WO2020057302A1 - 基于区块链的交易方法、装置和汇出方设备 - Google Patents
基于区块链的交易方法、装置和汇出方设备 Download PDFInfo
- Publication number
- WO2020057302A1 WO2020057302A1 PCT/CN2019/100691 CN2019100691W WO2020057302A1 WO 2020057302 A1 WO2020057302 A1 WO 2020057302A1 CN 2019100691 W CN2019100691 W CN 2019100691W WO 2020057302 A1 WO2020057302 A1 WO 2020057302A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- random number
- transaction amount
- ciphertext
- commitment
- exporter
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
- G06Q20/0658—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed locally
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the embodiments of the present specification relate to the field of computer technology, and in particular, to a blockchain-based transaction method, device, and exporter device.
- Blockchain technology is a distributed database technology that uses cryptography and consensus mechanisms to ensure that data cannot be tampered with and forged.
- blockchain technology has been favored for its advantages such as decentralization, openness, transparency, immutability, and trustworthiness. It is widely used in smart contracts, securities trading, e-commerce, the Internet of Things, social communications, File storage, existence proof, identity verification, equity crowdfunding and many other fields are widely used.
- the business urgently needs a technical solution that can achieve privacy protection during the transaction.
- the purpose of the embodiments of the present specification is to provide a blockchain-based transaction method, device, and exporter device to achieve privacy protection without the need to interact with the importer device.
- an embodiment of the present specification provides a blockchain-based transaction method, including:
- Submit transaction data to the blockchain includes the transaction amount commitment, the first promised random number ciphertext, the first transaction amount ciphertext, the second promised random number ciphertext, and The second transaction amount cipher text; in order to record the transaction amount commitment, the first promised random number cipher text, and the first transaction amount cipher text into the exporter account, and to record the transaction Amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext are credited to the importer account.
- an embodiment of the present specification provides a blockchain-based transaction device, including:
- a first encryption unit configured to encrypt the promised random number and the transaction amount respectively using a homomorphic encryption public key of the exporter account to obtain the first promised random number ciphertext and the first Cipher text of transaction amount;
- a second encryption unit configured to encrypt the promised random number and the transaction amount respectively using a homomorphic encryption public key of the importer's account to obtain the second promised random number ciphertext and the second Cipher text of transaction amount;
- a submission unit for submitting transaction data to the blockchain includes the transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, and the second commitment A random number ciphertext and the second transaction amount cipher text; in order to record the transaction amount commitment, the first promised random number cipher text, and the first transaction amount cipher text into the remittance account, And crediting the transaction amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext to the importer account.
- an exporter device including:
- Memory for storing computer instructions
- a processor is configured to execute computer instructions to implement the method described in any embodiment of the present specification.
- a transaction amount commitment a first promised random number ciphertext, a first transaction amount ciphertext, and a second Promise a random number ciphertext and a second transaction amount ciphertext;
- the transaction amount promise the first promised random number ciphertext, the first transaction amount ciphertext, the second promised random number ciphertext, and
- the second transaction amount cipher text is submitted to the on-chain; in order to record the transaction amount commitment, the first commitment random number cipher text and the first transaction amount cipher text into the remittance account, and the transaction amount commitment, the second commitment random
- the ciphertext of the number and the ciphertext of the second transaction amount are credited to the importer's account.
- the transaction amount is promised, the first promised random number ciphertext, the first transaction amount ciphertext, and the second promised random number ciphertext. Submit the ciphertext with the second transaction amount to the chain, which can realize the successful completion of the transaction without the participation of the importer's equipment.
- FIG. 1 is a schematic diagram of implementing a transaction based on a blockchain according to an embodiment of the present specification
- FIG. 2 is a flowchart of a blockchain-based transaction method according to an embodiment of the present specification
- FIG. 3 is a flowchart of implementing a transaction based on a blockchain according to an embodiment of the present specification
- FIG. 4 is a functional structure diagram of a blockchain-based transaction device according to an embodiment of the present specification.
- FIG. 5 is a functional structure diagram of an exporter device according to an embodiment of the present specification.
- the Block Chain may be a method of organizing a plurality of block data in a chain structure according to a chronological order, and using a cryptographic algorithm to ensure security, traceability, and Immutable distributed ledger.
- the blockchain can include a public blockchain, a joint blockchain (also known as an alliance blockchain), a private blockchain, and the like.
- the blockchain can be implemented based on a blockchain network.
- the blockchain network may include a P2P network (peer-to-peer network) and the like.
- the blockchain network may include multiple blockchain nodes. Each blockchain node maintains a unified blockchain ledger.
- the transaction method may use an exporter device as an execution subject.
- the exporter device can join the blockchain network as a blockchain node.
- An exporter account may be registered in the exporter device.
- the exporter account may be an account of the exporter in the blockchain.
- the exporter account may have a signed public and private key pair and an encrypted public and private key pair.
- the signature public-private key pair may include an associated signature public key and a signature private key.
- the signed private key can be used to sign transaction data to be submitted to the blockchain.
- the public signing key can be disclosed to other blockchain nodes in the blockchain network for other blockchain nodes to verify the signed transaction data.
- the encrypted public-private key pair may include an associated homomorphic encrypted public key and a homomorphic encrypted private key.
- the homomorphic encryption public key can be disclosed to other blockchain nodes in the blockchain network for itself and other blockchain nodes to use homomorphic encryption algorithms to data (such as the balance of the sender, the transaction amount, and the remittance Square random numbers and promised random numbers).
- the homomorphic encryption private key can be used to decrypt the encrypted ciphertext.
- the exporter's account may also register the exporter's balance commitment, the random number ciphertext of the exporter, and the ciphertext of the balance of the exporter in the blockchain.
- the exporter's balance commitment can be calculated by the exporter's device based on the exporter's random number and the exporter's balance.
- the exporter's random number may be a random number corresponding to the exporter's account and used to construct an exporter's balance commitment.
- the exporter balance may be the balance of any type of resource.
- the resources may include, for example, securities, coupons, real estate, virtual currencies, and funds.
- the exporter's balance commitment can be implemented based on any type of homogeneous commitment scheme (for example, Pedersen commitment mechanism).
- PC (r_A, s_A) is the promise of the sender's balance
- r_A is the random number of the sender
- s_A is the balance of the exporter
- g and h are known parameters, respectively.
- the exporter's balance commitment can also be implemented by a homomorphic encryption algorithm. That is, a ciphertext obtained by encrypting the exporter's balance based on a homomorphic encryption algorithm is used as the exporter's balance commitment.
- the homomorphic encryption algorithm will be described in detail in the subsequent process.
- the exporter's balance commitment in the blockchain, you can avoid registering the exporter's balance directly, so that the exporter's balance can be hidden and kept secret.
- the commitment mechanism can support efficient Zero-Knowledge Proof
- the exporter's balance commitment can enable the zero-knowledge proof of the exporter's balance in the subsequent process (such as the third zero-knowledge in the subsequent process) Proof) process is more efficient.
- the exporter random number ciphertext may be obtained by the exporter device encrypting the exporter random number based on a homomorphic encryption algorithm.
- the homomorphic encryption algorithm may include, for example, Paillier algorithm, Okamoto-Uchiyama algorithm, and Damgard-Jurik algorithm.
- the Paillier algorithm and the Damgard-Jurik algorithm are more efficient and the encrypted cipher text is shorter.
- PA_A is the ciphertext of the exporter's random number
- r_A is the random number of the exporter
- u1 and n1 are part of the homomorphic public key of the exporter's account
- d1 is used by the homomorphic encryption algorithm To the random number.
- the exporter balance ciphertext may be obtained by the exporter device encrypting the exporter balance based on a homomorphic encryption algorithm.
- PA_A (s_A) is the ciphertext of the balance of the exporter; s_A is the balance of the exporter; u1 and n1 are part of the homomorphic public key of the exporter's account; d2 is used by the homomorphic encryption algorithm random number.
- the transaction method can realize the transfer of the transaction amount from the exporter's account to the importer's account.
- the importer account may be an account of the importer in the blockchain.
- the importer account may be logged in the importer device.
- the importer device can join the blockchain network as a blockchain node.
- the transaction amount may be negotiated and agreed upon by the remittance party and the remittance party.
- the importer account may have a signed public and private key pair and an encrypted public and private key pair; the importer account may also register the importer's balance in the blockchain Commitment, random number ciphertext of importer and balance ciphertext of importer.
- the importer's balance commitment can be calculated by the importer's device based on the importer's random number and the importer's balance.
- the ciphertext of the importer's random number can be obtained by the importer's device encrypting the importer's random number based on a homomorphic encryption algorithm.
- the cipher text of the balance of the importer can be obtained by the importer's device encrypting the balance of the importer based on a homomorphic encryption algorithm.
- the transaction method may include the following steps. It should be noted that, although the present specification provides method operation steps as described in the embodiments or flowcharts, more or less operation steps may be included based on conventional or non-creative labor. In addition, the sequence of steps listed in the embodiments is only one way of executing the steps, and does not represent a unique sequence of execution. When an actual device or product is executed, it may be executed sequentially or in parallel according to the method shown in the embodiment or the accompanying drawings (for example, a parallel processor or a multi-threaded environment).
- Step S10 Calculate the transaction amount commitment based on the commitment random number and the check amount.
- the promised random number may be generated by the exporter device.
- the transaction amount may be negotiated and agreed upon by the remittance party and the remittance party.
- the transaction amount commitment can also be implemented by a homomorphic encryption algorithm. That is, a ciphertext obtained by encrypting the transaction amount based on a homomorphic encryption algorithm is used as a transaction amount commitment. In this way, the transaction amount can be hidden and kept secret through the transaction amount commitment.
- Step S12 According to the homomorphic encryption public key of the exporter account, using the homomorphic encryption algorithm to encrypt the promised random number and the transaction amount, respectively, to obtain a first promised random number ciphertext and a first transaction amount ciphertext. .
- the exporter device may encrypt the promised random number using a homomorphic encryption algorithm according to the homomorphic encryption public key of the exporter account to obtain the first promised random number ciphertext.
- the exporter device may generate a random number used for homomorphic encryption operation as the first encrypted random number; may be based on the homomorphic encrypted public key of the exporter account and the first encrypted random number, A homomorphic encryption algorithm is used to encrypt the promised random number to obtain a first promised random number ciphertext.
- PA_A (r) is the first promised random number ciphertext; r is the promised random number; u1 and n1 are respectively a part of the homomorphic encrypted public key of the exporter account; y1 is the first encrypted random number .
- the exporter device may use a homomorphic encryption algorithm to encrypt the transaction amount according to the homomorphic encryption public key of the exporter account to obtain the first transaction amount ciphertext.
- the exporter device may generate a random number used for homomorphic encryption operation as the second encrypted random number; may be based on the homomorphic encrypted public key of the exporter account and the second encrypted random number,
- the transaction amount is encrypted using a homomorphic encryption algorithm to obtain a first transaction amount ciphertext.
- PA_A (t) is the ciphertext of the first transaction amount; t is the transaction amount; u1 and n1 are respectively a part of the homomorphic encrypted public key of the sender's account; and y2 is the second encrypted random number.
- Step S14 According to the homomorphic encryption public key of the importer's account, using the homomorphic encryption algorithm to encrypt the promised random number and the transaction amount, respectively, to obtain a second promised random number ciphertext and a second transaction amount ciphertext. .
- the exporter device may use a homomorphic encryption algorithm to encrypt the promised random number according to the homomorphic encryption public key of the importer account to obtain a second promised random number ciphertext.
- the exporter device may generate a random number for homomorphic encryption operation as a third encrypted random number; and may according to the homomorphic encrypted public key of the importer account and the third encrypted random number, A homomorphic encryption algorithm is used to encrypt the promised random number to obtain a second promised random number ciphertext.
- PA_B (r) is the second promised random number ciphertext; r is the promised random number; u2 and n2 are respectively part of the homomorphic encrypted public key of the importer account; z1 is the third encrypted random number .
- the exporter device may use a homomorphic encryption algorithm to encrypt the transaction amount according to the homomorphic encryption public key of the importer account to obtain the second transaction amount ciphertext.
- the exporter device may generate a random number used for a homomorphic encryption operation as a fourth encrypted random number; and may according to the homomorphic encrypted public key of the importer account and the fourth encrypted random number,
- the transaction amount is encrypted using a homomorphic encryption algorithm to obtain a second transaction amount ciphertext.
- PA_B (t) is the cipher text of the second transaction amount; t is the transaction amount; u2 and n2 are respectively a part of the homomorphic encrypted public key of the importer's account; z2 is the fourth encrypted random number.
- Step S16 Submit transaction data to the blockchain.
- the transaction data may include the transaction amount commitment, the first promised random number ciphertext, the first transaction amount ciphertext, the second promised random number ciphertext, and the first Second transaction cipher text.
- the exporter device may submit transaction data to the blockchain; in order to record the transaction amount commitment, the first promised random number ciphertext, and the first transaction amount ciphertext into the remittance Party account, and crediting the transaction amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext to the importing party account.
- a consensus blockchain node in the blockchain may update the exporter balance commitment based on the transaction amount commitment; may be based on the first commitment A random number ciphertext to update the exporter's random number ciphertext; the exporter's balance ciphertext can be updated based on the first transaction amount ciphertext; the importer's balance commitment can be updated based on the transaction amount commitment May update the importer random number ciphertext based on the second promised random number ciphertext; may update the importer balance ciphertext based on the second transaction amount ciphertext.
- the consensus blockchain node may be a blockchain node determined based on the consensus mechanism of the blockchain. In this way, transaction data can be recorded in the blockchain ledger maintained by each blockchain node in the blockchain network, preventing tampering.
- the updated exporter's balance commitment may be the quotient of the exporter's balance commitment and the transaction amount commitment. Given that the promise of the balance of the exporter and the commitment of the transaction amount are realized by a commitment mechanism based on homomorphism, this can realize the deduction of the transaction amount from the balance of the exporter and the remittance from the exporter The promised random number is subtracted from the random number.
- the updated exporter random number ciphertext may be a quotient of the exporter random number ciphertext and the first promised random number ciphertext.
- the promised random number can be deducted from the exporter's random number.
- the updated balancer ciphertext of the exporter may be a quotient of the balancer ciphertext of the exporter and the first transaction amount ciphertext.
- the ciphertext of the balance of the exporter and the ciphertext of the first transaction amount are calculated by a homomorphic encryption algorithm, so that the transaction amount can be deducted from the balance of the exporter.
- the updated importer's balance commitment may be the product of the importer's balance commitment and the transaction amount commitment. Given that the importer's balance commitment and the transaction amount commitment are realized by a homomorphic-based commitment mechanism, this can increase the transaction amount in the importer's balance and the importer's balance.
- the random number is added to the random number.
- r_B is the random number of the importer
- s_B is the balance of the importer
- g and h are known parameters, respectively.
- the updated random number ciphertext of the importer may be a product of the random number ciphertext of the importer and the second promised random number ciphertext.
- the promised random number can be added to the importer's random number.
- r_B is the random number of the importing party;
- f1 is the random number used by the homomorphic encryption algorithm.
- the updated importer balance ciphertext may be the product of the importer balance ciphertext and the second transaction amount ciphertext.
- the ciphertext of the balance of the importer and the ciphertext of the second transaction amount are calculated by a homomorphic encryption algorithm, so that the transaction amount can be added to the balance of the importer.
- PA_B (s_B + t) PA_B (s_B)
- PA_B (t) u2 s_B + t (f2z2) n2 .
- s_B is the balance of the importer; f2 is a random number used by the homomorphic encryption algorithm.
- the exporter device may also generate a first zero-knowledge certificate based on zero-knowledge proof technology; the first zero-knowledge certificate may be added to the transaction data; for consensus Blockchain node verification: The transaction amount is not less than 0.
- the zero-knowledge proof technology can be implemented based on the zkSNARK scheme, for example.
- the zero-knowledge proof technique may include an interval proof technique.
- the exporter device can generate a first interval certificate based on the interval certification technology; the first interval certificate can be added to the transaction data; for consensus blockchain node verification: the transaction amount is not Less than 0.
- the interval certification technology can be implemented based on, for example, a Bulletproofs scheme or a Borromean ring signature scheme.
- the exporter device may also generate a second zero-knowledge certificate based on zero-knowledge proof technology; the second zero-knowledge certificate may be added to the transaction data; for consensus Blockchain node verification: The transaction amount is not greater than the balance of the exporter.
- the zero-knowledge proof technique may include an interval proof technique. In this way, the exporter device can generate a second interval certificate based on the interval certificate technology; the second interval certificate can be added to the transaction data; for consensus blockchain node verification: the transaction amount is not Greater than the balance of the exporter.
- the exporter device may also generate a third zero-knowledge certificate based on zero-knowledge proof technology; the third zero-knowledge certificate may be added to the transaction data; for consensus Blockchain node verification: the commitment random number used to calculate the transaction amount commitment is consistent with the commitment random number used to calculate the second commitment random number ciphertext, and the transaction amount used to calculate the transaction amount commitment is used to calculate the second The transaction amount in the cipher text of the transaction amount is the same; avoid inconsistent random random numbers to be entered into the exporter's account and the importer's account, and to record the inconsistent transaction amount into the exporter's account and the importer's account.
- the third zero-knowledge proof may be (C, D, E, a, b, c, d).
- r * , t * , z1 * , z2 * are random numbers generated by the exporter device, which are respectively related to the promised random number r, the transaction amount t, the third encrypted random number z1, and the fourth encrypted random number z2.
- Hash means hash operation.
- T is the transaction amount commitment PC (r, t); M is the second commitment random number ciphertext PA_B (r); N is the second transaction amount ciphertext PA_B (t).
- the exporter device may calculate a first transaction amount commitment based on the first commitment random number and the transaction amount; and may calculate a second transaction amount based on the second commitment random number and the transaction amount.
- Transaction value commitments The first promised random number and the second promised random number may be generated by the exporter device.
- the first transaction amount commitment may correspond to a transaction amount to be transferred from an account of an exporter;
- the second transaction amount commitment may correspond to a transaction amount to be transferred to an account of an importer. In this way, a distinction can be made between the transaction amount transferred from the exporter's account and the transaction amount transferred to the importer's account.
- the exporter device may use the homomorphic encryption public key of the exporter account to encrypt the first promised random number and the transaction amount using a homomorphic encryption algorithm to obtain the first promised random number ciphertext and The ciphertext of the first transaction amount; the second promised random number and the transaction amount can be encrypted by using a homomorphic encryption algorithm according to the homomorphic encryption public key of the importer's account to obtain the second promised random number ciphertext And the second transaction amount ciphertext; transaction data can be submitted to the blockchain.
- the transaction data may include the first transaction amount commitment, the second transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, and the second commitment random number ciphertext.
- the second transaction amount cipher text in order to record the first transaction amount commitment, the first promised random number cipher text, and the first transaction amount cipher text into the exporter account, and The second transaction amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext are recorded in the importer account.
- the consensus blockchain node may update the exporter balance commitment based on the first transaction amount commitment; may be based on the first commitment random number ciphertext Update the exporter's random number ciphertext; update the exporter's balance ciphertext based on the first transaction amount ciphertext; update the importer's balance commitment based on the second transaction amount commitment; Updating the importer's random number ciphertext based on the second promised random number ciphertext; the importer's balance ciphertext may be updated based on the second transaction amount ciphertext.
- the updated exporter balance commitment may be the quotient of the exporter balance commitment and the first transaction amount commitment;
- the updated exporter random number ciphertext may be the exporter random number ciphertext and The quotient of the first promised random number ciphertext;
- the updated balancer ciphertext of the exporter may be the quotient of the balancer ciphertext of the exporter and the first transaction amount ciphertext;
- the commitment may be the product of the importer ’s balance commitment and the second transaction amount commitment;
- the updated random number ciphertext of the importer may be the random number ciphertext of the importer and the second commitment random number Product of cipher text;
- the updated cipher text of the balance of the importer may be the product of the cipher text of the balance of the importer and the cipher text of the second transaction amount.
- the exporter device can also generate a fourth zero-knowledge certificate based on zero-knowledge proof technology; the fourth zero-knowledge certificate can be added to the transaction data; for consensus blockchain node verification: The transaction amount committed in calculating the first transaction amount is consistent with the transaction amount used in calculating the second transaction amount commitment; thereby avoiding the inconsistency between the transaction amount transferred from the account of the sender and the transaction amount transferred to the account of the importer.
- the exporter device may also use the signature private key of the exporter account to sign the transaction data to obtain signature data; the transaction data may be added to the transaction data. Describe the signature data; for the consensus blockchain nodes to perform signature verification.
- a transaction amount commitment, a first promised random number ciphertext, a first transaction amount ciphertext, a second promised random number ciphertext, and a second transaction amount ciphertext can be obtained.
- the transaction amount commitment, the first promised random number ciphertext, the first transaction amount ciphertext, the second promised random number ciphertext, and the second transaction amount ciphertext may be submitted to the chain;
- the privacy of transaction information such as the transaction amount can be realized; on the other hand, by committing the transaction amount, the first commitment random number ciphertext, the first transaction amount ciphertext, the first The second promise is to submit the random number ciphertext and the second transaction amount ciphertext to the chain, which can successfully complete the transaction on the blockchain without the participation of the importer's equipment. Therefore, this embodiment can implement privacy protection under non-interactive conditions.
- the exporter account may be registered in the blockchain with an exporter balance commitment, an exporter random number ciphertext, and an exporter balance ciphertext; the importer account may be in the
- the blockchain has registered the importer's balance commitment, the importer's random number ciphertext, and the importer's balance ciphertext.
- the burden caused by the random number of the exporter and the random number of the importer avoids the risk of loss.
- the exporter account can be Account_A.
- the exporter account Account_A may have a signed public and private key pair and an encrypted public and private key pair.
- r_A is the random number of the exporter
- s_A is the balance of the exporter
- g and h are known parameters
- u1 and n1 are part of the homomorphic public key of the exporter's account
- d1 and d2 are the same Random number used by the state encryption algorithm.
- the importer account can be Account_B.
- the exporter account Account_B may have a signed public and private key pair and an encrypted public and private key pair.
- r_B is the random number of the importer
- s_B is the balance of the importer
- g and h are known parameters
- u2 and n2 are part of the homomorphic public key of the importer's account
- f1 and f2 are the same Random number used by the state encryption algorithm.
- the transaction illustrated in this scenario can realize the transfer of the transaction amount t from the exporter account Account_A to the importer account Account_B.
- the exporter device may generate a promised random number r, a first encrypted random number y1, a second encrypted random number y2, a third encrypted random number z1, and a fourth encrypted random number z2.
- the public key uses a homomorphic encryption algorithm to encrypt the promised random number r to obtain the second promised random number ciphertext PA_B
- the exporter device may generate a first zero-knowledge certificate RP1, a second zero-knowledge certificate RP2, and a third zero-knowledge certificate RP3.
- the first zero-knowledge proof RP1 can be used for verification: t ⁇ 0.
- the second zero-knowledge proof RP2 can be used for verification: s_A-t ⁇ 0.
- the third zero-knowledge proof RP3 can be used to verify that the promised random number r in PC (r, t) is consistent with the promised random number r in PA_B (r) and the transaction amount t in PC (r, t) Consistent with the transaction amount t in PA_B (t).
- the exporter device may use the signature private key pair of the exporter account [PC (r, t), PA_A (r), PA_A (t), PA_B (r), PA_B (t) , RP1, RP2, RP3] to get the signature data SIG; you can submit transaction data [PC (r, t), PA_A (r), PA_A (t), PA_B (r), PA_B (t) to the blockchain , RP1, RP2, RP3, SIG].
- the blockchain can determine a consensus blockchain node according to a consensus mechanism.
- the consensus blockchain node can use the anti-double spend or anti-replay mechanism in the related technology to verify whether the transaction has been executed. If it has been performed, the consensus blockchain node may reject the transaction.
- the consensus blockchain node can verify whether the signature data SIG in the transaction data is correct. If incorrect, the consensus blockchain node can reject the transaction.
- the consensus blockchain node can check the first zero-knowledge proof RP1 in the transaction data to verify whether t ⁇ 0 is satisfied. If not, the consensus blockchain node may reject the transaction.
- the consensus blockchain node may check the second zero-knowledge proof RP2 in the transaction data to verify whether s_A-t ⁇ 0 is satisfied. If not, the consensus blockchain node may reject the transaction.
- the consensus blockchain node may check the third zero-knowledge proof RP3 in the transaction data to verify whether it is satisfied: the promise random number r in PC (r, t) and the promise in PA_B (r) The random number r is consistent, and the transaction amount t in PC (r, t) is consistent with the transaction amount t in PA_B (t). If not, the consensus blockchain node may reject the transaction.
- the consensus blockchain node can update the exporter's balance commitment PC (r_A, s_A), the exporter's random ciphertext PA_A (r_A), the exporter's balance ciphertext PA_A (s_A), and the importer Balance commitment PC (r_B, s_B), random number ciphertext PA_B (r_B) of the importer, and balance ciphertext PA_B (s_B) of the importer.
- the embodiment of the present specification also provides a blockchain-based transaction device.
- the transaction device may include the following units.
- a calculation unit 20 configured to calculate a transaction amount commitment according to the commitment random number and the transaction amount
- the first encryption unit 22 is configured to encrypt the promised random number and the transaction amount using a homomorphic encryption algorithm according to the homomorphic encrypted public key of the exporter account, to obtain the first promised random number ciphertext and the first A transaction cipher text;
- the second encryption unit 24 is configured to encrypt the promised random number and the transaction amount respectively using a homomorphic encryption public key of the importer's account using a homomorphic encryption algorithm to obtain a second promised random number ciphertext and a first Second transaction cipher text;
- a submitting unit 26 configured to submit transaction data to the blockchain; the transaction data includes the transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, the second Promise a random number ciphertext and the second transaction amount cipher text; in order to record the transaction amount commitment, the first promised random number cipher text, and the first transaction amount cipher text into the sender account , And recording the transaction amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext into the importer account.
- the embodiment of the present specification also provides an exporter device.
- the exporter device may include a memory and a processor.
- the memory may be implemented in any suitable manner.
- the memory may be a read-only memory, a mechanical hard disk, a solid state hard disk, a U disk, or the like.
- the memory may be used to store computer instructions.
- the processor may be implemented in any suitable manner.
- the processor may take, for example, a microprocessor or processor and a computer-readable medium, logic gate, switch, application specific integrated circuit (computer) that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor.
- application specific integrated Circuit ASIC
- programmable logic controller programmable logic controller and embedded microcontroller form, etc.
- the processor may execute the computer instructions to implement the following steps:
- Submit transaction data to the blockchain includes the transaction amount commitment, the first promised random number ciphertext, the first transaction amount ciphertext, the second promised random number ciphertext, and The second transaction amount cipher text; in order to record the transaction amount commitment, the first promised random number cipher text, and the first transaction amount cipher text into the exporter account, and to record the transaction Amount commitment, the second promised random number ciphertext, and the second transaction amount ciphertext are credited to the importer account.
- a programmable logic device Programmable Logic Device (PLD)
- PLD Programmable Logic Device
- FPGA Field Programmable Gate Array
- HDL Hardware Description Language
- VHDL Very-High-Speed Integrated Circuit Hardware Description Language
- Verilog2 Verilog2.
- the system, device, module, or unit described in the foregoing embodiments may be specifically implemented by a computer chip or entity, or a product with a certain function.
- a typical implementation device is a computer.
- the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or A combination of any of these devices.
- This manual can be used in many general-purpose or special-purpose computer system environments or configurations.
- program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
- This specification can also be practiced in distributed computing environments in which tasks are performed by remote processing devices connected through a communication network.
- program modules may be located in local and remote computer storage media, including storage devices.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Complex Calculations (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本说明书实施例提供一种基于区块链的交易方法、装置和汇出方设备。所述方法包括:计算交易额承诺、第一承诺随机数密文、第一交易额密文、第二承诺随机数密文和第二交易额密文;向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
Description
本说明书实施例涉及计算机技术领域,特别涉及一种基于区块链的交易方法、装置和汇出方设备。
区块链技术是一种分布式数据库技术,利用密码学和共识机制保证了数据的不可篡改和不可伪造。随着计算机和互联网技术的发展,区块链技术以其去中心化、公开透明、不可篡改、可信任等优点,备受青睐,在智能合约、证券交易、电子商务、物联网、社交通讯、文件存储、存在性证明、身份验证、股权众筹等众多领域得到广泛应用。
目前,当将区块链技术应用于交易场景时,由于交易信息需要发送到区块链进行验证、实施和上链,因而交易信息面临泄露给与本次交易无关的第三方的风险。
业务亟需一种在交易过程中能够实现隐私保护的技术方案。
发明内容
本说明书实施例的目的是提供一种基于区块链的交易方法、装置和汇出方设备,以在无需与汇入方设备进行交互的条件下实现隐私保护。
为实现上述目的,本说明书实施例提供一种基于区块链的交易方法,包括:
根据承诺随机数和交易额,计算交易额承诺;
根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;
根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;
向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入 所述汇入方账户。
为实现上述目的,本说明书实施例提供一种基于区块链的交易装置,包括:
计算单元,用于根据承诺随机数和交易额,计算交易额承诺;
第一加密单元,用于根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;
第二加密单元,用于根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;
提交单元,用于向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
为实现上述目的,本说明书实施例提供一种汇出方设备,包括:
存储器,用于存储计算机指令;
处理器,用于执行计算机指令以实现本说明书任一实施例所述的方法。
由以上本说明书实施例提供的技术方案可见,在本实施例中,通过承诺机制和同态加密机制,可以得到交易额承诺、第一承诺随机数密文、第一交易额密文、第二承诺随机数密文和第二交易额密文;可以将所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文提交上链;以便于将交易额承诺、第一承诺随机数密文和第一交易额密文记入汇出方账户,以及将交易额承诺、第二承诺随机数密文和第二交易额密文记入汇入方账户。这样一方面,通过承诺机制和同态加密机制,可以实现隐私保护;另一方面,通过将交易额承诺、第一承诺随机数密文、第一交易额密文、第二承诺随机数密文和第二交易额密文提交上链,可以实现无需汇入方设备参与便可以顺利完成交易。
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是 本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本说明书实施例一种基于区块链实施交易的示意图;
图2为本说明书实施例一种基于区块链的交易方法的流程图;
图3为本说明书实施例一种基于区块链实施交易的流程图;
图4为本说明书实施例一种基于区块链的交易装置的功能结构图;
图5为本说明书实施例一种汇出方设备的功能结构图。
下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。
请参阅图1和图2。本说明书实施例提供一种基于区块链的交易方法。
在本实施例中,所述区块链(Block Chain),可以是一种按照时间先后顺序,将多个区块数据以链式结构进行组织,并以密码学算法保证安全、可追溯、且不可篡改的分布式账本。所述区块链可以包括公有区块链、联合区块链(也称为联盟区块链)、和私有区块链等。所述区块链可以基于区块链网络来实现。所述区块链网络可以包括P2P网络(peer-to-peer network)等。所述区块链网络可以包括多个区块链节点。各个区块链节点之间共同维护统一的区块链账本。
在本实施例中,所述交易方法可以以汇出方设备为执行主体。所述汇出方设备可以作为一个区块链节点加入所述区块链网络。在所述汇出方设备中可以登录有汇出方账户。所述汇出方账户可以为汇出方在所述区块链中的账户。所述汇出方账户可以具有签名公私钥对、和加密公私钥对。所述签名公私钥对可以包括相关联的签名公钥和签名私钥。所述签名私钥可以用于对待提交给所述区块链的交易数据进行签名。所述签名公钥可以向区块链网络中的其它区块链节点公开,以供其它区块链节点对签名后的交易数据进行验签。所述加密公私钥对可以包括相关联的同态加密公钥和同态加密私钥。所述同态加密公钥可以向区块链网络中的其它区块链节点公开,以供自身和其它区块链节点使用同态加密算法对数据(例如汇出方余额、交易额、汇出方随机数和承诺随机数等)进行加 密。所述同态加密私钥可以用于对加密后的密文进行解密。所述汇出方账户在所述区块链中还可以登记有汇出方余额承诺、汇出方随机数密文和汇出方余额密文。
所述汇出方余额承诺可以由所述汇出方设备基于汇出方随机数和汇出方余额计算得到。所述汇出方随机数可以为所述汇出方账户对应的用于构建汇出方余额承诺的随机数。所述汇出方余额可以为任意类型的资源的余额。所述资源例如可以包括证券、优惠券、房产、虚拟货币、和资金等。具体地,所述汇出方余额承诺可以基于任意类型的具有同态性的承诺机制(Commitment Scheme)来实现,例如Pedersen承诺机制等。以Pedersen承诺机制为例,所述汇出方余额承诺可以基于公式PC(r_A,s_A)=g
r_Ah
s_A计算得到。其中,PC(r_A,s_A)为汇出方余额承诺;r_A为汇出方随机数;s_A为汇出方余额;g和h分别为已知参数。当然,所述汇出方余额承诺也可以由同态加密算法来实现。即,将基于同态加密算法对所述汇出方余额进行加密得到的密文作为汇出方余额承诺。关于所述同态加密算法在后续过程中会有详细介绍。这样一方面,通过在区块链内登记汇出方余额承诺,可以避免直接登记汇出方余额,使得汇出方余额得以隐藏和保密。另一方面,鉴于承诺机制可以支持高效的零知识证明(Zero-Knowledge Proof),汇出方余额承诺可以使得后续过程中涉及汇出方余额的零知识证明(例如后续过程中的第三零知识证明)过程较为高效。
所述汇出方随机数密文可以由所述汇出方设备基于同态加密算法对所述汇出方随机数进行加密得到。所述同态加密算法例如可以包括Paillier算法、Okamoto-Uchiyama算法、和Damgard-Jurik算法等。特别地,相对于Okamoto-Uchiyama算法,Paillier算法和Damgard-Jurik算法更加高效,加密后的密文更短。以Paillier算法为例,所述汇出方随机数密文可以基于公式PA_A(r_A)=u1
r_Ad1
n1计算得到。其中,PA_A(r_A)为汇出方随机数密文;r_A为汇出方随机数;u1和n1分别为所述汇出方账户的同态加密公钥的一部分;d1为同态加密算法使用到的随机数。这样一方面,通过在区块链内登记汇出方随机数,可以避免在链下本地保管汇出方随机数造成的负担。另一方面,通过在区块链内登记汇出方随机数密文,可以避免直接登记汇出方随机数,使得汇出方随机数得以隐藏和保密。
所述汇出方余额密文可以由所述汇出方设备基于同态加密算法对所述汇出方余额进行加密得到。以Paillier算法为例,所述汇出方余额密文可以基于公式PA_A(s_A)=u1
s_Ad2
n1计算得到。其中,PA_A(s_A)为汇出方余额密文;s_A为汇出方余额;u1和n1分别为所述汇出方账户的同态加密公钥的一部分;d2为同态加密算法 使用到的随机数。这样通过在区块链内登记汇出方余额密文,可以避免直接登记汇出方余额,使得汇出方余额得以隐藏和保密。
在本实施例中,所述交易方法可以实现交易额从汇出方账户转移至汇入方账户。所述汇入方账户可以为汇入方在所述区块链中的账户。所述汇入方账户可以在汇入方设备中登录。所述汇入方设备可以作为一个区块链节点加入所述区块链网络。所述交易额可以由汇出方与汇入方协商约定。与所述汇出方账户相类似,所述汇入方账户可以具有签名公私钥对、和加密公私钥对;所述汇入方账户在所述区块链中还可以登记有汇入方余额承诺、汇入方随机数密文和汇入方余额密文。所述汇入方余额承诺可以由所述汇入方设备基于汇入方随机数和汇入方余额计算得到。所述汇入方随机数密文可以由所述汇入方设备基于同态加密算法对所述汇入方随机数进行加密得到。所述汇入方余额密文可以由所述汇入方设备基于同态加密算法对所述汇入方余额进行加密得到。
所述交易方法可以包括以下步骤。需要说明的是,虽然本说明书提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的劳动可以包括更多或者更少的操作步骤。此外实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境)。
步骤S10:根据承诺随机数和校验金额,计算交易额承诺。
在本实施例中,所述承诺随机数可以由所述汇出方设备生成。所述交易额可以由汇出方与汇入方协商约定。所述交易额承诺可以基于任意类型的具有同态性的承诺机制(Commitment Scheme)来实现,例如Pedersen承诺机制等。以Pedersen承诺机制为例,所述交易额承诺可以基于公式PC(r,t)=g
rh
t计算得到。其中,PC(r,t)为交易额承诺;r为承诺随机数;t为交易额;g和h分别为已知参数。当然,所述交易额承诺也可以由同态加密算法来实现。即,将基于同态加密算法对所述交易额进行加密得到的密文作为交易额承诺。这样通过交易额承诺可以实现交易额的隐藏和保密。
步骤S12:根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文。
在本实施例中,所述汇出方设备可以根据汇出方账户的同态加密公钥,使用同态加密算法对所述承诺随机数进行加密,得到第一承诺随机数密文。具体地,所述汇出方设备可以生成一用于同态加密运算的随机数,作为第一加密随机数;可以根据汇出方账户 的同态加密公钥和所述第一加密随机数,使用同态加密算法对所述承诺随机数进行加密,得到第一承诺随机数密文。以Paillier算法为例,所述第一承诺随机数密文可以基于公式PA_A(r)=u1
ry1
n1计算得到。其中,PA_A(r)为第一承诺随机数密文;r为承诺随机数;u1和n1分别为所述汇出方账户的同态加密公钥的一部分;y1为所述第一加密随机数。
在本实施例中,所述汇出方设备可以根据汇出方账户的同态加密公钥,使用同态加密算法对所述交易额进行加密,得到第一交易额密文。具体地,所述汇出方设备可以生成一用于同态加密运算的随机数,作为第二加密随机数;可以根据汇出方账户的同态加密公钥和所述第二加密随机数,使用同态加密算法对所述交易额进行加密,得到第一交易额密文。以Paillier算法为例,所述第一交易额密文可以基于公式PA_A(t)=u1
ty2
n1计算得到。其中,PA_A(t)为第一交易额密文;t为交易额;u1和n1分别为所述汇出方账户的同态加密公钥的一部分;y2为所述第二加密随机数。
步骤S14:根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文。
在本实施例中,所述汇出方设备可以根据汇入方账户的同态加密公钥,使用同态加密算法对所述承诺随机数进行加密,得到第二承诺随机数密文。具体地,所述汇出方设备可以生成一用于同态加密运算的随机数,作为第三加密随机数;可以根据汇入方账户的同态加密公钥和所述第三加密随机数,使用同态加密算法对所述承诺随机数进行加密,得到第二承诺随机数密文。以Paillier算法为例,所述第二承诺随机数密文可以基于公式PA_B(r)=u2
rz1
n2计算得到。其中,PA_B(r)为第二承诺随机数密文;r为承诺随机数;u2和n2分别为所述汇入方账户的同态加密公钥的一部分;z1为所述第三加密随机数。
在本实施例中,所述汇出方设备可以根据汇入方账户的同态加密公钥,使用同态加密算法对所述交易额进行加密,得到第二交易额密文。具体地,所述汇出方设备可以生成一用于同态加密运算的随机数,作为第四加密随机数;可以根据汇入方账户的同态加密公钥和所述第四加密随机数,使用同态加密算法对所述交易额进行加密,得到第二交易额密文。其中,以Paillier算法为例,所述第二交易额密文可以基于公式PA_B(t)=u2
tz2
n2计算得到。PA_B(t)为第二交易额密文;t为交易额;u2和n2分别为所述汇入方账户的同态加密公钥的一部分;z2为所述第四加密随机数。
步骤S16:向所述区块链提交交易数据。
在本实施例中,所述交易数据可以包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文。所述汇出方设备可以向所述区块链提交交易数据;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
具体地,在向所述区块链提交交易数据以后,所述区块链中的共识区块链节点可以基于所述交易额承诺更新所述汇出方余额承诺;可以基于所述第一承诺随机数密文更新所述汇出方随机数密文;可以基于所述第一交易额密文更新所述汇出方余额密文;可以基于所述交易额承诺更新所述汇入方余额承诺;可以基于所述第二承诺随机数密文更新所述汇入方随机数密文;可以基于所述第二交易额密文更新所述汇入方余额密文。其中,所述共识区块链节点可以为基于所述区块链的共识机制确定出的区块链节点。这样可以实现将交易数据记录至区块链网络中各个区块链节点分别维护的区块链账本中,避免发生篡改。
更新后的汇出方余额承诺可以为所述汇出方余额承诺和所述交易额承诺的商。鉴于所述汇出方余额承诺和所述交易额承诺由基于具有同态性的承诺机制来实现,这样可以实现从所述汇出方余额中扣除所述交易额、以及从所述汇出方随机数中扣除所述承诺随机数。例如,所述汇出方余额承诺可以为PC(r_A,s_A)=g
r_Ah
s_A;所述交易额承诺可以为PC(r,t)=g
rh
t;更新后的汇出方余额承诺可以为PC(r_A-r,s_A-t)=PC(r_A,s_A)/PC(r,t)=g
(r_A-r)h
(s_A-t)。
更新后的汇出方随机数密文可以为所述汇出方随机数密文和所述第一承诺随机数密文的商。鉴于所述汇出方随机数密文和所述第一承诺随机数密文由同态加密算法计算得到,这样可以实现从所述汇出方随机数中扣除所述承诺随机数。例如,所述汇出方随机数密文可以为PA_A(r_A)=u1
r_Ad1
n1;所述第一承诺随机数密文可以为PA_A(r)=u1
ry1
n1;更新后的汇出方随机数密文可以为PA_A(r_A-r)=PA_A(r_A)/PA_A(r)=u1
r_A-r(d1/y1)
n1。
更新后的汇出方余额密文可以为所述汇出方余额密文和所述第一交易额密文的商。鉴于所述汇出方余额密文和所述第一交易额密文由同态加密算法计算得到,这样可以实现从所述汇出方余额中扣除所述交易额。例如,所述汇出方余额密文可以为 PA_A(s_A)=u1
s_Ad2
n1;所述第一交易额密文可以为PA_A(t)=u1
ty2
n1;更新后的汇出方余额密文可以为PA_A(s_A-t)=PA_A(s_A)/PA_A(t)=u1
s_A-t(d2/y2)
n1。
更新后的汇入方余额承诺可以为所述汇入方余额承诺和所述交易额承诺的积。鉴于所述汇入方余额承诺和所述交易额承诺由基于具有同态性的承诺机制来实现,这样可以实现在所述汇入方余额中增加所述交易额、以及在所述汇入方随机数中增加所述承诺随机数。例如,所述汇入方余额承诺可以为PC(r_B,s_B)=g
r_Bh
s_B;所述交易额承诺可以为PC(r,t)=g
rh
t;更新后的汇入方余额承诺可以为PC(r_B+r,s_B+t)=PC(r_B,s_B)PC(r,t)=g
(r_B+r)h
(s_B+t)。其中,r_B为汇入方随机数;s_B为汇入方余额;g和h分别为已知参数。
更新后的汇入方随机数密文可以为所述汇入方随机数密文和所述第二承诺随机数密文的积。鉴于所述汇入方随机数密文和所述第二承诺随机数密文由同态加密算法计算得到,这样可以实现在所述汇入方随机数中增加所述承诺随机数。例如,所述汇入方随机数密文可以为PA_B(r_B)=u2
r_Bf1
n2;所述第二承诺随机数密文可以为PA_B(r)=u2
rz1
n2;更新后的汇入方随机数密文可以为PA_B(r_B+r)=PA_B(r_B)PA_B(r)=u2
r_B+r(f1z1)
n2。其中,r_B为汇入方随机数;f1为同态加密算法使用到的随机数。
更新后的汇入方余额密文可以为所述汇入方余额密文和所述第二交易额密文的积。鉴于所述汇入方余额密文和所述第二交易额密文由同态加密算法计算得到,这样可以实现在所述汇入方余额中增加所述交易额。例如,所述汇入方余额密文可以为PA_B(s_B)=u2
s_Bf2
n2;所述第二交易额密文可以为PA_B(t)=u2
tz2
n2;更新后的汇入方余额密文可以为PA_B(s_B+t)=PA_B(s_B)PA_B(t)=u2
s_B+t(f2z2)
n2。其中,s_B为汇入方余额;f2为同态加密算法使用到的随机数。
在本实施例的一个实施方式中,所述汇出方设备还可以基于零知识证明技术,生成第一零知识证明;可以在所述交易数据中添加所述第一零知识证明;以供共识区块链节点验证:所述交易额不小于0。所述零知识证明技术例如可以基于zkSNARK方案实现。进一步地,所述零知识证明技术可以包括区间证明技术(Range Proof)。如此所述汇出方设备可以基于所述区间证明技术,生成第一区间证明;可以在所述交易数据中添加所述第一区间证明;以供共识区块链节点验证:所述交易额不小于0。所述区间证明技术例如可以基于Bulletproofs方案或Borromean环签名方案实现。
在本实施例的一个实施方式中,所述汇出方设备还可以基于零知识证明技术,生成第二零知识证明;可以在所述交易数据中添加所述第二零知识证明;以供共识区块链节点验证:所述交易额不大于汇出方余额。进一步地,所述零知识证明技术可以包括区间证明技术。如此所述汇出方设备可以基于所述区间证明技术,生成第二区间证明;可以在所述交易数据中添加所述第二区间证明;以供共识区块链节点验证:所述交易额不大于汇出方余额。
在本实施例的一个实施方式中,所述汇出方设备还可以基于零知识证明技术,生成第三零知识证明;可以在所述交易数据中添加所述第三零知识证明;以供共识区块链节点验证:用于计算交易额承诺的承诺随机数与用于计算第二承诺随机数密文的承诺随机数一致、且用于计算交易额承诺的交易额与用于计算第二交易额密文的交易额一致;避免将不一致的承诺随机数记入汇出方账户和汇入方账户、以及将不一致的交易额记入汇出方账户和汇入方账户。
例如,所述第三零知识证明可以为(C,D,E,a,b,c,d)。其中,
x=Hash(C,D,E);a=r
*+xr;b=t
*+xt;c=z1
*z1
x;d=z2
*z2
x。其中,r
*、t
*、z1
*、z2
*为所述汇出方设备生成的随机数,分别与承诺随机数r、交易额t、第三加密随机数z1、第四加密随机数z2相对应;Hash表示哈希运算。
共识区块链节点可以在验证g
ah
b==CT
x、u2
ac
n2==DM
x、u2
bd
n2==EN
x同时成立时认为:用于计算交易额承诺的承诺随机数与用于计算第二承诺随机数密文的承诺随机数一致、且用于计算交易额承诺的交易额与用于计算第二交易额密文的交易额一致。其中,T为交易额承诺PC(r,t);M为第二承诺随机数密文PA_B(r);N为第二交易额密文PA_B(t)。
在本实施例的一个实施方式中,所述汇出方设备可以根据第一承诺随机数和交易额,计算第一交易额承诺;可以根据第二承诺随机数和所述交易额,计算第二交易额承诺。所述第一承诺随机数和所述第二承诺随机数可以由所述汇出方设备生成。所述第一交易额承诺可以对应待从汇出方账户转移出的交易额;所述第二交易额承诺可以对应待转移至汇入方账户的交易额。这样可以对待从汇出方账户转移出的交易额和待转移至汇入方账户的交易额进行区分。
所述汇出方设备可以根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述第一承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文; 可以根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述第二承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;可以向所述区块链提交交易数据。所述交易数据可以包括所述第一交易额承诺、所述第二交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述第一交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述第二交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
具体地,在向所述区块链提交交易数据以后,所共识区块链节点可以基于所述第一交易额承诺更新所述汇出方余额承诺;可以基于所述第一承诺随机数密文更新所述汇出方随机数密文;可以基于所述第一交易额密文更新所述汇出方余额密文;可以基于所述第二交易额承诺更新所述汇入方余额承诺;可以基于所述第二承诺随机数密文更新所述汇入方随机数密文;可以基于所述第二交易额密文更新所述汇入方余额密文。
更新后的汇出方余额承诺可以为所述汇出方余额承诺和所述第一交易额承诺的商;更新后的汇出方随机数密文可以为所述汇出方随机数密文和所述第一承诺随机数密文的商;更新后的汇出方余额密文可以为所述汇出方余额密文和所述第一交易额密文的商;更新后的汇入方余额承诺可以为所述汇入方余额承诺和所述第二交易额承诺的积;更新后的汇入方随机数密文可以为所述汇入方随机数密文和所述第二承诺随机数密文的积;更新后的汇入方余额密文可以为所述汇入方余额密文和所述第二交易额密文的积。
进一步地,所述汇出方设备还可以基于零知识证明技术,生成第四零知识证明;可以在所述交易数据中添加所述第四零知识证明;以供共识区块链节点验证:用于计算第一交易额承诺的交易额与用于计算第二交易额承诺的交易额一致;从而避免从汇出方账户转移出的交易额和转移至汇入方账户的交易额不一致。
在本实施例的一个实施方式中,所述汇出方设备还可以使用所述汇出方账户的签名私钥对所述交易数据进行签名,得到签名数据;可以在所述交易数据中添加所述签名数据;以供共识区块链节点进行签名验证。
在本实施例中,通过承诺机制和同态加密机制,可以得到交易额承诺、第一承诺随机数密文、第一交易额密文、第二承诺随机数密文和第二交易额密文;可以将所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文提交上链;以便于将交易额承诺、第一承诺随机数密文和第一交易额密文记入汇出方账户,以及将交易额承诺、第二承诺随机数密文和第二交易额密文记 入汇入方账户。这样一方面,通过承诺机制和同态加密机制,可以对交易额等交易信息实现隐私保护;另一方面,通过将交易额承诺、第一承诺随机数密文、第一交易额密文、第二承诺随机数密文和第二交易额密文提交上链,可以实现无需汇入方设备参与便可以在区块链上顺利完成交易。因此本实施例可以在非交互条件下实现隐私保护。
进一步地,所述汇出方账户可以在所述区块链中登记有汇出方余额承诺、汇出方随机数密文和汇出方余额密文;所述汇入方账户可以在所述区块链中登记有汇入方余额承诺、汇入方随机数密文和汇入方余额密文。这样一方面,可以对账户余额、交易额均实现隐私保护;另一方面,通过在链上登记汇出方随机数密文和汇入方随机数密文,还可以避免在链下本地保管汇出方随机数和汇入方随机数造成的负担,免去丢失风险。
请参阅图1、图2和图3。为了便于理解,以下介绍本说明书实施例的一个场景示例。
在本实施例中,假定汇出方账户可以为Account_A。所述汇出方账户Account_A可以具有签名公私钥对和加密公私钥对。所述汇出方账户Account_A在所述区块链中还可以登记有汇出方余额承诺PC(r_A,s_A)=g
r_Ah
s_A、汇出方随机数密文PA_A(r_A)=u1
r_Ad1
n1、汇出方余额密文PA_A(s_A)=u1
s_Ad2
n1。其中,r_A为汇出方随机数;s_A为汇出方余额;g和h分别为已知参数;u1和n1分别为汇出方账户的同态加密公钥的一部分;d1和d2分别为同态加密算法使用到的随机数。
假定汇入方账户可以为Account_B。所述汇出方账户Account_B可以具有签名公私钥对和加密公私钥对。所述汇出方账户Account_B在所述区块链中还可以登记有汇入方余额承诺PC(r_B,s_B)=g
r_Bh
s_B、汇入方随机数密文PA_B(r_B)=u2
r_Bf1
n2、汇入方余额密文PA_B(s_B)=u2
s_Bf2
n2。其中,r_B为汇入方随机数;s_B为汇入方余额;g和h分别为已知参数;u2和n2分别为汇入方账户的同态加密公钥的一部分;f1和f2分别为同态加密算法使用到的随机数。
在本实施例中,本场景示例的交易可以实现从汇出方账户Account_A中转移交易额t至汇入方账户Account_B。具体地,汇出方设备可以生成承诺随机数r、第一加密随机数y1、第二加密随机数y2、第三加密随机数z1、第四加密随机数z2。所述汇出方设备可以根据承诺随机数r和交易额t,计算交易额承诺PC(r,t)=g
rh
t;可以根据第一加密随机数y1和汇出方账户的同态加密公钥,使用同态加密算法对承诺随机数r进行加密,得到第一承诺随机数密文PA_A(r)=u1
ry1
n1;可以根据第二加密随机数y2和汇出方账户的同态加密公钥,使用同态加密算法对交易额t进行加密,得到第一交易额密文 PA_A(t)=u1
ty2
n1;可以根据第三加密随机数z1和汇入方账户的同态加密公钥,使用同态加密算法对承诺随机数r进行加密,得到第二承诺随机数密文PA_B(r)=u2
rz1
n2;可以根据第四加密随机数z2和汇入方账户的同态加密公钥,使用同态加密算法对交易额t进行加密,得到第二交易额密文PA_B(t)=u2
tz2
n2。
在本实施例中,所述汇出方设备可以生成第一零知识证明RP1、第二零知识证明RP2和第三零知识证明RP3。所述第一零知识证明RP1可以用于验证:t≥0。所述第二零知识证明RP2可以用于验证:s_A-t≥0。所述第三零知识证明RP3可以用于验证:PC(r,t)中的承诺随机数r与PA_B(r)中的承诺随机数r一致、且PC(r,t)中的交易额t与PA_B(t)中的交易额t一致。
在本实施例中,所述汇出方设备可以使用汇出方账户的签名私钥对[PC(r,t)、PA_A(r)、PA_A(t)、PA_B(r)、PA_B(t)、RP1、RP2、RP3]进行签名,得到签名数据SIG;可以向区块链提交交易数据[PC(r,t)、PA_A(r)、PA_A(t)、PA_B(r)、PA_B(t)、RP1、RP2、RP3、SIG]。
在本实施例中,所述区块链可以根据共识机制确定出共识区块链节点。所述共识区块链节点可以利用相关技术中的防双花或防重放机制,验证该交易是否已经执行过。如果已经执行过,所述共识区块链节点可以拒绝该交易。
如果未执行过,所述共识区块链节点可以验证交易数据中的签名数据SIG是否正确。如果不正确,所述共识区块链节点可以拒绝该交易。
如果正确,所述共识区块链节点可以对交易数据中的第一零知识证明RP1进行检查,以验证是否满足t≥0。如果不满足,所述共识区块链节点可以拒绝该交易。
如果满足,所述共识区块链节点可以对交易数据中的第二零知识证明RP2进行检查,以验证是否满足s_A-t≥0。如果不满足,所述共识区块链节点可以拒绝该交易。
如果满足,所述共识区块链节点可以对交易数据中的第三零知识证明RP3进行检查,以验证是否满足:PC(r,t)中的承诺随机数r与PA_B(r)中的承诺随机数r一致、且PC(r,t)中的交易额t与PA_B(t)中的交易额t一致。如果不满足,所述共识区块链节点可以拒绝该交易。
如果满足,所述共识区块链节点可以更新汇出方余额承诺PC(r_A,s_A)、汇出方随机数密文PA_A(r_A)、汇出方余额密文PA_A(s_A)、汇入方余额承诺PC(r_B,s_B)、汇入方随机数密文PA_B(r_B)、汇入方余额密文PA_B(s_B)。具体 地,更新后的汇出方余额承诺可以为PC(r_A-r,s_A-t)=PC(r_A,s_A)/PC(r,t)=g
(r_A-r)h
(s_A-t);更新后的汇出方随机数密文可以为PA_A(r_A-r)=PA_A(r_A)/PA_A(r)=u1
r_A-r(d1/y1)
n1;更新后的汇出方余额密文可以为PA_A(s_A-t)=PA_A(s_A)/PA_A(t)=u1
s_A-t(d2/y2)
n1;更新后的汇入方余额承诺可以为PC(r_B+r,s_B+t)=PC(r_B,s_B)PC(r,t)=g
(r_B+r)h
(s_B+t);更新后的汇入方随机数密文可以为PA_B(r_B+r)=PA_B(r_B)PA_B(r)=u2
r_B+r(f1z1)
n2;更新后的汇入方余额密文可以为PA_B(s_B+t)=PA_B(s_B)PA_B(t)=u2
s_B+t(f2z2)
n2。
请参阅图4。本说明书实施例还提供一种基于区块链的交易装置。所述交易装置可以包括以下单元。
计算单元20,用于根据承诺随机数和交易额,计算交易额承诺;
第一加密单元22,用于根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;
第二加密单元24,用于根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;
提交单元26,用于向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
请参阅图5。本说明书实施例还提供一种汇出方设备。所述汇出方设备可以包括存储器和处理器。
在本实施例中,所述存储器可以按任何适当的方式实现。例如,所述存储器可以为只读存储器、机械硬盘、固态硬盘、或U盘等。所述存储器可以用于存储计算机指令。
在本实施例中,所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述处理 器可以执行所述计算机指令实现以下步骤:
根据承诺随机数和交易额,计算交易额承诺;
根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;
根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;
向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同或相似的部分互相参见即可,每个实施例重点说明的都是与其它实施例的不同之处。尤其,对于装置实施例和设备实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。
本领域技术人员在阅读本说明书文件之后,可以无需创造性劳动想到将本说明书列举的部分或全部实施例进行任意组合,这些组合也在本说明书公开和保护的范围内。
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片2。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也 并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog2。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。
通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到本说明书可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本说明书的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本说明书各个实施例或者实施例的某些部分所述的方法。
本说明书可用于众多通用或专用的计算机系统环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器系统、基于微处理器的系统、置顶盒、可编程的消费电子设备、网络PC、小型计算机、大型计算机、包括以上任何系统或设备的分布式计算环境等等。
本说明书可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。
虽然通过实施例描绘了本说明书,本领域普通技术人员知道,本说明书有许多变形和变化而不脱离本说明书的精神,希望所附的权利要求包括这些变形和变化而不脱离本说明书的精神。
Claims (14)
- 一种基于区块链的交易方法,包括:根据承诺随机数和交易额,计算交易额承诺;根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
- 如权利要求1所述的方法,所述汇出方账户在所述区块链中登记有汇出方余额承诺、汇出方随机数密文和汇出方余额密文;其中,所述汇出方余额承诺基于汇出方随机数和汇出方余额计算得到;所述汇出方随机数密文由同态加密算法基于所述汇出方随机数计算得到;所述汇出方余额密文由同态加密算法基于所述汇出方余额计算得到;所述汇入方账户在所述区块链中登记有汇入方余额承诺、汇入方随机数密文和汇入方余额密文;其中,所述汇入方余额承诺基于汇入方随机数和汇入方余额计算得到;所述汇入方随机数密文由同态加密算法基于所述汇入方随机数计算得到;所述汇入方余额密文由同态加密算法基于所述汇入方余额计算得到。
- 如权利要求2所述的方法,采用如下方式将所述交易额承诺、所述第一交易密文和所述第一承诺随机数密文记入所述汇出方账户:基于所述交易额承诺更新所述汇出方余额承诺,基于所述第一承诺随机数密文更新所述汇出方随机数密文,基于所述第一交易额密文更新所述汇出方余额密文;采用如下方式将所述交易额承诺、所述第二交易密文和所述第二承诺随机数密文记入所述汇入方账户:基于所述交易额承诺更新所述汇入方余额承诺,基于所述第二承诺随机数密文更新所述汇入方随机数密文,基于所述第二交易额密文更新所述汇入方余额密文。
- 如权利要求3所述的方法,更新后的汇出方余额承诺为所述汇出方余额承诺和所述交易额承诺的商;更新后的汇出方随机数密文为所述汇出方随机数密文和所述第一承诺随机数密文的商;更新后的汇出方余额密文为所述汇出方余额密文和所述第一交易 额密文的商;更新后的汇入方余额承诺为所述汇入方余额承诺和所述交易额承诺的积;更新后的汇入方随机数密文为所述汇入方随机数密文和所述第二承诺随机数密文的积;更新后的汇入方余额密文为所述汇入方余额密文和所述第二交易额密文的积。
- 如权利要求1所述的方法,所述根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文,包括:根据第一加密随机数和汇出方账户的同态加密公钥,使用同态加密算法对所述承诺随机数进行加密,得到第一承诺随机数密文;根据第二加密随机数和汇出方账户的同态加密公钥,使用同态加密算法对所述交易额进行加密,得到第一交易额密文。
- 如权利要求1所述的方法,所述根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文,包括:根据第三加密随机数和汇入方账户的同态加密公钥,使用同态加密算法对所述承诺随机数进行加密,得到第二承诺随机数密文;根据第四加密随机数和汇入方账户的同态加密公钥,使用同态加密算法对所述交易额进行加密,得到第二交易额密文。
- 如权利要求1所述的方法,在向所述区块链提交交易数据之前,所述方法还包括:生成第一零知识证明;所述第一零知识证明用于验证:所述交易额不小于0;相应地,所述交易数据还包括所述第一零知识证明。
- 如权利要求1所述的方法,在向所述区块链提交交易数据之前,所述方法还包括:生成第二零知识证明;所述第二零知识证明用于验证:所述交易额不大于汇出方余额;相应地,所述交易数据还包括所述第二零知识证明。
- 如权利要求1所述的方法,在向所述区块链提交交易数据之前,所述方法还包括:生成第三零知识证明;所述第三零知识证明用于验证:用于计算交易额承诺的承诺随机数与用于计算第二承诺随机数密文的承诺随机数一致、且用于计算交易额承诺的交 易额与用于计算第二交易额密文的交易额一致;相应地,所述交易数据还包括所述第三零知识证明。
- 如权利要求1所述的方法,在向所述区块链提交交易数据之前,所述方法还包括:使用所述汇出方账户的签名私钥对所述交易数据进行签名,得到签名数据;相应地,所述交易数据还包括所述签名数据。
- 如权利要求1所述的方法,所述根据承诺随机数和交易额,计算交易额承诺,包括:根据第一承诺随机数和交易额,构建第一交易额承诺;根据第二承诺随机数和所述交易额,构建第二交易额承诺;所述根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述交易额和所述承诺随机数进行加密,得到第一交易额密文和第一承诺随机数密文,包括:根据汇出方账户的同态加密公钥,使用同态加密算法分别对所述交易额和所述第一承诺随机数进行加密,得到第一交易额密文和第一承诺随机数密文;所述根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述交易额和所述承诺随机数进行加密,得到第二交易额密文和第二承诺随机数密文,包括:根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述交易额和所述第二承诺随机数进行加密,得到第二交易额密文和第二承诺随机数密文;相应地,所述交易数据包括所述第一交易额承诺、所述第二交易额承诺、所述第一交易额密文、所述第一承诺随机数密文、所述第二交易额密文和所述第二承诺随机数密文;以便于将所述第一交易额承诺、所述第一交易密文和所述第一承诺随机数密文记入所述汇出方账户,以及将所述第二交易额承诺、所述第二交易密文和所述第二承诺随机数密文记入所述汇入方账户。
- 如权利要求11所述的方法,在向所述区块链提交交易数据之前,所述方法还包括:生成第四零知识证明;所述第四零知识证明用于验证:用于计算第一交易额承诺的交易额与用于计算第二交易额承诺的交易额一致;相应地,所述交易数据还包括所述第四零知识证明。
- 一种基于区块链的交易装置,包括:计算单元,用于根据承诺随机数和交易额,计算交易额承诺;第一加密单元,用于根据汇出方账户的同态加密公钥,使用同态加密算法分别对所 述承诺随机数和所述交易额进行加密,得到第一承诺随机数密文和第一交易额密文;第二加密单元,用于根据汇入方账户的同态加密公钥,使用同态加密算法分别对所述承诺随机数和所述交易额进行加密,得到第二承诺随机数密文和第二交易额密文;提交单元,用于向所述区块链提交交易数据;所述交易数据包括所述交易额承诺、所述第一承诺随机数密文、所述第一交易额密文、所述第二承诺随机数密文和所述第二交易额密文;以便于将所述交易额承诺、所述第一承诺随机数密文和所述第一交易额密文记入所述汇出方账户,以及将所述交易额承诺、所述第二承诺随机数密文和所述第二交易额密文记入所述汇入方账户。
- 一种汇出方设备,包括:存储器,用于存储计算机指令;处理器,用于执行计算机指令以实现如权利要求1-12中任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19863433.9A EP3779848B1 (en) | 2018-09-20 | 2019-08-15 | Blockchain-based transaction method and device, and remitting apparatus |
SG11202010527UA SG11202010527UA (en) | 2018-09-20 | 2019-08-15 | Blockchain-based transaction method and apparatus, and remitter device |
US17/079,362 US11032077B2 (en) | 2018-09-20 | 2020-10-23 | Blockchain-based transaction method and apparatus, and remitter device |
US17/317,727 US12021993B2 (en) | 2018-09-20 | 2021-05-11 | Blockchain-based transaction method and apparatus, and remitter device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811101747.0 | 2018-09-20 | ||
CN201811101747.0A CN109584055B (zh) | 2018-09-20 | 2018-09-20 | 基于区块链的交易方法、装置和汇出方设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/079,362 Continuation US11032077B2 (en) | 2018-09-20 | 2020-10-23 | Blockchain-based transaction method and apparatus, and remitter device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020057302A1 true WO2020057302A1 (zh) | 2020-03-26 |
Family
ID=65919811
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/100691 WO2020057302A1 (zh) | 2018-09-20 | 2019-08-15 | 基于区块链的交易方法、装置和汇出方设备 |
Country Status (6)
Country | Link |
---|---|
US (2) | US11032077B2 (zh) |
EP (1) | EP3779848B1 (zh) |
CN (2) | CN111833186B (zh) |
SG (1) | SG11202010527UA (zh) |
TW (1) | TWI698115B (zh) |
WO (1) | WO2020057302A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111815322A (zh) * | 2020-06-08 | 2020-10-23 | 北京邮电大学 | 一种基于以太坊的具备可选隐私服务的分布式支付方法 |
CN112801785A (zh) * | 2021-01-13 | 2021-05-14 | 中央财经大学 | 基于区块链智能合约的公平数据交易方法及装置 |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111783114B (zh) | 2018-08-06 | 2024-04-02 | 创新先进技术有限公司 | 区块链交易方法及装置、电子设备 |
CN112651740B (zh) * | 2018-08-30 | 2024-10-29 | 蚂蚁链技术有限公司 | 区块链交易方法及装置、电子设备 |
CN111833186B (zh) * | 2018-09-20 | 2024-11-01 | 蚂蚁链技术有限公司 | 基于区块链的交易方法、装置和节点设备 |
CN111833057B (zh) | 2018-09-30 | 2024-10-29 | 蚂蚁链技术有限公司 | 基于区块链的交易方法、装置和节点设备 |
KR102348768B1 (ko) * | 2018-11-07 | 2022-01-06 | 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. | 동형 암호화를 이용한 블록체인 데이터 보호 |
BR112019008148B1 (pt) * | 2018-11-07 | 2021-08-10 | Advanced New Technologies Co., Ltd | Método implementado por computador e sistema para a implementação de um método |
KR102146757B1 (ko) * | 2018-11-08 | 2020-08-21 | 한국스마트인증 주식회사 | 익명성 보장 및 시빌 공격 방지가 가능한, 의사 표시 확인 방법, 신원 확인 정보 저장 모듈의 등록 및 인증 방법 |
JP6871380B2 (ja) | 2018-12-29 | 2021-05-12 | アドバンスド ニュー テクノロジーズ カンパニー リミテッド | 情報保護のシステム及び方法 |
CN110147994B (zh) * | 2019-04-13 | 2020-12-22 | 山东公链信息科技有限公司 | 一种基于同态加密的区块链的即时执行方法 |
US11115188B2 (en) | 2019-04-29 | 2021-09-07 | Advanced New Technologies Co., Ltd. | Blockchain-based data processing method, apparatus, and blockchain node |
CN110263580B (zh) * | 2019-04-29 | 2021-03-23 | 创新先进技术有限公司 | 基于区块链的数据处理方法、装置和区块链节点 |
CN110223063B (zh) * | 2019-05-07 | 2023-06-20 | 平安科技(深圳)有限公司 | 基于零知识证明的供应链数据管理方法及装置 |
CN110414961A (zh) * | 2019-06-21 | 2019-11-05 | 深圳壹账通智能科技有限公司 | 防止追踪交易转出方的转账方法、装置、设备及存储介质 |
CN110730186A (zh) * | 2019-10-22 | 2020-01-24 | 全链通有限公司 | 基于区块链的Token发放方法、记账节点及介质 |
EP4052412A1 (en) * | 2019-10-30 | 2022-09-07 | Via Science, Inc. | Secure outsourcing of a multiplication |
WO2021081866A1 (zh) * | 2019-10-31 | 2021-05-06 | 深圳市网心科技有限公司 | 基于账户模型的交易方法、装置、系统和存储介质 |
CN111160908B (zh) * | 2019-12-31 | 2023-11-17 | 深圳市迅雷网络技术有限公司 | 基于区块链的供应链交易隐私保护系统、方法及相关设备 |
CN111079190A (zh) * | 2019-12-31 | 2020-04-28 | 深圳市网心科技有限公司 | 区块链供应链交易隐藏动态监管系统及方法 |
US20220020018A1 (en) * | 2020-02-28 | 2022-01-20 | Polymath Inc. | Cryptographic encryption protocol for data types and values |
CN111526219B (zh) | 2020-07-03 | 2021-02-09 | 支付宝(杭州)信息技术有限公司 | 一种联盟链的共识方法及联盟链系统 |
CN113347008B (zh) * | 2021-08-05 | 2021-11-26 | 南京可信区块链与算法经济研究院有限公司 | 一种加法同态加密的贷款信息存储方法 |
CN113643134B (zh) * | 2021-08-24 | 2023-08-25 | 杭州云象网络技术有限公司 | 基于多密钥同态加密的物联网区块链交易方法及系统 |
CN114580029A (zh) * | 2022-04-28 | 2022-06-03 | 浙江甲骨文超级码科技股份有限公司 | 一种区块链数字资产隐私保护方法、装置、设备及存储介质 |
CN114826554B (zh) * | 2022-07-01 | 2022-09-13 | 国网区块链科技(北京)有限公司 | 一种基于区块链的电价隐私保护方法、系统及存储介质 |
CN115473647A (zh) * | 2022-08-04 | 2022-12-13 | 西安电子科技大学 | 一种交易隐私保护方法以及装置 |
CN117391726A (zh) * | 2023-12-06 | 2024-01-12 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | 一种基于区块链的可信能源数据交易方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170149563A1 (en) * | 2013-05-29 | 2017-05-25 | International Business Machines Corporation | Method for deriving a verification token from a credential |
CN107833135A (zh) * | 2017-10-30 | 2018-03-23 | 中山大学 | 一种基于区块链的公平电子投票协议 |
CN108009441A (zh) * | 2017-11-23 | 2018-05-08 | 阿里巴巴集团控股有限公司 | 资源转移和资金转移的方法和装置 |
CN109584055A (zh) * | 2018-09-20 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 基于区块链的交易方法、装置和汇出方设备 |
CN109583886A (zh) * | 2018-09-30 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 基于区块链的交易方法、装置和汇出方设备 |
Family Cites Families (98)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2855343B1 (fr) | 2003-05-20 | 2005-10-07 | France Telecom | Procede de signature electronique de groupe avec anonymat revocable, equipements et programmes pour la mise en oeuvre du procede |
JP5044927B2 (ja) * | 2003-11-10 | 2012-10-10 | イーベイ インク. | 複数の当事者間における少額決済の円滑化 |
US7568615B2 (en) | 2005-08-24 | 2009-08-04 | E-Cash Financial, Inc. | Electronic transfer of hard currency |
US20090177591A1 (en) * | 2007-10-30 | 2009-07-09 | Christopher Thorpe | Zero-knowledge proofs in large trades |
US8498415B2 (en) | 2007-11-27 | 2013-07-30 | Bon K. Sy | Method for preserving privacy of a reputation inquiry in a peer-to-peer communication environment |
US20100078471A1 (en) | 2008-09-30 | 2010-04-01 | Apple Inc. | System and method for processing peer-to-peer financial transactions |
US8744077B2 (en) * | 2008-10-28 | 2014-06-03 | International Business Machines Corporation | Cryptographic encoding and decoding of secret data |
US8630422B2 (en) | 2009-11-10 | 2014-01-14 | International Business Machines Corporation | Fully homomorphic encryption method based on a bootstrappable encryption scheme, computer program and apparatus |
WO2012067214A1 (ja) | 2010-11-15 | 2012-05-24 | 日本電気株式会社 | 情報処理装置、情報処理方法、及び、プログラム |
US9083526B2 (en) | 2011-04-29 | 2015-07-14 | International Business Machines Corporation | Fully homomorphic encryption |
US9569771B2 (en) | 2011-04-29 | 2017-02-14 | Stephen Lesavich | Method and system for storage and retrieval of blockchain blocks using galois fields |
AU2011213908A1 (en) | 2011-08-26 | 2013-03-14 | The Carapace Limited | Improvements in or related to purchasing and/or performing financial transactions using a mobile phone |
US20130238488A1 (en) | 2012-03-07 | 2013-09-12 | Clearxchange, Llc | System and method for transferring funds |
US8676700B2 (en) | 2012-03-26 | 2014-03-18 | Depositslips Llc | Methods and systems for handling currency |
US10102510B2 (en) | 2012-11-28 | 2018-10-16 | Hoverkey Ltd. | Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key |
CN103903129B (zh) | 2012-12-28 | 2017-11-24 | 北京握奇数据系统有限公司 | 一种基于短信方式实现的汇款系统及方法 |
WO2015042548A1 (en) | 2013-09-20 | 2015-03-26 | Visa International Service Association | Secure remote payment transaction processing including consumer authentication |
KR101450013B1 (ko) | 2013-12-20 | 2014-10-13 | 주식회사 시큐브 | 빠른 응답 코드를 이용한 인증 시스템 및 방법 |
WO2015123691A1 (en) | 2014-02-14 | 2015-08-20 | Boemi Andrew A | Mobile device payment system and method |
CN104144379B (zh) | 2014-04-22 | 2016-04-13 | 腾讯科技(深圳)有限公司 | 业务数据处理方法、用户终端和业务终端 |
US10599999B2 (en) | 2014-06-02 | 2020-03-24 | Yottamine Analytics, Inc. | Digital event profile filters based on cost sensitive support vector machine for fraud detection, risk rating or electronic transaction classification |
IL234613A0 (en) | 2014-09-11 | 2014-12-02 | Google Inc | Exchange consolidated and encrypted transaction information with a transaction information provider |
US20160162897A1 (en) | 2014-12-03 | 2016-06-09 | The Filing Cabinet, LLC | System and method for user authentication using crypto-currency transactions as access tokens |
CN107408174B (zh) | 2015-01-30 | 2021-10-01 | E·马伊姆 | 用于管理安全实体的连网承诺的系统和方法 |
US11687885B2 (en) | 2015-02-27 | 2023-06-27 | Visa International Service Association | Transaction signing utilizing asymmetric cryptography |
US20160275461A1 (en) | 2015-03-20 | 2016-09-22 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
US20160321751A1 (en) | 2015-04-28 | 2016-11-03 | Domus Tower, Inc. | Real-time settlement of securities trades over append-only ledgers |
US10812274B2 (en) * | 2015-05-07 | 2020-10-20 | Blockstream Corporation | Transferring ledger assets between blockchains via pegged sidechains |
US9870562B2 (en) | 2015-05-21 | 2018-01-16 | Mastercard International Incorporated | Method and system for integration of market exchange and issuer processing for blockchain-based transactions |
US11062303B2 (en) * | 2015-06-08 | 2021-07-13 | Blockstream Corporation | Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction |
US10558996B2 (en) | 2015-06-09 | 2020-02-11 | Fidelity National Information Services, Llc | Methods and systems for regulating operation of units using encryption techniques associated with a blockchain |
JP6483827B2 (ja) | 2015-07-13 | 2019-03-13 | 日本電信電話株式会社 | 契約合意方法、合意検証方法、契約合意システム、合意検証装置、契約合意装置、契約合意プログラム及び合意検証プログラム |
US10339523B2 (en) | 2015-07-14 | 2019-07-02 | Fmr Llc | Point-to-point transaction guidance apparatuses, methods and systems |
US20170048209A1 (en) | 2015-07-14 | 2017-02-16 | Fmr Llc | Crypto Key Recovery and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems |
WO2017011601A1 (en) | 2015-07-14 | 2017-01-19 | Fmr Llc | Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems |
US10402792B2 (en) | 2015-08-13 | 2019-09-03 | The Toronto-Dominion Bank | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers |
US20170076286A1 (en) * | 2015-09-11 | 2017-03-16 | Bank Of America Corporation | Controlling access to data |
WO2017054985A1 (en) | 2015-09-30 | 2017-04-06 | British Telecommunications Public Limited Company | Access control |
KR101637854B1 (ko) | 2015-10-16 | 2016-07-08 | 주식회사 코인플러그 | 블록체인을 기반으로 하는 공인인증서 발급시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 발급방법 및 블록체인을 기반으로 하는 공인인증서 인증시스템과 이를 이용한 블록체인을 기반으로 하는 공인인증서 인증방법 |
US20180253702A1 (en) | 2015-11-24 | 2018-09-06 | Gartland & Mellina Group | Blockchain solutions for financial services and other transactions-based industries |
EP3384448B1 (en) | 2015-11-30 | 2020-10-14 | Shapeshift AG | Systems and methods for improving security in blockchain-asset exchange |
US20170236123A1 (en) | 2016-02-16 | 2017-08-17 | Blockstack Inc. | Decentralized processing of global naming systems |
EP3259725B1 (en) * | 2016-02-23 | 2020-06-10 | Nchain Holdings Limited | Universal tokenisation system for blockchain-based cryptocurrencies |
NZ746878A (en) | 2016-04-01 | 2022-11-25 | Jpmorgan Chase Bank Na | Systems and methods for providing data privacy in a private distributed ledger |
US10460367B2 (en) | 2016-04-29 | 2019-10-29 | Bank Of America Corporation | System for user authentication based on linking a randomly generated number to the user and a physical item |
US10333705B2 (en) | 2016-04-30 | 2019-06-25 | Civic Technologies, Inc. | Methods and apparatus for providing attestation of information using a centralized or distributed ledger |
US10046228B2 (en) | 2016-05-02 | 2018-08-14 | Bao Tran | Smart device |
US10022613B2 (en) | 2016-05-02 | 2018-07-17 | Bao Tran | Smart device |
KR101780636B1 (ko) | 2016-05-16 | 2017-09-21 | 주식회사 코인플러그 | 인증 정보의 발급 방법 및 이를 지원하는 블록체인기반 인증 정보 관리 서버 |
US9967096B2 (en) | 2016-05-23 | 2018-05-08 | Accenture Global Solutions Limited | Rewritable blockchain |
US10063379B2 (en) | 2016-06-16 | 2018-08-28 | The Bank Of New York Mellon | Distributed, centrally authored block chain network |
US10181050B2 (en) | 2016-06-21 | 2019-01-15 | Mastercard International Incorporated | Method and system for obfuscation of granular data while retaining data privacy |
JP6663809B2 (ja) | 2016-07-07 | 2020-03-13 | 株式会社日立製作所 | 監査装置、監査機能付匿名送金方法及びプログラム |
US10148646B2 (en) | 2016-07-20 | 2018-12-04 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using tokenized authentication techniques |
US10057255B2 (en) | 2016-07-20 | 2018-08-21 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using multi-device authentication techniques |
KR102665646B1 (ko) | 2016-07-25 | 2024-05-10 | 티비씨에이소프트, 인코포레이티드 | 분산 거래 콘센서스 네트워크 상에서의 디지털 자산 관리 |
CN107666388B (zh) * | 2016-07-28 | 2019-11-01 | 郑珂威 | 基于完全同态加密方法的区块链信息加密方法 |
CN106296138A (zh) * | 2016-08-09 | 2017-01-04 | 西安电子科技大学 | 基于部分盲签名技术的比特币支付系统及其方法 |
US10769600B2 (en) | 2016-09-26 | 2020-09-08 | International Business Machines Corporation | Cryptocurrency transactions using debit and credit values |
CN106548330B (zh) | 2016-10-27 | 2018-03-16 | 上海亿账通区块链科技有限公司 | 基于区块链的交易验证方法及系统 |
CN106549749B (zh) * | 2016-12-06 | 2019-12-24 | 杭州趣链科技有限公司 | 一种基于加法同态加密的区块链隐私保护方法 |
WO2018126065A1 (en) | 2016-12-30 | 2018-07-05 | Intel Corporation | Decentralized data storage and processing for iot devices |
US10275739B2 (en) | 2017-01-05 | 2019-04-30 | International Business Machines Corporation | Tracking assets with a blockchain |
CN106845960B (zh) | 2017-01-24 | 2018-03-20 | 上海壹账通区块链科技有限公司 | 基于区块链的安全交易方法及系统 |
CN106982205B (zh) | 2017-03-01 | 2020-05-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | 基于区块链的数字资产处理方法和装置 |
WO2018165472A1 (en) | 2017-03-08 | 2018-09-13 | Ip Oversight Corporation | System and method for creating commodity asset-secured tokens from reserves |
CN107124278B (zh) | 2017-03-30 | 2021-03-30 | 腾讯科技(深圳)有限公司 | 业务处理方法、装置以及数据共享系统 |
US10270599B2 (en) | 2017-04-27 | 2019-04-23 | Factom, Inc. | Data reproducibility using blockchains |
US20180349894A1 (en) | 2017-05-30 | 2018-12-06 | Christos Patrinos | System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials |
WO2018229631A1 (en) | 2017-06-14 | 2018-12-20 | nChain Holdings Limited | Systems and Methods For Avoiding Or Reducing Cryptographically Stranded Resources On A Blockchain Network |
US20180365688A1 (en) | 2017-06-14 | 2018-12-20 | International Business Machines Corporation | Transaction execution and validation in a blockchain |
US20180365691A1 (en) | 2017-06-15 | 2018-12-20 | KoopaCoin LLC | Identity ledger in crypto currency transactions |
CN107392603B (zh) | 2017-06-26 | 2021-03-16 | 中国人民银行数字货币研究所 | 使用数字货币的交易方法和装置 |
CN107294709A (zh) | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | 一种区块链数据处理方法、装置及系统 |
CN107180353B (zh) * | 2017-06-29 | 2021-04-06 | 飞天诚信科技股份有限公司 | 一种可撤销智能合约交易的实现方法及装置 |
CA3066903A1 (en) | 2017-07-11 | 2019-01-17 | Swirlds, Inc. | Methods and apparatus for efficiently implementing a distributed database within a network |
CN107360001B (zh) | 2017-07-26 | 2021-12-14 | 创新先进技术有限公司 | 一种数字证书管理方法、装置和系统 |
EP3649601A4 (en) | 2017-08-01 | 2020-11-04 | Digital Asset (Switzerland) Gmbh | PROCESS AND APPARATUS FOR AUTOMATIC COMMITTED PAYMENT OF DIGITAL GOODS |
CA3073498A1 (en) | 2017-08-25 | 2019-02-28 | Token Iq, Inc. | Methods and apparatus for value transfer |
CN108418783B (zh) * | 2017-09-01 | 2021-03-19 | 矩阵元技术(深圳)有限公司 | 一种保护区块链智能合约隐私的方法、介质 |
CN107679976B (zh) | 2017-09-28 | 2021-02-12 | 电子科技大学 | 一种基于区块链的拍卖方法 |
WO2019089778A1 (en) * | 2017-10-31 | 2019-05-09 | Jordan Simons | Management of virtual goods in distributed multi-ledger gambling architecture |
CN108021821A (zh) * | 2017-11-28 | 2018-05-11 | 北京航空航天大学 | 多中心区块链交易隐私保护系统及方法 |
CN108418689B (zh) * | 2017-11-30 | 2020-07-10 | 矩阵元技术(深圳)有限公司 | 一种适合区块链隐私保护的零知识证明方法和介质 |
US11257077B2 (en) * | 2017-11-30 | 2022-02-22 | Visa International Service Association | Blockchain system for confidential and anonymous smart contracts |
IL256234A (en) | 2017-12-10 | 2018-01-31 | Kipnis Aviad | Computation using somewhat homomorphic encryption |
US9990504B1 (en) | 2017-12-18 | 2018-06-05 | Northern Trust Corporation | Systems and methods for generating and maintaining immutable digital meeting records within distributed network nodes |
CN108390762B (zh) * | 2017-12-29 | 2020-07-14 | 北京欧链科技有限公司 | 基于区块链的数据筛选方法和装置 |
CN108335106A (zh) * | 2018-01-24 | 2018-07-27 | 深圳壹账通智能科技有限公司 | 基于区块链的零知识多账本兑换转账方法、装置及存储介质 |
CN108711105A (zh) | 2018-05-16 | 2018-10-26 | 四川吉鼎科技有限公司 | 一种基于区块链的安全交易验证方法及系统 |
CN108764874B (zh) | 2018-05-17 | 2021-09-07 | 深圳前海微众银行股份有限公司 | 基于区块链的匿名转账方法、系统及存储介质 |
US11374736B2 (en) | 2018-06-20 | 2022-06-28 | Clemson University | System and method for homomorphic encryption |
CN109034840B (zh) | 2018-07-06 | 2021-04-13 | 北京融链科技有限公司 | 基于清洁能源产生的绿证交易方法和系统 |
US11223485B2 (en) | 2018-07-17 | 2022-01-11 | Huawei Technologies Co., Ltd. | Verifiable encryption based on trusted execution environment |
CN112651740B (zh) | 2018-08-30 | 2024-10-29 | 蚂蚁链技术有限公司 | 区块链交易方法及装置、电子设备 |
CN111213134A (zh) | 2018-09-19 | 2020-05-29 | 因特比有限公司 | 用于使用区块链执行超融合的方法和系统 |
JP6871380B2 (ja) | 2018-12-29 | 2021-05-12 | アドバンスド ニュー テクノロジーズ カンパニー リミテッド | 情報保護のシステム及び方法 |
US10846372B1 (en) * | 2019-12-31 | 2020-11-24 | Onu Technology Inc. | Systems and methods for trustless proof of possession and transmission of secured data |
-
2018
- 2018-09-20 CN CN202010579600.3A patent/CN111833186B/zh active Active
- 2018-09-20 CN CN201811101747.0A patent/CN109584055B/zh active Active
-
2019
- 2019-03-15 TW TW108108831A patent/TWI698115B/zh active
- 2019-08-15 SG SG11202010527UA patent/SG11202010527UA/en unknown
- 2019-08-15 WO PCT/CN2019/100691 patent/WO2020057302A1/zh unknown
- 2019-08-15 EP EP19863433.9A patent/EP3779848B1/en active Active
-
2020
- 2020-10-23 US US17/079,362 patent/US11032077B2/en active Active
-
2021
- 2021-05-11 US US17/317,727 patent/US12021993B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170149563A1 (en) * | 2013-05-29 | 2017-05-25 | International Business Machines Corporation | Method for deriving a verification token from a credential |
CN107833135A (zh) * | 2017-10-30 | 2018-03-23 | 中山大学 | 一种基于区块链的公平电子投票协议 |
CN108009441A (zh) * | 2017-11-23 | 2018-05-08 | 阿里巴巴集团控股有限公司 | 资源转移和资金转移的方法和装置 |
CN109584055A (zh) * | 2018-09-20 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 基于区块链的交易方法、装置和汇出方设备 |
CN109583886A (zh) * | 2018-09-30 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 基于区块链的交易方法、装置和汇出方设备 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3779848A4 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111815322A (zh) * | 2020-06-08 | 2020-10-23 | 北京邮电大学 | 一种基于以太坊的具备可选隐私服务的分布式支付方法 |
CN111815322B (zh) * | 2020-06-08 | 2023-11-07 | 北京邮电大学 | 一种基于以太坊的具备可选隐私服务的分布式支付方法 |
CN112801785A (zh) * | 2021-01-13 | 2021-05-14 | 中央财经大学 | 基于区块链智能合约的公平数据交易方法及装置 |
CN112801785B (zh) * | 2021-01-13 | 2023-10-20 | 中央财经大学 | 基于区块链智能合约的公平数据交易方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
US12021993B2 (en) | 2024-06-25 |
CN111833186A (zh) | 2020-10-27 |
SG11202010527UA (en) | 2020-11-27 |
US20210058253A1 (en) | 2021-02-25 |
US11032077B2 (en) | 2021-06-08 |
EP3779848A4 (en) | 2021-07-14 |
CN109584055A (zh) | 2019-04-05 |
TWI698115B (zh) | 2020-07-01 |
EP3779848A1 (en) | 2021-02-17 |
EP3779848B1 (en) | 2023-03-08 |
US20210281413A1 (en) | 2021-09-09 |
TW202013929A (zh) | 2020-04-01 |
CN111833186B (zh) | 2024-11-01 |
CN109584055B (zh) | 2020-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020057302A1 (zh) | 基于区块链的交易方法、装置和汇出方设备 | |
WO2020063186A1 (zh) | 基于区块链的交易方法、装置和汇出方设备 | |
CN110419053B (zh) | 用于信息保护的系统和方法 | |
TW202019121A (zh) | 使用同態加密的區塊鏈資料保護 | |
TW202008271A (zh) | 區塊鏈交易方法及裝置、電子設備 | |
KR20200079219A (ko) | 일반 계정 모델 및 동형 암호화 기반의 블록 체인 데이터 보호 | |
US12074986B2 (en) | Hash function attacks | |
TW202020711A (zh) | 用於資訊保護的系統和方法 | |
TWI718614B (zh) | 基於區塊鏈的資料處理方法、裝置和伺服器 | |
EP3977673B1 (en) | Blockchain transaction comprising runnable code for hash-based verification | |
US20220263664A1 (en) | Blockchain transaction comprising runnable code for hash-based verification | |
US10554419B2 (en) | Backup and invalidation of authentication credentials | |
WO2020093818A1 (zh) | 基于区块链的数据处理方法、装置和服务器 | |
EP3973661B1 (en) | Knowledge proof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19863433 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019863433 Country of ref document: EP Effective date: 20201028 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |