KR20210151020A - Blockchain system for providing anonymity of privacy information and method for providing anonymity of privacy information in a blockchain - Google Patents

Abstract

The present invention relates to a signature and verification technology for protecting personal information included in a transaction in a blockchain platform which comprises: an authentication module for generating a first certificate; a node that generates a transaction including a second certificate and the second certificate, which personal information is omitted from and zero-knowledge is applied to by using the first certificate generated by the authentication module; and a verification module that verifies the transaction generated in the node.

Description

A block chain system that provides anonymity of personal information and a method of providing anonymity of personal information in a block chain

The present invention relates to a block chain system that provides anonymity of personal information and a method for providing anonymity of personal information in a block chain, and more particularly, a signature for protecting personal information included in a transaction on a block chain platform and verification techniques.

Blockchain is a concept that was put to practical use in Bitcoin, which appeared in 2009, and is a database technology that stores data while preventing hacking through a shared ledger on a P2P network.

After that, as Ethereum presented the concept of a smart contract, which is an existing digital command, and a DApp that provides services based on it, the blockchain technology began to expand into the platform area.

Many blockchain platforms do not have separate devices to safely manage sensitive data such as private information. Due to the technical nature of the distributed ledger, transactions stored on the blockchain are shared by all network participants. Therefore, when blockchain technology is applied to an environment such as the Internet of Things, anonymity of personal information of IoT devices is not guaranteed.

As for the existing user authentication method, the authentication method through a third-party authentication authority and the X.509-based authentication method are mainly used. In the case of a third-party certification body, the properties required for verification must be explicitly set, and there is a disadvantage in that it causes a bottleneck for the system. In the case of an X.509-based certificate, the authentication process is performed without the help of a certificate authority in the authentication process, but there is a problem in that all signed attributes must be disclosed in response to other verification requests. .

Registered Patent Publication No. 10-1837169

The present invention is to solve the above problems, and an object of the present invention is to provide a signature and verification technology for protecting personal information included in a transaction in a blockchain platform.

A blockchain system for providing anonymity of personal information according to the present invention for achieving the above object includes: an authentication module for generating a first certificate; a node generating a second certificate to which personal information is omitted and zero-knowledge applied and a transaction including the second certificate by using the first certificate generated by the authentication module; and a verification module for verifying the transaction generated in the node.

In addition, the authentication module generates an authentication public key and an authentication private key using a randomizable digital signature, and generates the first certificate by signing with the authentication private key using a BBS signature protocol. can do.

In addition, the node may be characterized in that it generates a second certificate to which zero-knowledge is applied using the BBS signature protocol.

In addition, it may be characterized in that it further comprises an audit module for tracking the transaction using a public key for auditing and a private key for auditing.

The method may further include a revocation module for revoking the second certificate requiring revocation, and transmitting the revocation fact of the second certificate to the node.

On the other hand, a method for providing anonymity of personal information in a block chain according to the present invention for achieving the above object includes the steps of: (A) generating, by an authentication module, a first certificate; (B) generating, by a node, a second certificate to which personal information is omitted and Zero-Knowledge is applied and a transaction including the second certificate using the first certificate; and (C) a verification module verifying the transaction.

In addition, the step (A) may include generating an authentication public key and an authentication private key using a randomizable digital signature; and generating the first certificate by signing with the authentication secret key using the BBS signing protocol.

In addition, the step (B) may be characterized in that the BBS signature protocol is used when generating the second certificate.

According to the block chain system for providing anonymity of personal information and the method for providing anonymity of personal information in the block chain according to an embodiment of the present invention,

First, if anonymity is provided using a Zero-Knowledge-based certificate on a permissioned blockchain network, the personal information of the node can be protected.

Second, by dividing the certificate generation, issuance, signature generation, revocation, and verification protocols to each participating node, the system bottleneck of the authentication module that occurs in the authentication process is resolved and an efficient network configuration is possible.

1 is a diagram showing the structure of a block chain block.
2 is a diagram showing a block structure of Hyperledger-Fabric.
3 is a block diagram of a block chain system that provides anonymity of personal information according to an embodiment of the present invention.
4 is a diagram illustrating a process of issuing a zero-knowledge certificate and generating a transaction between an authentication module and a node;
5 is a diagram illustrating in more detail a process of generating a transaction providing anonymity using a zero-knowledge certificate.
6 is a diagram illustrating a process in which an audit module tracks a transaction;
7 is a diagram illustrating a relationship in which an authentication module, a revocation module, and a node cancel a certificate;
8 is a flowchart illustrating an operation protocol of another embodiment applied to a blockchain.
9 is a flowchart of a method for providing anonymity of personal information in a block chain according to an embodiment of the present invention.
Fig. 10 is a view showing a source code (a) for generating a certificate in which all attributes are not disclosed and a source code (b) for verifying the generated certificate.
11 is a view showing a result of verifying a certificate generated from the source code of FIG. 10 (a);
Fig. 12 is a graph showing the time required for generating and verifying a certificate;
13 is a view showing a source code (a) for generating a certificate that discloses only ProofOfAge among attributes and a result of verifying the generated certificate;

Hereinafter, a preferred embodiment of a block chain system for providing anonymity of personal information and a method for providing anonymity of personal information in a block chain according to the present invention will be described in detail with reference to the accompanying drawings.

Referring to FIG. 1 , a block of a block chain is a unit that provides final data, and is composed of a header and a body. Only blocks approved through validation and consensus algorithms among blocks are registered in the blockchain. Although the data structure defined for each blockchain platform is different, in general, the block header includes information about the block, such as the hash value of the previous block and the Merkle Root Hash (MRH) value, information necessary for verification, and It contains information necessary for the network. The block body contains transactions.

Blockchain is a technology in which network participants store blocks containing transactions in a distributed data storage environment in the form of a chain created by P2P method. As the smart contract at the logic level and the DApp concept at the application level were included in the block chain, it developed into a technology in the platform area that enables service development, distribution, and management in addition to database functions.

The block chain structure can be divided into a permission structure and a permissionless structure.

The permission structure is a block chain with a public structure, and anyone can freely participate in the network. It is a fully decentralized structure in which non-verified nodes can create, verify, and participate in the consensus algorithm to store data in the blockchain. In order for the blockchain network to be active, it must be structured to voluntarily participate in the network's consensus algorithm. In general, a PoW (Proof of Work) and PoS (Proof of Stake)-based consensus algorithm is used as a method of maintaining the block creation time in the network itself for network reliability while providing a token such as a cryptocurrency in general. do. This includes Bitcoin and Ethereum.

The non-permission structure is a block chain of a consortium structure or a private structure, in which only limitedly verified nodes validate transaction validity and perform a consensus algorithm. In the case of the consortium structure, the verified nodes perform the consensus algorithm in equal positions. In the case of the Private structure, it is a completely centralized structure in which one group (Enterprise) is in charge of everything. Since the private structure has a small number of nodes participating in the consensus algorithm and only verified nodes can participate, the transaction processing speed is significantly superior to that of the public structure. Representative examples include R3 Corda and Hyperledger-Fabric.

The consensus algorithm is the process of agreeing who will have authority over blocks on a shared ledger to store transaction data on the blockchain. The peer selected by the consensus algorithm registers the block created by it in its own ledger and propagates it to other peers. Peers that have received the new block perform validation on the block, and if valid, reflect it on the ledger. Representative consensus algorithms include Proof of Work (PoW), Proof of Stake (PoS), Delegated Proof of Stake (DPoS), and Practical Byzantine Fault Tolerance (PBFT).

A smart contract is a concept proposed by Nick Szabo in 1994, written in digital commands, and can execute contract contents according to conditions. Although the contract result according to the conditions is clear, there is a limitation in that it can be manipulated due to the nature of the digital command. However, as the result of smart contract operation is reflected in the block chain as it converges with the block chain, operation becomes impossible, and it has established itself as a core technology of the block chain. Smart contracts provide Turing completeness while performing contract contents according to conditions, and serve as the logic layer of the platform that provides blockchain-based services in that they can perform processes based on blockchain. .

DApp is a decentralized application based on blockchain. The resources used for the service are distributed and stored in the blockchain network, and in the case of high-trust data registered in the blockchain, once stored, forgery is impossible. DApp services perform processes on the block chain through smart contracts, and provide services by combining the functions of several smart contracts. Since the service response time, which is the most important element of the application, is affected by the transaction processing speed of the blockchain network, it is necessary to select an appropriate blockchain network structure according to the purpose of the required application.

For DApp service development, an interface for calling a smart contract from an application is required. Blockchain platforms that include the concept of smart contracts support tools that support interworking interfaces.

Hyperledger is a project that aims to implement standard blockchain technology supported by the Linux Foundation. Among them, Fabric is a blockchain framework for businesses, and is a blockchain platform with a membership service-based permission structure. It is possible to write smart contracts based on the go and java languages called Chaincode, and there are several components in the network, such as peers, orderers, and MSPs (Membership Service Provider).

Referring to FIG. 2 , a block includes a header, data, and metadata.

Header has a total of 3 variables. It is a Number variable that stores the index of a block, a PreviousHash variable that is a hash value of the previous block header, and a DataHash variable that is a Merkle Root Hash (MRH) value for data (transactions).

Data simply consists of an array of transactions, and each transaction includes Type, Version, Timestamp, Channel ID, TxID, Epoch, Chaincode info, Creator Identity, Endorser Identity, Status, Read Set, Write Set, Key value, etc. is composed of

Metadata consists of an orderer identity, a creator identity, and flag information for each transaction.

A peer is an essential element of the blockchain network, and it is divided into an Endorser and a Committer according to the role of the Peer in Hyperledger-Fabric.

Endorser is a concept that includes a committer, and additionally performs an Endorse function from a client's request. The chaincode requested by the user (user, node) is executed, and the resulting state is signed with the private key of the transferor (Endorser) through an endorsement process. It performs a function of returning an endorsement, which is a result of the subsequent process, to the user.

A committer has a ledger and an event-hub. Ledger is a shared ledger composed of block chain and local database, and event-hub is an interface used when requesting a function from a committer and receiving a response. After performing the function to return the contents of the ledger to the client by the Query command requested from the client (read), and after performing validation on the block received from the orderer It performs the function of storing in the ledger.

In Hyperledger-Fabric, the ledger consists of an existing block chain and a state database that tracks and stores the state of the block chain. As with the existing blockchain, it is a ledger that provides immortality that cannot be forged or altered, and contains information about transactions and networks. The state database is a LevelDB-based database composed of key-value-based pairs, and has a function of recording and tracking the latest state stored in the block chain. This reduces the time to search for state information within the blockchain by avoiding traversing the entire blockchain to know the current state of the ledger.

The orderer receives the endorsement from the client and performs a function to store it in the block chain. First, since the header information of the next block changes according to the order of the transaction in the block chain, the order of endorsements to be registered is ordered. After that, a packaging process is performed, which is converted into a block form for storage in the block chain. In order to reflect the last created block on the ledger of the corresponding channel, it plays a role of delivering the created block to peers (transferors, committers) with the ledger. The orderer performing the above function is an essential element of the channel of the Hyperledger-Fabric network, and there may be multiple orderers in one channel, at this time the orderer ( Orderers) determine the right to create blocks through a consensus process.

MSP (Membership Service Provider) is a key element that performs access right control in the Hyperledger-Fabric network. It is conceptually divided into four types according to required roles such as network, channel, peer, and orderer, and provides access control function through certificate-based authority. The network MSP controls the authority to perform network management (channel creation, etc.). The channel MSP controls the authority for the peer in the channel (Channel). The peer MSP controls the authority for the peer in the same way as the channel MSP, but is applied only to the corresponding peer. The orderer MSP controls the authority for the orderer.

Fabric-CA is an element that acts as a Certificate Authority in the Hyperledger-Fabric network, and can be used selectively. It works in conjunction with the MSP to issue and manage the certificate requested by the peer, and provides two types of certificates. Ecert (Enrollment Certificate) is an identifier of a peer and is continuously used. Tcert (Transaction Certificate) is used for transaction verification and is disposable.

A channel is a basic network unit of Hyperledger-Fabric, and each channel has an independent blockchain shared ledger and chaincode. Channel creation is possible only by a user with authority to the system in the network MSP, and it is basically composed of an organization including peers, an orderer, and an MSP. That is, each channel is a sub-network having a file system independent of other channels within one overall network.

The chaincode of Hyperledger-Fabric is a smart contract concept based on the go and java languages. However, unlike Ethereum smart contracts in which binary source codes are registered on the blockchain, verified peers registered in the blockchain network have chaincodes. Chaincode is divided into system chaincode and general chaincode. The system chaincode is a chaincode that performs the network system process. It can be registered when the network is created, and cannot be changed after the network is activated. A general chaincode is a chaincode that provides a service, and is performed in the form of a transaction through an Endor at the request of users. Creation, modification, etc. are possible, and it is maintained in units of channels. The execution result of the general chaincode is one transaction. The Chaincode proposed by the Client is executed and verified (signed) by the Endor, and transmitted to the Client in the form of an endorsement. After that, the client checks the guarantee policy, which is the execution condition of the transaction, and transmits it to the orderer. The transaction, which is the result of the transmitted chaincode, goes through ordering and packaging processes by the orderer, and the generated block is transmitted to the endor and the committer for validation. ) is reflected in the ledger after performing the process.

The consensus algorithm in Hyperledger-Fabric refers to the process of endorsement, ordering, and validation of transactions. That is, the transaction requested from the client is verified by the peer, goes through the ordering and packaging processes by the orderer who creates the block through the consensus process, and is stored in the ledger. It refers to the overall transaction execution process that performs validation. The endorsement is the result of executing, verifying, and signing the requested transaction by the peer.

Ordering is the process of determining the order to register the approved transactions received from multiple clients in the block (applying the consensus algorithm).

Validation is a process performed by a peer having a ledger, and is a validation process for a block received from an orderer.

Fabric-SDK is a tool supported by Hyperledger-Fabric and provides an interface that connects DApps and chaincodes to provide blockchain services. Go, node.js, and java languages are supported, and services such as a function to obtain access to an application through MSP and a function to suggest a transaction (Chaincode) are available.

The operation process and block chain interworking structure of Hyperledger-Fabric's DApp is similar to the existing block chain platform. It uses HTTP-based protocol and develops and distributes services in DApp based on functions provided by Chaincode through SDK tool.

Zero-Knowledge is a protocol that guarantees anonymity, and is a method of proving that a certifier has confidential information even if it does not disclose its confidential information. That is, even if the user's personal information is not disclosed, validation of the user's personal information can be performed. For zero knowledge, the following three basic conditions must be satisfied. Completeness means that if a statement is true, an honest certifier must be able to convince an honest verifier of this fact. Soundness is that if a statement is false, no dishonest certifier should be able to convince an honest verifier that this statement is true. Zero-knowledge means that if a certain sentence is true, the verifier should not know anything other than the truth/false of the sentence.

Unlike the existing system that transmits a hash value of user authentication information, zero knowledge can prove that information is correct without including user authentication information in network communication.

There are two representative signature protocols that provide zero-knowledge-based anonymity: Camenish-Lysyanskaya (CL) signature and BBS (Boneh-Boyen-Shacham) signature. Both are techniques using bilinear groups. The above signatures do not transmit the message signed with the private key, but provide the calculated value required by the verifier to prove that the user has the private key.

CL (Camenish-Lysyanskaya) signature was initially proposed based on Strong Diffie-Hellman (SDH). Since then, it has been improved in terms of efficiency and is now based on the Lysyanskaya-Rivest-Sahai-Wolf (LRSW) assumption. Unlike the SDH assumption, LRSW supports independent discrete-logarithm according to message attributes, and thus has more flexibility. The CL signature can prove that the user has the secret key by providing the calculated value required by the verifier, without the user going through the authentication process of transmitting the message signed with the private key.

BBS (Boneh-Boyen-Shacham) signature is a signature technique proposed based on a new assumption of DLIN (Decision Liner). It is the same zero-knowledge-based signature technique as the CL signature, and provides anonymity. The Proof of Knowledge protocol, which verifies the existence of information, has a more efficient feature than CL signature.

Randomizable Digital Signature is a signature technique that always consists of two elements regardless of the number of messages. Unlike CL signatures, random digital signatures must use the type-3 pairing method of bilinear groups unconditionally. However, recent CL signature-based protocols use the type-3 pairing method of bilinear groups for efficiency and security reasons, so they are more efficient while providing the same security and characteristics as CL signatures.

이 존재할 때, 랜덤(random)한

값을 선택하고,

을 계산함으로 새로운 서명을 만들어서 임의성(Randomizability)를 제공한다.Randomizable Digital Signature is a method of creating a new signature using an existing signature, rather than creating a new signature according to each message m in the CL signature. signature for message m

When is present, random

select a value,

It provides randomizability by creating a new signature by calculating

The blockchain system 100 for providing anonymity of personal information according to an embodiment of the present invention is a technology related to a blockchain platform capable of providing anonymity. This embodiment provides anonymity for transactions containing personal information on a permissioned blockchain platform.

This embodiment proposes a method of applying a zero-knowledge-based signature technique to solve the anonymity problem of a blockchain network. For efficient processing of transaction generation, the key generation protocol of Randomizable Digital Signature is used, and the protocol of BBS signature is applied to Proof of Knowledge.

This embodiment is connected to the blockchain network and performs functions such as generating, signing, issuing, discarding, tracking, etc., a certificate containing personal information of the node 110, and personal information in the certificate (Attributes) ) to provide anonymity.

Referring to Fig. 3, this embodiment includes an authentication module 120 for generating a first certificate; a node 110 for generating a transaction including a second certificate and a second certificate to which personal information is omitted and zero-knowledge is applied using the first certificate generated by the authentication module 120; It includes a verification module 140 for verifying the transaction generated in the node (110).

The authentication module (Certificate Authority, 120) is a verified object that issues a certificate. Generates an authentication public key and an authentication private key based on a Randomizable Digital Signature, and issues a certificate using this. The issued certificate has a flexible feature by applying the zero-knowledge concept.

The node 110 is a participating node 110 of the block chain that receives a certificate and provides its own attributes through this. Based on the issued certificate, the BBS (Boneh-Boyen-Shacham) signature-based signature is performed, and a transaction including only information about some attributes is created.

The node 110 may be implemented in various ways. If this embodiment is applied to an Internet of Things (IoT) environment, the node 110 may be an individual IoT sensor device.

The verification module (Verifier, 140) verifies the certificate of the node 110 using the public key (Public Key) of the authentication module (120).

The revocation module (Revocation Authority, 180) is a component that performs revocation of a certificate. A process for requesting the discard is performed, and a process of delivering the result to the node 110 and the verification module 140 is performed. As another embodiment, the authentication module 120 may concurrently perform this role along with issuing a certificate.

Referring to FIG. 4 , the following structure is defined to provide anonymity to ensure that the transaction creator's private information is not disclosed on the block chain platform and has the information.

The authentication module 120 uses a randomizable digital signature when generating an authentication public key and an authentication private key to increase efficiency.

The node 110 generates a first public key and a first private key using the random digital signature.

The authentication module 120 generates the first certificate by signing with the authentication secret key using the BBS signature protocol. The node 110 generates the first public key by using the first certificate together.

The node 110 generates a second certificate in which some or all of personal information is omitted when a transaction is created. The second certificate is generated by applying zero knowledge using the BBS signature protocol. The node 110 generates a second public key and a second private key for generating the second certificate. Another node can verify the contents of the second certificate by using the second public key.

Each transaction includes a certificate of the creator (node). A certificate created based on a signature technique to which zero-knowledge is applied can provide anonymity for personal information even if it is included in a transaction.

5 shows a transaction creation and verification process. In the first certificate issued by the authentication module 120 , all of the private information of the node 110 is contained in Attributes.

When a transaction is created, a certificate of the node 110 must be included in the transaction. However, there is a problem in that all attributes are disclosed when the first certificate is included in the transaction.

Accordingly, a new signature, that is, a second certificate, is generated and provided to the verification module 140 so that the verification module 140 can verify only the attributes that are selectively disclosed.

Since the second certificate provided to the verification module 140 includes only the personal information that the node 110 has allowed to be disclosed, the personal information is prevented from being exposed during verification.

The verification module 140 verifies the second certificate included in the transaction by using the authentication public key generated by the authentication module 120 .

6 shows an audit (Auditor (Inspector)) process. In the structure of FIG. 5 , personal information of the node 110 may be acquired by collecting attribute information by tracking each distributed transaction.

In order to prevent such a problem, the audit module 160 that performs a tracking function for a transaction may be additionally configured. The audit module 160 is a verified object with read permission for transactions in the blockchain network. The audit module 160 has a public key for auditing and a private key for auditing for performing transaction tracking authority. The audit module 160 may be configured as a participating node 110 of a block chain network and used selectively. The key generated by the audit module 160 may apply the existing asymmetric key cryptography method to which the zero-knowledge concept is not applied.

7 shows a revocation process. When the attribute of a certificate is changed or a certificate including all attributes is leaked, a process of discarding the certificate is necessary so that it can no longer be used.

For the revocation process, the revocation module 180 first generates a public key and a private key for proving that the object has the right to revocation. Thereafter, the node 110 requiring certificate revocation transmits a revocation request to the revocation module 180 . The revocation module 180 checks whether the corresponding node 110 has authority, and notifies the nodes 110 connected to the network that the certificate of the corresponding node 110 is to be revoked using its own key signature.

The certificate revocation request can be made only by the authentication module 120 , the revocation module 180 , and the node 110 of the corresponding certificate. The verification module 140 does not have the request authority for revocation.

In order to apply the blockchain platform, it is necessary to design a blockchain structure suitable for this embodiment. In particular, for interworking with the cryptographic library module, an object for managing a certificate and a key for the node 110 that generates a transaction is required.

8 is a flowchart illustrating an operation protocol of another embodiment applied to a block chain.

In this embodiment, the peer requests the authentication module 120 to register (or discard) the certificate, and the block requesting the authentication service providing module 122 to sign and verify the transaction. It is a participating node 110 of the chain.

The authentication module 120 is an object that performs the same function as the authentication module 120 of the above-described embodiment.

The certificate service providing module (Certificate Service Provider, 122) transmits the signature and verification request received from the peer to the encryption unit. The authentication service providing module 122 simultaneously performs the function of the verification module 140 and the role of a signer.

The Crypto Library Module (124) is a library module that provides functions such as zero-knowledge-based key generation, signature, issuance, proof, revocation, and tracking.

With reference to the drawings, the operation protocol from the stage of applying the blockchain platform to the stage of providing anonymity will be described.

First, a blockchain network in which the peer, the authentication module 120 and the authentication service providing module 122 participate as the node 110 is constructed.

A zero-knowledge-based authentication key (public key, private key) used in the authentication module 120 when constructing a block chain network is generated.

Next, the peer requests registration from the authentication module 120 . The authentication module 120 generates and registers a peer certificate based on the generated authentication key.

The blockchain network performs the functions of transactions. The peer requests the authentication service providing module 122 to sign or verify the transaction. The authentication service providing module 122 performs signature or verification using the peer's certificate.

Next, a method for providing anonymity of personal information in a block chain according to an embodiment of the present invention will be described.

Referring to FIG. 9 , in this embodiment, the authentication module 120 generates the first certificate ( S120 ), the node 110 uses the first certificate to omit personal information, and zero-knowledge It includes the step of generating the applied second certificate and the transaction including the second certificate (S140), and the step of verifying the transaction by the verification module 140 (S160).

In step S120, in detail, a step of generating an authentication public key and an authentication secret key using a randomizable digital signature (S122) and a step of generating a first certificate by signing with an authentication private key using the BBS signature protocol (S124) may be included.

Step S140 uses the BBS signature protocol when generating the second certificate.

Next, an actual block chain system 100 was constructed using an embodiment of the present invention, and it was confirmed whether a normal operation was possible while maintaining anonymity.

Experiment.

The source code of FIG. 10(a) performs a function of generating a new signature (certificate) in which all attributes are not disclosed. In FIG. 10( b ), by performing verification on the generated signature, it was confirmed whether the Proof of Knowledge protocol was operated.

11 is a result of verifying the certificate generated from the source code of FIG. 10(a). As shown, it was found that the information of uID, Name, Birthday, City, Country, and ProofOfAge included in Attributes was not displayed in the certificate.

Signature generation is performed whenever node 110 creates a transaction. This is closely related to the transaction bottleneck. Referring to FIG. 12 , an additional time cost of about 92.77 ms is consumed for generating and verifying one new signature. The signature generation process and verification process have the disadvantage of delaying the service response speed required for one transaction to be processed.

만큼의 서명 배열을 선언하여 Map 또는 Index 자료 구조 기반의 메모리를 소모하되, 중복 요청되는 속성(Attributes)에 대한 서명을

시간 복잡도에 찾아갈 수 있도록 구현한다.Therefore, when the number of attributes is n,

Declare as many signature arrays as possible to consume Map or Index data structure-based memory, but to register duplicate requested attributes.

Implement it so that it can be found in time complexity.

Referring to FIG. 13 , a signature capable of confirming only ProofOfAge among attribute information was generated. ProofOfAge is an attribute that can confirm whether or not an adult is 18 years of age or older. Using this embodiment, it is possible to provide a service that only adults can participate in, such as voting, even if personal information is not disclosed. Referring to FIG. 13B , it can be confirmed that only ProofOfAge information is disclosed. Accordingly, it can be seen that by utilizing the configuration of the node 110, the authentication module 120, the verification module 140, etc. of this embodiment, anonymity can be provided for the personal information in the transaction generated in the blockchain network. .

In the above, the present invention has been described in detail with reference to the embodiments, but those of ordinary skill in the art to which the present invention pertains may make various substitutions, additions and modifications within the scope not departing from the technical spirit described above. Of course, it should be understood that such modified embodiments also fall within the protection scope of the present invention as defined by the appended claims below.

100: blockchain system 110: node
120: authentication module 122: authentication service providing module
124: encryption module 140: verification module
160: audit module 180: discard module

Claims (8)

an authentication module for generating a first certificate;
a node generating a second certificate to which personal information is omitted and zero-knowledge applied and a transaction including the second certificate by using the first certificate generated by the authentication module; and
A blockchain system that provides anonymity of personal information, characterized in that it includes a verification module that verifies the transaction generated in the node. According to claim 1,
The authentication module generates an authentication public key and an authentication private key using a randomizable digital signature, and generates the first certificate by signing with the authentication private key using a BBS signature protocol. A blockchain system that provides anonymity of information. 3. The method of claim 2,
The block chain system for providing anonymity of personal information, characterized in that the node generates a second certificate to which zero knowledge is applied using the BBS signature protocol. 4. The method of claim 3,
A block chain system for providing anonymity of personal information, characterized in that it further comprises an audit module for tracking the transaction using the public key for audit and the secret key for audit. 4. The method of claim 3,
The block chain system for providing anonymity of personal information, characterized in that it further comprises a revocation module which discards the second certificate that needs to be revoked, and transmits the fact of revocation of the second certificate to a node. (A) generating, by the authentication module, a first certificate;
(B) generating, by a node, a second certificate to which personal information is omitted and Zero-Knowledge is applied and a transaction including the second certificate using the first certificate; and
(C) A method for providing anonymity of personal information in a block chain comprising the step of verifying the transaction by a verification module. The method of claim 6, wherein (A) step,
generating an authentication public key and an authentication private key using a randomizable digital signature; and
and generating the first certificate by signing with the authentication secret key using the BBS signature protocol. The method of claim 7, wherein (B) step,
A method for providing anonymity of personal information in a block chain, characterized in that the BBS signature protocol is used when generating the second certificate.

Images