CN110855631A - Monitorable zero knowledge verification method and system in block chain and storage medium - Google Patents

Abstract

The invention discloses a method, a system and a storage medium for verifying supervision zero knowledge in a block chain, wherein the method comprises the following steps: generating a public and private key pair by a supervisor, and broadcasting a public key to a block chain whole network; generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by a certification party according to the public key broadcast by the supervision party and the transaction information between the first node and the second node; broadcasting the information abstract, the certification file and the encrypted ciphertext to a block chain whole network; according to the certification document, performing validity verification on the transaction through a verifying party; decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext; and checking the authenticity of the transaction by the supervisor according to the plain text and the information abstract. The invention ensures the privacy of the proving party, reduces the calculation amount of the verifying party, enables the monitoring party to effectively realize the monitoring requirement, simultaneously ensures the correctness of the information, and can be widely applied to the technical field of block chains.

Description

Monitorable zero knowledge verification method and system in block chain and storage medium

Technical Field

The invention relates to the technical field of block chains, in particular to a method, a system and a storage medium for verifying supervision zero knowledge in a block chain.

Background

In blockchain, each transaction is essentially a general purpose computation, and the validation of the validity of the transaction is actually a validation of the correctness of the general purpose computation. And converting the general calculation into a calculation logic circuit according to the calculation steps, constraining each circuit gate, formalizing and unifying the constraints of all the circuit gates, and integrating to form a rank-one constraint system. The correctness of the general computation is converted into the satisfiability of a rank-one constraint system. The rank-one constraint system is converted into a polynomial representation, and the correctness of the general calculation is converted into the correctness of the polynomial again. By sampling and verifying the value of the polynomial on the domain of definition, the correctness verification of general calculation and the correctness verification of transaction are realized. In the process, the legality of the transaction can be verified by the verifying party on the premise of not obtaining any transaction related information through a cryptography scheme, so that privacy protection is realized, namely a traditional zero-knowledge proof scheme.

In the above-described conventional zero-knowledge proof scheme, the transaction information is completely hidden and invisible to the verifying party, although privacy protection and private transaction are achieved. However, in an actual landing scene, a supervision role often exists. For transactions which adopt zero knowledge proof, the supervision party can not know the transaction details, and the supervision purpose can not be achieved naturally.

Disclosure of Invention

In view of this, embodiments of the present invention provide a method, a system, and a storage medium for verifying zero knowledge that can be monitored in a block chain, so that a monitor can monitor transaction details.

In a first aspect, an embodiment of the present invention provides a method for verifying a policable zero knowledge in a block chain, including the following steps:

generating a public and private key pair by a supervisor, and broadcasting a public key to a block chain whole network;

generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by a certification party according to the public key broadcast by the supervision party and the transaction information between the first node and the second node;

broadcasting the information abstract, the certification file and the encrypted ciphertext to a block chain whole network;

according to the certification document, performing validity verification on the transaction through a verifying party;

decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and checking the authenticity of the transaction by the supervisor according to the plain text and the information abstract.

Further, the step of generating, by the proving party, an information digest, a proof file, and an encrypted ciphertext corresponding to the transaction information according to the public key broadcast by the monitoring party and the transaction information between the first node and the second node includes the steps of:

determining a transaction equation between a first node and a second node, the transaction equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

calculating, by the proving party, an information digest of the transaction equation through a single information digest function;

encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and sampling and proving the transaction according to the transaction equation and the information abstract to generate a proving file.

Further, the step of sampling and proving the transaction according to the transaction equation and the information abstract to generate a certificate file comprises the following steps:

converting the calculation process of the transaction equation and the information abstract into a logic circuit;

converting the logic circuit into a rank-one constraint system;

converting the rank-one constraint system into a polynomial constraint system;

and sampling the polynomial constraint system based on the preset ozone points to prove and generate a certificate.

Further, the step of checking the authenticity of the transaction by the supervisor based on the plain text and the message digest comprises the steps of:

carrying out abstract calculation on a plaintext;

and checking the abstract calculation result of the plaintext and the information abstract to obtain an authenticity check result.

In a second aspect, an embodiment of the present invention further provides a system for verifying policable zero knowledge in a blockchain, including:

the key pair generation module is used for generating a public and private key pair through a supervisor and broadcasting a public key to the block chain whole network;

the transaction module is used for generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by the certification party according to the public key broadcast by the supervisor and the transaction information between the first node and the second node;

the broadcast module is used for broadcasting the information abstract, the certification file and the encrypted ciphertext to the block chain whole network;

the validity verification module is used for verifying the validity of the transaction by a verifier according to the certification document;

the decryption module is used for decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and the authenticity checking module is used for checking the authenticity of the transaction by the supervisor according to the plaintext and the information abstract.

Further, the transaction module includes:

a trade equation determination unit for determining a trade equation between the first node and the second node, the trade equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

the abstract calculation unit is used for calculating the information abstract of the transaction equation by the proving party through a single information abstract function;

the encryption unit is used for encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and the sampling certification unit is used for sampling and certifying the transaction according to the transaction equation and the information abstract to generate a certification file.

Further, the sampling certification unit includes:

the first conversion unit is used for converting the calculation process of the transaction equation and the information abstract into a logic circuit;

the second conversion unit is used for converting the logic circuit into a rank-one constraint system;

the third conversion unit is used for converting the rank-one constraint system into a polynomial constraint system;

and the certification file generating unit is used for sampling and certifying the polynomial constraint system based on the preset ozone points and generating a certification file.

Further, the authenticity verification module comprises:

the computing unit is used for carrying out abstract computation on a plaintext;

and the verification unit is used for verifying the abstract calculation result of the plaintext with the information abstract to obtain an authenticity verification result.

In a third aspect, an embodiment of the present invention further provides a system for verifying supervised zero knowledge in a blockchain, including:

at least one processor;

at least one memory for storing at least one program;

when executed by the at least one processor, cause the at least one processor to implement the method for zero knowledge validation that is policable in a blockchain.

In a fourth aspect, embodiments of the present invention further provide a storage medium having stored therein processor-executable instructions, which when executed by a processor, are configured to perform the method for supervised zero knowledge validation in blockchains.

One or more of the above-described embodiments of the present invention have the following advantages: firstly, generating and broadcasting an information abstract, a certification file and an encrypted ciphertext corresponding to transaction information to a block chain whole network according to a public key broadcasted by a supervisor; then, according to the certification document, the validity of the transaction is verified through a verifying party; then, according to the private key, the monitoring party decrypts the encrypted ciphertext to obtain a plaintext; finally, according to the plain text and the information abstract, a supervisor checks the authenticity of the transaction; the invention ensures the privacy of the proving party, reduces the calculation amount of the verifying party in the verifying process, ensures that the monitoring party can effectively realize the monitoring requirement, and simultaneously guarantees the correctness of the information.

Drawings

FIG. 1 is a flowchart illustrating the overall steps of an embodiment of the present invention.

Detailed Description

The invention will be further explained and explained with reference to the drawings and the embodiments in the description. The step numbers in the embodiments of the present invention are set for convenience of illustration only, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adaptively adjusted according to the understanding of those skilled in the art.

Referring to fig. 1, an embodiment of the present invention provides a method for verifying a policable zero knowledge in a blockchain, including the following steps:

generating a public and private key pair by a supervisor, and broadcasting a public key to a block chain whole network;

generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by a certification party according to the public key broadcast by the supervision party and the transaction information between the first node and the second node;

broadcasting the information abstract, the certification file and the encrypted ciphertext to a block chain whole network;

according to the certification document, performing validity verification on the transaction through a verifying party;

decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and checking the authenticity of the transaction by the supervisor according to the plain text and the information abstract.

Further, as a preferred embodiment, the step of generating, by the proving party, an information digest, a proof file, and an encrypted ciphertext corresponding to the transaction information according to the public key broadcast by the supervising party and the transaction information between the first node and the second node includes the following steps:

determining a transaction equation between a first node and a second node, the transaction equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

calculating, by the proving party, an information digest of the transaction equation through a single information digest function;

encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and sampling and proving the transaction according to the transaction equation and the information abstract to generate a proving file.

Further, as a preferred embodiment, the step of sampling and certifying the transaction according to the transaction equation and the information summary to generate a certification file includes the following steps:

converting the calculation process of the transaction equation and the information abstract into a logic circuit;

converting the logic circuit into a rank-one constraint system;

converting the rank-one constraint system into a polynomial constraint system;

and sampling the polynomial constraint system based on the preset ozone points to prove and generate a certificate.

Further as a preferred embodiment, the step of checking the authenticity of the transaction by the regulator based on the plain text and the message digest comprises the steps of:

carrying out abstract calculation on a plaintext;

and checking the abstract calculation result of the plaintext and the information abstract to obtain an authenticity check result.

Corresponding to the method, the embodiment of the invention also provides a system for verifying the supervision zero knowledge in the block chain, which comprises the following steps:

the key pair generation module is used for generating a public and private key pair through a supervisor and broadcasting a public key to the block chain whole network;

the transaction module is used for generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by the certification party according to the public key broadcast by the supervisor and the transaction information between the first node and the second node;

the broadcast module is used for broadcasting the information abstract, the certification file and the encrypted ciphertext to the block chain whole network;

the validity verification module is used for verifying the validity of the transaction by a verifier according to the certification document;

the decryption module is used for decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and the authenticity checking module is used for checking the authenticity of the transaction by the supervisor according to the plaintext and the information abstract.

Further as a preferred embodiment, the transaction module comprises:

a trade equation determination unit for determining a trade equation between the first node and the second node, the trade equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

the abstract calculation unit is used for calculating the information abstract of the transaction equation by the proving party through a single information abstract function;

the encryption unit is used for encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and the sampling certification unit is used for sampling and certifying the transaction according to the transaction equation and the information abstract to generate a certification file.

Further as a preferred embodiment, the sampling certification unit includes:

the first conversion unit is used for converting the calculation process of the transaction equation and the information abstract into a logic circuit;

the second conversion unit is used for converting the logic circuit into a rank-one constraint system;

the third conversion unit is used for converting the rank-one constraint system into a polynomial constraint system;

and the certification file generating unit is used for sampling and certifying the polynomial constraint system based on the preset ozone points and generating a certification file.

Further as a preferred embodiment, the authenticity check module comprises:

the computing unit is used for carrying out abstract computation on a plaintext;

and the verification unit is used for verifying the abstract calculation result of the plaintext with the information abstract to obtain an authenticity verification result.

Corresponding to the method, the embodiment of the invention also provides a system for verifying the supervision zero knowledge in the block chain, which comprises the following steps:

at least one processor;

at least one memory for storing at least one program;

when executed by the at least one processor, cause the at least one processor to implement the method for zero knowledge validation that is policable in a blockchain.

In accordance with a method, a storage medium having stored therein processor-executable instructions for performing the method of supervised zero knowledge validation in a blockchain when executed by a processor is provided.

The invention mainly aims to provide a method for supervising zero-knowledge proof in a block chain, which aims to protect privacy data such as transaction information and the like and simultaneously enable a supervisor to supervise.

In order to achieve the above object, the present invention provides a method for a blockchain private transaction and which can be decrypted by a prover-specific authorized administrator, the method comprising the steps of:

s 1: a supervisor generates a public and private key pair (pk, sk) and discloses a public key pk in a whole network;

s 2: for the transaction A transfers to B, the present embodiment reduces it to equation X, namely: the balance before A account transfer is equal to the balance after A account transfer and the account transfer amount;

s 3: the proving party obtains the hash (X) from the equation X through a single message digest function, and X-related information cannot be obtained through the hash (X) because the message digest function is unidirectional;

s 4: the proving party encrypts the general equation X by using the public key pk broadcast by the monitoring party to obtain a ciphertext E (pk, X), and the ciphertext can only be decrypted by the corresponding private key sk of the monitoring party;

s 5: the proving party converts the abstract calculation process of the general equation X and X into a logic circuit (X, hash (X));

s 6: the proving party converts the logic circuit (X, hash (X)) into a rank-one constraint system R1CS (X, hash (X));

s 7: the proving party converts the rank-one constraint system R1CS (X, hash (X)) into a polynomial constraint system QSP (X, hash (X));

s 8: the proving party performs sampling proof on QSP (X, hash (X)) through a preset secret sampling point, and generates proof file proof (X, hash (X)) according to the proof content;

s 9: the provo (X, hash (X)), hash (X), E (pk, X) are broadcast in the block chain at the same time by the proving party;

s 10: the verifier verifies the legality of the transaction through proof (X, hash (X));

s 11: the supervisor decrypts the ciphertext E (pk, X) through the private key sk to obtain a plaintext X, and performs summary calculation and hash (X) verification on the plaintext X to check the authenticity of plaintext information.

In the invention: the provo (X), the hash (X) and the E (pk, X) are provided by the proving party, the original information X is not leaked, and the privacy is protected.

In the invention: the verifier only needs to verify proof (X, hash (X)), thereby greatly reducing the calculated amount;

in the invention: the supervision party obtains the plaintext X to be supervised through E (pk, X), and the plaintext X is subjected to correctness verification through hash (X), so that the counterfeiting and the fraud are avoided.

In summary, the zero-knowledge proof method capable of being supervised in the block chain disclosed by the invention effectively protects the privacy of a prover by performing information summarization on a plaintext and including summary information and asymmetrically encrypted ciphertext information in the proof, so that the calculated amount of a verifier in the verification process is greatly reduced, the supervision requirement can be effectively met by the supervisor, and meanwhile, the accuracy of the information is guaranteed.

In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flow charts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.

Furthermore, although the present invention is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the described functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in a separate physical device or software module. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary for an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the invention, which is defined by the appended claims and their full scope of equivalents.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.

More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A supervised zero knowledge verification method in a block chain is characterized in that: the method comprises the following steps:

generating a public and private key pair by a supervisor, and broadcasting a public key to a block chain whole network;

generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by a certification party according to the public key broadcast by the supervision party and the transaction information between the first node and the second node;

broadcasting the information abstract, the certification file and the encrypted ciphertext to a block chain whole network;

according to the certification document, performing validity verification on the transaction through a verifying party;

decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and checking the authenticity of the transaction by the supervisor according to the plain text and the information abstract.

2. The method of claim 1, wherein the method comprises: the method comprises the following steps that according to a public key broadcasted by a supervisor and transaction information between a first node and a second node, a proving party generates an information abstract, a proving file and an encrypted ciphertext corresponding to the transaction information, and the method comprises the following steps:

determining a transaction equation between a first node and a second node, the transaction equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

calculating, by the proving party, an information digest of the transaction equation through a single information digest function;

encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and sampling and proving the transaction according to the transaction equation and the information abstract to generate a proving file.

3. The method of claim 2, wherein the method comprises: the step of sampling and proving the transaction according to the transaction equation and the information abstract to generate a certificate file comprises the following steps:

converting the calculation process of the transaction equation and the information abstract into a logic circuit;

converting the logic circuit into a rank-one constraint system;

converting the rank-one constraint system into a polynomial constraint system;

and sampling the polynomial constraint system based on the preset ozone points to prove and generate a certificate.

4. The method of claim 1, wherein the method comprises: said step of verifying the authenticity of the transaction by the supervisor based on said plaintext and said message digest comprises the steps of:

carrying out abstract calculation on a plaintext;

and checking the abstract calculation result of the plaintext and the information abstract to obtain an authenticity check result.

5. A supervised zero knowledge verification system in a blockchain, comprising: the method comprises the following steps:

the key pair generation module is used for generating a public and private key pair through a supervisor and broadcasting a public key to the block chain whole network;

the transaction module is used for generating an information abstract, a certification file and an encrypted ciphertext corresponding to the transaction information by the certification party according to the public key broadcast by the supervisor and the transaction information between the first node and the second node;

the broadcast module is used for broadcasting the information abstract, the certification file and the encrypted ciphertext to the block chain whole network;

the validity verification module is used for verifying the validity of the transaction by a verifier according to the certification document;

the decryption module is used for decrypting the encrypted ciphertext by the monitoring party according to the private key to obtain a plaintext;

and the authenticity checking module is used for checking the authenticity of the transaction by the supervisor according to the plaintext and the information abstract.

6. The system of claim 5, wherein the system comprises: the transaction module includes:

a trade equation determination unit for determining a trade equation between the first node and the second node, the trade equation being: the balance before the first node transaction is the balance after the first node transaction plus the transaction amount;

the abstract calculation unit is used for calculating the information abstract of the transaction equation by the proving party through a single information abstract function;

the encryption unit is used for encrypting the transaction equation according to the public key to obtain an encrypted ciphertext;

and the sampling certification unit is used for sampling and certifying the transaction according to the transaction equation and the information abstract to generate a certification file.

7. The system of claim 6, wherein: the sampling certification unit includes:

the first conversion unit is used for converting the calculation process of the transaction equation and the information abstract into a logic circuit;

the second conversion unit is used for converting the logic circuit into a rank-one constraint system;

the third conversion unit is used for converting the rank-one constraint system into a polynomial constraint system;

and the certification file generating unit is used for sampling and certifying the polynomial constraint system based on the preset ozone points and generating a certification file.

8. The system of claim 5, wherein the system comprises: the authenticity check module comprises:

the computing unit is used for carrying out abstract computation on a plaintext;

and the verification unit is used for verifying the abstract calculation result of the plaintext with the information abstract to obtain an authenticity verification result.

9. A supervised zero knowledge verification system in a blockchain, comprising: the method comprises the following steps:

at least one processor;

at least one memory for storing at least one program;

when executed by the at least one processor, cause the at least one processor to implement the method of supervised zero knowledge validation in blockchains as recited in any of claims 1-4.

10. A storage medium having stored therein instructions executable by a processor, the storage medium comprising: the processor-executable instructions, when executed by a processor, are for performing a zero knowledge validation method policeable in a blockchain as recited in any one of claims 1-4.

Images