WO2020114240A1 - 基于零知识证明的智能合约认证数据隐私保护方法及系统 - Google Patents
基于零知识证明的智能合约认证数据隐私保护方法及系统 Download PDFInfo
- Publication number
- WO2020114240A1 WO2020114240A1 PCT/CN2019/119520 CN2019119520W WO2020114240A1 WO 2020114240 A1 WO2020114240 A1 WO 2020114240A1 CN 2019119520 W CN2019119520 W CN 2019119520W WO 2020114240 A1 WO2020114240 A1 WO 2020114240A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- verification
- key
- data
- zero
- generate
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present disclosure relates to the field of blockchain technology, and in particular to a method and system for privacy protection of smart contract authentication data based on zero-knowledge proofs.
- Smart contracts are programs that run on the blockchain, and their execution must be confirmed by consensus.
- the existence of smart contracts enables the blockchain to handle more complex logic than fund transfer.
- the combination of blockchain technology and smart contracts has been applied in many fields: finance, insurance, notarization, real estate, lottery, voting, supply chain, smart grid, medical insurance, Internet of Things, and cloud computing.
- Zero-knowledge proof refers to a method in which the prover knows or possesses a certain message, and can make the verifier believe that a certain conclusion is correct without providing any useful information to the verifier.
- a large number of facts prove that if zero-knowledge proof can be used for data authentication, it will effectively solve many problems.
- the latest technologies for zero-knowledge proofs are zk-SNARKs (zero-knowledge, Succinct, Non-interactive, ARgument, Knowledge), zk-STARKs (zero-knowledge, Scalable, ARguments, Knowledge), Bulletproofs, etc.
- zk-SNARK has been successfully applied to the anonymous digital currency ZeroCash.
- Digital signature is a combination of public key encryption technology and digital digest technology. Digital signatures are equivalent to traditional handwritten signatures in many ways, and have legal significance in some countries. Properly implemented digital signatures are more difficult to forge than handwriting types. In addition, some undeniable digital signature schemes can provide time stamps, even if the private key is leaked, the validity of the signature can be guaranteed.
- the present disclosure provides a smart contract authentication data privacy protection method based on zero-knowledge proofs, which has the guarantee of the privacy and authenticity of the input data, and without the leakage of sensitive information, everyone can Verify the authenticity of the data;
- the first aspect of the present disclosure provides a smart contract authentication data privacy protection method based on zero knowledge proof
- the privacy protection method of smart contract authentication data based on zero-knowledge proof includes:
- Initialization steps Initialize, enter security parameters, and obtain public parameters; the trusted data certification agency DA generates public and private key pairs;
- the key pair generation step taking the common parameters and the verification circuit as input, to generate a key pair, the key pair including a certification key and a verification key;
- Data authentication step use the private key of the trusted data authentication agency DA to sign and authenticate the private data of the user DU of the decentralized application and generate a signature;
- the user DU prover terminal of the decentralized application uses the personal private data as the input value of the verification circuit, and the calculation result and hash value are input into the verification circuit as the output value of the verification circuit;
- the user DU uses the certification key to generate a zero-knowledge certificate;
- Verification steps the verifier uses the verification key to verify whether the zero-knowledge proof is correct; the verification passes to prove that the calculation result is correct, otherwise the calculation result is proved to be wrong; the verifier executes the smart contract based on the verification result.
- the input of the security parameters obtains the public parameters; specifically, it refers to: input the security parameters and obtain the public parameters using the zero-knowledge system ZKP;
- the security parameter refers to the security parameter ⁇ ;
- the use of the zero-knowledge system ZKP to obtain the common parameters refers to: the use of the ZKP.Setup(1 ⁇ ) of the zero-knowledge proof system ZKP to obtain the common parameters pp.
- the generation of the public key and the private key pair by the trusted data certification authority DA means that the trusted data certification authority DA selects a digital signature mechanism to generate the public/private key pair.
- the trusted data certification agency DA publishes the public key.
- the DA trusted certificate authority public key data announced means: the trusted certification authority data DA to (pp, pk a) announced.
- DA trusted data authentication agencies
- the public parameter and the verification circuit are used as input to generate a key pair; where the verification circuit specifically refers to:
- the user's private data needs to meet the conditions, such as the user's health status, income and other private information must meet the given insurance conditions.
- the public parameter and verification circuit are used as input to generate a key pair; specifically, it refers to:
- the zero-knowledge proof system ZKP is run to generate a key pair.
- the public parameter and verification circuit are used as input to generate a key pair; it is completed by a trusted third-party organization or through a trusted process.
- the trusted third-party organization includes but is not limited to digital certificate authentication Centers, national institutions, etc.
- the zero-knowledge proof system ZKP is run to generate a key pair, which is allowed to be generated by multiple trusted agencies or generated by a trusted process.
- the public parameter and verification circuit are used as input to generate a key pair; specifically, it refers to:
- the use of the private key of the trusted data authentication agency DA to sign and authenticate the personal private data of the user DU of the decentralized application and generate a signature; means:
- Trusted data certification agency DA will keep personal private data And the signed private key sk a as input, run DataAuth(sk a , ) Algorithm to sign and authenticate the data and generate a signature ⁇ a .
- the user DU prover terminal of the decentralized application uses the private data as the input value of the verification circuit, and the calculation result and the hash value as the output value of the verification circuit are input into the verification circuit; means:
- Decentralized application user DU prover terminal will private data As the input value of the verification circuit C, the calculation result R and the hash value h are input to the verification circuit C as the output value of the verification circuit C.
- the user DU of the decentralized application generates a certificate; it means that the user DU of the decentralized application executes the zero-knowledge proof system ZKP to generate the certificate.
- the user DU of the decentralized application generates a certificate; it means that the user DU of the decentralized application executes ZKP.Prove(pk, ZKP. R,h) The algorithm generates proof ⁇ .
- the verifier verifies whether the proof is correct; if the verification is passed, it proves that the calculation result is correct; otherwise, it proves that the calculation result is wrong; it means:
- the verifier V runs the Verify(vk,pk a , ⁇ ,R,h, ⁇ a ) algorithm to verify that ⁇ is correct; if it passes, it proves that the calculation result R is correct, otherwise it proves that the calculation result R is wrong.
- the second aspect of the present disclosure provides a smart contract authentication data privacy protection system based on zero knowledge proof
- Smart contract authentication data privacy protection system based on zero-knowledge proof including:
- the initialization module is configured to: input security parameters, perform initialization and obtain public parameters; the trusted data certification authority DA generates public and private key pairs;
- a key pair generation module which is configured to: take a common parameter and a verification circuit as input to generate a key pair, the key pair including a certification key and a verification key;
- the data authentication module is configured to: use the private key of the trusted data authentication agency DA to perform signature authentication and generate a signature on the personal private data of the user DU of the decentralized application;
- Generate a certification module which is configured to: the user DU certifier terminal of the decentralized application uses personal private data as the input value of the verification circuit, and the calculation result and hash value as the output value of the verification circuit are input into the verification circuit; The user DU of the decentralized application uses the proof key to generate a zero-knowledge proof;
- the verification certification module is configured to: the verifier uses the verification key to verify whether the zero-knowledge proof is correct; the verification passes to prove that the calculation result is correct, otherwise the calculation result is proved to be wrong; the verifier executes the smart contract based on the verification result.
- the initialization module of the system further includes:
- the trusted data authentication agency DA constructs a verification circuit according to the calculation tasks required by the decentralized application DApp based on the smart contract.
- the present disclosure also provides an electronic device, including a memory and a processor, and computer instructions stored on the memory and running on the processor.
- the computer instructions are executed by the processor, the first aspect is completed Method steps.
- the present disclosure also provides a computer-readable storage medium for storing computer instructions, which when executed by a processor, completes the steps of the method of the first aspect.
- the technology proposed in this disclosure guarantees the authenticity and privacy of the data of the smart contract, and will not disclose the input data to others, ensuring the authenticity of the input data.
- the present disclosure can be used in various blockchain systems to ensure the authenticity and privacy of data.
- the proof generated by the end user is provided through the blockchain recording service, and any verifier can perform access verification to truly achieve decentralization.
- FIG. 1 is a flow chart of the method of the first embodiment
- FIG. 2 is a schematic structural diagram of a basic verification circuit for authentication data privacy protection according to the first embodiment.
- FIG. 3 is a schematic diagram of a system framework of a smart contract authentication data privacy protection method based on zero-knowledge proof in Embodiment 1.
- FIG. 3 is a schematic diagram of a system framework of a smart contract authentication data privacy protection method based on zero-knowledge proof in Embodiment 1.
- FIG. 4 is a schematic structural diagram of a verification circuit for protecting authentication data privacy protection for outputting plain text in Embodiment 1.
- FIG. 4 is a schematic structural diagram of a verification circuit for protecting authentication data privacy protection for outputting plain text in Embodiment 1.
- FIG. 5 is a schematic structural diagram of a verification circuit for protecting privacy of authentication data to prevent fraud by malicious users according to the first embodiment.
- FIG. 6 is a schematic diagram of a system framework implemented by using Ethereum and zk-SNARKs as an example in Embodiment 1.
- FIG. 6 is a schematic diagram of a system framework implemented by using Ethereum and zk-SNARKs as an example in Embodiment 1.
- Zero Knowledge Proof System Zero Knowledge Proof, ZKP
- Transaction Similar to the transfer transaction of digital currency in Bitcoin, called transaction in this application; a block contains multiple transactions, and the miner runs a consensus algorithm to add the block to the block On the chain.
- Embodiment 1 this embodiment provides a privacy protection method for smart contract authentication data based on zero-knowledge proof
- the privacy protection method of smart contract authentication data based on zero-knowledge proof includes:
- Initialization steps input security parameters, perform initialization and obtain public parameters; trusted data certification authority DA generates public and private key pairs;
- the key pair generation step taking the common parameters and the verification circuit as input, to generate a key pair, the key pair including a certification key and a verification key;
- Data authentication step use the private key of the trusted data authentication agency DA to sign and authenticate the private data of the user DU of the decentralized application and generate a signature;
- the user DU prover terminal of the decentralized application uses the personal private data as the input value of the verification circuit, and the calculation result and hash value are input into the verification circuit as the output value of the verification circuit;
- the user DU uses the certification key to generate a zero-knowledge certificate;
- Verification steps the verifier uses the verification key to verify whether the zero-knowledge proof is correct; the verification passes to prove that the calculation result is correct, otherwise the calculation result is proved to be wrong; the verifier executes the smart contract based on the verification result.
- the privacy protection method of smart contract authentication data based on zero-knowledge proof includes:
- Trusted data certification agency DA Data Authenticator
- decentralized application user DU DApp
- validator V Validator
- smart contract-based decentralized application DApp Decentralized App
- Step (1) Initialization: Enter the safety parameter ⁇ , perform initialization, and use the ZKP.Setup(1 ⁇ ) of the zero-knowledge proof system ZKP to obtain the public parameter pp;
- Step (2) Generate a key pair: take the common parameter pp and the verification circuit C as inputs, run the ZKP.KeyGen(pp,C) algorithm of the zero-knowledge proof system ZKP, and generate a key pair (pk, vk), where the proof The key pk is used to generate the certificate, and the verification key vk is used to verify the certificate;
- the zero-knowledge proof system of step (1) includes:
- the zero-knowledge proof system ZKP (Setup, KeyGen, Prove, Verify) is, but not limited to, zk-SNARKs, zk-STARKs and Bulletproofs;
- ZKP.Setup(1 ⁇ ) is used to initialize the common parameter pp of the zero-knowledge proof system
- ZKP.KeyGen (pp, C) is used to generate the proof key pair (pk, vk), where the proof key pk is used to generate the proof, and the verification key vk is used to verify the proof;
- the common parameter pp is initialized only once, and the common parameter pp is used for ZKP.KeyGen (pp, C) to generate a key pair, and calculation of proof generation and verification.
- ⁇ .KeyGen(1 ⁇ ) is used to initialize the signature algorithm and generate the signature key pair (pk a ,sk a );
- ⁇ .Sign (sk a , data) is used to sign the data data and generate a signature ⁇ a ;
- ⁇ .Verify(pk a ,data, ⁇ a ) is used to verify the signature ⁇ a .
- the calculation task in step (1) includes:
- the decentralized application DApp based on the smart contract constructs an arithmetic equation according to calculation requirements; the user DU of the decentralized application proves to the DApp that the data provided by it meets the equation relationship.
- the decentralized application User DU proves to the decentralized application DApp based on smart contract that he knows that the hash primitive corresponding to h is x 1 ,x 2 ,...,x n ,r,ID,T, but does not report to the smart based
- the decentralized application DApp of the contract leaks x 1 , x 2 ,..., x n and r;
- the same calculation task uses the same verification circuit, and the circuit is repeatable.
- the verification circuit C in step (1) is constructed:
- the calculation result R and the hash value h required by the decentralized application DApp are used as the output of the verification circuit C to prove that the calculation result R required by the decentralized application DApp is indeed Data certified by the trusted data certification agency DA Calculated as input;
- the verification circuit C includes a combination of addition, subtraction, multiplication, division, comparison, or hash calculation, and the form of the combination is determined according to the requirements for verifying the user's private data required by the decentralized application DApp based on the smart contract.
- the key pair (pk, vk) is initialized only once.
- the step (2) taking the public parameter pp and the verification circuit C as input refers to being completed by a trusted third-party organization or a trusted process.
- the DataAuth(sk a of step (3) The specific steps of the algorithm are:
- the trusted data authentication agency DA uses the identity ID of the user DU of the decentralized application and the current time T to input the private of the DU Expand, after expansion, it becomes ( ID,T);
- the trusted data certification authority DA is based on the private key sk a and runs the ⁇ .Sign(sk a ,h) algorithm for extended private input
- the hash value of the generated signature ⁇ a ⁇ .Sign(sk a ,Hash( ⁇ x 1 ,x 2 ,...,x n ,r>
- Hash() includes but is not limited to SHA256 and SHA3 hash functions.
- the calculation result R of the step (4) is a calculation result required by the decentralized application DApp, and this value is input by the private user DU of the decentralized application Calculated in combination with the public correlation coefficient published by the decentralized application DApp.
- Verify the step (5) of the concrete steps (vk, pk a, ⁇ , R, h, ⁇ a) of the algorithm is:
- the verifier V will verify the signed public key pk a , the hash value h and the signature ⁇ a , and enter it into the signature verification algorithm ⁇ .Verify(pk a ,h, ⁇ a ) to verify whether the signature ⁇ a of the hash value h Valid; if invalid, output 0;
- the privacy protection method of smart contract authentication data based on zero-knowledge proof includes:
- Trusted data certification agency DA DataAuthenticator
- smart contract-based decentralized application user DU DApp
- validator V Validator
- smart contract-based decentralized application DApp DecentralizedApp
- the data certification authority is an independent and trusted data source.
- the DA will generate reliable data and use its private key sk a to sign the data of the DApp user DU.
- DA knows when the data is generated and the data owner, but it will never disclose this data to other DApp users DU.
- Each DU DApp user can use the public key pk a corresponding signature verification data.
- the DU needs to take its own private real data as input to obtain the decentralized service provided by the DApp. Due to privacy issues, the DU hopes to protect privacy while enjoying the service.
- the validator V is a blockchain maintainer (miner), used to verify transactions submitted to the blockchain system.
- the verifiers run consensus algorithms to generate new blocks containing verified transactions.
- smart contracts can be executed on the blockchain.
- the decentralized application provides services in the form of smart contracts on the blockchain.
- a decentralized medical insurance plan provides individuals with insurance services in the form of decentralized smart contracts.
- the DApp user DU sends a service request to the DApp (smart contract), which includes the calculation result required by the DApp, the hash value, proof, and signature of the DU private input.
- the verifier V verifies the service request, the DApp provides services for its users.
- the DU takes three vectors as input: the first vector is the private data vector of the DU
- the second vector is the common parameter vector Used to calculate the calculation result R required by the DApp
- the third vector is auxiliary data Among them, ID, T and r are the identity of the DU, time information and random number, and the random number r is used to obfuscate the input of the DU of the DApp user.
- the DU converts three vectors As the input of the verification circuit for authentication data privacy protection, the calculation result R and the hash value h are used as the output of the verification circuit for authentication data privacy protection.
- the calculation result R is necessary for the DApp to perform certain operations, and the hash value h is used for verification Authenticity.
- the zero-knowledge proof system generates a zero-knowledge proof ⁇ for a verification circuit that authenticates data privacy protection.
- the DU sends the following variables to the DApp to verify the correctness of the calculation result: prove ⁇ , vector with Calculation result R, hash value h and digital signature ⁇ a on h.
- the DApp verifies that R is indeed with The result of the calculation, and the hash value h is indeed passed with Calculated to ensure that the same To generate R and h.
- the DApp checks the validity of the signature ⁇ a to ensure that Authenticity.
- the privacy protection method of smart contract authentication data based on zero-knowledge proof is composed of 5 steps, which are described in detail below.
- ZKP.Setup(1 ⁇ ) is used to initialize the common parameter pp of the zero-knowledge proof system;
- ZKP.KeyGen(pp,C) is used to generate the proof key pair (pk,vk), where the proof key pk is used to generate the proof, The verification key vk is used to verify the proof;
- ZKP.Prove(pk, R,h) is used to generate proof ⁇ , prove that the calculation result R is made of real and valid data Calculated;
- ZKP.Verify(vk, ⁇ , R,h) is used to verify the proof ⁇ to judge the data The true validity of the calculation and the correctness of the calculation result R; when the same verification circuit is used in the zero-knowledge proof system, the common parameter pp is initialized only once, and the common parameter pp is used for
- ⁇ .KeyGen(1 ⁇ ) is used to initialize the signature algorithm and generate the signature key pair (pk a ,sk a );
- ⁇ .Sign(sk a ,data) is used to sign the data data and generate the signature ⁇ a ;
- ⁇ .Verify(pk a ,data, ⁇ a ) is used to verify the signature ⁇ a .
- the DApp constructs a circuit according to the requirements of private data verification; the user DU of the decentralized application proves to the decentralized application DApp based on the smart contract that the private data provided by it meets the verification circuit relationship.
- the decentralized application User DU proves to the decentralized application DApp based on smart contract that he knows that the hash primitive corresponding to h is x 1 ,x 2 ,...,x n ,r,ID,T, but does not report to the smart based
- the decentralized application DApp of the contract leaks x 1 , x 2 ,..., x n and r; the same calculation task uses the same verification circuit, and the verification circuit is repeatable.
- the verification circuit C inputs the secret of the DU Common parameter vector And auxiliary data As the input of the verification circuit, the calculation result R and hash value h required by the decentralized application DApp based on the smart contract are output as the verification circuit to prove the calculation required by the decentralized application DApp based on the smart contract
- the result R is indeed the data certified by the trusted data certification agency DA And common parameter vectors It is calculated as input, as shown in FIG. 2; the verification circuit C can perform a combination of addition, subtraction, multiplication, division, comparison, and hash circuits to implement a more complicated verification circuit.
- the trusted third party takes the public parameter pp and the verification circuit C as inputs, runs the ZKP.KeyGen (pp, C) algorithm of the zero-knowledge proof system ZKP, and generates a key pair (pk, vk), which proves The key pk is used to generate the certificate, and the verification key vk is used to verify the certificate.
- the zero-knowledge proof system may be, but not limited to, zk-SNARKs, zk-STARKs, and Bulletproofs; when the same verification circuit is used in the zero-knowledge proof system, the common parameter pp and key pair (pk, vk) Only initialize once.
- the DU requests the DA to obtain its personal data Trusted data certification agency DA will keep personal private data And the signed private key sk a as input, run DataAuth(sk a , ) Algorithm to sign and authenticate the data and generate a signature ⁇ a .
- the DA will verify Authenticity, and will Associated with the ID identification of the DU.
- T); the DA is based on the private key sk a and runs the ⁇ .Sign(sk a ,h) algorithm as Extended private input Generates a signature ⁇ a ⁇ .Sign(sk a ,Hash( ⁇ x 1 ,x 2 ,...,x n ,r>
- D. DApp service request the DU checks DApp rules and obtains public input from the DApp
- the DU gets its private data (Extended with r) and auxiliary input And the calculation result R and hash value h required by the DApp.
- the DU performs ZKP. Prove (pk, ZKP. R,h) algorithm to obtain proof ⁇ .
- the DU sends a service request including ( ⁇ , R, h, ⁇ a ) to the DApp.
- the request will be sent to the blockchain in the form of a transaction (Tx) at the DApp address.
- calculation result R is a calculation result required by the DApp, and the value is entered through the private input of the DU Combined with the public correlation coefficient published by the DApp Calculated.
- each of the validators V runs the corresponding function of the DApp smart contract, which calls Verify(vk,pk a , ⁇ , R,h, ⁇ a ) algorithm. If the output of the verification function is 0, the verifier V will discard the transaction; the output of the verification function is 1, the verifier V executes the DApp with the calculation result R.
- the implementation of DApp depends on the consensus of the verifiers, so only when most of the verifiers accept the certificate can the proof of DApp verification be valid.
- the Verify (vk, pk a, ⁇ , R,h, ⁇ a )
- the specific steps of the algorithm are as follows: the verifier V will input the signature public key pk a , hash value h and signature ⁇ a into the signature verification algorithm ⁇ .Verify(pk a ,h, ⁇ a ), verify whether the signature ⁇ a of the hash value h is valid; if it is invalid, output 0; if valid, continue to use the ZKP.Verify(vk, ⁇ , R,h) Verify that ⁇ is correct. If both verifications are passed, then prove that the calculation result R is correct, otherwise prove that the calculation result R is wrong.
- any DApp with a fixed verification circuit can be executed using the above process based on the zero-knowledge proof technology to protect the privacy of the DU.
- a DApp with a limited cycle can also be realized.
- the complicated calculation verification circuit will cause the cost of the prover (ie DU) to increase.
- the zero-knowledge proof technology no matter how complicated the DApp calculation function is, the calculation cost of the verifier is fixed.
- the verification circuit takes the calculation result R as an output, and it is open to every user.
- a similar zero-knowledge proof algorithm can be used to generate proofs for R without revealing R.
- DU can also pay R amount as a premium to protect output and payment privacy.
- the DA can be constructed to correspond to the verification circuit shown in FIG. 4; the DU uses the ZKP.Prove() algorithm to generate a corresponding verification circuit certificate. Note that the output of the calculation circuit will be used as the input of the payment circuit, so the output of the calculation circuit is hidden from other outputs.
- a security credential scheme should be used to generate the ID of the DU to distinguish the DU.
- the ID identification of the DU can be used as a private input of two SHA256 circuits, as shown in the circuit of FIG. 5.
- the first SHA256 circuit outputs h, which matches the proof of previous insurance payment.
- the second SHA256 circuit outputs h', which must be signed by the DA of the insurance claim.
- the system framework of the smart contract authentication data privacy protection method based on zero-knowledge proofs can be implemented by a combination of three major modules, including a decentralized application DApp based on smart contracts, a zero-knowledge proof module, and a blockchain system.
- the zero-knowledge proof modules may be, but not limited to, zk-SNARKs, zk-STARKs and Bulletproofs.
- the DApp is a smart contract running on the blockchain.
- the blockchain may be but not limited to Ethereum.
- a specific example is the medical insurance plan, which requires a medical report certified by the hospital to register.
- the decentralized application DApp user DU based on smart contract is the person who wants to sign the plan, the data certification agency DA is a trusted hospital, the verifier V is the blockchain maintainer, and the DApp is a decentralized medical insurance smart contract ,As shown in Figure 3.
- the authentication data privacy protection scheme of the medical insurance smart contract is shown in Figure 6. This specific example is used to illustrate the following:
- A. System settings: Enter the safety parameter ⁇ 80, run zk-SNARKs.Setup(1 ⁇ ) to obtain the public parameter pp. Select ECDSA as the selected secure digital signature mechanism.
- a verification circuit C is constructed, as shown in FIG. 2, FIG. 4 or FIG. 5.
- DA runs DataAuth(sk a , )
- DA will verify Authenticity, and will Associated with the ID identification of the DU.
- the DU sends a service request containing ( ⁇ , R, h, ⁇ a ) to the DApp.
- the request will be sent to the blockchain in the form of a transaction (Tx) at the DApp address.
- the compensation amount R will be output through the claim calculation circuit, and the amount will be paid to the DU through the payment circuit, as shown in FIG. 5.
- Embodiment 2 provides a smart contract authentication data privacy protection system based on zero-knowledge proof
- Smart contract authentication data privacy protection system based on zero-knowledge proof including:
- An initialization module which is configured to: initialize, enter security parameters, and obtain public parameters; the trusted data certification authority DA generates public and private key pairs;
- a key pair generation module which is configured to: take a common parameter and a verification circuit as input to generate a key pair, the key pair including a certification key and a verification key;
- the data authentication module is configured to: use the private key of the trusted data authentication agency DA to perform signature authentication and generate a signature on the personal private data of the user DU of the decentralized application;
- Generate a certification module which is configured to: the user DU certifier terminal of the decentralized application uses personal private data as the input value of the verification circuit, and the calculation result and hash value as the output value of the verification circuit are input into the verification circuit; The user DU of the decentralized application uses the proof key to generate a zero-knowledge proof;
- the verification certification module is configured to: the verifier uses the verification key to verify whether the zero-knowledge proof is correct; the verification passes to prove that the calculation result is correct, otherwise the calculation result is proved to be wrong; the verifier executes the smart contract based on the verification result.
- Embodiment 3 also provides an electronic device, including a memory and a processor, and computer instructions stored on the memory and running on the processor. When the computer instructions are executed by the processor, the first embodiment is completed. Describe the steps of the method.
- Embodiment 4 This embodiment also provides a computer-readable storage medium for storing computer instructions. When the computer instructions are executed by a processor, the steps of the method in Embodiment 1 are completed.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了基于零知识证明的智能合约认证数据隐私保护方法及系统,进行初始化,输入安全参数,获得公共参数;可信数据认证机构DA生成公钥和私钥对;将公共参数和验证电路作为输入,生成密钥对,密钥对包括证明密钥和验证密钥;利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;用户DU使用证明密钥生成零知识证明;验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
Description
本公开涉及区块链技术领域,特别是涉及基于零知识证明的智能合约认证数据隐私保护方法及系统。
本部分的陈述仅仅是提高了与本公开相关的背景技术,并不必然构成现有技术。
随着加密货币比特币的空前成功,区块链技术飞速发展,引领了互联网领域一次新的技术浪潮。作为一个无中心服务器的分布式系统,区块链不依赖于任何一方的正确执行。一旦被记录在区块链上,就无法再对其进行更改,这种不可篡改性保证了区块链上交易的完整性,从而建立信任关系。
智能合约是在区块链上运行的程序,其执行必须通过共识来确认。智能合约的存在,使区块链能够处理比资金转移更复杂的逻辑。区块链技术与智能合约相结合,已经应用于许多领域:金融,保险,公证,房地产,彩票,投票,供应链,智能电网,医疗保险,物联网和云计算等。
当区块链应用于实际场景以实现智能合约的自动执行时,与现实世界交互是不可避免的。区块链上的智能合约需要从现实世界中获取一些信息作为输入,以便计算结果,按照预先确定的规则执行。然而,并非所有从现实世界到智能合约的输入都可以对外公开。例如,医疗保险的智能合约需要将被保险人的年龄,职业,性别和体检报告作为输入。出于对隐私的保护,这些数据不能对外公开。另一方面,即使医疗保险使用联盟链维护,并对其采用访问控制机制来防止隐私泄露,个人医疗信息仍然会泄露给维护联盟链的节点。从本质上讲,这类问题即如何在不泄露任何隐私的情况下将经过认证的真实数据提供给区块链上的智能合约,保证发送到区块链的数据的隐私性和真实性,显得至关重要。
零知识证明,就是指证明者知道或拥有某一消息,在不向验证者提供任何有用的信息的情况下,能够使验证者相信某个论断是正确的一种方法。大量事实证明,如果能够将零知识证明用于数据认证,将会有效解决许多问题。相应地,目前零知识证明的最新技术有zk-SNARKs(zero-knowledge Succinct Non-interactive ARgument of Knowledge),zk-STARKs(zero-knowledge Scalable Transparent ARguments of Knowledge),Bulletproofs等。其中,zk-SNARK已经成功应用到匿名数字货币ZeroCash中。
数字签名是公钥加密技术与数字摘要技术相结合的应用。数字签名在许多方面等同于传统的手写签名,在一些国家已具有法律意义。正确实现的数字签名比手写类型更难以伪造。此外,一些不可否认数字签名方案能够提供时间戳,即使私钥泄露,也能保证签名的有效性。
发明内容
为了解决现有技术的不足,本公开提供了基于零知识证明的智能合约认证数据隐私保护方法,其具有保证输入数据的隐私性和真实性,在不泄漏敏感信息的情况下,每个人都可以验证数据的真实性;
本公开第一方面提供了基于零知识证明的智能合约认证数据隐私保护方法;
基于零知识证明的智能合约认证数据隐私保护方法,包括:
初始化步骤:进行初始化,输入安全参数,获得公共参数;可信数据认证机构DA生成公钥和私钥对;
密钥对生成步骤:将公共参数和验证电路作为输入,生成密钥对,所述密钥对包括证明密钥和验证密钥;
数据认证步骤:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;
生成证明步骤:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;
验证证明步骤:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
进一步地,所述输入安全参数,获得公共参数;具体是指:输入安全参数,利用零知识系统ZKP获得公共参数;
进一步地,所述安全参数,是指安全参数λ;
进一步地,所述利用零知识系统ZKP获得公共参数,是指:利用零知识证明系统ZKP的ZKP.Setup(1
λ)获得公共参数pp。
进一步地,所述可信数据认证机构DA生成公钥和私钥对,是指可信数据认证机构DA选取数字签名机制生成公钥/私钥对。所述可信数据认证机构DA将公钥对外公布。
进一步地,所述可信数据认证机构DA生成公钥和私钥对,是指可信数据认证机构DA选取数字签名机制Π=(KeyGen,Sign,Verify),运行Π.KeyGen生成公钥/私钥对(pk
a,sk
a)。
进一步地,所述可信数据认证机构DA将公钥对外公布,是指:所述可信数据认证机构DA将(pp,pk
a)对外公布。
可信数据认证机构DA允许有多个,即用户的私密数据由不同的DA进行认证,并产生签名。
进一步地,所述将公共参数和验证电路作为输入,生成密钥对;其中验证电路具体是指:
用户的私密数据需要满足的条件,比如用户的健康状况、收入等私密信息需满足给定的投保条件。
进一步地,所述将公共参数和验证电路作为输入,生成密钥对;具体是指:
将公共参数和验证电路作为输入,运行零知识证明系统ZKP,生成密钥对。
进一步地,所述将公共参数和验证电路作为输入,生成密钥对;是由可信第三方机构或通过可信的过程来完成,所述可信第三方机构,包括但不限于数字证书认证中心、国家机构等。
将公共参数和验证电路作为输入,运行零知识证明系统ZKP,生成密钥对,该密钥对允许由多个可信机构共同产生,或者采用可信的过程生成。
进一步地,所述将公共参数和验证电路作为输入,生成密钥对;具体是指:
将公共参数pp和验证电路C作为输入,运行零知识证明系统ZKP的ZKP.KeyGen(pp,C)算法,生成密钥对(pk,vk),其中证明密钥pk用于生成证明,验证密钥vk用于验证证明。
进一步地,所述利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;是指:
进一步地,所述去中心化应用的用户DU证明者终端将私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;是指:
进一步地,去中心化应用的用户DU生成证明;是指:去中心化应用的用户DU执行零知识证明系统ZKP,生成证明。
进一步地,所述验证者验证证明是否正确;验证通过则证明计算结果是正确的,否则证 明计算结果是错误的;是指:
验证者V运行Verify(vk,pk
a,π,R,h,σ
a)算法,验证证明π是否正确;验证通过则证明计算结果R是正确的,否则证明计算结果R是错误的。
本公开第二方面提供了基于零知识证明的智能合约认证数据隐私保护系统;
基于零知识证明的智能合约认证数据隐私保护系统,包括:
初始化模块,其被配置为:输入安全参数,进行初始化并获得公共参数;可信数据认证机构DA生成公钥和私钥对;
密钥对生成模块,其被配置为:将公共参数和验证电路作为输入,生成密钥对,所述密钥对包括证明密钥和验证密钥;
数据认证模块,其被配置为:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;
生成证明模块,其被配置为:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;
验证证明模块,其被配置为:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
进一步地,所述系统的初始化模块还包括:
所述可信数据认证机构DA根据基于智能合约的去中心化应用DApp所需的计算任务,构建验证电路。
第三方面,本公开还提供了一种电子设备,包括存储器和处理器以及存储在存储器上并在处理器上运行的计算机指令,所述计算机指令被处理器运行时,完成第一方面所述方法的步骤。
第四方面,本公开还提供了一种计算机可读存储介质,用于存储计算机指令,所述计算机指令被处理器执行时,完成第一方面所述方法的步骤。
与现有技术相比,本公开的有益效果是:
1、本公开所提出的技术,保证智能合约的数据真实性和隐私,并且不会向其他人泄露输入数据,确保输入数据的真实有效性。
2、本公开可以用于各种区块链系统,以确保数据的真实性和隐私性。
3、本公开中通过区块链记录服务提供端用户产生的证明,任何验证者都可以进行访问验证,真正实现去中心化。
构成本申请的一部分的说明书附图用来提供对本申请的进一步理解,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。
图1为实施例一的方法流程图;
图2为实施例一认证数据隐私保护的基本验证电路结构示意图。
图3为实施例一基于零知识证明的智能合约认证数据隐私保护方法的系统框架示意图。
图4为实施例一保护明文输出的认证数据隐私保护的验证电路结构示意图。
图5为实施例一防止恶意用户欺诈的认证数据隐私保护的验证电路结构示意图。
图6为实施例一以太坊和zk-SNARKs为例实现的系统框架示意图。
应该指出,以下详细说明都是例示性的,旨在对本申请提供进一步的说明。除非另有指明,本文使用的所有技术和科学术语具有与本申请所属技术领域的普通技术人员通常理解的相同含义。
需要注意的是,这里所使用的术语仅是为了描述具体实施方式,而非意图限制根据本申请的示例性实施方式。如在这里所使用的,除非上下文另外明确指出,否则单数形式也意图包括复数形式,此外,还应当理解的是,当在本说明书中使用术语“包含”和/或“包括”时,其指明存在特征、步骤、操作、器件、组件和/或它们的组合。
术语解释:
零知识证明系统(Zero Knowledge Proof,ZKP);
事务(Transaction,Tx):类似于比特币中数字货币的转账交易,在本申请中称为事务(transaction);一个区块中包含多个事务,由矿工运行共识算法将区块添加到区块链上。
实施例一,本实施例提供了基于零知识证明的智能合约认证数据隐私保护方法;
如图1所示,基于零知识证明的智能合约认证数据隐私保护方法,包括:
初始化步骤:输入安全参数,进行初始化并获得公共参数;可信数据认证机构DA生成公钥和私钥对;
密钥对生成步骤:将公共参数和验证电路作为输入,生成密钥对,所述密钥对包括证明密钥和验证密钥;
数据认证步骤:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;
生成证明步骤:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入 值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;
验证证明步骤:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
具体的,基于零知识证明的智能合约认证数据隐私保护方法,包括:
可信数据认证机构DA(Data Authenticator),去中心化应用的用户DU(DApp User),验证者V(Validator)以及基于智能合约的去中心化应用DApp(Decentralized App);
步骤(1):初始化:输入安全参数λ,进行初始化,利用零知识证明系统ZKP的ZKP.Setup(1
λ)获得公共参数pp;
所述可信数据认证机构DA选取数字签名机制Π=(KeyGen,Sign,Verify),运行Π.KeyGen生成公钥/私钥对(pk
a,sk
a);
所述可信数据认证机构DA将(pp,pk
a)对外公布;
步骤(2):生成密钥对:将公共参数pp和验证电路C作为输入,运行零知识证明系统ZKP的ZKP.KeyGen(pp,C)算法,生成密钥对(pk,vk),其中证明密钥pk用于生成证明,验证密钥vk用于验证证明;
步骤(4):生成证明:去中心化应用的用户DU证明者终端将私密数据
作为验证电路C的输入值,将计算结果R和哈希值h作为验证电路C的输出值,输入到验证电路C中;所述去中心化应用的用户DU执行零知识证明系统ZKP的ZKP.Prove(pk,
R,h)算法生成证明π;
步骤(5):验证证明:验证者V运行Verify(vk,pk
a,π,R,h,σ
a)算法,验证证明π是否正确;验证通过则证明计算结果R是正确的,否则证明计算结果R是错误的。
作为一些可能的实现方式,所述步骤(1)的零知识证明系统,包括:
所述零知识证明系统ZKP=(Setup,KeyGen,Prove,Verify),是但不局限于zk-SNARKs,zk-STARKs和Bulletproofs;
ZKP.Setup(1
λ)用于初始化零知识证明系统的公共参数pp;
ZKP.KeyGen(pp,C)用于生成证明密钥对(pk,vk),其中证明密钥pk用于生成证明,验证密钥vk用于验证证明;
所述零知识证明系统中使用相同验证电路的情况下,公共参数pp仅初始化一次,所述公共参数pp用于ZKP.KeyGen(pp,C)生成密钥对,以及证明生成和验证的计算。
作为一些可能的实现方式,所述步骤(1)中所述可信数据认证机构DA选取数字签名机制Π=(KeyGen,Sign,Verify),是但不局限于ECDSA和RSA;
Π.KeyGen(1
λ)用于初始化签名算法,生成签名密钥对(pk
a,sk
a);
Π.Sign(sk
a,data)用于对数据data进行签名,并产生签名σ
a;
Π.Verify(pk
a,data,σ
a)用于对签名σ
a进行验签。
作为一些可能的实现方式,所述步骤(1)的计算任务,包括:
所述基于智能合约的去中心化应用DApp根据计算需求,构造算术等式;所述去中心化应用的用户DU向所述DApp证明其提供的数据满足等式关系。
假设所述基于智能合约的去中心化应用DApp所需的计算任务为等式h=Hash(<x
1,x
2,…,x
n,r>|ID|T),所述去中心化应用的用户DU向所述基于智能合约的去中心化应用DApp证明自己知道h对应的哈希原象为x
1,x
2,…,x
n、r、ID、T,而不向所述基于智能合约的去中心化应用DApp泄露x
1,x
2,…,x
n和r;
相同的计算任务使用同一个验证电路,电路具有可重复性。
作为一些可能的实现方式,所述步骤(1)的构建验证电路C:
将所述去中心化应用的用户DU的私密输入
作为验证电路C的输入,将所述去中心化应用DApp所需的计算结果R和哈希值h作为验证电路C的输出,以证明所述去中心化应用DApp所需的计算结果R确实是由所述可信数据认证机构DA认证的数据
作为输入计算而来;
所述验证电路C包括加、减、乘、除、比较或哈希计算的组合,组合的形式根据基于智能合约的去中心化应用DApp所需验证用户私密数据的要求来决定。
作为一些可能的实现方式,所述步骤(2)的零知识证明系统在使用相同验证电路的情况下,密钥对(pk,vk)仅初始化一次。
作为一些可能的实现方式,所述步骤(2)将公共参数pp和验证电路C作为输入是指由可信第三方机构或可信过程来完成。
所述可信数据认证机构DA基于私钥sk
a,运行Π.Sign(sk
a,h)算法,为扩展的私密输入
的哈希值生成签名σ
a=Π.Sign(sk
a,Hash(<x
1,x
2,…,x
n,r>|ID|T));
所述哈希运算函数Hash()包括但不局限于SHA256、SHA3哈希函数。
作为一些可能的实现方式,所述步骤(4)的计算结果R为所述去中心化应用DApp所需的计算结果,该数值通过所述去中心化应用的用户DU的私密输入
结合所述去中心化应用DApp对外公布的公共相关系数计算得到。
作为一些可能的实现方式,所述步骤(5)的Verify(vk,pk
a,π,R,h,σ
a)算法的具体步骤为:
验证者V将验证签名的公钥pk
a,哈希值h和签名σ
a,输入到签名验证算法Π.Verify(pk
a,h,σ
a)中,验证哈希值h的签名σ
a是否有效;如果无效,则输出0;
如果有效,则继续利用零知识证明系统ZKP的ZKP.Verify(vk,π,R,h)验证证明π是否正确,如果验证均通过,则证明计算结果R是正确的,否则证明计算结果R是错误的。
基于零知识证明的智能合约认证数据隐私保护方法,包括:
可信数据认证机构DA(Data Authenticator),基于智能合约的去中心化应用的用户DU(DApp User),验证者V(Validator)以及基于智能合约的去中心化应用DApp(Decentralized App)。
所述数据认证机构(DA)是一个独立且可信的数据源。所述DA将生成可靠的数据并使用其私钥sk
a为DApp用户DU的数据进行签名。此外,DA知道数据生成的时间以及数据所有者,但它绝不会将此数据透露给其他DApp用户DU。每个DApp用户DU都可以使用相应的公钥pk
a验证数据的签名。
所述DU需要将自己的私密的真实数据作为输入,以获取由DApp提供的去中心化服务。由于隐私问题,所述DU希望在享受服务的同时保护隐私。
所述验证者V(Validator)是区块链维护者(矿工),用于验证提交给区块链系统的事务。所述验证者们通过运行共识算法来生成包含已验证事务的新区块。同样,智能合约可以在区块链上执行。
所述去中心化应用程序(DApp)在区块链上以智能合约的形式提供服务。例如,一种去中心化的医疗保险计划,以去中心化的智能合约方式为个人提供保险服务。
所述DApp用户DU向所述DApp(智能合约)发送服务请求,其中包含所述DApp所需的计算结果、所述DU私密输入的哈希值、证明和签名。所述验证者V对服务请求进行验证通过后,所述DApp为其用户提供服务。
所述DU将三个向量作为输入:第一个向量是所述DU的私密数据向量
第二个向量是公共参数向量
用于计算DApp所需的计算结果R,第三个向量是辅助数据
其中ID,T和r是所述DU的身份标识,时间信息和随机数,随机数r用于混淆所述DApp用户DU的输入。
进一步地,所述DU将三个向量
作为认证数据隐私保护的验证电路的输入,计算结果R和哈希值h作为认证数据隐私保护的验证电路的输出。所述计算结果R是所述DApp执行某些操作所必需的,所述哈希值h则用于验证
的真实性。
进一步地,所述零知识证明系统为认证数据隐私保护的验证电路生成零知识证明π。所述DU向所述DApp发送以下变量验证计算结果的正确性:证明π,向量
和
计算结果R,哈希值h以及h上的数字签名σ
a。所述DApp验证R确实是
和
计算的结果,而哈希值h确实是通过
和
计算得到的,以保证使用相同的
来生成R和h。所述DApp检查签名σ
a的有效性,以确保
真实性。
所述基于零知识证明的智能合约认证数据隐私保护方法由5个步骤组成,详细说明如下。
A、系统设置:输入安全参数λ,利用零知识证明系统ZKP的ZKP.Setup(1
λ)获得公共参数pp。所述DA选取安全的数字签名机制Π=(KeyGen,Sign,Verify),生成公钥/私钥对(pk
a,sk
a);所述DA将(pp,pk
a)对外公布;所述DA根据DApp所需的计算任务,构建验证电路C。
进一步地,所述零知识证明系统ZKP=(Setup,KeyGen,Prove,Verify),是但不局限于zk-SNARKs,zk-STARKs和Bulletproofs。ZKP.Setup(1
λ)用于初始化零知识证明系统的公共参数pp;ZKP.KeyGen(pp,C)用于生成证明密钥对(pk,vk),其中证明密钥pk用于生成证明,验证密钥vk用于验证证明;ZKP.Prove(pk,
R,h)用于生成证明π,证明计算结果R是由真实有效的数据
计算所得;ZKP.Verify(vk,π,
R,h)用于验证证明π以判断数据
的真实有效性和计算结果R的正确性;所述零知识证明系统中使用相同验证电路的情况下,公共参数pp仅初始化一次,所述公共参数pp用于ZKP.KeyGen(pp,C)生成密钥对,以及证明生成和验证的计算。
进一步地,所述DA选取的安全数字签名机制Π=(KeyGen,Sign,Verify),可以是但不局 限于ECDSA和RSA。Π.KeyGen(1
λ)用于初始化签名算法,生成签名密钥对(pk
a,sk
a);Π.Sign(sk
a,data)用于对数据data进行签名,并产生签名σ
a;Π.Verify(pk
a,data,σ
a)用于对签名σ
a进行验签。
进一步地,所述DApp根据私密数据验证需求,构造电路;所述去中心化应用的用户DU向所述基于智能合约的去中心化应用DApp证明其提供的私密数据满足验证电路关系。假设所述基于智能合约的去中心化应用DApp所需的验证条件为等式h=Hash(<x
1,x
2,…,x
n,r>|ID|T),所述去中心化应用的用户DU向所述基于智能合约的去中心化应用DApp证明自己知道h对应的哈希原象为x
1,x
2,…,x
n、r、ID、T,而不向所述基于智能合约的去中心化应用DApp泄露x
1,x
2,…,x
n和r;相同的计算任务使用同一个验证电路,验证电路具有可重复性。
进一步地,所述验证电路C将所述DU的私密输入
公共参数向量
和辅助数据
作为验证电路输入,将所述基于智能合约的去中心化应用DApp所需的计算结果R和哈希值h作为验证电路输出,以证明所述基于智能合约的去中心化应用DApp所需的计算结果R确实是由所述可信数据认证机构DA认证的数据
和公共参数向量
作为输入计算而来,如图2所示;所述验证电路C可以进行加、减、乘、除、比较和哈希电路的组合,实现更加复杂的验证电路。
B、密钥生成:可信第三方将公共参数pp和验证电路C作为输入,运行零知识证明系统ZKP的ZKP.KeyGen(pp,C)算法,生成密钥对(pk,vk),其中证明密钥pk用于生成证明,验证密钥vk用于验证证明。
进一步地,所述零知识证明系统可以是但不局限于zk-SNARKs,zk-STARKs和Bulletproofs;零知识证明系统中使用相同验证电路的情况下,公共参数pp和密钥对(pk,vk)仅初始化一次。
C、数据生成和认证:根据DApp的要求,所述DU向所述DA请求以获得其个人数据
可信数据认证机构DA将个人私密数据
和签名私钥sk
a作为输入,运行DataAuth(sk
a,
)算法,对数据进行签名认证并产生签名σ
a。根据DataAuth算法,所述DA将验证
的真实性,并且将
与所述DU的ID标识相关联。
进一步地,所述DataAuth(sk
a,
)算法的具体步骤为:所述DA利用所述DU的身份ID和当前时间T,将所述DU的私密输入
进行扩展;所述DA将扩展的私密输入
进行哈希运算,获得h=Hash(x
1,x
2,…,x
n,r|ID|T);所述DA基于私钥sk
a,运行Π.Sign(sk
a,h)算法,为扩展的私密输入
的哈希值生成签名σ
a=Π.Sign(sk
a,Hash(<x
1,x
2,…,x
n,r>|ID|T));所述哈希运算函数Hash()可以是但不局限于SHA256、SHA3等哈希函数。
D、DApp服务请求:所述DU检查DApp规则并从所述DApp获取公共输入
所述DU获取其私密的数据
(用r扩展)和辅助输入
以及所述DApp所需的计算结果R和哈希值h。所述DU执行零知识证明系统的ZKP的ZKP.Prove(pk,
R,h)算法以获得证明π。所述DU向所述DApp发送包含(π,R,h,σ
a)的服务请求。所述请求将以DApp地址的事务(Tx)的形式发送到区块链上。
E、DApp服务响应:接收到服务请求后,每个所述验证者V都运行DApp智能合约的相应功能,该功能调用Verify(vk,pk
a,π,
R,h,σ
a)算法。如果验证函数的输出为0,所述验证者V将丢弃此事务;验证函数的输出为1,所述验证者V用计算结果R执行DApp。执行DApp取决于验证者们的共识,因此只有当大多数验证者接受证明时,才能证明DApp验证的证明是有效的。
进一步地,所述Verify(vk,pk
a,π,
R,h,σ
a)算法的具体步骤为:所述验证者V将验证签名的公钥pk
a,哈希值h和签名σ
a,输入到签名验证算法Π.Verify(pk
a,h,σ
a)中,验证哈希值h的签名σ
a是否有效;如果无效,则输出0;如果有效,则继续利用零知识证明系统ZKP的ZKP.Verify(vk,π,
R,h)验证证明π是否正确,如果验证均通过,则证明计算结果R是正确的,否则证明计算结果R是错误的的。
进一步地,任何具有固定验证电路的DApp都可以使用基于零知识证明技术的上述过程来执行,以保护DU的隐私。从理论上讲,也可以实现有限循环的DApp。复杂的计算验证电路将导致证明者(即DU)的成本增高。根据零知识证明技术,无论DApp计算功能有多复杂,验证者的计算成本都是固定的。
进一步地,由于所述验证电路将计算结果R作为输出,并且对每个用户都是公开的。为了隐藏明文输出R,可以使用类似的零知识证明算法为R产生证明而不公开R。同时,DU还可以支付R金额作为保费,以保护输出和支付隐私。所述DA可以构造对应于图4所示验证电路;所述DU使用ZKP.Prove()算法产生对应相应的验证电路证明。注意,计算电路的输出将作为支付电路的输入,因此计算电路输出对其他输出是隐藏的。
进一步地,为防止恶意DU使用他人的数据作为自己的数据。应该使用安全凭证方案来生成所述DU的ID,以区分所述DU。所述DU的ID标识可以作为两个SHA256电路的私密输入, 如图5电路所示。第一个SHA256电路输出h,它匹配先前的保险费用支付的证明。第二个SHA256电路输出h',h'必须由保险索赔的DA签名。
进一步地,所述基于零知识证明的智能合约认证数据隐私保护方法的系统框架可由三大模块组合实现,包括基于智能合约的去中心化应用DApp、零知识证明模块以及区块链系统。所述零知识证明模块可以是但不局限于zk-SNARKs,zk-STARKs和Bulletproofs。所述DApp是在区块链上运行的智能合约。所述区块链可以是但不局限于以太坊Ethereum。
为了更清楚地阐述本公开,一个具体实例是医疗保险计划,该方案需要借助医院认证的医疗报告才能注册报名。基于智能合约的去中心化应用DApp用户DU是想要签署该计划的人,数据认证机构DA是受信任的医院,验证者V是区块链维护者,DApp是去中心化的医疗保险智能合约,如图3所示。以以太坊和zk-SNARKs为例的医疗保险智能合约的认证数据隐私保护方案,如图6所示。以下通过该具体实例进行阐述:
A、系统设置:输入安全参数λ=80,运行zk-SNARKs.Setup(1
λ)以获得公共参数pp。选取ECDSA作为选取的安全数字签名机制。此外,DA拥有一个签名机制的公钥/私钥对(pk
a,sk
a)=(0x6044c69f…,{0x225bf5a8…,0x5f18…,…})。DU从DA获得唯一的ID=0x957a…=(149,122,…)。
B、密钥生成:根据DApp所需的计算任务,构建验证电路C,如图2、图4或图5所示。可信第三方将公共参数pp和验证电路C作为输入,运行zk-SNARKs.KeyGen(pp,C)算法,输出用于证明生成的证明密钥pk={{(0x1c4d…,0x453c…),(0x2ab2…,0x4710…),…},{(0x42ae…,0x637b…),(0x9285…,0x2b4c…),…},{(0xc021…,0x375f…),(0x753c…,0x538a…),…},{(0x412a…,0x3409…),(0x832b…,0x4096…),…},{(0x2ef1…,0xab37…),(0x3cd6…,0x232c…),…}},以及用于证明验证的验证密钥vk={(0x973c…,0x2f99…),(0x6fed…,0x2bd3…),(0xca7a…,0x205a…),(0xf24f…,0x1c81…),(0x20c7…,0x2553…),(0x2bf8…,0x1cae…),(0xbaaa…,0x1086…),{(0xd445…,0x3030…),(0x10ab…,0x1c7e…),…}}。
C、数据生成和认证:根据基于智能合约的去中心化应用DApp的要求,假定个人数据的形式为(年龄、身高、体重、血压、心率、肺活量、随机数),则DU将自己的个人数据进行打包,向DA请求以获得其个人数据
其中,DU的个人隐私数据为:年龄36岁、身高177cm、体重65kg、血压(105mmHg,70mmHg)、心率75次、肺活量3800ml=(14,216)、随机数r=0x8cb48d1b…=(140,180, 141,27,…);另外,DU的身份ID=0x957a…=(149,122,…)和当前时间T=20180901=(1,51,239,165)。DA运行DataAuth(sk
a,
)算法产生签名σ
a=0x96f3ba163366bfac687b…,该签名作用在
DU的身份ID和当前时间T的哈希值上。根据DataAuth算法,DA将验证
的真实性,并且将
与所述DU的ID标识相关联。
D、DApp服务请求:DU检查DApp规则并从DApp获取公共输入
DU获取其私密的数据
(用r=(140,180,141,27,…)扩展)和辅助输入
以及DApp所需的计算结果R=3244=10×36+2×177+7×65+8×(105+70)+9×70和哈希值
DU执行zk-SNARKs.Prove(pk,
R,h)算法以获得证明π={(2057…,2644…),(3920…,1382…),(1519…,8915…),(9716…,1262…),(1832…,1834…),(1917…,1050…),(2052…,1082…),(1840…,5570…)}。DU向DApp发送包含(π,R,h,σ
a)的服务请求。该请求将以DApp地址的事务(Tx)的形式发送到区块链上。
E、DApp服务响应:接收到服务请求后,每个验证者V都运行DApp智能合约的相应功能,该功能调用Verify(vk,pk
a,π,
R,h,σ
a)算法。若验证函数的输出为1,则验证者V用计算结果R=3244执行DApp,通过支付电路扣除等量金额,如图4所示,同时为DU提供相应的保险计划服务。
DU注册DApp医疗保险并支付保费后,若后期发生理赔,则DU需要证明身份以进行索赔。通过索赔计算电路将输出补偿金额R,该金额将通过支付电路支付给DU,如图5所示。
实施例二,提供了基于零知识证明的智能合约认证数据隐私保护系统;
基于零知识证明的智能合约认证数据隐私保护系统,包括:
初始化模块,其被配置为:进行初始化,输入安全参数,获得公共参数;可信数据认证机构DA生成公钥和私钥对;
密钥对生成模块,其被配置为:将公共参数和验证电路作为输入,生成密钥对,所述密钥对包括证明密钥和验证密钥;
数据认证模块,其被配置为:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;
生成证明模块,其被配置为:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;
验证证明模块,其被配置为:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
实施例三,本实施例还提供了一种电子设备,包括存储器和处理器以及存储在存储器上并在处理器上运行的计算机指令,所述计算机指令被处理器运行时,完成实施例一所述方法的步骤。
实施例四,本实施例还提供了一种计算机可读存储介质,用于存储计算机指令,所述计算机指令被处理器执行时,完成实施例一所述方法的步骤。
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。
Claims (10)
- 基于零知识证明的智能合约认证数据隐私保护方法,其特征是,包括:初始化步骤:输入安全参数,获得公共参数;可信数据认证机构DA生成公钥和私钥对;密钥对生成步骤:将公共参数和验证电路作为输入,生成密钥对;所述密钥对包括证明密钥和验证密钥;数据认证步骤:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;生成证明步骤:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;验证证明步骤:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
- 如权利要求1所述的方法,其特征是,所述输入安全参数,获得公共参数;具体是指:输入安全参数,利用零知识系统ZKP获得公共参数。
- 如权利要求1所述的方法,其特征是,所述可信数据认证机构DA生成公钥和私钥对,是指可信数据认证机构DA选取数字签名机制生成公钥/私钥对,所述可信数据认证机构DA将公钥对外公布。
- 如权利要求1所述的方法,可信数据认证机构DA允许有多个,即用户的私密数据由不同的DA进行认证,并产生签名。
- 如权利要求1所述的方法,其特征是,所述将公共参数和验证电路作为输入,生成密钥对;具体是指:将公共参数和验证电路作为输入,运行零知识证明系统ZKP,生成密钥对。
- 如权利要求1所述的方法,其特征是,运行零知识证明系统ZKP,生成密钥对,该密钥对允许由多个可信机构共同产生,或者采用可信的过程生成。
- 如权利要求1所述的方法,其特征是,去中心化应用的用户DU生成证明;是指:去中心化应用的用户DU执行零知识证明系统ZKP,生成证明。
- 基于零知识证明的智能合约认证数据隐私保护系统,其特征是,包括:初始化模块,其被配置为:进行初始化,输入安全参数,获得公共参数;可信数据认证机构DA生成公钥和私钥对;密钥对生成模块,其被配置为:将公共参数和验证电路作为输入,生成密钥对,所述密钥对包括证明密钥和验证密钥;数据认证模块,其被配置为:利用可信数据认证机构DA的私钥对去中心化应用的用户DU的个人私密数据,进行签名认证并产生签名;生成证明模块,其被配置为:去中心化应用的用户DU证明者终端将个人私密数据作为验证电路的输入值,将计算结果和哈希值作为验证电路的输出值,输入到验证电路中;去中心化应用的用户DU使用证明密钥生成零知识证明;验证证明模块,其被配置为:验证者使用验证密钥验证零知识证明是否正确;验证通过则证明计算结果是正确的,否则证明计算结果是错误的;验证者基于验证结果执行智能合约。
- 一种电子设备,其特征是,包括存储器和处理器以及存储在存储器上并在处理器上运行的计算机指令,所述计算机指令被处理器运行时,完成权利要求1-7任一项方法所述的步骤。
- 一种计算机可读存储介质,其特征是,用于存储计算机指令,所述计算机指令被处理器执行时,完成权利要求1-7任一项方法所述的步骤。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/057,758 US11411737B2 (en) | 2018-12-06 | 2019-11-19 | Zero knowledge proof-based privacy protection method and system for authenticated data in smart contract |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811487845.2 | 2018-12-06 | ||
CN201811487845.2A CN109614820A (zh) | 2018-12-06 | 2018-12-06 | 基于零知识证明的智能合约认证数据隐私保护方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020114240A1 true WO2020114240A1 (zh) | 2020-06-11 |
Family
ID=66007357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/119520 WO2020114240A1 (zh) | 2018-12-06 | 2019-11-19 | 基于零知识证明的智能合约认证数据隐私保护方法及系统 |
Country Status (3)
Country | Link |
---|---|
US (1) | US11411737B2 (zh) |
CN (2) | CN109614820A (zh) |
WO (1) | WO2020114240A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113469827A (zh) * | 2021-07-23 | 2021-10-01 | 电子科技大学 | 一种基于混合智能合约的保险理赔装置及方法 |
CN113794567A (zh) * | 2021-09-13 | 2021-12-14 | 上海致居信息科技有限公司 | 一种sha256哈希算法零知识证明电路的合成加速方法及装置 |
CN114793228A (zh) * | 2022-03-29 | 2022-07-26 | 上海万向区块链股份公司 | 基于零知识证明防止商户作恶的数据源筛选方法和系统 |
WO2022234324A1 (en) * | 2021-05-04 | 2022-11-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Zero knowledge proof of smart contract computation using private input |
Families Citing this family (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109614820A (zh) | 2018-12-06 | 2019-04-12 | 山东大学 | 基于零知识证明的智能合约认证数据隐私保护方法 |
CN110321735B (zh) * | 2019-04-29 | 2021-04-13 | 山东工商学院 | 基于零知识证明的业务办理方法、系统及存储介质 |
CN110311782B (zh) * | 2019-04-29 | 2020-04-14 | 山东工商学院 | 个人信息的零知识证明方法、系统及存储介质 |
GB201907395D0 (en) * | 2019-05-24 | 2019-07-10 | Nchain Holdings Ltd | Knowledge proof |
CN110489393A (zh) * | 2019-07-08 | 2019-11-22 | 深圳壹账通智能科技有限公司 | 违约信息查询方法、装置、计算机设备和存储介质 |
CN111163069A (zh) * | 2019-12-18 | 2020-05-15 | 内蒙古大学 | 一种基于区块链的物联网用户隐私保护方法 |
WO2020098838A2 (en) | 2020-02-03 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Blockchain-based trustable gurantees |
SG11202012925RA (en) | 2020-02-03 | 2021-01-28 | Alipay Hangzhou Inf Tech Co Ltd | Blockchain-based trustable guarantees |
CN113826134B (zh) | 2020-02-03 | 2024-05-28 | 支付宝(杭州)信息技术有限公司 | 基于区块链的可信保函 |
WO2020098833A2 (en) * | 2020-02-03 | 2020-05-22 | Alipay (Hangzhou) Information Technology Co., Ltd. | Blockchain-based trustable gurantees |
SG11202012924WA (en) | 2020-02-03 | 2021-01-28 | Alipay Hangzhou Inf Tech Co Ltd | Blockchain-based trustable guarantees |
SG11202013137TA (en) | 2020-02-03 | 2021-01-28 | Alipay Hangzhou Inf Tech Co Ltd | Blockchain-based trustable guarantees |
CN111373694B (zh) * | 2020-02-21 | 2023-05-02 | 香港应用科技研究院有限公司 | 零知识证明硬件加速器及其方法 |
CN111428268B (zh) * | 2020-03-24 | 2022-08-02 | 山东大学 | 基于区块链的v2g交易隐私保护方法、设备及系统 |
CN111966976A (zh) * | 2020-07-22 | 2020-11-20 | 复旦大学 | 一种基于零知识证明与区块链的匿名调查方法 |
CN111882743A (zh) * | 2020-07-23 | 2020-11-03 | 浙江永旗区块链科技有限公司 | 匿名投票统计方法及系统 |
CN111950021A (zh) * | 2020-07-31 | 2020-11-17 | 南京航空航天大学 | 一种智能合约的数据馈赠中隐私泄露问题的解决方法 |
CN111931209B (zh) * | 2020-08-18 | 2024-03-22 | 金网络(北京)数字科技有限公司 | 基于零知识证明的合同信息验证方法及装置 |
CN112035889B (zh) * | 2020-09-03 | 2023-11-28 | 平安壹钱包电子商务有限公司 | 计算外包的区块链隐私验证方法、装置及计算机设备 |
CN112118253B (zh) * | 2020-09-16 | 2023-04-28 | 北方工业大学 | 一种基于区块链的云服务日志匿名系统及匿名方法 |
CN112016114B (zh) * | 2020-10-31 | 2021-03-16 | 腾讯科技(深圳)有限公司 | 基于加密货币的智能合约生成方法、相关设备及存储介质 |
CN112347495B (zh) * | 2020-11-15 | 2023-05-26 | 北京物资学院 | 一种基于区块链的可信隐私智能服务计算系统及方法 |
CN112765268B (zh) * | 2020-12-31 | 2022-11-04 | 杭州趣链科技有限公司 | 基于区块链的数据隐私保护方法、装置及设备 |
CN112801659B (zh) * | 2021-01-25 | 2024-09-03 | 矩阵元技术(深圳)有限公司 | 基于智能合约的隐私交易处理方法、装置及存储介质 |
CN112436940B (zh) * | 2021-01-27 | 2021-04-30 | 电子科技大学 | 一种基于零知识证明的物联网设备可信启动管理方法 |
CN113139204B (zh) * | 2021-01-27 | 2022-09-30 | 东南数字经济发展研究院 | 一种利用零知识证明和洗牌算法的医疗数据隐私保护方法 |
CN113032800A (zh) * | 2021-02-22 | 2021-06-25 | 北京航空航天大学 | 一种基于零知识证明的链上自动执行智能合约中间件系统 |
CN112989415B (zh) * | 2021-03-23 | 2022-03-15 | 广东工业大学 | 一种基于区块链的隐私数据存储与访问控制方法及系统 |
CN112948789B (zh) * | 2021-04-20 | 2023-03-28 | 北京优品三悦科技发展有限公司 | 身份认证方法及装置、存储介质及电子设备 |
CN113162938B (zh) * | 2021-04-26 | 2023-10-10 | 电子科技大学 | 一种基于区块链的抗后门攻击的公共参数产生方法 |
CN113253975A (zh) * | 2021-04-27 | 2021-08-13 | 西安电子科技大学 | 大数模幂运算的算法加速方法、系统、介质、设备及应用 |
CN113326535B (zh) * | 2021-06-01 | 2022-05-17 | 支付宝(杭州)信息技术有限公司 | 一种信息验证方法及装置 |
CN113411384B (zh) * | 2021-06-10 | 2022-09-27 | 华中科技大学 | 针对物联网数据安全共享过程中隐私保护的系统及方法 |
CN113393238B (zh) * | 2021-06-16 | 2023-04-14 | 福建师范大学 | 一种保护隐私的智能合约模型及其实现方法 |
CN113515782B (zh) * | 2021-06-18 | 2024-05-28 | 北京工业大学 | 一种基于区块链与零知识证明的个人轨迹证明方法 |
CN113507373B (zh) * | 2021-06-30 | 2023-05-26 | 北京优品三悦科技发展有限公司 | 一种基于隐私保护的身份认证数据建模方法、设备和系统 |
CN113328863B (zh) * | 2021-08-03 | 2021-11-02 | 北京电信易通信息技术股份有限公司 | 一种基于零知识证明的移动设备数据采集方法及系统 |
US11954226B2 (en) * | 2021-08-17 | 2024-04-09 | International Business Machines Corporation | Verifiable privacy preserving computation |
CN113673893A (zh) * | 2021-08-27 | 2021-11-19 | 杭州协能科技股份有限公司 | 退役动力电池管理方法及系统 |
EP4427397A2 (en) * | 2021-11-05 | 2024-09-11 | Pqcee Pte Ltd | Method and system for protecting digital signatures |
CN113783705A (zh) * | 2021-11-12 | 2021-12-10 | 北京华云安信息技术有限公司 | 密钥的零知识证明方法、验证端、设备以及存储介质 |
CN114186248B (zh) * | 2021-11-13 | 2022-08-05 | 云南财经大学 | 基于区块链智能合约的零知识证明可验证凭证数字身份管理系统及方法 |
CN113890768A (zh) * | 2021-11-22 | 2022-01-04 | 京东方科技集团股份有限公司 | 设备认证方法和系统、物联网设备和认证服务器 |
CN114257381B (zh) * | 2021-12-21 | 2023-11-21 | 四川启睿克科技有限公司 | 基于零知识证明的良品率计算方法 |
CN114374554B (zh) * | 2021-12-30 | 2024-08-27 | 杭州趣链科技有限公司 | 区块链隐私保护方法、电子设备及计算机可读存储介质 |
CN114760067B (zh) * | 2022-03-30 | 2023-09-12 | 西安电子科技大学 | 一种用零知识证明的区块链群智感知系统隐私安全保护方法 |
CN114499900B (zh) * | 2022-04-18 | 2022-07-12 | 杭州费尔斯通科技有限公司 | 基于零知识证明的区块链隐私数据共享方法 |
US12033762B2 (en) * | 2022-04-28 | 2024-07-09 | Huawei Technologies Co., Ltd. | Method of non-interactive zero-knowledge crowd verifiable digital contact tracing |
CN114938280A (zh) * | 2022-05-24 | 2022-08-23 | 中国科学技术大学 | 一种基于非交互零知识证明与智能合约的认证方法及系统 |
CN115567214B (zh) * | 2022-08-24 | 2024-08-30 | 深圳市沃享科技有限公司 | 智能合约的执行方法、装置、终端设备及计算机介质 |
CN115801285B (zh) * | 2022-12-02 | 2023-07-21 | 北京国脉互联信息科技有限公司 | 基于零知识证明的政策申请方法、系统及计算机存储介质 |
CN115801288B (zh) * | 2023-01-10 | 2023-04-18 | 南方科技大学 | 一种基于区块链和零知识证明的验证方法、系统及设备 |
WO2024155134A1 (en) * | 2023-01-19 | 2024-07-25 | Samsung Electronics Co., Ltd. | Method and electronic device for communication in blockchain network |
CN115860750B (zh) * | 2023-02-27 | 2023-05-30 | 国网江西省电力有限公司信息通信分公司 | 一种电动汽车电力交易身份认证隐私保护方法 |
CN116506845B (zh) * | 2023-06-19 | 2023-09-15 | 暨南大学 | 一种隐私保护的车联网群智感知激励方法及系统 |
CN117240438B (zh) * | 2023-11-10 | 2024-04-26 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | 基于零知识证明的神经网络输出结果产权证明方法及装置 |
CN118350046A (zh) * | 2024-05-09 | 2024-07-16 | 广东技术师范大学 | 一种可拓展区块链的智能电网的数据隐私保护方法 |
CN118573469A (zh) * | 2024-07-30 | 2024-08-30 | 湖南天河国云科技有限公司 | 密态外包模型训练场景下的计算完整性验证方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120089494A1 (en) * | 2010-10-08 | 2012-04-12 | Microsoft Corporation | Privacy-Preserving Metering |
CN108418689A (zh) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | 一种适合区块链隐私保护的零知识证明方法和介质 |
CN108418783A (zh) * | 2017-09-01 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | 一种保护区块链智能合约隐私的方法、介质 |
CN108898490A (zh) * | 2018-06-25 | 2018-11-27 | 北京奇虎科技有限公司 | 智能合约的执行方法、节点、系统、电子设备及存储介质 |
CN109614820A (zh) * | 2018-12-06 | 2019-04-12 | 山东大学 | 基于零知识证明的智能合约认证数据隐私保护方法 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8151333B2 (en) * | 2008-11-24 | 2012-04-03 | Microsoft Corporation | Distributed single sign on technologies including privacy protection and proactive updating |
JP6041864B2 (ja) * | 2011-04-29 | 2016-12-14 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | データの暗号化のための方法、コンピュータ・プログラム、および装置 |
FR3018378A1 (fr) * | 2014-03-12 | 2015-09-11 | Enrico Maim | Systeme et procede transactionnels a architecture repartie fondees sur des transactions de transferts d'unites de compte entre adresses |
WO2017090041A1 (en) * | 2015-11-24 | 2017-06-01 | Ben-Ari Adi | A system and method for blockchain smart contract data privacy |
CN107274184A (zh) * | 2017-05-11 | 2017-10-20 | 上海点融信息科技有限责任公司 | 基于零知识证明的区块链数据处理 |
CN107911216B (zh) * | 2017-10-26 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | 一种区块链交易隐私保护方法及系统 |
CN108389046B (zh) * | 2018-02-07 | 2020-08-28 | 西安交通大学 | 一种电子商务中基于区块链技术的隐私保护交易方法 |
US11032068B2 (en) * | 2018-06-29 | 2021-06-08 | International Business Machines Corporation | Leakage-deterring encryption for message communication |
MX2019008738A (es) * | 2018-12-21 | 2019-09-09 | Alibaba Group Holding Ltd | Proteccion de datos de cadenas de bloques basada en modelo de cuenta generica y cifrado homomorfico. |
-
2018
- 2018-12-06 CN CN201811487845.2A patent/CN109614820A/zh active Pending
-
2019
- 2019-11-19 US US17/057,758 patent/US11411737B2/en active Active
- 2019-11-19 WO PCT/CN2019/119520 patent/WO2020114240A1/zh active Application Filing
- 2019-11-19 CN CN201911134323.9A patent/CN110781521B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120089494A1 (en) * | 2010-10-08 | 2012-04-12 | Microsoft Corporation | Privacy-Preserving Metering |
CN108418783A (zh) * | 2017-09-01 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | 一种保护区块链智能合约隐私的方法、介质 |
CN108418689A (zh) * | 2017-11-30 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | 一种适合区块链隐私保护的零知识证明方法和介质 |
CN108898490A (zh) * | 2018-06-25 | 2018-11-27 | 北京奇虎科技有限公司 | 智能合约的执行方法、节点、系统、电子设备及存储介质 |
CN109614820A (zh) * | 2018-12-06 | 2019-04-12 | 山东大学 | 基于零知识证明的智能合约认证数据隐私保护方法 |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022234324A1 (en) * | 2021-05-04 | 2022-11-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Zero knowledge proof of smart contract computation using private input |
CN113469827A (zh) * | 2021-07-23 | 2021-10-01 | 电子科技大学 | 一种基于混合智能合约的保险理赔装置及方法 |
CN113469827B (zh) * | 2021-07-23 | 2023-04-18 | 电子科技大学 | 一种基于混合智能合约的保险理赔装置及方法 |
CN113794567A (zh) * | 2021-09-13 | 2021-12-14 | 上海致居信息科技有限公司 | 一种sha256哈希算法零知识证明电路的合成加速方法及装置 |
CN113794567B (zh) * | 2021-09-13 | 2024-04-05 | 上海致居信息科技有限公司 | 一种sha256哈希算法零知识证明电路的合成加速方法及装置 |
CN114793228A (zh) * | 2022-03-29 | 2022-07-26 | 上海万向区块链股份公司 | 基于零知识证明防止商户作恶的数据源筛选方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
US20210297255A1 (en) | 2021-09-23 |
CN109614820A (zh) | 2019-04-12 |
US11411737B2 (en) | 2022-08-09 |
CN110781521B (zh) | 2021-03-30 |
CN110781521A (zh) | 2020-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020114240A1 (zh) | 基于零知识证明的智能合约认证数据隐私保护方法及系统 | |
CN111971930B (zh) | 适于提高即时离线区块链交易安全性的计算机实现的系统和方法 | |
US11449819B2 (en) | Blockchain-based authentication and authorization | |
US10846663B2 (en) | Systems and methods for securing cryptocurrency purchases | |
EP3962020B1 (en) | Information sharing methods and systems | |
US20240333510A1 (en) | System and method for an electronic identity brokerage | |
US20190164153A1 (en) | Blockchain system for confidential and anonymous smart contracts | |
CN111108732A (zh) | 用于确定数字资产交易所的偿付能力的方法、系统和计算机程序产品 | |
Wan et al. | Zk-AuthFeed: Protecting data feed to smart contracts with authenticated zero knowledge proof | |
UA128523C2 (uk) | Спосіб генерування транзакції блокчейну і спосіб перевірки дійсності блока блокчейну | |
CN112487468B (zh) | 基于区块链的可追踪的完全匿名电子投票方法及系统 | |
Biryukov et al. | Privacy-preserving KYC on Ethereum | |
Lee et al. | Sims: Self sovereign identity management system with preserving privacy in blockchain | |
CN113347008B (zh) | 一种加法同态加密的贷款信息存储方法 | |
LU93150B1 (en) | Method for providing secure digital signatures | |
CN115702560A (zh) | 认证第一人的公共密钥 | |
EP3883204B1 (en) | System and method for secure generation, exchange and management of a user identity data using a blockchain | |
CN111950021A (zh) | 一种智能合约的数据馈赠中隐私泄露问题的解决方法 | |
CN111062833A (zh) | 一种合同数据的签名认证方法及相关装置 | |
US20240187238A1 (en) | System and method for zero-knowledge facial recognition | |
Gunasinghe | Privacy Enhancing Techniques for Digital Identity Management | |
Hableel et al. | Public key infrastructure for UAE: A case study | |
Rahman | Sancus: Cryptographic Audits for Virtual Currency Institutions | |
He et al. | CrowdChain: A privacy-preserving crowdfunding system based on blockchain and PUF | |
Xue | Privacy-Preserving and Regulation-Enabled Mechanisms for Blockchain-based Financial Services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19892502 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19892502 Country of ref document: EP Kind code of ref document: A1 |