CN116094732A - Block chain consensus protocol privacy protection method and system based on rights and interests proving - Google Patents
Block chain consensus protocol privacy protection method and system based on rights and interests proving Download PDFInfo
- Publication number
- CN116094732A CN116094732A CN202310081709.8A CN202310081709A CN116094732A CN 116094732 A CN116094732 A CN 116094732A CN 202310081709 A CN202310081709 A CN 202310081709A CN 116094732 A CN116094732 A CN 116094732A
- Authority
- CN
- China
- Prior art keywords
- leader
- election
- user
- new block
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 91
- 230000008569 process Effects 0.000 claims abstract description 49
- 238000009826 distribution Methods 0.000 claims abstract description 26
- 230000006870 function Effects 0.000 claims description 71
- 238000005070 sampling Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 13
- 238000009827 uniform distribution Methods 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 230000007774 longterm Effects 0.000 abstract description 4
- 238000004364 calculation method Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a privacy protection method and a privacy protection system for a block chain consensus protocol based on rights and interests proving, wherein the privacy protection method comprises the following steps: receiving the stock right information of the user; in the election process of each round, receiving a random number and a random number promise value of the user participated in the election of the leader; adopting a leader election function, and carrying out election according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function; generating a new block for the user selected as the leader, and broadcasting the new block, the random number promise value of the current election process and the zero knowledge proof for proving the validity of the new block, so that other users verify the validity of the new block by verifying the zero knowledge proof. The frequency information of the user is protected by noise distribution, long-term benefits of the user are guaranteed to be matched with actual equity, the success probability of adversaries such as marking attacks to acquire the equity of the user through the frequency information is obviously reduced, and further protection of privacy of the equity of the user is achieved.
Description
Technical Field
The invention relates to the technical field of network space security, in particular to a block chain consensus protocol privacy protection method and system based on rights and interests proving.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
To address the efficiency and energy consumption issues of the work-proof-of-work-based blockchain consensus protocol (PoW), researchers have proposed a rights-proof-based blockchain consensus protocol (ProofofStake, poS). PoS performs blockchain expansion by employing a leader election process based on equity proof. In the process of selecting the leader of each round, the participating users are allowed to run the random leader selecting process, one user is selected as the leader according to the rights or equity distribution held by the users in the current blockchain ledger, and the success rate of selecting the user as the leader is linearly related to the equity proportion held by the user. The leader random election process is realized through a verifiable pseudo random function (VRF) to ensure fairness and randomness of the election process; however, the method cannot hide information such as identities, equity and the like of users participating in the election of the leader, and cannot guarantee the privacy of the users.
With the rapid development of blockchain technology, data privacy issues for PoS have been of interest, wherein Ganesh, orlandi and Tschudi et al propose an anonymous PoS protocol (see Ganesh, c., orlandi, c., tschudi, d., proof-of-stake protocols forprivacy-aware blockchain, in: advances in Cryptology-EUROCRYPT 2019) to protect sensitive information such as user equity, identity, transactions, etc. The VRF used by the Ouroboros Praos: an adaptive-secure, semi-synchronous proof-of-like block chain 2018) leader election process is replaced with An anonymous VRF function (AVRF), so that the disclosed stock right information can be replaced with a bearing value for the stock right, and the user can determine that there is a legal user who has been authenticated by AVRF and generated a legal block by verifying zero knowledge proof generated by the leader, and can guarantee the privacy of the user's stock right and personal information because the user (including adversary) does not know who is elected as the leader.
However, the modification scheme does not consider the problem of information leakage in the aspect of the network layer, and the adversary can trace the leader by observing the information in the network transmission channel through the mark attack, reconstruct the connection between the anonymous information and the corresponding user, so as to infer the share ratio of the observed user, thereby destroying the privacy requirement of the user.
The principle of the related attack method is that the frequency of the user selecting as a leader and proposing blocks in the protocol design is related to the share ratio of the user. Specifically, if the adversary observes the election process of the attacked user in a sufficient amount within a period of time, the frequency value t\n of the leader selected by the user can be obtained through the total number n of blocks generated by the system and the number t of blocks generated by the attacked user within the period of time, so that the leader election probability of the user and the corresponding actual stock weight stk can be approximately estimated, and the estimation accuracy rate can be increased along with the increase of the observation time (or n) according to the law of large numbers; however, the existing PoS privacy protection scheme cannot resist the mark attack under long delay, so that the user equity information is revealed.
Disclosure of Invention
Aiming at the problem of stock right privacy disclosure caused by marking attack in a block chain consensus protocol for rights and interests proving, the invention provides a block chain consensus protocol privacy protection method and system based on rights and interests proving, which adds noise values obeying specific distribution in a leader election function, so that frequency information of a user in a short period is protected by noise distribution, and meanwhile, long-term benefits of the user are ensured to be matched with actual stock rights of the user, success probability of adversaries such as marking attack to acquire the stock rights of the user through the frequency information is obviously reduced, and further protection of the stock right privacy of the user is realized.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the present invention provides a blockchain consensus protocol privacy protection method based on rights and interests proving, including:
receiving the stock right information of the user;
in the election process of each round, receiving a random number and a random number promise value of the user participated in the election of the leader;
adopting a leader election function, and carrying out election according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
generating a new block for the user selected as the leader, and broadcasting the new block, the random number promise value of the current election process and the zero knowledge proof for proving the validity of the new block, so that other users verify the validity of the new block by verifying the zero knowledge proof.
Alternatively, the noise value is a random value sampled in a uniform distribution, and the uniform distribution satisfies that the mathematical expectation is zero.
Alternatively, the equity information includes equity value and equity promise value held by the user, and the equity promise value and the corresponding user signature public key are published in the blockchain system in the form of a list.
As an alternative embodiment, if and only if during the election process
When the leader elects the function LE (q, stk) =1, then the user is elected to the leader at this time; otherwise, the leader elects function LE (q, stk) =0; wherein y is a random number in the election process of each round, z is an input value of a noise sampling function omega (z), stk is a stock weight held by a user, and like is a total stock weight.
As an alternative embodiment, the random number of the user participating in the leader election is q=y||z, y is the random number in each round of election process, z is the input value of the noise sampling function, and the input value of the noise sampling function is fixed in different rounds of election process in the same epoch.
As an alternative embodiment, a zero knowledge proof method of 1-out of-N is used to construct a zero knowledge proof that proves the validity of the new block.
As an alternative embodiment, verifiable noise values are generated by a circuit conversion method based on the AVRF function and the noise sampling function, and the noise values are added to the leader election function.
As an alternative implementation mode, after verifying that the new block is legal through zero knowledge proof, a leader adds the new block to a local block chain, and a non-leader user adds the new block to the local block chain through the longest chain rule, so that the block chain expansion is completed.
In a second aspect, the present invention provides a blockchain consensus protocol privacy protection system based on rights evidences, comprising:
the first receiving module is configured to receive the stock right information of the user;
the second receiving module is configured to receive a random number and a random number promise value of the user participated in the election of the leader in the election process of each round;
the election module is configured to adopt a leader election function, and to elect according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
and the verification module is configured to generate a new block for the user selected as the leader and broadcast the new block, the random number promised value of the current election process and the zero knowledge proof for proving the validity of the new block so that other users verify the validity of the new block by verifying the zero knowledge proof.
In a third aspect, the invention provides an electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method of the first aspect.
In a fourth aspect, the present invention provides a computer readable storage medium storing computer instructions which, when executed by a processor, perform the method of the first aspect.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a privacy protection method and a privacy protection system for a blockchain consensus protocol based on rights and interests demonstration, which are suitable for a scene with anonymous requirements, wherein a user participates in a leader election process added with noise distribution, if the user selects as a leader, a generated new block and zero knowledge demonstration for the new block are disclosed in an anonymous mode, and other people can only verify whether the generation of the new block is legal or not and cannot acquire identity information and share right information of the leader of the new block; compared with the existing PoS privacy protection scheme, the method for preventing the mark attack is added, so that the success rate of accurately acquiring user information by the adversary through statistics means and the like is effectively reduced under the condition that the adversary implements delay time with the same length, and the requirements of other properties in a blockchain system are not influenced.
The invention provides a blockchain consensus protocol privacy protection method and a blockchain consensus protocol privacy protection system based on rights and interests demonstration, which are characterized in that noise values obeying specific distribution are added in a leader election function, so that frequency information of a user in a short period is protected by noise distribution, long-term benefits of the user are ensured to be matched with actual equity of the user, success probability of the adversary obtaining the equity of the user through the frequency information such as marking attack is obviously reduced, the adversary is prevented from obtaining equity privacy information by using the marking attack, and further protection of the privacy of the equity of the user is realized.
Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
Fig. 1 is a flowchart of a block chain consensus protocol privacy protection method based on rights verification provided in embodiment 1 of the present invention;
fig. 2 is a block diagram of AVRF and verifiable noise sampling functions provided in embodiment 1 of the present invention.
Detailed Description
The invention is further described below with reference to the drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, unless the context clearly indicates otherwise, the singular forms also are intended to include the plural forms, and furthermore, it is to be understood that the terms "comprises" and "comprising" and any variations thereof are intended to cover non-exclusive inclusions, such as, for example, processes, methods, systems, products or devices that comprise a series of steps or units, are not necessarily limited to those steps or units that are expressly listed, but may include other steps or units that are not expressly listed or inherent to such processes, methods, products or devices.
Embodiments of the invention and features of the embodiments may be combined with each other without conflict.
Example 1
The purpose of this embodiment is to add noise values obeying specific distribution to the leader election process to resist the tagging attack based on Private Ouroboros Praos blockchain protocol proposed by Ganesh, orlandi and Tschudi in combination with the differential privacy technical idea, and in the leader election process, the equity information of the user is protected by the noise values, so that under the condition that the observed data frequency deviates from the equity value degree, the adversary can not help the adversary to correctly analyze the equity value held by the user in a certain time, thereby avoiding the disclosure of the equity privacy.
The following is the process of generating the election share right distribution by the original protocol; specifically, in the Private Ouroboros Praos blockchain protocol, the election process satisfies the following constraints:
(1) The time bus axis of operation is divided into epochs (called epochs) in each of which the share ratio of all users does not change. The equity distribution in the current Epoch is uniquely determined before the Epoch is not started, and meanwhile, equity change caused by transaction generated by the system in the current time does not influence equity distribution of the leader election process in the Epoch, and the influence of equity change is only reflected in equity distribution of the future Epoch.
(2) The beginning of each Epoch will have an creation block Genesis-block. During each Epoch initialization phase, the Genesis-block will record a commitment list L and a random seed (used to call the election function in the current Epoch) of all users holding equity and their corresponding equity proportions in the current Epoch.
(3) Only users recorded on the Genesis-block promise list L in the current Epoch can participate in the block out in the slot in the current Epoch. In each Epoch, the time is subdivided into a plurality of slots, and all users in each slot perform a leader election process, and a new block may be generated. The protocol specifies that only one legal chunk can be generated in a slot, and if no users in the slot win or because the network propagation problem does not broadcast chunks to other users within a specified time, no leader is considered to be generated in the slot.
As shown in fig. 1, the blockchain consensus protocol privacy protection method based on rights and interests proving provided in the present embodiment includes:
receiving the stock right information of the user;
in the election process of each round, receiving a random number and a random number promise value of the user participated in the election of the leader;
adopting a leader election function, and carrying out election according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
generating a new block for the user selected as the leader, and broadcasting the new block, the random number promise value of the current election process and the zero knowledge proof for proving the validity of the new block, so that other users verify the validity of the new block by verifying the zero knowledge proof.
The above method can be divided into an initialization phase, a leader election phase and a chain extension phase, which are described in detail below.
An initialization stage: after the number of election rounds is divided according to the time distribution, the following steps are executed:
(1) The user holds a digital signature algorithm sig= (SIG. Keygen, sign, SIG. Vrfy), selects a random number sk as a signature private key of the user, and generates a signature public key vk of the signature private key sk by calling the SIG. Keygen algorithm.
(2) The Pedersen commitment commitment mode is adopted to calculate commitment values Com (sk), com (vk) of the signature private key sk and the signature public key vk, and the initialization of the parameters of the digital signature algorithm is completed.
(3) Calculation of the equity promise value Com (stk, r) of the user equity value stk using Pedersen commitment promise mode i ) And sending to a blockchain system; wherein Com is a promise scheme, r i Random numbers required to run the commitment scheme Com.
(4) Instead of directly publishing each user and the share weights held by that user, the blockchain system lists the share weight promise values Com (stk, r) i ) And the corresponding signature public key vk is published, the list L contains the share right promise values of all users, and each user can inquire the share right promise values of all other users on the list L, but cannot learn the share right values of other users.
Leader election phase: to ensure that the probability p that the user chooses as the leader and the held stock weight stk maintain a linear relationship, the original leader election function is in the form of f (α) =1- (1-f) α When f is small enough, f (α) ≡αf; in each election process slot of the Epoch, leader election is executed according to the following flow, which specifically comprises the following steps:
(1) It is first verified whether the user participating in the leader election is the user holding the equity, and if it is a legitimate user, then in the subsequent steps the result generated by the user is received by the calculation verification.
(2) After verifying the identity of the legal participation leader election of the user, starting the election, and generating a random number q and a random number commitment value Com (q, r) for calculating the election of the participation leader by calling an AVRF function, wherein the output length of the AVRF is 2l, and r is a random number required by running the commitment scheme Com;
if the current election process is the first round of election of the Epoch, the random number generated by the AVRF is q=y|Z; for slots of other wheels, the random number is q=y i ||z,y i The z is the input value of a noise sampling function generated by the first slot in the current Epoch, and the nature is also a random number; at the same time prove pi through zero knowledge q Verifying the validity of the random number q.
It will be appreciated that generating the input value of the noise sampling function in the current Epoch in the first slot of each Epoch also means that the noise value of the user in each Epoch is fixed.
(3) The AVRF function is called to obtain a generated (q, r, com (q, r)), the random number q and the held stock weight stk are used as the input of a leader election function LE (), the output value of the leader election function LE (q, stk) is calculated, and whether a user selects the leader according to the output value of LE (q, stk);
specifically, the calculation of LE (q, stk) satisfies the following relationship: if and only if
When LE (q, stk) =1, otherwise LE (q, stk) =0;
if LE (q, stk) =1, the user selects the current election round number as the leader in the slot;
if LE (q, stk) =0, stop the step and wait for the end of the current slot to enter the election process of the next round.
Wherein, like is the total stock weight in the PoS system, ω (z) is a noise sampling function, z is input, a random value is obtained by sampling with probability distribution B as a noise value, and the probability distribution B satisfies mathematical expectation value E (B) as 0; for example, the noise value is a random number on a uniform distribution U (-0.3, 0.3).
In this embodiment, even if the adversary can establish a binding relationship between the equity information and the user through means such as "mark attack", on one hand, the probability of the user selecting as the leader is protected by the probability distribution B, so that the frequency of the user selecting as the leader is difficult to approach the probability value corresponding to the equity weight held by the user in a short period of time; on the other hand, because the mathematical expectation value of the probability distribution B is 0, the frequency of the user selecting as the leader is very close to the probability corresponding to the stock weight held by him under the long-term execution time of the protocol; thus, the user's (leader) share right information privacy is preserved while ensuring that the user's total benefits match their share rights.
(4) For a user selected as a leader, packing new legal transactions without uplink collected in the round of time into a new block m, and carrying out digital signature on the new block m once to obtain a corresponding signature value sigma;
meanwhile, generating zero knowledge proof pi according to the initialized and selected zero knowledge proof common reference string crs, and proving that the new block m is legal through the zero knowledge proof pi;
wherein the core ideas of the zero knowledge proof pi structure are zero knowledge proof of 1-out of-N and range zero knowledge proof; zero knowledge proves that pi functions to prove the correctness of the following assertion:
(a) The signature σ is legally generated for the new block m.
(b) The output value of the election function LE (q, stk) is 1.
(c) The input value q of the election function LE (q, stk) is generated by the current AVRF method.
(d) The input value stk of the election function LE (q, stk) is the legal equity held by the user.
(e) The new block m is legally generated by a certain user in the whole system.
(f) The public key used by signature sigma is legitimately generated by the user in a digital signature algorithm using a private key.
In addition, legal generation of noise values is contained in each statement of zero knowledge proof; by proving the assertions of (b) (c) (d) in pi with zero knowledge, it can be ensured that the input value of the noise sampling function is generated by the user using AVRF method, and the sampling output of the noise sampling function is legal in the calculation process of embedding the election function.
Finally, the leader in the slot broadcasts a ternary message group (m, com (q, r)) consisting of the new block m, a random number promise value Com (q, r) in the current election process and zero knowledge proof pi for proving the validity of the new block m to the blockchain system in an anonymous mode, so that other users verify the validity of the new block m by verifying the zero knowledge proof pi, and the expansion of the blockchain is completed; if the verification is passed, the new chunk m is added to the blockchain of the user's local storage.
In the embodiment, in order to ensure the anonymity of the leader information, in the process of expanding the blockchain, pi is verified to verify the legitimacy of the new block through verification zero knowledge proof; when the authentication is passed, a certain user p i Knowing that there is a user legal leader in the blockchain system that is selected as the current leader in the slot, the leader generates a legal block, but user p i It is not known who the user who is selected as the leader is, nor is it possible to obtain the user information of the new tile binding.
The core of the noise adding process in the block chain consensus protocol privacy protection method based on the rights and interests proving in this embodiment is to construct an AVRF function to complete generation of the election random number and design a verifiable noise sampling function, as shown in fig. 2, and the following describes the noise adding process in detail by adopting the AVRF function and the verifiable noise sampling function.
AVRF functions are implemented constructively using a 2-hash VRF function based on the DDH difficulty problem, with k=o (2 in one order 2l ) The design of AVRF functions is completed on group G, and the AVRF functions specifically include a function group (avrf.gen, update, AVRF.pro, VRF.ver) with the functions of:
(1) Avrf. Gen function: inputting a security parameter 2l, selecting a generator G on group G, and randomly selecting element k E Z k And outputs the public key pk= (g, g) as the private key μ )。
(2) Update function: inputting a public key pk= (g, g) μ ) Randomly selecting element r i ∈Z κ Outputting the updated public key
The Update function is used for updating the public key in the public-private key pair to prevent adversaries from breaking the concealment by the tracking of the public keyAnd (5) naming.
(3) Avrf. Pro function: input public key pk= (g, g) μ ) And information x, calculated μ=h (x), q=u k H (x) is a hash function; generating a zero knowledge proof pi AVR Proof that q meets assertion log u (q) =k, output (pk, q, pi AVR ) Wherein zero knowledge proves pi AVR Implementation is accomplished using algebraic structures.
(4) Avrf. Ver function: inputs are (x, q, pi) AVR ) Based on the input (x, q, pi AVR ) Proof of zero knowledge pi AVR If the result is correct, outputting a 1 bit if the result is correct represents that the verification is legal, otherwise outputting 0.
The user uses a private key k to call an AVRF function to generate a random number q=y||z, and simultaneously commits k, q, y, z to obtain Com (k), com (q), com (y), com (z) and discloses, and notice that the commits only mark a user identity; using z as the random number input to the noise sampling function ω (), ω (z) generates a random number that matches the distributed samples.
In practical design, the noise sampling function omega () and the AVRF function calculation process are jointly subjected to zero knowledge proof verification. The design can complete zero knowledge proof by using the design concept of MPC-in-the-head, and the AVRF and omega (), as a whole, is regarded as a circuit C, wherein the description and promise of the circuit C are disclosed, and the circuit C consists of an exclusive OR gate and an AND gate.
The user generates a zero knowledge proof assertion: presence (k, q, z) satisfies C (k, z) =ω (z) and Com (k), com (q), com (y), com (z) legal and q=y||z; the proof mainly realizes the following thought: firstly, a user locally calculates a secret (k, q, z) to be proved by the user, and simultaneously regards an AVRF.pro function and an omega ()' function as a circuit C, and completes verification of q and calling of omega (); splitting the input of the circuit C into n parts, simulating multiparty security calculation of n-party participants, and promiseing the view of the n-party by a user; during the verification phase, other users can initiate challenges to open part of the view and verify whether the result is correct; if correct, other users believe this is a legal noise-generating calculation process and complete the generation of the entire zero-knowledge proof for the new block by concatenating other zero-knowledge, while here the Fiat-Shamir conversion can be used to convert the zero-knowledge proof to non-interactive.
Verifying the validity of the new block m by verifying zero knowledge proof pi, and entering a chain extension stage if verification is passed; the method specifically comprises the following steps:
(1) The user who is selected as the leader adds the generated new section m to the backbone C in which it is stored.
(2) At the end stage of each slot, all non-leader users in the network observe whether information of a new block is released or not in the network; if the unreceived information group (m, com (q, r), pi) exists, the user who receives the information group verifies zero knowledge to prove the correctness of pi; if the zero knowledge proves that pi passes the verification, the new block m is considered to be a legal block generated by a legal leader; all users receiving the information group will add the new block m to their own local block chain by the longest chain rule, thus completing the expansion stage of the block chain in the current slot.
(3) If no leader in the slot is elected, all users keep the state of the blockchain in their own view unchanged.
The blockchain consensus protocol privacy protection method based on the rights and interests proving is suitable for a scene with anonymous requirements, for example, in the process of anonymously electing a leader, all members in a system participate in the leader election process added with noise distribution, if a user selects the leader, a generated new block and zero knowledge proving for the new block are disclosed into a network in an anonymously mode, and when other people receive the new block in a blockchain network environment, whether the generation of the new block is legal or not can only be verified, but the identity information and the share right information of the leader of the new block can not be obtained; compared with the existing PoS privacy protection scheme, the method for preventing the mark attack is added in the scheme, and under the condition that the adversary implements delay time with the same length, the success rate of accurately acquiring user information by the adversary through statistics means and the like can be effectively reduced, and the requirements of other properties in the blockchain system are not affected. For example, if the upper limit of the estimated error is set to 10% by observing, and the noise value distribution is uniformly distributed (B-U (-0.3, 0.3)), the success probability of the adversary in carrying out the mark attack to obtain the user's stock right under long delay can be reduced from 61% to 34%, and the requirement of other security properties of the whole blockchain consensus protocol is not violated.
Example 2
The embodiment provides a blockchain consensus protocol privacy protection system based on rights and interests proving, which comprises:
the first receiving module is configured to receive the stock right information of the user;
the second receiving module is configured to receive a random number and a random number promise value of the user participated in the election of the leader in the election process of each round;
the election module is configured to adopt a leader election function, and to elect according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
and the verification module is configured to generate a new block for the user selected as the leader and broadcast the new block, the random number promised value of the current election process and the zero knowledge proof for proving the validity of the new block so that other users verify the validity of the new block by verifying the zero knowledge proof.
It should be noted that the above modules correspond to the steps described in embodiment 1, and the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to those disclosed in embodiment 1. It should be noted that the modules described above may be implemented as part of a system in a computer system, such as a set of computer-executable instructions.
In further embodiments, there is also provided:
an electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method described in embodiment 1. For brevity, the description is omitted here.
It should be understood that in this embodiment, the processor may be a central processing unit CPU, and the processor may also be other general purpose processors, digital signal processors DSP, application specific integrated circuits ASIC, off-the-shelf programmable gate array FPGA or other programmable logic device, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include read only memory and random access memory and provide instructions and data to the processor, and a portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type.
A computer readable storage medium storing computer instructions which, when executed by a processor, perform the method described in embodiment 1.
The method in embodiment 1 may be directly embodied as a hardware processor executing or executed with a combination of hardware and software modules in the processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method. To avoid repetition, a detailed description is not provided herein.
Those of ordinary skill in the art will appreciate that the elements of the various examples described in connection with the present embodiments, i.e., the algorithm steps, can be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.
Claims (10)
1. The block chain consensus protocol privacy protection method based on rights and interests proving is characterized by comprising the following steps:
receiving the stock right information of the user;
in the election process of each round, receiving a random number and a random number promise value of the user participated in the election of the leader;
adopting a leader election function, and carrying out election according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
generating a new block for the user selected as the leader, and broadcasting the new block, the random number promise value of the current election process and the zero knowledge proof for proving the validity of the new block, so that other users verify the validity of the new block by verifying the zero knowledge proof.
2. The method for protecting privacy of a blockchain consensus protocol based on claim 1, wherein the noise value is a random value sampled in a uniform distribution, the uniform distribution satisfying a mathematical expectation of zero.
3. The privacy protection method of claim 1, wherein the equity information includes equity and equity promise values held by users, and the equity promise values and corresponding user signature public keys are published in the blockchain system in the form of a list.
4. The method for protecting privacy of blockchain consensus protocol based on rights evidence as in claim 1, wherein if and only if during election
At this point, the leader election function IE (q, stk) =1, at which point the user isSelecting a leader; otherwise, the leader elects function LE (q, stk) =0; wherein y is a random number in the election process of each round, z is an input value of a noise sampling function omega (z), stk is a stock weight held by a user, and like is a total stock weight.
5. The privacy protection method of blockchain consensus protocol based on rights and interests proving as set forth in claim 1, wherein the random number of the user's participation in the leader election is q=y||z, y is the random number in each round of election process, z is the input value of the noise sampling function, and the input value of the noise sampling function is fixed in different rounds of election process in the same epoch.
6. The blockchain consensus protocol privacy protection method based on claim 1, wherein,
constructing a zero knowledge proof for proving the validity of the new block by adopting a zero knowledge proof method of 1-out of-N;
a verifiable noise value is generated by a circuit conversion method based on the AVRF function and the noise sampling function, and the noise value is added to the leader election function.
7. The method for protecting privacy of a blockchain consensus protocol based on claim 1, wherein after verifying that a new blockblock is legal through zero knowledge proof, a leader adds the new blockblock to a local blockchain, and a non-leader user adds the new blockblock to the local blockchain through longest chain law, thereby completing blockchain expansion.
8. A blockchain consensus protocol privacy protection system based on rights evidences, comprising:
the first receiving module is configured to receive the stock right information of the user;
the second receiving module is configured to receive a random number and a random number promise value of the user participated in the election of the leader in the election process of each round;
the election module is configured to adopt a leader election function, and to elect according to random numbers and stock right information of users participating in leader election, wherein noise values obeying specific distribution are added in the leader election function;
and the verification module is configured to generate a new block for the user selected as the leader and broadcast the new block, the random number promised value of the current election process and the zero knowledge proof for proving the validity of the new block so that other users verify the validity of the new block by verifying the zero knowledge proof.
9. An electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method of any one of claims 1-7.
10. A computer readable storage medium storing computer instructions which, when executed by a processor, perform the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310081709.8A CN116094732A (en) | 2023-01-30 | 2023-01-30 | Block chain consensus protocol privacy protection method and system based on rights and interests proving |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310081709.8A CN116094732A (en) | 2023-01-30 | 2023-01-30 | Block chain consensus protocol privacy protection method and system based on rights and interests proving |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116094732A true CN116094732A (en) | 2023-05-09 |
Family
ID=86211802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310081709.8A Pending CN116094732A (en) | 2023-01-30 | 2023-01-30 | Block chain consensus protocol privacy protection method and system based on rights and interests proving |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116094732A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102090723B1 (en) * | 2019-12-12 | 2020-03-18 | 주식회사 립페이 | Method for providing blockchain based bicameralism consensus service using quantum random function mechanism |
| CN111770073A (en) * | 2020-06-23 | 2020-10-13 | 重庆邮电大学 | Block chain technology-based fog network unloading decision and resource allocation method |
| CN111915294A (en) * | 2020-06-03 | 2020-11-10 | 东南大学 | Safety, privacy protection and tradable distributed machine learning framework based on block chain technology |
| US11062280B1 (en) * | 2020-01-14 | 2021-07-13 | Hiro Systems Pbc | Network consensus-based data processing |
| CN115134161A (en) * | 2022-07-11 | 2022-09-30 | 西安理工大学 | Defense method for resisting tenure forgery based on Raft consensus algorithm |
-
2023
- 2023-01-30 CN CN202310081709.8A patent/CN116094732A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102090723B1 (en) * | 2019-12-12 | 2020-03-18 | 주식회사 립페이 | Method for providing blockchain based bicameralism consensus service using quantum random function mechanism |
| US11062280B1 (en) * | 2020-01-14 | 2021-07-13 | Hiro Systems Pbc | Network consensus-based data processing |
| CN111915294A (en) * | 2020-06-03 | 2020-11-10 | 东南大学 | Safety, privacy protection and tradable distributed machine learning framework based on block chain technology |
| CN111770073A (en) * | 2020-06-23 | 2020-10-13 | 重庆邮电大学 | Block chain technology-based fog network unloading decision and resource allocation method |
| CN115134161A (en) * | 2022-07-11 | 2022-09-30 | 西安理工大学 | Defense method for resisting tenure forgery based on Raft consensus algorithm |
Non-Patent Citations (2)
| Title |
|---|
| CHAYA GANESH ET AL.: "Proof-of-Stake Protocols for Privacy-Aware Blockchains", ADVANCES IN CRYPTOLOGY – EUROCRYPT 2019, 18 April 2019 (2019-04-18) * |
| 夏清;张凤军;左春;: "加密数字货币系统共识机制综述", 计算机系统应用, no. 04, 15 April 2017 (2017-04-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109120398B (en) | Secret sharing method and device based on block chain system | |
| CN109523683B (en) | Anonymous electronic voting method based on block chain technology | |
| Juels et al. | Coercion-resistant electronic elections | |
| CN109842606A (en) | Block chain common recognition algorithm and system based on consistency hash algorithm | |
| EP2081143A1 (en) | Method and system for mediated secure computation | |
| Ma et al. | Redactable blockchain in decentralized setting | |
| CN112199736B (en) | Ordered multi-signature method based on block chain | |
| Diamond | Many-out-of-many proofs and applications to anonymous zether | |
| Li et al. | Efficient message authentication with revocation transparency using blockchain for vehicular networks | |
| JP2022538697A (en) | Distributed network with blind identities | |
| CN116187471A (en) | Identity anonymity and accountability privacy protection federal learning method based on blockchain | |
| Choi et al. | Bicorn: An optimistically efficient distributed randomness beacon | |
| Zhu et al. | New instant confirmation mechanism based on interactive incontestable signature in consortium blockchain | |
| Braeken et al. | ECQV-IBI: Identity-based identification with implicit certification | |
| Montenegro et al. | Secure sealed-bid online auctions using discreet cryptographic proofs | |
| Li et al. | AvecVoting: Anonymous and verifiable E-voting with untrustworthy counters on blockchain | |
| Carbunar et al. | Private badges for geosocial networks | |
| Dupin et al. | Location-proof system based on secure multi-party computations | |
| Sakho et al. | Privacy protection issues in blockchain technology | |
| CN116094732A (en) | Block chain consensus protocol privacy protection method and system based on rights and interests proving | |
| Wang et al. | Consensus algorithm based on verifiable randomness | |
| Osmanoğlu et al. | Privacy in blockchain systems | |
| CN112422294B (en) | Anonymous voting method and device based on ring signature, electronic equipment and storage medium | |
| CN113486368A (en) | Input data credibility verification method and device based on block chain technology | |
| Peng | Efficient VSS free of computational assumption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |