WO2021046668A1 - Blockchain system, information transmission method, system and apparatus, and computer medium - Google Patents

Blockchain system, information transmission method, system and apparatus, and computer medium Download PDF

Info

Publication number
WO2021046668A1
WO2021046668A1 PCT/CN2019/104853 CN2019104853W WO2021046668A1 WO 2021046668 A1 WO2021046668 A1 WO 2021046668A1 CN 2019104853 W CN2019104853 W CN 2019104853W WO 2021046668 A1 WO2021046668 A1 WO 2021046668A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
value
sub
blockchain
elliptic curve
Prior art date
Application number
PCT/CN2019/104853
Other languages
French (fr)
Chinese (zh)
Inventor
李武璐
张骁
辛佳骏
陈磊
Original Assignee
深圳市网心科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市网心科技有限公司 filed Critical 深圳市网心科技有限公司
Priority to CN201980059452.8A priority Critical patent/CN112789824B/en
Priority to PCT/CN2019/104853 priority patent/WO2021046668A1/en
Publication of WO2021046668A1 publication Critical patent/WO2021046668A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to the technical field of information security, in particular to a blockchain system and information transmission methods, systems, devices, and computer media.
  • Blockchain gains users’ attention by virtue of its decentralized, non-tamperable, and traceable advantages. Pay attention.
  • Blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc. It is an important concept of Bitcoin.
  • Blockchain is essentially a decentralized
  • the database as the underlying technology of Bitcoin at the same time, is a series of data blocks related to the use of cryptographic methods. Each data block contains a batch of Bitcoin network transaction information to verify the validity of the information ( Anti-counterfeiting) and generate the next block.
  • the main purpose of this application is to provide a blockchain system, information transmission method, system, device, and computer-readable storage medium, which aims to solve the technical problem of improving the supervisability of the blockchain system.
  • the present application provides a blockchain information transmission method, which is applied to a target blockchain node in a blockchain system, the blockchain system further includes a supervisory node, and the method includes:
  • the encrypted group element includes a cipher group element obtained by calculating a first random number and the discrete cipher group generator based on a preset format, and the first The random number is a trapdoor generated and saved by the supervisory node;
  • the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
  • the node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
  • the blockchain system further includes a verification blockchain node, and after generating a signature public key based on the elliptic curve group element and the one-time signature private key according to the preset format and publishing it, include:
  • target data based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the pair of the one-time signature public key Performing a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the target data;
  • said generating a traceable and linkable public key for traceability and linkability based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key and the one-time signature private key includes:
  • the traceable and linkable ring signature is generated based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key Public key
  • the first calculation formula includes:
  • i represents the label of the target blockchain node
  • PK i represents the traceable and linkable public key for the target blockchain node to sign the traceable and linkable ring
  • g represents the elliptic curve group generator ; Represents the UPK generated last time
  • h represents the elliptic curve group element
  • x i represents the ring signature private key of the target blockchain node
  • a i represents the one-time signature private key of the target blockchain node key
  • the elliptic curve group generator based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key Perform a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the data, including:
  • a preset number of other blockchain nodes are selected, and a ring signature public key is generated based on the public key of the other blockchain node and the public key of the target blockchain node through a second calculation formula, the preset number N-1, n is an integer greater than or equal to 2;
  • the ordinary ring signature result is signed once based on the one-time signature private key, the ring signature public key, and the one-time signature public key to obtain a signature result;
  • the target data, the ordinary ring signature result, and the one-time signature result as the traceable and linkable ring signature result;
  • the second calculation formula includes:
  • the third calculation formula includes:
  • the fourth calculation formula includes:
  • L represents the public key of the ring signature; when 1 ⁇ j ⁇ n-1, and j ⁇ i, x j represents the ring signature private key of the other blockchain node, and a j represents the other blockchain
  • A represents the ordinary ring signature result;
  • SIG represents the ring signature algorithm;
  • m represents the target data;
  • represents the one-time signature result;
  • OSIG represents the one-time signature algorithm;
  • OPK represents the one-time signature public key key key.
  • the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
  • the node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
  • the verification result and the first random number determine the target value.
  • the method further includes:
  • the verification blockchain node Publish the verification result of the numerical traceable interval to the verification blockchain node, so that the verification blockchain node can verify the verification result of the numerical traceable interval and the numerical verification result, and pass the verification Afterwards, the result of the traceable interval of the numerical value is shown on the chain.
  • the calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the commitment value includes:
  • the commitment value calculation formula includes:
  • c represents the commitment value
  • y represents the second random number
  • b represents the target value
  • the splitting the target value into sub-target values according to a preset split format, and splitting the second random number into sub-second random numbers corresponding to the sub-target value includes :
  • the first splitting formula includes:
  • the second splitting formula includes:
  • b i represents the i-th sub-target value
  • v represents the total number of the sub-target values
  • the value of b i is 0 or 1
  • y i represents the i-th sub-target value corresponding to the The second random number.
  • the calculation of the first commitment value and the second commitment value of each of the sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element includes :
  • the first commitment value and the first commitment value of each sub-target value and the corresponding sub-second random number are calculated based on the elliptic curve group generator and the elliptic curve group element.
  • the fifth operation formula includes:
  • c i represents the i-th first commitment value
  • c′ i represents the i-th second commitment value
  • the calculating and publishing the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element includes:
  • the sixth operation formula includes:
  • TK′ i represents the i-th numerical verification result
  • the calculating the sub-public key of each of the sub-target values based on the first commitment value, the second commitment value, and the value verification result of each of the sub-target values includes:
  • the seventh operation formula includes:
  • PK′ i (c i ,c′ i ,TK′ i , ⁇ (c i ,c′ i ,TK′ i )); where PK′ i represents the i-th said child public key; ⁇ (c i ,c′ i ,TK′ i ) represents the zero-knowledge proof result of the legitimacy of TK′ i;
  • the calculating the sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key and the sub-second random number of each of the sub-target values includes:
  • the eighth operation formula includes:
  • ⁇ i SIG(PK' i ,y i ,c); where ⁇ i represents the i-th sub-ring signature result.
  • the preset format includes ⁇ ⁇ , ⁇ represents a password group element, and ⁇ represents a random number.
  • the block chain information transmission method provided by the present application is applied to a verification block chain node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
  • the one-time signature public key already exists in the blockchain system, output abnormal information, if the one-time signature public key does not exist in the blockchain system, then obtain the target blockchain node Traceable and linkable ring signature results of published data;
  • means zero-knowledge proof
  • g means generator of elliptic curve group
  • h represents the elliptic curve group element
  • x i represents the ring signature private key of the target blockchain node
  • a i represents the primary signature private key of the target blockchain node
  • it also includes:
  • the block chain information transmission method provided by the present application is applied to a supervisory node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
  • the preset format includes ⁇ ⁇ , ⁇ represents a cipher group element, and ⁇ represents a random number.
  • the method further includes:
  • the second operation value corresponding to the first commitment value is calculated by the first random number, and it is determined whether the second operation value is the same as the numerical value. If the verification results are equal, determine that the value of the sub-target value corresponding to the first commitment value is 0, if not, determine that the value of the sub-target value of the first commitment value is 1;
  • the target value is determined based on the sub-target value.
  • this application further provides a blockchain information transmission system, which is applied to a target blockchain node in a blockchain system, the blockchain system further includes a supervisory node, and the system includes:
  • the first obtaining module is configured to obtain a predetermined discrete cipher group generator and an encrypted group element, where the encrypted group element includes a cipher group element obtained by calculating a first random number and the initial cipher group based on a preset format, And the first random number is a trapdoor generated and saved by the supervisory node;
  • the first processing module is configured to process its own private data based on the discrete cipher group generator and the encrypted group element according to the preset format, and publish the corresponding processing result to the blockchain, So that the supervision node can supervise the target blockchain node and/or the private data based on the processing result and the first random number.
  • the present application further provides a blockchain information transmission device, the device includes a memory and a processor, the memory stores a blockchain information transmission program that can run on the processor, so When the blockchain information transmission program is executed by the processor, the method described above is implemented.
  • the present application further provides a computer-readable storage medium having a blockchain information transmission program stored on the computer-readable storage medium, and the blockchain information transmission program can be used by one or more processors Execute to realize the block chain information transmission method as described above.
  • this application further provides a blockchain system, including ordinary blockchain nodes and supervisory nodes;
  • the ordinary blockchain node is used to execute any one of the blockchain information transmission methods applied to the target blockchain node as described above;
  • the supervisory node is used to execute any one of the above-mentioned blockchain information transmission methods applied to the supervisory node.
  • it also includes verifying the blockchain node
  • the verification blockchain node is used to execute any one of the above-mentioned blockchain information transmission methods applied to the verification blockchain node.
  • the block chain information transmission method provided in this application is applied to a target block chain node to obtain a predetermined discrete cryptographic group generator and an encrypted group element.
  • the encrypted group element includes the first random number and the discrete number based on a preset format.
  • the cryptographic group element obtained after the cryptographic group generator operation, and the first random number is the trapdoor generated and saved by the supervisory node; according to the preset format, the private data of its own is processed based on the discrete cryptographic group generator and the encrypted group element, And publish the corresponding processing result to the blockchain, so that the supervisory node can supervise the target blockchain node and/or private data based on the processing result and the first random number.
  • the target blockchain node processes its own private data based on the obtained discrete cipher group generators and encryption group elements in accordance with the preset format, realizes the encryption processing of its own private data, and protects its own private data. Security, and the corresponding processing results are released to the blockchain. Since the encrypted group elements are based on the preset format on the first random number and the discrete cipher group generators, the cipher group elements are obtained, so the calculation results and the encrypted group elements There is format consistency between the two, so the supervisory node can perform identity supervision and/or privacy data supervision on the target blockchain node through the discrete password group generator, the encrypted group element and the first random number, which improves the privacy protection of the blockchain system. Supervisable.
  • the blockchain system, information transmission system, device, and computer-readable storage medium provided by this application also solve the corresponding technical problems.
  • FIG. 1 is a schematic structural diagram of a blockchain system 10 provided by an embodiment of the application.
  • FIG. 2 is a schematic flowchart of the first embodiment of the application
  • FIG. 3 is a schematic flowchart of a second embodiment of this application.
  • Figure 4 is a schematic diagram of the process of identity tracking of target blockchain nodes by supervisory nodes
  • FIG. 5 is a schematic flowchart of a third embodiment of this application.
  • FIG. 6 is a schematic structural diagram of a blockchain information transmission system disclosed in an embodiment of the application.
  • FIG. 7 is a schematic diagram of the internal structure of a blockchain information transmission device disclosed in an embodiment of the application.
  • FIG. 1 is a schematic structural diagram of a blockchain system 10 provided by an embodiment of the application.
  • the blockchain system 10 includes a supervisory node 11, a verification blockchain node 12, and a normal blockchain node 13.
  • the number of supervisory nodes 11, a verification blockchain node 12, and a normal blockchain node 13 can be Determined according to actual needs.
  • the ordinary blockchain node 13 sends information, it becomes the target blockchain node described in this application.
  • the blockchain information transmission method provided in this application involves the target blockchain node transmitting information, verifying that the blockchain node verifies the information accordingly, and deciding whether to upload the information to the chain, and the supervisory node to perform the information on the chain. Supervise these three processes. Below, this application describes the blockchain information transmission method provided by this application from the three perspectives of the target blockchain node, the verification blockchain node, and the supervisory node.
  • FIG. 1 is a schematic flowchart of a first embodiment of this application.
  • a blockchain information transmission method provided in this application, applied to a target blockchain node may include the following steps:
  • Step S101 Obtain a predetermined discrete cipher group generator and an encrypted group element.
  • the encrypted group element includes a cipher group element obtained by calculating a first random number generated based on a preset format and the discrete cipher group generator, and the first random number The number is a trapdoor generated and saved by the supervisory node.
  • the supervisory node can first obtain the predetermined discrete cipher group generator, and then generate the first random number, and finally calculate the first random number and the discrete cipher group generator according to the preset format to obtain the encrypted group element; After that, the supervisory node saves the first random number as a trapdoor, and publishes the encrypted group element to the blockchain system, so that the blockchain node in the blockchain system can compare itself based on the discrete password group generator and the encrypted group element.
  • the private data is processed.
  • the discrete cryptographic group generators can be generated by supervisory nodes and passed by the consensus of the blockchain, or generated by other devices receiving the privacy protection blockchain and passed by consensus; the types of supervisory nodes in this application can be based on actual conditions.
  • the supervisory node can be a bank node connected to the blockchain system, a financial management node connected to the blockchain system, etc.; the target blockchain node can be any blockchain node in the blockchain system .
  • the type of the discrete cipher group can be determined according to specific application scenarios.
  • the type of the discrete cipher group can be an elliptic curve group.
  • the supervisory node can also only be responsible for generating the first random number, and the blockchain can then use external security components to generate discrete cryptographic group generators and encrypted group elements.
  • the discrete cryptographic group generator can be an elliptic curve group generator.
  • the encryption group element may be an elliptic curve group element, which is obtained by the external security component processing the first random number and the discrete cipher group generator according to a preset format.
  • Step S102 According to the preset format, process its own private data based on the discrete cipher group generator and the encrypted group element, and publish the corresponding processing result to the blockchain, so that the supervisory node can be based on the processing result and the first random Data supervises the target blockchain node and/or private data on the blockchain.
  • the type of private data transmitted by the target blockchain node can be determined according to actual needs. For example, it can be the data to be transmitted, the value to be transmitted, etc., and the target blockchain node publishes the processing result to the blockchain.
  • the conditions can be determined according to actual needs.
  • the target blockchain node can publish the processing results to the blockchain when it conducts transactions.
  • the format of the preset format can also be determined according to actual needs.
  • the preset format can include ⁇ ⁇ , where ⁇ represents a cipher group element, that is, a discrete cipher group generator or an encrypted group element, and ⁇ represents a random number.
  • the block chain information transmission method provided in this application is applied to a target block chain node to obtain a predetermined discrete cryptographic group generator and an encrypted group element.
  • the encrypted group element includes the first random number and the discrete number based on a preset format.
  • the cryptographic group element obtained after the cryptographic group generator operation, and the first random number is the trapdoor generated and saved by the supervisory node; according to the preset format, the private data of its own is processed based on the discrete cryptographic group generator and the encrypted group element, And publish the corresponding processing result to the blockchain, so that the supervisory node can supervise the target blockchain node and/or private data based on the processing result and the first random number.
  • the target blockchain node processes its own private data based on the obtained discrete cipher group generators and encryption group elements in accordance with the preset format, realizes the encryption processing of its own private data, and protects its own private data. Security, and publish the corresponding operation result to the blockchain.
  • the encrypted group element is the cipher group element obtained by calculating the first random number and the discrete cipher group generator based on the preset format, the operation result and the encrypted group element
  • the supervisory node can perform identity supervision and/or privacy data supervision on the target blockchain node through the discrete password group generator, the encrypted group element and the first random number, which improves the privacy protection of the blockchain system. Supervisable.
  • FIG. 2 is a schematic flowchart of a second embodiment of this application.
  • a discrete cryptographic group is taken as an example of an elliptic curve group.
  • the blockchain information transmission method provided in this application is applied to a target blockchain node, in order to realize that the supervisory node compares the target blockchain node For the tracking and supervision of identity, the following steps can be performed:
  • Step S201 Obtain the elliptic curve group generator and the elliptic curve group element announced by the supervisory node.
  • the elliptic curve group element includes the curve group element obtained after the supervisory node calculates the generated first random number and the elliptic curve group generator based on a preset format. .
  • the supervisory node can first select the generator of the elliptic curve group, and then generate the first random number, and finally calculate the first random number and the generator of the elliptic curve group according to the preset format to obtain the elliptic curve group element;
  • the regulatory node saves the first random number as a trapdoor, and publishes the elliptic curve group generator and the elliptic curve group element to the blockchain system, so that the blockchain node in the blockchain system is based on the elliptic curve group generator and
  • the elliptic curve group element processes the target data.
  • the type of supervision node in this application can be determined according to actual needs.
  • the supervision node can be a bank node connected to the blockchain system, a financial management node connected to the blockchain system, etc.
  • the target blockchain Node refers to the blockchain node used to transmit information in the blockchain system.
  • Step S202 Generate a signature private key once, according to a preset format, generate a signature public key based on the elliptic curve group element and a signature private key and publish it.
  • the target blockchain node after the target blockchain node obtains the elliptic curve group generator and the elliptic curve group element, it can generate a signature private key, such as generating a random number as a signature private key, etc. It should be pointed out that when generating the first signature At the same time as the private key, it is also necessary to generate the ring signature private key, and according to the preset format, generate the first signature public key based on the elliptic curve group element and the one-time signature private key and publish it, such as when it is signed, so that the supervisory node and All other blockchain nodes in the blockchain system can obtain the one-time signature public key of the target blockchain node, so that they can interact with the target blockchain node based on the one-time signature public key. In this process, since the one-time signature private key is generated by the target blockchain node itself, the one-time signature private key only belongs to the target blockchain, which ensures the security of the private key of the target blockchain.
  • Step S203 Perform operations on the elliptic curve group generator and the primary signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to the blockchain, so that the supervisory node is based on the first random number, identity verification information, and primary The signature public key determines the sender of the target data.
  • the target blockchain node after the target blockchain node generates and publishes a signature public key, it can perform operations on the elliptic curve group generator and a signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to Blockchain, so that the supervisory node can determine the sender of the target data based on the first random number, identity verification information, and one-time signature private key.
  • the elliptic curve group element is the point obtained by the supervising node after calculating the first random number and the elliptic curve group generator according to the preset format
  • the one-time signature public key is the target blockchain node according to the preset format
  • the elliptic curve group element and the point obtained after a signature private key operation, and the identity verification information is the result obtained after the target blockchain node calculates the elliptic curve group generator and a signature private key according to the preset format, so the elliptic curve
  • the group element, the one-time signature public key and the identity verification information have format uniformity and relevance; then, the supervisory node can perform operations on the identity verification information and the first random number according to the preset format to obtain the corresponding operation results, and once The signature public key involves the transmission of the target data, so the supervisory node can compare the result of the operation with the value of the signature public key to determine the sender of the target data.
  • the preset format may include ⁇ ⁇ , where ⁇ represents an elliptic curve group, that is, an elliptic curve group generator or an elliptic curve group element, and ⁇ represents a random number.
  • a blockchain node in order to ensure the privacy of the target data, a blockchain node will cooperate with other blockchain nodes when transmitting data, such as interacting with other blockchain nodes on the target data. Perform ring signatures, which makes it difficult to determine the sender of the target data.
  • the supervisory node needs to identify a certain number of blockchain nodes according to the blockchain information transmission method provided in this application to determine the sender of the target data .
  • the ring signature involved in this application is a special digital signature scheme.
  • the signer uses his and his user’s public keys to generate a public key set, and then signs with his own private key.
  • the verifier is verifying the signature. After the legality of the signature, it can only be known that the signature comes from a certain user in the public key set, but the specific identity of the user cannot be known, and the identity privacy protection of the signer is realized.
  • the block chain information transmission method provided by this application is applied to a target block chain node to obtain predetermined elliptic curve group generators and elliptic curve group elements published by supervisory nodes.
  • the elliptic curve group elements include supervisory nodes based on preset
  • the format is the curve group element obtained by calculating the first random number and the elliptic curve group generator; generate a signature private key, according to the preset format, generate a signature public key based on the elliptic curve group element and a signature private key and publish it ; Perform operations on the elliptic curve group generator and the primary signature private key according to the preset format to obtain the identity verification information, and publish the identity verification information to the blockchain, so that the supervisory node is based on the first random number, identity verification information and a signature public key The key determines the sender of the target data.
  • the target blockchain node obtains the elliptic curve group generator selected by the supervisory node and the elliptic curve group element generated according to a preset format, and is based on the elliptic curve group according to the preset format
  • the element and the one-time signature private key generate one-time signature public key, so that the private key of the target blockchain node is completely controlled by the target blockchain node itself, and the elliptic curve group generator and the one-time signature private key are calculated according to the preset format.
  • the data when transmitting data, in order to protect the data, the data can be transmitted using a ring signature method. Therefore, according to the preset format, a signature public key is generated based on the elliptic curve group element and the signature private key. After the announcement, the above method can also include:
  • Step S204 Generate a ring signature private key
  • a random number can be generated as the ring signature private key.
  • a random number can be generated as the ring signature private key.
  • there can also be other ways to generate the ring signature private key such as processing its own identification data information, and using the processed identification data information as the ring signature private key Wait.
  • Step S205 Based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key, a traceable and linkable public key is generated to perform a traceable and linkable ring signature;
  • Step S206 Obtain the target data, and perform a traceable and linkable ring signature on the target data based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key , To obtain the traceable and linkable ring signature result of the data;
  • Step S207 Publish the traceable and linkable ring signature result to the verification blockchain node, so that the verification blockchain node verifies the traceable and linkable ring signature result, and uploads the traceable and linkable ring signature result after the verification is passed chain.
  • the traceable and linkable ring signature result also realizes the hidden protection of the target data transmitted by the target blockchain node; realizes the hiding of the identity of the target blockchain node, so that other ordinary blockchain nodes cannot know the target The identity of the blockchain node; and with the help of the one-time signature public key, the supervisory node can track and supervise the target blockchain node through the traceable and linkable ring signature result.
  • the target blockchain node is traceable based on the elliptic curve group generator, elliptic curve group element, ring signature private key, and one-time signature private key generation.
  • a traceable and linkable public key is generated to perform a traceable and linkable ring signature
  • the first calculation formula includes:
  • i represents the label of the target blockchain node
  • PK i represents the traceable and linkable public key when the target blockchain node performs the traceable and linkable ring signature
  • g represents the elliptic curve group generator
  • h represents the elliptic curve group element
  • x i represents the ring signature private key of the target blockchain node
  • a i represents the one-time signature private key of the target blockchain node
  • UTXO refers to the digital currency that has been confirmed but not spent on the current blockchain.
  • the target blockchain node generates the public key according to the preset format to generate the elliptic curve group element, the elliptic curve group element, the ring signature private key and the one-time signature private key.
  • the corresponding description of the zero-knowledge proof in this application can refer to the prior art, which will not be repeated here.
  • the target blockchain node performs a traceable and linkable loop on the target data based on the public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key.
  • Signing, the process of obtaining the traceable and linkable ring signature result of the data (S206), may specifically be:
  • the target data is ring-signed based on the ring signature public key and the ring signature private key, and the ordinary ring signature result A is obtained;
  • the ordinary ring signature result is signed once based on the one-time signature private key, the ring signature public key, and the one-time signature public key, and a signature result ⁇ is obtained;
  • the second calculation formula includes:
  • the third calculation formula includes:
  • the fourth calculation formula includes:
  • L represents the ring signature public key
  • x j represents the ring signature private key of other blockchain nodes
  • a j represents the one-time signature private key of other blockchain nodes
  • A represents the ordinary ring signature result
  • SIG represents the ring signature algorithm
  • m represents the target data
  • represents the one-time signature result
  • OSIG represents the one-time signature algorithm
  • OPK represents the one-time signature public key.
  • the steps required to perform data transmission by the target blockchain node are described.
  • the verification of the blockchain node is against the target blockchain node.
  • the corresponding verification process of the transmitted data information can be as follows:
  • the one-time signature public key already exists in the blockchain system, it means that the target blockchain has double spending, and the corresponding abnormal information is output. If the one-time signature public key does not exist in the blockchain In the system, the traceable and linkable ring signature result of the data released by the target blockchain node is obtained;
  • means zero-knowledge proof
  • g means generator of elliptic curve group
  • h represents the elliptic curve group element
  • x i represents the ring signature private key of the target blockchain node
  • a i represents the primary signature private key of the target blockchain node
  • the traceable linkable ring signature result has passed the verification, and when there are other verification conditions, the traceable linkable ring signature can be signed according to the verification conditions. The result continues to be verified until the verification result is obtained.
  • the supervisory node can track the blockchain node.
  • the supervisory node in the second embodiment compares the target block The process of the chain node tracking is described, and the supervisory node can perform the following steps in this process:
  • Step S301 Generate a first random number and save it as a trapdoor, so that the blockchain performs operations on the first random number and the elliptic curve group generator based on a preset format to obtain the elliptic curve group element.
  • Step S302 Publish the elliptic curve group element, so that the blockchain node in the blockchain system generates a corresponding one-time signature public key based on the elliptic curve group generator, the elliptic curve group element, and the corresponding one-time signature private key.
  • Step S303 Obtain the first series of calculation results published by the preset number of blockchain nodes in the blockchain.
  • the first series of calculation results include the generation of the elliptic curve group by the blockchain node according to the preset format and the private key for one-time signature The result obtained after the calculation.
  • Step S304 Obtain the target one-time signature public key; according to the preset format, perform operations on each operation result in the first series of operation results through the first random number to obtain the corresponding first operation value.
  • Step S305 Determine the blockchain node corresponding to the first operation value equal to the value of the target primary signature public key as the target blockchain node.
  • the preset format may include ⁇ ⁇ , ⁇ represents an elliptic curve group, and ⁇ represents a random number; taking the first series of calculation results as The target's one-time signature public key is The first random number is ⁇ as an example, the supervisory node passes the calculation and will satisfy The blockchain node of is determined as the target blockchain node.
  • FIG. 4 is a schematic flowchart of a third embodiment of this application.
  • the target blockchain node obtains the elliptic curve group generator g and the elliptic curve group element h published by the supervisory node, the following steps may be performed:
  • Step S401 Obtain the target value, and generate a second random number.
  • the target value refers to the value to be transmitted by the target block chain node, which can be the currency of the target block chain node's transaction, the transmitted value information, and so on.
  • Step S402 Calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the commitment value.
  • the target blockchain node after the target blockchain node obtains the target value and generates the second random number, it can calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the corresponding promise value.
  • the commitment value involved in this application has the same principle and function as the existing amount commitment, and will not be repeated here.
  • the target blockchain node can calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number according to a preset format.
  • Step S403 According to the preset split format, split the target value into sub-target values, and split the second random number into sub-second random numbers corresponding to the sub-target values.
  • the target value since the target value may be split into different values for protection during the transmission process, for example, in Monero, a value will be split into multiple values for transmission, so the target blockchain node can According to the preset split format, the target value is split into sub-target values, and the second random number is split into sub-second random numbers corresponding to the sub-target values. It is not difficult to understand that the sub-second random number is used for matching The corresponding sub-target value is protected.
  • Step S404 Calculate the first commitment value and the second commitment value of each sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element, and announce the first commitment value.
  • the target blockchain node when it protects the corresponding sub-target value based on the sub-second random number, it can calculate each sub-target value and the corresponding sub-target value based on the elliptic curve group generator and the elliptic curve group element.
  • the first commitment value and the second commitment value of the random number specifically, can be calculated based on the elliptic curve group generator and the elliptic curve group element according to the preset format, and the first value of each sub-target value and the corresponding sub-second random number Commitment value and second commitment value.
  • Step S405 Calculate and publish the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group elements, so that the supervisory node determines the target value based on the first commitment value, the numerical verification result, and the first random number .
  • the first commitment value is calculated based on the elliptic curve group generator, elliptic curve group element, sub-target value, and sub-second random number
  • the numerical verification result is based on the elliptic curve group element, sub-target value, and The second random number is calculated, and the elliptic curve group element is related to the elliptic curve group generator and the first random number. Therefore, the first commitment value, the numerical verification result, and the first random number are related, and the target The value is composed of sub-target values, so the supervisory node can determine the target value based on the first commitment value, the numerical verification result, and the first random number.
  • the block chain information transmission method provided by this application is applied to a target block chain node to obtain predetermined elliptic curve group generators and elliptic curve group elements published by supervisory nodes.
  • the elliptic curve group elements include supervisory nodes based on preset The format is the point obtained after the first random number and the elliptic curve group generator are calculated; the target value is obtained, and the second random number is generated; the target value is based on the elliptic curve group generator, encrypted elliptic curve group, and the second random number Perform calculations to get the promised value; according to the preset split format, split the target value into sub-target values, and split the second random number into sub-second random numbers corresponding to the sub-target values; generate based on the elliptic curve group Element and elliptic curve group elements calculate the first commitment value and second commitment value of each sub-target value and the corresponding sub-second random number, and announce the first commitment value; calculate each sub-target value and value based on the elliptic curve group element
  • the target blockchain node can use the elliptic curve group generator and the elliptic curve group element announced by the regulatory node to realize the encryption and concealment of the target value, and the preset blockchain node can be based on the target blockchain node.
  • the calculation process of the target value and the trapdoor saved by itself determine the specific value of the target value, and realize the supervision of the target value.
  • the target value in order to ensure the secure transmission of the value, the target value can be ring-signed by means of a ring signature to hide the corresponding value. Then the target blockchain node calculates each sub-target value based on the elliptic curve group element After the numerical verification result of the corresponding sub-second random number is published, the above method may further include:
  • the Borromean scheme can also be used to complete all sub-rings at once. signature.
  • the target blockchain node calculates the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the promised value (S402), which can be specific for:
  • the target value is calculated based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the promise value;
  • the promise value calculation formula includes:
  • c represents the commitment value
  • y represents the second random number
  • b represents the target value
  • the target blockchain node splits the target value into sub-target values according to a preset split format, and splits the second random number into sub-target values corresponding to the sub-target values.
  • the second random number process (S403) may be specifically:
  • the first split formula includes:
  • the second split formula includes:
  • b i represents the i-th sub-target value
  • v represents the total number of sub-target values
  • the value of b i is 0 or 1
  • y i represents the sub-second random number corresponding to the i-th sub-target value, 1 ⁇ i ⁇ v-1.
  • the target blockchain node calculates the first commitment value and second commitment value of each sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element.
  • the process of promised value (S404) can be specifically as follows:
  • the fifth calculation formula includes:
  • c i represents the i-th first commitment value
  • c′ i represents the i-th second commitment value
  • the sixth calculation formula includes:
  • TK′ i represents the i-th numerical verification result
  • the seventh calculation formula includes:
  • PK′ i (c i ,c′ i ,TK′ i , ⁇ (c i ,c′ i ,TK′ i )); where PK′ i represents the i-th child public key; ⁇ (c i ,c′ i ,TK′ i ) represents the zero-knowledge proof result of the legitimacy of TK′ i;
  • the eighth calculation formula includes:
  • ⁇ i SIG(PK′ i ,y i ,c); where ⁇ i represents the i-th sub-ring signature result.
  • the steps required to perform the numerical transmission of the target blockchain node are described.
  • the verification of the blockchain node to the target blockchain node The corresponding verification process of the transmitted value information can be as follows:
  • the chain value traceable interval proves the result.
  • the verification blockchain node achieves the traceable interval verification of the target value by verifying the verification result of the traceable interval of the value; and with the cooperation of the target blockchain node and the supervisory node , Realizes the supervision and tracking function of the target value, and improves the supervisability of the privacy protection blockchain system.
  • the supervising node can track and supervise the value transmitted by the block chain node.
  • the value transmitted by the node is described in the process of tracking and supervision. After the supervision node announces the elliptic curve group generator and the elliptic curve group element, the following steps can be performed:
  • For each first promise value calculate the second operation value corresponding to the first promise value through the first random number according to the preset format, and determine whether the second operation value is equal to the numerical verification result, and if so, determine the first promise value
  • the value of the corresponding sub-goal value is 0, if not, the value of the sub-goal value of the first commitment value is determined to be 1;
  • the target value is determined based on the sub-target value.
  • represents the first random number, that is, the trapdoor saved by the supervisory node
  • Monero is the current mature privacy digital currency system. It uses the UTXO model on the basis of Bitcoin, realizes the concealment of transaction identity through linkable ring signature technology, and realizes the concealment of transaction amount through interval proof
  • the application process is as follows:
  • Each UTXO in Monero includes the currency's public and private keys (PK, SK) and amount commitment (COM).
  • the new amount commitment, the interval proof of the new amount commitment, and other billing information are combined with the ring signature of L and published on the blockchain .
  • the transaction verifier checks whether it is a double-spending transaction. If it is not a double-spending transaction, it verifies the legitimacy of the interval proof and the legitimacy of the ring signature. After all passes, the transaction is packaged into blocks. The verifier cannot obtain the identity information and amount information of both parties in the transaction. For all transactions of new blocks on the chain, the transaction receiver uses his private key to check whether there is a transfer to himself, and if so, calculates the private key of the new UTXO and deposits the money in his wallet.
  • UTXO refers to the confirmed but unspent digital currency on the current blockchain, that is, an unspent amount of money
  • double spending refers to It is that the blockchain does not pay attention to the fact that users spend twice on a transaction of money
  • asymmetric encryption system (Asymmetric encryption system) is different from the traditional symmetric encryption algorithm, based on the asymmetry of the computational complexity in the encryption and decryption process
  • a type of algorithm to ensure security In an asymmetric encryption system, the encrypting party needs to generate a private key and a public key pair. The private key is kept by itself, and the public key can be sent to the other party.
  • Digital signature is a type of asymmetric cryptography.
  • the user For branch, the user generates a public and private key, keeps the private key, and signs any message with the private key.
  • the verifier can use the public key to verify the legitimacy of the signature.
  • the digital signature realizes identity authentication and data integrity verification;
  • Linkable ring signature (Linkable ring signature) is a special ring signature scheme.
  • the user must provide a tag information when performing a ring signature.
  • an illegal signature or illegal transactions such as double spending
  • the transaction tag can be compared. It can be judged whether it is an illegal signature (double-spending transaction), which realizes a safe transaction guarantee;
  • Range proof is a zero-knowledge proof system that gives a certain amount of money belongs to a specified interval without revealing the specific amount of information.
  • the first embodiment of this application provides a traceable and linkable ring signature scheme; the traceable and traceable ring signature (Linkable and Traceable ring signature) is also realized
  • the signature of the dual function of traceable and linkable among which traceable ring signature (Traceable ring signature) refers to the signature that can trace the identity of the specific signing user, and realizes the signature of the supervision function.
  • the second embodiment provided in this application implements the tracking of the value.
  • the traceable range proof refers to a certain amount of money belonging to a specified amount.
  • Interval proof system for ordinary verification users, the proof meets zero knowledge (no amount information is leaked), and the specific amount can be solved through proof, which realizes the proof of supervision function.
  • the blockchain system has a center, which generates system parameters (elliptic curve group generator), trapdoor (first random number) and trapdoor public key MPK (elliptic curve group element);
  • the verifier of the public key can verify whether the public key of the UTXO is in accordance with Generated in a prescribed way;
  • the user conducts transactions in accordance with the same transaction framework as Monero.
  • the user replaces the original Monero interval certificate with the traceable interval certificate of the application in the interval proof of the transaction amount, and replaces the Monero coin in the interval proof of the application.
  • the linkable ring signature of is replaced with a traceable linkable ring signature;
  • the verifier performs the same verification work as Monero, that is, verifying the correctness of the interval proof, verifying the correctness of the ring signature, verifying whether the transaction can be linked (whether it is double spend), and confirming the transaction after all verifications are passed.
  • the central node (supervisor) on the chain is not responsible for confirming the legality of the transaction, nor is it responsible for packaging transactions and block production. It only works when supervision is required.
  • the center uses its own trapdoor Trapdoor to verify the interval certification and loop of the transaction.
  • the signature is tracked and calculated to obtain the specific transaction amount and the identity of the signer, which realizes a complete supervision function.
  • the supervisor does not have the user's private key, and cannot forge the user's signature or transfer the user's money.
  • the function of interference realizes the function of multi-level supervision.
  • the blockchain information transmission method realizes the tracking of the data sender and the supervision of the value, and avoids the block caused by the data sender cannot be tracked and the value cannot be known.
  • the chain system hides the shortcomings of criminal information, which can be applied to specific application scenarios such as criminal investigation, data statistics, and fund freezing in the blockchain application scenario; in addition, the user’s own private key is completely controlled by the user, including the supervisor No one inside can forge user signatures and counterfeit user transactions, which preserves the requirements of blockchain "decentralization" to the greatest extent; and the regulator does not need to be responsible for transaction verification, and does not require complicated packaging transactions and block production, etc. It only appears when supervision is needed, effectively reducing the supervisor's calculation and communication pressure, and improving the transaction efficiency of the blockchain system compared with the existing technology that requires supervisors.
  • this application provides a blockchain information transmission system.
  • FIG. 5 is a schematic structural diagram of a blockchain information transmission system disclosed in an embodiment of the application.
  • the block chain information transmission system provided by the embodiment of the present application, applied to a target block chain node, may include:
  • the first obtaining module 101 is configured to obtain a predetermined discrete cipher group generator and an encrypted group element.
  • the encrypted group element includes a cipher group element obtained by calculating a first random number and an initial cipher group based on a preset format, and the first Random numbers are trapdoors generated and saved by supervisory nodes;
  • the first processing module is used to process its own private data based on the discrete cipher group generator and the encrypted group element according to the preset format, and publish the corresponding processing result to the blockchain, so that the supervisory node can be based on the processing result And the first random number supervises the target blockchain node and/or private data.
  • this application provides a block chain information transmission device.
  • FIG. 6 is a schematic diagram of the internal structure of a block chain information transmission device disclosed in an embodiment of the application.
  • the block chain information transmission device 1 can be a PC (Personal Computer), or a smart phone, a tablet computer, a palmtop computer, a portable computer, a smart router, a mining machine, a network storage device terminal device .
  • PC Personal Computer
  • a smart phone a tablet computer, a palmtop computer, a portable computer, a smart router, a mining machine, a network storage device terminal device .
  • the block chain information transmission device 1 may be a node constituting a block chain network.
  • the block chain information transmission device 1 may include a memory 11, a processor 12 and a bus 13.
  • the memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc.
  • the memory 11 may be an internal storage unit of the blockchain information transmission device 1 in some embodiments, such as a hard disk of the blockchain information transmission device 1.
  • the memory 11 may also be an external storage device of the blockchain information transmission device 1, for example, a plug-in hard disk or a smart media card (SMC) equipped on the blockchain information transmission device 1. Secure Digital (SD) card, Flash Card, etc.
  • the memory 11 may also include both an internal storage unit of the blockchain information transmission device 1 and an external storage device.
  • the memory 11 can be used not only to store application software and various data installed in the blockchain information transmission device 1, such as the code of the blockchain information transmission program 01, but also to temporarily store data that has been output or will be output. .
  • the processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip, for running program codes or processing stored in the memory 11 Data, such as execution of blockchain information transmission program 01, etc.
  • CPU central processing unit
  • controller microcontroller
  • microprocessor or other data processing chip
  • the bus 13 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus.
  • the blockchain information transmission device may also include a network interface 14.
  • the network interface 14 may optionally include a wired interface and/or a wireless interface (such as a WI-FI interface, a Bluetooth interface, etc.), which is usually used in the device 1 Establish a communication connection with other electronic devices.
  • the blockchain information transmission device 1 may also include a user interface.
  • the user interface may include a display (Display), an input unit such as a keyboard (Keyboard), and the optional user interface may also include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, etc.
  • the display can also be appropriately called a display screen or a display unit, which is used to display the information processed in the blockchain information transmission device 1 and to display a visualized user interface.
  • Fig. 6 only shows the block chain information transmission device 1 with components 11-14 and block chain information transmission program 01. Those skilled in the art can understand that the structure shown in Fig. 6 does not constitute a block chain
  • the definition of the information transmission device 1 may include fewer or more components than shown, or a combination of certain components, or a different component arrangement.
  • a computer-readable storage medium provided by the present application.
  • the computer-readable storage medium stores a blockchain information transmission program.
  • the blockchain information transmission program can be executed by one or more processors to implement any of the above embodiments.
  • the described blockchain information transmission method can be executed by one or more processors to implement any of the above embodiments.
  • RAM random access memory
  • ROM read-only memory
  • electrically programmable ROM electrically erasable programmable ROM
  • registers hard disks, removable disks, CD-ROMs, Or any other form of storage medium known in the technical field.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.).
  • wired such as coaxial cable, optical fiber, digital subscriber line (DSL)
  • wireless such as infrared, wireless, microwave, etc.
  • the computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server or a data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .
  • sequence numbers of the above-mentioned embodiments of the present invention are only for description, and do not represent the superiority or inferiority of the embodiments.
  • the terms “include”, “include” or any other variants thereof in this article are intended to cover non-exclusive inclusion, so that a process, device, article or method including a series of elements not only includes those elements, but also includes those elements that are not explicitly included.
  • the other elements listed may also include elements inherent to the process, device, article, or method. If there are no more restrictions, the element defined by the sentence "including a" does not exclude the existence of other identical elements in the process, device, article, or method that includes the element.

Abstract

A blockchain system, an information transmission method, system and apparatus, and a computer storage medium, wherein same are applied to a target blockchain node. The method comprises: acquiring a predetermined discrete cipher group generator and an encrypted group element, wherein the encrypted group element comprises a cipher group element obtained after an operation, based on a preset format, of a first random number and the discrete cipher group generator, and the first random number is a trapdoor generated and saved by a supervision node; and according to the preset format, processing, on the basis of the discrete cipher group generator and the encrypted group element, private data thereof, and publishing a corresponding processing result to a blockchain, such that the supervision node can supervise a target blockchain node and/or the private data on the basis of the processing result and the first random number. In the present application, a supervision node performs identity supervision and privacy data supervision on a target blockchain node by means of a discrete cipher group generator, an encrypted group element and a first random number.

Description

区块链系统及信息传输方法、系统、装置、计算机介质Block chain system and information transmission method, system, device, computer medium 技术领域Technical field
本发明涉及信息安全技术领域,特别涉及区块链系统及信息传输方法、系统、装置、计算机介质。The present invention relates to the technical field of information security, in particular to a blockchain system and information transmission methods, systems, devices, and computer media.
背景技术Background technique
随着通信技术的发展,用户对信息的安全性以及传输性有了更高的要求,在这一环境下,区块链凭借着其去中心化、不可被篡改且可追溯的优点得到用户的重视。区块链(Blockchain)是一种分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式,其是比特币的一个重要概念,区块链本质上是一个去中心化的数据库,同时作为比特币的底层技术,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次比特币网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。然而,在区块链的应用过程中,为了更好的隐藏用户的隐私信息,比如隐藏用户在区块链中的交易信息等,门罗币等区块链系统应运而生,借助门罗币类型的区块链,其他用户只能知道某一用户进行了交易,但无法获知具体的用户信息,从而使得不法分子可以通过区块链进行不法交易,降低了隐私保护区块链系统的可监管性。With the development of communication technology, users have higher requirements for the security and transmission of information. In this environment, blockchain gains users’ attention by virtue of its decentralized, non-tamperable, and traceable advantages. Pay attention. Blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc. It is an important concept of Bitcoin. Blockchain is essentially a decentralized The database, as the underlying technology of Bitcoin at the same time, is a series of data blocks related to the use of cryptographic methods. Each data block contains a batch of Bitcoin network transaction information to verify the validity of the information ( Anti-counterfeiting) and generate the next block. However, in the application process of the blockchain, in order to better hide the user’s private information, such as hiding the user’s transaction information in the blockchain, etc., blockchain systems such as Monero came into being, with the help of Monero. In this type of blockchain, other users can only know that a certain user has made a transaction, but cannot learn specific user information, so that criminals can conduct illegal transactions through the blockchain, reducing the supervision of the privacy protection blockchain system Sex.
综上可见,如何提高隐私保护区块链系统的可监管性是目前亟待解决的问题。In summary, how to improve the supervisability of the privacy protection blockchain system is a problem that needs to be solved urgently.
发明内容Summary of the invention
本申请的主要目的在于提供一种区块链系统及信息传输方法、系统、装置、计算机可读存储介质,旨在解决提高区块链系统的可监管性的技术问题。The main purpose of this application is to provide a blockchain system, information transmission method, system, device, and computer-readable storage medium, which aims to solve the technical problem of improving the supervisability of the blockchain system.
为实现上述目的,本申请提供一种区块链信息传输方法,应用于区块链系统中的目标区块链节点,所述区块链系统还包括监管节点,所述方法包括:To achieve the above objective, the present application provides a blockchain information transmission method, which is applied to a target blockchain node in a blockchain system, the blockchain system further includes a supervisory node, and the method includes:
获取预先确定的离散密码群生成元及加密群元素,所述加密群元素包括基于预设格式对第一随机数和所述离散密码群生成元运算后得到的密码群元素,且所述第一随机数为所述监管节点生成并保存的陷门;Obtain a predetermined discrete cipher group generator and an encrypted group element, where the encrypted group element includes a cipher group element obtained by calculating a first random number and the discrete cipher group generator based on a preset format, and the first The random number is a trapdoor generated and saved by the supervisory node;
按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管。According to the preset format, process its own private data based on the discrete cipher group generator and the encrypted group element, and publish the corresponding processing result to the blockchain, so that the supervisory node can Supervise the target blockchain node and/or the private data based on the processing result and the first random number.
优选的,所述离散密码群生成元包括椭圆曲线群生成元,所述加密群元素包括椭圆曲线群元素;Preferably, the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
所述按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管,包括:According to the preset format, process its own private data based on the discrete cipher group generator and the encryption group element, and publish the corresponding processing result to the blockchain, so that the supervision The node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
生成一次签名私钥,按照所述预设格式,基于椭圆曲线群元素及所述一次签名私钥生成一次签名公钥并公布;Generate a signature private key once, and generate and publish a signature public key based on the elliptic curve group element and the one-time signature private key according to the preset format;
按照所述预设格式对所述椭圆曲线群生成元及所述一次签名私钥进行运算,得到身份验证信息,发布所述身份验证信息至所述区块链,以使所述监管节点能够基于所述第一随机数、所述身份验证信息及所述一次签名公钥确定所述目标数据的发送方。Perform operations on the elliptic curve group generator and the one-time signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to the blockchain so that the supervisory node can be based on The first random number, the identity verification information, and the one-time signature public key determine the sender of the target data.
优选的,所述区块链系统还包括验证区块链节点,所述按照所述预设格式,基于所述椭圆曲线群元素及所述一次签名私钥生成一次签名公钥并公布之后,还包括:Preferably, the blockchain system further includes a verification blockchain node, and after generating a signature public key based on the elliptic curve group element and the one-time signature private key according to the preset format and publishing it, include:
生成环签名私钥,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接环签名的可追踪可链接公钥;Generate a ring signature private key, and generate a traceable and linkable public key for traceable and linkable ring signatures based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key ;
获取目标数据,基于所述可追踪可链接公钥、所述椭圆曲线群生成元、 所述椭圆曲线群元素、所述环签名私钥、所述一次签名私钥及所述一次签名公钥对所述目标数据进行可追踪可链接环签名,得到所述目标数据的可追踪可链接环签名结果;Obtain target data based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the pair of the one-time signature public key Performing a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the target data;
发布所述可追踪可链接环签名结果至所述验证区块链节点,以使所述验证区块链节点能够对所述可追踪可链接环签名结果进行验证。Publish the traceable and linkable ring signature result to the verification blockchain node, so that the verification blockchain node can verify the traceable and linkable ring signature result.
优选的,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接的可追踪可链接公钥,包括:Preferably, said generating a traceable and linkable public key for traceability and linkability based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key and the one-time signature private key includes:
通过第一运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接环签名的所述可追踪可链接公钥;According to the first calculation formula, the traceable and linkable ring signature is generated based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key Public key
所述第一运算公式包括:The first calculation formula includes:
Figure PCTCN2019104853-appb-000001
Figure PCTCN2019104853-appb-000001
其中,i表示所述目标区块链节点的标号;PK i表示所述目标区块链节点进行可追踪可链接环签名的所述可追踪可链接公钥;g表示所述椭圆曲线群生成元;
Figure PCTCN2019104853-appb-000002
表示上次生成的UPK;h表示所述椭圆曲线群元素;x i表示所述目标区块链节点的所述环签名私钥;a i表示所述目标区块链节点的所述一次签名私钥;
Figure PCTCN2019104853-appb-000003
表示所述可追踪可链接公钥合法性的零知识证明结果。 Wherein, i represents the label of the target blockchain node; PK i represents the traceable and linkable public key for the target blockchain node to sign the traceable and linkable ring; g represents the elliptic curve group generator ;
Figure PCTCN2019104853-appb-000002
Represents the UPK generated last time; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the one-time signature private key of the target blockchain node key;
Figure PCTCN2019104853-appb-000003
Represents the zero-knowledge proof result of the legitimacy of the traceable and linkable public key.
优选的,所述基于所述可追踪可链接公钥、所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥、所述一次签名私钥及所述一次签名公钥对所述目标数据进行可追踪可链接环签名,得到数据的可追踪可链接环签名结果,包括:Preferably, based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key Perform a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the data, including:
选取预设数量的其他区块链节点,通过第二运算公式,基于所述其他区块链节点的公钥及所述目标区块链节点的公钥生成环签名公钥,所述预设数量为n-1,n为大于等于2的整数;A preset number of other blockchain nodes are selected, and a ring signature public key is generated based on the public key of the other blockchain node and the public key of the target blockchain node through a second calculation formula, the preset number N-1, n is an integer greater than or equal to 2;
通过第三运算公式,基于所述环签名公钥、所述环签名私钥对所述目标数据进行环签名,得到普通环签名结果;Perform a ring signature on the target data based on the ring signature public key and the ring signature private key through the third calculation formula to obtain a common ring signature result;
通过第四运算公式,基于所述一次签名私钥、所述环签名公钥、所述 一次签名公钥对所述普通环签名结果进行一次签名,得到一次签名结果;According to the fourth calculation formula, the ordinary ring signature result is signed once based on the one-time signature private key, the ring signature public key, and the one-time signature public key to obtain a signature result;
将所述环签名公钥、所述目标数据、所述普通环签名结果、所述一次签名结果作为所述可追踪可链接环签名结果;Using the ring signature public key, the target data, the ordinary ring signature result, and the one-time signature result as the traceable and linkable ring signature result;
所述第二运算公式包括:The second calculation formula includes:
Figure PCTCN2019104853-appb-000004
Figure PCTCN2019104853-appb-000004
所述第三运算公式包括:The third calculation formula includes:
A=SIG(x i,L,m); A=SIG(x i ,L,m);
所述第四运算公式包括:The fourth calculation formula includes:
σ=OSIG(a i,SIG(x i,L,m),L,OPK);
Figure PCTCN2019104853-appb-000005
σ=OSIG(a i ,SIG(x i ,L,m),L,OPK);
Figure PCTCN2019104853-appb-000005
其中,L表示所述环签名公钥;1≤j≤n-1,且j≠i时,x j表示所述其他区块链节点的环签名私钥,a j表示所述其他区块链节点的一次签名私钥;A表示所述普通环签名结果;SIG表示环签名算法;m表示所述目标数据;σ表示所述一次签名结果;OSIG表示一次签名算法;OPK表示所述一次签名公钥。 Where, L represents the public key of the ring signature; when 1≤j≤n-1, and j≠i, x j represents the ring signature private key of the other blockchain node, and a j represents the other blockchain The one-time signature private key of the node; A represents the ordinary ring signature result; SIG represents the ring signature algorithm; m represents the target data; σ represents the one-time signature result; OSIG represents the one-time signature algorithm; OPK represents the one-time signature public key key.
优选的,所述离散密码群生成元包括椭圆曲线群生成元,所述加密群元素包括椭圆曲线群元素;Preferably, the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
所述按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管,包括:According to the preset format, process its own private data based on the discrete cipher group generator and the encryption group element, and publish the corresponding processing result to the blockchain, so that the supervision The node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
获取目标数值,并生成第二随机数;Obtain the target value and generate a second random number;
基于椭圆曲线群生成元、椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到承诺值;Calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the commitment value;
按照预设拆分格式,将所述目标数值拆分为子目标数值,并将所述第二随机数拆分为与所述子目标数值对应的子第二随机数;Split the target value into sub-target values according to a preset split format, and split the second random number into sub-second random numbers corresponding to the sub-target value;
基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的第一承诺值和第二承诺值,并公布所述第一承诺值;Calculate the first commitment value and second commitment value of each of the sub-target values and the corresponding sub-second random numbers based on the elliptic curve group generator and the elliptic curve group elements, and publish the first commitment value Commitment value
基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子 第二随机数的数值验证结果并公布,以使所述监管节点能够基于所述第一承诺值、所述数值验证结果及所述第一随机数确定所述目标数值。Based on the elliptic curve group elements, calculate and publish the numerical verification results of each of the sub-target values and the corresponding sub-second random numbers, so that the supervisory node can be based on the first commitment value and the numerical value. The verification result and the first random number determine the target value.
优选的,所述基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的数值验证结果并公布之后,还包括:Preferably, after the calculation and publication of the numerical verification result of each of the sub-target values and the corresponding sub-second random numbers based on the elliptic curve group elements, the method further includes:
基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的子公钥;Calculating the sub-public key of each sub-target value based on the first commitment value, the second commitment value, and the numerical verification result of each of the sub-target values;
基于所述承诺值及每一个所述子目标数值的所述子公钥、所述子第二随机数计算每一个所述子目标数值的子环签名结果;Calculating a sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key of each of the sub-target values, and the sub-second random number;
将所述承诺值及所有的所述子环签名结果作为所述目标数值的数值可追踪区间证明结果;Taking the commitment value and all the sub-ring signature results as the verification result of the traceable interval of the target value;
发布所述数值可追踪区间证明结果至所述验证区块链节点,以使所述验证区块链节点能够对所述数值可追踪区间证明结果及所述数值验证结果进行验证、并在验证通过后将所述数值可追踪区间证明结果上链。Publish the verification result of the numerical traceable interval to the verification blockchain node, so that the verification blockchain node can verify the verification result of the numerical traceable interval and the numerical verification result, and pass the verification Afterwards, the result of the traceable interval of the numerical value is shown on the chain.
优选的,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到承诺值,包括:Preferably, the calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the commitment value includes:
通过承诺值运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到所述承诺值;Calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number through a promise value calculation formula to obtain the promise value;
所述承诺值运算公式包括:The commitment value calculation formula includes:
c=g yh bc=g y h b ;
其中,c表示所述承诺值;y表示所述第二随机数;b表示所述目标数值。Wherein, c represents the commitment value; y represents the second random number; b represents the target value.
优选的,所述按照预设拆分格式,将所述目标数值拆分为子目标数值,并将所述第二随机数拆分为与所述子目标数值对应的子第二随机数,包括:Preferably, the splitting the target value into sub-target values according to a preset split format, and splitting the second random number into sub-second random numbers corresponding to the sub-target value, includes :
通过第一拆分公式将所述目标数值拆分为所述子目标数值;Split the target value into the sub-target value by a first split formula;
通过第二拆分公式将所述第二随机数拆分为与所述子目标数值对应的所述子第二随机数;Split the second random number into the sub-second random number corresponding to the sub-target value by using a second split formula;
所述第一拆分公式包括:The first splitting formula includes:
b=b 0+…+2 ib i+…+2 v-1b v-1b=b 0 +…+2 i b i +…+2 v-1 b v-1 ;
所述第二拆分公式包括:The second splitting formula includes:
y 0+…+y i+…+y v-1=y; y 0 +…+y i +…+y v-1 =y;
其中,b i表示第i个所述子目标数值,v表示所述子目标数值的总数量,b i的值为0或1;y i表示与第i个所述子目标数值对应的所述子第二随机数。 Wherein, b i represents the i-th sub-target value, v represents the total number of the sub-target values, and the value of b i is 0 or 1; y i represents the i-th sub-target value corresponding to the The second random number.
优选的,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的第一承诺值和第二承诺值,包括:Preferably, the calculation of the first commitment value and the second commitment value of each of the sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element includes :
通过第五运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的所述第一承诺值和所述第二承诺值;According to the fifth calculation formula, the first commitment value and the first commitment value of each sub-target value and the corresponding sub-second random number are calculated based on the elliptic curve group generator and the elliptic curve group element. 2. Commitment value;
所述第五运算公式包括:The fifth operation formula includes:
Figure PCTCN2019104853-appb-000006
Figure PCTCN2019104853-appb-000006
其中,c i表示第i个所述第一承诺值;c′ i表示第i个所述第二承诺值; Wherein, c i represents the i-th first commitment value; c′ i represents the i-th second commitment value;
所述基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的数值验证结果并公布,包括:The calculating and publishing the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element includes:
通过第六运算公式,基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的所述数值验证结果并公布;Calculate and publish the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element through a sixth calculation formula;
所述第六运算公式包括:The sixth operation formula includes:
Figure PCTCN2019104853-appb-000007
其中,TK′ i表示第i个所述数值验证结果;
Figure PCTCN2019104853-appb-000007
Wherein, TK′ i represents the i-th numerical verification result;
所述基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的子公钥,包括:The calculating the sub-public key of each of the sub-target values based on the first commitment value, the second commitment value, and the value verification result of each of the sub-target values includes:
通过第七运算公式,基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的所述子公钥;Calculating the sub-public key of each sub-target value based on the first commitment value, the second commitment value, and the numerical verification result of each of the sub-target values through a seventh calculation formula;
所述第七运算公式包括:The seventh operation formula includes:
PK′ i=(c i,c′ i,TK′ i,π(c i,c′ i,TK′ i));其中,PK′ i表示第i个所述子公钥;π(c i,c′ i,TK′ i)表示TK′ i合法性的零知识证明结果; PK′ i =(c i ,c′ i ,TK′ i ,π(c i ,c′ i ,TK′ i )); where PK′ i represents the i-th said child public key; π(c i ,c′ i ,TK′ i ) represents the zero-knowledge proof result of the legitimacy of TK′ i;
所述基于所述承诺值及每一个所述子目标数值的所述子公钥、所述子第二随机数计算每一个所述子目标数值的子环签名结果,包括:The calculating the sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key and the sub-second random number of each of the sub-target values includes:
通过第八运算公式,基于所述承诺值及每一个所述子目标数值的所述 子公钥、所述子第二随机数计算每一个所述子目标数值的所述子环签名结果;Calculating the sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key of each of the sub-target values, and the sub-second random number by using an eighth operation formula;
所述第八运算公式包括:The eighth operation formula includes:
σ i=SIG(PK′ i,y i,c);其中,σ i表示第i个所述子环签名结果。 σ i =SIG(PK' i ,y i ,c); where σ i represents the i-th sub-ring signature result.
优选的,所述预设格式包括α β,α表示密码群元素,β表示随机数。 Preferably, the preset format includes α β , α represents a password group element, and β represents a random number.
本申请提供的一种区块链信息传输方法,应用于区块链系统中的验证区块链节点,所述区块链系统还包括目标区块链节点,所述方法包括:The block chain information transmission method provided by the present application is applied to a verification block chain node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
获取所述目标区块链节点公布的一次签名公钥,判断所述一次签名公钥是否已存在于所述区块链系统中;Obtain the one-time signature public key published by the target blockchain node, and determine whether the one-time signature public key already exists in the blockchain system;
若所述一次签名公钥已存在于所述区块链系统中,则输出异常信息,若所述一次签名公钥未存在于所述区块链系统中,则获取所述目标区块链节点发布的数据的可追踪可链接环签名结果;If the one-time signature public key already exists in the blockchain system, output abnormal information, if the one-time signature public key does not exist in the blockchain system, then obtain the target blockchain node Traceable and linkable ring signature results of published data;
获取并检验
Figure PCTCN2019104853-appb-000008
是否正确;π表示零知识证明,g表示椭圆曲线群生成元;
Figure PCTCN2019104853-appb-000009
表示上次生成的UPK;h表示椭圆曲线群元素;x i表示所述目标区块链节点的环签名私钥;a i表示所述目标区块链节点的一次签名私钥; Obtain and verify
Figure PCTCN2019104853-appb-000008
Is it correct; π means zero-knowledge proof, g means generator of elliptic curve group;
Figure PCTCN2019104853-appb-000009
Represents the UPK generated last time; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the primary signature private key of the target blockchain node;
Figure PCTCN2019104853-appb-000010
正确,则检验所述可追踪可链接环签名结果中的环签名公钥是否正确; If
Figure PCTCN2019104853-appb-000010
If it is correct, check whether the ring signature public key in the traceable linkable ring signature result is correct;
若所述环签名公钥正确,则检验所述可追踪可链接环签名结果中的普通环签名结果是否正确;If the ring signature public key is correct, check whether the ordinary ring signature result in the traceable linkable ring signature result is correct;
若所述普通环签名结果正确,则检验所述可追踪可链接环签名结果中的一次签名结果是否正确;If the result of the ordinary ring signature is correct, check whether the one-time signature result in the traceable and linkable ring signature result is correct;
若所述一次签名结果正确,则检验所述可追踪可链接环签名结果是否正确。If the one-time signature result is correct, check whether the traceable linkable ring signature result is correct.
优选的,还包括:Preferably, it also includes:
获取所述目标区块链节点生成的承诺值、第一承诺值、第二承诺值、数值验证结果及数值可追踪区间证明结果;获取椭圆曲线群元素;Obtain the commitment value, the first commitment value, the second commitment value, the numerical verification result, and the numerical traceable interval verification result generated by the target blockchain node; acquire the elliptic curve group element;
验证所有的π(c i,c′ i,TK′ i)是否均正确;c i表示所述第一承诺值;c′ i表示所述第二承诺值;TK′ i表示所述数值验证结果; Verify that all π(c i ,c′ i ,TK′ i ) are correct; c i represents the first commitment value; c′ i represents the second commitment value; TK′ i represents the numerical verification result ;
若所有的π(c i,c′ i,TK′ i)正确,则验证所有的
Figure PCTCN2019104853-appb-000011
是否均正确;h表示所述椭圆曲线群元素; If all π(c i ,c′ i ,TK′ i ) are correct, verify all
Figure PCTCN2019104853-appb-000011
Whether they are all correct; h represents the elliptic curve group element;
若所有的
Figure PCTCN2019104853-appb-000012
正确,则验证Πc i=c是否正确,Π表示求和运算,c表示所述承诺值; If all
Figure PCTCN2019104853-appb-000012
If it is correct, verify that Πc i =c is correct, Π represents the summation operation, and c represents the commitment value;
若Πc i=c正确,则验证所述数值可追踪区间证明结果的正确性; If Πc i = c is correct, verify the correctness of the result by verifying the traceable interval of the value;
若所述数值可追踪区间证明结果正确,则上链所述数值可追求区间证明结果。If the value traceable interval proves that the result is correct, then the value mentioned on the chain can pursue the interval proof result.
本申请提供的一种区块链信息传输方法,应用于区块链系统中的监管节点,所述区块链系统还包括目标区块链节点,所述方法包括:The block chain information transmission method provided by the present application is applied to a supervisory node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
生成第一随机数并作为陷门保存,以使所述区块链基于预设格式对所述第一随机数和离散密码群生成元运算,得到加密群元素;Generating a first random number and saving it as a trapdoor, so that the blockchain performs operations on the first random number and the discrete cipher group generator based on a preset format to obtain an encrypted group element;
公布所述加密群元素,以使区块链系统中的区块链节点基于所述离散密码群生成元、所述加密群元素及相应的一次签名私钥生成相应的一次签名公钥;Publish the encrypted group element, so that the blockchain node in the blockchain system generates a corresponding one-time signature public key based on the discrete password group generator, the encrypted group element, and the corresponding one-time signature private key;
获取区块链节点发布在所述区块链中的第一系列运算结果,所述第一系列运算结果包括所述区块链节点按照所述预设格式对所述离散密码群生成元及所述一次签名私钥进行运算后得到的结果;Obtain the first series of calculation results published by the blockchain node in the blockchain, where the first series of calculation results include the block chain node’s Describe the result obtained after a signature private key is calculated;
获取目标一次签名公钥;Obtain the target's one-time signature public key;
按照所述预设格式,通过所述第一随机数对所述第一系列运算结果中的每个运算结果进行运算,得到相应的第一运算值;Performing an operation on each operation result in the first series of operation results by using the first random number according to the preset format to obtain a corresponding first operation value;
将与所述目标一次签名公钥的值相等的所述第一运算值所对应的区块链节点确定为目标区块链节点;Determining the blockchain node corresponding to the first operation value equal to the value of the target primary signature public key as the target blockchain node;
其中,所述预设格式包括α β,α表示密码群元素,β表示随机数。 Wherein, the preset format includes α β , α represents a cipher group element, and β represents a random number.
优选的,所述公布所述加密群元素之后,还包括:Preferably, after the publication of the encrypted group element, the method further includes:
获取所述目标区块链节点公布的与目标数值对应的第一承诺值及数值验证结果;Obtaining the first commitment value and the value verification result corresponding to the target value published by the target blockchain node;
对于每个所述第一承诺值,按照所述预设格式,通过所述第一随机数计算所述第一承诺值对应的第二运算值,判断所述第二运算值是否与所述数值验证结果相等,若是,则确定所述第一承诺值对应的子目标数值的值为0,若否,则确定所述第一承诺值的子目标数值的值为1;For each of the first commitment values, according to the preset format, the second operation value corresponding to the first commitment value is calculated by the first random number, and it is determined whether the second operation value is the same as the numerical value. If the verification results are equal, determine that the value of the sub-target value corresponding to the first commitment value is 0, if not, determine that the value of the sub-target value of the first commitment value is 1;
按照所述预设拆分格式,基于所述子目标数值确定所述目标数值。According to the preset split format, the target value is determined based on the sub-target value.
为实现上述目的,本申请进一步提供一种区块链信息传输系统,应用于区块链系统中的目标区块链节点,所述区块链系统还包括监管节点,所述系统包括:In order to achieve the above objective, this application further provides a blockchain information transmission system, which is applied to a target blockchain node in a blockchain system, the blockchain system further includes a supervisory node, and the system includes:
第一获取模块,用于获取预先确定的离散密码群生成元及加密群元素,所述加密群元素包括基于预设格式对第一随机数和所述初始密码群运算后得到的密码群元素,且所述第一随机数为所述监管节点生成并保存的陷门;The first obtaining module is configured to obtain a predetermined discrete cipher group generator and an encrypted group element, where the encrypted group element includes a cipher group element obtained by calculating a first random number and the initial cipher group based on a preset format, And the first random number is a trapdoor generated and saved by the supervisory node;
第一处理模块,用于按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管。The first processing module is configured to process its own private data based on the discrete cipher group generator and the encrypted group element according to the preset format, and publish the corresponding processing result to the blockchain, So that the supervision node can supervise the target blockchain node and/or the private data based on the processing result and the first random number.
为实现上述目的,本申请进一步提供一种区块链信息传输装置,所述装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的区块链信息传输程序,所述区块链信息传输程序被所述处理器执行时实现如上任一所述的方法。In order to achieve the above object, the present application further provides a blockchain information transmission device, the device includes a memory and a processor, the memory stores a blockchain information transmission program that can run on the processor, so When the blockchain information transmission program is executed by the processor, the method described above is implemented.
为实现上述目的,本申请进一步提供一种计算机可读存储介质,所述计算机可读存储介质上存储有区块链信息传输程序,所述区块链信息传输程序可被一个或者多个处理器执行,以实现如上任一所述的区块链信息传输方法。In order to achieve the above objective, the present application further provides a computer-readable storage medium having a blockchain information transmission program stored on the computer-readable storage medium, and the blockchain information transmission program can be used by one or more processors Execute to realize the block chain information transmission method as described above.
为实现上述目的,本申请进一步提供一种区块链系统,包括普通区块链节点、监管节点;In order to achieve the above objective, this application further provides a blockchain system, including ordinary blockchain nodes and supervisory nodes;
所述普通区块链节点用于执行如上任一所述的应用于目标区块链节点的区块链信息传输方法;The ordinary blockchain node is used to execute any one of the blockchain information transmission methods applied to the target blockchain node as described above;
所述监管节点用于执行如上任一所述的应用于监管节点的区块链信息传输方法。The supervisory node is used to execute any one of the above-mentioned blockchain information transmission methods applied to the supervisory node.
优选的,还包括验证区块链节点;Preferably, it also includes verifying the blockchain node;
所述验证区块链节点用于执行如上任一所述的应用于验证区块链节点的区块链信息传输方法。The verification blockchain node is used to execute any one of the above-mentioned blockchain information transmission methods applied to the verification blockchain node.
本申请提供的一种区块链信息传输方法,应用于目标区块链节点,获取预先确定的离散密码群生成元及加密群元素,加密群元素包括基于预设格式对第一随机数和离散密码群生成元运算后得到的密码群元素,且第一随机数为监管节点生成并保存的陷门;按照预设格式,基于离散密码群生成元和加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至区块链,以使监管节点能够基于处理结果及第一随机数对目标区块链节点和/或隐私数据进行监管。本申请中,目标区块链节点按照预设格式,基于获取的离散密码群生成元及加密群元素对自身的隐私数据进行处理,实现了对自身隐私数据的加密处理,保护了自身隐私数据的安全性,并且将相应的处理结果发布至区块链,由于加密群元素为基于预设格式对第一随机数和离散密码群生成元运算后得到的密码群元素,所以运算结果及加密群元素间存在格式一致性,所以监管节点可以通过离散密码群生成元、加密群元素及第一随机数对目标区块链节点进行身份监管和/或隐私数据监管,提高了隐私保护区块链系统的可监管性。本申请提供的一种区块链系统及信息传输系统、装置及计算机可读存储介质也解决了相应技术问题。The block chain information transmission method provided in this application is applied to a target block chain node to obtain a predetermined discrete cryptographic group generator and an encrypted group element. The encrypted group element includes the first random number and the discrete number based on a preset format. The cryptographic group element obtained after the cryptographic group generator operation, and the first random number is the trapdoor generated and saved by the supervisory node; according to the preset format, the private data of its own is processed based on the discrete cryptographic group generator and the encrypted group element, And publish the corresponding processing result to the blockchain, so that the supervisory node can supervise the target blockchain node and/or private data based on the processing result and the first random number. In this application, the target blockchain node processes its own private data based on the obtained discrete cipher group generators and encryption group elements in accordance with the preset format, realizes the encryption processing of its own private data, and protects its own private data. Security, and the corresponding processing results are released to the blockchain. Since the encrypted group elements are based on the preset format on the first random number and the discrete cipher group generators, the cipher group elements are obtained, so the calculation results and the encrypted group elements There is format consistency between the two, so the supervisory node can perform identity supervision and/or privacy data supervision on the target blockchain node through the discrete password group generator, the encrypted group element and the first random number, which improves the privacy protection of the blockchain system. Supervisable. The blockchain system, information transmission system, device, and computer-readable storage medium provided by this application also solve the corresponding technical problems.
附图说明Description of the drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, without creative work, other drawings can be obtained according to the provided drawings.
图1为本申请实施例提供的区块链系统10的结构示意图;FIG. 1 is a schematic structural diagram of a blockchain system 10 provided by an embodiment of the application;
图2为本申请第一实施例的流程示意图;FIG. 2 is a schematic flowchart of the first embodiment of the application;
图3为本申请第二实施例的流程示意图;FIG. 3 is a schematic flowchart of a second embodiment of this application;
图4为监管节点对目标区块链节点进行身份追踪的流程示意图;Figure 4 is a schematic diagram of the process of identity tracking of target blockchain nodes by supervisory nodes;
图5为本申请第三实施例的流程示意图;FIG. 5 is a schematic flowchart of a third embodiment of this application;
图6为本申请一实施例揭露的区块链信息传输系统的结构示意图;FIG. 6 is a schematic structural diagram of a blockchain information transmission system disclosed in an embodiment of the application;
图7为本申请一实施例揭露的区块链信息传输装置的内部结构示意图。FIG. 7 is a schematic diagram of the internal structure of a blockchain information transmission device disclosed in an embodiment of the application.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects, without having to use To describe a specific order or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances, so that the embodiments described herein can be implemented in a sequence other than the content illustrated or described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those clearly listed. Those steps or units may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.
需要说明的是,在本发明中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本发明要求的保护范围之内。本申请提供一种区块链信息传输方法。It should be noted that the descriptions related to "first", "second", etc. in the present invention are only for descriptive purposes, and cannot be understood as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. . Therefore, the features defined with "first" and "second" may explicitly or implicitly include at least one of the features. In addition, the technical solutions between the various embodiments can be combined with each other, but it must be based on what can be achieved by a person of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be achieved, it should be considered that such a combination of technical solutions does not exist. , Is not within the protection scope of the present invention. This application provides a blockchain information transmission method.
请参阅图1,图1为本申请实施例提供的区块链系统10的结构示意图。在本申请中,区块链系统10包括监管节点11、验证区块链节点12及普通区块链节点13;监管节点11、验证区块链节点12及普通区块链节点13各自的数量可以根据实际需要确定。并且普通区块链节点13发送信息时便成为本申请所描述的目标区块链节点。Please refer to FIG. 1, which is a schematic structural diagram of a blockchain system 10 provided by an embodiment of the application. In this application, the blockchain system 10 includes a supervisory node 11, a verification blockchain node 12, and a normal blockchain node 13. The number of supervisory nodes 11, a verification blockchain node 12, and a normal blockchain node 13 can be Determined according to actual needs. And when the ordinary blockchain node 13 sends information, it becomes the target blockchain node described in this application.
应当指出,本申请所提供的区块链信息传输方法涉及到目标区块链节点传输信息、验证区块链节点对信息进行相应验证并决定是否对信息上链、监管节点对上链的信息进行监管这三个过程。下面,本申请分别从目标区块链节点、验证区块链节点及监管节点三个角度对本申请提供的区块链信息传输方法进行描述。It should be pointed out that the blockchain information transmission method provided in this application involves the target blockchain node transmitting information, verifying that the blockchain node verifies the information accordingly, and deciding whether to upload the information to the chain, and the supervisory node to perform the information on the chain. Supervise these three processes. Below, this application describes the blockchain information transmission method provided by this application from the three perspectives of the target blockchain node, the verification blockchain node, and the supervisory node.
首先从目标区块链节点的角度出发对本申请提供的区块链信息传输方法进行描述。First, from the perspective of the target blockchain node, the blockchain information transmission method provided in this application is described.
第一实施例:The first embodiment:
参照图1,图1为本申请第一实施例的流程示意图。Referring to FIG. 1, FIG. 1 is a schematic flowchart of a first embodiment of this application.
在第一实施例中,本申请提供的一种区块链信息传输方法,应用于目标区块链节点,可以包括以下步骤:In the first embodiment, a blockchain information transmission method provided in this application, applied to a target blockchain node, may include the following steps:
步骤S101:获取预先确定的离散密码群生成元及加密群元素,加密群元素包括基于预设格式对生成的第一随机数和离散密码群生成元运算后得到的密码群元素,且第一随机数为监管节点生成并保存的陷门。Step S101: Obtain a predetermined discrete cipher group generator and an encrypted group element. The encrypted group element includes a cipher group element obtained by calculating a first random number generated based on a preset format and the discrete cipher group generator, and the first random number The number is a trapdoor generated and saved by the supervisory node.
实际应用中,监管节点可以先获取预先确定的离散密码群生成元,再生成第一随机数,最后再按照预设格式对第一随机数及离散密码群生成元进行运算,得到加密群元素;之后,监管节点将第一随机数作为陷门进行保存,并公布加密群元素至区块链系统,以使区块链系统中的区块链节点基于离散密码群生成元及加密群元素对自身的隐私数据进行处理。应当指出,离散密码群生成元可以为监管节点生成并由区块链共识通过的,也可以为隐私保护区块链接收其他设备生成并共识通过的;本申请中的监管节点的类型可以根据实际需要确定,比如监管节点可以为接入区块链系统中的银行节点,接入区块链系统中的金融管理节点等;目标区块链节点可以是区块链系统中任意的区块链节点。此外,离散密码群的类型可以根据具体应用场景确定,比如离散密码群的类型可以为椭圆曲线群等。此外,监管节点还可以只负责生成第一随机数,区块链再借助外部安全部件生成离散密码群生成元及加密群元素,举例来说,离散密码群生成元可以是椭圆曲线群生成元,加密群元素可以是椭圆曲线群元素,由外部安全部件按照预设格式对第一随机数及离散密码群生成元进行处理得到。In practical applications, the supervisory node can first obtain the predetermined discrete cipher group generator, and then generate the first random number, and finally calculate the first random number and the discrete cipher group generator according to the preset format to obtain the encrypted group element; After that, the supervisory node saves the first random number as a trapdoor, and publishes the encrypted group element to the blockchain system, so that the blockchain node in the blockchain system can compare itself based on the discrete password group generator and the encrypted group element. The private data is processed. It should be pointed out that the discrete cryptographic group generators can be generated by supervisory nodes and passed by the consensus of the blockchain, or generated by other devices receiving the privacy protection blockchain and passed by consensus; the types of supervisory nodes in this application can be based on actual conditions. It needs to be determined. For example, the supervisory node can be a bank node connected to the blockchain system, a financial management node connected to the blockchain system, etc.; the target blockchain node can be any blockchain node in the blockchain system . In addition, the type of the discrete cipher group can be determined according to specific application scenarios. For example, the type of the discrete cipher group can be an elliptic curve group. In addition, the supervisory node can also only be responsible for generating the first random number, and the blockchain can then use external security components to generate discrete cryptographic group generators and encrypted group elements. For example, the discrete cryptographic group generator can be an elliptic curve group generator. The encryption group element may be an elliptic curve group element, which is obtained by the external security component processing the first random number and the discrete cipher group generator according to a preset format.
步骤S102:按照预设格式,基于离散密码群生成元和加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至区块链,以使监管节点能够基于处理结果及第一随机数对目标区块链节点和/或区块链上的隐私数据进行监管。Step S102: According to the preset format, process its own private data based on the discrete cipher group generator and the encrypted group element, and publish the corresponding processing result to the blockchain, so that the supervisory node can be based on the processing result and the first random Data supervises the target blockchain node and/or private data on the blockchain.
实际应用中,目标区块链节点传输的隐私数据的类型可以根据实际需要确定,比如其可以为待传输的数据、待传输的数值等,目标区块链节点将处理结果发布至区块链的条件可以根据实际需要确定,比如目标区块链节点可以在自身进行交易时将处理结果发布至区块链等。预设格式的格式形式也可以根据实际需要确定,比如预设格式可以包括α β,α表示密码群元素,即离散密码群生成元或加密群元素,β表示随机数。 In practical applications, the type of private data transmitted by the target blockchain node can be determined according to actual needs. For example, it can be the data to be transmitted, the value to be transmitted, etc., and the target blockchain node publishes the processing result to the blockchain. The conditions can be determined according to actual needs. For example, the target blockchain node can publish the processing results to the blockchain when it conducts transactions. The format of the preset format can also be determined according to actual needs. For example, the preset format can include α β , where α represents a cipher group element, that is, a discrete cipher group generator or an encrypted group element, and β represents a random number.
本申请提供的一种区块链信息传输方法,应用于目标区块链节点,获取预先确定的离散密码群生成元及加密群元素,加密群元素包括基于预设格式对第一随机数和离散密码群生成元运算后得到的密码群元素,且第一随机数为监管节点生成并保存的陷门;按照预设格式,基于离散密码群生成元和加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至区块链,以使监管节点能够基于处理结果及第一随机数对目标区块链节点和/或隐私数据进行监管。本申请中,目标区块链节点按照预设格式,基于获取的离散密码群生成元及加密群元素对自身的隐私数据进行处理,实现了对自身隐私数据的加密处理,保护了自身隐私数据的安全性,并且将相应的运算结果发布至区块链,由于加密群元素为基于预设格式对第一随机数和离散密码群生成元运算后得到的密码群元素,所以运算结果及加密群元素间存在格式一致性,所以监管节点可以通过离散密码群生成元、加密群元素及第一随机数对目标区块链节点进行身份监管和/或隐私数据监管,提高了隐私保护区块链系统的可监管性。The block chain information transmission method provided in this application is applied to a target block chain node to obtain a predetermined discrete cryptographic group generator and an encrypted group element. The encrypted group element includes the first random number and the discrete number based on a preset format. The cryptographic group element obtained after the cryptographic group generator operation, and the first random number is the trapdoor generated and saved by the supervisory node; according to the preset format, the private data of its own is processed based on the discrete cryptographic group generator and the encrypted group element, And publish the corresponding processing result to the blockchain, so that the supervisory node can supervise the target blockchain node and/or private data based on the processing result and the first random number. In this application, the target blockchain node processes its own private data based on the obtained discrete cipher group generators and encryption group elements in accordance with the preset format, realizes the encryption processing of its own private data, and protects its own private data. Security, and publish the corresponding operation result to the blockchain. Since the encrypted group element is the cipher group element obtained by calculating the first random number and the discrete cipher group generator based on the preset format, the operation result and the encrypted group element There is format consistency between the two, so the supervisory node can perform identity supervision and/or privacy data supervision on the target blockchain node through the discrete password group generator, the encrypted group element and the first random number, which improves the privacy protection of the blockchain system. Supervisable.
第二实施例:The second embodiment:
参照图2,图2为本申请第二实施例的流程示意图。Referring to FIG. 2, FIG. 2 is a schematic flowchart of a second embodiment of this application.
在第二实施例中,以离散密码群为椭圆曲线群进行举例说明,本申请提供的一种区块链信息传输方法,应用于目标区块链节点,为了实现监管节点对目标区块链节点身份的追踪监管,可以执行以下步骤:In the second embodiment, a discrete cryptographic group is taken as an example of an elliptic curve group. The blockchain information transmission method provided in this application is applied to a target blockchain node, in order to realize that the supervisory node compares the target blockchain node For the tracking and supervision of identity, the following steps can be performed:
步骤S201:获取监管节点公布的椭圆曲线群生成元及椭圆曲线群元素,椭圆曲线群元素包括监管节点基于预设格式对生成的第一随机数和椭圆曲线群生成元运算后得到的曲线群元素。Step S201: Obtain the elliptic curve group generator and the elliptic curve group element announced by the supervisory node. The elliptic curve group element includes the curve group element obtained after the supervisory node calculates the generated first random number and the elliptic curve group generator based on a preset format. .
实际应用中,监管节点可以先选取椭圆曲线群生成元,再生成第一随机数,最后再按照预设格式对第一随机数及椭圆曲线群生成元进行运算,得到椭圆曲线群元素;之后,监管节点将第一随机数作为陷门进行保存,并公布椭圆曲线群生成元及椭圆曲线群元素至区块链系统,以使区块链系统中的区块链节点基于椭圆曲线群生成元及椭圆曲线群元素对目标数据进行处理。应当指出,本申请中的监管节点的类型可以根据实际需要确定,比如监管节点可以为接入区块链系统中的银行节点,接入区块链系统中的金融管理节点等;目标区块链节点指的是区块链系统中用于传输信息的区块链节点。In practical applications, the supervisory node can first select the generator of the elliptic curve group, and then generate the first random number, and finally calculate the first random number and the generator of the elliptic curve group according to the preset format to obtain the elliptic curve group element; The regulatory node saves the first random number as a trapdoor, and publishes the elliptic curve group generator and the elliptic curve group element to the blockchain system, so that the blockchain node in the blockchain system is based on the elliptic curve group generator and The elliptic curve group element processes the target data. It should be pointed out that the type of supervision node in this application can be determined according to actual needs. For example, the supervision node can be a bank node connected to the blockchain system, a financial management node connected to the blockchain system, etc.; the target blockchain Node refers to the blockchain node used to transmit information in the blockchain system.
步骤S202:生成一次签名私钥,按照预设格式,基于椭圆曲线群元素及一次签名私钥生成一次签名公钥并公布。Step S202: Generate a signature private key once, according to a preset format, generate a signature public key based on the elliptic curve group element and a signature private key and publish it.
实际应用中,目标区块链节点在获取椭圆曲线群生成元及椭圆曲线群元素后,便可以生成一次签名私钥,比如生成随机数作为一次签名私钥等,应当指出,在生成第一签名私钥的同时,还需生成环签名私钥,并按照预设格式,基于椭圆曲线群元素及一次签名私钥生成第一签名公钥并公布,比如在签名时公布等,从而使得监管节点及区块链系统中的其他区块链节点均可以获取目标区块链节点的一次签名公钥,从而可以基于一次签名公钥与目标区块链节点进行信息交互。在此过程中,由于一次签名私钥由目标区块链节点自身生成,所以一次签名私钥只属于目标区块链,保证了目标区块链的私钥安全性。In practical applications, after the target blockchain node obtains the elliptic curve group generator and the elliptic curve group element, it can generate a signature private key, such as generating a random number as a signature private key, etc. It should be pointed out that when generating the first signature At the same time as the private key, it is also necessary to generate the ring signature private key, and according to the preset format, generate the first signature public key based on the elliptic curve group element and the one-time signature private key and publish it, such as when it is signed, so that the supervisory node and All other blockchain nodes in the blockchain system can obtain the one-time signature public key of the target blockchain node, so that they can interact with the target blockchain node based on the one-time signature public key. In this process, since the one-time signature private key is generated by the target blockchain node itself, the one-time signature private key only belongs to the target blockchain, which ensures the security of the private key of the target blockchain.
步骤S203:按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算,得到身份验证信息,发布身份验证信息至区块链,以使监管节点基于第一随机数、身份验证信息及一次签名公钥确定目标数据的发送方。Step S203: Perform operations on the elliptic curve group generator and the primary signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to the blockchain, so that the supervisory node is based on the first random number, identity verification information, and primary The signature public key determines the sender of the target data.
实际应用中,目标区块链节点在生成并公布一次签名公钥后,便可以按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算,得到身份验证信息,并发布身份验证信息至区块链,从而使得监管节点可以基于第一 随机数、身份验证信息及一次签名私钥确定目标数据的发送方。在此过程中,由于椭圆曲线群元素为监管节点按照预设格式对第一随机数及椭圆曲线群生成元运算后得到的点,而一次签名公钥为目标区块链节点按照预设格式对椭圆曲线群元素及一次签名私钥运算后得到的点,并且身份验证信息为目标区块链节点按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算后得到的结果,所以椭圆曲线群元素、一次签名公钥及身份验证信息存在格式统一性,且存在关联性;那么,监管节点可以按照预设格式对身份验证信息与第一随机数进行运算,得到相应的运算结果,而一次签名公钥涉及目标数据的传输,所以监管节点可以再将该运算结果与一次签名公钥的值进行比较,从而确定目标数据的发送方,具体的,当运算结果与一次签名公钥的值相等时,目标数据的发送方便为目标区块链节点,而运算结果与一次签名公钥的值不相等时,目标数据的发送方便不是该目标区块链节点。具体的,预设格式可以包括α β,α表示椭圆曲线群,即椭圆曲线群生成元或椭圆曲线群元素,β表示随机数。 In practical applications, after the target blockchain node generates and publishes a signature public key, it can perform operations on the elliptic curve group generator and a signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to Blockchain, so that the supervisory node can determine the sender of the target data based on the first random number, identity verification information, and one-time signature private key. In this process, since the elliptic curve group element is the point obtained by the supervising node after calculating the first random number and the elliptic curve group generator according to the preset format, and the one-time signature public key is the target blockchain node according to the preset format The elliptic curve group element and the point obtained after a signature private key operation, and the identity verification information is the result obtained after the target blockchain node calculates the elliptic curve group generator and a signature private key according to the preset format, so the elliptic curve The group element, the one-time signature public key and the identity verification information have format uniformity and relevance; then, the supervisory node can perform operations on the identity verification information and the first random number according to the preset format to obtain the corresponding operation results, and once The signature public key involves the transmission of the target data, so the supervisory node can compare the result of the operation with the value of the signature public key to determine the sender of the target data. Specifically, when the result of the operation is equal to the value of the signature public key When the target data is sent to the target blockchain node, and the calculation result is not equal to the value of the signature public key, the target data is not sent to the target blockchain node. Specifically, the preset format may include α β , where α represents an elliptic curve group, that is, an elliptic curve group generator or an elliptic curve group element, and β represents a random number.
应当指出,在区块链的应用过程中,为了保证目标数据的隐私性,一个区块链节点在传输数据时,会与其他区块链节点进行配合,比如与其他区块链节点对目标数据进行环签名,由此使得目标数据的发送方难以确定,此时监管节点需按照本申请提供的区块链信息传输方法对一定数量的区块链节点进行识别,以确定出目标数据的发送方。本申请所涉及的环签名(Ring signature)是一种特殊的数字签名方案,签名者使用自己和其用户的公钥生成一个公钥集合,然后用自己的私钥进行签名,验证者在验证签名的合法性后,只能知道该签名来自公钥集合的某个用户,但无法得知该用户的具体身份,实现了签名者的身份隐私保护。It should be pointed out that in the application of the blockchain, in order to ensure the privacy of the target data, a blockchain node will cooperate with other blockchain nodes when transmitting data, such as interacting with other blockchain nodes on the target data. Perform ring signatures, which makes it difficult to determine the sender of the target data. At this time, the supervisory node needs to identify a certain number of blockchain nodes according to the blockchain information transmission method provided in this application to determine the sender of the target data . The ring signature involved in this application is a special digital signature scheme. The signer uses his and his user’s public keys to generate a public key set, and then signs with his own private key. The verifier is verifying the signature. After the legality of the signature, it can only be known that the signature comes from a certain user in the public key set, but the specific identity of the user cannot be known, and the identity privacy protection of the signer is realized.
本申请提供的一种区块链信息传输方法,应用于目标区块链节点,获取预先确定的椭圆曲线群生成元及监管节点公布的椭圆曲线群元素,椭圆曲线群元素包括监管节点基于预设格式对生成的第一随机数和椭圆曲线群生成元运算后得到的曲线群元素;生成一次签名私钥,按照预设格式,基于椭圆曲线群元素及一次签名私钥生成一次签名公钥并公布;按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算,得到身份验证信息,发 布身份验证信息至区块链,以使监管节点基于第一随机数、身份验证信息及一次签名公钥确定目标数据的发送方。本申请提供的一种区块链信息传输方法,目标区块链节点获取监管节点选取的椭圆曲线群生成元以及按照预设格式生成的椭圆曲线群元素,并按照预设格式,基于椭圆曲线群元素及一次签名私钥生成一次签名公钥,使得目标区块链节点的私钥完全由目标区块链节点自身掌握,并且按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算,得到身份验证信息,发布身份验证信息至区块链,使得监管节点可以基于第一随机数、身份验证信息及一次签名公钥确定目标数据的发送方,实现了区块链系统的监管功能。The block chain information transmission method provided by this application is applied to a target block chain node to obtain predetermined elliptic curve group generators and elliptic curve group elements published by supervisory nodes. The elliptic curve group elements include supervisory nodes based on preset The format is the curve group element obtained by calculating the first random number and the elliptic curve group generator; generate a signature private key, according to the preset format, generate a signature public key based on the elliptic curve group element and a signature private key and publish it ; Perform operations on the elliptic curve group generator and the primary signature private key according to the preset format to obtain the identity verification information, and publish the identity verification information to the blockchain, so that the supervisory node is based on the first random number, identity verification information and a signature public key The key determines the sender of the target data. In the blockchain information transmission method provided by this application, the target blockchain node obtains the elliptic curve group generator selected by the supervisory node and the elliptic curve group element generated according to a preset format, and is based on the elliptic curve group according to the preset format The element and the one-time signature private key generate one-time signature public key, so that the private key of the target blockchain node is completely controlled by the target blockchain node itself, and the elliptic curve group generator and the one-time signature private key are calculated according to the preset format. Obtain the identity verification information, and publish the identity verification information to the blockchain, so that the supervisory node can determine the sender of the target data based on the first random number, identity verification information, and the one-time signature public key, thus realizing the supervisory function of the blockchain system.
在第二实施例中,当传输数据时,为了对数据进行保护,可以采用环签名的方式来传输数据,所以在按照预设格式,基于椭圆曲线群元素及一次签名私钥生成一次签名公钥并公布之后,上述方法还可以包括:In the second embodiment, when transmitting data, in order to protect the data, the data can be transmitted using a ring signature method. Therefore, according to the preset format, a signature public key is generated based on the elliptic curve group element and the signature private key. After the announcement, the above method can also include:
步骤S204:生成环签名私钥;Step S204: Generate a ring signature private key;
实际应用中,可以生成随机数来作为环签名私钥,当然,也可以有其他方式生成环签名私钥,比如对自身的标识数据信息进行处理,将处理后的标识数据信息作为环签名私钥等。In practical applications, a random number can be generated as the ring signature private key. Of course, there can also be other ways to generate the ring signature private key, such as processing its own identification data information, and using the processed identification data information as the ring signature private key Wait.
步骤S205:基于椭圆曲线群生成元、椭圆曲线群元素、环签名私钥及一次签名私钥生成进行可追踪可链接环签名的可追踪可链接公钥;Step S205: Based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key, a traceable and linkable public key is generated to perform a traceable and linkable ring signature;
步骤S206:获取目标数据,基于可追踪可链接公钥、椭圆曲线群生成元、椭圆曲线群元素、环签名私钥、一次签名私钥及一次签名公钥对目标数据进行可追踪可链接环签名,得到数据的可追踪可链接环签名结果;Step S206: Obtain the target data, and perform a traceable and linkable ring signature on the target data based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key , To obtain the traceable and linkable ring signature result of the data;
步骤S207:发布可追踪可链接环签名结果至验证区块链节点,以使验证区块链节点对可追踪可链接环签名结果进行验证、并在验证通过后将可追踪可链接环签名结果上链。Step S207: Publish the traceable and linkable ring signature result to the verification blockchain node, so that the verification blockchain node verifies the traceable and linkable ring signature result, and uploads the traceable and linkable ring signature result after the verification is passed chain.
应当指出,可追踪可链接环签名结果还实现了对目标区块链节点传输的目标数据的隐藏保护;实现了对目标区块链节点的身份隐藏,使得其他普通区块链节点均无法获知目标区块链节点的身份;并且借助一次签名公钥使得监管节点可以通过可追踪可链接环签名结果对目标区块链节点进行 追踪监管。It should be noted that the traceable and linkable ring signature result also realizes the hidden protection of the target data transmitted by the target blockchain node; realizes the hiding of the identity of the target blockchain node, so that other ordinary blockchain nodes cannot know the target The identity of the blockchain node; and with the help of the one-time signature public key, the supervisory node can track and supervise the target blockchain node through the traceable and linkable ring signature result.
在第二实施例中,为了提高区块链信息传输方法的传输效率,目标区块链节点基于椭圆曲线群生成元、椭圆曲线群元素、环签名私钥及一次签名私钥生成进行可追踪可链接的公钥时(S205),可以:In the second embodiment, in order to improve the transmission efficiency of the blockchain information transmission method, the target blockchain node is traceable based on the elliptic curve group generator, elliptic curve group element, ring signature private key, and one-time signature private key generation. When linking the public key (S205), you can:
通过第一运算公式,基于椭圆曲线群生成元、椭圆曲线群元素、环签名私钥及一次签名私钥生成进行可追踪可链接环签名的可追踪可链接公钥;Through the first calculation formula, based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key and the one-time signature private key, a traceable and linkable public key is generated to perform a traceable and linkable ring signature;
第一运算公式包括:The first calculation formula includes:
Figure PCTCN2019104853-appb-000013
Figure PCTCN2019104853-appb-000013
其中,i表示目标区块链节点的标号;PK i表示目标区块链节点进行可追踪可链接环签名时的可追踪可链接公钥;g表示椭圆曲线群生成元;
Figure PCTCN2019104853-appb-000014
表示上次生成的UPK,即UTXO公钥;h表示椭圆曲线群元素;x i表示目标区块链节点的环签名私钥;a i表示目标区块链节点的一次签名私钥;
Figure PCTCN2019104853-appb-000015
表示可追踪可链接公钥合法性的零知识证明结果。应当指出,UTXO指的是当前区块链上已确认但未花费的数字货币。 Among them, i represents the label of the target blockchain node; PK i represents the traceable and linkable public key when the target blockchain node performs the traceable and linkable ring signature; g represents the elliptic curve group generator;
Figure PCTCN2019104853-appb-000014
Represents the UPK generated last time, that is, the UTXO public key; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the one-time signature private key of the target blockchain node;
Figure PCTCN2019104853-appb-000015
Represents the zero-knowledge proof result of the legitimacy of the traceable and linkable public key It should be noted that UTXO refers to the digital currency that has been confirmed but not spent on the current blockchain.
由上述第一运算公式可知,在此过程中,目标区块链节点生成公钥的过程中也是按照预设格式对椭圆曲线群生成元、椭圆曲线群元素、环签名私钥及一次签名私钥进行运算,从而使得目标区块链节点的公钥与椭圆曲线群元素、身份验证信息等的格式相统一,并且通过零知识证明保证其合法性。此外,本申请中零知识证明的相应描述可以参阅现有技术,在此不再赘述。It can be seen from the above first calculation formula that in this process, the target blockchain node generates the public key according to the preset format to generate the elliptic curve group element, the elliptic curve group element, the ring signature private key and the one-time signature private key. Perform calculations to unify the public key of the target blockchain node with the format of the elliptic curve group element, identity verification information, etc., and ensure its legitimacy through zero-knowledge proof. In addition, the corresponding description of the zero-knowledge proof in this application can refer to the prior art, which will not be repeated here.
在第二实施例中,目标区块链节点基于公钥、椭圆曲线群生成元、椭圆曲线群元素、环签名私钥、一次签名私钥及一次签名公钥对目标数据进行可追踪可链接环签名,得到数据的可追踪可链接环签名结果的过程(S206),具体可以为:In the second embodiment, the target blockchain node performs a traceable and linkable loop on the target data based on the public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the one-time signature public key. Signing, the process of obtaining the traceable and linkable ring signature result of the data (S206), may specifically be:
选取预设数量的其他区块链节点,通过第二运算公式,基于其他区块链节点的公钥及目标区块链节点的公钥生成环签名公钥L;Select a preset number of other blockchain nodes, and use the second calculation formula to generate a ring signature public key L based on the public keys of other blockchain nodes and the public key of the target blockchain node;
通过第三运算公式,基于环签名公钥、环签名私钥对目标数据进行环签名,得到普通环签名结果A;Through the third calculation formula, the target data is ring-signed based on the ring signature public key and the ring signature private key, and the ordinary ring signature result A is obtained;
通过第四运算公式,基于一次签名私钥、环签名公钥、一次签名公钥对普通环签名结果进行一次签名,得到一次签名结果σ;Through the fourth calculation formula, the ordinary ring signature result is signed once based on the one-time signature private key, the ring signature public key, and the one-time signature public key, and a signature result σ is obtained;
将环签名公钥L、目标数据m、普通环签名结果A、一次签名结果σ作为可追踪可链接环签名结果;Take the ring signature public key L, the target data m, the ordinary ring signature result A, and the one-time signature result σ as the traceable and linkable ring signature result;
第二运算公式包括:The second calculation formula includes:
Figure PCTCN2019104853-appb-000016
Figure PCTCN2019104853-appb-000016
第三运算公式包括:The third calculation formula includes:
A=SIG(x i,L,m); A=SIG(x i ,L,m);
第四运算公式包括:The fourth calculation formula includes:
σ=OSIG(a i,SIG(x i,L,m),L,OPK);
Figure PCTCN2019104853-appb-000017
σ=OSIG(a i ,SIG(x i ,L,m),L,OPK);
Figure PCTCN2019104853-appb-000017
其中,L表示环签名公钥;1≤j≤n-1,且j≠i时x j表示其他区块链节点的环签名私钥,a j表示其他区块链节点的一次签名私钥;A表示普通环签名结果;SIG表示环签名算法;m表示目标数据;σ表示一次签名结果;OSIG表示一次签名算法;OPK表示一次签名公钥。 Among them, L represents the ring signature public key; when 1≤j≤n-1, and j≠i, x j represents the ring signature private key of other blockchain nodes, and a j represents the one-time signature private key of other blockchain nodes; A represents the ordinary ring signature result; SIG represents the ring signature algorithm; m represents the target data; σ represents the one-time signature result; OSIG represents the one-time signature algorithm; OPK represents the one-time signature public key.
应当指出,在此过程中,其他区块链节点生成公钥的过程与本申请中目标区块链节点生成公钥的过程相同,在此不再赘述。It should be pointed out that in this process, the process of generating public keys by other blockchain nodes is the same as the process of generating public keys by the target blockchain node in this application, and will not be repeated here.
在第二实施例中,从目标区块链节点的角度对目标区块链节点进行数据传输时所需执行的步骤进行了描述,在此过程中,验证区块链节点对目标区块链节点传输的数据信息进行相应验证的过程可以如下:In the second embodiment, from the perspective of the target blockchain node, the steps required to perform data transmission by the target blockchain node are described. In this process, the verification of the blockchain node is against the target blockchain node. The corresponding verification process of the transmitted data information can be as follows:
获取目标区块链节点公布的一次签名公钥,判断所述一次签名公钥是否已存在于区块链系统中;Obtain the one-time signature public key published by the target blockchain node, and determine whether the one-time signature public key already exists in the blockchain system;
若所述一次签名公钥已存在于所述区块链系统中,则表示该目标区块链出现双花,输出相应的异常信息,若所述一次签名公钥未存在于所述区块链系统中,则获取目标区块链节点发布的数据的可追踪可链接环签名结果;If the one-time signature public key already exists in the blockchain system, it means that the target blockchain has double spending, and the corresponding abnormal information is output. If the one-time signature public key does not exist in the blockchain In the system, the traceable and linkable ring signature result of the data released by the target blockchain node is obtained;
获取并检验
Figure PCTCN2019104853-appb-000018
是否正确;π表示零知识证明,g表示椭圆曲线群生成元;
Figure PCTCN2019104853-appb-000019
表示上次生成的UPK;h表示椭圆曲线群元素;x i表示目标区块链节点的环签名私钥;a i表示目标区块链节点的一次签名私钥; Obtain and verify
Figure PCTCN2019104853-appb-000018
Is it correct; π means zero-knowledge proof, g means generator of elliptic curve group;
Figure PCTCN2019104853-appb-000019
Represents the UPK generated last time; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the primary signature private key of the target blockchain node;
Figure PCTCN2019104853-appb-000020
正确,则检验可追踪可链接环签名结果中的环签名公钥是否正确; If
Figure PCTCN2019104853-appb-000020
If it is correct, check whether the ring signature public key in the traceable linkable ring signature result is correct;
若环签名公钥正确,则检验可追踪可链接环签名结果中的普通环签名结果是否正确;If the ring signature public key is correct, check whether the ordinary ring signature result in the traceable linkable ring signature result is correct;
若普通环签名结果正确,则检验可追踪可链接环签名结果中的一次签名结果是否正确;If the ordinary ring signature result is correct, check whether the one signature result in the traceable linkable ring signature result is correct;
若一次签名结果正确,则检验可追踪可链接环签名结果是否正确。If the result of a signature is correct, check whether the result of the traceable linkable ring signature is correct.
应当指出,在无其他验证条件的基础上,一次签名结果正确后,便可以认为可追踪可链接环签名结果通过验证,而有其他验证条件时,可以再根据验证条件对可追踪可链接环签名结果继续进行验证,直至得到验证结果。It should be pointed out that on the basis of no other verification conditions, once the signature result is correct, it can be considered that the traceable linkable ring signature result has passed the verification, and when there are other verification conditions, the traceable linkable ring signature can be signed according to the verification conditions. The result continues to be verified until the verification result is obtained.
不难理解,验证区块链节点将可追踪可链接环签名结果上链后,监管节点便可以对区块链节点进行追踪,现结合图3,对第二实施例中监管节点对目标区块链节点进行追踪时的过程进行描述,监管节点在此过程中可以执行以下步骤:It is not difficult to understand that after verifying that the blockchain node uploads the traceable and linkable ring signature result to the chain, the supervisory node can track the blockchain node. Now referring to Figure 3, the supervisory node in the second embodiment compares the target block The process of the chain node tracking is described, and the supervisory node can perform the following steps in this process:
步骤S301:生成第一随机数并将其作为陷门保存,以使区块链基于预设格式对第一随机数和椭圆曲线群生成元进行运算,得到椭圆曲线群元素。Step S301: Generate a first random number and save it as a trapdoor, so that the blockchain performs operations on the first random number and the elliptic curve group generator based on a preset format to obtain the elliptic curve group element.
步骤S302:公布椭圆曲线群元素,以使区块链系统中的区块链节点基于椭圆曲线群生成元、椭圆曲线群元素及相应的一次签名私钥生成相应的一次签名公钥。Step S302: Publish the elliptic curve group element, so that the blockchain node in the blockchain system generates a corresponding one-time signature public key based on the elliptic curve group generator, the elliptic curve group element, and the corresponding one-time signature private key.
步骤S303:获取预设数量的区块链节点发布在区块链中的第一系列运算结果,第一系列运算结果包括区块链节点按照预设格式对椭圆曲线群生成元及一次签名私钥进行运算后得到的结果。Step S303: Obtain the first series of calculation results published by the preset number of blockchain nodes in the blockchain. The first series of calculation results include the generation of the elliptic curve group by the blockchain node according to the preset format and the private key for one-time signature The result obtained after the calculation.
步骤S304:获取目标一次签名公钥;按照预设格式,通过第一随机数对第一系列运算结果中的每个运算结果进行运算,得到相应的第一运算值。Step S304: Obtain the target one-time signature public key; according to the preset format, perform operations on each operation result in the first series of operation results through the first random number to obtain the corresponding first operation value.
步骤S305:将与目标一次签名公钥的值相等的第一运算值所对应的区块链节点确定为目标区块链节点。Step S305: Determine the blockchain node corresponding to the first operation value equal to the value of the target primary signature public key as the target blockchain node.
具体的,预设格式可以包括α β,α表示椭圆曲线群,β表示随机数;以第一系列运算结果为
Figure PCTCN2019104853-appb-000021
目标一次签名公钥为
Figure PCTCN2019104853-appb-000022
第一随机数为γ为例,监管节点通过计算并将满足
Figure PCTCN2019104853-appb-000023
的区块链节点确定为目标区块链节点。 Specifically, the preset format may include α β , α represents an elliptic curve group, and β represents a random number; taking the first series of calculation results as
Figure PCTCN2019104853-appb-000021
The target's one-time signature public key is
Figure PCTCN2019104853-appb-000022
The first random number is γ as an example, the supervisory node passes the calculation and will satisfy
Figure PCTCN2019104853-appb-000023
The blockchain node of is determined as the target blockchain node.
第三实施例:The third embodiment:
参照图4,图4为本申请第三实施例的流程示意图。Referring to FIG. 4, FIG. 4 is a schematic flowchart of a third embodiment of this application.
在第三实施例中,为了实现监管节点对自身传输的数值的追踪监管,目标区块链节点获取监管节点公布的椭圆曲线群生成元g及椭圆曲线群元素h之后,还可以执行以下步骤:In the third embodiment, in order to realize the tracking and supervision of the value transmitted by the supervisory node, after the target blockchain node obtains the elliptic curve group generator g and the elliptic curve group element h published by the supervisory node, the following steps may be performed:
步骤S401:获取目标数值,并生成第二随机数。Step S401: Obtain the target value, and generate a second random number.
实际应用中,目标数值指的是目标区块链节点所要传输的数值,其可以为目标区块链节点交易的货币、传输的数值信息等。In practical applications, the target value refers to the value to be transmitted by the target block chain node, which can be the currency of the target block chain node's transaction, the transmitted value information, and so on.
步骤S402:基于椭圆曲线群生成元、椭圆曲线群元素、第二随机数对目标数值进行运算,得到承诺值。Step S402: Calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the commitment value.
实际应用中,目标区块链节点在获取目标数值并生成第二随机数后,可以基于椭圆曲线群生成元、椭圆曲线群元素、第二随机数对目标数值进行运算,得到相应的承诺值,本申请所涉及的承诺值与现有的金额承诺的原理与功能相同,在此不再赘述。此外,目标区块链节点可以按照预设格式,基于椭圆曲线群生成元、椭圆曲线群元素及第二随机数对目标数值进行运算。In practical applications, after the target blockchain node obtains the target value and generates the second random number, it can calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the corresponding promise value. The commitment value involved in this application has the same principle and function as the existing amount commitment, and will not be repeated here. In addition, the target blockchain node can calculate the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number according to a preset format.
步骤S403:按照预设拆分格式,将目标数值拆分为子目标数值,并将第二随机数拆分为与子目标数值对应的子第二随机数。Step S403: According to the preset split format, split the target value into sub-target values, and split the second random number into sub-second random numbers corresponding to the sub-target values.
实际应用中,由于目标数值在传输过程中,可能被拆分为不同的数值进行保护,比如在门罗币中,一个数值会被拆分为多个数值进行传输,所以目标区块链节点可以按照预设拆分格式,将目标数值拆分为子目标数值,并将第二随机数拆分为与子目标数值对应的子第二随机数,不难理解,子第二随机数用于对相应的子目标数值进行保护。In practical applications, since the target value may be split into different values for protection during the transmission process, for example, in Monero, a value will be split into multiple values for transmission, so the target blockchain node can According to the preset split format, the target value is split into sub-target values, and the second random number is split into sub-second random numbers corresponding to the sub-target values. It is not difficult to understand that the sub-second random number is used for matching The corresponding sub-target value is protected.
步骤S404:基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值,并公布第一承诺值。Step S404: Calculate the first commitment value and the second commitment value of each sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element, and announce the first commitment value.
实际应用中,目标区块链节点在基于子第二随机数对相应的子目标数值进行保护时,可以基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值,具体的,可以按照预设格式,基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值。In actual applications, when the target blockchain node protects the corresponding sub-target value based on the sub-second random number, it can calculate each sub-target value and the corresponding sub-target value based on the elliptic curve group generator and the elliptic curve group element. The first commitment value and the second commitment value of the random number, specifically, can be calculated based on the elliptic curve group generator and the elliptic curve group element according to the preset format, and the first value of each sub-target value and the corresponding sub-second random number Commitment value and second commitment value.
步骤S405:基于椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的数值验证结果并公布,以使监管节点基于第一承诺值、数值验证结果及第一随机数确定目标数值。Step S405: Calculate and publish the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group elements, so that the supervisory node determines the target value based on the first commitment value, the numerical verification result, and the first random number .
实际应用中,由于第一承诺值为基于椭圆曲线群生成元、椭圆曲线群元素、子目标数值及子第二随机数计算得到的结果,数值验证结果为基于椭圆曲线群元素、子目标数值与子第二随机数计算得到的结果,而椭圆曲线群元素与椭圆曲线群生成元及第一随机数间存在关联,所以第一承诺值、数值验证结果及第一随机数间存在关联,而目标数值又是由子目标数值组成的,所以监管节点可以基于第一承诺值、数值验证结果及第一随机数确定出目标数值。In practical applications, since the first commitment value is calculated based on the elliptic curve group generator, elliptic curve group element, sub-target value, and sub-second random number, the numerical verification result is based on the elliptic curve group element, sub-target value, and The second random number is calculated, and the elliptic curve group element is related to the elliptic curve group generator and the first random number. Therefore, the first commitment value, the numerical verification result, and the first random number are related, and the target The value is composed of sub-target values, so the supervisory node can determine the target value based on the first commitment value, the numerical verification result, and the first random number.
本申请提供的一种区块链信息传输方法,应用于目标区块链节点,获取预先确定的椭圆曲线群生成元及监管节点公布的椭圆曲线群元素,椭圆曲线群元素包括监管节点基于预设格式对生成的第一随机数和椭圆曲线群生成元运算后得到的点;获取目标数值,并生成第二随机数;基于椭圆曲线群生成元、加密椭圆曲线群、第二随机数对目标数值进行运算,得到承诺值;按照预设拆分格式,将目标数值拆分为子目标数值,并将第二随机数拆分为与子目标数值对应的子第二随机数;基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值,并公布第一承诺值;基于椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的数值验证结果并公布,以使监管节点基于第一承诺值、数值验证结果及第一随机数确定目标数值。本申请中,既使 得目标区块链节点可以借助监管节点公布的椭圆曲线群生成元及椭圆曲线群元素实现对目标数值的加密隐藏,又使得预设区块链节点可以根据目标区块链节点对目标数值的运算过程及自身保存的陷门确定出目标数值的具体数值,实现对目标数值的监管。The block chain information transmission method provided by this application is applied to a target block chain node to obtain predetermined elliptic curve group generators and elliptic curve group elements published by supervisory nodes. The elliptic curve group elements include supervisory nodes based on preset The format is the point obtained after the first random number and the elliptic curve group generator are calculated; the target value is obtained, and the second random number is generated; the target value is based on the elliptic curve group generator, encrypted elliptic curve group, and the second random number Perform calculations to get the promised value; according to the preset split format, split the target value into sub-target values, and split the second random number into sub-second random numbers corresponding to the sub-target values; generate based on the elliptic curve group Element and elliptic curve group elements calculate the first commitment value and second commitment value of each sub-target value and the corresponding sub-second random number, and announce the first commitment value; calculate each sub-target value and value based on the elliptic curve group element The numerical verification result of the corresponding sub-second random number is published, so that the supervisory node determines the target value based on the first commitment value, the numerical verification result, and the first random number. In this application, the target blockchain node can use the elliptic curve group generator and the elliptic curve group element announced by the regulatory node to realize the encryption and concealment of the target value, and the preset blockchain node can be based on the target blockchain node. The calculation process of the target value and the trapdoor saved by itself determine the specific value of the target value, and realize the supervision of the target value.
在第三实施例中,为了保证数值的安全传输,可以采用环签名的方式对目标数值进行环签名,以此隐藏相应数值,则目标区块链节点基于椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的数值验证结果并公布之后,上述方法还可以包括:In the third embodiment, in order to ensure the secure transmission of the value, the target value can be ring-signed by means of a ring signature to hide the corresponding value. Then the target blockchain node calculates each sub-target value based on the elliptic curve group element After the numerical verification result of the corresponding sub-second random number is published, the above method may further include:
基于每一个子目标数值的第一承诺值、第二承诺值、数值验证结果计算每一个子目标数值的子公钥;Calculate the sub-public key of each sub-target value based on the first commitment value, second commitment value, and value verification result of each sub-target value;
基于承诺值及每一个子目标数值的子公钥、子第二随机数计算每一个子目标数值的子环签名结果;Calculate the sub-ring signature result of each sub-target value based on the committed value and the sub-public key and sub-second random number of each sub-target value;
将承诺值及所有的子环签名结果作为目标数值的数值可追踪区间证明结果;Take the promised value and all the sub-ring signature results as the target value's value traceable interval proof result;
发布数值可追踪区间证明结果至验证区块链节点,以使验证区块链节点对数值可追踪区间证明结果及数值验证结果进行验证、并在验证通过后将数值可追踪区间证明结果上链。Publish the verification result of the traceable value interval to the verification blockchain node, so that the verification blockchain node verifies the verification result of the traceable value interval and the verification result of the value, and uploads the verification result of the traceable value interval to the chain after the verification is passed.
应当指出,在基于承诺值及每一个子目标数值的子公钥、子第二随机数计算每一个子目标数值的子环签名结果的过程中,也可以使用Borromean方案一次性完成所有的子环签名。It should be pointed out that in the process of calculating the sub-ring signature result of each sub-target value based on the commitment value and the sub-public key and sub-second random number of each sub-target value, the Borromean scheme can also be used to complete all sub-rings at once. signature.
在第三实施例中,为了提高运算效率,目标区块链节点基于椭圆曲线群生成元、椭圆曲线群元素、第二随机数对目标数值进行运算,得到承诺值的过程(S402),可以具体为:In the third embodiment, in order to improve the calculation efficiency, the target blockchain node calculates the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the promised value (S402), which can be specific for:
通过承诺值运算公式,基于椭圆曲线群生成元、椭圆曲线群元素、第二随机数对目标数值进行运算,得到承诺值;Through the promise value calculation formula, the target value is calculated based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain the promise value;
承诺值运算公式包括:The promise value calculation formula includes:
c=g yh bc=g y h b ;
其中,c表示承诺值;y表示第二随机数;b表示目标数值。Among them, c represents the commitment value; y represents the second random number; b represents the target value.
在第三实施例中,为了提高运算效率,目标区块链节点按照预设拆分格式,将目标数值拆分为子目标数值,并将第二随机数拆分为与子目标数值对应的子第二随机数的过程(S403),可以具体为:In the third embodiment, in order to improve computing efficiency, the target blockchain node splits the target value into sub-target values according to a preset split format, and splits the second random number into sub-target values corresponding to the sub-target values. The second random number process (S403) may be specifically:
通过第一拆分公式将目标数值拆分为子目标数值;Split the target value into sub-target values through the first split formula;
通过第二拆分公式将第二随机数拆分为与子目标数值对应的子第二随机数;Split the second random number into sub-second random numbers corresponding to the sub-target values through the second split formula;
第一拆分公式包括:The first split formula includes:
b=b 0+…+2 ib i+…+2 v-1b v-1b=b 0 +…+2 i b i +…+2 v-1 b v-1 ;
第二拆分公式包括:The second split formula includes:
y 0+…+y i+…+y v-1=y; y 0 +…+y i +…+y v-1 =y;
其中,b i表示第i个子目标数值,v表示子目标数值的总数量,b i的值为0或1;y i表示与第i个子目标数值对应的子第二随机数,1≤i≤v-1。 Among them, b i represents the i-th sub-target value, v represents the total number of sub-target values, and the value of b i is 0 or 1; y i represents the sub-second random number corresponding to the i-th sub-target value, 1≤i≤ v-1.
在第三实施例中,为了提高运算效率,目标区块链节点基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值的过程(S404),可以具体为:In the third embodiment, in order to improve computational efficiency, the target blockchain node calculates the first commitment value and second commitment value of each sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element. The process of promised value (S404) can be specifically as follows:
通过第五运算公式,基于椭圆曲线群生成元、椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的第一承诺值和第二承诺值;Calculate the first commitment value and the second commitment value of each sub-target value and the corresponding sub-second random number based on the elliptic curve group generator and the elliptic curve group element through the fifth calculation formula;
第五运算公式包括:The fifth calculation formula includes:
Figure PCTCN2019104853-appb-000024
Figure PCTCN2019104853-appb-000024
其中,c i表示第i个第一承诺值;c′ i表示第i个第二承诺值; Among them, c i represents the i-th first commitment value; c′ i represents the i-th second commitment value;
基于椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的数值验证结果并公布(S405),包括:Calculate the numerical verification results of each sub-target value and the corresponding sub-second random number based on the elements of the elliptic curve group and publish (S405), including:
通过第六运算公式,基于椭圆曲线群元素计算每一个子目标数值与对应的子第二随机数的数值验证结果并公布;Calculate the numerical verification results of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element through the sixth calculation formula and publish it;
第六运算公式包括:The sixth calculation formula includes:
Figure PCTCN2019104853-appb-000025
其中,TK′ i表示第i个数值验证结果;
Figure PCTCN2019104853-appb-000025
Among them, TK′ i represents the i-th numerical verification result;
基于每一个子目标数值的第一承诺值、第二承诺值、数值验证结果计算每一个子目标数值的子公钥,包括:Calculate the sub-public key of each sub-target value based on the first commitment value, second commitment value, and value verification result of each sub-target value, including:
通过第七运算公式,基于每一个子目标数值的第一承诺值、第二承诺值、数值验证结果计算每一个子目标数值的子公钥;Calculate the sub-public key of each sub-target value based on the first commitment value, second commitment value, and value verification result of each sub-target value through the seventh calculation formula;
第七运算公式包括:The seventh calculation formula includes:
PK′ i=(c i,c′ i,TK′ i,π(c i,c′ i,TK′ i));其中,PK′ i表示第i个子公钥;π(c i,c′ i,TK′ i)表示TK′ i合法性的零知识证明结果; PK′ i =(c i ,c′ i ,TK′ i ,π(c i ,c′ i ,TK′ i )); where PK′ i represents the i-th child public key; π(c i ,c′ i ,TK′ i ) represents the zero-knowledge proof result of the legitimacy of TK′ i;
基于承诺值及每一个子目标数值的子公钥、子第二随机数计算每一个子目标数值的子环签名结果,包括:Calculate the sub-ring signature result of each sub-target value based on the commitment value and the sub-public key and sub-second random number of each sub-target value, including:
通过第八运算公式,基于承诺值及每一个子目标数值的子公钥、子第二随机数计算每一个子目标数值的子环签名结果;Calculate the sub-ring signature result of each sub-target value based on the commitment value and the sub-public key and sub-second random number of each sub-target value through the eighth calculation formula;
第八运算公式包括:The eighth calculation formula includes:
σ i=SIG(PK′ i,y i,c);其中,σ i表示第i个子环签名结果。 σ i =SIG(PK′ i ,y i ,c); where σ i represents the i-th sub-ring signature result.
实际应用中,为了提高运算效率,在通过第八运算公式,基于承诺值及每一个子目标数值的子公钥、子第二随机数计算每一个子目标数值的子环签名结果时,可以使用Borromean签名方法,同时完成n个环的环签名。In practical applications, in order to improve the computational efficiency, when calculating the sub-ring signature result of each sub-target value based on the promised value and the sub-public key and sub-second random number of each sub-target value through the eighth arithmetic formula, you can use Borromean signature method, complete the ring signature of n rings at the same time.
在第二实施例中,从目标区块链节点的角度对目标区块链节点进行数值传输时所需执行的步骤进行了描述,在此过程中,验证区块链节点对目标区块链节点传输的数值信息进行相应验证的过程可以如下:In the second embodiment, from the perspective of the target blockchain node, the steps required to perform the numerical transmission of the target blockchain node are described. In this process, the verification of the blockchain node to the target blockchain node The corresponding verification process of the transmitted value information can be as follows:
获取目标区块链节点生成的承诺值、第一承诺值、第二承诺值、数值验证结果及数值可追踪区间证明结果;获取椭圆曲线群元素;Obtain the commitment value, the first commitment value, the second commitment value, the numerical verification result and the numerical traceability interval verification result generated by the target blockchain node; obtain the elliptic curve group element;
验证所有的π(c i,c′ i,TK′ i)是否均正确;c i表示第一承诺值;c′ i表示第二承诺值;TK′ i表示数值验证结果; Verify that all π(c i ,c′ i ,TK′ i ) are correct; c i represents the first commitment value; c′ i represents the second commitment value; TK′ i represents the result of numerical verification;
若所有的π(c i,c′ i,TK′ i)正确,则验证所有的
Figure PCTCN2019104853-appb-000026
是否均正确;h表示 椭圆曲线群元素; If all π(c i ,c′ i ,TK′ i ) are correct, verify all
Figure PCTCN2019104853-appb-000026
Are all correct; h represents the element of the elliptic curve group;
若所有的
Figure PCTCN2019104853-appb-000027
正确,则验证Πc i=c是否正确,Π表示求和运算,c表示承诺值; If all
Figure PCTCN2019104853-appb-000027
If it is correct, verify that Πc i = c is correct, Π represents the summation operation, and c represents the promised value;
若Πc i=c正确,则验证数值可追踪区间证明结果的正确性; If Πc i = c is correct, the verification value can be traced to the interval to prove the correctness of the result;
若数值可追踪区间证明结果正确,则上链数值可追踪区间证明结果。If the value traceable interval proves that the result is correct, the chain value traceable interval proves the result.
应当指出,在本实施例中,验证区块链节点通过对数值可追踪区间证明结果的验证,实现了对目标数值的可追踪区间证明;并且在与目标区块链节点、监管节点的配合下,实现了对目标数值的监管、追踪功能,提高了隐私保护区块链系统的可监管性。It should be pointed out that in this embodiment, the verification blockchain node achieves the traceable interval verification of the target value by verifying the verification result of the traceable interval of the value; and with the cooperation of the target blockchain node and the supervisory node , Realizes the supervision and tracking function of the target value, and improves the supervisability of the privacy protection blockchain system.
不难理解,验证区块链节点将数值可追踪区间证明结果上链后,监管节点便可以对区块链节点传输的数值进行追踪监管,现对第二实施例中监管节点对目标区块链节点传输的数值进行追踪监管时的过程进行描述,监管节点公布椭圆曲线群生成元及椭圆曲线群元素之后,可以执行以下步骤:It is not difficult to understand that after the verification block chain node puts the value traceable interval proof result on the chain, the supervising node can track and supervise the value transmitted by the block chain node. The value transmitted by the node is described in the process of tracking and supervision. After the supervision node announces the elliptic curve group generator and the elliptic curve group element, the following steps can be performed:
获取目标区块链节点公布的与目标数值对应的第一承诺值及数值验证结果;Obtain the first commitment value and value verification result corresponding to the target value published by the target blockchain node;
对于每个第一承诺值,按照预设格式,通过第一随机数计算第一承诺值对应的第二运算值,判断第二运算值是否与数值验证结果相等,若是,则确定第一承诺值对应的子目标数值的值为0,若否,则确定第一承诺值的子目标数值的值为1;For each first promise value, calculate the second operation value corresponding to the first promise value through the first random number according to the preset format, and determine whether the second operation value is equal to the numerical verification result, and if so, determine the first promise value The value of the corresponding sub-goal value is 0, if not, the value of the sub-goal value of the first commitment value is determined to be 1;
按照预设拆分格式,基于子目标数值确定目标数值。According to the preset split format, the target value is determined based on the sub-target value.
在此过程中,监管节点基于第一承诺值、数值验证结果及第一随机数确定目标数值的过程用公式表示如下:In this process, the process by which the supervisory node determines the target value based on the first commitment value, the numerical verification result, and the first random number is expressed by the following formula:
对于每一个i,计算
Figure PCTCN2019104853-appb-000028
的值,λ表示第一随机数,也即监管节点保存的陷门; For each i, calculate
Figure PCTCN2019104853-appb-000028
The value of λ represents the first random number, that is, the trapdoor saved by the supervisory node;
对于每一个i,若
Figure PCTCN2019104853-appb-000029
则输出b i=0,若
Figure PCTCN2019104853-appb-000030
则输出b i=1; For each i, if
Figure PCTCN2019104853-appb-000029
Then output b i =0, if
Figure PCTCN2019104853-appb-000030
Then output b i =1;
按照公式b=b 0+…+2 ib i+…+2 v-1b v-1;计算得到b的值。 According to the formula b=b 0 +...+2 i b i +...+2 v-1 b v-1 ; the value of b is calculated.
现结合区块链系统中的门罗币来对本申请提供的区块链信息传输方法进行解释说明。Now combined with Monero in the blockchain system to explain the blockchain information transmission method provided in this application.
门罗币(Monero)是当前成熟的隐私数字货币体系,其在比特币的基础上,使用了UTXO模型,通过可链接环签名技术实现了交易身份的隐藏,通过区间证明实现了交易金额的隐藏,其应用过程如下:Monero is the current mature privacy digital currency system. It uses the UTXO model on the basis of Bitcoin, realizes the concealment of transaction identity through linkable ring signature technology, and realizes the concealment of transaction amount through interval proof The application process is as follows:
门罗币中每笔UTXO包含币的公私钥(PK、SK)以及金额承诺(COM),该笔钱的所有者掌握币私钥(SK),币公钥(PK)以及金额承诺(COM)公开。每次消费时,用户随机选取链上的其他UTXO,结合自己要花的UTXO一起生成公钥集合(L={PK1,PK2,,PKn}),使用自己的随机数与接收者的私钥生成新的币公钥,并且新的币公钥只有接收者才能计算得到,将新的金额承诺、新的金额承诺的区间证明以及其他账单信息一起进行关于L的环签名并发布到区块链上。交易验证者检查是否为双花交易,如果不是双花则验证区间证明的合法性和环签名的合法性,全部通过后,将交易打包出块。而验证者无法获取交易双方的身份信息及金额信息。交易接收者对于链上新出块的全部交易,用自己的私钥检查是否存在给自己的转账,如果有,则计算新的UTXO的私钥,并将钱存入自己的钱包。Each UTXO in Monero includes the currency's public and private keys (PK, SK) and amount commitment (COM). The owner of the money has the currency private key (SK), currency public key (PK) and amount commitment (COM) public. Every time the user consumes, the user randomly selects other UTXOs on the chain, combines them with the UTXOs they want to spend to generate a public key set (L={PK1,PK2,,PKn}), using their own random number and the recipient’s private key to generate The new currency public key, and the new currency public key can only be calculated by the recipient. The new amount commitment, the interval proof of the new amount commitment, and other billing information are combined with the ring signature of L and published on the blockchain . The transaction verifier checks whether it is a double-spending transaction. If it is not a double-spending transaction, it verifies the legitimacy of the interval proof and the legitimacy of the ring signature. After all passes, the transaction is packaged into blocks. The verifier cannot obtain the identity information and amount information of both parties in the transaction. For all transactions of new blocks on the chain, the transaction receiver uses his private key to check whether there is a transfer to himself, and if so, calculates the private key of the new UTXO and deposits the money in his wallet.
在上述过程中,还涉及非对称加密、数字签名等;其中,UTXO指的是当前区块链上已确认但未花费的数字货币,即未花费的一笔钱;双花(Double spending)指的是区块链上的不重视用户对一笔钱交易进行两次花费;非对称加密算法(Asymmetric encryption system)是区别于传统的对称加密算法,基于加密、解密过程中计算复杂度的非对称性来保证安全的一类算法,在非对称加密系统中,加密方要生成私钥及公钥对,私钥自己保留,公钥可以发送给对方;数字签名(Digital signature)是非对称密码的一个分支,用户生成公私钥,自己保留私钥,对任意消息,用户使用私钥签名,验证者使用公钥即可验证签名的合法性,数字签名实现了身份的认证和数据完整性的验证;可链接环签名(Linkable ring signature)是一种特殊的环签名方案,用户在进行环签名时要提供一个标签信息,当用户进行非法签名(或双花等非法交易时),通过比对交易标签就可以判断是否是 非法签名(双花交易),实现了安全的交易保障;区间证明(Range proof)是给出某个金额数量属于指定的区间,而不透露具体金额信息的零知识证明体系。In the above process, it also involves asymmetric encryption, digital signatures, etc.; among them, UTXO refers to the confirmed but unspent digital currency on the current blockchain, that is, an unspent amount of money; double spending refers to It is that the blockchain does not pay attention to the fact that users spend twice on a transaction of money; asymmetric encryption system (Asymmetric encryption system) is different from the traditional symmetric encryption algorithm, based on the asymmetry of the computational complexity in the encryption and decryption process A type of algorithm to ensure security. In an asymmetric encryption system, the encrypting party needs to generate a private key and a public key pair. The private key is kept by itself, and the public key can be sent to the other party. Digital signature (Digital signature) is a type of asymmetric cryptography. For branch, the user generates a public and private key, keeps the private key, and signs any message with the private key. The verifier can use the public key to verify the legitimacy of the signature. The digital signature realizes identity authentication and data integrity verification; Linkable ring signature (Linkable ring signature) is a special ring signature scheme. The user must provide a tag information when performing a ring signature. When the user performs an illegal signature (or illegal transactions such as double spending), the transaction tag can be compared. It can be judged whether it is an illegal signature (double-spending transaction), which realizes a safe transaction guarantee; Range proof is a zero-knowledge proof system that gives a certain amount of money belongs to a specified interval without revealing the specific amount of information.
由门罗币的使用过程可知,区块链节点无法获取交易金额并且无法确定某一交易金额的发送方,从而使得门罗币不具有监管及追踪功能,而本申请提供的第一实施例实现了对发送方的追踪,并且实现了对信息链接功能,所以本申请第一实施例提供了一种可追踪可链接环签名方案;可追踪可链接环签名(Linkable and Traceable ring signature)也即实现了可追踪和可链接的双重功能的签名,其中可追踪环签名(Traceable ring signature)指的可以追踪到具体的签名用户身份,实现了监管功能的签名。此外,本申请提供的第二实施例实现了对数值的追踪,其本质是提供了一种可追踪区间证明,可追踪区间证明(Traceable range proof)指的是给出某个金额数量属于指定的区间的证明体系,对于普通验证用户,该证明满足零知识性(不泄露金额信息),并且可以通过证明求解出具体的数额,实现了监管功能的证明。It can be seen from the use process of Monero that the blockchain node cannot obtain the transaction amount and cannot determine the sender of a certain transaction amount, so that Monero does not have the supervision and tracking function, but the first embodiment provided by this application realizes In order to track the sender and realize the function of linking information, the first embodiment of this application provides a traceable and linkable ring signature scheme; the traceable and traceable ring signature (Linkable and Traceable ring signature) is also realized The signature of the dual function of traceable and linkable, among which traceable ring signature (Traceable ring signature) refers to the signature that can trace the identity of the specific signing user, and realizes the signature of the supervision function. In addition, the second embodiment provided in this application implements the tracking of the value. Its essence is to provide a traceable range proof. The traceable range proof refers to a certain amount of money belonging to a specified amount. Interval proof system, for ordinary verification users, the proof meets zero knowledge (no amount information is leaked), and the specific amount can be solved through proof, which realizes the proof of supervision function.
实际应用中,应用本申请提供的可追踪可链接环签名及可追踪区间证明的门罗币应用过程可以如下:In actual application, the Monero application process using the traceable linkable ring signature and traceable interval proof provided by this application can be as follows:
区块链体系存在中心,中心生成系统参数(椭圆曲线群生成元),陷门Trapdoor(第一随机数)和陷门公钥MPK(椭圆曲线群元素);The blockchain system has a center, which generates system parameters (elliptic curve group generator), trapdoor (first random number) and trapdoor public key MPK (elliptic curve group element);
对于每一笔UTXO,用户自己生成私钥SK,然后按照MPK加入公钥生成算法中,得到公钥PK=Gen(SK,MPK),公钥的验证者可以验证该笔UTXO的公钥是否按照规定的方式生成;For each UTXO, the user generates the private key SK, and then adds the public key generation algorithm according to MPK to obtain the public key PK=Gen(SK, MPK). The verifier of the public key can verify whether the public key of the UTXO is in accordance with Generated in a prescribed way;
用户按照与门罗币相同的交易框架进行交易,在交易过程中,用户在对交易金额的区间证明中,将门罗币原有的区间证明替换为本申请的可追踪区间证明,将门罗币中的可链接环签名替换为可追踪可链接环签名;The user conducts transactions in accordance with the same transaction framework as Monero. During the transaction, the user replaces the original Monero interval certificate with the traceable interval certificate of the application in the interval proof of the transaction amount, and replaces the Monero coin in the interval proof of the application. The linkable ring signature of is replaced with a traceable linkable ring signature;
在验证交易环节,验证者进行与门罗币相同的验证工作,即检验区间证明的正确性,检验环签名的正确性,检验交易是否可链接(是否双花),全部通过验证后确认交易并出块;In the process of verifying transactions, the verifier performs the same verification work as Monero, that is, verifying the correctness of the interval proof, verifying the correctness of the ring signature, verifying whether the transaction can be linked (whether it is double spend), and confirming the transaction after all verifications are passed. Block
链上的中心节点(监管者)不负责交易合法性的确认,也不负责打包 交易和出块工作,仅仅在需要监管时工作,中心使用自己保管的陷门Trapdoor对交易中的区间证明和环签名进行追踪计算,得到具体的交易金额和签名者身份,实现了完全的监管功能,但是监管者不掌握用户私钥,无法伪造用户签名,也无法将用户的钱转走,实现了只监管不干涉的功能,实现了多层次的监管功能。The central node (supervisor) on the chain is not responsible for confirming the legality of the transaction, nor is it responsible for packaging transactions and block production. It only works when supervision is required. The center uses its own trapdoor Trapdoor to verify the interval certification and loop of the transaction. The signature is tracked and calculated to obtain the specific transaction amount and the identity of the signer, which realizes a complete supervision function. However, the supervisor does not have the user's private key, and cannot forge the user's signature or transfer the user's money. The function of interference realizes the function of multi-level supervision.
由上述描述可知,本申请提供的一种区块链信息传输方法实现了对数据发送方的追踪及对数值的监管,避免了因数据发送方不可被追踪及数值不可被获知而导致的区块链系统隐藏不法分子信息的缺点,可以适用于区块链应用场景下的犯罪追查、数据统计、资金冻结等具体应用场景下;此外,用户自己的私钥完全由用户自身掌握,包括监管者在内的任何人均无法伪造用户签名,仿冒用户交易,最大程度的保留了区块链“去中心化”的要求;并且监管者不需要负责交易验证,也不需要复杂打包交易和出块等工作,仅仅在需要监管时出现,有效减少了监管者的计算和通信压力,与现有的交易均需经过监管者的技术相比,提高了区块链系统的交易效率。From the above description, it can be seen that the blockchain information transmission method provided by this application realizes the tracking of the data sender and the supervision of the value, and avoids the block caused by the data sender cannot be tracked and the value cannot be known. The chain system hides the shortcomings of criminal information, which can be applied to specific application scenarios such as criminal investigation, data statistics, and fund freezing in the blockchain application scenario; in addition, the user’s own private key is completely controlled by the user, including the supervisor No one inside can forge user signatures and counterfeit user transactions, which preserves the requirements of blockchain "decentralization" to the greatest extent; and the regulator does not need to be responsible for transaction verification, and does not require complicated packaging transactions and block production, etc. It only appears when supervision is needed, effectively reducing the supervisor's calculation and communication pressure, and improving the transaction efficiency of the blockchain system compared with the existing technology that requires supervisors.
另一方面,本申请提供一种区块链信息传输系统。On the other hand, this application provides a blockchain information transmission system.
请参阅图5,图5为本申请一实施例揭露的区块链信息传输系统的结构示意图。Please refer to FIG. 5, which is a schematic structural diagram of a blockchain information transmission system disclosed in an embodiment of the application.
本申请实施例提供的一种区块链信息传输系统,应用于目标区块链节点,可以包括:The block chain information transmission system provided by the embodiment of the present application, applied to a target block chain node, may include:
第一获取模块101,用于获取预先确定的离散密码群生成元及加密群元素,加密群元素包括基于预设格式对第一随机数和初始密码群运算后得到的密码群元素,且第一随机数为监管节点生成并保存的陷门;The first obtaining module 101 is configured to obtain a predetermined discrete cipher group generator and an encrypted group element. The encrypted group element includes a cipher group element obtained by calculating a first random number and an initial cipher group based on a preset format, and the first Random numbers are trapdoors generated and saved by supervisory nodes;
第一处理模块,用于按照预设格式,基于离散密码群生成元和加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至区块链,以使监管节点能够基于处理结果及第一随机数对目标区块链节点和/或隐私数据进行监管。The first processing module is used to process its own private data based on the discrete cipher group generator and the encrypted group element according to the preset format, and publish the corresponding processing result to the blockchain, so that the supervisory node can be based on the processing result And the first random number supervises the target blockchain node and/or private data.
本申请实施例提供的一种区块链信息传输系统中各个模块的相关描述 请参阅上述实施例,在此不再赘述。For the relevant description of each module in the block chain information transmission system provided by the embodiment of the present application, please refer to the above-mentioned embodiment, which will not be repeated here.
另一方面,本申请提供一种区块链信息传输装置。On the other hand, this application provides a block chain information transmission device.
参照图6,图6为本申请一实施例揭露的区块链信息传输装置的内部结构示意图。Referring to FIG. 6, FIG. 6 is a schematic diagram of the internal structure of a block chain information transmission device disclosed in an embodiment of the application.
本实施例中,视区块链信息传输装置1可以是PC(Personal Computer,个人电脑),也可以是智能手机、平板电脑、掌上电脑、便携计算机、智能路由器、矿机、网络存储设备终端设备。In this embodiment, the block chain information transmission device 1 can be a PC (Personal Computer), or a smart phone, a tablet computer, a palmtop computer, a portable computer, a smart router, a mining machine, a network storage device terminal device .
该区块链信息传输装置1可以是组成区块链网络的节点。The block chain information transmission device 1 may be a node constituting a block chain network.
该区块链信息传输装置1可以包括存储器11、处理器12和总线13。The block chain information transmission device 1 may include a memory 11, a processor 12 and a bus 13.
其中,存储器11至少包括一种类型的可读存储介质,可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器11在一些实施例中可以是区块链信息传输装置1的内部存储单元,例如该区块链信息传输装置1的硬盘。存储器11在另一些实施例中也可以是区块链信息传输装置1的外部存储设备,例如区块链信息传输装置1上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括区块链信息传输装置1的内部存储单元也包括外部存储设备。存储器11不仅可以用于存储安装于区块链信息传输装置1的应用软件及各类数据,例如区块链信息传输程序01的代码等,还可以用于暂时地存储已经输出或者将要输出的数据。The memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may be an internal storage unit of the blockchain information transmission device 1 in some embodiments, such as a hard disk of the blockchain information transmission device 1. In other embodiments, the memory 11 may also be an external storage device of the blockchain information transmission device 1, for example, a plug-in hard disk or a smart media card (SMC) equipped on the blockchain information transmission device 1. Secure Digital (SD) card, Flash Card, etc. Further, the memory 11 may also include both an internal storage unit of the blockchain information transmission device 1 and an external storage device. The memory 11 can be used not only to store application software and various data installed in the blockchain information transmission device 1, such as the code of the blockchain information transmission program 01, but also to temporarily store data that has been output or will be output. .
处理器12在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如执行区块链信息传输程序01等。In some embodiments, the processor 12 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip, for running program codes or processing stored in the memory 11 Data, such as execution of blockchain information transmission program 01, etc.
该总线13可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The bus 13 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus.
进一步地,区块链信息传输装置还可以包括网络接口14,网络接口14可选的可以包括有线接口和/或无线接口(如WI-FI接口、蓝牙接口等),通常用于在该装置1与其他电子设备之间建立通信连接。Further, the blockchain information transmission device may also include a network interface 14. The network interface 14 may optionally include a wired interface and/or a wireless interface (such as a WI-FI interface, a Bluetooth interface, etc.), which is usually used in the device 1 Establish a communication connection with other electronic devices.
可选地,该区块链信息传输装置1还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在区块链信息传输装置1中处理的信息以及用于显示可视化的用户界面。Optionally, the blockchain information transmission device 1 may also include a user interface. The user interface may include a display (Display), an input unit such as a keyboard (Keyboard), and the optional user interface may also include a standard wired interface and a wireless interface. . Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, etc. Among them, the display can also be appropriately called a display screen or a display unit, which is used to display the information processed in the blockchain information transmission device 1 and to display a visualized user interface.
图6仅示出了具有组件11-14以及区块链信息传输程序01的区块链信息传输装置1,本领域技术人员可以理解的是,图6示出的结构并不构成对区块链信息传输装置1的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。Fig. 6 only shows the block chain information transmission device 1 with components 11-14 and block chain information transmission program 01. Those skilled in the art can understand that the structure shown in Fig. 6 does not constitute a block chain The definition of the information transmission device 1 may include fewer or more components than shown, or a combination of certain components, or a different component arrangement.
本申请提供的一种计算机可读存储介质,计算机可读存储介质上存储有区块链信息传输程序,区块链信息传输程序可被一个或者多个处理器执行,以实现如上任一实施例所描述的区块链信息传输方法。A computer-readable storage medium provided by the present application. The computer-readable storage medium stores a blockchain information transmission program. The blockchain information transmission program can be executed by one or more processors to implement any of the above embodiments. The described blockchain information transmission method.
这里所涉及的计算机可读存储介质包括随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质。The computer-readable storage media involved here include random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-ROMs, Or any other form of storage medium known in the technical field.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part.
所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本发明实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、 或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存储的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present invention are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website site, computer, server or data center via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server or a data center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of the description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销 售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .
需要说明的是,上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。并且本文中的术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that the sequence numbers of the above-mentioned embodiments of the present invention are only for description, and do not represent the superiority or inferiority of the embodiments. And the terms "include", "include" or any other variants thereof in this article are intended to cover non-exclusive inclusion, so that a process, device, article or method including a series of elements not only includes those elements, but also includes those elements that are not explicitly included. The other elements listed may also include elements inherent to the process, device, article, or method. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, device, article, or method that includes the element.
对所公开的实施例的上述说明,使本领域技术人员能够实现或使用本申请。对这些实施例的多种修改对本领域技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本申请的精神或范围的情况下,在其它实施例中实现。因此,本申请将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use this application. Various modifications to these embodiments will be obvious to those skilled in the art, and the general principles defined herein can be implemented in other embodiments without departing from the spirit or scope of the present application. Therefore, this application will not be limited to the embodiments shown in this document, but should conform to the widest scope consistent with the principles and novel features disclosed in this document.

Claims (20)

  1. 一种区块链信息传输方法,其特征在于,应用于区块链系统中的目标区块链节点,所述区块链系统还包括监管节点,所述方法包括:A block chain information transmission method, characterized in that it is applied to a target block chain node in a block chain system, the block chain system further includes a supervisory node, and the method includes:
    获取预先确定的的离散密码群生成元及加密群元素,所述加密群元素包括基于预设格式对第一随机数和所述离散密码群生成元运算后得到的密码群元素,且所述第一随机数为所述监管节点生成并保存的陷门;Obtain a predetermined discrete cipher group generator and an encrypted group element, where the encrypted group element includes a cipher group element obtained by calculating a first random number and the discrete cipher group generator based on a preset format, and the first A random number is a trapdoor generated and saved by the supervisory node;
    按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管。According to the preset format, process its own private data based on the discrete cipher group generator and the encrypted group element, and publish the corresponding processing result to the blockchain, so that the supervisory node can Supervise the target blockchain node and/or the private data based on the processing result and the first random number.
  2. 根据权利要求1所述的方法,其特征在于,所述离散密码群生成元包括椭圆曲线群生成元,所述加密群元素包括椭圆曲线群元素;The method according to claim 1, wherein the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
    所述按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管,包括:According to the preset format, process its own private data based on the discrete cipher group generator and the encryption group element, and publish the corresponding processing result to the blockchain, so that the supervision The node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
    生成一次签名私钥,按照所述预设格式,基于所述椭圆曲线群元素及所述一次签名私钥生成一次签名公钥并公布;Generate a signature private key once, generate and publish a signature public key based on the elliptic curve group element and the one-time signature private key according to the preset format;
    按照所述预设格式对所述椭圆曲线群生成元及所述一次签名私钥进行运算,得到身份验证信息,发布所述身份验证信息至所述区块链,以使所述监管节点能够基于所述第一随机数、所述身份验证信息及所述一次签名公钥确定所述目标数据的发送方。Perform operations on the elliptic curve group generator and the one-time signature private key according to the preset format to obtain identity verification information, and publish the identity verification information to the blockchain so that the supervisory node can be based on The first random number, the identity verification information, and the one-time signature public key determine the sender of the target data.
  3. 根据权利要求2所述的方法,其特征在于,所述区块链系统还包括验证区块链节点,所述按照所述预设格式,基于所述椭圆曲线群元素及所述一次签名私钥生成一次签名公钥并公布之后,还包括:The method according to claim 2, characterized in that the blockchain system further comprises verifying the blockchain node, said according to the preset format, based on the elliptic curve group element and the one-time signature private key After generating and publishing the signature public key once, it also includes:
    生成环签名私钥,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接环签名的可追踪可链接公钥;Generate a ring signature private key, and generate a traceable and linkable public key for traceable and linkable ring signatures based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key ;
    获取目标数据,基于所述可追踪可链接公钥、所述椭圆曲线群生成元、 所述椭圆曲线群元素、所述环签名私钥、所述一次签名私钥及所述一次签名公钥对所述目标数据进行可追踪可链接环签名,得到所述目标数据的可追踪可链接环签名结果;Obtain target data based on the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time signature private key, and the pair of the one-time signature public key Performing a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the target data;
    发布所述可追踪可链接环签名结果至所述验证区块链节点,以使所述验证区块链节点能够对所述可追踪可链接环签名结果进行验证。Publish the traceable and linkable ring signature result to the verification blockchain node, so that the verification blockchain node can verify the traceable and linkable ring signature result.
  4. 根据权利要求3所述的方法,其特征在于,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接的可追踪进而链接公钥,包括:The method of claim 3, wherein the generation of the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key is traceable and linkable The traceable and then linked public key includes:
    通过第一运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥及所述一次签名私钥生成进行可追踪可链接环签名的所述可追踪可链接公钥;According to the first calculation formula, the traceable and linkable ring signature is generated based on the elliptic curve group generator, the elliptic curve group element, the ring signature private key, and the one-time signature private key Public key
    所述第一运算公式包括:The first calculation formula includes:
    Figure PCTCN2019104853-appb-100001
    Figure PCTCN2019104853-appb-100001
    其中,i表示所述目标区块链节点的标号;PK i表示所述目标区块链节点进行可追踪可链接环签名的所述可追踪可链接公钥;g表示所述椭圆曲线群生成元;
    Figure PCTCN2019104853-appb-100002
    表示上次生成的UPK;h表示所述椭圆曲线群元素;x i表示所述目标区块链节点的所述环签名私钥;a i表示所述目标区块链节点的所述一次签名私钥;
    Figure PCTCN2019104853-appb-100003
    表示所述可追踪可链接公钥合法性的零知识证明结果。     Where i represents the label of the target blockchain node; PK i represents the traceable and linkable public key for the target blockchain node to sign the traceable and linkable ring; g represents the elliptic curve group generator ;
    Figure PCTCN2019104853-appb-100002
    Represents the UPK generated last time; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the one-time signature private key of the target blockchain node key;
    Figure PCTCN2019104853-appb-100003
    Represents the zero-knowledge proof result of the legitimacy of the traceable and linkable public key.
  5. 根据权利要求4所述的方法,其特征在于,所述基于所述可追踪可链接公钥、所述椭圆曲线群生成元、所述椭圆曲线群元素、所述环签名私钥、所述一次签名私钥及所述一次签名公钥对所述目标数据进行可追踪可链接环签名,得到数据的可追踪可链接环签名结果,包括:The method according to claim 4, wherein the traceable and linkable public key, the elliptic curve group generator, the elliptic curve group element, the ring signature private key, the one-time The signature private key and the one-time signature public key perform a traceable and linkable ring signature on the target data to obtain a traceable and linkable ring signature result of the data, including:
    选取预设数量的其他区块链节点,通过第二运算公式,基于所述其他区块链节点的公钥及所述目标区块链节点的公钥生成环签名公钥,所述预设数量为n-1,n为大于等于2的整数;A preset number of other blockchain nodes are selected, and a ring signature public key is generated based on the public key of the other blockchain node and the public key of the target blockchain node through a second calculation formula, the preset number N-1, n is an integer greater than or equal to 2;
    通过第三运算公式,基于所述环签名公钥、所述环签名私钥对所述目标数据进行环签名,得到普通环签名结果;Perform a ring signature on the target data based on the ring signature public key and the ring signature private key through the third calculation formula to obtain a common ring signature result;
    通过第四运算公式,基于所述一次签名私钥、所述环签名公钥、所述 一次签名公钥对所述普通环签名结果进行一次签名,得到一次签名结果;According to the fourth calculation formula, the ordinary ring signature result is signed once based on the one-time signature private key, the ring signature public key, and the one-time signature public key to obtain a signature result;
    将所述环签名公钥、所述目标数据、所述普通环签名结果、所述一次签名结果作为所述可追踪可链接环签名结果;Using the ring signature public key, the target data, the ordinary ring signature result, and the one-time signature result as the traceable and linkable ring signature result;
    所述第二运算公式包括:The second calculation formula includes:
    Figure PCTCN2019104853-appb-100004
    Figure PCTCN2019104853-appb-100004
    所述第三运算公式包括:The third calculation formula includes:
    A=SIG(x i,L,m); A=SIG(x i ,L,m);
    所述第四运算公式包括:The fourth calculation formula includes:
    σ=OSIG(a i,SIG(x i,L,m),L,OPK);
    Figure PCTCN2019104853-appb-100005
    σ=OSIG(a i ,SIG(x i ,L,m),L,OPK);
    Figure PCTCN2019104853-appb-100005
    其中,L表示所述环签名公钥;1≤j≤n-1,且j≠i时,x j表示所述其他区块链节点的环签名私钥,a j表示所述其他区块链节点的一次签名私钥;A表示所述普通环签名结果;SIG表示环签名算法;m表示所述目标数据;σ表示所述一次签名结果;OSIG表示一次签名算法;OPK表示所述一次签名公钥。 Where, L represents the public key of the ring signature; when 1≤j≤n-1, and j≠i, x j represents the ring signature private key of the other blockchain node, and a j represents the other blockchain The one-time signature private key of the node; A represents the ordinary ring signature result; SIG represents the ring signature algorithm; m represents the target data; σ represents the one-time signature result; OSIG represents the one-time signature algorithm; OPK represents the one-time signature public key key.
  6. 根据权利要求1所述的方法,其特征在于,所述离散密码群生成元包括椭圆曲线群生成元,所述加密群元素包括椭圆曲线群元素;The method according to claim 1, wherein the discrete cipher group generator includes an elliptic curve group generator, and the encrypted group element includes an elliptic curve group element;
    所述按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管,包括:According to the preset format, process its own private data based on the discrete cipher group generator and the encryption group element, and publish the corresponding processing result to the blockchain, so that the supervision The node can supervise the target blockchain node and/or the private data based on the processing result and the first random number, including:
    获取目标数值,并生成第二随机数;Obtain the target value and generate a second random number;
    基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到承诺值;Calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain a promised value;
    按照预设拆分格式,将所述目标数值拆分为子目标数值,并将所述第二随机数拆分为与所述子目标数值对应的子第二随机数;Split the target value into sub-target values according to a preset split format, and split the second random number into sub-second random numbers corresponding to the sub-target value;
    基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的第一承诺值和第二承诺值,并公布所述第一承诺值;Calculate the first commitment value and second commitment value of each of the sub-target values and the corresponding sub-second random numbers based on the elliptic curve group generator and the elliptic curve group elements, and publish the first commitment value Commitment value
    基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子 第二随机数的数值验证结果并公布,以使所述监管节点能够基于所述第一承诺值、所述数值验证结果及所述第一随机数确定所述目标数值。Based on the elliptic curve group elements, calculate and publish the numerical verification results of each of the sub-target values and the corresponding sub-second random numbers, so that the supervisory node can be based on the first commitment value and the numerical value. The verification result and the first random number determine the target value.
  7. 根据权利要求6所述的方法,其特征在于,所述基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的数值验证结果并公布之后,还包括:The method according to claim 6, characterized in that, after calculating and publishing the numerical verification result of each of the sub-target values and the corresponding sub-second random numbers based on the elliptic curve group elements, the method further comprises :
    基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的子公钥;Calculating the sub-public key of each sub-target value based on the first commitment value, the second commitment value, and the numerical verification result of each of the sub-target values;
    基于所述承诺值及每一个所述子目标数值的所述子公钥、所述子第二随机数计算每一个所述子目标数值的子环签名结果;Calculating a sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key of each of the sub-target values, and the sub-second random number;
    将所述承诺值及所有的所述子环签名结果作为所述目标数值的数值可追踪区间证明结果;Taking the commitment value and all the sub-ring signature results as the verification result of the traceable interval of the target value;
    发布所述数值可追踪区间证明结果至所述验证区块链节点,以使所述验证区块链节点能够对所述数值可追踪区间证明结果及所述数值验证结果进行验证、并在验证通过后将所述数值可追踪区间证明结果上链。Publish the verification result of the numerical traceable interval to the verification blockchain node, so that the verification blockchain node can verify the verification result of the numerical traceable interval and the numerical verification result, and pass the verification Afterwards, the result of the traceable interval of the numerical value is shown on the chain.
  8. 根据权利要求7所述的方法,其特征在于,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到承诺值,包括:The method according to claim 7, wherein the calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number to obtain a promised value comprises :
    通过承诺值运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素、所述第二随机数对所述目标数值进行运算,得到所述承诺值;Calculating the target value based on the elliptic curve group generator, the elliptic curve group element, and the second random number through a promise value calculation formula to obtain the promise value;
    所述承诺值运算公式包括:The commitment value calculation formula includes:
    c=g yh bc=g y h b ;
    其中,c表示所述承诺值;y表示所述第二随机数;b表示所述目标数值。Wherein, c represents the commitment value; y represents the second random number; b represents the target value.
  9. 根据权利要求8所述的方法,其特征在于,所述按照预设拆分格式,将所述目标数值拆分为子目标数值,并将所述第二随机数拆分为与所述子目标数值对应的子第二随机数,包括:The method according to claim 8, wherein the target value is split into sub-target values according to a preset split format, and the second random number is split into sub-target values. The second random number corresponding to the value, including:
    通过第一拆分公式将所述目标数值拆分为所述子目标数值;Split the target value into the sub-target value by a first split formula;
    通过第二拆分公式将所述第二随机数拆分为与所述子目标数值对应的所述子第二随机数;Split the second random number into the sub-second random number corresponding to the sub-target value by using a second split formula;
    所述第一拆分公式包括:The first splitting formula includes:
    b=b 0+…+2 ib i+…+2 v-1b v-1b=b 0 +…+2 i b i +…+2 v-1 b v-1 ;
    所述第二拆分公式包括:The second splitting formula includes:
    y 0+…+y i+…+y v-1=y; y 0 +…+y i +…+y v-1 =y;
    其中,b i表示第i个所述子目标数值,v表示所述子目标数值的总数量,b i的值为0或1;y i表示与第i个所述子目标数值对应的所述子第二随机数。 Wherein, b i represents the i-th sub-target value, v represents the total number of the sub-target values, and the value of b i is 0 or 1; y i represents the i-th sub-target value corresponding to the The second random number.
  10. 根据权利要求9所述的方法,其特征在于,所述基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的第一承诺值和第二承诺值,包括:The method according to claim 9, wherein the calculation of each of the sub-target value and the corresponding sub-second random number is based on the elliptic curve group generator and the elliptic curve group element. The first commitment value and the second commitment value include:
    通过第五运算公式,基于所述椭圆曲线群生成元、所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的所述第一承诺值和所述第二承诺值;According to the fifth calculation formula, the first commitment value and the first commitment value of each sub-target value and the corresponding sub-second random number are calculated based on the elliptic curve group generator and the elliptic curve group element. 2. Commitment value;
    所述第五运算公式包括:The fifth operation formula includes:
    Figure PCTCN2019104853-appb-100006
    Figure PCTCN2019104853-appb-100006
    其中,c i表示第i个所述第一承诺值;c′ i表示第i个所述第二承诺值; Wherein, c i represents the i-th first commitment value; c′ i represents the i-th second commitment value;
    所述基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的数值验证结果并公布,包括:The calculating and publishing the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element includes:
    通过第六运算公式,基于所述椭圆曲线群元素计算每一个所述子目标数值与对应的所述子第二随机数的所述数值验证结果并公布;Calculate and publish the numerical verification result of each sub-target value and the corresponding sub-second random number based on the elliptic curve group element through a sixth calculation formula;
    所述第六运算公式包括:The sixth operation formula includes:
    Figure PCTCN2019104853-appb-100007
    其中,TK′ i表示第i个所述数值验证结果;
    Figure PCTCN2019104853-appb-100007
    Wherein, TK′ i represents the i-th numerical verification result;
    所述基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的子公钥,包括:The calculating the sub-public key of each of the sub-target values based on the first commitment value, the second commitment value, and the value verification result of each of the sub-target values includes:
    通过第七运算公式,基于每一个所述子目标数值的所述第一承诺值、所述第二承诺值、所述数值验证结果计算每一个所述子目标数值的所述子公钥;Calculating the sub-public key of each sub-target value based on the first commitment value, the second commitment value, and the numerical verification result of each of the sub-target values through a seventh calculation formula;
    所述第七运算公式包括:The seventh operation formula includes:
    PK′ i=(c i,c′ i,TK′ i,π(c i,c′ i,TK′ i));其中,PK′ i表示第i个所述子公钥;π(c i,c′ i,TK′ i)表示TK′ i合法性的零知识证明结果; PK′ i =(c i ,c′ i ,TK′ i ,π(c i ,c′ i ,TK′ i )); where PK′ i represents the i-th said child public key; π(c i ,c′ i ,TK′ i ) represents the zero-knowledge proof result of the legitimacy of TK′ i;
    所述基于所述承诺值及每一个所述子目标数值的所述子公钥、所述子第二随机数计算每一个所述子目标数值的子环签名结果,包括:The calculating the sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key and the sub-second random number of each of the sub-target values includes:
    通过第八运算公式,基于所述承诺值及每一个所述子目标数值的所述子公钥、所述子第二随机数计算每一个所述子目标数值的所述子环签名结果;Calculating the sub-ring signature result of each of the sub-target values based on the commitment value, the sub-public key of each of the sub-target values, and the sub-second random number by using an eighth operation formula;
    所述第八运算公式包括:The eighth operation formula includes:
    σ i=SIG(PK′ i,y i,c);其中,σ i表示第i个所述子环签名结果。 σ i =SIG(PK' i ,y i ,c); where σ i represents the i-th sub-ring signature result.
  11. 根据权利要求1至10任一项所述的方法,其特征在于,所述预设格式包括α β,α表示密码群元素,β表示随机数。 The method according to any one of claims 1 to 10, wherein the preset format includes α β , α represents a password group element, and β represents a random number.
  12. 一种区块链信息传输方法,其特征在于,应用于区块链系统中的验证区块链节点,所述区块链系统还包括目标区块链节点,所述方法包括:A block chain information transmission method, characterized in that it is applied to a verification block chain node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
    获取所述目标区块链节点公布的一次签名公钥,判断所述一次签名公钥是否已存在于所述区块链系统中;Obtain the one-time signature public key published by the target blockchain node, and determine whether the one-time signature public key already exists in the blockchain system;
    若所述一次签名公钥已存在于所述区块链系统中,则输出异常信息,若所述一次签名公钥未存在于所述区块链系统中,则获取目标区块链节点发布的数据的可追踪可链接环签名结果;If the one-time signature public key already exists in the blockchain system, output abnormal information. If the one-time signature public key does not exist in the blockchain system, then obtain the information issued by the target blockchain node Data traceable and linkable ring signature results;
    获取并检验
    Figure PCTCN2019104853-appb-100008
    是否正确;π表示零知识证明,g表示椭圆曲线群生成元;
    Figure PCTCN2019104853-appb-100009
    表示上次生成的UPK;h表示椭圆曲线群元素;x i表示所述目标区块链节点的环签名私钥;a i表示所述目标区块链节点的一次签名私钥;     Obtain and verify
    Figure PCTCN2019104853-appb-100008
    Is it correct; π means zero-knowledge proof, g means generator of elliptic curve group;
    Figure PCTCN2019104853-appb-100009
    Represents the UPK generated last time; h represents the elliptic curve group element; x i represents the ring signature private key of the target blockchain node; a i represents the primary signature private key of the target blockchain node;
    Figure PCTCN2019104853-appb-100010
    正确,则检验所述可追踪可链接环签名结果中的环签名公钥是否正确;     If
    Figure PCTCN2019104853-appb-100010
    If it is correct, check whether the ring signature public key in the traceable linkable ring signature result is correct;
    若所述环签名公钥正确,则检验所述可追踪可链接环签名结果中的普通环签名结果是否正确;If the ring signature public key is correct, check whether the ordinary ring signature result in the traceable linkable ring signature result is correct;
    若所述普通环签名结果正确,则检验所述可追踪可链接环签名结果中的一次签名结果是否正确;If the result of the ordinary ring signature is correct, check whether the one-time signature result in the traceable and linkable ring signature result is correct;
    若所述一次签名结果正确,则检验所述可追踪可链接环签名结果是否正确。If the one-time signature result is correct, check whether the traceable linkable ring signature result is correct.
  13. 根据权利要求12所述的方法,其特征在于,还包括:The method according to claim 12, further comprising:
    获取所述目标区块链节点生成的承诺值、第一承诺值、第二承诺值、数值验证结果及数值可追踪区间证明结果;获取椭圆曲线群元素;Obtain the commitment value, the first commitment value, the second commitment value, the numerical verification result, and the numerical traceable interval verification result generated by the target blockchain node; acquire the elliptic curve group element;
    验证所有的π(c i,c′ i,TK′ i)是否均正确;c i表示所述第一承诺值;c′ i表示所述第二承诺值;TK′ i表示所述数值验证结果; Verify that all π(c i ,c′ i ,TK′ i ) are correct; c i represents the first commitment value; c′ i represents the second commitment value; TK′ i represents the numerical verification result ;
    若所有的π(c i,c′ i,TK′ i)正确,则验证所有的
    Figure PCTCN2019104853-appb-100011
    是否均正确;h表示所述椭圆曲线群元素;     If all π(c i ,c′ i ,TK′ i ) are correct, verify all
    Figure PCTCN2019104853-appb-100011
    Whether they are all correct; h represents the elliptic curve group element;
    若所有的
    Figure PCTCN2019104853-appb-100012
    正确,则验证∏c i=c是否正确,∏表示求和运算,c表示所述承诺值;     If all
    Figure PCTCN2019104853-appb-100012
    If it is correct, verify whether ∏c i =c is correct, ∏ represents the summation operation, and c represents the promised value;
    若∏c i=c正确,则验证所述数值可追踪区间证明结果的正确性; If ∏c i = c is correct, verify the correctness of the result by verifying the traceable interval of the value;
    若所述数值可追踪区间证明结果正确,则上链所述数值可追踪区间证明结果。If the value traceable interval proves that the result is correct, then the value traceable interval proves the result.
  14. 一种区块链信息传输方法,其特征在于,应用于区块链系统中的监管节点,所述区块链系统还包括目标区块链节点,所述方法包括:A block chain information transmission method, characterized in that it is applied to a supervisory node in a block chain system, the block chain system further includes a target block chain node, and the method includes:
    生成第一随机数并作为陷门保存,以使所述区块链基于预设格式对所述第一随机数和离散密码群生成元进行运算,得到加密群元素;Generating a first random number and saving it as a trapdoor, so that the blockchain performs an operation on the first random number and a discrete cipher group generator based on a preset format to obtain an encrypted group element;
    公布所述加密群元素,以使所述区块链中的区块链节点基于所述离散密码群生成元、所述加密群群元素及相应的一次签名私钥生成相应的一次签名公钥;Publishing the encrypted group element, so that the blockchain node in the blockchain generates a corresponding one-time signature public key based on the discrete cryptographic group generator, the encrypted group group element, and the corresponding one-time signature private key;
    获取区块链节点发布在所述区块链中的第一系列运算结果,所述第一系列运算结果包括所述区块链节点按照所述预设格式对所述离散密码群生成元及所述一次签名私钥进行运算后得到的结果;Obtain the first series of calculation results published by the blockchain node in the blockchain, where the first series of calculation results include the block chain node’s Describe the result obtained after a signature private key is calculated;
    获取目标一次签名公钥;Obtain the target's one-time signature public key;
    按照所述预设格式,通过所述第一随机数对所述第一系列运算结果中的每个运算结果进行运算,得到相应的第一运算值;Performing an operation on each operation result in the first series of operation results by using the first random number according to the preset format to obtain a corresponding first operation value;
    将与所述目标一次签名公钥的值相等的所述第一运算值所对应的区块链节点确定为目标区块链节点;Determining the blockchain node corresponding to the first operation value equal to the value of the target primary signature public key as the target blockchain node;
    其中,所述预设格式包括α β,α表示密码群元素,β表示随机数。 Wherein, the preset format includes α β , α represents a cipher group element, and β represents a random number.
  15. 根据权利要求14所述的方法,其特征在于,所述公布所述加密群元素之后,还包括:The method according to claim 14, wherein after the publishing of the encrypted group element, the method further comprises:
    获取所述目标区块链节点公布的与目标数值对应的第一承诺值及数值验证结果;Obtaining the first commitment value and the value verification result corresponding to the target value published by the target blockchain node;
    对于每个所述第一承诺值,按照所述预设格式,通过所述第一随机数计算所述第一承诺值对应的第二运算值,判断所述第二运算值是否与所述数值验证结果相等,若是,则确定所述第一承诺值对应的子目标数值的值为0,若否,则确定所述第一承诺值的子目标数值的值为1;For each of the first commitment values, according to the preset format, the second operation value corresponding to the first commitment value is calculated by the first random number, and it is determined whether the second operation value is the same as the numerical value. If the verification results are equal, determine that the value of the sub-target value corresponding to the first commitment value is 0, if not, determine that the value of the sub-target value of the first commitment value is 1;
    按照所述预设拆分格式,基于所述子目标数值确定所述目标数值。According to the preset split format, the target value is determined based on the sub-target value.
  16. 一种区块链信息传输系统,其特征在于,应用于区块链系统中的目标区块链节点,所述区块链系统还包括监管节点,所述系统包括:A block chain information transmission system, characterized in that it is applied to a target block chain node in a block chain system, the block chain system further includes a supervision node, and the system includes:
    第一获取模块,用于获取预先确定的离散密码群生成元及加密群元素,所述加密群元素包括基于预设格式对第一随机数和所述离散密码群生成元运算后得到的密码群元素,且所述第一随机数为所述监管节点生成并保存的陷门;The first obtaining module is configured to obtain a predetermined discrete cipher group generator and an encrypted group element. The encrypted group element includes a cipher group obtained by calculating a first random number and the discrete cipher group generator based on a preset format Element, and the first random number is a trapdoor generated and saved by the supervisory node;
    第一处理模块,用于按照所述预设格式,基于所述离散密码群生成元和所述加密群元素对自身的隐私数据进行处理,并将相应的处理结果发布至所述区块链,以使所述监管节点能够基于所述处理结果及所述第一随机数对所述目标区块链节点和/或所述隐私数据进行监管。The first processing module is configured to process its own private data based on the discrete cipher group generator and the encrypted group element according to the preset format, and publish the corresponding processing result to the blockchain, So that the supervision node can supervise the target blockchain node and/or the private data based on the processing result and the first random number.
  17. 一种区块链信息传输装置,其特征在于,所述装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的区块链信息传输程序,所述区块链信息传输程序被所述处理器执行时实现如权利要求1至15任一项所述的方法。A block chain information transmission device, characterized in that the device includes a memory and a processor, the memory stores a block chain information transmission program that can run on the processor, and the block chain information When the transmission program is executed by the processor, the method according to any one of claims 1 to 15 is implemented.
  18. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有区块链信息传输程序,所述区块链信息传输程序可被一个或者多个处理器执行,以实现如权利要求1至15中任一项所述的区块链信息传输方法。A computer-readable storage medium, characterized in that a blockchain information transmission program is stored on the computer-readable storage medium, and the blockchain information transmission program can be executed by one or more processors to achieve such The blockchain information transmission method according to any one of claims 1 to 15.
  19. 一种区块链系统,其特征在于,包括普通区块链节点、监管节点;A blockchain system, which is characterized by including ordinary blockchain nodes and supervisory nodes;
    所述普通区块链节点用于执行如权利要求1至11任一项所述的区块链信息传输方法;The ordinary blockchain node is used to implement the blockchain information transmission method according to any one of claims 1 to 11;
    所述监管节点用于执行如权利要求14或15所述的区块链信息传输方法。The supervisory node is used to implement the blockchain information transmission method according to claim 14 or 15.
  20. 根据权利要求19所述的系统,其特征在于,还包括验证区块链节点;The system according to claim 19, further comprising a verification blockchain node;
    所述验证区块链节点用于执行如权利要求12或13所述的区块链信息传输方法。The verification blockchain node is used to implement the blockchain information transmission method according to claim 12 or 13.
PCT/CN2019/104853 2019-09-09 2019-09-09 Blockchain system, information transmission method, system and apparatus, and computer medium WO2021046668A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980059452.8A CN112789824B (en) 2019-09-09 2019-09-09 Block chain system, information transmission method, system, device and computer medium
PCT/CN2019/104853 WO2021046668A1 (en) 2019-09-09 2019-09-09 Blockchain system, information transmission method, system and apparatus, and computer medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/104853 WO2021046668A1 (en) 2019-09-09 2019-09-09 Blockchain system, information transmission method, system and apparatus, and computer medium

Publications (1)

Publication Number Publication Date
WO2021046668A1 true WO2021046668A1 (en) 2021-03-18

Family

ID=74866922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/104853 WO2021046668A1 (en) 2019-09-09 2019-09-09 Blockchain system, information transmission method, system and apparatus, and computer medium

Country Status (2)

Country Link
CN (1) CN112789824B (en)
WO (1) WO2021046668A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113239935A (en) * 2021-04-15 2021-08-10 广州广电运通金融电子股份有限公司 Image feature extraction method, device, equipment and medium based on block chain
CN113239374A (en) * 2021-05-11 2021-08-10 中国联合网络通信集团有限公司 Resource exchange method and node server
CN113609502A (en) * 2021-08-06 2021-11-05 东北大学 Space crowdsourcing system and method based on block chain
CN113761582A (en) * 2021-09-29 2021-12-07 山东省计算中心(国家超级计算济南中心) Group signature based method and system for protecting privacy of block chain transaction under supervision
CN114640462A (en) * 2022-02-17 2022-06-17 北京邮电大学 Block chain privacy protection method and device, electronic equipment and storage medium
CN115314352A (en) * 2022-07-27 2022-11-08 北京航空航天大学 Privacy-enhanced fair block chain leader election method and device
CN115829754A (en) * 2023-02-16 2023-03-21 之江实验室 Privacy protection block chain oriented transaction supervision method and device
CN115865426A (en) * 2022-11-14 2023-03-28 中国联合网络通信集团有限公司 Privacy intersection method and device
CN115865531A (en) * 2023-02-24 2023-03-28 南开大学 Proxy re-encryption digital asset authorization method
CN116633548A (en) * 2023-04-03 2023-08-22 北京熠智科技有限公司 Encryption process supervision method, device, system and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113486408B (en) * 2021-07-05 2022-08-09 建信金融科技有限责任公司 Deposit receipt management system and method based on block chain
CN113779631A (en) * 2021-09-10 2021-12-10 杭州宇链科技有限公司 Motor vehicle automatic driving operation data recording method based on block chain
CN116389164B (en) * 2023-05-26 2023-09-12 建信金融科技有限责任公司 Data detection method and device
CN117037988A (en) * 2023-08-22 2023-11-10 广州视景医疗软件有限公司 Electronic medical record storage method and device based on blockchain
CN117499159B (en) * 2023-12-27 2024-03-26 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659411A (en) * 2017-10-11 2018-02-02 深圳大学 Encrypt the method and system of the traceable user's signature of currency conditional
CN109274481A (en) * 2018-08-01 2019-01-25 中国科学院数据与通信保护研究教育中心 A kind of traceable method of data of block chain
CN110009318A (en) * 2019-03-22 2019-07-12 陕西师范大学 A kind of digital cash method for tracing based on door sieve coin

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659411A (en) * 2017-10-11 2018-02-02 深圳大学 Encrypt the method and system of the traceable user's signature of currency conditional
CN109274481A (en) * 2018-08-01 2019-01-25 中国科学院数据与通信保护研究教育中心 A kind of traceable method of data of block chain
CN110009318A (en) * 2019-03-22 2019-07-12 陕西师范大学 A kind of digital cash method for tracing based on door sieve coin

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LI YANNAN; YANG GUOMIN; SUSILO WILLY; YU YONG; AU MAN HO; LIU DONGXI: "Traceable Monero: Anonymous Cryptocurrency with Enhanced Accountability", IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, IEEE SERVICE CENTER, NEW YORK, NY, US, vol. 18, no. 2, 11 April 2019 (2019-04-11), US, pages 679 - 691, XP011842310, ISSN: 1545-5971, DOI: 10.1109/TDSC.2019.2910058 *
WANG, ZHENG, FAN JIA;CHENG LIN;AN HONG-ZHANG;ZHENG HAI-BIN;NIU JUN-XIANG;SCIENCE: "Supervised Anonymous Authentication Scheme", JOURNAL OF SOFTWARE, GAI KAN BIANJIBU, BEIJING, CN, vol. 30, no. 6, 27 March 2019 (2019-03-27), CN, pages 1705 - 1720, XP055790100, ISSN: 1000-9825, DOI: 10.13328/j.cnki.jos.005746 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113239935A (en) * 2021-04-15 2021-08-10 广州广电运通金融电子股份有限公司 Image feature extraction method, device, equipment and medium based on block chain
CN113239374A (en) * 2021-05-11 2021-08-10 中国联合网络通信集团有限公司 Resource exchange method and node server
CN113239374B (en) * 2021-05-11 2024-02-02 中国联合网络通信集团有限公司 Resource exchange method and node server
CN113609502A (en) * 2021-08-06 2021-11-05 东北大学 Space crowdsourcing system and method based on block chain
CN113609502B (en) * 2021-08-06 2023-09-26 东北大学 Space crowdsourcing system and method based on block chain
CN113761582B (en) * 2021-09-29 2023-06-16 山东省计算中心(国家超级计算济南中心) Group signature-based supervision blockchain transaction privacy protection method and system
CN113761582A (en) * 2021-09-29 2021-12-07 山东省计算中心(国家超级计算济南中心) Group signature based method and system for protecting privacy of block chain transaction under supervision
CN114640462A (en) * 2022-02-17 2022-06-17 北京邮电大学 Block chain privacy protection method and device, electronic equipment and storage medium
CN115314352A (en) * 2022-07-27 2022-11-08 北京航空航天大学 Privacy-enhanced fair block chain leader election method and device
CN115314352B (en) * 2022-07-27 2023-12-12 北京航空航天大学 Privacy-enhanced fair blockchain leader election method and device
CN115865426A (en) * 2022-11-14 2023-03-28 中国联合网络通信集团有限公司 Privacy intersection method and device
CN115865426B (en) * 2022-11-14 2024-03-26 中国联合网络通信集团有限公司 Privacy intersection method and device
CN115829754A (en) * 2023-02-16 2023-03-21 之江实验室 Privacy protection block chain oriented transaction supervision method and device
CN115865531A (en) * 2023-02-24 2023-03-28 南开大学 Proxy re-encryption digital asset authorization method
CN116633548A (en) * 2023-04-03 2023-08-22 北京熠智科技有限公司 Encryption process supervision method, device, system and storage medium

Also Published As

Publication number Publication date
CN112789824B (en) 2022-09-09
CN112789824A (en) 2021-05-11

Similar Documents

Publication Publication Date Title
WO2021046668A1 (en) Blockchain system, information transmission method, system and apparatus, and computer medium
CN111566649B (en) Verifying integrity of data stored in a federated blockchain using public side chains
CN111989893B (en) Method, system and computer readable device for generating and linking zero knowledge proofs
US11232478B2 (en) Methods and system for collecting statistics against distributed private data
CN109242675B (en) Asset publishing method and device based on block chain and electronic equipment
US11212081B2 (en) Method for signing a new block in a decentralized blockchain consensus network
CN110046996B (en) Data processing method and device
WO2021031460A1 (en) Block chain transaction settlement method and system, and related device
JP6882512B2 (en) Preventing inaccurate notification of input data by participants in secure multi-party calculations
CN111770201B (en) Data verification method, device and equipment
EP3114602B1 (en) Method and apparatus for verifying processed data
CN111801910A (en) System and method for authenticating off-chain data based on proof verification
EP3746966A1 (en) System and method for secure transaction verification in a distributed ledger system
CN111770198B (en) Information sharing method, device and equipment
CN111612600B (en) Block chain auction method, equipment, storage medium and block chain system
CN112769548B (en) Block chain numerical information transmission method, system, device and computer medium
CN109104410B (en) Information matching method and device
US20230237437A1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
CN108259180B (en) Method for quantum specifying verifier signature
CN113055178B (en) Block chain system, and method, system, device and medium for transmitting numerical information
JP2022549777A (en) Partition of requests to blockchain transactions
Kalapaaking et al. Blockchain-enabled and multisignature-powered verifiable model for securing federated learning systems
CN114629663B (en) Block chain-based digital commodity transaction method and device
CN112837064B (en) Signature method, signature verification method and signature verification device for alliance chain
CN104486311A (en) Extensibility-supporting remote data integrity check method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19944914

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19944914

Country of ref document: EP

Kind code of ref document: A1