CN115473647A - Transaction privacy protection method and device - Google Patents

Transaction privacy protection method and device Download PDF

Info

Publication number
CN115473647A
CN115473647A CN202210935368.1A CN202210935368A CN115473647A CN 115473647 A CN115473647 A CN 115473647A CN 202210935368 A CN202210935368 A CN 202210935368A CN 115473647 A CN115473647 A CN 115473647A
Authority
CN
China
Prior art keywords
ciphertext
public
transaction
private key
sender
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210935368.1A
Other languages
Chinese (zh)
Inventor
谢敏
房春朋
裴庆祺
肖阳
马立川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Lianrong Technology Co ltd
Xidian University
Original Assignee
Xi'an Lianrong Technology Co ltd
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Lianrong Technology Co ltd, Xidian University filed Critical Xi'an Lianrong Technology Co ltd
Priority to CN202210935368.1A priority Critical patent/CN115473647A/en
Publication of CN115473647A publication Critical patent/CN115473647A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

The invention provides a transaction privacy protection method and a device, the transaction privacy protection method encrypts transaction information by a sender through a first public key in a first public and private key pair of a receiver to generate a first ciphertext, and the sender encrypts the transaction information by a second public key in a second public and private key pair of a supervision organization to obtain a second ciphertext; sending the first ciphertext to a receiver, and sending the second ciphertext to a block chain; and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair to obtain the transaction information. The method can protect the privacy of the user transaction information, and the transaction on the blockchain can be supervised.

Description

Transaction privacy protection method and device
Technical Field
The invention relates to the technical field of block chains, in particular to a transaction privacy protection method and device.
Background
In 2008, an electronic cryptocurrency named "bitcoin" was proposed, and blockchain technology was also generated. The block chain is essentially a distributed storage database which uses a cryptography technology and has the characteristics of decentralization, non-falsification, safety, reliability and the like, a credit system does not need to be established, a basic space is constructed for the combined use among a plurality of different applications, and the internet information data is transmitted and stored more efficiently and more conveniently through distributed accounting storage. As such, blockchains solve many of the previously unsolvable problems. Although blockchains can provide a powerful basis for the deployment of distributed applications, with the addition of intelligent contract technology in programmable platforms, people are increasingly aware of some problems in blockchains, such as privacy disclosure, malicious use of data, and the like. In most of the existing blockchain systems, information of legal organizations participating in maintaining the whole account of the blockchain is public, a complete piece of data is stored on each blockchain network node, the data on the chain is also public in the process of using and transmitting transactions, and any person on the blockchain can know the information of each user, so that the user information of the blockchain is leaked, such as the real identity of the user, the amount between transactions, other personal privacy data and the like, and the problems are fatal to some industries paying attention to the privacy of the user data and cannot be accepted by the user. Therefore, if one wants to extend the blockchain into a wider range of industries, some technical means must be employed to protect user privacy. Through the above analysis, the problems and defects of the prior art are as follows: the information on the traditional block chain is public, and anyone can see all the information on the chain, so that the information is easy to be used maliciously. After the encryption algorithm is adopted to encrypt the user transaction information, the situation that the transaction on the chain cannot be managed occurs.
Disclosure of Invention
The invention provides a transaction privacy protection method and a transaction privacy protection device.
In a first aspect, the present application provides a method for protecting transaction privacy, including: a sender encrypts the transaction information by using a first public key in a first public and private key pair of a receiver to generate a first ciphertext, and the sender encrypts the transaction information by using a second public key in a second public and private key pair of a supervision organization to obtain a second ciphertext; sending the first ciphertext to a receiver, and sending the second ciphertext to a block chain; and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair to obtain the transaction information.
Wherein the method further comprises: and the sender encrypts the account information of the sender on the block chain by using a second public key in a second public and private key pair of a supervisory organization to obtain a third ciphertext.
Wherein the method further comprises: and the sender encrypts the local account information of the sender by using a third public key in a third public and private key pair generated by the sender to obtain a fourth ciphertext.
Wherein the method further comprises: the sender utilizes the first ciphertext and the second ciphertext to generate zero knowledge equality proof evidence; verifying the transaction information using the zero knowledge equality proof of identity evidence.
The step of generating a proof of zero knowledge equality proof of knowledge by the sender using the first ciphertext and the second ciphertext includes: generating a first parameter and a second parameter using the following equation (1):
Figure BDA0003782814930000021
wherein t1 is a first parameter, t2 is a second parameter, r1, r2, r3 are random numbers, and the first public key is pk A =(n,G,G 1 E, h, k) and the second public key is pk B =(n′,G′,G′ 1 ,e′,h 1 ,k 1 );
Carrying out hash operation on the parameter set by using the following formula (2) to obtain an operation result:
c=Hash(h,k,h 1 ,k 1 ,c A ,c B ,t 1 ,t 2 ) (2);
wherein c is the operation result, hash represents Hash operation, cA represents the first ciphertext, c B Representing a second ciphertext; (h, k, h) 1 ,k 1 ,c A ,c B ,t 1 ,t 2 ) Representing a set of parameters;
the third parameter is calculated using the following equation (3):
s 1 =r 1 +m*c
s 2 =r 2 +a*c
s 3 =r 3 +b*c (3);
and zero knowledge equality proof evidence is obtained based on the first parameter, the second parameter and the third parameter.
Wherein the step of verifying the transaction information using the zero knowledge equality proof of identity evidence comprises: verifying the transaction information using the following equation (4):
Figure BDA0003782814930000022
Figure BDA0003782814930000031
wherein the method further comprises: verifying the transaction information using the following equation (5):
Figure BDA0003782814930000032
wherein the content of the first and second substances,
Figure BDA0003782814930000033
is the ciphertext of the information remaining after the transaction information is subtracted from the local account balance,
Figure BDA0003782814930000034
is the first cipher text and is the second cipher text,
Figure BDA0003782814930000035
is the fourth ciphertext.
Wherein the method further comprises: and after the transaction is completed, updating the local account information of the sender.
In a second aspect, the present application further provides a transaction privacy protection apparatus, including: the sender encrypts the transaction information by using a first public key in a first public and private key pair of the receiver based on the encryption module to generate a first ciphertext; the sending module is used for sending the first ciphertext to a receiving party; and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair based on the decryption module to obtain the transaction information.
The method has the advantages that the transaction information is encrypted by the sender through the first public key in the first public and private key pair of the receiver to generate a first ciphertext, and the transaction information is encrypted by the sender through the second public key in the second public and private key pair of the supervision organization to obtain a second ciphertext; sending the first ciphertext to a receiver, and sending the second ciphertext to a block chain; and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair to obtain the transaction information. The method can protect the privacy of the user transaction information, and the transaction on the blockchain can be supervised.
Drawings
FIG. 1 is a flowchart illustrating a method for privacy securing of transactions according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an embodiment of a transaction privacy protection apparatus according to the present invention.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the predetermined objects, the present invention will be described in detail with reference to the accompanying drawings and the detailed description. The foregoing and other technical matters, features and effects of the present invention will be apparent from the following detailed description of the embodiments, which is to be read in connection with the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. The drawings are only for reference and illustration purposes and are not intended to limit the technical aspects of the invention.
In the block chain, when a transaction is carried out between users, transaction information needs to be updated to a block chain network, the transaction can be considered to be completed after miners verify and confirm, wherein the verified information is presented in a clear text form, anyone can see the information on the chain, and a verifier can easily verify the legality of the transaction, for example, the amount of a transfer party is reduced, the amount of a receiving party is increased, the reduced amount and the increased amount are necessarily the same, but the leakage of user information is also caused. To solve the problem, the present application provides a transaction privacy protection method, which is described below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of a transaction privacy protection method of the present invention, which specifically includes:
step S11: and the sender encrypts the transaction information by using a second public key in a second public and private key pair of a supervision organization to obtain a second ciphertext.
Step S12: and sending the first ciphertext to a receiving party, and sending the second ciphertext to a block chain.
Step S13: and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair to obtain the transaction information.
Specifically, the first public-private key pair and the second public-private key pair are both generated through a key generation algorithm in a BGN homomorphic encryption algorithm. The public and private key pair is expressed as (pk) d ,sk d ) Wherein the public keyExpressed as pk d =(n d ,G d ,G 1d ,e d ,h d ,k d ) The private key is denoted as sk d =q 1d Public key pk d . The specific key generation process is as follows:
inputting a security parameter tau epsilon Z + Running the algorithm
Figure BDA0003782814930000041
Get tuple (q) 1d ,q 2d ,G d ,G 1d ,e d )。q 1d ,q 2d Is a large prime number, G d ,G 1d Is of order n d =q 1d *q 2d Group (2) of (a). e.g. of the type d :G d ×G d →G 1d Is a bilinear map. Randomly selecting two generators k d ,u←G d And make an order
Figure BDA0003782814930000042
Then h is d Is the group G d Q of (a) 1d Randomly generated elements of the order subgroup. Public key pk d =(n d ,G d ,G 1d ,e d ,h d ,k d ) Private key sk d =q 1d
After the public and private key pair is generated, the account balance of each user and the amount of both parties of the transaction can be hidden. In the blockchain transaction privacy protection algorithm, the transaction information hiding part is mainly divided into two types: the account balance comprises the account balance recorded on the blockchain and the account balance stored locally by the user, and the amount of money transferred in the transaction. The account balance stored on the blockchain needs to be encrypted by a public key organized by a supervision party, and the account balance stored locally needs to be encrypted by a user public key; for the transfer amount in the transaction process, encryption needs to be carried out twice, the encryption is carried out by adopting a BGN homomorphic algorithm, once encryption is carried out by utilizing a public key of a supervision organization, and once encryption is carried out by utilizing a public key of a receiver.
Therefore, in step S11, for the transaction information, the sender encrypts the transaction information by using the first public key in the first public and private key pair of the receiver to generate a first ciphertext; in order to enable the supervision organization to monitor the transaction information, the sender encrypts the transaction information by using a second public key in a second public and private key pair of the supervision organization to obtain a second ciphertext.
The first ciphertext is further transmitted to a recipient, and the second ciphertext is transmitted onto the blockchain. Therefore, the supervision organization on the block chain can utilize the second private key in the second public and private key pair to decrypt the second ciphertext, and then the transaction information can be obtained, and the monitoring on the transaction information is realized.
In step S13, the receiving party may decrypt the first ciphertext by using the first private key of the first public and private key pair to obtain the transaction information.
In an embodiment, considering that some illegal transactions possibly exist on a block chain and can damage the whole transaction mechanism, a supervision mechanism is introduced while protecting the privacy of a user, because all information encrypted by a public key of a supervision organization is stored on the chain, the supervision organization can obtain all transaction information through decryption of the private key, and when the illegal transactions occur, the supervision organization has the right to cancel the transactions, so that the normal operation of the whole transaction mechanism of the block chain is ensured.
In an embodiment, the sender encrypts, by using a second public key in a second public and private key pair of an administrative organization, account information of the sender on the blockchain to obtain a third ciphertext. Thereby facilitating the supervision organization of the monitoring account information.
In an embodiment, the sender encrypts the sender local account information by using a third public key in a third public and private key pair generated by the sender to obtain a fourth ciphertext. And the local account information of the sender is the account balance of the sender.
In the account balance hiding process, only the account balance information in the block chain network needs to be encrypted, and the specific encryption process is as follows:
randomly selecting r ← {0,1, \8230;, n-1}, account balance m for user i i Encrypting to obtain balance ciphertext information c i
Figure BDA0003782814930000051
The encryption process of the account information on the blockchain is consistent with the encryption process of the local account information.
In an embodiment of the present application, the transaction information needs to be verified to determine whether the transaction is legal. Transaction verification algorithms primarily involve two aspects of verification. One aspect is the validity verification, i.e. equality verification, of the transaction. The transfer amount needs to be encrypted twice in the transaction information hiding algorithm, the public key passing through a monitoring organization is encrypted once, the transfer amount is recorded on a block chain in a ciphertext mode, the public key of a receiver is used for encryption once, and the ciphertext is sent to the receiver. In order to prevent the sender from disagreeing the amounts encrypted twice, it is possible to verify whether the encrypted amounts are the same without revealing the amount information. Another aspect is equal transaction verification, i.e. verifying that the account balance equals the sum of the transfer amount and the remaining amount using the homomorphic nature of the BGN homomorphic encryption algorithm.
For the equality verification, the sender utilizes the first ciphertext and the second ciphertext to generate zero knowledge equality proof evidence; verifying the transaction information using the zero knowledge equality proof of identity evidence.
Specifically, the first parameter and the second parameter are generated by using the following formula (1):
Figure BDA0003782814930000061
wherein t1 is a first parameter, t2 is a second parameter, r1, r2, r3 are random numbers, and the first public key is pk A =(n,G,G 1 E, h, k) and the second public key is pk B =(n′,G′,G′ 1 ,e′,h 1 ,k 1 );
Carrying out hash operation on the parameter set by using the following formula (2) to obtain an operation result:
c=Hash(h,k,h 1 ,k 1 ,c A ,c B ,t 1 ,t 2 )
(2);
wherein c is the operation result, hash represents Hash operation, c A Representing a first ciphertext, c B Representing a second ciphertext; (h, k, h) 1 ,k 1 ,c A ,c B ,t 1 ,t 2 ) Representing a set of parameters;
the third parameter is calculated using the following equation (3):
s 1 =r 1 +m*c
s 2 =r 2 +a*c
s 3 =r 3 +b*c (3);
zero knowledge equality proof of identity evidence is derived based on the first parameter, the second parameter and the third parameter. In one embodiment, the proof of equality of zero knowledge is represented as (t) 1 ,t 2 ,s 1 ,s 2 ,s 3 )。
Verifying the transaction information using the following equation (4):
Figure BDA0003782814930000062
if the formula (4) is established, the verification is passed, and the transaction is recorded in the block, otherwise, the transaction is cancelled.
For an equal transaction agreement, assuming Alice's account balance is B, value is transferred to Bob, and the remaining balance is B1, i.e., B = value + B1. The three money amounts are encrypted through a BGN homomorphic encryption algorithm to obtain the following result:
Figure BDA0003782814930000071
Figure BDA0003782814930000072
Figure BDA0003782814930000073
and verifying whether the following formula is established or not through the addition homomorphism property of the BGN homomorphic encryption algorithm, if so, verifying to pass, and proving to be a legal transaction, otherwise, verifying to fail.
Specifically, the transaction information is verified using the following equation (5):
Figure BDA0003782814930000074
wherein the content of the first and second substances,
Figure BDA0003782814930000075
is the ciphertext of the information remaining after the transaction information is subtracted from the local account balance,
Figure BDA0003782814930000076
is the first cipher text and is the second cipher text,
Figure BDA0003782814930000077
is the fourth ciphertext.
In which a random number r is generated 3 ,r 4 ,r 5 When it is required to satisfy r 3 =r 4 +r 5
Therefore, the transaction validity verification can be completed through the equal transaction agreement certification and the zero knowledge equality certification. In the whole verification process, the verifier can only see the encrypted transaction information on the block chain, and can not reveal any information of the user, so that the user information on the chain is protected to a certain extent.
After the legal transaction is completed, the user information in the blockchain network needs to be updated in time, that is, the account balance of both parties of the transaction needs to be updated. The account balance has two different forms, one is a ciphertext information form stored in the block chain network node after being encrypted by a BGN algorithm, and the other is a ciphertext form encrypted by a user public key. After one transaction is completedThe sender's account balance on the global ledger will be determined by
Figure BDA0003782814930000078
Is updated to
Figure BDA0003782814930000079
The account balance of the recipient on the global ledger will be determined by
Figure BDA00037828149300000710
Is updated to
Figure BDA00037828149300000711
The sender's local balance is updated to
Figure BDA00037828149300000712
The receiving party receives the transfer amount of the sending party
Figure BDA00037828149300000713
Then the local balance is updated to
Figure BDA00037828149300000714
When the two parties of the transaction generate a challenge to the transaction, the account balance information stored in the blockchain can be checked by means of the personal digital signature to be compared with the information of the two parties. If illegal transaction occurs, the supervision organization can reveal a transaction illegal party and cancel the transaction, so that the normal operation of the whole block chain operation mechanism is ensured.
The invention provides a BGN homomorphic encryption-based transaction privacy protection algorithm by combining a commitment protocol, which comprises a transaction information hiding algorithm, a transaction information verification algorithm and a local account balance updating algorithm, and can realize the hiding and supervision problems of transaction information on a block chain.
By combining the technical scheme, the invention has the advantages and positive effects that: and encrypting the transaction information on the blockchain through a homomorphic encryption algorithm, and storing the transaction information in the blockchain network in a form of a ciphertext. The supervision organization is introduced to supervise the user amount information and the transfer amount information recorded on the block chain, and besides the supervision organization can decrypt by using a private key, any other person can only see the information in a ciphertext form in the block chain network. Through the encryption of the user public key, the user can obtain the amount transferred by other people through decryption. The reasonable legality of the transaction can be verified by the verifier under the condition that the verifier does not know the real information contained in the ciphertext through the verification algorithm, the account balance on the account book is updated, and the privacy of the user on the block chain is protected.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an embodiment of the transaction privacy protection apparatus of the present invention, which specifically includes an encryption module 21, a sending module 22, and a decryption module 23. The sender encrypts the transaction information by using a first public key in a first public and private key pair of the receiver based on an encryption module 21 to generate a first ciphertext; the sending module 22 is configured to send the first ciphertext to a receiving party, and send the second ciphertext to a blockchain; and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair based on the decryption module 23 to obtain the transaction information.
In order to protect user information on a block chain, account balance information and transaction information are encrypted by adopting a BGN homomorphic encryption algorithm on the basis of a traditional model, and the transaction in a ciphertext form is written into the block chain. The verifier cannot know whether the transaction is legal or not through the transaction information stored in the block chain network in a ciphertext mode, and the transaction can meet a zero-knowledge equality proving protocol in order to enable the verifier to complete verification. The zero knowledge equality proof of identity protocol refers to the inclusion of the same plaintext information in two ciphers encrypted with different keys. A transaction privacy protection algorithm based on BGN homomorphic encryption requires that a transaction transfer party submits a transaction amount ciphertext encrypted by a supervision organization public key to a block chain when transferring accounts to other people, and the transaction amount ciphertext encrypted by a transaction receiving party public key is sent to a receiving party. In summary, when the transfer party transfers money to other people, the transfer party needs to provide the ciphertext of the transaction amount and the relevant parameters for verifying the transaction validity. The invention has the advantages and positive effects that: and encrypting the transaction information on the blockchain by a homomorphic encryption algorithm, and storing the transaction information in the blockchain network in a form of a ciphertext. The supervision organization is introduced to supervise the user amount information and the transfer amount information recorded on the block chain, and besides the supervision organization can decrypt by using a private key, any other person can only see the information in a ciphertext form in the block chain network. Through the encryption of the user public key, the user can obtain the amount transferred by other people through decryption. Through the verification algorithm, the verifier can verify the reasonable legality of the transaction without knowing the real information contained in the ciphertext, the account balance on the account book is updated, and the privacy of the user on the block chain is protected.
The above description is only an implementation method of the present invention, and not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are all included in the scope of the present invention.

Claims (9)

1. A method for protecting transaction privacy, comprising:
a sender encrypts the transaction information by using a first public key in a first public and private key pair of a receiver to generate a first ciphertext, and the sender encrypts the transaction information by using a second public key in a second public and private key pair of a supervision organization to obtain a second ciphertext;
sending the first ciphertext to a receiver, and sending the second ciphertext to a block chain;
and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair to obtain the transaction information.
2. The method of claim 1, further comprising:
and the sender encrypts the account information of the sender on the block chain by using a second public key in a second public and private key pair of a supervisory organization to obtain a third ciphertext.
3. The method of claim 1, further comprising:
and the sender encrypts the local account information of the sender by using a third public key in a third public and private key pair generated by the sender to obtain a fourth ciphertext.
4. The method of claim 1, further comprising:
the sender utilizes the first ciphertext and the second ciphertext to generate zero knowledge equality proof evidence;
verifying the transaction information using the zero knowledge equality proof of identity evidence.
5. The method of claim 4, wherein the step of the sender generating the proof of zero knowledge equality proof of knowledge using the first ciphertext and the second ciphertext comprises:
the first parameter and the second parameter are generated using the following equation (1):
Figure FDA0003782814920000011
Figure FDA0003782814920000012
wherein t1 is a first parameter, t2 is a second parameter, r1, r2, r3 are random numbers, and the first public key is pk A =(n,G,G 1 E, h, k) and the second public key is pk B =(n′,G′,G′ 1 ,e′,h 1 ,k 1 );
Carrying out hash operation on the parameter set by using the following formula (2) to obtain an operation result:
c=Hash(h,k,h 1 ,k 1 ,c A ,c B ,t 1 ,t 2 ) (2);
wherein c is the operation result, hash represents Hash operation, c A Representing a first ciphertext, c B Representing a second ciphertext; (h, k, h) 1 ,k 1 ,c A ,c B ,t 1 ,t 2 ) Representing a set of parameters;
the third parameter is calculated using the following equation (3):
s 1 =r 1 +m*c
s s =r s +a*c
s 3 =r 3 +b*c (3);
and zero knowledge equality proof evidence is obtained based on the first parameter, the second parameter and the third parameter.
6. The method of claim 5, wherein the step of verifying the transaction information using the zero knowledge equality proof of knowledge proof of authenticity comprises:
verifying the transaction information using the following equation (4):
Figure FDA0003782814920000021
Figure FDA0003782814920000022
7. the method of claim 1, further comprising:
verifying the transaction information using the following equation (5):
Figure FDA0003782814920000023
wherein the content of the first and second substances,
Figure FDA0003782814920000024
is the ciphertext of the information remaining after the transaction information is subtracted from the local account balance,
Figure FDA0003782814920000025
is the first cipher text and is the second cipher text,
Figure FDA0003782814920000026
is the fourth ciphertext.
8. The method of claim 1, further comprising:
and after the transaction is completed, updating the local account information of the sender.
9. A transaction privacy protection apparatus, comprising:
the sender encrypts the transaction information by using a first public key in a first public and private key pair of the receiver based on the encryption module to generate a first ciphertext;
the sending module is used for sending the first ciphertext to a receiving party;
and the receiving party decrypts the first ciphertext by using a first private key in the first public and private key pair based on the decryption module to obtain the transaction information.
CN202210935368.1A 2022-08-04 2022-08-04 Transaction privacy protection method and device Pending CN115473647A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210935368.1A CN115473647A (en) 2022-08-04 2022-08-04 Transaction privacy protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210935368.1A CN115473647A (en) 2022-08-04 2022-08-04 Transaction privacy protection method and device

Publications (1)

Publication Number Publication Date
CN115473647A true CN115473647A (en) 2022-12-13

Family

ID=84366310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210935368.1A Pending CN115473647A (en) 2022-08-04 2022-08-04 Transaction privacy protection method and device

Country Status (1)

Country Link
CN (1) CN115473647A (en)

Similar Documents

Publication Publication Date Title
Qadir et al. A review paper on cryptography
CA2197915C (en) Cryptographic key recovery system
US7860243B2 (en) Public key encryption for groups
US5937066A (en) Two-phase cryptographic key recovery system
JP5562687B2 (en) Securing communications sent by a first user to a second user
KR20180116278A (en) Common information secrets for secure information exchange and hierarchical and deterministic cryptographic keys
CN103095453A (en) Public-key Encrypted Bloom Filters With Applications To Private Set Intersection
CN110011781A (en) A kind of homomorphic cryptography method encrypting and support zero-knowledge proof for transaction amount
US20120278609A1 (en) Joint encryption of data
EP0824814A1 (en) Methods and apparatus for authenticating an originator of a message
CN110414981A (en) A kind of homomorphic cryptography method that supporting ZKPs and block chain transaction amount encryption method
CA2693133A1 (en) Method and system for generating implicit certificates and applications to identity-based encryption (ibe)
Wang et al. A regulation scheme based on the ciphertext-policy hierarchical attribute-based encryption in bitcoin system
JP6041864B2 (en) Method, computer program, and apparatus for data encryption
Kroll et al. Secure protocols for accountable warrant execution
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
EP3965361A1 (en) Data exchange between a client and a remote device, for example a secure module
CN111447058B (en) Book resource access control method based on Chinese remainder theorem
CN116743358A (en) Repudiation multi-receiver authentication method and system
CN115473647A (en) Transaction privacy protection method and device
Ravindran et al. A review paper on regulating bitcoin currencies
US20230143356A1 (en) Method and system for performing cryptocurrency asset transaction
Sultana Information Security with Cryptography
Mieno et al. Formal Verification of Authenticated Encryption with Associated Data with Tamarin Prover
Błaśkiewicz et al. Darknet signatures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination