CN115393079A - Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit - Google Patents

Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit Download PDF

Info

Publication number
CN115393079A
CN115393079A CN202210858984.1A CN202210858984A CN115393079A CN 115393079 A CN115393079 A CN 115393079A CN 202210858984 A CN202210858984 A CN 202210858984A CN 115393079 A CN115393079 A CN 115393079A
Authority
CN
China
Prior art keywords
puzzle
algorithm
public
transaction
answer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210858984.1A
Other languages
Chinese (zh)
Inventor
赖俊祚
吴嘉和
翁健
李宇娴
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202210858984.1A priority Critical patent/CN115393079A/en
Publication of CN115393079A publication Critical patent/CN115393079A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to the field of block chains, in particular to a chain-crossing transaction method, equipment and a medium which can be randomized and traced and audited, wherein the method comprises the steps that an audit organization generates public parameters and a trap key, and a data consumer generates a public and private key pair; the data consumer constructs a puzzle through a public key and generates a corresponding zero knowledge proof; when the data provider receives the puzzle and the corresponding zero knowledge proof, the validity of the puzzle is verified; randomizing the received puzzle, and sending the randomized puzzle to the intermediary; and the auditing mechanism runs a Link algorithm, finds the association among the puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol. The invention can realize that the auditor can carry out traceability audit without invading the user identity privacy, provides a means for supervising and pursuing accountability, reduces the occurrence of malicious attacks, and simultaneously retains the anonymity due to the randomizable property of puzzle combination.

Description

Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit
Technical Field
The invention relates to the field of block chains, in particular to a cross-chain transaction method, equipment and medium capable of randomizing and tracing audit.
Background
With the rapid development of blockchain technology, the "interoperability" between chains becomes a problem to be solved in the future extended blockchain application field, and the related scenarios include but are not limited to cross-chain transaction, cross-chain information interaction, cross-chain computation, and the like. Meanwhile, when performing chain interoperation, ensuring auditability of cross-chain operation while satisfying reasonable anonymity is also one of the problems to be solved urgently.
In order to solve the above problems, the existing cross-chain scheme allows a user to convert a part of assets with a cross-chain platform to obtain digital currency of the cross-chain platform, and then exchange the assets on other block chains as required by the user through the digital currency of the cross-chain platform. Tairi et al [ Tairi E, moreno-Sanchez P, maffei M.A 2 l. The cross-chain platforms can obtain profit by collecting a certain proportion of transaction commission fees, but most of the existing schemes only meet atomicity and anonymity in cross-chain transactions, cannot meet the source-tracing audit requirements on malicious and dishonest transaction behaviors, have special requirements on the bottom layer implementation of a block chain, and cannot be compatible with most of block chain systems. Therefore, there is a need in the industry to develop a cross-link transaction scheme based on a basic script function design shared by most blockchains, which can satisfy a certain anonymity and implement source-tracing audit, so as to be compatible with most heterogeneous blockchains and satisfy the audit supervision requirement.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides a cross-chain transaction method, equipment and medium capable of randomizing and tracing audit, the traceable audit is realized by embedding a trapdoor key, the traceable audit can be realized by an auditing party while the identity privacy of a user is not violated through the linkable characteristic between puzzles based on the trapdoor key, and a means for supervising and tracing responsibility is provided, so that the occurrence of malicious attack is reduced, and meanwhile, the randomizable nature of the puzzle is kept anonymous.
The invention aims to provide a cross-chain transaction method capable of randomizing and source auditing.
It is a second object of the invention to provide a computer apparatus.
It is a third object of the present invention to provide a storage medium.
The first purpose of the invention can be achieved by adopting the following technical scheme:
a method of randomizable and traceably auditable cross-chain transactions, the method comprising:
s1, generating public parameters and a trapdoor key by an auditing mechanism, wherein the trapdoor key is used for tracing and auditing;
s2, a public and private key pair is generated by a data consumer and used for constructing and solving puzzles;
s3, the data consumer sets a transaction script on the block chain to lock a transaction fund, constructs a puzzle through a public key, generates a corresponding zero knowledge certificate, and sends the puzzle and the zero knowledge certificate to the data provider;
s4, when the data provider receives the puzzle and the corresponding zero knowledge proof, the effectiveness of the puzzle is verified, if the puzzle is effective, the puzzle is accepted, and the transaction is continued; if the puzzle is invalid, discarding the puzzle and terminating the transaction;
s5, randomly receiving puzzles after the data provider deals the data with the data consumer, and sending the randomly received puzzles to the broker;
s6, after receiving the randomized puzzle, the intermediary forwards the randomized puzzle to the data consumer and asks the data consumer for a puzzle answer;
s7, solving the randomized puzzle by the data consumer through a private key of the data consumer to obtain a corresponding blinded answer, and sending the blinded answer to an intermediary;
s8, after obtaining the blinded answer, the intermediary forwards the blinded answer to a data provider;
s9, after the data provider obtains the blinded answer, blinding the blinded answer by using a private blinding factor to obtain a real answer, unlocking a transaction script by using the real answer, and obtaining a transaction amount;
s10, the auditing mechanism searches for the association among puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol.
The second purpose of the invention can be achieved by adopting the following technical scheme:
a computer device comprises a processor and a memory for storing processor executable programs, wherein the processor executes the programs stored in the memory to realize the cross-chain transaction method capable of randomizing and tracing audit.
The third purpose of the invention can be achieved by adopting the following technical scheme:
a storage medium storing a program which, when executed by a processor, implements a method of cross-chain transactions that is randomizable and auditable.
Compared with the prior art, the invention has the following advantages and beneficial effects:
compared with the prior art, the cross-chain transaction method, the equipment and the medium capable of randomizing and tracing audit realize tracing audit by embedding the trapdoor key, avoid the problems of supervision deficiency and rampant attack possibly caused by complete anonymization, can realize tracing audit by an auditor without invading the identity privacy of a user through the linkable characteristic among the puzzles based on the trapdoor key, provide a means for supervising and tracing accountability, reduce the occurrence of the malicious attack and simultaneously preserve the anonymity due to the randomizable property of the puzzle.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a schematic diagram of an anterior split flow of a cross-chain transaction method with randomization and audit tracing in an embodiment of the present invention;
fig. 2 is a schematic diagram of a back-end flow of a cross-chain transaction method capable of randomization and audit tracing in the embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described in further detail with reference to the accompanying drawings and examples, and it is obvious that the described examples are some, but not all, examples of the present invention, and the embodiments of the present invention are not limited thereto. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
the cross-chain transaction method capable of randomizing and tracing audit comprises an audit organization, a data consumer, a data provider and an intermediary. An auditing agency generates public parameters and a trap door key for source-tracing auditing; the data consumer uses public parameters to generate a public and private key pair needed for constructing the puzzle; when data transaction is needed, a data consumer sets a transaction script on a blockchain to lock transaction amount, constructs a puzzle only knowing an answer by the data consumer and generates a corresponding zero knowledge certificate by using a public key of the data consumer, and then sends the puzzle and the zero knowledge certificate to a data provider. The answer corresponding to the puzzle can be used to unlock the script, and the zero knowledge proof can ensure that the puzzle is valid, i.e. the data consumer knows the answer to the puzzle, and the answer can be used to unlock the transaction script; when the data provider receives the puzzle and the corresponding zero knowledge proof, the validity of the puzzle needs to be verified, if the puzzle is valid, the puzzle is accepted, the transaction continues, if the puzzle is invalid, the puzzle is discarded, and the transaction is terminated; after the data provider transacts the data to the data consumer, in order to obtain puzzle answers to obtain locked transaction money, the data provider randomizes the received puzzle and sends the randomized puzzle to the intermediary; after receiving the randomized puzzle, the intermediary forwards the puzzle to the data consumer and asks the data consumer for a puzzle answer; after receiving the puzzle, the data consumer uses the private key of the data consumer to solve the puzzle to obtain a corresponding blinded answer, and sends the answer to the intermediary; the broker forwards the answer to the data provider after obtaining the answer; after the data provider obtains the blinded answer, blinding the blinded answer by using a private blinding factor to obtain a real answer, and unlocking a transaction script by using the real answer to obtain a transaction amount; when a participant has a dishonest behavior in the transaction process, the auditing mechanism can find the association among the puzzles in the whole transaction process through the trapdoor key so as to reconstruct a transaction chain, so that the dishonest and the malicious behavior deviating from the protocol in the transaction can be locked.
As shown in fig. 1-2, a schematic flow chart of a cross-chain transaction method capable of randomizing and audit tracing, the cross-chain transaction method capable of randomizing and audit tracing described in the present invention includes the following steps:
s1, generating public parameters and a trapdoor key by an auditing mechanism, wherein the trapdoor key is used for tracing and auditing;
the auditing agency runs a parameter initialization algorithm CPCrs (Conditional Puzzle Crs) algorithm to generate public parameters and a trap key, and the trap key is used for source audit. The CPCrs algorithm is a parameter initialization algorithm and is used for generating public parameters and a trapdoor key in the scheme, and the trapdoor key can be used for an auditing mechanism to link randomized puzzles back to original puzzles so as to realize the linkable characteristic among the puzzles.
Specifically, step S1 includes:
s101, an auditing mechanism selects a security parameter lambda as the input of a CPCrs algorithm;
s102, calling a public reference string initialization algorithm CRSSetup (lambda) in a malleable zero knowledge proof protocol based on Groth-Sahai construction by a CPCrs algorithm through an introduced security parameter lambda to generate a public reference string crs;
s103, calling an initialization algorithm Setup (lambda) in a randomized puzzle construction protocol in an A2L (anonymous atomic lock) protocol by the CPCrs algorithm through the transmitted security parameter lambda to obtain an elliptic curve group parameter pp rp I.e. pp rp = (G, q); wherein q is a large prime number, is the order of an elliptic curve group G, and G is a generator of the group G;
s104, calling a key generation algorithm Gen (lambda) in ELGamal encryption protocol based on dlin hypothesis by CPCrs algorithm through an incoming security parameter lambda to Generate a public-private key pair (pk) dlin ,sk dlin ) Wherein pk dlin Is a public key sk dlin Is a private key;
s105, CPCrs algorithm outputs of three algorithms in steps S102-S104, namely, a common parameter pp = (pp) rp ,pk dlin )=(G,g,q,pk dlin ) Common reference string crs, trapdoor key td = sk dlin And outputting as a final result, and after the final output is obtained, the auditing mechanism uses the public parameter pp, the public reference string crs and the safety parameter lambda as public parameters to be disclosed, and the trapdoor key td is kept secret.
S2, a public and private key pair is generated by a data consumer and used for constructing and solving puzzles;
the data consumer runs a CPSetup (Conditional Puzzle Setup) algorithm to generate a public and private key pair required for constructing and solving the Puzzle; the CPSetup algorithm is a puzzle key initialization algorithm for generating public-private key pairs required to construct and solve a puzzle.
Specifically, the data consumer inputs a security parameter lambda in the public parameter, runs a CPSetup algorithm, calls a Psetup (lambda) (Puzzle setup) algorithm in a randomized Puzzle construction protocol in an A2L (anonymous atomic Lock) protocol, and generates a public and private key pair (pp, sk). Specifically, the process of the Psetup (λ) algorithm is as follows: (pk, sk) ← KGen (λ), where KGen (λ) (Key generation) is a Key generation algorithm in the Castagnos-lagulillaumie encryption protocol, pk is a public Key, and sk is a private Key.
S3, the data consumer sets a transaction script on the block chain to lock the transaction fund, constructs a puzzle through a public key and generates a corresponding zero knowledge certificate, and sends the puzzle and the zero knowledge certificate to the data provider;
when data transaction is needed, a data consumer sets a transaction script on a block chain to lock transaction amount, runs a CPGen (Conditional Puzzle Generator) algorithm, constructs a Puzzle with which only the consumer knows answers through a public key of the consumer, generates a corresponding zero knowledge certificate, and sends the Puzzle and the zero knowledge certificate to a data provider; the CPGen algorithm is a puzzle construction algorithm for generating puzzles and corresponding zero-knowledge proofs.
Specifically, step S3 includes:
s301, the data consumer selects from the set Z q (Z q Randomly sampling a set {0, 1., q-1}, wherein q is a large prime number) to obtain a random number, namely a puzzle answer alpha, and operating a CPGen algorithm by taking the random number as input together with a public parameter pp in the public parameter, a public reference string crs and a public key pk in a Castagnos-Laguellumi encryption protocol;
s302, calling a puzzle construction algorithm PGen (pk, pp) in a randomized puzzle construction protocol in an anonymous atomic lock A2L protocol according to the input public parameter pp, puzzle answer alpha and public key pk rp α) (puzzlegeneration), resulting in message Z = (a, c). In particular, PGen (pk, pp) rp α) the flow of the algorithm is:
Figure BDA0003756931560000051
c ← Enc (pk, α). Wherein, g 1 Is any one generator of the group G, and the group element A is the generator G 1 The result obtained after the operations defined on the group G are alpha times is an element on the group G, enc (pk, alpha) (Encrypt) refers to Castagnos-Laguellaumie (CL) encryption agreementC is a ciphertext of alpha;
s303, calling the proof algorithm pro (alpha, Z) in the zero knowledge proof protocol snark through the message Z output in the step S302 and the input puzzle answer alpha, and generating a zero knowledge proof pi zk
S304, randomly selecting another generator G from the group G 2 Calculating to obtain group elements on the group G
Figure BDA0003756931560000052
Likewise, group elements
Figure BDA0003756931560000053
Also for the generator g 2 The result obtained after the operation defined on the alpha-order group G passes through the group element
Figure BDA0003756931560000054
And the public key pk in ELGamal cryptographic protocol based on dlin hypothesis dlin Invoking an encryption algorithm in the ELGamal encryption protocol based on the dlin assumption
Figure BDA0003756931560000055
(Encrypt) to get the group element
Figure BDA0003756931560000056
The ciphertext enc of (1);
s305, the CPGen algorithm calls a extensible zero-knowledge proof protocol constructed based on Groth-Sahai through a public key pk, a public reference string crs, a message Z and a ciphertext enc
Figure BDA0003756931560000057
An algorithm generates a corresponding zero knowledge proof pi;
s306, sending the message Z and the group elements
Figure BDA0003756931560000058
The ciphertext enc and the zero knowledge proof pi are packaged to obtain the puzzle pz = (Z, enc and pi), and the puzzle pz and the zero knowledge proof pi are used by a data consumer zk Sending to a data providerAnd (4) providing the party.
S4, when the data provider receives the puzzle and the corresponding zero knowledge proof, the effectiveness of the puzzle is verified, if the puzzle is effective, the puzzle is accepted, and the transaction is continued; if the puzzle is invalid, discarding the puzzle and terminating the transaction;
when the data provider receives the Puzzle and the corresponding zero knowledge proof, a CPVibriory algorithm needs to be operated to Verify the validity of the Puzzle, if the Puzzle is valid, the Puzzle is accepted, the transaction continues, if the Puzzle is invalid, the Puzzle is discarded, and the transaction is terminated. The CPVirify algorithm is a puzzle verification algorithm and is used for verifying the validity of the puzzle.
Specifically, step S4 includes:
s401, the data provider proves the received puzzle pz and zero knowledge pi zk The public key pk and the public reference string crs are used as input, a CPVertify algorithm is operated, and pi is proved through zero knowledge zk And message Z in puzzle pz (i.e., the
Figure BDA0003756931560000061
) Invoking the verification algorithm Vry (pi) in the zero-knowledge proof of knowledge protocol snark zk Z) (Verify). If it outputs 0, zero knowledge proves pi zk Invalid, the data provider discards the puzzle and terminates the transaction; if it outputs 1, go to step S402;
s402, calling a verification algorithm Verify ((enc, A), pi) in a extensible zero knowledge proof protocol based on the Groth-Sahai structure through the ciphertext enc, the message Z and the zero knowledge proof pi; if the verification algorithm Verify outputs 0, the zero knowledge proves that pi is invalid, and the data provider discards the puzzle and terminates the transaction; if the verification algorithm Verify outputs 1, then the puzzle is validated and received. The verification algorithm Verify ((enc, a), pi), which is used to Verify the validity of zero knowledge proof pi.
S5, randomly receiving puzzles after the data provider deals the data with the data consumer, and sending the randomly received puzzles to the broker;
after the data provider trades the data to the data consumer, in order to obtain the Puzzle answer to obtain the locked transaction amount, the data provider runs a CPRand (Conditional Puzzle Randomize) algorithm to Randomize the received Puzzle and sends the randomized Puzzle to the intermediary. The CPRand algorithm is a puzzle randomization algorithm for randomizing puzzles.
Specifically, step S5 includes:
s501, the data provider receives and verifies a valid puzzle pz and a common parameter pp = (pp) rp ,pk dlin )=(G,g,q,pk dlin ) And a common reference string crs as input, running the CPRand algorithm, based on the message Z in the puzzle pz (i.e. the puzzle pz)
Figure BDA0003756931560000062
) And (Z ', r) is obtained by calling a Puzzle randomization algorithm PRand (Z) in a randomized Puzzle construction protocol in an A2L (anonymous atomic lock) protocol, wherein the message Z' is a result of the message Z randomized by a random number r. Specifically, the flow of the PRand (Z) algorithm is as follows: from Z q (Z q Random sampling is carried out in a set {0, 1., q-1}, wherein q is a large prime number) to obtain a random number r; randomizing element A (i.e., group element) in puzzle pz using random number r
Figure BDA0003756931560000063
) The result after randomization, i.e. a' = a, is obtained r A' is also a group element (i.e., a group element)
Figure BDA0003756931560000064
) (ii) a Randomizing element c in puzzle pz using random number r (i.e., randomizing element c in puzzle pz
Figure BDA0003756931560000065
Ciphertext) to obtain a randomized result c ', i.e., c' = c r (ii) a Outputting the message Z ' = (a ', c ') and the random number r;
s502, using the message Z ' = (A ', c ') and a random number r as inputs to execute a randomization operation of a commitment value wt and a randomization operation of a commitment declaration stmt in a commitment scheme used in a malleable Zero Knowledge proof protocol constructed based on Groth-Sahai to obtain a ciphertext enc ' after the ciphertext enc is randomized, using the ciphertext enc ', a result A ', a Zero Knowledge proof pi and a public reference string crs as inputs, calling a randomization algorithm ZKEval (Zero knowledgee evaluation) in the malleable Zero Knowledge proof protocol constructed based on Groth-Sahai, and generating a randomized proof pi ';
specifically, by (Z ', r) = (a ', c ', r) output in step S501, the following function is executed
Figure BDA0003756931560000071
Γ wit (α)=α+r,
Wherein, gamma is wit ,Γ stmt Respectively refer to the randomization of the commitment value wit and the randomization of the commitment declaration stmt in the commitment scheme used in the extensible zero-knowledge proof protocol constructed based on Groth-Sahai, (iii) the resulting ciphertext enc' ((ii))
Figure BDA0003756931560000072
Is randomized, i.e. the result is
Figure BDA0003756931560000073
Ciphertext of (A), A', (
Figure BDA0003756931560000074
The result after randomization, i.e.
Figure BDA0003756931560000075
)、{Γ wit ,Γ stmt The zero knowledge proof pi in puzzle pz and the public reference string crs are used as input, a randomization algorithm ZKEval in a extensible zero knowledge proof protocol constructed based on Groth-Sahai is called, and a randomized proof pi is generated . A randomization algorithm ZKEval, which is used to randomize the zero knowledge proof.
S503, packaging the message Z ', the ciphertext enc ' and the proof pi ' to obtain a randomized puzzle pz ', and sending the randomized puzzle pz ' to the intermediary by the data provider.
S6, after receiving the randomized puzzle, the intermediary forwards the randomized puzzle to the data consumer and asks the data consumer for a puzzle answer;
s7, solving the randomized puzzle by the data consumer through a private key of the data consumer to obtain a corresponding blinded answer, and sending the blinded answer to an intermediary;
after receiving the Puzzle, the data consumer runs a CPSlove (Conditional Puzzle Slove) algorithm, solves the Puzzle through a private key of the data consumer to obtain a corresponding blinded answer, and sends the answer to the intermediary. The CPSlove algorithm is a puzzle solving algorithm and is used for solving the puzzle to obtain a puzzle answer.
Specifically, step S7 includes:
the data consumer takes the received Puzzle pz ' and the private key sk as input, runs a CPSlove algorithm, solves the Puzzle pz ' by calling a Puzzle solution algorithm PSlove (Puzzle Slove) in a randomized Puzzle construction protocol in an A2L (anonymous atomic lock) protocol to obtain a corresponding answer alpha ' = alpha + r, and sends the Puzzle answer alpha ' to the broker after obtaining the Puzzle answer alpha '. Specifically, the PSlove algorithm has the following flow: by means of the private keys sk and
Figure BDA0003756931560000076
the result c ' after the ciphertext c is randomized calls a decryption algorithm Dec (sk, c) (decryption) in a Castagnos-Laguellauamie (CL) encryption protocol, and the decryption c ' obtains a corresponding puzzle answer alpha '. After the puzzle answer α' is obtained, the data consumer sends it to the intermediary.
S8, after obtaining the blinded answer, the intermediary forwards the blinded answer to a data provider;
s9, after the blinded answer is obtained by the data provider, blinding the blinded answer by using a private blinding factor to obtain a real answer, and unlocking a transaction script by using the real answer to obtain a transaction amount;
specifically, the data provider blinds the received puzzle answer α 'by a private random number r to obtain a true answer α, i.e., α = α' -r; and the data provider uses the puzzle answer alpha to unlock the transaction script which is arranged on the data block chain in advance by the data consumer, and receives the transaction amount to be obtained.
S10, an auditing mechanism searches the association among the puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol.
When a participant has a dishonest behavior in the transaction process, the auditing mechanism can run a Link algorithm, and find the association among the puzzles in the whole transaction process through the trapdoor key, so as to reconstruct a transaction chain, thereby locking the dishonest party in the transaction and the malicious behavior deviating from the protocol. The Link algorithm is a puzzle linking algorithm used for checking the association between two different puzzles, linking the randomized puzzle back to the original puzzle, assisting an auditing agency to reconstruct a transaction chain, and the linkable nature of the puzzle is provided by the algorithm.
Specifically, step S10 includes:
s1001, an auditing mechanism takes two different puzzles pz and pz 'generated in the transaction process, a public reference string crs and a trapdoor key td as input, runs a Link algorithm, and passes through a ciphertext enc' (enc) in the input puzzle pz
Figure BDA0003756931560000081
Ciphertext) and a trapdoor key td, a decryption algorithm Dec (td, enc ') (Decrypt) in the ELGamal encryption protocol based on the dlin assumption is called, and the ciphertext enc' is decrypted to obtain a first plaintext
Figure BDA0003756931560000082
Likewise, the decryption algorithm is used to decrypt the element enc (in) in pz
Figure BDA0003756931560000083
Ciphertext) to obtain a second plaintext
Figure BDA0003756931560000084
S1002, pairing the first plaintext and the element A through bilinear mapping e to obtain a first pairing result; pairing the second plaintext and the element A' through bilinear mapping e to obtain a second pairing result; verifying whether the first pairing result is equal to the second pairing result, and if the first pairing result is equal to the second pairing result, outputting 1 of a Link algorithm; if the first pairing result is not equal to the second pairing result, outputting 0 of the Link algorithm;
s1003, an auditing mechanism judges according to the output of the Link algorithm, if 1 is output, pz 'is a result of pz randomization, and if 0 is output, no association exists between the puzzle pz and the puzzle pz'. Therefore, a transaction chain can be reconstructed, the dishonest party in the transaction and the malicious behavior deviating from the protocol are locked, and the traceability audit is completed.
In the embodiment, for simplifying the expression, only one puzzle receiver and only one medium are respectively provided, so that the auditor only needs to run once to reconstruct a transaction chain, reveal the identities of a buyer and a seller in the transaction and complete the auditing work. However, in a complex transaction scenario, there are generally a plurality of data providers, data consumers and brokers that assist in transactions and can obtain broker fees therefrom, and at this time, an auditor is faced with a complex transaction chain, and accordingly, a Link algorithm needs to be run for many times to reconstruct the transaction chain.
In general, the method can replace the hash lock mechanism in the existing cross-chain transaction, solve the compatibility problem of heterogeneous blockchains, and realize the under-chain payment and cross-chain transaction in a blockchain system which does not support the hash lock; meanwhile, the chaining performance of the puzzle in the scheme can realize the source tracing audit of the transaction, and the randomness of the puzzle is kept, so that the requirement of real application can be better met. Therefore, the research of the invention has better economic benefit.
Example 2:
the present embodiment provides a computer device, which may be a server, a computer, or the like, and includes a processor, a memory, an input device, a display, and a network interface connected by a system bus, where the processor is configured to provide computing and control capabilities, the memory includes a nonvolatile storage medium and an internal memory, the nonvolatile storage medium stores an operating system, a computer program, and a database, the internal memory provides an environment for the operating system and the computer program in the nonvolatile storage medium to run, and when the processor executes the computer program stored in the memory, the randomizable and traceable auditable cross-chain transaction method of embodiment 1 is implemented as follows:
s1, generating public parameters and a trapdoor key by an auditing mechanism, wherein the trapdoor key is used for tracing and auditing;
s2, a public and private key pair is generated by a data consumer and used for constructing and solving puzzles;
s3, the data consumer sets a transaction script on the block chain to lock the transaction fund, constructs a puzzle through a public key and generates a corresponding zero knowledge certificate, and sends the puzzle and the zero knowledge certificate to the data provider;
s4, when the data provider receives the puzzle and the corresponding zero knowledge proof, the effectiveness of the puzzle is verified, if the puzzle is effective, the puzzle is accepted, and the transaction is continued; if the puzzle is invalid, discarding the puzzle and terminating the transaction;
s5, when the data provider transacts the data to the data consumer, randomly receiving the puzzle, and sending the randomized puzzle to the intermediary;
s6, after receiving the randomized puzzle, the intermediary forwards the randomized puzzle to the data consumer and asks the data consumer for a puzzle answer;
s7, the data consumer solves the randomized puzzle through a private key of the data consumer to obtain a corresponding blinded answer, and the blinded answer is sent to the intermediary;
s8, after obtaining the blinded answer, the intermediary forwards the blinded answer to a data provider;
s9, after the data provider obtains the blinded answer, blinding the blinded answer by using a private blinding factor to obtain a real answer, and unlocking a transaction script by using the real answer to obtain the transaction amount;
s10, the auditing mechanism searches for the association among puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol.
Example 3:
the present embodiment provides a storage medium, which is a computer-readable storage medium, and stores a computer program, where when the program is executed by a processor, and the processor executes the computer program stored in the memory, the method for performing a cross-chain transaction capable of randomizing and audit tracing according to embodiment 1 above is implemented as follows:
s1, generating public parameters and a trapdoor key by an auditing mechanism, wherein the trapdoor key is used for tracing and auditing;
s2, a public and private key pair is generated by a data consumer and used for constructing and solving puzzles;
s3, the data consumer sets a transaction script on the block chain to lock a transaction fund, constructs a puzzle through a public key, generates a corresponding zero knowledge certificate, and sends the puzzle and the zero knowledge certificate to the data provider;
s4, verifying the validity of the puzzle when the data provider receives the puzzle and the zero knowledge proof corresponding to the puzzle, and if the puzzle is valid, accepting the puzzle and continuing the transaction; if the puzzle is invalid, discarding the puzzle and terminating the transaction;
s5, randomly receiving puzzles after the data provider deals the data with the data consumer, and sending the randomly received puzzles to the broker;
s6, after receiving the randomized puzzle, the intermediary forwards the randomized puzzle to the data consumer and asks the data consumer for a puzzle answer;
s7, the data consumer solves the randomized puzzle through a private key of the data consumer to obtain a corresponding blinded answer, and the blinded answer is sent to the intermediary;
s8, after obtaining the blinded answer, the intermediary forwards the blinded answer to a data provider;
s9, after the data provider obtains the blinded answer, blinding the blinded answer by using a private blinding factor to obtain a real answer, unlocking a transaction script by using the real answer, and obtaining a transaction amount;
s10, an auditing mechanism searches the association among the puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. A cross-chain transaction method capable of randomizing and source auditing is characterized by comprising the following steps:
s1, generating public parameters and a trapdoor key by an auditing mechanism, wherein the trapdoor key is used for tracing and auditing;
s2, a public and private key pair is generated by a data consumer and used for constructing and solving puzzles;
s3, the data consumer sets a transaction script on the block chain to lock a transaction fund, constructs a puzzle through a public key, generates a corresponding zero knowledge certificate, and sends the puzzle and the zero knowledge certificate to the data provider;
s4, verifying the validity of the puzzle when the data provider receives the puzzle and the zero knowledge proof corresponding to the puzzle, and if the puzzle is valid, accepting the puzzle and continuing the transaction; if the puzzle is invalid, discarding the puzzle and terminating the transaction;
s5, when the data provider transacts the data to the data consumer, randomly receiving the puzzle, and sending the randomized puzzle to the intermediary;
s6, after receiving the randomized puzzle, the intermediary forwards the randomized puzzle to the data consumer and asks the data consumer for a puzzle answer;
s7, the data consumer solves the randomized puzzle through a private key of the data consumer to obtain a corresponding blinded answer, and the blinded answer is sent to the intermediary;
s8, after obtaining the blinded answer, the intermediary forwards the blinded answer to a data provider;
s9, after the data provider obtains the blinded answer, blinding the blinded answer by using a private blinding factor to obtain a real answer, and unlocking a transaction script by using the real answer to obtain the transaction amount;
s10, the auditing mechanism searches for the association among puzzles in the whole transaction process through the trapdoor key, reconstructs a transaction chain, and locks the dishonest party in the transaction and the malicious behavior deviating from the protocol.
2. The method for randomizing and traceably auditing a cross-chain transaction according to claim 1, where said step S1 comprises the steps of:
s101, an auditing mechanism selects a security parameter lambda as the input of a CPCrs algorithm;
s102, calling a public reference string initialization algorithm CRSSetup according to an incoming security parameter lambda to generate a public reference string crs;
s103, calling an initialization algorithm Setup according to the transmitted safety parameter lambda to obtain an elliptic curve group parameter pp rp ;pp rp = (G, q), where q is a large prime number, is the order of elliptic curve group G, and G is the generator of group G;
s104, calling a key generation algorithm Gen according to the transmitted security parameter lambda to generate a public and private key pair (pk) dlin ,sk dlin ) Wherein pk dlin Is a public key sk dlin Is a private key;
s105, outputting the public parameter pp, the public reference string crs and the trapdoor key td as a final result, wherein the public parameter pp, the public reference string crs and the safety parameter lambda are used as public parameters by an auditing mechanism, and the trapdoor key td is kept secret; common parameters pp = (G, G, q, pk) dlin ) Trapdoor key td = sk dlin
3. The method for randomizing and traceably auditing a cross-chain transaction according to claim 2, where said step S2 comprises the steps of:
and the data consumer inputs a security parameter lambda in the public parameter, runs the CPSetup algorithm, and calls a Psetup (lambda) algorithm in the randomized puzzle construction protocol to generate a public and private key pair (pk, sk).
4. The method for randomizable and auditable cross-chain transaction according to claim 3, wherein said step S3 includes the steps of:
s301, the data consumer selects from the set Z q Randomly sampling to obtain a random number as a puzzle answer alpha, inputting the puzzle answer alpha, a public parameter pp, a public reference string crs and a public key pk as a CPGen algorithm, and operating the CPGen algorithm;
s302, calling a puzzle construction algorithm PGen according to the public parameter pp, the puzzle answer alpha and the public key pk to obtain a message Z;
s303, calling a Prove algorithm in a zero knowledge proof protocol according to the message Z and the puzzle answer alpha to generate a zero knowledge proof pi zk
S304, randomly selecting a generator G from the group G 2 Calculating to obtain group elements on the group G
Figure FDA0003756931550000021
By group elements
Figure FDA0003756931550000022
And a public key pk dlin Calling an encryption algorithm Enc to obtain the group elements
Figure FDA0003756931550000023
The ciphertext enc of (1);
s305, calling a pro algorithm in a zero knowledge proof protocol according to the public key pk, the public reference string crs, the message Z and the ciphertext enc to generate a corresponding zero knowledge proof pi;
s306, sending the message Z and the group elements
Figure FDA0003756931550000024
The ciphertext enc and the zero knowledge proof pi are packaged to obtain the puzzle pz, and the data consumer verifies the puzzle pz and the zero knowledge proof pi zk And sending the data to a data provider.
5. The method of claim 4, wherein the step S4 comprises the steps of:
s401, the data provider proves the received puzzle pz and zero knowledge pi zk The public key pk and the public reference string crs are used as input, a CPVirify algorithm is operated, and pi is proved through zero knowledge zk And a message Z, calling a verification algorithm Vry; if it outputs 0, zero knowledge proves pi zk If the puzzle is invalid, the data provider discards the puzzle and terminates the transaction; if it outputs 1, go to step S402;
s402, calling a verification algorithm Verify according to the ciphertext enc, the message Z and the zero knowledge proof pi; if the verification algorithm Verify outputs 0, the zero knowledge proves that pi is invalid, and the data provider discards the puzzle and terminates the transaction; if the verification algorithm Verify outputs 1, then the puzzle is validated and received.
6. The method of claim 1, wherein the step S5 comprises the steps of:
s501, the data provider inputs the received and verified valid puzzle pz, the public parameter pp and the public reference string crs as a CPrand algorithm, runs the CPrand algorithm, and calls a puzzle randomization algorithm PRand obtains (Z ', r) according to a message Z in the puzzle pz, wherein the message Z' is a result of randomizing the message Z by a random number r; randomizing the element A in the puzzle pz by using a random number r to obtain a randomized element A'; randomizing an element c in the puzzle pz by using a random number r to obtain a randomized result c';
s502, taking the message Z 'and the random number r as input to execute the randomization operation of the commitment value wit and the randomization operation of the commitment statement stmt to obtain a ciphertext enc' after the ciphertext enc is randomized; taking the ciphertext enc ', the element A ', the zero knowledge proof pi and the public reference string crs as input, calling a randomization algorithm ZKEval, and generating a randomized proof pi ';
s503, packaging the message Z ', the ciphertext enc ' and the proof pi ' to obtain a randomized puzzle pz ', and sending the randomized puzzle pz ' to the intermediary by the data provider.
7. The method for randomizable and auditable cross-chain transaction according to claim 6, wherein said step S7 includes the steps of:
and the data consumer inputs the received puzzle pz 'and the private key sk as a CPSlove algorithm, runs the CPSlove algorithm, solves the puzzle pz' through a puzzle solution algorithm PSlove to obtain a corresponding puzzle answer alpha ', and sends the puzzle answer alpha' to the intermediary.
8. The method of claim 7, wherein the step S10 comprises the steps of:
s1001, enabling the audit mechanism to take puzzle pz, puzzle pz ', public reference string crs and trapdoor key td as input, running a Link algorithm, and calling a decryption algorithm Dec to decrypt ciphertext enc ' and ciphertext enc respectively to obtain a first plaintext and a second plaintext according to ciphertext enc ' and the trapdoor key td;
s1002, pairing the first plaintext and the element A through bilinear mapping e to obtain a first pairing result; pairing the second plaintext and the element A' through bilinear mapping e to obtain a second pairing result; verifying whether the first pairing result is equal to the second pairing result, and if the first pairing result is equal to the second pairing result, outputting 1 of a Link algorithm; if the first pairing result is not equal to the second pairing result, outputting 0 of the Link algorithm;
s1003, if the output of the Link algorithm is 1, the puzzle pz' is a result of the puzzle pz after randomization; if the output of the Link algorithm is 0, then there is no association between the puzzle pz and the puzzle pz'.
9. A computer device comprising a processor and a memory for storing processor executable programs, wherein the processor, when executing the programs stored in the memory, implements a method of randomizable and traceable auditable cross-chain transactions according to any one of claims 1 to 8.
10. A storage medium storing a program which, when executed by a processor, implements a method of randomizable and traceable cross-chain transactions according to any one of claims 1 to 8.
CN202210858984.1A 2022-07-21 2022-07-21 Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit Pending CN115393079A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210858984.1A CN115393079A (en) 2022-07-21 2022-07-21 Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210858984.1A CN115393079A (en) 2022-07-21 2022-07-21 Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit

Publications (1)

Publication Number Publication Date
CN115393079A true CN115393079A (en) 2022-11-25

Family

ID=84117053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210858984.1A Pending CN115393079A (en) 2022-07-21 2022-07-21 Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit

Country Status (1)

Country Link
CN (1) CN115393079A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116542795A (en) * 2023-05-09 2023-08-04 武汉智网兴电科技开发有限公司 Audit data cross-chain interaction method and device based on blockchain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116542795A (en) * 2023-05-09 2023-08-04 武汉智网兴电科技开发有限公司 Audit data cross-chain interaction method and device based on blockchain
CN116542795B (en) * 2023-05-09 2024-02-02 武汉智网兴电科技开发有限公司 Audit data cross-chain interaction method and device based on blockchain

Similar Documents

Publication Publication Date Title
CN110971405B (en) SM2 signing and decrypting method and system with cooperation of multiple parties
Noether et al. Ring confidential transactions
JP7252233B2 (en) Systems and methods for multi-party creation of blockchain-based smart contracts
Williamson The aztec protocol
Fuchsbauer WI is not enough: Zero-knowledge contingent (service) payments revisited
Luong et al. Privacy-preserving blockchain-based healthcare system for IoT devices using zk-SNARK
JP2023535336A (en) Generating a shared secret key
CN113159762A (en) Block chain transaction method based on Paillier and game theory
Kosba et al. C $\emptyset $ C $\emptyset $: A Framework for Building Composable Zero-Knowledge Proofs
CN115393079A (en) Cross-chain transaction method, equipment and medium capable of randomizing and tracing audit
Manevich et al. Cross chain atomic swaps in the absence of time via attribute verifiable timed commitments
Sui et al. AuxChannel: Enabling efficient bi-directional channel for scriptless blockchains
Chevalier et al. Deciding the security of protocols with commuting public key encryption
CN115967568A (en) Cross-chain access control method based on block chain and group signature mechanism
Chenli et al. Fairtrade: Efficient atomic exchange-based fair exchange protocol for digital data trading
CN115550073A (en) Construction method capable of monitoring stealth address
US20220345312A1 (en) Zero-knowledge contingent payments protocol for granting access to encrypted assets
CN114844622A (en) Private transaction generation and verification method and system based on block chain
Kim et al. Private and secure post-quantum verifiable random function with nizk proof and ring-lwe encryption in blockchain
Hou et al. Blockchain-based efficient verifiable outsourced attribute-based encryption in cloud
Pavithra et al. Blockchain-based criminal smart contract for symmetric key selling using ZK-SNARKs
CN113420886B (en) Training method, device, equipment and storage medium for longitudinal federal learning model
Pacheco et al. Secure Dynamic Data Storage with Third Party Arbitration in Cloud
Al-Saidi et al. A new idea in zero knowledge protocols based on iterated function systems
EP3764588A1 (en) Zero-knowledge contingent payments protocol for granting access to encrypted assets

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination