CN114329610A - Block chain privacy identity protection method, device, storage medium and system - Google Patents
Block chain privacy identity protection method, device, storage medium and system Download PDFInfo
- Publication number
- CN114329610A CN114329610A CN202111680787.7A CN202111680787A CN114329610A CN 114329610 A CN114329610 A CN 114329610A CN 202111680787 A CN202111680787 A CN 202111680787A CN 114329610 A CN114329610 A CN 114329610A
- Authority
- CN
- China
- Prior art keywords
- account
- privacy
- identity
- information
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012795 verification Methods 0.000 claims abstract description 62
- 230000005484 gravity Effects 0.000 claims description 17
- 238000005192 partition Methods 0.000 claims 1
- 230000008569 process Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000011835 investigation Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000009956 central mechanism Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
Images
Abstract
The invention discloses a block chain privacy identity protection method, a device, a storage medium and a system, wherein the block chain privacy identity protection method creates a pre-account structure for an account holder according to an identity provider information set and anonymous revoker public key information; verifying the pre-account structure by using cryptography and zero-knowledge proof through an identity provider, and receiving an account structure fed back by the identity provider when the verification is successful; acquiring signature authentication in an account structure, and generating identity information according to the signature authentication; and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified. In the invention, identity information is generated by signature authentication in the account structure fed back after the cryptology and zero-knowledge proof verification is carried out on the pre-account structure, and the privacy account is stored when the verification is successful in the block chain network, so that the secret storage of the user privacy account is realized.
Description
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method, an apparatus, a storage medium, and a system for protecting a blockchain privacy identity.
Background
At present, the digital identity authentication process generally adopts a centralized mechanism mode, and the central mechanism authenticates the identity of a user and issues a digital identity. The authenticated data is stored in the central server, can be read at will, is easy to lose and is unsafe. Data is in a centralized organization, all services depend on the centralized organization, the data processing of the organization is completely private, and any data generated by a user can be mastered by the organization and is in danger of being lost or even being sold. How to protect the private identity data of the user is an urgent problem to be solved.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a block chain privacy identity protection method, a block chain privacy identity protection device, a storage medium and a block chain privacy identity protection system, and aims to solve the technical problem that user privacy identity data cannot be protected in the prior art.
In order to achieve the above object, the present invention provides a method for protecting a privacy identity of a blockchain, where the method for protecting a privacy identity of a blockchain includes:
creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof, and receiving an account structure fed back by the identity provider when the verification is successful;
acquiring signature authentication in the account structure, and generating identity information according to the signature authentication;
and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified.
Optionally, the step of verifying the pre-account structure by the identity provider using cryptography and zero-knowledge proof, and receiving the account structure fed back by the identity provider when the verification is successful includes:
cryptographically verifying, by an identity provider, a set of identity provider information in the account structure;
verifying the commitment value of the account holder by using zero-knowledge proof, and receiving the account structure fed back by the identity provider when the verification is passed.
Optionally, the verifying the commitment value of the account holder with the zero-knowledge proof further includes, after the step of receiving the account structure fed back by the identity provider when the verification is passed:
obtaining public information in the pre-account structure through the identity provider, and determining the number of private accounts of the account holder according to the public information;
generating a privacy account according to the signature authentication within the range of the number of the privacy accounts;
and sending the privacy account to the blockchain network so that the blockchain network stores the privacy account when the verification of the privacy account is successful.
Optionally, the step of sending the privacy account to the blockchain network, so that the blockchain network stores the privacy account when the verification of the privacy account is successful includes:
and sending the privacy account to the blockchain network so that the blockchain network verifies the commitment value through zero knowledge proof, verifies the number of the privacy accounts through bulletproof proof, and stores the privacy accounts when verification is successful.
Optionally, the step of obtaining the signature authentication in the account structure and generating the identity information according to the signature authentication includes:
obtaining a signature authentication in the account structure and an initial commitment value of the account holder;
and generating a privacy account according to the signature authentication and the initial commitment value.
Optionally, after the step of sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified, the method further includes:
when a privacy account is revoked, obtaining the revocation proportion of an anonymous revoker;
when the revocation specific gravity is larger than a first preset specific gravity, obtaining private key information of an anonymous revoker;
determining a private account to be revoked according to the private key information;
and verifying the private account to be revoked through the identity provider, and revoking the private account to be revoked when the verification is passed.
Optionally, the step of determining, by the identity provider, a corresponding account structure to be revoked according to the identity information, and revoking the account structure to be revoked further includes;
when the revocation proportion is greater than a second preset proportion, determining the initial commitment value according to the private key information;
and generating each privacy account of the account holder according to the initial commitment value, and revoking each privacy account.
In addition, to achieve the above object, the present invention further provides a device for protecting a privacy identity of a blockchain, including:
the structure creating module is used for creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
the structure verification module is used for verifying the pre-account structure by using cryptography and zero-knowledge proof through an identity provider and receiving an account structure fed back by the identity provider when the verification is successful;
the information generation module is used for acquiring the signature authentication in the account structure and generating identity information according to the signature authentication;
and the information storage module is used for sending the identity information to the blockchain network so as to enable the blockchain network to store the privacy account corresponding to the identity information when the identity information is successfully verified.
In addition, to achieve the above object, the present invention further provides a storage medium, where a block chain privacy identity protection program is stored on the storage medium, and when being executed by a processor, the block chain privacy identity protection program implements the steps of the block chain privacy identity protection method.
In addition, to achieve the above object, the present invention further provides a system for protecting a privacy identity of a blockchain, where the system for protecting a privacy identity of a blockchain includes: the block chain privacy identity protection method comprises a memory, a processor and a block chain privacy identity protection program which is stored on the memory and can run on the processor, wherein the steps of the block chain privacy identity protection method are realized when the block chain privacy identity protection program is executed by the processor.
The invention provides a block chain privacy identity protection method, a device, a storage medium and a system, wherein the block chain privacy identity protection method creates a pre-account structure for an account holder according to an identity provider information set and anonymous revoker public key information; verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof, and receiving an account structure fed back by the identity provider when the verification is successful; acquiring signature authentication in the account structure, and generating identity information according to the signature authentication; and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified. According to the method and the device, identity information is generated through signature authentication in the account structure fed back after cryptography and zero-knowledge proof verification are carried out on the pre-account structure, the identity information is sent to the block chain network, and the privacy account is stored when the block chain network is successfully verified, so that the secret storage of the user privacy account is realized.
Drawings
Fig. 1 is a schematic structural diagram of a control device in a block chain privacy identity protection system in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a block chain privacy identity protection method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a block chain privacy identity protection method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a third embodiment of a method for privacy identity protection for blockchain according to the present invention;
fig. 5 is a block diagram illustrating a first embodiment of a blockchain privacy identity protection apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a control device of an account holder in a blockchain privacy identity protection system of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the blockchain privacy identity protection system includes an account holder, an identity provider, an anonymous revoker, a blockchain network, and a control device. Wherein the control device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), and the optional user interface 1003 may further include a standard wired interface and a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) or a Non-volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of a blockchain privacy identity protection system, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, identified as one type of computer storage medium, may include an operating system, a network communication module, a user interface module, and a blockchain privacy identity protection program.
In the control device shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting user equipment; the block chain privacy identity protection system calls a block chain privacy identity protection program stored in the memory 1005 through the processor 1001, and executes the block chain privacy identity protection method provided by the embodiment of the present invention.
Based on the above hardware structure, an embodiment of the block chain privacy identity protection method of the present invention is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a block chain privacy identity protection method according to a first embodiment of the present invention, and provides a security enforcement method according to the first embodiment of the present invention.
In this embodiment, the block chain privacy identity protection method includes:
step S10: creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
it should be understood that the execution subject of the present embodiment may be a control device of the block chain privacy identity protection system. The control device may be a computer, a server, etc. The control device can coordinate control over account holders, identity providers, and blockchain networks in a blockchain privacy identity protection system. The control device may be located at the account holder side.
It should be understood that the account holder is a private or corporate entity. The account holder exists in real life and has a certificate to the identity provider that can prove its identity. For example, account holders all have a name by which they can be identified by a real physical identity (CPR, passport number, etc.). The account holder also has a "public identity certificate", and only knows the secret certificate corresponding to the "public identity certificate" by himself. An account holder may register with an identity provider to obtain proof that the account holder has certain attributes. The attestation process also involves a blockchain network. After registration is complete, the account holder creates a new privacy account on the chain through the control device using the identity provider's signature authentication. At this point the privacy account will contain information that proves that the account belongs to the account holder, registered with the given identity provider. It may reveal some account holder's attributes, but the account holder is anonymous and there is no identity information for the corresponding account holder on the blockchain network. The identity provider is used to check the identity of the account holder and issue a certificate after identity verification is correct, which essentially signs many attributes of the account holder, indicating that the account holder does in fact possess the corresponding attributes. The anonymous revoker is used for revoking anonymity on the privacy account. If it is desired to determine that a privacy account possesses identity information of an account holder who means the account, the anonymous revoker may identify, with the aid of an identity provider, that all privacy accounts belong to the account holder's identity information. The anonymous revoker includes a name and a public encryption key and holds the decryption key in the privacy. Upon registering with an identity provider, the account holder and the identity provider may revoke the privacy account based on the weight of the anonymous revoker.
Note that the pre-account structure is a structure generated by a control device on the side of the identity holder for verifying the signature of the account holder and the attributes that the account holder has. The structure of Yuzhu includes the authentication information provided by the identity provider, i.e. the identity provider set, the public key information of the anonymous revoker, and the partial public information held by the account and the commitment value. Wherein the commitment values include an initial commitment value and a Pedersen commitment value for generating the privacy account.
In a specific implementation, the control device may collect the identity provider set and the anonymous revoker public key information before generating the pre-account structure, and generate the pre-account structure according to the collected identity provider set and the anonymous revoker public key information, in combination with the public information of the account holder and the commitment value.
Step S20: and verifying the pre-account structure by using cryptography and zero-knowledge proof through an identity provider, and receiving the account structure fed back by the identity provider when the verification is successful.
It should be noted that cryptography and zero-knowledge proof are different authentication means, wherein zero-knowledge proof is a special cryptographic authentication. A zero knowledge proof means that the prover can convince the verifier that some argument is correct without providing the verifier with any useful information. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.
It should be understood that the account structure refers to a structure that the identity provider generates after verifying the pre-account structure and confirming that the information within the domain account structure is error free. The account structure includes signature authentication of information in the pre-account structure by the identity provider without error in verification.
In particular implementations, after generating the pre-account structure, it may be determined by the identity provider whether the set of identity providers is a self-issued set using cryptographic authentication of the set of identity providers within the domain account structure and whether information in the set of identity providers is modified. The identity provider can also authenticate the commitment value in the pre-account structure through zero-knowledge proof, when the identity provider set and the commitment value pass verification, the identity provider performs signature authentication on the identity provider set and the commitment value, and then the account structure is fed back according to the signed identity provider set and the commitment value.
Step S30: and acquiring signature authentication in the account structure, and generating identity information according to the signature authentication.
It should be noted that the identity information is information that needs to be verified in the blockchain network during the storage process. When the identity information is normal, namely the identity information passes the authentication of an identity provider, a privacy account corresponding to the identity information can be stored in the blockchain network; when the identity information is abnormal, namely the identity information is not verified by the identity provider, the identity information may have an abnormality, and the privacy account of the identity information cannot be stored through the blockchain network. It is therefore necessary to add a signature authentication to the identity information in the identity information generation process.
In a specific implementation, when the account structure is obtained, the signature authentication in the account structure may be obtained in an extraction manner. The signature authentication includes identity provider set signature authentication and commitment value signature authentication. Identity information is then generated based on the signature authentication and partial attribute information of the account holder.
Step S40: and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified.
It should be noted that the block-size network can also be authenticated through cryptography authentication and zero-knowledge proof authentication during the authentication process of the identity information. And obtaining whether the identity information is signed by the identity provider or not through cryptography verification and zero-knowledge proof verification. A privacy account is an account generated by an account holder from a signature authentication. The blockchain network does not know the specific identity of the account holder of the privacy account during the storage of the privacy account. The identity provider does not know the user identity corresponding to the privacy account, and the identity provider only knows that the privacy account is generated by the issuing certification issued by the identity provider.
In specific implementation, the generated identity information may be sent to a blockchain network, the blockchain network verifies the identity information through cryptography verification and zero-knowledge proof verification when receiving the identity information, and the blockchain network may store a privacy account of the identity information when the verification passes.
In the embodiment, a block chain privacy identity protection method is provided, which creates a pre-account structure for an account holder according to an identity provider information set and anonymous revoker public key information; verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof, and receiving an account structure fed back by the identity provider when the verification is successful; acquiring signature authentication in the account structure, and generating identity information according to the signature authentication; and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified. In the embodiment, identity information is generated through signature authentication in the account structure fed back after cryptography and zero-knowledge proof verification are carried out on the pre-account structure, the identity information is sent to the block chain network, and the privacy account is stored when the block chain network is successfully verified, so that the secret storage of the user privacy account is realized.
Referring to fig. 3, fig. 3 is a flowchart illustrating a block chain privacy identity protection method according to a first embodiment of the present invention. A second embodiment of the distributed vehicle management method of the present invention is presented based on the first embodiment of the distributed identity management method described above.
In this embodiment, the step S20 includes:
step S201: cryptographically verifying, by an identity provider, a set of identity provider information in the account structure;
it should be noted that the identity provider information set is an information set provided by an identity provider. The identity provider may encrypt the identity provider information set when providing the identity provider information set to the account holder. Upon performing the verification process on the pre-account structure, the identity provider information set may be decrypted to determine whether the identity provider information set is a self-provided information set and whether the information set is modified.
In particular implementations, the identity provider may cryptographically decrypt the set of identity provider information in the pre-account structure. When the information can be decrypted normally, the identity provider information set is indicated to be the information set provided by the identity provider; after normal decryption is completed, the information set obtained after decryption can be compared with the information set provided by the identity provider in advance to determine whether the information set is modified. When the verification passes, the identity provider information set can be subjected to signature authentication.
Step S202: verifying the commitment value of the account holder by using zero-knowledge proof, and receiving the account structure fed back by the identity provider when the verification is passed.
It should be noted that the identity provider can also verify the commitment value of the account holder in the pre-account structure through zero-knowledge proof. And performing signature authentication on the commitment value when the commitment value is determined to have the corresponding attribute.
It should be understood that after the identity provider information set and the commitment value are both signed and authenticated, the identity provider may generate an account structure according to the signed and authenticated identity provider information set and the commitment value, and feed back the account structure. The account structure may be received by the account holder's control device at this point.
Step S203: obtaining public information in the pre-account structure through the identity provider, and determining the number of private accounts of the account holder according to the public information;
the public information is information for confirming the identity of the account holder. The more public information an account holder adds in the pre-account structure, the more trustworthiness the identity provider can prove to the account holder. The number of privacy accounts refers to the number of privacy accounts that an account holder can generate from signature authentication. The number of private accounts is related to public information in the pre-account structure. The more the public information is, the greater the number of private accounts is. For example, when a loan is made to a bank, the loan owner needs to inquire about credit investigation, and when the credit investigation of the loan owner is good, the loan owner can make a large amount of loans; when the credit investigation of the borrower is poor, the loan number of the borrower is very small, and even the loan cannot be made.
In a specific implementation, the split-level provider may obtain public information input by the account holder in the pre-account structure, determine the information disclosure degree of the account holder according to the public information, and then determine the number of private accounts that the account holder may register according to the information disclosure city.
Step S204: and generating a privacy account according to the signature authentication within the range of the number of the privacy accounts.
It will be appreciated that in the privacy account generation process, generation needs to be performed within a range of the number of privacy accounts. In case the identity provider provides 8 privacy accounts for the account holder, it needs to be determined at the time of privacy account generation whether the privacy account to be currently generated is within the range of 8 privacy accounts. When more than 8 privacy accounts to be generated currently exist, the generation process of the privacy accounts is terminated, and the privacy accounts cannot be stored on the blockchain network even if the privacy accounts are normally generated.
In a specific implementation, the control device may first confirm that the number of privacy accounts has been generated. Generating a privacy account according to the signature authentication in the account structure when confirming that a generatable privacy account exists, i.e. within the range of the number of privacy accounts.
Step S205: and sending the privacy account to the blockchain network so that the blockchain network stores the privacy account when the verification of the privacy account is successful.
It should be appreciated that after the account is generated accordingly, the blockchain network may verify the signature authentication and commitment value in the privacy account, which is stored when the verification passes.
Wherein the step S205 specifically includes: s205': and sending the privacy account to the blockchain network so that the blockchain network verifies the commitment value through zero knowledge proof, verifies the number of the privacy accounts through bulletproof proof, and stores the privacy accounts when verification is successful.
It should be noted that the proof of ballistic protection is a short non-interactive zero-knowledge proof, which can increase the speed of proof and verify the data to be proved with very small bytes. In this embodiment, the ballistic proof is used to authenticate the number of privacy accounts to determine whether the number of privacy accounts of the account holder on the blockchain network is within the range of the number of privacy accounts issued by the identity provider.
In a specific verification process, the block chain network firstly carries out signature verification, then verifies the commitment value of the privacy account through zero knowledge certification, verifies the number of the privacy accounts in the privacy account through bulletproof certification, and when the commitment value and the number of the privacy accounts are verified, the block quantity network can store the privacy accounts and data in the privacy accounts.
In this embodiment, the commitment value is verified through the zero-knowledge proof, and the identity information is generated by using signature authentication after verification of the commitment value, when the blockchain network is authenticated, the signature can be verified through cryptography, then the commitment value is verified through the zero-knowledge, and the privacy account is stored under the condition that the blockchain does not know the specific identity of the account holder, so that the privacy account is protected more safely.
Referring to fig. 4, fig. 4 is a flowchart illustrating a block chain privacy identity protection method according to a third embodiment of the present invention. A third embodiment of the distributed vehicle management method of the present invention is presented based on the first embodiment of the distributed identity management method described above.
In this embodiment, the step S40 includes:
step S301: obtaining a signature authentication in the account structure and an initial commitment value of the account holder;
it should be appreciated that in the privacy account generation process, the need determines the commitment value of the account holder, which is the initial commitment value that may be used to generate the privacy account. In the absence of signature authentication, a privacy account may be generated from the initial commitment value, but the privacy account cannot be authenticated by the blockchain network. When a signature authentication is included in the privacy account generated according to the initial commitment value, the privacy account can pass the verification of the block chain network and be stored on the block chain network.
Step S302: and generating a privacy account according to the signature authentication and the initial commitment value.
It should be appreciated that upon obtaining the signature certificate and the initial network commitment value, the privacy account may be generated using the identity provider information set certificate and the commitment value certificate within the signature certificate in combination with the initial commitment value. Wherein the privacy account further comprises privacy data to be stored.
In this embodiment, after step S40, the method further includes:
step S401: when a privacy account is revoked, obtaining the revocation proportion of an anonymous revoker;
it should be understood that the blockchain network in this embodiment does not know the specific identity of each account. There may be impermissible operations performed by some account holders through the privacy account, such as publishing unhealthy information, propagating idle language fragments, etc. At this time, the privacy account violating the rule may be published or revoked by an anonymous revoker.
It should be noted that, in this embodiment, there may be a plurality of anonymous revokers, and whether to revoke the privacy account is determined by the revocation gravity of the account that the plurality of anonymous revokers agree to revoke the account. Because the public key information of the anonymous revoker exists in the privacy account, the anonymous revoker can directly revoke the illegal privacy account through the private key, and the anonymous revoker who revokes the privacy account by using the private key is used as the anonymous revoker for determining to revoke the privacy account. The revocation weight is the ratio of the anonymous revoker data that agrees to revoke the privacy account to the total number of anonymous revokes in the system. For example, N anonymous revokers are included in the system, where T anonymous revokers unlock the privacy account through a private key, and the revocation weight is T/N.
Step S402: when the revocation specific gravity is larger than a first preset specific gravity, obtaining private key information of an anonymous revoker;
it should be noted that the first preset specific gravity is a threshold value of the revocation specific gravity, and when the revocation specific gravity is greater than the first preset specific gravity, it may be determined that there is an illegal operation on the privacy account, and the privacy account needs to be revoked. When the revocation specific gravity is smaller than the first preset specific gravity, the privacy account does not need to be revoked.
In a specific implementation, the revocation weight may be compared with a first preset weight, a revocation procedure is started when the revocation weight is greater than the first preset weight, and the obtaining of the private key information of the anonymous revoker is started.
Step S403: determining a private account to be revoked according to the private key information;
it should be understood that when the private key information of the anonymous revoker is obtained, the private account to be revoked may be obtained according to the private key information, so as to determine that the private account to be revoked is a private account with an illegal operation.
Step S404: and verifying the private account to be revoked through the identity provider, and revoking the private account to be revoked when the verification is passed.
It should be noted that, after the to-be-revoked privacy account is determined, the to-be-revoked privacy account may be sent to the identity provider for verification, so as to determine whether the to-be-revoked privacy account is a privacy account generated by the issuance certification of the identity provider, thereby avoiding false revocation. In addition, the verification process may determine an account holder of the privacy account, and revoke the account holder's to-be-revoked privacy account. The identity provider is also unaware of the specific identity of the user when a privacy account is revoked.
In a specific implementation, the to-be-revoked privacy account may be sent to an identity provider, the identity provider verifies signature authentication of the to-be-revoked privacy account, and when the verification passes, the illegal to-be-revoked account is revoked.
Step S405: when the revocation proportion is greater than a second preset proportion, determining the initial commitment value according to the private key information;
after revocation of one privacy account, revocation confirmation may be performed on other privacy accounts of the account holder. For example, an account holder includes 8 privacy accounts, and after a very bad violation occurs in one of the privacy accounts, other privacy accounts of the account holder may be revoked. Of course, it may also be determined whether other privacy accounts need to be revoked according to whether the revocation weights of the other privacy accounts are greater than the first preset weight. Wherein the second predetermined weight is used to determine whether another privacy account of the account holder needs to be revoked.
In a specific implementation, when it is determined that the revocation gravity of the revoked privacy account is greater than the second preset gravity, the initial commitment value of the account holder may be analyzed according to the private key information, so as to determine all privacy accounts of the account holder.
Step S406: and generating each privacy account of the account holder according to the initial commitment value, and revoking each privacy account.
It should be noted that, when the previous privacy account is revoked, the issuance authentication provided by the identity provider for the account holder may be obtained. When the initial commitment value of the account holder is obtained and analyzed through the private key, all the privacy accounts of the account holder can be generated directly according to any issuing and corresponding initial commitment value, and all the privacy accounts of the account holder can be revoked directly.
In this embodiment, the operation mechanism is connected to the blockchain network, and the blockchain network verifies the verifiable statement to be stored and stores the verifiable statement, where only the data of the leaf node of the verifiable statement is updated, and the verifiable statement is more accurately stored in the case of updating the verifiable statement with a smaller data volume.
In the embodiment, the revocation proportion of the anonymous revoker in the privacy account is collected, whether the privacy account needs to be revoked is determined through the revocation proportion, and when the revocation proportion of the anonymous revoker is greater than a first preset proportion, the privacy account is revoked, so that the account holder is prevented from executing illegal operation by using the privacy account under the condition that the identity of the account holder of the privacy account is safely protected.
In addition, an embodiment of the present invention further provides a storage medium, where a block chain privacy identity protection program is stored on the storage medium, and when executed by a processor, the block chain privacy identity protection program implements the steps of the block chain privacy identity protection method described above.
In addition, referring to fig. 5, an embodiment of the present invention further provides a blockchain privacy identity protection apparatus, where the blockchain privacy identity protection apparatus includes:
the structure creating module 10 is used for creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
the structure verification module 20 is used for verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof, and receiving an account structure fed back by the identity provider when the verification is successful;
the information generating module 30 is configured to obtain a signature authentication in the account structure, and generate identity information according to the signature authentication;
and the information storage module 40 is configured to send the identity information to the blockchain network, so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified.
The invention provides a block chain privacy identity protection device, which creates a pre-account structure for an account holder through a structure creation module 10 according to an identity provider information set and anonymous revoker public key information; the structure verification module verifies the pre-account structure through an identity provider by using cryptography and zero-knowledge proof, and receives an account structure fed back by the identity provider when verification is successful; the information generating module 30 generates the signature authentication in the account structure, and generates the identity information according to the signature authentication; and the information storage module 40 is configured to send the identity information to the blockchain network, so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified. According to the method and the device, identity information is generated through signature authentication in the account structure fed back after cryptography and zero-knowledge proof verification are carried out on the pre-account structure, the identity information is sent to the block chain network, and the privacy account is stored when the block chain network is successfully verified, so that the secret storage of the user privacy account is realized.
In one embodiment, the structure verification module 20 is further configured to verify the identity provider information set in the account structure by an identity provider using cryptography; verifying the commitment value of the account holder by using zero-knowledge proof, and receiving the account structure fed back by the identity provider when the verification is passed.
In an embodiment, the structure verification module 20 is further configured to obtain public information in the pre-account structure through the identity provider, and determine the number of private accounts of the account holder according to the public information; the information generating module 30 is further configured to generate a privacy account according to the signature authentication within the range of the number of the privacy accounts; the information storage module 40 is further configured to send the privacy account to the blockchain network, so that the blockchain network stores the privacy account when the verification of the privacy account is successful.
In an embodiment, the information storage module 40 is further configured to send the privacy account to the blockchain network, so that the blockchain network verifies the commitment value through zero-knowledge proof, verifies the number of the privacy accounts through bulletproof proof, and stores the privacy account when verification is successful.
In an embodiment, the information generating module 30 is further configured to obtain a signature verification in the account structure and an initial commitment value of the account holder; and generating a privacy account according to the signature authentication and the initial commitment value.
In an embodiment, the block chain privacy identity protection device further includes: a revocation module;
the revocation module is used for acquiring the revocation proportion of an anonymous revoker when the privacy account is revoked; when the revocation specific gravity is larger than a first preset specific gravity, obtaining private key information of an anonymous revoker; determining a private account to be revoked according to the private key information; and verifying the private account to be revoked through the identity provider, and revoking the private account to be revoked when the verification is passed.
In an embodiment, the revocation module is further configured to determine the initial commitment value according to the private key information when the revocation weight is greater than a second preset weight; and generating each privacy account of the account holder according to the initial commitment value, and revoking each privacy account.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, technical details that are not described in detail in this embodiment may be referred to the ultrasonic sensing system and the control method provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A block chain privacy identity protection method is characterized by comprising the following steps:
creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof, and receiving an account structure fed back by the identity provider when the verification is successful;
acquiring signature authentication in the account structure, and generating identity information according to the signature authentication;
and sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified.
2. The blockchain privacy identity protection method of claim 1, wherein the step of verifying the pre-account structure by an identity provider using cryptography and zero-knowledge proof and receiving the account structure fed back by the identity provider when the verification is successful comprises:
cryptographically verifying, by an identity provider, a set of identity provider information in the account structure;
verifying the commitment value of the account holder by using zero-knowledge proof, and receiving the account structure fed back by the identity provider when the verification is passed.
3. The blockchain privacy identity protection method of claim 2, wherein the step of verifying the commitment value of the account holder with the zero knowledge proof after receiving the account structure feedback of the identity provider when the verification is passed further comprises:
obtaining public information in the pre-account structure through the identity provider, and determining the number of private accounts of the account holder according to the public information;
generating a privacy account according to the signature authentication within the range of the number of the privacy accounts;
and sending the privacy account to the blockchain network so that the blockchain network stores the privacy account when the verification of the privacy account is successful.
4. The blockchain privacy identity protection method of claim 3, wherein the step of sending the privacy account to the blockchain network such that the blockchain network stores the privacy account when the verification of the privacy account is successful comprises:
and sending the privacy account to the blockchain network so that the blockchain network verifies the commitment value through zero knowledge proof, verifies the number of the privacy accounts through bulletproof proof, and stores the privacy accounts when verification is successful.
5. The blockchain privacy identity protection method of claim 1, wherein before the step of sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified, the method further comprises:
obtaining a signature authentication in the account structure and an initial commitment value of the account holder;
and generating a privacy account according to the signature authentication and the initial commitment value.
6. The blockchain privacy identity protection method of claim 5, wherein after the step of sending the identity information to the blockchain network so that the blockchain network stores the privacy account corresponding to the identity information when the identity information is successfully verified, the method further comprises:
when a privacy account is revoked, obtaining the revocation proportion of an anonymous revoker;
when the revocation specific gravity is larger than a first preset specific gravity, obtaining private key information of an anonymous revoker;
determining a private account to be revoked according to the private key information;
and verifying the private account to be revoked through the identity provider, and revoking the private account to be revoked when the verification is passed.
7. The method for blockchain privacy identity protection according to claim 6, wherein the step of determining, by the identity provider, the corresponding account structure to be revoked according to the identity information and revoking the account structure to be revoked further includes;
when the revocation proportion is greater than a second preset proportion, determining the initial commitment value according to the private key information;
and generating each privacy account of the account holder according to the initial commitment value, and revoking each privacy account.
8. A blockchain privacy identity protection device, the blockchain privacy identity protection device comprising:
the structure creating module is used for creating a pre-account structure for the account holder according to the identity provider information set and the public key information of the anonymous revoker;
the structure verification module is used for verifying the pre-account structure by an identity provider by using cryptography and zero-knowledge proof and receiving an account structure fed back by the identity provider when the verification is successful;
the information generation module is used for acquiring the signature authentication in the account structure and generating identity information according to the signature authentication;
and the information storage module is used for sending the identity information to the blockchain network so as to enable the blockchain network to store the privacy account corresponding to the identity information when the identity information is successfully verified.
9. A storage medium having stored thereon a blockchain privacy identity protection program that, when executed by a processor, implements the steps of the blockchain privacy identity protection method of any one of claims 1 to 7.
10. A blockchain privacy identity protection system, the blockchain privacy identity protection system comprising: memory, a processor and a blockchain privacy identity protection program stored on the memory and executable on the processor, the blockchain privacy identity protection program when executed by the processor implementing the steps of the method of partition blockchain privacy identity protection according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111680787.7A CN114329610A (en) | 2021-12-29 | 2021-12-29 | Block chain privacy identity protection method, device, storage medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111680787.7A CN114329610A (en) | 2021-12-29 | 2021-12-29 | Block chain privacy identity protection method, device, storage medium and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329610A true CN114329610A (en) | 2022-04-12 |
Family
ID=81023822
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111680787.7A Pending CN114329610A (en) | 2021-12-29 | 2021-12-29 | Block chain privacy identity protection method, device, storage medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329610A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117176361A (en) * | 2023-09-26 | 2023-12-05 | 云南财经大学 | Block chain digital identity authentication control system and method |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106920080A (en) * | 2017-02-15 | 2017-07-04 | 捷德(中国)信息科技有限公司 | The account management method and system of digital cash |
| CN109005186A (en) * | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| CN109862046A (en) * | 2019-04-10 | 2019-06-07 | 南京大学 | Anonymous methods can be traced in a kind of alliance's chain |
| US20200013055A1 (en) * | 2018-07-09 | 2020-01-09 | Environmental Financial Products, LLC | Systems and Methods for Blockchain Based Identity Verification and Transaction Processing |
| US20200106767A1 (en) * | 2018-10-02 | 2020-04-02 | International Business Machines Corporation | Trusted account revocation in federated identity management |
| CN111428249A (en) * | 2020-01-20 | 2020-07-17 | 中国科学院信息工程研究所 | Anonymous registration method and system for protecting user privacy based on block chain |
| CN111797427A (en) * | 2020-06-04 | 2020-10-20 | 中国科学院信息工程研究所 | Block chain user identity supervision method and system considering privacy protection |
| CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
| US10868672B1 (en) * | 2015-06-05 | 2020-12-15 | Apple Inc. | Establishing and verifying identity using biometrics while protecting user privacy |
| US20210160223A1 (en) * | 2019-11-25 | 2021-05-27 | Electronics And Telecommunications Research Institute | Anonymous credential authentication system and method thereof |
| CN112929177A (en) * | 2020-12-29 | 2021-06-08 | 合肥达朴汇联科技有限公司 | Block chain anonymous user auditing method and system applied to block chain server |
| CN112989415A (en) * | 2021-03-23 | 2021-06-18 | 广东工业大学 | Private data storage and access control method and system based on block chain |
| CN113128999A (en) * | 2019-12-31 | 2021-07-16 | 航天信息股份有限公司 | Block chain privacy protection method and device |
| CN113225324A (en) * | 2021-04-26 | 2021-08-06 | 安徽中科晶格技术有限公司 | Block chain anonymous account creation method, system, device and storage medium |
| CN113691361A (en) * | 2021-08-25 | 2021-11-23 | 上海万向区块链股份公司 | Alliance chain privacy protection method and system based on homomorphic encryption and zero knowledge proof |
-
2021
- 2021-12-29 CN CN202111680787.7A patent/CN114329610A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10868672B1 (en) * | 2015-06-05 | 2020-12-15 | Apple Inc. | Establishing and verifying identity using biometrics while protecting user privacy |
| CN106920080A (en) * | 2017-02-15 | 2017-07-04 | 捷德(中国)信息科技有限公司 | The account management method and system of digital cash |
| US20200013055A1 (en) * | 2018-07-09 | 2020-01-09 | Environmental Financial Products, LLC | Systems and Methods for Blockchain Based Identity Verification and Transaction Processing |
| CN109005186A (en) * | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| US20200106767A1 (en) * | 2018-10-02 | 2020-04-02 | International Business Machines Corporation | Trusted account revocation in federated identity management |
| CN109862046A (en) * | 2019-04-10 | 2019-06-07 | 南京大学 | Anonymous methods can be traced in a kind of alliance's chain |
| US20210160223A1 (en) * | 2019-11-25 | 2021-05-27 | Electronics And Telecommunications Research Institute | Anonymous credential authentication system and method thereof |
| CN113128999A (en) * | 2019-12-31 | 2021-07-16 | 航天信息股份有限公司 | Block chain privacy protection method and device |
| CN111428249A (en) * | 2020-01-20 | 2020-07-17 | 中国科学院信息工程研究所 | Anonymous registration method and system for protecting user privacy based on block chain |
| CN111797427A (en) * | 2020-06-04 | 2020-10-20 | 中国科学院信息工程研究所 | Block chain user identity supervision method and system considering privacy protection |
| CN111901359A (en) * | 2020-08-07 | 2020-11-06 | 广州运通链达金服科技有限公司 | Resource account authorization method, device, system, computer equipment and medium |
| CN112929177A (en) * | 2020-12-29 | 2021-06-08 | 合肥达朴汇联科技有限公司 | Block chain anonymous user auditing method and system applied to block chain server |
| CN112989415A (en) * | 2021-03-23 | 2021-06-18 | 广东工业大学 | Private data storage and access control method and system based on block chain |
| CN113225324A (en) * | 2021-04-26 | 2021-08-06 | 安徽中科晶格技术有限公司 | Block chain anonymous account creation method, system, device and storage medium |
| CN113691361A (en) * | 2021-08-25 | 2021-11-23 | 上海万向区块链股份公司 | Alliance chain privacy protection method and system based on homomorphic encryption and zero knowledge proof |
Non-Patent Citations (3)
| Title |
|---|
| 周章雄;毛明;陈少晖;: "一种电子商务的可撤销匿名实现方案", 计算机安全, no. 08, 15 August 2009 (2009-08-15) * |
| 李佩丽;徐海霞;马添军;穆永恒;: "区块链技术在网络互助中的应用及用户隐私保护", 信息网络安全, no. 09, 10 September 2018 (2018-09-10) * |
| 董贵山;陈宇翔;范佳;郝尧;李枫;: "区块链应用中的隐私保护策略研究", 计算机科学, no. 05, 15 May 2019 (2019-05-15) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117176361A (en) * | 2023-09-26 | 2023-12-05 | 云南财经大学 | Block chain digital identity authentication control system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107196966B (en) | Identity authentication method and system based on block chain multi-party trust | |
| CN108777684B (en) | Identity authentication method, system and computer readable storage medium | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| US9350555B2 (en) | Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer | |
| KR100962399B1 (en) | Method for providing anonymous public key infrastructure and method for providing service using the same | |
| CN106452772B (en) | Terminal authentication method and device | |
| US8631486B1 (en) | Adaptive identity classification | |
| WO2008026086A2 (en) | Attestation of computing platforms | |
| CN109981287B (en) | Code signing method and storage medium thereof | |
| KR102227578B1 (en) | Method for serving certificate based on zero knowledge proof by using blockchain network, and server and terminal for using them | |
| CN113221089A (en) | Privacy protection attribute authentication system and method based on verifiable statement | |
| CN105187405A (en) | Reputation-based cloud computing identity management method | |
| CN111105235A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment | |
| Guirat et al. | Formal verification of the W3C web authentication protocol | |
| US20170054561A1 (en) | Double authenitication system for electronically signed documents | |
| CN115134090A (en) | Identity authentication method and device based on privacy protection, computer equipment and medium | |
| CN114519206A (en) | Method for anonymously signing electronic contract and signature system | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN114329610A (en) | Block chain privacy identity protection method, device, storage medium and system | |
| CN113271207A (en) | Escrow key using method and system based on mobile electronic signature, computer equipment and storage medium | |
| CN110868415B (en) | Remote identity verification method and device | |
| Tiwari et al. | Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using Kerberos | |
| KR102056612B1 (en) | Method for Generating Temporary Anonymous Certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |