WO2019132767A1

WO2019132767A1 - Transaction processing method and related equipment

Info

Publication number: WO2019132767A1
Application number: PCT/SG2017/050654
Authority: WO
Inventors: 阮子瀚; 吴双; 贺伟
Original assignee: 华为国际有限公司
Priority date: 2017-12-28
Filing date: 2017-12-28
Publication date: 2019-07-04
Also published as: CN111433800B; CN111433800A

Abstract

Disclosed in the present application are a transaction processing method and related equipment. The method comprises: a terminal generates first signature information of a transaction content according to credentials of a first account, wherein the transaction content is initiated by the first account; The terminal sends a transaction request message to a transaction processing device, and the transaction processing device returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message carries transaction result information; and the terminal sends a transaction record message to the transaction processing device on the basis of the transaction response message, wherein the transaction record message can instruct the transaction processing device to store the transaction record carried by the transaction record message on a blockchain, the blockchain being a distributed database of the transaction records stored by the transaction processing equipment. It can be seen that according to the embodiment of the present invention, the credentials of the first account are used to generate a front face, which avoids leakage of identity information caused by using a long-term private key of the first account to generate the signature in the prior art, thereby protecting the anonymity of the first account.

Description

\¥0 2019/132767 ?01/802017/050654 Fork easy handling method and related equipment

The present application relates to the field of computer technologies, and in particular, to a transaction processing method and related devices.

Background technique

A blockchain is a distributed database that stores a list of ordered records that include growing blocks, each block including a timestamp and a link to the previous block. The blockchain system including the blockchain consists of several consensus nodes, each of which maintains a complete blockchain data and code. Consensus algorithms can be used to achieve consistency of blockchain data.

In the blockchain system, transaction records are recorded in the blockchain in the form of blocks, and the transaction records cannot be unilaterally modified, thereby ensuring that the data cannot be tampered and unforgeable. However, in the blockchain system, all consensus nodes maintain transaction records, and each transaction record includes the signature of the transaction content, the address of the recipient, and/or the transaction amount in the transaction content. Wherein, the signature of the transaction content is generated by using the sender's private key, so the third party that can obtain the transaction record needs to use the public key to verify, and correspondingly, the sender of the transaction record is identified.

However, in some business scenarios, for example, in the financial industry, many users do not want third parties to the transaction to know the transaction information they initiated. Therefore, the privacy protection of the sender in the blockchain system is an urgent problem to be solved. Summary of the invention

The present application provides a transaction processing method and related apparatus capable of protecting the privacy of a sender that initiates a transaction in a blockchain transaction.

In a first aspect, the present application provides a transaction processing method, in which a terminal may generate first signature information of a transaction content according to a credential of a first account, where the transaction content is that the terminal is based on the first account Initiating, the credential is generated by the transaction processing device that processes the transaction content for the first account; the terminal sends a transaction request message to the transaction processing device, where the transaction request message includes the transaction content And the first signature information; the terminal receives the transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content; the terminal according to the transaction response message Transmitting, to the transaction processing device, a transaction record message, the transaction record message is used to instruct the transaction processing device to store the transaction record carried by the transaction record message on a blockchain, wherein the blockchain is the transaction processing device Saving a distributed database of the transaction records, the transaction records including The content of said transaction, the first signature information and the transaction result information.

The terminal is a device that is logged in by the first account; the first account is a party that initiates the transaction content, and may be referred to as a payer or a sender.

It can be seen that, in the application, the signature of the transaction content is generated by using the credentials of the first account, to avoid using the long-term private key of the first account to generate the signature in the prior art, and the verification device is also required, for example, the transaction processing device uses the long-term public key to verify the signature. Signature, resulting in the disclosure of the identity information of the first account, that is, the application can protect the first account \¥0 2019/132767 卩 (: Anonymity of 17802017/050654.

Wherein, since the credential of the first account is generated by the transaction processing device, the first account cannot issue a repudiation to the transaction record once the terminal posts the transaction record to the blockchain based on the first account, therefore, the application Not only can the privacy of the first account be protected, but also the characteristics of the transaction record on the blockchain can be retained.

The generating, by the terminal, the first signature information of the transaction content according to the credential of the first account, the method includes: the terminal inputting the private key of the first account, the credential of the first account, and the transaction content as an input of a zero-knowledge proof algorithm, and calculating the The first signature information of the transaction content, the private key includes a long-term private key or a one-time private key.

The transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction request message is a pass; the transaction record is a second verification obtained by the transaction processing device verifying the transaction record message. The result is stored as it passes;

The first verification result and the second verification result respectively include a verification result of the first signature information; the verification result of the first signature information is determined by the transaction processing device according to its own public key and The verification parameter in the first signature information is obtained by performing verification calculation. Wherein, if the transaction processing device generates the credentials of the first account, the transaction processing device uses the public key of the transaction and the verification parameter in the first signature information to perform the verification calculation to obtain the verification result of the first signature information. If the management device generates the credentials of the first account, the transaction processing device uses the public key of the management device and the verification parameter in the first signature information to perform verification verification to obtain the verification result of the first signature information. It can be seen that the implementation can avoid the disclosure of the identity information of the first account caused by the long-term public key corresponding to the long-term private key in the prior art.

In addition, in the first verification result, the verification result of the first signature information is used to indicate whether the first account is an account that can access the transaction processing device, or whether the account is issued by the transaction processing device, or is the first Whether an account has the right to access the transaction processing device; in the second verification result, the verification result of the first signature information is used to indicate whether the first account has the right to use the blockchain, that is, whether The transaction record related to the first account is stored in the blockchain. Optionally, the function of the verification result of the first signature information may be associated with the operation related to whether the verification is performed, and the application is not limited.

In a possible implementation manner, the transaction content is initiated by the terminal for the second account based on the first account, that is, the second account may be referred to as a recipient or a payee of the transaction content, or the terminal logging in to the second account is The recipient of the transaction, or the recipient of the transaction amount in the transaction. In this way, the terminal may generate a one-time public key of the second account according to the long-term public key of the second account; the terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account; The one-time public key of the second account is the address of the second account; the certificate is generated by using the private key of the certificate issuing device; the transaction request message and the transaction record include the one-time public key and the second signature information of the second account.

Correspondingly, the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is issued according to the one-time public key of the second account, the certificate is issued The public key of the device and the verification parameter in the second signature information are obtained by verifying the calculation.

Similarly, in the first verification result, the verification result of the second signature information is used to indicate whether the second account is an account that can access the transaction processing device, or whether the account is issued by the transaction processing device, or Whether the second account has the right to access the transaction processing device; in the second verification result, the verification result of the second signature information is used to indicate whether the second account has the permission to use the blockchain, that is, whether can \¥0 2019/132767 卩(:17802017/050654 is enough to store the transaction record related to the second account on the blockchain. Optionally, the effect of the verification result of the second signature information may be related to whether the verification is passed or not. The operation is associated with, and the application is not limited.

It can be seen that, in the implementation manner, the receiving address of the transaction content is a one-time public key, and the third party cannot identify the public key corresponding to the second account (ie, the receiving party) of the transaction content according to the receiving address; The third party, such as the transaction processing device, may perform verification calculation using the one-time public key, the public key of the certificate issuing device, and the verification parameter in the second signature information, and obtain the verification result of the second signature information, and further, according to the verification result The verification result of the second signature information is related to the related rights of the second account, and the hash value of the long-term public key of the second account in the prior art can be avoided as the privacy leakage caused by the address.

In a possible implementation, the terminal may obtain the ciphertext of each input amount and the ciphertext of each output amount; the terminal calculates the total according to the ciphertext of each input amount and the ciphertext of each output amount. Entering a ciphertext of a difference between the amount of money and the total output amount; the terminal generating third signature information of the transaction content according to the ciphertext of the difference; wherein, the transaction request message and the transaction record further Include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, where the verification result of the third signature information is determined by the transaction processing device The verification result in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount are obtained through verification calculation, and the verification result of the third signature information is used to indicate the total input. Whether the amount is equal to the total output amount.

It can be seen that the transaction content of the present application does not need to carry the plaintext of each input amount and each output amount, and the verifier, such as the verification parameter in the third signature information by the transaction processing device, the ciphertext of each input amount, and the output. The ciphertext of the amount can verify whether the total input amount is equal to the total output amount, that is, the correctness of the transaction is known. This helps protect the privacy of the transaction amount.

The ciphertext of each input amount and the ciphertext of each output amount are obtained by using an additive homomorphic encryption algorithm. The addition homomorphic encryption algorithm refers to adding the encrypted data to obtain an output, and decrypting the output, and the result is the same as the output obtained by processing the unencrypted original data. Therefore, the terminal does not need plaintext, but uses the ciphertext of each input amount and the ciphertext of each output amount to obtain the ciphertext of the total input amount and the ciphertext of the total output amount, and also obtain the total input amount and total output. The ciphertext of the difference between the amounts.

It can be seen that each of the above possible implementations can protect the privacy of the first account (ie, the payer or sender), the second account (the payee or the recipient), or the transaction amount. Therefore, in some other implementation manners, the terminal may set the privacy of any one or more of the payer, the payee, and the transaction amount according to the user's business requirement, and correspondingly, may adopt the above three possible implementation manners. Any one or more of them to achieve privacy protection.

In a possible implementation, the transaction content may include a ciphertext of each input amount and a ciphertext of each output amount; and, in addition, the ciphertext of each input amount and the encryption of the ciphertext of each output amount The key is the public key of the third-party audit account.

In this way, the third-party audit account can use its own private key to decrypt the ciphertext of each input amount and the ciphertext of each output amount, thereby facilitating the auditor who has the third-party audit account to review the transaction amount in the transaction content. And because the transaction content has the ciphertext of the transaction amount, not the plaintext, and the ciphertext of the transaction amount is obtained by using the public key encryption of the third-party audit account, therefore, only the third party audit account except the two parties to the transaction The auditor can see the transaction amount, which helps to protect the privacy of the transaction amount and facilitate the audit work of the auditor. \¥0 2019/132767 卩 (:17802017/050654 In a possible implementation manner, the terminal may generate an identifier of each input amount according to the one-time private key of the first account; the transaction request message And the transaction record further includes an identifier of each input amount, and the identifier of each input amount is used to prevent the input amount from being consumed twice. For example, if an identifier with an input amount already exists in the blockchain If the transaction processing device verifies the transaction content and then finds the identifier I with the input amount, it can be determined as secondary consumption, and the verification fails. It can be seen that the implementation can use the identification of each input amount to prevent Enter the secondary consumption of the amount.

In a possible implementation, the terminal may further generate fourth signature information of the transaction content according to the identifier of each input amount, where the transaction request message and the transaction record further include the fourth signature information. The first verification result and the second verification result further include a verification result of the fourth signature information, and the verification result of the fourth signature information is an identifier and a location of the input amount by the transaction processing device. The verification result in the fourth signature information is obtained by the verification calculation, and the verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct. It can be seen that if the identifier of the input amount is incorrect, the verification result of the fourth signature information is also not passed, and the secondary consumption of the input amount is further avoided.

In a possible implementation manner, the terminal may encrypt the one-time public key of the first account according to the public key of the third-party audit account, and obtain the ciphertext of the one-time public key; correspondingly, the transaction request message and the transaction record It may also include the ciphertext of the one-time public key. In this way, the auditor with the third-party audit account can use the private key to decrypt the ciphertext of the one-time public key, obtain the one-time public key, and obtain the identity information of the first account, which is convenient for the auditor to audit. For example, the first transaction is initiated by the account, the payee is the account I); the second transaction is initiated by the account, and the payee is the account ^ After the auditor obtains the one-time public key of the account according to the implementation, the audit The member can also know the first transaction involved in the account 1 according to the one-time public key of the account 1), and the process of generating the one-time public key of the account by decrypting the terminal that logs in the account in the first transaction, and the account can be obtained. The long-term public key also knows the identity information of the account, so that the account can be audited. For example, in combination with the following implementation manner, the terminal of the account can use the public key of the third-party audit account to generate the ciphertext of the long-term public key of the account, and the auditor can obtain the ciphertext of the long-term public key of the account I? The long-term public key of the account, in order to audit the account.

In a possible implementation manner, the terminal may further generate fifth signature information of the transaction content according to the ciphertext of the one-time public key obtained in the foregoing implementation manner, and correspondingly, the transaction request message and the transaction record further include The fifth signature information, the first verification result and the second verification result further include a verification result of the fifth signature information, and the verification result of the fifth signature information is determined by the transaction processing device according to the The verification result of the fifth signature information is obtained by the verification calculation, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

In a possible implementation, the terminal may further encrypt the long-term public key of the second account according to the public key of the third-party audit account, and obtain the ciphertext of the long-term public key of the second account; The ciphertext of the long-term public key is also included in the transaction request message and the transaction record. In this way, the auditor with the third-party audit account can use his private key to decrypt the ciphertext of the long-term public key, obtain the long-term public key of the second account, and thereby obtain the identity information of the second account, which is convenient for the auditor. audit.

In a possible implementation, the terminal may further generate sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account; correspondingly, the transaction request message and the Also in the transaction record \¥0 2019/132767 卩 (:17802017/050654 includes the sixth signature information; the first verification result and the second verification result further include a verification result of the sixth signature information, the sixth signature The verification result of the information is obtained by the transaction processing device according to the verification parameter in the sixth signature information, and the verification result of the sixth signature information is used to indicate the long-term public of the second account. Whether the ciphertext of the key is correct.

In a possible implementation manner, the obtaining, by the terminal, the credential of the first account may include: sending, by the terminal, a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or Or the ciphertext of the transaction amount of the first account; the terminal receives the credential response message returned by the transaction processing device, where the credential response message includes the credential of the first account, the first account The credential is generated by the transaction processing device according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

In a possible implementation manner, the terminal may apply for the credentials of the second account when applying for the credentials of the first account to the transaction processing device, so that the second account can directly use the transaction amount when using the transaction amount. Credentials to protect their anonymity, for example, using the implementation of the first aspect to protect the anonymity of the second account as a payment account.

That is, in the above implementation manner, the credential request message may further include a one-time public key of the second account and/or a ciphertext of the transaction amount of the second account; correspondingly, the credential response message may further include the second account. The credential of the second account is generated by the management device according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account, the transaction request The message and the transaction record also include credentials of the second account. Therefore, it is convenient for the second account to protect the anonymity of the transaction amount when using the transaction amount as a payment account.

In a possible implementation, the credentials of the second account may also be applied by the second account itself. For example, before the second account needs to use the transaction amount, the credentials are applied to the management device. Specifically, the method may include: The terminal that has logged in to the second account may send a credential request message to the management device, where the credential request message includes a one-time public key of the second account and/or a ciphertext of the transaction amount of the second account; and receives the return from the management device. The credential response message includes the credential of the first account, and the credential of the first account is generated by the management device according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

In a possible implementation, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information, or the sixth signature information may all be zero signatures of the knowledge certification, that is, It can be said that the above method for generating signature information can adopt a zero-knowledge proof algorithm. The zero-knowledge proof algorithm is that the prover performs a series of mathematical calculations on the useful information to be confidential to obtain a signature, which is a series of verification parameters, and the series of verification parameters does not include useful information to be kept secret; the verifier can Using the series of verification parameters to perform a series of verification calculations, according to the results of the verification calculation can verify the prover's assertion on the useful information, that is, verify that the prover's argument is correct, usually the argument is that the prover can know that it is confidential. An argument for useful information. Therefore, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information, or the sixth signature information may use a zero-knowledge proof algorithm to generate a sound field, and correspondingly, a zero-knowledge proof may also be used. The algorithm is used for verification, and the verification result is obtained. Since the verification calculation process only needs to use the signature information and the verification parameter, the leakage of the useful information is avoided, thereby protecting the first account, the second account, the transaction amount, and the like in the foregoing implementation manners. Privacy. \¥0 2019/132767 卩 (: 17802017/050654 In the second aspect, the present application further provides a transaction processing method, in which the transaction processing device receives a transaction request message sent by the terminal, in the transaction request message The transaction content and the first signature information, where the transaction content is initiated by the terminal based on the first account, the first signature information is generated by the terminal according to the credentials of the first account; Returning, by the device, a transaction response message to the terminal according to the transaction request message, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content; and the transaction processing device receives the terminal according to the Transaction report message sent by the transaction response message; the transaction processing device stores the transaction record carried in the transaction record message on a blockchain, where the blockchain stores the transaction record in the transaction processor a distributed database, the transaction record including the transaction content, the first signature information, and a The transaction result information.

The first signature information in the application is generated according to the credentials of the first account. In the prior art, the long-term private key of the first account is used to generate the signature, and the verification device, such as the transaction processing device, is used to verify the long-term public key. The signature causes the identity information of the first account to be leaked, that is, the application can protect the anonymity of the first account.

Before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further includes: the transaction processing device verifying the transaction request message to obtain a first verification result; When the first verification result is a pass, the transaction processing device runs the transaction content to obtain transaction result information; the method further includes: the transaction processing device verifying the transaction record message to obtain a second verification result; When the second verification result is a pass, the transaction processing device performs the step of storing the transaction record carried by the transaction record message on the blockchain.

And the verification result of the first signature information is included in the first verification result and the second verification result; the verification result of the first signature information is used by the transaction processing device to use the public key of the transaction The verification parameters in the first signature information are obtained by verification calculation. It can be seen that the transaction processing device can verify the first signature information of the transaction content according to the public key of the transaction, instead of using the public key of the first account to verify the public key, so that the third party cannot know the public key of the first account. It also protects the privacy of the first account.

The transaction processing device verifies the first signature information of the transaction content, and the method includes: the transaction processing device performs the verification calculation by using the zero-knowledge proof algorithm according to the verification parameter in the first signature information and the public key of the first signature information, and obtains the verification of the first signature information. result.

In a possible implementation manner, the transaction content is initiated by the terminal for the second account based on the first account, that is, the first account may be the sender of the transaction content or the account of the payment party, and the second account may be the transaction content. The account that the recipient or payee has. The transaction request message and the transaction record may further include a second signature information and a one-time public key of the second account, where the one-time public key of the second account is a receiving address of the transaction content, or may also be referred to as a transaction content. The address of the recipient or payee. Correspondingly, the first verification result and the second verification result may further include a verification result of the second signature information, where the verification result of the second signature information is a one-time public key of the transaction processing device according to the second account, and the certificate issuing device The public key and the verification parameter in the second signature information are obtained by verifying the calculation.

It can be seen that, in the implementation manner, the receiving address of the transaction content is a one-time public key, and the third party cannot identify the public key corresponding to the second account of the transaction content according to the receiving address. In addition, the transaction processing device uses the receiving address to verify the second signature information, and knows whether the second account has the transaction record stored in the blockchain. \¥0 2019/132767 卩 (: 17802017/050654 conditions, that is, verify the access qualification of the second account. Compared with the hash value of the long-term public key using the second account in the prior art as the receiving address, This implementation can protect the privacy of the second account.

In a possible implementation manner, the transaction request message and the transaction record may further include third signature information, a ciphertext of each input amount, and a ciphertext of each output amount, and correspondingly, a first verification result and a second The verification result further includes a verification result of the third signature information, where the verification result of the third signature information is determined by the transaction processing device according to the verification parameter in the third signature information, the ciphertext of each input amount, and The ciphertext of each output amount is obtained through verification calculation, and the verification result of the third signature information is used to indicate whether the total input amount in the transaction record is equal to the total output amount.

It can be seen that the transaction content does not need to carry the plain text of each input amount and each output amount, and even the ciphertext of each input amount and the ciphertext of each output amount are not required in the transaction content, and the certifier such as the transaction processing device according to the third signature information It is possible to verify whether the total input amount is equal to the total output amount, that is, to know the correctness of the transaction. This helps protect the privacy of the transaction amount.

In a possible implementation manner, the transaction content further includes a ciphertext of each input amount and a ciphertext of each output amount, and the ciphertext of each input amount and the ciphertext encryption key of each output amount are third parties. Review the public key of the account. In this way, the auditor who has the third-party audit account can use his private key to decrypt the ciphertext of each input amount and the ciphertext of each output amount, and obtain the plaintext of each input amount and the plaintext of each output amount. Since the ciphertext is encrypted by the public key of the third-party audit account, only the private key of the third-party audit account can be decrypted, thereby helping to protect the privacy of the transaction amount and facilitating the audit of the auditor.

In a possible implementation manner, the transaction request message and the transaction record may further include an identifier of each input amount, the identifier of each input amount, and the identifier of each input amount is used to prevent the input amount from being twice consumption. For example, if the transaction record with the identifier 1" of the input amount already exists in the blockchain, if the transaction processing device verifies the transaction content and then finds the identifier with the input amount, it can be determined that the input amount is secondary consumption. The verification fails. It can be seen that the implementation can use the identification of each input amount to prevent secondary consumption of the input amount.

In a possible implementation manner, the transaction request message and the transaction record further include fourth signature information, and correspondingly, the first verification result and the second verification result further include a verification result of the fourth signature information, the fourth signature The verification result of the information is obtained by the transaction processing device according to the verification of the identifier of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used to indicate the input amount. Whether the identification is correct; it can be seen that if the identifier of the input amount is incorrect, the verification result of the fourth signature information is also not passed, and the secondary consumption of the input amount is further avoided.

In a possible implementation, the transaction request message and the transaction record may further include a ciphertext of the one-time public key of the first account, where the ciphertext encryption key of the one-time public key of the first account is The public key of the third-party audit account. In this way, the auditor with the third-party audit account can use its own private key to decrypt the ciphertext of the one-time public key, obtain the one-time public key, and obtain the identity information of the first account, which is convenient for the auditor to audit.

In a possible implementation manner, the transaction request message and the transaction record may further include fifth signature information. Correspondingly, the first verification result and the second verification result further include a verification result of the fifth signature information, where the fifth The verification result of the signature information is performed by the transaction processing device according to the verification parameter in the fifth signature information. \¥0 2019/132767 卩 (:17802017/050654 The verification result obtained by the verification calculation, the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

In a possible implementation, the transaction request message and the transaction record further include a ciphertext of the long-term public key of the second account, where the encryption key of the ciphertext of the long-term public key of the second account The public key for the third party audit account. In this way, the auditor with the third-party audit account can use his private key to decrypt the ciphertext of the long-term public key, obtain the long-term public key of the second account, and thereby obtain the identity information of the second account, which is convenient for the auditor. audit.

In a possible implementation manner, the transaction request message and the transaction record further include the sixth signature information; the first verification result and the second verification result further include a verification result of the sixth signature information, the sixth The verification result of the signature information is obtained by the transaction processing device according to the verification parameter in the sixth signature information, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

In addition, the credential of the first account may be generated by the following steps: the transaction processing device receives a credential request message sent by the terminal, where the credential request message includes the one-time public key of the first account and/or Or the ciphertext of the transaction amount of the first account; the transaction processing device generates the credential of the first account according to the credential request message; the transaction processing device sends a credential response message to the terminal, The credential response message carries the credentials of the first account.

In a possible implementation manner, the terminal may apply for the credentials of the second account at the same time as applying the credentials of the first account, so that the second account can directly use the credentials to protect itself when using the transaction amount. Anonymity. That is, the credential request message further includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; the transaction processing device may further request a message according to the credential Generating a credential of the second account, the credential response message further includes the credential of the second account; the transaction request message and the transaction record may further include the credential of the second account.

In a possible implementation manner, the credentials of the second account may also be applied by the second account itself, for example, to apply for credentials to the management device before the second account wants to use the transaction amount.

In a possible implementation, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information, or the sixth signature information may all be zero signatures of the knowledge certification, that is, The above signature information can be verified by using a zero-knowledge proof algorithm, and the verification process can be verified only by using the above-mentioned signature information and system parameters, thereby avoiding leakage of key information in the transaction, thereby protecting the first account in each of the above implementation manners, The privacy of the second account number, transaction amount, etc.

In a third aspect, the application further provides a terminal, where the terminal has the function of implementing the terminal in the foregoing implementation method. This function can be implemented in hardware, for example, including a processor and a transceiver, or it can be implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above, which may be software and/or hardware.

In a fourth aspect, the present application further provides a transaction processing device having a function of implementing the transaction processing device in the above implementation method. This function can be implemented in hardware, for example, including a processor and a transceiver, or can be implemented by hardware in a corresponding software. The hardware or software includes one or more modules corresponding to the functions described above, which may be software and/or hardware. The processor and transceiver can handle multiple of the above \¥0 2019/132767 卩 (: 17802017/050654 The message sent by the terminal in the current method, the transaction processing method described in the above implementation method is executed.

In a fifth aspect, the application further provides a transaction processing device, where the transaction processing device includes at least one endorsement module, a consensus module, a submission module, and a management module;

The at least one endorsement module is configured to receive a transaction request message sent by the terminal, where the transaction request message includes a transaction content and first signature information, where the transaction content is initiated by the terminal based on the first account, a signature information is generated by the terminal according to the credentials of the first account;

The at least one endorsement module is further configured to: return, according to the transaction request message, a transaction response message to the terminal, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content; a consensus module, configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, and sort the transaction record carried by the transaction record message with the transaction record received from other terminals according to the receiving time, Generating a block including the transaction record, and submitting the block to the submitting module; the submitting module, configured to receive the block, and store the transaction record in the form of the block The management module of the transaction processing device, configured to generate the credential of the first account according to the private key of the first account and the one-time public key of the first account and/or the ciphertext of the transaction amount .

In a sixth aspect, the present application further provides a transaction processing system, which may include a terminal and a transaction processing device, and the terminal may perform the transaction processing method provided by the above first aspect, or in a possible implementation manner of the first aspect Any one or more of the following: the transaction processing device may perform the transaction processing method provided by the second aspect, or the second aspect may be any one or more of the implementation manners.

In a seventh aspect, the present application further provides a computer readable storage medium, where the readable storage medium stores any one of the possible implementation methods of the first aspect, or a possible implementation of the first aspect. Or program code of a plurality of provided transaction processing methods, the program code comprising a transaction processing method provided by the first aspect, or an execution instruction of the transaction processing method provided by any one of the possible implementations of the first aspect .

In an eighth aspect, the present application further provides a computer readable storage medium, where the readable storage medium stores any one of the transaction processing methods provided by the second aspect, or a possible implementation of the second aspect. Or program code of a plurality of provided transaction processing methods, the program code comprising a transaction processing method provided by the second aspect, or an execution instruction of the transaction processing method provided by any one of the possible implementations of the second aspect . DRAWINGS

1 is a schematic structural diagram of a transaction processing system;

2 is a schematic flow chart of a transaction processing method based on the blockchain system shown in FIG. 1. FIG. 3 is a schematic structural diagram of a transaction processing system according to an embodiment of the present invention;

38 is a schematic structural diagram of another transaction processing system according to an embodiment of the present invention;

30 is a schematic structural diagram of still another transaction processing system according to an embodiment of the present invention;

4 is a schematic flowchart of a transaction processing method according to an embodiment of the present invention;

FIG. 5 is a schematic flowchart diagram of another transaction processing method according to an embodiment of the present invention; FIG. \¥0 2019/132767 卩 (: 17802017/050654 FIG. 6 is a schematic flow chart of still another transaction processing method according to an embodiment of the present invention;

FIG. 7 is a schematic flowchart diagram of still another transaction processing method according to an embodiment of the present invention; FIG.

FIG. 8 is a schematic diagram of a user interface according to an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;

FIG. 10 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention;

11 is a schematic structural diagram of another transaction processing device according to an embodiment of the present invention;

FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;

FIG. 13 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention.

Detailed ways

The technical solutions in the embodiments of the present invention will be described in detail below with reference to the accompanying drawings in the embodiments of the present invention.

At present, the blockchain is a distributed database, which includes a growing number of ordered records lists, which are called blocks, that is, each block includes time according to a preset time period. Sorted transaction records. Each block contains a timestamp that generated the block and a link to the previous block.

The construction of the blockchain is completed based on the transaction processing system. For example, please refer to FIG. 1. FIG. 1 is a schematic structural diagram of a transaction processing system. The transaction processing system shown in FIG. 1 includes a terminal, an endorsing peer, and an endorsing peer. The consensus node is the Ordering peer and the submitting node is the Committing peer. The terminal is a terminal that logs in to the payment account, and the terminal may also be called a payer or a sender, and can initiate a transaction; the endorsement node, the consensus node, and the submit node may be located in different servers, or may be located in the same server. It can also be deployed to the cloud platform to perform related functions, so the endorsement node, the consensus node, and the submitting node are collectively referred to as a transaction processing system.

The terminal is used to initiate a transaction, and the transaction content, the signature of the transaction content, the address of the payee, and the certificate of the payer and the certificate of the payee are also available.

An endorsement node, used to verify the transaction request message initiated by the payer, and can simulate running the transaction content, obtain the transaction result, and generate a signature for the transaction result when the verification is passed. For example, the endorsement node can verify the signature of the transaction by the payer, the certificate of the payer and the payee, the address of the payee, and the like.

a consensus node, configured to execute a consensus algorithm. In addition, the consensus node may obtain multiple transaction records submitted by multiple terminals, and sort multiple transaction records according to the submitted time to obtain an ordered transaction record list, and the ordered The list of transaction records is called a block.

The submitting node is used to verify the signature of the payer and the signature of the endorsement node in each transaction record in the block, and when the verification is passed, each transaction record in the block can be stored in the blockchain. For example, the submitting node verifies whether the transaction record satisfies a preset condition for each transaction record in the block. If the preset condition is met, the verification transaction is passed, and the corresponding transaction record can be stored in the blockchain. The preset condition may be: at least ten signatures of the endorsement nodes and corresponding transaction results in each transaction record, and the transaction results corresponding to the signatures are consistent.

In addition, after the transaction record is stored in the blockchain, the payee can determine whether the payee in the transaction record is himself or not based on its own private key and the address of the payee in the transaction record.

For example, please refer to FIG. 2. FIG. 2 is a schematic flowchart of a transaction processing method provided by the blockchain system shown in FIG. 1. The transaction processing method may include the following steps: \¥0 2019/132767 ?01/802017/050654

201. The terminal generates a signature of the transaction content by using a private key of the payment account, obtains a certificate of the payment account and the payment account, and generates a receiving address of the payment account according to the public key of the payment account;

The certificate of the withdrawal account and the payment account is generated by the certificate authority according to the public key of the payment account and the payment account, and is used to verify whether the payment account and the payment account have the qualification to use the blockchain system, that is, whether Access qualification. The receiving account can verify whether the receiving address is itself based on how the public key generates a hash value.

202. The terminal sends a transaction request message to the at least one endorsement node.

203. Each endorsement node in the at least one endorsement node can verify the transaction request message, and when the verification passes, simulate running the transaction content to obtain the transaction result information;

204. Each endorsement node in the at least one endorsement node respectively returns a transaction response message to the terminal.

The transaction response message carries corresponding transaction result information.

Wherein, each endorsement node verification transaction request message may include the following steps:

The endorsement node verifies the signature of the transaction content, that is, the endorsement node verifies the signature of the transaction content by using the public key of the payment account, and if the verification passes, it indicates that the transaction is initiated by the payment account, thereby ensuring non-repudiation of the payment account. Sex

I). The endorsement node verifies the certificate of the payment account and the payment account, that is, the endorsement node checks whether the certificate of the payment account and the payment account is a certificate authority.

The issued certificate, if yes, indicates that the payment account and the payment account have the qualification to execute the transaction, that is, the payment account and the payment account have the qualification to enter;

The endorsement node verifies the address of the payee, wherein the payee's certificate is the payee's public key, so the hash value of the public key can be obtained to verify whether it is consistent with the payee's address, if they are consistent, Verification passed, otherwise, verification failed.

If 3, I) and both are verified, the endorsement node can simulate the running of the transaction and obtain the transaction result information. The transaction result information includes a transaction result and a signature of the transaction result generated by the endorsement node using its own private key.

For example, if the transaction content is a certain amount of transaction amount paid by the payer to the payee, the endorsement node simulates running the transaction content, and the obtained transaction result is that the amount owned by the payer is less than the amount of the transaction, and the amount owned by the payee The amount of this amount is increased.

The terminal may send the transaction request message to multiple endorsement nodes simultaneously, and correspondingly, the transaction response message returned by the multiple endorsement nodes may be obtained, and the terminal may obtain multiple signatures and corresponding multiple transactions according to the multiple transaction response messages. result.

205. The terminal receives a transaction response message returned by the at least one endorsement node, and sends a transaction record message to the consensus node.

Wherein, the transaction record message carries a transaction record, and the transaction record includes a transaction content, a signature of the transaction content, a payment account and a certificate of the payment account, and at least one transaction result information.

206. The consensus node receives the transaction record message, and sorts the transaction record carried by the transaction record message sent by the terminal with the transaction record sent by other terminals according to time, generates a block including the ordered transaction record list, and creates the area. The block is sent to the submitting node;

207. The submitting node receives the block, and verifies each transaction record in the block. When the verification is passed, \¥0 2019/132767 ?01/802017/050654 Store this block on the blockchain.

The method for the submitting node to verify each transaction record in the block is the same. Therefore, the transaction record in the transaction record message sent by the terminal is verified by the submitting node as an example. The submitting node verification transaction record mainly includes: the submitting node verifies the signature of the transaction content according to the public key of the payment account; the submitting node verifies the signature of the corresponding transaction result according to the public key of the endorsement node; and submits the node to verify whether the transaction result information in the transaction record is The preset condition is met. For example, the preset condition is that the transaction record requires at least ten signatures of the endorsement node and the corresponding transaction result, and the transaction result corresponding to each signature is consistent. Thus, when all verifications pass, the submitting node can store the transaction record on the blockchain. Specifically, the transaction record is stored in the blockchain in the form of a block generated by the consensus node, and the timestamp of the block is the time at which the consensus node generates the block, and the link in the block points to the previous block. Is the number determined according to the previous block.

It can be seen that in the transaction processing method shown in FIG. 2, the signature of the transaction content is obtained according to the private key of the payment account, and the verification party can verify the signature by using the public key of the payment account, and confirm the transaction when the verification is passed. The content is initiated by the payment account, thereby avoiding the repudiation of the payment account. Since the transaction processing method is generated by using the private key of the payment account in the transaction processing method shown in Fig. 2, the authenticator needs to know the public key of the payment account to verify the signature, so as to avoid the payment account from repudiating the transaction content. This also results in any party other than the transaction, any third party that has the public key of the payment account can identify all transactions initiated by the payment account, and thus cannot protect the identity anonymity of the payment account.

In addition, in FIG. 2, the receiving address of the transaction content is the hash value of the public key of the receiving account, and the certifier verifies that the eligibility of the receiving account to access the blockchain system is also determined according to the certificate of the receiving account, resulting in a third party. Once the public key of the payment account is known, the transaction corresponding to the payment account can be identified, and the identity anonymity of the payment account cannot be protected.

In addition, in order for the verifier to verify that the transaction amount is correct, the transaction content also needs to carry the transaction amount, so that the third party can know the transaction amount between the payment account and the payment account. For example, if the transaction input amount is equal to the transaction output amount, it is avoided that the transaction account has a transaction input amount smaller than the transaction output amount.

It can be seen that in Figure 2, in addition to the two parties, the third party, such as the endorsement node, the consensus node, and the submitting node, need to know the public key of the payment account, the public key of the payment account, and the transaction content, and learn the payment account and the payment account. The public key is equivalent to knowing the identity information of the payer and the payee, which results in the privacy of the payer, the payee and the transaction amount in the transaction.

In order to solve the problem, an embodiment of the present invention provides a transaction processing method capable of selecting privacy of a payment party, a payee, and/or a transaction amount according to a service setting.

In order to facilitate an understanding of the embodiments of the present invention, the related concepts or terms are first described.

In the embodiment of the present invention, the signature refers to a digital signature, or signature information of digital information, such as signature information or signature of a transaction content; a digital signature is a common physical signature written on paper, using a public key cryptography field. Technical implementation, a method for identifying digital information. Digital signatures apply the principle of one-way functions used in the field of public key cryptography to generate long-term public keys and long-term private keys. Among them, the one-way function refers to a function in which the forward operation is very simple and the reverse operation is very difficult. A set of digital signatures usually defines two complementary operations, one for signature, the other. \¥0 2019/132767 卩(:17802017/050654 is used for verification; for example, the signer can use a private key and digital information to calculate a function to generate a signature of the digital information; in the verification operation, the verifier can use the corresponding public key, The digital information and the signature are calculated to determine if the signature is correct.

In the embodiment of the present invention, the first account is an account that initiates transaction content, and may be referred to as a payment account or a payment account; the second account is an account for which the transaction content initiated by the first account is directed, that is, the second account may be The recipient of the transaction content may be referred to as a payment account; correspondingly, the first account may also be referred to as a payment account in other transactions, and the second account may also be referred to as a payment account. For ease of understanding, in the embodiment of the present invention, The first account is a payment account, and the second account is a payment account.

Correspondingly, the terminal that logs in to the first account is the terminal in FIG. 3A to FIG. 3D, and the terminal may be referred to as a payment terminal; the terminal that logs in to the second account may be referred to as a payment terminal, which is not embodied in FIG. 3A to FIG. 3D.

Before executing the transaction processing method, the terminal may select, according to the privacy protection method selected by the user of the first account on the terminal that logs in to the first account, such as selecting to protect the first account, the second account, and the transaction amount in the transaction content. One or more of the privacy, the embodiments described herein are selected to perform the corresponding transaction processing method.

For example, please refer to FIG. 8. FIG. 8 is a schematic diagram of a user interface according to an embodiment of the present invention. As shown in FIG. 8 , the mobile phone is used as an example. The payment account may include multiple users, and the user selects the input mode through the terminal. The payment account to be used in this transaction; the user can also input the payment account of the payee and the amount paid in the user interface through the input mode of the terminal, and select the option that needs privacy protection in the user interface, as shown in the figure. As shown in 8, select the privacy protection of the payment account. Optionally, in the embodiment of the present invention, the terminal receives the payment account entered for the user interface or the selected payment account, the payment account, the amount, and the selected privacy protection option; the terminal executes the following embodiments according to the selected privacy protection option. In the related operation, the payment process is completed, that is, the transaction process is completed.

The optional embodiments are described in detail below. Embodiment 1

In order to protect the privacy of the payment account, the embodiment of the present invention proposes a transaction processing method based on the transaction processing system shown in FIG. 3A or FIG. 3B, which can protect the privacy of the payment account. As shown in FIG. 3A or FIG. 3B, the transaction processing system includes at least one terminal and at least one transaction processing system, and the at least one terminal can separately log in at least one payment account. In the embodiment of the present invention, the payment account is It may also be referred to as a first account, wherein, in the transaction processing method, each terminal processes the transaction initiated by the registered payment account. Each transaction processing system in at least one transaction processing system processes the transactions submitted by the terminal, and each transaction processing system can be maintained by a corresponding organization, for example, in the financial industry's alliance chain scenario, each bank A transaction processing system can be maintained to process transactions submitted by terminals registered by the bank's user account; wherein each transaction processing system includes at least one endorsement node, consensus node, and submission node, at least one endorsement node, consensus node And the submitting node has the same function as the endorsement node, the consensus node, and the commit node in the blockchain system shown in FIG. 1 described above.

In the transaction processing system shown in FIG. 3A, each transaction processing system may further include a management node Group Manager; in the transaction processing system shown in FIG. 3B, the endorsement node may also perform the function of the management node. In other words, the management node can be a node independent of the transaction processing system, or it can be a certificate machine. The certificate issuing nodes are merged into one node, and can also be merged with the endorsement node in the transaction processing system into one node, and the management node is used to generate credentials for the payment account to protect the identity privacy of the payment account.

In the embodiment of the present invention, each transaction processing system may be a server that performs functions of each node in the transaction processing system; each transaction processing system may also be multiple servers, for example, each node corresponds to one server. The transaction processing system is collectively referred to as a transaction processing device, and the interaction between the endorsement node, the consensus node, and the submit node in the transaction processing system is similar to that in the prior art. The functions of the nodes are executed by the transaction processing device; correspondingly, since the interaction process of each terminal with the transaction processing device is also the same, as shown in FIG. 3C, the transaction processing system shown in FIG. 3A is abstracted to include one terminal. a transaction processing device and a system for managing the device; correspondingly, as shown in FIG. 3D, the transaction processing system shown in FIG. 3B is abstracted into a system including a terminal and a transaction processing device, wherein, in FIG. 3D, the transaction The processing device can also perform the function of managing the device, Account credentials generated to protect the identity of privacy payment account.

In addition, in the embodiment of the present invention, the collection account is collectively referred to as the second account, and the terminal that logs in to the payment account may also be referred to as a payee or a recipient.

In the embodiment of the present invention, when the terminal generates the signature information of the transaction content, the terminal does not use the private key of the payment account to generate, but uses the credentials of the payment account to generate the signature information of the transaction content. Thus, even a third party having a public key of the payment account cannot recognize that the signature information is generated by the terminal to which the payment account is logged in; correspondingly, the verifier, such as the endorsement node and the submitting node, verify the signature information of the transaction content. When the public key of the payment account is no longer used for verification, the public key of the management device that generated the certificate is used for verification, so that the public key of the payment account is known by the verifier or any third party during the entire transaction process. , effectively protect the privacy of the payment account.

In order to facilitate the subsequent description, the embodiment of the present invention refers to the signature information of the transaction content generated by the credentials of the payment account as the first signature information.

In the embodiment of the present invention, the terminal may send the content of the payment account that needs privacy protection to the management device, and the management device generates the credentials for the payment account according to the content that needs privacy protection. For example, the management device generates credentials for the payment account based on the one-time public key of the payment account and/or the transaction amount owned.

Since the credential is issued by the management device for the payment account, once the payment account uses the credential to generate the signature of the transaction content, the transaction content cannot be denied. Thus, the non-repudiation of the transaction content can be maintained while protecting the privacy of the payment account.

In some embodiments, the obtaining the credentials of the payment account by the terminal may include the following steps:

The terminal sends a credential request message to the management device, where the credential request message includes the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account;

The terminal receives the credential response message returned by the management device, where the credential response message includes the credential of the first account, and the credential of the first account is the management device according to the first account. The one-time public key and/or the ciphertext of the transaction amount of the first account is generated.

For example, the terminal submits the one-time public key 0tpk _{Aiiee of the} payment account Alice to the management device, and the management device generates the credentials credential for Alice according to its private key ^=a and the random number X _ice (A Alice, XAlice), where : \¥0 2019/132767 卩(:17802017/050654

Where _gl , g _2, and h are system parameters.

For another example, the terminal submits the amount C owned by the payment account Alice and the one-time public key 0tpk _Aiice to the management device, and the management device generates the _credit for Alice according to its private key gs/c = ir and the random number X _Aiice ( AA _lice , ^A _lice ), where.

Where _gl , g _2, and h are system parameters.

For another example, the terminal only sends the amount C owned by the payment account to the management device, and the otpk _Mice is equal to 1 in the credentials generated by the management device for the payment account Alice.

The transaction processing method in the embodiment of the present invention is different from the transaction processing method shown in FIG. 2 in that, in the embodiment of the present invention, the terminal generates the first signature information of the transaction content according to the credentials of the payment account. Correspondingly, the transaction processing device verifies the transaction request message, the obtained first verification result; and the transaction processing device verifies the transaction record message, and the obtained second verification result, the first verification result and the second verification result both include the first signature information The verification result of the first signature information is obtained by the transaction processing device performing verification calculation according to the public key of the management device and the verification parameter in the first signature information.

Specifically, as shown in FIG. 4, the transaction processing method in the embodiment of the present invention may include the following steps:

5301. The terminal generates first signature information of the transaction content according to the credential of the first account, where the transaction content is initiated by the terminal based on the first account, and the credential is generated by using the private key of the management device as the first account. of;

When the terminal generates the first signature information of the transaction content according to the credentials of the first account, the terminal also needs to use the address of the one-time public key or the long-term public key when receiving the transaction amount according to the first account as the payee. The address of the hash value, to determine whether the first signature information is generated according to the one-time private key and the credential of the first account, or the first signature information is generated according to the long-term private key and the credential of the second account; that is, when When the first account is used as the payee to receive the amount to be consumed, the address of the one-time public key is used, and when the first account is used as the payer to consume the amount, step S301 is the one-time private key of the terminal according to the first account. And the credential generates the first signature information of the transaction content; when the first account is used as the payee to receive the amount to be consumed this time, the address of the hash value of the long-term public key is used, and the first account is used as the payer to consume the amount At step S301, the terminal generates first signature information of the transaction content according to the long-term private key and the credential of the first account.

5302. The terminal sends a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content.

5303. The transaction processing device returns a transaction response message to the terminal according to the transaction request message, where the transaction response \¥0 2019/132767 卩 (:17802017/050654 message includes the transaction result information;

The transaction result information may be multiple, and the plurality of transaction result information may be respectively obtained by simulating running transaction content of multiple endorsement nodes in the transaction processing device.

The method further includes: the transaction processing device verifying the transaction request message to obtain a first verification result; and when the first verification result is a pass, before the transaction processing device returns a transaction response message to the terminal according to the transaction request message The transaction processing device runs the transaction content to obtain transaction result information.

8304. The terminal sends a transaction record message to the transaction processing device according to the transaction response message.

8305. The transaction processing device stores the transaction record carried in the transaction record message on the blockchain.

The transaction processing device verifies the transaction record message to obtain a second verification result; when the second verification result is passed, the transaction processing device executes 305 to store the transaction record carried by the transaction record message to Steps on the blockchain.

The transaction record includes the transaction content, the first signature information, and the transaction result information;

The first verification result and the second verification result both include a verification result of the first signature information, and the verification result of the first signature information is that the transaction processing device is based on a public key of the management device And obtained by performing verification calculation with the verification parameter in the first signature information.

It should be noted that, although the steps 8301 to 8305 do not mention the second account and the processing steps of the transaction amount, in order to implement the transaction processing method, the person skilled in the art may and the second account and the transaction amount described in the embodiment of the present invention. The related processing steps are combined with the related processing steps of the second account and the transaction amount in FIG. 2 in the prior art, and the qualification of the second account, the correctness of the transaction amount, and the qualification of the first account are verified. For example, if only the anonymity of the first account is protected, and the second account and the transaction amount are processed in the prior art, in addition to the first signature information generated by the terminal, the transaction content also needs to carry the plaintext and output of the input amount. The plain text of the amount is used to enable the transaction processing device to verify the accuracy of the transaction; at the same time, the transaction content also needs to carry the certificate of the usual meaning of the second account (ie, the long-term public key of the second account, which is different from the second account in the second embodiment) A long-term public key generated certificate capable of zero-knowledge proof) to enable the transaction processing device to verify the access qualification of the second account, and at the same time, the receiving address of the transaction content, that is, the address of the second account is the long-term public key of the second account. The value of the first verification includes the verification result of the transaction processing device and the verification result of the certificate of the second account.

The access qualification of the first account or the access qualification of the second account is obtained according to the verification result of the first signature information or the second signature information, where the admission qualification refers to whether the first account and the second account have Whether to use the permission of the blockchain, whether to access the transaction processing device, or whether to issue an account for the transaction processing device, etc., may be limited according to whether the verification result is passed after the relevant operation. For example, when the verification result of the first signature information is in the first verification result, the verification result of the first signature information is used to indicate whether the first account is able to access the transaction processing device; the verification result of the first signature information is in the second verification result. The verification result of the first signature information is used to indicate whether the first account has the right to use the blockchain.

In the embodiment of the present invention, the first signature information is a signature of the knowledge certificate, that is, the terminal may generate the first signature information of the transaction content by using a zero-knowledge proof algorithm according to the credentials of the payment account. Correspondingly, the verifier is a transaction The processing device may verify the first signature information of the zero knowledge certificate by using the public key p/ _C of the management device. Among them, the zero-knowledge proof means that the prover performs a series of mathematical calculations on the useful information to be confidential to obtain a signature, which is a series of parameters, and the series of parameters does not include useful information to be kept secret; the verifier can utilize the series The parameters are used to perform a series of mathematical calculations. According to the results of the mathematical calculation, the prover's assertion on the useful information can be verified, that is, the verifier's argument is correct. Usually, the argument is that the prover can know the useful information to be kept secret. thesis.

For example, when the transaction processing device passes the verification, the terminal can be trusted to judge the first signature information: the payment account has the credential issued by the management device and the one-time private key, that is, the payment account has the admission certificate.

The expression of the Signature of knowledge (SoK) is:

SoK{ (secret value): "relations to proof"} (Message to sign) ;

The secret value is the secret of the prover. For example, the payment account has a one-time private key and the credentials issued by the management device for the payment account; "relations to proof" is the relationship to be proved, for example, to prove The relationship or assertion is: the terminal can know the one-time private key of the payment account and the certificate issued by the management device for the payment account; the part of (Message to sign) is the file to be signed, for example, the transaction content that the file can initiate for the payment account All symbols in the expression that are not part of the prover's secret are public values. For example, if the terminal that logs in to the payment account sets the anonymity of the payment account, and does not set the protection of the payment account and the privacy of the transaction amount, then The relevant parameters of the account number and the transaction amount are all public; in addition, other parameters except the prover secret used in the zero-knowledge proof may be public and may be included in the signature, such as the system parameter may be included in the first signature In the information, they are collectively referred to as verification parameters.

For example, suppose the payment account is Alice, and the amount that Alice wants to consume this time is obtained from the address of its one-time public key when Alice is the payee, so the first signature information of this transaction needs to use Alice's The one-time private key ots/3⁄4 _iic;e , the credentials issued by the management device for Alice are (A _Ali . _e , _XAii . _e ), where the credential is the one-time public key and the first account of the management device according to the first account If the ciphertext of the transaction amount is generated, and the public key of the management device is gpk=g^, the expression of the signature generated by the terminal using the zero-knowledge proof for the transaction content is:

S〇K{(〇tsk^|j _ce , A^|j _ce , XAlice) :

e(A _Alice , g ₂ - g ₂ ^Alice ) = e( tsk _Alice ) }(Txl) where Txl is the transaction content to be signed;

〇 Random generation

o Calculation:

\¥0 2019/132767 卩(:17802017/050654

〇First signature letter

Therefore, the transaction request message and the transaction record message sent by the terminal to the transaction processing device only need to carry the first signature information generated by using the zero-knowledge proof, and the verifier can learn from the first signature information that: the terminal can obtain the payment account. The one-time private key and the credentials issued by the group administrator can verify that the payment account is eligible for admission, and since the credentials are generated by the trusted management device, the payment account can be prevented from refusing the transaction content.

Correspondingly, the transaction processing device performs the following verification calculation by using the public key of the management device § 1^= and the first signature information generated by the above zero knowledge proof:

0 receives the first signature information = (3⁄4·, ·^, 7, £:, 2;^ 2 , 2^;, 2^, after calculation:

The verification is passed, indicating that the first account has the condition to store the transaction record on the blockchain.

Wherein, the function or map 6 is a bilinear pairing map, and the map X ® ^ _{7 ^} is called a bilinear pairing map if the following conditions are met:

It can be seen that the embodiment of the present invention can prevent the certifier or other third party capable of obtaining the signature from using the public key disclosed by the payment account to identify the identity information of the payment account, and can use the zero-knowledge proof to enable the certifier and the third party to know the payment account has access. Eligibility, and knowing that the payment account has the credentials issued by the management device, makes the payment account non-compliance with the corresponding transaction content. Embodiment 2

If the transaction content is initiated by the first account for the second account, that is, when the transaction content involves both parties, in order to protect the privacy of the second account, the embodiment of the present invention is based on the transaction processing shown in FIG. 3 to 30. The system also proposes a transaction processing method that can protect the privacy of the second account. In the transaction processing system shown in FIG. 3, each transaction processing system may further include a certificate issuing node of a certificate authority, and the certificate issuing node is configured to issue a second signature for generating the transaction content for each payment account. The certificate of the information, that is, the certificate is different from the ordinary certificate, and the certificate does not need to be verified by using the long-term public key. As described in the embodiment of the present invention, the one-time public key, the public key of the certificate issuing device, and the signature information are used. The certificate can be verified. Or based on graph In the transaction processing system shown in 3B, the endorsement node can also perform the function of the certificate issuing node, and is also used to issue the above certificate to the user. Alternatively, the transaction processing system shown in FIG. 3C further includes a certificate issuing device; or in the transaction processing system shown in FIG. 3D, the transaction processing device further performs a function of a certificate issuing device capable of issuing a certificate for the receiving account. The certificate is different from the ordinary certificate. The terminal can generate the second signature information of the transaction content, and the second signature information can protect the privacy of the payment account, and at the same time enable the transaction processing device to verify whether the payment account has a location. The conditions under which the transaction record is stored on the blockchain.

In the embodiment of the present invention, applying for a certificate to a certificate authority (C A) device (or a transaction processing device, or a certificate issuing node) by the receiving terminal of the login account may include the following steps:

21) The payment terminal sends a certificate application message to the C A device, where the certificate application message carries the long-term public key of the payment account and the certification information with the long-term private key;

When the CA device verifies that the certificate application message is passed, the certificate of the payment account is generated according to the long-term public key of the payment account, and a certificate response message is returned to the payment terminal, where the certificate response message carries the The certificate of the payment account.

In this way, when the payment account initiates the transaction content to the payment account, the certificate of the payment account can be obtained from the payment terminal, thereby using the certificate to generate the second signature information of the transaction content.

For example, the long-term public key Y _{Bob of the} payment account Bob, the private key of the CA device is c, and the public key capk is g^, after the CA device verifies the certificate application message, it can generate a zero-knowledge proof for the Bob. The certificate is (F _B . _b , w _B . _b ), where:

F _B 〇 _b = (h〇

Where h〇 is the system parameter, WB. b is randomly generated.

In addition, in the embodiment of the present invention, in order to protect the privacy of the payment account, in addition to generating the second signature information of the transaction content to verify the access qualification of the payment account, the one-time public key of the payment account may also be used as the transaction. The content or the address of the payee, and no longer use the hash value of the long-term public key of the payment account in the prior art as the address of the transaction content, thereby avoiding the long-term need for the transaction processing device in the prior art to utilize the payment account. The public key verifies the address of the payee, and the identity of the payment account is leaked.

In the embodiment of the present invention, the one-time public key of the payment account may be generated according to the long-term public key of the payment account, for example, generating a PKeyGen 0 function by using the one-time public key to generate a one-time public key of the payment account.

That is, the terminal generates the one-time public key of the payment account, which may include: the terminal generates a PKeyGen 0 function according to the long-term public key of the payment account and the one-time public key, and calculates a one-time public key of the payment account.

For example, the long-term public key Y _{B of the} payment account Bob. _b As the input to the PKeyGen 0 function, output Bob's one-time public key Otpk _B . _b = Y^ ^x _{b ;} where r _tx is a random number. In addition, the terminal can also be based on system parameters

The transaction content initiated by the payment account carries the R _tx , R _te , and is used to calculate the one-time private key of the payment account. Wherein, when the transaction account initiates a transaction, for example, when the transaction amount input from the payment account is consumed, the one-time private key may be utilized to protect the anonymity of the payment account.

That is to say, when the user account is used as the payment account, the parameter R _tx , R _x can be obtained when calculating the one-time public key of the user account, so that when the user account needs to consume the transaction amount of the income, the user account can be utilized. The parameter R _tx generates a one-time private key, and the first signature information as described in the first embodiment is generated by using the one-time private key and the credential generated by the management device to ensure the user account as the transaction content including the transaction amount. \¥0 2019/132767 ?01/802017/050654 Anonymity when paying for an account.

The one-time private key of the payment account is generated by the terminal that logs in to the payment account according to the long-term private key of the payment account and the above parameter 1^ _3⁄4 . For example, the input of the one-time private key generation 0 function is the long-term private key of the payment account 8〇1) and the parameter 1^,

The calculated one-time private key = .

In addition, in the embodiment of the present invention, when the payment terminal uses the one-time public key of the payment account as the address of the payee, the payee, that is, the collection terminal that logs in to the payment account, can check the address, that is, check the time. The public key to confirm whether the payee is itself. Specifically, the payment terminal can check the address of the payee in the transaction record by using the one-time public key check 0 function. For example, the receiving terminal that logs in to the payment account will have 1^, one-time public key in the transaction content.

As a one-time public key check

The input to the function, if 918⁄4. ₁₃ = only ^. ¹⁵ , that is, the output of the function is 1, indicating that the address of the payee is

The address of the transaction, that is, the payee of the transaction content is 8〇1); If the output of the function is 0, it means that the recipient of the transaction is not 8〇1).

In the embodiment of the present invention, the payment terminal uses the one-time public key of the payment account as the address of the transaction content, and needs to generate the second signature of the transaction content according to the one-time public key of the payment account and the certificate of the payment account. The information, the verification result of the second signature information is used to indicate whether the payment account has a condition for storing the transaction content on the blockchain, and the condition may be whether the long-term private key of the payment account has a corresponding certificate. Correspondingly, the second signature information cannot include the certificate of the payment account, so the embodiment of the invention not only verifies the qualification of the second account, but also protects the anonymity of the account.

That is, in order to protect the anonymity of the second account, as shown in FIG. 5, the transaction processing method is different from the transaction processing method shown in FIG. 4 in that step 301 in FIG. 4 is replaced with step 401. -402, where:

401. The terminal generates a one-time public key of the second account according to the long-term public key of the second account.

402. The terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account.

The certificate is generated according to the private key of the certificate issuing device; for example, according to the above steps 21) to 22); correspondingly, the transaction request message and the transaction record further include a one-time public key of the second account and the first The second signature information, the one-time public key of the second account is the address of the second account.

In addition, the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is based on the one-time public key of the second account And obtaining, by the verification, the public key of the certificate issuing device and the verification parameter in the second signature information.

Optionally, when the verification result of the second signature information is in the first verification result, it is used to indicate that the second account has the right to access the transaction processing device, that is, the transaction processing device can simulate running the transaction content; the second signature information When the verification result is in the second verification result, it is used to indicate that the second account has the right to use the blockchain.

It should be noted that, although the steps 8401 to 8402 do not mention the first account and the transaction processing steps, in order to implement the transaction processing method, the first account and the transaction amount described by the embodiment of the present invention may be used by those skilled in the art. The related processing steps are combined with the related processing steps of the first account and the transaction amount in FIG. 2 in the prior art, verifying the qualification of the second account, the correctness of the transaction amount, and the qualification of the first account. To complete the transaction process. For example, suppose only the anonymity of the second account is protected, the first account and the account \¥0 2019/132767 卩 (:17802017/050654 Easy money is processed in the prior art, in addition to the second signature information generated by the terminal, the transaction content also needs to carry the plain text of the input amount and the plain text of the output amount. Having the transaction processing device verify the accuracy of the transaction; at the same time, the transaction content also needs to carry the certificate of the usual meaning of the first account (ie, the long-term public key of the first account, which is different from the certificate for zero-knowledge proof in the second embodiment). Having the transaction processing device verify the qualification of the first account, and the terminal further needs to generate the first signature information of the transaction content according to the one-time private key or the long-term private key of the first account, so that the first account cannot The first verification result further includes a verification result of the transaction processing device on the transaction amount and a verification result of the certificate of the first account, and the first verification result and the second verification result also include verification of the first signature information result.

In some embodiments, the second signature information is a signature of the knowledge proof, for example, assuming that the second account is

Specifically, the terminal is based on the one-time public key of the second account. ₁ ), certificate

Device public key

The calculation process for generating the second signature information for ^ includes:

Correspondingly, transaction processing equipment can be utilized

Device public key

The address of the second account, that is, the one-time public key of the second account (^ and the second signature information are verified as follows:

〇 Receive signature = (3⁄4, (:, after, calculate:

0

In addition, if only the anonymity of the second account is protected in the embodiment of the present invention, the transaction content has the second signature information, and the first signature of the transaction content is generated by using the long-term private key or the one-time private key of the first account. Information to verify the eligibility of the first account. At this time, the first signature information is generated by using the long-term private key of the first account or the one-time private key is used when the first account is used as the payee to receive the amount of the transaction. \¥0 2019/132767 ?01/802017/050654 The address of the secondary public key, or the address of the hash of the long-term public key. Correspondingly, if only the anonymity of the second account is protected, in order to verify the correctness of the transaction, the transaction content needs to carry the plaintext of the transaction amount, so that the transaction processing device can use the transaction amount to verify the correctness of the transaction.

It can be seen that, in the embodiment of the present invention, in order to protect the anonymity of the second account, the terminal that logs in to the first account needs to generate a one-time public key of the second account according to the long-term public key of the second account, and use the one-time public key as a transaction. And generating, according to the one-time public key and the certificate of the second account, second signature information of the transaction content, the second signature information enabling the verifier, such as the transaction processing device, to verify the qualification of the second account, thereby Enabling the verifier, such as the transaction processing device, to verify the eligibility of the second account without knowing the long-term public key of the second account, and enabling the payee of the transaction content to know whether the payee is itself according to the one-time public key The public key of the second account in the prior art is avoided from being known by a third party other than the two parties, and the anonymity of the second account is protected.

In addition, while generating the one-time public key, the parameters of the one-time private key generation function of the second account and the parameters of the one-time public key checking function may also be obtained, and the two parameters are stored in the transaction content, so that the second account is When receiving the transaction content, the parameter of the one-time public key check function is used to check whether the address of the transaction content is itself, and if it is itself, when the transaction amount in the transaction content is consumed, the one-time private key may be generated. The parameter of the function and the credential of the second account generate signature information of the transaction content, that is, when the second account is the payment account and consumes the transaction amount, the parameter of the one-time private key generation function may be used to generate the second account. The one-time private key is used to generate the signature information of the transaction content by using the one-time private key and the credential, thereby protecting the anonymity of the second account as the payment account as described in the first embodiment. Embodiment 3

According to the service setting, in order to protect the privacy of the transaction amount in the transaction content, the embodiment of the present invention provides a transaction processing method, in which the third signature information of the transaction content can be generated, and the verifier, such as the transaction processing device, can The verification result of the third signature information is used to know whether the total transaction input amount is equal to the total transaction output amount, so that the transaction content does not carry the transaction amount, and the transaction amount is correct.

In the embodiment of the present invention, as shown in FIG. 6, the transaction processing method is different from the transaction processing method shown in FIG. 4 in that step 301 in FIG. 4 is replaced with steps 501-403, where:

501. The terminal determines a ciphertext of each input amount and a ciphertext of each output amount;

502. The terminal calculates a ciphertext of a difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount.

503. The terminal generates third signature information of the transaction content according to the ciphertext of the difference.

The transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, where The verification result of the three signature information is used to indicate whether the total input amount is equal to the total output amount.

It should be noted that, although steps 8501 to 8503 do not mention the related processing steps of the first account and the second account, in order to implement the transaction processing method, a person skilled in the art may perform the first account and the transaction according to the embodiment of the present invention. The relevant processing steps of the amount or the prior art, in combination with the processing steps of the first account number and the transaction amount in FIG. 2, verify the qualification of the second account, the correctness of the transaction amount, and the qualification of the first account. , to complete the transaction process. For example, suppose only the anonymity of the transaction amount is protected, the first account number and The second account uses the processing method in the prior art, and in addition to the third signature information generated by the terminal, the transaction content also needs to carry the certificate of the usual meaning of the first account and the second account to enable the transaction processing device to verify the first account. And the second account is eligible for admission, and the terminal further needs to generate the first signature information of the transaction content according to the one-time private key or the long-term private key of the first account, so that the first account does not deny the transaction; The hash value of the long-term public key of the second account is required to be the receiving address. Therefore, the first verification result further includes the verification result of the certificate of the second account of the first account by the transaction processing device, and the first verification result and the second verification result are further Also included is the verification result of the first signature information.

Wherein, the terminal determines the ciphertext of each input amount and the ciphertext of each output amount, and specifically adopts an addition homomorphic encryption algorithm. The addition homomorphic encryption algorithm refers to performing arithmetic processing on the encrypted data to obtain an output, and decrypting the output, and the result is the same as the output obtained by adding the unencrypted original data by addition. Therefore, the terminal directly uses the ciphertext of each input amount and the ciphertext of each output amount to obtain the ciphertext of the total input amount and the ciphertext of the total output amount.

In some embodiments, the third signature information may also be a zero-knowledge signature, that is, the verifier, such as the transaction processing device, may be based on the verification parameters in the third signature information, the ciphertext of each input amount, and the density of each output amount. The verification calculation of the zero-knowledge proof is carried out, and the correctness of the transaction can be known based on the calculated result. For example, suppose the transaction input amount is input l, input2; the transaction output amount is output 1 and output2 respectively, and the ciphertext of the transaction input amount obtained by the addition homomorphic encryption algorithm HEnc _pk 0 is (]^ and (^ ₂ , respectively). The ciphertext of the obtained transaction output amount is C.^PC. ₂ , then

c ^' = ^{Cil Ci2} /c _0l c ₀₂ = ^HEnc P ^k ( ⁰ )

Then, the terminal can generate a signature of the zero-knowledge proof that "the C ^' is a ciphertext in which the plaintext is 0", and the third signature information can be used.

For example, suppose the transaction initiated by the payer has an input amount and an output amount, that is, the payer and the payee are in a one-to-one relationship. The plain text of the transaction input is m _in , and the ciphertext is C _in = gT ⁱⁿ gl ⁱⁿ wherein, r _in the encrypted random number to the payer; plaintext output transaction amount claw ciphertext C _out = gl ° ^ut, wherein the encrypted random number to the payer; the third zero knowledge proof signature information The expression when signing is:

SoK{(r ^' ) : C _in /C _out = gi} (Txl)

Where Txl is the transaction content to be signed, r ^' = r _in - r _out , g ₄ is the system parameter.

Specifically, the terminal calculating the signature of the zero knowledge certificate may include the following calculation process:

〇 Randomly generated 7^, ez _p

〇 Calculation:

^■ Ri = g/ ^rp

〇 Calculate c = H (par am, R _l Msg) , where param is the system parameter and Msg is the Ai Yi content.

〇 calculation

〇 second

The transaction processing device utilizes the ciphertext of the amount of the ciphertext outputted in the transaction content and the above \¥0 2019/132767 ?01/802017/050654 The third signature information is verified as follows:

〇 After receiving the third signature information = (^7, 2^^, calculate:

0

Then the verification is passed.

That is to say, when the third signature information is verified, the transaction processing device can know that the transaction amount is correct, thereby ensuring the correctness of the transaction.

It can be seen that in the embodiment of the present invention, the third signature information is used to ensure the correctness of the transaction, thereby avoiding the transaction request message and the transaction record carrying the transaction amount, and protecting the privacy of the transaction amount. In the first embodiment to the third embodiment, the transaction processing method described in the present application is described in terms of protecting the payer, that is, the first account, the payee, the second account, or the privacy of the transaction amount.

In some embodiments, according to the service setting, the privacy of the first party account, the second party account, and the transaction amount may be selected, and the specific transaction processing method may be corresponding. The steps and implementations related to the above embodiments 1 to 3 are included. The embodiments of the present invention are not limited.

For example, in the embodiment of the present invention, if the terminal protects the privacy of the transaction amount, and further includes the privacy protection of the first account or the second account, the terminal may be executed in the manner of the first embodiment and/or the second embodiment. Related operations, to achieve the transaction amount and the privacy protection of the first account, or to realize the transaction amount and the privacy protection of the second account, or to realize the privacy protection of the transaction amount, the first account and the second account. Correspondingly, if the terminal only needs to protect the privacy of the transaction amount according to the input of the user interface shown in FIG. 8, the first method of generating the transaction content by using the long-term private key or the one-time private key of the first account in the prior art may be used. The signature information, the hash value of the long-term public key of the second account is used as the address of the second account. That is to say, the privacy protection operation in the transaction processing method according to the embodiment of the present invention can be combined with the transaction processing method in the prior art to realize the privacy protection of the transaction amount, the transaction amount, and the privacy of the first account. Protection, transaction amount and privacy protection of the second account, privacy protection of the first account and the second account, and privacy protection of the first account, the second account, and the transaction amount, all of the above combinations belong to the present application. The scope of protection. Embodiment 4

In order to facilitate the understanding of the above three inventive points of the present application, the present application uses the fourth embodiment as an example to explain in detail how to protect the privacy of the first account, the second account, and the transaction amount at the same time.

Please refer to FIG. 7. FIG. 7 is a schematic flowchart diagram of still another transaction processing method according to an embodiment of the present invention. In addition, for convenience of description, a terminal that logs in to the first account is referred to as a payment terminal, and a terminal that logs in to the second account is called For the payment terminal, the first account is called a payment account, and the second account is called a payment account. Based on the transaction processing system shown in FIG. 3 ⁽ the transaction processing system shown in FIG. 7), the transaction processing method shown in FIG. 7 may include the following steps:

601. The terminal sends a credential request message to the management device.

The terminal is a terminal that logs in to the first account. The credential request message includes a one-time public key of the first account and/or a ciphertext of the transaction amount of the first account. When the one-time public key of the first account is the first account as the payment account, the corresponding payment account is generated according to the long-term public key of the first account.

602. The management device is configured according to the one-time public key of the first account and/or the transaction amount of the first account. \¥0 2019/132767 ?01/802017/050654 text, generate the credentials of the first account;

603. The management device returns a credential response message to the terminal.

The credential response message carries the credential of the first account.

604. The terminal generates a one-time public key of the second account according to the long-term public key of the second account, and uses the one-time public key as the receiving address of the transaction content.

The terminal may generate a one-time public key of the second account according to the one-time public key generation function in the second embodiment, which is not described in detail herein.

605. The terminal determines a ciphertext of each input amount and a ciphertext of each output amount, and calculates a difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount. Cipher text

606. The terminal generates signature information of the transaction content according to the one-time private key of the first account, the credential, the certificate of the second account, and the ciphertext of the difference between the total input amount and the total output amount.

That is, the signature information of the transaction content includes the first signature information, the second signature information, and the third signature information in Embodiments 1 to 3.

607. The terminal sends a transaction request message to the transaction processing device, where the transaction request message carries signature information of the transaction content, a one-time public key of the second account that is the receiving address, and transaction content.

The transaction content may include a parameter of the one-time private key generation function and a parameter of the one-time public key check function obtained when the terminal generates the one-time public key of the second account. The terminal logging in to the second account may check whether the receiving address of the transaction content is itself according to the parameter of the first-time public key checking function and its long-term private key; and when the transaction amount of the transaction is consumed, it may be based on one time The parameter of the private key generation function and the long-term private key are used to generate a one-time private key of the second account, and then the one-time private key is used to generate a signature of the transaction content, thereby protecting the anonymity of the second account as a payment account.

In addition, the credential of the second account may be, when the terminal that logs in the first account applies for the credential of the first account, and simultaneously requests the credential for the second account; or the transaction that the terminal that logs in the second account consumes the transaction. The amount of the credentials of the second account is not limited in the embodiment of the present invention.

In addition, FIG. 3 (compared with FIG. 30, based on the transaction processing system shown in FIG. 3, the transaction processing method may have more steps of interacting with the management device to generate credentials of the first account and/or the second account. .

608. The transaction processing device verifies the transaction request message, and obtains a first verification result. When the first verification result is passed, the transaction content is simulated and the transaction result information is obtained.

The transaction processing device may include at least one endorsement node. When each endorsement node verifies that the transaction request message passes, it may simulate running the transaction content, obtain the transaction result, and use the private key of the transaction to sign the transaction result. Therefore, the The transaction result information includes the transaction result of at least one endorsement node and the corresponding signature.

609. The transaction processing device returns a transaction response message to the terminal, where the transaction response message carries the transaction result information.

610. The terminal sends a transaction record message to the transaction processing device. The transaction record carried by the transaction record message includes the transaction content, the signature information of the transaction content, the transaction result of the at least one endorsement node, and the corresponding signature.

611. The transaction processing device receives the transaction record message, and verifies the transaction record, and obtains a second verification result. And when the second verification result is passed, the transaction record is stored on the blockchain.

In the embodiment of the present invention, as shown in FIG. 7, after receiving the transaction record message, the consensus node in the transaction processing device needs to sort the transaction records received by other consensus nodes according to the receiving time to generate a transaction including the first account. The recorded block submits the transaction record to the submitting node in the form of a block, and the submitting node verifies the transaction record in the block, wherein the operation of submitting the node to verify each transaction record is similar, so the transaction is initiated by the first account. The transaction record is taken as an example. The second verification result includes a verification result of the signature information of the transaction content and a verification result of the signature information of the transaction result, wherein the verification result of the signature information of the transaction content is a public key of the submitting node according to the management device, The one-time public key of the second account, the public key of the CA device, and the verification parameters in the signature information are verified. In addition, the second verification result further includes a verification result that the transaction result information meets the preset condition, that is, the submitting node further needs to verify whether the transaction result of the at least one endorsement node and the corresponding signature meet the preset condition, for example, the preset condition is Each transaction record requires at least ten signatures of the endorsement nodes and corresponding transaction results, and the transaction results corresponding to each signature are consistent.

Among them, the reason why the endorsement node runs the transaction content becomes the simulation, because the transaction results of the multiple endorsement nodes are consistent in the submitting node, and the transaction result is accepted, which can be called the actual transaction result. Therefore, before submitting the node It can be called the transaction result obtained by simulating the running transaction content, and also ensures the accuracy of the transaction content running.

For example, if the first account transactions initiated amount having an input and an output value, the amount of input plaintext m _in, ciphertext _{^{^{C in = g ^ in gl in}}} , wherein, r _in the encryption of the random payer Number; The plain text of the output amount is 771. The ciphertext is C _out = gT. ^Ut gl. ^Ut , where the random number encrypted for the payer; the terminal logging in to the first account Alice uses the long-term public key of the second account Bob 3⁄4 to generate Bob's one-time public key otpk _B . _b = :^ with a random number (R _tx , R ' _tx ); the second account Bob's certificate is

The one-time private key of the first account Alice is ots1⁄2 _ice , and the credentials issued by the management device for Alice are

When the signature information of the transaction content is a signature of the knowledge certificate, the zero knowledge certificate proves that "the first account has a one-time private key and the certificate issued by the management device, and the second account has a certificate corresponding to the long-term public key, and The ciphertext of the difference between the input amount and the output amount is the ciphertext encrypted with plaintext 0. The expression of the signature is:

e(A _Alice , g ₂ - g ₂ ^AUce ) = e(h - C _in , g ₂ ) . e(g _1; 〇tsk _Alice )

Where Txl is the transaction content to be signed, r = r _in - r _out , gi _> g ₂ and h are system parameters. Specifically, the terminal calculating the signature of the zero knowledge certificate may include the following calculation process: \¥0 2019/132767 ?01/802017/050654

Correspondingly, the transaction processing device uses the public key of the management device

Device public key

The one-time public key of the second account ^10^ and the system parameter verification that the signature of the zero-knowledge proof can include the following calculation process:

0

The verification proves that the content proved by the signature of the zero-knowledge proof is correct, that is, the first account has a one-time private key and the certificate issued by the management device, the second account has a certificate corresponding to the long-term public key, and the input amount The ciphertext of the difference between the output amount and the output amount is a ciphertext encrypted with a plaintext of 0; that is, the verification result of the signature indicates that the first account and the second account have the condition for using the blockchain, and the transaction is correct.

It can be seen that, in the embodiment of the present invention, the signature information of the transaction content is generated according to the one-time private key of the first account, the credential, the certificate of the second account, and the ciphertext of the difference between the input amount and the output amount, so that the verification party is a transaction processing device. The signature information is used to verify the access qualification of the first account and the second account, and the one-time public key of the second account is used as the receiving address of the transaction content, and the transaction processing device in the prior art needs to utilize the first account. The key verification uses the private key of the first account to generate the signature of the transaction content, the public key of the second account to verify the hash value of the long-term public key of the second account, and the specific transaction amount is required to verify the transaction accuracy, and the embodiment of the present invention Protects the privacy of the first account, the second account, and the transaction amount. In some possible implementation manners, in the foregoing embodiment, the transaction content may also have each input amount. \¥0 2019/132767 ?01/802017/050654 The ciphertext and the ciphertext of each output amount, the ciphertext of each input amount and the encryption key of the ciphertext of each output amount are the public key of the third-party audit account. For example, in the third or fourth embodiment, the terminal obtains the ciphertext of each input amount and the ciphertext of each output amount, and obtains the ciphertext and each of the input amounts for the public key using the addition homomorphic encryption algorithm and the third-party audit account. The ciphertext of the output amount, so that while protecting the privacy of the transaction amount, the auditor can also use the private key of the third-party audit account to decrypt the ciphertext of each input amount and the ciphertext of each output amount, thereby obtaining each Enter the plain text of the amount and the clear text of each output amount to facilitate the auditor's audit.

Optionally, if the third or fourth embodiment does not need to cooperate with the auditor's audit, the encryption key of the addition homomorphic encryption algorithm may be a random number, and the ciphertext and the output amount of each input amount are dense. The text will not be decrypted, so as to ensure the correctness of the transaction, the privacy protection of the transaction amount can be realized.

In some possible implementation manners, the transaction processing method of the foregoing embodiment may further include: the terminal generating, according to the one-time private key of the first account, an identifier of each input amount; The identifier is used to prevent the respective input amounts from being consumed twice. For example, if there is already an identified transaction record with the input amount in the blockchain, if the transaction processing device verifies the transaction content and then finds the identifier I with the input amount, it can be determined as secondary consumption, and the verification fails. It can be seen that this implementation can use the identification of each input amount to prevent secondary consumption of the input amount.

Further, the transaction processing method of the implementation manner may further include: the terminal generating fourth signature information of the transaction content according to the identifier of each input amount; wherein, the transaction request message and the transaction record further And including the fourth signature information and the identifier of each input amount; the identifier of each input amount is used to prevent the input amount from being consumed twice; the first verification result and the second verification result are further And a verification result of the fourth signature information, where the verification result of the fourth signature information is obtained by the transaction processing device according to the identifier of each input amount and the verification parameter in the fourth signature information. The verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct. It can be seen that if the identifier of the input amount is incorrect, the verification result of the fourth signature information is also not passed, and the secondary consumption of the input amount is further avoided.

The fourth signature information may be a signature of the zero-knowledge proof, and the terminal may calculate the fourth signature information of the transaction content according to the identifier of each input amount and the zero-knowledge proof algorithm, and correspondingly, the transaction processing device verifies the transaction request message and the transaction. The fourth signature information in the record can also be verified using a zero-knowledge proof algorithm.

In some possible implementations, the transaction processing method of the foregoing embodiment may further include: the terminal encrypting the one-time public key of the first account according to a public key of the third-party auditing account, and obtaining the first The ciphertext of the one-time public key of the account, the transaction request message and the transaction record further include the ciphertext of the one-time public key of the first account, so that the auditor can use the third-party audit account when auditing the account of the initiated transaction. The private key is used to decrypt the one-time public key of the first account. Further, the long-term public key of the first account can be obtained according to the one-time public key, so that the auditor can audit the first account.

Further, the transaction processing method in the implementation manner may further include: the terminal generating, according to the ciphertext of the one-time public key of the first account, the fifth signature information of the transaction content; correspondingly, the transaction request message and the The fifth signature information is further included in the transaction record, the first verification result and the second verification result further include a verification result of the fifth signature information, and the verification result of the fifth signature information is The verification of the fifth signature information obtained by the transaction processing device according to the verification parameter in the fifth signature information \¥0 2019/132767 ?01/802017/050654 The result of the certificate is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

The fifth signature information may be a signature of the zero-knowledge proof, and the terminal may calculate the fifth signature information of the transaction content according to the identifier of each input amount and the zero-knowledge proof algorithm, and correspondingly, the transaction processing device verifies the transaction request message and the transaction. The fifth signature information in the record can also be verified using a zero-knowledge proof algorithm.

In some possible implementations, the transaction processing method of the foregoing embodiment may further include: the terminal encrypting the long-term public key of the second account according to the public key of the third-party audit account, and obtaining the second a ciphertext of the long-term public key of the account; correspondingly, the transaction request message and the transaction record further include a ciphertext of the long-term public key. In this way, the auditor with the third-party audit account can use his private key to decrypt the ciphertext of the long-term public key, obtain the long-term public key of the second account, and thereby obtain the identity information of the second account, which is convenient for the auditor. audit.

Further, the transaction processing method in the implementation manner may further include: the terminal generating, according to the ciphertext of the long-term public key of the second account, sixth signature information of the transaction content; correspondingly, the transaction request The sixth signature information is further included in the message and the transaction record; the first verification result and the second verification result further include a verification result of the sixth signature information, and a verification result of the sixth signature information The verification processing is performed by the transaction processing device according to the verification parameter in the sixth signature information, and the verification result of the sixth signature information is used to indicate the ciphertext of the long-term public key of the second account. is it right or not.

The sixth signature information may be a signature of the zero-knowledge proof, and the terminal may calculate the sixth signature information of the transaction content according to the identifier of each input amount and the zero-knowledge proof algorithm, and correspondingly, the transaction processing device verifies the transaction request message and the transaction. The sixth signature information in the record can also be verified using a zero-knowledge proof algorithm.

The foregoing various optional embodiments and the optional implementations respectively protect the transaction processing method provided by the embodiment of the present invention from the perspective of the interaction of the terminal, the transaction processing device, the management device, and the certificate issuing device that are logged in to the first account. The privacy of an account, how to protect the privacy of the second account, how to protect the privacy of the transaction amount in the transaction content, and how to cooperate with the auditor's audit are elaborated. It can be understood that, in order to perform the above functions, the transaction processing device, the management device, and the certificate issuing device may include corresponding hardware results and/or software modules. For example, the transaction processing device may include at least one endorsement node, a consensus node, a submit node, and the like. The function of managing the device to generate credentials may also be performed by the endorsement node, and the management device and the certificate issuing device may perform corresponding functions by the same device. In sum, those skilled in the art will readily appreciate that the present invention can be implemented in a combination of hardware or security and computer software in combination with the various steps or units described in the embodiments or implementations disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention. Referring to FIG. 9, FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention. The terminal includes a processor 901, a memory 902, and a communication interface 903. The memory 902 is configured to store program instructions, and the processor 901 is used by the processor 901. The program instruction is called to perform the following operations.

The processor 901 is configured to generate first signature information of the transaction content according to the credential of the first account, where the transaction content is initiated by the terminal based on the first account, and the credential is processed by the transaction contents \¥0 2019/132767 卩(:17802017/050654 The transaction processing device is generated for the first account;

The communication interface 903 is configured to send a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

The communication interface 903 is further configured to receive a transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

The communicator 903 is further configured to send, according to the transaction response message, a transaction record message to the transaction processing device, where the transaction record message is used to instruct the transaction processing device to store the transaction record on a blockchain The transaction record includes the transaction content, the first signature information, and the transaction result information.

The processor generates the first signature information of the transaction content according to the credential of the first account, specifically: the long-term private key/one-time private key of the first account, the credential of the first account, and the transaction content as zero-knowledge proof The input of the algorithm calculates the first signature information of the transaction content.

The transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction request message is a pass; the transaction record is obtained by the transaction processing device verifying the transaction record message The second verification result is stored when passed;

The first verification result and the second verification result both include a verification result of the first signature information;

The verification result of the first signature information is obtained by the transaction processing device performing verification calculation according to the public key of the transaction and the verification parameter in the first signature information.

The transaction content is that the terminal is initiated according to the first account for the second account, and the processor 901 is further configured to generate the second account once according to the long-term public key of the second account. The processor 901 is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

The certificate is generated according to a private key of the certificate issuing device; the transaction request message and the transaction record include a one-time public key and the second signature information of the second account, the second The one-time public key of the account is an address of the second account;

The first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is determined by the transaction processing device according to the second account The one-time public key, the public key of the certificate issuing device, and the verification parameter in the second signature information are obtained by verifying.

In a possible implementation,

The processor 901 is further configured to calculate a ciphertext of a difference between the total input amount and the total output amount according to the ciphertext of each input amount in the transaction content and the ciphertext of each output amount;

The processor 901 is further configured to generate third signature information of the transaction content according to the ciphertext of the difference value, where the transaction request message and the transaction record further include the third signature information; The first verification result and the second verification result further include a verification result of the third signature information, and the verification result of the third signature information is determined by the transaction processing device according to the third signature information. The verification parameter, the ciphertext of each input amount, and the ciphertext of each output amount are obtained by verification calculation, and the verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount. . \¥0 2019/132767 卩 (:17802017/050654 In a possible implementation manner, the ciphertext of each input amount and the ciphertext encryption key of each output amount are the public key of the third party audit account .

In a possible implementation manner, the processor is further configured to generate, according to the one-time private key of the first account, an identifier of each input amount;

The processor is further configured to generate fourth signature information of the transaction content according to the identifier of each input amount;

The transaction request message and the transaction record further include the fourth signature information and an identifier of each input amount;

The identifiers of the input amounts are used to prevent the respective input amounts from being consumed twice;

The first verification result and the second verification result further include a verification result of the fourth signature information, and the verification result of the fourth signature information is determined by the transaction processing device according to the identifiers of the input amounts The verification result in the fourth signature information is obtained by the verification calculation, and the verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct.

In a possible implementation, the processor 901 is further configured to encrypt, according to the public key of the third-party auditing account, the one-time public key of the first account, to obtain the first account. a ciphertext describing a one-time public key;

The processor 901 is further configured to generate fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account.

The transaction request message and the transaction record further include the fifth signature information and the ciphertext of the one-time public key of the first account;

The first verification result and the second verification result further include a verification result of the fifth signature information, and the verification result of the fifth signature information is determined by the transaction processing device according to the fifth signature information. The verification result is obtained by the verification calculation, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

In a possible implementation, the processor 901 is further configured to encrypt, according to the public key of the third-party auditing account, the long-term public key of the second account, to obtain the a cipher text of the long-term public key; the processor 901, configured to generate sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;

The transaction request message and the transaction record further include the sixth signature information and the ciphertext of the long-term public key of the second account;

The first verification result and the second verification result further include a verification result of the sixth signature information, and the verification result of the sixth signature information is determined by the transaction processing device according to the sixth signature information. The verification result is obtained by the verification calculation, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

In a possible implementation, the communication interface 903 is further configured to send a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or Or the ciphertext of the transaction amount of the first account;

The communication interface 903 is further configured to receive a credential response message returned by the transaction processing device, where \¥0 2019/132767 卩 (:17802017/050654) According to the response message, the credentials of the first account are included, and the credentials of the first account are the one-time public of the transaction processing device according to the first account. The key and/or the ciphertext of the transaction amount of the first account is generated.

In a possible implementation, the credential request message further includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; the credential response message The credential of the second account is further included; the credential of the second account is the one-time public key of the transaction processing device according to the first account and/or the transaction amount of the first account The ciphertext is generated; the transaction request message and the transaction record further include a credential of the second account. Referring to FIG. 10, FIG. 10 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention. As shown in FIG. 10, the transaction processing device may include at least one endorsement module 1001, a consensus module 1002, and a delivery module 1003.

The at least one endorsement module 1001 is configured to receive a transaction request message sent by the terminal, where the transaction request message includes first signature information of the transaction content, where the transaction content is initiated by the first account;

The at least one endorsement module 1001 is further configured to verify the transaction request message, obtain a first verification result, and when the first verification result is a pass, simulate running the transaction content to obtain transaction result information, to the terminal Returning a transaction response message carrying the transaction result information;

The consensus module 1002 is configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, and compare the transaction record carried by the transaction record message with the transaction record received from other terminals according to the receiving time. Sorting, generating a block including the transaction record, and submitting the block to the submitting module;

The submitting module 1003 is configured to receive the block, and verify the transaction record in the block to obtain a second verification result. When the second verification result is a pass, the transaction record is The form of the block is stored on the blockchain;

The first verification result and the second verification result both include a verification result of the first signature information, and the verification result of the first signature information is that the transaction processing device is authorized according to the endorsement module 10011 in the endorsement module Obtained by the public key verification, used to indicate whether the first account has a condition for storing the transaction record on a blockchain;

The authorization endorsement module is configured to generate the credential of the first account according to the private key of the first account, and the credential of the first account is used to generate the first signature information.

Referring to FIG. 11, FIG. 11 is a schematic structural diagram of another transaction processing device according to an embodiment of the present invention. As shown in FIG. 11, the transaction processing device includes at least one endorsement module 1101, a consensus module 1102, a submission module 1103, and management. Module 1104;

The at least one endorsement module 1101 is configured to receive a transaction request message sent by the terminal, where the transaction request message includes first signature information of the transaction content, where the transaction content is initiated by the first account;

The at least one endorsement module 1101 is further configured to verify the transaction request message, obtain a first verification result, and when the first verification result is a pass, simulate running the transaction content to obtain transaction result information, to the terminal Returning a transaction response message carrying the transaction result information;

The consensus module 1102 is configured to receive, by the terminal, the delivery according to the at least one transaction response message. \¥0 2019/132767 卩 (: 17802017/050654 easy to record messages, and the transaction records carried by the transaction record message together with the transaction records received from other terminals are sorted according to the receiving time, generating the transaction record including a block, and submitting the block to the submitting module;

The submitting module 1103 is configured to receive the block, and verify the transaction record in the block to obtain a second verification result. When the second verification result is a pass, the transaction record is The form of the block is stored on the blockchain;

The first verification result and the second verification result both include a verification result of the first signature information, and the verification result of the first signature information is obtained by the transaction processing device according to the public key verification of the management module. And indicating whether the first account has a condition for storing the transaction record on a blockchain;

The management module 1104 is configured to generate a credential of the first account according to a private key of the first account, where the credential of the first account is used to generate the first signature information.

In addition, in the embodiment of the present invention, the transaction processing device described in FIG. 10 and FIG. 11 may also invoke a related module to perform the processing of the transaction processing device involved in FIG. 4 to FIG. 7 and/or for the description of the present application. Other processes of technology. For example, the management module or the authorization endorsement module in the transaction processing device performs the relevant steps to generate credentials for the first account, etc.; at least one endorsement module and the submission module verify the transaction request message and related content in the transaction record, and the like. Referring to FIG. 12, FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present invention. The terminal shown in FIG. 12 may be the terminal in FIG. 3-8, FIG. 4 to FIG. 8, and the terminal may include processing. , memory, control circuitry, antennas, and input and output devices. The processor is mainly used for processing the communication protocol and the communication data, and controlling the entire terminal device, executing the software program, and processing the data of the software program, for example, in the embodiment of the indication method for supporting the terminal device to perform the foregoing transmission precoding matrix. The action described. The memory is mainly used for storing software programs and data, such as storing the credentials of the first account described in the above embodiment, the long-term private key or the one-time private key of the first account. The control circuit is mainly used for the conversion of the baseband signal and the radio frequency signal and the processing of the radio frequency signal. The control circuit together with the antenna can also be called a transceiver, and is mainly used to transmit and receive RF signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, keyboards, etc., are mainly used to receive data input by a user and output data to a user.

When the terminal is powered on, the processor can read the software program in the storage unit, interpret and execute the instructions of the software program, and process the data of the software program. When the data needs to be transmitted wirelessly, the processor performs baseband processing on the data to be transmitted, and then outputs the baseband signal to the radio frequency circuit. The radio frequency circuit performs radio frequency processing on the baseband signal, and then transmits the radio frequency signal to the outside through the antenna in the form of electromagnetic waves. When data is transmitted to the terminal device, the RF circuit receives the RF signal through the antenna, converts the RF signal into a baseband signal, and outputs the baseband signal to the processor, which converts the baseband signal into data and processes the data.

Those skilled in the art will appreciate that FIG. 12 shows only one memory and processor for ease of illustration. In an actual terminal device, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, and the like.

As an optional implementation, the processor may include a baseband processor and a central processing unit, and the baseband processor is mainly used to process communication protocols and communication data, and the central processing unit is mainly used for the entire terminal device. \¥0 2019/132767 卩 (:17802017/050654 Control, execute software program, process software program data. The processor in Figure 12 integrates the functions of the baseband processor and the central processor, as will be understood by those skilled in the art, The baseband processor and the central processing unit may also be independent processors, and are interconnected by technologies such as a bus. Those skilled in the art may understand that the terminal device may include multiple baseband processors to adapt to different network standards, and the terminal device may include multiple Central processing units to enhance their processing capabilities, the various components of the terminal device can be connected through various buses. The baseband processor can also be expressed as a baseband processing circuit or a baseband processing chip. The central processing unit can also be expressed as a central processing. The circuit or the central processing chip. The functions of processing the communication protocol and the communication data may be built in the processor, or may be stored in the storage unit in the form of a software program, and the processor executes the software program to implement the baseband processing function.

Illustratively, in the embodiment of the invention, the antenna and control circuit having the transceiving function can be regarded as the transceiving unit 1201 of the terminal, and the processor having the processing function can be regarded as the processing unit 1202 of the terminal. As shown in FIG. 12, the terminal includes a transceiver unit 1201 and a processing unit 1202. The transceiver unit can also be referred to as a transceiver, transceiver, transceiver, and the like. Optionally, the device for implementing the receiving function in the transceiver unit 1201 can be regarded as a receiving unit, and the device for implementing the sending function in the transceiver unit 1201 is regarded as a sending unit, that is, the transceiver unit 1201 includes a receiving unit and a sending unit. The receiving unit may also be referred to as a receiver, a receiver, a receiving circuit, etc., and the transmitting unit may be referred to as a transmitter, a transmitter, or a transmitting circuit. In the embodiment of the present invention, the transaction processing device may include a communication unit and a processing unit, where the processing unit and the communication unit perform the related operations performed by the transaction processing device in the foregoing embodiment, or execute at least one endorsement node, The consensus node, the related function of the submitting node, or the related functions of the management device, the certificate issuing device, and the like can also be performed.

Optionally, please refer to FIG. 13, FIG. 13 is a schematic diagram of a structure of a transaction processing device according to an embodiment of the present invention. The transaction processing device may include a processor 1301 and a memory 1302. The memory 1302 is for storing instructions for executing the instructions stored by the memory 1302 to implement the steps and embodiments of the method corresponding to Figures 4 through 8 above.

Further, the transaction processing device may further include an input port 1304 and an output port 1305. Further, the device may further include a bus system 1303, wherein the processor 1301, the memory 1302, and the communication interface 1304 may be connected by the bus system 1303.

The processor 1301 is configured to execute the instructions stored by the memory 1302 to control the communication interface 1304 to receive the signal, and control the communication interface 1304 to send a signal to complete the steps of the terminal in the above method. The communication interface 1304 can be the same or different physical entity. When they are the same physical entity, they can be collectively referred to as transceivers. The memory 1302 may be integrated in the processor 1301 or may be provided separately from the processor 1301.

As an implementation, the function of the communication interface 1304 can be implemented by a dedicated chip through a transceiver circuit or a transceiver. The processor 1301 can be implemented by a dedicated processing chip, a processing circuit, a processor, or a general purpose chip.

As another implementation manner, a terminal provided by the embodiment of the present application may be implemented by using a general-purpose computer. The program code for the function of the processor 1301, the communication interface 1304 is stored in a memory, and the general purpose processor implements the functions of the processor 1301, the communication interface 1304 by executing the code in the memory. \¥0 2019/132767 卩 (: 17802017/050654 The concepts, explanations, detailed descriptions and other steps related to the technical solutions provided by the embodiments of the present application are referred to the foregoing methods or other embodiments. The descriptions are not described herein. It will be apparent to those skilled in the art that, for the convenience and simplicity of the description, the specific processes of the systems, devices, and units described above may be referred to the corresponding processes in the foregoing method embodiments. I will not repeat them here.

In the several embodiments provided herein, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.

The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, i.e., may be located in one place, or may be distributed over multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (such as coaxial cable, fiber, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)).

The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

\¥0 2019/132767 卩(:17802017/050654 Claims

A transaction processing method, comprising:

The terminal generates first signature information of the transaction content according to the credential of the first account, where the transaction content is initiated by the terminal based on the first account; the credential is determined by the transaction processing device that processes the transaction content. Generated by the first account;

The terminal sends a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

Receiving, by the terminal, a transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

Transmitting, by the terminal, a transaction record message to the transaction processing device according to the transaction response message, where the transaction record message is used to instruct the transaction processing device to store the transaction record carried by the transaction record message on a blockchain. The blockchain is a distributed database in the transaction processing device that stores the transaction record, and the transaction record includes the transaction content, the first signature information, and the transaction result information.

The method according to claim 1, wherein the terminal generates the first signature information of the transaction content according to the credentials of the first account, including:

The terminal calculates the first signature information of the transaction content by using the private key of the first account, the credential of the first account, and the transaction content as an input of a zero-knowledge proof algorithm, where the private key includes a long-term private key or a one-time private key.

The method according to claim 2, wherein the transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction request message is a pass; the transaction record is The second verification result obtained by the transaction processing device for verifying the transaction record message is stored as a pass-through; wherein the first verification result and the second verification result both include a verification result of the first signature information;

The method according to claim 3, wherein the transaction content is that the terminal initiates the second account based on the first account, the method further includes:

Generating, by the terminal, a one-time public key of the second account according to the long-term public key of the second account; the terminal generating, according to the one-time public key of the second account and the certificate of the second account Second signature information of the transaction content;

The first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is determined by the transaction processing device according to the second account The one-time public key, the public key of the certificate issuing device, and the verification parameter in the second signature information are obtained through verification calculation.

The method according to claim 3 or 4, wherein the method further comprises: \¥0 2019/132767 卩(:17802017/050654 The terminal calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount in the transaction content and the ciphertext of each output amount. ;

The terminal generates third signature information of the transaction content according to the ciphertext of the difference value;

The transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, where The verification result of the three signature information is obtained by the transaction processing device according to the verification parameter in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount. The verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

6. The method of claim 5, wherein

The ciphertext of each input amount and the encryption key of the ciphertext of each of the output amounts are the public key of the third party audit account.

The method according to claim 5 or 6, wherein the method further comprises:

The terminal generates an identifier of each input amount according to the one-time private key of the first account; the terminal generates fourth signature information of the transaction content according to the identifier of each input amount; The transaction request message and the transaction record further include the fourth signature information and an identifier of each input amount;

The method according to any one of claims 1 to 7, wherein the method further comprises: the terminal encrypting the one-time of the first account according to a public key of the third-party audit account a public key, obtaining a ciphertext of the one-time public key of the first account;

Transmitting, by the terminal, the fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;

The method according to any one of claims 1 to 8, wherein the method further comprises: the terminal encrypting the long-term public account of the second account according to a public key of the third-party audit account Key, obtaining a ciphertext of the long-term public key of the second account;

The terminal generates sixth signing information of the transaction content according to the ciphertext of the long-term public key of the second account;

The transaction request message and the transaction record further include the sixth signature information and the first \¥0 2019/132767 卩 (: 17802017/050654 The ciphertext of the long-term public key of the second account;

The method according to any one of claims 4 to 9, wherein the method further comprises: the terminal sending a credential request message to the transaction processing device, where the credential request message includes the The one-time public key of an account and/or the ciphertext of the transaction amount of the first account;

Receiving, by the terminal, the credential response message returned by the transaction processing device, where the credential response message includes the credential of the first account, and the credential of the first account is the transaction processing device according to the first account The one-time public key and/or the ciphertext of the transaction amount of the first account is generated.

The method according to claim 10, wherein the credential request message further includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account The credential response message further includes the credential of the second account; the credential of the second account is the one-time public key and/or the first of the transaction processing device according to the first account The account has the ciphertext of the transaction amount; the transaction request message and the transaction record further include the credentials of the second account.

12. A transaction processing method, comprising:

The transaction processing device receives the transaction request message sent by the terminal, where the transaction request message includes the transaction content and the first signature information, where the transaction content is initiated by the terminal based on the first account, and the first signature information is The terminal is generated according to the credentials of the first account;

And the transaction processing device returns a transaction response message to the terminal according to the transaction request message, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

The transaction processing device receives a transaction record message sent by the terminal according to the transaction response message; the transaction processing device stores the transaction record carried in the transaction record message on a blockchain, and the blockchain is The transaction processor saves a distributed database of the transaction records, the transaction record including the transaction content, the first signature information, and the transaction result information.

13. The method of claim 12, wherein

Before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further includes:

The transaction processing device verifies the transaction request message to obtain a first verification result;

When the first verification result is passed, the transaction processing device runs the transaction content to obtain transaction result information;

The method further includes:

The transaction processing device verifies the transaction record message to obtain a second verification result;

When the second verification result is a pass, the transaction processing device performs the step of storing the transaction record carried by the transaction record message on a blockchain. \¥0 2019/132767 卩(:17802017/050654

The method according to claim 13, wherein the first verification result and the second verification result both include a verification result of the first signature information;

The verification result of the first signature information is obtained by the transaction processing device performing verification calculation using the public key of the transaction and the verification parameter in the first signature information.

The method according to any one of claims 12 to 14, wherein the first account is a transaction initiated by the second account.

The transaction request message and the transaction record further include second signature information and a one-time public key of the second account;

The one-time public key of the second account is an address of the second account;

The first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is a one-time publicization of the transaction processing device according to the second account The key is obtained by verifying the key, the public key of the certificate issuing device, and the verification parameter in the second signature information.

16. A method according to any one of claims 12 to 15, characterized in that

The transaction request message and the transaction record further include third signature information, a ciphertext of each input amount, and a ciphertext of each output amount;

The first verification result and the second verification result further include a verification result of the third signature information, and the verification result of the third signature information is determined by the transaction processing device according to the third signature information. The verification parameter, the ciphertext of each input amount, and the ciphertext of each output amount are obtained by verification calculation, and the verification result of the third signature information is used to indicate whether the total input amount in the transaction record is equal to the total output. Amount.

17. The method of claim 16 wherein:

18. A method according to claim 16 or 17, characterized in that

The first verification result and the second verification result further include a verification result of the fourth signature information, and the verification result of the fourth signature information is determined by the transaction processing device according to the identifiers of the input amounts The verification result in the fourth signature information is obtained by performing verification, and the verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct.

The identifiers of the respective input amounts are used to prevent the secondary spending of the respective input amounts.

19. A method according to any one of claims 12 to 18, characterized in that

The first verification result and the second verification result further include a verification result of the fifth signature information, and the verification result of the fifth signature information is determined by the transaction processing device according to the fifth signature information. The verification result obtained by the verification calculation is performed, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct;

The encryption key of the ciphertext of the one-time public key of the first account is a public key of a third-party audit account. \¥0 2019/132767 ?01/802017/050654

20. A method according to any one of claims 12 to 19, characterized in that

The first verification result and the second verification result further include a verification result of the sixth signature information, and the verification result of the sixth signature information is determined by the transaction processing device according to the sixth signature information. The verification result obtained by the verification calculation is performed, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct;

The encryption key of the ciphertext of the long-term public key of the second account is the public key of the third-party audit account.

The method according to claim 20, wherein the method further comprises:

The transaction processing device receives a credential request message sent by the terminal, where the credential request message includes the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account;

The transaction processing device generates a credential of the first account according to the credential request message;

The transaction processing device sends a credential response message to the terminal, where the credential response message carries the credential of the first account.

The method according to claim 21, wherein the credential request message further includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account The credential response message further includes the credential of the second account; the transaction request message and the transaction record further include a credential of the second account, and the credential of the second account is the transaction processing device And generated according to the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account.

A transaction processing device, characterized in that the transaction processing device comprises at least one endorsement module, a consensus module, a submission module, and a management module;

The at least one endorsement module is further configured to: return, according to the transaction request message, a transaction response message to the terminal, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

The consensus module is configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, and compare the transaction record carried by the transaction record message with the transaction record received from other terminals according to the receiving time. Sorting, generating a block including the transaction record, and submitting the block to the submitting module;

The submitting module is configured to receive the block, and store the transaction record in the form of the block onto a blockchain;

The management module is configured to generate the credential of the first account according to the private key of the first account and the one-time public key of the first account and/or the ciphertext of the transaction amount.

24, A terminal, wherein the terminal comprises a processor and a communication interface, \¥0 2019/132767 ?01/802017/050654 the processor, configured to generate first signature information of the transaction content according to the credential of the first account, where the transaction content is initiated by the terminal based on the first account The credential is generated by the transaction processing device that processes the transaction content for the first account;

The communication interface is configured to send a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

The communication interface is further configured to receive a transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

The communication interface is further configured to send a transaction record message to the transaction processing device according to the transaction response message, where the transaction record message is used to instruct the transaction processing device to store the transaction record on a blockchain. The transaction record includes the transaction content, the first signature information, and the transaction result information.

The terminal according to claim 24, wherein the processor generates the first signature information of the transaction content according to the credential of the first account, which is specifically:

The private key of the first account, the credential of the first account, and the transaction content are input as a zero-knowledge proof algorithm, and the first signature information of the transaction content is calculated, and the private key includes a long-term private key or a one-time private key.

The terminal according to claim 25, wherein the transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction request message is a pass; the transaction record is The second verification result obtained by the transaction processing device for verifying the transaction record message is stored as a pass-through; wherein the first verification result and the second verification result both include a verification result of the first signature information;

The terminal according to claim 26, wherein the transaction content is initiated by the terminal for the second account based on the first account,

The processor is further configured to generate a one-time public key of the second account according to the long-term public key of the second account;

The processor is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

The terminal according to claim 26 or 27, characterized in that

The processor is further configured to calculate a ciphertext of a difference between the total input amount and the total output amount according to the ciphertext of each input amount in the transaction content and the ciphertext of each output amount;

The processor is further configured to generate third signature information of the transaction content according to the ciphertext of the difference value; The first request result and the second verification result further include the third verification information. a verification result of the third signature information, where the verification result of the third signature information is determined by the transaction processing device according to the verification parameter in the third signature information, the ciphertext of each input amount, and the output The ciphertext of the amount is obtained by the verification calculation, and the verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

29. The terminal of claim 28, wherein:

The terminal according to claim 28 or 29, wherein the method further comprises: the processor, further configured to generate the input amount according to the one-time private key of the first account Identification

The terminal according to any one of claims 24 to 30, characterized in that

The processor is further configured to encrypt the one-time public key of the first account according to the public key of the third-party audit account, and obtain the ciphertext of the one-time public key of the first account;

The processor is further configured to generate fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;

The terminal according to any one of claims 24 to 31, characterized in that

The processor is further configured to encrypt the long-term public key of the second account according to the public key of the third-party audit account, and obtain the ciphertext of the long-term public key of the second account;

The processor is further configured to generate sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;

The transaction request message and the transaction record further include the sixth signature information and the ciphertext of the long-term public key of the second account; \¥0 2019/132767 ?01/802017/050654 The first verification result and the second verification result further include a verification result of the sixth signature information, and the verification result of the sixth signature information is The transaction processing device obtains the verification result according to the verification parameter in the sixth signature information, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

The terminal according to any one of claims 24 to 32, characterized in that

The communication interface is further configured to send a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or the transaction amount of the first account The communication interface is further configured to receive a credential response message returned by the transaction processing device, where the credential response message includes credentials of the first account, and the credential of the first account is the transaction The processing device is generated according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

The terminal according to claim 33, wherein the credential request message further includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account. The credential response message further includes the credential of the second account; the credential of the second account is the one-time public key and/or the first of the transaction processing device according to the first account The account has the ciphertext of the transaction amount; the transaction request message and the transaction record further include the credentials of the second account.