CN114793228A - Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof - Google Patents

Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof Download PDF

Info

Publication number
CN114793228A
CN114793228A CN202210318796.XA CN202210318796A CN114793228A CN 114793228 A CN114793228 A CN 114793228A CN 202210318796 A CN202210318796 A CN 202210318796A CN 114793228 A CN114793228 A CN 114793228A
Authority
CN
China
Prior art keywords
value
zero
knowledge proof
calculation
merchant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210318796.XA
Other languages
Chinese (zh)
Inventor
杜超
孙宗臣
杜满想
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Wanxiang Blockchain Inc
Original Assignee
Shanghai Wanxiang Blockchain Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Wanxiang Blockchain Inc filed Critical Shanghai Wanxiang Blockchain Inc
Priority to CN202210318796.XA priority Critical patent/CN114793228A/en
Publication of CN114793228A publication Critical patent/CN114793228A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data source screening method and a system for preventing a merchant from doing malice based on zero knowledge proof, which comprises the following steps: step 1: generating a random value on a privacy computing platform, and sending the random value to a merchant server in an HTTPS mode; step 2: in a merchant server, generating a corresponding calculation result value and a zero knowledge proof according to the random value; and 3, step 3: sending the calculation result value, the zero knowledge proof and the process data to a privacy calculation platform; and 4, step 4: and verifying the calculation result value and the zero knowledge proof in the privacy calculation platform, and if the verification result does not meet the preset requirement, performing corresponding punishment on the merchant. Through the verification of the invention, the platform can verify the merchants performing the privacy calculation according to the public keys provided by the merchants, so as to improve the fraud cost of the merchants, improve the management capability of the platform and the quality of data provided by the merchants, and ensure that each merchant is truer and more credible in the aspect of privacy data calculation.

Description

基于零知识证明防止商户作恶的数据源筛选方法和系统Data source screening method and system for preventing merchants from doing evil based on zero-knowledge proof

技术领域technical field

本发明涉及数据源筛选技术领域,具体地,涉及一种基于零知识证明防止商户作恶的数据源筛选方法和系统。The invention relates to the technical field of data source screening, in particular to a data source screening method and system for preventing merchants from doing evil based on zero-knowledge proof.

背景技术Background technique

sacre是属于隐私计算平台,其提供在各商户数据不出本地的前提下,双方或多方在安全可信的环境下进行隐私数据交互计算。平台会对商户之间的计算进行积分激励,积分可提高商户在平台的搜索优先权,可占据平台较好的资源。sacre is a private computing platform, which provides two or more parties to conduct private data interactive computing in a safe and credible environment on the premise that the data of each merchant is not local. The platform will incentivize the calculation between merchants with points. Points can improve the search priority of merchants on the platform and can occupy better resources on the platform.

有些商户会对平台进行伪装计算,在无效计算的前提下获取平台的积分奖励,以提高自身排名。Some merchants will perform disguised calculations on the platform, and obtain the platform's point rewards under the premise of invalid calculations to improve their rankings.

专利文献CN114172655A(申请号:CN202111310563.7)公开了一种安全多方计算数据系统、方法、设备及数据处理终端,所述安全多方计算数据方法包括:构建采集规范、广播验证的数据模型;提出数据池,用于验证、存储广播的数据模型;提出将数据池内数据转换成适应安全多方计算的硬件适配器;提出建立在区块链上的新型评价、激励机制。然而该专利无法有效遏制商户自己进行MPC隐私计算来获取平台积分的情况。Patent document CN114172655A (application number: CN202111310563.7) discloses a secure multi-party computing data system, method, equipment and data processing terminal. The secure multi-party computing data method includes: constructing a data model for collection specification and broadcast verification; The pool is used to verify and store the data model of broadcast; it is proposed to convert the data in the data pool into a hardware adapter suitable for secure multi-party computing; a new evaluation and incentive mechanism based on the blockchain is proposed. However, this patent cannot effectively prevent merchants from conducting MPC privacy calculations to obtain platform points.

发明内容SUMMARY OF THE INVENTION

针对现有技术中的缺陷,本发明的目的是提供一种基于零知识证明防止商户作恶的数据源筛选方法和系统。In view of the defects in the prior art, the purpose of the present invention is to provide a data source screening method and system for preventing merchants from doing evil based on zero-knowledge proof.

根据本发明提供的基于零知识证明防止商户作恶的数据源筛选方法,包括:According to the data source screening method for preventing merchants from doing evil based on zero-knowledge proof provided by the present invention, the method includes:

步骤1:在隐私计算平台生成一个随机值,并以HTTPS方式发送到商户服务器;Step 1: Generate a random value on the privacy computing platform and send it to the merchant server by HTTPS;

步骤2:在商户服务器中,根据随机值生成相应计算结果值和零知识证明;Step 2: In the merchant server, generate the corresponding calculation result value and zero-knowledge proof according to the random value;

步骤3:将计算结果值、零知识证明和过程数据发送给隐私计算平台;Step 3: Send the calculation result value, zero-knowledge proof and process data to the privacy computing platform;

步骤4:在隐私计算平台中,对计算结果值和零知识证明进行验证,若验证结果不符合预设要求,则对商户进行相应处罚。Step 4: In the privacy computing platform, the calculation result value and the zero-knowledge proof are verified. If the verification result does not meet the preset requirements, the merchant will be punished accordingly.

优选的,通过keccak256哈希算法将随机值压缩成64位16进制的数,且哈希碰撞的概率为0。Preferably, the random value is compressed into a 64-bit hexadecimal number by the keccak256 hash algorithm, and the probability of hash collision is 0.

优选的,计算结果值的生成包括:Preferably, the generation of the calculation result value includes:

将随机值n1和自身公钥pk作为数据输入,对数据输入使用哈希函数keccak256k1算法获取哈希值:Hash=keccak256k1(n1,pk),用递归法对所得数据进行计算,直到输出小于椭圆曲线算法secp256pk1中的p值,并且是曲线上的某一点g1=(x,y);Take the random value n 1 and its own public key pk as the data input, use the hash function keccak256k1 algorithm to obtain the hash value for the data input: Hash=keccak256k1(n 1 , pk), use the recursive method to calculate the obtained data until the output is less than The p-value in the elliptic curve algorithm secp256pk1 and is a point on the curve g 1 =(x, y);

将g1点与私钥sk进行曲线运算,得到Y值,表达式为:Perform the curve operation on the g 1 point and the private key sk to obtain the Y value, the expression is:

Y=g1 sk Y=g 1 sk

对Y值使用keccak256k1算法获取哈希值,作为计算结果值。Use the keccak256k1 algorithm to obtain the hash value for the Y value as the calculation result value.

优选的,零知识证明的计算包括:Preferably, the calculation of the zero-knowledge proof includes:

生成随机数:n2=nounce,n2∈zq,zq表示有理数集合;Generate random numbers: n 2 =nounce, n 2 ∈ z q , z q represents a set of rational numbers;

根据secp256pk1算法中的已确定且公开已知参数g算出u,表达式为:Calculate u according to the determined and publicly known parameter g in the secp256pk1 algorithm, and the expression is:

u=gn2 u=g n2

根据g1点和随机值n2来计算v,表达式为:Calculate v based on g 1 point and random value n 2 , the expression is:

Figure BDA0003570692260000021
Figure BDA0003570692260000021

计算零知识证明proof,表达式为:Calculate the zero-knowledge proof proof, the expression is:

c=Hash(g1,pk,Y,u,v)mod pc=Hash(g 1 ,pk,Y,u,v)mod p

proof=n2-c*skproof=n 2 -c*sk

其中:mod表示取模;Y、p、u、v、c为计算的中间值。Among them: mod represents the modulo; Y, p, u, v, c are the intermediate values of the calculation.

优选的,先对商户的公钥pk和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点,然后数学验证c、pk、proof、g点计算结果是否与u值是否一致,推导过程为:Preferably, first verify the merchant's public key pk and point Y, check whether pk and Y are points on the secp256k1 curve, and then mathematically verify whether the calculation results of points c, pk, proof, and g are consistent with the value of u, and the derivation process for:

Figure BDA0003570692260000022
Figure BDA0003570692260000022

若验证通过,则表明是商户正在进行有效MPC隐私计算。If the verification is passed, it means that the merchant is performing effective MPC privacy calculation.

根据本发明提供的基于零知识证明防止商户作恶的数据源筛选系统,包括:According to the data source screening system for preventing merchants from doing evil based on zero-knowledge proof provided by the present invention, the system includes:

模块M1:在隐私计算平台生成一个随机值,并以HTTPS方式发送到商户服务器;Module M1: Generate a random value on the privacy computing platform and send it to the merchant server by HTTPS;

模块M2:在商户服务器中,根据随机值生成相应计算结果值和零知识证明;Module M2: In the merchant server, generate the corresponding calculation result value and zero-knowledge proof according to the random value;

模块M3:将计算结果值、零知识证明和过程数据发送给隐私计算平台;Module M3: Send the calculation result value, zero-knowledge proof and process data to the privacy computing platform;

模块M4:在隐私计算平台中,对计算结果值和零知识证明进行验证,若验证结果不符合预设要求,则对商户进行相应处罚。Module M4: In the privacy computing platform, the calculation result value and the zero-knowledge proof are verified. If the verification result does not meet the preset requirements, the merchant will be punished accordingly.

优选的,通过keccak256哈希算法将随机值压缩成64位16进制的数,且哈希碰撞的概率为0。Preferably, the random value is compressed into a 64-bit hexadecimal number by the keccak256 hash algorithm, and the probability of hash collision is 0.

优选的,计算结果值的生成包括:Preferably, the generation of the calculation result value includes:

将随机值n1和自身公钥pk作为数据输入,对数据输入使用哈希函数keccak256k1算法获取哈希值:Hash=keccak256k1(n1,pk),用递归法对所得数据进行计算,直到输出小于椭圆曲线算法secp256pk1中的p值,并且是曲线上的某一点g1=(x,y);Take the random value n 1 and its own public key pk as data input, use the hash function keccak256k1 algorithm to obtain the hash value for the data input: Hash=keccak256k1(n 1 , pk), use the recursive method to calculate the obtained data until the output is less than The p-value in the elliptic curve algorithm secp256pk1 and is a point on the curve g 1 =(x, y);

将g1点与私钥sk进行曲线运算,得到Y值,表达式为:Perform the curve operation on the g 1 point and the private key sk to obtain the Y value, the expression is:

Y=g1 sk Y=g 1 sk

对Y值使用keccak256k1算法获取哈希值,作为计算结果值。Use the keccak256k1 algorithm to obtain the hash value for the Y value as the calculation result value.

优选的,零知识证明的计算包括:Preferably, the calculation of the zero-knowledge proof includes:

生成随机数:n2=nounce,n2∈zq,zq表示有理数集合;Generate random numbers: n 2 =nounce, n 2 ∈ z q , z q represents a set of rational numbers;

根据secp256pk1算法中的已确定且公开已知参数g算出u,表达式为:Calculate u according to the determined and publicly known parameter g in the secp256pk1 algorithm, and the expression is:

u=gn2 u=g n2

根据g1点和随机值n2来计算v,表达式为:Calculate v based on g 1 point and random value n 2 , the expression is:

Figure BDA0003570692260000031
Figure BDA0003570692260000031

计算零知识证明proof,表达式为:Calculate the zero-knowledge proof proof, the expression is:

c=Hash(g1,pk,Y,u,v)mod pc=Hash(g 1 ,pk,Y,u,v)mod p

proof=n2-c*skproof=n 2 -c*sk

其中:mod表示取模;Y、p、u、v、c为计算的中间值。Among them: mod represents the modulo; Y, p, u, v, c are the intermediate values of the calculation.

优选的,先对商户的公钥pk和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点,然后数学验证c、pk、proof、g点计算结果是否与u值是否一致,推导过程为:Preferably, first verify the merchant's public key pk and point Y, check whether pk and Y are points on the secp256k1 curve, and then mathematically verify whether the calculation results of points c, pk, proof, and g are consistent with the value of u, and the derivation process for:

Figure BDA0003570692260000032
Figure BDA0003570692260000032

若验证通过,则表明是商户正在进行有效MPC隐私计算。If the verification is passed, it means that the merchant is performing effective MPC privacy calculation.

与现有技术相比,本发明具有如下的有益效果:Compared with the prior art, the present invention has the following beneficial effects:

通过本发明的验证,平台可以根据商户所提供的公钥对进行隐私计算的商户进行检验,以提高商户的作恶成本,提高平台的管理能力和商户所提供数据的质量,有效遏制了商户自己进行MPC隐私计算来获取平台积分的情况,使各商户在隐私数据计算方面更真实可信。Through the verification of the present invention, the platform can check the merchants performing privacy calculations according to the public key provided by the merchants, so as to increase the cost of doing evil by the merchants, improve the management ability of the platform and the quality of the data provided by the merchants, and effectively prevent the merchants from conducting their own operations. The MPC privacy calculation to obtain platform points makes the merchants more authentic and credible in the calculation of privacy data.

附图说明Description of drawings

通过阅读参照以下附图对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更明显:Other features, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments with reference to the following drawings:

图1为数据源添加计算流程图。Figure 1 is a flow chart of adding a data source to the calculation.

具体实施方式Detailed ways

下面结合具体实施例对本发明进行详细说明。以下实施例将有助于本领域的技术人员进一步理解本发明,但不以任何形式限制本发明。应当指出的是,对本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变化和改进。这些都属于本发明的保护范围。The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.

实施例:Example:

数据提供商在平台注册后,需要下载pricoco客户端,在客户所在的服务器上运行,在为账号提交一定押金后,在双方或多方进行MPC运算时,pricoco平台会不定时对各方服务器客户端进行状态巡检,检查计算双方是否符合平台规则,如有发现存在有作弊行为,即冻结账号并罚没所提供押金。After the data provider is registered on the platform, it needs to download the pricoco client and run it on the server where the client is located. After submitting a certain deposit for the account, when two or more parties perform MPC operations, the pricoco platform will from time to time. Conduct a status inspection to check whether the calculation parties comply with the platform rules. If cheating is found, the account will be frozen and the deposit provided will be confiscated.

本系统主要由商户注册、押金服务、平台系统验证三个系统构成。This system is mainly composed of three systems: merchant registration, deposit service, and platform system verification.

商户注册:商户在平台注册为MPC计算商户,添加相应的标签及描述来显示所能提供的数据服务,注册时商户须提供其公钥数据信息。Merchant registration: Merchants register as MPC computing merchants on the platform, add corresponding labels and descriptions to display the data services they can provide, and merchants must provide their public key data information during registration.

押金服务:对于注册后的商户如果要提供数据计算,须提供相应的押金,以防止商户提供不可信或假的数据。对于在计算过程中能证明商户提供不可信数据的情况,商户账号即被冻结,押金被扣除,以弥补与之求交计算商户所造成的损失。Deposit service: If a registered merchant wants to provide data calculation, a corresponding deposit must be provided to prevent the merchant from providing untrustworthy or fake data. If it can be proved that the merchant provides untrustworthy data during the calculation process, the merchant account will be frozen, and the deposit will be deducted to make up for the loss caused by the calculation merchant.

平台系统验证:平台会对商户所计算的服务器进行验证,以确保不会提供虚假的计算。Platform system verification: The platform will verify the server calculated by the merchant to ensure that false calculations are not provided.

验证流程主要有:The verification process mainly includes:

(1)sacre平台随机生成一个随机值nounce,通过HTTPS方式发送到商户服务器,n1=nounce;(1) The sacre platform randomly generates a random value of noise, and sends it to the merchant server through HTTPS, n 1 =nounce;

n1表示sacre平台服务器生成的随机值,结果是通过任意值经过keccak256哈希算法生成的64位16进制数。n 1 represents a random value generated by the sacre platform server, and the result is a 64-bit hexadecimal number generated by the keccak256 hash algorithm through any value.

Keccak256算法可以将任意长度的输入压缩成64位16进制的数,且哈希碰撞的概率几乎为0。The Keccak256 algorithm can compress any length of input into a 64-bit hexadecimal number, and the probability of hash collision is almost 0.

(2)商户收到随机值生成相应计算结果值output和生成零知识证明的证明proof。(2) The merchant receives the random value to generate the corresponding calculation result value output and generates the proof proof of the zero-knowledge proof.

(a)生成output过程(a) Generate output process

将n1和自身公钥(pk)作为数据输入,对输入使用keccak256k1方法取Hash。Take n 1 and its own public key (pk) as data input, and use the keccak256k1 method to take the Hash for the input.

Hash=keccak256k1(n1,pk),用递归方法对所得数据进行计算,直到输出小于secp256pk1算法中的p值,并且是曲线上的某一点(x,y);Hash=keccak256k1(n 1 , pk), calculate the obtained data recursively until the output is less than the p value in the secp256pk1 algorithm, and is a certain point (x, y) on the curve;

g1=(x,y)g 1 =(x, y)

将g1点与私钥(sk)进行曲线运算,得到Y值;Perform curve operation on the g 1 point and the private key (sk) to obtain the Y value;

Y=g1 sk Y=g 1 sk

对Y使用keccak256k1取hash,作为输出结果即output。Use keccak256k1 to take the hash of Y as the output result, that is, output.

(b)生成proof(b) Generate proof

随机安全的生成一个随机数:n2=nounce,n2∈zq,zq表示有理数集合;Randomly and safely generate a random number: n 2 =nounce, n 2 ∈ z q , z q represents the set of rational numbers;

根据secp256pk1算法中的参数g(g已确定且公开已知),算出u,表达式为:According to the parameter g in the secp256pk1 algorithm (g has been determined and publicly known), u is calculated, and the expression is:

u=gn2 u=g n2

根据g1点和随机值n2来计算v,表达式为:

Figure BDA0003570692260000051
Calculate v based on g 1 point and random value n 2 , the expression is:
Figure BDA0003570692260000051

计算proof,表达式为:To calculate proof, the expression is:

c=Hash(g1,pk,Y,u,v)mod pc=Hash(g 1 ,pk,Y,u,v)mod p

proof=n2-c*skproof=n 2 -c*sk

mod表示取模;p表示生成output时生成的值;sk表示商户私钥;pk表示商户公钥;g为secp256pk1算法中的参数g(已确定且公开);c、u为计算的中间值。mod represents the modulo; p represents the value generated when output is generated; sk represents the merchant's private key; pk represents the merchant's public key; g is the parameter g in the secp256pk1 algorithm (determined and public); c and u are the calculated intermediate values.

(3)商户把output和Y、c、u、proof发送给sacre平台;(3) The merchant sends output and Y, c, u, proof to the sacre platform;

(4)平台对结果和proof进行验证,看结果是否正确,对于多次不正确的结果进行相应处罚。(4) The platform verifies the result and proof to see if the result is correct, and imposes corresponding penalties for multiple incorrect results.

先对商户的公钥和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点;First, verify the merchant's public key and point Y to check whether pk and Y are points on the secp256k1 curve;

然后数学验证c、pk、proof、g点计算结果是否与u值是否一致;Then mathematically verify whether the calculation results of c, pk, proof, and g points are consistent with the u value;

推导过程:The derivation process:

Figure BDA0003570692260000052
Figure BDA0003570692260000052

若验证通过,则表明是商户正在进行有效MPC隐私计算。If the verification is passed, it means that the merchant is performing effective MPC privacy calculation.

根据本发明提供的基于零知识证明防止商户作恶的数据源筛选系统,包括:模块M1:在隐私计算平台生成一个随机值,并以HTTPS方式发送到商户服务器;模块M2:在商户服务器中,根据随机值生成相应计算结果值和零知识证明;模块M3:将计算结果值、零知识证明和过程数据发送给隐私计算平台;模块M4:在隐私计算平台中,对计算结果值和零知识证明进行验证,若验证结果不符合预设要求,则对商户进行相应处罚。According to the data source screening system for preventing merchants from doing evil based on zero-knowledge proof provided by the present invention, it includes: module M1: generate a random value on the privacy computing platform and send it to the merchant server in HTTPS; module M2: in the merchant server, according to The random value generates the corresponding calculation result value and zero-knowledge proof; Module M3: Send the calculation result value, zero-knowledge proof and process data to the privacy computing platform; Module M4: In the privacy computing platform, carry out the calculation result value and zero-knowledge proof. Verification, if the verification result does not meet the preset requirements, the merchant will be punished accordingly.

通过keccak256哈希算法将随机值压缩成64位16进制的数,且哈希碰撞的概率为0。计算结果值的生成包括:将随机值n1和自身公钥pk作为数据输入,对数据输入使用哈希函数keccak256k1算法获取哈希值:Hash=keccak256k1(n1,pk),用递归法对所得数据进行计算,直到输出小于椭圆曲线算法secp256pk1中的p值,并且是曲线上的某一点g1=(x,y);将g1点与私钥sk进行曲线运算,得到Y值,表达式为:Y=g1 sk;对Y值使用keccak256k1算法获取哈希值,作为计算结果值。The random value is compressed into a 64-bit hexadecimal number by the keccak256 hash algorithm, and the probability of hash collision is 0. The generation of the calculation result value includes: taking the random value n 1 and its own public key pk as data input, and using the hash function keccak256k1 algorithm for the data input to obtain the hash value: Hash=keccak256k1(n 1 , pk), using the recursive method to obtain the hash value The data is calculated until the output is smaller than the p value in the elliptic curve algorithm secp256pk1, and is a certain point g 1 = (x, y) on the curve; perform curve operation on the g 1 point and the private key sk to obtain the Y value, the expression is: Y=g 1 sk ; use the keccak256k1 algorithm to obtain the hash value for the Y value as the calculation result value.

零知识证明的计算包括:生成随机数:n2=nounce,n2∈zq,zq表示有理数集合;根据secp256pk1算法中的已确定且公开已知参数g算出u,表达式为:u=gn2;根据g1点和随机值n2来计算v,表达式为:

Figure BDA0003570692260000061
计算零知识证明proof,表达式为:c=Hash(g1,pk,Y,u,v)mod p,proof=n2-c*sk;其中:mod表示取模;Y、p、u、v、c为计算的中间值。The calculation of zero-knowledge proof includes: generating random numbers: n 2 =nounce, n 2 ∈ z q , z q represents the set of rational numbers; calculate u according to the determined and publicly known parameter g in the secp256pk1 algorithm, and the expression is: u = g n2 ; Calculate v according to g 1 point and random value n 2 , the expression is:
Figure BDA0003570692260000061
To calculate the zero-knowledge proof proof, the expression is: c=Hash(g 1 ,pk,Y,u,v)mod p, proof=n 2 -c*sk; where: mod represents modulo; Y, p, u, v and c are the calculated intermediate values.

先对商户的公钥pk和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点,然后数学验证c、pk、proof、g点计算结果是否与u值是否一致,推导过程为:

Figure BDA0003570692260000062
若验证通过,则表明是商户正在进行有效MPC隐私计算。First, verify the merchant's public key pk and point Y to check whether pk and Y are points on the secp256k1 curve, and then mathematically verify whether the calculation results of points c, pk, proof, and g are consistent with the value of u. The derivation process is as follows:
Figure BDA0003570692260000062
If the verification is passed, it means that the merchant is performing effective MPC privacy calculation.

本领域技术人员知道,除了以纯计算机可读程序代码方式实现本发明提供的系统、装置及其各个模块以外,完全可以通过将方法步骤进行逻辑编程来使得本发明提供的系统、装置及其各个模块以逻辑门、开关、专用集成电路、可编程逻辑控制器以及嵌入式微控制器等的形式来实现相同程序。所以,本发明提供的系统、装置及其各个模块可以被认为是一种硬件部件,而对其内包括的用于实现各种程序的模块也可以视为硬件部件内的结构;也可以将用于实现各种功能的模块视为既可以是实现方法的软件程序又可以是硬件部件内的结构。Those skilled in the art know that, in addition to implementing the system, device and each module provided by the present invention in the form of pure computer readable program code, the system, device and each module provided by the present invention can be completely implemented by logically programming method steps. The same program is implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, among others. Therefore, the system, device and each module provided by the present invention can be regarded as a kind of hardware component, and the modules included in it for realizing various programs can also be regarded as the structure in the hardware component; A module for realizing various functions can be regarded as either a software program for realizing a method or a structure within a hardware component.

以上对本发明的具体实施例进行了描述。需要理解的是,本发明并不局限于上述特定实施方式,本领域技术人员可以在权利要求的范围内做出各种变化或修改,这并不影响本发明的实质内容。在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the above-mentioned specific embodiments, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essential content of the present invention. The embodiments of the present application and the features in the embodiments may be combined with each other arbitrarily without conflict.

Claims (10)

1.一种基于零知识证明防止商户作恶的数据源筛选方法,其特征在于,包括:1. A data source screening method for preventing merchants from doing evil based on zero-knowledge proof, is characterized in that, comprises: 步骤1:在隐私计算平台生成一个随机值,并以HTTPS方式发送到商户服务器;Step 1: Generate a random value on the privacy computing platform and send it to the merchant server by HTTPS; 步骤2:在商户服务器中,根据随机值生成相应计算结果值和零知识证明;Step 2: In the merchant server, generate the corresponding calculation result value and zero-knowledge proof according to the random value; 步骤3:将计算结果值、零知识证明和过程数据发送给隐私计算平台;Step 3: Send the calculation result value, zero-knowledge proof and process data to the privacy computing platform; 步骤4:在隐私计算平台中,对计算结果值和零知识证明进行验证,若验证结果不符合预设要求,则对商户进行相应处罚。Step 4: In the privacy computing platform, the calculation result value and the zero-knowledge proof are verified. If the verification result does not meet the preset requirements, the merchant will be punished accordingly. 2.根据权利要求1所述的基于零知识证明防止商户作恶的数据源筛选方法,其特征在于,通过keccak256哈希算法将随机值压缩成64位16进制的数,且哈希碰撞的概率为0。2. The data source screening method for preventing merchants from doing evil based on zero-knowledge proof according to claim 1, wherein the random value is compressed into a 64-digit hexadecimal number by the keccak256 hash algorithm, and the probability of hash collision is 0. 3.根据权利要求1所述的基于零知识证明防止商户作恶的数据源筛选方法,其特征在于,计算结果值的生成包括:3. The data source screening method for preventing merchants from doing evil based on zero-knowledge proof according to claim 1, it is characterized in that, the generation of calculation result value comprises: 将随机值n1和自身公钥pk作为数据输入,对数据输入使用哈希函数keccak256k1算法获取哈希值:Hash=keccak256k1(n1,pk),用递归法对所得数据进行计算,直到输出小于椭圆曲线算法secp256pk1中的p值,并且是曲线上的某一点g1=(x,y);Take the random value n 1 and its own public key pk as data input, use the hash function keccak256k1 algorithm to obtain the hash value for the data input: Hash=keccak256k1(n 1 , pk), use the recursive method to calculate the obtained data until the output is less than The p-value in the elliptic curve algorithm secp256pk1 and is a point on the curve g 1 =(x, y); 将g1点与私钥sk进行曲线运算,得到Y值,表达式为:Perform the curve operation on the g 1 point and the private key sk to obtain the Y value, the expression is: Y=g1 sk Y=g 1 sk 对Y值使用keccak256k1算法获取哈希值,作为计算结果值。Use the keccak256k1 algorithm to obtain the hash value for the Y value as the calculation result value. 4.根据权利要求3所述的基于零知识证明防止商户作恶的数据源筛选方法,其特征在于,零知识证明的计算包括:4. The data source screening method for preventing merchants from doing evil based on zero-knowledge proof according to claim 3, it is characterized in that, the calculation of zero-knowledge proof comprises: 生成随机数:n2=nounce,n2∈zq,zq表示有理数集合;Generate random numbers: n 2 =nounce, n 2 ∈ z q , z q represents a set of rational numbers; 根据secp256pk1算法中的已确定且公开已知参数g算出u,表达式为:Calculate u according to the determined and publicly known parameter g in the secp256pk1 algorithm, and the expression is: u=gn2 u=g n2 根据g1点和随机值n2来计算v,表达式为:Calculate v based on g 1 point and random value n 2 , the expression is:
Figure FDA0003570692250000011
Figure FDA0003570692250000011
 计算零知识证明proof,表达式为:Calculate the zero-knowledge proof proof, the expression is: c=Hash(g1,pk,Y,u,v)mod pc=Hash(g 1 ,pk,Y,u,v)mod p proof=n2-c*skproof=n 2 -c*sk 其中:mod表示取模;Y、p、u、v、c为计算的中间值。Among them: mod represents the modulo; Y, p, u, v, c are the intermediate values of the calculation. 5.根据权利要求4所述的基于零知识证明防止商户作恶的数据源筛选方法,其特征在于,先对商户的公钥pk和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点,然后数学验证c、pk、proof、g点计算结果是否与u值是否一致,推导过程为:5. The data source screening method for preventing merchants from doing evil based on zero-knowledge proof according to claim 4, it is characterized in that, first verify the public key pk and Y point of the merchant, and check whether pk and Y are points on the secp256k1 curve , and then mathematically verify whether the calculation results of c, pk, proof, and g points are consistent with the u value. The derivation process is:
Figure FDA0003570692250000021
Figure FDA0003570692250000021
 若验证通过,则表明是商户正在进行有效MPC隐私计算。If the verification is passed, it means that the merchant is performing effective MPC privacy calculation. 6.一种基于零知识证明防止商户作恶的数据源筛选系统,其特征在于,包括:6. A data source screening system for preventing merchants from doing evil based on zero-knowledge proof, characterized in that it includes: 模块M1:在隐私计算平台生成一个随机值,并以HTTPS方式发送到商户服务器;Module M1: Generate a random value on the privacy computing platform and send it to the merchant server by HTTPS; 模块M2:在商户服务器中,根据随机值生成相应计算结果值和零知识证明;Module M2: In the merchant server, generate the corresponding calculation result value and zero-knowledge proof according to the random value; 模块M3:将计算结果值、零知识证明和过程数据发送给隐私计算平台;Module M3: Send the calculation result value, zero-knowledge proof and process data to the privacy computing platform; 模块M4:在隐私计算平台中,对计算结果值和零知识证明进行验证,若验证结果不符合预设要求,则对商户进行相应处罚。Module M4: In the privacy computing platform, the calculation result value and the zero-knowledge proof are verified. If the verification result does not meet the preset requirements, the merchant will be punished accordingly. 7.根据权利要求6所述的基于零知识证明防止商户作恶的数据源筛选系统,其特征在于,通过keccak256哈希算法将随机值压缩成64位16进制的数,且哈希碰撞的概率为0。7. The data source screening system for preventing merchants from doing evil based on zero-knowledge proof according to claim 6, wherein the random value is compressed into a 64-digit hexadecimal number by the keccak256 hash algorithm, and the probability of hash collision is 0. 8.根据权利要求7所述的基于零知识证明防止商户作恶的数据源筛选系统,其特征在于,计算结果值的生成包括:8. The data source screening system for preventing merchants from doing evil based on zero-knowledge proof according to claim 7, wherein the generation of the calculation result value comprises: 将随机值n1和自身公钥pk作为数据输入,对数据输入使用哈希函数keccak256k1算法获取哈希值:Hash=keccak256k1(n1,pk),用递归法对所得数据进行计算,直到输出小于椭圆曲线算法secp256pk1中的p值,并且是曲线上的某一点g1=(x,y);Take the random value n 1 and its own public key pk as data input, use the hash function keccak256k1 algorithm to obtain the hash value for the data input: Hash=keccak256k1(n 1 , pk), use the recursive method to calculate the obtained data until the output is less than The p-value in the elliptic curve algorithm secp256pk1 and is a point on the curve g 1 =(x, y); 将g1点与私钥sk进行曲线运算,得到Y值,表达式为:Perform the curve operation on the g 1 point and the private key sk to obtain the Y value, the expression is: Y=g1 sk Y=g 1 sk 对Y值使用keccak256k1算法获取哈希值,作为计算结果值。Use the keccak256k1 algorithm to obtain the hash value for the Y value as the calculation result value. 9.根据权利要求8所述的基于零知识证明防止商户作恶的数据源筛选系统,其特征在于,零知识证明的计算包括:9. The data source screening system for preventing merchants from doing evil based on zero-knowledge proof according to claim 8, wherein the calculation of the zero-knowledge proof comprises: 生成随机数:n2=nounce,n2∈zq,zq表示有理数集合;Generate random numbers: n 2 =nounce, n 2 ∈ z q , z q represents the set of rational numbers; 根据secp256pk1算法中的已确定且公开已知参数g算出u,表达式为:Calculate u according to the determined and publicly known parameter g in the secp256pk1 algorithm, and the expression is: u=gn2 u=g n2 根据g1点和随机值n2来计算v,表达式为:Calculate v based on g 1 point and random value n 2 , the expression is:
Figure FDA0003570692250000022
Figure FDA0003570692250000022
 计算零知识证明proof,表达式为:Calculate the zero-knowledge proof proof, the expression is: c=Hash(g1,pk,Y,u,v)mod pc=Hash(g 1 ,pk,Y,u,v)mod p proof=n2-c*skproof=n 2 -c*sk 其中:mod表示取模;Y、p、u、v、c为计算的中间值。Among them: mod represents the modulo; Y, p, u, v, c are the intermediate values of the calculation. 10.根据权利要求9所述的基于零知识证明防止商户作恶的数据源筛选系统,其特征在于,先对商户的公钥pk和Y点进行验证,检验pk和Y是否是secp256k1曲线上的点,然后数学验证c、pk、proof、g点计算结果是否与u值是否一致,推导过程为:10. The data source screening system for preventing merchants from doing evil based on zero-knowledge proof according to claim 9, characterized in that, first verifying the merchant's public key pk and point Y, and checking whether pk and Y are points on the secp256k1 curve , and then mathematically verify whether the calculation results of c, pk, proof, and g points are consistent with the u value. The derivation process is:
Figure FDA0003570692250000031
Figure FDA0003570692250000031
 若验证通过,则表明是商户正在进行有效MPC隐私计算。If the verification is passed, it means that the merchant is performing effective MPC privacy calculation.
CN202210318796.XA 2022-03-29 2022-03-29 Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof Pending CN114793228A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210318796.XA CN114793228A (en) 2022-03-29 2022-03-29 Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210318796.XA CN114793228A (en) 2022-03-29 2022-03-29 Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof

Publications (1)

Publication Number Publication Date
CN114793228A true CN114793228A (en) 2022-07-26

Family

ID=82462516

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210318796.XA Pending CN114793228A (en) 2022-03-29 2022-03-29 Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof

Country Status (1)

Country Link
CN (1) CN114793228A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019180588A1 (en) * 2018-03-23 2019-09-26 nChain Holdings Limited Computer-implemented system and method for enabling zero-knowledge proof
WO2020114240A1 (en) * 2018-12-06 2020-06-11 山东大学 Zero-knowledge proof-based smart contract authentication data privacy protection method and system
AU2019202832A1 (en) * 2019-01-31 2020-08-13 Advanced New Technologies Co., Ltd. Cross-asset trading within blockchain networks
CN113037479A (en) * 2021-03-25 2021-06-25 支付宝(杭州)信息技术有限公司 Data verification method and device
CN113645020A (en) * 2021-07-06 2021-11-12 北京理工大学 A Consortium Chain Privacy Protection Method Based on Secure Multi-Party Computation
WO2022024182A1 (en) * 2020-07-27 2022-02-03 富士通株式会社 Knowledge proof method, knowledge proof program, and information processing apparatus
CN114070561A (en) * 2022-01-17 2022-02-18 工业信息安全(四川)创新中心有限公司 Zero-knowledge proof method and system based on SM2 algorithm
CN114172655A (en) * 2021-11-07 2022-03-11 西安链融科技有限公司 Secure multi-party computing data system, method, equipment and data processing terminal

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019180588A1 (en) * 2018-03-23 2019-09-26 nChain Holdings Limited Computer-implemented system and method for enabling zero-knowledge proof
CN111886831A (en) * 2018-03-23 2020-11-03 区块链控股有限公司 Computer-implemented system and method for implementing zero-knowledge proofs
WO2020114240A1 (en) * 2018-12-06 2020-06-11 山东大学 Zero-knowledge proof-based smart contract authentication data privacy protection method and system
AU2019202832A1 (en) * 2019-01-31 2020-08-13 Advanced New Technologies Co., Ltd. Cross-asset trading within blockchain networks
WO2022024182A1 (en) * 2020-07-27 2022-02-03 富士通株式会社 Knowledge proof method, knowledge proof program, and information processing apparatus
CN113037479A (en) * 2021-03-25 2021-06-25 支付宝(杭州)信息技术有限公司 Data verification method and device
CN113645020A (en) * 2021-07-06 2021-11-12 北京理工大学 A Consortium Chain Privacy Protection Method Based on Secure Multi-Party Computation
CN114172655A (en) * 2021-11-07 2022-03-11 西安链融科技有限公司 Secure multi-party computing data system, method, equipment and data processing terminal
CN114070561A (en) * 2022-01-17 2022-02-18 工业信息安全(四川)创新中心有限公司 Zero-knowledge proof method and system based on SM2 algorithm

Similar Documents

Publication Publication Date Title
CN108900364B (en) Block chain network management method, block chain network management device, block chain network management medium and electronic equipment
JP6069852B2 (en) Information processing apparatus, information processing method, and program
CN108848148B (en) Transaction information confirmation method and device based on block chain
TW201320700A (en) Signature verification device, signature verification method, program, and recording medium
CN110400217B (en) Method and device for processing rule change of smart contract
CN113095827A (en) Anonymous multiple signature method, computer device, and storage medium
JP2008048451A (en) Method, system and device for proving authenticity of entity and/or integrity of message
CN113032837A (en) Anonymous authentication method and system for open platform
CN106972930B (en) Unconditionally Secure Verifiable Random Number Generation Method
CN113793146A (en) Verification method, equipment and storage medium for parallel chain synchronous transaction
CN114793228A (en) Data source screening method and system for preventing merchant from doing malicious activities based on zero knowledge proof
CN118282665A (en) Quantum algorithm-based JWT signature generation method and related products
CN115473632B (en) Improved multi-layer linkable ring signature generation method and device
TWI854475B (en) SDK repair method, device, terminal, equipment, system and medium
CN116684104A (en) RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium
CN113411191B (en) Data auditing method and device
CN116506133A (en) Blind signature algorithm and device for message and electronic equipment
CN113806441B (en) Signature processing method and device based on blockchain, electronic equipment and storage medium
CN113627911A (en) Method, device and storage medium for anonymously receiving and sending red packet based on block chain
CN114362962A (en) Block chain workload proof generation method
CN113112269A (en) Multiple signature method, computer device, and storage medium
CN115694820A (en) Grid digital signature method and related equipment
CN111949738A (en) Block chain-based data storage deduplication method, terminal device and storage medium
CN118381660B (en) Regional cash center behavior zero trust system construction method and system
CN112910649A (en) Dilithium algorithm implementation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220726