CN116862630A - Transaction method capable of being verified through bidirectional anonymity disclosure - Google Patents

Transaction method capable of being verified through bidirectional anonymity disclosure Download PDF

Info

Publication number
CN116862630A
CN116862630A CN202310748123.2A CN202310748123A CN116862630A CN 116862630 A CN116862630 A CN 116862630A CN 202310748123 A CN202310748123 A CN 202310748123A CN 116862630 A CN116862630 A CN 116862630A
Authority
CN
China
Prior art keywords
bid
auction
ring signature
bidding
proof
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310748123.2A
Other languages
Chinese (zh)
Inventor
黄可
刘星宇
袁晟
王珂
胡嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202310748123.2A priority Critical patent/CN116862630A/en
Publication of CN116862630A publication Critical patent/CN116862630A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/08Auctions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a transaction method capable of being verified by bidirectional anonymity, which realizes the effect of no divergence of user bidding by adopting a bidirectional authentication mode based on buyers and auctioneers by means of a public key cryptography technology based on chameleon hash and ring signature. The ring signature is used for authenticating bidding information, so that anonymity of the user identity in the transaction process is realized. The anonymous cryptocurrency is used, so that double anonymity of the transaction amount and the identity of the user is realized. In order to ensure the transparency of bidding, the effect of disclosure and verifiability of bidding results is realized by means of an electronic bulletin board, a chameleon hash and a verification algorithm of ring signatures. Any person can verify the bidding information confirmed by both parties in the disclosure stage after the auction is finished, and the highest bidder is obtained, so that the transparency of the bidding result is realized. The application provides the effects of no divergence and transparency of auction results and anonymity of transactions and identities of users, and belongs to the field of network security.

Description

Transaction method capable of being verified through bidirectional anonymity disclosure
Technical Field
The application belongs to the field of network space security, and particularly relates to a two-way anonymous disclosure verifiable auction protocol.
Background
Electronic auction services are an important component of electronic commerce. The electronic auction is based on internet service, brings convenience and rapidness to users of remote auction business, and is not limited by auction time and place. However, the electronic auction protocol also faces problems such as difficulties in user divergence. In the execution of an electronic auction protocol, malicious users may deceive an auctioneer or other user by forging bid information. In addition, auctioneers may also be bribed by malicious users and help to handle and profit from the entire bidding process.
Transparency of the electronic auction protocol becomes particularly important in order to ensure fairness of the bidding process. Furthermore, with increasing importance of users for personal privacy, users are increasingly inclined to select auction services in which identity information is kept secret. The user's requirement for identity anonymity also contradicts the transparency requirements of the electronic auction protocol. This means that the auction protocol needs to carefully hide the association between the user identity and the bid information. Thus, it is a challenge to achieve both transparency of bid results and privacy of user identity.
Disclosure of Invention
The technical problem to be solved by the application is to provide a transaction realization method which can realize public and transparent bidding and fully ensure the identity privacy of a user.
The technical scheme adopted by the application for solving the technical problems is that the transaction method capable of being verified is disclosed in a two-way anonymity mode, and comprises the following steps:
initializing a system: a system administrator executes an initialization algorithm to generate system parameters, and a certificate center issues corresponding public and private key pairs for all buyer terminals and auction platforms;
registration: after receiving auction commission of sellers on the beats, the auction platform sets a reserve price for the beats and opens the beats; the buyer terminal transfers anonymous encryption currency corresponding to the reserve price to the auction platform, generates a proof of the first bid and sends the proof to the auction platform;
auction phase: the buyer terminal bids and generates corresponding bidding evidences to be sent to the auction platform; after the auction platform receives the bid evidence, recording and advertising corresponding bid time information;
and (3) a confirmation stage: the auction platform receives the bid evidence of each buyer terminal, verifies the bid evidence according to the bid time information, and generates the confirmed bid evidence according to the confirmed bid time information when the verification is passed;
the disclosure stage: after the auction is finished, the auction platform announces the latest confirmed bid proof of each buyer terminal; any user of the system can obtain bidding results through the bid evidence after the notice confirmation and the bidding time information; the auction platform sends the electronic access rights for the beat to the highest bidding buyer terminal.
The application realizes the no-divergence effect of the user bidding by adopting a bidirectional authentication mode based on buyers and auctioneers. The ring signature is used for authenticating bidding information, so that anonymity of transaction identities of users is realized.
Further, the two-way authentication is realized by means of the public key cryptography of chameleon hash and ring signature. The ring signature is used for authenticating bidding information, so that anonymity of transaction identities of users is realized. In order to ensure no divergence of bidding results, the effect of disclosure verifiable bidding results is realized by means of the advertisement of the auction platform, the chameleon hash and the verification algorithm of the ring signature. The method comprises the following steps:
when the system is initialized, the specific mode of executing an initialization algorithm by a system administrator to generate system parameters is as follows:
on the one hand, a system administrator obtains prime numbers based on the security parameters; constructing a first multiplication cycle group and a second multiplication cycle group based on the prime numbers; then, generating elements are obtained based on the first multiplication cyclic group and the second multiplication cyclic group, and symmetrical bilinear pairs are constructed; on the other hand, a hash function to be used is selected.
In the registration stage, the specific modes of transferring anonymous encrypted currency corresponding to the reserve price to the auction platform by the buyer terminal, generating a proof of first bidding and sending the proof to the auction platform are as follows: after the buyer terminal transfers anonymous encrypted money corresponding to the reserve price to the auction platform, calculating a first class commitment based on the generator, bilinear pair, hash function, time of first bidding and public key of a group of users, and calculating a first class ring signature based on hash function, private key and first class commitment; the buyer terminal base generates a meta, bilinear pair, hash function and calculates second class commitment at the time of first bidding; then calculating a second class ring signature based on the hash function, the private key and the second class promise; finally, based on the first class ring signature and the second class promise, establishing a proof of the first bid, sending the proof of the first bid to an auction platform as a basis for registration, and managing the anonymous encryption currency until the auction is finished by the auction platform.
In the auction stage, the buyer terminal calculates the chameleon random number based on the time of the first bid, the time of the current bid and the private key, so as to obtain a new first-class ring signature, and the new first-class ring signature and a second-class ring signature in the proof of the first bid form a bid proof.
In the confirmation stage, the auction platform receives the bid certificates of all buyer terminals, firstly verifies the validity of the first type ring signature and the second type ring signature in the bid certificates according to the recorded time information, and obtains a new second type ring signature by utilizing the confirmed bid time information after verification, and the first type ring signature and the new second type ring signature in the bid certificates form the confirmed bid certificates.
In the public phase, any user of the system can verify the validity of the first type ring signature and the second type ring signature in the bid evidence through public keys and advertisement bid time information, and the highest bid is obtained from the confirmed bid evidence through verification of all validity, so that a bid result is obtained.
The beneficial effects of the application are as follows:
(1) The effect of no divergence of buyer terminals on behalf of buyers from auction platforms on behalf of auctioneers with respect to bid results: all bid information is bi-directionally validated by buyers and auctioneers, with the validation resulting proof information being publicly verifiable. Due to the adoption of a public key cryptography technology based on chameleon and ring signature, a malicious attacker is difficult to forge corresponding bid proving information.
(2) Transparency of auction results: the bid time information of all users is recorded on the electronic bulletin board all the way, transparent and queriable for all the people. The proof of all bids is publicly verifiable during the disclosure phase, and anyone can calculate and verify from all bid proofs and get the highest bidder.
(3) Identity anonymity of buyers, sellers and auctioneers: as the ring signature is adopted to confuse public key information of all buyers, anonymity of identity information of the buyers in the auction process is ensured. The anonymity of the buyer, seller and auctioneer during the transaction is ensured by the designation of anonymous cryptocurrency to transfer the funds of the transaction.
Drawings
FIG. 1 is a block diagram of the present application;
FIG. 2A flow chart of the present application
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
The application relates to a two-way anonymous disclosure verifiable auction protocol, in particular to a system initialization, registration stage, auction stage, confirmation stage and disclosure stage. The buyer terminal is referred to in embodiments as a buyer and the auction platform is referred to as an auctioneer. The advertising of the auction platform is accomplished through an electronic bulletin board. The embodiment realizes the no-divergence effect of the user bidding by adopting a bidirectional authentication mode based on buyers and auctioneers by means of a public key cryptography technology based on chameleon hash and ring signature. The ring signature is used for authenticating bidding information, so that anonymity of transaction identities of users is realized. Anonymity of the user transaction amount is achieved using anonymous cryptocurrency. In order to ensure the transparent effect of the bidding result, the public verifiability of the bidding result is realized by means of an electronic bulletin board, a chameleon hash and a verification algorithm of a ring signature. Any person can verify the bidding information confirmed by both parties in the disclosure stage after the auction is finished, and the highest bidder is obtained, so that the transparency of the bidding result is realized.
The application provides no divergence and transparency of auction results and anonymity of transactions and identities of users, and belongs to the field of network security.
As shown in fig. 1, the two-way anonymizing discloses a verifiable transaction process comprising the steps of:
s1, initializing a system: the system administrator executes an initialization algorithm to generate system parameters, and the certificate center issues public and private key pairs for each buyer and auctioneer.
S2, registration: the seller entrusts the auctioneer with an electronic auction in which the auctioneer places a reserve price for the item to be auctioned, and at this stage, each buyer to be involved transfers anonymous cryptocurrency corresponding to the reserve price to the auctioneer, generates a proof of the first bid and presents to the auctioneer.
S3, auction stage: the buyer bids at this stage and generates corresponding proof of bidding, and all time information corresponding to the bidding will be recorded on the electronic bulletin board. At the end of this phase, each buyer sends a final bid proof to the auctioneer.
S4, a confirmation stage: based on the received bid evidence for each user, the auctioneer verifies the bid evidence based on the bid time recorded on the electronic bulletin board and generates a confirmed bid evidence.
S5, a disclosure stage: the buyer discloses the bid proof generated in stage c and the auctioneer discloses the confirmed bid proof generated in stage d. The electronic bulletin board discloses all time nodes corresponding to the bid proofs. Based on the above information, any user can verify the validity of the bid proof and the confirmed bid proof to obtain a bid result.
The step S1 comprises the following steps:
s1.1, a system administrator obtains prime numbers based on safety parameters;
s1.2, constructing a first multiplication loop group and a second multiplication loop group by a system administrator based on the prime numbers;
s1.3, a system administrator obtains a generator based on the first multiplication cycle group and the second multiplication cycle group;
s1.4, a system administrator constructs symmetrical bilinear pairs based on the two first multiplication loop groups and the second multiplication loop groups;
s1.5, a system administrator selects two hash functions;
s1.6, the certificate center issues public and private key pairs for each buyer and auctioneer.
The step S2 comprises the following steps:
s2.1, a seller entrusts an auctioneer to conduct open electronic auction on an article;
s2.2, setting a reserve price for the object to be auctioned by the auctioneer;
s2.3, each buyer to be participated in transfers anonymous encryption currency corresponding to the reserve price to the auction;
s2.4, calculating a first type commitment by the buyer based on the time of the first bid and a public key of a group of users;
s2.5, the buyer calculates a first type ring signature based on the private key and the first type promise;
s2.6, calculating a second class commitment by the buyer based on the time of the first bid;
s2.7, the buyer calculates a first type ring signature based on the private key and the second type promise;
s2.8, the buyer builds the proof of the first bid based on the first type ring signature and the second type ring signature, and sends the proof of the first bid to the auctioneer as the basis of registration, and the auctioneer keeps the funds until the auction is finished.
The step S3 comprises the following steps:
s3.1, calculating a new first-class ring signature by a buyer based on the time of the first bid, the bid time and a private key, and constructing a bid proof;
and S3.2, repeating the step 3.1 until the auction period is ended. The buyer sends the final bid proof to the auction for further confirmation.
The step S4 comprises the following steps:
s4.1, based on the received bid evidence, the auctioneer firstly verifies the validity of a first part of the bid evidence, namely a first type ring signature, according to the bid time recorded on the electronic bulletin board;
s4.2, based on the received bid evidence, the auctioneer further verifies and verifies the validity of a second part of the bid evidence, namely a second class ring signature according to the bid time recorded on the electronic bulletin board;
s4.3, collecting all current effective bid certificates by the auctioneer, and respectively calculating confirmed bid certificates based on the private key and the bid time recorded on the electronic bulletin board.
The step S5 comprises the following steps:
s5.1, the buyer discloses the bidding certificate generated in the stage c;
s5.2, the auctioneer discloses the confirmed bid evidence generated in the stage d;
s5.3, anyone can respectively verify the validity of the first part and the second part of the certificate based on the confirmed bid certificate, the public key and the bid time recorded on the electronic bulletin board;
s5.4. anyone can derive the highest bid from all valid bid proofs, the process is transparent and publicly verifiable. The auctioneer sends the highest bidder electronic access rights to the bid item.
Referring to fig. 1 and 2, the present application is embodied as follows:
a System initialization
The system administrator executes an initialization algorithm to generate system parameters, and the certificate center issues public and private key pairs for each buyer and auctioneer. The method comprises the following steps:
a system administrator selects a prime number according to the security parameter lambdaq, set G and G T The distribution is two multiplicative cyclic groups of order p, G being groups G and G T Is a generator of (1). Selecting a symmetrical bilinear pairG×G→G T I.e. +.>Mapping two elements on group G to group G T Is a single element of the group.
The system administrator selects two hash functions H 1 And H 2 The H is 1 Defining a mapping as: h 1 :{0,1} * G, H 1 A 0,1 string of arbitrary length is mapped to an element on a group G, where group G refers to the order q group generated by generator G. The H is 2 Defining a mapping as: h 2 :{0,1} * →Z q I.e. H 2 Mapping 0,1 character string of arbitrary length to Z q Element above, where Z q Refers to the q-th order integer group, i.e. Z q ={0,1,…,q-1}。
For each buyer i, the certificate authority is responsible for randomly selecting group Z q An element x on i ∈Z q As the buyer's private key, calculate the buyer's public keyCertificate authorities pair public and private key pairs (y i ,x i ) Secure issuance to buyer i. Similarly, certificate authority randomly selects group Z q An element x on AM ∈Z q As the private key of the auctioneer, the public key of the auctioneer is calculatedThe certificate authority will store the public and private key pair (y) AM ,x AM ) The secure issuance to the auctioneer AM.
b registration phase
The seller entrusts the auctioneer with an open electronic auction for an item. At this stage, the auctioneer sets a reserve price for the item to be auctioned, each buyer to be involved transfers anonymous cryptocurrency corresponding to the reserve price to the auctioneer, and presents a proof of the first bid to the auctioneer. The method comprises the following steps:
assuming N buyers, the public and private keys are respectivelyLet buyer pi E [1, N ]]At time t π Anonymous encryption currency corresponding to the reserve price is transferred to the auctioneer, and the public and private key pair of the user pi is +.>N represents all possible buyers in the system and are not necessarily involved in bidding. Pi is an identifier used to represent the identity of the actual signer.
The user pi is randomly from { y } 1 ,…,y N Selecting n public keys to form an end-to-end ring: l= { y 1 ,…,y n -public key y of user pi π E L is hidden at a certain node on the ring. For each buyer i E [1, n ]]Selecting a specific identifier CID i ∈{0,1} * Calculating a hash value e i =H 2 (CID i ) Generating intermediate valuesN>n, n is a value that the user chooses at his own discretion to disturb the actual identity of the signer. Randomly selected group Z q A random element a on i ∈Z q And calculates the random number +.>First promise element value->Weighing scalePromise for a first class;
buyer pi uses private key x π For the first kindPromise of promiseThe ring signature is calculated as follows: calculating a hash value h 0 =H 1 (L) and signature value->Next, group Z is randomly selected q The two elements u, v E Z q And calculates a hash valueFor each i=pi+1, …, n,1, …, pi-1, user pi randomly selects group Z q Last random element beta i ∈Z q And calculates the hash value +.> Calculating the intermediate value a π =u-x π s π mod q and intermediate value beta π =v-x π s π mod q. Constructing a first type ring signature: />
Calculating a hash value k 0 =H 2 (t π ) For each i.epsilon.1, n]Selecting a specific identifier CID i ∈{0,1} * Calculating a hash value e i =H 2 (CID i ) Generating intermediate valuesAnd calculates a random numberSecond promise element value->Weighing scalePromise for the second class;
buyer pi uses private key x π Promise of the second classThe ring signature is calculated as follows: calculating a hash value h 0 =H 1 (L) and signature value->Next, group Z is randomly selected q The two elements u, v E Z q And calculates a hash valueFor each i=pi+1, …, n,1, …, pi-1, user pi randomly selects group Z q The last element beta i ∈Z q And calculates the hash value +.>Calculation of a π =u-x π s π mod q and beta π =v-x π s π mod q. Calculating chameleon random number +.>Construction of second class ring signatures
Based on the first class ring signature and the second class ring signature, establishing a proof of the first bid: proof prf of first bid by buyer to auctioneer 1st As a basis for registration. The auctioneer holds the first bid funds until the auction ends.
c auction stage:
the buyers compete for bids at this stage and generate corresponding proof of bids, all time information corresponding to the bids will be recorded on the electronic bulletin board. At the end of this phase, each buyer sends the latest bid proof to the auctioneer. Assuming buyer pi is a registered user, he generates a bid proof by performing the following steps:
suppose buyer pi is at time point t π Give a bid, here let t π Time for first bid, t π For bidding time, i.e. t π >t π Is provided withA ring signature of a first type. For each i.epsilon.1, n]The buyer uses the private key x π Calculating new chameleon random number +.> Here e i =H 2 (CID i ). Constructing a new first type ring signature: />Second class ring signature->Remain unchanged. Building and obtaining bidding evidences: />
Repeating the above steps until the auction period is over, setting prf last To finally obtain bid evidence, the buyer will prf last And sent to the auctioneer as the final bid proof.
d, confirmation phase:
based on the received bid evidence for each user, the auctioneer verifies the bid evidence based on the bid time recorded on the electronic bulletin board and generates a confirmed bid evidence:
suppose buyer i is at t i The final bid at the moment is proved to beLet t be i For the moment before the end of the auction, the auctioneer performs the following steps to verify the bid proof +.>Is effective in (3):
based on the first part of bid proofs: sigma (sigma) L (t i ) For each i.epsilon.1, n]Calculating an intermediate valueJudging whether the equations are all satisfied: />If the equations are all established, the first class promise is valid, and the method continues; otherwise, the verification fails. Calculating a hash value h 0 =H 1 (L) and signature valueFor each i=pi+1, …, n,1, …, pi-1, the intermediate value +.>And intermediate valueFor any i+.n, calculate hash value +.> Judging hash valueWhether or not it is. If so, the first class ring signature is valid, and the process is continued; otherwise, the verification fails;
based on the second part of bid proofs:let the registration time of user i be t i Calculating an intermediate valueFor each i.epsilon.1, n]Judging whether the equations are all true: /> If the equations are all true, the second class promise is valid, and the process is continued; otherwise, the verification fails. Further, a hash value h is calculated 0 =H 1 (L) for each i=pi+1, …, n,1, …, pi-1, calculating an intermediate valueAnd intermediate value->Further, for any i+.n, a hash value is calculatedJudging->Whether or not it is. If the above is true, the second part representing the confirmed bid evidence is valid;
if the first class promise and the first class ring signature and the second class promise and the second class ring signature contained in the bidding certificate are valid, the representative bidding certificate is a valid certificate confirmed by an auctioneer; otherwise, it is an invalid proof.
Collecting all current valid bid proofsLet I be. For each effective bid proof 1.ltoreq.i.ltoreq.I, the auctioneer calculates the confirmed bid proof as follows:
suppose that the auctioneer AM is at time point t end Confirming bid proofs, giving one bid proofWherein (1)>First part sigma of L (t i ) Representative is the buyer at t i Is the final bid of (2), second part +.>Representing at time t i The second type of ring signature generated for each i e 1, n]The auctioneer AM uses its own private key x AM Calculating new chameleon random number
Reconstructing a new second type ring signature: />
Further construct a validated bid proof: />
And e, a disclosure stage:
the buyer discloses the bid proof generated at stage c and the auctioneer discloses the confirmed bid proof generated at stage d. The bulletin board discloses the time nodes corresponding to all bids. Based on the above information, anyone can perform the following steps to verify the validity of the bid proof and the confirmed bid proof. The method comprises the following steps:
given a confirmed bid proofLet the first part beRepresenting user i at t i Final bid for moment. Anyone can verify the validity of the first part as follows: calculate->For each i.epsilon.1, n]Judging whether the equations are all true: />If the equations are all established, the first class promise is valid, and the method continues; otherwise, the verification fails. Further, calculate h 0 =H 1 (L) for each i=pi+1, …, n,1, …, pi-1, calculationAnd->For any i+.n, calculate +.>JudgingWhether or not it is. If the above is true, the first part representing the confirmed bid evidence is valid, and the process is continued; otherwise, the verification fails;
let the second part beRepresentative is that the auctioneer AM is at t end The first part is confirmed at the moment. Anyone can verify the validity of the second part as follows: calculation ofFor each i.epsilon.1, n]Judging whether the equations are all true:if the equations are all true, the second class promise is valid, and the process is continued; otherwise, the verification fails. Calculate h 0 =H 1 (L) for each i=pi+1, …, n,1, …, pi-1, calculating +.>Andfor any i+.n, calculate +.>Judging->Whether or not it is. If the above is true, the second part representing the confirmed bid evidence is valid;
if the first class promise and the first class ring signature contained in the bidding certificate are valid, and the second class promise and the second class ring signature are valid, the representative bidding certificate is a valid certificate confirmed by both buyers and auctioneers; otherwise, it is an invalid proof. Since an English auction is employed, the highest bid can be derived from all valid bid proofs, the process is transparent and publicly verifiable. The auctioneer sends the highest bidder electronic access rights to the bid item.
It should be noted that: like reference numerals and letters in the following figures denote like items, and thus once an item is defined in one figure, no further definition or explanation of it is required in the following figures, and furthermore, the terms "first," "second," "third," etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above examples are only specific embodiments of the present application, and are not intended to limit the scope of the present application, but it should be understood by those skilled in the art that the present application is not limited thereto, and that the present application is described in detail with reference to the foregoing examples: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the corresponding technical solutions. Are intended to be encompassed within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (6)

1. A two-way anonymizable publicly verifiable transaction method, comprising the steps of:
initializing a system: a system administrator executes an initialization algorithm to generate system parameters, and a certificate center issues corresponding public and private key pairs for all buyer terminals and auction platforms;
registration: after receiving auction commission of sellers on the beats, the auction platform sets a reserve price for the beats and opens the beats; the buyer terminal transfers anonymous encryption currency corresponding to the reserve price to the auction platform, generates a proof of the first bid and sends the proof to the auction platform;
auction phase: the buyer terminal bids and generates corresponding bidding evidences to be sent to the auction platform; after the auction platform receives the bid evidence, recording and advertising corresponding bid time information;
and (3) a confirmation stage: the auction platform receives the bid certificates of the buyer terminals, verifies the bid certificates according to the recorded time information, and generates confirmed bid certificates if the verification passes;
the disclosure stage: after the auction is finished, the auction platform announces the latest confirmed bid proof of each buyer terminal; any user of the system can obtain bidding results through the bid evidence after the notice confirmation and the bidding time information; the auction platform sends the electronic access rights for the beat to the highest bidding buyer terminal.
2. The method of claim 1, wherein the system administrator executes an initialization algorithm to generate system parameters, in particular:
on the one hand, a system administrator obtains prime numbers based on the security parameters; constructing a first multiplication cycle group and a second multiplication cycle group based on the prime numbers; then, generating elements are obtained based on the first multiplication cyclic group and the second multiplication cyclic group, and symmetrical bilinear pairs are constructed; on the other hand, a hash function to be used is selected.
3. The method of claim 2, wherein the buyer terminal transfers anonymous cryptocurrency corresponding to the reserve price to the auction platform and generates a proof of the first bid to be sent to the auction platform, in particular:
after the buyer terminal transfers anonymous encrypted money corresponding to the reserve price to the auction platform, calculating a first class commitment based on the generator, bilinear pair, hash function, time of first bidding and public key of a group of users, and calculating a first class ring signature based on hash function, private key and first class commitment;
the buyer terminal base generates a meta, bilinear pair, hash function and calculates second class commitment at the time of first bidding; then calculating a second class ring signature based on the hash function, the private key and the second class promise; finally, based on the first class ring signature and the second class promise, establishing a proof of the first bid, sending the proof of the first bid to an auction platform as a basis for registration, and managing the anonymous encryption currency until the auction is finished by the auction platform.
4. The method of claim 3, wherein in the auction phase, the buyer terminal calculates the chameleon random number based on the time of the first bid, the time of the current bid, and the private key to obtain a new first type ring signature, the new first type ring signature comprising the bid proof with a second type ring signature of the proof of the first bid.
5. The method of claim 4, wherein in the validation phase, the auction platform receives bid certificates for each buyer terminal and verifies the validity of the first type ring signature and the second type ring signature in the bid certificate based on the recorded time information, and the verification is passed by using the validation bid time information to obtain a new second type ring signature, and the first type ring signature and the new second type ring signature in the bid certificate form the validated bid certificate.
6. The method of claim 4, wherein in the public phase, any user of the system verifies the validity of the first type of ring signature and the second type of ring signature in the bid proof by the public key and the advertisement bid time information, and derives the highest bid from the confirmed bid proof by verifying all of the validity, thereby obtaining the bid result.
CN202310748123.2A 2023-06-21 2023-06-21 Transaction method capable of being verified through bidirectional anonymity disclosure Pending CN116862630A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310748123.2A CN116862630A (en) 2023-06-21 2023-06-21 Transaction method capable of being verified through bidirectional anonymity disclosure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310748123.2A CN116862630A (en) 2023-06-21 2023-06-21 Transaction method capable of being verified through bidirectional anonymity disclosure

Publications (1)

Publication Number Publication Date
CN116862630A true CN116862630A (en) 2023-10-10

Family

ID=88220794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310748123.2A Pending CN116862630A (en) 2023-06-21 2023-06-21 Transaction method capable of being verified through bidirectional anonymity disclosure

Country Status (1)

Country Link
CN (1) CN116862630A (en)

Similar Documents

Publication Publication Date Title
EP3769467B1 (en) Computer-implemented system and method for exchange of data
US8650403B2 (en) Crytographic method for anonymous authentication and separate identification of a user
US11341487B2 (en) System and method for information protection
CN110458554B (en) Identity-based data rapid transaction method on block chain
CN108418689B (en) Zero-knowledge proof method and medium suitable for block chain privacy protection
CN107528835B (en) User privacy protection method based on security intelligent contract k-anonymous incentive mechanism
CN109409890B (en) Electric power transaction system and method based on block chain
CN111639925B (en) Sealed auction method and system based on block chain
CN113360943A (en) Block chain private data protection method and device
CN115801260B (en) Block chain-assisted collaborative attack and defense game method in untrusted network environment
CN110728576A (en) Decentralized anonymous data transaction method based on zero knowledge proof
Chen et al. SBRAC: Blockchain-based sealed-bid auction with bidding price privacy and public verifiability
CN116418560A (en) System and method for online quick identity authentication based on blockchain intelligent contract
Devidas et al. A decentralized group signature scheme for privacy protection in a blockchain
Xue et al. Blockchain-based fair and fine-grained data trading with privacy preservation
Yang et al. Practical escrow protocol for bitcoin
Devidas et al. Identity verifiable ring signature scheme for privacy protection in blockchain
Lee et al. A secure e-auction scheme based on group signatures
CN107547199B (en) Method for realizing forward safety repudiation key exchange protocol for improving network competitive bidding system
CN116862630A (en) Transaction method capable of being verified through bidirectional anonymity disclosure
Fan et al. Certificateless Blind Aggregation Signature Scheme in the Blockchain Electronic Auction
AU2019101598A4 (en) System and method for information protection
US11995648B2 (en) Computer-implemented system and method for enabling zero-knowledge proof
Sharma et al. Anonymous Sealed-Bid Auction on Ethereum. Electronics 2021, 10, 2340
Chen et al. A secure and fair joint e-lottery protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Huang Ke

Inventor after: Yuan Cheng

Inventor after: Wang Ke

Inventor after: Liu Xingyu

Inventor after: Hu Jia

Inventor before: Huang Ke

Inventor before: Liu Xingyu

Inventor before: Yuan Cheng

Inventor before: Wang Ke

Inventor before: Hu Jia

CB03 Change of inventor or designer information