基于Borromean 环签名的隐私数据认证方案

doi:10.13868/j.cnki.jcr.000262

摘要
图/表
参考文献(13)
相关文章 (15)

全文: PDF (628 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要

在区块链系统中, 隐私保护是一个非常重要的问题. 事实上, 如果交易的金额比较大, 那么交易的发起者和接收者都不希望将这笔金额公开. 于是, 解决这类隐私保护的直接方法是对交易的金额做同态加密或者承诺, 以达到对该笔金额的隐藏. 然而隐藏后的金额不一定是合法的, 即不是正整数或不在某个规定的范围内(例如[0, 2⁴⁸)), 并且其他人也无法验证该金额的合法性, 进而无法验证该笔交易的合法性. 因此需要附上一个证据来证明该笔交易对应的金额是合法的. 目前基于Borromean环签名的隐私数据认证(范围证明)方案已用在CT (confidential transaction)中, 其基本思想是对隐藏金额按逐比特划分, 进而产生相应的公钥组以及相应的环签名, 最后利用Borromean环签名得到对金额承诺消息的最终签名, 则该签名是对隐藏金额的范围证明. 本文改进CT中的范围证明方案, 通过对隐藏金额的每个比特采用另一种已知的环签名方案, 本文的方案在保持证据长度不变的前提下, 将证据生成的时间缩短了约22%, 并将证据验证的时间缩短了约30%.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	张凡
	黄念念
	高胜

关键词 ：区块链, 隐私保护, Borromean环签名, 范围证明

Abstract：

Privacy protection is a very important issue in the blockchain system. If the amount of value in some transaction is quite large, neither the payer nor the payee of the transaction wishes to disclose it. In order to hide the amount, a direct solution of this privacy protection is to make homomorphic encryption or commitment on the amount of the transaction. However, the hidden amount is not necessarily legal, which means that the amount is not a positive integer or not in certain range (e.g. [0, 2⁴⁸)). Besides, anyone else cannot verify the legitimacy of the amount nor the legitimacy of the transaction. Therefore, it is necessary to attach a proof to prove the legitimacy of the amount in a transaction. The data privacy authentication (range proof) schemes based on the Borromean ring signature is currently used in CT (confidential transaction). The basic idea is to divide the secret amount in a transaction by bits, and generate the public key groups and the ring signature for each bit correspondingly. The final signature is obtained by the use of the Borromean ring signature, and then it is a proof of the range of the amount. This study improves the current scheme. As we take advantage of another known scheme to generate the ring signature for each bit of secret amount, our range proof scheme reduced the time of the proof generation by about 22 percent and the time of the proof verification by about 30 percent while keeping the length of evidence invariant.

Key words： blockchain privacy protection Borromean ring signature range proof

收稿日期: 2018-07-28 出版日期: 2018-09-28

基金资助:国家重点研发计划网络空间安全重点专项(2017YFB0802500)

通讯作者: 高胜, E-mail: gs14011@163.com

引用本文:

张凡, 黄念念, 高胜. 基于Borromean 环签名的隐私数据认证方案[J]. 密码学报, 2018, 5(5): 529-537.
ZHANG F, HUANG N N, GAO S. Privacy Data Authentication Schemes Based on Borromean Ring Signature. Journal of Cryptologic Research, 2018, 5(5): 529-537.

链接本文:

http://www.jcr.cacrnet.org.cn/CN/10.13868/j.cnki.jcr.000262 或 http://www.jcr.cacrnet.org.cn/CN/Y2018/V5/I5/529

\bibitem{1} NAKAMOTO S. Bitcoin: A peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org /bitcoin.pdf. 2008.

\bibitem{2}RIVEST R, SHAMIR A, TAUMAN Y. How to leak a secret[C]. In: Advances in Cryptology—ASIACRYPT 2001. Springer Berlin Heidelberg, 2001: 552–565. [DOI: 10.1007/3-540-45682-1\_32]

\bibitem{3}BLUM M. Coin flipping by telephone[C]. In: Proceedings of IEEE Sprint COMPCOM. New York, IEEE. 1982: 133–137.

\bibitem{4}GOLDREICH O, OREN Y. Definitions and properties of zero-knowledge proof system[J]. Journal of Cryptology, 1994, 7(1): 1–32. [DOI: 10.1007/BF00195207]

\bibitem{5}CAMENISCH J, CHAABOUNI R, SHELAT A. Efficient protocols for set membership and range proofs[C]. In: Advances in Cryptology—ASIACRYPT 2008. Springer Berlin Heidelberg, 2008: 234–252. [DOI: 10.1007/978-3-540-89255-7\_15]

\bibitem{6}MAXWELL G. Confidential transactions[EB/OL]. https://people.xiph.org/~greg/confidential\_values.txt, 2016.

\bibitem{7}MA S L, DENG, Y HE D B, et al. An efficient NIZK scheme for privacy-preserving transactions over account-model blockchain[J]. IACR Cryptology ePrint Archive, 2017: 2017/1239. https://eprint.iacr.org/2017/1239.

\bibitem{8}B\"{U}NZ B, BOOTLE J, BONEH D, et al. Bulletproofs: Efficient range proofs for confidential transactions[J]. IACR Cryptology ePrint Archive, 2017: 2017/1066. https://eprint.iacr.org/2017/1066.

\bibitem{9}BONEH D, BOYEN X. Short signatures without random oracles[C]. In: Advances in Cryptology—EUROCRYPT 2004. Springer Berlin Heidelberg, 2004: 56–73. [DOI: 10.1007/978-3-540-24676-3\_4]

\bibitem{10}BONEH D, BOYEN X, SHACHAM H. Short group signatures[C]. In: Advances in Cryptology—CRYPTO 2004. Springer Berlin Heidelberg, 2004: 41–55. [DOI: 10.1007/978-3-540-28628-8\_3]

\bibitem{11}MAXWELL G, POELSTRA A. Borromean ring signatures[EB/OL]. \\http://diyhpl.us/~bryan/papers2/bitcoin/Borromean%20ring%20signatures.pdf. 2015.

\bibitem{12}PEDERSEN T. Non-interactive and information theoretic secure verifiable secret sharing[C]. In: Advances in Cryptology—CRYPTO 1991. Springer Berlin Heidelberg, 1992: 129–140. [DOI: 10.1007/3-540-46766-1\_9]

\bibitem{13}MASAYUKI A, MIYAKO O, KOUTAROU S. 1-out-of-$n$ signatures from a variety of keys[C]. In: Advances in Cryptology—ASIACRYPT 2002. Springer Berlin Heidelberg, 2002: 415–432. [DOI: 10.1007/3-540-36178-2\_26]