KR20240074718A - Blockchain system for providing anonymity of privacy information and method for providing anonymity of privacy information in a blockchain - Google Patents

Abstract

The present invention is a signature and verification technology for protecting personal information included in transactions on a blockchain platform. By using an authentication module that generates a first certificate, and the first certificate generated by the authentication module, personal information is omitted and zero knowledge is used. It includes a second certificate to which (Zero-Knowledge) is applied, a node that generates a transaction containing the second certificate, and a verification module that verifies the transaction created in the node.

Description

A blockchain system that provides anonymity of personal information and a method of providing anonymity of personal information in a blockchain {BLOCKCHAIN SYSTEM FOR PROVIDING ANONYMITY OF PRIVACY INFORMATION AND METHOD FOR PROVIDING ANONYMITY OF PRIVACY INFORMATION IN A BLOCKCHAIN}

The present invention relates to a blockchain system that provides anonymity of personal information and a method of providing anonymity of personal information in a blockchain, and more specifically, to a signature to protect personal information included in a transaction on a blockchain platform. and verification technology.

Blockchain is a concept put to practical use in Bitcoin, which appeared in 2009, and is a database technology that stores data while preventing hacking through a shared ledger on a P2P network.

Afterwards, as Ethereum presented the concept of smart contracts, which are existing digital commands, and DApps that provide services based on them, blockchain technology began to expand into the platform area.

Many blockchain platforms do not have separate devices to safely manage sensitive data such as personal information. Due to the nature of distributed ledger technology, transactions stored on the blockchain are shared by all network participants. Therefore, when blockchain technology is applied to an environment such as the Internet of Things, the anonymity of personal information in Internet of Things devices is not guaranteed.

Existing user authentication techniques mainly include authentication through a third-party certification authority and X.509-based certificate methods. In the case of a third-party certification body, the attributes required for verification must be explicitly determined, and the disadvantage is that it causes a bottleneck in the system. In the case of an .

Registered Patent Publication No. 10-1837169

The present invention is intended to solve the above problems, and the purpose of the present invention is to provide signature and verification technology to protect personal information included in transactions on a blockchain platform.

The blockchain system that provides anonymity of personal information according to the present invention to achieve the above purpose includes an authentication module that generates a first certificate; a node that uses the first certificate generated by the authentication module to generate a second certificate in which personal information is omitted and zero knowledge is applied and a transaction including the second certificate; and a verification module that verifies transactions generated in the node.

In addition, the authentication module generates an authentication public key and an authentication secret key using a random digital signature, and generates the first certificate by signing with the authentication secret key using a BBS signature protocol. can do.

Additionally, the node may be characterized in that it generates a second certificate to which zero knowledge is applied using the BBS signature protocol.

In addition, it may further include an auditing module that tracks the transaction using a public key for auditing and a private key for auditing.

In addition, it may further include a discard module that discards the second certificate that needs to be discarded and transmits the fact of revocation of the second certificate to the node.

Meanwhile, a method of providing anonymity of personal information in a blockchain according to the present invention to achieve the above purpose includes the steps of (A) an authentication module generating a first certificate; (B) A node uses the first certificate to generate a second certificate in which personal information is omitted and zero knowledge is applied, and a transaction including the second certificate; and (C) a verification module verifying the transaction.

In addition, step (A) includes generating an authentication public key and an authentication secret key using a random digital signature (Randomizable Digital Signature); and generating the first certificate by signing with the authentication secret key using the BBS signature protocol.

Additionally, step (B) may be characterized by using the BBS signature protocol when generating the second certificate.

According to a blockchain system that provides anonymity of personal information and a method of providing anonymity of personal information in a blockchain according to an embodiment of the present invention,

First, by providing anonymity using a Zero-Knowledge based certificate on a permissioned blockchain network, the personal information of nodes can be protected.

Second, by dividing the certificate generation, issuance, signature generation, disposal, and verification protocols to each participating node, the system bottleneck of the authentication module that occurs during the authentication process is resolved, enabling efficient network configuration.

Figure 1 is a diagram showing the structure of a blockchain block.
Figure 2 is a diagram showing the block structure of Hyperledger-Fabric.
Figure 3 is a block diagram of a blockchain system that provides anonymity of personal information according to an embodiment of the present invention.
Figure 4 is a diagram showing the zero-knowledge certificate issuance and transaction creation process between the authentication module and the node.
Figure 5 is a diagram illustrating in more detail the process of creating a transaction that provides anonymity using a zero-knowledge certificate.
Figure 6 is a diagram showing the process by which the audit module tracks transactions.
Figure 7 is a diagram showing the relationship between an authentication module, a revocation module, and a node to discard a certificate.
Figure 8 is a flowchart showing the operation protocol of another embodiment applied to blockchain.
Figure 9 is a flowchart of a method for providing anonymity of personal information in blockchain according to an embodiment of the present invention.
Figure 10 is a diagram showing source code (a) for generating a certificate in which all properties are not disclosed and source code (b) for verifying the generated certificate.
Figure 11 is a diagram showing the results of verifying the certificate generated from the source code of Figure 10(a).
12 is a graph showing the time required to generate and verify a certificate.
Figure 13 is a diagram showing the source code (a) for generating a certificate that discloses only ProofOfAge among the attributes and the results of verifying the generated certificate.

Hereinafter, with reference to the attached drawings, a preferred embodiment of a blockchain system that provides anonymity of personal information and a method of providing anonymity of personal information in a blockchain according to the present invention will be described in detail.

Referring to Figure 1, a blockchain block is a unit that provides final data and consists of a header and body. Among blocks, only blocks approved through validation and consensus algorithms are registered in the blockchain. The data structure defined for each blockchain platform is different, but in general, the block header contains information about the block, information necessary for verification, such as the hash value of the previous block and the MRH (Merkle Root Hash) value, and It contains information necessary for the network. The block body contains transactions.

Blockchain is a technology in which network participants store blocks containing transactions in a distributed data storage environment in the form of a chain created in a P2P manner, and is a database technology that provides immortality for blocks that cannot be forged or altered. As the concept of smart contracts at the logic level and DApp at the application level were included in blockchain, it developed into a platform technology capable of developing, distributing, and managing services in addition to database functions.

Blockchain structure can be divided into permissioned and non-permissioned structures.

The permission structure is a public blockchain that allows anyone to freely participate in the network. It is a fully decentralized structure that allows non-verifying nodes to create transactions, verify them, and participate in the consensus algorithm to store data on the blockchain. In order for a blockchain network to be activated, it must be structured to voluntarily participate in the network's consensus algorithm. In general, a consensus algorithm based on PoW (Proof of Work) and PoS (Proof of Stake) is used as a method of algorithmically maintaining the block creation time in the network itself for network reliability while providing tokens such as cryptocurrency. do. This includes Bitcoin, Ethereum, etc.

The non-permission structure is a consortium or private blockchain in which only verified nodes verify transaction validity and perform the consensus algorithm. In the case of a consortium structure, verified nodes perform the consensus algorithm in equal positions. In the case of the private structure, it is a completely centralized structure in which one group (Enterprise) is in charge of everything. Because the private structure has a small number of nodes participating in the consensus algorithm and only verified nodes can participate, the transaction processing speed is far superior to the public structure. Representative examples include R3 Corda and Hyperledger-Fabric.

The consensus algorithm is the process of agreeing on who will have authority over a block on a shared ledger to store transaction data on the blockchain. Peers selected by the consensus algorithm register the blocks they create in their ledgers and disseminate them to other peers. Peers who receive a new block perform validation on the block and, if valid, reflect it on the ledger. Representative consensus algorithms include Proof of Work (PoW), Proof of Stake (PoS), Delegated Proof of Stake (DPoS), and Practical Byzantine Fault Tolerance (PBFT).

A smart contract is a concept proposed by Nick Szabo in 1994. It is written as a digital command and can execute the contents of the contract according to conditions. This had a clear contract outcome based on the conditions, but had the limitation that it could be manipulated due to the nature of digital commands. However, as it is integrated with blockchain, the results of smart contract operations are reflected in the blockchain and cannot be manipulated, making it a core technology of blockchain. Smart contracts serve as the logic layer of a platform that provides blockchain-based services in that they provide Turing completeness while executing the contract according to conditions and can perform processes based on the blockchain. .

DApp is a blockchain-based decentralized application. The resources used for the service are distributed and stored on the blockchain network, and highly reliable data registered on the blockchain has the characteristic of being impossible to forge or falsify once stored. DApp services perform blockchain processes through smart contracts and provide services by combining multiple smart contract functions. Since service response time, which is the most important element of an application, is affected by the transaction processing speed of the blockchain network, an appropriate blockchain network structure must be selected depending on the purpose of the application required.

In order to develop DApp services, an interface for calling smart contracts from an application is required. Blockchain platforms that include the smart contract concept support tools that support interoperability interfaces.

Hyperledger is a project aimed at implementing standard blockchain technology supported by the Linux Foundation. Among them, Fabric is an enterprise blockchain framework and is a blockchain platform with a membership service-based permission structure. It is possible to create smart contracts based on go and java languages, called chaincode, and the network has several components such as peers, orderers, and MSP (Membership Service Provider).

Referring to FIG. 2, a block includes a header, data, and metadata.

Header has a total of 3 variables. The Number variable stores the index of the block, the PreviousHash variable is the hash value of the previous block header, and the DataHash variable is the MRH (Merkle Root Hash) value for data (transactions).

Data is simply composed of an array of transactions, and each transaction includes Type, Version, Timestamp, Channel ID, TxID, Epoch, Chaincode info, Creator Identity, Endorser Identity, Status, Read Set, Write Set, Key value, etc. It consists of:

Metadata consists of orderer identity, creator identity, and flag information for each transaction.

Peers are an essential element of the blockchain network, and are classified into Endorser and Committer depending on the role of the Peer in Hyperledger-Fabric.

Endorser is a concept that includes committers and additionally performs the function of endorsing requests from clients. The chaincode requested by the user (node) is executed, and the resulting state goes through an endorsement process in which it is signed with the endorser's private key. Afterwards, it performs the function of returning an endorsement, which is the result of the process, to the user.

The committer has a ledger and an event hub. The ledger is a shared ledger consisting of a blockchain and a local database, and the event hub is an interface used to request functions from the committer and receive responses. After performing a function (read) that returns the contents of the ledger to the client by a query command requested from the client, and validation of the block received from the orderer, Performs the function of saving to the ledger.

In Hyperledger-Fabric, the ledger consists of an existing blockchain and a State Database that tracks and stores the state of the blockchain. Like existing blockchains, it is a ledger that provides immortality that cannot be forged or altered, and contains information about transactions and networks. State Database is a LevelDB-based database composed of key-value based pairs and has the function of recording and tracking the latest state stored in the blockchain. This reduces the time to retrieve state information within the blockchain by avoiding searching the entire blockchain to know the current state of the ledger.

The orderer receives an endorsement from the client and performs the function of storing it in the blockchain. First, since the header information of the next block in blockchain varies depending on the order of transactions, the order of endorsements to be registered is ordered. Afterwards, a packaging process is performed to convert it into block form for storage in the blockchain. It plays the role of delivering the created block to peers (transferr, committer) with the ledger in order to reflect the last created block in the ledger of the corresponding channel. The orderer that performs the above function is an essential element of the channel of the Hyperledger-Fabric network. Multiple orderers can exist in one channel, and in this case, the orderer ( Orderers determine the authority to create blocks through a consensus process.

MSP (Membership Service Provider) is a key element that performs access permission control in the Hyperledger-Fabric network. It is conceptually divided into four types depending on the required role, such as network, channel, peer, and orderer, and provides access control functions through certificate-based authority. The network MSP controls the authority to perform network management (channel creation, etc.). Channel MSP controls authority for peers within the channel. Peer MSP controls authority for peers in the same way as channel MSP, but applies only to the peer. The orderer MSP controls the authority for the orderer.

Fabric-CA is an element that acts as a Certificate Authority in the Hyperledger-Fabric network and can be used optionally. It is linked to MSP and performs the role of issuing and managing certificates requested by peers, and provides two types of certificates. Ecert (Enrollment Certificate) is the peer's identifier and is used continuously. Tcert (Transaction Certificate) is used to verify transactions and is disposable.

Channel is the basic network unit of Hyperledger-Fabric, and each channel has an independent blockchain shared ledger and chaincode. Channel creation is possible only for users with system permissions at the network MSP, and is basically composed of an organization including peers, orderer, and MSP. In other words, each channel is a subnetwork with a file system that is independent from other channels within one overall network.

Hyperledger-Fabric's chaincode is a smart contract concept based on the go and java languages. However, unlike Ethereum's smart contract, which has a binary source code registered on the blockchain, verified peers registered on the blockchain network have a chaincode. Chaincode is divided into system chaincode and general chaincode. The system chaincode is a chaincode that performs network system processes and can be registered when the network is created, and cannot be changed after the network is activated. A general chaincode is a chaincode that provides a service, and is performed in the form of a transaction through an endorser at the request of users. It can be created, modified, etc., and is maintained on a channel basis. The result of executing a general chaincode is one transaction. The chaincode proposed by the client is executed and verified (signed) by the endorser and sent to the client in the form of an endorsement. Afterwards, the client checks the endorsement policy, which is the transaction execution condition, and transmits it to the orderer. The transaction, which is the result of the transmitted chaincode, goes through the ordering and packaging process by the orderer, and the created block is sent to the endorser and committer for validation. ) After performing the process, it is reflected in the ledger.

The consensus algorithm in Hyperledger-Fabric refers to the processes of endorsement, ordering, and validation for transactions. In other words, the transaction requested by the client is verified by the peer, goes through the ordering and packaging process by the orderer who creates the block through the consensus process, and is stored in the ledger. It refers to the overall transaction execution process that performs validation. An endorsement is the result of the peer executing, verifying, and signing the requested transaction.

Ordering is the process of determining the order in which approved transactions received from multiple clients will be registered in the block (applying consensus algorithm).

Validation is a process performed by the peer that holds the ledger, and is a validation process for the block transmitted from the orderer.

Fabric-SDK is a tool supported by Hyperledger-Fabric and provides an interface that connects DApp and Chaincode to provide blockchain services. It supports go, node.js, and java languages, and services such as the function of obtaining access to applications through MSP and the function of suggesting transactions (Chaincode) are possible.

The operation process and blockchain interconnection structure of Hyperledger-Fabric's DApp are similar to existing blockchain platforms. It uses an HTTP-based protocol and develops and distributes services in DApp based on the functions provided by Chaincode through the SDK tool.

Zero-Knowledge is a protocol that guarantees anonymity and is a method of proving that the certifier has confidential information even if the certifier does not disclose the confidential information. In other words, the validity of the user's personal information can be verified even if the user's personal information is not disclosed. Zero knowledge must meet the following three basic conditions: Completeness means that if a statement is true, an honest certifier should be able to convince an honest verifier of this fact. Soundness means that if a statement is false, no dishonest certifier can convince an honest verifier that the statement is true. Zero knowledge means that if a sentence is true, the verifier should know nothing other than the truth/false of the sentence.

Unlike existing systems that transmit hash values of user authentication information, zero knowledge can prove that the information is correct without including user authentication information in network communications.

There are two representative signature protocols that provide zero-knowledge-based anonymity: CL (Camenish-Lysyanskaya) signature and BBS (Boneh-Boyen-Shacham) signature. Both techniques use bilinear groups. The above signatures do not transmit a message signed with a private key, but can prove that the user has the secret key by providing the calculated value required by the verifier.

CL (Camenish-Lysyanskaya) signature was initially proposed based on SDH (Strong Diffie-Hellman). Since then, it has been improved in terms of efficiency and is now based on the LRSW (Lysyanskaya-Rivest-Sahai-Wolf) assumption. Unlike the SDH assumption, LRSW supports independent discrete-logarithm according to the attributes of the message, and has the characteristic of being more flexible. CL signature can prove that the user has the secret key by providing the calculated value required by the verifier without going through the authentication process of sending a message signed with the secret key.

BBS (Boneh-Boyen-Shacham) signature is a signature technique proposed based on a new assumption called DLIN (Decision LINear). It is a zero-knowledge-based signature technique, identical to CL signatures, and provides anonymity. The Proof of Knowledge protocol, which verifies the presence or absence of information, has features that are more efficient than CL signatures.

Randomizable Digital Signature is a signature technique that always consists of two elements, regardless of the number of messages. Unlike CL signatures, random digital signatures must use the type-3 pairing method of bilinear groups. However, many recent CL signature-based protocols use the type-3 pairing method of bilinear groups for efficiency and security reasons, so they are more efficient while providing the same security and features as CL signatures.

이 존재할 때, 랜덤(random)한

값을 선택하고,

을 계산함으로 새로운 서명을 만들어서 임의성(Randomizability)를 제공한다.Randomizable Digital Signature is a method of creating a new signature using an existing signature, rather than creating a new signature for each message m in CL signature. signature for message m

When this exists, random

select a value,

Randomizability is provided by creating a new signature by calculating .

The blockchain system 100, which provides anonymity of personal information according to an embodiment of the present invention, is a technology related to a blockchain platform capable of providing anonymity. This embodiment provides anonymity for transactions containing personal information on a permissioned blockchain platform.

This embodiment proposes a method of applying a zero-knowledge-based signature technique to solve the anonymity problem of blockchain networks. For efficient processing of transaction creation, the key generation protocol of Randomizable Digital Signature is used, and the BBS signature protocol is applied to Proof of Knowledge.

This embodiment is connected to the blockchain network and performs functions such as generating, signing, issuing, discarding, and tracking a certificate containing the personal information of the node 110, and attaches attributes, which are personal information in the certificate. ) provides anonymity for.

Referring to Figure 3, this embodiment includes an authentication module 120 that generates a first certificate; A node 110 that uses the first certificate generated by the authentication module 120 to generate a second certificate in which personal information is omitted and zero knowledge is applied, and a transaction including the second certificate; It includes a verification module 140 that verifies transactions generated in the node 110.

The certification module (Certificate Authority, 120) is a verified object that issues a certificate. Generates an authentication public key and authentication secret key based on a randomizable digital signature and issues a certificate using this. The issued certificate has flexible characteristics by applying the zero knowledge concept.

Node 110 is a participating node 110 of a blockchain that receives a certificate and provides its attributes through it. Based on the issued certificate, a transaction containing only information about some attributes is created through a BBS (Boneh-Boyen-Shacham) signature-based signature.

Node 110 may be implemented in various ways. If this embodiment is applied to an IoT (Internet of Things) environment, the node 110 may be an individual IoT sensor device.

The verification module (Verifier) 140 verifies the certificate of the node 110 using the public key of the authentication module 120.

The revocation module (Revocation Authority, 180) is a component that performs the revocation of certificates. A request for discard is performed and the result is delivered to the node 110 and the verification module 140. In another embodiment, the authentication module 120 may perform this role in addition to issuing a certificate.

Referring to Figure 4, the following structure is defined to provide anonymity to ensure that the transaction creator has the personal (private) information without disclosing it in the blockchain platform.

To increase efficiency, the authentication module 120 uses a random digital signature (Randomizable Digital Signature) when generating the authentication public key and authentication secret key.

Node 110 generates a first public key and a first private key using a random digital signature.

The authentication module 120 generates a first certificate by signing with an authentication secret key using the BBS signature protocol. Node 110 uses the first certificate together to generate a first public key.

When creating a transaction, the node 110 generates a second certificate with some or all of the personal information omitted. The second certificate is created by applying zero knowledge using the BBS signature protocol. Node 110 generates a second public key and a second secret key to generate the second certificate. Other nodes can check the contents of the second certificate using the second public key.

Each transaction includes the certificate of the creator (node). A certificate created based on a zero-knowledge signature technique can provide anonymity to personal information even if it is included in a transaction.

Figure 5 shows the transaction creation and verification process. The first certificate issued by the authentication module 120 contains all of the private information of the node 110 in attributes.

When creating a transaction, the transaction must include the certificate of the node 110. However, there is a problem that when the first certificate is included in the transaction, all attributes are disclosed.

Therefore, a new signature, that is, a second certificate, is generated and provided to the verification module 140 so that the verification module 140 can selectively verify only the attributes that are desired to be disclosed.

Since the second certificate provided to the verification module 140 contains only personal information that the node 110 has permitted to be disclosed, personal information is prevented from being exposed during verification.

The verification module 140 verifies the second certificate included in the transaction using the authentication public key generated by the authentication module 120.

Figure 6 shows the audit (Inspector) process. The structure of FIG. 5 can obtain personal information of the node 110 by tracking each distributed transaction and collecting attribute information.

To prevent such unexpected problems, an audit module 160 that performs a tracking function for transactions may be additionally configured. The audit module 160 is a verified object with read permission for transactions within the blockchain network. The audit module 160 has a public key for auditing and a private key for auditing to perform transaction tracking rights. The audit module 160 can be configured as a participating node 110 of the blockchain network and used selectively. The key generated in the audit module 160 may be an existing asymmetric key encryption technique that does not apply the zero-knowledge concept.

Figure 7 shows the revocation process. If the attributes of a certificate are changed or a certificate containing all attributes is leaked, a process is required to discard the certificate so that it can no longer be used.

For the disposal process, the disposal module 180 first generates a public key and a private key to prove that the object has disposal authority. Afterwards, the node 110 that needs to revoke the certificate transmits a request to revoke the certificate to the revocation module 180. The revocation module 180 verifies whether the corresponding node 110 has authority and uses its own key signature to notify the nodes 110 connected to the network that the certificate of the corresponding node 110 is revoked.

Requests for certificate revocation can only be made by the authentication module 120, the revocation module 180, and the node 110 of the corresponding certificate. The verification module 140 does not have the authority to request disposal.

In order to apply a blockchain platform, a blockchain structure suitable for this embodiment must be designed. In particular, an object that manages the certificate and key for the node 110 that generates the transaction is required for linking with the cryptographic library module.

Figure 8 is a flowchart showing the operation protocol of another embodiment applied to blockchain.

The peer in this embodiment has a function of requesting the authentication module 120 to register (or discard) a certificate, and a block requesting the certification service providing module 122 to sign and verify a transaction. This is the participating node (110) of the chain.

The authentication module 120 is an object that performs the same function as the authentication module 120 in the previously described embodiment.

The certificate service provider (Certificate Service Provider) 122 transmits the signature and verification request received from the peer to the encryption unit. The authentication service providing module 122 simultaneously performs the function of the verification module 140 and the role of a signer.

Crypto Library Module (124) is a library module that provides functions for zero-knowledge-based key generation, signature, issuance, proof, disposal, and tracking.

Referring to the drawing, the operation protocol from the blockchain platform application stage to the anonymity provision stage is explained.

First, build a blockchain network in which peers, the authentication module 120, and the certification service provision module 122 participate as nodes 110.

When building a blockchain network, a zero-knowledge-based authentication key (public key, secret key) used in the authentication module 120 is generated.

Next, the peer requests registration with the authentication module 120. The authentication module 120 generates and registers the peer's certificate based on the generated authentication key.

Blockchain networks perform functions for transactions. The peer requests the certification service provision module 122 to sign or verify the transaction. The authentication service providing module 122 performs signing or verification using the peer's certificate.

Next, a method for providing anonymity of personal information in blockchain according to an embodiment of the present invention will be described.

Referring to FIG. 9, in this embodiment, the authentication module 120 generates a first certificate (S120), and the node 110 uses the first certificate to omit personal information and zero-knowledge. It includes a step of generating the applied second certificate and a transaction including the second certificate (S140), and a step of the verification module 140 verifying the transaction (S160).

In detail, step S120 includes generating an authentication public key and an authentication secret key using a random digital signature (S122) and generating a first certificate by signing with an authentication secret key using the BBS signature protocol. (S124) may be included.

Step S140 uses the BBS signature protocol when generating the second certificate.

Next, an actual blockchain system 100 was built using an embodiment of the present invention, and it was confirmed whether normal operation was possible while maintaining anonymity.

Experiment.

The source code in Figure 10(a) performs the function of generating a new signature (certificate) in which all attributes are not disclosed. In Figure 10(b), the operation of the Proof of Knowledge protocol was confirmed by performing verification on the generated signature.

Figure 11 is the result of verifying the certificate generated from the source code in Figure 10(a). As shown, the information of uID, Name, Birthday, City, Country, and ProofOfAge included in Attributes on the certificate was not displayed.

Signature generation is performed each time node 110 creates a transaction. This is closely related to transaction bottlenecks. Referring to Figure 12, generating and verifying one new signature consumes an additional time cost of approximately 92.77ms. The signature creation process and verification process have the disadvantage of delaying the service response speed required for one transaction to be processed.

만큼의 서명 배열을 선언하여 Map 또는 Index 자료 구조 기반의 메모리를 소모하되, 중복 요청되는 속성(Attributes)에 대한 서명을

시간 복잡도에 찾아갈 수 있도록 구현한다.Therefore, when the number of attributes is n,

Declare as many signature arrays as possible to consume memory based on Map or Index data structures, but do not require signatures for duplicate requested attributes.

Implemented to meet time complexity.

Referring to FIG. 13, a signature was created that can verify only ProofOfAge among the attribute information. ProofOfAge is an attribute that can confirm whether an adult is 18 years of age or older. Using this embodiment, it is possible to provide services that only adults can participate in, such as voting, even if personal information is not disclosed. Referring to Figure 13(b), it can be seen that only ProofOfAge information has been disclosed. As a result, it can be seen that by utilizing the configuration of the node 110, authentication module 120, and verification module 140 of this embodiment, anonymity can be provided for personal information in transactions generated in the blockchain network. .

In the above, the present invention has been described in detail with reference to examples, but those skilled in the art will be able to make various substitutions, additions, and modifications without departing from the technical spirit described above. It is natural, and such modified embodiments should also be understood as falling within the scope of protection of the present invention as defined by the patent claims attached below.

100: Blockchain system 110: Node
120: Authentication module 122: Certification service provision module
124: Encryption module 140: Verification module
160: Audit module 180: Disposal module

Claims (8)

An authentication module that generates a first certificate;
a node that uses the first certificate generated by the authentication module to generate a second certificate in which personal information is omitted and zero knowledge is applied and a transaction including the second certificate; and
A blockchain system that provides anonymity of personal information, comprising a verification module that verifies transactions generated in the node. According to paragraph 1,
The authentication module generates an authentication public key and an authentication secret key using a random digital signature, and generates the first certificate by signing with the authentication secret key using the BBS signature protocol. A blockchain system that provides anonymity of information. According to paragraph 2,
A blockchain system that provides anonymity of personal information, characterized in that the node generates a second certificate to which zero knowledge is applied using the BBS signature protocol. According to paragraph 3,
A blockchain system that provides anonymity of personal information, further comprising an audit module that tracks the transaction using a public key for audit and a secret key for audit. According to paragraph 3,
A blockchain system that provides anonymity of personal information, further comprising a disposal module that destroys the second certificate that needs to be discarded and transmits the fact of destruction of the second certificate to the node. (A) the authentication module generates a first certificate;
(B) a node using the first certificate to generate a second certificate in which personal information is omitted and zero knowledge is applied and a transaction including the second certificate; and
(C) A method of providing anonymity of personal information in a blockchain, characterized in that the verification module includes a step of verifying the transaction. The method of claim 6, wherein step (A) is,
Generating an authentication public key and an authentication secret key using a randomizable digital signature; and
A method of providing anonymity of personal information in a blockchain, comprising generating the first certificate by signing with the authentication secret key using the BBS signature protocol. The method of claim 7, wherein step (B) is,
A method of providing anonymity of personal information in blockchain, characterized by using the BBS signature protocol when generating the second certificate.

Images