CN114066449A - Multi-center collaborative supervision block chain user identity anonymity and tracking method and system - Google Patents

Multi-center collaborative supervision block chain user identity anonymity and tracking method and system Download PDF

Info

Publication number
CN114066449A
CN114066449A CN202010772443.8A CN202010772443A CN114066449A CN 114066449 A CN114066449 A CN 114066449A CN 202010772443 A CN202010772443 A CN 202010772443A CN 114066449 A CN114066449 A CN 114066449A
Authority
CN
China
Prior art keywords
user
center
tracking
block chain
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010772443.8A
Other languages
Chinese (zh)
Inventor
李佩丽
徐海霞
马添军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Institute of Information Engineering of CAS
Original Assignee
Guilin University of Electronic Technology
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology, Institute of Information Engineering of CAS filed Critical Guilin University of Electronic Technology
Priority to CN202010772443.8A priority Critical patent/CN114066449A/en
Publication of CN114066449A publication Critical patent/CN114066449A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Abstract

The invention relates to a method and a system for anonymizing and tracking the identity of a block chain user under multi-center cooperative supervision. The method comprises the steps of sending a label attribute of a user and an identity of the user to a registration center in a block chain network to obtain a certificate; encrypting the label attribute of the user by adopting a public key of the tracking center; randomizing a certificate obtained from a registry; a user generates a public and private key pair for transaction, and the transaction is generated and uploaded to a block chain by combining the encrypted label attribute of the user and the randomized certificate; if the tracking center wants to track a certain transaction on the chain, the transaction is sent to a plurality of authorization centers; if the authorization center agrees, a part of the decryption information is calculated on the basis of the ciphertext and sent to the tracking center, and the tracking center completes decryption operation after receiving more than threshold information. The invention ensures that the user only needs to register once to obtain the corresponding certificate, can keep the anonymous property of the block chain user, increases the traceable function and does not increase the burden of the original system.

Description

Multi-center collaborative supervision block chain user identity anonymity and tracking method and system
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for anonymizing and tracking a block chain user identity through multi-center collaborative supervision.
Background
The block chain has the characteristics of anti-counterfeiting, anti-tampering, traceable transaction, distrust removal and the like, and is widely concerned and researched by enterprises, scientific research institutions and governments. Currently, there is no uniform definition of the blockchain, and the blockchain is generally considered to be a distributed public database. The block chain technology is mainly applied to the financial field at present, and has been primarily applied to the fields of insurance industry, logistics, copyright protection and the like.
Bitcoin is the most typical application of blockchain technology and is itself deficient in anonymity and privacy. The bitcoin can only provide a pseudonym, and the transaction amount is public and transparent. It is mentioned in "Bitcoin and cryptocurrenttechnology" of E.Felten et al A comprehensive introduction. in Princeton University Press, 2016, "that de-anonymization schemes can be designed by extensive analysis of transaction and network data due to the public transparency of blockchain data. In view of this, much work has been done since 2017 on how to further enhance the anonymity of blockchain users. Typically, there are:
1) in 1981, Chaum first proposed the concept of a hybrid network and given the basic hybrid protocol "unlimited electronic mail, return addresses, and digital pseudonyms" hybrid technology to break up the correspondence between inputs and outputs so that other users do not know from which user a money came, i.e., to achieve sender anonymity.
2) The ring signature-based user anonymization technology comprises the following steps: in 2001, three-state cryptologists Rivest, Shamir and Tauman proposed for the first time a Ring signature "Ring Signatures of Sub-line Size Without Random Oracles [ C ]". The ring signature is a simplified group signature, only ring members in the ring signature have no manager, and cooperation among the ring members is not needed. Other users only know that the signature was signed by a user in the ring, but not which user specifically. The CryptoNote realizes the hiding of the identity of the sender by adopting a ring signature scheme, and realizes the identity hiding of the receiver by adopting a stealth address method. The stealth address method specifically is that a sender generates a random address as the address of a receiver through public information of the receiver, and the receiver can recover a corresponding private key through secret information of the receiver. Therefore, the address of the receiver changes every time, so that other nodes cannot link which transactions are sent to the same receiver, and the incoherence of the transactions is realized. The combination of the ring signature and the stealth address method can ensure the anonymity of the sender and the receiver.
3) User anonymity technology based on zero knowledge proof: to provide better anonymity, Miers et al, in the written paper "Zerocoin: Anonymous distributed e-case from bitcoin", designed an extended bitcoin system Zerocoin based on zero knowledge proof, such that there is no direct relationship between the input bitcoin address and the output bitcoin address. The currency amount in the Zerocoin is fixed, and the splitting of the amount cannot be realized. A paper "Zerocash: Decentralized Anonymous Payments from Bitcoi., by Ben-Sasson et al in 2014 proposes a new Anonymous digital currency Zerocash. Zerocash is based on and improves on Zerocoin. It uses compact non-interactive zero knowledge proof (zk-SNARKs) and homomorphic commitment cryptographic tools, and is called a completely anonymous currency. This approach provides good privacy protection.
However, the privacy protection is to protect the privacy of legal users with a double-edged sword, and if the privacy is completely separated from the supervision, the privacy protection is the palliation and the conciseness of illegal criminal behaviors such as money laundering, lasso and the like. In view of this, work has been followed to investigate blockchain user identity anonymity and traceability techniques. In 2014, Atenise et al designed a bitcoin authentication system in the written article "Certified bitcoils" so that the user could obtain the certificate issued by the trusted authority, thereby improving the credibility of the address thereof and enabling the identity of the user to be tracked by the trusted authority. But needs to register again with the trusted authority when the user changes the new public key. El Defrawy et al in the written article "foundation Digital Currency on Secure computing" devised a scheme for multiple servers to cooperatively store accounts and supervise based on Secure multi-party computing. A plurality of servers have secret share shares of the user identity, and the user identity can be recovered only by the servers with the number larger than a threshold number. The article "Linable Group Signature for Audio communications" by Zheng et al designs a Linkable Group Signature scheme for realizing traceability of user identity and auditability of transaction content. The group signature scheme satisfies anonymity and traceability. The verifier can verify that the group signature was indeed signed by a member of the group, but does not know who. The group administrator can obtain the identity of the signer (here the public key, i.e. the identity). However, if the user changes the public key, the user needs to register with the administrator again. In most block chain systems (bitcoin, etherhouse, menlo coin and the like) at present, a user public key is continuously updated and changed, and according to methods of Atenise and the like and Zheng and the like, a user needs to go to a center for registration when generating a pair of keys, so that the burden of the user and a supervision center is increased. In addition, if only one supervision center is provided, the problems of single-point failure and over-centralized rights exist.
Disclosure of Invention
The invention aims to provide a method and a system for anonymizing and tracking the user identity of a block chain system under multi-center cooperative supervision, so that a user only needs to register with a registry once to obtain a corresponding certificate. The method keeps the anonymous property of the block chain users, increases the traceability function on the basis, does not increase the burden of the original system, has concise proof generation and high proof verification efficiency for the users, disperses the tracing right of the tracing center, and can complete the tracing operation only by the cooperation of multiple centers.
The technical scheme adopted by the invention is as follows:
a user identity anonymization method of a block chain system with multi-center cooperative supervision is suitable for a user side in a block chain network and comprises the following steps:
sending the label attribute of the user and the identity of the user to a registration center in a block chain network to obtain a certificate;
encrypting the label attribute of the user by adopting a public key of the tracking center;
randomizing a certificate obtained from a registry;
and generating a transaction by combining the encrypted label attribute of the user and the randomized certificate according to a public and private key pair for the transaction generated by the user, and uploading the transaction to the block chain.
Further, the certificate is generated by the registry using the steps of:
randomly selecting r ← Zp *Calculating a ═ f-r,b=(Ui·h)rz, certificate cert: ═ a, b;
wherein Z isp *Multiplication group, U, representing modulo piThe label attribute representing the user, f, h, z are the group elements randomly selected from the group G, a is the first half of the certificate, b is the second half of the certificate, and ← represents that the content on the left is generated by the algorithm on the right.
Further, the encrypting the tag attribute of the user by using the public key of the tracking center includes:
randomly selecting r ← ZpCalculate UiC of1=gr,c2=UiAr(ii) a Wherein A is a public key of the tracking center, and G is a generator of the group G;
setting the ciphertext of the user tag as C ═ C1,c2)。
Further, the randomizing the certificate obtained from the registry includes:
randomly selecting ρ ← ZpCalculating a ═ af,
Figure BDA0002617155980000031
The certificate after randomization is denoted as cert ═ a ', b'); wherein tagiA privacy label representing the user.
Further, the ciphertext C of the user tag is truthfully generated by proving pi, and the corresponding tag UiIs authenticated, wherein pi is certifiedImplemented using knowledge-related Signature (SOK) techniques. And binds the anonymous certificate and the public key through this step.
Further, a transaction is generated according to the encrypted label attribute of the user, the public and private key pair of the user and the randomized certificate, and the generated transaction is txcWhere pk is the user public key and m denotes the transaction content.
A user identity tracking method of a multi-center collaborative supervision block chain system is suitable for a plurality of supervision centers (including a registration center, a tracking center and n authorization centers) in a block chain network, and comprises the following steps:
the registration center receives the user label attribute and the user identity sent by the user side in the block chain network and stores the user label attribute and the user identity in a registration list Reg;
the registry will track the private key sk of the centertSharing s secret to n authorization centers;
the registration center calculates the hash value of each user label attribute, takes the hash value and the corresponding user identity as a changed registration list and records the changed registration list as ReghSending the information to a tracking center;
if the tracking center wants to track the user identity of a certain transaction, the transaction tx is processedc(pk, m, a ', b', C, Π) to an authorization center;
if the authorization center agrees to the tracking operation, calculating a part of information of the decryption key by using the secret sharing value of the authorization center, and sending the part of information to the tracking center;
if the tracking center receives more than threshold information, the label attribute of the user can be calculated. Looking up a registration list Reg by computing a hash value of a label attributehAnd finding the identity of the corresponding user.
Further, the registry will track the private key sk of the centertS secret is shared with n authorization centers, including: using Shamir's secret sharing scheme, a random number c of t-1 modulo p is first chosen for the secret1,c2,…,ct-1As coefficients of a polynomial of degree t-1, where the constant term is the private key s; secret sharing polynomial is denoted as f (x) ═ ct-1xt-1+ct-2xt-2+...+c1x + s mod p; the shared values of the tracking center's private key s to n servers are f (1), f (2), f (n), respectively.
A block chain system for realizing user identity anonymity and tracking comprises a block chain network consisting of a plurality of supervision centers (including a registration center, a tracking center and a plurality of authorization centers) and a user side; the user side adopts the method of the invention to carry out user identity anonymity; the supervision centers adopt the method of the invention to track the user identity.
An electronic device comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for carrying out the steps of the inventive method.
A computer-readable storage medium storing a computer program which, when executed by a computer, performs the steps of the method of the invention.
The invention provides a practical and efficient block chain user anonymity and traceable method, which can reduce the burden of a user and a supervision center and has the following advantages:
1) the user only needs to register once in the registry, and the subsequent user public key can be updated at any time, so that the user certificate can be generated efficiently;
2) the anonymity of the original system can be kept, the certificate anonymization method is simple and efficient, and the anonymous certificate can be bound with the public key;
3) tracking the user identity by the tracking center requires the permission of most authorization centers.
Drawings
FIG. 1 is a flow diagram of a block chain user identity anonymization and tracking technique method of multi-center collaborative supervision.
Fig. 2 is a registry map. The registry calculates each user label attribute UiThe changed registration list, i.e. the Hash value and the corresponding user identity list (Hash (U)i),idi) And sending the information to a tracking center.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, the present invention is further described with reference to the following embodiments and accompanying drawings.
FIG. 1 is a flow diagram of a block chain user identity anonymization and tracking technique method of multi-center collaborative supervision. In the registration phase, user i generates an identification tag of the useriAnd a tag attribute UiWherein
Figure BDA0002617155980000051
User i sends id to supervision centeriAnd UiAnd the associated certificate, and the registry verifies the received message to generate the corresponding certificate (a, b). Registration center will Ui,idiAdded to the registration list. The user i verifies the message returned by the registration center, if the verification is passed, the user i saves (tag)i,UiA, b). The registration is completed. The user i then randomizes his certificate (a, b) to generate (a ', b'), whose attribute tag U is encrypted with the public key of the tracking centeriResulting in the ciphertext C. User generated authentication transaction txcAnd published on blockchains. If the tracking center wants to track a certain transaction on the chain, the transaction is sent to n authorization centers. If the authorization center agrees, a part of the decryption information is calculated on the basis of the ciphertext C and is sent to the tracking center, and the tracking center can finish decryption operation after receiving more than threshold information.
The invention relates to a multi-center supervision block chain user anonymity traceable technology which comprises four parts of 1 initialization, 2 user registration, 3 transaction generation and verification and 4 identity tracing.
1. Initialization algorithm Setup (1)k):
a) The registry generates a bilinear group gk ═ p, GT,e,g)←G(1k). Wherein G is a bilinear group generation algorithm, k is a system security parameter, p is a large prime number, G, GTAll are clusters with order p, G is the generator of the cluster G, e represents the bilinear map operator, and ← represents the left content generated by the right algorithm.
b) Randomly selecting group element f, h, z ← G, meterComputing group GTThe element of (e) is (f, z); randomly selecting an integer x as a private key of an Elgamal encryption scheme, and calculating a public key A ═ gsmod p. A is used as a tracing public key, and the registry secretly shares the tracing private key s to the n authorization centers.
Adopting a secret sharing scheme of shamir, firstly selecting t-1 random numbers c of a modulus p from a secret1,c2,…,ct-1As the coefficient of a polynomial of degree t-1, where the constant term is the private key s. Secret sharing polynomial is denoted as f (x) ═ ct-1xt-1+ct-2xt-2+...+c1x + s mod p. Share value s1=f(1),s2=f(2),...snF (n) are respectively sent to n authorization centers.
c) The registry has a registration list, denoted Reg, initially empty.
d) Return (mpk, msk): ((gk, f, h, T, a), (z, s)). Where mpk denotes the master public key and msk denotes the master private key.
2. User registration
The registration algorithm is an interactive process, and the specific process is as follows:
a. user i generates a user's tag pair
Figure BDA0002617155980000061
Wherein tagiPrivacy label, U, representing a useriIndicating a tag attribute, i is a user's label. Wherein tagiOnly the user knows by himself, user i will be Ui、idiAnd pi is sent to a supervision center, wherein idiIs the identity of user i, pi is proof that it has UiIndex based on g ofi(specific procedures are exemplified below).
b. The registry verifies the user's information, if the verification is passed, then randomly selects r ← Zp *Calculating a ═ f-r,b=(Ui·h)rz, certificate cert: ═ a, b. Sending the certificate (a, b) to the user, wherein a is the first half of the certificate and b is the second half of the certificate. Wherein Z isp *Representing a multiplicative group modulo p.
c. The user verifies the received certificate. The certificate verification algorithm is denoted as cert.verify, that is, whether the following equation is satisfied is judged:
Figure BDA0002617155980000062
after the registration algorithm is finished, the user gets (tag)i,Ui) And the corresponding certificate cert ═ (a, b). The registry will (U)i,idi) Added to the registration list Reg, as shown in fig. 2, the registration list Reg is kept secret from other users. The registry calculates each user label attribute UiHash value of (U)i) The Hash value and the corresponding user identity are listed (Hash (U)i),idi) And sending the information to a tracking center.
3. Generation and verification of transactions
3.1) Generation of transactions:
a) the user computes a randomized certificate, randomly selects ρ ← ZpCalculating a ═ af,
Figure BDA0002617155980000063
The certificate after randomization is denoted as cert ' ═ a ', b ', and R ═ a ' is calculated 'r
The randomized certificate still satisfies the authentication equation e (a', U)i·h)e(f,b')=T。
b) User uses tracing public key A to encrypt own label attribute Ui. Adopting an Elgamal public key encryption scheme, comprising the following steps:
randomly selecting r ← ZpCalculating the ciphertext c1=gr,c2=UiAr(ii) a Wherein ZpAn integer addition group representing modulo p;
Uiis denoted as (C)1,c2)。
c) User generated authentication transaction txcWhere pk is the public key of the user in the blockchain system, m is the transaction content (the transaction here refers to all transaction types that the blockchain system can support, and may be a transfer account)Transaction or other transaction, we note m). II is an attribute label U corresponding to proving that the ciphertext C of the user is honestiIs registered in a registry and the user has UiIs used as an index of (1). Here it is shown that Π is achieved using knowledge-based Signature (SOK) techniques (see the paper Camenisch J., Stadler M. (1997) effectiveness group signature schemes for large groups. in: Kaliski B.S. (eds) Advances in cryptography-CRYPTO' 97.CRYPTO 1997. feature Notes in Computer Science, vol 1294.Springer, Berlin, Heidelberg). The proof process is described in the following specific examples.
c) The transaction generated is txc=(pk,m,a',b',C,Π)。
3.2) verification of transactions
Validating a transaction txcAnd if the verification is passed, (pk, m, a ', b', C, Π) the transaction is accepted, and if not, the transaction is rejected.
4. Identity tracking
a) If the tracking center wants to track a certain transaction tx on the block chaincThe initiator of (1). To trade txc(pk, m, a ', b', C, Π) to an authorization center.
b) After the authorization center receives the transaction, if the authorization center agrees to the tracking operation, the calculation is carried out
Figure BDA0002617155980000074
To a tracking center
c) After receiving t messages (note message as D)1,…,Dt) Calculating a function:
Figure BDA0002617155980000071
wherein xiRepresents DiValue s of function representediThe corresponding variable takes a value.
According to Shamir's secret sharing algorithm and Lagrange's difference algorithm, it can be known that
Figure BDA0002617155980000072
Figure BDA0002617155980000073
Tracking center calculation U*=c1(ii)/F (0), calculating Hash (U)*) And look up the list ReghFind Hash (U)j)=Hash(U*) And thus find the corresponding user identity.
One specific example is provided below. The blockchain user anonymity traceable technique of this example is divided into four stages: 1. initial phase 2. user registration 3. transaction generation and verification 4. user tracking. The method comprises the following specific steps:
1. an initial stage:
the registry generates a bilinear group gk ═ p, GT,e,g)←G(1k);
Randomly selecting f, h, z ← G, and calculating T: ═ e (f, z);
randomly selecting an integer x as a private key of an Elgamal encryption scheme, and calculating a public key A ═ gxmod p。
Return (mpk, msk): ((gk, f, h, T, a), (z, x)).
The registry has a registration list, denoted Reg, initially empty.
2. User registration:
user i randomly generates a secret tag and calculates Ui=gtagWill U isi,idiAnd proof pi is sent to the registry and proves that it has a corresponding tag (here, it can be implemented by using knowledge-related signature SOK, and the user randomly selects r1←ZpCalculating
Figure BDA0002617155980000081
z1=r1+c1·tagi,π=(c1,z1))。
The registration center verifies the identity of the user and proves pi, and the verification method for proving pi comprises the following steps: verification equation
Figure BDA0002617155980000082
Whether the result is true or not;
if the verification is passed, calculating s ← Zp,a:=f-s,b:=(Ui·h)sz, sending the certificate (a, b) to the user. The registry stores registration information (U) of the useri,idi) To the registration list as shown in fig. 1.
User authentication e (a, g)tagH) e (f, b) is true or not, and if yes, (tag, a, b) is saved.
3. Transaction generation and verification
3.1) Generation of transactions: user public key PK, transaction content is marked as m
The specific method for generating the transaction by the user is as follows:
1) user uses public key A of tracking center to encrypt own label attribute Ui. Adopting an ElGamal public key encryption scheme:
randomly selecting r ← ZpCalculating the ciphertext c1=gr,c2=UiAr
The ciphertext of the tag attribute is denoted as (C ═ C)1,c2)。
2) The user computes a randomized certificate, randomly selects ρ ← ZpCalculating a ═ af,
Figure BDA0002617155980000083
The certificate after randomization is denoted as cert ' ═ a ', b ', and R ═ a ' is calculated 'r
3) Generating proof pi to prove that the user's ciphertext C is honest, corresponding attribute tag UiIs registered in a registry and the user has UiIs used as an index of (1). It is particularly necessary to demonstrate that R is based on an index a' and c1The index based on g is the same and proves that he has C ═ C1,c2) The corresponding information on the index (r, tag) in (1)i). The mode of occurrence of Π proves to be as follows:
and (3) proving that: calculating R ═ a'rProve R ═ a'rAnd c1=grHave the same index r and which has c1=gr,
Figure BDA0002617155980000084
Upper indices r and tagi
Provers (C, R, a', g, R, tag)i,m):
Random selection
Figure BDA0002617155980000085
Computing
Figure BDA0002617155980000086
c=hash(T0,T1,T2,m);
z1=k1+ctr,z2=k2+ctb
Prove pi ═ R, c, z1,z2)。
Wherein the content of the first and second substances,
Figure BDA0002617155980000091
representing modulo p multiplicative groups, ctIndicates that the hash function acts on (T)0,T1,T2And m) is calculated.
The final user transaction is in the form of txc=(pk,m,a',b',C,Π)
3.2) verification of the transaction:
validating a transaction txc(pk, m, tx, a ', b', C, Π), wherein C is (C)1,c2),Π=(R,c,z1,z2):
a) Verifying pk, m according to a verification method of the original block chain transaction;
b) judging equation e (a', c)2H) whether e (f, b') is true or not;
c) verification proves that pi:
computing
Figure BDA0002617155980000092
Judging c as hash (T)0',T1',T2', m) is true;
if a), b) and c) are verified, the transaction is accepted, otherwise, the transaction is rejected.
4. Identity tracking
a) TrackingIf the center wants to track a certain transaction tx on the block chaincThe initiator of (1). To trade txc(pk, m, a ', b', C, Π) to an authorization center.
b) After the authorization center receives the transaction, if the authorization center agrees to the tracking operation, the calculation is carried out
Figure BDA0002617155980000093
To a tracking center
c) After receiving t messages (note message as D)1,…,Dt) Calculating a function:
Figure BDA0002617155980000094
wherein xiRepresents DiValue s of function representediThe corresponding variable takes a value.
According to Shamir's secret sharing algorithm and Lagrange's difference algorithm, it can be known that
Figure BDA0002617155980000095
Figure BDA0002617155980000096
Tracking center calculation U*=c1(ii)/F (0), calculating Hash (U)*) And look up the list ReghFind Hash (U)j)=Hash(U*) And thus find the corresponding user identity.
In conclusion, the invention designs a block chain user anonymity and traceable method of multi-center cooperative supervision based on ElGamal public key encryption, Groth's verifiable signature scheme and knowledge-related Signature (SOK). The scheme has the following characteristics:
1) anonymity of the user: inclusion of tx in user-posted transactionsc(pk, m, a ', b', C, Π). Where the public key PK of the user and the certificates a, b are randomized each time without revealing any information about the identity of the user. Proof pi uses a knowledge-based signature Scheme (SOK), which, for example, requires discrete logarithm decisions to be resolved to link two transactions to the same user, but this is difficult. Thus transactingThe anonymity of the user can be maintained.
2) Traceability of the user: the pi is proved to ensure that the public key pk in the transaction is authenticated, and the pi is proved to be unforgeable (which is ensured by the property of the SOK) and the tracking private key is secretly shared to n authorization centers, if more than t authorization centers agree, the tracking center can correctly decrypt and recover the attribute label of the user, and therefore the identity of the user is found through the list.
3) High efficiency: the user only needs to generate concise proof about knowledge;
as can be seen from the above description of the scheme, the present invention introduces a new certificate generation mechanism, and uses a proof of knowledge without bringing too much burden to the system compared with the original blockchain system (taking bitcoin as an example). The transaction generation and verification are simple and efficient, the tracking right is decentralized, and the tracking center can realize the tracking operation only by the consent of most authorization centers.
Based on the same inventive concept, another embodiment of the present invention provides a blockchain system for implementing user identity anonymity and tracking, including a blockchain network composed of a supervision center (including a registration center, a tracking center and n authorization centers) and a user end; the user side adopts the method of the invention to carry out user identity anonymity; the supervision center adopts the method of the invention to track the user identity.
Based on the same inventive concept, another embodiment of the present invention provides an electronic device (computer, server, smartphone, etc.) comprising a memory storing a computer program configured to be executed by the processor and a processor, the computer program comprising instructions for performing the steps of the inventive method.
Based on the same inventive concept, another embodiment of the present invention provides a computer-readable storage medium (e.g., ROM/RAM, magnetic disk, optical disk) storing a computer program, which when executed by a computer, performs the steps of the inventive method.
The above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and a person skilled in the art can modify the technical solution of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (11)

1. A user identity anonymization method of a block chain system with multi-center cooperative supervision is suitable for a user side in a block chain network, and is characterized by comprising the following steps:
sending the label attribute of the user and the identity of the user to a registration center in a block chain network to obtain a certificate;
encrypting the label attribute of the user by adopting a public key of the tracking center;
randomizing a certificate obtained from a registry;
and generating a transaction by combining the encrypted label attribute of the user and the randomized certificate according to a public and private key pair for the transaction generated by the user, and uploading the transaction to the block chain.
2. The method according to claim 1, characterized in that the certificate is generated by a registry using the following steps:
randomly selecting r ← Zp *Calculating a ═ f-r,b=(Ui·h)rz, certificate cert: ═ a, b;
wherein Z isp *Multiplication group, U, representing modulo piThe label attributes representing the user, f, h, z are randomly selected group elements, a is the front half of the certificate, b is the back half of the certificate, and ← representing the content on the left generated by the algorithm on the right.
3. The method of claim 2, wherein encrypting the user's tag attributes using the tracking center's public key comprises:
randomly selecting r ← ZpCalculate UiC of1=gr,c2=UiAr(ii) a Wherein A is the public key of the tracking center, UiThe label attribute of the user is represented, and G is a generator of the group G;
setting the ciphertext of the user tag as C ═ C1,c2)。
4. Method according to claim 3, characterized in that the cryptogram C of the user tag is truthfully generated by proving pi, and the corresponding tag UiIs authenticated, where proof Π is implemented using knowledge-based signature techniques.
5. The method of claim 3, wherein randomizing the certificate obtained from the registry comprises:
randomly selecting ρ ← ZpCalculating
Figure FDA0002617155970000011
The certificate after randomization is denoted as cert ═ a ', b'); wherein tagiA privacy label representing the user.
6. The method of claim 5, wherein the generated transaction is txcWhere pk is the user public key and m denotes the transaction content.
7. A user identity tracking method of a multi-center collaborative supervision block chain system is suitable for a supervision center in a block chain network, wherein the supervision center comprises a registration center, a tracking center and a plurality of authorization centers, and is characterized by comprising the following steps:
the registration center receives the user label attribute and the user identity sent by the user side in the block chain network and stores the user label attribute and the user identity in a registration list Reg;
the registry will track the private key sk of the centertSharing s secret to n authorization centers;
the registration center calculates the hash value of each user label attribute, takes the hash value and the corresponding user identity as a changed registration list and records the changed registration list as ReghIs sent to the tracingA center;
if the tracking center wants to track the user identity of a certain transaction generated by the method of any one of claims 1-6, the transaction is sent to the authorization center;
if the authorization center agrees to the tracking operation, calculating a part of information of the decryption key by using the secret sharing value of the authorization center, and sending the part of information to the tracking center;
if the tracking center receives more than threshold information, calculating the label attribute of the user, and searching the registration list Reg by calculating the hash value of the label attributehAnd finding the identity of the corresponding user.
8. The method according to claim 1, characterized in that the registry is to track the private key sk of the centertS secret is shared with n authorization centers, including:
using Shamir's secret sharing scheme, the secret is chosen to be t-1 random numbers c modulo p1,c2,…,ct-1As coefficients of a polynomial of degree t-1, where the constant term is the private key s;
secret sharing polynomial is denoted as f (x) ═ ct-1xt-1+ct-2xt-2+...+c1x+smodp;
The shared values of the tracking center's private key s to n servers are f (1), f (2), f (n), respectively.
9. A block chain system for realizing user identity anonymity and tracking is characterized by comprising a block chain network consisting of a supervision center and a user side; the supervision center comprises a registration center, a tracking center and a plurality of authorization centers; the user side adopts the method of any claim 1-6 to carry out user identity anonymization; the supervision center adopts the method of claim 7 or 8 to track the user identity.
10. An electronic apparatus, comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for performing the method of any of claims 1 to 8.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a computer, implements the method of any one of claims 1 to 8.
CN202010772443.8A 2020-08-04 2020-08-04 Multi-center collaborative supervision block chain user identity anonymity and tracking method and system Pending CN114066449A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010772443.8A CN114066449A (en) 2020-08-04 2020-08-04 Multi-center collaborative supervision block chain user identity anonymity and tracking method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010772443.8A CN114066449A (en) 2020-08-04 2020-08-04 Multi-center collaborative supervision block chain user identity anonymity and tracking method and system

Publications (1)

Publication Number Publication Date
CN114066449A true CN114066449A (en) 2022-02-18

Family

ID=80231862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010772443.8A Pending CN114066449A (en) 2020-08-04 2020-08-04 Multi-center collaborative supervision block chain user identity anonymity and tracking method and system

Country Status (1)

Country Link
CN (1) CN114066449A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174247A (en) * 2022-07-18 2022-10-11 中国工商银行股份有限公司 Object tracking method and device based on block chain and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174247A (en) * 2022-07-18 2022-10-11 中国工商银行股份有限公司 Object tracking method and device based on block chain and electronic equipment

Similar Documents

Publication Publication Date Title
TWI760149B (en) Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
WO2021042685A1 (en) Transaction method, device, and system employing blockchain
CN110011781B (en) Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof
CN111064734B (en) Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device
CN111814191B (en) Block chain private data protection method, device and system
Yasin et al. Cryptography based e-commerce security: a review
Yuen PAChain: private, authenticated & auditable consortium blockchain and its implementation
Wang et al. A regulation scheme based on the ciphertext-policy hierarchical attribute-based encryption in bitcoin system
CN113554436A (en) User identity anonymization method, tracking method and system for block chain system
Luong et al. Privacy-preserving identity management system on blockchain using Zk-SNARK
Bartusek et al. End-to-end secure messaging with traceability only for illegal content
Wu et al. The survey on the development of secure multi-party computing in the blockchain
CN114066449A (en) Multi-center collaborative supervision block chain user identity anonymity and tracking method and system
CN110278073B (en) Group digital signature and verification method, and equipment and device thereof
Li et al. An auditable confidentiality protocol for blockchain transactions
Cho et al. Big data cloud deduplication based on verifiable hash convergent group signcryption
Yuen et al. Towards a cryptographic treatment of publish/subscribe systems
Shin et al. AAnA: Anonymous authentication and authorization based on short traceable signatures
Su et al. Secure blockchain-based electronic voting mechanism.
GB2612310A (en) Generating shared keys
Feng et al. A DRM system protecting consumer privacy
Ebrahimi et al. Enhancing cold wallet security with native multi-signature schemes in centralized exchanges
Chen et al. An efficient electronic cash scheme with multiple banks using group signature
Zhao et al. A regulatable mechanism for transacting data assets
Bultel et al. Improving the efficiency of report and trace ring signatures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination