computer-implemented methods, computer-readable storage media, and system

专利摘要:
Embodiments of the present invention include obtaining a secret key through a client node according to a secret sharing threshold scheme agreed upon by a plurality of client nodes; generate one or more commitment values from a confidential client node transaction by applying a cryptographic commitment scheme to the transaction data; generate encrypted transaction information of the confidential transaction by encrypting transaction data using the secret key; and transmitting, to a consensus node of a blockchain, a confidential transaction content for execution, wherein the confidential transaction content comprises: o one or more commitment values; the encrypted transaction information; and one or more proofs of zero knowledge of transaction data.
公开号:BR112019008168A2
申请号:R112019008168
申请日:2018-11-07
公开日:2019-09-10
发明作者:Li Lichun；Yin Shan；Liu Zheng
申请人:Alibaba Group Holding Ltd；
IPC主号:

专利说明:

“METHOD IMPLEMENTED BY A COMPUTER'S NODE CUSTOMER PARTICIPATING IN A CONFIDENTIAL TRANSFER OF CONFIDENTIAL PROTOCOL, A METHOD IMPLEMENTED BY A COMPUTER'S NODE OF A CONFIDENTIAL PROTOCOL NETWORK, METHOD IMPLEMENTED BY COMPUTER DETAILS FOR RECOVERED INFORMATION. TRUST PROTOCOL, COMPUTER PROGRAM AND SYSTEM PRODUCT ”Background to the Invention [001] Distributed accounting systems (DLSs), which may also be called consensus networks and / or trust protocol networks (blockchain), allow companies to participating entities to store data in a secure and immutable way. DLSs are commonly referred to as trust protocol networks without referring to any particular user case (for example, cryptocurrencies). Examples of types of trust networks can include public trust networks, private trust networks and consortium trust networks. A public trust protocol network is open for all entities to use DLS and participate in the consensus process. A private trusted protocol network is provided for a specific entity, which centrally controls read and write permissions. A consortium trust protocol network is provided for a select group of entities, which control the consensus process and include an access control layer.
[002] Trust protocols are used in cryptocurrency networks, which allow participants to carry out transactions to buy / sell goods and / or services using a cryptocurrency. A common cryptocurrency includes Bitcoin. In cryptocurrency networks, the models of
Petition 870190059038, of 06/26/2019, p. 9/54
2/34 record keeping is used to record transactions between users. Examples of record-keeping models include an unrealized transaction balance model (UTXO), and the account model (also referred to as an account-based model or an account / balance model).
[003] In the UTXO model, the chain's assets are in the form of transactions. Each transaction spends the balance of previous transactions and generates new balances that can be spent on subsequent transactions. A user's unspent transactions are tracked and a balance the user must spend is calculated as the sum of the unspent transactions. Each transaction takes into account one or more unspent balances (and only unspent balances) as input and can have one or more balances. The requirement that only unused balances can be used for other transactions is necessary to avoid double spending and fraud. The UTXO model supports transaction and function proof validation, but support for smart contracts is weak.
[004] The account model is adopted by Ethereum. The account model performs record keeping and manages account balances like a traditional bank. Under this model, an account can have an address and a corresponding account balance. The assets in the chain are represented as the account balance. Each transfer transaction can have an account address for a transferred asset and an account address for a received asset. The transaction amount is directly updated in the account balance. The account model is efficient, since each transaction may only need to validate that the sending account has sufficient balance to pay for the transaction. In addition to supporting transaction validation and proofing, the account model can fully support smart contracts, especially those that require state information or involve multiple parties.
Brief Description of the Invention [005] Embodiments of the present invention include
Petition 870190059038, of 06/26/2019, p. 10/54
3/34 computer-implemented methods for confidential transactions based on trust protocol technologies (referred to as confidential trust protocol transactions or, simply, confidential transactions). More particularly, the embodiments of the present invention are intended to retrieve information from encrypted transactions in confidential trust protocol transactions.
[006] In some embodiments, the actions include obtaining a secret key, through a client node, according to a secret threshold sharing scheme agreed by a plurality of client nodes; generate one or more commitment values for a confidential transaction from the client node, by applying a cryptographic commitment scheme to the transaction data; generate encrypted transaction information of the confidential transaction, by encrypting the transaction data using the secret key; and transmit, to a consensus node of a trust protocol network, a confidential transaction content for execution, where the confidential transaction content comprises: o one or more commitment values; encrypted transaction information; and one or more proofs of zero knowledge of the transaction data.
[007] In some embodiments, the actions include receiving the contents of a confidential transaction from a client node, through a consensus node of a trust protocol network, in which the content of the confidential transaction comprises: one or more values compromise of the confidential transaction generated by the client node, through the application of a cryptographic compromise scheme to the transaction data of the confidential transaction; and encrypted transaction information generated by encrypting transaction data using a secret key from the client node, where a secret key is obtained by the client node according to a
Petition 870190059038, of 06/26/2019, p. 11/54
4/34 secret threshold sharing scheme with a plurality of client nodes; and one or more proofs of zero knowledge of the transaction data; verify, through the consensus node of the trust protocol network, that the confidential transaction is valid based on the content of the confidential transaction; and store, through the trust protocol consensus node, the transaction information encrypted in a trust protocol of the trust network.
[008] In some embodiments, actions include receiving, through a particular client node from a consensus node of a trust protocol network, encrypted transaction information from a confidential transaction from the particular client node, where encrypted transaction information is stored in at least one trust protocol in the trust protocol network, where the particular client node does not have access to a secret key configured to decrypt the encrypted transaction information, and where the client node in particular, the secret key was previously issued; retrieve, through a particular client node, the secret key through at least a threshold number of client nodes among a plurality of client nodes in the trust protocol network, according to a secret threshold sharing scheme, agreed by the plurality of we customers; and decrypting, via the particular client node, transaction data from the confidential transaction of the particular client node through the encrypted transaction information using the recovered secret key.
[009] Other embodiments include corresponding systems, devices and computer programs, configured to perform the actions of the methods, encoded in computer storage devices.
[010] These and other embodiments may include,
Petition 870190059038, of 06/26/2019, p. 12/54
5/34 optionally, one or more of the following characteristics.
[011] A first characteristic, which can be combined with any of the following characteristics, in which the transaction data of the confidential transaction includes one or both balances of a client node account before the confidential transaction or a transaction value of the confidential transaction.
[012] A second characteristic, combinable with any of the previous or following characteristics, in which one or more proofs of zero knowledge of the transaction data includes one or more ranges of proofs of zero knowledge that the values of the transaction data are within their respective intervals.
[013] A third feature, combinable with any of the previous or following features, in which the cryptographic compromise scheme includes a Pedersen commitment scheme; where generating one or more commitment values from a client node confidential transaction by applying a cryptographic commitment scheme to transaction data includes generating one or more commitment values from the client node's confidential transaction based on the transaction data and corresponding random numbers transaction data; and where the generation of encrypted confidential transaction information includes the generation of encrypted confidential transaction information by encrypting the transaction data and random numbers corresponding to the transaction data using the secret key.
[014] A fourth characteristic, combinable with any of the previous or following characteristics, in which the threshold secret sharing scheme comprises a secret Shamir sharing scheme.
[015] A fifth characteristic, combinable with any one
Petition 870190059038, of 06/26/2019, p. 13/54
6/34 of the previous or following characteristics, where verifying that the confidential transaction is valid based on the content of the confidential transaction includes: determining that the one or more commitment values are correct based on the commitment scheme; and verify one or more proofs of zero knowledge of the transaction data.
[016] A sixth characteristic, combinable with any of the previous or following characteristics, in which the verification of one or more proofs of zero knowledge of the transaction data includes: determining that a client node's account balance before the confidential transaction is greater that zero; and determining that a transaction value of the confidential transaction is less than or equal to an account balance of the client node prior to the confidential transaction.
[017] A seventh characteristic, combinable with any of the previous or following characteristics, in which the cryptographic compromise scheme is homomorphic, and the method also includes updating an account balance of the client node after the confidential transaction based on the homomorphism of the commitment scheme.
[018] An eighth feature, combinable with any of the previous or following features, in which to decrypt transaction data from the confidential transaction of the particular client node, from the transaction information encrypted using the secret key includes retrieving a transfer value from confidential transaction using the secret key.
[019] A ninth feature, combinable with any of the previous or following features, in which decrypting transaction data from the confidential transaction of the particular client node, from the transaction information encrypted using the secret key includes recovering both the transfer amount of the confidential transaction as a
Petition 870190059038, of 06/26/2019, p. 14/54
7/34 random number corresponding to the transfer amount using the secret key, where the transfer amount and the random number are used in a Pedersen compromise scheme to hide transaction information from the confidential transaction of the particular client node.
[020] The present invention also provides one or more computer readable storage media, non-transitory coupled to one or more processors and having instructions stored in it that, when executed by one or more processors, causes the one or more processors perform the operations according to embodiments of the methods provided here.
[021] The present invention further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer program product coupled to one or more processors with instructions stored on it that, when executed by one or more processors, cause one or more processors to perform operations according to embodiments , of the methods provided here.
[022] It is understood that the methods according to the present invention can include any combination of the aspects and characteristics described herein. That is, methods according to the present invention are not limited to the combinations of aspects and characteristics specifically described herein, but also include any combination of the aspects and characteristics provided.
[023] Details of one or more embodiments of the present invention are presented in the accompanying drawings and in the description below. Other features and advantages of the present invention will be apparent from the description and drawings, and from the claims.
Petition 870190059038, of 06/26/2019, p. 15/54
8/34
Brief Description of the Figures [024] Figure 1 illustrates an example of an environment that can be used to carry out the embodiments of the present invention.
[025] Figure 2 illustrates an example of conceptual architecture according to the embodiments of the present invention.
[026] Figure 3 illustrates an example of process 300 for preparing a confidential trust protocol transaction according to the embodiments of the present invention.
[027] Figure 4 illustrates an example of a process for retrieving (400) transaction information from a confidential trust protocol transaction according to the embodiments of the present invention.
[028] Figure 5 illustrates an example of a process that can be performed according to the embodiments of the present invention.
[029] Similar reference symbols in the various drawings indicate similar elements.
Detailed Description of the Invention [030] Embodiments of the present invention include computer-implemented methods for confidential transactions based on reliable protocol technologies. More particularly, the embodiments of the present invention are intended to retrieve information from decoded transactions into confidential trust protocol transactions.
[031] In some embodiments, the actions include obtaining a secret key, through a client node, according to a secret threshold sharing scheme agreed by a plurality of client nodes; generate one or more commitment values for a confidential transaction from the client node, by applying a cryptographic commitment scheme to the transaction data; generate information from
Petition 870190059038, of 06/26/2019, p. 16/54
9/34 encrypted transaction of the confidential transaction, by encrypting the transaction data using the secret key; and transmit, to a consensus node of a trust protocol network, a confidential transaction content for execution, where the confidential transaction content includes: o one or more commitment values; encrypted transaction information; and one or more proofs of zero knowledge of the transaction data.
[032] In some embodiments, actions include receiving content from a confidential transaction from a client node, through a consensus node from a trust protocol network, where the content of the confidential transaction includes: one or more values compromise of the confidential transaction generated by the client node, through the application of a cryptographic compromise scheme to the transaction data of the confidential transaction; and encrypted transaction information generated by encrypting transaction data using a secret client node key, wherein a secret key is obtained by the client node according to a secret threshold sharing scheme with a plurality of client nodes; and one or more proofs of zero knowledge of the transaction data; verify, through the consensus node of the trust protocol network, that the confidential transaction is valid based on the content of the confidential transaction; and store, through the trust protocol consensus node, the transaction information encrypted in a trust protocol of the trust network.
[033] In some embodiments, actions include receiving, through a particular client node from a trust protocol network consensus node, encrypted transaction information from a particular client node confidential transaction, in which encrypted transaction information is stored in at least one
Petition 870190059038, of 06/26/2019, p. 17/54
10/34 trust in the trust protocol network, in which the particular client node does not have access to a secret key configured to decrypt the encrypted transaction information, and in which the particular client node was previously issued the secret key; retrieve, through a particular client node, the secret key through at least a threshold number of client nodes among a plurality of client nodes in the trust protocol network, according to a secret threshold sharing scheme, agreed by the plurality of we customers; and decrypting, via the particular client node, transaction data from the confidential transaction of the particular client node through the encrypted transaction information using the recovered secret key.
[034] To provide an additional context for embodiments of the present invention, and as introduced above, distributed accounting systems (DLSs), which can also be referred to as consensus networks (for example, constituted by peer-to-peer nodes ), and trust protocol networks, allow participating entities to conduct transactions securely and immutably and store data. Although the term trust protocol is generally associated with the Bitcoin cryptocurrency network, the trust protocol is used here to refer generally to a DLS without reference to any particular use case. As introduced above, a trust protocol network can be provided as a public trust protocol network, a private trust protocol network, or a consortium trust network.
[035] In a public trust protocol network, the consensus process is controlled by nodes in the consensus network. For example, hundreds, thousands, even millions of entities can cooperate in a public trust protocol network, each of which operates at least one node in the public trust protocol network. Thus, the
Petition 870190059038, of 06/26/2019, p. 18/54
11/34 public trust protocol network can be considered a public network in relation to the participating entities. In some examples, most entities (nodes) must sign each block in order for the block to be valid, and added to the trust protocol (distributed accounting) of the trust protocol network. An example of a public trust protocol network includes the Bitcoin network, which is a peer-to-peer payment network. The Bitcoin network uses distributed accounting, known as a trust protocol. As noted above, the term trust protocol, however, is used to generally refer to distributed accounts with no particular reference to the Bitcoin network.
[036] In general, a public trust protocol network supports public transactions. A public transaction is shared with all nodes within the public trust protocol network and is stored in a global trust protocol. A global trust protocol is a trust protocol that is replicated on all nodes. That is, all nodes are in a perfect state of consensus regarding the global trust protocol. To reach consensus (for example, agreeing to add a block to a trust protocol), a consensus protocol is implemented within the public trust protocol network. An example of a consensus protocol includes, without limitation, proof of work (POW) implemented in the Bitcoin network.
[037] In general, a private trusted protocol network is provided to a private entity, which centrally controls read and write permissions. The entity controls which nodes are able to participate in the trust protocol network. Consequently, private trust protocol networks are generally referred to as allowed networks that place restrictions on who is allowed to participate in the network, and on their level of participation (for example, only in certain
Petition 870190059038, of 06/26/2019, p. 19/54
12/34 transactions). Various types of access control mechanisms can be used (for example, existing participants vote to add new entities, a regulatory authority can control admission).
[038] In general, a consortium trust protocol network is private between participating entities. In a consortium trust protocol network, the consensus process is controlled by an authorized set of nodes, one or more nodes being operated by a respective entity (for example, a financial institution, insurance company). For example, a consortium of ten (10) entities (for example, a financial institution, insurance company) may operate a consortium trust protocol network, one operating at least one node in the consortium trust protocol network. In this sense, the consortium trust protocol network can be considered a private network in relation to the participating entities. In some examples, each entity (node) must sign all blocks for the block to be valid and added to the trust protocol. In some examples, at least a subset of entities (nodes) (for example, at least 7 entities) must sign all blocks for the block to be valid and added to the trust protocol.
[039] The embodiments of the present invention are described in more detail herein with reference to a consortium trust protocol network. It is contemplated, however, that the embodiments of the present invention can be carried out in any appropriate type of trust protocol network.
[040] The embodiments of the present invention are described here in greater detail in view of the above context. More particularly, and as shown above, the embodiments of the present invention are intended to regulate confidential trust protocol transactions.
Petition 870190059038, of 06/26/2019, p. 20/54
13/34 [041] A trust protocol is a tamper-proof shared digital record that records transactions on a public or private peer-to-peer network. The record is distributed to all member nodes in the network and the history of asset transactions occurring on the network is permanently recorded in the block. As the registry is fully public for participating entities, the trust protocol registry itself does not have a privacy protection function and requires additional technology to protect the privacy of the content of the asset transaction.
[042] Privacy protection techniques for trust protocol can include those for carrying out a confidential transaction to protect the privacy of a transaction's content. In a confidential transaction, the content of a transaction is only accessible or known to the participants in the transaction, and not to other outsiders. For example, a confidential transaction allows only the two parties participating in the transaction to be aware of the amount to be transacted, and external observers are prevented from knowing this information. Such techniques for conducting confidential transactions have been used, for example, in MONERO and ZCASH.
[043] Privacy protection techniques for trust protocol can also include those to protect identities of parts of a transaction, such as using an invisible address or a ring signature mechanism.
[044] With privacy protection added to the trust protocol (for example, in the context of confidential transactions), a compromise scheme, such as Pedersen's commitment scheme, can be used to hide or encrypt certain transaction information from a In the client. Transaction information may include, for example, a user's account balance before the transaction, a transaction amount and / or other information. For example, a client node (also
Petition 870190059038, of 06/26/2019, p. 21/54
14/34 called a customer, user, party or transaction participant) can promise or commit to a pre-transaction account balance α and a corresponding random number r according to Pedersen's commitment scheme. The client node can save the value α and the random number r. When α or r corresponding to the commitment is lost, the account balance cannot be used by the client node. For example, in a case where both α and r are lost, the client node does not know the balance a or the random number r corresponding to the balance. In a case where only r, but not a, is lost, the client node can know the balance t, but cannot use its own balance, because the use of the balance involves operations of r. In a case where α is lost, the customer does not know his own balance. The client node cannot restore or retrieve the amount of plain text α if the computing power of the client node is limited.
[045] Examples of techniques are described to solve the problem described above when a compromise scheme (for example, Pedersen's compromise) is used to hide or encrypt information in a transaction. The techniques described can make it possible and easier for a client node to retrieve the original information from the plain text transaction (for example, the compromised value α and / or the random number r) in the event that such transaction information is lost.
[046] The techniques described include a recovery scheme for recovering hidden transaction information (for example, a compromised transaction amount that has been lost) in confidential trust protocol transactions. In some embodiments, the techniques described include storing hidden transaction information in one or more trusts in a trustee network. In some embodiments, the transaction information hidden from a
Petition 870190059038, of 06/26/2019, p. 22/54
15/34 confidential transaction stored in the trust protocol can be encrypted. Information before encryption can be called plain text information. The resulting information after encryption can be called encrypted information or ciphertext.
[047] In some embodiments, a client node can encrypt certain transaction data (that is, plain text transaction data) into encrypted or cipher text transaction data using a secret key. For example, a client node can encrypt both a plain text value (for example, account information) and a random number corresponding to the plain text value according to Pedersen's commitment using a secret key. The encrypted transaction information resulting from the confidential transaction (for example, the random encrypted number and the clear encrypted text value) can be included as part of the content of the transaction and sent for execution over the trust protocol network. One or more trustee nodes can store the encrypted transaction information, for example, in one or more trusts in the trustee network. The client node can retrieve the encrypted transaction information corresponding to the client node from one or more trusted protocol nodes and decrypt the plain text transaction data from the encrypted transaction information using the secret key.
[048] In some embodiments, the client node may lose plain text transaction data and / or the secret key. For example, if the client node saved the plain text transaction data and / or the secret key locally, in a client node data store, the client node may lose the text transaction data
Petition 870190059038, of 06/26/2019, p. 23/54
16/34 without formatting and / or the secret key when the data storage is understood or damaged. The techniques described can help to recover transaction data in plain text and / or the secret key.
[049] In some embodiments, the secret key of the client node can be generated according to a threshold secret sharing scheme (for example, Shamir's secret sharing scheme) for secure multipart calculation (MPC). For example, a private secret key corresponding to the client node's encryption compromise can be negotiated and generated among a total number of participants (for example, n participants) of Shamir's secret sharing scheme. The secret key can be divided into several parts and stored by the total number of participants, respectively, thus preventing leakage of the secret key from the client node. In the event that the client node loses the secret key, the client node can retrieve the secret key according to Shamir's secret sharing scheme, receiving at least a limit number of parts (for example, k parts) of the secret key from at least k of n participants. Consequently, the client node can retrieve the secret key and use the secret key to decrypt the clear text transaction data from the transaction information encrypted using the secret key.
[050] The techniques described can help to recover the secret key and plain text transaction data from a confidential transaction. The techniques described do not depend on a hardware-based backup scheme, in which we customers use their hardware to back up their secret keys (for example, on hardware-based wallets). The techniques described can provide enhanced security and robustness of the transaction data, as the transaction data is stored in one or more trusted protocols in the protocol network.
Petition 870190059038, of 06/26/2019, p. 24/54
17/34 confidence. The techniques described can provide access to a client node for its secret key, regardless of an embodiment of a hardware-based wallet or a software-based wallet. The described techniques can achieve additional or different advantages.
[051] Figure 1 illustrates an example of an environment (100) that can be used to carry out embodiments of the present invention. In some examples, the sample environment (100) allows entities to participate in a consortium trust protocol network (102). The example environment (100) includes computing systems or devices (106, 108) and a network (110). In some examples, the network (110) includes a local area network (LAN), wide area network (WAN), the Internet or a combination of them, and connects web sites, client devices (for example, computing devices ) and backend system. In some examples, the network (110) can be accessed via a wired and / or wireless communication link.
[052] In the example described, the computing systems (106, 108) can include any appropriate computing system that allows participation as a node in the consortium trust protocol network (102). Examples of computing devices include, without limitation, a server, a desktop computer, a laptop computer, a tablet computer device and a smartphone. In some instances, computer systems (106, 108) host one or more services implemented per computer to interact with the consortium trust protocol network (102). For example, the computing system (106) can host computer-implemented services from a first entity (for example, customer A), such as a transaction management system that the first entity uses to manage its transactions with one or more entities (for example, other customers). The computing system (108) can host
Petition 870190059038, of 06/26/2019, p. 25/54
18/34 services implemented by a second entity's computer (for example, customer B), such as the transaction management system that the second entity uses to manage its transactions with one or more other entities (for example, other customers). In the example in Figure 1, the consortium trust protocol network (102) is represented as a peer-to-peer network of nodes, and the computing systems (106, 108) provide nodes of the first entity and second entity, respectively , who participate in the consortium trust protocol network (102).
[053] Figure 2 illustrates an example of conceptual architecture (200) according to embodiments of the present invention. The exemplary conceptual architecture (200) includes an entity layer (202), a hosted services layer (204) and a trust protocol network layer (206). In the example shown, the entity layer (202) includes three entities, Entity_1 (E1), Entity_2 (E2) and Entity_3 (E3), each entity having a respective transaction management system (208).
[054] In the example described, the hosted services layer (204) includes interfaces (210) for each transaction management system (208). In some examples, a respective transaction management system (208) communicates with a respective interface (210) over a network (for example, the network (110) in Figure 1) using a protocol (for example, data transfer protocol) secure hypertext (HTTPS)). In some examples, each interface (210) provides a communication connection between a respective transaction management system (208), and the trust protocol network layer (206). More particularly, interfaces (210) communicate with a trust protocol network (212) of the trust protocol layer (206). In some examples, communication between an interface (210) and the trust protocol network layer (206) is conducted using remote procedure calls (RPCs). In some
Petition 870190059038, of 06/26/2019, p. 26/54
19/34 For example, interfaces (210) “host” the trust protocol network nodes for the respective transaction management systems (208). For example, interfaces (210) provide the application programming interface (API) for accessing the trusted protocol network (212).
[055] As described here, the trust protocol network (212) is provided as a peer-to-peer network including a plurality of nodes (214) that record information immutably in a trust protocol (216). Although a single trust protocol (216) is schematically represented, several copies of the trust protocol (216) are provided, and are maintained through the trust protocol network (212). For example, each node (214) stores a copy of the trust protocol. In some embodiments, the trust protocol (216) stores information associated with transactions that are carried out between two or more entities that participate in the consortium trust protocol network.
[056] Figure 3 illustrates an example of process (300) for preparing a confidential transaction according to embodiments of the present invention. Client nodes A (302), B (304), C (306) and D (308) represent participants in a secret threshold sharing scheme (also called a threshold key sharing scheme). A threshold sharing scheme limits the problem of security key management by multiple parties. As an example of a secret sharing scheme, Shamir's secret sharing scheme (denoted as Shamir (k, n)) divides a secret key into n parts and assigns the n parts to n participants, respectively. Each participant has a unique part of the secret key. To rebuild the original secret key, a minimum number or threshold of parts is required. In the threshold scheme, this minimum number, k, is less than the total number of parts, n. In others
Petition 870190059038, of 06/26/2019, p. 27/54
20/34 words, the original secret key can be recovered if at least k parts of the secret key are collected. Shamir's algorithm can use, for example, a Lagrangian difference algorithm or other methods to retrieve the secret key.
[057] Here, Shamir (k, n) means that a simple text m is encrypted and divided into n parts, and at least k parts are needed to retrieve the simple text m. As shown in Figure 3, client node A (302) can generate a key, Achave, and break the Achave into four parts. Client node A (302) can maintain a part and provide a respective part for each client node B (304), C (306) and D (308).
[058] In some embodiments, from the perspective of client node A (302), in (310), client node A (302) can negotiate and obtain a secret key, Achave, according to the sharing scheme Shamir's secret, denoted as Shamir (k, n), as described above. The values of k and n can be determined, for example, by client node A (302) or another part based on security and complexity considerations. In the example shown in Figure 3, there could be 4 so that client nodes A (302), B (304), C (306) and D (308) are all participants in Shamir's secret sharing scheme. In this case, k can be 2 or 3 so that client node A (302) can retrieve the secret key, Achave, from at least 2 or 3 participants from all participants, client nodes A (302), B (304), C (306) and D (308). As another example, k could be 4 and n could be greater than 4 so that client node A (302) could retrieve the secret key, Achave, from at least 4 participants from all participants in Shamir's secret sharing scheme.
[059] In some embodiments, client node A (302) is an example of computing systems (106, 108) corresponding to a first client or entity, as described in Figures 1 and 2. Client node A
Petition 870190059038, of 06/26/2019, p. 28/54
21/34 (302) has a corresponding account (for example, a public account or a private account) for transactions through a trust protocol network (350). The trust protocol network (350) can include multiple consensus nodes (such as trust protocol nodes (312) in Figure 3). In some embodiments, client nodes B (304), C (306) and D (308) may or may not be client nodes of the trust protocol network (350). In other words, client node A (302) can obtain the secret key independently of the trusted protocol network (350). For example, client node A (302) can obtain the secret key from client nodes B (304), C (306) and D (308) through communications from the trust protocol network (350).
[060] In some embodiments, client node A (302) may perform a confidential transaction with another client node (for example, a client node B (304)) so that the transaction information is visible or known to the node client A (302) and client node B (304), but not other parties (for example, client node C (306) or D (308), or the trust protocol nodes (312) in the trust protocol network (350)).
[061] In (320), client node A (302) creates a confidential transaction to transfer an amount t to client node B (304). In some embodiments, client node A (302) can construct confidential transaction content locally and send the confidential transaction content to the trust network (350) (for example, one or more trust protocol nodes (312) in the trust protocol network (350)).
[062] In some embodiments, the confidential transaction can be constructed based on a commitment scheme to hide the transaction data (for example, the account balance before the transaction and the amount of the transaction). An example of a compromise scheme includes, without limitation, Pedersen's (CP) impairment.
Petition 870190059038, of 06/26/2019, p. 29/54
22/34
For example, client node A (302) generates a commitment value based on a transaction value t and a random number r using the PC. For example, the commitment value includes a cipher text that can be obtained according to PC (t) = rG + tH, where G and H can be generators of an elliptic curve, PC (t) is a scalar multiplication of points of curve, t is the value that is committed. The PC commitment scheme has a homomorphism, that is, PC (ti) + PC (t ₂ ) = PC (ti + t ₂ ). Holders of the ciphertext PC (t) can check the value of transaction t using the random number r. Although the embodiments of the present disclosure are described here in greater detail with reference to the PC, it is contemplated that the embodiments of the present disclosure can be carried out using any appropriate commitment scheme.
[063] In the example of a confidential transaction, client node A (302) can commit to a pre-transaction account balance a and a transfer amount t. In some embodiments, client node A (302) can generate a commitment amount PC (a) using a PC based on the pre-transaction account balance a and a random number corresponding to ra. Likewise, client node A (302) can generate a commitment amount PC (t) using the PC based on the pre-transaction account balance a and a corresponding random number rt. In some embodiments, client node A (302) can also commit that it has sufficient funds so that the post-transaction balance at -1 is greater than or equal to 0. For example, client node A (302) can generate a value of commitment PC (a-t), for example, based on the values of commitment PC (a) and PC (t), homomorphic property of the PC. Commitment amounts can be included in the content of the confidential transaction.
[064] In some embodiments, the content of the confidential transaction may include one or more proofs of zero knowledge
Petition 870190059038, of 06/26/2019, p. 30/54
23/34 to allow a receiving party to confirm that the information of the sending party is sending is valid. The zero knowledge test allows the receiving party to do this without real knowledge of the information to be confirmed. Zero knowledge tests can include interval tests, such as Exam (a> 0), Exam (t> 0) and Exam (a> 0), or other types of exam. Zero knowledge tests allow the receiving party (for example, client node B) to confirm that the sending party (for example, client node A) has sufficient funds to transfer (that is, a - t> 0) and that the value of the transfer is greater than zero, without knowing the balance from which the amount is being transferred, or even the transfer amount t.
[065] In some embodiments, for each Pedersen commitment, the random number r and quantity t can be encrypted using the secret key, Achave, to obtain the encrypted transaction information, M = Achave (r, t). The encrypted transaction information M can be included as part of the content of the confidential transaction.
[066] In some embodiments, the sample confidential transaction content may include other information related to the transaction, such as A's digital signature on the transaction.
[067] After generating the content of the transaction, client node A (302) can send the content of the confidential transaction to the trust protocol network (350) (for example, one or more trust protocol nodes (312) in trust protocol network (350)). At (330), the trust protocol network (350) can perform the confidential transaction. In some embodiments, the confidential transaction can be performed by each of the trust protocol nodes (312) in the trust protocol network (350). For example, each of the trust protocol nodes (312) can determine whether the content of the confidential transaction is legitimate, for example, by checking a
Petition 870190059038, of 06/26/2019, p. 31/54
24/34 or more default values and zero knowledge evidence included in the content of the confidential transaction. For example, each of the trust protocol nodes (312) can verify the commitment values by checking PC (a) = PC (t) + PC (a -1), that is, incoming transaction values are equal to balance transaction amounts. Each of the trust protocol nodes (312) can verify zero knowledge tests, for example, based on Bulletproofs, Monero's RingCT algorithms or any other suitable algorithms.
[068] In some embodiments, after the commitment values and zero knowledge tests are verified, each of the trust protocol nodes (312) can register the transaction and update the accounts of client node A (302) and node customer B (304). For example, after the transaction, client node A (302) has an account balance of -1 and client node B (304) has a balance of n b + t. In some embodiments, the post-transaction balance of client node A (302) and client node B (304) can be reflected by the direct operations of the commitment amount due to the homomorphism of the confirmation scheme. For example, client node A (302) can now have a commitment amount from a post-transaction account balance PC (a -t) = PC (a) - PC (t). Client node B (304) can now have a commitment amount for a post-transaction account balance PC (b + t) = PC (b) + PC (t).
[069] In some embodiments, each of the trust protocol nodes (312) can record or store the encrypted transaction information. For example, the encrypted transaction information corresponding to the PC commitment (a), Ma = Achave (ra, a) and the encrypted transaction information corresponding to the PC commitment (t), Mt = Achave (rt, t) can be recorded in the trust protocol for each trust protocol node (312), where ra and rt
Petition 870190059038, of 06/26/2019, p. 32/54
25/34 represent random numbers corresponding to the quantity a and t, respectively.
[070] Figure 4 represents an example of a process for retrieving (400) transaction information from a confidential transaction according to embodiments of the present invention. For example, in a case where client node A (302) loses its key, Achave, and therefore does not know the value in its corresponding trust protocol account. Client node A (302) can use the sample recovery process (400) to retrieve the account value from client node A (302).
[071] In (410), client node A (302) obtains encrypted transaction information under Pedersen's commitment (for example, Ma = Achave (ra, a) and Mt = Achave (rt, t)), for example, downloading or synchronizing with the trust protocol node (312). In some embodiments, client node A (302) can save a local copy of the encrypted transaction information under Pedersen's commitment.
[072] In (420), client node A (302) can communicate with client nodes B (304), C (306) and D (308), for example, to retrieve the key, Achave, according to Shamir's secret commitment scheme, for example, from the trust protocol network (350).
[073] With the recovered key, Achave, at (430), client node A (302) can decrypt the encrypted transaction information corresponding to each Pedersen compromise of the client node account (302) (for example, Ma = Achave (ra, a) and Mt = Achave (rt, t)). Then, client node A (302) can decrypt the encrypted transaction information (for example, Ma = Achave (ra, a) and Mt = Achave (rt, t)) using the retrieved key, Achave and obtain the information from the simple text transaction ra, a, rt, and T.
[074] Figure 5 illustrates an example of a process (500) that can
Petition 870190059038, of 06/26/2019, p. 33/54
26/34 be carried out in accordance with the embodiments of the present invention. In some embodiments, the process example (500) can be performed using one or more computer executable programs executed using one or more computing devices. For clarity of presentation, the description that follows generally describes method (500) in the context of the other figures in this description. For example, the client node (510) can include the client node C (306) and the client node D (308), the trust protocol node (520) can be the trust protocol node (312), the trust node client A (530) can be client node A (302), and client node B (540) can be client node B (304) as described in relation to Figures 3 and 4. However, it will be understood that the method (500) can be run, for example, by any suitable system, environment, software and hardware, or a combination of systems, environments, software and hardware, as appropriate. In some embodiments, several steps of the method (500) can be performed in parallel, in combination, in loops or in any order.
[075] In (512), a number of client nodes (for example, n) (510) generates a secret key for a client node (for example, client node A (530)) of a trusted protocol network. In some embodiments, the secret key can be negotiated or generated by a total number of (for example, n) client nodes (510) according to a threshold sharing scheme agreed by the total number of client nodes (510). In some embodiments, the secret threshold sharing scheme comprises Shamir's secret sharing scheme.
[076] In the number (514), the number of client nodes (510) can issue the secret key to client node A (530). The secret key can be used by client node A (530) to encrypt and decrypt transaction information for a confidential transaction from client node A (530).
Petition 870190059038, of 06/26/2019, p. 34/54
27/34 [077] In (532), client node A (530) obtains the secret key according to a secret threshold compromise scheme agreed with the total number of client nodes (510) (for example, the total number of participants in the secret commitment scheme). Client node A (530) can use the secret key of client node A (530) to encrypt transaction data for a confidential transaction from client node A (530). The confidential transaction of client node A (530) can be, for example, a confidential transaction (535) such as the transfer of an amount of funds from an account of client node A (530) to an account of client node B 540. O client node A (530) can build confidential transaction content to protect the privacy of transaction data and hide transaction data from being inspected by other entities, except the participants in the transaction (ie client node A (530) and client node B (540) in this example). In some embodiments, client node A (530) can hide the transaction data of the confidential transaction based on a compromise scheme and using the secret key obtained according to the threshold secret sharing scheme.
[078] In some embodiments, the transaction data of the confidential transaction comprises one or both balances of an account of client node A (530) prior to the confidential transaction or a transaction value of the confidential transaction. In some embodiments, the transaction data of the confidential transaction may include additional transaction information (for example, transaction date, the parties to the transaction, type of asset (for example, stock security or another type)).
[079] In (534), customer A's node (530) generates one or more confidential transaction commitment values from customer A's (530) node by applying a cryptographic commitment scheme to the confidential transaction data of the transaction. In some embodiments, the
Petition 870190059038, of 06/26/2019, p. 35/54
28/34 cryptographic compromise scheme comprises a homomorphic cryptographic compromise scheme, such as a Pedersen commitment scheme, or other type of commitment scheme.
[080] In 536, client node A (530) generates encrypted transaction information from the confidential transaction by encrypting the transaction data using the secret key from client node A (530), where encrypted transaction information is configured to allow decryption by client node A (530) using the secret key.
[081] In some embodiments, the cryptographic compromise scheme comprises the Pedersen commitment scheme. In this case, generating one or more commitment values from a customer node's confidential transaction by applying a cryptographic commitment scheme to the transaction data comprises generating one or more commitment values from the customer node's confidential transaction based on the data of the transaction and random numbers corresponding to the transaction data; and generating encrypted transaction information from the confidential transaction comprises generating encrypted transaction information from the confidential transaction by encrypting the transaction data and random numbers corresponding to the transaction data using the secret key of client node A (530).
[082] In (538), client node A (530) sends the contents of the confidential transaction to the trust protocol network for execution, for example, transmitting the contents of the confidential transaction to the trust protocol node (520) ( for example, a trust protocol network consensus node). In some embodiments, the content of the confidential transaction may include: the one or more commitment values from the confidential transaction generated by client node A (530),
Petition 870190059038, of 06/26/2019, p. 36/54
29/34 applying the cryptographic compromise scheme to the transaction data of the confidential transaction; the encrypted transaction information generated by client node A (530), encrypting the transaction data using the secret key; and one or more proofs of zero knowledge of the transaction data.
[083] In some embodiments, one or more zero knowledge proofs of transaction data, comprises one or more zero knowledge proof ranges, that the values of the transaction data are within the respective ranges. For example, one or more zero knowledge proof intervals may include a zero knowledge proof interval that the account balance of client node A (530) before the confidential transaction is greater than zero, a knowledge proof interval zero that the transaction amount of the confidential transaction is greater than zero, and a zero proof interval of knowledge that the transaction amount is less than or equal to the account balance of client node A (530) before the confidential transaction.
[084] In some embodiments, the content of the confidential transaction also comprises a digital signature from client node A (530). In some embodiments, the content of the confidential transaction may include additional or different information.
[085] In (522), upon receiving the contents of the confidential transaction, the trust protocol node (520) can execute the confidential transaction, for example, verifying that the confidential transaction is valid based on the contents of the confidential transaction. In some embodiments, verification that the confidential transaction is valid based on the content of the confidential transaction may include one or more of the following: determining that one or more commitment values are correct based on the commitment scheme and / or one or more tests of zero knowledge; or
Petition 870190059038, of 06/26/2019, p. 37/54
30/34 verify that one or more proofs of zero knowledge of the transaction data, for example, according to algorithms as described in relation to Figure 3.
[086] At (524), after verifying that the confidential transaction is valid, the trust protocol node (520) can update the account information carried out by the confidential transaction (for example, the account balance of client node A (530 ) and client node B (540) .In some embodiments, the cryptographic compromise scheme is homomorphic, and the trust protocol node (520) can update account information based on the compromise scheme homomorphism, for example , according to the techniques described in relation to Figure 3 or other techniques.
[087] At (526), the trust node (520) can store the encrypted transaction information in a trust protocol from the trust network. In some embodiments, encrypted transaction information can be stored on more than one / all consensus nodes in the trust protocol network, thus providing a robust backup of encrypted transaction information from client node A (530) if the client node A (530) loses the secret key. In addition, storing encrypted transaction information in the trust protocol of the trust network can reduce or eliminate dependency on client node A (530) in a local or single point storage scheme, improving security and reliability from client node A (530) access to encrypted transaction information.
[088] At (528), client node A (530) can retrieve or otherwise obtain encrypted transaction information from the trust protocol node (520) (for example, a protocol network consensus node reliable). The encrypted transaction information is stored in
Petition 870190059038, of 06/26/2019, p. 38/54
31/34 at least one trust protocol in the trust protocol network. Client node A (530) can decrypt the clear text transaction information from the encrypted transaction information using the secret key.
[089] In (542), client node A (530) determines that it loses or does not have access to the secret key configured to decrypt the encrypted transaction information, and the secret key was previously issued to client node A (530).
[090] In (544), in some embodiments, in response to such a determination, client node A (530) retrieves the secret key from at least a limit number (for example, k) of client nodes out of a total number (for example, n) from client nodes to the trust protocol network, according to a threshold secret sharing scheme (for example, Shamir's secret sharing scheme) accepted by the plurality of client nodes, for example, receiving at least the limit number of parts of the secret key of at least the limit number of client nodes among the total number of client nodes in the trust protocol network.
[091] In (546), client node A (530) decrypts transaction data (for example, plain text transaction data) from client node A (530) confidential transaction data from encrypted transaction information using the recovered secret key . In some embodiments, decrypting transaction data from the particular client node's confidential transaction from transaction information encrypted using the secret key comprises recovering a transfer amount from the confidential transaction using the secret key. In some embodiments, decrypting transaction data from the confidential transaction of the client node in particular from the transaction information encrypted using the secret key comprises the recovery of a transfer amount from the
Petition 870190059038, of 06/26/2019, p. 39/54
32/34 confidential transaction and a random number corresponding to the transfer amount using the secret key, the transfer amount and random number are used in a Pedersen compromise scheme to hide transaction information from the confidential transaction of the particular client node.
[092] The described features can be implemented in digital electronic circuits or in computer hardware, firmware, software or in combinations thereof. The apparatus can be implemented in a computer program product tangibly incorporated in an information vehicle (for example, in a machine-readable storage device) for realization by a programmable processor; and the steps of the method can be performed by a programmable processor executing an instruction program to execute functions of the described embodiments operating on the input data and generating the output. The described features can be advantageously implemented in one or more computer programs that are executable in a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device and at least one output device. A computer program is a set of instructions that can be used, directly or indirectly, on a computer to perform a certain activity or obtain a certain result. A computer program can be written in any form of programming language, including compiled or interpreted languages, and can be implemented in any way, including as a stand-alone program or as a module, component, subroutine or other unit suitable for use in a computing environment.
[093] Processors suitable for performing a
Petition 870190059038, of 06/26/2019, p. 40/54
33/34 program instructions include, for example, microprocessors for general and special use, and the single processor or one of multiple processors of any type of computer. Generally, a processor will receive instructions and data from either a read-only memory or a random access memory or both. The elements of a computer can include a processor to execute instructions and one or more memories to store instructions and data. Generally, a computer can also include, or is operationally attached to communicate with, one or more mass storage devices to store data files; such devices include magnetic disks, such as internal hard drives and removable disks; magneto-optical discs; and optical discs. Storage devices suitable for tangibly incorporating computer program instructions and data include all forms of non-volatile memory, including, for example, semiconductor memory devices, such as EPROM, EEPROM and flash memory devices; magnetic disks, such as internal hard drives and removable disks; magneto-optical discs; and CD-ROM and DVD-ROM discs. The processor and memory can be supplemented by, or incorporated into, application-specific integrated circuits (ASICs).
[094] To provide interaction with a customer, the features can be implemented on a computer with a display device, such as a cathode ray tube (CRT) or liquid crystal display (LCD) monitor to display information to client node A (302), a keyboard and a pointing device, such as a mouse or a trackball, through which the customer can provide input to the computer.
[095] Features can be implemented in a computer system that includes an administrative panel (back-end) component, such as a data server, or that includes a
Petition 870190059038, of 06/26/2019, p. 41/54
34/34 middleware, such as an application server or an Internet server, or that includes a front-end user interface component, such as a client computer with a graphical client interface or an Internet browser, or any combination of them. The system components can be connected by any form or means of digital data communication, such as a communication network. Examples of communication networks include, for example, a local area network (LAN), a wide area network (WAN) and the computers and networks that make up the Internet.
[096] The computer system can include clients and servers. A client node A (302) and server are usually remote from each other and generally interact over a network, as described. The relationship between client node A (302) and server arises due to computer programs running on the respective computers and having a client-server relationship between them.
[097] In addition, the logical flows represented in the figures do not require the particular order shown, or sequential order, to achieve the desired results. In addition, other steps can be provided, or steps can be eliminated, from the described flows, and other components can be added or removed from the described systems. Therefore, other embodiments are within the scope of the following claims.
[098] A number of embodiments of the present invention have been described. However, it will be understood that various modifications can be made without departing from the spirit and scope of the present invention. Therefore, other embodiments are within the scope of the following claims.

权利要求:
Claims (18)
[1]
Claims
1. METHOD IMPLEMENTED BY A CLIENT NODE'S COMPUTER (302, 530, 304, 540, 306, 308) PARTICIPATING IN A CONFIDENTIAL TRANSACTION (535) OF TRUST PROTOCOL, the method characterized by the fact that it comprises:
obtaining a secret key, through a client node (302, 530, 304, 540, 306, 308), according to a secret threshold sharing scheme agreed by a plurality of client nodes (302, 530, 304, 540, 306, 308);
generate one or more commitment values for a confidential transaction (535) from the client node (302, 530, 304, 540, 306, 308), by applying a cryptographic commitment scheme to the transaction data;
generate encrypted transaction information of the confidential transaction (535), by encrypting the transaction data using the secret key; and transmitting, to a consensus node of a trust protocol network (312, 520), a confidential transaction content (535) for execution, wherein the confidential transaction content (535) comprises:
- the one or more commitment values;
- encrypted transaction information; and
- one or more proofs of zero knowledge of the transaction data.
[2]
2. METHOD, according to claim 1, characterized by the fact that the transaction data of the confidential transaction (535) comprise one or both of the account balances of the client node (302, 530, 304, 540, 306, 308) before the confidential transaction (535) or a transaction value of the confidential transaction (535).
Petition 870190059038, of 06/26/2019, p. 43/54
2/6
[3]
3. METHOD according to claim 1, characterized by the fact that one or more proofs of zero knowledge of the transaction data comprises one or more ranges of proofs of zero knowledge that the values of the transaction data are within the respective intervals .
[4]
4. METHOD, according to claim 1, characterized by the fact that:
the cryptographic compromise scheme comprises a Pedersen commitment scheme;
where generating one or more commitment values from a confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) by applying a cryptographic commitment scheme to the transaction data comprises generating one or more commitment values of the confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) based on the transaction data and random numbers corresponding to the transaction data; and wherein the generation of encrypted transaction information from the confidential transaction (535) comprises generating encrypted transaction information from the confidential transaction (535) by encrypting the transaction data and random numbers corresponding to the transaction data using the secret key.
[5]
5. METHOD, according to claim 1, characterized by the fact that the secret threshold sharing scheme comprises a secret Shamir sharing scheme.
[6]
6. METHOD IMPLEMENTED BY COMPUTER OF A CONSENSUS NODE OF A TRUSTED PROTOCOL NETWORK (312, 520), the method characterized by the fact that it comprises:
receive the contents of a confidential transaction (535) from a
Petition 870190059038, of 06/26/2019, p. 44/54
3/6 client node (302, 530, 304, 540, 306, 308), by a consensus node of a trust protocol network (312, 520), where the content of the confidential transaction (535) comprises:
one or more commitment values of the confidential transaction (535) generated by the client node (302, 530, 304, 540, 306, 308), by applying a cryptographic commitment scheme to the transaction data of the confidential transaction (535); and encrypted transaction information generated by encrypting transaction data using a secret key from the client node (302, 530, 304, 540, 306, 308), where a secret key is obtained by the client node (302, 530, 304 , 540, 306, 308) according to a secret threshold sharing scheme with a plurality of client nodes (302, 530, 304, 540, 306, 308); and one or more proofs of zero knowledge of the transaction data;
verify, through the trust protocol network consensus node (312, 520), that the confidential transaction (535) is valid based on the content of the confidential transaction (535); and store, through the consensus node of the trust protocol network (312, 520), the transaction information encrypted in a trust protocol of the trust protocol network (312, 520).
[7]
7. METHOD, according to claim 6, characterized by the fact that the transaction data of the confidential transaction (535) comprises one or more of the account balance of the client node (302, 530, 304, 540, 306, 308 ) before the confidential transaction (535), or a transaction value from the confidential transaction (535).
[8]
8. METHOD, according to claim 6, characterized by the fact that one or more zero knowledge proofs of the transaction data comprises one or more zero knowledge proof intervals
Petition 870190059038, of 06/26/2019, p. 45/54 that the values of the transaction data are within the respective ranges.
[9]
9. METHOD, according to claim 6, characterized by the fact that verifying that the confidential transaction (535) is valid based on the content of the confidential transaction (535) comprises:
determine that the one or more commitment values are correct based on the commitment scheme; and verify one or more proofs of zero knowledge of the transaction data.
[10]
10. METHOD, according to claim 9, characterized by the fact that the verification of one or more proofs of zero knowledge of the transaction data comprises:
determining that an account balance of the client node (302, 530, 304, 540, 306, 308) before the confidential transaction (535) is greater than zero; and determining that a transaction value of the confidential transaction (535) is less than or equal to an account balance of the client node (302, 530, 304, 540, 306, 308) before the confidential transaction (535).
[11]
11. METHOD, according to claim 6, characterized by the fact that the cryptographic commitment scheme is homomorphic, and the method also includes updating an account balance of the client node (302, 530, 304, 540, 306, 308) after the confidential transaction (535) based on the homomorphism of the commitment scheme.
[12]
12. METHOD, according to claim 6, characterized by the fact that the secret threshold sharing scheme comprises a secret Shamir sharing scheme.
[13]
13. METHOD IMPLEMENTED BY COMPUTER TO RETRIEVE INFORMATION FROM CRYPTOGRAPHED TRANSACTIONS IN CONFIDENTIAL CONFIDENTIAL PROTOCOL TRANSACTIONS, the
Petition 870190059038, of 06/26/2019, p. 46/54
5/6 method characterized by the fact that it comprises:
receive, through a client node (302, 530, 304, 540, 306, 308) in particular from a consensus node of a trust protocol network (312, 520), encrypted transaction information from a confidential transaction (535 ) of the client node (302, 530, 304, 540, 306, 308) in particular, where the encrypted transaction information is stored in at least one trust protocol in the trust protocol network (312, 520), where the client node (302, 530, 304, 540, 306, 308) in particular does not have access to a secret key configured to decrypt the encrypted transaction information, and where the client node (302, 530, 304, 540, 306 , 308) in particular the secret key was previously issued;
retrieving, through a client node (302, 530, 304, 540, 306, 308) in particular, the secret key through at least one threshold number of client node (302, 530, 304, 540, 306, 308) s between a plurality of client nodes (302, 530, 304, 540, 306, 308) in the trust protocol network (312, 520), according to a secret threshold sharing scheme, agreed by the plurality of client nodes (302, 530, 304, 540, 306, 308); and decrypting, via the client node (302, 530, 304, 540, 306, 308) in particular, transaction data from the confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) in particular through the transaction information encrypted using the recovered secret key.
[14]
14. METHOD, according to claim 13, characterized by the fact that the secret threshold sharing scheme comprises a secret Shamir sharing scheme.
[15]
15. METHOD, according to claim 13, characterized by the fact that it decrypts transaction data from the confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) in particular, from the information of encrypted transaction using the secret key comprises
Petition 870190059038, of 06/26/2019, p. 47/54
6/6 retrieve a transfer amount from the confidential transaction (535) using the secret key.
[16]
16. METHOD, according to claim 11, characterized by the fact that decrypting transaction data from the confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) in particular, from the information of The encrypted transaction using the secret key comprises retrieving both the transfer amount of the confidential transaction (535) and a random number corresponding to the transfer amount using the secret key, where the transfer amount and the random number are used in a compromise scheme from Pedersen to hide transaction information from the confidential transaction (535) of the client node (302, 530, 304, 540, 306, 308) in particular.
[17]
17. COMPUTER PROGRAM PRODUCT, characterized by the fact that it is coupled to one or more processors and has instructions stored in it that, when executed by one or more processors, cause the one or more processors to perform operations according to the method as defined in any one of claims 1 to 16.
[18]
18. SYSTEM, characterized by the fact that it comprises: a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored on it that, when executed by the computing device, cause the computing device to perform operations according to the method as defined in any one of claims 1 to 16.

类似技术:

---

公开号 | 公开日 | 专利标题

---

CA3041168C|2020-03-10|Regulating blockchain confidential transactions

---

BR112019008168A2|2019-09-10|computer-implemented methods, computer-readable storage media, and system

---

BR112019008148B1|2021-08-10|METHOD IMPLEMENTED BY COMPUTER AND SYSTEM FOR IMPLEMENTING A METHOD

---

CN110089069B|2022-02-22|System and method for information protection

---

BR112019014629A2|2021-07-20|computer implemented method, computer readable storage medium and system

---

US20100208889A1|2010-08-19|Two-party storage of encrypted sensitive information

---

KR102286301B1|2021-08-09|Asymmetric Key Management in Consortium Blockchain Networks

---

EP3673609B1|2020-11-18|Method and apparatus for obtaining input of secure multiparty computation protocol

---

US11153096B2|2021-10-19|Platform for generating authenticated data objects

---

RU2736447C1|2020-11-17|Asset cross-trade in networks of blockchains

---

JP2020078081A|2020-05-21|Regulating blockchain confidential transactions

同族专利:

---

公开号 | 公开日

---

ZA201902557B|2020-12-23|

---

US20200184471A1|2020-06-11|

---

US11232442B2|2022-01-25|

---

CA3041156A1|2019-04-18|

---

EP3549306A4|2020-01-01|

---

CN110291756A|2019-09-27|

---

MX2019004655A|2019-08-12|

---

JP6811317B2|2021-01-13|

---

EP3549306A2|2019-10-09|

---

KR20200054125A|2020-05-19|

---

RU2726157C1|2020-07-09|

---

US11055709B2|2021-07-06|

---

AU2018347186A1|2020-05-21|

---

AU2018347186B2|2020-09-03|

---

US20210334795A1|2021-10-28|

---

KR102208891B1|2021-01-29|

---

WO2019072262A2|2019-04-18|

---

SG11201903562QA|2019-05-30|

---

US20190251558A1|2019-08-15|

---

JP2020515087A|2020-05-21|

---

WO2019072262A3|2019-08-29|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

JPH06293245A|1993-04-08|1994-10-21|Takata Kk|Air bag device for front passenger seat|

---

CA2305249A1|2000-04-14|2001-10-14|Branko Sarcanin|Virtual safe|

---

US7356516B2|2002-06-13|2008-04-08|Visa U.S.A. Inc.|Method and system for facilitating electronic dispute resolution|

---

EP1622301B1|2002-09-17|2007-06-27|Errikos Pitsos|Methods and system for providing a public key fingerprint list in a PK system|

---

US8156029B2|2005-02-24|2012-04-10|Michael Gregory Szydlo|Process for verifiably communicating risk characteristics of an investment portfolio|

---

AU2014321178A1|2013-09-20|2016-04-14|Visa International Service Association|Secure remote payment transaction processing including consumer authentication|

---

US9787647B2|2014-12-02|2017-10-10|Microsoft Technology Licensing, Llc|Secure computer evaluation of decision trees|

---

US20160162897A1|2014-12-03|2016-06-09|The Filing Cabinet, LLC|System and method for user authentication using crypto-currency transactions as access tokens|

---

WO2016200885A1|2015-06-08|2016-12-15|Blockstream Corporation|Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction|

---

US20180191503A1|2015-07-14|2018-07-05|Fmr Llc|Asynchronous Crypto Asset Transfer and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems|

---

US20170048209A1|2015-07-14|2017-02-16|Fmr Llc|Crypto Key Recovery and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems|

---

CN108352015B|2016-02-23|2022-02-01|恩链控股有限公司|Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems|

---

EP3437048B1|2016-04-01|2021-06-09|ConsenSys Software Inc.|Systems and methods for providing data privacy in a private distributed ledger|

---

US10992649B2|2016-04-01|2021-04-27|Consensys Software Inc.|Systems and methods for privacy in distributed ledger transactions|

---

CN107438002B|2016-05-27|2022-02-11|索尼公司|Block chain based system and electronic device and method in system|

---

WO2017218983A1|2016-06-16|2017-12-21|The Bank Of New York Mellon|Distributed, centrally authored block chain network|

---

JP6663809B2|2016-07-07|2020-03-13|株式会社日立製作所|Audit device, anonymous remittance method with audit function and program|

---

CN107666388B|2016-07-28|2019-11-01|郑珂威|Block chain information encryption method based on complete homomorphic cryptography method|

---

US10657526B2|2016-10-28|2020-05-19|International Business Machines Corporation|System and method to dynamically setup a private sub-blockchain based on agility of transaction processing|

---

JP6293245B1|2016-11-25|2018-03-14|株式会社三井住友銀行|Transaction mutual monitoring system with enhanced security|

---

LU93377B1|2016-12-15|2018-07-03|Luxembourg Inst Science & Tech List|P2p network data distribution and retrieval using blockchain log|

---

US10158479B2|2017-02-06|2018-12-18|Northern Trust Corporation|Systems and methods for generating, uploading and executing code blocks within distributed network nodes|

---

CN106982205B|2017-03-01|2020-05-19|中钞信用卡产业发展有限公司杭州区块链技术研究院|Block chain-based digital asset processing method and device|

---

TW201837815A|2017-03-28|2018-10-16|泰德陽光有限公司|Distributed Auditing Method, Device, and System|

---

US10742393B2|2017-04-25|2020-08-11|Microsoft Technology Licensing, Llc|Confidentiality in a consortium blockchain network|

---

CN107566337B|2017-07-26|2019-08-09|阿里巴巴集团控股有限公司|Communication means and device between a kind of block chain node|

---

US10924466B2|2017-07-28|2021-02-16|SmartAxiom, Inc.|System and method for IOT security|

---

CN108418783B|2017-09-01|2021-03-19|矩阵元技术（深圳）有限公司|Method and medium for protecting privacy of intelligent contracts of block chains|

---

US10361859B2|2017-10-06|2019-07-23|Stealthpath, Inc.|Methods for internet communication security|

---

CN107833135A|2017-10-30|2018-03-23|中山大学|A kind of fair Protocol of Electronic Voting based on block chain|

---

CN108021821A|2017-11-28|2018-05-11|北京航空航天大学|Multicenter block chain transaction intimacy protection system and method|

---

CN108418689B|2017-11-30|2020-07-10|矩阵元技术（深圳）有限公司|Zero-knowledge proof method and medium suitable for block chain privacy protection|

---

US11057225B2|2017-12-07|2021-07-06|International Business Machines Corporation|Enforcing compute equity models in distributed blockchain|

---

US11238449B2|2017-12-18|2022-02-01|Nec Corporation|Efficient validation of transaction policy compliance in a distributed ledger system|

---

US10938557B2|2018-03-02|2021-03-02|International Business Machines Corporation|Distributed ledger for generating and verifying random sequence|

---

CN108492105A|2018-03-07|2018-09-04|物数（上海）信息科技有限公司|Transaction in assets monitoring and managing method, system, equipment and storage medium based on block chain|

---

CN108712261B|2018-05-10|2021-02-26|杭州智块网络科技有限公司|Key generation method, device and medium based on block chain|

---

CN108764874B|2018-05-17|2021-09-07|深圳前海微众银行股份有限公司|Anonymous transfer method, system and storage medium based on block chain|

---

CN108769173B|2018-05-21|2021-11-09|阿里体育有限公司|Block chain implementation method and equipment for running intelligent contracts|

---

US10171992B1|2018-06-22|2019-01-01|International Business Machines Corporation|Switching mobile service provider using blockchain|

---

SG11201903562QA|2018-11-07|2019-05-30|Alibaba Group Holding Ltd|Recovering encrypted transaction information in blockchain confidential transactions|

---

AU2018347185A1|2018-11-07|2020-05-21|Alibaba Group Holding Limited|Regulating blockchain confidential transactions|CN109241016B|2018-08-14|2020-07-07|阿里巴巴集团控股有限公司|Multi-party security calculation method and device and electronic equipment|

---

AU2018347185A1|2018-11-07|2020-05-21|Alibaba Group Holding Limited|Regulating blockchain confidential transactions|

---

SG11201903562QA|2018-11-07|2019-05-30|Alibaba Group Holding Ltd|Recovering encrypted transaction information in blockchain confidential transactions|

---

US11151558B2|2018-12-12|2021-10-19|American Express Travel Related Services Company, Inc|Zero-knowledge proof payments using blockchain|

---

CN110224985A|2019-05-07|2019-09-10|平安科技（深圳）有限公司|The method and relevant apparatus of data processing|

---

CN110264196B|2019-05-20|2021-04-23|创新先进技术有限公司|Conditional receipt storage method and node combining code labeling and user type|

---

US11018856B2|2019-09-11|2021-05-25|Guardtime Sa|Auditable system and methods for secret sharing|

---

CN110601834A|2019-09-30|2019-12-20|深圳市网心科技有限公司|Consensus method, device, equipment and readable storage medium|

---

US20210099293A1|2019-09-30|2021-04-01|Coinfirm Limited|Method for secure transferring of information through a network between an origin virtual asset service provider and a destination virtual asset service provider|

---

CN110991655B|2019-12-17|2021-04-02|支付宝信息技术有限公司|Method and device for processing model data by combining multiple parties|

---

CN111695902A|2020-06-16|2020-09-22|深圳点链科技有限公司|Block chain-based interconnection method and device and computer storage medium|

法律状态:
2021-01-19| B25A| Requested transfer of rights approved|Owner name: ADVANTAGEOUS NEW TECHNOLOGIES CO., LTD. (KY) |

---

2021-02-09| B25A| Requested transfer of rights approved|Owner name: ADVANCED NEW TECHNOLOGIES CO., LTD. (KY) |

---

2021-10-05| B350| Update of information on the portal [chapter 15.35 patent gazette]|

优先权:

---

申请号 | 申请日 | 专利标题

---

PCT/CN2018/114322|WO2019072262A2|2018-11-07|2018-11-07|Recovering encrypted transaction information in blockchain confidential transactions|

---