Nothing Special   »   [go: up one dir, main page]

CN110992010A - Digital currency issuing total amount control method and verification method - Google Patents

Digital currency issuing total amount control method and verification method Download PDF

Info

Publication number
CN110992010A
CN110992010A CN201911240879.6A CN201911240879A CN110992010A CN 110992010 A CN110992010 A CN 110992010A CN 201911240879 A CN201911240879 A CN 201911240879A CN 110992010 A CN110992010 A CN 110992010A
Authority
CN
China
Prior art keywords
bank
bank note
issuing
note
sending
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911240879.6A
Other languages
Chinese (zh)
Other versions
CN110992010B (en
Inventor
代文昊
顾小卓
付毛毛
范广
王梓梁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201911240879.6A priority Critical patent/CN110992010B/en
Publication of CN110992010A publication Critical patent/CN110992010A/en
Application granted granted Critical
Publication of CN110992010B publication Critical patent/CN110992010B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0655Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed centrally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a digital currency issuing total amount control method and a verification method. The issuing method comprises the following steps: 1) the central bank generates a corresponding identity authentication private key sk for each set bank-note-sending bank according to the identity information of each bank-note-sending bank1And the public key pk1And sends the bank note to the corresponding set bank note sending bank note line through the secret transmission channel; randomly generating a private key sk used in the block chain every time the bank note bank is set to dispensexAnd the public key pkx(ii) a The private key of the bank note sending line is SK (SK ═1,skx) The public key is PK ═ PK1,pkx) (ii) a 2) The bank note issuing bank carries out multi-receiver signature on the bank note issuing amount and the identity of the bank note issuing bank and attaches the signature information to the bank note issuing transaction information; 3) the central bank judges whether the bank note amount and the identity of the bank note bank are falsified according to the bank note sending transaction, if not, the central bank judges whether the bank note amount and the identity of the bank note bank are falsifiedIf the bank note is tampered and the bank note sending bank has the required issuing amount, the bank note sending bank is allowed to issue the bank note sending amount; otherwise, the issue is denied. The method meets the requirements of controllable release quantity, safety and high efficiency.

Description

Digital currency issuing total amount control method and verification method
Technical Field
The invention belongs to the technical field of cryptography, and relates to a credible digital currency issuing total amount control method and a credible digital currency issuing total amount verification method.
Background
In recent years, cryptocurrency has become mature, and many countries have begun to study related technologies such as the blockchain and the like, and have begun to push the issuance of digital currency at the central row. Compared with common currency, the digital currency issued by the central bank is beneficial to improving the payment efficiency, reducing the payment cost, preventing tax evasion, money laundering and the like.
At present, the release of digital currency by the central authorities is still in the research and exploration stage, and there is no experience and precedent for success in the world for a while, so that there is an important significance in the exploration and practice of the frontier field of how the legal digital currency absorbs the conversion blockchain technology.
Since the clever proposed bitcoin in 2008, a series of encrypted currencies such as bitcoin, ether house, EOS and the like start to be issued and circulated. The cryptocurrency is not limited by time and space, and the payment process can be more convenient and effective compared with the traditional currency. Particularly, the fund can be quickly and conveniently transferred at low cost in cross-border transaction. Meanwhile, the encryption currencies utilize algorithms and protocols of cryptography, adopt a distributed accounting system, theoretically prevent artificial currency expansion, can ensure the safety of the currencies and have better anonymity. However, due to the decentralized nature of these cryptocurrencies, no authority or government gives their credit support, theoretically not under the control of government authorities, resulting in large price fluctuations that cannot be recovered after loss or theft of the currency.
The central line of digital currency is a cryptocurrency issued by the central line of the country. It has legal status, national copyright endorsement and definite issuing responsibility main body, and is currency in true sense. Compared with decentralized cryptocurrency, national credit and central row capabilities can guarantee that the central row of digital currency has a stable price for a long time, more suitable for practical use. Although many countries are studying and promoting the issuance of the central line of digital currency, there is currently no country that has succeeded in issuing the central line of digital currency. The issue of money issuing authorization, sensitive information protection, controllable issuing amount, etc. is the problem faced by the central bank of digital currency. In addition, the advantages of decentralized cryptocurrency are also of great concern, for example, after the central bank is the subject of issuing responsibility, whether digital currency can technically prevent large currency expansion is also an important factor affecting the widespread use of the digital currency in the central bank.
The zero knowledge proof is a cryptographic authentication technique proposed by s.goldwasser, s.micali and c.rackoff in the beginning of the 80's 20 th century. It means that the prover can convince the verifier that some assertion is correct without providing the verifier with any useful information. Zero knowledge proof techniques are used in some cryptocurrency items to get better properties of cryptocurrency, for example zero knowledge proof in ZCash to achieve true anonymous transactions.
Multi-recipient signcryption is another research hotspot in the field of contemporary cryptography. The technology is applied to a block chain, and controllable anonymity of transactions can be guaranteed. When a message needs to be transmitted to multiple receivers, the traditional encryption scheme has low efficiency and real-time performance due to the fact that the encryption process needs to be repeated for multiple times, and the requirement of practical application cannot be met. Thus, a multi-recipient signcryption scheme is proposed. In the multi-receiver signcryption scheme, a signcryptor signs a message once, and each receiver can verify the confidentiality and the reliability of the received message by using a private key of the receiver.
Being able to dispense money safely and efficiently is a prerequisite for digital currency issuance. Many properties of digital currency also need to be guaranteed during the dispensing operation. The money dispensing operation of the digital money of the central row has the following requirements: firstly, digital currency is issued by the bank note issuing row of central bank authorization, secondly the issue volume of currency can be supervised by the central bank, thirdly sensitive information such as bank note issuing row identity and issuing amount should be able to prevent leakage, fourthly can let more participants believe that the bank note issuing action of each bank note issuing row is legal when guaranteeing bank note issuing row identity and issuing amount privacy.
At present, the release of digital currency by the central authorities is still in the research and exploration stage, and there is no experience and precedent for success in the world for a while, so that there is an important significance in the exploration and practice of the frontier field of how the legal digital currency absorbs the conversion blockchain technology.
Disclosure of Invention
In order to solve the problems, the invention provides a credible digital currency issuing total amount control method and a credible digital currency issuing total amount verification method. The invention comprises two algorithms, a range attestation cryptographic algorithm and a trusted issue quantity attestation algorithm. In order to meet the requirements of central bank authorization, controllable and supervised issued amount, dynamic hiding of bank note issuing bank identity information, secret issued amount and the like of digital currencies of the central bank, the invention designs a range certification cryptographic algorithm by using a certificateless public key cryptosystem and a multi-receiver signcryption technology. And generating an identity authentication public and private key pair according to the identity information of each bank-note sending row in the central row of the algorithm, and sending the key pair to each bank-note sending row through a secret transmission channel. And when each bank note sending bank sends bank notes, different public and private key pairs used in the block chain are randomly generated, and meanwhile, the multi-receiver signature operation is carried out on the bank note sending amount and the identity of the bank note sending bank, and the signature information is attached to the bank note sending transaction information. Although the bank note sending row uses different public and private keys on the block chain each time, the central row can still judge which bank note sending row the bank note sending transaction belongs to, and maintain a remaining bank note sending amount acceptance table of one bank note sending row to judge the validity of the bank note sending.
The invention designs a credible issuing quantity certification algorithm by using a zero knowledge certification technology in order to ensure that a user can still judge whether each bank-note issuing transaction of a bank-note issuing bank is legal or not on the premise that the user cannot know the identity information and the bank-note issuing amount of the bank-note issuing bank in the bank-note issuing transaction. In the algorithm, a central bank needs to maintain and issue a remaining banknote sending amount commitment table of the banknote sending bank, and the table does not directly expose the identity information and the remaining banknote sending amount of the banknote sending bank, but publishes a hash value of the above set sensitive information. The central bank can obtain the detailed contents of the banknote-sending transactions in the block through a range certification cryptographic algorithm, generate a non-interactive zero knowledge evidence according to the information, and pack the evidence and the updated information such as the remaining banknote-sending amount commitment table of the banknote-sending bank into one transaction for issuing. The user can extract information from the transaction to verify the validity of all the banknote dispensing transactions in the block to which the transaction is directed.
The technical scheme of the invention is as follows:
a digital money issuance amount control method comprising the steps of:
1) the central bank generates a corresponding identity authentication private key sk for each set bank note sending bank according to the identity information of each set bank note sending bank1And the public key pk1And sends the bank note to the corresponding set bank note sending bank note line through the secret transmission channel; randomly generating a private key sk used in the block chain every time the bank note bank is set to dispensexAnd the public key pkx(ii) a The private key of the bank note sending line is SK (SK ═1,skx) The public key is PK ═ PK1,pkx);
2) The bank note issuing bank carries out multi-receiver signature on the bank note issuing amount and the identity of the bank note issuing bank and attaches the signature information to the bank note issuing transaction information;
3) the central bank judges whether the bank note sending amount and the identity of the bank note sending bank are tampered according to the bank note sending transaction, and if the bank note sending bank is not tampered and the corresponding bank note sending bank has the required issuing amount, the bank note sending bank is allowed to issue the bank note sending amount; otherwise, the issue is denied.
Further, the method for generating the private key SK and the public key PK of the bank note issuing bank comprises the following steps:
11) selecting a safety parameter lambda and a basic domain FqWherein q is a large prime number, and q is>2λ(ii) a Selecting a definition in FqElliptic curve E (F) ofq) And E (F)q) The order of the generating element P is a prime number n; selecting six hash functions
Figure BDA0002306191780000031
H1:E(Fq)×E(Fq)→{0,1}w、H2,H3,H4:{0,1}w→{0,1}wAnd
Figure BDA0002306191780000034
w is a positive integer, n-1 is a cyclic group
Figure BDA0002306191780000035
Maximum value of (1); selecting a symmetric encryption function Esk() And its corresponding decryption function Dsk() Where sk denotes a symmetric key;
12) generating own identity authentication public and private key pair(s) by the central rowc,Pc) And public and private key pairs(s) in blockchainsc2,Pc2) (ii) a Wherein the private key scPublic key Pc=scP, private key sc2Public key Pc2=sc2P; the central bank publishes a common parameter pp ═ { q, E (F) to each set bank-note-issuing bankq),n,Pc,Pc2,H0,H1,H2,H3,H4,H5E, D and specifying the amount of issue for the bank note issuing bank;
13) the identity ID of the bank note sending row A is used as input, and the QID (central velocity) is calculated0(ID) and the identity authentication private key sk corresponding to the bank-note issuing bank AA=scQID and identity authentication public key PKA=skAP; then the central row sends an identity authentication public and private key pair (sk) to the bank-note sending row A via a secure channelA,PKA);
14) Bank note dispensing line a random selection
Figure BDA0002306191780000032
And calculate PKx=skxP, as a public and private key pair of the block chain of the present bank note, obtains the complete private key SK of the bank note bank a (SK ═ P)A,skx) The complete public key PK ═ PK (PK)A,PKx) (ii) a Wherein the identity authenticates a public and private key pair (sk)A,PKA) The block chain is fixed and not disclosed, and the public and private key pair (sk) is changed every time the bank note is sentx,PKx)。
Further, the bank note sending bank A sends the bank note amount v and the identity PK of the bank note sending bankAThe method for carrying out multi-receiver signcryption comprises the following steps:
21) the bank note sending line A randomly selects sigma e {0,1}wCalculating r ═ H1(σ,PKA),U=r·P;
22) Calculating FA=r·PKx,KA=r·PKA,TA=H1(KA,FA),Fc=r·Pc2,Kc=r·PcAnd Tc=H1(Kc,Fc);
23) Computing
Figure BDA0002306191780000033
| represents a join operation;
24) calculating the symmetric key sk ═ H4(σ), and V ═ Esk(v),Γ=Esk(PKA);
25) Calculating H ═ H5(U,V,Γ,PKA,PKx),H′=H6(U,V,Γ,PKA,PKx),W=skA+r*H+skx*H′,Λ=H5(v,σ,CA,Cc,V,Γ,U,W);
26) Bank note bank a generates cipher text CT ═<(CA,Cc),V,Γ,W,U,A>And the bank note sending transaction tx ═ PKxCT, Δ) and issues the banknote dispensing transaction tx onto the blockchain; Δ represents the data structure that needs to be implemented to prevent ductility attacks.
Further, the implementation method of the step 3) is as follows:
31) the central row extracts the cipher text CT from the bank-note-sending transaction tx issued on the block chain<(CA,Cc),V,Γ,W,U,Λ>(ii) a Calculating K ═ sc·U,F=sc2·U,T=H1(K, F) and H2(T);
32) Through CA=H2Calculating (T) Y to obtain Y; y represents CARemove H2The remainder after (T);
33) computing
Figure BDA0002306191780000041
34) Set sk ═ H4(σ), calculating to obtain v' ═ Dsk′(V),PKA′=Dsk′(Γ),H=H5(U,V,Γ,PKA′,PKx),H′=H5(U,V,Γ,PKA′,PKx),Λ′=H5(v′,σ,CA,Cc,V,Γ,U,W);
35) Critical row finding PKA' the corresponding bank-note-issuing row judges whether the bank-note-issuing transaction tx is initiated by the bank-note-issuing row A, if so, the transaction is initiated by the bank-note-issuing row A and the transaction is initiatedA′+U·H+PKxH ═ P · W, the current issue volume v and the bank note issuing bank identity PK are determinedANot tampered, otherwise, refusing to issue;
36) judging whether the remaining issuing quantity of the bank note issuing row A meets the issuing quantity v or not according to the remaining issuing quantity promise of the bank note issuing row A, if so, updating the remaining issuing quantity promise of the bank note issuing row A and allowing the bank note issuing row A to issue the issuing quantity of the bank note; otherwise, the issue is denied.
Further, the complete public key of the central row is (P)c,Pc2) The complete private key is(s)c,sc2) (ii) a Wherein the private key
Figure BDA0002306191780000042
Private key
Figure BDA0002306191780000043
A digital currency issuance amount verification method, comprising the steps of:
1) generating a Circuit satisfying the bank-note-sending transaction credibility certification with a safety coefficient of lambda according to a safety parameter lambda by a central bank, and generating a certification key pkproofAnd an authentication key (pk)proof,vkproof):=KeyGen(1λCircuit) and discloses a security parameter lambda, a trusted Circuit, a proof key pkproofAnd an authentication key vkproof
2) The central row distributes the total Sum Sum of each set bank note-sending row iiThen, a committed transaction is initiated, and the committed transaction comprises an initial remaining amount list of the bank note sending bank i
Figure BDA0002306191780000044
Wherein
Figure BDA0002306191780000045
Hash value of the newest chunk in the longest chunk chain at the time of initiation of the commitment transaction,PKiA complete public key of the bank note issuing bank i;
3) a chain of monitoring blocks for the central row, from which an amount of issue v is derived when a banknote-dispensing transaction is found to occur in the new block newiCalculating the new acceptance of the remaining amount of the bank-note bank i
Figure BDA0002306191780000046
And generating a plurality of non-interactive zero knowledge proofs, a non-interactive zero knowledge proof piiIs a non-interactive zero knowledge proof of the bank note sending row i; then packaging the non-interactive zero knowledge proof of the bank note sending bank i and the updated remaining bank note sending amount commitment into a transaction tx for issuing;
4) and after obtaining the transaction tx from the block, the verifier verifies the validity of all the banknote-issuing transactions in the block to which the transaction points.
Generating zero knowledge proof piiThe method comprises the following steps:
11) is provided with
Figure BDA0002306191780000051
txjFor the jth banknote-dispensing transaction,
Figure BDA0002306191780000052
the promise of the residual amount after the previous block is sent is carried out for the sending bank note row i;
12) is provided with
Figure BDA0002306191780000053
Wherein(s)c,sc2) The private key of the central row is the private key of the central row,
Figure BDA0002306191780000054
the left amount of the sent bank notes after the bank note sending row i sends the bank notes of the previous block,
Figure BDA0002306191780000055
the bank note dispensing surplus of the bank note dispensing row i after the bank note dispensing of the current block is finished;
13) generating zero knowledge proof pii:=Prove(pkproof,xi,ai)。
Further, after obtaining the transaction tx from the block, the verifier verifies the validity of all the banknote issuing transactions in the block to which the transaction points:
21) the verifier extracts from the transaction tx
Figure BDA0002306191780000056
Finding out the credible certification transaction corresponding to the block, if old is 0, finding out the initially issued committed transaction, and extracting the committed transaction
Figure BDA0002306191780000057
22) Extraction from tx
Figure BDA0002306191780000058
Finding out the banknote-issuing transaction tx in the corresponding block1…txj
23) Is provided with
Figure BDA0002306191780000059
24) Calculation of bi:=Verify(vkproof,xii) If the verification is successful b i1, otherwise equal to 0;
25) output bA∧bBIf the output equals 1, then the banknote dispensing transaction in block new is determined to be within legal limits.
Further, a commitment of the remaining amount of the new bank-note dispensing line
Figure BDA00023061917800000510
Further, the verifier is a bank note issuing bank or a user.
Compared with the prior art, the invention has the following positive effects:
1. the invention designs a range-proving cryptographic algorithm by using the ideas of a multi-receiver signcryption and certificateless public key cryptographic system. The algorithm ensures that the issuing operation of digital currencies at the central bank can meet the requirements of central bank authorization, controllable issuing amount, dynamic hiding of identity information, secret issuing amount and the like, and has higher safety and efficiency.
2. The invention designs a credible issuing quantity certification algorithm by utilizing a non-interactive zero knowledge certification technology. The algorithm realizes the credible bank note sending, namely, the bank note sending operation can ensure that any participating node (including a user) in a block chain can verify whether the issuing quantity of each bank note sending line is in the issuing range on the premise of not revealing sensitive information such as the identity of the bank note sending line, the bank note sending quantity and the like. The characteristic ensures that the digital currency of the central bank inherits the advantage of the common encrypted currency for preventing the expansion of large-scale currency, and the public has the right to monitor the issue volume of the bank-issuing bank, thereby being beneficial to the popularization and the circulation of the digital currency of the central bank.
3. Comparative experiment: the test environment is a system ubuntu16.04, a memory 16GB DDR 31600 MHz and a CPUi7-4790@3.6GHz quad-core, and the following two algorithms are realized by using C + + and tested. Aiming at a range certification algorithm, the encryption of a plaintext takes 3ms, the decryption takes 4ms, and the length of a ciphertext is 457 bytes; for the trusted issue quantity attestation algorithm, the proof of verification only needs 9ms, and the proof size is 288 bytes fixed. Therefore, the scheme has the operation speed of millisecond level, has better performance, can meet the practical application and has stronger practicability.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
Firstly, the method comprises the following steps: range-proof cryptographic algorithm
First, a scope-proving cryptographic algorithm is described, in which the private key of the bank-note issuing bank is SK ═ SK (SK)1,skx) Wherein sk1Is part of private key, generated by the central bank according to the identity information of the bank-note-sending bank, skxAnd dynamically hiding the transformed private key for each identity in the block chain. The public key corresponding to SK is PK ═ PK1,pkx),pk1By sk1Generation of pkxBy skxAnd (4) generating. Wherein the public and private key pair (sk)1,pk1) Key pair for authenticating public and private identitiesRemains unchanged and public key pk1Only the bank note sending row and the central row know, and the bank note sending row is bound with the identity of the bank note sending row; public and private key pair (sk)x,pkx) Is a public and private key pair in the traditional block chain and is dynamically hidden under the control of a bank-note issuing bank, and each dynamic hiding represents a public and private key pair (sk)x,pkx) And (4) transforming.
The algorithm comprises the following steps:
1) system setup
Inputting a safety parameter lambda, selecting a basic domain F at the centre rowqWherein q is a large prime number, and q is>2λ. Selecting a definition in FqElliptic curve E (F) ofq) And E (F)q) The order of the above generator P is a large prime number n. Then, six hash functions are selected at the central row
Figure BDA0002306191780000061
H1:E(Fq)×E(Fq)→{0,1}w,H2,H3,H4:{0,1}w→{0,1}wAnd
Figure BDA0002306191780000062
w is a positive integer which is a whole number,
Figure BDA0002306191780000063
is an integer cyclic group with a maximum value of n-1, n-1 is a cyclic group
Figure BDA0002306191780000064
Maximum value of (2). At the same time, the central row also selects a symmetric encryption function Esk() And its corresponding decryption function Dsk() Where sk denotes a symmetric key. Next, the central row generates its own identity-authenticating public-private key pair(s)c,Pc) Wherein the private key
Figure BDA0002306191780000065
Public key Pc=scP. Private and public key pairs(s) generated in blockchains by the central rowc2,Pc2) Wherein the private key
Figure BDA0002306191780000066
Public key Pc2=sc2P. Finally, the central bank publishes to the bank-issuing bank the common parameter pp ═ { q, E (F)q),n,Pc,Pc2,H0,H1,H2,H3,H4,H5E, D and specifies the amount of money issued by the bank of banknotes.
2) Extracting part of the private key
The ID of the bank note sending line A belongs to {0,1}*As an input, calculate QID ═ H in the central row0(ID) and the identity authentication private key sk corresponding to the bank-note issuing bank AA=scQID and identity authentication public key PKA=skAP. Next, the master row sends an authentication public and private key pair (sk) to the bank-issuing row A via a secure channelA,PKA)。
3) Setting a complete private key
Bank note dispensing line a random selection
Figure BDA0002306191780000071
And calculate PKx=skxP, as a public and private key pair of the block chain for the current bank note. The complete private key of bank note issuing bank A is (sk)A,skx) The complete public key is (PK)A,PKx). Wherein the identity authenticates a public and private key pair (sk)A,PKA) The block chain is fixed and not disclosed, and the public and private key pair (sk) is changed every time the bank note is sentx,PKx) And dynamically hiding the identity in the block chain.
4) Issued quantity signcryption
In order to keep the issue volume v of the bank a secret at the block chain, but is disclosed for the central row and the bank a. Using the multi-receiver signcryption technique, the central line and the bank note issuer a can decrypt the ciphertext. The private key of the bank note issuing bank A is (sk)A,skx) The public key is (PK)A,PKx) The public key of the mother row is (P)c,Pc2). Bank note issuing bank A to issuing quantity v and identity information PKAThe following operations are performed to obtain a ciphertext CT:
a) randomly selecting sigma e to {0,1}wCalculating r ═ H1(σ,PKA),U=r·P。
b) Calculating FA=r·PKx,KA=r·PKAAnd TA=H1(KA,FA),Fc=r·Pc2,Kc=r·PcAnd Tc=H1(Kc,Fc)。
c) Calculating Ci(i∈{A,c}),
Figure BDA0002306191780000072
| represents a join operation; wherein A represents a bank note sending row, C represents a central row, namely C is obtained by calculating the bank note sending row and the central row respectivelyA、Cc
d) Calculating the symmetric key sk ═ H4(σ), and V ═ Esk(v),Γ=Esk(PKA)。
e) Calculating H ═ H5(U,V,Γ,PKA,PKx),H′=H6(U,V,Γ,PKA,PKx),W=skA+r*H+skx*H′,Λ=H5(v,σ,CA,Cc,V,Γ,U,W)。
f) Set the ciphertext CT ═<(CA,Cc),V,Γ,W,U,Λ>The banknote-issuing transaction tx ═ PKxCT, Δ), Δ represents the data structure that needs to be implemented to prevent ductility attacks, such as signing transactions. The bank note issuing bank a issues the bank note transaction tx onto the blockchain.
5) Decryption of an issued volume
The central row firstly extracts the cryptograph CT from the bank note-sending transaction tx issued on the block chain<(CA,Cc),V,Γ,W,U,Λ>The central row and the banknote-dispensing row a may use their private keys (s in the example of the central row (s))c,sc2) ) the following operations are performed:
a) calculating K ═ sc·U,F=sc2·U,T=H1(K, F) and H2(T)。
b) By H2(T) by Ci=H2(T) | | Y finds Ci(i ∈ { A, C }), Y denotes CiRemove H2The remainder after (T). For the central line and the bank note sending line, only the ciphertext of the central line is matched during decryption, and the central line is matched with the CcBank note dispensing line matching CA(ii) a Taking the central row as an example, only C needs to be truncatedcRemoving H2The remainder after (T) giving Y, e.g. Cc=1001,H2When (T) is 10, then Y is 01.
c) Computing
Figure BDA0002306191780000081
d) Set sk ═ H4(σ), get v ═ Dsk′(V),PKA′=Dsk′(Γ),H=H5(U,V,Γ,PKA′,PKx),H′=H5(U,V,Γ,PKA′,PKx),Λ′=H5(v′,σ,CA,Cc,V,Γ,U,W)。
e) Critical row finding PKA' a corresponding bank-note issuing bank, determining whether the transaction was initiated by a legitimate bank-note issuing bank, and if Λ ═ Λ and PKA′+U·H+PKxH-P-W, the issue volume v and the bank identity PK are specifiedANot tampered, otherwise "rejected".
f) For efficiency (avoiding traversal of blocks by the central row) and publicly verifiable use, the central row maintains a remaining delivery commitment (detailed description of the trusted delivery certification algorithm) for a bank of banknotes, determines whether the bank of banknotes has sufficient delivery, updates the commitment if any, and "rejects" otherwise.
And a second module: trusted issue quantity certification algorithm
The following introduces a credible issuing quantity certification algorithm, and the main idea is that a user carries out validity verification of issuing quantity on the issuing transaction of the local block under the condition that the identity and the issuing amount of the issuing bank are unknown, and judges whether the issuing bank excessively issues money or not, so that the issuing behavior of the issuing bank is trusted. In the following description, there will be a promise List of the remaining amount of the banknote-sending row maintained and issued by the central row C, the banknote-sending row i ∈ A, B [ ], and the central rowi=HASH(PKi‖HASHhead‖Balancei) (wherein PKiFor the body of the bank-note dispenserHASH which authenticates public keys and is not open to the outsideheadThe Hash value of the block where the bank note sending transaction is located is used for ensuring randomness, and the bank note sending transaction of the block without the bank note sending transaction line is prevented, namely BalanceiThe remaining amount of money dispensed for that row), the user.
When a bank note sending transaction is sent by a bank note sending bank, the bank note sending bank carries out validity verification of the bank note sending amount on the transaction, and generates a proof containing non-interactive zero knowledge and a new credible proof transaction of the acceptance of the surplus of the bank note sending bank aiming at a block where the transaction is located, so that a user can carry out validity verification of the issuing amount on the bank note sending transaction in the block under the condition that the user does not know which bank note sending bank the transaction originates from and the issuing amount is hidden.
To simplify the description of the algorithm, assume
Figure BDA0002306191780000082
old represents the previous block with the money-sending transaction, new represents the current block and the money-sending transaction in the block is tx1…txjAnd j is the number of the banknote-issuing transactions in the block. The algorithm of the invention uses the Pinocchio protocol proposed by Bryan Parno et al as a non-interactive zero knowledge proof algorithm, and details of the algorithm are not described again. To simplify the description of the algorithm, assume that there are two bank note issuing rows i { i ∈ A, B }, as described below:
1) system setup
Inputting a security parameter lambda to the central bank, generating a Circuit with a security factor lambda which satisfies the certificate of authenticity of the banknote-dispensing transaction, generating a certificate key and a verification key (pk)proof,vkproof):=KeyGen(1λCircuit) and discloses a security parameter lambda, a trusted Circuit, a proof key pkproofAnd an authentication key vkproof
2) Initializing bank note dispensing line residual amount list
Distributing the total Sum Sum of each bank-note-sending rowi{ i belongs to A and B }, then a committed transaction is initiated, and the transaction information comprises an initial remaining amount list of the bank-note sending bank
Figure BDA0002306191780000091
Wherein
Figure BDA0002306191780000092
The hash value of the newest chunk in the longest chunk chain at the time of initiation of the commitment transaction. The list information does not reveal the identity of the dispensing bank and the remaining amount of the dispensing amount.
3) Generating bank note issuing transaction confidence certificate
The CCU chain obtains the issue amount v according to the range certification algorithmiCalculating the promise of the remaining amount of the new bank-note-issuing bank
Figure BDA0002306191780000093
And generating two zero proof of knowledge pii{ i belongs to A and B }, and the generation process is as follows:
a) is provided with
Figure BDA0002306191780000094
txjFor the jth banknote-dispensing transaction,
Figure BDA0002306191780000095
the promise of the residual amount after the previous block is sent is carried out for the sending bank note row i,
Figure BDA0002306191780000096
is the header hash value of the previous block (the block and
Figure BDA0002306191780000097
the previous block is the same block);
Figure BDA0002306191780000098
is the header hash value of the current block (the block and
Figure BDA0002306191780000099
the current block is the same block).
b) Is provided with
Figure BDA00023061917800000910
Wherein(s)c,sc2) The private key of the central row is the private key of the central row,
Figure BDA00023061917800000911
the left amount of the sent bank notes after the bank note sending row i sends the bank notes of the previous block,
Figure BDA00023061917800000912
and (4) the bank note dispensing surplus after the bank note dispensing of the current block is finished is performed for the bank note dispensing row i.
c) Generating zero knowledge proof pii:=Prove(pkproof,xi,ai) Wherein x isiAs a public input, aiAs private input, i ∈ a, B, proof.
d) Generating credential transactions and broadcasting
Figure BDA00023061917800000913
Δ represents the data structure that needs to be implemented to prevent a ductility attack, such as signing a transaction.
4) Verifying attestation of trustworthiness
After the user has obtained the proof of trust transaction tx from the block, the issuing amount of the bank issuer can be verified by the following process:
a) extraction from tx
Figure BDA00023061917800000914
Finding out the credible certification transaction corresponding to the block, if old is 0, finding out the initially issued committed transaction, and extracting the committed transaction
Figure BDA00023061917800000915
b) Extraction from tx
Figure BDA00023061917800000916
Find out the bank note transaction in the corresponding block as tx1…txjAnd j represents the total number of dispensing transactions in the block.
c) Is provided with
Figure BDA00023061917800000917
d) Calculation of bi:=Verify(vkproof,xii) If the verification is successful b i1, otherwise equal to 0.
e) Output bA∧bB. The output equals 1 and the user believes that the dispensing transaction in block new is within legal limits.
The premise of zero knowledge proof of the algorithm is that the central bank issues an initial issuance amount acceptance, and then the trusted transactions verified by users judge whether the issuance amount of the money-sending bank is within the initial acceptance range based on the acceptance, if the issuance amount of the money-sending bank needs to be dynamically increased, the issuance amount acceptance is issued once again as in step 2, and the difference from the initial acceptance is that the block hash value in the dynamic issuance amount acceptance is the one in the last trusted transaction
Figure BDA0002306191780000101
Through the range certification cipher algorithm and the credible issuing amount certification algorithm, the bank-note issuing bank can dynamically hide the identity and does not reveal the issuing amount, and the user can carry out legality verification on the behavior of the bank-note issuing bank under the conditions that the bank-note issuing bank to which the bank-note issuing transaction belongs cannot be judged, the issuing amount cannot be read and the issuing amount is unknown.
Although specific details of the invention, algorithms and figures are disclosed for illustrative purposes, these are intended to aid in the understanding of the contents of the invention and the implementation in accordance therewith, as will be appreciated by those skilled in the art: various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. The invention should not be limited to the preferred embodiments and drawings disclosed herein, but rather should be defined only by the scope of the appended claims.

Claims (10)

1. A digital money issuance amount control method comprising the steps of:
1) root of CornusGenerating a corresponding identity authentication private key sk for each set bank note sending row according to the identity information of each set bank note sending row1And the public key pk1And sends the bank note to the corresponding set bank note sending bank note line through the secret transmission channel; randomly generating a private key sk used in the block chain every time the bank note bank is set to dispensexAnd the public key pkx(ii) a The private key of the bank note sending line is SK (SK ═1,skx) The public key is PK ═ PK1,pkx);
2) The bank note issuing bank carries out multi-receiver signature on the bank note issuing amount and the identity of the bank note issuing bank and attaches the signature information to the bank note issuing transaction information;
3) the central bank judges whether the bank note sending amount and the identity of the bank note sending bank are tampered according to the bank note sending transaction, and if the bank note sending bank is not tampered and the corresponding bank note sending bank has the required issuing amount, the bank note sending bank is allowed to issue the bank note sending amount; otherwise, the issue is denied.
2. The method according to claim 1, characterized in that the private key SK, the public key PK of the bank issuer is generated by:
11) selecting a safety parameter lambda and a basic domain FqWherein q is a large prime number and q > 2λ(ii) a Selecting a definition in FqElliptic curve E (F) ofq) And E (F)q) The order of the generating element P is a prime number n; selecting six hash functions
Figure FDA0002306191770000011
H1:E(Fq)×E(Fq)→{0,1}w、H2,H3,H4:{0,1}w→{0,1}wAnd
Figure FDA0002306191770000012
w is a positive integer, n-1 is a cyclic group
Figure FDA0002306191770000013
Maximum value of (1); selecting a symmetric encryption function Esk() And its corresponding decryption function Dsk() Where sk denotes a symmetric key;
12) generating own identity authentication public and private key pair(s) by the central rowc,Pc) And public and private key pairs(s) in blockchainsc2,Pc2) (ii) a Wherein the private key scPublic key Pc=scP, private key sc2Public key Pc2=sc2P; the central bank publishes a common parameter pp ═ { q, E (F) to each set bank-note-issuing bankq),n,Pc,Pc2,H0,H1,H2,H3,H4,H5E, D and specifying the amount of issue for the bank note issuing bank;
13) the identity ID of the bank note sending row A is used as input, and the QID (central velocity) is calculated0(ID) and the identity authentication private key sk corresponding to the bank-note issuing bank AA=scQID and identity authentication public key PKA=skAP; then the central row sends an identity authentication public and private key pair (sk) to the bank-note sending row A via a secure channelA,PKA);
14) Bank note dispensing line a random selection
Figure FDA0002306191770000014
And calculate PKx=skxP, as a public and private key pair of the block chain of the present bank note, obtains the complete private key SK of the bank note bank a (SK ═ P)A,skx) The complete public key PK ═ PK (PK)A,PKx) (ii) a Wherein the identity authenticates a public and private key pair (sk)A,PKA) The block chain is fixed and not disclosed, and the public and private key pair (sk) is changed every time the bank note is sentx,PKx)。
3. The method of claim 2 wherein the bank a is paired with the bank amount v and bank identity PKAThe method for carrying out multi-receiver signcryption comprises the following steps:
21) the bank note sending line A randomly selects sigma e {0,1}wCalculating r ═ H1(σ,PKA),U=r·P;
22) Calculating FA=r·PKx,KA=r·PKA,TA=H1(KA,FA),Fc=r·Pc2,Kc=r·PcAnd Tc=H1(Kc,Fc);
23) Computing
Figure FDA0002306191770000021
| represents a join operation;
24) calculating the symmetric key sk ═ H4(σ), and V ═ Esk(v),Γ=Esk(PKA);
25) Calculating H ═ H5(U,V,Γ,PKA,PKx),H′=H6(U,V,Γ,PKA,PKx),W=skA+r*H+skx*H′,Λ=H5(v,σ,CA,Cc,V,Γ,U,W);
26) Bank note bank a generates cipher text CT ═<(CA,Cc),V,Γ,W,U,Λ>And the bank note sending transaction tx ═ PKxCT, Δ) and issues the banknote dispensing transaction tx onto the blockchain; Δ represents the data structure that needs to be implemented to prevent ductility attacks.
4. The method as claimed in claim 3, wherein the step 3) is realized by:
31) the central row extracts the cipher text CT from the bank-note-sending transaction tx issued on the block chain<(CA,Cc),V,Γ,W,U,Λ>(ii) a Calculating K ═ sc·U,F=sc2·U,T=H1(K, F) and H2(T);
32) Through CA=H2Calculating (T) Y to obtain Y; y represents CARemove H2The remainder after (T);
33) computing
Figure FDA0002306191770000022
34) Set sk ═ H4(σ), calculating to obtain v' ═ Dsk′(V),PKA′=Dsk′(Γ),H=H5(U,V,Γ,PKA′,PKx),H′=H5(U,V,Γ,PKA′,PKx),Λ′=H5(v′,σ,CA,Cc,V,Γ,U,W);
35) Critical row finding PKA' the corresponding bank-note-issuing row judges whether the bank-note-issuing transaction tx is initiated by the bank-note-issuing row A, if so, the transaction is initiated by the bank-note-issuing row A and the transaction is initiatedA′+U·H+PKxH ═ P · W, the current issue volume v and the bank note issuing bank identity PK are determinedANot tampered, otherwise, refusing to issue;
36) judging whether the remaining issuing quantity of the bank note issuing row A meets the issuing quantity v or not according to the remaining issuing quantity promise of the bank note issuing row A, if so, updating the remaining issuing quantity promise of the bank note issuing row A and allowing the bank note issuing row A to issue the issuing quantity of the bank note; otherwise, the issue is denied.
5. The method of claim 2, wherein the complete public key for the central row is (P)c,Pc2) The complete private key is(s)c,sc2) (ii) a Wherein the private key
Figure FDA0002306191770000023
Private key
Figure FDA0002306191770000024
6. A digital currency issuance amount verification method, comprising the steps of:
1) generating a Circuit satisfying the bank-note-sending transaction credibility certification with a safety coefficient of lambda according to a safety parameter lambda by a central bank, and generating a certification key pkproofAnd an authentication key (pk)proof,vkproof):=KeyGen(1λCircuit) and discloses a security parameter lambda, a trusted Circuit, a proof key pkproofAnd an authentication key vkproof
2) Issue of each set bank note line iTotal SumiThen, a committed transaction is initiated, and the committed transaction comprises an initial remaining amount list of the bank note sending bank i
Figure FDA0002306191770000025
Wherein
Figure FDA0002306191770000026
Hash value, PK, of the newest block in the longest block chain at the time of initiation of the commitment transactioniA complete public key of the bank note issuing bank i;
3) a chain of monitoring blocks for the central row, from which an amount of issue v is derived when a banknote-dispensing transaction is found to occur in the new block newiCalculating the new acceptance of the remaining amount of the bank-note bank i
Figure FDA0002306191770000031
And generating a plurality of non-interactive zero knowledge proofs, a non-interactive zero knowledge proof piiIs a non-interactive zero knowledge proof of the bank note sending row i; then packaging the non-interactive zero knowledge proof of the bank note sending bank i and the updated remaining bank note sending amount commitment into a transaction tx for issuing;
4) and after obtaining the transaction tx from the block, the verifier verifies the validity of all the banknote-issuing transactions in the block to which the transaction points.
7. The method of claim 6, wherein generating a zero knowledge proof piiThe method comprises the following steps:
11) is provided with
Figure FDA0002306191770000032
txjFor the jth banknote-dispensing transaction,
Figure FDA0002306191770000033
the promise of the residual amount after the previous block is sent is carried out for the sending bank note row i;
12) is provided with
Figure FDA0002306191770000034
Wherein(s)c,sc2) The private key of the central row is the private key of the central row,
Figure FDA0002306191770000035
the left amount of the sent bank notes after the bank note sending row i sends the bank notes of the previous block,
Figure FDA0002306191770000036
the bank note dispensing surplus of the bank note dispensing row i after the bank note dispensing of the current block is finished;
13) generating zero knowledge proof pii:=Prove(pkproof,xi,ai)。
8. The method of claim 6 or 7, wherein the verifier, after obtaining the transaction tx from the block, verifies the validity of all the banknote-issuing transactions in the block to which the transaction is directed by:
21) the verifier extracts from the transaction tx
Figure FDA0002306191770000037
Finding out the credible certification transaction corresponding to the block, if old is 0, finding out the initially issued committed transaction, and extracting the committed transaction
Figure FDA0002306191770000038
22) Extraction from tx
Figure FDA0002306191770000039
Finding out the banknote-issuing transaction tx in the corresponding block1...txj
23) Is provided with
Figure FDA00023061917700000310
24) Calculation of bi:=Verify(vkproof,xi,πi) If the verification is successful bi1, otherwise equal to 0;
25) output bA∧bBIf the output equals 1, then the banknote dispensing transaction in block new is determined to be within legal limits.
9. The method of claim 6, wherein a new bank note dispensing line remaining commitment
Figure FDA00023061917700000311
10. The method of claim 6, wherein the verifier is a bank of banknotes or a user.
CN201911240879.6A 2019-12-06 2019-12-06 Digital currency issue total amount control method and verification method Active CN110992010B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911240879.6A CN110992010B (en) 2019-12-06 2019-12-06 Digital currency issue total amount control method and verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911240879.6A CN110992010B (en) 2019-12-06 2019-12-06 Digital currency issue total amount control method and verification method

Publications (2)

Publication Number Publication Date
CN110992010A true CN110992010A (en) 2020-04-10
CN110992010B CN110992010B (en) 2023-05-16

Family

ID=70090650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911240879.6A Active CN110992010B (en) 2019-12-06 2019-12-06 Digital currency issue total amount control method and verification method

Country Status (1)

Country Link
CN (1) CN110992010B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285546A (en) * 2021-11-24 2022-04-05 淮阴工学院 Heterogeneous signcryption communication method capable of being used in vehicle-mounted ad hoc network

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150356523A1 (en) * 2014-06-07 2015-12-10 ChainID LLC Decentralized identity verification systems and methods
CN107392605A (en) * 2017-06-26 2017-11-24 中国人民银行数字货币研究所 The distributing method and system of digital cash
US20180268382A1 (en) * 2017-03-20 2018-09-20 Steven Victor Wasserman Blockchain digital currency: systems and methods for use in enterprise blockchain banking
CN108765129A (en) * 2018-05-17 2018-11-06 北京众享比特科技有限公司 Traditional bank assets distribution based on block chain and system for settling account and method
CN108881164A (en) * 2017-05-16 2018-11-23 江峰 A kind of multicenter finite field block chain Verification System of band sovereignty currency issue mechanism and block chain issue mechanism
CN109191123A (en) * 2018-08-10 2019-01-11 中国工商银行股份有限公司 A kind of digital cash is issued as agent amount control system and method
US20190102756A1 (en) * 2002-10-01 2019-04-04 Andrew H B Zhou Un currency (virtual payment cards) issued by central bank or other issuer for mobile and wearable devices
CN110383311A (en) * 2018-11-07 2019-10-25 阿里巴巴集团控股有限公司 Supervise the transaction of block chain secret

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190102756A1 (en) * 2002-10-01 2019-04-04 Andrew H B Zhou Un currency (virtual payment cards) issued by central bank or other issuer for mobile and wearable devices
US20150356523A1 (en) * 2014-06-07 2015-12-10 ChainID LLC Decentralized identity verification systems and methods
US20180268382A1 (en) * 2017-03-20 2018-09-20 Steven Victor Wasserman Blockchain digital currency: systems and methods for use in enterprise blockchain banking
CN108881164A (en) * 2017-05-16 2018-11-23 江峰 A kind of multicenter finite field block chain Verification System of band sovereignty currency issue mechanism and block chain issue mechanism
CN107392605A (en) * 2017-06-26 2017-11-24 中国人民银行数字货币研究所 The distributing method and system of digital cash
CN108765129A (en) * 2018-05-17 2018-11-06 北京众享比特科技有限公司 Traditional bank assets distribution based on block chain and system for settling account and method
CN109191123A (en) * 2018-08-10 2019-01-11 中国工商银行股份有限公司 A kind of digital cash is issued as agent amount control system and method
CN110383311A (en) * 2018-11-07 2019-10-25 阿里巴巴集团控股有限公司 Supervise the transaction of block chain secret

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
OMAR ABDULKADER;等: "IBMSDC: Intelligent Blockchain based Management System for protecting Digital Currencies Transactions" *
周雷;陈捷;: "国家数字货币应用区块链技术初探" *
姚前;: "中央银行数字货币原型系统实验研究" *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285546A (en) * 2021-11-24 2022-04-05 淮阴工学院 Heterogeneous signcryption communication method capable of being used in vehicle-mounted ad hoc network
CN114285546B (en) * 2021-11-24 2023-12-12 淮阴工学院 Heterogeneous signcryption communication method applicable to vehicle-mounted ad hoc network

Also Published As

Publication number Publication date
CN110992010B (en) 2023-05-16

Similar Documents

Publication Publication Date Title
CN109360100B (en) Transaction rapid confirmation method and device based on block chain technology
CN106911470B (en) Bit currency transaction privacy enhancement method
AU705406B2 (en) Secret-key certificates
JP2023109981A (en) Computer-implemented system and method for authorizing blockchain transaction with low-entropy password
CN107392603B (en) Transaction method and apparatus using digital money
JP2019537744A (en) Information protection system and method
US20160248735A1 (en) Method and apparatus for verifiable generation of public keys
Yi et al. A new blind ECDSA scheme for bitcoin transaction anonymity
CN112733163B (en) Monitorable zero-knowledge proof method and device based on discrete logarithm equality proof
Chen et al. A novel electronic cash system with trustee-based anonymity revocation from pairing
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
WO1999026207A1 (en) Digital coin tracing using trustee tokens
CN107908932B (en) Digital currency anti-counterfeiting and verification method, system and equipment based on L algorithm
Tomescu et al. Utt: Decentralized ecash with accountable privacy
CN108494559B (en) Electronic contract signing method based on semi-trusted third party
CN110599164B (en) Supervision-capable quick payment method for any payee under chain
CN113468570A (en) Private data sharing method based on intelligent contract
CN114666032B (en) Block chain transaction data privacy protection method based on homomorphic encryption
Guo et al. MRCC: a practical covert channel over Monero with provable security
CN108712259A (en) Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data
JPH11508707A (en) Restricted blind certificate on private key
CN111539719B (en) Audit coin-mixing service method and system model based on blind signature
CN110992010B (en) Digital currency issue total amount control method and verification method
Verbücheln How perfect offline wallets can still leak bitcoin private keys
CN117036027A (en) Green power consumption authentication data processing method based on block chain and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant