巴西专利BR112019008151A2 computer-implemented method, non-transient computer-readable storage medium, and system

专利PDF首页>>巴西专利

专利附录

专利说明

权利要求

类似技术

同族专利

引用文献

法律状态

优先权

专利摘要:
Embodiments of the present invention include receiving, through a first account consensus node, a digitally signed copy of a transaction value commitment value, a second random number encrypted using a first account public key, a third random number encrypted using a second account public key, one or more range probes, and a set of values generated based on one or more selected random numbers. The consensus node then verifies a digital signature corresponding to the digitally signed copy using a public key from the first account corresponding to a private key used to generate the digital signature. It also updates the balance of the first account and a balance of the second account based on the balance transfer amount if the first random number, second random number, and third random number are the same.
公开号:BR112019008151A2
申请号:R112019008151
申请日:2018-11-07
公开日:2019-09-10
发明作者:Ma Baoli；Zhang Wenbin
申请人:Alibaba Group Holding Ltd；
IPC主号:

专利说明:

“METHOD IMPLEMENTED BY COMPUTER, MEAN READABLE BY COMPUTER AND SYSTEM TO PERFORM A METHOD”
Field of Invention [001] The present invention relates to methods implemented by computer for privacy-protected verification of trust protocol transactions without user confirmation, interaction and disclosure of transaction amounts or account balances.
Background to the Invention [002] Blockchain networks, which can also be referred to as trust protocol systems, consensus networks, distributed accounting system networks or trust protocol, allow participating entities to store data in a safe and immutable way. A trust protocol can be described as a transaction accounting system and several copies of the ledger are stored through the trust protocol network. Examples of types of trust protocols may include public trust protocols, authorized trust protocols and private trust protocols. A public trust protocol is open for all entities to use the trust protocol and participate in the consensus process. An authorized trust protocol is similar to a public trust protocol, but open only to entities with permission to participate. A private trust protocol is provided for a specific entity, which centrally controls read and write permissions.
[003] Trust protocols are used in cryptocurrency networks, which allow participants to make transactions to buy / sell goods and / or services using a cryptocurrency. A common cryptocurrency includes Bitcoin. In cryptocurrency networks, record-keeping models are used to record transactions between users.
Petition 870190058551, of 6/25/2019, p. 9/54
2/33
Examples of record-keeping models include the unused transaction product model (UTXO) and the account balance model. In the UTXO model, each transaction spends the proceeds from previous transactions and generates new products that can be spent on subsequent transactions. A user's unused transactions are tracked and a balance the user has is calculated as the sum of all the user's unused transactions. In the account balance model, each user's account balance is tracked as a global state. For each transaction, an expense account balance is checked to ensure that it is greater than or equal to the transaction amount. This is comparable to the traditional bank.
[004] A trust protocol ledger includes a series of blocks, each of which contains one or more transactions performed on the network. Each block can be explained by analogy to a ledger page, while the trust protocol itself is a complete copy of the ledger. Individual transactions are confirmed and added to a block, which is added to the trust protocol. Copies of the trust protocol ledger are replicated on the network nodes. Thus, there is a global consensus on the status of the trust protocol. In addition, the trust protocol is open for all nodes to see, at least in the case of public networks. To protect the privacy of users of the trust protocol, encryption technologies can be implemented.
[005] Under the account model, commitment schemes can be used to hide amounts that both parties to a transaction commit to. Commitment schemes can arise from the need for parties to commit to a choice or value and subsequently communicate that value to the other parties involved. For example, in an interactive Pedersen Commitment, party A can commit to a transaction amount t by sending a value of
Petition 870190058551, of 6/25/2019, p. 10/54
3/33 PC commitment (r, t) that is generated based on the random value r. The commitment amount is generated and part B can only reveal the amount of the transaction t by obtaining the random number r.
Description of the Invention [006] Embodiments of the present invention include computer-implemented methods for privacy-protected verification of trust protocol transactions without user confirmation, interaction and disclosure of transaction amounts or account balances. More particularly, the embodiments of the present invention are intended to validate transactions between trusted protocol users based on compromise schemes and homomorphic encryption without revealing the transaction amount, account balances or random numbers to generate commitments to other protocol nodes reliable.
[007] In some embodiments, the actions include receiving, from a first account, a digitally signed copy of a commitment amount of a transaction amount to be transferred from the first account to a second account generated on the basis of a first random number, a second random number encrypted using a public key from the first account, a third random number encrypted using a public key from the second account, one or more range tests, and a set of values generated based on one or more random numbers selected; verify a digital signature corresponding to the digitally signed copy using a public key from the first account corresponding to a private key used to generate the digital signature; determine that one or more interval tests prove that the transaction value is greater than zero and less than or equal to a balance on the first account; determine whether the first random number, the second random number and the third random number are the same, based on the set of values; and
Petition 870190058551, of 6/25/2019, p. 11/54
4/33 update the balance of the first account and a balance of the second account based on the balance transfer amount, if the first random number, the second random number and the third random number are the same. Other embodiments include corresponding systems, devices and computer programs, configured to perform the actions of the methods, encoded in computer storage devices.
[008] These and other embodiments may optionally include one or more of the following characteristics: the commitment amount is generated using a commitment scheme that is homomorphic; the commitment scheme is a Pedersen commitment scheme; the second random number and the third random number are encrypted based on a deterministic homomorphic (HE) encryption scheme that has linear properties of HE (a + b) = HE (a) * HE (b) and HE (ab) = HE (b) ^a , where a and b are flat texts used for HE; the selected random numbers are represented by r1 and t1 and the selected random numbers are used to generate r2 and t2, where r2 = r1 + xr, t2 = t1 + xt, where r1 and t1 represent the one or more selected random numbers , r is the first random number, t is the balance transfer amount, x is a hash value; the set of values is additionally generated based on T1, TT and T1 ”, where T1 = g ^r1 h ^t1 , TT = HE_A (r1), ΤΓ = HE_B (r1), where g and h are generators of an elliptic curve, and where HE_A (rl) is generated based on HE of r1 using the public key of the first account and HE_B (r1) is generated based on HE of r1 using the public key of the second account, and where x is generated with based on T1, TT and T1 hashing ”; the first random number, the second random number and the third random number are determined to be the same based on the properties of the deterministic HE; the first random number, the second random number and the third random number are determined to be the same if g ^ h ¹² = T ^X T1, HE_A (r2) = T ' ^X T1' and HE_B (r2) = T ” ^X T1 ”, Where T = g ^r h ^f , Τ '= HE_A
Petition 870190058551, of 6/25/2019, p. 12/54
5/33 (r) and T ”= HE_B (r), and where HE_A (r) and HE_A (r2) are generated based on HE of r and r2, respectively, using the public key of the first account, HE_B (r ) and HE_B (r2) are generated based on HE of r and r2 using the public key of the second account; T, T and T ”form a cipher text of the value of transaction t; and the update of the balance of the first account and a balance of the second account is performed based on homomorphic encryption.
[009] The present invention also provides one or more non-transient, computer-readable storage media coupled to one or more processors and having instructions stored therein that, when executed by one or more processors, cause the one or more processors perform operations according to embodiments of the methods provided here.
[010] The present invention further provides a system for the embodiment of the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to one or more processors having instructions stored on it that, when executed by one or more processors, cause the one or more processors to perform operations according to forms carrying out the methods provided here.
[011] It is appreciated that the methods according to the present invention can include any combination of the aspects and characteristics described herein. That is, the methods according to the present invention are not limited to the combinations of aspects and features specifically described herein, but also include any combination of the aspects and features provided.
[012] Details of one or more embodiments of the present invention are presented in the attached figures and in the description below. Other features and advantages of the present invention will be evident from the
Petition 870190058551, of 6/25/2019, p. 13/54
6/33 description and figures, and from the claims.
Brief Description of the Drawings [013] Figure 1 represents an example of an environment that can be used to carry out embodiments of the present invention.
[014] Figure 2 represents an example of conceptual architecture according to embodiments of the present invention.
[015] Figure 3 represents an example of a privacy-protected validation method of a trust protocol transaction based on homomorphic cryptography according to embodiments of the present invention.
[016] Figure 4 represents an example of a trust protocol transaction based on homomorphic cryptography according to embodiments of the present invention.
[017] Figure 5 represents another example of a privacy-protected validation method of a trust protocol transaction based on homomorphic cryptography in accordance with embodiments of the present invention.
[018] Figure 6 represents another example of a trust protocol transaction based on homomorphic cryptography according to embodiments of the present invention.
[019] Figure 7 represents an example of a process that can be performed according to embodiments of the present invention.
[020] Figure 8 represents another example of a process that can be performed according to embodiments of the present invention.
[021] Same reference symbols on the various drawings indicate identical elements.
Description of Embodiments of the Invention [022] Embodiments of the present invention include
Petition 870190058551, of 6/25/2019, p. 14/54
7/33 computer-implemented methods for privacy-protected verification of trust protocol transactions without user confirmation, interaction and disclosure of transaction amounts or account balances. More particularly, the embodiments of the present invention are intended to validate transactions between trusted protocol users based on commitment schemes and homomorphic cryptography (HE) without revealing the transaction amount, account balances or random numbers to generate commitments for others trust protocol nodes.
[023] To provide additional context for embodiments of the present invention, and as introduced above, trust protocol networks, which can also be referred to as consensus networks (for example, composed of peer-to-peer nodes), system Distributed accounting, or simply a trust protocol, allows participating entities to conduct transactions and store data in a secure and immutable manner. A trust protocol can be provided as a public trust protocol, a private trust protocol or a consortium trust protocol. The embodiments of the present invention are described in more detail herein with reference to a public trust protocol, which is public among the participating entities. It is contemplated, however, that the embodiments of the present invention can be performed in any appropriate type of trust protocol.
[024] In a public trust protocol, the consensus process is controlled by nodes in the consensus network. For example, hundreds, thousands and even millions of entities can participate in a public trust protocol, each of which operates at least one node in the public trust protocol. Thus, the public trust protocol can be considered a public network in relation to the participating entities. In some examples, most entities (nodes) must sign all blocks
Petition 870190058551, of 6/25/2019, p. 15/54
8/33 for the block to be valid and added to the trust protocol. An example of a public trust protocol includes the trust protocol used in the Bitcoin network, which is a peer-to-peer payment network (cryptocurrency network). Although the term trust protocol is commonly referred to by hand with the Bitcoin network, as used here, trust protocol generally refers to ledgers distributed without particular reference to the Bitcoin network.
[025] In general, a public trust protocol supports public transactions. A public transaction is shared with all nodes within the trust protocol, and the trust ledger is replicated across all nodes. That is, all nodes are in a perfect state of consensus regarding the trust protocol. To reach consensus (for example, agreement to add a block to a trust protocol), a consensus protocol is implemented within the trust protocol network. An example of a consensus protocol includes, without limitation, proof of work (POW) implemented on the Bitcoin network.
[026] The embodiments of the present invention are described here in greater detail in view of the above context. More particularly, and as introduced above, the embodiments of the present invention are intended to validate transactions between trust protocol users based on HE and commitment schemes without revealing the transaction amount, account balances or random numbers to generate commitments to other trusted protocol nodes.
[027] In accordance with the embodiments of the present invention, trust protocol transactions can be validated and recorded in a commitment protocol (ledger) based on commitment, without revealing the transaction account balance, the amount of the transaction or the random number used to generate the commitment. a
Petition 870190058551, of 6/25/2019, p. 16/54
9/33 commitment scheme, such as the Pedersen (PC) commitment, can be used to generate a commitment for a transaction amount using a random number. The transaction amount and random number can be encrypted using probabilistic or deterministic HE. The transaction amount and random number can also be used to generate a set of values as evidence to validate the transaction based on the properties of the HE. The transaction commitment, the encrypted transaction amount, the encrypted random number and the evidence can be used by a trust protocol node to verify that the transaction is valid without the account balance, the transaction amount or the random number being revealed.
[028] Figure 1 represents an example of an environment (100) that can be used to carry out embodiments of the present invention. In some examples, the sample environment (100) allows entities to participate in a public trust protocol (102). The example environment (100) includes computing systems (106, 108) and a network (110). In some examples, the network (110) includes a local area network (LAN), wide area network (WAN), the Internet or a combination of them, and connects web sites, user devices (for example, computing devices ) and secondary systems (back-end). In some instances, the network (110) can be accessed via a wired and / or wireless communication connection.
[029] In the example described, computing systems (106, 108) can each include any appropriate computing system that allows participation as a node in the public trust protocol (102). Examples of computing devices (120) include, without limitation, a server, a desktop computer, a laptop computer, a tablet computing device and a smart phone. In some examples, computing systems (106, 108) host one or more services implemented by
Petition 870190058551, of 6/25/2019, p. 17/54
10/33 computer to interact with the public trust protocol (102). For example, the computing system (106) can host computer-implemented services from a first entity (for example, user A), such as a transaction management system that the first entity uses to manage its transactions with one or more others entities (for example, other users). The computing system (108) can host computer-implemented services from a second entity (for example, user B), such as the transaction management system that the second entity uses to manage its transactions with one or more other entities (for example , other users). In the example in Figure 1, the public trust protocol (102) is represented as a peer-topeer network of nodes, and the computing systems (106, 108) provide nodes of the first and second entities, respectively, that participate in the protocol. public trust (102).
[030] Figure 2 represents an example of conceptual architecture (200) according to embodiments of the present invention. The exemplary conceptual architecture (200) includes an entity layer (202), a hosted services layer (204) and a public trust protocol layer (206). In the example shown, the entity layer (202) includes three entities, Entity_1 (E1), Entity_2 (E2) and Entity_3 (E3), each entity having a respective transaction management system (208).
[031] In the example shown, the hosted services layer (204) includes trust protocol interfaces (210) for each transaction management system (208). In some examples, a respective transaction management system (208) communicates with a respective trust protocol interface (210) over a network (for example, the network (110) in Figure 1) using a communication protocol ( for example,
Petition 870190058551, of 6/25/2019, p. 18/54
11/33 secure hypertext transfer protocol (HTTPS)). In some examples, each trust protocol interface (210) provides a communication connection between a respective transaction management system (208) and the trust protocol layer (206). More particularly, each trust protocol interface (210) allows the respective entity to carry out transactions registered on a trust protocol network (212) of the trust protocol layer (206). In some examples, communication between a trust protocol interface (210), and the trust protocol layer (206) is conducted using remote procedure calls (RPCs). In some examples, the trust protocol interfaces (210) "host" trust protocol nodes for the respective transaction management systems (208). For example, the trust protocol interfaces (210) provide the application programming interface (API) for accessing the trust protocol network (212).
[032] As described here, the trust protocol network (212) is provided as a peer-to-peer network including a plurality of nodes (214) that record information immutably in a trust protocol (216). Although a single trust protocol (216) is schematically represented, several copies of the trust protocol (216) are provided, and are maintained through the trust protocol (212). For example, each node (214) stores a copy of the trust protocol (216). In some embodiments, the trust protocol (216) stores information associated with transactions that are carried out between two or more entities participating in the public trust protocol.
[033] Figure 3 represents an example of a privacy-protected validation method (300) of an HE-based trust transaction in accordance with embodiments of the present invention. At a high level, the example method (300) is performed by a
Petition 870190058551, of 6/25/2019, p. 19/54
12/33 user node A (302), a user node B (not shown in Figure 3) and a trust protocol node (304), also referred to as a consensus node. A transaction, such as a transfer of value, can be made from user node A (302) to user node B. To protect the privacy of the account, user node A (302) can generate a compromise on a transaction amount t using a commitment scheme, such as PC, based on a random number r. The commitment generated using the PC can be expressed as PC (r, t). User node A (302) can also encrypt the random number using HE based on a public key from user node B. This can be expressed as HE (r). A ciphertext of the transaction amount t, expressed as (PC (r, t), HE (r)) can be transmitted to user node B. After receiving the ciphertext, user node B can decipher the number random r using a private key. User node B can use the random number r to decipher transaction amount t. To prove the validity of the transaction, the trust protocol node (304) can compare the random number in the compromise and the random number encrypted using HE. If the random numbers match, the transaction is determined to be valid by the trust protocol node (304) with zero knowledge of the transaction data. More details of the example method (300) are discussed in the following description in Figure 3.
[034] In (306), user node A (302) generates a commitment amount from a transaction amount based on a first random number, and encrypts, based on HE, a second random number using a public key from user node A (302) and a third random number using a public key from user node B. The first random number, the second random number and the third random number can be the same random number r used to generate a compromise from a transaction amount t using a commitment scheme. In some
Petition 870190058551, of 6/25/2019, p. 20/54
13/33 embodiments, the commitment scheme can have a double exponential form, like the PC. Using the PC as a non-limitative example, the compromise value generated by the first random number r can be expressed as PC (r, t) = grht, where g and h can be generators of an elliptic curve, PC (r, t) is a scalar multiplication of curve points, et is the amount of transaction to which it is committed. It should be understood that other HE-based commitment schemes, such as OkamotoUchiyama (OU) HE, and Boneh-Goh-Nissim HE can also be used to generate the commitment value.
[035] The encryption of the second random number r encrypted using the public key of user node A (302) can be expressed as HE_A (r). The encryption of the third random number r encrypted using the public key of user node B can be expressed as HE_B (r).
[036] In some embodiments, HE public key cryptography can be a deterministic HE that can be obtained from probabilistic HE schemes, such as Paillier HE, Benaloh HE, OU HE, Naccache-Stern HE, Damgard-Jurik HE, or Boneh-Goh-Nissim HE, setting the random number to a fixed value. In some embodiments, HE deterministic schemes that satisfy the linear properties that HE (a + b) = HE (a) + HE (b) and HE (ab) = HE (b) a, where a and b are clear text ( plaintext) used for HE, can be used for the present invention.
[037] In some examples, T = PC (r, t), T = HE_A (r) and T ”= HE_B (r), and the transaction amount ciphertext can be expressed as (T, T and T” ). The transaction can be determined to be valid, if the conditions in the example are met. First, transaction amount t is greater than or equal to 0 and less than or equal to account balance s_A of user node A (302). According to the transaction, it is digitally signed by the private key of user node A
Petition 870190058551, of 6/25/2019, p. 21/54
14/33 (302), private key to prove that the transaction is authorized by user node A (302). Third, the random number r in the compromise PC (r, t) is the same as or encrypted in the ciphertext HE_A (r), and HE_B (r) using the public keys of user node A (302) and user node B, respectively.
[038] In some embodiments, the ciphertext can also be separated as a ciphertext from an amount sent (t '), which can be expressed as (PC (r', t '), HE_A (r')) , and a cipher text of an amount received (t ”), which can be expressed as (PC (r”, t ”), HE_B (r”)). In such cases, the amount sent t 'also needs to be determined to be equal to the amount received t ”to validate the transaction.
[039] In (308), user node A (302) generates one or more interval tests. In some embodiments, the gap proofs can include an RP1 gap proof to show that the transaction amount t is greater than or equal to zero, and an RP2 gap proof to show that the transaction amount t is less than or equal to to an account balance of user node A.
[040] In (310), user node A (302) generates a set of values using HE based on one or more selected random numbers. The set of values, denoted as Pf, can include evidence used to prove that the random number r in the PC compromise (r, t) is the same as or encrypted in the ciphertext HE_A (r) and HE_B (r) using public keys user node A (302) and user node B, respectively. In some embodiments, two random numbers r1 and t1 can be selected to calculate another set of cipher texts from t1 denoted as (T1, T1 ', T1 ”), where T1 = gr1 ht1, TT = HE_A (r1), T1 "= HE_B (r1). Two additional tests r2 and t2 can be calculated as r2 = r1 + xr, t2 = t1 + xt, where x is the dispersion of T1, TT and T1 ”. The set of values can be
Petition 870190058551, of 6/25/2019, p. 22/54
15/33 denoted as Pf = (T1, T1 T1 ”, r2, t2).
[041] In (312), user node A (302) uses its private key to digitally sign the ciphertext (T, Τ ', T ”), the ciphertext (T1, TT, ΤΓ), r2, t2 , the RP1 and RP2 interval probes, and the public keys of user node A (302), and user node B. The digital signature added by user node A (302) can be used to show that the transaction is authorized by user node A (302). The digitally signed copy is submitted to the trust protocol network at (314).
[042] In (316), the trust protocol node (304) verifies the digital signature using a public key from user node A (302). The trust protocol node (304) can be a consensus node that can prove the validity of transactions in the trust protocol network. If the trust protocol node (304) cannot verify the digital signature of user node A (302) using the public key, the digital signature can be determined to be incorrect and the transaction can be denied. In some embodiments, the trust protocol node (304) may also include a double anti-wear mechanism. The trust protocol node (304) can check whether the transaction has already been executed or registered. If the transaction has already been executed, the transaction can be rejected. Otherwise, validation of the transaction can continue.
[043] In (318), the trust protocol node (304) checks one or more interval tests. For example, the RP1 gap proof can be used to prove that the transaction amount t is greater than or equal to zero, and the RP2 gap proof can be used to prove that the transaction amount t is less than or equal to a balance. account number of user node A (302).
[044] In (320), the trust protocol node (304) determines that the first random number, the second random number and the third random number are the same based on the set of values. In
Petition 870190058551, of 6/25/2019, p. 23/54
16/33 some embodiments, the determination includes determining whether the example conditions gr2ht2 = TxT1, HE_A (r2) = TxTT and HE_B (r2) = T ”xT1” are true based on the properties of the deterministic HE, as discussed above . If true, it can be indicated that the random number in the compromise is the same as the random numbers encrypted homomorphically using the public keys of user node A (302) and user node B, and the transaction is valid.
[045] In (322), the trust protocol node (304) updates the account balances of user node A (302), and of user node B. Balance updates can be performed based on the properties of HE without revealing account balances for user node A (302) or user node B. Updating account balances is described in more detail here with reference to Figure 4.
[046] Figure 4 represents an example of a trust protocol transaction (400) based on HE according to embodiments of the present invention. As shown in the trust protocol transaction example (400), a user node A (402) transfers a transaction amount t to a user node B (406). Before the transaction, user node A (402) has an account balance of s_A and user node B (406) has an account balance of s_B.
[047] Using the encryption schemes and transaction process described here with reference to Figure 3 as an example, the account balance s_A can be encrypted using a PC-based random number r_A and the random number r_A can be encrypted based on HE . The c_text of the account balance s_A can be expressed as (S_A, S’_A) = (gr_Ahs_A, HE_A (r_A)), where g and h can generate an elliptic curve to generate the PC of the account balance s_A. Likewise, an account balance s_B of user node B (406) can be encrypted using a number
Petition 870190058551, of 6/25/2019, p. 24/54
17/33 PC-based random r_B. The cipher text of the account balance s_B can be expressed as (S_B, S’_B) = (gr_Bhs_B, HE_A (r_B)).
[048] In (404), user node A (402) can add digital signature to the evidence used to validate the transaction, and send the digitally signed copy to the trust protocol network (408). As described above with reference to Figure 3, the evidence may include the transaction amount ciphertext (T, Τ ', T ”), one or more interval evidence (RP1, RP2) and other evidence (T1, TT, T1 ”, r2, t2).
[049] After the transaction, the account balance of user node A (402) can be expressed as s_A -1 ', and the account balance of user node B (406) can be expressed as s_B + t ", where t 'is the amount sent by user node A (402) and t ”is the amount received by user node B. The cipher text of the account balance of user node A (402) after the transaction can be expressed as ( S_A / T, S'_A / Τ ') and the cipher text of the account balance of user node B (406) after the transaction can be expressed as (S_B * T, S'_B * T ”). Since S_A, S'_A, S_B, S'_B, T, T 'and T ”are each encrypted using HE with a double exponential form, addition and subtraction can be performed in their encrypted form without deciphering the values of clear text.
[050] Figure 5 represents another example of a privacy-protected validation method (500) of an HE-based trust protocol transaction according to embodiments of the present invention. At a high level, the example method (500) is performed by a user node A (502), a user node B (not shown in Figure 5) and a trust protocol node (504), which can be referred to as a consensus knot. A transaction, such as a transfer of value, can be made from user node A (502) to user node B. To protect the privacy of the account, user node A (502) can generate a compromise
Petition 870190058551, of 6/25/2019, p. 25/54
18/33 of the transaction amount t using a commitment scheme, such as PC, based on a random number r. The commitment generated using the PC can be expressed in PC (r, t). User node A (502) can also encrypt transaction amount t and random number r using HE which has a double exponential form, such as OU.
[051] A cipher text of the transaction amount t can be submitted to the trust protocol network. After receiving the ciphertext, the trust protocol node (504) can determine whether the random number r hidden on the PC matches the random number r encrypted in the OU using the public keys of user node A (502) and the user B, respectively. In addition, the trust protocol node (504) can determine whether the transaction amount t hidden on the PC matches the transaction amount t encrypted in the OU using the public keys of user node A (502) and user node B , respectively. If both the random numbers and the transaction amounts match, the transaction can be determined to be valid by the trust protocol node (504) with zero knowledge of the transaction data.
[052] In (506), user node A (502) generates a commitment amount for a first transaction amount based on a first random number, and the first transaction amount and the first random number encrypted using a key of user node A (502). A second transaction amount and a second random number are encrypted using a public key from user node B. The first transaction amount and the second transaction amount can be the same amount t. The first random number and the second random number can be the same random number r used to generate a commitment for the transaction amount t using a commitment scheme. In some embodiments, the commitment scheme can take a form
Petition 870190058551, of 6/25/2019, p. 26/54
19/33 double exponential, like the PC. Using the PC as an example, the compromise value generated by the first random number r can be expressed as PC (r, t) = grht, where g and h can be generators of an elliptic curve, PC (r, t) is a scalar multiplication of curve points, et is the amount of transaction that is committed. It should be understood that other HE-based commitment schemes, such as OU HE and Boneh-Goh-Nissim HE can also be used to generate the commitment value.
[053] User node A (502) can also encrypt the first random number and the first transaction amount using the public key of user node A (502) and encrypt the second random number and second transaction amount using the public key of user node B. In some embodiments, the encryption of random numbers and transaction amounts may be based on probabilistic HE, such as OU. Using OU as an example, the encryption of the first random number and the first transaction amount using the public key of user node A (502) can be expressed as OU_A (r) = u1rv1y1 and OU_A (t) = u1tv1y2, respectively, where u1 and v1 are generators on the elliptical curve and y1 and y2 are random numbers used to generate OU_A (r) and OU_A (t). The second encrypted random number and the second transaction amount can be expressed as OU_B (r) = u2rv2z1 and OU_B (t) = u2tv2z2, respectively, where u2 and v2 are generators on the elliptical curve and z1 and z2 are random numbers used to generate OU_B (r) and OU_B (t), respectively. Probabilistic OU satisfies the property that OU (a + b) = OU (a) * OU (b), where a and b are the uncoded text used for OU.
[054] The cipher text of the transaction amount t can be expressed as (PC (r, t), OU_A (r), OU_A (t), OU_B (r), OU_B (t)). The transaction can be determined to be valid, if the following sample conditions are met. First, transaction amount t is greater than or equal to 0 and less than or
Petition 870190058551, of 6/25/2019, p. 27/54
20/33 equal to account balance s_A of user node A (502). According to the transaction, it is digitally signed using the private key of user node A (502), a private key to prove that the transaction is authorized by user node A (502). Third, the random number r in the PC compromise (r, t) is the same as or encrypted in the ciphertext OU_A (r) and OU_B (r) using the public keys of user node A (502) and user node B , respectively. Fourth, the transaction amount t in the compromise PC (r, t) is equal to the encrypted t in the ciphertext OU_A (t) and OU_B (t) using the public keys of user node A (502) and user node B , respectively.
[055] In some embodiments, the ciphertext can also be separated as a ciphertext from a forwarded amount (t '), which can be expressed as (PC (r', t '), OU_A (r'), OU_A (t ')), and a cipher text of an amount received (t ”), which can be expressed as (PC (r”, t ”), OU_B (r”), OU_B (t ”)). In such cases, the amount sent t 'also needs to be determined to be equal to the amount received t ”to validate the transaction.
[056] In (508), user node A (502) generates one or more interval tests. In some embodiments, the gap proofs can include an RP1 gap proof to show that the transaction amount t is greater than or equal to zero, and an RP2 gap proof to show that the transaction amount t is less than or equal to to an account balance of user node A.
[057] In (510), user node A (502) generates a set of values using HE based on one or more selected random numbers. The set of values, denoted as Pf, can include evidence used to prove that the random number r in the PC commitment (r, t) is the same as or encrypted in the ciphertext OU_A (r) and OU_B (r) and the amount of transaction t in the PC commitment (r, t) is the same as t encrypted in the ciphertext OU_A (t) and OU_B (t). In some embodiments, four numbers
Petition 870190058551, of 6/25/2019, p. 28/54
21/33 random r *, t *, z1 * and z2 * can be selected to calculate another set of cipher texts denoted as (C, D, E), where C = gr * ht *, D = u2r * v2z1 * e E = u2t * v2z2 *, where g, h, u2 and v2 are generators of an elliptic curve. Four additional tests a, b, c and c can be calculated as a = r * + xr, b = t * + xt, c = z1 * + xz1 and d = z2 * + xz2, where x is a dispersion function of g, h , u2, v2, C, D and E. The set of values can then be denoted as Pf = (C, D, E, a, b, c, d).
[058] In (512), user node A (502) uses its private key to digitally sign the ciphertext (PC (r, t), OU_A (r), OU_A (t), OU_B (r), OU_B (t)), the RP1 and RP2 interval tests, and the Pf value set. The digital signature added by user node A (502) can be used to show that the transaction is authorized by user node A (502) . The digitally signed copy is submitted to the trust protocol network at (514).
[059] In (516), the trust protocol node (504) verifies the digital signature using a public key from user node A (502). The trust protocol node (504) can be a consensus node that can prove the validity of transactions in the trust protocol network. If the trust protocol node (504) cannot verify the digital signature using the public key of user node A, the digital signature can be determined to be incorrect and the transaction can be denied. In some embodiments, the trust protocol node (504) may also include a double anti-wear mechanism. The trust protocol node (504) can check whether the transaction has already been executed or registered. If the transaction has already been executed, the transaction can be rejected. Otherwise, validation of the transaction can continue.
[060] In (518), the trust protocol node (504) checks for one or more interval tests. For example, the RP1 interval proof can be used to prove that the transaction amount t is greater than or equal to zero, and the
Petition 870190058551, of 6/25/2019, p. 29/54
22/33 RP2 gap proof can be used to prove that the transaction amount t is less than or equal to a user A account balance (502).
[061] In (520), the trust protocol node (504) determines whether the first transaction amount is the same as the second transaction amount, and whether the first random number is the same as the second random number based on the set of values. In some embodiments, the determination includes determining whether gahb = CTx, u2av2c = DZ_B1x and u2bv2d = EZ_B2x, where T = grht is the commitment amount of the first transaction amount t, Z_B1 = u2rv2z1, Z_B2 = u2tv2z2 and where z1 and z2 are random numbers used to encrypt the second transaction amount and the second random number based on the probabilistic HE scheme. If true, it can be indicated that the random number and the transaction amount in the compromise are, respectively, the same random numbers and the transaction amounts encrypted homomorphically using the public key of user node A (502) and user node B , and the transaction is valid.
[062] In (522), the trust protocol node (504) updates the account balances of user node A (502) and user node B. Account balance updates can be performed based on properties of HE without revealing the account balances of user node A (502), and / or user node B.
[063] Figure 6 represents another example of a trust protocol transaction (600) based on HE according to embodiments of the present invention. As shown in the example transaction (600), a user node A (602) transfers a transaction amount t to a user node B (606). Before the transaction, user node A (602) has an account balance of s_A and user node B (606) has an account balance of s_B.
[064] In some examples, the account balance s_A can be hidden using a random number r_A based on the PC using
Petition 870190058551, of 6/25/2019, p. 30/54
23/33 encryption and the transaction process described here with reference to Figure 5. The random number r_A and the account balance can be encrypted based on the OU. The c_text of the account balance s_A can be expressed as (S_A, R_A, Q_A) = (gr_Ahs_A, OU_A (r_A), OU_A (s_A)), where g and g can be generators of an elliptic curve to generate the PC from the balance of s_A account. Likewise, an account balance s_B from user node B (606) can be encrypted using a PC-based random number r_B. The cipher text of the account balance s_B can be expressed as (S_B, S’_B) = (gr_Bhs_B, OU_B (r_B), OU_B (s_B)).
[065] In (604), user node A (602) can add a digital signature to the proofs used to validate the transaction and send the digitally signed copy to the trust protocol network (608). As described here with reference to Figure 5, the evidence may include the transaction amount ciphertext (PC (r, t), OU_A (r), OU_A (t), OU_B (r), OU_B (t)), one or more interval tests (RP1, RP2) and other tests (C, D, E, a, b, c, d).
[066] After the transaction, the account balance of user node A (602) can be expressed as s_A -1, and the account balance of user node B (606) can be expressed as s_B + t. The ciphertext of the account balance of user node A (602) after the transaction can be expressed as (S_A / T, R_A / Y_A1, Q_A / Y_A2), where Y_A1 = OU_A (r) and Y_A2 = OU_A (t ). The ciphertext of the account balance of user node B (606) after the transaction can be expressed as (S_B * T, R_B * Z_B1, Q_B * Z_B2), where Z_B1 = OU_B (r) and Z_B2 = OU_B (t) . Since S_A, S_B, R_A, R_B, Q_A, Q_B, Y_A1, Y_A2, Z_B1, Z_B2 and T are encrypted using HE with a double exponential form, addition and subtraction can be performed in their encrypted form without deciphering the non-text values encoded.
[067] Figure 7 represents an example of process (700) that can be performed according to embodiments of the present invention.
Petition 870190058551, of 6/25/2019, p. 31/54
24/33
For clarity of presentation, the following description generally describes the method (700) in the context of the other figures in this description. However, it will be understood that the example process (700) can be performed, for example, by any system, environment, software and hardware, or a combination of systems, environments, software and hardware, as appropriate. In some embodiments, the steps of the example process (700) can be performed in parallel, in combination, in cycles or in any order.
[068] In (702), a consensus node receives, from a first account, a digitally signed copy of a commitment amount of a transaction amount to be transferred from the first account to a second account generated based on a first random number. The consensus node can also receive from the first account, a second random number encrypted using a public key from the first account, a third random number encrypted using a public key from the second account, one or more interval probes and a set of values generated using HE based on one or more selected random numbers. In some embodiments, the commitment value is generated using the HE-based commitment scheme. In some embodiments, the second random number and the third random number are encrypted based on the deterministic HE scheme.
[069] In some embodiments, the set of values is represented by (T1, TT, T1 ”, r2, t2), where r2 = r1 + xr, t2 = t1 + xt, where r1 and t1 represent the one or more random numbers selected and r represents the first random number, t represents the amount of the balance transfer. In some examples, T1 = grlhtl, TT = HE_A (r1), ΤΓ = HE_B (r1), where g and h are generators of an elliptic curve, HE_A (r1) is generated based on HE of r1 using the public key of the first account , and HE_B (r1) is generated based on
Petition 870190058551, of 6/25/2019, p. 32/54
25/33 in HE of r1 using the public key of the second account. In some examples, x is generated based on the dispersion T1, TT and T1 ”.
[070] In (704), the consensus node verifies a digital signature corresponding to the digitally signed copy using a public key from the first account corresponding to a private key used to generate the digital signature.
[071] In (706), the consensus node determines whether one or more interval tests prove that the balance transfer amount is greater than zero and less than or equal to a balance on the first account.
[072] In (708), the consensus node determines whether the first random number, the second random number and the third random number are the same based on the set of values. In some embodiments, the first random number, the second random number and the third random number are determined to be equal if gr2ht2 = TxT1, HE_A (r2) = T'xTT and HE_B (r2) = T ”xT1”, where T = grht is the commitment amount of the balance transfer amount, T = HE_A (r) and T ”= HE_B (r), HE_A (r) is generated based on HE of r using the public key of the first account, HE_B (r) is generated based on HE of r using the public key of the second account, HE_A (r2) is generated based on HE of r2 using the public key of the first account and HE_B (r2) is generated based on HE of r r2 using the public key of the second account, x is generated based on dispersion g, h, T1, TT and T1 ”. In some embodiments, T, T 'and T ”form the cipher text of the amount of the transaction amount t.
[073] In (710), the consensus node updates the balance of the first account and a balance of the second account based on the transaction amount, if the first random number, the second random number and the third random number are the same. In some embodiments, the first account balance and the second account balance are updated based on
Petition 870190058551, of 6/25/2019, p. 33/54
26/33 in HE.
[074] Figure 8 represents another example of process (800) that can be performed according to embodiments of the present invention. For clarity of presentation, the following description generally describes the process example (800) in the context of the other figures in this description. However, it will be understood that the process example (800) can be performed, for example, by any system, environment, software and hardware, or a combination of systems, environments, software and hardware, as appropriate. In some embodiments, the steps of the process example (800) can be performed in parallel, in combination, in cycles or in any order.
[075] In (802), a consensus node receives, from a first account, a digitally signed copy of a commitment amount from a first transaction amount for a transfer from a first account to a second account. In some instances, the digitally signed copy of the commitment amount is generated based on a first random number. The consensus node also receives the first transaction amount and the first random encrypted number using a public key from the first account, a second balance transfer amount and a second random number encrypted using a public key from the second account, one or more proofs range and a set of values generated using HE based on one or more selected random numbers. In some embodiments, the commitment amount is generated using the PC scheme. In some embodiments, the first amount of the balance transfer and the first random number are encrypted using the public key of the first account based on a probabilistic HE algorithm. In some instances, the second amount of the balance transfer and a second random number are
Petition 870190058551, of 6/25/2019, p. 34/54
27/33 encrypted using the public key of the second account based on the probabilistic HE algorithm. In some embodiments, the probabilistic HE algorithm is an Okamoto-Uchiyama HE algorithm.
[076] In some embodiments, the set of values is represented by (C, D, E, a, b, c, d), where a = r * + xr, b = t * + xt, c = z1 * + xz1 and d = z2 * + xz2, where r *, t *, z1 * and z2 * represent the one or more random numbers selected, r represents the first random number, t represents the first amount of the balance transfer, C = gr * ht *, D = u2r * v2z1 *, E = u2t * v2z2 *, g, h, u2 and v2 are generators of an elliptic curve and x is generated based on dispersion C, D and E.
[077] In (804), the consensus node verifies a digital signature corresponding to the digitally signed copy using a public key from the first account corresponding to a private key used to generate the digital signature.
[078] In (806), the consensus node determines whether one or more interval tests prove that the balance transfer amount is greater than zero and less than or equal to a balance on the first account.
[079] In (808), the consensus node determines whether the first amount is the same as the second amount, and whether the first random number and the second random number are the same based on the set of values. In some embodiments, the first amount and the second amount are determined to be equal, and the first random number and the second random number are determined to be equal, if gahb = CTx, u2av2c = DZ_B1x and u2bv2d = EZ_B2x, where T = grht is the commitment amount of the balance transfer amount, Z_B1 = u2rv2z1, Z_B2 = u2tv2z2. In some examples, z1 and z2 are random numbers used to encrypt the second amount of transactions and the second random number based on the probabilistic HE scheme.
Petition 870190058551, of 6/25/2019, p. 35/54
28/33 [080] In (810), the consensus node updates a balance from the first account and a balance from the second account based on the first amount of the balance transfer, if the first amount and the second amount are the same, and the first random number and the second random number are the same. In some embodiments, the first account balance and the second account balance are updated based on HE.
[081] The forms of realization of the subject matter described in this specification can be implemented in order to achieve particular advantages or technical effects. For example, embodiments of the present invention allow the account balance and transaction amount of the trust protocol nodes to be private during transactions. The recipient of the funds transfer does not need to confirm the transaction or use a random number to verify a commitment, the validation of the transaction may be non-interactive. A trust protocol node can validate the transaction based on HE and commitment schemes to allow zero knowledge proof.
[082] The methodology described allows the improvement of account / data security of various mobile computing devices. Account balances and transaction amounts can be encrypted based on HE and hidden by compromise schemes. As such, a consensus node can update account balances in the ledger after the transaction based on HE properties, without revealing the actual account balance of the account. Since the random number does not need to be sent to a recipient to confirm the transaction, the risk of data leakage can be reduced and less computing and memory resources need to be used to manage the random number.
[083] The embodiments and operations described in this specification can be implemented in digital electronic circuits,
Petition 870190058551, of 6/25/2019, p. 36/54
29/33 or in computer software, firmware or hardware, including the structures disclosed in this specification or in combinations of one or more of them. Operations can be implemented as operations performed by a data processing device on data stored on one or more storage devices that are readable by computer or received from other sources. A data processing device, computer or computing device may comprise data processing devices, devices and machines, including, for example, a programmable processor, a computer, a system on a chip or several, or combinations, of the foregoing. The apparatus may include special purpose logic circuits, for example, a central processing unit (CPU), a field programmable port network (FPGA) or an application specific integrated circuit (ASIC). The device may also include code that creates an execution environment for the computer program in question, for example, code that constitutes processor firmware, a protocol stack, a database management system, an operating system (for example , an operating system or a combination of operating systems), a cross-platform runtime environment, a virtual machine, or a combination of one or more of them. The device and execution environment can carry out various infrastructures of different computing models, such as Web services, distributed computing and grid computing infrastructures.
[084] A computer program (also known, for example, as a program, software, software application, software module, software unit, script or code) can be written in any form of programming language, including compiled languages or interpreted, declarative or procedural languages, and can be implemented in any way, including as a stand-alone program or
Petition 870190058551, of 6/25/2019, p. 37/54
30/33 as a module, component, subroutine, object or other unit suitable for use in a computing environment. A program can be stored in a part of a file that contains other programs or data (for example, one or more scripts stored in a markup language document), in a single file dedicated to the program in question or in several coordinated files ( for example, files that store one or more modules, subprograms, or parts of code). A computer program can be run on one computer or on several computers that are located in one location or distributed in several locations and interconnected by a communication network.
[085] Processors for running a computer program include, for example, microprocessors for general and special purposes, and any one or more processors for any type of digital computer. Generally, a processor will receive instructions and data from a read-only memory or from a random access memory or both. The essential elements of a computer are a processor to perform actions according to instructions and one or more memory devices to store instructions and data. Generally, a computer will also include, or be operationally attached to receive data from or transfer data to, or both, one or more mass storage devices for data storage. A computer can be incorporated into another device, for example, a mobile device, a personal digital assistant (PDA), a game console, a Global Positioning System (GPS) receiver or a portable storage device. Suitable devices for storing computer program instructions and data include non-volatile memory, media and memory devices, including, for example, semiconductor memory devices, magnetic disks and magneto-optical disks. THE
Petition 870190058551, of 6/25/2019, p. 38/54
31/33 processor and memory can be supplemented by, or incorporated into special purpose logic circuits.
[086] Mobile devices may include handsets, user equipment (EU), cell phones (eg smart phones), tablets, wearable devices (eg smart watches and smart glasses), devices implemented within the human body (eg biosensors, cochlear implants) or other types of mobile devices. Mobile devices can communicate wirelessly (for example, using radio frequency (RF) signals) to various communication networks (described below). Mobile devices can include sensors to determine characteristics of the current mobile device environment. The sensors can include cameras, microphones, proximity sensors, GPS sensors, motion sensors, accelerometers, ambient light sensors, humidity sensors, gyroscopes, compasses, barometers, fingerprint sensors, facial recognition systems, RF sensors ( for example, cellular WiFi and radio), thermal sensors, or other types of sensors. For example, cameras can include a forward or backward-facing camera with movable or fixed lenses, a flash, an image sensor and an image processor. The camera can be a megapixel camera capable of capturing details for facial and / or iris recognition. The camera, together with a data processor and authentication information stored in memory or accessed remotely, can form a facial recognition system. The facial recognition system or one or more sensors, for example, microphones, motion sensors, accelerometers, GPS sensors or RF sensors, can be used for user authentication.
[087] To provide interaction with a user, embodiments can be implemented on a computer with a device
Petition 870190058551, of 6/25/2019, p. 39/54
32/33 display and a data entry device, for example, a liquid crystal display (LCD) or organic light-emitting diode (OLED) / virtual reality (VR) / augmented reality (AR) monitor to display information for the user and a touch screen, keyboard and a pointing device by which the user can provide data input to the computer. Other types of devices can also be used to provide interaction with a user; for example, the feedback provided to the user can be any form of sensory feedback, for example, visual feedback, auditory feedback or tactile feedback; and user input can be received in any form, including acoustic, speech, or tactile input. In addition, a computer can interact with a user by sending documents to and receiving documents from a device that is used by the user; for example, sending web pages to a web browser on a user’s client device in response to requests received from the web browser.
[088] The embodiments can be implemented using computing devices interconnected by any form or means of wired or wireless digital data communication (or combination thereof), for example, a communication network. Examples of interconnected devices are a client and a server that are usually remote from each other and that normally interact through a communication network. A customer, for example, a mobile device, can carry out transactions itself, with a server or through a server, for example, by carrying out purchase, sale, payment, delivery, shipping or loan transactions, or by authorizing them. Such transactions can be in real time, so that an action and response are temporarily close; for example, an individual perceives the action and the response occurring substantially simultaneously, the time difference for a response after the individual's action is less than 1
Petition 870190058551, of 6/25/2019, p. 40/54
33/33 millisecond (ms) or less than 1 second (s), or the response is without intentional delay, considering the system's processing limitations.
[089] Examples of communication networks include a local area network (LAN), a radio access network (RAN), a metropolitan area network (MAN) and a wide area network (WAN). The communication network can include all or part of the Internet, another communication network or a combination of communication networks. Information can be transmitted over the communication network according to various protocols and standards, including Long Term Evolution (LTE), 5G, IEEE 802, Internet Protocol (IP) or other protocols or combinations of protocols. The communication network can transmit voice, video, biometric or authentication data or other information between the connected computing devices.
[090] The features described as separate embodiments can be implemented, in combination, in a single embodiment, while the features described as a single embodiment can be implemented in several embodiments, separately or in any sub- suitable combination. The operations described and claimed in a specific order are not to be construed as requiring that the specific order, nor that all illustrated operations be performed (some operations may be optional). As appropriate, multitasking or parallel processing (or a combination of multitasking and parallel processing) can be performed.

权利要求:
Claims (12)
[1]
Claims
1. COMPUTER IMPLEMENTED METHOD (800), performed by a consensus node (304) of a trust protocol network (408, 608) (blockchain), characterized by the fact that it comprises:
receive (802), from a first account, a digitally signed copy of a commitment amount of a transaction amount to be transferred from the first account to a second account generated based on a first random number, a second encrypted random number using a public key from the first account, a third encrypted random number using a public key from the second account, one or more range probes and a set of values generated based on one or more selected random numbers;
verify (804) a digital signature corresponding to the digitally signed copy using a public key from the first account corresponding to a private key used to generate the digital signature;
determine (806) that one or more interval tests prove that the value of the transaction is greater than zero and less than or equal to a balance on the first account;
determine (808) whether the first random number, the second random number and the third random number are the same, based on the set of values; and updating (810) the balance of the first account and a balance of the second account based on the balance transfer amount, if the first random number, the second random number and the third random number are the same.
[2]
2. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 1, characterized by the fact that the commitment value is generated using a commitment scheme that is
Petition 870190058551, of 6/25/2019, p. 42/54
2/4 homomorphic.
[3]
3. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 2, characterized by the fact that the commitment scheme is a Pedersen commitment scheme.
[4]
4. COMPUTER IMPLEMENTED METHOD (800), according to claim 1, characterized by the fact that the second random number and the third random number are encrypted based on a deterministic homomorphic (HE) encryption scheme that has linear properties of HE (a + b) = HE (a) * HE (b) and HE (ab) = HE (b) ^a , where a and b are plain texts used for HE.
[5]
5. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 4, characterized by the fact that the selected random numbers are represented by r1 and t1 and the selected random numbers are used to generate r2 and t2, where r2 = r1 + xr, t2 = t1 + xt, where r1 and t1 represent the one or more selected random numbers, r is the first random number, t is the balance transfer amount, x is a hash value.
[6]
6. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 5, characterized by the fact that the set of values is additionally generated based on T1, TT and T1 ”, where T1 = g ^r1 h ^t1 , TT = HE_A (r1), ΤΓ = HE_B (r1), where geh are generators of an elliptic curve, and where HE_A (r1) is generated based on HE of r1 using the public key of the first account and HE_B (r1) is generated based on HE of r1 using the public key of the second account, and where x is generated based on the hashing T1, TT and T1 ”.
[7]
7. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 6, characterized by the fact that the first random number, the second random number and the third random number are
Petition 870190058551, of 6/25/2019, p. 43/54
3/4 determined to be the same based on the properties of the deterministic HE.
[8]
8. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 6, characterized by the fact that the first random number, the second random number and the third random number are determined to be the same if g ^r2 h ^t2 = T ^X T1, HE_A (r2) = T ' ^X T1' and HE_B (r2) = T ” ^X T1”, where T = g ^r h ^f , Γ = HE_A (r) and T ”= HE_B (r), and in that HE_A (r) and HE_A (r2) are generated based on HE of r and r2, respectively, using the public key of the first account, HE_B (r) and HE_B (r2) are generated based on HE of re r2 using the public key of the second account.
[9]
9. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 1, characterized by the fact that T, T 'and T ”form a cipher text of the transaction value t.
[10]
10. METHOD IMPLEMENTED BY COMPUTER (800), according to claim 1, characterized by the fact that the update of the balance of the first account and a balance of the second account is performed based on homomorphic encryption.
[11]
11. LEGIBLE MEDIA BY COMPUTER, characterized by the fact that it is coupled to one or more processors and has instructions stored in it that, when executed by one or more processors, cause the one or more processors to perform operations according to the method, as defined in any one of claims 1 to 10.
[12]
12. SYSTEM FOR CARRYING OUT A METHOD, characterized by the fact that it comprises:
a computing device (120); and a computer-readable storage device coupled to the computing device (120) and having instructions stored on it that, when executed by the computing device,
Petition 870190058551, of 6/25/2019, p. 44/54
4/4 cause the computing device to perform operations according to the method, as defined in any one of claims 1 to 10.

类似技术:

公开号 | 公开日 | 专利标题

BR112019008148B1|2021-08-10|METHOD IMPLEMENTED BY COMPUTER AND SYSTEM FOR IMPLEMENTING A METHOD

BR112019008151A2|2019-09-10|computer-implemented method, non-transient computer-readable storage medium, and system

KR20200079219A|2020-07-02|Blockchain data protection based on general account model and homogeneous encryption

BR112019008160B1|2021-08-24|COMPUTER IMPLEMENTED METHOD EXECUTED BY A CONSENSUS NODE OF A BLOCK CHAIN NETWORK, COMPUTER-READABLE STORAGE MEDIA, AND SYSTEM TO IMPLEMENT A METHOD

RU2733223C1|2020-09-30|Protection of data of chains of blocks based on common model based on accounts and homomorphic encryption

BR112019008171A2|2019-09-10|computer-implemented method for validating blockchain transactions based on account templates, computer readable storage media, and system

BR112019008174A2|2019-09-10|computer-implemented method, computer-readable, non-transient storage medium, and system

BR112019008140A2|2019-09-10|computer-implemented method, non-transient computer-readable storage medium, and system

同族专利:

公开号 | 公开日

CA3041161C|2021-10-12|

PL3545640T3|2021-10-18|

TWI718585B|2021-02-11|

JP6767580B2|2020-10-14|

KR102348768B1|2022-01-06|

WO2019072269A2|2019-04-18|

ES2876926T3|2021-11-15|

EP3545640B1|2021-04-07|

KR20200054129A|2020-05-19|

SG11201903552PA|2019-05-30|

PH12019500877A1|2019-12-02|

CA3041161A1|2019-04-18|

CN110546667A|2019-12-06|

WO2019072269A3|2019-09-12|

RU2708344C1|2019-12-05|

EP3545640A2|2019-10-02|

AU2018348319B2|2020-10-01|

US20190253235A1|2019-08-15|

TW202019123A|2020-05-16|

MX2019004662A|2019-08-21|

EP3545640A4|2020-01-08|

AU2018348319A1|2020-05-21|

US10615960B2|2020-04-07|

JP2019537348A|2019-12-19|

引用文献:

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

US8744077B2|2008-10-28|2014-06-03|International Business Machines Corporation|Cryptographic encoding and decoding of secret data|

US8958552B2|2009-10-29|2015-02-17|Mitsubishi Electric Corporation|Data processing device|

US8861716B2|2010-03-30|2014-10-14|International Business Machines Corporation|Efficient homomorphic encryption scheme for bilinear forms|

US8731199B2|2012-09-28|2014-05-20|Sap Ag|Zero knowledge proofs for arbitrary predicates over data|

FR3001848B1|2013-02-01|2015-01-09|Morpho|HOMOMORPHIC ENCRYPTION METHOD FOR EXCLUSIVE OR SECURE CALCULATION OF A HAMMING DISTANCE|

US10083310B1|2013-03-13|2018-09-25|Hrl Laboratories, Llc|System and method for mobile proactive secure multi-party computation using commitments|

US9875370B2|2015-03-26|2018-01-23|Microsoft Technology Licensing, Llc|Database server and client for query processing on encrypted data|

WO2016200885A1|2015-06-08|2016-12-15|Blockstream Corporation|Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction|

CN106549749B|2016-12-06|2019-12-24|杭州趣链科技有限公司|Block chain privacy protection method based on addition homomorphic encryption|

WO2018115567A1|2016-12-19|2018-06-28|Nokia Technologies Oy|Method and apparatus for private data transfer between parties|

CN106845960B|2017-01-24|2018-03-20|上海壹账通区块链科技有限公司|Method for secure transactions and system based on block chain|

US10277395B2|2017-05-19|2019-04-30|International Business Machines Corporation|Cryptographic key-generation with application to data deduplication|

CN108021821A|2017-11-28|2018-05-11|北京航空航天大学|Multicenter block chain transaction intimacy protection system and method|US10693627B2|2017-01-20|2020-06-23|Enveil, Inc.|Systems and methods for efficient fixed-base multi-precision exponentiation|

US10771237B2|2017-01-20|2020-09-08|Enveil, Inc.|Secure analytics using an encrypted analytics matrix|

US11196541B2|2017-01-20|2021-12-07|Enveil, Inc.|Secure machine learning analytics using homomorphic encryption|

US20180212753A1|2017-01-20|2018-07-26|Enveil, Inc.|End-To-End Secure Operations Using a Query Vector|

CN111783114A|2018-08-06|2020-10-16|阿里巴巴集团控股有限公司|Block chain transaction method and device and electronic equipment|

CN112651740A|2018-08-30|2021-04-13|创新先进技术有限公司|Block chain transaction method and device and electronic equipment|

US10902133B2|2018-10-25|2021-01-26|Enveil, Inc.|Computational operations in enclave computing environments|

US10817262B2|2018-11-08|2020-10-27|Enveil, Inc.|Reduced and pipelined hardware architecture for Montgomery Modular Multiplication|

CN110402561B|2018-12-21|2021-11-23|创新先进技术有限公司|Block chain data protection based on general account model and homomorphic encryption|

CN110675255B|2019-08-30|2021-04-02|创新先进技术有限公司|Method and apparatus for concurrently executing transactions in a blockchain|

EP3794483A4|2020-02-03|2021-04-28|AlipayInformation Technology Co., Ltd.|Blockchain-based trustable guarantees|

EP3794537A4|2020-02-03|2021-05-26|AlipayInformation Technology Co., Ltd.|Blockchain-based trustable guarantees|

EP3794484A4|2020-02-03|2021-05-05|AlipayInformation Technology Co., Ltd.|Blockchain-based trustable guarantees|

EP3799644A4|2020-02-03|2021-06-09|AlipayInformation Technology Co., Ltd.|Blockchain-based trustable guarantees|

EP3794773A4|2020-02-03|2021-05-05|AlipayInformation Technology Co., Ltd.|Blockchain-based trustable guarantees|

CN112769542B|2021-04-12|2021-06-11|富算科技有限公司|Multiplication triple generation method, device, equipment and medium based on elliptic curve|

法律状态:
2021-04-06| B25A| Requested transfer of rights approved|Owner name: ADVANTAGEOUS NEW TECHNOLOGIES CO., LTD. (KY) |

2021-04-27| B25A| Requested transfer of rights approved|Owner name: ADVANCED NEW TECHNOLOGIES CO., LTD. (KY) |

2021-10-05| B350| Update of information on the portal [chapter 15.35 patent gazette]|

优先权:

申请号 | 申请日 | 专利标题

PCT/CN2018/114421|WO2019072269A2|2018-11-07|2018-11-07|Blockchain data protection using homomorphic encryption|

[返回顶部]