CN115549890A - Block chain secret transaction method - Google Patents

Block chain secret transaction method Download PDF

Info

Publication number
CN115549890A
CN115549890A CN202211216830.9A CN202211216830A CN115549890A CN 115549890 A CN115549890 A CN 115549890A CN 202211216830 A CN202211216830 A CN 202211216830A CN 115549890 A CN115549890 A CN 115549890A
Authority
CN
China
Prior art keywords
transaction
amount
ciphertext
account
evidence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211216830.9A
Other languages
Chinese (zh)
Inventor
孟庆树
王丽
崔昌
董逢华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Tianyu Information Industry Co Ltd
Original Assignee
Wuhan Tianyu Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Tianyu Information Industry Co Ltd filed Critical Wuhan Tianyu Information Industry Co Ltd
Priority to CN202211216830.9A priority Critical patent/CN115549890A/en
Publication of CN115549890A publication Critical patent/CN115549890A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application relates to a block chain secret transaction method, which generates system parameters, commitment parameters and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm; calculating to obtain a transaction amount ciphertext of the transaction sender and the transaction receiver based on the system parameters and the public and private keys by combining a preset Paillier encryption algorithm, sending the transaction amount ciphertext to a block chain node to calculate an account balance ciphertext after the transaction of the transaction sender and the transaction receiver, and updating the account amount ciphertext on a corresponding account chain; the transaction receiver reads the transaction amount ciphertext from the chain, and performs transaction when the transaction amount is verified to be larger than 0 through decryption; after the blockchain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and construct evidences that account amount is in a specific range; the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment so as to simplify the transaction flow and reduce the uplink data volume.

Description

Block chain secret transaction method
Technical Field
The application relates to the technical field of information security, in particular to a block chain confidential transaction method.
Background
The block chain is a distributed public account book which is commonly maintained by a plurality of nodes, and has the characteristics of decentralization, distrust, traceability, openness and transparency and the like. All transactions in the blockchain are public transparent or public transparent within a certain range, and each node in the chain can read transaction data so as to verify the correctness of the transaction data. Therefore, in the current block chain technology platform, the clear text transaction amount of the block chain technology platform, whether the block chain technology platform is a public chain or a alliance chain, is easy to cause the disclosure of the privacy of the user. Under the background, various schemes for hiding the transaction amount appear, but in order to support privacy protection of the transaction amount, support whole-network homomorphism of transaction amount ciphertexts and support legality proof of the transaction, the existing schemes for hiding the transaction amount all have the problems of complicated transaction process, overlarge uplink data volume of single transaction and the like.
Disclosure of Invention
The application provides a block chain secret transaction method, which aims to solve the problems of complicated transaction process and overlarge uplink data volume of single transaction in the related technology.
In a first aspect, a blockchain secure transaction method is provided, which includes the following steps:
generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
In some embodiments, before the step when the decryption verifies that the transaction amount is greater than 0, the method further comprises:
the transaction receiver processes the transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances,
Figure BDA0003876503860000021
Figure BDA0003876503860000022
mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000023
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
In some embodiments, after the step of the transaction recipient reading the transaction amount ciphertext from the chain, the method further comprises:
when the transaction amount is not more than 0 after decryption verification, the transaction receiver calls the sigma protocol and the bulletproof protocol to construct evidence and initiates complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bullletproof protocol verification algorithm.
In some embodiments, the transaction recipient invokes the sigma protocol and the bulletin protocol to construct evidence and initiate complaints, including:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
Figure BDA0003876503860000031
calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
calling a bullletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein, g 1 And h 1 Are two generators of group G of order prime p.
In some embodiments, the evidence consists of:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
Figure BDA0003876503860000032
Figure BDA0003876503860000033
where TAEC represents the function that produces evidence of complaints, 2 l Indicating the amount of the transactionAnd (4) an upper bound.
In some embodiments, the verifying whether the declaration is true based on a sigma protocol validation algorithm and a bulletproof protocol validation algorithm by the intelligent contract of the blockchain node includes:
obtaining system parameter sysPrm, commitment parameter pedPrm and transaction receiver public key y 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0
Based on sysPrm, pedPrm and y 2 、Pedersen1、TAEC、E 0 And c b0 And a sigma protocol verification algorithm and a buckletproof protocol verification algorithm are called to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
In some embodiments, said all users who have participated in the transaction construct commitments for transaction amounts based on commitment parameters, and invoke the sigma protocol and the bulletin proof protocol to construct proof that account amounts are within a specified range, including:
the user reads the current account amount ciphertext from the chain:
Figure BDA0003876503860000041
decrypting the current account amount ciphertext based on a decryption algorithm in a preset Paillier encryption algorithm to obtain an account amount plaintext U and a random number r u0
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Figure BDA0003876503860000042
Calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000043
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of the group G of order prime p.
In some embodiments, the evidence consists of:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
Figure BDA0003876503860000044
Figure BDA0003876503860000045
where TEOL represents a function that produces proof of validity of the account amount ciphertext, 2 l Representing an upper bound for the account amount.
In some embodiments, the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment, including:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u The commitment Pedersen _ u and the evidence TEOL, and reading E from the chain u0 And c u0
Based on sysPrm, pedPrm, y u 、Pedersen_u、TEOL、E u0 And c u0 And a sigma protocol verification algorithm and a bullletproof protocol verification algorithm are called to verify the validity of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the illegal transaction in the preset time is judged.
In some embodiments, the account balance ciphertext after the transaction of the transaction sender is:
Figure BDA0003876503860000051
the account balance ciphertext after the transaction of the transaction receiver is as follows:
Figure BDA0003876503860000052
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000053
is a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
The application provides a block chain secret transaction method which comprises the steps of generating system parameters, commitment parameters and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm; based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver; sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain; the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is larger than 0 through decryption verification, the transaction is carried out; after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range; and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment. The method and the device can effectively simplify transaction flow and reduce uplink data volume.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for block-chain secure transaction according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a block chain secret transaction method, which can solve the problems of complicated transaction process and overlarge uplink data volume in single transaction in the related technology.
In order to enable the Paillier algorithm to be combined with the bulletproof protocol based on the zero knowledge range promised by pedersen and support supervision, the present embodiment improves the Paillier algorithm, and the improved Paillier algorithm is as follows:
1. system parameter generation
Let n = pq, where p and q are two large prime numbers; selecting random numbers
Figure BDA0003876503860000071
And satisfy L -1 (g λ modn 2 ) modn is present, wherein,
Figure BDA0003876503860000072
is a and n 2 Is relatively prime and less than n 2 Mod represents a remainder calculation, L (g) λ modn 2 )=(g λ modn 2 -1)/n, λ = lcm (p-1, q-1), lcm representing the least common multiple; randomly selecting a random number r, wherein r is less than n 2 So that h = g r modn 2 And satisfies gcd = (L (g) λ modn 2 ) N) = =1, gcd represents the greatest common divisor while letting k = g λ modn 2 . At this time, the system parameter sysPrm = (h, k, n) 2 ) Disclosed is a method for producing a semiconductor device.
2. Generation of user public and private keys
A random number x is selected and used as a random number,
Figure BDA0003876503860000073
calculate y = h 1/xmodλn modn 2 And then the user private key sk: x, user public key pk: y.
3. The encryption process Encrypt (m, y, sysPrm, r) 0 )
For plain text
Figure BDA0003876503860000074
Selecting a random number r 0 < n and r 1 < n, calculating
Figure BDA0003876503860000075
And
Figure BDA0003876503860000076
the ciphertext is (E) 0 ,c 0 ,E 1 ,c 1 )。
4. Decryption process Decrypt of plaintext ((E) 0 ,c 0 ,E 1 ,c 1 ),sysPrm,x)
For ciphertext (E) 0 ,c 0 ,E 1 ,c 1 ) Calculating
Figure BDA0003876503860000077
Then plaintext
Figure BDA0003876503860000078
Computing
Figure BDA0003876503860000079
Then the random number
Figure BDA00038765038600000710
5. Additive homomorphism attributes
Is provided with a plaintext m a And m b Encrypting the encrypted data respectively to obtain encrypted texts Encrypt (m) a )=(E 0a ,c 0a ,E 1a ,c 1a ) And Encrypt (m) b )=(E 0b ,c 0b ,E 1b ,c 1b )。
Definition (E) 0 ,c 0 ,E 1 ,c 1 ) Wherein: e 0 =E 0a E 0b modn 2 ,c 0 =c 0a c 0b modn 2 ,E 1 =E 1a E 1b modn 2 ,c 1 =c 1a c 1b modn 2
The decryption process is as follows:
Figure BDA0003876503860000081
Figure BDA0003876503860000082
Figure BDA0003876503860000083
Figure BDA0003876503860000084
the improved Paillier homomorphic encryption algorithm supports zero knowledge range proving, and the method comprises the following steps:
1. committed parameter generation
pedPrm=(G,p,g 1 ,h 1 )
Wherein, g 1 And h 1 Two generators of group G of order prime p;
2. is a plaintext m and a random number r 0 Constructing a promise in the form of Pedersen
Figure BDA0003876503860000085
3. Proof using sigma protocol
Figure BDA0003876503860000086
And
Figure BDA0003876503860000087
in (m, r) 0 ) Equal;
4. proof of m in pedersem commitment to be [0,2,2 ] using the bullletproof protocol l ]And (4) the following steps.
The above algorithm can be used for encrypting the transaction amount and verifying the range of the account model, and can also be used for encrypting the transaction amount and verifying the range of the UTXO model (unspent transaction Output).
A legitimate transaction needs to prove that the following three conditions are met: (1) the roll-out amount is equal to the receiving amount; (2) the amount of the transaction is greater than 0; and (3) the account balance is larger than 0 after the transaction.
For the first condition, due to E in ciphertext 0 Independent of the user, only the amount, and based on discrete logarithm difficulties, very difficult to find (m) 1 ,r 1 )≠(m 2 ,r 2 ) Satisfy the requirement of
Figure BDA0003876503860000088
So only the amount cipher text is transferred and the amount cipher text is received 0 Partial equality proves that the condition (1) is satisfied.
For the second condition, because the transaction receiver can decrypt the receiver ciphertext, the transaction receiver can directly verify whether the transaction amount is greater than 0, and if the transaction amount of the transaction sender is not in accordance with the expectation, the transaction receiver can construct a certificate that the decryption is legal and the amount is not in accordance with the condition and initiate a complaint. Therefore, if the transaction sender sends a transaction illegally, the transaction sender can be immediately discovered and punished, and the transaction initiator should not actively construct an illegal transaction ciphertext by analyzing from the game theory. Therefore, when the transaction data is constructed, the transaction sender does not prove the validity of the transaction amount ciphertext and the transaction amount, and the transaction receiver decrypts and verifies whether the transaction amount meets the condition that the transaction amount is larger than 0 after acquiring the transaction amount ciphertext, if so, no processing is performed, if not, evidence is generated and complaints are raised, and further, the data volume and the calculation volume on the chain can be obviously reduced.
For the third condition, the sum of the whole blockchain transaction system is balanced, that is, the sum before roll-out = the sum before roll-out + the sum after roll-out; then under the modn condition, when the account balance is less than 0 (for example, m < 0), the decrypted account balance ciphertext is represented as n + m, that is, the total amount of the system is one more n (whose size is 2048 bits), and no matter how much the amount is allocated in the limited user account, the account balance of the user account is necessarily much more than 2 l (e.g., 64 bits). Therefore, only a certain time (for example, one month) is needed to establish that the account amount of all the users participating in the transaction in the blockchain transaction system is legal (i.e., is [0,2 ] l ]Internal) and then submitting the contract for verification, if an illegal account is foundThe supervisory responsibility will be performed by the supervisor, further reducing the amount of data and computation on the chain.
In the alliance chain, once the user is found to do malice, the supervisor can do relevant punishment to the doing malice so as to prevent malicious attack.
Fig. 1 is a block chain secure transaction method according to an embodiment of the present application, including the following steps:
step S10: generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
exemplarily, it can be understood that the preset algorithm in the present embodiment includes a system parameter generation algorithm of an improved Paillier algorithm, a user public and private key generation algorithm of the improved Paillier algorithm, and a generation algorithm of a cyclic group generator, and then the specific process of step S10 is as follows:
generating system parameters: sysPrm = (h, k, n) 2 ) The generation process is shown in the improved Paillier algorithm;
and (3) generating a commitment parameter: pedPrm = (G, p, G) 1 ,h 1 ) Wherein, g 1 And h 1 Two generators of group G of order prime p;
generating a private key of a transaction sender: selecting a random number x 1 As a private key of the transaction sender, wherein
Figure BDA0003876503860000101
Public key of transaction sender
Figure BDA0003876503860000102
Generating a transaction recipient private key: selecting a random number x 2 As a transaction recipient private key, wherein
Figure BDA0003876503860000103
Public key of transaction receiver
Figure BDA0003876503860000104
Step S20: based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
exemplarily, it should be understood that the transaction amount ciphertext and the transaction recipient transaction amount ciphertext are calculated based on the generated system parameters and the public-private key and combined with a modified Paillier encryption algorithm. When a user joins the application system, the coinage party initializes balance in a cryptograph form to the user according to conditions, writes the balance to a chain, reads the balance to the local by the user, and stores the balance cryptograph of an account before transaction by a transaction sender locally or reads the balance cryptograph from the chain, and the specific process is as follows:
before transaction, the transaction sender can read the original amount ciphertext from the chain:
Figure BDA0003876503860000105
before transaction, the transaction recipient can read the original amount ciphertext from the chain:
Figure BDA0003876503860000106
and (3) calculating the transaction amount ciphertext of the transaction sender:
Figure BDA0003876503860000107
and (3) calculating the transaction amount ciphertext of the transaction receiver:
Figure BDA0003876503860000111
wherein T represents the transaction amount, A represents the original amount of the account of the transaction sender, B represents the original amount of the account of the transaction receiver, and r represents 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n。
Step S30: sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
in this embodiment, the account balance ciphertext after the transaction by the transaction sender is:
Figure BDA0003876503860000112
the account balance ciphertext after the transaction of the transaction receiver is as follows:
Figure BDA0003876503860000113
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000114
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
Exemplarily, it can be understood that the calculated transaction amount ciphertext is sent to the block chain nodes, the intelligent contract of the block chain nodes calculates the account balance ciphertext after the transaction of the transaction sender and the transaction receiver based on the ciphertext homomorphic algorithm of the improved Paillier algorithm, and updates the account amount ciphertext on each corresponding account chain, which includes the following specific processes:
calculating to obtain an account balance ciphertext after the transaction of the transaction sender:
Figure BDA0003876503860000121
calculating to obtain an account balance ciphertext after the transaction of the transaction receiver:
Figure BDA0003876503860000122
updating the account amount ciphertext on the transaction sender chain to be C _ ts';
and updating the account amount ciphertext on the transaction receiver chain to C _ tr'.
Step S40: the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
in this embodiment, before the step when the decryption verifies that the transaction amount is greater than 0, the method further includes:
the transaction receiver sends a transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances,
Figure BDA0003876503860000131
Figure BDA0003876503860000132
mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000133
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
In this embodiment, after the step of reading the transaction amount ciphertext from the chain, the method further includes:
when the transaction amount is not larger than 0 through decryption verification, the transaction receiver calls the sigma protocol and the bulletin proof protocol to construct evidence and initiates a complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bulletproof protocol verification algorithm.
In this embodiment, the transaction recipient invokes a sigma protocol and a bulletin protocol to construct an evidence and initiate a complaint, including:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
Figure BDA0003876503860000134
calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein,g 1 And h 1 Are two generators of group G of order prime p.
In this embodiment, the evidence includes:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
Figure BDA0003876503860000141
Figure BDA0003876503860000142
wherein TAEC represents the function that produces evidence of complaints, 2 l Representing an upper bound for the transaction amount.
In this embodiment, the verifying whether the declaration is true based on the sigma protocol verification algorithm and the bullletproof protocol verification algorithm by the intelligent contract of the block chain node includes:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0
Based on sysPrm, pedPrm, y 2 、Pedersen1、TAEC、E 0 And c b0 And calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
Exemplarily, it can be understood that, the transaction recipient chain reads the transaction amount ciphertext, decrypts and verifies the validity of the ciphertext and the validity of the transaction amount, and if the ciphertext is legal (i.e. the transaction amount is greater than 0), the transaction is directly conducted; if the transaction amount is illegal (namely the transaction amount is not larger than 0), the Sigma protocol and the Bulletprofo protocol are called to construct evidence and to initiate a complaint, and the intelligent contract of the blockchain node verifies whether the complaint is true or not based on the Sigma protocol verification algorithm and the Bulletprofo protocol verification algorithm. The method comprises the following specific steps:
the transaction receiver uses its own private key to decrypt the transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Obtaining the transaction amount plaintext and random number (T, r) 0 );
Correctly calculating (T, r) based on improved Paillier algorithm 0 ) A corresponding legal ciphertext C _ tb';
verifying whether it satisfies
Figure BDA0003876503860000143
If yes, directly carrying out transaction; if not, the complaint is made.
The complaint process is as follows:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen1, then
Figure BDA0003876503860000151
Calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
the bulletproof protocol is invoked to construct proof for Pedersen1 that the transaction amount is within a particular range.
The evidence consists of, among others:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
Figure BDA0003876503860000152
Figure BDA0003876503860000153
wherein TAEC represents the function that produces evidence of complaints, 2 l An upper bound representing a transaction amount;
the commitment Pedersen1 and the complaint evidence TAEC are sent to the blockchain nodes.
The intelligent contract of the block chain node verifies whether the declaration is true or not based on the transaction amount ciphertext, the evidence and the commitment, and the method specifically comprises the following steps:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0
Based on sysPrm, pedPrm, y 2 、Pedersen1、TAEC、E 0 And c b0 Calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the complaint evidence; if the verification is successful, the transaction is rolled back; the verification fails, the complaint is rejected, and the transaction is unchanged.
Step S50: after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
in this embodiment, the constructing, by all users who have participated in the transaction, a commitment for the transaction amount based on the commitment parameter, and invoking the sigma protocol and the bulletin proof protocol to construct the proof that the account amount is in the specific range includes:
the user reads the current account amount ciphertext from the chain:
Figure BDA0003876503860000154
decrypting the current account amount ciphertext based on a decryption algorithm in a preset Paillier encryption algorithm to obtain an account amount plaintext U and a random number r u0
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Figure BDA0003876503860000161
Calling sigma protocol as Pedersen _ u and E u0 Construct transaction amountEvidence of equality;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure BDA0003876503860000162
is a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of group G of order prime p.
In this embodiment, the evidence includes:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
Figure BDA0003876503860000163
Figure BDA0003876503860000164
where TEOL represents a function that produces proof of validity of the account amount ciphertext, 2 l Representing an upper bound for the account amount.
Exemplarily, it should be understood that, in this embodiment, after the blockchain transaction system runs for t time (for example, one month), all users participating in the transaction during this time decrypt the account balance, and invoke the sigma protocol and the bullletproof protocol to construct the proof of the validity of the account, and send the proof to the blockchain node. The specific process is as follows:
the user reads the current account amount ciphertext from the chain:
Figure BDA0003876503860000165
account amount plaintext U and random number r are decrypted by a decryption algorithm based on an improved Paillier algorithm u0
Constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen _ u,
Figure BDA0003876503860000171
calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
the evidence consists of, among others:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
Figure BDA0003876503860000172
Figure BDA0003876503860000173
where TAEC represents the function that produces the validity proof of the cryptogram of the account amount, 2 l An upper bound representing an account amount;
the commitment Pedersen _ u and the evidence TEOL are then sent to the blockchain node.
Step S60: and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
In this embodiment, the verifying the validity of the account based on the cipher text, the evidence, and the commitment of the account amount by the intelligent contract of the block link node includes:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Promise Pedersen _ u and evidence TEOL, and read E from the chain u0 And c u0
Based on sysPrm, pedPrm and y u 、Pedersen_u、TEOL、E u0 And c u0 And a sigma protocol verification algorithm and a bullletproof protocol verification algorithm are called to verify the validity of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the existence of illegal transactions in the preset time is judged.
Exemplarily, it can be understood that the intelligent contract of the blockchain node in this embodiment verifies the validity of the account based on the Sigma protocol verification algorithm, the buckettproof protocol verification algorithm, and the ciphertext, evidence, and commitment of the user account amount, and the specific process is as follows:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Obtaining the promise of transaction amount Pedersen _ u and evidence TEOL, and reading the user account cryptograph E from the chain u0 And c u0
Based on sysPrm, pedPrm and y u 、Pedersen_u、TEOL、E u0 And c u0 And calling verification functions of the sigma protocol and the bulletproof protocol to verify the validity evidence, and if the verification is not passed, monitoring all transactions in the current time period one by a monitoring party, otherwise, proving that the transactions in the time period are both legal. Therefore, the account certification and verification can be performed only once in a period of time, so that the transaction process is simplified, and the data volume of the transaction chain is reduced.
In conclusion, the application provides a confidential transaction method based on an improved Paillier algorithm, and the method supports the homomorphism of the ciphertext of the whole network, supports the validity verification of the transaction and supports the supervision of a supervisor, reduces uplink data and simplifies the transaction flow.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or system that comprises the element.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A blockchain secure transaction method, comprising the steps of:
generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
2. The blockchain secure transaction method of claim 1, further comprising, before the step when the decryption verifies that the transaction amount is greater than 0:
the transaction receiver sends a transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances,
Figure FDA0003876503850000011
Figure FDA0003876503850000012
mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure FDA0003876503850000013
Figure FDA0003876503850000014
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
3. The blockchain secure transaction method of claim 2, further comprising, after the step of the transaction recipient reading the transaction amount ciphertext from the chain, the step of:
when the transaction amount is not more than 0 after decryption verification, the transaction receiver calls the sigma protocol and the bulletproof protocol to construct evidence and initiates complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bulletproof protocol verification algorithm.
4. The blockchain secure transaction method of claim 3, wherein the transaction recipient invokes a sigma protocol and a bulletproof of protocol construction and initiates a complaint comprising:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
Figure FDA0003876503850000021
calling sigma protocol as Pedersen1 and E 0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein, g 1 And h 1 Are two generators of the group G of order prime p.
5. The blockchain secure transaction method of claim 4, wherein the evidence is comprised of:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
Figure FDA0003876503850000022
Figure FDA0003876503850000023
where TAEC represents the function that produces evidence of complaints, 2 l Representing an upper bound for the transaction amount.
6. The blockchain secure transaction method of claim 5, wherein the smart contract for the blockchain node verifies that the declaration is authentic based on a sigma protocol validation algorithm and a bullletproof protocol validation algorithm, comprising:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0
Based on sysPrm, pedPrm and y 2 、Pedersen1、TAEC、E 0 And c b0 And a sigma protocol verification algorithm and a buckletproof protocol verification algorithm are called to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
7. The blockchain secure transaction method of claim 1, wherein the step of all users participating in the transaction constructing a commitment for the transaction amount based on commitment parameters and invoking the sigma protocol and the bulletproof protocol to construct the proof that the account amount is in the specific range comprises:
the user reads the current account amount ciphertext from the chain:
Figure FDA0003876503850000031
decryption algorithm based on preset Paillier encryption algorithmDecrypting the current account amount ciphertext to obtain an account amount plaintext U and a random number r u0
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Figure FDA0003876503850000032
Calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and
Figure FDA0003876503850000033
Figure FDA0003876503850000034
is a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of group G of order prime p.
8. The blockchain secure transaction method of claim 7, wherein the evidence is comprised of:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
Figure FDA0003876503850000041
Figure FDA0003876503850000042
where TEOL represents a function that produces proof of validity of the account amount ciphertext, 2 l Representing an upper bound for the account amount.
9. The blockchain secure transaction method of claim 8, wherein the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment, comprising:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Promise Pedersen _ u and evidence TEOL, and read E from the chain u0 And c u0
Based on sysPrm, pedPrm, y u 、Pedersen_u、TEOL、E u0 And c u0 And calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the legality of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the illegal transaction in the preset time is judged.
10. The blockchain secure transaction method of claim 1, wherein the account balance ciphertext after the transaction sender transacts is:
Figure FDA0003876503850000043
the account balance ciphertext after the transaction of the transaction receiver is as follows:
Figure FDA0003876503850000051
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two largePrime number, g represents a random number and
Figure FDA0003876503850000052
Figure FDA0003876503850000053
is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
CN202211216830.9A 2022-09-30 2022-09-30 Block chain secret transaction method Pending CN115549890A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211216830.9A CN115549890A (en) 2022-09-30 2022-09-30 Block chain secret transaction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211216830.9A CN115549890A (en) 2022-09-30 2022-09-30 Block chain secret transaction method

Publications (1)

Publication Number Publication Date
CN115549890A true CN115549890A (en) 2022-12-30

Family

ID=84731009

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211216830.9A Pending CN115549890A (en) 2022-09-30 2022-09-30 Block chain secret transaction method

Country Status (1)

Country Link
CN (1) CN115549890A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117035776A (en) * 2023-08-22 2023-11-10 上海零数众合信息科技有限公司 Data sharing method and device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117035776A (en) * 2023-08-22 2023-11-10 上海零数众合信息科技有限公司 Data sharing method and device, electronic equipment and storage medium
CN117035776B (en) * 2023-08-22 2024-05-14 上海零数众合信息科技有限公司 Data sharing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Rackoff et al. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack
US8654975B2 (en) Joint encryption of data
US7246379B2 (en) Method and system for validating software code
CN107659395A (en) The distributed authentication method and system of identity-based under a kind of environment of multi-server
CN102957538A (en) Information processing apparatus and information processing method
US9544144B2 (en) Data encryption
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN113159762A (en) Block chain transaction method based on Paillier and game theory
CN115549890A (en) Block chain secret transaction method
Feng et al. White-box implementation of Shamir’s identity-based signature scheme
Chow Real traceable signatures
US7330969B2 (en) Method and apparatus for data validation
US6507656B1 (en) Non malleable encryption apparatus and method
Shinde et al. Faster RSA algorithm for decryption using Chinese remainder theorem
Nait-Hamoud et al. Certificateless Public Key Systems Aggregation: An enabling technique for 5G multi-domain security management and delegation
CN112819465B (en) Homomorphic encryption method and application system based on Elgamal
CN114710294A (en) Novel block chain privacy protection method
Dent A brief introduction to certificateless encryption schemes and their infrastructures
CN112422294A (en) Anonymous voting method and device based on ring signature, electronic equipment and storage medium
CN115378640B (en) Cross-chain data security sharing method based on alliance chain
Kitagawa et al. Fully anonymous group signature with verifier-local revocation
Dhooghe Applying multiparty computation to car access provision
Diop Cryptographic mechanisms for device authentication and attestation in the internet of things
KR20010017358A (en) Method for making the fair blind signatures
Ganley Digital signatures and their uses

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination