CN113656828B - Block chain privacy protection method based on lattice code and oriented to financial system transaction - Google Patents

Block chain privacy protection method based on lattice code and oriented to financial system transaction Download PDF

Info

Publication number
CN113656828B
CN113656828B CN202110820938.8A CN202110820938A CN113656828B CN 113656828 B CN113656828 B CN 113656828B CN 202110820938 A CN202110820938 A CN 202110820938A CN 113656828 B CN113656828 B CN 113656828B
Authority
CN
China
Prior art keywords
transaction
user
key
bank
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN202110820938.8A
Other languages
Chinese (zh)
Other versions
CN113656828A (en
Inventor
盖珂珂
陈思源
祝烈煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN202110820938.8A priority Critical patent/CN113656828B/en
Publication of CN113656828A publication Critical patent/CN113656828A/en
Application granted granted Critical
Publication of CN113656828B publication Critical patent/CN113656828B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a block chain privacy protection method based on a lattice code and oriented to financial system transaction, and belongs to the technical field of block chain application. The method anonymously stores the transaction information in the global account block chain, and other nodes cannot know any useful information of the transaction except banks and users related to the transaction. The superior node can check the transaction records of the subordinate nodes, the subordinate nodes cannot directly inquire the transaction records of the superior node and other subordinate nodes, and the inquiry can be realized only when the inquiry is needed and the recovery condition of a secret sharing mechanism is required to be met. The encryption system adopted by the method is designed based on the lattice difficulty problem, and the method is still safe and usable even after the quantum computer is put into practical use. The method can effectively protect transaction data, has flexible authority management, and can effectively resist quantum attack.

Description

面向金融系统交易的基于格密码的区块链隐私保护方法A blockchain privacy protection method based on lattice cryptography for financial system transactions

技术领域Technical Field

本发明涉及一种区块链隐私保护方法,具体涉及一种面向金融系统交易的 基于格密码的区块链隐私保护方法,属于区块链应用技术领域。The present invention relates to a blockchain privacy protection method, and in particular to a blockchain privacy protection method based on lattice cryptography for financial system transactions, which belongs to the field of blockchain application technology.

背景技术Background Art

随着区块链技术的不断发展和普及,区块链受到越来越多政府和金融机构 的广泛关注。在金融领域,银行和金融机构希望通过区块链降低数据维护成本, 提高数据安全性。同时,由于区块链是基于对等网络的,这意味着区块链机制不 处理和存储来自中心节点的数据,因此所有的交易记录都必须向所有节点公开, 这对用户隐私非常不利。特别是在金融领域,用户数据是企业的核心竞争力之一, 金融机构不希望看到用户的交易信息暴露在链上。With the continuous development and popularization of blockchain technology, blockchain has received widespread attention from more and more governments and financial institutions. In the financial field, banks and financial institutions hope to reduce data maintenance costs and improve data security through blockchain. At the same time, since blockchain is based on a peer-to-peer network, it means that the blockchain mechanism does not process and store data from central nodes, so all transaction records must be open to all nodes, which is very detrimental to user privacy. Especially in the financial field, user data is one of the core competitiveness of enterprises, and financial institutions do not want to see user transaction information exposed on the chain.

交易记录可以反映一些敏感知识,可能会泄露用户的隐私,比如用户的交易 记录可以反映用户的消费水平和生活状况。在区块链中,转发交易的第一个节点 可能是交易的发起节点,这意味着只需要尽可能多地连接到服务器并记录从不 同服务器接收交易的时间,这样就可以推断交易的发起节点,从而可以知道匿名 地址的真实身份。Transaction records can reflect some sensitive knowledge and may leak the privacy of users. For example, the transaction records of users can reflect the consumption level and living conditions of users. In the blockchain, the first node to forward the transaction may be the initiating node of the transaction, which means that it is only necessary to connect to as many servers as possible and record the time of receiving transactions from different servers, so that the initiating node of the transaction can be inferred, and thus the true identity of the anonymous address can be known.

隐私保护通常被视为金融安全领域最重要的方面之一,而保护数据隐私是 制定隐私保护政策的一项关键任务。在基于联盟链的银行交易系统中,交易数据 同样重要。双方都不希望交易以外的银行知道交易数据,一些上级银行希望管理 下级银行的数据。例如,上级节点可以审核下级节点,它可以决定下级节点是否 有权查看交易数据等。一种简便的方法是对所有的交易数据进行加密,可以隐藏 交易双方的身份信息和交易信息,但是,这种方法不是实际应用中可行的选择。 因此,在保证隐私的同时也需要一些监督手段。Privacy protection is generally regarded as one of the most important aspects in the field of financial security, and protecting data privacy is a key task in formulating privacy protection policies. In a bank transaction system based on a consortium chain, transaction data is equally important. Neither party wants banks outside the transaction to know the transaction data, and some upper-level banks want to manage the data of lower-level banks. For example, the upper-level node can review the lower-level node, and it can decide whether the lower-level node has the right to view the transaction data. A simple method is to encrypt all transaction data, which can hide the identity information and transaction information of both parties to the transaction. However, this method is not a feasible option in practical applications. Therefore, while ensuring privacy, some supervision measures are also needed.

目前,区块链的整体结构与现代金融体系的整体结构并不一致。显然,比特 币和其他类似数字货币的直接P2P交易对金融机构采用客户服务和监管方式构 成了巨大挑战。金融业正在探索一种新的模式,即不通过用户之间的点对点交易 直接流动资产,也不采取中心化交易系统,相反,大量用户的交易通过少数实体 (通常是银行)进行管理,银行通过账簿以中介的形式完成数百万用户的股票交 易记录,通过系统设计和技术手段确保银行能够按照客户意愿忠实完成资产流 转,但也存在诸多隐私保护问题。因此,为了促进区块链在金融体系中的长期健 康发展,有必要根据实际金融体系的特点和需要,在隐私保护和交易监管之间寻 求平衡。At present, the overall structure of blockchain is not consistent with the overall structure of the modern financial system. Obviously, direct P2P transactions of Bitcoin and other similar digital currencies pose a huge challenge to the customer service and regulatory methods adopted by financial institutions. The financial industry is exploring a new model, that is, not directly circulating assets through peer-to-peer transactions between users, nor adopting a centralized trading system. Instead, the transactions of a large number of users are managed by a small number of entities (usually banks). Banks complete the stock transaction records of millions of users in the form of intermediaries through ledgers. Through system design and technical means, banks can ensure that they can faithfully complete the asset circulation according to the wishes of customers, but there are also many privacy protection issues. Therefore, in order to promote the long-term and healthy development of blockchain in the financial system, it is necessary to seek a balance between privacy protection and transaction supervision according to the characteristics and needs of the actual financial system.

为了解决这些问题,许多研究人员提出了各种各样的解决方案。To solve these problems, many researchers have proposed various solutions.

其中,混合货币方案是一种简单的方法,其原理是:用户先将资金转移给第 三方,然后第三方通过多次转账将资金转移到指定账户。然而,高昂的手续费和 资金保障是该方案的明显缺陷。Among them, the hybrid currency scheme is a simple method, the principle of which is that the user first transfers funds to a third party, and then the third party transfers the funds to a designated account through multiple transfers. However, high handling fees and fund security are obvious drawbacks of this scheme.

另一种方法是加密,签名技术广泛应用于区块链的设计中。在比特币中,椭 圆曲线密码用于生成与私钥相对应的公钥。作为用户的钱包地址,公钥可以区分 不同的用户ID,每个用户拥有多个公钥地址,实现交易的匿名性。为了确保交 易的安全授权,比特币系统对每笔交易数据进行数字签名。比特币和以太坊都采 用椭圆曲线签名算法(ECDSA),通过secp256kl的参数来确定椭圆的形状,实 现了一种非对称的高效签名算法。Another method is encryption. Signature technology is widely used in the design of blockchain. In Bitcoin, elliptic curve cryptography is used to generate a public key corresponding to a private key. As the user's wallet address, the public key can distinguish different user IDs. Each user has multiple public key addresses to achieve the anonymity of transactions. In order to ensure the security authorization of transactions, the Bitcoin system digitally signs each transaction data. Both Bitcoin and Ethereum use the elliptic curve signature algorithm (ECDSA), which determines the shape of the ellipse through the parameters of secp256kl, and implements an asymmetric and efficient signature algorithm.

哈希函数也是一种常用的加密方法。在比特币中,当交易开始时,用户的公 钥地址是通过SHA256算法计算的哈希值生成的。在验证交易数据时,使用用 户的公钥验证签名,实现交易的不可否认性。Hash function is also a commonly used encryption method. In Bitcoin, when a transaction begins, the user's public key address is generated by the hash value calculated by the SHA256 algorithm. When verifying transaction data, the user's public key is used to verify the signature to achieve non-repudiation of the transaction.

随着量子计算的日益兴起,传统的签名算法面临巨大安全挑战。门罗币以其 隐私保护而闻名。门罗币使用随机数来更新每笔交易的地址,以确保观察者无法 找到地址和收件人之间的连接,但是采用时序分析方法使追踪交易成为可能。零 币引入了零知识证明技术来隐藏交易参数,但是它的高计算开销使得证明过程 非常缓慢。With the increasing rise of quantum computing, traditional signature algorithms face huge security challenges. Monero is well-known for its privacy protection. Monero uses random numbers to update the address of each transaction to ensure that observers cannot find the connection between the address and the recipient, but uses a timing analysis method to make it possible to track transactions. Zcash introduces zero-knowledge proof technology to hide transaction parameters, but its high computational overhead makes the proof process very slow.

发明内容Summary of the invention

本发明的目的是针对现有技术存在的缺陷和不足,为解决金融系统交易流 程存在的隐私泄露风险的技术问题,创造性地提出一种面向金融系统交易的基 于格密码的区块链隐私保护方法。The purpose of this invention is to address the defects and shortcomings of the existing technology, to solve the technical problem of privacy leakage risk in the transaction process of the financial system, and to creatively propose a blockchain privacy protection method based on lattice cryptography for financial system transactions.

为了达到上述目的,本发明采取如下技术方案。In order to achieve the above object, the present invention adopts the following technical scheme.

首先,对有关概念进行说明。First, the relevant concepts are explained.

定义1:银行中介账本系统Definition 1: Bank Intermediary Ledger System

是指现代金融体系中利用银行系统进行资金交割结算的交易体系;It refers to the trading system in the modern financial system that uses the banking system for fund delivery and settlement;

定义2:银行Definition 2: Bank

是指承担金融交易活动的机构,不同的银行包括一个总行和若干分行,银行 拥有用户的账户列表及资产余额信息;Refers to institutions that undertake financial transaction activities. Different banks include a head office and several branches. Banks have user account lists and asset balance information;

定义3:全局账本Definition 3: Global Ledger

是指记录存储全部银行交易信息的系统,全局账本是由多个共识节点组成, 采用安全共识算法的区块链系统;It refers to a system that records and stores all bank transaction information. The global ledger is composed of multiple consensus nodes and is a blockchain system that uses a secure consensus algorithm.

定义4:用户Definition 4: User

是指从事金融交易活动的客体,隶属于某一银行的分行,可以向所属银行分 行申请交易请求;Refers to the object engaged in financial transaction activities, which belongs to a branch of a bank and can apply for transaction requests to the branch of the bank to which it belongs;

定义5:格密码Definition 5: Lattice Cipher

是指基于格困难问题建立的密码体制,是公认的抗量子攻击的密码方案;It refers to a cryptographic system based on the lattice difficulty problem, which is a recognized cryptographic scheme that is resistant to quantum attacks;

定义6:秘密共享Definition 6: Secret Sharing

是指秘密以适当的方式拆分,拆分后的每一个份额由不同的参与者管理,单 个参与者无法恢复秘密信息,只有在特定参与者参与并且参与者数量达到某一 最低阈值时,参与者一同协作才能恢复秘密消息。It means that the secret is split in an appropriate way, and each share after the split is managed by a different participant. A single participant cannot recover the secret information. Only when specific participants participate and the number of participants reaches a certain minimum threshold, the participants can work together to recover the secret message.

通常,秘密共享只需要参与者数量达到一定,参与者一同协作即可恢复秘密 消息。本发明从实际出发,增加必须特定参与者参与的限制条件,更符合现实运 用场景需要。Usually, secret sharing only requires a certain number of participants to work together to recover the secret message. The present invention is based on reality and adds the restriction that specific participants must participate, which is more in line with the needs of actual application scenarios.

定义7:哈希函数Definition 7: Hash function

是指能够把任意长度的输入(又叫做函数前像)映射成固定长度输出(即散 列值)的函数。It refers to a function that can map an input of arbitrary length (also called a function preimage) into an output of fixed length (i.e., a hash value).

哈希函数是现代密码学的基本构件之一,最初被用于数字签名。哈希函数具 有单向性、抗碰撞性等特点。Hash function is one of the basic components of modern cryptography and was originally used for digital signatures. Hash function has the characteristics of one-way and anti-collision.

一种面向金融系统交易的基于格密码的区块链隐私保护方法,包括以下步 骤:A blockchain privacy protection method based on lattice cryptography for financial system transactions includes the following steps:

步骤1:将整个系统初始化,包括初始化全局账本、银行和用户。Step 1: Initialize the entire system, including initializing the global ledger, banks, and users.

具体地,步骤1包括以下步骤:Specifically, step 1 includes the following steps:

步骤1.1:全局账本初始化。Step 1.1: Initialize the global ledger.

对全局账本区块链系统进行初始化,并生成公私钥对,用于对交易信息进行 加密,该密钥由整个系统指定的最高权限拥有者生成和管理(可视为中央银行)。 与实际银行系统类似,全局账本管理者能够查看其系统类的所有交易信息,而下 级银行只能查询所属交易信息。Initialize the global ledger blockchain system and generate a public-private key pair for encrypting transaction information. The key is generated and managed by the highest authority owner designated by the entire system (which can be regarded as the central bank). Similar to the actual banking system, the global ledger manager can view all transaction information of its system class, while the subordinate banks can only query the transaction information of their own.

步骤1.2:银行初始化。Step 1.2: Bank initialization.

银行初始化生成签名公私钥对和加解密公私钥对,并初始各自所属用户账 户和余额信息,其中,签名公钥除用于数字签名外,还作为银行地址。The bank initializes the signature public-private key pair and the encryption-decryption public-private key pair, and initializes the respective user accounts and balance information. The signature public key is used not only for digital signatures, but also as the bank address.

步骤1.3:用户初始化。Step 1.3: User initialization.

用户初始化生成签名公私钥对和加解密公私钥对,其中,签名公钥除用于数 字签名外,还作为用户个人地址(即用户名)。The user initializes the generation of a signature public-private key pair and an encryption-decryption public-private key pair. In addition to being used for digital signatures, the signature public key is also used as the user's personal address (i.e., username).

步骤2:发起交易,用户向系统提交转账交易请求。Step 2: Initiate a transaction. The user submits a transfer transaction request to the system.

具体地,步骤2包括以下步骤:Specifically, step 2 includes the following steps:

步骤2.1:用户提交交易请求。Step 2.1: User submits a transaction request.

用户将交易请求提交所属银行分行,交易信息包括转账接收方用户个人地 址、转账金额,交易信息使用加密密钥加密,并用签名密钥签名。The user submits the transaction request to the bank branch to which he belongs. The transaction information includes the personal address of the transfer recipient and the transfer amount. The transaction information is encrypted using the encryption key and signed using the signature key.

步骤2.2:分行验证。Step 2.2: Branch verification.

分行接收用户交易请求,验证交易签名,判断转账金额是否不超过用户余额。The branch receives the user's transaction request, verifies the transaction signature, and determines whether the transfer amount does not exceed the user's balance.

步骤2.3:分行将验证后的交易信息使用加密密钥加密,用签名密钥签名, 并转发其总行。Step 2.3: The branch encrypts the verified transaction information using the encryption key, signs it with the signature key, and forwards it to its head office.

步骤2.4:总行验证交易签名,验证通过后,用接收方总行加密密钥加密交 易信息,用交易提请方所属总行的签名密钥进行签名并转发接收方总行。Step 2.4: The head office verifies the transaction signature. After verification, the transaction information is encrypted with the encryption key of the receiving head office, signed with the signature key of the head office of the transaction requester, and forwarded to the receiving head office.

步骤2.5:接收方总行验证交易签名,验证通过后,与交易请求方总行共同 协商随机数作为内部交易凭证号,并将内部交易凭证号转发相关分行和用户。Step 2.5: The receiving bank verifies the transaction signature. After verification, it negotiates with the transaction requesting bank on a random number as the internal transaction voucher number and forwards the internal transaction voucher number to the relevant branches and users.

步骤2.6:双方总行分别向全局账本提交交易请求,交易信息包括交易请求 方用户地址、交易接收方用户地址、交易金额、内部交易凭证号,交易信息使用 各自加密密钥加密,并用签名密钥签名。Step 2.6: The head offices of both parties submit transaction requests to the global ledger respectively. The transaction information includes the user address of the transaction requester, the user address of the transaction recipient, the transaction amount, and the internal transaction voucher number. The transaction information is encrypted using their respective encryption keys and signed using the signature key.

步骤2.7:全局账本对双方总行交易请求验证签名,并验证交易信息是否一 致;如果一致,则进行步骤3,否则,停止交易。Step 2.7: The global ledger verifies the signatures of the transaction requests from both head offices and verifies whether the transaction information is consistent; if they are consistent, proceed to step 3, otherwise, stop the transaction.

步骤3:交易处理,对交易进行上链和执行。Step 3: Transaction processing, uploading and executing the transaction.

具体地,步骤3包括以下步骤:Specifically, step 3 includes the following steps:

步骤3.1:全局账本区块链网络各节点对交易进行共识,交易信息包括交易 双方用户地址、交易金额、交易内部凭证号;交易信息使用加密密钥加密,使用 哈希函数计算交易内部凭证号的哈希值作为外部交易序号,全局账本将外部交 易序号和加密后的交易信息添加在区块链上;Step 3.1: All nodes in the global ledger blockchain network reach consensus on the transaction. The transaction information includes the user addresses of both parties to the transaction, the transaction amount, and the internal transaction voucher number. The transaction information is encrypted using an encryption key, and the hash value of the internal transaction voucher number is calculated using a hash function as the external transaction serial number. The global ledger adds the external transaction serial number and the encrypted transaction information to the blockchain.

步骤3.2:交易双方分行根据外部交易序号在全局账本中查询到交易后,视 为交易成功,随后分行更新对应用户余额信息;Step 3.2: After the branches of both parties to the transaction find the transaction in the global ledger according to the external transaction sequence number, the transaction is deemed successful, and then the branch updates the corresponding user balance information;

步骤4:交易查询。Step 4: Transaction query.

用户能够随时对交易情况进行查询。查询时,首先向全局账本提交查询请求, 请求内容包含该交易内部交易凭证号,全局账本使用哈希函数计算内部交易凭 证号的哈希值,然后将区块链中与哈希值相等的外部交易序号所对应的交易信 息解密发送给用户。Users can query the transaction status at any time. When querying, first submit a query request to the global ledger. The request content includes the internal transaction voucher number of the transaction. The global ledger uses a hash function to calculate the hash value of the internal transaction voucher number, and then decrypts the transaction information corresponding to the external transaction number equal to the hash value in the blockchain and sends it to the user.

步骤5:秘密共享与恢复。Step 5: Secret sharing and recovery.

总行根据实际需求,将自身密钥通过秘密共享分发给所属分行。当分行要查 询其它分行交易时,在征求总行和若干数量分行同意后,共同协作对密钥进行恢 复。The head office distributes its own keys to its branches through secret sharing according to actual needs. When a branch wants to inquire about transactions of other branches, it will work together to recover the keys after obtaining the consent of the head office and a number of branches.

查询完毕后,总行可以更换密钥并重新进行秘密共享。After the query is completed, the head office can change the key and re-share the secret.

有益效果Beneficial Effects

本发明方法,与现有技术相比,具有如下有益效果:Compared with the prior art, the method of the present invention has the following beneficial effects:

1.能够有效保护交易数据。根据所述方法,交易信息被匿名存储在全局账本 区块链上,除了交易相关的银行和用户外,其他节点无法得知交易的任何有用信 息。同时,由于交易数据存储在区块链上,防止了交易信息被篡改,保证了数据 的真实性;1. Effectively protect transaction data. According to the method, transaction information is anonymously stored on the global ledger blockchain. Except for the banks and users involved in the transaction, other nodes cannot know any useful information about the transaction. At the same time, since the transaction data is stored on the blockchain, the transaction information is prevented from being tampered with, and the authenticity of the data is guaranteed;

2.具备灵活的权限管理。根据所述方法,上级节点可以查看下级节点的交易 记录,而下级节点不能直接查询上级节点和其他下级节点的交易记录,确需要查 询时,需要满足秘密共享机制的恢复条件才能实现查询,引入秘密共享机制使得 权限配置更加灵活;2. Flexible authority management. According to the method, the upper node can view the transaction records of the lower node, but the lower node cannot directly query the transaction records of the upper node and other lower nodes. When a query is needed, the recovery conditions of the secret sharing mechanism must be met to achieve the query. The introduction of the secret sharing mechanism makes the authority configuration more flexible;

3.能够有效对抗量子攻击。所述方法运用的加密体制是基于格困难问题设计 的,这意味着在格困难问题得到解决之前所述方法是安全的,由于格密码是目前 公认的后量子密码,因此,即使在量子计算机实用之后,所述方法仍然是安全可 用的。3. Ability to effectively resist quantum attacks. The encryption system used in the method is designed based on the lattice difficulty problem, which means that the method is safe before the lattice difficulty problem is solved. Since lattice cryptography is currently recognized as post-quantum cryptography, the method is still safe and usable even after quantum computers are practical.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明方法的流程示意图。FIG1 is a schematic flow diagram of the method of the present invention.

具体实施方式DETAILED DESCRIPTION

下面结合附图对本发明方法的具体实施过程,做进一步详细说明。The specific implementation process of the method of the present invention is further described in detail below with reference to the accompanying drawings.

如图1所示,详细阐述了利用格密码基于区块链的金融系统隐私保护交易 方法的实现过程。As shown in Figure 1, the implementation process of the privacy protection transaction method of the financial system based on blockchain using lattice cryptography is described in detail.

在银行中介账本系统中,B1,B2,···,Bm代表不同银行的总行,

Figure BDA0003171956980000071
代表总行Bi的第j个分行,分行
Figure BDA0003171956980000072
拥有用户
Figure BDA0003171956980000073
(i总行j分行的第n个用户)。In the bank intermediary ledger system, B 1 ,B 2 ,···,B m represent the head offices of different banks.
Figure BDA0003171956980000071
represents the jth branch of the head office Bi ,
Figure BDA0003171956980000072
Owning users
Figure BDA0003171956980000073
(The nth user of the i head office and the j branch).

利用格密码基于区块链的金融系统隐私保护交易方法,实现用户

Figure BDA0003171956980000074
(i总行 j分行的第p个用户)向用户
Figure BDA0003171956980000075
(r总行s分行的第t个用户)转账的过程,包 括以下步骤:Using the privacy protection transaction method of the financial system based on blockchain, users can
Figure BDA0003171956980000074
(The pth user of the i head office j branch) to the user
Figure BDA0003171956980000075
The process of transferring money from the tth user of the r head office to the s branch includes the following steps:

步骤1:系统初始化。将整个系统初始化分为全局账本、银行、用户三个部 分。Step 1: System initialization. The entire system initialization is divided into three parts: global ledger, bank, and user.

具体地,包括以下步骤:Specifically, the steps include:

步骤1.1:全局账本初始化。对全局账本区块链系统进行初始化,并生成公 私钥对{Lepk,Lesk},用于对交易信息进行加密。该密钥由整个系统指定的最高 权限拥有者生成和管理(可视为中央银行),与实际银行系统类似,全局账本管 理者可以查看其系统类的所有交易信息,下级银行只能查询所属交易信息;Step 1.1: Global ledger initialization. Initialize the global ledger blockchain system and generate a public-private key pair {Lepk, Lesk} for encrypting transaction information. The key is generated and managed by the highest authority owner designated by the entire system (which can be regarded as the central bank). Similar to the actual banking system, the global ledger manager can view all transaction information of its system class, and the subordinate banks can only query the transaction information of their own;

步骤1.2:银行初始化。银行总行初始化生成各自签名公私钥对 {Bsignpki,Bsignski}和加解密公私钥对{Bepki,Beski},各分行初始化生成各自签 名公私钥对

Figure BDA0003171956980000081
和加解密公私钥对
Figure BDA0003171956980000082
并初始化各 自所属用户账户
Figure BDA0003171956980000083
和余额信息
Figure BDA0003171956980000084
其中,签名公钥除用于数字签名外,还 作为银行地址。Step 1.2: Bank initialization. The head office of the bank initializes and generates its own signature public-private key pair {Bsignpk i ,Bsignsk i } and encryption-decryption public-private key pair {Bepk i ,Besk i }. Each branch initializes and generates its own signature public-private key pair
Figure BDA0003171956980000081
And encryption and decryption public and private key pairs
Figure BDA0003171956980000082
And initialize their respective user accounts
Figure BDA0003171956980000083
and balance information
Figure BDA0003171956980000084
Among them, the signature public key is used not only for digital signature, but also as a bank address.

步骤1.3:用户初始化,用户初始化生成签名公私钥对

Figure BDA0003171956980000085
和加解密公私钥对
Figure BDA0003171956980000086
其中,签名公钥除用于数字签名外,还作为 用户个人地址(即用户名)。Step 1.3: User initialization, user initialization generates signature public and private key pairs
Figure BDA0003171956980000085
And encryption and decryption public and private key pairs
Figure BDA0003171956980000086
Among them, the signature public key is not only used for digital signature, but also serves as the user's personal address (ie, user name).

上述步骤,使用格密码加密方式生成密钥。In the above steps, the key is generated using the lattice password encryption method.

步骤2:发起交易。用户向系统提交转账交易请求,用户

Figure BDA0003171956980000087
需向用户
Figure BDA0003171956980000088
转 账V元。Step 2: Initiate a transaction. The user submits a transfer transaction request to the system.
Figure BDA0003171956980000087
Need to provide users
Figure BDA0003171956980000088
Transfer V Yuan.

具体地,包括以下步骤:Specifically, the steps include:

步骤2.1:用户

Figure BDA0003171956980000089
提交交易请求Trequest。Step 2.1: User
Figure BDA0003171956980000089
Submit a transaction request Trequest.

用户

Figure BDA00031719569800000810
将交易请求Trequest提交所属银行分行
Figure BDA00031719569800000811
交易信息包括转账接收 方用户个人地址
Figure BDA00031719569800000812
转账金额v。交易信息使用加密密钥
Figure BDA00031719569800000813
加密,并 用签名密钥
Figure BDA00031719569800000814
签名:user
Figure BDA00031719569800000810
Submit the transaction request Trequest to the bank branch to which it belongs
Figure BDA00031719569800000811
Transaction information includes the transfer recipient's personal address
Figure BDA00031719569800000812
Transfer amount v. Transaction information uses encryption key
Figure BDA00031719569800000813
Encrypted with a signing key
Figure BDA00031719569800000814
sign:

Figure BDA00031719569800000815
Figure BDA00031719569800000815

其中,

Figure BDA0003171956980000091
表示用秘钥
Figure BDA0003171956980000092
加密
Figure BDA0003171956980000093
Figure BDA0003171956980000094
表示用
Figure BDA0003171956980000095
加密v。in,
Figure BDA0003171956980000091
Indicates using a secret key
Figure BDA0003171956980000092
encryption
Figure BDA0003171956980000093
Figure BDA0003171956980000094
Indicates
Figure BDA0003171956980000095
Encryption v.

步骤2.2:分行验证交易请求。Step 2.2: The branch verifies the transaction request.

分行

Figure BDA0003171956980000096
接收用户交易请求Trequest后验证交易签名,判断转账金额v是否不 超过用户余额
Figure BDA0003171956980000097
Figure BDA0003171956980000098
其中“?”表示判断,如果不超过, 则执行步骤2.3,否则终止交易。Branches
Figure BDA0003171956980000096
After receiving the user's transaction request Trequest, verify the transaction signature to determine whether the transfer amount v does not exceed the user's balance
Figure BDA0003171956980000097
Figure BDA0003171956980000098
The “?” indicates judgment. If it does not exceed, execute step 2.3, otherwise terminate the transaction.

步骤2.3:分行

Figure BDA0003171956980000099
将验证后的交易信息使用加密密钥
Figure BDA00031719569800000910
加密,用签名密 钥
Figure BDA00031719569800000911
签名,并将交易Trequest′转发其总行Bi:Step 2.3: Branch
Figure BDA0003171956980000099
Use the encryption key to encrypt the verified transaction information
Figure BDA00031719569800000910
Encrypted with signing key
Figure BDA00031719569800000911
Sign and forward the transaction Trequest′ to its head office Bi :

Figure BDA00031719569800000912
Figure BDA00031719569800000912

其中,

Figure BDA00031719569800000913
表示用
Figure BDA00031719569800000914
加密
Figure BDA00031719569800000915
Figure BDA00031719569800000916
表示用
Figure BDA00031719569800000917
加密v。in,
Figure BDA00031719569800000913
Indicates
Figure BDA00031719569800000914
encryption
Figure BDA00031719569800000915
Figure BDA00031719569800000916
Indicates
Figure BDA00031719569800000917
Encryption v.

步骤2.4:总行验证Trequest′交易签名。验证通过后,用接收方总行加密密 钥Bepkr加密交易信息,用交易请求方总行Bi签名密钥Bsignpki进行签名,并将 交易Ti,r转发接收方总行BrStep 2.4: The head office verifies the transaction signature of Trequest′. After verification, the transaction information is encrypted with the encryption key Bepk r of the receiving head office, signed with the signature key Bsignpk i of the transaction requesting head office Bi , and the transaction Ti ,r is forwarded to the receiving head office B r :

Figure BDA00031719569800000918
Figure BDA00031719569800000918

步骤2.5:接收方总行Br验证交易Ti,r签名,验证通过后,与交易请求方总行 Bi共同协商随机数r作为内部交易凭证号Txidinner,并将内部交易凭证号转发相 关分行和用户(即,

Figure BDA00031719569800000919
)。Step 2.5: The receiving bank B r verifies the signature of the transaction Ti ,r . After the verification is passed, it negotiates with the transaction requesting bank B i on the random number r as the internal transaction voucher number Txidinner, and forwards the internal transaction voucher number to the relevant branches and users (i.e.
Figure BDA00031719569800000919
).

步骤2.6:双方总行Bi、Br分别向全局账本L提交交易请求Ti,r′和Tr,i′,交易 信息包括交易请求方用户地址

Figure BDA00031719569800000920
交易接收方用户地址
Figure BDA00031719569800000921
交易 金额v、内部交易凭证号Txidinner。交易信息使用各自加密密钥Bepki和Bepkr加 密,并用签名密钥Bsignpki和Bsignpkr签名:Step 2.6: The head offices of both parties, Bi and Br, submit transaction requests Ti,r ′ and T r,i ′ to the global ledger L respectively. The transaction information includes the user address of the transaction requester.
Figure BDA00031719569800000920
Transaction recipient user address
Figure BDA00031719569800000921
Transaction amount v, internal transaction voucher number Txidinner. Transaction information is encrypted using the respective encryption keys Bepk i and Bepk r , and signed using the signature keys Bsignpk i and Bsignpk r :

Figure BDA00031719569800000922
Figure BDA00031719569800000922

Figure BDA0003171956980000101
Figure BDA0003171956980000101

其中,

Figure BDA0003171956980000102
表示用Bepki加密
Figure BDA0003171956980000103
和Txidinner,Encrypt(Bepki,v)表示用Bepki加密v。in,
Figure BDA0003171956980000102
Indicates encryption with Bepki
Figure BDA0003171956980000103
And Txidinner, Encrypt(Bepk i ,v) means encrypting v with Bepk i .

步骤2.7:全局账本L对双方总行交易请求验证签名,并验证交易信息是否 一致,Step 2.7: The global ledger L verifies the signatures of the transaction requests from both head offices and verifies whether the transaction information is consistent.

Figure BDA0003171956980000104
Figure BDA0003171956980000104

其中,“?”表示判断。Among them, “?” indicates judgment.

上述步骤中的加密过程,使用格密码加密方法实现。The encryption process in the above steps is implemented using a lattice cipher encryption method.

步骤3:交易处理,对交易进行上链和执行。Step 3: Transaction processing, uploading and executing the transaction.

步骤3.1:全局账本L区块链网络各节点对交易T进行共识,交易信息包括交 易双方用户地址

Figure BDA0003171956980000105
Figure BDA0003171956980000106
交易金额v、交易内部凭证号Txidinner。交 易信息使用加密密钥Lepk加密,使用哈希函数计算交易内部凭证号的哈希值作 为外部交易序号Txid。全局账本将外部交易序号和加密后的交易信息添加在区块 链上:Step 3.1: All nodes in the global ledger L blockchain network reach consensus on transaction T. The transaction information includes the user addresses of both parties to the transaction.
Figure BDA0003171956980000105
and
Figure BDA0003171956980000106
Transaction amount v, transaction internal voucher number Txidinner. The transaction information is encrypted using the encryption key Lepk, and the hash value of the transaction internal voucher number is calculated using a hash function as the external transaction serial number Txid. The global ledger adds the external transaction serial number and encrypted transaction information to the blockchain:

Figure BDA0003171956980000107
Figure BDA0003171956980000107

其中,

Figure BDA0003171956980000108
表示用Lepk加密
Figure BDA0003171956980000109
v和Txidinner。in,
Figure BDA0003171956980000108
Indicates encryption with Lepk
Figure BDA0003171956980000109
v and Txidinner.

该步骤中涉及的加密过程,使用格密码加密方法实现。The encryption process involved in this step is implemented using a lattice cipher encryption method.

步骤3.2:交易双方分行

Figure BDA00031719569800001010
Figure BDA00031719569800001011
根据外部交易序号在全局账本中查询到交易 后,视为交易成功。随后,分行更新对应用户余额
Figure BDA00031719569800001012
Figure BDA00031719569800001013
Step 3.2: Transaction Banking
Figure BDA00031719569800001010
and
Figure BDA00031719569800001011
After the transaction is found in the global ledger according to the external transaction serial number, the transaction is deemed successful. Subsequently, the branch updates the corresponding user balance
Figure BDA00031719569800001012
and
Figure BDA00031719569800001013

步骤4:交易查询,用户可随时对交易情况进行查询,查询时首先向全局账 本提交查询请求uquery,请求内容包含所查询交易的内部交易凭证号Txidinner, 全局账本L使用哈希函数计算内部交易凭证号的哈希值,然后将区块链中与哈希 值相等的外部交易序号Txid所对应的交易T解密发送给用户。Step 4: Transaction query. Users can query the transaction status at any time. When querying, they first submit a query request u query to the global ledger. The request content includes the internal transaction voucher number Txidinner of the queried transaction. The global ledger L uses a hash function to calculate the hash value of the internal transaction voucher number, and then decrypts the transaction T corresponding to the external transaction number Txid in the blockchain that is equal to the hash value and sends it to the user.

该步骤中的解密过程,使用格密码解密方法实现。The decryption process in this step is implemented using the lattice cipher decryption method.

步骤5:秘密共享及恢复,总行可根据实际需求将自身密钥通过秘密共享分 发给所属分行,分行欲查询其他分行交易时,可在征求总行和若干数量分行同意 后共同协作对密钥进行恢复,查询完毕后总行可更换密钥并重新进行秘密共享。Step 5: Secret sharing and recovery. The head office can distribute its own keys to its branches through secret sharing according to actual needs. When a branch wants to query transactions of other branches, it can jointly recover the keys after obtaining the consent of the head office and a number of branches. After the query is completed, the head office can replace the key and re-share the secret.

上述步骤中,使用的格密码加密方式如下:In the above steps, the grid password encryption method used is as follows:

其中,参数设置为:The parameters are set as follows:

γ是全局解密方W的公钥长度,γi是加密方Wi(i=1,2···,n)的公钥长度;η是W的私钥长度,ηi是Wi的私钥长度;ρ是W的干扰长度,ρi是Wi的干扰长度;λ为 安全参数。τ表示W的公钥包含的整数个数,τi标识Wi的公钥包含的整数个数。γ is the length of the public key of the global decryption party W, γ i is the length of the public key of the encryption party W i (i=1,2···,n); η is the length of the private key of W, η i is the length of the private key of W i ; ρ is the interference length of W, ρ i is the interference length of W i ; λ is the security parameter. τ represents the number of integers contained in the public key of W, and τ i identifies the number of integers contained in the public key of W i .

令γ=O(λ6),γi=O(λ6),η=O(λ5),ηi=O(λ5),ρ=λ,ρi=λ,τ=λ+γ, τi=λ+γ。Let γ=O(λ 6 ), γ i =O(λ 6 ), η=O(λ 5 ), η i =O(λ 5 ), ρ=λ, ρ i =λ, τ=λ+γ, τ i =λ+γ.

密钥生成方法为:The key generation method is:

加密系统由一个全局解密方W和多个加密方Wi(i=1,2···,n)组成,W生成 公钥pk=<x0,x1,···,xτ>,随机选择随机数w作为私钥sk,w∈[2η-1,2η)。Wi随 机选择随机数wi作为其私钥ski

Figure BDA0003171956980000111
$表示随机选取, Z表示整数集;wi随机排列pk=<x0,x1,···,xτ>,得到
Figure BDA0003171956980000112
Figure BDA0003171956980000113
表示pk经过随机排列变换后的序列,
Figure BDA0003171956980000114
表示变换后的第τ个数。然后,wi随机选 择数qi,0,qi,1,···,qi,τ和γi,0i,1,···,γi,τ,qi,τ表示wi随机选择的qi,0,qi,1,···,qi,τ中的第τ 个数,γi,τ表示wi随机选择的γi,0i,1,···,γi,τ的第τ个数,其中,
Figure BDA0003171956980000115
Figure BDA0003171956980000116
并计算
Figure BDA0003171956980000117
xi,0是xi,j中最大值,最后重新计算
Figure BDA0003171956980000121
将pki=< xi,0,xi,1,···,xi,τ>作为wi的公钥。The encryption system consists of a global decryption party W and multiple encryption parties Wi (i=1,2···,n). W generates a public key pk=< x0 , x1 ,···, > and randomly selects a random number w as a private key sk, w∈[ 2η- 1,2η ). Wi randomly selects a random number w as its private key sk i .
Figure BDA0003171956980000111
$ represents random selection, Z represents a set of integers; w i randomly arranges pk = <x 0 ,x 1 ,···,x τ >, and obtains
Figure BDA0003171956980000112
Figure BDA0003171956980000113
represents the sequence after pk is randomly permuted and transformed.
Figure BDA0003171956980000114
represents the τth number after transformation. Then, w i randomly selects numbers q i,0 ,q i,1 ,···,q i,τ and γ i,0i,1 ,···,γ i,τ , q i,τ represents the τth number among q i,0 ,q i,1 ,···,q i,τ randomly selected by wi , and γ i,τ represents the τth number among γ i,0i,1 ,···,γ i,τ randomly selected by wi , where
Figure BDA0003171956980000115
Figure BDA0003171956980000116
And calculate
Figure BDA0003171956980000117
x i,0 is the maximum value among x i,j , and is recalculated at the end
Figure BDA0003171956980000121
Let pk i = < x i,0 , x i,1 ,···, x i,τ > be the public key of wi .

加密方法为:The encryption method is:

wi随机选择

Figure BDA0003171956980000122
和随机数ti,
Figure BDA0003171956980000123
对明文mi∈{0,1}进行加密,输出密文
Figure BDA0003171956980000124
si表示集合{1,2,···,τi}中随机选择的某个数。w i randomly selects
Figure BDA0003171956980000122
and random number t i ,
Figure BDA0003171956980000123
Encrypt the plaintext m i ∈ {0,1} and output the ciphertext
Figure BDA0003171956980000124
s i represents a number randomly selected from the set {1, 2, ···, τ i }.

解密方法为:The decryption method is:

Wi使用ski=wi计算

Figure BDA0003171956980000125
即可解密。或者,W使用sk=w计算mi←[[ci]sk]2也可解密。 Wi is calculated using sk i = wi
Figure BDA0003171956980000125
Alternatively, W can use sk = w to calculate m i ← [[c i ] sk ] 2 , which can also be decrypted.

由上述加密方法可以看出,W可以任意解密Wi的密文,而每一Wi只能解密 自身密文,不能解密其余Wi和W的密文,利用这个性质,本发明所述方法中设计 的加解密密钥可以由此加密方式逐级生成,从而实现上级节点可以解密下级节 点的交易信息,而下级节点无法解密上级节点和同级其他节点的交易信息。It can be seen from the above encryption method that W can arbitrarily decrypt the ciphertext of Wi , while each Wi can only decrypt its own ciphertext and cannot decrypt the ciphertext of other Wi and W. Using this property, the encryption and decryption keys designed in the method of the present invention can be generated step by step by this encryption method, so that the upper-level node can decrypt the transaction information of the lower-level node, while the lower-level node cannot decrypt the transaction information of the upper-level node and other nodes at the same level.

步骤5中,使用的秘密共享及恢复方法如下:In step 5, the secret sharing and recovery method used is as follows:

准备阶段:Preparation stage:

Fq是素数q上的有限域,Ui代表第i个参与方,Sharei代表Ui得到的秘密分 享,Sharei∈FqF q is a finite field over prime numbers q, U i represents the i-th participant, Share i represents the secret share obtained by U i , Share i ∈F q .

share是参与方U想要进行分享的秘密,random是参与方U生成的随机数, 参与方U随机生成n-1阶多项式:share is the secret that participant U wants to share, random is the random number generated by participant U, and participant U randomly generates an n-1 order polynomial:

f(x)≡share+random+a1x+…+an-1xn-1(modq) (8)f(x)≡share+random+a 1 x+…+a n-1 x n-1 (modq) (8)

其中,a1、an-1分别表示f(x)中1次项x和n-1项xn-1的系数,mod表示取模 运算,模数为q。xn-1表示f(x)的n-1次项。Wherein, a 1 and a n-1 represent the coefficients of the 1st-order term x and the n-1th-order term x n-1 in f(x), respectively, mod represents the modulus operation, and the modulus is q. x n-1 represents the n-1th-order term of f(x).

秘密分享阶段:Secret sharing phase:

参与方U随机选择yi,计算zi=f(yi),将(zi,yi)发送给Ui。zi表示f(yi)的值, yi表示U给Ui随机选择的x的值yiParticipant U randomly selects yi , calculates z = f( y ), and sends ( z , yi ) to U. Zi represents the value of f( y ), and yi represents the value yi of x randomly selected by U for U.

秘密恢复阶段:Secret recovery phase:

当k≥n时,n个子秘密拥有者恢复出share+random:When k ≥ n, n sub-secret owners recover share+random:

Figure BDA0003171956980000131
Figure BDA0003171956980000131

其中,yi表示U给Ui随机选择x的值yi。k表示参与恢复秘密的子秘密拥有者的数量。Where yi represents the value yi given by U to randomly select x. k represents the number of sub-secret owners who participate in recovering the secret.

此时,需要U提供random才能进一步恢复share。At this point, U needs to provide random to further restore the share.

由上述秘密共享方案可以看出,子秘密拥有方想要恢复秘密需要参与方U和 k≥n个子秘密拥有者共同协作才可实现,利用这个性质,本发明所述方法中秘 密共享恢复可根据实际需求将总行密钥通过秘密共享分发给所属分行,分行欲 查询其他分行交易时,可在征求总行和若干数量分行同意后共同协作对密钥进 行恢复。It can be seen from the above secret sharing scheme that if the sub-secret owner wants to recover the secret, it requires the joint cooperation of the participant U and k≥n sub-secret owners. Using this property, the secret sharing recovery in the method described in the present invention can distribute the head office key to its branches through secret sharing according to actual needs. When a branch wants to inquire about transactions of other branches, it can jointly recover the key after obtaining the consent of the head office and a number of branches.

Claims (2)

1. A block chain privacy protection method based on lattice codes facing financial system transaction firstly explains related concepts:
definition 1: bank intermediary account book system
The system refers to a transaction system for carrying out fund delivery settlement by utilizing a bank system in a modern financial system;
definition 2: bank
The financial transaction system is characterized in that the financial transaction system is an organization for undertaking financial transaction activities, different banks comprise a main bank and a plurality of branch banks, and the banks have account lists and asset balance information of users;
wherein,
Figure DEST_PATH_IMAGE002
represents a head office of a different bank>
Figure DEST_PATH_IMAGE004
Represents a total row +>
Figure DEST_PATH_IMAGE006
Is based on the fifth->
Figure DEST_PATH_IMAGE008
Each branch is divided into rows and is divided into rows>
Figure 776180DEST_PATH_IMAGE004
Having a user pick>
Figure DEST_PATH_IMAGE010
Figure DEST_PATH_IMAGE012
To representiHead officejGo in different rowsnA user;
definition 3: global account book
The system is used for recording and storing all bank transaction information, and the global account book is a block chain system which consists of a plurality of consensus nodes and adopts a safe consensus algorithm;
definition 4: user' s
The system is characterized in that an object engaged in financial transaction activities belongs to a branch of a certain bank and can apply for a transaction request to the branch of the bank;
definition 5: lattice code
The method is characterized by comprising the following steps of (1) establishing a cryptosystem based on the lattice difficulty problem;
definition 6: secret sharing
The secret is split, each split share is managed by different participants, a single participant cannot recover secret information, and only when a specific participant participates and the number of the participants reaches a certain minimum threshold value, the participants cooperate together to recover the secret information;
definition 7: hash function
The function is a function capable of mapping an input with any length into an output with a fixed length;
the method is characterized by comprising the following steps:
step 1: initializing the whole system, including initializing a global account book, a bank and a user, comprising the following steps:
step 1.1: initializing a global account book;
initializing global account book blockchain system and generating public and private key pair
Figure DEST_PATH_IMAGE014
The key is generated and managed by the highest authority owner appointed by the whole system; similar to an actual bank system, the global account book manager can check all transaction information of the system class, and lower-level banks can only inquire the transaction information of the lower-level banks;
step 1.2: initializing a bank;
each head office initializes to generate a signature public and private key pair
Figure DEST_PATH_IMAGE016
And public and private key pair for encryption and decryption
Figure DEST_PATH_IMAGE018
Row initialization generates respective signed public and private key pairs { (R { })>
Figure DEST_PATH_IMAGE020
And a public and private key pair for encryption and decryption { (R) }>
Figure DEST_PATH_IMAGE022
And initializing user accounts which belong to the user accounts>
Figure DEST_PATH_IMAGE024
And balance information->
Figure DEST_PATH_IMAGE026
The public signature key is used for digital signature and also used as a bank address;
step 1.3: initializing a user;
user initialized generating signature public and private key pair
Figure DEST_PATH_IMAGE028
Male and female key pair for encryption and decryption
Figure DEST_PATH_IMAGE030
Wherein the public signature key is used for digital signatureAlso as a user's personal address;
in step 1, a secret key is generated using a lattice code, the method being as follows:
the parameter setting comprises the following steps:
Figure DEST_PATH_IMAGE032
is->
Figure DEST_PATH_IMAGE034
Length of the public key of (4), and>
Figure DEST_PATH_IMAGE036
is encrypted square>
Figure DEST_PATH_IMAGE038
The public key length of (c);
Figure DEST_PATH_IMAGE040
Is->
Figure DEST_PATH_IMAGE042
Length of the private key of (4)>
Figure DEST_PATH_IMAGE044
Is->
Figure DEST_PATH_IMAGE046
The length of the private key of (c);
Figure DEST_PATH_IMAGE048
Is
Figure 807502DEST_PATH_IMAGE042
Is greater than or equal to>
Figure DEST_PATH_IMAGE050
Is->
Figure 305349DEST_PATH_IMAGE046
The interference length of (2);
Figure DEST_PATH_IMAGE052
Is a safety parameter;
Figure DEST_PATH_IMAGE054
represents->
Figure DEST_PATH_IMAGE056
An integer number contained in the public key>
Figure DEST_PATH_IMAGE058
Identification>
Figure DEST_PATH_IMAGE060
The integer number contained in the public key;
order to
Figure DEST_PATH_IMAGE062
Figure DEST_PATH_IMAGE064
Figure DEST_PATH_IMAGE066
Figure DEST_PATH_IMAGE068
Figure DEST_PATH_IMAGE070
Figure DEST_PATH_IMAGE072
Figure DEST_PATH_IMAGE074
Figure DEST_PATH_IMAGE076
The key generation method comprises the following steps:
the encryption system consists of a global decryptor
Figure 167736DEST_PATH_IMAGE042
And a plurality of encryption sides>
Figure 670524DEST_PATH_IMAGE038
Make up and/or are present>
Figure 430670DEST_PATH_IMAGE042
Generating public keys
Figure DEST_PATH_IMAGE078
Selecting a random number->
Figure DEST_PATH_IMAGE080
As private key->
Figure DEST_PATH_IMAGE082
Figure DEST_PATH_IMAGE084
,
Figure DEST_PATH_IMAGE086
Randomly selecting a random number->
Figure DEST_PATH_IMAGE088
As its private key->
Figure DEST_PATH_IMAGE090
Figure DEST_PATH_IMAGE092
,
Figure DEST_PATH_IMAGE094
),
Figure DEST_PATH_IMAGE096
Indicates a random selection>
Figure DEST_PATH_IMAGE098
Representing a set of integers;
Figure 215479DEST_PATH_IMAGE088
Is randomly arranged->
Figure 352063DEST_PATH_IMAGE078
Get->
Figure DEST_PATH_IMAGE100
Figure DEST_PATH_IMAGE102
Represents->
Figure DEST_PATH_IMAGE104
The sequences after random permutation and transformation are true>
Figure DEST_PATH_IMAGE106
Indicates the changed ^ th->
Figure 958625DEST_PATH_IMAGE054
The number of the cells; then, is taken up or taken off>
Figure 483147DEST_PATH_IMAGE088
Randomly selecting a number->
Figure DEST_PATH_IMAGE108
And &>
Figure DEST_PATH_IMAGE110
Figure DEST_PATH_IMAGE112
Represents->
Figure 988209DEST_PATH_IMAGE088
Randomly selected>
Figure 662904DEST_PATH_IMAGE108
Is greater than or equal to>
Figure 862986DEST_PATH_IMAGE054
Number and/or unit>
Figure DEST_PATH_IMAGE114
Represents->
Figure 151884DEST_PATH_IMAGE088
Selected randomly->
Figure 65614DEST_PATH_IMAGE110
Is based on the fifth->
Figure 29153DEST_PATH_IMAGE054
Number, wherein>
Figure DEST_PATH_IMAGE116
,
Figure DEST_PATH_IMAGE118
And calculates->
Figure DEST_PATH_IMAGE120
+
Figure DEST_PATH_IMAGE122
,
Figure DEST_PATH_IMAGE124
Figure DEST_PATH_IMAGE126
Is->
Figure DEST_PATH_IMAGE128
Medium maximum, and finally recalculated>
Figure DEST_PATH_IMAGE130
Will >>
Figure DEST_PATH_IMAGE132
=
Figure DEST_PATH_IMAGE134
As->
Figure 564302DEST_PATH_IMAGE088
The public key of (2); step 2: initiating a transaction, the user submitting a transfer transaction request to the system, the user @>
Figure DEST_PATH_IMAGE136
Needs to be picked up and picked up by the user>
Figure DEST_PATH_IMAGE138
Transfer box>
Figure DEST_PATH_IMAGE140
A cell, comprising the steps of:
step 2.1: user' s
Figure 650200DEST_PATH_IMAGE136
Submit a transaction request pick>
Figure DEST_PATH_IMAGE142
User' s
Figure 5221DEST_PATH_IMAGE136
Will transaction request->
Figure 615194DEST_PATH_IMAGE142
Submit the affiliated bank branch->
Figure 50854DEST_PATH_IMAGE004
The transaction information includes the transfer recipient user's personal address->
Figure DEST_PATH_IMAGE144
And transfer amount->
Figure 947135DEST_PATH_IMAGE140
Transaction information is encrypted using an encryption key>
Figure DEST_PATH_IMAGE146
Encrypting and using a signing key
Figure DEST_PATH_IMAGE148
Signing;
Figure DEST_PATH_IMAGE150
wherein,
Figure DEST_PATH_IMAGE152
representing key->
Figure 71342DEST_PATH_IMAGE146
Encrypted->
Figure 891531DEST_PATH_IMAGE144
Figure DEST_PATH_IMAGE154
Means for>
Figure 803203DEST_PATH_IMAGE146
Encrypted->
Figure DEST_PATH_IMAGE156
Step 2.2: verifying by lines;
is divided into rows
Figure 870385DEST_PATH_IMAGE004
Receiving a user transaction request->
Figure 246003DEST_PATH_IMAGE142
Verifying the transaction signature and determining the transfer amount>
Figure 355036DEST_PATH_IMAGE140
Whether or not the user balance is not exceeded>
Figure DEST_PATH_IMAGE158
Step 2.3: is divided into rows
Figure DEST_PATH_IMAGE160
Using an encryption key to ^ the authenticated transaction information>
Figure DEST_PATH_IMAGE162
Encryption, using a signing key
Figure DEST_PATH_IMAGE164
Sign and combine the transaction>
Figure DEST_PATH_IMAGE166
Forward its row in>
Figure DEST_PATH_IMAGE168
Figure DEST_PATH_IMAGE170
Wherein,
Figure DEST_PATH_IMAGE172
means for>
Figure 594649DEST_PATH_IMAGE162
Encrypted->
Figure DEST_PATH_IMAGE174
Figure DEST_PATH_IMAGE176
Means for>
Figure 35995DEST_PATH_IMAGE162
Encrypted->
Figure 649641DEST_PATH_IMAGE156
Step 2.4: head office verification
Figure 14894DEST_PATH_IMAGE166
The transaction is signed and verified, and then the encryption key is encrypted by the receiver's bank>
Figure DEST_PATH_IMAGE178
Encrypting the transaction information, based on the transaction requester's chief line>
Figure 201025DEST_PATH_IMAGE168
Signature key->
Figure DEST_PATH_IMAGE180
Signs and puts the transaction->
Figure DEST_PATH_IMAGE182
Forward receiver column>
Figure DEST_PATH_IMAGE184
Figure DEST_PATH_IMAGE186
Step 2.5: receiver head office
Figure 721262DEST_PATH_IMAGE184
Validating transaction>
Figure 71472DEST_PATH_IMAGE182
Signature, and after passing the verification, the transaction requester's chief line>
Figure 489683DEST_PATH_IMAGE168
Co-negotiating a random number->
Figure DEST_PATH_IMAGE188
As an internal transaction credential number &>
Figure DEST_PATH_IMAGE190
And forwards the internal transaction voucher number to the relevant branch and the user, i.e. &>
Figure DEST_PATH_IMAGE192
Step 2.6: two-party head office
Figure DEST_PATH_IMAGE194
Respectively to a global credit>
Figure DEST_PATH_IMAGE196
Submitting a transaction request +>
Figure DEST_PATH_IMAGE198
And &>
Figure DEST_PATH_IMAGE200
The transaction information includes the address of the user of the transaction requester>
Figure DEST_PATH_IMAGE202
Subscriber address of the transaction receiver>
Figure 364274DEST_PATH_IMAGE174
The transaction amount pickand place>
Figure DEST_PATH_IMAGE204
Internal transaction voucher number->
Figure 507942DEST_PATH_IMAGE190
Transaction information is encrypted using a respective encryption key>
Figure DEST_PATH_IMAGE206
And &>
Figure 797978DEST_PATH_IMAGE178
Encrypting and using a signing key
Figure 301772DEST_PATH_IMAGE180
And &>
Figure DEST_PATH_IMAGE208
Signature:
Figure DEST_PATH_IMAGE210
Figure DEST_PATH_IMAGE212
wherein,
Figure DEST_PATH_IMAGE214
for indicating
Figure DEST_PATH_IMAGE216
Figure DEST_PATH_IMAGE218
Means for>
Figure 262162DEST_PATH_IMAGE206
Encrypted->
Figure 888315DEST_PATH_IMAGE156
Step 2.7: global account book
Figure 213117DEST_PATH_IMAGE196
The signature is verified for the transaction request of the head office of both parties and the transaction information is verified
Figure DEST_PATH_IMAGE220
Whether the two are consistent;
and step 3: transaction processing, linking and executing transactions, comprising the steps of:
step 3.1: global account book
Figure 707553DEST_PATH_IMAGE196
Node pairs in a block chain network having transaction on/off>
Figure DEST_PATH_IMAGE222
Making a consensus, the transaction information including the address of the user of both parties of the transaction>
Figure 489826DEST_PATH_IMAGE202
And &>
Figure 473832DEST_PATH_IMAGE174
The transaction amount pickand place>
Figure 20351DEST_PATH_IMAGE204
Transaction internal voucher number->
Figure 882258DEST_PATH_IMAGE190
Transaction information is encrypted using an encryption key>
Figure DEST_PATH_IMAGE224
Encryption, using a hash function to calculate a hash of the transaction's internal credential number as the external transaction sequence number->
Figure DEST_PATH_IMAGE226
The global account book adds the external transaction sequence number and the encrypted transaction information to the blockchain: />
Figure DEST_PATH_IMAGE228
Figure DEST_PATH_IMAGE230
Figure DEST_PATH_IMAGE232
Wherein,
Figure DEST_PATH_IMAGE234
means for>
Figure 953044DEST_PATH_IMAGE224
Encryption
Figure DEST_PATH_IMAGE236
Step 3.2: both sides of the transaction branch
Figure 311213DEST_PATH_IMAGE160
And &>
Figure DEST_PATH_IMAGE238
After the transaction is inquired in the global account book according to the external transaction sequence number, the transaction is considered to be successful, and then the corresponding user balance is updated in different banks and based on the fact that the user balance is on or off>
Figure 33444DEST_PATH_IMAGE158
And &>
Figure DEST_PATH_IMAGE240
And 2, encrypting by using a lattice code in the steps 3, wherein the method comprises the following steps:
Figure DEST_PATH_IMAGE242
is selected at random>
Figure DEST_PATH_IMAGE244
And a random number->
Figure DEST_PATH_IMAGE246
,
Figure DEST_PATH_IMAGE248
For clear text->
Figure DEST_PATH_IMAGE250
Encrypt and output the encrypted text->
Figure DEST_PATH_IMAGE252
Indicates that the collection is->
Figure DEST_PATH_IMAGE254
A certain number selected randomly;
and 4, step 4: transaction inquiry, user can inquire transaction condition at any time, and when inquiring, firstly, it submits inquiry request to global account book
Figure DEST_PATH_IMAGE256
The request content contains the internal transaction voucher number @' of the queried transaction>
Figure 574409DEST_PATH_IMAGE190
Global ledger->
Figure 377280DEST_PATH_IMAGE196
Calculating a hash value of the internal transaction credential number using a hash function, and then concatenating the external transaction sequence numbers in the block chain equal to the hash value
Figure 470132DEST_PATH_IMAGE226
The corresponding transaction->
Figure 991243DEST_PATH_IMAGE222
Decrypting and sending to the user;
in the decryption process in the step 4, the lattice code is used for decryption, and the method comprises the following steps:
Figure DEST_PATH_IMAGE258
use>
Figure DEST_PATH_IMAGE260
Calculate->
Figure DEST_PATH_IMAGE262
Or
Figure DEST_PATH_IMAGE264
Use>
Figure DEST_PATH_IMAGE266
Calculate->
Figure DEST_PATH_IMAGE268
And 5: secret sharing and recovery;
the head office distributes the own secret key to the affiliated branch lines through secret sharing according to actual requirements; when the branch lines need to inquire other branch line transactions, after the agreement of the head line and a plurality of branch lines is solicited, the key is recovered by cooperation together;
the secret sharing and recovering method used in step 5 is as follows:
a preparation stage:
Figure DEST_PATH_IMAGE270
is a prime numberqUpper finite field, is greater than or equal to>
Figure DEST_PATH_IMAGE272
Represents a fifth->
Figure DEST_PATH_IMAGE274
Is involved in>
Figure DEST_PATH_IMAGE276
Represents->
Figure 867057DEST_PATH_IMAGE272
The resulting share of the secret is shared with,
Figure DEST_PATH_IMAGE278
;/>
Figure DEST_PATH_IMAGE280
is the party participating in>
Figure DEST_PATH_IMAGE282
Secret that wants to be shared, based on the number of times that the user has selected>
Figure DEST_PATH_IMAGE284
Is the party participating in>
Figure 868643DEST_PATH_IMAGE282
Generated random numbers, parties involved
Figure 527202DEST_PATH_IMAGE282
Is randomly generated>
Figure DEST_PATH_IMAGE286
Order polynomial:
Figure DEST_PATH_IMAGE288
wherein,
Figure DEST_PATH_IMAGE290
Figure DEST_PATH_IMAGE292
respectively denote->
Figure DEST_PATH_IMAGE294
Sub-term->
Figure DEST_PATH_IMAGE296
And &>
Figure DEST_PATH_IMAGE298
Is greater than or equal to>
Figure DEST_PATH_IMAGE300
Representing a modulo operation with a modulus ofq
Figure DEST_PATH_IMAGE302
Represents->
Figure DEST_PATH_IMAGE304
Is/are>
Figure DEST_PATH_IMAGE306
A secondary term;
secret sharing stage:
participant side
Figure 178019DEST_PATH_IMAGE282
Random selection>
Figure DEST_PATH_IMAGE308
Calculate->
Figure DEST_PATH_IMAGE310
Will >>
Figure DEST_PATH_IMAGE312
Is sent to>
Figure DEST_PATH_IMAGE314
Represents->
Figure DEST_PATH_IMAGE316
Figure 575634DEST_PATH_IMAGE308
Represents->
Figure 353097DEST_PATH_IMAGE282
Give/pick>
Figure 787752DEST_PATH_IMAGE272
Selected randomly->
Figure DEST_PATH_IMAGE318
Value->
Figure 204826DEST_PATH_IMAGE308
Secret recovery phase:
when in use
Figure DEST_PATH_IMAGE320
When, is greater or less>
Figure DEST_PATH_IMAGE322
Sub-secret owner recovers>
Figure DEST_PATH_IMAGE324
Figure DEST_PATH_IMAGE326
Wherein,
Figure 281498DEST_PATH_IMAGE308
represents->
Figure 664200DEST_PATH_IMAGE282
Give/pick>
Figure 456707DEST_PATH_IMAGE272
Is selected at random>
Figure 688974DEST_PATH_IMAGE318
Value->
Figure DEST_PATH_IMAGE328
Represents the number of child secret owners that are involved in recovering the secret;
at this time, it is necessary to
Figure 818604DEST_PATH_IMAGE282
Providing +>
Figure 67531DEST_PATH_IMAGE284
Can be further restored>
Figure 93256DEST_PATH_IMAGE280
2. The financial system transaction-oriented block chain privacy protection method based on the lattice code as claimed in claim 1, wherein after the query is completed, the head office changes the key and performs secret sharing again.
CN202110820938.8A 2021-07-20 2021-07-20 Block chain privacy protection method based on lattice code and oriented to financial system transaction Expired - Fee Related CN113656828B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110820938.8A CN113656828B (en) 2021-07-20 2021-07-20 Block chain privacy protection method based on lattice code and oriented to financial system transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110820938.8A CN113656828B (en) 2021-07-20 2021-07-20 Block chain privacy protection method based on lattice code and oriented to financial system transaction

Publications (2)

Publication Number Publication Date
CN113656828A CN113656828A (en) 2021-11-16
CN113656828B true CN113656828B (en) 2023-04-07

Family

ID=78477566

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110820938.8A Expired - Fee Related CN113656828B (en) 2021-07-20 2021-07-20 Block chain privacy protection method based on lattice code and oriented to financial system transaction

Country Status (1)

Country Link
CN (1) CN113656828B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118569866B (en) * 2024-08-01 2024-09-27 解悠数字科技(南京)有限公司 ETC multichannel payment information processing method based on lattice-based encryption algorithm

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3607516A1 (en) * 2017-04-07 2020-02-12 Nchain Holdings Limited Method and system for secure data record distribution using a blockchain
CN111008836A (en) * 2019-11-15 2020-04-14 哈尔滨工业大学(深圳) Privacy safe transfer payment method, device and system based on monitorable block chain and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2886849A1 (en) * 2015-04-07 2016-10-07 Brisson, Andre J. A secure mobile electronic payment system where only the bank has the key, distributed key handshakes, one way and two way authentication distributed key processes and setting up a dynamic distributed key server
GB201805633D0 (en) * 2018-04-05 2018-05-23 Nchain Holdings Ltd Computer implemented method and system
CN108809652B (en) * 2018-05-21 2021-07-23 安徽航天信息有限公司 Block chain encrypted account book based on secret sharing
CN109840771A (en) * 2019-04-01 2019-06-04 西安电子科技大学 A kind of block chain intimacy protection system and its method based on homomorphic cryptography
CN112364331A (en) * 2021-01-12 2021-02-12 北京中超伟业信息安全技术股份有限公司 Anonymous authentication method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3607516A1 (en) * 2017-04-07 2020-02-12 Nchain Holdings Limited Method and system for secure data record distribution using a blockchain
CN111008836A (en) * 2019-11-15 2020-04-14 哈尔滨工业大学(深圳) Privacy safe transfer payment method, device and system based on monitorable block chain and storage medium

Also Published As

Publication number Publication date
CN113656828A (en) 2021-11-16

Similar Documents

Publication Publication Date Title
TWI706275B (en) System and method for information protection
US10715500B2 (en) System and method for information protection
US11080694B2 (en) System and method for information protection
TW202020711A (en) System and method for information protection
KR20220142254A (en) Multi-signature wallet system in blockchain using the bloom filter
CN113656828B (en) Block chain privacy protection method based on lattice code and oriented to financial system transaction
Pei et al. Smart contract based multi-party computation with privacy preserving and settlement addressed
Dong et al. The secure data sharing and interchange model based on blockchain for single window in trade facilitation
AU2019101589A4 (en) System and method for information protection
AU2019101590A4 (en) System and method for information protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20230407

CF01 Termination of patent right due to non-payment of annual fee