CN115801259B

Movatterモバイル変換

Info

Publication number: CN115801259B
Application number: CN202211404263.XA
Authority: CN
Inventors: 马平; 兰春嘉
Original assignee: Shanghai Lingshuzhonghe Information Technology Co ltd
Current assignee: Shanghai Lingshuzhonghe Information Technology Co ltd
Priority date: 2022-11-10
Filing date: 2022-11-10
Publication date: 2023-06-09
Anticipated expiration: 2042-11-10
Also published as: CN115801259A; WO2024098589A1

Abstract

The technical scheme of the embodiment of the invention discloses a transaction supervision method, a device, electronic equipment and a storage medium. The method comprises the following steps: acquiring reference supervision data of at least two transaction participants corresponding to the transaction to be supervised from a blockchain; determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data; verifying the reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hidden ciphertext; if the verification is passed, determining a transaction initiator, a transaction receiver and a target resource transfer amount of the transaction to be supervised according to the target transaction random number, each public key and each amount random hidden ciphertext; and respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount. The technical scheme of the embodiment of the invention gives consideration to the privacy and the supervision of the related data of the transaction to be supervised.

Description

Transaction supervision method, device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of blockchain technologies, and in particular, to a method and apparatus for transaction supervision, an electronic device, and a storage medium.

Background

Transaction data on the blockchain is publicly transparent, and corresponding transaction data can be read from the blockchain using the transaction data identification.

However, part of transaction data on the blockchain is private data, and encryption processing is performed before uplink, so that the private data is prevented from being leaked. However, the transaction data that is encrypted cannot be effectively managed.

Therefore, how to realize effective supervision of relevant data of a transaction while guaranteeing privacy of relevant data of the transaction is needed to be solved.

Disclosure of Invention

The invention provides a transaction supervision method, a device, electronic equipment and a storage medium, which take privacy and supervision of relevant data of a transaction to be supervised into consideration.

According to an aspect of the present invention, there is provided a transaction supervision method, including:

acquiring reference supervision data of at least two transaction participants corresponding to the transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive party comprises a transaction initiator and a transaction receiver;

determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data;

Verifying the reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hidden ciphertext;

if the verification is passed, determining a transaction initiator, a transaction receiver and a target resource transfer amount of the transaction to be supervised according to the target transaction random number, each public key and each amount random hidden ciphertext;

and respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

According to another aspect of the present invention, there is provided a transaction supervision apparatus comprising:

the reference supervision data acquisition module is used for acquiring reference supervision data of at least two transaction participants corresponding to the transaction to be supervised from the blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive party comprises a transaction initiator and a transaction receiver;

the random number determining module is used for determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data;

the random number verification module is used for verifying the reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hidden ciphertext;

The transfer amount determining module is used for determining the target resource transfer amounts of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the amount random hidden ciphertext if verification is passed;

and the current balance updating module is used for respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

According to another aspect of the present invention, there is provided an electronic apparatus characterized by comprising:

one or more processors;

a memory for storing one or more programs;

the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the transaction policing method as described in any of the embodiments of the present invention.

According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a transaction supervision method according to any one of the embodiments of the present invention.

According to the technical scheme, the reference supervision data of at least two transaction participants corresponding to the transaction to be supervised are obtained from the blockchain; determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data; verifying the reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hidden ciphertext; if the verification is passed, determining a transaction initiator, a transaction receiver and a target resource transfer amount of the transaction to be supervised according to the target transaction random number, each public key and each amount random hidden ciphertext; respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount; and the privacy and the supervision of the related data of the transaction to be supervised are considered.

It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a method of transaction supervision provided in accordance with a first embodiment of the present invention;

FIG. 2 is a flow chart of a transaction supervision method according to a second embodiment of the present invention;

FIG. 3 is a flow chart of a method of transaction supervision provided in accordance with a third embodiment of the present invention;

FIG. 4 is a flow chart of a transaction supervision method according to a fourth embodiment of the present invention;

fig. 5 is a schematic structural diagram of a transaction supervision device according to a fifth embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device implementing a transaction supervision method according to an embodiment of the present invention.

Detailed Description

Embodiments of the present invention will be described in further detail below with reference to the drawings and examples. It should be understood that the particular embodiments described herein are illustrative only and are not limiting of embodiments of the invention. It should be further noted that, for convenience of description, only some, but not all of the structures related to the embodiments of the present invention are shown in the drawings.

Example 1

Fig. 1 is a flowchart of a transaction supervision method according to an embodiment of the present invention, where the method may be performed by a transaction supervision device, and the transaction supervision device may be implemented in hardware and/or software, and the transaction supervision device may be configured in an electronic device.

The transaction supervision method as shown in fig. 1 is applied to a transaction supervisor, and comprises the following steps:

s110, acquiring reference supervision data of at least two transaction participants corresponding to a transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive comprises a transaction initiator and a transaction receiver.

The transaction to be policed may be a resource transfer transaction performed by a transaction participant. The transaction to be supervised is executed and is stored with transaction related data such as reference supervision data on the blockchain, but is not yet supervised.

Wherein the transaction participants may be parties to the transaction to be supervised. Wherein the transaction participants may include a transaction executive and a transaction confusion; the transaction executive party, which is used for representing the executive party for actually executing the transaction to be supervised, can comprise a transaction initiator and a transaction receiver. Taking the transaction to be supervised as a resource transfer transaction as an example, the transaction initiator can be a resource transfer-out party, and the transaction receiver can be a resource transfer-in party. The transaction confusion party is used as a third party outside the transaction executive party to confuse the category of the transaction participation party. In practice, transaction confounding parties do not actually execute the transaction to be supervised. The transaction confusion party participates in the transaction to be supervised and can be confused with the category of the transaction executive party, so that the transaction participation party of the non-transaction to be supervised cannot confirm the category of the transaction executive party, and the privacy and the security of the transaction to be supervised are realized.

The reference administrative data may be the reference data required to supervise the transaction to be supervised. Wherein the reference regulatory data may include: public key, random number hidden ciphertext and quantitative random hidden ciphertext.

Wherein the public key may be used as an identity for identifying the party to the transaction. Alternatively, the public key may be obtained from a set of public keys of transaction participants preset on the blockchain.

The random number hiding ciphertext is an encryption result of a reference transaction random number adopted by a transaction initiator when the transaction initiator executes a transaction to be supervised to generate reference supervision data. The random number hidden ciphertext is generated by the transaction initiator and stored in the blockchain.

For example, the reference transaction random number may be generated by the transaction initiator by performing elliptic curve multiple point operation on the self-generated reference transaction random number and the elliptic curve generator. The reference transaction random number is generated based on a double elliptic curve deterministic pseudo-random number generator by adopting a first elliptic curve point and a second elliptic curve point. The elliptic curve generator may be preset and adjusted according to experience of a technician.

By way of example, the following formula may be employed for the transaction supervisor to generate a first elliptic curve point:

P＝p*G；

wherein, P is a first elliptic curve point, P is first preset privacy supervision data, G is an elliptic curve generator, and x is an elliptic curve multiple point operator.

For example, the following formula may be employed for the transaction supervisor to generate a second elliptic curve point;

Q＝q*G；

wherein Q is a second elliptic curve point; q is second preset privacy supervision data; g is an elliptic curve generator; * Is an elliptic curve multiple point operator.

Accordingly, the following formula may be employed for the transaction initiator to generate the reference transaction random number:

wherein, seed is a first preset private random number; z is Z_m = {0,1,2, … m-1}, m is a 128-bit large integer; p is a first elliptic curve point;

an abscissa x, which is the point (x, y) on the elliptic curve G; q is a second elliptic curve point; r is a reference transaction random number.

The amount random hiding ciphertext is an encryption result of the actual transfer resource amount in the transaction to be supervised. The generation modes of the random hiding ciphertext of the amounts of the different transaction participants are different, so that the category of the different transaction participants is determined through the random hiding ciphertext of the amounts.

Wherein the amount of the transaction obfuscator is randomly hidden with the ciphertext, and is generated based only on the reference transaction random number and the public key of the transaction obfuscator. Illustratively, the elliptic curve multiple point operation may be generated by performing an elliptic curve multiple point operation on the reference transaction random number and the public key of the transaction obfuscator.

Specifically, the following formula is adopted to determine the random hidden ciphertext of the transaction confusion party amount:

C_i ＝r*y_i wherein i=1, 2, n; and i not equal to l₀ ,l₁ ；

Wherein C is_i Randomly hiding ciphertext for the amount of the ith transaction confusion party; r is a reference transaction random number; y is_i A public key for the ith transaction obfuscator; * Is an elliptic curve multiple point operator; n is the total number of transaction participants; l (L)₀ Is a transaction initiator; l (L)₁ Is the transaction receiver.

The amount of the transaction executive party is randomly hidden with the ciphertext, and the ciphertext is generated based on the reference transaction random number, the public key of the transaction executive party and the actual resource transfer amount. For example, elliptic curve multiple point operation may be performed on the reference transaction random number and the public key of the transaction executive party to generate first ciphertext reference data; performing elliptic curve multiple point operation on the resource transfer amount and the elliptic curve generator to generate second ciphertext reference data; if the transaction executive party is the transaction initiating party, taking the difference value of the first ciphertext reference data and the second ciphertext reference data as the amount of the transaction initiating party to randomly hide the ciphertext; if the transaction executive party is the transaction receiver, taking the sum of the first ciphertext reference data and the second ciphertext reference data as the amount of the transaction executive party to randomly hide the ciphertext.

Specifically, the following formula may be used to determine the amount of randomly hidden ciphertext for the transaction initiator:

in the method, in the process of the invention,

randomly hiding ciphertext for the amount of the transaction initiator; b^* An actual resource transfer amount; g is an elliptic curve generator; r is a reference transaction random number; y is_l0 A public key that is the initiator of the transaction; * Is the elliptic curve multiple point operator, l₀ Is the transaction initiator.

Specifically, the following formula may be used to determine the amount of randomly hidden ciphertext for the transaction recipient:

in the method, in the process of the invention,

randomly hiding ciphertext for the amount of the transaction receiver; b^* An actual resource transfer amount; g is an elliptic curve generator; r is a reference transaction random number;

A public key for the transaction recipient; * Is an elliptic curve multiple point operator; l (L)₁ Is the transaction receiver.

S120, determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data.

The first preset privacy supervision data and the second preset privacy supervision data may be preset by the transaction supervisor in the blockchain creation stage. The target transaction random number is a transaction random number obtained by speculation of a transaction supervisor and corresponds to a reference transaction random number used when the transaction initiator generates a transaction to be supervised.

Specifically, the transaction supervisor can generate a target transaction random number through a hyperbolic deterministic pseudo-random number generator according to the first preset privacy supervision data and the second preset privacy supervision data.

S130, hiding the ciphertext according to the target transaction random number and the random number, and verifying the reference transaction random number used for generating the reference supervision data.

The reference transaction random number may be generated by the transaction initiator, itself secret preserving secret data used to generate the random number hidden ciphertext and the digital random hidden ciphertext. The reference transaction random number is verified, so that the authenticity of the reference supervision data of the transaction to be supervised can be equivalently verified. For example, the result of the elliptic curve multiple point operation performed by the target transaction random number and the elliptic curve generator may be compared with the random number hidden ciphertext; if the two are the same, the random number verification of the reference transaction is passed, namely the verification of the reference supervision data is passed; if the two are different, the reference transaction random number verification is not passed, namely the reference supervision data verification is not passed.

And S140, if the verification is passed, determining the target resource transfer amounts of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the amount random hidden ciphertext.

The target resource transfer amount is the amount of actually carrying out resource transfer in the transaction to be supervised.

And if the verification is passed, indicating that the reference supervision data of the transaction to be supervised is authentic. At this time, the random hidden ciphertext of each amount can be back calculated through the target transaction random number and each public key, so that the category of each transaction participant and the target resource transfer amount of the transaction executive party can be obtained. Wherein, the category of each transaction participant corresponds to the transaction executive party and the transaction confusing party; the transaction executive comprises a transaction initiator and a transaction receiver.

Specifically, if the verification of the reference transaction random number is passed, the category to which each transaction participant belongs can be distinguished according to the target transaction random number, each public key and each amount of randomly hidden ciphertext, so as to obtain a transaction confusion party and a transaction executive party; and the transaction executors are determined by public keys and elliptic curve generating elements of the transaction executors, the target resource transfer amount is reversely exhausted based on the random hiding ciphertext generating modes of the amounts of the transaction executors in different categories, and the corresponding categories of the transaction executors, namely the transaction initiator and the transaction executors, are determined in an auxiliary mode according to the exhaustion result of the target resource transfer amount.

S150, respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

Wherein the current resource balance may be the latest resource balance.

For example, a current resource balance for each transaction performer may be determined; wherein the current resource balance of the transaction executive is determined based on the registered resource amount of the transaction executive and the resource transferred amount of the historical supervised transaction obtained from the blockchain. And according to the target resource transfer amount, increasing the current resource balance of the transaction receiver and reducing the current resource balance of the transaction initiator.

In an alternative embodiment, the registered resource amount may be an initial resource amount of the transaction executive when registering on the blockchain, and the registered resource amount is taken as an initial value of the current resource amount; traversing each historical supervised transaction of the transaction executive party from the blockchain, and sequentially updating the current resource amount of the corresponding transaction executive party according to the actual resource transferred amount of each historical supervised transaction until traversing to the transaction to be supervised; and updating the resource transfer amount of the corresponding transaction executive party according to the target resource transfer amount of the transaction to be supervised.

According to the scheme, the current resource balance of each transaction executive party is determined, the current resource balance of the transaction receiver is increased according to the target resource transfer amount, and the current resource balance of the transaction initiator is reduced, so that the dynamic update of the current resource balance of each transaction executive party is realized, the registered resource amount of each transaction executive party and the resource transferred amount of the historical supervised transaction are utilized, the current resource balance of each transaction executive party is gradually determined, the current balance is updated according to the target resource transfer amount, and the accuracy of the updated current resource balance is ensured.

In order to avoid that the transaction supervisor needs to perform the traversal of the historical supervised transaction from the moment that the transaction executor participates in the blockchain network every time the current resource amount is determined, the current resource amount of each transaction executor can be stored in the transaction supervisor in advance, the transaction executor participates in executing the transaction every time, and after the executed transaction is used as the transaction to be supervised passes the supervision, the current resource amount of the corresponding transaction executor is dynamically updated according to the actual resource transfer amount of the local transaction to be supervised.

Specifically, the current resource balance of each transaction executive party is updated, namely the current resource balance of the transaction receiver is increased by the target resource transfer amount, so that the updated current resource balance of the transaction receiver is obtained. And reducing the current resource balance of the transaction initiator by the target resource transfer amount to obtain the updated current resource balance of the transaction initiator.

The current resource amount of each transaction executive party is stored in advance, the transaction executive party participates in executing the transaction each time, and after the executed transaction is monitored as the transaction to be monitored, the current resource amount of the corresponding transaction executive party is dynamically updated according to the actual resource transfer amount of the local transaction to be monitored, so that the efficiency of updating the current resource balance is improved.

According to the technical scheme, the target transaction random number is predicted through the preset first preset privacy supervision data and the preset second privacy supervision data; and verifying the reference transaction random number used for generating the reference supervision data according to the predicted target transaction random number and the random number hidden ciphertext acquired from the blockchain, so that the authenticity of the reference transaction random number acquired from the chain is effectively verified, and the authenticity of the transaction to be supervised is ensured. Under the condition that verification is passed, determining target resource transfer amounts of a transaction initiator, a transaction receiver and a transaction to be supervised according to target transaction random numbers, public keys and random hiding ciphertext of amounts, and respectively updating current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amounts, so that under the condition that the transaction to be supervised acquired on a chain is opaque, effective supervision on identity types of all transaction participants and the target resource transfer amounts is realized, and privacy and supervision performance of related data of the transaction to be supervised are considered.

Example two

Fig. 2 is a flowchart of a transaction supervision method according to a second embodiment of the present invention, where the operation of determining a transaction initiator, a transaction receiver, and a target resource transfer amount of a transaction to be supervised according to a target transaction random number, each public key, and each amount of randomly hiding ciphertext is refined to "determining a first transaction ciphertext to be verified of each transaction participant according to the target transaction random number and each public key" on the basis of each embodiment; taking a transaction participant corresponding to the transaction ciphertext to be verified, which is the same as the random hidden ciphertext of the corresponding amount, as a transaction confusion party; determining a transaction executive party according to the transaction confusion party; and determining the transaction initiator, the transaction receiver and the target resource transfer amount according to the target transaction random number, the public key of the transaction executive party and the second transaction reference ciphertext of the transaction executive party so as to perfect the effective supervision of the transaction self data of the transaction to be supervised. It should be noted that, in the embodiments of the present invention, parts that are not described in detail may be referred to in the related description of other embodiments.

Referring to the transaction supervision method shown in fig. 2, the transaction supervision method includes:

s210, acquiring reference supervision data of at least two transaction participants corresponding to a transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive comprises a transaction initiator and a transaction receiver.

S220, determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data.

S230, hiding the ciphertext according to the target transaction random number and the random number, and verifying the reference transaction random number used for generating the reference supervision data.

And S240, if verification is passed, determining a first transaction ciphertext to be verified of each transaction participant according to the target transaction random number and each public key.

For example, the first transaction cryptogram to be verified may be generated by elliptic curve multiple point operations on the target transaction random number and each public key.

Specifically, the following formula may be used to generate the first ciphertext to be validated for the transaction:

Ciphertext1_i ＝r'*y_i ；

in the formula, ciphertext1_i A first transaction ciphertext to be validated for an ith transaction participant; r' is a target transaction random number; y is_i A public key for the ith transaction participant; * Is an elliptic curve multiple point operator.

S250, taking the corresponding transaction participant of the first transaction ciphertext to be verified, which is the same as the corresponding amount random hidden ciphertext, as a transaction confusion party.

Illustratively, a first to-be-validated transaction Ciphertext1 of an ith transaction participant may be_i Random hiding ciphertext C with the amount of the ith transaction participant_i For comparison, if Ciphertext1_i ＝C_i The ith transaction participant corresponding to the first transaction ciphertext to be verified of the ith transaction participant can be used as a transaction confusion party; otherwise, the ith transaction participant corresponding to the first transaction ciphertext to be verified of the ith transaction participant is not used as a transaction confusion party. Wherein C is_i Randomly hiding ciphertext for the amount of the ith transaction participant, wherein r' is a target transaction random number; y is_i A public key for participation for the ith transaction; * Is an elliptic curve multiple point operator.

S260, determining a transaction executive party according to the transaction confusion party.

Specifically, other transaction participants than the transaction confusing party may be determined as transaction executing parties.

S270, determining the transaction initiator, the transaction receiver and the target resource transfer amount according to the target transaction random number, the public key of the transaction executive and the second transaction reference ciphertext of the transaction executive.

In an alternative embodiment, the second transaction cryptogram to be verified for each transaction executor may be determined according to at least one preset exhaustion amount, the target transaction random number, and the public key of the transaction executor; taking a second transaction ciphertext to be verified, which is the same as a second transaction reference ciphertext of any transaction executive party, and taking a corresponding preset exhaustion amount as a target resource transfer amount; in the second transaction ciphertext to be verified corresponding to the target resource transfer amount, a transaction executive party which is the same as the corresponding second transaction reference ciphertext is used as a transaction initiator; and taking a transaction executive party which is different from the corresponding second transaction reference ciphertext as a transaction receiver.

The preset exhaustion amount can be set and continuously adjusted according to the experience of the technician.

For example, elliptic curve multiple point operation can be performed on the target transaction random number and the public key of the transaction executive party to obtain a first operation result; carrying out ellipse multiple point operation on at least one preset exhaustion amount and an elliptic curve generator to obtain a second operation result; and taking the difference value of the first operation result and the second operation result as a second transaction ciphertext to be verified.

Specifically, the following formula may be used to generate the second transaction ciphertext to be verified:

wherein C is_eum0 And C_eum1 A second transaction ciphertext to be verified for each transaction executive; b is at least one preset exhaustion amount; g is an elliptic curve generator; r' is a target transaction random number; y is₀ And y_l A public key for each transaction executive; * Is an elliptic curve multiple point operator.

At least one preset exhaustion amount b can be exhausted, and a second transaction ciphertext C to be verified corresponding to different preset exhaustion amounts b is determined_eum0 And C_eum1 . Cryptograph C of each second transaction to be verified_eum0 Second transaction reference ciphertext respectively associated with each transaction executor

And->

Comparing; and, cryptogram C of the second transaction to be verified_eum1 Second transaction reference ciphertext with each transaction executive respectively>

And->

Comparing; if->

Or->

The corresponding preset exhaustion amount is taken as the target resource transfer amount. If->

Then determine a second transaction ciphertext C to be validated_eum0 The corresponding transaction executive party is a transaction initiator, and the second transaction ciphertext C to be verified_eum1 The corresponding transaction executor is the transaction receiver. If->

Then determine a second transaction ciphertext C to be validated_eum1 The corresponding transaction executive party is a transaction initiator, and the second transaction ciphertext C to be verified_eum0 The corresponding transaction executor is the transaction receiver. />

According to the scheme, the second transaction ciphertext to be verified of each transaction executive party is determined according to at least one preset exhaustion amount, the target transaction random number and the public key of the transaction executive party, the preset exhaustion amount corresponding to the second transaction ciphertext to be verified, which is identical to the second transaction reference ciphertext of any transaction executive party, is taken as the target resource transfer amount, the transaction executive party, which is identical to the corresponding second transaction reference ciphertext, in the second transaction ciphertext to be verified, is taken as the transaction initiator, the transaction executive party, which is different from the corresponding second transaction reference ciphertext, is taken as the transaction receiver, the second transaction ciphertext to be verified is calculated by utilizing the at least one preset exhaustion amount, and the obtained second generation verification transaction ciphertext is compared with the second transaction reference ciphertext of any transaction executive party, so that the determination of the category of the transaction executive party and the target resource transfer amount is realized, and the calculation efficiency is improved.

S280, respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

According to the technical scheme, the first transaction ciphertext to be verified of each transaction participant is determined according to the target transaction random number and each public key, the transaction participant corresponding to the transaction ciphertext to be verified, which is the same as the corresponding amount of the random hidden ciphertext, is taken as a transaction confusion party, the transaction executive party is determined according to the transaction confusion party, the category of the transaction participant is primarily determined, and the screening range is narrowed for further determining the transaction initiator and the transaction receiver in the transaction executive party; according to the target transaction random number, the public key of the transaction executive party and the second transaction reference ciphertext of the transaction executive party, the transaction initiating party, the transaction receiving party and the target resource transfer amount are determined, the effective supervision of the transaction self data of the transaction to be supervised is perfected, and a foundation is laid for the effective update of the current resource balance based on the transaction self data.

Example III

Fig. 3 is a flowchart of a transaction supervision method according to a third embodiment of the present invention, where the operation of determining a target transaction random number is refined to "generating speculative base data according to the inverse of first preset privacy supervision data and second preset privacy supervision data" on the basis of the above embodiments; generating a target transaction random number according to the presumed basic data and the public elliptic curve points; the public elliptic curve point is generated according to the first preset private random number and a second elliptic curve point generated based on second preset private supervision data and elliptic curve generator so as to perfect a generation mechanism of the target transaction random number. It should be noted that, in the embodiments of the present invention, parts that are not described in detail may be referred to in the related description of other embodiments.

Referring to the transaction supervision method shown in fig. 3, the transaction supervision method includes:

s310, acquiring reference supervision data of at least two transaction participants corresponding to a transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive comprises a transaction initiator and a transaction receiver.

S320, according to the inverse of the first preset privacy supervision data and the second preset privacy supervision data, the presumption basic data are generated.

Illustratively, the speculative base data may be generated by elliptic curve multiple point operations on the inverse of the first and second preset privacy supervisory data.

Specifically, the following formula may be used to determine the speculative base data:

e＝p*q^-1 ；

wherein e is speculative base data; p is first preset privacy supervision data; q is second preset privacy supervision data; * Is an elliptic curve multiple point operator.

S330, generating a target transaction random number according to the speculated basic data and the public elliptic curve points.

Wherein the public elliptic curve points may be pre-assigned by the transaction initiator to generate logic for use as an important basis for the targeted transaction random number reasoning process.

For example, a second elliptic curve point may be generated based on the second preset privacy supervision data and the elliptic curve generator; and generating a public elliptic curve point according to the first preset private random number and the second elliptic curve point.

For example, the following formula may be employed for the transaction supervisor to determine the second elliptic curve point;

Q＝q*G；

By way of example, the following formula may be employed for the transaction initiator to generate a public elliptic curve point:

H＝seed*Q；

wherein H is a public elliptic curve point of a transaction to be supervised stored on a blockchain; seed is a first preset secret random number; q is a second elliptic curve point; * Is an elliptic curve multiple point operator. The first preset secret random number seed may be selected randomly privately by the transaction initiator at the time of initiating the transaction.

In an alternative embodiment, a first elliptic curve point may be generated according to first preset privacy supervision data, and the target transaction random number may be estimated based on a hyperbolic deterministic pseudorandom number generator according to the first elliptic curve point, the estimated base data, and the public elliptic curve point.

P＝p*G；

By way of example, the following formula may be employed for the transaction supervisor to speculate on the target transaction random number:

wherein P is a first elliptic curve point;

an abscissa x, which is the point (x, y) on the elliptic curve G; q is a second elliptic curve point; r' is the target transaction random number.

Because the public elliptic curve point is generated by the pre-designated logic of the transaction initiator and serves as an important basis of the random number reasoning process of the target transaction, when the generation logic of the public elliptic curve point is not established, the situation that the transaction to be supervised cannot be supervised occurs, and therefore the public elliptic curve point can be verified by means of the block chain nodes in the block chain network, namely the pre-designated logic of the public elliptic curve point is verified.

For example, an elliptic curve auxiliary point and an auxiliary random code sent by a transaction initiator may be obtained; the elliptic curve auxiliary points are generated based on a second preset private random number and second elliptic curve points; the auxiliary random code is generated based on an elliptic curve auxiliary point, a first preset private random number and a second preset private random number; generating first verification data according to the elliptic curve auxiliary points and the public elliptic curve points; generating second verification data according to the auxiliary random code and the second elliptic curve point; and verifying the public elliptic curve point according to the consistency of the first verification data and the second verification data.

The elliptic curve auxiliary points and the auxiliary random codes are generated by a transaction initiator when the transaction to be supervised is executed and reference supervision data are generated.

By way of example, elliptic curve auxiliary points may be generated in the following manner:

Λ＝k*Q；

wherein, Λ is an elliptic curve auxiliary point; k is a second preset private random number; q is a second elliptic curve point; * Is an elliptic curve multiple point operator. The second preset private random number is preset by the transaction initiator.

By way of example, the auxiliary random code may be generated in the following manner:

S_seed ＝k+Hash(Λ)*seed；

wherein S is_seed Is an auxiliary random code; k is a second preset private random number; Λ is an elliptic curve auxiliary point; seed is a first preset secret random number; * Is an elliptic curve multiple point operator; hash () is a preset Hash function.

Specifically, in the verification process of the public elliptic curve points, the transaction verifier acquires the elliptic curve auxiliary points and the auxiliary random codes sent by the transaction initiator.

For example, a hash value of an elliptic curve auxiliary point may be determined; carrying out elliptic curve multiple point operation on the hash value and the public elliptic curve point to obtain an operation result; and taking the sum of the operation result and the elliptic curve auxiliary point as first verification data.

Specifically, the following formula may be used to generate the first verification data:

quote₁ ＝Λ+Hash(Λ)*H；

in the formula, quote₁ Is the first authentication data; Λ is an elliptic curve auxiliary point; h is a public elliptic curve point; * Is an elliptic curve multiple point operator.

By way of example, the generation of the second authentication data may be performed as follows:

quote₂ ＝S_seed *Q；

in the formula, quote₂ Is the second authentication data; s is S_seed Is an auxiliary random code; q is a second elliptic curve point; * Is an elliptic curve multiple point operator.

Correspondingly, if the first verification data is consistent with the second verification data, the verification of the open elliptic curve point passes; if the first verification data is inconsistent with the second verification data, the verification of the public elliptic curve point is not passed.

It should be noted that, the verification process of the transaction verifier on the public elliptic curve point may be performed after the execution of the transaction to be monitored is completed and before the transaction supervisor monitors the transaction to be monitored. It can be understood that the blockchain node performs pre-verification on the public elliptic curve points, and guarantees are provided for the transaction supervisor to effectively supervise the transaction to be supervised.

S340, hiding the ciphertext according to the target transaction random number and the random number, and verifying the reference transaction random number used for generating the reference supervision data.

S350, if the verification is passed, determining the target resource transfer amounts of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the random amount hiding ciphertext.

S360, respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

According to the scheme, the presumption basic data is generated according to the inverse of the first preset privacy supervision data and the second preset privacy supervision data, the target transaction random number is generated according to the presumption basic data and the public elliptic curve points, the generation mechanism of the target transaction random number is perfected, the accuracy of the generated target transaction random number is improved, a foundation is laid for the follow-up verification of the reference transaction random number based on the target transaction random number, and the guarantee is provided for the follow-up effective update of the current resource balance.

Example IV

Fig. 4 is a flowchart of a transaction supervision method according to a fourth embodiment of the present invention, where after "verifying a reference transaction random number used for generating reference supervision data according to a target transaction random number and a random number hidden ciphertext" is added, "if verification is not passed, standard supervision data is obtained from a transaction participant, and an abnormal participant in the transaction participant is determined according to the standard supervision data and the random hidden ciphertext of each amount, so as to perfect effective supervision of the abnormal participant in the transaction to be supervised. It should be noted that, in the embodiments of the present invention, parts that are not described in detail may be referred to in the related description of other embodiments.

Referring to the transaction supervision method shown in fig. 4, the transaction supervision method includes:

s410, acquiring reference supervision data of at least two transaction participants corresponding to a transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive comprises a transaction initiator and a transaction receiver.

S420, determining a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data.

S430, hiding the ciphertext according to the target transaction random number and the random number, and verifying the reference transaction random number used for generating the reference supervision data. If the verification is passed, then S440 is performed; if the verification is not passed, S460 is performed.

S440, determining the target resource transfer amount of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the amount random hidden ciphertext.

S450, respectively updating the current resource balances of the transaction initiator and the transaction receiver according to the target resource transfer amount.

S460, acquiring standard supervision data from transaction participants, and determining abnormal participants in the transaction participants according to the standard supervision data and the random hidden ciphertext of each amount.

Wherein the standard regulatory data is used to verify the authenticity of the transaction participants' reference regulatory data on the blockchain.

For example, abnormal reference data can be obtained according to standard supervision data provided by a transaction participant and the generation mode of the amount random hidden ciphertext; sequentially comparing the abnormal reference data with the amount random hidden ciphertext on the blockchain; and taking the transaction participants with inconsistent comparison results as abnormal participants. After determining the abnormal party, the abnormal party may be punished to achieve effective supervision of the abnormal party in the transaction to be supervised.

According to the technical scheme, the abnormal participants in the transaction participants are determined by hiding ciphertext according to standard supervision data acquired from the transaction participants and random numbers of all amounts on the blockchain, and the abnormal participants in the transaction participants are determined by utilizing the data of two different data sources of the transaction participants and the blockchain, so that effective supervision of the abnormal participants in the transaction to be supervised is realized.

Because the categories of different transaction participators are different, the generation modes of the random hidden ciphertext of the amount are different. When abnormal participants in the transaction participants are verified according to the standard reference data, the verification modes adopted are different.

In an alternative embodiment, abnormal reference data of the transaction participants may be generated according to standard supervision data based on verification methods corresponding to the categories to which the different transaction participants belong; and determining abnormal participants in the transaction participants according to the abnormal reference data of the transaction participants and the corresponding amount of the random hidden ciphertext.

For example, based on the verification modes corresponding to the categories to which the different event participants belong, abnormal reference data corresponding to the different verification modes of the event participants can be respectively generated according to the standard supervision data; and comparing the abnormal reference data corresponding to different verification modes with the corresponding amount of random hidden ciphertext, and taking the transaction participant with inconsistent comparison results as an abnormal participant.

The above-mentioned alternative embodiment generates the abnormal reference data of the transaction participants according to the standard supervision data respectively by the verification mode corresponding to the category to which the different transaction participants belong, and determines the abnormal participants in the transaction participants according to the abnormal reference data and the corresponding amount of the random hidden ciphertext. According to the technical scheme, the abnormal reference data is determined in different verification modes, so that the comprehensiveness of the abnormal reference data is improved, the occurrence of omission of an abnormal participant is avoided, and the accuracy of the determination result of the abnormal participant is improved.

In an alternative embodiment, the standard administrative data includes a public key, a standard resource transfer amount, and a standard transaction random number; correspondingly, the first abnormal reference data of the corresponding transaction participant can be determined according to the standard transaction random number and the public key of the transaction participant; and determining second abnormal reference data of the corresponding transaction participants according to the standard transaction random number, the public key of the transaction participants and the standard resource transfer amount, and selecting the abnormal participants from the transaction participants according to the first abnormal reference data, the second abnormal reference data and the corresponding amount and randomly hiding ciphertext.

For example, according to the verification mode of the transaction confusion party, elliptic curve multiple point operation can be performed on the standard transaction random number and the public key of each transaction party, so as to obtain first abnormal reference data of each transaction party; the standard transaction random number and the public key of each transaction participant can be subjected to elliptic curve multiple point operation to obtain a first calculation result of each transaction participant, and then the standard resource transfer amount and the elliptic curve generator of each transaction participant are subjected to elliptic curve multiple point operation to obtain a second calculation result of each transaction participant; the sum of the first calculation result and the second calculation result can be used as second abnormal reference data of each transaction participant according to the verification mode of the transaction initiator; the difference between the first calculation result and the second calculation result can be used as the second abnormal reference data of each transaction participant according to the verification mode of the transaction receiver. And comparing the first abnormal reference data of each transaction participant and the second abnormal reference data of each transaction participant with the corresponding amount of random hidden ciphertext, and taking the transaction participant with inconsistent comparison results as the abnormal participant.

The first abnormal reference data may be abnormal reference data generated according to a verification mode of the transaction confusion party.

For example, elliptic curve multiple point operations may be performed on the standard transaction random number and the public key according to a verification manner of the transaction confusion party, so as to generate first abnormal reference data of each transaction participant providing standard supervision data.

Specifically, the following formula may be used to generate the first anomaly reference data:

Exception_1i ＝r”*y_i ；

in the formula, the admission_1i First exception reference data for an ith transaction participant; r' is a standard transaction random number; y is_i A public key provided for an ith transaction participant; * Is an elliptic curve multiple point operator.

The second abnormal reference data may be abnormal reference data generated according to a verification mode of the transaction executive party.

For example, second anomaly reference data for each transaction participant that provides standard regulatory data may be generated based on the validation means of the transaction performer. The verification manner of the transaction executive party can comprise: a verification mode of a transaction initiator and a verification mode of a transaction receiver.

Specifically, if the verification manner of the transaction initiator is adopted, the following formula may be adopted to generate the second abnormal reference data:

Exception_2i ＝-b”*G+r”*y_i ；

In the formula, the admission_2i Second abnormal reference data for the ith transaction participant; b' is a standard resource transfer amount; g is an elliptic curve generator; r' is standard transaction randomA number; y is_i A public key provided for each transaction participant; * Is an elliptic curve multiple point operator.

Specifically, if the verification manner of the transaction receiver is adopted, the following formula may be adopted to generate the second abnormal reference data:

Exception_2i ＝b”*G+r”*y_i ；

in the formula, the admission_2i Is the second abnormal reference data; b' is a standard resource transfer amount; g is an elliptic curve generator; r' is a standard transaction random number; y is_i A public key provided for each transaction participant; * Is an elliptic curve multiple point operator.

Comparing the first abnormal reference data, the second abnormal reference data and the corresponding amount of random hidden ciphertext, and if the first abnormal reference data and the second abnormal reference data of the transaction participant do not have the same comparison result, the transaction participant is an abnormal participant.

Because different verification modes are calculated simultaneously, the requirement on the calculation resources is high, and therefore, normal participants in part of the categories can be sequentially excluded according to the category of the transaction participants, and subsequent calculation can be performed. In an alternative embodiment, candidate participants may be selected from the transaction participants based on the consistency of the first abnormal reference data of the transaction participants with the corresponding amount of randomly hidden ciphertext; determining second abnormal reference data of the corresponding candidate participant according to the standard transaction random number, the public key of the candidate participant and the standard resource transfer amount; and selecting an abnormal party from the candidate parties according to the consistency of the second abnormal reference data of the candidate parties and the corresponding amount of randomly hidden ciphertext.

By way of example, the direct selection of the abnormal participant from the candidate participants can be achieved by directly selecting the candidate participant from the transaction participants and determining the second abnormal reference data of the corresponding candidate participant, so that the calculation amount of the second abnormal reference data is reduced.

In an alternative embodiment, the first intermediate data may be determined from the standard transaction random number and the public key of the candidate party; determining second intermediate data according to the standard resource transfer amount and the elliptic curve generator; determining a receiving reference value of the second abnormal reference data according to the sum value of the first intermediate data and the second intermediate data; and determining an initiation reference value of the second abnormal reference data according to the difference value of the first intermediate data and the second intermediate data.

For example, the first intermediate data may be generated by elliptic curve multiple point operations on the standard transaction random number and the public key of the candidate party.

Specifically, the following formula may be used to generate the first intermediate data:

Mid_1i ＝r”*y_i ；

in the formula, mid_1i First intermediate data for an i-th candidate participant; r' is a standard transaction random number; y is_i A public key for each transaction participant; * Is an elliptic curve multiple point operator.

For example, the second intermediate data may be generated by performing elliptic curve multiple point operations on the standard resource transfer amount and the elliptic curve generator.

Specifically, the following formula may be used to generate the second intermediate data:

Mid_2i ＝b”*G；

in the formula, mid_2i Second intermediate data for the i-th candidate participant; b' is a standard resource transfer amount; g is an elliptic curve generator; * Is an elliptic curve multiple point operator.

The received reference value may be a value of second abnormal reference data generated in a verification manner of the transaction receiver. The initiation reference value may be a value of second exception reference data generated in a validation manner of the transaction initiator.

By way of example, the following formula may be employed to generate the received reference value:

Ceum_1i '＝Mid_1i +Mid_2i ；

in Ceum_1i ' is the received reference value of the ith candidate participant; mid_1i First intermediate data for an i-th candidate participant; mid_2i Second intermediate data for the i candidate participant.

By way of example, the following formula may be employed to generate the initiation reference value:

Ceum_0i '＝Mid_1i -Mid_2i ；

in Ceum_0i ' initiating reference value for the ith candidate participant; mid_1i First intermediate data for an i-th candidate participant; mid_2i Second intermediate data for the i candidate participant.

The above-described alternative embodiment determines the first intermediate data by relying on a standard transaction random number and a public key of the candidate party; determining second intermediate data according to the standard resource transfer amount and the elliptic curve generator; determining a receiving reference value of the second abnormal reference data according to the sum value of the first intermediate data and the second intermediate data; and determining an initiation reference value of the second abnormal reference data according to the difference value of the first intermediate data and the second intermediate data, further refining the second abnormal reference data, determining a receiving reference value and an initiation reference value of the second abnormal reference data, and providing data support for the category of the abnormal participant determined later.

In an alternative embodiment, the transaction participants whose first abnormal reference data is consistent with the corresponding amount of random hidden ciphertext may be used as normal transaction confusing parties, and the transaction participants other than the normal transaction confusing parties may be used as candidate participants; correspondingly, a candidate party with the received reference value consistent with the random hidden ciphertext of the corresponding amount can be used as a normal transaction receiver, and a candidate party with the initiated reference value consistent with the random hidden ciphertext of the corresponding amount can be used as a normal transaction initiator; and taking the transaction participants except the normal transaction confusion party, the normal transaction receiver and the normal transaction initiator in the candidate participants as abnormal participants.

By way of example, candidate parties may be determined by screening out normal transaction confounding parties, using an exclusion method; further screening a normal transaction parameter initiator and a normal transaction receiver from candidate participants; finally, using the elimination method, taking the transaction participants except the normal transaction confusion party, the normal transaction receiver and the normal transaction initiator as abnormal participants.

The above-mentioned alternative embodiment uses the transaction participant whose first abnormal reference data is consistent with the corresponding amount of random hidden ciphertext as a normal transaction confusion party, uses the transaction participant except the normal transaction confusion party as a candidate participant, uses the candidate participant whose receiving reference value is consistent with the corresponding amount of random hidden ciphertext as a normal transaction receiver, uses the candidate participant whose initiating reference value is consistent with the corresponding amount of random hidden ciphertext as a normal transaction initiator, uses the transaction participants except the normal transaction confusion party, the normal transaction receiver and the normal transaction initiator in the candidate participant as abnormal participants, determines the candidate participant by excluding the normal transaction confusion party from the transaction participants, and determines the abnormal participant by excluding the normal transaction receiver and the normal transaction initiator from the candidate participant, thereby reducing the data operation amount and improving the determination efficiency of the abnormal participant.

In an alternative embodiment, if a normal transaction receiver exists and a normal transaction initiator exists, determining that the abnormal party is an abnormal transaction confusing party; if the candidate participants are two and a normal transaction receiver exists, determining that the abnormal participant is an abnormal transaction initiator; if the candidate participants are two and the normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction receiver.

Specifically, if the normal transaction confusion party is determined, a normal transaction receiver exists in the candidate participants, and a normal transaction initiator exists, the candidate participants except the normal transaction receiver and the normal transaction initiator can be determined to be abnormal participants, and the category of the abnormal participant is determined to be the abnormal transaction confusion party. If two candidate participants are determined to exist in the normal transaction receiver, the rest candidate participants can be determined to be abnormal participants, and the category of the abnormal participant is determined to be the abnormal transaction initiator. If two candidate participants are determined to exist as normal transaction initiator, then the remaining candidate participant is determined to be an abnormal participant, and the category of the abnormal participant is determined to be an abnormal transaction receiver.

The above-mentioned alternative embodiment determines that the abnormal party is the abnormal transaction confusing party if the normal transaction receiver exists and the normal transaction initiator exists; if the candidate participants are two and a normal transaction receiver exists, determining that the abnormal participant is an abnormal transaction initiator; if the number of candidate participants is two and a normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction receiver; and determining abnormal participants from the candidate participants according to the elimination method by using the determined normal transaction receiver and/or normal transaction initiator, and determining identity categories of the abnormal participants so as to effectively punish the abnormal participants in different categories.

According to the above optional embodiment, candidate participants are selected from all transaction participants according to the consistency of the first abnormal reference data of the transaction participants and the corresponding amount of random hidden ciphertext, the second abnormal reference data of the corresponding candidate participants is determined according to the standard transaction random number, the standard resource transfer amount and the public key of the candidate participants, the abnormal participants are selected from all candidate participants according to the consistency of the second abnormal reference data of the candidate participants and the corresponding amount of random hidden ciphertext, the candidate participants are selected by first performing primary screening on the transaction participants, and then the abnormal participants are selected from the candidate participants, so that the data calculation amount in the process of selecting the abnormal participants is reduced, and the efficiency of determining the abnormal participants is improved.

According to the alternative embodiment, the standard supervision data are embodied into the public key, the standard resource transfer amount and the standard transaction random number, the first abnormal reference data and the second abnormal reference data are respectively determined according to different verification modes, and effective data support is provided for determining abnormal participants, so that accuracy of determining results of the abnormal participants is improved.

Example five

Fig. 5 is a schematic structural diagram of a transaction supervision device according to a fifth embodiment of the present invention. The embodiment can be suitable for the supervision of executed transactions on a blockchain, the device can execute a transaction supervision method, the transaction supervision device can be realized in the form of hardware and/or software, and the transaction supervision device can be configured in electronic equipment carrying transaction supervision functions.

As shown in fig. 5, the apparatus includes: reference regulatorydata acquisition module 510, randomnumber determination module 520, randomnumber verification module 530, transferamount determination module 540, and currentbalance update module 550.

Wherein,,

the reference supervisiondata acquisition module 510 is configured to acquire reference supervision data of at least two transaction participants corresponding to a transaction to be supervised from the blockchain; the reference supervision data comprises a public key, a random number hidden ciphertext and a digital random hidden ciphertext; the transaction participants comprise transaction executors and transaction confusing parties; the transaction executive comprises a transaction initiator and a transaction receiver.

The randomnumber determining module 520 is configured to determine a target transaction random number according to the first preset privacy supervision data and the second preset privacy supervision data.

The randomnumber verification module 530 is configured to verify a reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hidden ciphertext.

And the transferamount determining module 540 is configured to determine, if the verification is passed, the target resource transfer amounts of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the amount random hidden ciphertext.

The currentbalance updating module 550 is configured to update the current balance of resources of the transaction initiator and the transaction receiver according to the target resource transfer amount.

In an alternative embodiment of the invention, the transferamount determination module 540 includes: the first ciphertext determining unit is used for determining a first transaction ciphertext to be verified of each transaction participant according to the target transaction random number and each public key; the transaction confusion party determining unit is used for taking a transaction participant corresponding to the transaction ciphertext to be verified, which is the same as the random hidden ciphertext of the corresponding amount, as a transaction confusion party; the transaction executive party determining unit is used for determining the transaction executive party according to the transaction confusing party; and the transfer amount determining unit is used for determining the transaction initiator, the transaction execution receiver and the target resource transfer amount according to the target transaction random number, the public key of the transaction execution party and the second transaction reference ciphertext of the transaction execution party.

In an alternative embodiment of the present invention, the transfer amount determining unit includes: a second ciphertext determination subunit, configured to determine a second transaction ciphertext to be verified for each transaction executor according to at least one preset exhaustion amount, the target transaction random number, and the public key of the transaction executor; the transfer amount determining subunit is used for taking a preset exhaustion amount corresponding to a second transaction ciphertext to be verified, which is the same as a second transaction reference ciphertext of any transaction executive party, as a target resource transfer amount; the transaction initiator determining subunit is configured to use, as the transaction initiator, a transaction executor in the second to-be-verified transaction ciphertext corresponding to the target resource transfer amount, where the transaction executor is the same as the corresponding second transaction reference ciphertext, and use, as the transaction receiver, a transaction executor different from the corresponding second transaction reference ciphertext.

In an alternative embodiment of the present invention, the currentbalance update module 550 includes: a current balance determining unit, configured to determine a current resource balance of each transaction executive party; wherein the current resource balance of the transaction executive is determined based on the registered resource amount of the transaction executive and the resource transferred amount of the historical supervised transaction obtained from the blockchain; the current balance updating unit is used for increasing the current resource balance of the transaction receiver and reducing the current resource balance of the transaction initiator according to the target resource transfer amount.

In an alternative embodiment of the present invention, the randomnumber determination module 520 includes: the basic data generation unit is used for generating presumption basic data according to the inverse of the first preset privacy supervision data and the second preset privacy supervision data; the random number generation unit is used for generating a target transaction random number according to the presumed basic data and the public elliptic curve points; the public elliptic curve points are generated according to the first preset private random number and second elliptic curve points generated based on second preset private supervision data and elliptic curve generator.

In an alternative embodiment of the invention, the disclosed elliptic curve points are verified by the block link points based on the following means: the auxiliary point acquisition module is used for acquiring an elliptic curve auxiliary point and an auxiliary random code sent by the transaction initiator; the elliptic curve auxiliary points are generated based on a second preset random number and second elliptic curve points; the auxiliary random code is generated based on an elliptic curve auxiliary point, a first preset random number and a second preset random number; the first verification data generation module is used for generating first verification data according to the elliptic curve auxiliary points and the public elliptic curve points; the second verification data generation module is used for generating second verification data according to the auxiliary random code and the second elliptic curve point; and the public curve point verification module is used for verifying the public elliptic curve point according to the consistency of the first verification data and the second verification data.

In an alternative embodiment of the invention, the apparatus further comprises: and the abnormal party determining module is used for acquiring standard supervision data from the transaction party if the verification is not passed, and determining the abnormal party in the transaction party according to the standard supervision data and the random hidden ciphertext of each amount.

In an alternative embodiment of the present invention, an abnormal party determination module includes: the abnormal party determining unit is used for generating abnormal reference data of the transaction party according to the standard supervision data based on the verification modes corresponding to the categories of the different transaction parties, and determining the abnormal party in the transaction party according to the abnormal reference data of the transaction party and the corresponding amount random hidden ciphertext.

In an alternative embodiment of the invention, the standard administrative data includes a public key, a standard resource transfer amount, and a standard transaction random number; correspondingly, the abnormal party determining unit includes: a first abnormal data determining subunit, configured to determine first abnormal reference data of a corresponding transaction participant according to the standard transaction random number and the public key of the transaction participant; the abnormal party determining subunit is used for determining second abnormal reference data of the corresponding transaction party according to the standard transaction random number, the public key of the transaction party and the standard resource transfer amount, and selecting the abnormal party from all the transaction parties according to the first abnormal reference data, the second abnormal reference data and the corresponding amount.

In an alternative embodiment of the invention, the abnormal party determination subunit comprises: the candidate participator selecting slave unit is used for selecting candidate participators from all transaction participators according to the consistency of the first abnormal reference data of the transaction participators and the corresponding amount of randomly hidden ciphertext; the second abnormal data determining slave unit is used for determining second abnormal reference data of the corresponding candidate participant according to the standard transaction random number, the public key of the candidate participant and the standard resource transfer amount; the abnormal participant selects a slave unit, which is used for selecting the abnormal participant from the candidate participants according to the consistency of the second abnormal reference data of the candidate participants and the corresponding amount of randomly hidden ciphertext.

In an alternative embodiment of the invention, the second anomaly data determining slave unit is specifically configured to: determining first intermediate data according to the standard transaction random number and the public key of the candidate participant; determining second intermediate data according to the standard resource transfer amount and the elliptic curve generator; determining a receiving reference value of the second abnormal reference data according to the sum value of the first intermediate data and the second intermediate data; and determining an initiation reference value of the second abnormal reference data according to the difference value of the first intermediate data and the second intermediate data.

In an alternative embodiment of the invention, the candidate participant selects a slave unit, in particular for: taking the transaction participants with the first abnormal reference data consistent with the random hidden ciphertext of the corresponding amount as normal transaction confusing parties, and taking the transaction participants except the normal transaction confusing parties as candidate participants; correspondingly, the abnormal party selects a slave unit, which is specifically used for: taking a candidate participant with the received reference value consistent with the corresponding amount of random hidden ciphertext as a normal transaction receiver, and taking a candidate participant with the initiated reference value consistent with the corresponding amount of random hidden ciphertext as a normal transaction initiator; and taking the transaction participants except the normal transaction confusion party, the normal transaction receiver and the normal transaction initiator in the candidate participants as abnormal participants.

In an alternative embodiment of the invention, the abnormal party selects the slave unit, in particular for: if a normal transaction receiver exists and a normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction confusion party; if the candidate participants are two and a normal transaction receiver exists, determining that the abnormal participant is an abnormal transaction initiator; if the candidate participants are two and the normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction receiver.

The transaction supervision device provided by the embodiment of the invention can execute the transaction supervision method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing each transaction supervision method.

Example six

Fig. 6 shows a schematic diagram of anelectronic device 600 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.

As shown in fig. 6, theelectronic device 600 includes at least oneprocessor 601, and a memory, such as a Read Only Memory (ROM) 602, a Random Access Memory (RAM) 603, etc., communicatively connected to the at least oneprocessor 601, in which the memory stores a computer program executable by the at least one processor, and theprocessor 601 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 602 or the computer program loaded from thestorage unit 608 into the Random Access Memory (RAM) 603. In theRAM 603, various programs and data required for the operation of theelectronic device 600 can also be stored. Theprocessor 601, theROM 602, and theRAM 603 are connected to each other through abus 604. An input/output (I/O)interface 605 is also connected tobus 604.

A number of components in theelectronic device 600 are connected to the I/O interface 605, including: aninput unit 606 such as a keyboard, mouse, etc.; anoutput unit 607 such as various types of displays, speakers, and the like; astorage unit 608, such as a magnetic disk, optical disk, or the like; and acommunication unit 609 such as a network card, modem, wireless communication transceiver, etc. Thecommunication unit 609 allows theelectronic device 600 to exchange information/data with other devices through a computer network, such as the internet, and/or various telecommunication networks.

Theprocessor 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples ofprocessor 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. Theprocessor 601 performs the various methods and processes described above, such as the transaction administration method.

In some embodiments, the transaction policing method may be implemented as a computer program tangibly embodied on a computer readable storage medium, such asstorage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto theelectronic device 600 via theROM 602 and/or thecommunication unit 609. When the computer program is loaded intoRAM 603 and executed byprocessor 601, one or more steps of the transaction administration method described above may be performed. Alternatively, in other embodiments,processor 601 may be configured to perform the transaction policing method in any other suitable manner (e.g., by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.

A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.

The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.

It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.

The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims

1. A method of transaction supervision, comprising:

acquiring reference supervision data of at least two transaction participants corresponding to the transaction to be supervised from a blockchain; the reference supervision data comprises a public key, a random number hiding ciphertext and a digital random hiding ciphertext; the transaction participants comprise transaction execution parties and transaction confusion parties; the transaction executive party comprises a transaction initiator and a transaction receiver;

verifying the reference transaction random number used for generating the reference supervision data according to the target transaction random number and the random number hiding ciphertext;

if the verification is passed, determining target resource transfer amounts of the transaction initiator, the transaction receiver and the transaction to be supervised according to the target transaction random number, the public keys and the amount random hidden ciphertext;

2. The method of claim 1, wherein said determining the target resource transfer amounts of the transaction initiator, the transaction receiver, and the transaction to be policed based on the target transaction random number, each of the public keys, and each of the amounts of randomly hiding ciphertext comprises:

determining a first transaction cryptogram to be verified of each transaction participant according to the target transaction random number and each public key;

taking a first transaction cryptograph to be verified corresponding to the transaction participant which is the same as the corresponding random hiding cryptograph of the amount as a transaction confusion party;

Determining the transaction executive party according to the transaction confusion party;

and determining the transaction initiator, the transaction receiver and the target resource transfer amount according to the target transaction random number, the public key of the transaction executive party and the second transaction reference ciphertext of the transaction executive party.

3. The method of claim 2, wherein the determining the transaction initiator, the transaction receiver, and the target resource transfer amount based on the target transaction random number, the public key of the transaction performer, and a second transaction reference ciphertext of the transaction performer comprises:

determining a second transaction ciphertext to be verified of each transaction executive party according to at least one preset exhaustion amount, the target transaction random number and the public key of the transaction executive party;

taking a preset exhaustion amount corresponding to a second transaction ciphertext to be verified, which is the same as a second transaction reference ciphertext of any transaction executive party, as the target resource transfer amount;

and taking the transaction executive party, which is the same as the corresponding second transaction reference ciphertext, in the second transaction ciphertext to be verified corresponding to the target resource transfer amount as a transaction initiator, and taking the transaction executive party, which is different from the corresponding second transaction reference ciphertext, as a transaction receiver.

4. The method of claim 1, wherein updating the current resource balances of the transaction initiator and the transaction recipient, respectively, based on the target resource transfer amount comprises:

determining the current resource balance of each transaction executive party; wherein the current resource balance of the transaction executive is determined based on the registered resource amount of the transaction executive and the resource transferred amount of the historical supervised transaction acquired from the blockchain;

and increasing the current resource balance of the transaction receiver and reducing the current resource balance of the transaction initiator according to the target resource transfer amount.

5. The method of claim 1, wherein determining the target transaction random number based on the first preset privacy supervisory data and the second preset privacy supervisory data comprises:

generating speculative base data according to the inverse of the first preset privacy supervision data and the second preset privacy supervision data;

generating the target transaction random number according to the presumed basic data and the public elliptic curve points; the public elliptic curve points are generated according to a first preset private random number and a second elliptic curve point, and the second elliptic curve point is generated based on the second preset private supervision data and elliptic curve generating elements.

6. The method of claim 5, wherein the public elliptic curve points are verified by block link points based on:

acquiring an elliptic curve auxiliary point and an auxiliary random code sent by a transaction initiator; the elliptic curve auxiliary points are generated based on a second preset private random number and the second elliptic curve points; the auxiliary random code is generated based on the elliptic curve auxiliary point, the first preset private random number and the second preset private random number;

generating first verification data according to the elliptic curve auxiliary points and the public elliptic curve points;

generating second verification data according to the auxiliary random code and the second elliptic curve point;

and verifying the public elliptic curve point according to the consistency of the first verification data and the second verification data.

7. The method according to any one of claims 1-6, further comprising:

and if the verification is not passed, acquiring standard supervision data from the transaction participants, and determining abnormal participants in the transaction participants according to the standard supervision data and the random hiding ciphertext of each amount.

8. The method of claim 7, wherein said determining an abnormal one of said transaction participants based on said standard regulatory data and each said amount of randomly hiding ciphertext comprises:

based on verification modes corresponding to the categories of different transaction participators, abnormal reference data of the transaction participators are generated according to the standard supervision data, and abnormal participators in the transaction participators are determined according to the abnormal reference data of the transaction participators and the corresponding amount random hidden ciphertext.

9. The method of claim 8, wherein the standard regulatory data comprises a public key, a standard resource transfer amount, and a standard transaction random number;

correspondingly, the verification method based on the category corresponding to different transaction participators generates abnormal reference data of the transaction participators according to the standard supervision data, and randomly conceals ciphertext according to the abnormal reference data of the transaction participators and the corresponding amount, and determines the abnormal participators in the transaction participators, including:

determining first abnormal reference data of a corresponding transaction participant according to the standard transaction random number and the public key of the transaction participant;

And determining second abnormal reference data of corresponding transaction participants according to the standard transaction random number, the public key of the transaction participants and the standard resource transfer amount, and selecting abnormal participants from the transaction participants according to the first abnormal reference data, the second abnormal reference data and the corresponding amount and randomly hiding ciphertext.

10. The method of claim 9, wherein said determining second anomaly reference data for a respective transaction participant based on said standard transaction random number, said transaction participant's public key, and said standard resource transfer amount, and randomly hiding ciphertext based on said first anomaly reference data, said second anomaly reference data, and said corresponding amount, selecting an anomaly participant from each of said transaction participants, comprises:

selecting candidate participants from the transaction participants according to the consistency of the first abnormal reference data of the transaction participants and the random hidden ciphertext of the corresponding amount;

determining second abnormal reference data of the corresponding candidate participant according to the standard transaction random number, the public key of the candidate participant and the standard resource transfer amount;

And selecting an abnormal party from the candidate parties according to the consistency of the second abnormal reference data of the candidate parties and the corresponding amount of randomly hiding ciphertext.

11. The method of claim 10, wherein the determining the second abnormal reference data for the respective candidate participant based on the standard transaction random number, the public key of the candidate participant, and the standard resource transfer amount comprises:

determining first intermediate data according to the standard transaction random number and the public key of the candidate participant;

determining second intermediate data according to the standard resource transfer amount and the elliptic curve generator;

determining a receiving reference value of the second abnormal reference data according to the sum value of the first intermediate data and the second intermediate data; the method comprises the steps of,

and determining an initiation reference value of the second abnormal reference data according to the difference value of the first intermediate data and the second intermediate data.

12. The method of claim 11, wherein selecting a candidate participant from the transaction participants based on the consistency of the first anomaly reference data for the transaction participants with the corresponding amount of randomly hidden ciphertext comprises:

Taking the transaction participants with the first abnormal reference data consistent with the random hidden ciphertext of the corresponding amount as normal transaction confusing parties, and taking the transaction participants except the normal transaction confusing parties as candidate participants;

correspondingly, according to the consistency of the second abnormal reference data of the candidate participants and the corresponding amount of randomly hidden ciphertext, selecting an abnormal participant from the candidate participants, including:

taking a candidate participant with the received reference value consistent with the corresponding amount of random hidden ciphertext as a normal transaction receiver, and taking a candidate participant with the initiated reference value consistent with the corresponding amount of random hidden ciphertext as a normal transaction initiator;

and taking the transaction participants except the normal transaction confusion party, the normal transaction receiver and the normal transaction initiator in the candidate participants as abnormal participants.

13. The method of claim 12, wherein said taking as an exception party a transaction participant other than a normal transaction confusing party, a normal transaction receiving party, and a normal transaction initiating party among said candidate participants comprises:

if the normal transaction receiver exists and the normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction confusion party;

If the number of the candidate participants is two and a normal transaction receiver exists, determining that the abnormal participant is an abnormal transaction initiator;

if the number of the candidate participants is two and a normal transaction initiator exists, determining that the abnormal participant is an abnormal transaction receiver.

14. A transaction supervision apparatus, comprising:

the reference supervision data acquisition module is used for acquiring reference supervision data of at least two transaction participants corresponding to the transaction to be supervised from the blockchain; the reference supervision data comprises a public key, a random number hiding ciphertext and a digital random hiding ciphertext; the transaction participants comprise transaction execution parties and transaction confusion parties; the transaction executive party comprises a transaction initiator and a transaction receiver;

15. An electronic device, comprising:

one or more processors;

a memory for storing one or more programs;

the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the transaction policing method of any of claims 1-13.

16. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a transaction supervision method according to any one of claims 1 to 13.