CN115549890A - Block chain secret transaction method - Google Patents
Block chain secret transaction method Download PDFInfo
- Publication number
- CN115549890A CN115549890A CN202211216830.9A CN202211216830A CN115549890A CN 115549890 A CN115549890 A CN 115549890A CN 202211216830 A CN202211216830 A CN 202211216830A CN 115549890 A CN115549890 A CN 115549890A
- Authority
- CN
- China
- Prior art keywords
- transaction
- amount
- ciphertext
- account
- evidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application relates to a block chain secret transaction method, which generates system parameters, commitment parameters and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm; calculating to obtain a transaction amount ciphertext of the transaction sender and the transaction receiver based on the system parameters and the public and private keys by combining a preset Paillier encryption algorithm, sending the transaction amount ciphertext to a block chain node to calculate an account balance ciphertext after the transaction of the transaction sender and the transaction receiver, and updating the account amount ciphertext on a corresponding account chain; the transaction receiver reads the transaction amount ciphertext from the chain, and performs transaction when the transaction amount is verified to be larger than 0 through decryption; after the blockchain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and construct evidences that account amount is in a specific range; the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment so as to simplify the transaction flow and reduce the uplink data volume.
Description
Technical Field
The application relates to the technical field of information security, in particular to a block chain confidential transaction method.
Background
The block chain is a distributed public account book which is commonly maintained by a plurality of nodes, and has the characteristics of decentralization, distrust, traceability, openness and transparency and the like. All transactions in the blockchain are public transparent or public transparent within a certain range, and each node in the chain can read transaction data so as to verify the correctness of the transaction data. Therefore, in the current block chain technology platform, the clear text transaction amount of the block chain technology platform, whether the block chain technology platform is a public chain or a alliance chain, is easy to cause the disclosure of the privacy of the user. Under the background, various schemes for hiding the transaction amount appear, but in order to support privacy protection of the transaction amount, support whole-network homomorphism of transaction amount ciphertexts and support legality proof of the transaction, the existing schemes for hiding the transaction amount all have the problems of complicated transaction process, overlarge uplink data volume of single transaction and the like.
Disclosure of Invention
The application provides a block chain secret transaction method, which aims to solve the problems of complicated transaction process and overlarge uplink data volume of single transaction in the related technology.
In a first aspect, a blockchain secure transaction method is provided, which includes the following steps:
generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
In some embodiments, before the step when the decryption verifies that the transaction amount is greater than 0, the method further comprises:
the transaction receiver processes the transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0 ;
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances, mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
In some embodiments, after the step of the transaction recipient reading the transaction amount ciphertext from the chain, the method further comprises:
when the transaction amount is not more than 0 after decryption verification, the transaction receiver calls the sigma protocol and the bulletproof protocol to construct evidence and initiates complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bullletproof protocol verification algorithm.
In some embodiments, the transaction recipient invokes the sigma protocol and the bulletin protocol to construct evidence and initiate complaints, including:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
calling a bullletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein, g 1 And h 1 Are two generators of group G of order prime p.
In some embodiments, the evidence consists of:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
where TAEC represents the function that produces evidence of complaints, 2 l Indicating the amount of the transactionAnd (4) an upper bound.
In some embodiments, the verifying whether the declaration is true based on a sigma protocol validation algorithm and a bulletproof protocol validation algorithm by the intelligent contract of the blockchain node includes:
obtaining system parameter sysPrm, commitment parameter pedPrm and transaction receiver public key y 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0 ;
Based on sysPrm, pedPrm and y 2 、Pedersen1、TAEC、E 0 And c b0 And a sigma protocol verification algorithm and a buckletproof protocol verification algorithm are called to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
In some embodiments, said all users who have participated in the transaction construct commitments for transaction amounts based on commitment parameters, and invoke the sigma protocol and the bulletin proof protocol to construct proof that account amounts are within a specified range, including:
the user reads the current account amount ciphertext from the chain:
decrypting the current account amount ciphertext based on a decryption algorithm in a preset Paillier encryption algorithm to obtain an account amount plaintext U and a random number r u0 ;
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of the group G of order prime p.
In some embodiments, the evidence consists of:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
where TEOL represents a function that produces proof of validity of the account amount ciphertext, 2 l Representing an upper bound for the account amount.
In some embodiments, the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment, including:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u The commitment Pedersen _ u and the evidence TEOL, and reading E from the chain u0 And c u0 ;
Based on sysPrm, pedPrm, y u 、Pedersen_u、TEOL、E u0 And c u0 And a sigma protocol verification algorithm and a bullletproof protocol verification algorithm are called to verify the validity of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the illegal transaction in the preset time is judged.
In some embodiments, the account balance ciphertext after the transaction of the transaction sender is:
the account balance ciphertext after the transaction of the transaction receiver is as follows:
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
The application provides a block chain secret transaction method which comprises the steps of generating system parameters, commitment parameters and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm; based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver; sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain; the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is larger than 0 through decryption verification, the transaction is carried out; after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range; and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment. The method and the device can effectively simplify transaction flow and reduce uplink data volume.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for block-chain secure transaction according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a block chain secret transaction method, which can solve the problems of complicated transaction process and overlarge uplink data volume in single transaction in the related technology.
In order to enable the Paillier algorithm to be combined with the bulletproof protocol based on the zero knowledge range promised by pedersen and support supervision, the present embodiment improves the Paillier algorithm, and the improved Paillier algorithm is as follows:
1. system parameter generation
Let n = pq, where p and q are two large prime numbers; selecting random numbersAnd satisfy L -1 (g λ modn 2 ) modn is present, wherein,is a and n 2 Is relatively prime and less than n 2 Mod represents a remainder calculation, L (g) λ modn 2 )=(g λ modn 2 -1)/n, λ = lcm (p-1, q-1), lcm representing the least common multiple; randomly selecting a random number r, wherein r is less than n 2 So that h = g r modn 2 And satisfies gcd = (L (g) λ modn 2 ) N) = =1, gcd represents the greatest common divisor while letting k = g λ modn 2 . At this time, the system parameter sysPrm = (h, k, n) 2 ) Disclosed is a method for producing a semiconductor device.
2. Generation of user public and private keys
A random number x is selected and used as a random number,calculate y = h 1/xmodλn modn 2 And then the user private key sk: x, user public key pk: y.
3. The encryption process Encrypt (m, y, sysPrm, r) 0 )
For plain textSelecting a random number r 0 < n and r 1 < n, calculatingAndthe ciphertext is (E) 0 ,c 0 ,E 1 ,c 1 )。
4. Decryption process Decrypt of plaintext ((E) 0 ,c 0 ,E 1 ,c 1 ),sysPrm,x)
5. Additive homomorphism attributes
Is provided with a plaintext m a And m b Encrypting the encrypted data respectively to obtain encrypted texts Encrypt (m) a )=(E 0a ,c 0a ,E 1a ,c 1a ) And Encrypt (m) b )=(E 0b ,c 0b ,E 1b ,c 1b )。
Definition (E) 0 ,c 0 ,E 1 ,c 1 ) Wherein: e 0 =E 0a E 0b modn 2 ,c 0 =c 0a c 0b modn 2 ,E 1 =E 1a E 1b modn 2 ,c 1 =c 1a c 1b modn 2 。
The decryption process is as follows:
the improved Paillier homomorphic encryption algorithm supports zero knowledge range proving, and the method comprises the following steps:
1. committed parameter generation
pedPrm=(G,p,g 1 ,h 1 )
Wherein, g 1 And h 1 Two generators of group G of order prime p;
4. proof of m in pedersem commitment to be [0,2,2 ] using the bullletproof protocol l ]And (4) the following steps.
The above algorithm can be used for encrypting the transaction amount and verifying the range of the account model, and can also be used for encrypting the transaction amount and verifying the range of the UTXO model (unspent transaction Output).
A legitimate transaction needs to prove that the following three conditions are met: (1) the roll-out amount is equal to the receiving amount; (2) the amount of the transaction is greater than 0; and (3) the account balance is larger than 0 after the transaction.
For the first condition, due to E in ciphertext 0 Independent of the user, only the amount, and based on discrete logarithm difficulties, very difficult to find (m) 1 ,r 1 )≠(m 2 ,r 2 ) Satisfy the requirement ofSo only the amount cipher text is transferred and the amount cipher text is received 0 Partial equality proves that the condition (1) is satisfied.
For the second condition, because the transaction receiver can decrypt the receiver ciphertext, the transaction receiver can directly verify whether the transaction amount is greater than 0, and if the transaction amount of the transaction sender is not in accordance with the expectation, the transaction receiver can construct a certificate that the decryption is legal and the amount is not in accordance with the condition and initiate a complaint. Therefore, if the transaction sender sends a transaction illegally, the transaction sender can be immediately discovered and punished, and the transaction initiator should not actively construct an illegal transaction ciphertext by analyzing from the game theory. Therefore, when the transaction data is constructed, the transaction sender does not prove the validity of the transaction amount ciphertext and the transaction amount, and the transaction receiver decrypts and verifies whether the transaction amount meets the condition that the transaction amount is larger than 0 after acquiring the transaction amount ciphertext, if so, no processing is performed, if not, evidence is generated and complaints are raised, and further, the data volume and the calculation volume on the chain can be obviously reduced.
For the third condition, the sum of the whole blockchain transaction system is balanced, that is, the sum before roll-out = the sum before roll-out + the sum after roll-out; then under the modn condition, when the account balance is less than 0 (for example, m < 0), the decrypted account balance ciphertext is represented as n + m, that is, the total amount of the system is one more n (whose size is 2048 bits), and no matter how much the amount is allocated in the limited user account, the account balance of the user account is necessarily much more than 2 l (e.g., 64 bits). Therefore, only a certain time (for example, one month) is needed to establish that the account amount of all the users participating in the transaction in the blockchain transaction system is legal (i.e., is [0,2 ] l ]Internal) and then submitting the contract for verification, if an illegal account is foundThe supervisory responsibility will be performed by the supervisor, further reducing the amount of data and computation on the chain.
In the alliance chain, once the user is found to do malice, the supervisor can do relevant punishment to the doing malice so as to prevent malicious attack.
Fig. 1 is a block chain secure transaction method according to an embodiment of the present application, including the following steps:
step S10: generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
exemplarily, it can be understood that the preset algorithm in the present embodiment includes a system parameter generation algorithm of an improved Paillier algorithm, a user public and private key generation algorithm of the improved Paillier algorithm, and a generation algorithm of a cyclic group generator, and then the specific process of step S10 is as follows:
generating system parameters: sysPrm = (h, k, n) 2 ) The generation process is shown in the improved Paillier algorithm;
and (3) generating a commitment parameter: pedPrm = (G, p, G) 1 ,h 1 ) Wherein, g 1 And h 1 Two generators of group G of order prime p;
generating a private key of a transaction sender: selecting a random number x 1 As a private key of the transaction sender, whereinPublic key of transaction sender
Generating a transaction recipient private key: selecting a random number x 2 As a transaction recipient private key, whereinPublic key of transaction receiver
Step S20: based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
exemplarily, it should be understood that the transaction amount ciphertext and the transaction recipient transaction amount ciphertext are calculated based on the generated system parameters and the public-private key and combined with a modified Paillier encryption algorithm. When a user joins the application system, the coinage party initializes balance in a cryptograph form to the user according to conditions, writes the balance to a chain, reads the balance to the local by the user, and stores the balance cryptograph of an account before transaction by a transaction sender locally or reads the balance cryptograph from the chain, and the specific process is as follows:
before transaction, the transaction sender can read the original amount ciphertext from the chain:
before transaction, the transaction recipient can read the original amount ciphertext from the chain:
and (3) calculating the transaction amount ciphertext of the transaction sender:
and (3) calculating the transaction amount ciphertext of the transaction receiver:
wherein T represents the transaction amount, A represents the original amount of the account of the transaction sender, B represents the original amount of the account of the transaction receiver, and r represents 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n。
Step S30: sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
in this embodiment, the account balance ciphertext after the transaction by the transaction sender is:
the account balance ciphertext after the transaction of the transaction receiver is as follows:
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
Exemplarily, it can be understood that the calculated transaction amount ciphertext is sent to the block chain nodes, the intelligent contract of the block chain nodes calculates the account balance ciphertext after the transaction of the transaction sender and the transaction receiver based on the ciphertext homomorphic algorithm of the improved Paillier algorithm, and updates the account amount ciphertext on each corresponding account chain, which includes the following specific processes:
calculating to obtain an account balance ciphertext after the transaction of the transaction sender:
calculating to obtain an account balance ciphertext after the transaction of the transaction receiver:
updating the account amount ciphertext on the transaction sender chain to be C _ ts';
and updating the account amount ciphertext on the transaction receiver chain to C _ tr'.
Step S40: the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
in this embodiment, before the step when the decryption verifies that the transaction amount is greater than 0, the method further includes:
the transaction receiver sends a transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0 ;
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances, mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
In this embodiment, after the step of reading the transaction amount ciphertext from the chain, the method further includes:
when the transaction amount is not larger than 0 through decryption verification, the transaction receiver calls the sigma protocol and the bulletin proof protocol to construct evidence and initiates a complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bulletproof protocol verification algorithm.
In this embodiment, the transaction recipient invokes a sigma protocol and a bulletin protocol to construct an evidence and initiate a complaint, including:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein,g 1 And h 1 Are two generators of group G of order prime p.
In this embodiment, the evidence includes:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
wherein TAEC represents the function that produces evidence of complaints, 2 l Representing an upper bound for the transaction amount.
In this embodiment, the verifying whether the declaration is true based on the sigma protocol verification algorithm and the bullletproof protocol verification algorithm by the intelligent contract of the block chain node includes:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0 ;
Based on sysPrm, pedPrm, y 2 、Pedersen1、TAEC、E 0 And c b0 And calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
Exemplarily, it can be understood that, the transaction recipient chain reads the transaction amount ciphertext, decrypts and verifies the validity of the ciphertext and the validity of the transaction amount, and if the ciphertext is legal (i.e. the transaction amount is greater than 0), the transaction is directly conducted; if the transaction amount is illegal (namely the transaction amount is not larger than 0), the Sigma protocol and the Bulletprofo protocol are called to construct evidence and to initiate a complaint, and the intelligent contract of the blockchain node verifies whether the complaint is true or not based on the Sigma protocol verification algorithm and the Bulletprofo protocol verification algorithm. The method comprises the following specific steps:
the transaction receiver uses its own private key to decrypt the transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Obtaining the transaction amount plaintext and random number (T, r) 0 );
Correctly calculating (T, r) based on improved Paillier algorithm 0 ) A corresponding legal ciphertext C _ tb';
verifying whether it satisfiesIf yes, directly carrying out transaction; if not, the complaint is made.
The complaint process is as follows:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
Calling sigma protocol as Pedersen1 and E 0 Constructing transaction amount equality evidence;
the bulletproof protocol is invoked to construct proof for Pedersen1 that the transaction amount is within a particular range.
The evidence consists of, among others:
Appeal_proof=TAEC((T,r 0 ,y 2 ,Pedersen1,2 l ):
wherein TAEC represents the function that produces evidence of complaints, 2 l An upper bound representing a transaction amount;
the commitment Pedersen1 and the complaint evidence TAEC are sent to the blockchain nodes.
The intelligent contract of the block chain node verifies whether the declaration is true or not based on the transaction amount ciphertext, the evidence and the commitment, and the method specifically comprises the following steps:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0 ;
Based on sysPrm, pedPrm, y 2 、Pedersen1、TAEC、E 0 And c b0 Calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the complaint evidence; if the verification is successful, the transaction is rolled back; the verification fails, the complaint is rejected, and the transaction is unchanged.
Step S50: after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
in this embodiment, the constructing, by all users who have participated in the transaction, a commitment for the transaction amount based on the commitment parameter, and invoking the sigma protocol and the bulletin proof protocol to construct the proof that the account amount is in the specific range includes:
the user reads the current account amount ciphertext from the chain:
decrypting the current account amount ciphertext based on a decryption algorithm in a preset Paillier encryption algorithm to obtain an account amount plaintext U and a random number r u0 ;
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Calling sigma protocol as Pedersen _ u and E u0 Construct transaction amountEvidence of equality;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number andis a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of group G of order prime p.
In this embodiment, the evidence includes:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
where TEOL represents a function that produces proof of validity of the account amount ciphertext, 2 l Representing an upper bound for the account amount.
Exemplarily, it should be understood that, in this embodiment, after the blockchain transaction system runs for t time (for example, one month), all users participating in the transaction during this time decrypt the account balance, and invoke the sigma protocol and the bullletproof protocol to construct the proof of the validity of the account, and send the proof to the blockchain node. The specific process is as follows:
the user reads the current account amount ciphertext from the chain:
account amount plaintext U and random number r are decrypted by a decryption algorithm based on an improved Paillier algorithm u0 ;
Constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen _ u,
calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
the evidence consists of, among others:
Legal_proof=TEOL((U,r u0 ,y u ,Pedersen_u,2 l ):
where TAEC represents the function that produces the validity proof of the cryptogram of the account amount, 2 l An upper bound representing an account amount;
the commitment Pedersen _ u and the evidence TEOL are then sent to the blockchain node.
Step S60: and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
In this embodiment, the verifying the validity of the account based on the cipher text, the evidence, and the commitment of the account amount by the intelligent contract of the block link node includes:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Promise Pedersen _ u and evidence TEOL, and read E from the chain u0 And c u0 ;
Based on sysPrm, pedPrm and y u 、Pedersen_u、TEOL、E u0 And c u0 And a sigma protocol verification algorithm and a bullletproof protocol verification algorithm are called to verify the validity of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the existence of illegal transactions in the preset time is judged.
Exemplarily, it can be understood that the intelligent contract of the blockchain node in this embodiment verifies the validity of the account based on the Sigma protocol verification algorithm, the buckettproof protocol verification algorithm, and the ciphertext, evidence, and commitment of the user account amount, and the specific process is as follows:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Obtaining the promise of transaction amount Pedersen _ u and evidence TEOL, and reading the user account cryptograph E from the chain u0 And c u0 ;
Based on sysPrm, pedPrm and y u 、Pedersen_u、TEOL、E u0 And c u0 And calling verification functions of the sigma protocol and the bulletproof protocol to verify the validity evidence, and if the verification is not passed, monitoring all transactions in the current time period one by a monitoring party, otherwise, proving that the transactions in the time period are both legal. Therefore, the account certification and verification can be performed only once in a period of time, so that the transaction process is simplified, and the data volume of the transaction chain is reduced.
In conclusion, the application provides a confidential transaction method based on an improved Paillier algorithm, and the method supports the homomorphism of the ciphertext of the whole network, supports the validity verification of the transaction and supports the supervision of a supervisor, reduces uplink data and simplifies the transaction flow.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or system that comprises the element.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A blockchain secure transaction method, comprising the steps of:
generating system parameters, a commitment parameter and public and private keys of a transaction sender and a transaction receiver based on a preset algorithm;
based on the generated system parameters and the public and private keys, and in combination with a preset Paillier encryption algorithm, calculating to obtain a transaction amount ciphertext of the transaction sender and a transaction amount ciphertext of the transaction receiver;
sending the calculated transaction amount ciphertext to the block chain nodes, calculating the account balance ciphertext after the transaction of the transaction sender and the account balance ciphertext after the transaction of the transaction receiver by the intelligent contract of the block chain nodes based on a preset ciphertext homomorphic algorithm, and updating the account amount ciphertext on the corresponding account chain;
the transaction receiver reads the transaction amount ciphertext from the chain, and when the transaction amount is verified to be larger than 0 through decryption, the transaction is carried out;
after the block chain transaction system operates for a preset time, all users participating in the transaction construct commitments for transaction amount based on commitment parameters, and call a sigma protocol and a bulletin proof protocol to construct evidence that account amount is in a specific range;
and sending the constructed commitment and the constructed evidence to the blockchain node, and verifying the validity of the account by the intelligent contract of the blockchain node based on the account amount ciphertext, the evidence and the commitment.
2. The blockchain secure transaction method of claim 1, further comprising, before the step when the decryption verifies that the transaction amount is greater than 0:
the transaction receiver sends a transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Decrypting to obtain the transaction amount plaintext T and the random number r 0 ;
Calculation and transaction amount plaintext T and random number r based on preset Paillier algorithm 0 A corresponding legal ciphertext;
calculating the transaction amount corresponding to the legal ciphertext based on the transaction amount ciphertext C _ tb and the transaction amount plaintext T;
wherein the content of the first and second substances, mod denotes remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 And r 1 Are all random numbers, and r is less than n 2 、r 0 < n and r 1 <n,y 2 Representing the transaction recipient public key.
3. The blockchain secure transaction method of claim 2, further comprising, after the step of the transaction recipient reading the transaction amount ciphertext from the chain, the step of:
when the transaction amount is not more than 0 after decryption verification, the transaction receiver calls the sigma protocol and the bulletproof protocol to construct evidence and initiates complaint;
and the intelligent contract of the block chain node verifies whether the declaration is true or not based on a sigma protocol verification algorithm and a bulletproof protocol verification algorithm.
4. The blockchain secure transaction method of claim 3, wherein the transaction recipient invokes a sigma protocol and a bulletproof of protocol construction and initiates a complaint comprising:
calling sigma protocol to obtain transaction amount ciphertext C _ tb = (E) 0 ,c b0 ,E 1 ,c b1 ) Constructing a legal evidence;
constructing a Pedersen commitment for the transaction amount, the commitment being denoted Pedersen1,
calling sigma protocol as Pedersen1 and E 0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen 1;
sending the Pedersen1 and the evidence to the block chain node for complaint;
wherein, g 1 And h 1 Are two generators of the group G of order prime p.
6. The blockchain secure transaction method of claim 5, wherein the smart contract for the blockchain node verifies that the declaration is authentic based on a sigma protocol validation algorithm and a bullletproof protocol validation algorithm, comprising:
obtaining system parameter sysPrm, commitment parameter pedPrm and public key y of transaction receiver 2 Promise Pedersen1 and complaint evidence TAEC, and reading E from the chain 0 And c b0 ;
Based on sysPrm, pedPrm and y 2 、Pedersen1、TAEC、E 0 And c b0 And a sigma protocol verification algorithm and a buckletproof protocol verification algorithm are called to verify the complaint evidence;
if the verification is successful, the transaction is rolled back;
if the verification fails, the complaint is rejected and the transaction is unchanged.
7. The blockchain secure transaction method of claim 1, wherein the step of all users participating in the transaction constructing a commitment for the transaction amount based on commitment parameters and invoking the sigma protocol and the bulletproof protocol to construct the proof that the account amount is in the specific range comprises:
the user reads the current account amount ciphertext from the chain:
decryption algorithm based on preset Paillier encryption algorithmDecrypting the current account amount ciphertext to obtain an account amount plaintext U and a random number r u0 ;
Account amount based plaintext U and random number r u0 Constructing a Pedersen commitment for the transaction amount, the commitment being Pedersen _ u, then
Calling sigma protocol as Pedersen _ u and E u0 Constructing a transaction amount equality evidence;
calling the bulletproof protocol to construct evidence that the transaction amount is in a specific range for Pedersen _ u;
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two large prime numbers, g denotes a random number and is a and n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, h = g r modn 2 ,r、r u0 And r u1 Are all random numbers, and r is less than n 2 、r u0 < n and r u1 <n,y u Representing the user's public key, g 1 And h 1 Are two generators of group G of order prime p.
9. The blockchain secure transaction method of claim 8, wherein the intelligent contract of the blockchain node verifies the validity of the account based on the account amount ciphertext, the evidence and the commitment, comprising:
obtaining a system parameter sysPrm, a commitment parameter pedPrm and a user public key y u Promise Pedersen _ u and evidence TEOL, and read E from the chain u0 And c u0 ;
Based on sysPrm, pedPrm, y u 、Pedersen_u、TEOL、E u0 And c u0 And calling a sigma protocol verification algorithm and a bulletproof protocol verification algorithm to verify the legality of the account;
if the verification is successful, judging that the transactions within the preset time are legal;
if the verification fails, the illegal transaction in the preset time is judged.
10. The blockchain secure transaction method of claim 1, wherein the account balance ciphertext after the transaction sender transacts is:
the account balance ciphertext after the transaction of the transaction receiver is as follows:
where mod denotes the remainder calculation, k = g λ modn 2 N = pq, p and q are two largePrime number, g represents a random number and is equal to n 2 Is relatively prime and less than n 2 λ = lcm (p-1, q-1), lcm representing the least common multiple, T representing the transaction amount, h = g r modn 2 ,r、r 0 、r s0 、r r0 、r 1 、r s1 And r r1 Are all random numbers, and r is less than n 2 、r 0 <n、r s0 <n、r r0 <n、r 1 <n、r s1 < n and r r1 <n,y 1 Representing the public key of the sender of the transaction, y 2 Representing the public key of the transaction receiver, a representing the original amount of the account of the transaction sender, and B representing the original amount of the account of the transaction receiver.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211216830.9A CN115549890A (en) | 2022-09-30 | 2022-09-30 | Block chain secret transaction method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211216830.9A CN115549890A (en) | 2022-09-30 | 2022-09-30 | Block chain secret transaction method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115549890A true CN115549890A (en) | 2022-12-30 |
Family
ID=84731009
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211216830.9A Pending CN115549890A (en) | 2022-09-30 | 2022-09-30 | Block chain secret transaction method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115549890A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117035776A (en) * | 2023-08-22 | 2023-11-10 | 上海零数众合信息科技有限公司 | Data sharing method and device, electronic equipment and storage medium |
-
2022
- 2022-09-30 CN CN202211216830.9A patent/CN115549890A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117035776A (en) * | 2023-08-22 | 2023-11-10 | 上海零数众合信息科技有限公司 | Data sharing method and device, electronic equipment and storage medium |
CN117035776B (en) * | 2023-08-22 | 2024-05-14 | 上海零数众合信息科技有限公司 | Data sharing method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Rackoff et al. | Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack | |
US8654975B2 (en) | Joint encryption of data | |
US7246379B2 (en) | Method and system for validating software code | |
CN107659395A (en) | The distributed authentication method and system of identity-based under a kind of environment of multi-server | |
CN102957538A (en) | Information processing apparatus and information processing method | |
US9544144B2 (en) | Data encryption | |
CN115396115B (en) | Block chain data privacy protection method, device, equipment and readable storage medium | |
CN113159762A (en) | Block chain transaction method based on Paillier and game theory | |
CN115549890A (en) | Block chain secret transaction method | |
Feng et al. | White-box implementation of Shamir’s identity-based signature scheme | |
Chow | Real traceable signatures | |
US7330969B2 (en) | Method and apparatus for data validation | |
US6507656B1 (en) | Non malleable encryption apparatus and method | |
Shinde et al. | Faster RSA algorithm for decryption using Chinese remainder theorem | |
Nait-Hamoud et al. | Certificateless Public Key Systems Aggregation: An enabling technique for 5G multi-domain security management and delegation | |
CN112819465B (en) | Homomorphic encryption method and application system based on Elgamal | |
CN114710294A (en) | Novel block chain privacy protection method | |
Dent | A brief introduction to certificateless encryption schemes and their infrastructures | |
CN112422294A (en) | Anonymous voting method and device based on ring signature, electronic equipment and storage medium | |
CN115378640B (en) | Cross-chain data security sharing method based on alliance chain | |
Kitagawa et al. | Fully anonymous group signature with verifier-local revocation | |
Dhooghe | Applying multiparty computation to car access provision | |
Diop | Cryptographic mechanisms for device authentication and attestation in the internet of things | |
KR20010017358A (en) | Method for making the fair blind signatures | |
Ganley | Digital signatures and their uses |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |