将交易隐私保护合约部署到以太坊主网络中,并生成合约账户地址addresscontract。账户地址addressj是该合约的拥有者,即owner=addressj。owner变量会保存到交易隐私保护合约中,交易隐私保护合约中的函数在调用时需要判断调用者的账户地址是否与owner变量相同,只有合约拥有者addressj才能调用合约中的函数。(2) Deploy smart contracts: The user uses the account address address j to deploy the transaction privacy protection contract into the Ethereum main network, and generates the contract account address address contract . The account address address j is the owner of the contract, ie owner=address j . The owner variable will be saved in the transaction privacy protection contract. When calling the function in the transaction privacy protection contract, it needs to determine whether the caller's account address is the same as the owner variable. Only the contract owner address j can call the function in the contract. (3)计算环签名:利用公钥集合publicKeyGroup与addressA对应的账户私钥
Figure FDA0003113243620000014
来生成环签名σ,环签名σ采用的是AOS环签名算法,环签名σ表示为σ=(e0,s0,s1,......,sn-1),公钥
Figure FDA0003113243620000015
其中
Figure FDA0003113243620000016
为addressA对应的账户私钥且
Figure FDA0003113243620000017
素数阶为q循环群
Figure FDA0003113243620000018
Figure FDA0003113243620000019
是循环群
Figure FDA00031132436200000110
的生成元;;等待被签名的消息M=keccak256(pwd),其中keccak256为哈希函数,pwd是使用者为计算环签名所设置的一次性口令,该口令在整个过程中都不会公开,只有使用者知道口令pwd的内容。(3) Calculate the ring signature: use the public key set publicKeyGroup and the account private key corresponding to address A
Figure FDA0003113243620000014
to generate the ring signature σ, the ring signature σ uses the AOS ring signature algorithm, the ring signature σ is expressed as σ=(e 0 , s 0 , s 1 ,...,s n-1 ), the public key
Figure FDA0003113243620000015
in
Figure FDA0003113243620000016
is the private key of the account corresponding to address A and
Figure FDA0003113243620000017
The prime order is a cyclic group of q
Figure FDA0003113243620000018
Figure FDA0003113243620000019
is a cyclic group
Figure FDA00031132436200000110
The generator of ;; the message waiting to be signed M=keccak256(pwd), where keccak256 is the hash function, pwd is the one-time password set by the user to calculate the ring signature, the password will not be disclosed in the whole process, Only the user knows the content of the password pwd. (4)向合约转账:交易隐私保护合约利用合约地址addresscontract来帮用户执行转账交易,但是用户需要提前使用账户地址addressj来将数额为amount的以太币(单位为wei)发送到合约账户地址addresscontract,这样交易隐私保护合约才会拥有数额为amount的以太币(单位为wei)以用于替用户执行转账交易。(4) Transfer to the contract: The transaction privacy protection contract uses the contract address address contract to help users perform transfer transactions, but the user needs to use the account address j in advance to send the amount of ether (unit: wei) to the contract account address. address contract , so that the transaction privacy protection contract will have an amount of ether (in wei) to perform transfer transactions for the user. (5)向合约发送公钥及环签名:使用者使用账户地址addressj对应的账户私钥xj来签名一个调用环签名合约上的sendRingSignature函数的交易。在交易中,使用者需要向函数传入的参数为账户地址集合addressGroup、账户公钥集合publicKeyGroup、环签名σ、被签名的消息keccak256(pwd)、交易接收者的账户地址addressB、交易转账的以太币数额amount,交易会被广播到交易隐私保护合约的账户地址addresscontract并调用sendRingSignature函数,而sendRingSignature函数会依次调用合约内的3个函数,分别是验证公钥的verifyPublicKey函数、验证环签名的verifyRingSignature函数、执行交易的transferEther函数。(5) Send the public key and ring signature to the contract: The user uses the account private key x j corresponding to the account address address j to sign a transaction that calls the sendRingSignature function on the ring signature contract. In the transaction, the parameters that the user needs to pass into the function are the account address set addressGroup, the account public key set publicKeyGroup, the ring signature σ, the signed message keccak256(pwd), the account address B of the transaction recipient, the transaction transfer The amount of ether is the amount, the transaction will be broadcast to the account address contract of the transaction privacy protection contract and the sendRingSignature function will be called, and the sendRingSignature function will sequentially call three functions in the contract, namely the verifyPublicKey function for verifying the public key and the function for verifying the ring signature. The verifyRingSignature function, the transferEther function that executes the transaction. (6)验证公钥:首先,verifyPublicKey函数利用msg.sender全局变量来获取交易发起者的账户地址。只有调用者的账户地址与owner变量相同时,即调用者的地址为addressj时,函数才能被调用成功,solidity智能合约中的msg.sender全局变量可以用来获取调用合约的账户地址,该变量获取到的是合约调用者的真实账户地址。(6) Verify the public key: First, the verifyPublicKey function uses the msg.sender global variable to obtain the account address of the transaction initiator. The function can be called successfully only when the caller's account address is the same as the owner variable, that is, when the caller's address is address j . The msg.sender global variable in the solidity smart contract can be used to obtain the account address of the calling contract. This variable What is obtained is the real account address of the contract caller. 然后,verifyPublicKey函数会判断传入的账户地址集合addressGroup中的每个账户地址是否与账户公钥集合publicKeyGroup中的每个公钥对应,判断方法的伪代码如下所示:Then, the verifyPublicKey function will judge whether each account address in the incoming account address set addressGroup corresponds to each public key in the account public key set publicKeyGroup. The pseudocode of the judgment method is as follows: for i=0;i<n;i=i+1 dofor i=0; i<n; i=i+1 do Pi=publicKeyGroup[i],addressi=addressGroup[i];P i =publicKeyGroup[i], address i =addressGroup[i]; Base=0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;Base=0x00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; if(uint(keccak256(Pi))&Base)≠uint(addressi)thenif(uint(keccak256(P i ))&Base)≠uint(address i )then return false;return false; return true;return true; (7)验证环签名:接着,verifyRingSignature函数会被调用以判断传入的环签名σ=(e0,s0,s1,......,sn-1)的完整性。(7) Verify ring signature: Next, the verifyRingSignature function will be called to judge the integrity of the incoming ring signature σ=(e 0 , s 0 , s 1 , . . . , s n-1 ). (8)执行转账交易:transferEther函数会被调用以向特定的账户地址进行转账。一旦环签名认证成功,交易隐私保护合约会使用自己的合约账户地址addresscontract来向账户地址addressB发起转账交易,转账的金额是数额为amount的以太币(单位为wei)。交易隐私保护合约使用自己的合约地址addresscontract来帮助用户进行交易,成功地隐藏了用户的原始账户地址,实现了保护用户以太坊交易隐私的目的。(8) Execute the transfer transaction: the transferEther function will be called to transfer money to a specific account address. Once the ring signature authentication is successful, the transaction privacy protection contract will use its own contract account address address contract to initiate a transfer transaction to the account address address B , and the transfer amount is the amount of ether (unit: wei). The transaction privacy protection contract uses its own contract address address contract to help users conduct transactions, successfully hides the user's original account address, and achieves the purpose of protecting the user's Ethereum transaction privacy. 2.如权利要求1所述的基于环签名和智能合约的以太坊交易隐私保护方法,其特征在于:步骤(3)中AOS环签名算法的具体生成过程如下所示:2. the ethereum transaction privacy protection method based on ring signature and smart contract as claimed in claim 1, is characterized in that: the concrete generation process of AOS ring signature algorithm in step (3) is as follows: 1)签名者选取长度为n的公钥集合publicKeyGroup={P0,P1,......,Pn-2,Pn-1},其中Pi的值如下所示:1) The signer selects a public key set of length n publicKeyGroup={P 0 , P 1 , ..., P n-2 , P n-1 }, where the value of P i is as follows:
Figure FDA0003113243620000031
Figure FDA0003113243620000031
 2)生成随机数
Figure FDA0003113243620000032
计算
Figure FDA0003113243620000033
ej+1=keccak256(Q||M);2) Generate random numbers
Figure FDA0003113243620000032
calculate
Figure FDA0003113243620000033
e j+1 =keccak256(Q||M); 3)for i=(j+1)mod n;0≤i<n,i≠j;i=(i+1)mod n do3) for i=(j+1)mod n; 0≤i<n, i≠j; i=(i+1)mod n do 生成随机数
Figure FDA0003113243620000034
并依次计算
Figure FDA0003113243620000035
generate random numbers
Figure FDA0003113243620000034
and calculate in turn
Figure FDA0003113243620000035
 4)设置
Figure FDA0003113243620000036
使得
Figure FDA0003113243620000037
等于
Figure FDA0003113243620000038
Figure FDA0003113243620000039
4) Settings
Figure FDA0003113243620000036
make
Figure FDA0003113243620000037
equal
Figure FDA0003113243620000038
Figure FDA0003113243620000039
 5)生成的AOS环签名为σ=(e0,s0,s1,......,sn-1)。5) The generated AOS ring signature is σ=(e 0 , s 0 , s 1 , . . . , s n-1 ). 3.如权利要求1所述的基于环签名和智能合约的以太坊交易隐私保护方法,其特征在于:所述步骤(7)中判断环签名σ完整性的方法具体步骤如下:3. the ethereum transaction privacy protection method based on ring signature and smart contract as claimed in claim 1, is characterized in that: in described step (7), the method concrete steps of judging the integrity of ring signature σ are as follows: 1)根据函数传入的参数可知被签名的消息M=keccak256(pwd)。1) According to the parameters passed in by the function, it can be known that the signed message M=keccak256(pwd). 2)根据AOS环签名中的值依次计算,最后求出e0。其中Pi=publicKeyGroup[i],计算过程如下所示:2) Calculate sequentially according to the values in the AOS ring signature, and finally obtain e 0 . Where P i =publicKeyGroup[i], the calculation process is as follows:
Figure FDA00031132436200000310
Figure FDA00031132436200000310
 3)将求出的e0和AOS环签名中的e0进行比对,如果相同则代表该环签名σ有效。验证者无法知道环签名σ中的哪个si是利用签名者的私钥生成的,从而实现隐藏签名者身份的作用。3) Compare the obtained e 0 with the e 0 in the AOS ring signature, if they are the same, it means that the ring signature σ is valid. The verifier cannot know which si in the ring signature σ is generated using the signer's private key, so as to hide the signer's identity. 4.如权利要求1所述的基于环签名和智能合约的以太坊交易隐私保护方法,其特征在于:所述步骤(3)中生成环签名时使用的未公开口令pwd可以保证交易的可追溯性。在计算环签名过程中使用的口令pwd在整个交易过程中并未公开。如果日后需要对交易进行追溯,使用者可以通过向交易接收方或者第三方机构公开口令pwd来证明自己是环签名的生成者,从而证明自己是交易真实的发送方。4. The ethereum transaction privacy protection method based on ring signature and smart contract as claimed in claim 1, is characterized in that: the undisclosed password pwd used when generating ring signature in described step (3) can guarantee the traceability of transaction sex. The password pwd used in computing the ring signature is not disclosed throughout the transaction. If the transaction needs to be traced in the future, the user can prove that he is the generator of the ring signature by disclosing the password pwd to the transaction receiver or a third-party organization, thereby proving that he is the true sender of the transaction.
CN202110656722.2A 2021-06-11 2021-06-11 A privacy protection method for Ethereum transactions based on ring signatures and smart contracts Pending CN113645036A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110656722.2A CN113645036A (en) 2021-06-11 2021-06-11 A privacy protection method for Ethereum transactions based on ring signatures and smart contracts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110656722.2A CN113645036A (en) 2021-06-11 2021-06-11 A privacy protection method for Ethereum transactions based on ring signatures and smart contracts

Publications (1)

Publication Number Publication Date
CN113645036A true CN113645036A (en) 2021-11-12

Family

ID=78416024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110656722.2A Pending CN113645036A (en) 2021-06-11 2021-06-11 A privacy protection method for Ethereum transactions based on ring signatures and smart contracts

Country Status (1)

Country Link
CN (1) CN113645036A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363013A (en) * 2021-12-15 2022-04-15 武汉大学 Supervision-friendly block chain content privacy protection system, message sending method and query method
CN115276982A (en) * 2022-07-29 2022-11-01 武汉科技大学 A method and system for Ethereum key management based on SGX

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363013A (en) * 2021-12-15 2022-04-15 武汉大学 Supervision-friendly block chain content privacy protection system, message sending method and query method
CN114363013B (en) * 2021-12-15 2024-04-26 武汉大学 Supervision-friendly blockchain content privacy protection system, message sending and query method
CN115276982A (en) * 2022-07-29 2022-11-01 武汉科技大学 A method and system for Ethereum key management based on SGX
CN115276982B (en) * 2022-07-29 2024-04-16 武汉科技大学 An Ethereum key management method and system based on SGX

Similar Documents

Publication Publication Date Title
CN108418689B (en) Zero-knowledge proof method and medium suitable for block chain privacy protection
Li et al. Traceable monero: Anonymous cryptocurrency with enhanced accountability
CA3044907C (en) Blockchain-based system and method for concealing sender and receiver identities
RU2719311C1 (en) Information protection system and method
CN110009318A (en) A Monero-based digital currency tracking method
CN113360943B (en) Block chain privacy data protection method and device
CN112734424B (en) A privacy-protecting payment method and system based on blockchain
CN109413078B (en) An Anonymous Authentication Method Based on Group Signature in Standard Model
TW201801491A (en) Public key certificate method can generate updated key pair matching the information security requirements without updating the digital certificate
CN105227317A (en) A kind of cloud data integrity detection method and system supporting authenticator privacy
CN113645036A (en) A privacy protection method for Ethereum transactions based on ring signatures and smart contracts
CN114219491A (en) A blockchain-oriented privacy transaction method and related device
CN116823456A (en) Heterogeneous chain cross-chain asset transaction method and system for identity privacy protection
Naganuma et al. New secret key management technology for blockchains from biometrics fuzzy signature
CN116566626A (en) Ring signature method and apparatus
CN103312707A (en) Attribute-based signature verification method by aid of cloud server
CN114514550A (en) Partitioning requests into blockchains
Yang et al. Cryptanalysis of a transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments
CN112184245B (en) Transaction identity confirmation method and device for cross-region block chain
Ghasaei et al. Blockchain-based, privacy-preserving, first price sealed bid auction (fpsba) verifiable by participants
CN113656828A (en) Lattice cipher-based blockchain privacy protection method for financial system transactions
CN114513316A (en) Identity-based anonymous authentication method, server and user terminal equipment
WO2019174404A1 (en) Digital group signature method, device and apparatus, and verification method, device and apparatus
Aravind et al. Combined digital signature with sha hashing technique-based secure system: An application of blockchain using iot
CN114389822B (en) Block chain based signature generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211112

RJ01 Rejection of invention patent application after publication