WO2023160090A1 - Proof generation method and apparatus, electronic device, and storage medium - Google Patents

Proof generation method and apparatus, electronic device, and storage medium Download PDF

Info

Publication number
WO2023160090A1
WO2023160090A1 PCT/CN2022/135583 CN2022135583W WO2023160090A1 WO 2023160090 A1 WO2023160090 A1 WO 2023160090A1 CN 2022135583 W CN2022135583 W CN 2022135583W WO 2023160090 A1 WO2023160090 A1 WO 2023160090A1
Authority
WO
WIPO (PCT)
Prior art keywords
algorithm
verification
proof
prover
verifiable statement
Prior art date
Application number
PCT/CN2022/135583
Other languages
French (fr)
Chinese (zh)
Inventor
林渝淇
魏长征
Original Assignee
蚂蚁区块链科技(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 蚂蚁区块链科技(上海)有限公司 filed Critical 蚂蚁区块链科技(上海)有限公司
Publication of WO2023160090A1 publication Critical patent/WO2023160090A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • One or more embodiments of this specification relate to the technical field of data processing, and in particular, to a method and device for generating a certificate, electronic equipment, and a storage medium.
  • Zero-Knowledge Proof or zero-knowledge protocol consists of two parts: the prover (prover) who declares that a certain proposition is true and the verifier (verifier) who confirms that the proposition is indeed true; among them, the prover can Provide the verifier with any useful information to convince the verifier that a certain assertion is correct.
  • a zero-knowledge proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to take to complete a task.
  • the prover proves to the verifier and makes him believe that he knows or has a certain message, but the proof process cannot leak any information about the proven message to the verifier, so as to avoid leaking the privacy of the prover.
  • one or more embodiments of this specification provide a certificate generation method and device, electronic equipment, and a storage medium.
  • a proof generation method including:
  • the private data of the prover is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover;
  • a certificate generation device including:
  • An acquisition unit which acquires private data of the proving party, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the proving party;
  • a generation unit generating a corresponding certificate according to the privacy data and a certificate generation algorithm matching the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the verifiable statement meets the conditions for passing the verification.
  • an electronic device including:
  • memory for storing processor-executable instructions
  • the processor implements the method according to the first aspect by running the executable instruction.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
  • Fig. 1 is a flow chart of a certificate generation method provided by an exemplary embodiment.
  • Fig. 2 is an interaction diagram for creating a DID provided by an exemplary embodiment.
  • Fig. 3 is an interaction diagram for generating verifiable claims and corresponding proofs provided by an exemplary embodiment.
  • Fig. 4 is an interaction diagram for verifying a prover provided by an exemplary embodiment.
  • Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • Fig. 6 is a block diagram of a certificate generation device provided by an exemplary embodiment.
  • the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification.
  • the method may include more or less steps than those described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; multiple steps described in this specification may also be combined into a single step in other embodiments describe.
  • identities can be created for each user through DIS (Decentralized Identifier Service, decentralized identity service).
  • DIS can provide users with a DID (Decentralized Identifier, decentralized identity identifier) that is not restricted by any single registration center, identity service provider or authentication center, and is completely controlled by the user itself.
  • DID can be used as the identification of an entity, and the specific information such as the authority, capability, behavior and even assets of the entity can be expressed through VC (Verifiable Claim, verifiable claim).
  • VC is a descriptive statement issued by the issuer using its own distributed digital identity (DID) to endorse certain attributes of the user's DID, and is attached with the digital signature of the issuer. Then, the user can prove to other users that the attribute information about himself recorded in the VC is true and reliable by providing his own VC to other users.
  • the attribute information of the user holding the VC is recorded in the VC, and the attribute information is usually the user's private information, and there is a risk of exposing the private information when the user provides his/her own VC to other users.
  • this specification aims to provide a proof generation scheme that can protect the private information recorded in the verifiable statement held by users who adopt distributed digital identities, so that the private information is "available and invisible”.
  • FIG. 1 is a flow chart of a certificate generation method provided by an exemplary embodiment. As shown in Figure 1, the method may include the following steps:
  • Step 102 obtain private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover.
  • the certifier can request the issuer to issue a VC that records the real private information of the certifier, and the issuer can encrypt the private information recorded in the issued VC when issuing the corresponding VC to the certifier Processing, so as to realize the privacy protection of the prover.
  • the zero-knowledge proof technology can be combined to ensure that the private information of the record holder in the VC is not leaked, and it can still be used to describe the private information (prove that the private information is true and valid), that is, the private information in the VC "Available and invisible”.
  • zero-knowledge proof technology includes encryption algorithms, proof generation algorithms, and proof verification algorithms.
  • the encryption algorithm is used to encrypt the private data of the prover. Since the private data is in the form of ciphertext, a proof generation algorithm matching the encryption algorithm is required to generate a corresponding proof, which can indicate the private data of the prover. (in ciphertext form) meets the verification pass conditions set for the private data, and for the proof, it can be verified by a proof verification algorithm that matches the above proof generation algorithm to determine whether the content indicated by the proof is correct.
  • the above three types of algorithms included in the zero-knowledge proof technology are in a corresponding relationship.
  • user A's private data includes age information
  • the verification pass condition set for age is "age at least 18 years old”.
  • user A can provide his own age information to the issuer of VC (for example, trusted institutions such as civil affairs bureaus and public security organs), and the issuer will send the information to user A after verifying the authenticity of the age information and passing the verification.
  • VC for example, trusted institutions such as civil affairs bureaus and public security organs
  • user A After user A obtains VC, he can generate a certificate indicating "18 years of age" based on the age information in VC, and provide VC and certificate to the verifier (for example, a store with age restrictions for the products sold), so as to The verifier judges whether user A is over 18 years old based on VC and proof.
  • the verifier for example, a store with age restrictions for the products sold
  • the verifier judges whether user A is over 18 years old based on VC and proof.
  • user A, the issuer and the verifier pre-negotiate and determine the algorithms they use, that is, the certificate generation algorithm used by user A, the encryption algorithm used by the issuer, and the certificate verification algorithm used by the verifier match each other.
  • a commitment algorithm (Commitment) or a homomorphic encryption (Homomorphic Encryption) algorithm with homomorphic characteristics
  • the homomorphic commitment/encryption algorithm is denoted by HE()
  • the ciphertext form of plaintext t is HE(t).
  • Homomorphic commitment algorithms include Pedersen commitment, etc.
  • Homomorphic encryption algorithms include Paillier algorithm, Gentry algorithm, Okamoto–Uchiyama homomorphic encryption and Boneh-Goh-Nissim homomorphic encryption, etc.; of course, this manual does not describe the encryption algorithms used. Restrictions; for example, hashing algorithms may also be used.
  • range proof technology is a secure proof protocol in the field of cryptography, which can be used to prove that a number is within a certain reasonable range without disclosing the specific value of the number and other information. For example, zero-knowledge proof technologies such as Borromean ring signature scheme, Bulletproof scheme, and zkSNARK can be used for range proof.
  • the transaction amount can be protected through homomorphic encryption or homomorphic commitment technology, and the range proof technology can be used to ensure that the transaction amount is non-negative and the account balance is sufficient Pay (by generating a range proof that shows that the transaction amount is non-negative and the account balance is sufficient to pay).
  • a random character string can be used as a mask to improve the randomness of the encrypted ciphertext data, thereby preventing the ciphertext data from being cracked by force.
  • the plaintext private information is age
  • the encryption algorithm used is hash operation. Since the numerical range of age is small, if the age is directly hashed, the total amount of generated ciphertext data will be relatively small, so easy It was cracked violently, thus revealing the user's age privacy.
  • a random string can be generated (generated by the prover and provided to the issuer, or generated by the issuer), and the random string can be concatenated with plaintext private information to obtain private data, and then the private data can be encrypted to obtain ciphertext data.
  • the private data in this embodiment includes plaintext private information and random character strings of the prover.
  • the issuer can verify the authenticity of the plaintext private information provided by the prover, so as to generate an original verifiable statement if the authenticity check passes.
  • the original verifiable statement Contains plaintext privacy information, random strings, and ciphertext data.
  • the prover can obtain the original verifiable statement generated by the issuer after verifying the plaintext private information, and delete the plaintext private information and random strings in the original verifiable statement to obtain a verifiable statement.
  • the verifiable statement is It is a verifiable statement that can be provided to the verifier for verification later. It should be noted that this specification does not limit the specific manner of the above-mentioned authenticity verification operation.
  • the issuer can distinguish the first statement content (including the statement issuer, statement receiver, statement expiration time, Statement issuance time, etc., will be described in detail below) to sign to obtain the first signature, and record the first signature in the original verifiable statement.
  • the original verifiable statement contains the issuer's first signature on the content of the first statement in the original verifiable statement, and the issuer endorses the certifier through the first signature.
  • the verifier determines that the prerequisites for the prover to pass the verification include passing the verification of the certificate corresponding to the verifiable statement and passing the verification of the first signature.
  • the issuer can sign the content of the second statement in the original verifiable statement (including at least plaintext private information and random strings) to obtain the second signature, and record the second signature in the original verifiable statement, That is, the original verifiable statement includes the issuer's second signature on the content of the second statement in the original verifiable statement. Then, after obtaining the original verifiable statement, the prover can perform signature verification on the second signature contained in the original verifiable statement, so that if the second signature verification passes (indicating that the original verifiable statement was generated by the issuer and has not been tampered with) to generate the above verifiable claim.
  • Step 104 Generate a corresponding certificate according to the private data and a certificate generation algorithm that matches the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the verifiable statement meets the conditions for passing the verification.
  • the proving party after the proving party obtains the verifiable statement, it can generate a certificate corresponding to the verifiable statement, which is used to show that the ciphertext data recorded in the verifiable statement meets the verification pass condition (can be set by the verifier or provide).
  • the prover can input the private data, the verification pass condition, and the judgment result indicating that the private data meets the verification pass condition into the proof generation algorithm to generate the above proof.
  • user A's age is 25 years old
  • the verification qualification set by the verification party for age is "age over 18 years old”. Since 25 years old > 18 years old, the judgment result is "Yes", that is, the judgment result is the user A's age meets the verification pass condition "age at least 18 years old”. Therefore, the prover can input "user A's age is 25 years old", “age is over 18 years old” and the judgment result is "yes” into the proof generation algorithm to generate a proof corresponding to the verifiable statement.
  • each set of algorithms includes mutually matching encryption algorithms, proof generation algorithms, and proof verification algorithms.
  • the issuer, prover, and verifier did not pre-negotiate which algorithm based on zero-knowledge proof technology.
  • the issuer records in the original verifiable statement the algorithm identification of the proof generation algorithm and the proof verification algorithm that match the encryption algorithm adopted by itself, so as to instruct the corresponding user to adopt The algorithm corresponding to the algorithm ID.
  • the verifiable statement includes the first algorithm identification of the proof generation algorithm, and the first algorithm identification is used to instruct the prover to determine the corresponding proof generation algorithm according to the first algorithm identification; and/or, the verifiable statement includes the proof verification algorithm
  • the second algorithm identifier, the second algorithm identifier is used to instruct the verifier to determine the proof verification algorithm according to the second algorithm identifier.
  • Fig. 2 is an interaction diagram for creating a DID provided by an exemplary embodiment. As shown in Figure 2, the interaction process may include the following steps:
  • step 202 the prover creates a DID, a key pair corresponding to the DID and a corresponding DID document.
  • the user as the certifier can log in his own user account on the used client, so that the client can be used as the certifier.
  • DIS Decentralized Identifier Service, decentralized identity service
  • DIS can be used to create identities for each user.
  • DIS can provide users with an identity that is not restricted by any single registration center, identity service provider or authentication center, and is completely controlled by the user.
  • DID Decentralized Identifier, decentralized identity identifier. Take the DID created by the prover as an example.
  • the key pair corresponding to the DID of the prover includes a public key and a private key.
  • the public key needs to be published to the blockchain for deposit, while the private key corresponding to the DID of the prover is kept by the prover. , such as being saved locally on the above-mentioned client.
  • a DID (Decentralized Identifier, decentralized identity identifier) corresponds to an entity (for example, VC issuer, certifier, verifier and other users), and for the specific use of the DID, it is up to and The DID document (DID Document) description corresponding to the DID.
  • the DID document is used to describe how to use the corresponding DID, at least including the public key of the corresponding DID; in addition, information such as encryption method, proof purpose, verification method and server can also be recorded. Among them, the proof purpose is combined with the verification method to provide a mechanism for proving things.
  • a DID document can specify a specific authentication method, such as a cryptographic public key or a pseudonymous biometric protocol, that can be used to authenticate methods created for the purpose.
  • Service endpoints support trusted interactions with DID controllers.
  • DID and DID documents can be directly registered on the blockchain or other distributed networks without applying to a centralized registration agency.
  • non-tamperable, hash encryption and other characteristics of distributed network technologies such as blockchain, it is possible to realize the Digital identities are truly owned and controlled by users, and there is no longer any middleman (even DID technology providers) who owns and controls users' identities and data.
  • Step 204 the prover creates a transaction for depositing the DID and the DID document.
  • Step 206 the prover submits the transaction for depositing the DID and the DID document to the blockchain network.
  • Step 208 the blockchain network deposits the DID and the DID document on the blockchain.
  • Step 210 the prover obtains the receipt of the successful creation of the DID from the blockchain network.
  • the blockchain network can generate an event for recording the success of the certificate DID and the DID document, and store it in the blockchain log. Then, the prover can obtain the event through the callback mechanism of the blockchain, so as to determine that the DID and the DID document have been stored on the blockchain, that is, the prover succeeds in creating the DID. Alternatively, a corresponding prompt message can also be generated for the prover to view, so as to inform the prover that the DID is successfully created on the chain.
  • Fig. 3 is an interaction diagram for generating verifiable claims and corresponding proofs provided by an exemplary embodiment. As shown in Figure 3, the interaction process may include the following steps:
  • the certifier creates a statement issuance request (including the certifier DID, plaintext private information and identity information of the certifier).
  • Step 304 the certification sends a claim issuance request to the issuer.
  • step 306 the issuer reads the certifier DID included in the statement issuance request.
  • Step 308 the issuer initiates a query transaction for the DID of the prover to the blockchain network.
  • step 310 the blockchain network queries the DID document corresponding to the DID of the prover in response to the query transaction.
  • Step 312 the blockchain network returns the queried DID document to the issuer.
  • Step 314 the issuer sends a DID authentication challenge message (including challenge data) to the prover.
  • the public key corresponding to the DID of the certifier is recorded in the DID file of the certifier DID, so the public key can be used to verify the certifier DID in the statement issuance request Whether it is the DID actually held by the certifier, that is, to verify whether the certifier is the legal owner of the certifier DID in the statement issuance request.
  • the issuer can randomly generate a challenge data (for example, a character string), and send the challenge data to the certifier through a DID authentication challenge message (DID auth challenge) to instruct the certifier to pass its own private key (that is, the same as the certifier DID corresponding private key) to sign it, and return the challenge data and signature. Then, the issuer can use the public key in the DID document to perform signature verification on the signature, and then confirm that the certifier is the legal owner of the certifier DID recorded in the statement issuance request if the signature verification is passed.
  • a challenge data for example, a character string
  • DID auth challenge a DID authentication challenge message
  • the issuer can use the public key in the DID document to perform signature verification on the signature, and then confirm that the certifier is the legal owner of the certifier DID recorded in the statement issuance request if the signature verification is passed.
  • Step 316 the prover signs the challenge data through the private key corresponding to the prover DID.
  • Step 318 the prover returns challenge data to the issuer.
  • Step 320 the issuer uses the public key in the DID document to perform signature verification.
  • a method of adding a signature to the statement issuing request may also be used.
  • the certifier adds a signature for the content of the statement issuance request to the created statement issuance request, and the issuer can use the public key recorded in the DID document to sign the signature in the statement issuance request after obtaining the DID document Verification to confirm that the prover is the legal owner of the prover DID recorded in the claim issuance request.
  • step 322 the issuer verifies the authenticity of the plaintext private information if the signature verification is passed.
  • the identity information of the certifier when creating a statement issuance request, may be recorded in the statement issuance request as a basis for the issuer to verify the authenticity of the plaintext private information. Then, after the verification of the DID of the prover is completed, the authenticity of the plaintext private information can be further verified according to the identity information of the prover recorded in the statement issuance request.
  • the identity information of the certifier may include the certifier's ID number, place of origin, date of birth, household registration information, etc., then the issuing party (such as the Civil Affairs Bureau or public security organ) can verify the authenticity of the certifier's age based on the above identity information. check.
  • step 324 if the verification is passed, the issuer uses an encryption algorithm to encrypt the plaintext private information and random character strings to obtain ciphertext data, and generates an original verifiable statement for the ciphertext data.
  • DID is an identifier of an entity, and specific information such as rights, capabilities, behaviors, and assets owned by the entity is expressed through VC. It should be noted that a DID can have one or more VCs. For example, the following fields can be included in VC:
  • issuer statement issuer (issuer);
  • proof of validity (different from the proof generated by the above-mentioned prover).
  • the issuer can generate a random string, and then splice it with the plaintext private information, and then use an encryption algorithm to encrypt the spliced string to obtain ciphertext data.
  • the issuer can record its own DID (that is, the issuer DID) in the issuer, record the DID of the certifying party in the didsubject, record the expiration time of the statement in expire, record the time when the VC is issued in the issuance date, and record the plaintext in the claim Private information, random strings, and ciphertext data.
  • the claim field can be extended to further include plaintext, random, and commitment. Plaintext is used to record plaintext private information, such as age; random is used to record random strings, and commitment is used to record ciphertext data.
  • the issuer can use its own private key to declare other content in the VC except plaintext privacy information and random strings (that is, the first statement content, including ciphertext data) to obtain the first signature, and record the first signature in the proof, for example, in the zkpsignaturevalue field of the proof; on the other hand, the issuer can use its own private key pair to at least include plaintext privacy information and random strings
  • the content of the statement that is, the content of the second statement
  • the second signature is recorded in the proof, for example, in the signaturevalue field of the proof.
  • each set of algorithms includes matching encryption algorithms, proof generation algorithms, and proof verification algorithms.
  • the issuer, prover, and verifier did not pre-negotiate which algorithm based on zero-knowledge proof technology.
  • the issuer in the process of generating the original verifiable statement, the issuer can record in the original verifiable statement the algorithm identification of the proof generation algorithm and the proof verification algorithm that match the encryption algorithm adopted by itself, so as to indicate that the corresponding user The algorithm corresponding to the algorithm ID is adopted.
  • the issuer, the certifier and the verifier pre-negotiate which algorithm based on the zero-knowledge proof technology to use, there is no need to record the above-mentioned algorithm identification.
  • Step 326 the issuer returns the original verifiable statement to the prover.
  • the prover can perform signature verification on the first signature and the second signature respectively, so that subsequent steps can be performed when both signature verifications pass.
  • step 328 the prover obtains plaintext private information and random character strings.
  • the random string is claimed by the issuer, then the prover can read the random string recorded in the original verifiable claim.
  • the random string is generated by the prover and provided to the issuer (such as through a claim issuance request), then the prover can first read the random string recorded in the original verifiable claim, and then compare it with the self-generated Random strings are compared to perform subsequent steps if the comparison is consistent.
  • step 330 the prover obtains the verification passing conditions and judgment results.
  • step 332 the prover inputs the plaintext private information, random character strings, verification passing conditions and judgment results into the proof generation algorithm to generate a proof.
  • the age of user A (private information in plain text) is 25 years old, the random string is h@$fwehdu, and the age-based verification pass condition set by the verification party is "18 years of age”. Since 25 years old > 18 years old , the judgment result is "Yes", that is, the judgment result is that the age of user A meets the verification passing condition "age over 18 years old". Therefore, the prover can first concatenate the plaintext private information "user A's age is 25" and the random string "h@$fwehdu", and then combine the concatenated string, the verification passing condition "age over 18" and judge The result "yes” is input to the proof generation algorithm to generate a proof corresponding to the verifiable claim.
  • step 334 the prover deletes the plaintext private information and random strings in the original verifiable statement to obtain the final verifiable statement.
  • the obtained from the issuer can be The plaintext field and the random field in the VC are deleted (the second signature can also be deleted), so as to obtain the final usable VC.
  • Fig. 4 is an interaction diagram for verifying a prover provided by an exemplary embodiment. As shown in Figure 4, the interaction process may include the following steps:
  • Step 402 the prover creates a verification request (including the prover DID).
  • Step 404 the prover sends a verification request to the verifier.
  • step 406 the verifier verifies the DID of the prover.
  • the prover Since the prover expresses its own identity through DID, the prover needs to provide the prover DID to the verifier, so that the verifier can verify the prover DID, that is, verify that the prover is the legal owner of the provided prover DID.
  • the verifier For the process of verifying the DID of the prover, reference may be made to steps 308-320 in FIG. 3 above, which will not be repeated here.
  • Step 408 the prover sends the verifiable statement and corresponding proof to the verifier.
  • the prover needs to prove to the verifier that its private information meets the verification pass conditions set by the verifier, then it needs to provide the verifier with the VC obtained in the embodiment shown in Figure 3 above and the corresponding certificate.
  • Step 410 the verifier verifies the verifiable claim.
  • the verifier can use the issuer's public key to perform signature verification on the first signature in the verifiable statement, thereby verifying the data integrity of the verifiable statement (whether it has been tampered with) and whether it is issued by the issuer.
  • the issuer DID since the issuer DID is recorded in the issuer field of the verifiable statement, the public key of the issuer can be queried from the blockchain network according to the issuer DID. The specific process is similar to the above steps 306-312 and will not be repeated here.
  • Step 412 the verifier verifies the certificate.
  • the verifier can verify the ciphertext data in the verifiable statement through the proof verification algorithm and the proof, and determine whether the ciphertext data meets the verification passing condition. Wherein, in the case that the certificate verification and the first signature verification pass, it may be determined that the prover has passed the verification.
  • Step 414 the verifier determines that the prover passes the verification, and executes relevant business operations for the prover.
  • Step 416 the verifier returns the execution result of the business operation to the prover.
  • the Internet cafe verifier can generate a payment order for user A and return the payment order information to user A's client.
  • this specification also provides an embodiment of a certificate generation device.
  • Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • the device includes a processor 502 , an internal bus 504 , a network interface 506 , a memory 508 and a non-volatile memory 510 , and of course it may also include hardware required by other services.
  • the processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it, forming a certificate generation device on a logical level.
  • one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each A logic unit, which can also be a hardware or logic device.
  • the certificate generation device may include:
  • the acquiring unit 61 is configured to acquire private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover;
  • the generation unit 62 generates a corresponding certificate according to the private data and the certificate generation algorithm matching the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the above verifiable statement meets the conditions for passing the verification.
  • the generating unit 62 is specifically used for:
  • the verifiable statement includes a first algorithm identification of the proof generation algorithm, and the first algorithm identification is used to instruct the prover to determine the proof generation algorithm according to the first algorithm identification;
  • the verifiable statement includes a second algorithm identification of the proof verification algorithm, and the second algorithm identification is used to instruct the verifier to determine the proof verification algorithm according to the second algorithm identification.
  • the privacy data includes plaintext privacy information and random character strings of the prover.
  • the acquisition unit 61 is also used for:
  • the original verifiable statement includes the plaintext privacy information, the random character string and the ciphertext data;
  • the original verifiable statement includes the issuer's first signature on the content of the first statement in the original verifiable statement, and the content of the first statement is different from the plaintext privacy information and the random string ;
  • the verifier determines that the preconditions for the verification of the certifying party include passing the verification of the certificate and passing the verification of the first signature.
  • the original verifiable statement includes a second signature of the issuer on the content of the second statement in the original verifiable statement, and the content of the second statement includes at least the plaintext privacy information and the random string ;
  • the device also includes:
  • the verification unit 63 is configured to verify the second signature, so as to generate the verifiable statement when the verification of the second signature passes.
  • a typical implementing device is a computer, which may take the form of a personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media player, navigation device, e-mail device, game control device, etc. desktops, tablets, wearables, or any combination of these.
  • a computer includes one or more processors (CPUs), input/output interfaces, network interfaces and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in computer readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • Computer-readable media including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information.
  • Information may be computer readable instructions, data structures, modules of a program, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by computing devices.
  • computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used in one or more embodiments of the present specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of one or more embodiments of the present specification, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word “if” as used herein may be interpreted as “at” or "when” or "in response to a determination.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present description provides a proof generation method and apparatus, an electronic device, and a storage medium. The method may comprise: obtaining private data of a prover, the private data being encrypted by means of an encryption algorithm based on the zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data being recorded in a verifiable claim of the prover; and generating a corresponding proof according to the private data and a proof generation algorithm matched with the encryption algorithm, the proof being used for proving, under the verification of a proof verification algorithm matched with the proof generation algorithm, that the ciphertext data in the verifiable claim meets a verification passing condition.

Description

证明生成方法及装置、电子设备、存储介质Proof generation method and device, electronic device, storage medium
本申请要求于2022年02月25日提交中国专利局、申请号为202210178102.7、发明名称为“证明生成方法及装置、电子设备、存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202210178102.7 and the title of the invention "proof generation method and device, electronic equipment, storage medium" submitted to the China Patent Office on February 25, 2022, the entire contents of which are incorporated by reference in this application.
技术领域technical field
本说明书一个或多个实施例涉及数据处理技术领域,尤其涉及一种证明生成方法及装置、电子设备、存储介质。One or more embodiments of this specification relate to the technical field of data processing, and in particular, to a method and device for generating a certificate, electronic equipment, and a storage medium.
背景技术Background technique
出于对隐私保护的考虑,用户在使用自身隐私数据的同时,也希望隐私数据不被泄露。零知识证明(Zero-Knowledge Proof)或零知识协议包括两部分:宣称某一命题为真的证明者(prover)和确认该命题确实为真的验证者(verifier);其中,证明者能够在不向验证者提供任何有用的信息的情况下,使验证者相信某个论断是正确的。Out of consideration for privacy protection, users also hope that private data will not be leaked while using their own private data. Zero-Knowledge Proof (Zero-Knowledge Proof) or zero-knowledge protocol consists of two parts: the prover (prover) who declares that a certain proposition is true and the verifier (verifier) who confirms that the proposition is indeed true; among them, the prover can Provide the verifier with any useful information to convince the verifier that a certain assertion is correct.
零知识证明实质上是一种涉及两方或更多方的协议,即两方或更多方完成一项任务所需采取的一系列步骤。证明者向验证者证明并使其相信自己知道或拥有某一消息,但证明过程不能向验证者泄漏任何关于被证明消息的信息,从而避免泄露证明者的隐私。A zero-knowledge proof is essentially an agreement involving two or more parties, that is, a series of steps that two or more parties need to take to complete a task. The prover proves to the verifier and makes him believe that he knows or has a certain message, but the proof process cannot leak any information about the proven message to the verifier, so as to avoid leaking the privacy of the prover.
发明内容Contents of the invention
有鉴于此,本说明书一个或多个实施例提供一种证明生成方法及装置、电子设备、存储介质。In view of this, one or more embodiments of this specification provide a certificate generation method and device, electronic equipment, and a storage medium.
为实现上述目的,本说明书一个或多个实施例提供技术方案如下:In order to achieve the above purpose, one or more embodiments of this specification provide technical solutions as follows:
根据本说明书一个或多个实施例的第一方面,提出了一种证明生成方法,包括:According to a first aspect of one or more embodiments of the present specification, a proof generation method is proposed, including:
获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中;Obtain the private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover;
根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验证通过条件。Generate a corresponding certificate based on the privacy data and a certificate generation algorithm that matches the encryption algorithm, and the certificate is used to indicate the verifiable statement under the verification of a certificate verification algorithm that matches the certificate generation algorithm The ciphertext data in meets the verification criteria.
根据本说明书一个或多个实施例的第二方面,提出了一种证明生成装置,包括:According to a second aspect of one or more embodiments of the present specification, a certificate generation device is proposed, including:
获取单元,获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中;An acquisition unit, which acquires private data of the proving party, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the proving party;
生成单元,根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验证通过条件。A generation unit, generating a corresponding certificate according to the privacy data and a certificate generation algorithm matching the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the verifiable statement meets the conditions for passing the verification.
根据本说明书一个或多个实施例的第三方面,提出了一种电子设备,包括:According to a third aspect of one or more embodiments of the present specification, an electronic device is provided, including:
处理器;processor;
用于存储处理器可执行指令的存储器;memory for storing processor-executable instructions;
其中,所述处理器通过运行所述可执行指令以实现如第一方面所述的方法。Wherein, the processor implements the method according to the first aspect by running the executable instruction.
根据本说明书一个或多个实施例的第四方面,提出了一种计算机可读存储介质,其上存储有计算机 指令,该指令被处理器执行时实现如第一方面所述方法的步骤。According to a fourth aspect of one or more embodiments of the present specification, a computer-readable storage medium is provided, on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the first aspect are implemented.
附图说明Description of drawings
图1是一示例性实施例提供的一种证明生成方法的流程图。Fig. 1 is a flow chart of a certificate generation method provided by an exemplary embodiment.
图2是一示例性实施例提供的创建DID的交互图。Fig. 2 is an interaction diagram for creating a DID provided by an exemplary embodiment.
图3是一示例性实施例提供的生成可验证声明和相应证明的交互图。Fig. 3 is an interaction diagram for generating verifiable claims and corresponding proofs provided by an exemplary embodiment.
图4是一示例性实施例提供的验证证明方的交互图。Fig. 4 is an interaction diagram for verifying a prover provided by an exemplary embodiment.
图5是一示例性实施例提供的一种设备的结构示意图。Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
图6是一示例性实施例提供的一种证明生成装置的框图。Fig. 6 is a block diagram of a certificate generation device provided by an exemplary embodiment.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. Implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of this specification. Rather, they are merely examples of apparatuses and methods consistent with aspects of one or more embodiments of the present specification as recited in the appended claims.
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or less steps than those described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; multiple steps described in this specification may also be combined into a single step in other embodiments describe.
在相关技术中,可通过DIS(Decentralized Identifier Service,去中心化的身份服务)来为各个用户创建身份。DIS可为用户提供不受任何单一注册中心、身份服务商或者认证中心限制的,完全由用户自身控制的DID(Decentralized Identifier,去中心化身份标识符)。DID可作为一个实体的标识,而对于该实体拥有哪些权限、能力、行为甚至资产等具体信息,则可通过VC(Verifiable Claim,可验证声明)来表示。VC是颁发方使用自身的分布式数字身份(DID)给用户的DID的某些属性做背书而签发的描述性声明,并附加有颁发方的数字签名。那么,用户可通过向其他用户提供自身的VC,从而向该其他用户证明VC中记录的关于自身的属性信息为真实可靠的。In related technologies, identities can be created for each user through DIS (Decentralized Identifier Service, decentralized identity service). DIS can provide users with a DID (Decentralized Identifier, decentralized identity identifier) that is not restricted by any single registration center, identity service provider or authentication center, and is completely controlled by the user itself. DID can be used as the identification of an entity, and the specific information such as the authority, capability, behavior and even assets of the entity can be expressed through VC (Verifiable Claim, verifiable claim). VC is a descriptive statement issued by the issuer using its own distributed digital identity (DID) to endorse certain attributes of the user's DID, and is attached with the digital signature of the issuer. Then, the user can prove to other users that the attribute information about himself recorded in the VC is true and reliable by providing his own VC to other users.
由此可见,VC中记录有持有该VC的用户的属性信息,而属性信息通常为用户的隐私信息,用户在向其他用户提供自身的VC时存在暴露隐私信息的风险。对此,本说明书旨在提供一种证明生成方案,可对采用分布式数字身份的用户所持有可验证声明中记录的隐私信息进行保护,从而使得隐私信息“可用不可见”。It can be seen that the attribute information of the user holding the VC is recorded in the VC, and the attribute information is usually the user's private information, and there is a risk of exposing the private information when the user provides his/her own VC to other users. In this regard, this specification aims to provide a proof generation scheme that can protect the private information recorded in the verifiable statement held by users who adopt distributed digital identities, so that the private information is "available and invisible".
请参见图1,图1是一示例性实施例提供的一种证明生成方法的流程图。如图1所示,该方法可以包括以下步骤:Please refer to FIG. 1 , which is a flow chart of a certificate generation method provided by an exemplary embodiment. As shown in Figure 1, the method may include the following steps:
步骤102,获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中。 Step 102, obtain private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover.
在本实施例中,证明方可向颁发方请求颁发记录有证明方真实的隐私信息的VC,颁发方在向证明方颁发相应的VC时,可对所颁发的VC中记录的隐私信息进行加密处理,从而实现对证明方的隐私保护。其中,可结合零知识证明技术来保证VC中所记录持有者的隐私信息不被泄露的前提下,仍然可用于描述该隐私信息(证明该隐私信息真实有效),即使得VC中的隐私信息“可用不可见”。In this embodiment, the certifier can request the issuer to issue a VC that records the real private information of the certifier, and the issuer can encrypt the private information recorded in the issued VC when issuing the corresponding VC to the certifier Processing, so as to realize the privacy protection of the prover. Among them, the zero-knowledge proof technology can be combined to ensure that the private information of the record holder in the VC is not leaked, and it can still be used to describe the private information (prove that the private information is true and valid), that is, the private information in the VC "Available and invisible".
具体而言,零知识证明技术中包含加密算法、证明生成算法和证明验证算法。其中,加密算法用于对证明方的隐私数据进行加密,由于隐私数据为密文形式,需要采用与该加密算法相匹配的证明生成算法来生成相应的证明,该证明可表明证明方的隐私数据(密文形式)符合针对该隐私数据设定的验证通过条件,而对于该证明,则可通过与上述证明生成算法相匹配的证明验证算法来进行验证,确定该证明表明的内容是否正确。简而言之,在加密隐私数据、生成证明、验证证明的过程中,零知识证明技术包含的上述三类算法之间为相互对应的关系。Specifically, zero-knowledge proof technology includes encryption algorithms, proof generation algorithms, and proof verification algorithms. Among them, the encryption algorithm is used to encrypt the private data of the prover. Since the private data is in the form of ciphertext, a proof generation algorithm matching the encryption algorithm is required to generate a corresponding proof, which can indicate the private data of the prover. (in ciphertext form) meets the verification pass conditions set for the private data, and for the proof, it can be verified by a proof verification algorithm that matches the above proof generation algorithm to determine whether the content indicated by the proof is correct. In short, in the process of encrypting private data, generating certificates, and verifying certificates, the above three types of algorithms included in the zero-knowledge proof technology are in a corresponding relationship.
举例而言,用户A的隐私数据包含年龄信息,而针对年龄设定的验证通过条件为“年龄满18周岁”。 那么,用户A可向VC的颁发者(比如,民政局、公安机关等可信机构)提供自身的年龄信息,由颁发者在对年龄信息进行真实性校验并校验通过后,向用户A颁发相应的VC,该VC中记录有密文形式的年龄信息。用户A在获取VC后,可针对VC中的年龄信息生成用于表明“年龄满18周岁”的证明,并向验证者(比如,对于所出售商品具有年龄限制的商店)提供VC和证明,以由验证者基于VC和证明来判断用户A是否年满18周岁。其中,用户A、颁发者和验证者之间预先协商确定了各自使用的算法,即用户A使用的证明生成算法、颁发者使用的加密算法和验证者使用的证明验证算法之间互相匹配。For example, user A's private data includes age information, and the verification pass condition set for age is "age at least 18 years old". Then, user A can provide his own age information to the issuer of VC (for example, trusted institutions such as civil affairs bureaus and public security organs), and the issuer will send the information to user A after verifying the authenticity of the age information and passing the verification. A corresponding VC is issued, and age information in ciphertext is recorded in the VC. After user A obtains VC, he can generate a certificate indicating "18 years of age" based on the age information in VC, and provide VC and certificate to the verifier (for example, a store with age restrictions for the products sold), so as to The verifier judges whether user A is over 18 years old based on VC and proof. Among them, user A, the issuer and the verifier pre-negotiate and determine the algorithms they use, that is, the certificate generation algorithm used by user A, the encryption algorithm used by the issuer, and the certificate verification algorithm used by the verifier match each other.
而对于零知识证明技术,可采用同态特性的承诺算法(Commitment)或者同态加密(Homomorphic Encryption)算法等。为了方便描述,以记号HE()表示同态承诺/加密算法,对于明文t,其密文形式为HE(t)。同态承诺/加密是一种特殊的加密方法,允许对密文进行处理得到仍然是加密的结果,即对密文直接进行处理,与对明文进行处理后再对处理结果加密得到的结果相同。以加法同态为例,HE(t1)+HE(t2)=HE(t1+t2)。同态承诺算法包括Pedersen承诺等,同态加密算法包括Paillier算法、Gentry算法、Okamoto–Uchiyama同态加密和Boneh-Goh-Nissim同态加密等等;当然,本说明书并不对所采用的加密算法进行限制;比如,还可采用哈希算法。相应的,范围证明技术是密码学领域的一种安全的证明协议,可用于证明一个数字在某一合理区间并且不泄露该数字的具体数值等信息。例如,Borromean环签名方案、Bulletproof方案、zkSNARK等零知识证明技术均可用于范围证明。For the zero-knowledge proof technology, a commitment algorithm (Commitment) or a homomorphic encryption (Homomorphic Encryption) algorithm with homomorphic characteristics can be used. For the convenience of description, the homomorphic commitment/encryption algorithm is denoted by HE(), and the ciphertext form of plaintext t is HE(t). Homomorphic commitment/encryption is a special encryption method that allows processing the ciphertext to obtain an encrypted result, that is, directly processing the ciphertext is the same as processing the plaintext and then encrypting the processing result. Taking additive homomorphism as an example, HE(t1)+HE(t2)=HE(t1+t2). Homomorphic commitment algorithms include Pedersen commitment, etc. Homomorphic encryption algorithms include Paillier algorithm, Gentry algorithm, Okamoto–Uchiyama homomorphic encryption and Boneh-Goh-Nissim homomorphic encryption, etc.; of course, this manual does not describe the encryption algorithms used. Restrictions; for example, hashing algorithms may also be used. Correspondingly, range proof technology is a secure proof protocol in the field of cryptography, which can be used to prove that a number is within a certain reasonable range without disclosing the specific value of the number and other information. For example, zero-knowledge proof technologies such as Borromean ring signature scheme, Bulletproof scheme, and zkSNARK can be used for range proof.
基于上述同态的特点,以转账为例,出于交易隐私保护的目的,可以通过同态加密或同态承诺技术对交易金额进行保护,以及利用范围证明技术保证交易额非负且账户余额足够支付(通过生成用于表明交易额非负且账户余额足够支付的范围证明)。Based on the above homomorphic characteristics, taking transfer as an example, for the purpose of transaction privacy protection, the transaction amount can be protected through homomorphic encryption or homomorphic commitment technology, and the range proof technology can be used to ensure that the transaction amount is non-negative and the account balance is sufficient Pay (by generating a range proof that shows that the transaction amount is non-negative and the account balance is sufficient to pay).
在本实施例中,在对证明方的明文隐私信息进行加密时,可通过随机字符串作为掩码来提高加密得到的密文数据的随机性,从而防止密文数据被暴力破解。比如,明文隐私信息为年龄,采用的加密算法为哈希运算,由于年龄的数值范围较小,若直接对年龄进行哈希运算,则生成的密文数据的总数量则相应较少,那么容易被暴力破解,从而泄露用户的年龄隐私。因此,可(由证明方生成并提供至颁发方,或者由颁发方生成)生成一随机字符串,将该随机字符串与明文隐私信息进行拼接得到隐私数据,然后再对该隐私数据进行加密得到密文数据。换言之,本实施例中的隐私数据包含证明方的明文隐私信息和随机字符串。In this embodiment, when encrypting the plaintext private information of the prover, a random character string can be used as a mask to improve the randomness of the encrypted ciphertext data, thereby preventing the ciphertext data from being cracked by force. For example, the plaintext private information is age, and the encryption algorithm used is hash operation. Since the numerical range of age is small, if the age is directly hashed, the total amount of generated ciphertext data will be relatively small, so easy It was cracked violently, thus revealing the user's age privacy. Therefore, a random string can be generated (generated by the prover and provided to the issuer, or generated by the issuer), and the random string can be concatenated with plaintext private information to obtain private data, and then the private data can be encrypted to obtain ciphertext data. In other words, the private data in this embodiment includes plaintext private information and random character strings of the prover.
进一步的,颁发方在向证明方颁发VC之前,可对证明方提供的明文隐私信息进行真实性校验,从而在真实性校验通过的情况下生成原始可验证声明,该原始可验证声明中包含明文隐私信息、随机字符串和密文数据。然后,证明方可获取颁发方在验证明文隐私信息通过的情况下生成的原始可验证声明,并删除原始可验证声明中的明文隐私信息和随机字符串以得到可验证声明,该可验证声明则是后续可提供至验证方进行验证的可验证声明。需要说明的是,本说明书并不对上述真实性校验操作的具体方式进行限制。Furthermore, before issuing the VC to the prover, the issuer can verify the authenticity of the plaintext private information provided by the prover, so as to generate an original verifiable statement if the authenticity check passes. In the original verifiable statement Contains plaintext privacy information, random strings, and ciphertext data. Then, the prover can obtain the original verifiable statement generated by the issuer after verifying the plaintext private information, and delete the plaintext private information and random strings in the original verifiable statement to obtain a verifiable statement. The verifiable statement is It is a verifiable statement that can be provided to the verifier for verification later. It should be noted that this specification does not limit the specific manner of the above-mentioned authenticity verification operation.
而在颁发方生成原始可验证声明的过程中,颁发方可对原始可验证声明中区别于明文隐私信息和随机字符串的第一声明内容(包含声明颁发方、声明接收方、声明过期时间、声明颁发时间等,下文将详细进行说明)进行签名得到第一签名,并将第一签名记录在原始可验证声明中。换言之,原始可验证声明中包含颁发方针对原始可验证声明中第一声明内容的第一签名,颁发方通过第一签名为证明方背书。基于原始可验证声明中包含颁发方的第一签名,那么验证方判定证明方验证通过的前提条件包括与可验证声明对应的证明验证通过且第一签名验证通过。In the process of generating the original verifiable statement by the issuer, the issuer can distinguish the first statement content (including the statement issuer, statement receiver, statement expiration time, Statement issuance time, etc., will be described in detail below) to sign to obtain the first signature, and record the first signature in the original verifiable statement. In other words, the original verifiable statement contains the issuer's first signature on the content of the first statement in the original verifiable statement, and the issuer endorses the certifier through the first signature. Based on the fact that the original verifiable statement contains the issuer's first signature, the verifier determines that the prerequisites for the prover to pass the verification include passing the verification of the certificate corresponding to the verifiable statement and passing the verification of the first signature.
除此之外,颁发方可对原始可验证声明中的第二声明内容(至少包括明文隐私信息和随机字符串)进行签名得到第二签名,并将第二签名记录在原始可验证声明中,即原始可验证声明中包含颁发方针对原始可验证声明中第二声明内容的第二签名。那么,证明方在获取到原始可验证声明后,可对原始可验证声明中包含的第二签名进行签名验证,以在第二签名验证通过的情况下(表明该原始可验证声明由颁发方生成并且未被篡改)生成上述可验证声明。In addition, the issuer can sign the content of the second statement in the original verifiable statement (including at least plaintext private information and random strings) to obtain the second signature, and record the second signature in the original verifiable statement, That is, the original verifiable statement includes the issuer's second signature on the content of the second statement in the original verifiable statement. Then, after obtaining the original verifiable statement, the prover can perform signature verification on the second signature contained in the original verifiable statement, so that if the second signature verification passes (indicating that the original verifiable statement was generated by the issuer and has not been tampered with) to generate the above verifiable claim.
步骤104,根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验 证通过条件。Step 104: Generate a corresponding certificate according to the private data and a certificate generation algorithm that matches the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the verifiable statement meets the conditions for passing the verification.
在本实施例中,证明方在获取可验证声明后,可生成对应于可验证声明的证明,该证明用于表明该可验证声明中记录的密文数据符合验证通过条件(可由验证方设定或提供)。具体而言,证明方可将隐私数据、验证通过条件以及用于表明该隐私数据符合验证通过条件的判断结果输入证明生成算法以生成上述证明。In this embodiment, after the proving party obtains the verifiable statement, it can generate a certificate corresponding to the verifiable statement, which is used to show that the ciphertext data recorded in the verifiable statement meets the verification pass condition (can be set by the verifier or provide). Specifically, the prover can input the private data, the verification pass condition, and the judgment result indicating that the private data meets the verification pass condition into the proof generation algorithm to generate the above proof.
承接于上述举例,用户A的年龄为25岁,验证方针对年龄设定的验证通过条件为“年龄满18周岁”,由于25岁>18岁,判断结果为“是”,即判断结果为用户A的年龄符合验证通过条件“年龄满18周岁”。因此,证明方可将“用户A的年龄25岁”、“年龄满18周岁”以及判断结果为“是”输入证明生成算法,以生成对应于可验证声明的证明。Continuing from the above example, user A's age is 25 years old, and the verification qualification set by the verification party for age is "age over 18 years old". Since 25 years old > 18 years old, the judgment result is "Yes", that is, the judgment result is the user A's age meets the verification pass condition "age at least 18 years old". Therefore, the prover can input "user A's age is 25 years old", "age is over 18 years old" and the judgment result is "yes" into the proof generation algorithm to generate a proof corresponding to the verifiable statement.
其中,基于零知识证明技术的加密算法以及相应的证明生成算法和证明验证算法可存在多组,即每组算法包括相互匹配的加密算法、证明生成算法和证明验证算法。或者,颁发方、证明方和验证方并未预先协商何种基于零知识证明技术的算法。针对上述情况,颁发方在生成原始可验证声明的过程中,在原始可验证声明中记录与自身所采用的加密算法相匹配的证明生成算法和证明验证算法的算法标识,以指示相应的用户采用与算法标识对应的算法。具体而言,可验证声明包含证明生成算法的第一算法标识,第一算法标识用于指示证明方根据第一算法标识确定出相应的证明生成算法;和/或,可验证声明包含证明验证算法的第二算法标识,第二算法标识用于指示验证方根据第二算法标识确定出证明验证算法。Among them, there may be multiple sets of encryption algorithms based on zero-knowledge proof technology and corresponding proof generation algorithms and proof verification algorithms, that is, each set of algorithms includes mutually matching encryption algorithms, proof generation algorithms, and proof verification algorithms. Alternatively, the issuer, prover, and verifier did not pre-negotiate which algorithm based on zero-knowledge proof technology. In view of the above situation, during the process of generating the original verifiable statement, the issuer records in the original verifiable statement the algorithm identification of the proof generation algorithm and the proof verification algorithm that match the encryption algorithm adopted by itself, so as to instruct the corresponding user to adopt The algorithm corresponding to the algorithm ID. Specifically, the verifiable statement includes the first algorithm identification of the proof generation algorithm, and the first algorithm identification is used to instruct the prover to determine the corresponding proof generation algorithm according to the first algorithm identification; and/or, the verifiable statement includes the proof verification algorithm The second algorithm identifier, the second algorithm identifier is used to instruct the verifier to determine the proof verification algorithm according to the second algorithm identifier.
为了便于理解,下面结合附图2-4对本说明书的技术方案进行详细说明。For ease of understanding, the technical solution of this specification will be described in detail below with reference to the accompanying drawings 2-4.
图2是一示例性实施例提供的创建DID的交互图。如图2所示,该交互过程可以包括以下步骤:Fig. 2 is an interaction diagram for creating a DID provided by an exemplary embodiment. As shown in Figure 2, the interaction process may include the following steps:
步骤202,证明方创建DID、对应于DID的密钥对和相应的DID文档。In step 202, the prover creates a DID, a key pair corresponding to the DID and a corresponding DID document.
在本实施例中,用户作为证明者可在所使用的客户端上登录自身的用户账号,从而使得该客户端作为证明方。其中,可通过DIS(Decentralized Identifier Service,去中心化的身份服务)来为各个用户创建身份,DIS可为用户提供不受任何单一注册中心、身份服务商或者认证中心限制的,完全由用户自身控制的DID(Decentralized Identifier,去中心化身份标识符)。以为证明方创建DID为例,与证明方DID对应的密钥对包括公钥和私钥,公钥需发布至区块链进行存证,而与证明方DID对应的私钥则由证明方保管,比如保存于上述客户端本地。In this embodiment, the user as the certifier can log in his own user account on the used client, so that the client can be used as the certifier. Among them, DIS (Decentralized Identifier Service, decentralized identity service) can be used to create identities for each user. DIS can provide users with an identity that is not restricted by any single registration center, identity service provider or authentication center, and is completely controlled by the user. DID (Decentralized Identifier, decentralized identity identifier). Take the DID created by the prover as an example. The key pair corresponding to the DID of the prover includes a public key and a private key. The public key needs to be published to the blockchain for deposit, while the private key corresponding to the DID of the prover is kept by the prover. , such as being saved locally on the above-mentioned client.
在DIS系统中,一个DID(Decentralized Identifier,去中心化身份标识符)对应一个实体(比如,VC的颁发者、证明者、验证者等用户),而针对该DID的具体使用方式,则由与该DID对应的DID文档(DID Document)描述。DID文档用于描述如何使用相应的DID,至少包含相应DID的公钥;除此之外,还可记录加密方式、证明目的、验证方法和服务端等信息。其中,证明目的与验证方法相结合,以提供证明事物的机制。例如,DID文档可以指定特定的验证方法,例如密码公钥或化名生物特征协议,可以用于验证为目的而创建的方法。服务端点支持与DID控制器的可信交互。DID和DID文档可直接登记在区块链或其他分布式网络上,而无需向中心化注册机构申请,通过利用区块链等分布式网络技术的不可篡改、哈希加密等特性,可实现让数字身份真正为用户所拥有并支配,而不再有任何中间人(即使是DID技术供应商)接触拥有控制用户的身份和数据。In the DIS system, a DID (Decentralized Identifier, decentralized identity identifier) corresponds to an entity (for example, VC issuer, certifier, verifier and other users), and for the specific use of the DID, it is up to and The DID document (DID Document) description corresponding to the DID. The DID document is used to describe how to use the corresponding DID, at least including the public key of the corresponding DID; in addition, information such as encryption method, proof purpose, verification method and server can also be recorded. Among them, the proof purpose is combined with the verification method to provide a mechanism for proving things. For example, a DID document can specify a specific authentication method, such as a cryptographic public key or a pseudonymous biometric protocol, that can be used to authenticate methods created for the purpose. Service endpoints support trusted interactions with DID controllers. DID and DID documents can be directly registered on the blockchain or other distributed networks without applying to a centralized registration agency. By utilizing the non-tamperable, hash encryption and other characteristics of distributed network technologies such as blockchain, it is possible to realize the Digital identities are truly owned and controlled by users, and there is no longer any middleman (even DID technology providers) who owns and controls users' identities and data.
步骤204,证明方创建一笔用于存证DID和DID文档的交易。Step 204, the prover creates a transaction for depositing the DID and the DID document.
步骤206,证明方向区块链网络提交该用于存证DID和DID文档的交易。Step 206, the prover submits the transaction for depositing the DID and the DID document to the blockchain network.
步骤208,区块链网络在区块链上存证DID和DID文档。Step 208, the blockchain network deposits the DID and the DID document on the blockchain.
步骤210,证明方向区块链网络获取创建DID成功的回执。Step 210, the prover obtains the receipt of the successful creation of the DID from the blockchain network.
在本实施例中,区块链网络在存证DID和DID文档之后,可生成用于记存证DID和DID文档成功的事件,并存储到区块链日志中。那么,证明方可通过区块链的回调机制来获取该事件,从而确定出在区块链上已存证DID和DID文档,也即证明方创建DID成功。或者,还可生成相应的提示消息以供证明方查看,以告知证明方链上创建DID成功。In this embodiment, after depositing the certificate DID and the DID document, the blockchain network can generate an event for recording the success of the certificate DID and the DID document, and store it in the blockchain log. Then, the prover can obtain the event through the callback mechanism of the blockchain, so as to determine that the DID and the DID document have been stored on the blockchain, that is, the prover succeeds in creating the DID. Alternatively, a corresponding prompt message can also be generated for the prover to view, so as to inform the prover that the DID is successfully created on the chain.
图3是一示例性实施例提供的生成可验证声明和相应证明的交互图。如图3所示,该交互过程可以包括以下步骤:Fig. 3 is an interaction diagram for generating verifiable claims and corresponding proofs provided by an exemplary embodiment. As shown in Figure 3, the interaction process may include the following steps:
步骤302,证明方创建声明颁发请求(包含证明方DID、明文隐私信息和证明者的身份信息)。In step 302, the certifier creates a statement issuance request (including the certifier DID, plaintext private information and identity information of the certifier).
步骤304,证明方向颁发方发送声明颁发请求。Step 304, the certification sends a claim issuance request to the issuer.
步骤306,颁发方读取声明颁发请求中包含的证明方DID。In step 306, the issuer reads the certifier DID included in the statement issuance request.
步骤308,颁发方向区块链网络发起针对证明方DID的查询交易。Step 308, the issuer initiates a query transaction for the DID of the prover to the blockchain network.
步骤310,区块链网络响应于查询交易,查询与证明方DID对应的DID文档。In step 310, the blockchain network queries the DID document corresponding to the DID of the prover in response to the query transaction.
步骤312,区块链网络向颁发方返回查询到的DID文档。Step 312, the blockchain network returns the queried DID document to the issuer.
步骤314,颁发方向证明方发送DID认证挑战消息(包含挑战数据)。Step 314, the issuer sends a DID authentication challenge message (including challenge data) to the prover.
在本实施例中,由上述图2创建DID的过程可知,证明方DID的DID文档中记录有与证明方DID对应的公钥,那么可利用该公钥来验证声明颁发请求中的证明方DID是否为证明方实际持有的DID,也即验证证明方是否为声明颁发请求中证明方DID的合法owner。In this embodiment, it can be known from the process of creating a DID in Figure 2 above that the public key corresponding to the DID of the certifier is recorded in the DID file of the certifier DID, so the public key can be used to verify the certifier DID in the statement issuance request Whether it is the DID actually held by the certifier, that is, to verify whether the certifier is the legal owner of the certifier DID in the statement issuance request.
颁发方可随机生成一挑战数据(比如为字符串),并将该挑战数据通过DID认证挑战消息(DID auth challenge)发送至证明方,以指示证明方通过自身的私钥(即与证明方DID对应的私钥)对其进行签名,并返回挑战数据和签名。那么,颁发方可采用DID文档中的公钥对签名进行签名验证,进而在签名验证通过的情况下,确认证明方为声明颁发请求中记录的证明方DID的合法owner。The issuer can randomly generate a challenge data (for example, a character string), and send the challenge data to the certifier through a DID authentication challenge message (DID auth challenge) to instruct the certifier to pass its own private key (that is, the same as the certifier DID corresponding private key) to sign it, and return the challenge data and signature. Then, the issuer can use the public key in the DID document to perform signature verification on the signature, and then confirm that the certifier is the legal owner of the certifier DID recorded in the statement issuance request if the signature verification is passed.
步骤316,证明方通过与证明方DID对应的私钥对挑战数据进行签名。Step 316, the prover signs the challenge data through the private key corresponding to the prover DID.
步骤318,证明方向颁发方返回挑战数据。Step 318, the prover returns challenge data to the issuer.
步骤320,颁发方采用DID文档中的公钥进行签名验证。Step 320, the issuer uses the public key in the DID document to perform signature verification.
在本实施例中,除上述通过发送DID认证挑战消息的方式以外,还可采用在声明颁发请求中添加签名的方式。具体而言,证明方在创建的声明颁发请求中添加针对声明颁发请求中内容的签名,颁发方可在获取到DID文档后,采用DID文档中记录的公钥对声明颁发请求中的签名进行签名验证,从而确认证明方为声明颁发请求中记录的证明方DID的合法owner。In this embodiment, in addition to the above method of sending a DID authentication challenge message, a method of adding a signature to the statement issuing request may also be used. Specifically, the certifier adds a signature for the content of the statement issuance request to the created statement issuance request, and the issuer can use the public key recorded in the DID document to sign the signature in the statement issuance request after obtaining the DID document Verification to confirm that the prover is the legal owner of the prover DID recorded in the claim issuance request.
步骤322,颁发方在签名验证通过的情况下对明文隐私信息进行真实性校验。In step 322, the issuer verifies the authenticity of the plaintext private information if the signature verification is passed.
在本实施例中,在创建声明颁发请求时,可在声明颁发请求中记录证明者的身份信息以作为颁发方对明文隐私信息进行真实性校验的依据。那么,在完成对证明方DID的验证后,可进一步根据声明颁发请求中记录的证明者的身份信息,对明文隐私信息进行真实性校验。例如,证明者的身份信息可包括证明者的身份证号码、籍贯、出生年月、户口信息等,那么颁发方(比如民政局或者公安机关)可根据上述身份信息对证明者的年龄进行真实性校验。In this embodiment, when creating a statement issuance request, the identity information of the certifier may be recorded in the statement issuance request as a basis for the issuer to verify the authenticity of the plaintext private information. Then, after the verification of the DID of the prover is completed, the authenticity of the plaintext private information can be further verified according to the identity information of the prover recorded in the statement issuance request. For example, the identity information of the certifier may include the certifier's ID number, place of origin, date of birth, household registration information, etc., then the issuing party (such as the Civil Affairs Bureau or public security organ) can verify the authenticity of the certifier's age based on the above identity information. check.
步骤324,颁发方在校验通过的情况下,采用加密算法对明文隐私信息和随机字符串加密得到密文数据,生成针对密文数据的原始可验证声明。In step 324, if the verification is passed, the issuer uses an encryption algorithm to encrypt the plaintext private information and random character strings to obtain ciphertext data, and generates an original verifiable statement for the ciphertext data.
在本实施例中,DID是一个实体的标识,而该实体拥有哪些权限、能力、行为和资产等具体信息,则通过VC来表达。需要注意的是,一个DID可以拥有一个或多个VC。举例而言,VC中可包含以下字段:In this embodiment, DID is an identifier of an entity, and specific information such as rights, capabilities, behaviors, and assets owned by the entity is expressed through VC. It should be noted that a DID can have one or more VCs. For example, the following fields can be included in VC:
issuer:声明颁发者(颁发方);issuer: statement issuer (issuer);
didsubject:声明接收者(颁发对象)的DID;didsubject: declare the DID of the recipient (issuing object);
expire:声明过期时间;expire: declare expiration time;
issuance date:声明颁发时间;issuance date: the date when the statement was issued;
claim:声明内容;claim: claim content;
proof:有效性证明(区别于上述证明方生成的证明)。proof: proof of validity (different from the proof generated by the above-mentioned prover).
颁发方可生成一随机字符串,然后与明文隐私信息进行拼接,以采用加密算法对拼接后的字符串进行加密得到密文数据。其中,颁发方可在issuer中记录自身的DID(即颁发方DID),在didsubject中记录证明方DID,在expire中记录声明过期时间,在issuance date中记录颁发VC的时刻,在claim中记录明文隐私信息、随机字符串和密文数据。具体而言,可将claim字段扩展为进一步包含plaintext、random和commitment。plaintext用于记录明文隐私信息,比如age;random用于记录随机字符串,commitment用于记录密文数据。The issuer can generate a random string, and then splice it with the plaintext private information, and then use an encryption algorithm to encrypt the spliced string to obtain ciphertext data. Among them, the issuer can record its own DID (that is, the issuer DID) in the issuer, record the DID of the certifying party in the didsubject, record the expiration time of the statement in expire, record the time when the VC is issued in the issuance date, and record the plaintext in the claim Private information, random strings, and ciphertext data. Specifically, the claim field can be extended to further include plaintext, random, and commitment. Plaintext is used to record plaintext private information, such as age; random is used to record random strings, and commitment is used to record ciphertext data.
而为了证明VC是由颁发方所颁发的,一方面,颁发方可采用自身的私钥对该VC中除明文隐私信息和随机字符串以外的其他声明内容(即第一声明内容,包含密文数据)进行签名得到第一签名,并将第一签名记录在proof中,比如记录于proof的zkpsignaturevalue字段中;另一方面,颁发方可采用自身的私钥对至少包括明文隐私信息和随机字符串的声明内容(即第二声明内容)进行签名得到第二签名,并将第二签名记录在proof中,比如记录于proof的signaturevalue字段中。In order to prove that the VC is issued by the issuer, on the one hand, the issuer can use its own private key to declare other content in the VC except plaintext privacy information and random strings (that is, the first statement content, including ciphertext data) to obtain the first signature, and record the first signature in the proof, for example, in the zkpsignaturevalue field of the proof; on the other hand, the issuer can use its own private key pair to at least include plaintext privacy information and random strings The content of the statement (that is, the content of the second statement) is signed to obtain the second signature, and the second signature is recorded in the proof, for example, in the signaturevalue field of the proof.
举例而言,原始可验证声明的内容如下:For example, the original verifiable claim reads:
Figure PCTCN2022135583-appb-000001
Figure PCTCN2022135583-appb-000001
除此之外,基于零知识证明技术的加密算法以及相应的证明生成算法和证明验证算法可存在多组,即每组算法包括相互匹配的加密算法、证明生成算法和证明验证算法。或者,颁发方、证明方和验证方并未预先协商何种基于零知识证明技术的算法。针对上述情况,颁发方在生成原始可验证声明的过程中,可在原始可验证声明中记录与自身所采用的加密算法相匹配的证明生成算法和证明验证算法的算法标识,以指示相应的用户采用与算法标识对应的算法。当然,若颁发方、证明方和验证方之间预先协商了采用何种基于零知识证明技术的算法,在无需记录上述算法标识。In addition, there may be multiple sets of encryption algorithms based on zero-knowledge proof technology and corresponding proof generation algorithms and proof verification algorithms, that is, each set of algorithms includes matching encryption algorithms, proof generation algorithms, and proof verification algorithms. Alternatively, the issuer, prover, and verifier did not pre-negotiate which algorithm based on zero-knowledge proof technology. In view of the above situation, in the process of generating the original verifiable statement, the issuer can record in the original verifiable statement the algorithm identification of the proof generation algorithm and the proof verification algorithm that match the encryption algorithm adopted by itself, so as to indicate that the corresponding user The algorithm corresponding to the algorithm ID is adopted. Of course, if the issuer, the certifier and the verifier pre-negotiate which algorithm based on the zero-knowledge proof technology to use, there is no need to record the above-mentioned algorithm identification.
需要说明的是,上述针对VC中所包含字段的描述,仅仅为一举例,在实际应用中可根据实际情况灵活调整。It should be noted that the above description of the fields included in the VC is only an example, and can be flexibly adjusted according to actual conditions in actual applications.
步骤326,颁发方向证明方返回原始可验证声明。Step 326, the issuer returns the original verifiable statement to the prover.
在本实施例中,证明方在获取原始可验证声明后,可分别对第一签名和第二签名进行签名验证,从而在签名验证均通过的情况下执行后续步骤。In this embodiment, after obtaining the original verifiable statement, the prover can perform signature verification on the first signature and the second signature respectively, so that subsequent steps can be performed when both signature verifications pass.
步骤328,证明方获取明文隐私信息和随机字符串。In step 328, the prover obtains plaintext private information and random character strings.
在一种情况下,随机字符串由颁发方声明,那么证明方可读取原始可验证声明中记录的随机字符串。在另一种情况下,随机字符串由证明方生成并提供至(比如通过声明颁发请求)颁发方,那么证明方可先读取原始可验证声明中记录的随机字符串,然后与自身生成的随机字符串进行比较,以在比较结果为 一致的情况下,执行后续步骤。In one case, the random string is claimed by the issuer, then the prover can read the random string recorded in the original verifiable claim. In another case, the random string is generated by the prover and provided to the issuer (such as through a claim issuance request), then the prover can first read the random string recorded in the original verifiable claim, and then compare it with the self-generated Random strings are compared to perform subsequent steps if the comparison is consistent.
步骤330,证明方获取验证通过条件和判断结果。In step 330, the prover obtains the verification passing conditions and judgment results.
步骤332,证明方将明文隐私信息、随机字符串、验证通过条件和判断结果输入证明生成算法生成证明。In step 332, the prover inputs the plaintext private information, random character strings, verification passing conditions and judgment results into the proof generation algorithm to generate a proof.
举例而言,用户A的年龄(明文隐私信息)为25岁,随机字符串为h@$fwehdu,验证方针对年龄设定的验证通过条件为“年龄满18周岁”,由于25岁>18岁,判断结果为“是”,即判断结果为用户A的年龄符合验证通过条件“年龄满18周岁”。因此,证明方可先将明文隐私信息“用户A的年龄25岁”和随机字符串“h@$fwehdu”进行拼接,再将拼接得到的字符串、验证通过条件“年龄满18周岁”以及判断结果“是”输入证明生成算法,以生成对应于可验证声明的证明。For example, the age of user A (private information in plain text) is 25 years old, the random string is h@$fwehdu, and the age-based verification pass condition set by the verification party is "18 years of age". Since 25 years old > 18 years old , the judgment result is "Yes", that is, the judgment result is that the age of user A meets the verification passing condition "age over 18 years old". Therefore, the prover can first concatenate the plaintext private information "user A's age is 25" and the random string "h@$fwehdu", and then combine the concatenated string, the verification passing condition "age over 18" and judge The result "yes" is input to the proof generation algorithm to generate a proof corresponding to the verifiable claim.
步骤334,证明方删除原始可验证声明中的明文隐私信息和随机字符串,得到最终的可验证声明。In step 334, the prover deletes the plaintext private information and random strings in the original verifiable statement to obtain the final verifiable statement.
在本实施例中,为了保证VC中所记录持有者的隐私信息不被泄露的前提下,仍然可用于描述该隐私信息(证明该隐私信息真实有效),可将从颁发方处获取到的VC中的plaintext字段和random字段删除(也可将第二签名删除),从而得到最终可使用的VC。In this embodiment, in order to ensure that the private information of the record holder in the VC is not leaked, it can still be used to describe the private information (to prove that the private information is true and valid), the obtained from the issuer can be The plaintext field and the random field in the VC are deleted (the second signature can also be deleted), so as to obtain the final usable VC.
承接于上述举例,最终的可验证声明的内容如下:Following the above example, the final verifiable statement is as follows:
Figure PCTCN2022135583-appb-000002
Figure PCTCN2022135583-appb-000002
图4是一示例性实施例提供的验证证明方的交互图。如图4所示,该交互过程可以包括以下步骤:Fig. 4 is an interaction diagram for verifying a prover provided by an exemplary embodiment. As shown in Figure 4, the interaction process may include the following steps:
步骤402,证明方创建验证请求(包含证明方DID)。Step 402, the prover creates a verification request (including the prover DID).
步骤404,证明方向验证方发送验证请求。Step 404, the prover sends a verification request to the verifier.
步骤406,验证方验证证明方DID。In step 406, the verifier verifies the DID of the prover.
基于证明方通过DID来表示自身的身份标识,证明方需要向验证方提供证明方DID,以由验证方验证证明方DID,即验证证明方为所提供的证明方DID的合法owner。其中,验证证明方DID的过程可参考上述图3中的步骤308-320,在此不再赘述。Since the prover expresses its own identity through DID, the prover needs to provide the prover DID to the verifier, so that the verifier can verify the prover DID, that is, verify that the prover is the legal owner of the provided prover DID. For the process of verifying the DID of the prover, reference may be made to steps 308-320 in FIG. 3 above, which will not be repeated here.
步骤408,证明方向验证方发送可验证声明和相应的证明。Step 408, the prover sends the verifiable statement and corresponding proof to the verifier.
在本实施例中,证明方需要向验证方证明自身的隐私信息符合验证方设定的验证通过条件,那么需 要向验证方提供上述图3示出实施例中获取到的VC和相应的证明。In this embodiment, the prover needs to prove to the verifier that its private information meets the verification pass conditions set by the verifier, then it needs to provide the verifier with the VC obtained in the embodiment shown in Figure 3 above and the corresponding certificate.
步骤410,验证方验证可验证声明。Step 410, the verifier verifies the verifiable claim.
在本实施例中,验证方可通过颁发方的公钥来对可验证声明中的第一签名进行签名验证,从而验证可验证声明的数据完整性(是否被篡改)以及是否由颁发方颁发。其中,由于可验证声明的issuer字段中记录有颁发方DID,可根据颁发方DID向区块链网络查询颁发方公钥,具体过程与上述步骤306-312类似,在此不再赘述。In this embodiment, the verifier can use the issuer's public key to perform signature verification on the first signature in the verifiable statement, thereby verifying the data integrity of the verifiable statement (whether it has been tampered with) and whether it is issued by the issuer. Among them, since the issuer DID is recorded in the issuer field of the verifiable statement, the public key of the issuer can be queried from the blockchain network according to the issuer DID. The specific process is similar to the above steps 306-312 and will not be repeated here.
步骤412,验证方验证证明。Step 412, the verifier verifies the certificate.
在本实施例中,验证方可通过证明验证算法和证明来对可验证声明中的密文数据进行验证,确定该密文数据是否符合验证通过条件。其中,在证明验证通过且第一签名验证通过的情况下,可判定证明方验证通过。In this embodiment, the verifier can verify the ciphertext data in the verifiable statement through the proof verification algorithm and the proof, and determine whether the ciphertext data meets the verification passing condition. Wherein, in the case that the certificate verification and the first signature verification pass, it may be determined that the prover has passed the verification.
步骤414,验证方判定证明方验证通过,执行针对证明方的相关业务操作。Step 414, the verifier determines that the prover passes the verification, and executes relevant business operations for the prover.
步骤416,验证方向证明方返回业务操作的执行结果。Step 416, the verifier returns the execution result of the business operation to the prover.
以网吧验证用户A是否年满18周岁为例,在判定用户A验证通过后,网吧的验证方可为用户A生成支付订单,并向用户A的客户端返回支付订单的信息。Take the Internet cafe to verify whether user A is over 18 years old as an example. After determining that user A has passed the verification, the Internet cafe verifier can generate a payment order for user A and return the payment order information to user A's client.
与上述方法实施例相对应,本说明书还提供了一种证明生成装置的实施例。Corresponding to the foregoing method embodiments, this specification also provides an embodiment of a certificate generation device.
图5是一示例性实施例提供的一种设备的示意结构图。请参考图5,在硬件层面,该设备包括处理器502、内部总线504、网络接口506、内存508以及非易失性存储器510,当然还可能包括其他业务所需要的硬件。处理器502从非易失性存储器510中读取对应的计算机程序到内存508中然后运行,在逻辑层面上形成证明生成装置。当然,除了软件实现方式之外,本说明书一个或多个实施例并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 5 , at the hardware level, the device includes a processor 502 , an internal bus 504 , a network interface 506 , a memory 508 and a non-volatile memory 510 , and of course it may also include hardware required by other services. The processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it, forming a certificate generation device on a logical level. Of course, in addition to software implementations, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each A logic unit, which can also be a hardware or logic device.
请参考图6,在一软件实施方式中,该证明生成装置可以包括:Please refer to FIG. 6, in a software implementation, the certificate generation device may include:
获取单元61,获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中;The acquiring unit 61 is configured to acquire private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover;
生成单元62,根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验证通过条件。The generation unit 62 generates a corresponding certificate according to the private data and the certificate generation algorithm matching the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the above verifiable statement meets the conditions for passing the verification.
可选的,生成单元62具体用于:Optionally, the generating unit 62 is specifically used for:
将所述隐私数据、所述验证通过条件以及用于表明所述隐私数据符合所述验证通过条件的判断结果输入所述证明生成算法以生成所述证明。Inputting the private data, the verification passing condition, and a judgment result indicating that the private data meets the verification passing condition into the proof generating algorithm to generate the proof.
可选的,optional,
所述可验证声明包含所述证明生成算法的第一算法标识,第一算法标识用于指示证明方根据第一算法标识确定出所述证明生成算法;The verifiable statement includes a first algorithm identification of the proof generation algorithm, and the first algorithm identification is used to instruct the prover to determine the proof generation algorithm according to the first algorithm identification;
和/或,所述可验证声明包含所述证明验证算法的第二算法标识,第二算法标识用于指示验证方根据第二算法标识确定出所述证明验证算法。And/or, the verifiable statement includes a second algorithm identification of the proof verification algorithm, and the second algorithm identification is used to instruct the verifier to determine the proof verification algorithm according to the second algorithm identification.
可选的,所述隐私数据包含所述证明方的明文隐私信息和随机字符串。Optionally, the privacy data includes plaintext privacy information and random character strings of the prover.
可选的,获取单元61还用于:Optionally, the acquisition unit 61 is also used for:
获取颁发方在验证所述明文隐私信息通过的情况下生成的原始可验证声明,所述原始可验证声明中包含所述明文隐私信息、所述随机字符串和所述密文数据;Obtaining an original verifiable statement generated by the issuer after verifying that the plaintext privacy information passes, the original verifiable statement includes the plaintext privacy information, the random character string and the ciphertext data;
删除所述原始可验证声明中的明文隐私信息和随机字符串以得到所述可验证声明。The plaintext private information and random character strings in the original verifiable statement are deleted to obtain the verifiable statement.
可选的,所述原始可验证声明中包含所述颁发方针对所述原始可验证声明中第一声明内容的第一签名,第一声明内容区别于所述明文隐私信息和所述随机字符串;其中,验证方判定所述证明方验证通过的前提条件包括所述证明验证通过且第一签名验证通过。Optionally, the original verifiable statement includes the issuer's first signature on the content of the first statement in the original verifiable statement, and the content of the first statement is different from the plaintext privacy information and the random string ; Wherein, the verifier determines that the preconditions for the verification of the certifying party include passing the verification of the certificate and passing the verification of the first signature.
可选的,所述原始可验证声明中包含所述颁发方针对所述原始可验证声明中第二声明内容的第二签 名,第二声明内容至少包括所述明文隐私信息和所述随机字符串;所述装置还包括:Optionally, the original verifiable statement includes a second signature of the issuer on the content of the second statement in the original verifiable statement, and the content of the second statement includes at least the plaintext privacy information and the random string ; The device also includes:
验证单元63,对第二签名进行验证,以在第二签名验证通过的情况下生成所述可验证声明。The verification unit 63 is configured to verify the second signature, so as to generate the verifiable statement when the verification of the second signature passes.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The systems, devices, modules, or units described in the above embodiments can be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementing device is a computer, which may take the form of a personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media player, navigation device, e-mail device, game control device, etc. desktops, tablets, wearables, or any combination of these.
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in computer readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media, including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by computing devices. As defined herein, computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes Other elements not expressly listed, or elements inherent in the process, method, commodity, or apparatus are also included. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other implementations are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. Multitasking and parallel processing are also possible or may be advantageous in certain embodiments.
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。Terms used in one or more embodiments of the present specification are for the purpose of describing specific embodiments only, and are not intended to limit the one or more embodiments of the present specification. As used in one or more embodiments of this specification and the appended claims, the singular forms "a", "the", and "the" are also intended to include the plural forms unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of one or more embodiments of the present specification, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination."
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. Within the spirit and principles of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. should be included in the scope of protection of one or more embodiments of this specification.

Claims (10)

  1. 一种证明生成方法,包括:A proof generation method comprising:
    获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中;Obtain the private data of the prover, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the prover;
    根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验证通过条件。Generate a corresponding certificate based on the privacy data and a certificate generation algorithm that matches the encryption algorithm, and the certificate is used to indicate the verifiable statement under the verification of a certificate verification algorithm that matches the certificate generation algorithm The ciphertext data in meets the verification criteria.
  2. 根据权利要求1所述的方法,所述根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,包括:The method according to claim 1, said generating a corresponding certificate according to said private data and a certificate generating algorithm matching said encryption algorithm, comprising:
    将所述隐私数据、所述验证通过条件以及用于表明所述隐私数据符合所述验证通过条件的判断结果输入所述证明生成算法以生成所述证明。Inputting the private data, the verification passing condition, and a judgment result indicating that the private data meets the verification passing condition into the proof generating algorithm to generate the proof.
  3. 根据权利要求1所述的方法,The method according to claim 1,
    所述可验证声明包含所述证明生成算法的第一算法标识,第一算法标识用于指示证明方根据第一算法标识确定出所述证明生成算法;The verifiable statement includes a first algorithm identification of the proof generation algorithm, and the first algorithm identification is used to instruct the prover to determine the proof generation algorithm according to the first algorithm identification;
    和/或,所述可验证声明包含所述证明验证算法的第二算法标识,第二算法标识用于指示验证方根据第二算法标识确定出所述证明验证算法。And/or, the verifiable statement includes a second algorithm identification of the proof verification algorithm, and the second algorithm identification is used to instruct the verifier to determine the proof verification algorithm according to the second algorithm identification.
  4. 根据权利要求1所述的方法,所述隐私数据包含所述证明方的明文隐私信息和随机字符串。According to the method according to claim 1, the private data includes plaintext private information and random character strings of the prover.
  5. 根据权利要求4所述的方法,还包括:The method according to claim 4, further comprising:
    获取颁发方在验证所述明文隐私信息通过的情况下生成的原始可验证声明,所述原始可验证声明中包含所述明文隐私信息、所述随机字符串和所述密文数据;Obtaining an original verifiable statement generated by the issuer after verifying that the plaintext privacy information passes, the original verifiable statement includes the plaintext privacy information, the random character string and the ciphertext data;
    删除所述原始可验证声明中的明文隐私信息和随机字符串以得到所述可验证声明。The plaintext private information and random character strings in the original verifiable statement are deleted to obtain the verifiable statement.
  6. 根据权利要求5所述的方法,所述原始可验证声明中包含所述颁发方针对所述原始可验证声明中第一声明内容的第一签名,第一声明内容区别于所述明文隐私信息和所述随机字符串;其中,验证方判定所述证明方验证通过的前提条件包括所述证明验证通过且第一签名验证通过。The method according to claim 5, wherein the original verifiable statement includes the first signature of the issuer on the content of the first statement in the original verifiable statement, and the content of the first statement is different from the plaintext private information and The random character string; wherein the preconditions for the verifier to determine that the certifier passes the verification include passing the verification of the certificate and passing the verification of the first signature.
  7. 根据权利要求5所述的方法,所述原始可验证声明中包含所述颁发方针对所述原始可验证声明中第二声明内容的第二签名,第二声明内容至少包括所述明文隐私信息和所述随机字符串;所述方法还包括:The method according to claim 5, wherein the original verifiable statement includes a second signature of the issuing party on the second statement content in the original verifiable statement, and the second statement content includes at least the plaintext private information and The random string; the method also includes:
    对第二签名进行验证,以在第二签名验证通过的情况下生成所述可验证声明。Verifying the second signature, so as to generate the verifiable statement if the verification of the second signature is passed.
  8. 一种证明生成装置,包括:A proof generating device, comprising:
    获取单元,获取证明方的隐私数据,所述隐私数据被通过基于零知识证明技术的加密算法进行加密得到密文数据,所述密文数据记录于所述证明方的可验证声明中;An acquisition unit, which acquires private data of the proving party, the private data is encrypted by an encryption algorithm based on zero-knowledge proof technology to obtain ciphertext data, and the ciphertext data is recorded in the verifiable statement of the proving party;
    生成单元,根据所述隐私数据和与所述加密算法相匹配的证明生成算法生成相应的证明,所述证明用于在与所述证明生成算法相匹配的证明验证算法的验证下,表明所述可验证声明中的密文数据符合验证通过条件。A generation unit, generating a corresponding certificate according to the privacy data and a certificate generation algorithm matching the encryption algorithm, and the certificate is used to indicate that the The ciphertext data in the verifiable statement meets the conditions for passing the verification.
  9. 一种电子设备,包括:An electronic device comprising:
    处理器;processor;
    用于存储处理器可执行指令的存储器;memory for storing processor-executable instructions;
    其中,所述处理器通过运行所述可执行指令以实现如权利要求1-7中任一项所述的方法。Wherein, the processor implements the method according to any one of claims 1-7 by running the executable instruction.
  10. 一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如权利要求1-7中任一项所述方法的步骤。A computer-readable storage medium, on which computer instructions are stored, and the steps of the method according to any one of claims 1-7 are implemented when the instructions are executed by a processor.
PCT/CN2022/135583 2022-02-25 2022-11-30 Proof generation method and apparatus, electronic device, and storage medium WO2023160090A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210178102.7 2022-02-25
CN202210178102.7A CN114785511A (en) 2022-02-25 2022-02-25 Certificate generation method and device, electronic device and storage medium

Publications (1)

Publication Number Publication Date
WO2023160090A1 true WO2023160090A1 (en) 2023-08-31

Family

ID=82423941

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/135583 WO2023160090A1 (en) 2022-02-25 2022-11-30 Proof generation method and apparatus, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN114785511A (en)
WO (1) WO2023160090A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117692150A (en) * 2024-02-01 2024-03-12 深圳市纽创信安科技开发有限公司 Signature generation and signature verification method and computer equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785511A (en) * 2022-02-25 2022-07-22 蚂蚁区块链科技(上海)有限公司 Certificate generation method and device, electronic device and storage medium
CN115913513B (en) * 2023-01-07 2023-05-12 北京邮电大学 Distributed trusted data transaction method, system and device supporting privacy protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112035889A (en) * 2020-09-03 2020-12-04 平安壹钱包电子商务有限公司 Block chain privacy verification method and device for computing outsourcing and computer equipment
CN112035870A (en) * 2020-07-21 2020-12-04 杜晓楠 Method and computer readable medium for hiding user specific age in decentralized identity system
WO2021152361A1 (en) * 2020-01-30 2021-08-05 Abilash Soundararajan Method and system for unified social media ecosystem with self verification and privacy preserving proofs
CN114785511A (en) * 2022-02-25 2022-07-22 蚂蚁区块链科技(上海)有限公司 Certificate generation method and device, electronic device and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224837B (en) * 2019-06-06 2021-11-19 西安纸贵互联网科技有限公司 Zero-knowledge proof method and terminal based on distributed identity
CN111159745B (en) * 2019-12-30 2023-04-07 深圳前海微众银行股份有限公司 Verification method and device suitable for block chain
CN112733163B (en) * 2021-01-04 2023-02-03 北京航空航天大学 Monitorable zero-knowledge proof method and device based on discrete logarithm equality proof
CN113364597A (en) * 2021-05-31 2021-09-07 中国工商银行股份有限公司 Privacy information proving method and system based on block chain
CN113536384B (en) * 2021-09-14 2021-12-21 支付宝(杭州)信息技术有限公司 Block chain-based private data mapping method, block chain-based private data mapping device, block chain-based private data mapping medium and electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021152361A1 (en) * 2020-01-30 2021-08-05 Abilash Soundararajan Method and system for unified social media ecosystem with self verification and privacy preserving proofs
CN112035870A (en) * 2020-07-21 2020-12-04 杜晓楠 Method and computer readable medium for hiding user specific age in decentralized identity system
CN112035889A (en) * 2020-09-03 2020-12-04 平安壹钱包电子商务有限公司 Block chain privacy verification method and device for computing outsourcing and computer equipment
CN114785511A (en) * 2022-02-25 2022-07-22 蚂蚁区块链科技(上海)有限公司 Certificate generation method and device, electronic device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117692150A (en) * 2024-02-01 2024-03-12 深圳市纽创信安科技开发有限公司 Signature generation and signature verification method and computer equipment
CN117692150B (en) * 2024-02-01 2024-05-24 深圳市纽创信安科技开发有限公司 Signature generation and signature verification method and computer equipment

Also Published As

Publication number Publication date
CN114785511A (en) 2022-07-22

Similar Documents

Publication Publication Date Title
US10673632B2 (en) Method for managing a trusted identity
JP7181539B2 (en) METHOD AND APPARATUS FOR MANAGING USER IDENTIFICATION AND AUTHENTICATION DATA
US10824701B2 (en) System and method for mapping decentralized identifiers to real-world entities
US20210351931A1 (en) System and method for securely processing an electronic identity
TWI719435B (en) Input obtaining method and device for safe multi-party calculation agreement
WO2023160090A1 (en) Proof generation method and apparatus, electronic device, and storage medium
WO2020119258A1 (en) Data processing method and device
TW202103029A (en) System and method for mapping decentralized identifiers to real-world entities
US20210218720A1 (en) Systems and methods for secure custodial service
WO2023160097A1 (en) Proof generation method and apparatus, electronic device, and storage medium
JP2006254423A (en) Method and system for id crediting of privacy
El-Booz et al. A secure cloud storage system combining time-based one-time password and automatic blocker protocol
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
Marcedone et al. Minimizing trust in hardware wallets with two factor signatures
Patel et al. The study of digital signature authentication process
Steuer Jr et al. Privacy preserving identity attribute verification in windows cardspace
Drăgan et al. Bootstrapping online trust: Timeline activity proofs
WO2023131147A1 (en) Method and apparatus for generating certified user data
WO2023135879A1 (en) Computer system and key exchange method
Lee et al. Blockchain-Based Self-Sovereign Identity System with Attribute-Based Issuance
Austria Dea 2 uth: A Decentralized Authentication and Authorization Scheme for Secure Private Data Transfer
Hadi et al. An Enhanced Cloud Storage Auditing Approach Using Boneh-Lynn-Shacham’s Signature and Automatic Blocker Protocol.
Pärni On Self-Sovereign Identity: Verifiable Credentials and Presentations with OpenID Connect
Hammed et al. Information Leakage Prevention Using Public Key Encryption System and Fingerprint Augmented with Apriori Algorithm
CN117692227A (en) Private data safe sharing method based on blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22928350

Country of ref document: EP

Kind code of ref document: A1