CN115829754B - Transaction supervision method and device for privacy protection blockchain - Google Patents
Transaction supervision method and device for privacy protection blockchain Download PDFInfo
- Publication number
- CN115829754B CN115829754B CN202310121633.7A CN202310121633A CN115829754B CN 115829754 B CN115829754 B CN 115829754B CN 202310121633 A CN202310121633 A CN 202310121633A CN 115829754 B CN115829754 B CN 115829754B
- Authority
- CN
- China
- Prior art keywords
- transaction
- supervision
- public key
- label
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a transaction supervision method and device for privacy protection blockchain, which are divided into five stages: a preparation stage, a transaction generation stage, a transaction encapsulation stage, a transaction supervision stage and an exception handling stage. The invention uses zero knowledge proof technology, refers to the idea of PointProofs technology, adds a supervision function for the privacy protection blockchain scheme, provides a set verification function, reduces the calculation cost, has universality and can be realized based on the existing account model privacy protection blockchain scheme.
Description
Technical Field
The invention relates to the technical field of blockchains, in particular to a transaction supervision method and device for privacy protection blockchains.
Background
Blockchain as a distributed ledger records asset exchanges among blockchain participants, providing a new research direction for the development of multiple fields. For traditional blockchain technology, information about participants and transactions is disclosed. As the demand for privacy protection increases, blockchains with privacy protection function have grown. However, the prior art has a certain limitation on protecting the privacy of the user, so that some digital currencies cannot be effectively monitored, meanwhile, whether the transaction is illegal or not is judged through the traditional verification algorithm, and the calculation cost is high.
With the explosion of blockchain-related technologies, zero knowledge has also received extensive attention. Both zeroflash and Zether are digital currencies with privacy protection based on zero knowledge proof technology. Zero knowledge proof techniques enable a prover to trust that a certain assertion is correct without providing any useful information to the verifier. Interactive zero-knowledge proof relies on a random challenge of the verifier, requiring multiple exchanges of information between the prover and the verifier. While non-interactive zero-knowledge proof reduces the number of information exchanges between provers and verifiers to 1, non-interactive zero-knowledge proof is widely used in the blockchain field. In addition, the proposal of the compact non-interactive zero-knowledge proof (zksnark) provides a universal and efficient tool for the development of the zero-knowledge proof technology.
Disclosure of Invention
The invention aims to provide a transaction supervision method and device for privacy protection blockchain, which are used for overcoming the defects in the prior art.
In order to achieve the above purpose, the present invention provides the following technical solutions:
the invention discloses a transaction supervision method for privacy protection blockchain, which comprises the following steps:
s1, preparation: performing level division on users, and setting the upper limit of transaction amount of the users in a specified time period; the exception handling center calculates and publishes public parameters and sends secret parameters to the supervision party; the exception handling center generates a table L with encryption keys corresponding to public key address labels 0 Form L corresponding to public key address label and user level 1 The symmetric key is sent to the corresponding user, and L1 is sent to the supervisor; generating and publishing a zero knowledge proof public key and a zero knowledge proof verification key;
s2, transaction generation: the user generates an original transaction, sets a privacy vector by utilizing privacy information in the original transaction, further calculates digital commitment and supervision parameters of the privacy vector, generates a ciphertext obtained by encrypting the privacy vector, executes a zero knowledge proof algorithm, and generates a proof that the ciphertext is obtained by encrypting the privacy vector through a correct encryption algorithm and a secret key, thereby generating the transaction;
s3, transaction packaging stage: the miners decompose the transaction, check whether the transaction is valid or not according to the existing privacy protection blockchain scheme and the verification algorithm of the non-interactive zero knowledge proof, package the transaction if the transaction is valid, and discard the transaction if the transaction is invalid;
s4, a transaction supervision stage: the supervision party decomposes the transaction, calculates the public key address label of the sender of each transaction, collects the transaction with the same sender, generates the total amount label of the amount spent by the user in the appointed time period to judge whether the transaction amount is normal or not, and reports to the abnormal processing center if the transaction amount is abnormal;
s5, an exception handling stage: the exception handling center receives supervisionAfter the abnormal report of the party, checking whether the abnormal transaction set submitted by the supervision party is all the user from the statement thereof through aggregation verification, checking whether the total amount label of the transaction set is equal to the total amount label reported by the supervision party, judging whether the supervision party has false report, and ending the stage if the false report occurs; if there is no false alarm, pass through the form L 0 The private key of the transaction is obtained, the real participator of the transaction is obtained, and the ciphertext in the transaction is decrypted to obtain the real transaction amount.
Preferably, the specific substeps of the step S1 are as follows:
s11, initializing a system, namely dividing users into different levels according to different economic capacities of the users, and setting upper limit of transaction amounts of the users in different levels in a specified time period;
s12, inputting safety parameters, calculating and publishing public parameters by an exception handling center, calculating secret parameters and sending the secret parameters to a supervision party through a safety channel;
s13, the exception handling center generates a symmetric encryption key of the user and calculates a public key address label of the symmetric encryption key; forming a merck tree through the hash value of the encryption key and publishing the merck tree; maintaining a table L of one-to-one correspondence of encryption keys and public key address labels 0 And a table L with public key address labels corresponding to the level of the corresponding user 1 The method comprises the steps of carrying out a first treatment on the surface of the Transmitting the encryption key to the users of the corresponding level through the secure channel, and transmitting the form L 1 Transmitting to a supervisor through a secure channel;
s14, generating and publishing a zero knowledge proof public key and a zero knowledge proof verification key.
Preferably, the specific substeps of the step S2 are as follows:
s21, generating an original transaction containing private information by utilizing an existing privacy protection blockchain scheme; the privacy information comprises a public key address of a transaction sender, a public key address of a transaction receiver and a transaction amount;
s22, selecting a random number from a prime number q-order cyclic group, setting a vector containing private information and the random number, and calculating a digital promise for the vector and a supervision parameter for the private information, wherein the supervision parameter refers to a parameter required by a supervision party in supervision of transactions;
s23, encrypting the vector by using the symmetric key to generate a corresponding ciphertext;
s24, calculating hash values of vectors, setting public input by combining supervision parameters of root nodes, original transactions, ciphertext, digital promises and privacy information, setting secret input by the vectors, symmetric keys and paths of hash values of the symmetric keys from leaf nodes to the root nodes, and calculating proofs by using a generation algorithm of non-interactive zero knowledge proofs;
s25, generating a transaction and issuing the transaction into a blockchain.
Preferably, the specific substeps of the step S3 are as follows:
s31, the miners decompose the transaction into an original transaction, a ciphertext, a digital promise and supervision parameters and evidence of privacy information;
s32, the miners check whether the original transaction is effective according to the existing privacy protection blockchain scheme, if so, the process continues to the next step, if not, the transaction is abandoned, and the transaction packaging stage is finished;
s33, the miners set public input according to the public data, and verify the validity of zero knowledge proof in the transaction by using a zero knowledge proof verification algorithm, and if the transaction is valid, the miners package the transaction into a new block; if the transaction is invalid, the miners discard the transaction.
Preferably, the specific substeps of the step S4 are as follows:
s41, decomposing the transaction into an original transaction, a ciphertext, a digital promise and supervision parameters and proof of privacy information by a supervision party;
s42, calculating labels of sender public key addresses of transactions, wherein the values of the labels of the sender public key addresses correspond to the public key addresses of users one by one;
s43, calculating a public key address label of a sender of each transaction encapsulated in the block in a time period through the steps S41 and S42;
s44, comparing labels of sender public key addresses of all transactions, and collecting transactions with the same sender;
s45, the supervisor calculates the label of the sum spent by the user in each transaction corresponding to the public key address label, calculates the label of the total sum spent by the user in the time period, and if the label of the total sum is equal to the label of the upper limit of the preset transaction sum, the transaction sum is normal; if the two are not equal, the transaction is abnormal, and the supervisor sends a tuple to the abnormal processing center to report the abnormality, wherein the tuple comprises the user public key address label, the label of the total amount spent by the user in the time period and the transaction set issued by the user in the time period.
Preferably, in the step S45, if the user ' S consumption amount is less than the set upper limit at the end of the specified time period, the user sends a transaction with the public key address of the receiver as the public key address of the user ' S own, and the total consumption amount is made to be the upper limit set amount, so that if the user ' S consumption amount exceeds the preset upper limit during the specified time period, the detection in the step S45 cannot be passed through the detection in the step S45 by the supervisor.
Preferably, the specific substeps of the step S5 are as follows:
s51, the exception handling center checks whether the exception transaction sets submitted by the supervision party are all users from the statement thereof, if yes, the next operation is carried out, if not, the supervision party is indicated to report by mistake, and the exception handling stage is ended;
s52, the exception handling center checks whether the total amount label of the transaction set is equal to the total amount label reported by the supervision party, if not, the transaction set is abnormal, the next operation is carried out, if not, the supervision party is indicated to report by mistake, and the exception handling stage is ended;
s53, the exception handling center is in the key table L 0 The corresponding private key appointed by the search tag is used for decrypting the ciphertext in the transaction, and the real participant of the transaction and the transaction amount are obtained.
The invention discloses a transaction supervision device facing a privacy protection blockchain, which comprises a memory and one or more processors, wherein executable codes are stored in the memory, and the one or more processors are used for the transaction supervision method facing the privacy protection blockchain when executing the executable codes.
The invention has the beneficial effects that: the invention relates to a transaction supervision method and device for privacy protection blockchains, which designs privacy commitments by referring to Pointproofs technology, and supervision parties can extract supervision labels from the privacy commitments so as to realize supervision of transactions. For general users, the privacy promise does not reveal any privacy, so that the confidentiality of the scheme is guaranteed. In addition, the scheme designs an aggregation verification algorithm, whether the multi-ratio transaction has violations or not can be judged through aggregation verification, and the calculation cost is reduced. The scheme also uses a zero knowledge proof technology, and ensures the consistency of the supervision information collected by the supervision department and the actual transaction information during the user transaction.
Drawings
FIG. 1 is a schematic representation of a Merker tree of hash values of symmetric encryption keys in accordance with an embodiment of the present invention;
FIG. 2 is a schematic flow chart of an embodiment of the present invention;
FIG. 3 is a second flow chart of an embodiment of the present invention;
fig. 4 is a schematic diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
Firstly, non-interactive zero knowledge proof and symmetric encryption algorithm are explained:
1. non-interactive zero knowledge proof:
algorithm (1.1):
. Zero knowledge proof key generation algorithmSafety parameters->
For input, zero knowledge proof public key is output +.>
And zero knowledge proof verification key->
。
Algorithm (1.2):
. Proof generating algorithm proof public key with zero knowledge +.>
Public input
Secret input->
For input, output evidence->
。
Algorithm (1.3):
. The authentication algorithm proves the authentication key with zero knowledge +.>
Public input
Demonstration of->
For input, output bit +.>
. If->
Then the syndromeMing->
Valid, otherwise, the test is invalid.
2. Symmetric encryption
One symmetric encryption algorithm consists of the following 3 algorithms:
algorithm (2.1):
. Symmetric encryption key generation algorithm with security parameters +.>
For input, output private key->
。
Algorithm (2.2):
. Symmetric encryption algorithm in plaintext->
And private key->
As input, output ciphertext->
。
Algorithm (2.3):
. Symmetric decryption algorithm uses ciphertext->
And private key->
As input, output message +.>
。
The following terms are explained:
the user: as with the existing blockchain with privacy preserving function, the blockchain user in this scheme is not trusted. A user may issue counterfeit malicious transactions in a blockchain system.
Miners: the mineworker checks whether the transaction issued by the user is valid and encapsulates the valid transaction into a new block.
And (3) a supervision party: the supervisor is semi-trusted, checks in the transaction supervision phase whether the total amount consumed by each user exceeds the upper user consumption limit for a specific period of time, and submits an abnormal transaction exceeding the upper limit to the abnormal processing center. The public key address of the transaction participant and the amount of the transaction are unknown to the supervisor.
An exception handling center: the exception handling center is trusted and is responsible for receiving an exception transaction report from the supervisor, and querying the public key address of the transaction participant and the amount of the transaction after confirming that the exception report is valid.
The transaction may be supervised: transactions that can be supervised by a supervisor. Numbered in the system
The transaction of (2) is recorded as
Wherein->
Is the original transaction generated using the existing transaction generation algorithm in the privacy preserving blockchain,
is transaction->
Related additional information.
Privacy information: original transaction
Sender address, receiver address and transaction amount information for entities other than the transaction participants in a conventional privacy preserving blockchainThe body is kept secret and marked as +.>
. Wherein, the liquid crystal display device comprises a liquid crystal display device,
representing sender public key address->
The amount of the transmission is also the recipient public key address +.>
The amount received.
The embodiment of the invention provides a transaction supervision method for privacy protection blockchain, which can be divided into five stages in the implementation process: a preparation stage, a transaction generation stage, a transaction encapsulation stage, a transaction supervision stage and an exception handling stage.
Now assume that there is an account model privacy preserving blockchain system (e.g., zether) where each user in the system
Having the respective public key address->
. The following mainly describes how to add policable functionality on the basis of existing privacy preserving blockchain schemes. As shown in fig. 2 and 3, the exception handling center in fig. 2 sends symmetric encryption keys to users, secret parameters to supervisors, and publishes public parameters and merck trees in the blockchain system; in FIG. 3, a user generates a transaction which can be supervised and issued into a blockchain, a mineworker collects the transaction which is issued into the blockchain, the validity of the transaction is checked, the valid transaction is packaged into a new block, a supervisor checks whether the transaction packaged into the block is abnormal, the found abnormal transaction is submitted to an abnormal processing center, the abnormal processing center checks whether the abnormal practice submitted by the supervisor is actually present, and a valid abnormal event is processed; the transaction supervision method comprises the following specific steps:
1. the preparation stage:
step (1.1): the system is initialized, and users are classified into different levels according to the economic capability of the users. The grade is
Is at the discretion of the user of (1)>
The upper limit of the transaction amount in the system is +.>
。
Step (1.2): inputting safety parameters, generating bilinear mapping by the exception handling center
Wherein
Is prime->
And (5) step circulation groups. Randomly select->
Setting->
The method comprises the steps of carrying out a first treatment on the surface of the Calculate the common parameter +.>
Wherein->
The method comprises the steps of carrying out a first treatment on the surface of the Calculating secret parameters
For->
,/>
And there is->
. Exception handling center publishes common parameters->
And the secret parameter->
And transmitted to the supervisor through the secure channel.
Step (1.3): exception handling center generation user
Symmetric encryption key->
And calculates its public key address label
Wherein->
Is user->
Public key address of (a); with encryption key->
Hash values of (2) constitute a merck tree
(as shown in fig. 1), and published; maintenance of the form->
Form->
Encryption key->
And public key address labels
One-to-one correspondence, table/>
Middle public key address tag->
And corresponding user->
The level at which the mobile terminal is located corresponds to the level at which the mobile terminal is located; encryption key->
To the user via a secure channel>
Form->
And transmitted to the supervisor through the secure channel.
Step (1.4): generating zero knowledge proof public key
And zero knowledge proof verification key->
And published.
2. Transaction generation:
users in a blockchain system
Executing step (2.1) -2.5 to generate transaction +_>
。
Step (2.1): generating original transactions using existing privacy preserving blockchain schemes
. Original transaction->
Privacy information contained therein->
。
Step (2.2): selecting random numbers
,/>
Setting a vector:
calculation of
Wherein the method comprises the steps of
。
Step (2.3): using symmetric keys
For->
Encryption, generating ciphertext->
。
Step (2.4): calculating hash values
Setting a common input
Setting secret input
Wherein the method comprises the steps of
Is->
Hash value of (2) from leaf node to root node +.>
Is provided. Calculation proof
Step (2.5): generating transactions
Wherein->
And published into the blockchain.
It should be noted that the function of zero knowledge proof is to prove the transaction
The following conditions are satisfied:
a. transaction
Is->
Use original transaction->
Privacy information contained in the information
And is correctly generated according to the algorithm in step (2.2).
b. Transaction
Is->
And->
Full->
And->
Is->
Hash value of (2) from leaf node to root node +.>
Is provided.
3. And (3) transaction packaging stage:
step (3.1): miners will trade
Break down into->
。
Step (3.2): miners check the original transaction according to the existing privacy preserving blockchain scheme
Whether or not to be effective. If->
Effectively, continuing the next step; otherwise, discard trade->
The present phase is ended.
Step (3.3): miners set up according to published data
And calculate
If it is
Transaction->
Effectively, miners package it into new blocks; otherwise, the transaction is invalid and the miners discard the transaction.
4. And (3) a transaction supervision stage:
and (5) the supervisor performs the steps (4.1) - (4.5) to supervise the transaction. Hypothesized time period
Inner package into block->
The pen trade is->
。
Step (4.1): the supervisor will transact
Break down into->
。
Step (4.2): computing transactions
Tag of sender public key address of (c)
It should be noted that the above formula can be obtained by further deriving
I.e.
The value of (2) and the user public key address +.>
Corresponding to the above.
Step (4.3): for collections
Repeating the operations of steps (4.1) - (4.2), and calculating the public key address label of the sender of each transaction.
Step (4.4): if it is
Then explain trade->
Is->
And trade->
Is->
The same applies. The transaction with the same sender can be collected by repeating this operation. It is emphasized that while the supervisor can discern transactions with the same sender, the supervisor is discerned by the public key address label, the true public key address remains unknown to the supervisor.
Step (4.5): upper limit for transaction amount is
Public key address tag->
There is a collection
. Supervisor calculates public key address label +.>
Corresponding label of the amount spent by the user in each transaction +.>
And calculates the user's time period
Label of total amount spent in
If it is
The transaction amount is normal; if the equation is not satisfied, the transaction is abnormal and the supervisor will tuple + ->
Send to the exception handling center to report the exception.
It is emphasized that, during the time period
If the user's consumption amount is less than his upper limit +.>
The user will send a transaction with the public key address of the receiver as the public key address of the user, so that the total consumption amount is sufficient +.>
Whereby the above-mentioned detection is taken by the supervisor; if in time period->
At the end of the (a), the total amount of the user's consumption has exceeded the aboveLimit->
The above detection cannot be passed.
5. An exception handling stage:
the exception handling center performs steps (5.1) - (5.3) to handle the exception transaction after receiving the supervisor's exception report.
Step (5.1): the exception handling center checks whether the user declared by the supervisor in the exception transaction submitted by the supervisor, and aggregate verification can be used for calculating to improve the calculation efficiency:
if equation is made
Set ∈>
The sender of the transaction in (a) contains a public key address label of +>
The operation of the next step can be performed; if the equation is not established, the supervision side misreports and ends the stage;
step (5.2): the exception handling center checks the public key address label as
If the transaction amount of the user is abnormal, aggregation verification can be used for improving the computing efficiency, and the computing is performed:
if equation is made
Hold and->
The public key address label is +.>
The transaction amount of the user is abnormal, and the next operation is carried out; otherwise, the supervision side gives false alarm and ends the stage.
Step (5.3): exception handling center is in key table
Search for tags->
Corresponding private key->
Use private key +.>
Decrypting the ciphertext in the transaction to obtain the real participant of the transaction and the transaction amount.
In particular, the following takes Zether as an example to show how a policable function is added to the Zether. Suppose there is a user Alice in the Zether system whose public key address is
In time period->
The upper limit of the transaction amount in the system is 10000. There is a user Bob whose public key address is +.>
In time period->
The upper limit of the transaction amount in the system is 1000./>
During a time period
8 transactions are issued in the internal system, and the hidden privacy information in the transactions is shown in table 1.
1. Preparation stage
Step (1.1): the system is initialized, and users are classified into different levels according to the economic capability of the users. Level of
Is at the discretion of the user of (1)>
The upper limit of the transaction amount in the system is +.>
。
Step (1.2): inputting safety parameters, generating bilinear mapping by the exception handling center
Wherein
Is prime->
And (5) step circulation groups. Randomly select->
Setting up
The method comprises the steps of carrying out a first treatment on the surface of the Calculating common parameters
Wherein->
Then
. Calculating secret parameters
For->
,/>
,/>
Then
. The exception handling center publishes the public parameters and sends the secret parameters to the supervisor through the secure channel.
Step (1.3): exception handling center generation user
Symmetric encryption key->
And calculates the public key address label
Wherein->
Is user->
Public key address of (a); with encryption key->
Hash values of (2) constitute a merck tree
(as shown in fig. 1), and published; dimension(s)Protect form->
Form->
Encryption key->
And public key address labels
One-to-one correspondence, form->
Middle public key address tag->
And corresponding user->
The level at which the mobile terminal is located corresponds to the level at which the mobile terminal is located; encryption key->
To the user via a secure channel>
Form->
And transmitted to the supervisor through the secure channel.
Step (1.4): generating zero knowledge proof public key
And zero knowledge proof verification key->
And published.
2. Transaction generation stage
Alice executes steps (2.1) -step (2.5) to generate a transaction
。
Step (2.1): generating original transactions using existing privacy preserving blockchain schemes
。
Step (2.2): selecting random numbers
Setting a vector
Calculation of
Wherein the method comprises the steps of
. I.e. < ->
,/>
,
。
Step (2.3): using symmetric keys
For->
Encryption, generating ciphertext->
。
Step (2.4): calculating hash values
Setting a common input
Setting secret input
Wherein the method comprises the steps of
Is->
Hash value of (2) from leaf node to root node +.>
Is provided. Computing zero knowledge proof
Step (2.5): generating transactions
Wherein
And published into the blockchain. Similarly, the user may use the method described above to generate other transactions in which some of the parameter values are shown in table 2.
3. Transaction packaging stage
Step (3.1): miners will trade
Break down into->
。
Step (3.2): miners check the original transaction according to the existing privacy preserving blockchain scheme
Whether or not to be effective. If->
Effectively, continuing the next step; otherwise, discard trade->
The present phase is ended.
Step (3.3): miners set up according to published data
And calculate
If it is
Transaction->
Effectively, miners package it into new blocks; otherwise, the transaction is invalid and the miners discard the transaction. />
4. Transaction supervision stage
And (5) the supervisor performs the steps (4.1) - (4.5) to supervise the transaction.
Step (4.1): the supervisor will transact
Break down into->
。
Step (4.2): computing transactions
A tag of the sender public key address:
Step (4.5): computing transactions
,/>
And->
Is a sum of the transaction amounts of (a),
and calculates the user's time period
Tags of the total amount spent in the blockchain system.
It can be derived that
Indicating that the transaction amount of public key address a is normal. But->
The transaction amount at public key address B is described as abnormal. The supervisor will->
,/>
,/>
And sending the report to an exception handling center for reporting the exception.
5. Exception handling stage
The exception handling center performs steps (5.1) - (5.3) to handle the exception transaction after receiving the supervisor's exception report.
Step (5.1): the exception handling center checks whether the user declared by the supervisor in the exception transaction submitted by the supervisor, and aggregate verification can be used for calculating to improve the calculation efficiency:
equation(s)
Hold, trade->
,/>
,/>
Is a sender with public key address tag +.>
Is a user of (a). The exception handling center performs the next operation.
Step (5.2): exception handling center checking transactions
,/>
,/>
If the total amount of the transaction is abnormal, aggregation verification can be used for improving the calculation efficiency, and calculation can be performed:
Step (5.3): exception handling is central to the secretKey form
Search for tags->
Corresponding private key->
Use private key +.>
Decrypting the ciphertext in the transaction to obtain the real participant of the transaction and the transaction amount.
Referring to fig. 4, the embodiment of the invention further provides a transaction supervision device facing the privacy protection blockchain, which further comprises a memory and one or more processors, wherein executable codes are stored in the memory, and the one or more processors are used for realizing the transaction supervision method facing the privacy protection blockchain in the embodiment when executing the executable codes.
The embodiment of the transaction supervision device facing the privacy protection blockchain can be applied to any device with data processing capability, such as a computer or the like. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in a nonvolatile memory into a memory by a processor of any device with data processing capability. In terms of hardware, as shown in fig. 4, a hardware structure diagram of an apparatus with data processing capability, where a transaction supervision device for privacy protection blockchain of the present invention is located, is shown in fig. 4, and in addition to a processor, a memory, a network interface, and a nonvolatile memory shown in fig. 4, the apparatus with data processing capability, where any apparatus with data processing capability is located in an embodiment, may generally include other hardware according to an actual function of the apparatus with data processing capability, which is not described herein again. The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present invention. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The embodiment of the invention also provides a computer readable storage medium, on which a program is stored, which when executed by a processor, implements the transaction supervision method facing the privacy protection blockchain in the above embodiment.
The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory, of any of the data processing enabled devices described in any of the previous embodiments. The computer readable storage medium may be any external storage device that has data processing capability, such as a plug-in hard disk, a Smart Media Card (SMC), an SD Card, a Flash memory Card (Flash Card), or the like, which are provided on the device. Further, the computer readable storage medium may include both internal storage units and external storage devices of any data processing device. The computer readable storage medium is used for storing the computer program and other programs and data required by the arbitrary data processing apparatus, and may also be used for temporarily storing data that has been output or is to be output.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, or alternatives falling within the spirit and principles of the invention.
Claims (7)
1. A transaction supervision method for privacy protection blockchain is characterized by comprising the following steps of: the method comprises the following steps:
s1, preparation: performing level division on users, and setting the upper limit of transaction amount of the users in a specified time period; the exception handling center calculates and publishes public parameters and sends secret parameters to the supervision party; the exception handling center generates a corresponding table of the encryption key and the public key address label and a table of the public key address label and the user level, sends the symmetric key to the corresponding user, and sends the corresponding table of the public key address label and the user level to the supervisor; generating and publishing a zero knowledge proof public key and a zero knowledge proof verification key;
s2, transaction generation: the user generates an original transaction, sets a privacy vector by utilizing privacy information in the original transaction, further calculates digital commitment and supervision parameters of the privacy vector, encrypts the privacy vector to obtain a ciphertext, executes a zero knowledge proof algorithm, and generates a proof that the ciphertext is obtained by encrypting the privacy vector through a correct encryption algorithm and a secret key, thereby generating the transaction;
s21, generating an original transaction containing private information by utilizing an existing privacy protection blockchain scheme; the privacy information comprises a public key address of a transaction sender, a public key address of a transaction receiver and a transaction amount;
s22, selecting a random number from a prime number q-order cyclic group, setting a vector containing private information and the random number, and calculating a digital promise for the vector and a supervision parameter for the private information, wherein the supervision parameter refers to a parameter required by a supervision party in supervision of transactions;
s23, encrypting the vector by using the symmetric key to generate a corresponding ciphertext;
s24, calculating hash values of vectors, setting public input by combining supervision parameters of root nodes, original transactions, ciphertext, digital promises and privacy information, setting secret input by the vectors, symmetric keys and paths of hash values of the symmetric keys from leaf nodes to the root nodes, and calculating proofs by using a generation algorithm of non-interactive zero knowledge proofs;
s25, generating a transaction and issuing the transaction into a blockchain;
s3, transaction packaging stage: the miners decompose the transaction, check whether the transaction is valid or not according to the existing privacy protection blockchain scheme and the verification algorithm of the non-interactive zero knowledge proof, package the transaction if the transaction is valid, and discard the transaction if the transaction is invalid;
s4, a transaction supervision stage: the supervision party decomposes the transaction, calculates the public key address label of the sender of each transaction, collects the transaction with the same sender, generates the total amount label of the amount spent by the user in the appointed time period, judges whether the transaction amount is normal, and reports to the exception handling center if the transaction amount is abnormal;
s5, an exception handling stage: after receiving an abnormal report of a supervisor, the abnormal processing center verifies whether the abnormal transaction set submitted by the supervisor is all a user from which a statement is made through aggregation verification, verifies whether the total monetary label of the transaction set is equal to the total monetary label reported by the supervisor, judges whether the supervisor has false alarm, and if false alarm occurs, ends the stage; if the true transaction amount is not reported by mistake, the true participant of the transaction is obtained through the private key of the table corresponding to the encryption key and the public key address label, and the ciphertext in the transaction is decrypted to obtain the true transaction amount.
2. The privacy preserving blockchain-oriented transaction supervision method of claim 1, wherein: the specific substeps of the step S1 are as follows:
s11, initializing a system, namely dividing users into different levels according to different economic capacities of the users, and setting upper limit of transaction amounts of the users in different levels in a specified time period;
s12, inputting safety parameters, calculating and publishing public parameters by an exception handling center, calculating secret parameters and sending the secret parameters to a supervision party through a safety channel;
s13, the exception handling center generates a symmetric encryption key of the user and calculates a public key address label of the symmetric encryption key; forming a merck tree through the hash value of the encryption key and publishing the merck tree; maintaining a table in which the encryption keys and the public key address labels are in one-to-one correspondence, and a table in which the public key address labels and the corresponding user levels are in correspondence; the encryption key is sent to the user of the corresponding level through a secure channel, and the public key address label and the corresponding form of the user level are sent to the supervisor through the secure channel;
s14, generating and publishing a zero knowledge proof public key and a zero knowledge proof verification key.
3. The privacy preserving blockchain-oriented transaction supervision method of claim 1, wherein: the specific substeps of the step S3 are as follows:
s31, the miners decompose the transaction into an original transaction, a ciphertext, a digital promise and supervision parameters and evidence of privacy information;
s32, the miners check whether the original transaction is effective according to the existing privacy protection blockchain scheme, if so, the process continues to the next step, if not, the transaction is abandoned, and the transaction packaging stage is finished;
s33, the miners set public input according to the public data, and verify the validity of zero knowledge proof in the transaction by using a zero knowledge proof verification algorithm, and if the transaction is valid, the miners package the transaction into a new block; if the transaction is invalid, the miners discard the transaction.
4. The privacy preserving blockchain-oriented transaction supervision method of claim 1, wherein: the specific substeps of the step S4 are as follows:
s41, decomposing the transaction into an original transaction, a ciphertext, a digital promise and supervision parameters and proof of privacy information by a supervision party;
s42, calculating labels of sender public key addresses of transactions, wherein the values of the labels of the sender public key addresses correspond to the public key addresses of users one by one;
s43, calculating a public key address label of a sender of each transaction encapsulated in the block in a time period through the steps S41 and S42;
s44, comparing labels of sender public key addresses of all transactions, and collecting transactions with the same sender;
s45, the supervisor calculates the label of the sum spent by the user in each transaction corresponding to the public key address label, calculates the label of the total sum spent by the user in the time period, and if the label of the total sum is equal to the label of the upper limit of the preset transaction sum, the transaction sum is normal; if the two are not equal, the transaction is abnormal, and the supervisor sends a tuple to the abnormal processing center to report the abnormality, wherein the tuple comprises the user public key address label, the label of the total amount spent by the user in the time period and the transaction set issued by the user in the time period.
5. The privacy preserving blockchain-oriented transaction supervision method of claim 4, wherein: in the step S45, if the user ' S consumption amount is less than the set upper limit, the user may send a transaction with the public key address of the receiving party as the public key address of the user ' S own, so that the total consumption amount is sufficient for the upper limit setting amount, thereby satisfying the condition that the amount label in the step S45 is equal to the label of the preset transaction amount upper limit, and if the user ' S consumption amount exceeds the preset upper limit in the specified time, the total amount label in the step S45 is considered to be unequal to the label of the preset transaction amount upper limit.
6. The privacy preserving blockchain-oriented transaction supervision method of claim 1, wherein: the specific substeps of the step S5 are as follows:
s51, the exception handling center checks whether the exception transaction sets submitted by the supervision party are all users from the statement thereof, if yes, the next operation is carried out, if not, the supervision party is indicated to report by mistake, and the exception handling stage is ended;
s52, the exception handling center checks whether the total amount label of the transaction set is equal to the total amount label reported by the supervision party, if not, the transaction set is abnormal, the next operation is carried out, if not, the supervision party is indicated to report by mistake, and the exception handling stage is ended;
s53, the exception handling center searches a private key corresponding to the public key address label of the upper limit of the transaction of the amount appointed by the label in a table corresponding to the public key address label, decrypts the ciphertext in the transaction by using the private key, and acquires the real participant of the transaction and the transaction amount.
7. The utility model provides a trade supervision device towards privacy protection blockchain which characterized in that: the apparatus comprises a memory having executable code stored therein and one or more processors that, when executing the executable code, are configured to implement the privacy preserving blockchain oriented transaction management method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310121633.7A CN115829754B (en) | 2023-02-16 | 2023-02-16 | Transaction supervision method and device for privacy protection blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310121633.7A CN115829754B (en) | 2023-02-16 | 2023-02-16 | Transaction supervision method and device for privacy protection blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115829754A CN115829754A (en) | 2023-03-21 |
| CN115829754B true CN115829754B (en) | 2023-05-05 |
Family
ID=85521573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310121633.7A Active CN115829754B (en) | 2023-02-16 | 2023-02-16 | Transaction supervision method and device for privacy protection blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115829754B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108389046A (en) * | 2018-02-07 | 2018-08-10 | 西安交通大学 | Secret protection method of commerce based on block chain technology in a kind of e-commerce |
| CN110661790A (en) * | 2019-09-10 | 2020-01-07 | 连连银通电子支付有限公司 | Block chain private data protection method, device, equipment and medium |
| CN114219491A (en) * | 2022-02-23 | 2022-03-22 | 国网电子商务有限公司 | Block chain-oriented privacy transaction method and related device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108021821A (en) * | 2017-11-28 | 2018-05-11 | 北京航空航天大学 | Multicenter block chain transaction intimacy protection system and method |
| CN108418689B (en) * | 2017-11-30 | 2020-07-10 | 矩阵元技术(深圳)有限公司 | Zero-knowledge proof method and medium suitable for block chain privacy protection |
| CN109257182B (en) * | 2018-10-24 | 2021-06-25 | 杭州趣链科技有限公司 | Privacy protection method based on homomorphic cryptography commitment and zero knowledge range certification |
| WO2021046668A1 (en) * | 2019-09-09 | 2021-03-18 | 深圳市网心科技有限公司 | Blockchain system, information transmission method, system and apparatus, and computer medium |
| CN110855631B (en) * | 2019-10-24 | 2022-05-17 | 南京可信区块链与算法经济研究院有限公司 | Method, system and storage medium for verifying supervision-capable zero knowledge in block chain |
| CN111211907B (en) * | 2019-12-23 | 2023-06-09 | 中国人民解放军空军研究院特种勤务研究所 | Information privacy protection and supervision method and system for logistics block chain |
| CN111340494B (en) * | 2020-05-15 | 2020-08-28 | 支付宝(杭州)信息技术有限公司 | Asset type consistency evidence generation, transaction and transaction verification method and system |
| CN113222758A (en) * | 2021-05-08 | 2021-08-06 | 华中科技大学 | Alliance chain transaction information monitoring method, system and terminal on the premise of privacy |
| CN113794743B (en) * | 2021-11-18 | 2022-02-11 | 湖南和信安华区块链科技有限公司 | Industrial data supervisory systems based on block chain |
| CN114580029A (en) * | 2022-04-28 | 2022-06-03 | 浙江甲骨文超级码科技股份有限公司 | Block chain digital asset privacy protection method, device, equipment and storage medium |
| CN115564434A (en) * | 2022-09-23 | 2023-01-03 | 西南交通大学 | Block chain supervision privacy protection method based on zero knowledge proof |
-
2023
- 2023-02-16 CN CN202310121633.7A patent/CN115829754B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108389046A (en) * | 2018-02-07 | 2018-08-10 | 西安交通大学 | Secret protection method of commerce based on block chain technology in a kind of e-commerce |
| CN110661790A (en) * | 2019-09-10 | 2020-01-07 | 连连银通电子支付有限公司 | Block chain private data protection method, device, equipment and medium |
| CN114219491A (en) * | 2022-02-23 | 2022-03-22 | 国网电子商务有限公司 | Block chain-oriented privacy transaction method and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115829754A (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Diffie et al. | New directions in cryptography | |
| CN105959111B (en) | Information security big data resource access control system based on cloud computing and trust computing | |
| JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
| Elkhiyaoui et al. | CHECKER: On-site checking in RFID-based supply chains | |
| CN110138802B (en) | User characteristic information acquisition method, device, block chain node, network and storage medium | |
| CN107078906A (en) | Public key encryp | |
| CN111563733B (en) | Ring signature privacy protection system and method for digital wallet | |
| CN106059760B (en) | A kind of cryptographic system from user terminal crypto module calling system private key | |
| CN114580029A (en) | Block chain digital asset privacy protection method, device, equipment and storage medium | |
| Luong et al. | Privacy-preserving blockchain-based healthcare system for IoT devices using zk-SNARK | |
| CN105339995B (en) | Decrypt device, decryption capabilities provide device, its method and recording medium | |
| CN115001775B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
| Kroll et al. | Secure protocols for accountable warrant execution | |
| CN117155644A (en) | Medical data hierarchical access control and sharing method with link-up and link-down cooperation | |
| CN113779594B (en) | Block chain-based data distribution sharing method and system | |
| Li et al. | PriExpress: Privacy-preserving express delivery with fine-grained attribute-based access control | |
| CN115829754B (en) | Transaction supervision method and device for privacy protection blockchain | |
| CN116527322A (en) | Combined credit investigation method and device based on block chain and privacy calculation | |
| CN115118416A (en) | Distributed database system based on privacy protection and confidentiality method | |
| CN114398671A (en) | Privacy calculation method, system and readable storage medium based on feature engineering IV value | |
| CN111340489A (en) | Custodable transaction recipient protection method and apparatus | |
| Longo | Formal Proofs of Security for Privacy-Preserving Blockchains and other Cryptographic Protocols | |
| CN110061837A (en) | A kind of encrypted transmission mechanism of the ciphertext fixed length based on outsourcing decryption | |
| Joseph et al. | Design a hybrid Optimization and Homomorphic Encryption for Securing Data in a Cloud Environment | |
| Li et al. | Privacy Protection and Secure Transmission of Smart Meter Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |