CN115906183A - Auditable and traceable block chain privacy protection system and method - Google Patents
Auditable and traceable block chain privacy protection system and method Download PDFInfo
- Publication number
- CN115906183A CN115906183A CN202310014907.2A CN202310014907A CN115906183A CN 115906183 A CN115906183 A CN 115906183A CN 202310014907 A CN202310014907 A CN 202310014907A CN 115906183 A CN115906183 A CN 115906183A
- Authority
- CN
- China
- Prior art keywords
- transaction
- organization
- client
- proof
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention belongs to the technical field of block chains, and discloses an auditable and traceable block chain privacy protection system and method. The system of the present invention comprises: the system comprises a directed graph structure account book, a client and an intelligent contract module: the directed graph structure account book generates an NIZK certificate for transaction data through a forward transaction identifier to protect privacy and realize traceability, and an auditor realizes auditability through an audit token; the client is responsible for generating transaction data and encrypting the transaction data, and generating verifiable commitments and NIZK certificates through a directed graph structure book; and the intelligent contract module receives the request of the client and executes the corresponding chain code function. The method and the device can protect the private data in the block chain account book, and can audit and trace the account book on the basis.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to an auditable and traceable block chain privacy protection system and method.
Background
Due to the decentralized and non-tamperable property, the blockchain network enables the transaction to be transparent and credible. However, since sensitive data is exposed when each organization shares an account book in the network, private data encryption causes incapability of audit tracing and increasingly complex product supply chains urgently need traceability, and how to effectively protect private data and audit tracing while sharing the account book becomes a core problem of block chain development. At present, encryption and re-uplink of original data are generally adopted, but the original data are still damaged. Many solutions to this problem have been proposed, but none of them are fully functional. For example, solius hides the transaction value and the transaction graph by introducing the concept of a forgetting RAM (PVORM) capable of being publicly verified, but all keys need to be provided during auditing, which not only increases the overhead, but also has the problem of malicious leakage; the FabZK proposed by Supporting Privacy-Preserving, audible Smart controls in Hyperfolder Fabric realizes the auditability of private data by Supporting verifiable Pedersen commitment and constructing zero-knowledge proof, but does not support tracing back; zkLedger proposed by the Pravacy-forecasting editing for Distributed Ledgers uses a non-interactive zero knowledge proof generated by Pedersen commitment to audit, and is the same as FabZK, and the book of zkLedger is of a columnar book structure and does not support tracing; the DECOUPLES system proposed by DECOUPLES: a decentralized, unlinkable and private-preserving traceability system for the subjectivechain supports tracing back of the supply chain, which privacy protects data by encryption schemes such as ring signature, schnorr signature, etc., but does not support complete auditing.
Disclosure of Invention
The invention aims at: aiming at the defects of the prior art, the block chain privacy protection system and the block chain privacy protection method capable of auditing and tracing are provided, and are used for protecting the privacy data in the block chain account book and auditing and tracing the account book on the basis.
Specifically, the invention is realized by adopting the following technical scheme.
On one hand, the invention provides an auditable and traceable block chain privacy protection system, which comprises an oriented graph structure account book, a client and an intelligent contract module:
the directed graph structure ledger book records transaction data, provides forward transaction identification for each transaction, and encrypts the transaction data in the directed graph structure ledger book; and recording NIZK proofs generated for the transaction data, the NIZK proofs including balance proof ZKa, asset proof ZKb, retrospective proof ZKc, conformance proof ZKd;
the client, when being used as a transaction initiator, creates a plaintext transaction, generates transaction data and an NIZK certificate based on Pedersen commitment, encrypts the transaction data and sends the encrypted transaction data to a block chain network, the encrypted transaction data is subjected to orderer node sequencing and commit by a commit node to perform uplink transaction to form a ciphertext transaction, a public account book is updated after the verification is performed through block chain broadcasting and a consensus mechanism, the client updates a maintained block chain account book copy, and the verification is realized by calling an intelligent contract in the intelligent contract module; when the intelligent contract is used as an auditor, the intelligent contract used for auditing and tracing in the intelligent contract module is called, and auditing and tracing are carried out on an account book with a directed graph structure in a block chain network;
the intelligent contract module receives the request of the client and executes a corresponding chain code function, wherein the chain code function comprises a source tracing function, a judgment balance function, a calculation asset function and a certification verification function; the tracing function is used for tracing a certain transaction, reading the transaction corresponding to the forward transaction identifier in the digraph structure ledger, and verifying a tracing certificate ZKc corresponding to a transaction receiver in the transaction; the judgment balance function is used for judging whether the total transaction fund yield is balanced so as to verify a balance certificate ZKa; the computing asset function is used for computing whether the sum of assets of a certain organization in all transactions is larger than zero so as to verify the asset certificate ZKb; the proof validation function is used to verify the correctness of all the NIZK proofs in the transaction.
Furthermore, the directed graph structure ledger maintains a two-dimensional table, rows represent transactions, columns represent all transactions of an organization, the directed graph structure is logically implemented by setting forward transaction identification attributes, and each node in the directed graph has a row of data to record all information of the transaction.
Further, auditing is realized through an auditing Token, and a formula generated by the auditing Token is shown in a formula (1);
the balance certification ZKa is used for verifying whether the total assets of each organization in each transaction are balanced, namely whether the formula (2) is met; the equilibrium proof ZKa takes advantage of the property of the Pedersen promised homomorphism, see equation (3), of the prover, by selecting a set of random numbers r 1 ,r 2 ,…,r n Such that the set of random numbers satisfies equation (4), in combination with r 1 ,r 2 ,…,r n The auditor judges whether the account book reaches balance through calculation, and the formula (5) is shown;
in the formula (1), pk is a public key of the organization, r is a random number, h is a point on a set elliptic curve, and sk is a private key of the organization;
in the formula (2), u i N is the column number of a two-dimensional table maintained by an account book of a directed graph structure, wherein N is the transaction amount of the ith organization;
com in formula (3), formula (4) and formula (5) j To the generated pair value u i Pedersen commitment, (g, h) is a point on the set elliptic curve, r i And N is the column number of the two-dimensional table maintained by the directed graph structure ledger.
Further, the asset certification ZKb verifies whether an asset is transferred or not by calculating the sum of columns corresponding to each organization in the directed graph structure ledger, and introduces an auxiliary commitment com ', and conducts one-time range certification verification on com' for verifying ZKb; the auxiliary commitment com' has two strategy options:
policy 1) commitment of value u;
policy 2) the sum of the commitments to each of the transaction values in the column corresponding to the organization;
if the client is the transaction initiator, com' is a commitment to the value u; and if formula (6) is satisfied, it indicates that there is an asset that can be traded; if the client is other organizations, com' selects any one of the two strategies;
in formula (6), com i ' the ith commitment generated by adopting the auxiliary commitment generation strategy 1 is adopted for a transaction initiator, and M is the number of transactions in the account.
Further, the traceback proof ZKc generates a commitment, a scope proof and an identifier s for each organization by the transaction initiator, and if the organization is the transaction receiver, the identifier s =1,s = -1 represents a non-transaction organization or a transaction initiator; generating a promise comb for the identifier s, and generating a tracing proof for the comb to judge whether the identifier s in the comb is greater than zero; and setting the initiator of the current transaction as m, and after the auditor knows that the forward transaction identifier of the current transaction is n through the directed graph structure ledger, judging whether the organization is a transaction receiver or not through verifying the tracing proof of the tuple corresponding to m in the transaction n in order to verify the correctness of the forward transaction identifier.
Further, the agreement demonstrates that ZKd is expressed as follows:
for any organization k, 1) the random numbers asserted to form Com and Token are the same; 2) The random numbers used to form Com 'and Token' are asserted to be consistent, token 'being an audit Token generated to audit Com'.
On the other hand, the invention also provides an auditable and traceable block chain privacy protection method, which is realized by adopting the auditable and traceable block chain privacy protection system and comprises the following steps:
1) Transaction preprocessing: the method comprises the steps that a transaction initiator and a transaction receiver agree on a transaction amount, a client serving as the transaction initiator generates plaintext transaction data according to the transaction amount and then conducts encryption processing through an encryption algorithm to form ciphertext transaction, the transaction data comprise each tuple of N columns in an image structure book, each tuple comprises the transaction amount, a random number used for generating the commitment and a public key of an organization, after the transaction is generated, the generated transaction data are encrypted, and the encrypted transaction data are sent to an endorsement node;
2) And (3) simulation execution: after the endorsement node receives the encrypted transaction data, calling an intelligent contract to generate (Com, token, ZKa, ZKb, ZKc and ZKd) for each tuple, and adding the generated (Com, token, ZKa, ZKb, ZKc and ZKd) into a public ledger;
3) Returning the executed result endorsement to the client;
4) After receiving the back book, the client submits the results to an orderer node for sorting;
5) The node sorts the transactions from each organization and then packs them into blocks;
6) The orderer node transmits the packed block broadcast to the Committer node;
7) Verifying the signature and read-write set conflict of each transaction in the block by the Committer node, calling horizontal and longitudinal verification to verify the change of the public account book, and adding the transaction into the public account book if the verification is correct; the transverse verification is to verify whether the transaction meets the balance of the assets and the correctness of the transaction; the longitudinal verification is to verify whether each organization meets the asset certification and the consistency certification;
8) Sending a notification to each organization;
9) Each organization adds transactions to its own private ledger.
On the other hand, the invention also provides an auditable and traceable block chain privacy protection method, which is realized by adopting the auditable and traceable block chain privacy protection system and comprises the following steps:
1) A client serving as an auditor reads transaction data needing auditing or tracing from the directed graph structure account book;
2) Performing transverse and longitudinal verification; the transverse verification is to verify whether the transaction meets the balance of the assets and the correctness of the transaction; the longitudinal verification is to verify whether each organization meets the asset certification and the consistency certification;
3) And auditing or tracing is performed by selecting a function of the intelligent contract.
The audit traceable block chain privacy protection system and method have the following beneficial effects:
the audit traceable block chain privacy protection system and method construct the transaction graph by using the oriented graph structure book, realize the traceability of transaction data on the block chain, verify the traceable correctness of forward transaction generation proof verification, realize the traceable block chain transaction network and verify the traceability correctness.
According to the audit retrospective block chain privacy protection system and method, transaction data on the chain are encrypted, and the balance certificate, the retrospective certificate, the asset certificate and the consistency certificate are generated by using the zero-knowledge certificate based on the Pedersen promises, so that the fast and certifiable correct private data auditability is provided, the block chain method and system capable of publicly certificating and auditing are realized, and the privacy protection is facilitated.
The audit traceable block chain privacy protection system and method provided by the invention are based on the Hyperhedger Fabric open source framework for expansion, effectively inherit the Fabric characteristics, create plaintext transaction through a client and send the encrypted plaintext transaction to a block chain network, transact uplink through a consensus mechanism, and audit and trace the network through an intelligent contract module, so that the throughput of the system and the method thereof is guaranteed while the audit traceable is realized.
Drawings
Fig. 1 is a schematic diagram of an account book directed graph structure according to an embodiment of the present invention.
FIG. 2 is a flow chart illustrating the implementation of the present invention.
Fig. 3 is a transaction data flow diagram (with the client acting as the transaction initiator) of an embodiment of the present invention.
FIG. 4 is a flow diagram of authentication data (with the client acting as an auditor) for an embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples and the accompanying drawings.
Example 1:
one embodiment of the invention is a block chain privacy protection system and method capable of being audited and traced.
The auditable and traceable block chain privacy protection system is expanded based on a HyperLegendr Fabric open source framework and comprises a directed graph structure book, a client application program (hereinafter referred to as a client) and an intelligent contract module.
The directed graph structure ledger records transaction data, provides a forward transaction identification (PrevTID) for each transaction, and encrypts the transaction data except a timestamp and the forward transaction identification in the directed graph structure ledger; and record the NIZK proofs generated for the transaction data, including balance proof ZKa, asset proof ZKb, retrospective proof ZKc, compliance proof ZKd. As shown in fig. 1, a directed graph structure ledger maintains a two-dimensional table, rows represent transactions, columns represent all transactions of a certain organization, the directed graph structure is logically implemented by setting a forward transaction identification (PrevTID) attribute, each node in the directed graph has a row of data to record all information of the transaction, and the tracing purpose is achieved by reverse tracing to the PrevTID. The digraph structure account book generates an NIZK certificate through the PrevTID and transaction data to protect privacy and realize traceability, and an auditor realizes auditability through an audit token. The digraph structure account book realizes anonymization privacy protection by encrypting transaction contents. As shown in fig. 1, the shaded portion of the directed graph structure ledger is encrypted data, and information other than the time stamp and the PrevTID is subjected to encryption processing, so that no information related to the transaction is derived from the directed graph structure ledger. Notably, the retrospective method is an inverse deep search, by which it is possible to verify that the PrevTID is correct.
The client has two options. When the client serves as a transaction initiator, the client creates plaintext transaction, generates transaction data and an NIZK (non-interactive zero knowledge) proof based on Pedersen promises, encrypts the transaction data through an encryption algorithm and then sends the encrypted transaction data to a block chain network, the transaction is linked up after orderer node sequencing and commatter node verification to form ciphertext transaction, a public account book is updated after block chain broadcasting and consensus mechanism verification, and finally the client updates a maintained block chain account book copy, namely a private account book. When the client serves as an auditor, intelligent contracts used for auditing and tracing in the intelligent contract module are called, and auditing and tracing of the directed graph structure account book in the block chain network are carried out.
The client communicates with each block chain node through a grpc protocol and is responsible for calling an intelligent contract and submitting a transaction to a block chain network. The client can read and write the block chain account book copy maintained by the client, and besides the original API provided by the Fabric, the invention also provides four APIs: audit & TB (), clearTran (), createEncryptedtran (), updateLocalData (). And enabling the client to serve as an auditor by the aid of the Audit & TB () API, and auditing and tracing the information on the chain by calling functions in the intelligent contract. When the client acts as a transaction initiator, clearTran () creates plaintext transaction data, createencrypttedtran () generates an object for the plaintext transaction data and encrypts the data. updatelocaldaldata () updates the local blockchain ledger copy data in real time.
And the intelligent contract module is used for receiving a request of the client and executing a corresponding chain code function, wherein the chain code function comprises a source tracing function, a balance judging function, an asset calculating function and a proof verification function. The tracing function TraceSource () is used for tracing a certain transaction, reading the transaction corresponding to the forward transaction identifier in the digraph structure ledger and verifying the tracing certificate ZKc corresponding to the transaction receiver in the transaction; judging whether the balance function computeSum () is used for judging whether the transaction total capital yield is balanced or not so as to verify a balance certificate ZKa; the compute asset function computeAsset () is used to compute whether the sum of assets of an organization in all transactions is greater than zero to verify the asset proof ZKb; the proof validation function verityprofofs () validates the correctness of all the NIZK proofs in the transaction.
As shown in fig. 2, when the client is used as a transaction initiator, the client creates a plaintext transaction, the plaintext transaction is encrypted by an encryption algorithm to form a ciphertext transaction, the ciphertext transaction is verified by a blockchain broadcast and a consensus mechanism, and then a public ledger is updated, and finally the client updates the ledger copy maintained by the organization. And when the client serves as an auditor, calling the intelligent contract for auditing and tracing in the intelligent contract module to audit and trace.
With reference to fig. 3, the flow of executing one transaction of the auditable and traceable blockchain privacy protection method based on the NIZK and directed graph of the present invention includes the following steps.
1) Transaction preprocessing: the transaction initiator and the transaction receiver agree on a transaction amount, a client serving as the transaction initiator generates plaintext transaction data according to the transaction amount and then performs encryption processing through an encryption algorithm to form ciphertext transaction, the transaction data comprise each tuple of N columns in an oriented graph structure ledger, each tuple comprises a transaction amount u, a random number r used for generating commitments and a public key of an organization, and the data are used for generating commitments, audit tokens and certificates in the next step. And after the transaction is generated, encrypting the generated transaction data and sending the encrypted transaction data to the endorsement node.
2) And (3) simulation execution: after the endorsement node receives the encrypted transaction data, the intelligent contract is called to generate (Com, token, ZKa, ZKb, ZKc, ZKd) for each tuple, and the Com, token, ZKa, ZKb, ZKc and ZKd are added into the public ledger.
3) And returning the executed result endorsement to the client.
4) And after the client receives the endorsement, submitting the results to an orderer node for sorting.
5) The nodes sort the transactions from the various organizations and then pack them into blocks.
6) The orderer node sends the packed block broadcast to the Committer node.
7) The Committer node verifies the signature, read-write set conflict of each transaction in the block, and invokes horizontal and vertical verification to verify the change of the public ledger, and if verification is correct, the transaction is added to the public ledger. The lateral verification is to verify that the transaction satisfies the balance of assets and the correctness of the transaction to ensure that non-transacting organizations do not create and destroy assets and that nobody can steal assets from elsewhere. Longitudinal verification is to verify whether each organization meets asset certification and compliance certification.
8) A notification is sent to each organization.
9) Each organization adds transactions to its own private ledger.
As shown in fig. 4, when the client serves as an auditor, auditing and tracing are performed by calling the intelligent contract, and the transaction of calling the intelligent contract is subjected to orderer node sequencing and commander node verification and then linked up, so as to achieve storage of log information. The one-time auditing or tracing execution flow of the auditable and traceable block chain privacy protection method based on the NIZK and the directed graph comprises the following steps.
1) The auditor reads the transaction data to be audited or traced from the account book.
2) Before audit tracing, transverse and longitudinal verification is required. The transverse verification is to verify whether the transaction satisfies the balance of the assets and the correctness of the transaction. Longitudinal verification is to verify whether each organization satisfies asset certification and compliance certification.
3) Auditing or tracing is performed by selecting functions TraceSource (), computeSum (), computesaset (), verityprotofs () of the smart contract. Wherein, traceSource () traces the source of the transaction by a recursive method; computesuum () computes the sum of commitments in a transaction to verify balance; computeAsset () calculates whether the sum of commitments from a given organization in the ledger is greater than zero to determine the proof of property; verityprofofs () verifies the correctness of all proofs in the transaction.
The NIZK certification comprises a balance certification ZKa, an asset certification ZKb, a retrospective certification ZKc and a consistency certification ZKd, and an auditor realizes auditability through an audit Token. The specific functions demonstrated by NIZK are as follows:
the aim of hiding the random number r is achieved by generating Token. The audit Token generation formula is shown in formula (1).
The balance certification ZKa is used to verify whether the total assets of each organization in each transaction are balanced, i.e., whether equation (2) is satisfied.
The equilibrium proof ZKa takes advantage of the property of the homomorphic addition promised by Pedersen, see equation (3). The prover, i.e. the transaction initiator, selects a set of random numbers r 1 ,r 2 ,…,r n Such that the set of random numbers satisfies equation (4), in combination with r 1 ,r 2 ,…,r n The auditor determines whether the account book is up through calculationEquilibrium is reached, see equation (5).
The proof of asset ZKb is used to ensure that the transaction initiator has enough assets to transfer. For example, the asset proof ZKb verifies whether any asset is transferred by calculating the sum (non-negative or greater than a set threshold) of columns corresponding to each organization in the directed graph structure ledger, and introduces an auxiliary commitment com ', and performs range proof verification once on com' for verifying ZKb. There are two strategy options for the auxiliary commitment com':
policy 1) commitment of value u;
policy 2) the sum of the commitments to the respective trading values in the column to which the organization corresponds.
If the client is the transaction initiator, com' is a commitment to the value u; and if equation (6) is satisfied (e.g., u ≧ 0, indicating that the asset is not negative), indicating that there is an asset available for trading; if the client is other organization, com' selects any one of the above two strategies.
In the formula (1), pk is a public key of the organization, r is a random number, h is a point on an elliptic curve, and sk is a private key of the organization.
In the formula (2), u i For the transaction amount of the ith organization, N is the number of columns of the two-dimensional table maintained by the digraph structure ledger.
Com in formula (3), formula (4) and formula (5) j To the generated pair value u i The (g, h) is a point on the set elliptic curve, r i And N is the column number of the two-dimensional table maintained by the directed graph structure ledger.
In formula (6), com i ' the ith commitment generated by the auxiliary commitment generation strategy 1 is adopted for a transaction initiator, and M is the transaction number in the account.
The traceback proof ZKc is used to verify the correctness of the PrevTID in the transaction, preventing the transaction initiator from maliciously creating a transaction with the wrong PrevTID to destroy the transaction graph. The traceback proof ZKc generates for each organization a commitment, a scope proof and an identifier s by the transaction initiator, the identifier s =1,s = -1 representing a non-transaction organization or transaction initiator if the organization is the transaction recipient. And generating a commitment comb for the identifier s, and then generating a retrospective certification for the comb, wherein the retrospective certification is actually a range certification and is used for judging whether the identifier s in the comb is larger than zero or not. And setting the initiator of the current transaction as m, after the auditor knows that the PrevTID of the current transaction is n through the account book, judging whether the organization is a transaction receiver or not by verifying the tracing proof of the tuple corresponding to m in the transaction n in order to verify the correctness of the transaction, so that the correctness of the tracing result can be judged.
The compliance certificate ZKd is used to prevent malicious organizations from adding data to the account, preventing other organizations from disclosing their commitments to the verifier. Consistency demonstrates that ZKd is expressed as follows:
for any organization k, 1) the random numbers asserted to form Com and Token are the same; 2) The random numbers used to form Com 'and Token' are asserted to be consistent, token 'being an audit Token generated to audit Com'.
And a tracing function TraceSource () in the intelligent contract module traces the source of the transaction by a recursive method. If the transaction identifier PrevTID in the account book is null, outputting the transaction identifier; otherwise, firstly reading the transaction corresponding to the PrevTID in the account, then verifying the tracing proof ZKc corresponding to the transaction receiver in the transaction, if the verification is correct, entering the recursion, and if the verification fails, tracing the source fails.
A judgment balance function computeSem () in the intelligent contract module, a transaction initiator passes an audit Token and a group of random numbers r 1 ,r 2 ,…,r n So that the formula (4) holds in conjunction with r 1 ,r 2 ,…,r n And judging whether the account book reaches balance or not by judging whether the formula (5) is established or not by the auditor, and verifying the balance to prove ZKa.
And calculating an asset function computeAsset () in the intelligent contract module, comparing a scope certificate generated by the auxiliary commitment generated in the asset certificate with zero, if the scope certificate is larger than or equal to zero, verifying the asset certificate ZKb correctly, and if the scope certificate is smaller than zero, indicating that no asset of the organization can be transferred.
And a verification function verityProofs () in the intelligent contract module is input into the transaction to be verified, the audit Token and the public ledger of all organizations. Verifying a balance certificate and an asset certificate by calling a judgment balance function and a calculation asset function for the transaction; transverse and longitudinal verification is completed, and then the tracing proof of a transaction receiver in the transaction corresponding to the PrevTID of the transaction is verified by a verification range proving method so as to verify the tracing correctness; the compliance certificate is verified by invoking a method for verifying the compliance certificate ZKd to the information of each organization in the transaction.
The audit traceable block chain privacy protection system and method construct the transaction graph by using the oriented graph structure book, realize the traceability of transaction data on the block chain, verify the traceable correctness of forward transaction generation proof verification, realize the traceable block chain transaction network and verify the traceability correctness.
According to the audit retrospective block chain privacy protection system and method, transaction data on the chain are encrypted, and the balance certificate, the retrospective certificate, the asset certificate and the consistency certificate are generated by using the zero-knowledge certificate based on the Pedersen promises, so that the fast and certifiable correct private data auditability is provided, the block chain method and system capable of publicly certificating and auditing are realized, and the privacy protection is facilitated.
The audit traceable block chain privacy protection system and method provided by the invention are based on the Hyperhedger Fabric open source framework for expansion, effectively inherit the Fabric characteristics, create plaintext transaction through a client and send the encrypted plaintext transaction to a block chain network, transact uplink through a consensus mechanism, and audit and trace the network through an intelligent contract module, so that the throughput of the system and the method thereof is guaranteed while the audit traceable is realized.
In some embodiments, certain aspects of the techniques described above may be implemented by one or more processors of a processing system executing software. The software includes one or more sets of executable instructions stored or otherwise tangibly embodied on a non-transitory computer-readable storage medium. The software may include instructions and certain data that, when executed by one or more processors, manipulate the one or more processors to perform one or more aspects of the techniques described above. The non-transitory computer-readable storage medium may include, for example, a magnetic or optical disk storage device, a solid state storage device such as flash memory, cache, random Access Memory (RAM), etc., or other non-volatile memory device. Executable instructions stored on a non-transitory computer-readable storage medium may be in source code, assembly language code, object code, or other instruction format that is interpreted or otherwise executed by one or more processors.
A computer-readable storage medium may include any storage medium or combination of storage media that is accessible by a computer system during use to provide instructions and/or data to the computer system. Such storage media may include, but is not limited to, optical media (e.g., compact Discs (CDs), digital Versatile Discs (DVDs), blu-ray discs), magnetic media (e.g., floppy disks, tape, or magnetic hard drives), volatile memory (e.g., random Access Memory (RAM) or cache), non-volatile memory (e.g., read Only Memory (ROM) or flash memory), or micro-electromechanical systems (MEMS) -based storage media. The computer-readable storage medium can be embedded in a computing system (e.g., system RAM or ROM), fixedly attached to a computing system (e.g., a magnetic hard drive), removably attached to a computing system (e.g., an optical disk or Universal Serial Bus (USB) based flash memory), or coupled to a computer system via a wired or wireless network (e.g., network Accessible Storage (NAS)).
Note that not all of the activities or elements in the general description above are required, that a portion of a particular activity or device may not be required, and that one or more further activities or included elements may be performed in addition to those described. Still further, the order in which activities are listed need not be the order in which they are performed. Moreover, these concepts have been described with reference to specific embodiments. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present disclosure as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present disclosure.
Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any feature(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential feature of any or all the claims in any or all respects. Moreover, the particular embodiments disclosed above are illustrative only, as the disclosed subject matter may be modified and practiced in different but equivalent manners apparent to those skilled in the art having the benefit of the teachings herein. No limitations are intended to the details of construction or design herein shown, other than as described in the claims below. It is therefore evident that the particular embodiments disclosed above may be altered or modified and all such variations are considered within the scope of the disclosed subject matter.
Claims (8)
1. The utility model provides a block chain privacy protection system that can audit and trace back which characterized in that, including digraph structure account book, customer end and intelligent contract module:
the directed graph structure ledger records transaction data, provides a forward transaction identifier for each transaction, and encrypts the transaction data in the directed graph structure ledger; and recording NIZK proofs generated for the transaction data, the NIZK proofs including balance proof ZKa, asset proof ZKb, retrospective proof ZKc, conformance proof ZKd;
the client, when serving as a transaction initiator, creates a plaintext transaction, generates transaction data and an NIZK certificate based on Pedersen promises, encrypts the transaction data and sends the encrypted transaction data to a block chain network, the encrypted transaction data is subjected to orderer node sequencing and commander node verification and then is subjected to uplink transaction to form a ciphertext transaction, a public account book is updated after verification through block chain broadcasting and a consensus mechanism, the client updates a maintained block chain account book copy, and the verification is realized by calling an intelligent contract in the intelligent contract module; when the intelligent contract is used as an auditor, the intelligent contract used for auditing and tracing in the intelligent contract module is called, and auditing and tracing are carried out on an account book with a directed graph structure in a block chain network;
the intelligent contract module receives the request of the client and executes a corresponding chain code function, wherein the chain code function comprises a source tracing function, a judgment balance function, a calculation asset function and a certification verification function; the tracing function is used for tracing a certain transaction, reading the transaction corresponding to the forward transaction identifier in the digraph structure ledger, and verifying a tracing certificate ZKc corresponding to a transaction receiver in the transaction; the judgment balance function is used for judging whether the total transaction fund yield is balanced so as to verify a balance certificate ZKa; the computing asset function is used for computing whether the sum of assets of a certain organization in all transactions is larger than zero so as to verify an asset certificate ZKb; the proof validation function is used to verify the correctness of all the NIZK proofs in the transaction.
2. An audit traceable blockchain privacy protection system according to claim 1, wherein the directed graph structure ledger maintains a two-dimensional table, rows represent transactions, columns represent all transactions of an organization, the directed graph structure is logically implemented by setting forward transaction identification attributes, and each node in the directed graph has a row of data to record all information of the transaction.
3. An auditable traceable blockchain privacy protection system according to claim 2, wherein auditability is achieved by an audit Token, generating formula, see formula (1);
the balance certification ZKa is used for verifying whether the total assets of each organization in each transaction are balanced, namely whether the formula (2) is met; the equilibrium proof ZKa takes advantage of the property of the Pedersen promised homomorphism, see equation (3), of the prover, by selecting a set of random numbers r 1 ,r 2 ,…,r n Such that the set of random numbers satisfies the formula (4) Is combined with r 1 ,r 2 ,…,r n The auditor judges whether the account book reaches balance through calculation, and the formula (5) is referred to;
in the formula (1), pk is a public key of the organization, r is a random number, h is a point on a set elliptic curve, and sk is a private key of the organization;
in the formula (2), u i The transaction amount of the ith organization is, and N is the column number of a two-dimensional table maintained by the directed graph structure book;
com in formula (3), formula (4) and formula (5) j To the generated pair value u i Pedersen commitment, (g, h) is a point on the set elliptic curve, r i And N is the column number of the two-dimensional table maintained by the directed graph structure ledger.
4. The system according to claim 1, wherein the proof of assets ZKb verifies whether any asset is transferred by calculating a sum of columns corresponding to each organization in a digraph structure ledger, and introducing a supplementary commitment com ', and performing a range proof verification on com' for verifying ZKb; the auxiliary commitment com' has two strategy options:
policy 1) commitment of value u;
policy 2) the sum of the commitments to each of the transaction values in the column corresponding to the organization;
if the client is the transaction initiator, com' is a commitment to the value u; and if formula (6) is satisfied, it indicates that there is an asset that can be traded; if the client is other organizations, com' selects any one of the two strategies;
in formula (6), com i ' the ith commitment generated by adopting the auxiliary commitment generation strategy 1 is adopted for a transaction initiator, and M is the number of transactions in the account.
5. An auditable traceback blockchain privacy protection system according to claim 1, wherein said traceback proof ZKc generates a commitment, a scope proof, and an identifier s for each organization by the transaction initiator, wherein if the organization is the transaction recipient then identifier s =1,s = -1 indicates a non-transaction organization or transaction initiator; generating a commitment comb for the identifier s, and generating a tracing certification for the comb to judge whether the identifier s in the comb is greater than zero; and setting the initiator of the current transaction as m, and after the auditor knows that the forward transaction identifier of the current transaction is n through the directed graph structure ledger, judging whether the organization is a transaction receiver or not through verifying the tracing proof of the tuple corresponding to m in the transaction n in order to verify the correctness of the forward transaction identifier.
6. An auditable traceable blockchain privacy protection system according to claim 3, wherein said proof of consistency ZKd is expressed as follows:
for any organization k, 1) the random numbers asserted to form Com and Token are the same; 2) The random numbers used to form Com 'and Token' are asserted to be consistent, token 'being an audit Token generated to audit Com'.
7. An auditable and traceable blockchain privacy protection method implemented by using the auditable and traceable blockchain privacy protection system according to any one of claims 1 to 6, comprising:
1) Transaction preprocessing: the method comprises the steps that a transaction initiator and a transaction receiver agree on a transaction amount, a client serving as the transaction initiator generates plaintext transaction data according to the transaction amount and then conducts encryption processing through an encryption algorithm to form ciphertext transaction, the transaction data comprise each tuple of N columns in an image structure book, each tuple comprises the transaction amount, a random number used for generating the commitment and a public key of an organization, after the transaction is generated, the generated transaction data are encrypted, and the encrypted transaction data are sent to an endorsement node;
2) And (3) simulation execution: after the endorsement node receives the encrypted transaction data, calling an intelligent contract to generate (Com, token, ZKa, ZKb, ZKc and ZKd) for each tuple, and adding the generated (Com, token, ZKa, ZKb, ZKc and ZKd) into a public ledger;
3) The executed result endorsement is returned to the client;
4) After receiving the back book, the client submits the results to an orderer node for sorting;
5) The node sorts the transactions from each organization and then packs them into blocks;
6) The orderer node transmits the packed block broadcast to the Committer node;
7) Verifying the signature and read-write set conflict of each transaction in the block by the Committer node, calling horizontal and longitudinal verification to verify the change of the public account book, and adding the transaction into the public account book if the verification is correct; the transverse verification is to verify whether the transaction meets the balance of the assets and the correctness of the transaction; the longitudinal verification is to verify whether each organization meets the asset certification and the consistency certification;
8) Sending a notification to each organization;
9) Each organization adds transactions to its own private ledger.
8. An auditable and traceable blockchain privacy protection method implemented by using the auditable and traceable blockchain privacy protection system according to any one of claims 1 to 6, comprising:
1) A client serving as an auditor reads transaction data needing auditing or tracing from the directed graph structure ledger book;
2) Performing transverse and longitudinal verification; the transverse verification is to verify whether the transaction meets the balance of the assets and the correctness of the transaction; the longitudinal verification is to verify whether each organization meets the asset certification and the consistency certification;
3) And auditing or tracing is performed by selecting a function of the intelligent contract.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310014907.2A CN115906183B (en) | 2023-01-06 | 2023-01-06 | Block chain privacy protection system and method capable of audit traceability |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310014907.2A CN115906183B (en) | 2023-01-06 | 2023-01-06 | Block chain privacy protection system and method capable of audit traceability |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115906183A true CN115906183A (en) | 2023-04-04 |
| CN115906183B CN115906183B (en) | 2023-05-26 |
Family
ID=85733637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310014907.2A Active CN115906183B (en) | 2023-01-06 | 2023-01-06 | Block chain privacy protection system and method capable of audit traceability |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115906183B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110765485A (en) * | 2019-10-21 | 2020-02-07 | 武汉大学 | Condition anonymous payment device based on NIZK |
| CN111563820A (en) * | 2020-05-08 | 2020-08-21 | 中国工商银行股份有限公司 | Intelligent contract parallel execution method and device |
| CN112990928A (en) * | 2021-05-10 | 2021-06-18 | 南开大学 | Monitorable anonymous legal digital currency issuing and circulating method |
| CN114625751A (en) * | 2022-02-25 | 2022-06-14 | 清华大学 | Data tracing query method and device based on block chain |
| CN115062334A (en) * | 2022-05-29 | 2022-09-16 | 北京理工大学 | Alliance chain privacy transaction method based on Pedersen commitment |
| CN115361145A (en) * | 2022-10-19 | 2022-11-18 | 北京理工大学 | Supervision-supporting alliance chain privacy protection method based on zero-knowledge proof |
| CN115564434A (en) * | 2022-09-23 | 2023-01-03 | 西南交通大学 | Block chain supervision privacy protection method based on zero knowledge proof |
-
2023
- 2023-01-06 CN CN202310014907.2A patent/CN115906183B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110765485A (en) * | 2019-10-21 | 2020-02-07 | 武汉大学 | Condition anonymous payment device based on NIZK |
| CN111563820A (en) * | 2020-05-08 | 2020-08-21 | 中国工商银行股份有限公司 | Intelligent contract parallel execution method and device |
| CN112990928A (en) * | 2021-05-10 | 2021-06-18 | 南开大学 | Monitorable anonymous legal digital currency issuing and circulating method |
| CN114625751A (en) * | 2022-02-25 | 2022-06-14 | 清华大学 | Data tracing query method and device based on block chain |
| CN115062334A (en) * | 2022-05-29 | 2022-09-16 | 北京理工大学 | Alliance chain privacy transaction method based on Pedersen commitment |
| CN115564434A (en) * | 2022-09-23 | 2023-01-03 | 西南交通大学 | Block chain supervision privacy protection method based on zero knowledge proof |
| CN115361145A (en) * | 2022-10-19 | 2022-11-18 | 北京理工大学 | Supervision-supporting alliance chain privacy protection method based on zero-knowledge proof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115906183B (en) | 2023-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Joshi et al. | A survey on security and privacy issues of blockchain technology. | |
| EP3776429B1 (en) | Method, apparatus and electronic device for blockchain transactions | |
| CN111095322B (en) | Real examples of digital goods | |
| CN109242675B (en) | Asset publishing method and device based on block chain and electronic equipment | |
| CN109314636B (en) | Cryptographic method and system for secure extraction of data from blockchains | |
| Aumayr et al. | Generalized channels from limited blockchain scripts and adaptor signatures | |
| WO2020082887A1 (en) | Block chain transaction method and apparatus | |
| US11334882B1 (en) | Data access management on a distributed ledger system | |
| US20200134624A1 (en) | Method, apparatus and electronic device for blockchain transactions | |
| CN110264192B (en) | Receipt storage method and node based on transaction type | |
| WO2019141984A1 (en) | Interaction between blockchains | |
| US11494345B2 (en) | System and method for blockchain based decentralized storage with dynamic data operations | |
| CN111159753A (en) | Block chain intelligent contract management method and system, storage medium and terminal | |
| CN115361145B (en) | Zero-knowledge-proof-based supervision-supporting alliance chain privacy protection method | |
| CN111291399A (en) | Data encryption method, system, computer system and computer readable storage medium | |
| CN115906183B (en) | Block chain privacy protection system and method capable of audit traceability | |
| Saramago et al. | A privacy-preserving and transparent certification system for digital credentials | |
| CN111383008B (en) | Block chain transfer method and device based on account model | |
| CN112598411A (en) | Retrievable privacy authorization transfer method, apparatus and storage medium | |
| Sathya et al. | Blockchain Technology: The trust-free systems | |
| Dai et al. | CRSA: a cryptocurrency recovery scheme based on hidden assistance relationships | |
| Kumar et al. | Blockchain technology and applications | |
| Kaur et al. | Technologies Behind Crypto-Based Decentralized Finance | |
| WO2022239647A1 (en) | Signing system, and signing method | |
| GT et al. | Report on Tools for Privacy-Preserving Applications on Ledgers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |