[go: up one dir, main page]

CN111433800B - Transaction processing method and related equipment - Google Patents

Transaction processing method and related equipment Download PDF

Info

Publication number
CN111433800B
CN111433800B CN201780097441.XA CN201780097441A CN111433800B CN 111433800 B CN111433800 B CN 111433800B CN 201780097441 A CN201780097441 A CN 201780097441A CN 111433800 B CN111433800 B CN 111433800B
Authority
CN
China
Prior art keywords
transaction
account
signature information
public key
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201780097441.XA
Other languages
Chinese (zh)
Other versions
CN111433800A (en
Inventor
阮子瀚
吴双
贺伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei International Pte Ltd
Original Assignee
Huawei International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei International Pte Ltd filed Critical Huawei International Pte Ltd
Publication of CN111433800A publication Critical patent/CN111433800A/en
Application granted granted Critical
Publication of CN111433800B publication Critical patent/CN111433800B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a transaction processing method and related equipment, wherein a terminal can generate first signature information of transaction content according to credentials of a first account, and the transaction content is initiated by the first account; the terminal sends a transaction request message to the transaction processing equipment, and the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message carries transaction result information; the terminal may send a transaction record message to the transaction processing device based on the transaction response message, which may instruct the transaction processing device to store the transaction record carried by the transaction record message onto a blockchain that maintains a distributed database of transaction records for the transaction processing device. Therefore, the embodiment of the invention can adopt the credentials of the first account to generate the front, and avoid the identity information leakage caused by adopting the long-term private key of the first account to generate the signature in the prior art, thereby protecting the anonymity of the first account.

Description

交易处理方法及相关设备Transaction processing method and related equipment

技术领域Technical Field

本申请涉及计算机技术领域,尤其涉及一种交易处理方法及相关设备。The present application relates to the field of computer technology, and in particular to a transaction processing method and related equipment.

背景技术Background Art

区块链是一个分布式数据库,存储的是有序记录列表,该有序记录列表包括不断增长的区块,每个区块包括一个时间戳和指向前一个区块的链接。包括该区块链的区块链系统由若干个共识节点组成,每个共识节点都会保存一份完整的区块链数据和代码。共识节点之间可以通过共识算法实现区块链数据的一致性。Blockchain is a distributed database that stores an ordered list of records, which includes an ever-growing list of blocks, each of which includes a timestamp and a link to the previous block. The blockchain system including this blockchain consists of several consensus nodes, each of which stores a complete copy of the blockchain data and code. Consensus nodes can achieve consistency in blockchain data through a consensus algorithm.

在区块链系统中,交易记录以区块的形式被记录到区块链中,该交易记录就不能被单方面修改,从而保证数据的不可篡改、不可伪造等特点。然而,在区块链系统中,所有的共识节点都保存有交易记录,每个交易记录均包括交易内容的签名、接收方的地址和/或交易内容中的交易金额。其中,交易内容的签名是利用发送方的私钥生成的,故能够获得该交易记录的第三方需要利用公钥来验证,相应的,也就识别出了该交易记录的发送方。In the blockchain system, transaction records are recorded in the form of blocks in the blockchain, and the transaction records cannot be unilaterally modified, thereby ensuring the characteristics of data that cannot be tampered with or forged. However, in the blockchain system, all consensus nodes store transaction records, and each transaction record includes the signature of the transaction content, the address of the recipient, and/or the transaction amount in the transaction content. Among them, the signature of the transaction content is generated using the sender's private key, so a third party who can obtain the transaction record needs to use the public key to verify it, and accordingly, the sender of the transaction record is identified.

然而,在某些业务场景中,例如,在金融业中,很多用户并不希望除了交易双方的第三方获知自己发起的交易信息。因此,区块链系统中发送方的隐私性保护是一个亟待解决的问题。However, in some business scenarios, for example, in the financial industry, many users do not want third parties other than the two parties to the transaction to know the transaction information they initiated. Therefore, the privacy protection of the sender in the blockchain system is an urgent problem to be solved.

发明内容Summary of the invention

本申请提供一种交易处理方法及相关设备,能够保护区块链交易中发起交易的发送方的隐私性。The present application provides a transaction processing method and related equipment, which can protect the privacy of the sender who initiates the transaction in the blockchain transaction.

第一方面,本申请提供一种交易处理方法,该交易处理方法中,终端可以根据第一账号的凭据生成交易内容的第一签名信息,所述交易内容是所述终端基于所述第一账号发起的,所述凭据是由处理所述交易内容的交易处理设备为所述第一账号生成的;所述终端向所述交易处理设备发送交易请求消息,所述交易请求消息包括所述交易内容和第一签名信息;所述终端接收所述交易处理设备返回的交易响应消息,所述交易响应消息中包括交易处理设备根据所述交易内容生成的交易结果信息;所述终端根据该交易响应消息向所述交易处理设备发送交易记录消息,所述交易记录消息用于指示交易处理设备将所述交易记录消息携带的交易记录存储到区块链上,所述区块链为所述交易处理设备中保存所述交易记录的分布式数据库,所述交易记录包括所述交易内容、所述第一签名信息以及所述交易结果信息。In a first aspect, the present application provides a transaction processing method, in which a terminal can generate first signature information of transaction content based on the credentials of a first account, the transaction content is initiated by the terminal based on the first account, and the credentials are generated for the first account by a transaction processing device that processes the transaction content; the terminal sends a transaction request message to the transaction processing device, the transaction request message includes the transaction content and the first signature information; the terminal receives a transaction response message returned by the transaction processing device, the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content; the terminal sends a transaction record message to the transaction processing device according to the transaction response message, the transaction record message is used to instruct the transaction processing device to store the transaction record carried by the transaction record message on a blockchain, the blockchain being a distributed database in the transaction processing device that stores the transaction record, the transaction record includes the transaction content, the first signature information and the transaction result information.

其中,终端为第一账号登录的设备;第一账号为发起交易内容的一方,可称为付款方或者发送方等。Among them, the terminal is the device logged in by the first account; the first account is the party that initiates the transaction content, which can be called the payer or sender, etc.

可见,本申请中采用第一账号的凭据生成交易内容的签名信息,避免现有技术中使用第一账号的长期私钥生成签名,还需要验证设备,如交易处理设备利用长期公钥来验证该签名,导致第一账号的身份信息被泄露,也就是说,本申请可以保护第一账号的匿名性。It can be seen that the credentials of the first account are used in the present application to generate the signature information of the transaction content, avoiding the use of the long-term private key of the first account to generate the signature in the prior art, and also requiring a verification device, such as a transaction processing device, to verify the signature using a long-term public key, which causes the identity information of the first account to be leaked. In other words, the present application can protect the anonymity of the first account.

其中,由于第一账号的凭据是由交易处理设备生成的,因此,终端一旦基于第一账号将交易记录发布到区块链上,第一账号就无法对该交易记录产生抵赖,因此,本申请不仅可以保护第一账号的隐私性,还能够保留区块链上交易记录不可抵赖的特征。Among them, since the credentials of the first account are generated by the transaction processing device, once the terminal publishes the transaction record to the blockchain based on the first account, the first account cannot deny the transaction record. Therefore, this application can not only protect the privacy of the first account, but also retain the non-repudiation feature of the transaction record on the blockchain.

其中,终端根据第一账号的凭据生成交易内容的第一签名信息,包括:终端将第一账号的私钥、所述第一账号的凭据以及交易内容作为零知识证明算法的输入,计算所述交易内容的第一签名信息,所述私钥包括长期私钥或一次性私钥。Among them, the terminal generates the first signature information of the transaction content according to the credentials of the first account, including: the terminal uses the private key of the first account, the credentials of the first account and the transaction content as inputs of the zero-knowledge proof algorithm to calculate the first signature information of the transaction content, and the private key includes a long-term private key or a one-time private key.

其中,交易响应消息是所述交易处理设备验证所述交易请求消息获得的第一验证结果为通过时返回的;所述交易记录是所述交易处理设备验证所述交易记录消息获得的第二验证结果为通过时存储的;The transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction processing device for the transaction request message is passed; the transaction record is stored when the transaction processing device verifies that the second verification result obtained by the transaction processing device for the transaction record message is passed;

其中,所述第一验证结果和所述第二验证结果中均包括所述第一签名信息的验证结果;所述第一签名信息的验证结果是由所述交易处理设备根据自身的公钥以及所述第一签名信息中的验证参数进行验证计算获得的。其中,若交易处理设备生成第一账号的凭据,则交易处理设备利用自身的公钥以及第一签名信息中的验证参数进行验证计算获得第一签名信息的验证结果。若由管理设备生成第一账号的凭据,则交易处理设备利用管理设备的公钥以及第一签名信息中的验证参数进行验证计算获得第一签名信息的验证结果。可见,该实现方式可避免现有技术中采用长期私钥对应的长期公钥进行验证计算时所导致的第一账号的身份信息泄露。Wherein, both the first verification result and the second verification result include the verification result of the first signature information; the verification result of the first signature information is obtained by the transaction processing device through verification calculation based on its own public key and the verification parameters in the first signature information. Wherein, if the transaction processing device generates the credentials of the first account, the transaction processing device uses its own public key and the verification parameters in the first signature information to perform verification calculation to obtain the verification result of the first signature information. If the credentials of the first account are generated by the management device, the transaction processing device uses the public key of the management device and the verification parameters in the first signature information to perform verification calculation to obtain the verification result of the first signature information. It can be seen that this implementation method can avoid the leakage of the identity information of the first account caused by the use of the long-term public key corresponding to the long-term private key for verification calculation in the prior art.

另外,在第一验证结果中时,该第一签名信息的验证结果用于指示该第一账号是否为能够访问交易处理设备的账号,或者是否为该交易处理设备颁发的账号,或者为该第一账号是否具有访问该交易处理设备的权限;在第二验证结果中时,该第一签名信息的验证结果用于指示该第一账号是否具有使用该区块链的权限,也就是说是否能够将该第一账号相关的交易记录存储到区块链上,可选的,该第一签名信息的验证结果的作用可与验证是否通过后相关的操作所关联,本申请不做限定。In addition, in the first verification result, the verification result of the first signature information is used to indicate whether the first account is an account that can access the transaction processing device, or whether it is an account issued by the transaction processing device, or whether the first account has the authority to access the transaction processing device; in the second verification result, the verification result of the first signature information is used to indicate whether the first account has the authority to use the blockchain, that is, whether the transaction records related to the first account can be stored on the blockchain. Optionally, the role of the verification result of the first signature information can be associated with related operations after the verification is passed, which is not limited in this application.

在一种可能的实现方式中,该交易内容是终端基于第一账号针对第二账号发起的,即第二账号可以称为交易内容的接收方或者收款方,或者登录第二账号的终端为该交易内容的接收方,或者交易内容中交易金额的收款方。这样,终端可以根据第二账号的长期公钥生成第二账号的一次性公钥;终端根据第二账号的一次性公钥和第二账号的证书生成交易内容的第二签名信息;其中,第二账号的一次性公钥为第二账号的地址;证书是利用证书颁发设备的私钥生成的;交易请求消息和交易记录中包括第二账号的一次性公钥和第二签名信息。In a possible implementation, the transaction content is initiated by the terminal for the second account based on the first account, that is, the second account can be called the recipient or payee of the transaction content, or the terminal logged in to the second account is the recipient of the transaction content, or the payee of the transaction amount in the transaction content. In this way, the terminal can generate a one-time public key of the second account based on the long-term public key of the second account; the terminal generates the second signature information of the transaction content based on the one-time public key of the second account and the certificate of the second account; wherein the one-time public key of the second account is the address of the second account; the certificate is generated using the private key of the certificate issuing device; the transaction request message and the transaction record include the one-time public key and the second signature information of the second account.

相应的,所述第一验证结果和所述第二验证结果还包括所述第二签名信息的验证结果,第二签名信息的验证结果是根据第二账号的一次性公钥、所述证书颁发设备的公钥以及所述第二签名信息中的验证参数进行验证计算获得的。Correspondingly, the first verification result and the second verification result also include the verification result of the second signature information, and the verification result of the second signature information is obtained by verification calculation based on the one-time public key of the second account, the public key of the certificate issuing device and the verification parameters in the second signature information.

同理,在第一验证结果中时,该第二签名信息的验证结果用于指示该第二账号是否为能够访问交易处理设备的账号,或者是否为该交易处理设备颁发的账号,或者为该第二账号是否具有访问该交易处理设备的权限;在第二验证结果中时,该第二签名信息的验证结果用于指示该第二账号是否具有使用该区块链的权限,也就是说是否能够将该第二账号相关的交易记录存储到区块链上,可选的,该第二签名信息的验证结果的作用可与验证是否通过后相关的操作所关联,本申请不做限定。Similarly, in the first verification result, the verification result of the second signature information is used to indicate whether the second account is an account that can access the transaction processing device, or whether it is an account issued by the transaction processing device, or whether the second account has the authority to access the transaction processing device; in the second verification result, the verification result of the second signature information is used to indicate whether the second account has the authority to use the blockchain, that is, whether the transaction records related to the second account can be stored on the blockchain. Optionally, the role of the verification result of the second signature information can be associated with related operations after the verification is passed, which is not limited in this application.

可见,该实现方式中,交易内容的接收地址是一个一次性公钥,第三方无法根据该接收地址来识别出该交易内容的第二账号(即接收方)所对应的公钥;另外,第三方如交易处理设备还可以利用该一次性公钥、所述证书颁发设备的公钥以及所述第二签名信息中的验证参数进行验证计算,获得第二签名信息的验证结果,进而,根据该第二签名信息的验证结果获知第二账号的相关权限,还可以避免现有技术中采用第二账号的长期公钥的哈希值作为地址带来的隐私泄露。It can be seen that in this implementation, the receiving address of the transaction content is a one-time public key, and a third party cannot identify the public key corresponding to the second account (i.e., the recipient) of the transaction content based on the receiving address; in addition, a third party such as a transaction processing device can also use the one-time public key, the public key of the certificate issuing device, and the verification parameters in the second signature information to perform verification calculations to obtain the verification result of the second signature information, and then, based on the verification result of the second signature information, the relevant permissions of the second account can be obtained, and privacy leakage caused by using the hash value of the long-term public key of the second account as the address in the prior art can be avoided.

在一种可能的实现方式中,终端可以获取各输入金额的密文以及各输出金额的密文;所述终端根据所述各输入金额的密文和所述各输出金额的密文,计算总输入金额与总输出金额之间差值的密文;所述终端根据所述差值的密文生成所述交易内容的第三签名信息;其中,所述交易请求消息和所述交易记录中还包括所述第三签名信息;所述第一验证结果和所述第二验证结果还包括所述第三签名信息的验证结果,所述第三签名信息的验证结果是由所述交易处理设备根据所述第三签名信息中的验证参数、所述各输入金额的密文以及所述各输出金额的密文进行验证计算获得的,所述第三签名信息的验证结果用于指示所述总输入金额是否等于所述总输出金额。In a possible implementation, the terminal can obtain the ciphertext of each input amount and the ciphertext of each output amount; the terminal calculates the ciphertext of the difference between the total input amount and the total output amount based on the ciphertext of each input amount and the ciphertext of each output amount; the terminal generates the third signature information of the transaction content based on the ciphertext of the difference; wherein the transaction request message and the transaction record also include the third signature information; the first verification result and the second verification result also include the verification result of the third signature information, and the verification result of the third signature information is obtained by the transaction processing device according to the verification parameters in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount through verification calculation, and the verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

可见,本申请的交易内容中不需要携带各输入金额以及各输出金额的明文,验证者如交易处理设备根据第三签名信息中的验证参数、所述各输入金额的密文以及所述各输出金额的密文就可以验证总输入金额是否等于总输出金额,即获知交易的正确性。从而有助于保护交易金额的隐私性。It can be seen that the transaction content of this application does not need to carry the plain text of each input amount and each output amount. The verifier, such as the transaction processing device, can verify whether the total input amount is equal to the total output amount based on the verification parameters in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, that is, know the correctness of the transaction. This helps to protect the privacy of the transaction amount.

其中,各输入金额的密文和各输出金额的密文为采用加法同态加密算法获得的。其中,加法同态加密算法是指对加密的数据进行加法处理得到一个输出,将这一输出进行解密,其结果与处理未加密的原始数据得到的输出结果是一样。因此,终端不需要明文,而是利用各输入金额的密文和各输出金额的密文,就可以获得总输入金额的密文以及总输出金额的密文,还可以获得总输入金额与总输出金额之间差值的密文。The ciphertext of each input amount and the ciphertext of each output amount are obtained by using an additive homomorphic encryption algorithm. The additive homomorphic encryption algorithm refers to performing an addition process on the encrypted data to obtain an output, and decrypting this output, and the result is the same as the output result obtained by processing the unencrypted original data. Therefore, the terminal does not need plain text, but uses the ciphertext of each input amount and the ciphertext of each output amount to obtain the ciphertext of the total input amount and the ciphertext of the total output amount, and can also obtain the ciphertext of the difference between the total input amount and the total output amount.

可见,上述各可能的实现方式可以保护第一账号(即付款方或发送方)、第二账号(收款方或接收方)或交易金额的隐私性。故在其他一些实现方式中,终端可以根据用户的业务需求来设置付款方、收款方以及交易金额中任一项或多项的隐私性,相应的,可以采用上述三种可能的实现方式中的任一种或多种来实现隐私性的保护。It can be seen that the above possible implementations can protect the privacy of the first account (i.e., the payee or sender), the second account (payee or receiver), or the transaction amount. Therefore, in some other implementations, the terminal can set the privacy of any one or more of the payer, payee, and transaction amount according to the user's business needs. Accordingly, any one or more of the above three possible implementations can be used to achieve privacy protection.

在一种可能的实现方式中,交易内容中可以包括各输入金额的密文以及各输出金额的密文;另外,所述各输入金额的密文以及所述各输出金额的密文的加密密钥为第三方审核账号的公钥。In a possible implementation, the transaction content may include the ciphertext of each input amount and the ciphertext of each output amount; in addition, the encryption key of the ciphertext of each input amount and the ciphertext of each output amount is the public key of the third-party audit account.

这样,第三方审核账号可以利用自身的私钥来解密各输入金额的密文和各输出金额的密文,从而有利于拥有第三方审核账号的审核员来审核交易内容中的交易金额。又因为交易内容中具有的是交易金额的密文,而不是明文,并且该交易金额的密文是利用第三方审核账号的公钥加密获得的,因此,除了交易双方外,只有第三方审核账号的审核员能够看到交易金额,从而有助于保护交易金额的隐私性同时,便于审核员的审计工作。In this way, the third-party audit account can use its own private key to decrypt the ciphertext of each input amount and the ciphertext of each output amount, which is conducive to the auditor with the third-party audit account to audit the transaction amount in the transaction content. Because the transaction content contains the ciphertext of the transaction amount, not the plaintext, and the ciphertext of the transaction amount is encrypted using the public key of the third-party audit account, therefore, in addition to the two parties to the transaction, only the auditor of the third-party audit account can see the transaction amount, which helps to protect the privacy of the transaction amount and facilitates the audit work of the auditor.

在一种可能的实现方式中,终端可以根据所述第一账号的所述一次性私钥生成所述各输入金额的标识;所述交易请求消息和所述交易记录中还包括所述各输入金额的标识,所述各输入金额的标识用于防止所述各输入金额被二次消费。例如,若区块链中已存在具有输入金额的标识T的交易记录,则交易处理设备验证该交易内容时再发现具有该输入金额的标识T,则可以确定为二次消费,验证不通过。可见,该实现方式可以利用各输入金额的标识来防止输入金额的二次消费。In a possible implementation, the terminal can generate the identifier of each input amount based on the one-time private key of the first account; the transaction request message and the transaction record also include the identifier of each input amount, and the identifier of each input amount is used to prevent the input amount from being consumed twice. For example, if a transaction record with the identifier T of the input amount already exists in the blockchain, when the transaction processing device verifies the transaction content and finds the identifier T of the input amount again, it can be determined as a secondary consumption and the verification fails. It can be seen that this implementation method can use the identifier of each input amount to prevent the secondary consumption of the input amount.

在一种可能的实现方式中,终端还可以根据各输入金额的标识生成所述交易内容的第四签名信息,所述交易请求消息和所述交易记录中还包括所述第四签名信息,所述第一验证结果和所述第二验证结果还包括所述第四签名信息的验证结果,所述第四签名信息的验证结果是由所述交易处理设备根据所述各输入金额的标识和所述第四签名信息中的验证参数进行验证计算获得的,所述第四签名信息的验证结果用于指示所述各输入金额的标识是否正确。可见,若输入金额的标识不正确,则该第四签名信息的验证结果也是不通过的,进一步的避免输入金额的二次消费。In a possible implementation, the terminal can also generate the fourth signature information of the transaction content according to the identification of each input amount, the transaction request message and the transaction record also include the fourth signature information, the first verification result and the second verification result also include the verification result of the fourth signature information, the verification result of the fourth signature information is obtained by the transaction processing device according to the identification of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used to indicate whether the identification of each input amount is correct. It can be seen that if the identification of the input amount is incorrect, the verification result of the fourth signature information is also not passed, further avoiding the secondary consumption of the input amount.

在一种可能的实现方式中,终端可以根据第三方审核账号的公钥来加密第一账号的一次性公钥,获得该一次性公钥的密文;相应的,交易请求消息和交易记录中还可以包括该一次性公钥的密文。这样,具有第三方审核账号的审计员就可以利用自身的私钥来解密该一次性公钥的密文,获得该一次性公钥,从而获知第一账号的身份信息,便于审计员的审计。例如,第一次交易是账号a发起的,收款方为账号b;第二次交易是账号b发起的,收款方为账号c;审计员根据该实现方式获得账号b的一次性公钥之后,审计员还可以根据账号b的一次性公钥获知账号b所参与的第一次交易,通过解密第一次交易中登录账号a的终端生成账号b的一次性公钥的过程,即可获知账号b的长期公钥,也就获知了账号b的身份信息,从而可以对账号b进行审计。再例如,结合下方实现方式中,账号a的终端可以利用第三方审核账号的公钥生成账号b的长期公钥的密文,审计员可以获得账号b的长期公钥的密文,从而可以解密出账号b的长期公钥,以便于对账号b进行审计。In a possible implementation, the terminal can encrypt the one-time public key of the first account according to the public key of the third-party audit account to obtain the ciphertext of the one-time public key; accordingly, the transaction request message and the transaction record can also include the ciphertext of the one-time public key. In this way, the auditor with the third-party audit account can use his own private key to decrypt the ciphertext of the one-time public key to obtain the one-time public key, thereby obtaining the identity information of the first account, which is convenient for the auditor's audit. For example, the first transaction is initiated by account a, and the payee is account b; the second transaction is initiated by account b, and the payee is account c; after the auditor obtains the one-time public key of account b according to the implementation, the auditor can also obtain the first transaction in which account b participated according to the one-time public key of account b, and through the process of decrypting the one-time public key of account b generated by the terminal that logs in to account a in the first transaction, the long-term public key of account b can be obtained, and the identity information of account b can be obtained, so that account b can be audited. For another example, in combination with the implementation method below, the terminal of account a can use the public key of the third-party audit account to generate the ciphertext of the long-term public key of account b. The auditor can obtain the ciphertext of the long-term public key of account b, and thus can decrypt the long-term public key of account b to facilitate the audit of account b.

在一种可能的实现方式中,终端还可以根据上述实现方式中获得的一次性公钥的密文来生成交易内容的第五签名信息,相应的,交易请求消息和所述交易记录中还包括所述第五签名信息,所述第一验证结果和所述第二验证结果还包括所述第五签名信息的验证结果,所述第五签名信息的验证结果是由所述交易处理设备根据所述第五签名信息中的验证参数进行验证计算获得的,所述第五签名信息的验证结果用于指示所述第一账号的所述一次性公钥的密文是否正确。In a possible implementation, the terminal may also generate fifth signature information of the transaction content based on the ciphertext of the one-time public key obtained in the above implementation. Accordingly, the transaction request message and the transaction record also include the fifth signature information. The first verification result and the second verification result also include the verification result of the fifth signature information. The verification result of the fifth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the fifth signature information. The verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

在一种可能的实现方式中,终端还可以根据第三方审核账号的公钥加密所述第二账号的所述长期公钥,获得所述第二账号的所述长期公钥的密文;相应的,交易请求消息和所述交易记录中还包括该长期公钥的密文。这样,具有第三方审核账号的审计员就可以利用自身的私钥来解密该长期公钥的密文,获得第二账号的长期公钥,从而获知该第二账号的身份信息,便于审计员的审计。In a possible implementation, the terminal can also encrypt the long-term public key of the second account according to the public key of the third-party audit account to obtain the ciphertext of the long-term public key of the second account; accordingly, the transaction request message and the transaction record also include the ciphertext of the long-term public key. In this way, the auditor with the third-party audit account can use his own private key to decrypt the ciphertext of the long-term public key and obtain the long-term public key of the second account, thereby obtaining the identity information of the second account, which is convenient for the auditor's audit.

在一种可能的实现方式中,终端还可以根据所述第二账号的所述长期公钥的密文,生成所述交易内容的第六签名信息;相应的,所述交易请求消息和所述交易记录中还包括所述第六签名信息;所述第一验证结果和所述第二验证结果还包括所述第六签名信息的验证结果,所述第六签名信息的验证结果是由所述交易处理设备根据所述第六签名信息中的验证参数进行验证计算获得的,所述第六签名信息的验证结果用于指示所述第二账号的所述长期公钥的密文是否正确。In a possible implementation, the terminal may also generate sixth signature information of the transaction content based on the ciphertext of the long-term public key of the second account; accordingly, the transaction request message and the transaction record also include the sixth signature information; the first verification result and the second verification result also include the verification result of the sixth signature information, and the verification result of the sixth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the sixth signature information, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

在一种可能的实现方式中,终端获得第一账号的凭据可以包括:终端向交易处理设备发送凭据请求消息,所述凭据请求消息中包括所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文;所述终端接收所述交易处理设备返回的凭据响应消息,所述凭据响应消息中包括所述第一账号的凭据,所述第一账号的凭据是所述交易处理设备根据所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文生成的。In one possible implementation, the terminal obtaining the credentials of the first account may include: the terminal sending a credential request message to a transaction processing device, the credential request message including the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account; the terminal receiving a credential response message returned by the transaction processing device, the credential response message including the credentials of the first account, and the credentials of the first account are generated by the transaction processing device based on the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

在一种可能的实现方式中,终端在向交易处理设备申请第一账号的凭据的同时,也可以申请第二账号的凭据,以便于第二账号在使用该笔交易金额时,可以直接使用该凭据来保护自身的匿名性,例如,采用第一方面的实现方式来保护第二账号作为付款账号时的匿名性。In one possible implementation, when the terminal applies for the credentials of the first account from the transaction processing device, it can also apply for the credentials of the second account, so that when the second account uses the transaction amount, it can directly use the credentials to protect its own anonymity. For example, the implementation method of the first aspect is used to protect the anonymity of the second account when it is used as a payment account.

也就是说,上述实现方式中,凭据请求消息还可以包括第二账号的一次性公钥和/或第二账号具有的交易金额的密文;相应的,凭据响应消息中还可以包括第二账号的凭据;所述第二账号的凭据是所述管理设备根据所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文生成的,所述交易请求消息以及所述交易记录中还包括所述第二账号的凭据。从而,便于第二账号作为付款账号使用该笔交易金额时保护自身的匿名性。That is to say, in the above implementation, the credential request message may also include the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; accordingly, the credential response message may also include the credential of the second account; the credential of the second account is generated by the management device according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account, and the transaction request message and the transaction record also include the credential of the second account. Thus, it is convenient for the second account to protect its anonymity when using the transaction amount as a payment account.

在一种可能的实现方式中,第二账号的凭据也可以由第二账号自身来申请,例如,在第二账号要使用该笔交易金额之前,向管理设备申请凭据,具体的,可以包括:登录了第二账号的终端可以向管理设备发送凭据请求消息,该凭据请求消息中包括第二账号的一次性公钥和/或第二账号具有的交易金额的密文;并接收管理设备返回的凭据响应消息,该凭据响应消息中包括第一账号的凭据,第一账号的凭据是管理设备根据第一账号的一次性公钥和/或第一账号具有的交易金额的密文生成的。In one possible implementation, the credentials of the second account may also be applied for by the second account itself. For example, before the second account uses the transaction amount, it applies for credentials from the management device. Specifically, it may include: the terminal logged in to the second account may send a credential request message to the management device, and the credential request message includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; and receive a credential response message returned by the management device, and the credential response message includes the credentials of the first account. The credentials of the first account are generated by the management device based on the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

在一种可能的实现方式中,上述第一签名信息、第二签名信息、第三签名信息、第四签名信息、第五签名信息或第六签名信息可以均为零知识证明的签名,也就是说,上述签名信息的生成方法可以采用零知识证明算法。其中,零知识证明算法是指证明者针对要保密的有用信息进行一系列的数学计算获得一个签名,该签名就是一系列验证参数,该系列验证参数中不包括要保密的有用信息;验证者可以利用该系列验证参数来执行一系列的验证计算,根据验证计算的结果可以验证证明者针对该有用信息的论断,即验证证明者的论断是否正确,通常该论断即为证明者能够获知要保密的有用信息的论断。因此,上述第一签名信息、第二签名信息、第三签名信息、第四签名信息、第五签名信息或第六签名信息可以利用零知识证明算法来声场,相应地,也可以采用零知识证明算法来进行验证,获得验证结果,由于验证计算过程只需使用上述签名信息以及验证参数,因此避免了有用信息的泄露,从而保护了上述各实现方式中第一账号、第二账号、交易金额等的隐私性。In a possible implementation, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information or the sixth signature information may all be zero-knowledge proof signatures, that is, the method for generating the signature information may adopt a zero-knowledge proof algorithm. The zero-knowledge proof algorithm refers to a series of mathematical calculations performed by the prover on the useful information to be kept confidential to obtain a signature, and the signature is a series of verification parameters, and the series of verification parameters does not include the useful information to be kept confidential; the verifier may use the series of verification parameters to perform a series of verification calculations, and the prover's assertion on the useful information may be verified according to the results of the verification calculations, that is, whether the prover's assertion is correct, and usually the assertion is that the prover can obtain the useful information to be kept confidential. Therefore, the above-mentioned first signature information, second signature information, third signature information, fourth signature information, fifth signature information or sixth signature information can be authenticated using a zero-knowledge proof algorithm, and accordingly, a zero-knowledge proof algorithm can also be used for verification to obtain a verification result. Since the verification calculation process only needs to use the above-mentioned signature information and verification parameters, the leakage of useful information is avoided, thereby protecting the privacy of the first account, the second account, the transaction amount, etc. in the above-mentioned implementation methods.

第二方面,本申请还提供了一种交易处理方法,该交易处理方法中,交易处理设备接收终端发送的交易请求消息,所述交易请求消息中包括交易内容和第一签名信息,所述交易内容是所述终端基于第一账号发起的,所述第一签名信息是由所述终端根据所述第一账号的凭据生成的;所述交易处理设备根据所述交易请求消息向所述终端返回交易响应消息,所述交易响应消息中包括所述交易处理设备根据所述交易内容生成的交易结果信息;所述交易处理设备接收所述终端根据所述交易响应消息发送的交易记录消息;所述交易处理设备将所述交易记录消息中携带的交易记录存储到区块链上,所述区块链为所述交易处理方中保存所述交易记录的分布式数据库,所述交易记录包括所述交易内容、所述第一签名信息以及所述交易结果信息。In the second aspect, the present application also provides a transaction processing method, in which a transaction processing device receives a transaction request message sent by a terminal, the transaction request message includes transaction content and a first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to the credentials of the first account; the transaction processing device returns a transaction response message to the terminal according to the transaction request message, and the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content; the transaction processing device receives a transaction record message sent by the terminal according to the transaction response message; the transaction processing device stores the transaction record carried in the transaction record message on a blockchain, which is a distributed database for storing the transaction record in the transaction processing party, and the transaction record includes the transaction content, the first signature information and the transaction result information.

本申请中第一签名信息是根据第一账号的凭据生成的,避免现有技术中使用第一账号的长期私钥生成签名,还需要验证设备,如交易处理设备,利用长期公钥来验证该签名,导致第一账号的身份信息被泄露,也就是说,本申请可以保护第一账号的匿名性。In the present application, the first signature information is generated based on the credentials of the first account, avoiding the prior art of using the long-term private key of the first account to generate a signature, and also requiring a verification device, such as a transaction processing device, to use a long-term public key to verify the signature, resulting in the disclosure of the identity information of the first account. In other words, the present application can protect the anonymity of the first account.

其中,所述交易处理设备根据所述交易请求消息向所述终端返回交易响应消息之前,所述方法还包括:所述交易处理设备验证所述交易请求消息,获得第一验证结果;当所述第一验证结果为通过时,所述交易处理设备运行所述交易内容,获得交易结果信息;所述方法还包括:所述交易处理设备验证所述交易记录消息,获得第二验证结果;当所述第二验证结果为通过时,所述交易处理设备执行将所述交易记录消息携带的交易记录存储到区块链上的步骤。Among them, before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method also includes: the transaction processing device verifies the transaction request message to obtain a first verification result; when the first verification result is passed, the transaction processing device runs the transaction content to obtain transaction result information; the method also includes: the transaction processing device verifies the transaction record message to obtain a second verification result; when the second verification result is passed, the transaction processing device executes the step of storing the transaction record carried by the transaction record message on the blockchain.

所述第一验证结果和所述第二验证结果中均包括所述第一签名信息的验证结果;所述第一签名信息的验证结果是由所述交易处理设备利用自身的公钥与所述第一签名信息中的验证参数进行验证计算获得的。可见,交易处理设备可以根据自身的公钥来验证交易内容的第一签名信息,而不必如现有技术采用第一账号的公钥来验证,从而,使得第三方无法获知第一账号的公钥,也就保护了第一账号的隐私性。The first verification result and the second verification result both include the verification result of the first signature information; the verification result of the first signature information is obtained by the transaction processing device using its own public key and the verification parameters in the first signature information for verification calculation. It can be seen that the transaction processing device can verify the first signature information of the transaction content based on its own public key, without having to use the public key of the first account for verification as in the prior art, thereby preventing a third party from knowing the public key of the first account, thereby protecting the privacy of the first account.

其中,交易处理设备验证交易内容的第一签名信息,可以包括:交易处理设备根据第一签名信息中的验证参数以及自身的公钥利用零知识证明算法进行验证计算,获得第一签名信息的验证结果。Among them, the transaction processing device verifies the first signature information of the transaction content, which may include: the transaction processing device performs verification calculations using a zero-knowledge proof algorithm based on the verification parameters in the first signature information and its own public key to obtain a verification result of the first signature information.

在一种可能的实现方式中,交易内容是终端基于第一账号针对第二账号发起的,即第一账号可以为交易内容的发送方或者付款方具有的账号,第二账号可以为交易内容的接收方或者收款方具有的账号。交易请求消息和交易记录中还可以包括第二签名信息以及第二账号的一次性公钥,其中,该第二账号的一次性公钥为交易内容的接收地址,或者也可以称为交易内容的接收方或者收款方的地址。相应的,第一验证结果和第二验证结果中还可以包括第二签名信息的验证结果,该第二签名信息的验证结果是交易处理设备根据第二账号的一次性公钥、证书颁发设备的公钥以及所述第二签名信息中的验证参数进行验证计算获得的。In one possible implementation, the transaction content is initiated by the terminal for the second account based on the first account, that is, the first account can be the account of the sender or payer of the transaction content, and the second account can be the account of the receiver or payee of the transaction content. The transaction request message and the transaction record may also include the second signature information and the one-time public key of the second account, wherein the one-time public key of the second account is the receiving address of the transaction content, or may also be referred to as the address of the receiver or payee of the transaction content. Correspondingly, the first verification result and the second verification result may also include the verification result of the second signature information, which is obtained by the transaction processing device through verification calculation based on the one-time public key of the second account, the public key of the certificate issuing device, and the verification parameters in the second signature information.

可见,该实现方式中,交易内容的接收地址是一个一次性公钥,第三方无法根据该接收地址来识别出该交易内容的第二账号所对应的公钥。另外,交易处理设备使用的是接收地址来验证第二签名信息,获知第二账号是否具有将交易记录存储到区块链上的条件,也就是验证第二账号的准入资格。与现有技术中采用第二账号的长期公钥的哈希值作为接收地址相比,该实现方式可以保护第二账号的隐私性。It can be seen that in this implementation, the receiving address of the transaction content is a one-time public key, and a third party cannot identify the public key corresponding to the second account of the transaction content based on the receiving address. In addition, the transaction processing device uses the receiving address to verify the second signature information to find out whether the second account has the conditions to store the transaction record on the blockchain, that is, to verify the access qualification of the second account. Compared with the prior art that uses the hash value of the long-term public key of the second account as the receiving address, this implementation can protect the privacy of the second account.

在一种可能的实现方式中,交易请求消息以及交易记录中还可以包括第三签名信息、各输入金额的密文以及所述各输出金额的密文,相应的,第一验证结果和第二验证结果中还包括第三签名信息的验证结果,所述第三签名信息的验证结果是由所述交易处理设备根据所述第三签名信息中的验证参数、所述各输入金额的密文以及所述各输出金额的密文进行验证计算获得的,该第三签名信息的验证结果用于指示交易记录中总输入金额是否等于总输出金额。In a possible implementation, the transaction request message and the transaction record may also include third signature information, the ciphertext of each input amount, and the ciphertext of each output amount. Accordingly, the first verification result and the second verification result also include the verification result of the third signature information. The verification result of the third signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount. The verification result of the third signature information is used to indicate whether the total input amount in the transaction record is equal to the total output amount.

可见,交易内容中不需要携带各输入金额以及各输出金额的明文,甚至交易内容中也不需要各输入金额的密文以及各输出金额的密文,验证者如交易处理设备根据第三签名信息就可以验证总输入金额是否等于总输出金额,即获知交易的正确性。从而有助于保护交易金额的隐私性。It can be seen that the transaction content does not need to carry the plain text of each input amount and each output amount, and even the ciphertext of each input amount and each output amount is not needed in the transaction content. The verifier, such as the transaction processing device, can verify whether the total input amount is equal to the total output amount based on the third signature information, that is, know the correctness of the transaction. This helps to protect the privacy of the transaction amount.

在一种可能的实现方式中,交易内容中还包括各输入金额的密文和各输出金额的密文,另外,各输入金额的密文和各输出金额的密文的加密密钥为第三方审核账号的公钥。这样,拥有第三方审核账号的审计员可以利用自身的私钥来解密各输入金额的密文和各输出金额的密文,获得各输入金额的明文和各输出金额的明文。由于该密文是第三方审核账号的公钥加密的,因此,只有第三方审核账号的私钥可以解密,从而,有助于保护交易金额隐私性的同时,方便审计员的审计。In a possible implementation, the transaction content also includes the ciphertext of each input amount and the ciphertext of each output amount. In addition, the encryption key of the ciphertext of each input amount and the ciphertext of each output amount is the public key of the third-party audit account. In this way, the auditor with the third-party audit account can use his own private key to decrypt the ciphertext of each input amount and the ciphertext of each output amount to obtain the plaintext of each input amount and the plaintext of each output amount. Since the ciphertext is encrypted by the public key of the third-party audit account, only the private key of the third-party audit account can decrypt it, thereby helping to protect the privacy of the transaction amount while facilitating the audit of the auditor.

在一种可能的实现方式中,交易请求消息和交易记录中还可以包括各输入金额的标识,该各输入金额的标识,所述各输入金额的标识用于防止所述各输入金额被二次消费。例如,若区块链中已存在具有输入金额的标识T的交易记录,则交易处理设备验证该交易内容时再发现具有该输入金额的标识T,则可以确定该输入金额为二次消费,验证不通过。可见,该实现方式可以利用各输入金额的标识来防止输入金额的二次消费。In a possible implementation, the transaction request message and the transaction record may also include the identifier of each input amount, and the identifier of each input amount is used to prevent the input amount from being consumed twice. For example, if a transaction record with the identifier T of the input amount already exists in the blockchain, when the transaction processing device verifies the transaction content and finds the identifier T of the input amount again, it can be determined that the input amount is a secondary consumption and the verification fails. It can be seen that this implementation method can use the identifier of each input amount to prevent the secondary consumption of the input amount.

在一种可能的实现方式中,交易请求消息和交易记录中还包括第四签名信息,相应的,第一验证结果和第二验证结果还包括第四签名信息的验证结果,所述第四签名信息的验证结果是由所述交易处理设备根据所述各输入金额的标识和所述第四签名信息中的验证参数进行验证计算获得的,第四签名信息的验证结果用于指示各输入金额的标识是否正确;可见,若输入金额的标识不正确,则该第四签名信息的验证结果也是不通过的,进一步的避免输入金额的二次消费。In one possible implementation, the transaction request message and the transaction record also include fourth signature information. Accordingly, the first verification result and the second verification result also include a verification result of the fourth signature information. The verification result of the fourth signature information is obtained by the transaction processing device through verification calculation based on the identification of each input amount and the verification parameters in the fourth signature information. The verification result of the fourth signature information is used to indicate whether the identification of each input amount is correct. It can be seen that if the identification of the input amount is incorrect, the verification result of the fourth signature information is also not passed, thereby further avoiding secondary consumption of the input amount.

在一种可能的实现方式中,交易请求消息和交易记录中还可以包括第一账号的一次性公钥的密文,其中,该第一账号的一次性公钥的密文的加密密钥为第三方审核账号的公钥。这样,具有第三方审核账号的审计员就可以利用自身的私钥来解密该一次性公钥的密文,获得该一次性公钥,从而获知第一账号的身份信息,便于审计员的审计。In a possible implementation, the transaction request message and the transaction record may also include the ciphertext of the one-time public key of the first account, wherein the encryption key of the ciphertext of the one-time public key of the first account is the public key of the third-party audit account. In this way, the auditor with the third-party audit account can use his own private key to decrypt the ciphertext of the one-time public key, obtain the one-time public key, and thus obtain the identity information of the first account, which is convenient for the auditor's audit.

在一种可能的实现方式中,交易请求消息和交易记录中还可以包括第五签名信息;相应的,第一验证结果和第二验证结果还包括第五签名信息的验证结果,所述第五签名信息的验证结果是由所述交易处理设备根据所述第五签名信息中的验证参数进行验证计算获得的,第五签名信息的验证结果用于指示第一账号的所述一次性公钥的密文是否正确。In a possible implementation, the transaction request message and the transaction record may also include fifth signature information; accordingly, the first verification result and the second verification result also include a verification result of the fifth signature information, and the verification result of the fifth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the fifth signature information, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

在一种可能的实现方式中,交易请求消息和所述交易记录中还包括第二账号的长期公钥的密文,其中,该第二账号的所述长期公钥的密文的加密密钥为所述第三方审核账号的公钥。这样,具有第三方审核账号的审计员就可以利用自身的私钥来解密该长期公钥的密文,获得第二账号的长期公钥,从而获知该第二账号的身份信息,便于审计员的审计。In a possible implementation, the transaction request message and the transaction record also include the ciphertext of the long-term public key of the second account, wherein the encryption key of the ciphertext of the long-term public key of the second account is the public key of the third-party audit account. In this way, an auditor with a third-party audit account can use his own private key to decrypt the ciphertext of the long-term public key and obtain the long-term public key of the second account, thereby obtaining the identity information of the second account, which is convenient for the auditor's audit.

在一种可能的实现方式中,交易请求消息和所述交易记录中还包括所述第六签名信息;第一验证结果和第二验证结果还包括第六签名信息的验证结果,所述第六签名信息的验证结果是由所述交易处理设备根据所述第六签名信息中的验证参数进行验证计算获得的,第六签名信息的验证结果用于指示第二账号的长期公钥的密文是否正确。In a possible implementation, the transaction request message and the transaction record also include the sixth signature information; the first verification result and the second verification result also include the verification result of the sixth signature information, and the verification result of the sixth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the sixth signature information, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

另外,第一账号的凭据可以通过以下步骤来生成:所述交易处理设备接收所述终端发送的凭据请求消息,所述凭据请求消息中包括所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文;所述交易处理设备根据所述凭据请求消息生成所述第一账号的凭据;所述交易处理设备向所述终端发送凭据响应消息,所述凭据响应消息中携带所述第一账号的凭据。In addition, the credentials of the first account can be generated through the following steps: the transaction processing device receives a credential request message sent by the terminal, the credential request message includes the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account; the transaction processing device generates the credentials of the first account according to the credential request message; the transaction processing device sends a credential response message to the terminal, and the credential response message carries the credentials of the first account.

在一种可能的实现方式中,终端在申请第一账号的凭据的同时,也可以申请第二账号的凭据,以便于第二账号在使用该笔交易金额时,可以直接使用该凭据来保护自身的匿名性。也就是说,凭据请求消息中还包括所述第二账号的所述一次性公钥和/或所述第二账号具有的交易金额的密文;所述交易处理设备还可以根据该凭据请求消息生成第二账号的凭据,所述凭据响应消息中还包括所述第二账号的凭据;交易请求消息以及交易记录中还可以包括第二账号的凭据。In a possible implementation, the terminal may apply for the credentials of the second account at the same time as applying for the credentials of the first account, so that the second account can directly use the credentials to protect its anonymity when using the transaction amount. That is, the credential request message also includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; the transaction processing device may also generate the credentials of the second account according to the credential request message, and the credential response message may also include the credentials of the second account; the transaction request message and the transaction record may also include the credentials of the second account.

在一种可能的实现方式中,第二账号的凭据也可以由第二账号自身来申请,例如,在第二账号要使用该笔交易金额之前,向管理设备申请凭据。In a possible implementation, the credentials of the second account may also be applied for by the second account itself. For example, before the second account uses the transaction amount, the credentials are applied for from the management device.

在一种可能的实现方式中,上述第一签名信息、第二签名信息、第三签名信息、第四签名信息、第五签名信息或第六签名信息可以均为零知识证明的签名,也就是说,上述签名信息可以利用零知识证明算法来验证,并且验证过程只需使用上述签名信息以及系统参数就可以验证,避免交易中的关键信息泄露,从而保护了上述各实现方式中第一账号、第二账号、交易金额等的隐私性。In one possible implementation, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information or the sixth signature information may all be zero-knowledge proof signatures, that is, the signature information may be verified using a zero-knowledge proof algorithm, and the verification process only requires the signature information and system parameters to be used, thereby avoiding leakage of key information in the transaction, thereby protecting the privacy of the first account, the second account, the transaction amount, etc. in the above-mentioned implementations.

第三方面,本申请还提供一种终端,该终端具有实现上述实现方法中终端的功能。该功能可以通过硬件实现,例如,包括处理器和收发器,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块,所述模块可以是软件和/或硬件。In a third aspect, the present application further provides a terminal having the function of implementing the terminal in the above implementation method. The function can be implemented by hardware, for example, including a processor and a transceiver, or can be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules can be software and/or hardware.

第四方面,本申请还提供一种交易处理设备,该交易处理设备具有实现上述实现方法中交易处理设备的功能。该功能可以通过硬件实现,例如,包括处理器和收发器,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块,所述模块可以是软件和/或硬件。该处理器和收发器可以处理多个上述实现方法中的终端所发送的消息,执行上述实现方法中所描述的交易处理方法。In a fourth aspect, the present application further provides a transaction processing device, which has the function of implementing the transaction processing device in the above implementation method. The function can be implemented by hardware, for example, including a processor and a transceiver, or can be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules can be software and/or hardware. The processor and transceiver can process messages sent by multiple terminals in the above implementation method and execute the transaction processing method described in the above implementation method.

第五方面,本申请还提供一种交易处理设备,交易处理设备包括至少一个背书模块、共识模块、提交模块以及管理模块;In a fifth aspect, the present application further provides a transaction processing device, the transaction processing device comprising at least one endorsement module, a consensus module, a submission module and a management module;

所述至少一个背书模块,用于接收终端发送的交易请求消息,所述交易请求消息中包括交易内容和第一签名信息,所述交易内容是所述终端基于第一账号发起的,所述第一签名信息是由所述终端根据所述第一账号的凭据生成的;The at least one endorsement module is configured to receive a transaction request message sent by a terminal, wherein the transaction request message includes transaction content and first signature information, wherein the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to credentials of the first account;

所述至少一个背书模块,还用于根据所述交易请求消息向所述终端返回交易响应消息,所述交易响应消息中包括所述交易处理设备根据所述交易内容生成的交易结果信息;所述共识模块,用于接收所述终端根据所述至少一个交易响应消息发送的交易记录消息,并将所述交易记录消息携带的交易记录与从其他终端接收的交易记录一并根据接收时间进行排序,生成包括所述交易记录的区块,并将所述区块提交给所述提交模块;所述提交模块,用于接收所述区块,并将所述交易记录以所述区块的形式存储到区块链上;交易处理设备所述管理模块,用于根据自身的私钥以及所述第一账号的一次性公钥和/或具有的交易金额的密文生成所述第一账号的凭据。The at least one endorsement module is also used to return a transaction response message to the terminal according to the transaction request message, and the transaction response message includes the transaction result information generated by the transaction processing device according to the transaction content; the consensus module is used to receive the transaction record message sent by the terminal according to the at least one transaction response message, and sort the transaction records carried by the transaction record message together with the transaction records received from other terminals according to the receiving time, generate a block including the transaction record, and submit the block to the submission module; the submission module is used to receive the block and store the transaction record in the form of the block on the blockchain; the management module of the transaction processing device is used to generate the credentials of the first account according to its own private key and the one-time public key of the first account and/or the ciphertext of the transaction amount.

第六方面,本申请还提供一种交易处理系统,该交易处理系统可以包括终端和交易处理设备,终端可以执行上述第一方面所提供的交易处理方法,或者第一方面可能的实现方式中的任一种或多种;所述交易处理设备可以执行上述第二方面所提供的交易处理方法,或者第二方面可能的是实现方式中的任一种或多种。In a sixth aspect, the present application also provides a transaction processing system, which may include a terminal and a transaction processing device. The terminal may execute the transaction processing method provided in the first aspect above, or any one or more of the possible implementations of the first aspect; the transaction processing device may execute the transaction processing method provided in the second aspect above, or any one or more of the possible implementations of the second aspect.

第七方面,本申请还提供了一种计算机可读存储介质,所述可读存储介质上存储有实现第一方面所提供的交易处理方法,或者第一方面可能的实现方式中的任意一种或多种所提供的交易处理方法的程序代码,该程序代码包含运行第一方面所提供的交易处理方法,或者第一方面可能的实施方式中的任意一种所提供的交易处理方法的执行指令。In the seventh aspect, the present application also provides a computer-readable storage medium, on which is stored a program code for implementing the transaction processing method provided in the first aspect, or any one or more of the possible implementations of the first aspect, and the program code contains execution instructions for running the transaction processing method provided in the first aspect, or any one of the possible implementations of the first aspect.

第八方面,本申请还提供了一种计算机可读存储介质,所述可读存储介质上存储有实现第二方面所提供的交易处理方法,或者第二方面可能的实现方式中的任意一种或多种所提供的交易处理方法的程序代码,该程序代码包含运行第二方面所提供的交易处理方法,或者第二方面可能的实施方式中的任意一种所提供的交易处理方法的执行指令。In an eighth aspect, the present application also provides a computer-readable storage medium, on which is stored a program code for implementing the transaction processing method provided in the second aspect, or any one or more of the possible implementations of the second aspect, and the program code contains execution instructions for running the transaction processing method provided in the second aspect, or any one of the possible implementations of the second aspect.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是一种交易处理系统的结构示意图;FIG1 is a schematic diagram of the structure of a transaction processing system;

图2是基于图1所示的区块链系统提供的一种交易处理方法的流程示意图;FIG2 is a flow chart of a transaction processing method provided by the blockchain system shown in FIG1 ;

图3A是本发明实施例提供的一种交易处理系统的结构示意图;FIG3A is a schematic diagram of the structure of a transaction processing system provided by an embodiment of the present invention;

图3B是本发明实施例提供的另一种交易处理系统的结构示意图;3B is a schematic diagram of the structure of another transaction processing system provided by an embodiment of the present invention;

图3C是本发明实施例提供的又一种交易处理系统的结构示意图;3C is a schematic diagram of the structure of another transaction processing system provided by an embodiment of the present invention;

图3D是本发明实施例提供的又一种交易处理系统的结构示意图;3D is a schematic diagram of the structure of another transaction processing system provided by an embodiment of the present invention;

图4是本发明实施例提供的一种交易处理方法的流程示意图;FIG4 is a flow chart of a transaction processing method provided by an embodiment of the present invention;

图5是本发明实施例提供的另一种交易处理方法的流程示意图;5 is a flow chart of another transaction processing method provided by an embodiment of the present invention;

图6是本发明实施例提供的又一种交易处理方法的流程示意图;6 is a flow chart of another transaction processing method provided by an embodiment of the present invention;

图7是本发明实施例提供的又一种交易处理方法的流程示意图;7 is a flow chart of another transaction processing method provided by an embodiment of the present invention;

图8是本发明实施例提供的一种用户界面示意图;FIG8 is a schematic diagram of a user interface provided by an embodiment of the present invention;

图9是本发明实施例提供的一种终端的结构示意图;9 is a schematic diagram of the structure of a terminal provided by an embodiment of the present invention;

图10是本发明实施例提供的一种交易处理设备的结构示意图;10 is a schematic diagram of the structure of a transaction processing device provided in an embodiment of the present invention;

图11是本发明实施例提供的另一种交易处理设备的结构示意图;11 is a schematic diagram of the structure of another transaction processing device provided in an embodiment of the present invention;

图12是本发明实施例提供的一种终端的结构示意图;12 is a schematic diagram of the structure of a terminal provided in an embodiment of the present invention;

图13是本发明实施例提供的一种交易处理设备的结构示意图。FIG. 13 is a schematic diagram of the structure of a transaction processing device provided in an embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行详细的描述。The technical solutions in the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings in the embodiments of the present invention.

目前,区块链是一个分布式数据库,该分布式数据库中包括数量不断增长的有序记录列表,该有序记录列表被称为区块,即每个区块包括预设时间段内按照时间排序的交易记录。其中,每个区块都包含生成该区块的时间戳以及指向前一个区块的链接。Currently, blockchain is a distributed database that includes a growing list of ordered records, called blocks, where each block includes transaction records sorted by time within a preset time period. Each block contains a timestamp when the block was generated and a link to the previous block.

其中,区块链的构建是基于交易处理系统完成的,例如,请参阅图1,图1是一种交易处理系统的结构示意图,图1所示的交易处理系统包括终端、背书节点Endorsing peer、共识节点Ordering peer以及提交节点Committing peer。其中,该终端为登录付款账号的终端,该终端也可以称为付款方或发送方,能够发起交易;背书节点、共识节点以及提交节点可以分别位于不同的服务器中,也可以位于同一个服务器中,还可以部署到云平台上来执行相关的功能,故背书节点、共识节点以及提交节点统称为交易处理系统。The construction of blockchain is based on the transaction processing system. For example, please refer to Figure 1, which is a schematic diagram of the structure of a transaction processing system. The transaction processing system shown in Figure 1 includes a terminal, an endorsing peer, an ordering peer, and a committing peer. The terminal is a terminal for logging into a payment account. The terminal can also be called a payer or a sender, and can initiate a transaction. The endorsing node, the consensus node, and the committing node can be located in different servers, or in the same server, or can be deployed on a cloud platform to perform related functions. Therefore, the endorsing node, the consensus node, and the committing node are collectively referred to as a transaction processing system.

其中,终端,用于发起交易,可以获得交易内容、针对该交易内容的签名、收款方的地址以及还拥有付款方的证书和收款方的证书。Among them, the terminal is used to initiate the transaction, and can obtain the transaction content, the signature for the transaction content, the address of the payee, and also has the payer's certificate and the payee's certificate.

背书节点,用于验证付款方发起的交易请求消息,而且可以在验证通过时,模拟运行交易内容,获得交易结果,并生成针对交易结果的签名。例如,背书节点可以验证付款方对交易内容的签名、付款方和收款方的证书、收款方的地址等。The endorsement node is used to verify the transaction request message initiated by the payer, and when the verification is passed, it can simulate the transaction content, obtain the transaction result, and generate a signature for the transaction result. For example, the endorsement node can verify the payer's signature on the transaction content, the payer and payee's certificates, the payee's address, etc.

共识节点,用于执行共识算法,另外,共识节点可以获得多个终端提交的多个交易记录,并根据提交的时间对多个交易记录进行排序,获得有序的交易记录列表,该有序的交易记录列表称为块。The consensus node is used to execute the consensus algorithm. In addition, the consensus node can obtain multiple transaction records submitted by multiple terminals, and sort the multiple transaction records according to the submission time to obtain an ordered list of transaction records. The ordered list of transaction records is called a block.

提交节点,用于验证区块中各交易记录中付款方的签名和背书节点的签名,并在验证通过时,可以将区块中的各交易记录存储在区块链上。例如,提交节点针对区块中的每个交易记录验证该交易记录是否满足预设条件,若满足预设条件,则验证通过,可以将相应的交易记录存储在区块链上。其中,该预设条件可以为:每条交易记录中需至少有十个背书节点的签名及相应的交易结果且各签名对应的交易结果是一致的。The submission node is used to verify the signature of the payer and the signature of the endorsement node in each transaction record in the block, and when the verification is passed, each transaction record in the block can be stored on the blockchain. For example, the submission node verifies whether each transaction record in the block meets the preset conditions. If the preset conditions are met, the verification is passed and the corresponding transaction record can be stored on the blockchain. Among them, the preset conditions can be: each transaction record must have at least ten signatures of endorsement nodes and corresponding transaction results, and the transaction results corresponding to each signature are consistent.

另外,交易记录存储到区块链上后,收款方收款时可以根据自身的私钥和交易记录中收款方的地址来确定该交易记录中收款人是否为自己。In addition, after the transaction record is stored on the blockchain, the payee can determine whether the payee in the transaction record is himself based on his own private key and the payee's address in the transaction record when receiving the payment.

例如,请参阅图2,图2是基于图1所示的区块链系统提供的一种交易处理方法的流程示意图,该交易处理方法可以包括以下步骤:For example, please refer to FIG. 2, which is a flow chart of a transaction processing method provided by the blockchain system shown in FIG. 1. The transaction processing method may include the following steps:

201、终端利用付款账号的私钥生成交易内容的签名,并获取付款账号和收款账号的证书,并根据收款账号的公钥来生成收款账号的接收地址;201. The terminal generates a signature of the transaction content using the private key of the payment account, obtains the certificates of the payment account and the receiving account, and generates a receiving address of the receiving account according to the public key of the receiving account;

其中,取款账号和收款账号的证书,是证书机构根据付款账号和收款账号的公钥生成的,用于验证付款账号和收款账号是否具有使用该区块链系统的资格,即是否具有准入资格。收款账号可以基于自身的公钥生成哈希值的方式来验证该接收地址是否为自身。The certificates of the withdrawal account and the receiving account are generated by the certificate authority based on the public keys of the payment account and the receiving account, and are used to verify whether the payment account and the receiving account are qualified to use the blockchain system, that is, whether they have access qualifications. The receiving account can verify whether the receiving address is itself by generating a hash value based on its own public key.

202、终端向至少一个背书节点发送交易请求消息;202. The terminal sends a transaction request message to at least one endorsing node;

203、至少一个背书节点中的每个背书节点可以验证该交易请求消息,并在验证通过时,模拟运行交易内容,获得交易结果信息;203. Each of the at least one endorsing node may verify the transaction request message, and when the verification is passed, simulate the transaction content to obtain transaction result information;

204、至少一个背书节点中每个背书节点分别向终端返回交易响应消息。204. Each of the at least one endorsing node returns a transaction response message to the terminal.

该交易响应消息中携带相应的交易结果信息。The transaction response message carries the corresponding transaction result information.

其中,每个背书节点验证交易请求消息可以包括以下步骤:Wherein, each endorsing node verifying the transaction request message may include the following steps:

a.背书节点验证该交易内容的签名,即背书节点利用付款账号的公钥对该交易内容的签名进行验证,若验证通过,则表明该交易是由付款账号发起的,从而保证付款账号的不可抵赖性;a. The endorsing node verifies the signature of the transaction content. That is, the endorsing node verifies the signature of the transaction content using the public key of the payment account. If the verification is successful, it indicates that the transaction was initiated by the payment account, thereby ensuring the non-repudiation of the payment account;

b.背书节点验证付款账号和收款账号的证书,即背书节点检查付款账号和收款账号的证书是否为证书机构CA颁发的证书,若是,则表示付款账号和收款账号具有执行交易的资格,即表示付款账号和收款账号具有准入资格;b. The endorsement node verifies the certificates of the payment account and the receiving account, that is, the endorsement node checks whether the certificates of the payment account and the receiving account are issued by the certificate authority CA. If so, it means that the payment account and the receiving account are qualified to execute transactions, that is, the payment account and the receiving account are qualified to enter;

c.背书节点验证收款方的地址,其中,收款方的证书是收款方的公钥,故可以获取还公钥的哈希值来验证是否与收款方的地址一致,若一致,则验证通过,否则,验证不通过。c. The endorsement node verifies the payee's address. The payee's certificate is the payee's public key, so the hash value of the public key can be obtained to verify whether it is consistent with the payee's address. If it is consistent, the verification is successful, otherwise, the verification fails.

若a、b以及c均验证通过,则背书节点可以模拟运行该交易内容,获得交易结果信息。其中,交易结果信息包括交易结果和该背书节点利用自身的私钥生成的该交易结果的签名。If a, b, and c are all verified, the endorsement node can simulate the transaction content and obtain the transaction result information. The transaction result information includes the transaction result and the signature of the transaction result generated by the endorsement node using its own private key.

例如,交易内容为付款方支付给收款方一定数量的交易金额,则背书节点模拟运行该交易内容,获得的交易结果为付款方拥有的金额少了该数量的金额,收款方拥有的金额多了该数量的金额。For example, if the transaction content is that the payer pays a certain amount of transaction amount to the payee, the endorsement node simulates and runs the transaction content, and the transaction result obtained is that the amount owned by the payer is less than the amount, and the amount owned by the payee is more than the amount.

其中,终端可以将交易请求消息同时发送给多个背书节点,相应的,可以获得多个背书节点返回的交易响应消息,终端可以根据该多个交易响应消息获得多个签名以及相应的多个交易结果。Among them, the terminal can send a transaction request message to multiple endorsement nodes at the same time, and accordingly, can obtain transaction response messages returned by multiple endorsement nodes. The terminal can obtain multiple signatures and corresponding multiple transaction results based on the multiple transaction response messages.

205、终端接收至少一个背书节点返回的交易响应消息,并向共识节点发送交易记录消息。205. The terminal receives a transaction response message returned by at least one endorsement node, and sends a transaction record message to the consensus node.

其中,该交易记录消息携带交易记录,该交易记录包括交易内容、交易内容的签名、付款账号和收款账号的证书以及至少一个交易结果信息。The transaction record message carries a transaction record, which includes transaction content, a signature of the transaction content, certificates of a payment account and a payment receiving account, and at least one transaction result information.

206、共识节点接收该交易记录消息,并将该终端发送的交易记录消息携带的交易记录与其他终端发送的交易记录按照时间进行排序,生成包括有序交易记录列表的区块,并将该区块发送给提交节点;206. The consensus node receives the transaction record message, sorts the transaction record carried by the transaction record message sent by the terminal and the transaction records sent by other terminals according to time, generates a block including an ordered transaction record list, and sends the block to the submission node;

207、提交节点接收该区块,并验证该区块中的每个交易记录,在验证通过时,将该区块存储到区块链上。207. The submitting node receives the block and verifies each transaction record in the block. When the verification is passed, the block is stored on the blockchain.

其中,提交节点验证该区块中的每个交易记录的方法相同,因此,此处以提交节点验证该终端发送的交易记录消息中的交易记录为例进行阐述。提交节点验证交易记录主要包括:提交节点根据付款账号的公钥来验证交易内容的签名;提交节点根据背书节点的公钥来验证相应的交易结果的签名;提交节点验证交易记录中交易结果信息是否满足预设条件,例如,该预设条件为交易记录中需至少有十个背书节点的签名及相应的交易结果且各签名对应的交易结果是一致的。这样,所有的验证均通过时,提交节点可以将该交易记录存储到区块链上。具体的,该交易记录是以共识节点生成的区块的形式存储到区块链上的,该区块的时间戳为共识节点生成该区块的时间,该区块中指向上一个区块的链接为根据上一个区块确定的编号。Among them, the method for submitting the node to verify each transaction record in the block is the same. Therefore, the transaction record in the transaction record message sent by the terminal is used as an example for explanation. The transaction record verification by the submitting node mainly includes: the submitting node verifies the signature of the transaction content according to the public key of the payment account; the submitting node verifies the signature of the corresponding transaction result according to the public key of the endorsement node; the submitting node verifies whether the transaction result information in the transaction record meets the preset conditions, for example, the preset condition is that there must be at least ten signatures of the endorsement nodes and the corresponding transaction results in the transaction record and the transaction results corresponding to each signature are consistent. In this way, when all verifications are passed, the submitting node can store the transaction record on the blockchain. Specifically, the transaction record is stored on the blockchain in the form of a block generated by the consensus node. The timestamp of the block is the time when the consensus node generates the block, and the link to the previous block in the block is the number determined according to the previous block.

可见,图2所示的交易处理方法中,交易内容的签名是根据付款账号的私钥来获得的,验证方可以利用付款账号的公钥来验证该签名,并在验证通过时,确认该交易内容是该付款账号发起的,从而避免付款账号的抵赖。It can be seen that in the transaction processing method shown in Figure 2, the signature of the transaction content is obtained based on the private key of the payment account. The verifier can use the public key of the payment account to verify the signature, and when the verification is passed, confirm that the transaction content is initiated by the payment account, thereby avoiding denial of the payment account.

由于图2所示的交易处理方法中,交易内容的签名是利用付款账号的私钥生成的,因此,验证方需要获知该付款账号的公钥验证该签名,以避免付款账号抵赖该交易内容。这也就导致除了交易双方外,任何拥有该付款账号的公钥的第三方都可以识别出付款账号所发起的所有交易,也就无法保护付款账号的身份匿名性。Since the signature of the transaction content in the transaction processing method shown in Figure 2 is generated using the private key of the payment account, the verifier needs to know the public key of the payment account to verify the signature to prevent the payment account from denying the transaction content. This also means that in addition to the two parties to the transaction, any third party with the public key of the payment account can identify all transactions initiated by the payment account, and the identity anonymity of the payment account cannot be protected.

另外,图2中,交易内容的接收地址为收款账号的公钥的哈希值,验证者验证收款账号访问区块链系统的资格也是根据收款账号的证书来判断的,导致第三方一旦知道收款账号的公钥,就可以识别该收款账号所对应的交易,也就无法保护收款账号的身份匿名性。In addition, in Figure 2, the receiving address of the transaction content is the hash value of the public key of the payment account, and the verifier verifies the eligibility of the payment account to access the blockchain system based on the certificate of the payment account. As a result, once a third party knows the public key of the payment account, it can identify the transaction corresponding to the payment account, and the identity anonymity of the payment account cannot be protected.

另外,为了使验证方验证交易金额是否正确,交易内容还需要携带交易金额,从而使得第三方能够获知付款账号与收款账号之间的交易金额。例如,交易输入金额是否等于交易输出金额,避免付款账号拥有的交易输入金额小于交易输出金额所产生的非法交易。In addition, in order for the verifier to verify whether the transaction amount is correct, the transaction content also needs to carry the transaction amount, so that the third party can know the transaction amount between the payment account and the receiving account. For example, whether the transaction input amount is equal to the transaction output amount, to avoid illegal transactions caused by the payment account having a transaction input amount less than the transaction output amount.

可见,图2中,除了交易双方外,第三方如背书节点、共识节点以及提交节点都需要获知付款账号的公钥、收款账号的公钥以及交易内容,而获知付款账号和收款账号的公钥就相当于获知了付款方和收款方的身份信息,也就导致交易中付款方、收款方以及交易金额的隐私性得不到保护。It can be seen from Figure 2 that in addition to the two parties to the transaction, third parties such as endorsement nodes, consensus nodes, and submission nodes need to know the public key of the payment account, the public key of the payment account, and the transaction content. Knowing the public keys of the payment account and the payment account is equivalent to knowing the identity information of the payer and the payee, which means that the privacy of the payer, the payee, and the transaction amount in the transaction cannot be protected.

为了解决该问题,本发明实施例提供一种交易处理方法,能够根据业务设置,来选择保护付款方、收款方和/或交易金额的隐私性。In order to solve this problem, an embodiment of the present invention provides a transaction processing method, which can choose to protect the privacy of the payer, the payee and/or the transaction amount according to the business settings.

为了便于理解本发明实施例,首先对相关概念或术语进行阐述。In order to facilitate understanding of the embodiments of the present invention, relevant concepts or terms are first explained.

本发明实施例中,签名是指数字签名,或数字信息的签名信息,如交易内容的签名信息或签名;数字签名是一种类似写在纸上的普通的物理签名,使用了公钥密码领域的技术实现,用于鉴别数字信息的方法。数字签名应用了公钥密码领域使用的单向函数原理生了长期公钥和长期私钥。其中,单向函数是指正向操作非常简单,逆向操作非常困难的函数。一套数字签名通常定义两种互补的运算,一个用于签名,另一个用于验证;例如,签名者可以利用私钥与数字信息计算一个函数生成该数字信息的签名;在验证运算中,验证者可用相应的公钥、该数字信息以及该签名进行计算,来确定该签名是否正确。In the embodiments of the present invention, a signature refers to a digital signature, or signature information of digital information, such as signature information or signature of transaction content; a digital signature is a common physical signature similar to that written on paper, which is implemented using technology in the field of public key cryptography and is a method for identifying digital information. A digital signature applies the one-way function principle used in the field of public key cryptography to generate a long-term public key and a long-term private key. Among them, a one-way function refers to a function whose forward operation is very simple and whose reverse operation is very difficult. A set of digital signatures usually defines two complementary operations, one for signing and the other for verification; for example, the signer can use the private key and digital information to calculate a function to generate a signature of the digital information; in the verification operation, the verifier can use the corresponding public key, the digital information and the signature to calculate to determine whether the signature is correct.

本发明实施例中,第一账号为发起交易内容的账号,可以称为付款账号或支付账号;第二账号为第一账号发起的交易内容所针对的账号,也就是说,第二账号可以为交易内容的接收方,可以称为收款账号;相应的,第一账号在其他交易中也可以称为收款账号,第二账号也可以称为付款账号,为了便于理解,本发明实施例中,第一账号为付款账号,第二账号为收款账号。In the embodiment of the present invention, the first account is the account that initiates the transaction content, which can be called the payment account or payment account; the second account is the account for the transaction content initiated by the first account, that is, the second account can be the recipient of the transaction content, which can be called the receiving account; accordingly, the first account can also be called the receiving account in other transactions, and the second account can also be called the payment account. For ease of understanding, in the embodiment of the present invention, the first account is the payment account and the second account is the receiving account.

相应的,登录第一账号的终端为图3A至图3D中的终端,该终端可以称为付款终端;登录第二账号的终端可以称为收款终端,在图3A至图3D中未体现。Correspondingly, the terminal for logging into the first account is the terminal in Figures 3A to 3D, which can be called a payment terminal; the terminal for logging into the second account can be called a payment terminal, which is not shown in Figures 3A to 3D.

终端在执行交易处理方法之前,可以根据第一账号的用户在登录第一账号的终端上所选择的隐私保护方式,如选择保护第一账号、第二账号以及交易内容中的交易金额中的任一项或多项的隐私性,来选择本申请所述的实施例执行相应的交易处理方法。Before executing the transaction processing method, the terminal can select the embodiment described in the present application to execute the corresponding transaction processing method according to the privacy protection method selected by the user of the first account on the terminal that logs in to the first account, such as choosing to protect the privacy of any one or more of the first account, the second account, and the transaction amount in the transaction content.

例如,请参阅图8,图8是本发明实施例提供的一种用户界面示意图,如图8所示,该示意图以手机为例,付款账号可以包括多个,用户通过终端的输入方式从中选择本次交易要使用的付款账号;用户还可以通过终端的输入方式在该用户界面中输入收款方的收款账号以及支付的金额,并在该用户界面中选择需要隐私保护的选项,如图8所示,选择付款账号的隐私性保护。可选的,本发明实施例中,终端接收针对用户界面输入的付款账号或者选择的付款账号、收款账号、金额以及选择的隐私保护选项;终端根据所选的隐私保护选项,执行以下实施例中相关的操作,完成该支付过程,即完成该交易过程。For example, please refer to FIG8, which is a user interface diagram provided by an embodiment of the present invention. As shown in FIG8, the diagram takes a mobile phone as an example. The payment account may include multiple accounts, from which the user selects the payment account to be used for this transaction through the input method of the terminal; the user can also enter the payee's payment account and the payment amount in the user interface through the input method of the terminal, and select the option that requires privacy protection in the user interface, as shown in FIG8, to select the privacy protection of the payment account. Optionally, in an embodiment of the present invention, the terminal receives the payment account entered in the user interface or the selected payment account, payment account, amount, and selected privacy protection option; the terminal performs the relevant operations in the following embodiments according to the selected privacy protection option to complete the payment process, that is, to complete the transaction process.

以下对可选的实施例进行详述。The optional embodiments are described in detail below.

实施例一Embodiment 1

为了保护付款账号的隐私性,本发明实施例基于图3A或图3B所示的交易处理系统提出了一种交易处理方法,可以保护付款账号的隐私性。如图3A或图3B所示的交易处理系统,该交易处理系统至少包括至少一个终端和至少一个交易处理系统,该至少一个终端可以分别登录至少一个付款账号,本发明实施例中,该付款账号也可以称为第一账号,其中,该交易处理方法中,每个终端对所登录的付款账号发起的交易的处理过程相同。至少一个交易处理系统中每个交易处理系统对终端提交的交易的处理过程也相同,每个交易处理系统可以由一个相应的机构来维护,例如,金融业的联盟链场景中,每家银行可以维护一个交易处理系统,来处理该银行的用户账号所登录的终端提交的交易;其中,每个交易处理系统至少包括至少一个背书节点、共识节点以及提交节点,至少一个背书节点、共识节点以及提交节点与上述图1所示的区块链系统中的背书节点、共识节点以及提交节点的功能相同。In order to protect the privacy of the payment account, the embodiment of the present invention proposes a transaction processing method based on the transaction processing system shown in FIG. 3A or FIG. 3B, which can protect the privacy of the payment account. As shown in FIG. 3A or FIG. 3B, the transaction processing system includes at least one terminal and at least one transaction processing system. The at least one terminal can log in to at least one payment account respectively. In the embodiment of the present invention, the payment account can also be called the first account. In the transaction processing method, each terminal has the same processing process for the transaction initiated by the logged-in payment account. Each transaction processing system in at least one transaction processing system also has the same processing process for the transaction submitted by the terminal. Each transaction processing system can be maintained by a corresponding institution. For example, in the alliance chain scenario of the financial industry, each bank can maintain a transaction processing system to process the transaction submitted by the terminal logged in by the user account of the bank; wherein each transaction processing system includes at least one endorsement node, a consensus node and a submission node, and the at least one endorsement node, a consensus node and a submission node have the same functions as the endorsement node, the consensus node and the submission node in the blockchain system shown in FIG. 1 above.

其中,图3A所示的交易处理系统中,每个交易处理系统还可以包括一个管理节点Group Manager;图3B所示的交易处理系统中,背书节点还可以执行管理节点的功能。也就是说,管理节点可以为独立于交易处理系统的一个节点,也可以为与证书机构的证书颁发节点合并为一个节点,还可以与交易处理系统中的背书节点合并为一个节点,管理节点用于为付款账号生成凭据,来保护付款账号的身份隐私性。In the transaction processing system shown in FIG3A, each transaction processing system may further include a management node Group Manager; in the transaction processing system shown in FIG3B, the endorsement node may further perform the function of the management node. That is, the management node may be a node independent of the transaction processing system, or may be combined with the certificate issuing node of the certificate authority into one node, or may be combined with the endorsement node in the transaction processing system into one node. The management node is used to generate credentials for the payment account to protect the identity privacy of the payment account.

本发明实施例中,每个交易处理系统可以为一个服务器,该服务器来执行交易处理系统中各节点的功能;每个交易处理系统也可以为多个服务器,例如,每个节点对应一个服务器来执行相应的功能,由于本发明实施例中,交易处理系统中背书节点、共识节点以及提交节点之间的交互与现有技术中类似,故本发明实施例将交易处理系统统称为交易处理设备,由交易处理设备来执行各节点的功能;相应的,由于每个终端与交易处理设备的交互过程也相同,因此,如图3C所示,将图3A所示的交易处理系统抽象为包括一个终端、一个交易处理设备以及一个管理设备的系统;相应的,如图3D所示,将图3B所示的交易处理系统抽象为包括一个终端和一个交易处理设备的系统,其中,图3D中,交易处理设备还可以执行管理设备的功能,为付款账号生成凭据,来保护付款账号的身份隐私性。In an embodiment of the present invention, each transaction processing system may be a server, which executes the functions of each node in the transaction processing system; each transaction processing system may also be multiple servers, for example, each node corresponds to a server to execute the corresponding function. Since in the embodiment of the present invention, the interaction between the endorsement node, the consensus node and the submission node in the transaction processing system is similar to that in the prior art, the embodiment of the present invention refers to the transaction processing system as a transaction processing device, and the transaction processing device executes the function of each node; accordingly, since the interaction process between each terminal and the transaction processing device is also the same, as shown in FIG3C, the transaction processing system shown in FIG3A is abstracted into a system including a terminal, a transaction processing device and a management device; accordingly, as shown in FIG3D, the transaction processing system shown in FIG3B is abstracted into a system including a terminal and a transaction processing device, wherein, in FIG3D, the transaction processing device can also execute the function of the management device to generate credentials for the payment account to protect the identity privacy of the payment account.

另外,本发明实施例中,将收款账号统称为第二账号,登陆收款账号的终端也可以称为收款方或者接收方。In addition, in the embodiment of the present invention, the payment account is collectively referred to as the second account, and the terminal that logs into the payment account may also be referred to as the payment party or the recipient.

本发明实施例中,终端生成交易内容的签名信息时,不再利用付款账号的私钥来生成,而是利用付款账号的凭据来生成交易内容的签名信息。这样,即使拥有付款账号的公钥的第三方,也无法识别出该签名信息就是该付款账号所登录的终端生成的;相应的,验证者如背书节点和提交节点在验证该交易内容的签名信息时,也不再使用付款账号的公钥来验证,而是利用生成该凭据的管理设备的公钥来验证,从而避免整个交易处理过程中,付款账号的公钥被验证者或者任何第三方获知,有效的保护了付款账号的隐私性。In the embodiment of the present invention, when the terminal generates the signature information of the transaction content, it no longer uses the private key of the payment account, but uses the credential of the payment account to generate the signature information of the transaction content. In this way, even a third party with the public key of the payment account cannot recognize that the signature information is generated by the terminal logged in by the payment account; accordingly, when verifying the signature information of the transaction content, the verifier, such as the endorsement node and the submission node, no longer uses the public key of the payment account to verify, but uses the public key of the management device that generates the credential to verify, thereby preventing the public key of the payment account from being known by the verifier or any third party during the entire transaction processing process, and effectively protecting the privacy of the payment account.

为了便于后续描述,本发明实施例将付款账号的凭据所生成的交易内容的签名信息称为第一签名信息。For the convenience of subsequent description, the embodiment of the present invention refers to the signature information of the transaction content generated by the credentials of the payment account as the first signature information.

本发明实施例中,终端可以将付款账号需要隐私保护的内容发送给管理设备,管理设备根据该需要隐私保护的内容为付款账号生成凭据。例如,管理设备根据付款账号的一次性公钥和/或拥有的交易金额生成付款账号的凭据。In an embodiment of the present invention, the terminal can send the content of the payment account that needs privacy protection to the management device, and the management device generates a credential for the payment account based on the content that needs privacy protection. For example, the management device generates a credential for the payment account based on the one-time public key of the payment account and/or the transaction amount owned.

由于该凭据是管理设备为付款账号签发的,因此,付款账号一旦采用该凭据生成交易内容的签名时,就对该交易内容不能抵赖。从而,可以在保护付款账号的隐私性的同时,保持交易内容的不可抵赖性。Since the credential is issued by the management device for the payment account, once the payment account uses the credential to generate a signature for the transaction content, the transaction content cannot be denied. Thus, the privacy of the payment account can be protected while maintaining the non-repudiation of the transaction content.

在一些实施例中,终端获取付款账号的凭据可以包括以下步骤:In some embodiments, the terminal may obtain the credentials of the payment account by:

11)终端向管理设备发送凭据请求消息,所述凭据请求消息中包括所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文;11) The terminal sends a credential request message to the management device, wherein the credential request message includes the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account;

12)终端接收所述管理设备返回的凭据响应消息,所述凭据响应消息中包括所述第一账号的凭据,所述第一账号的凭据是所述管理设备根据所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文生成的。12) The terminal receives a credential response message returned by the management device, wherein the credential response message includes the credentials of the first account, and the credentials of the first account are generated by the management device based on the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

例如,终端将付款账号Alice的一次性公钥otpkAlice提交给管理设备,管理设备根据自身的私钥gsk=α以及随机数xAlice,为Alice生成的凭据credential为(AAlice,xAlice),其中:For example, the terminal submits the one-time public key otpk Alice of the payment account Alice to the management device. The management device generates the credential (A Alice , x Alice ) for Alice based on its own private key gsk=α and the random number x Alice , where:

其中,g1、g2以及h为系统参数。Among them, g 1 , g 2 and h are system parameters.

再例如,终端将付款账号Alice所拥有的金额C以及一次性公钥otpkAlice提交给管理设备,管理设备根据自身的私钥gsk=α以及随机数xAlice,为Alice生成的credential为(AAlice,xAlice),其中:For another example, the terminal submits the amount C owned by the payment account Alice and the one-time public key otpk Alice to the management device. The management device generates a credential (A Alice , x Alice ) for Alice based on its own private key gsk=α and the random number x Alice , where:

其中,g1、g2以及h为系统参数。Among them, g 1 , g 2 and h are system parameters.

又例如,终端仅将付款账号所拥有的金额C发送给管理设备,那么管理设备为付款账号Alice所生成的凭据中,otpkAlice等于1。For another example, the terminal only sends the amount C of the payment account to the management device. Then, in the credential generated by the management device for the payment account Alice, otpk Alice is equal to 1.

本发明实施例中的交易处理方法与图2所示的交易处理方法相比,不同之处在于,本发明实施例中,终端是根据付款账号的凭据来生成交易内容的第一签名信息的,相应的,交易处理设备验证交易请求消息,获得的第一验证结果;以及交易处理设备验证交易记录消息,获得的第二验证结果,该第一验证结果和第二验证结果均包括第一签名信息的验证结果,该第一签名信息的验证结果是交易处理设备根据管理设备的公钥以及第一签名信息中的验证参数进行验证计算获得的。The transaction processing method in the embodiment of the present invention is different from the transaction processing method shown in Figure 2 in that, in the embodiment of the present invention, the terminal generates the first signature information of the transaction content based on the credentials of the payment account, and accordingly, the transaction processing device verifies the transaction request message and obtains the first verification result; and the transaction processing device verifies the transaction record message and obtains the second verification result, the first verification result and the second verification result both include the verification result of the first signature information, and the verification result of the first signature information is obtained by the transaction processing device performing verification calculation based on the public key of the management device and the verification parameters in the first signature information.

另外,在第一验证结果中时,该第一签名信息的验证结果用于指示该第一账号是否为能够访问交易处理设备的账号,或者是否为该交易处理设备颁发的账号,或者为该第一账号是否具有访问该交易处理设备的权限;在第二验证结果中时,该第一签名信息的验证结果用于指示该第一账号是否具有使用该区块链的权限,也就是说是否能够将该第一账号相关的交易记录存储到区块链上,可选的,该第一签名信息的验证结果的作用可与验证是否通过后相关的操作所关联,本申请不做限定。In addition, in the first verification result, the verification result of the first signature information is used to indicate whether the first account is an account that can access the transaction processing device, or whether it is an account issued by the transaction processing device, or whether the first account has the authority to access the transaction processing device; in the second verification result, the verification result of the first signature information is used to indicate whether the first account has the authority to use the blockchain, that is, whether the transaction records related to the first account can be stored on the blockchain. Optionally, the role of the verification result of the first signature information can be associated with related operations after the verification is passed, which is not limited in this application.

具体的,如图4所示,本发明实施例所述的交易处理方法可以包括以下步骤:Specifically, as shown in FIG4 , the transaction processing method according to the embodiment of the present invention may include the following steps:

S301、终端根据第一账号的凭据生成交易内容的第一签名信息,所述交易内容是终端基于所述第一账号发起的,所述凭据是根据管理设备利用自身的私钥为第一账号生成的;S301. The terminal generates first signature information of transaction content according to the credentials of the first account, where the transaction content is initiated by the terminal based on the first account, and the credentials are generated for the first account by the management device using its own private key;

其中,终端根据第一账号的凭据生成交易内容的第一签名信息时,还需要根据第一账号作为收款方时接收该笔交易金额时使用的是一次性公钥的地址还是长期公钥的哈希值的地址,来确定是根据第一账号的一次性私钥和凭据来生成第一签名信息,还是根据第二账号的长期私钥和凭据来生成第一签名信息;也就是说,当第一账号作为收款方接收本次待消费的金额时使用的是一次性公钥的地址,则第一账号作为付款方消费该金额时,步骤S301为终端根据第一账号的一次性私钥和凭据生成交易内容的第一签名信息;当第一账号作为收款方接收本次待消费的金额时使用的是长期公钥的哈希值的地址,则第一账号作为付款方消费该金额时,步骤S301为终端根据第一账号的长期私钥和凭据生成交易内容的第一签名信息。Among them, when the terminal generates the first signature information of the transaction content according to the credentials of the first account, it is also necessary to determine whether to generate the first signature information according to the one-time private key and credentials of the first account or the long-term private key and credentials of the second account based on whether the first account uses the address of the one-time public key or the address of the hash value of the long-term public key when receiving the transaction amount as the payee; that is, when the first account uses the address of the one-time public key when receiving the amount to be consumed as the payee, then when the first account consumes the amount as the payee, step S301 is for the terminal to generate the first signature information of the transaction content according to the one-time private key and credentials of the first account; when the first account uses the address of the hash value of the long-term public key when receiving the amount to be consumed as the payee, then when the first account consumes the amount as the payee, step S301 is for the terminal to generate the first signature information of the transaction content according to the long-term private key and credentials of the first account.

S302、所述终端向所述交易处理设备发送交易请求消息,所述交易请求消息包括所述第一签名信息和所述交易内容;S302: The terminal sends a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

S303、交易处理设备根据交易请求消息向终端返回交易响应消息,所述交易响应消息包括所述交易结果信息;S303: The transaction processing device returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message includes the transaction result information;

其中,所述交易结果信息可以为多个,该多个交易结果信息可以分别为交易处理设备中多个背书节点模拟运行交易内容获得的。There may be multiple transaction result information, and the multiple transaction result information may be obtained by simulating the transaction content by multiple endorsement nodes in the transaction processing device.

其中,交易处理设备根据交易请求消息向终端返回交易响应消息之前,所述方法还包括:所述交易处理设备验证所述交易请求消息,获得第一验证结果;当所述第一验证结果为通过时,所述交易处理设备运行所述交易内容,获得交易结果信息。Among them, before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method also includes: the transaction processing device verifies the transaction request message and obtains a first verification result; when the first verification result is passed, the transaction processing device runs the transaction content and obtains transaction result information.

S304、所述终端根据交易响应消息向所述交易处理设备发送交易记录消息;S304, the terminal sends a transaction record message to the transaction processing device according to the transaction response message;

S305、交易处理设备将交易记录消息携带的交易记录存储到区块链上。S305. The transaction processing device stores the transaction record carried by the transaction record message on the blockchain.

其中,所述交易处理设备验证所述交易记录消息,获得第二验证结果;当所述第二验证结果为通过时,所述交易处理设备执行305将所述交易记录消息携带的交易记录存储到区块链上的步骤。The transaction processing device verifies the transaction record message and obtains a second verification result; when the second verification result is passed, the transaction processing device executes step 305 to store the transaction record carried by the transaction record message on the blockchain.

其中,所述交易记录包括所述交易内容、所述第一签名信息以及所述交易结果信息;The transaction record includes the transaction content, the first signature information and the transaction result information;

其中,所述第一验证结果和所述第二验证结果均包括所述第一签名信息的验证结果,所述第一签名信息的验证结果是所述交易处理设备根据所述管理设备的公钥与所述第一签名信息中的验证参数进行验证计算获得的。Among them, the first verification result and the second verification result both include the verification result of the first signature information, and the verification result of the first signature information is obtained by the transaction processing device through verification calculation based on the public key of the management device and the verification parameters in the first signature information.

需要注意的是,虽然步骤S301至S305未提到第二账号以及交易金额的相关处理步骤,但为了实现交易处理方法,本领域技术人员可以与本发明实施例所述的第二账号以及交易金额的相关处理步骤或现有技术中如图2中对第二账号以及交易金额的相关处理步骤相结合,验证第二账号的准入资格、交易金额的正确性以及第一账号的准入资格。例如,假设只保护第一账号的匿名性,第二账号和交易金额均采用现有技术中的处理方法,则除了终端生成第一签名信息外,交易内容中还需要携带输入金额的明文和输出金额的明文以使交易处理设备验证交易的准确性;同时交易内容中还需要携带第二账号的通常意义的证书(即第二账号的长期公钥,不同于实施例二中利用第二账号的长期公钥生成的能够进行零知识证明的证书)以使交易处理设备验证第二账号的准入资格,同时,交易内容的接收地址即第二账号的地址为第二账号的长期公钥的哈希值,故第一验证结果还包括交易处理设备对交易金额的验证结果和对第二账号的证书的验证结果。It should be noted that although steps S301 to S305 do not mention the relevant processing steps for the second account and the transaction amount, in order to implement the transaction processing method, those skilled in the art can combine the relevant processing steps for the second account and the transaction amount described in the embodiment of the present invention or the relevant processing steps for the second account and the transaction amount in the prior art as shown in Figure 2 to verify the access qualifications of the second account, the correctness of the transaction amount and the access qualifications of the first account. For example, assuming that only the anonymity of the first account is protected, and the second account and the transaction amount are both processed using the prior art, then in addition to the first signature information generated by the terminal, the transaction content also needs to carry the plain text of the input amount and the plain text of the output amount so that the transaction processing device can verify the accuracy of the transaction; at the same time, the transaction content also needs to carry the certificate of the second account in the usual sense (that is, the long-term public key of the second account, which is different from the certificate that can perform zero-knowledge proof generated using the long-term public key of the second account in Example 2) so that the transaction processing device can verify the access qualifications of the second account. At the same time, the receiving address of the transaction content, that is, the address of the second account, is the hash value of the long-term public key of the second account. Therefore, the first verification result also includes the verification result of the transaction processing device on the transaction amount and the verification result of the certificate of the second account.

其中,第一账号的准入资格或第二账号的准入资格是根据第一签名信息或第二签名信息的验证结果获得的,具体该准入资格是指第一账号和第二账号是否具有使用区块链的权限,还是是否能够访问交易处理设备,还是是否为交易处理设备颁发的账号等,可以根据验证结果是否通过后的相关操作来限定。例如,第一签名信息的验证结果在第一验证结果中时,该第一签名信息的验证结果用于指示第一账号是否能够访问交易处理设备;第一签名信息的验证结果在第二验证结果中时,该第一签名信息的验证结果用于指示第一账号是否具有使用区块链的权限。Among them, the access qualification of the first account or the access qualification of the second account is obtained according to the verification result of the first signature information or the second signature information. Specifically, the access qualification refers to whether the first account and the second account have the authority to use the blockchain, whether they can access the transaction processing device, or whether they are accounts issued by the transaction processing device, etc., which can be limited according to the relevant operations after the verification result is passed. For example, when the verification result of the first signature information is in the first verification result, the verification result of the first signature information is used to indicate whether the first account can access the transaction processing device; when the verification result of the first signature information is in the second verification result, the verification result of the first signature information is used to indicate whether the first account has the authority to use the blockchain.

本发明实施例中,该第一签名信息为零知识证明的签名,即终端可以根据付款账号的凭据利用零知识证明算法生成交易内容的第一签名信息。相应的,验证者如交易处理设备可以利用管理设备的公钥gpk来验证该零知识证明的第一签名信息。其中,零知识证明是指证明者针对要保密的有用信息进行一系列的数学计算获得一个签名,该签名就是一系列参数,该系列参数中不包括要保密的有用信息;验证者可以利用该系列参数来执行一系列的数学计算,根据数学计算的结果可以验证证明者针对该有用信息的论断,即验证证明者的论断是正确的,通常该论断即为证明者能够获知要保密的有用信息的论断。In an embodiment of the present invention, the first signature information is a zero-knowledge proof signature, that is, the terminal can generate the first signature information of the transaction content using the zero-knowledge proof algorithm based on the credentials of the payment account. Correspondingly, the verifier, such as the transaction processing device, can use the public key gpk of the management device to verify the first signature information of the zero-knowledge proof. Among them, zero-knowledge proof means that the prover performs a series of mathematical calculations on the useful information to be kept confidential to obtain a signature, and the signature is a series of parameters, and the series of parameters does not include the useful information to be kept confidential; the verifier can use the series of parameters to perform a series of mathematical calculations, and the prover's assertion on the useful information can be verified according to the results of the mathematical calculations, that is, the prover's assertion is correct, which is usually the assertion that the prover can obtain the useful information to be kept confidential.

例如,交易处理设备验证通过时,可以相信终端针对第一签名信息的论断:付款账号具有管理设备签发的凭据credential以及一次性私钥,即付款账号具有准入证明。For example, when the transaction processing device passes the verification, the terminal's assertion about the first signature information can be trusted: the payment account has the credential issued by the management device and the one-time private key, that is, the payment account has access proof.

其中,该零知识证明(Signature of knowledge,SoK)的表达式为:Among them, the expression of the zero-knowledge proof (Signature of knowledge, SoK) is:

SoK{(secret value):“relations to proof”}(Message to sign);SoK{(secret value):“relations to proof”}(Message to sign);

该表达式中(secret value)是证明者的秘密,例如,付款账号具有一次性私钥和管理设备为付款账号签发的凭据等;“relations to proof”是想证明的关系,例如,想证明的关系或论断为:终端能够获知付款账号的一次性私钥和管理设备为付款账号签发的凭据;(Message to sign)的部分是要签名的文件,例如,该文件可以为付款账号发起的交易内容;在表达式中所有不属于证明者秘密的符号都是公开的数值,例如,登录付款账号的终端设置付款账号的匿名性,而没有设置保护收款账号以及交易金额的隐私性,则关于收款账号和交易金额的相关参数都是公开的;另外,该零知识证明中所用的除了证明者秘密的其他参数都可以是公开的,可以包含在签名中,如系统参数可以包括在第一签名信息中,统称为验证参数。In this expression, (secret value) is the prover's secret, for example, the payment account has a one-time private key and a credential issued by the management device for the payment account; "relations to proof" is the relationship to be proved, for example, the relationship or assertion to be proved is: the terminal can obtain the one-time private key of the payment account and the credential issued by the management device for the payment account; the part (Message to sign) is the file to be signed, for example, the file can be the transaction content initiated by the payment account; in the expression, all symbols that are not secrets of the prover are public values, for example, the terminal for logging into the payment account sets the anonymity of the payment account, but does not set the privacy of the receiving account and the transaction amount, then the relevant parameters about the receiving account and the transaction amount are all public; in addition, all parameters used in the zero-knowledge proof except the prover's secret can be public and can be included in the signature, such as system parameters can be included in the first signature information, collectively referred to as verification parameters.

举例来说,假设付款账号为Alice,并且Alice本次要消费的金额是Alice作为收款方时从自身的一次性公钥的地址获得的,故本次交易的第一签名信息需使用Alice的一次性私钥otskAlice,管理设备为Alice签发的凭据为(AAlice,xAlice),其中,该凭据是管理设备根据第一账号的一次性公钥和第一账号具有的交易金额的密文生成的,管理设备的公钥则终端利用零知识证明为交易内容生成的签名的表达式为:For example, assuming that the payment account is Alice, and the amount Alice wants to spend this time is obtained from the address of her own one-time public key when Alice is the payee, the first signature information of this transaction needs to use Alice's one-time private key otsk Alice , and the credential issued by the management device to Alice is (A Alice , x Alice ), where the credential is generated by the management device based on the ciphertext of the one-time public key of the first account and the transaction amount of the first account, and the public key of the management device Then the expression of the signature generated by the terminal for the transaction content using zero-knowledge proof is:

其中,Tx1为要签名的交易内容;g1、g2以及h为系统参数;Among them, Tx1 is the transaction content to be signed; g1 , g2 and h are system parameters;

○随机生成a,k,ra,rb,rx,rk∈Zp ○ Randomly generate a, k , ra , rb , rx , rk∈Zp

○计算:○ Calculation:

○T=e(f,otskAlice),○T=e(f,otsk Alice ),

○计算c=H(param,gpk,S,K,T,R1,R3,Msg),param为系统参数,Msg为交易内容;○ Calculate c = H (param, gpk, S, K, T, R 1 , R 3 , Msg), param is the system parameter, Msg is the transaction content;

○zk=rk+ck,○z k = r k + ck,

○za=ra+ca,zara +ca,

○zx=rx+cx,○z x = r x + c x,

○zb=rb+cax,○z b = r b + c ax,

○第一签名信息=(S,K,T,c,zk,za,zx,zb)○First signature information = (S, K, T, c, zk , za , zx , zb )

因此,终端向交易处理设备发送的交易请求消息和交易记录消息中只需要携带上述利用零知识证明生成的第一签名信息,验证者可以通过该第一签名信息来获知:终端能够获得付款账号的一次性私钥和群管理员为其签发的凭据,从而可以验证付款账号具有准入资格,并且由于该凭据是可信的管理设备生成的,因此,可以避免付款账号对该交易内容进行抵赖。Therefore, the transaction request message and transaction record message sent by the terminal to the transaction processing device only need to carry the first signature information generated by the zero-knowledge proof. The verifier can know through the first signature information that the terminal can obtain the one-time private key of the payment account and the credential issued by the group administrator for it, so as to verify that the payment account is eligible for access. And because the credential is generated by a trusted management device, the payment account can be prevented from denying the transaction content.

相应的,交易处理设备利用管理设备的公钥和上述零知识证明生成的第一签名信息进行如下验证计算:Accordingly, the transaction processing device uses the public key of the management device The first signature information generated by the above zero-knowledge proof is verified as follows:

○收到第一签名信息=(S,K,T,c,zk,za,zx,zb)后,计算:○ After receiving the first signature information = (S, K, T, c, z k , za , z x , z b ), calculate:

如果c=H(param,gpk,S,K,T,R1,R3,Msg),则验证通过。即该第一签名信息验证通过,即指示第一账号具有将所述交易记录存储到区块链上的条件。If c=H(param, gpk, S, K, T, R 1 , R 3 , Msg), the verification is successful. That is, the first signature information is verified successfully, indicating that the first account has the conditions for storing the transaction record on the blockchain.

其中,函数或映射e为一个双线性配对映射,该映射e:G1×G2→GT如果满足以下条件,就称其为一个双线性配对映射:The function or mapping e is a bilinear pairing mapping. The mapping e: G 1 ×G 2GT is called a bilinear pairing mapping if it satisfies the following conditions:

●双线性性:对任何 ● Bilinearity: for any

●非退化性:e(g1,g2)≠1,这1指GT的单位元。●Non-degeneracy: e(g 1 , g 2 )≠1, where 1 refers to the identity element of GT .

其中,G1,G2和GT是阶为素数p的乘法群,g1是G1的生成元,g2是G2的生成元。对于一个正整数n,用[n]表示不大于n的所有正整数之集,即[n]={1,2,...,n},表示模一个正整数p的所有非零剩余类,即 Among them, G1 , G2 and GT are multiplicative groups of prime order p, g1 is the generator of G1 , and g2 is the generator of G2 . For a positive integer n, [n] represents the set of all positive integers not greater than n, that is, [n] = {1, 2, ..., n}, represents all non-zero residue classes modulo a positive integer p, that is

可见,本发明实施例可以避免验证者或其他能够获知签名的第三方利用付款账号公开的公钥识别付款账号的身份信息,同时可以采用零知识证明使得验证者和第三方获知付款账号具有准入资格,以及获知付款账号具有管理设备签发的凭据使得付款账号不得抵赖相应的交易内容。It can be seen that the embodiments of the present invention can prevent the verifier or other third party that can obtain the signature from using the public key disclosed by the payment account to identify the identity information of the payment account. At the same time, zero-knowledge proof can be used to enable the verifier and the third party to know that the payment account has access qualifications, and that the payment account has credentials issued by the management device so that the payment account cannot deny the corresponding transaction content.

实施例二Embodiment 2

若交易内容是第一账号针对第二账号发起的,也就是说,该交易内容涉及交易双方时,为了保护第二账号的隐私性,本发明实施例基于图3A至3D所示的交易处理系统还提出了一种交易处理方法,可以保护第二账号的隐私性。其中,图3A所示的交易处理系统中,每个交易处理系统还可以包括一个证书机构的证书颁发节点,该证书颁发节点用于为各收款账号颁发用于生成交易内容的第二签名信息的证书,即该证书与普通的证书是不同的,该证书不需要使用长期公钥来验证,如本发明实施例所述,使用一次性公钥、证书颁发设备的公钥以及签名信息即可验证该证书。或者,基于图3B所示的交易处理系统中,背书节点还可以执行证书颁发节点的功能,还用于为用户颁发上述证书。或者,图3C所示的交易处理系统中还包括证书颁发设备;或者图3D所示的交易处理系统中,交易处理设备还执行证书颁发设备的功能,该证书颁发设备能够为收款账号颁发证书,该证书与普通的证书不同,利用该证书,终端可以生成交易内容的第二签名信息,第二签名信息可以保护收款账号的隐私性,同时使得交易处理设备验证收款账号是否具有将所述交易记录存储到区块链上的条件。If the transaction content is initiated by the first account for the second account, that is, when the transaction content involves both parties to the transaction, in order to protect the privacy of the second account, the embodiment of the present invention further proposes a transaction processing method based on the transaction processing system shown in Figures 3A to 3D, which can protect the privacy of the second account. Among them, in the transaction processing system shown in Figure 3A, each transaction processing system can also include a certificate issuing node of a certificate authority, and the certificate issuing node is used to issue a certificate for each payment account to generate the second signature information of the transaction content, that is, the certificate is different from the ordinary certificate, and the certificate does not need to be verified using a long-term public key. As described in the embodiment of the present invention, the certificate can be verified using a one-time public key, the public key of the certificate issuing device, and the signature information. Alternatively, based on the transaction processing system shown in Figure 3B, the endorsement node can also perform the function of the certificate issuing node, and is also used to issue the above-mentioned certificate to the user. Alternatively, the transaction processing system shown in Figure 3C also includes a certificate issuing device; or in the transaction processing system shown in Figure 3D, the transaction processing device also performs the function of a certificate issuing device, and the certificate issuing device can issue a certificate for the receiving account. The certificate is different from an ordinary certificate. Using this certificate, the terminal can generate a second signature information for the transaction content. The second signature information can protect the privacy of the receiving account, and at the same time enable the transaction processing device to verify whether the receiving account has the conditions to store the transaction record on the blockchain.

本发明实施例以登录收款账号的收款终端向证书颁发(Certificate Authority,CA)设备(或交易处理设备,或证书颁发节点)申请证书,可以包括以下步骤:In the embodiment of the present invention, the payment terminal that logs in to the payment account applies for a certificate from a certificate authority (CA) device (or a transaction processing device, or a certificate issuing node), which may include the following steps:

21)收款终端向CA设备发送证书申请消息,所述证书申请消息中携带收款账号的长期公钥以及拥有长期私钥的证明信息;21) The payment terminal sends a certificate application message to the CA device, and the certificate application message carries the long-term public key of the payment account and the proof of the long-term private key;

22)CA设备验证所述证书申请消息通过时,根据所述收款账号的长期公钥生成所述收款账号的证书,并向收款终端返回证书响应消息,该证书响应消息中携带所述收款账号的证书。22) When the CA device verifies that the certificate application message is passed, it generates a certificate of the payment account according to the long-term public key of the payment account, and returns a certificate response message to the payment terminal, which carries the certificate of the payment account.

这样,付款账号要向收款账号发起交易内容时,可以从收款终端获取收款账号的该证书,从而利用该证书生成交易内容的第二签名信息。In this way, when the paying account initiates a transaction to the receiving account, the certificate of the receiving account can be obtained from the receiving terminal, and the second signature information of the transaction content can be generated using the certificate.

举例来说,收款账号Bob的长期公钥YBob,CA设备的私钥cask为β,公钥capk为则CA设备验证证书申请消息通过后,可以为Bob生成用于零知识证明的证书为(FBob,wBob),其中:For example, the long-term public key of the receiving account Bob is Y Bob , the private key cask of the CA device is β, and the public key capk is After the CA device verifies the certificate application message, it can generate a certificate for Bob for zero-knowledge proof (F Bob , w Bob ), where:

其中,h0为系统参数,wBob为随机生成的。Among them, h0 is the system parameter and w Bob is randomly generated.

另外,本发明实施例中,为了保护收款账号的隐私性,除了生成交易内容的第二签名信息来验证收款账号的准入资格外,还可以利用收款账号的一次性公钥作为交易内容或者收款方的地址,而不再利用现有技术中收款账号的长期公钥的哈希值作为交易内容的地址,从而可以避免现有技术中交易处理设备需要利用收款账号的长期公钥来验证该收款方的地址,所造成的收款账号的身份泄露。In addition, in an embodiment of the present invention, in order to protect the privacy of the payment account, in addition to generating a second signature information of the transaction content to verify the access qualification of the payment account, the one-time public key of the payment account can also be used as the transaction content or the address of the payee, instead of using the hash value of the long-term public key of the payment account in the prior art as the address of the transaction content, thereby avoiding the identity leakage of the payment account caused by the transaction processing device in the prior art needing to use the long-term public key of the payment account to verify the address of the payee.

本发明实施例中,收款账号的一次性公钥可以根据收款账号的长期公钥来生成,例如,利用一次性公钥生成PKeyGen()函数来生成收款账号的一次性公钥。In the embodiment of the present invention, the one-time public key of the payment account can be generated according to the long-term public key of the payment account, for example, the one-time public key generation PKeyGen() function is used to generate the one-time public key of the payment account.

也就是说,终端生成收款账号的一次性公钥,可以包括:终端根据收款账号的长期公钥和一次性公钥生成PKeyGen()函数,计算所述收款账号的一次性公钥。That is, the terminal generates a one-time public key of the payment account, which may include: the terminal generates a PKeyGen() function according to the long-term public key and the one-time public key of the payment account, and calculates the one-time public key of the payment account.

例如,收款账号Bob的长期公钥YBob作为PKeyGen()函数的输入,输出Bob的一次性公钥其中,rtx为随机数。For example, the long-term public key Y Bob of the receiving account Bob is used as the input of the PKeyGen() function, and the output is Bob's one-time public key Among them, r tx is a random number.

另外,终端还可以根据系统参数g1、g2以及该rtx获得付款账号发起的交易内容中携带该Rtx,R′tx,用于计算收款账号的一次性私钥。其中,在该收款账号发起交易,例如,消费该笔从付款账号输入的交易金额时,可以利用该一次性私钥来保护该收款账号的匿名性。In addition, the terminal can also obtain the following information based on the system parameters g 1 , g 2 and r tx The transaction content initiated by the payment account carries the R tx , R′ tx , which is used to calculate the one-time private key of the receiving account. When the receiving account initiates a transaction, for example, when consuming the transaction amount input from the payment account, the one-time private key can be used to protect the anonymity of the receiving account.

也就是说,用户账号作为收款账号时,在计算该用户账号的一次性公钥时可以获得该参数Rtx,R′tx,这样,用户账号需要消费该次收入的交易金额时,可以利用该参数Rtx,R′tx生成一次性私钥,利用该一次性私钥和管理设备生成的凭据可以对包括该交易金额的交易内容生成如实施例一所述的第一签名信息,从而保证该用户账号作为付款账号时的匿名性。That is to say, when the user account is used as a receiving account, the parameters R tx , R′ tx can be obtained when calculating the one-time public key of the user account. In this way, when the user account needs to consume the transaction amount of this income, the parameters R tx , R′ tx can be used to generate a one-time private key. The one-time private key and the credentials generated by the management device can be used to generate the first signature information as described in Example 1 for the transaction content including the transaction amount, thereby ensuring the anonymity of the user account when used as a payment account.

其中,收款账号的一次性私钥是由登录收款账号的终端根据收款账号的长期私钥和上述参数R′tx生成的。例如,一次性私钥生成SKeyGen()函数的输入为收款账号Bob的长期私钥yBob以及参数R′tx,即SKeyGen(R′tx,yBob),计算得到的一次性私钥 The one-time private key of the payment account is generated by the terminal that logs into the payment account according to the long-term private key of the payment account and the above-mentioned parameter R′ tx . For example, the input of the one-time private key generation SKeyGen() function is the long-term private key yBob of the payment account Bob and the parameter R′ tx , that is, SKeyGen(R′ tx , yBob), and the calculated one-time private key is

另外,本发明实施例中,付款终端将收款账号的一次性公钥作为收款方的地址时,收款方,即登录收款账号的收款终端可以通过检查该地址,即检查该一次性公钥来确认收款方是否为自身。具体的,收款终端可以通过一次性公钥检查PKeyCheck()函数来检查交易记录中收款方的地址。例如,登录收款账号Bob的收款终端将交易内容中Rtx、一次性公钥OtpkBob以及长期私钥yBob作为一次性公钥检查PKeyCheck()函数的输入,若即该函数输出为1,则表明该收款方的地址为Bob的地址,也就是说该交易内容的收款方是Bob;若该函数输出为0,则表明该交易内容的收款方不是Bob。In addition, in the embodiment of the present invention, when the payment terminal uses the one-time public key of the payment account as the address of the payee, the payee, that is, the payment terminal that logs into the payment account, can confirm whether the payee is itself by checking the address, that is, checking the one-time public key. Specifically, the payment terminal can check the address of the payee in the transaction record through the one-time public key check PKeyCheck() function. For example, the payment terminal that logs into the payment account Bob uses R tx in the transaction content, the one-time public key Otpk Bob , and the long-term private key yBob as the input of the one-time public key check PKeyCheck() function. If That is, if the function output is 1, it indicates that the payee's address is Bob's address, which means that the payee of the transaction content is Bob; if the function output is 0, it indicates that the payee of the transaction content is not Bob.

本发明实施例中,付款终端将收款账号的该一次性公钥作为交易内容的地址之外,还需要根据收款账号的一次性公钥和收款账号的证书生成交易内容的第二签名信息,该第二签名信息的验证结果用于指示收款账号是否具有将该交易内容存储到区块链上的条件,该条件可以为收款账号的长期私钥是否有对应的证书。相应的,该第二签名信息还不能包括收款账号的证书,故本发明实施例既验证了第二账号的准入资格,又保护了收款账号的匿名性。In the embodiment of the present invention, the payment terminal uses the one-time public key of the payment account as the address of the transaction content, and also needs to generate the second signature information of the transaction content according to the one-time public key of the payment account and the certificate of the payment account. The verification result of the second signature information is used to indicate whether the payment account has the conditions to store the transaction content on the blockchain. The condition can be whether the long-term private key of the payment account has a corresponding certificate. Correspondingly, the second signature information cannot include the certificate of the payment account. Therefore, the embodiment of the present invention not only verifies the access qualification of the second account, but also protects the anonymity of the payment account.

也就是说,为了保护第二账号的匿名性,如图5所示,该交易处理方法与图4所示的交易处理方法相比,不同之处在于,图4中的步骤301替换为步骤401-402,其中:That is, in order to protect the anonymity of the second account, as shown in FIG. 5 , the transaction processing method is different from the transaction processing method shown in FIG. 4 in that step 301 in FIG. 4 is replaced by steps 401-402, wherein:

401、终端根据第二账号的长期公钥生成第二账号的一次性公钥;401. The terminal generates a one-time public key of the second account according to the long-term public key of the second account;

402、终端根据所述第二账号的一次性公钥和第二账号的证书生成交易内容的第二签名信息。402. The terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account.

其中,该证书是根据证书颁发设备的私钥生成的;例如,根据上述步骤21)至22)生成的;相应的,交易请求消息和交易记录中还包括第二账号的一次性公钥和第二签名信息,该第二账号的该一次性公钥为第二账号的地址。Among them, the certificate is generated based on the private key of the certificate issuing device; for example, it is generated according to the above steps 21) to 22); accordingly, the transaction request message and transaction record also include the one-time public key and second signature information of the second account, and the one-time public key of the second account is the address of the second account.

另外,所述第一验证结果和所述第二验证结果还包括所述第二签名信息的验证结果,所述第二签名信息的验证结果是根据所述第二账号的所述一次性公钥、所述证书颁发设备的公钥以及所述第二签名信息中的验证参数进行验证计算获得的。In addition, the first verification result and the second verification result also include a verification result of the second signature information, and the verification result of the second signature information is obtained by performing verification calculation based on the one-time public key of the second account, the public key of the certificate issuing device, and the verification parameters in the second signature information.

可选地,第二签名信息的验证结果在第一验证结果中时,用于指示第二账号具有访问该交易处理设备的权限,即交易处理设备能够模拟运行该交易内容;该第二签名信息的验证结果在第二验证结果中时,用于指示第二账号具有使用区块链的权限。Optionally, when the verification result of the second signature information is in the first verification result, it is used to indicate that the second account has the authority to access the transaction processing device, that is, the transaction processing device can simulate the operation of the transaction content; when the verification result of the second signature information is in the second verification result, it is used to indicate that the second account has the authority to use the blockchain.

需要注意的是,虽然步骤S401至S402未提到第一账号以及交易金额的相关处理步骤,但为了实现交易处理方法,本领域技术人员可以与本发明实施例所述的第一账号以及交易金额的相关处理步骤或现有技术中如图2中对第一账号以及交易金额的相关处理步骤相结合,验证第二账号的准入资格、交易金额的正确性以及第一账号的准入资格,来完成交易处理过程。例如,假设仅保护第二账号的匿名性,第一账号和交易金额均采用现有技术中的处理方法,则除了终端生成第二签名信息外,交易内容中还需要携带输入金额的明文和输出金额的明文以使交易处理设备验证交易的准确性;同时交易内容中还需要携带第一账号的通常意义的证书(即第一账号的长期公钥,不同于实施例二中用于零知识证明的证书)以使交易处理设备验证第一账号的准入资格,同时,终端还需要根据第一账号的一次性私钥或长期私钥生成交易内容的第一签名信息,以使的第一账号对该交易不得抵赖,故第一验证结果还包括交易处理设备对交易金额的验证结果和对第一账号的证书的验证结果,第一验证结果和第二验证结果还同时包括的有对第一签名信息的验证结果。It should be noted that although steps S401 to S402 do not mention the relevant processing steps for the first account and the transaction amount, in order to implement the transaction processing method, those skilled in the art may combine the relevant processing steps for the first account and the transaction amount described in the embodiment of the present invention or the relevant processing steps for the first account and the transaction amount in the prior art as shown in FIG. 2 to verify the access qualifications of the second account, the correctness of the transaction amount and the access qualifications of the first account to complete the transaction processing process. For example, assuming that only the anonymity of the second account is protected, and the first account and the transaction amount are both processed using the prior art processing method, then in addition to the terminal generating the second signature information, the transaction content also needs to carry the plain text of the input amount and the plain text of the output amount so that the transaction processing device can verify the accuracy of the transaction; at the same time, the transaction content also needs to carry the certificate of the first account in the usual sense (that is, the long-term public key of the first account, which is different from the certificate used for zero-knowledge proof in Example 2) so that the transaction processing device can verify the access qualifications of the first account. At the same time, the terminal also needs to generate the first signature information of the transaction content based on the one-time private key or long-term private key of the first account, so that the first account cannot deny the transaction. Therefore, the first verification result also includes the verification result of the transaction processing device on the transaction amount and the verification result of the certificate of the first account. The first verification result and the second verification result also include the verification result of the first signature information.

在一些实施例中,该第二签名信息为零知识证明的签名,例如,假设第二账号为Bob,生成第二签名信息的表达式为:In some embodiments, the second signature information is a zero-knowledge proof signature. For example, assuming that the second account is Bob, the expression for generating the second signature information is:

具体的,终端根据第二账号的一次性公钥OtpkBob、证书(FBob,wBob)以及CA设备的公钥capk为生成第二签名信息的计算过程包括:Specifically, the terminal obtains the one-time public key Otpk Bob of the second account, the certificate (F Bob , w Bob ) and the public key capk of the CA device as follows: The calculation process of generating the second signature information includes:

○随机生成ρ,rω,rτ,rρ,rσ∈Zp ○Randomly generate ρ, r ω , r τ , r ρ , r σ ∈Z p

○计算:○ Calculation:

○计算c=H(param,capk,θ,R2,Msg),其中,param为系统参数,Msg为交易内容。○ Calculate c = H (param, capk, θ, R 2 , Msg), where param is the system parameter and Msg is the transaction content.

○计算○Calculation

■zω=rω+c·wBob ■ z ω = r ω + c · w Bob

■zτ=rτ+c/rtx ■z τ =r τ +c/r tx

■zρ=rρ+cρ +cρ

■zσ=rσ+cρwBob ■ z σ = r σ + cρw Bob

○第二签名信息=(θ,c,zω,zτ,zρ,zσ)○ Second signature information = (θ, c, z ω , z τ , z ρ , z σ )

相应的,交易处理设备可以利用CA设备的公钥第二账号的地址即第二账号的一次性公钥OtpkBob以及第二签名信息进行如下验证计算:Accordingly, the transaction processing device can use the public key of the CA device The address of the second account, i.e. the one-time public key Otpk Bob of the second account, and the second signature information are verified and calculated as follows:

○收到签名=(θ,c,zω,zτ,zρ,zσ)后,计算:○After receiving the signature = (θ, c, z ω , z τ , z ρ , z σ ), calculate:

○如果c=H(param,capk,θ,R2,Msg),则验证通过。○ If c = H(param, capk, θ, R 2 , Msg), the verification passes.

另外,若本发明实施例中只保护第二账号的匿名性,则交易内容具有上述第二签名信息外,还需要使用第一账号的长期私钥或者一次性私钥生成交易内容的第一签名信息,从而验证第一账号的准入资格。此时第一签名信息的生成是利用第一账号的长期私钥还是一次性私钥是根据第一账号作为收款方接收此次交易的金额时所使用的是一次性公钥的地址,还是长期公钥的哈希值的地址。相应的,若只保护第二账号的匿名性,则为了验证交易的正确性,交易内容中需要携带交易金额的明文,这样,交易处理设备可以采用该交易金额来验证交易的正确性。In addition, if only the anonymity of the second account is protected in the embodiment of the present invention, then in addition to the second signature information mentioned above, the transaction content also needs to use the long-term private key or one-time private key of the first account to generate the first signature information of the transaction content, so as to verify the access qualification of the first account. At this time, whether the first signature information is generated using the long-term private key of the first account or the one-time private key is based on whether the first account uses the address of the one-time public key or the hash value of the long-term public key when receiving the amount of the transaction as the payee. Correspondingly, if only the anonymity of the second account is protected, in order to verify the correctness of the transaction, the transaction content needs to carry the plain text of the transaction amount, so that the transaction processing device can use the transaction amount to verify the correctness of the transaction.

可见,本发明实施例中,为保护第二账号的匿名性,登录第一账号的终端需要根据第二账号的长期公钥生成第二账号的一次性公钥,将该一次性公钥作为交易内容的地址;并根据该一次性公钥和第二账号的证书生成交易内容的第二签名信息,该第二签名信息使得验证者如交易处理设备可以验证第二账号的准入资格,从而,使得验证者如交易处理设备无需获知第二账号的长期公钥即可验证第二账号的准入资格以及使得该交易内容的收款方根据该一次性公钥即可获知收款方是否为自身,避免了现有技术中第二账号的公钥被交易双方之外的第三方获知,保护了第二账号的匿名性。It can be seen that in the embodiment of the present invention, in order to protect the anonymity of the second account, the terminal that logs into the first account needs to generate a one-time public key of the second account based on the long-term public key of the second account, and use the one-time public key as the address of the transaction content; and generate the second signature information of the transaction content based on the one-time public key and the certificate of the second account, and the second signature information enables the verifier such as the transaction processing device to verify the access qualification of the second account, thereby, the verifier such as the transaction processing device can verify the access qualification of the second account without knowing the long-term public key of the second account, and the payee of the transaction content can know whether the payee is itself based on the one-time public key, thereby avoiding the public key of the second account being known by a third party other than the two parties to the transaction in the prior art, and protecting the anonymity of the second account.

另外,生成一次性公钥的同时,还可以获得第二账号的一次性私钥生成函数的参数以及一次性公钥检查函数的参数,将这两个参数存储到交易内容中,使得第二账号收到该交易内容时,利用一次性公钥检查函数的参数来检查该交易内容的地址是否为自身,若为自身,则在消费该交易内容中的交易金额时,可以利用一次性私钥生成函数的参数以及第二账号的凭据生成交易内容的签名信息,也就是说,第二账号为付款账号且消费该笔交易金额时,可以利用该一次性私钥生成函数的参数生成第二账号的一次性私钥,并利用该一次性私钥和凭据生成交易内容的签名信息,从而,如实施例一所述,保护了第二账号作为付款账号时的匿名性。In addition, while generating the one-time public key, the parameters of the one-time private key generation function and the one-time public key check function of the second account can also be obtained, and these two parameters are stored in the transaction content, so that when the second account receives the transaction content, the parameters of the one-time public key check function are used to check whether the address of the transaction content is itself. If it is itself, when consuming the transaction amount in the transaction content, the parameters of the one-time private key generation function and the credentials of the second account can be used to generate the signature information of the transaction content. That is to say, when the second account is a payment account and consumes the transaction amount, the parameters of the one-time private key generation function can be used to generate the one-time private key of the second account, and the one-time private key and the credentials can be used to generate the signature information of the transaction content. Therefore, as described in Example 1, the anonymity of the second account when it is used as a payment account is protected.

实施例三Embodiment 3

根据业务设置,为了保护交易内容中交易金额的隐私性,本发明实施例提出一种交易处理方法,该交易处理方法中,可以生成交易内容的第三签名信息,验证者如交易处理设备可以根据第三签名信息的验证结果来获知交易总输入金额是否等于交易总输出金额,从而使得交易内容中不携带交易金额的同时,保证交易金额的正确性。According to the business settings, in order to protect the privacy of the transaction amount in the transaction content, an embodiment of the present invention proposes a transaction processing method, in which a third signature information of the transaction content can be generated, and a verifier such as a transaction processing device can obtain whether the total transaction input amount is equal to the total transaction output amount based on the verification result of the third signature information, thereby ensuring the correctness of the transaction amount while not carrying the transaction amount in the transaction content.

本发明实施例中,如图6所示,该交易处理方法与图4所示的交易处理方法相比,不同之处在于,图4中的步骤301替换为步骤501-403,其中:In the embodiment of the present invention, as shown in FIG. 6 , the transaction processing method is different from the transaction processing method shown in FIG. 4 in that step 301 in FIG. 4 is replaced by steps 501-403, wherein:

501、终端确定各输入金额的密文以及各输出金额的密文;501. The terminal determines the ciphertext of each input amount and the ciphertext of each output amount;

502、终端根据各输入金额的密文和所述各输出金额的密文,计算总输入金额与总输出金额之间差值的密文;502. The terminal calculates the ciphertext of the difference between the total input amount and the total output amount based on the ciphertext of each input amount and the ciphertext of each output amount;

503、终端根据该差值的密文生成所述交易内容的第三签名信息;503. The terminal generates third signature information of the transaction content according to the ciphertext of the difference;

其中,所述交易请求消息和所述交易记录中还包括所述第三签名信息;所述第一验证结果和所述第二验证结果还包括所述第三签名信息的验证结果,所述第三签名信息的验证结果用于指示所述总输入金额是否等于所述总输出金额。The transaction request message and the transaction record also include the third signature information; the first verification result and the second verification result also include the verification result of the third signature information, and the verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

需要注意的是,虽然步骤S501至S503未提到第一账号以及第二账号的相关处理步骤,但为了实现交易处理方法,本领域技术人员可以根据本发明实施例所述的第一账号以及交易金额的相关处理步骤或现有技术中如图2中对第一账号以及交易金额的相关处理步骤相结合,验证第二账号的准入资格、交易金额的正确性以及第一账号的准入资格,来完成交易处理过程。例如,假设仅保护交易金额的匿名性,第一账号和第二账号均采用现有技术中的处理方法,则除了终端生成第三签名信息外,交易内容中还需要携带第一账号和第二账号的通常意义的证书以使交易处理设备验证第一账号和第二账号的准入资格,同时,终端还需要根据第一账号的一次性私钥或长期私钥生成交易内容的第一签名信息,以使的第一账号对该交易不得抵赖;终端还需要将第二账号的长期公钥的哈希值作为接收地址;故第一验证结果还包括交易处理设备对第一账号第二账号的证书的验证结果,第一验证结果和第二验证结果还同时包括的有对第一签名信息的验证结果。It should be noted that, although steps S501 to S503 do not mention the relevant processing steps of the first account and the second account, in order to implement the transaction processing method, those skilled in the art can verify the access qualification of the second account, the correctness of the transaction amount, and the access qualification of the first account according to the relevant processing steps of the first account and the transaction amount described in the embodiment of the present invention or the relevant processing steps of the first account and the transaction amount as shown in Figure 2 in the prior art, to complete the transaction processing process. For example, assuming that only the anonymity of the transaction amount is protected, the first account and the second account are both processed using the processing method in the prior art. In addition to the third signature information generated by the terminal, the transaction content also needs to carry the certificates of the first account and the second account in the usual sense so that the transaction processing device can verify the access qualification of the first account and the second account. At the same time, the terminal also needs to generate the first signature information of the transaction content according to the one-time private key or long-term private key of the first account, so that the first account cannot deny the transaction; the terminal also needs to use the hash value of the long-term public key of the second account as the receiving address; therefore, the first verification result also includes the verification result of the transaction processing device on the certificates of the first account and the second account, and the first verification result and the second verification result also include the verification result of the first signature information.

其中,终端确定各输入金额的密文和各输出金额的密文具体可以采用加法同态加密算法。其中,加法同态加密算法是指对加密的数据进行运算处理得到一个输出,将这一输出进行解密,其结果与用加法处理未加密的原始数据得到的输出结果是一样。因此,终端直接利用各输入金额的密文和各输出金额的密文,获得总输入金额的密文以及总输出金额的密文。The terminal can determine the ciphertext of each input amount and the ciphertext of each output amount by using an additive homomorphic encryption algorithm. The additive homomorphic encryption algorithm refers to performing arithmetic processing on the encrypted data to obtain an output, and decrypting this output. The result is the same as the output result obtained by processing the unencrypted original data by addition. Therefore, the terminal directly uses the ciphertext of each input amount and the ciphertext of each output amount to obtain the ciphertext of the total input amount and the ciphertext of the total output amount.

在一些实施例中,该第三签名信息也可以为零知识证明的签名,即验证者如交易处理设备可以根据第三签名信息中的验证参数、各输入金额的密文和各输出金额的密文进行零知识证明的验证计算,根据计算的结果可以获知交易的正确性。例如,假设交易输入金额分别为input1,input2;交易输出金额分别为output1和output2,利用加法同态加密算法HEncpk()分别获得的交易输入金额的密文为Ci1和Ci2,获得的交易输出金额的密文为Co1和Co2,则In some embodiments, the third signature information can also be a zero-knowledge proof signature, that is, the verifier such as the transaction processing device can perform zero-knowledge proof verification calculations based on the verification parameters in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount, and the correctness of the transaction can be known based on the calculation results. For example, assuming that the transaction input amounts are input1 and input2 respectively; the transaction output amounts are output1 and output2 respectively, and the ciphertexts of the transaction input amounts obtained by using the additive homomorphic encryption algorithm HEnc pk () are C i1 and C i2 respectively, and the ciphertexts of the transaction output amounts obtained are C o1 and C o2 , then

C′=Ci1Ci2/Co1Co2=HEncpk(0)C′=C i1 C i2 /C o1 C o2 =HEnc pk (0)

然后,终端可以生成“该C′为加密了明文为0的密文”的零知识证明的签名,作为第三签名信息即可。Then, the terminal can generate a signature of the zero-knowledge proof that "C' is a ciphertext encrypted with a plaintext of 0" as the third signature information.

例如,假设付款方发起的交易有一个输入金额和一个输出金额,即付款方与收款方是一对一的关系,交易输入金额的明文为min,密文为其中,rin为付款方加密的随机数;交易输出金额的明文为mout,密文为其中,rout为付款方加密的随机数;则该第三签名信息为零知识证明的签名时的表达式为:For example, suppose the transaction initiated by the payer has an input amount and an output amount, that is, the payer and the payee are in a one-to-one relationship, the plaintext of the transaction input amount is min , and the ciphertext is Among them, r in is the random number encrypted by the payer; the plain text of the transaction output amount is m out and the cipher text is Among them, r out is the random number encrypted by the payer; then the expression when the third signature information is the signature of the zero-knowledge proof is:

其中,Tx1为要签名的交易内容,r′=rin-rout,g4为系统参数。Wherein, Tx1 is the transaction content to be signed, r′= rin - rout , and g4 is the system parameter.

具体的,终端计算该零知识证明的签名可以包括以下计算过程:Specifically, the terminal may calculate the signature of the zero-knowledge proof by including the following calculation process:

○随机生成rrp,∈Zp ○ Randomly generate r rp ,∈Z p

○计算:○ Calculation:

○计算c=H(param,R1,Msg),其中,param为系统参数,Msg为交易内容。○ Calculate c=H(param, R 1 , Msg), where param is the system parameter and Msg is the transaction content.

○计算○Calculation

■zrp=rrp+cr′,■z rp = r rp + cr′,

○第三签名信息=(c,zrp)○ Third signature information = (c, z rp )

交易处理设备利用交易内容中输入金额的密文Cin、输出金额的密文Cout和上述第三签名信息进行如下验证计算:The transaction processing device uses the ciphertext C in of the input amount, the ciphertext C out of the output amount and the third signature information in the transaction content to perform the following verification calculation:

○收到第三签名信息=(c,zrp)后,计算:○After receiving the third signature information = (c, z rp ), calculate:

○如果c=H(param,R1,Msg),则验证通过。○ If c = H(param, R 1 , Msg), the verification passes.

也就是说,第三签名信息验证通过时,交易处理设备可以获知该交易金额是正确的,从而保证交易的正确性。That is to say, when the third signature information is verified, the transaction processing device can know that the transaction amount is correct, thereby ensuring the correctness of the transaction.

可见,本发明实施例中利用第三签名信息来保证交易的正确性,从而避免了交易请求消息和交易记录中携带交易金额,保护了交易金额的隐私性。It can be seen that in the embodiment of the present invention, the third signature information is used to ensure the correctness of the transaction, thereby avoiding the transaction amount being carried in the transaction request message and the transaction record, and protecting the privacy of the transaction amount.

上述实施例一至三,分别从保护付款方即第一账号、收款方即第二账号或交易金额的隐私性三个方面,阐述了本申请所述的交易处理方法。The above-mentioned embodiments 1 to 3 respectively describe the transaction processing method described in the present application from three aspects: protecting the privacy of the payer, i.e., the first account, the payee, i.e., the second account, or the transaction amount.

在一些实施例中,根据业务设置,也可以选择包括付款方即第一账号、收款方即第二账号以及交易金额中任一项或多项的隐私性,具体的交易处理方法可以相应的包括上述实施例一至三中相关的步骤和实现方式。本发明实施例不做限定。In some embodiments, according to the business settings, the privacy of any one or more of the payer, i.e., the first account, the payee, i.e., the second account, and the transaction amount may also be selected, and the specific transaction processing method may correspondingly include the relevant steps and implementation methods in the above-mentioned embodiments 1 to 3. The embodiments of the present invention are not limited.

例如,本发明实施例中,若终端除了保护交易金额的隐私性外,还包括第一账号或第二账号的隐私性保护,则可以采用上述实施例一和/或实施例二的方式,执行相关的操作,来实现交易金额以及第一账号的隐私性保护,或者实现交易金额以及第二账号的隐私性保护,或者实现交易金额、第一账号和第二账号的隐私保护。相应的,若终端根据图8所示的用户界面的输入只需保护交易金额的隐私性,则可以采用现有技术中利用第一账号的长期私钥或一次性私钥生成交易内容的第一签名信息,第二账号的长期公钥的哈希值作为第二账号的地址。也就是说,本发明实施例所述的交易处理方法中的隐私性保护操作可以和现有技术中的交易处理方法相结合,实现交易金额的隐私性保护、交易金额和第一账号的隐私性保护、交易金额和第二账号的隐私性保护、第一账号和第二账号的隐私性保护、以及第一账号、第二账号和交易金额的隐私性保护等方案,以上组合方式均属于本申请的保护范围。For example, in an embodiment of the present invention, if the terminal includes privacy protection of the first account or the second account in addition to protecting the privacy of the transaction amount, then the above-mentioned embodiment 1 and/or embodiment 2 can be used to perform related operations to achieve privacy protection of the transaction amount and the first account, or to achieve privacy protection of the transaction amount and the second account, or to achieve privacy protection of the transaction amount, the first account and the second account. Correspondingly, if the terminal only needs to protect the privacy of the transaction amount according to the input of the user interface shown in Figure 8, the first signature information of the transaction content can be generated by using the long-term private key or the one-time private key of the first account in the prior art, and the hash value of the long-term public key of the second account is used as the address of the second account. In other words, the privacy protection operation in the transaction processing method described in the embodiment of the present invention can be combined with the transaction processing method in the prior art to achieve privacy protection of the transaction amount, privacy protection of the transaction amount and the first account, privacy protection of the transaction amount and the second account, privacy protection of the first account and the second account, and privacy protection of the first account, the second account and the transaction amount, etc., and the above combination methods all belong to the protection scope of this application.

实施方式四Implementation Method 4

为了便于理解本申请的上述三个发明点,本申请以实施例四为例,详细阐述如何同时保护第一账号、第二账号以及交易金额的隐私性。In order to facilitate understanding of the above three invention points of the present application, the present application takes Example 4 as an example to elaborate on how to simultaneously protect the privacy of the first account, the second account and the transaction amount.

请参阅图7,图7是本发明实施例提供的又一种交易处理方法的流程示意图,另外,为了阐述方便,将登陆第一账号的终端称为付款终端,将登陆第二账号的终端称为收款终端,将第一账号称为付款账号,第二账号称为收款账号,基于图3C所示的交易处理系统,该图7所示的交易处理方法可以包括以下步骤:Please refer to FIG. 7, which is a flowchart of another transaction processing method provided by an embodiment of the present invention. In addition, for the convenience of explanation, the terminal for logging into the first account is called a payment terminal, the terminal for logging into the second account is called a payment terminal, the first account is called a payment account, and the second account is called a payment account. Based on the transaction processing system shown in FIG. 3C, the transaction processing method shown in FIG. 7 may include the following steps:

601、终端向管理设备发送凭据请求消息;601. The terminal sends a credential request message to the management device;

其中,该终端为登陆第一账号的终端。该凭据请求消息中包括第一账号的一次性公钥和/或第一账号具有的交易金额的密文。该第一账号的一次性公钥是第一账号作为收款账号时,相应的付款账号根据第一账号的长期公钥生成的。The terminal is a terminal for logging into the first account. The credential request message includes a one-time public key of the first account and/or a ciphertext of the transaction amount of the first account. The one-time public key of the first account is when the first account is used as a payment account, the corresponding payment account is generated according to the long-term public key of the first account.

602、管理设备根据该第一账号的一次性公钥和/或第一账号具有的交易金额的密文,生成第一账号的凭据;602. The management device generates a credential of the first account according to the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account;

603、管理设备向终端返回凭据响应消息;603. The management device returns a credential response message to the terminal;

其中,该凭据响应消息中携带该第一账号的凭据。The credential response message carries the credentials of the first account.

604、终端根据第二账号的长期公钥生成第二账号的一次性公钥,将该一次性公钥作为交易内容的接收地址;604. The terminal generates a one-time public key of the second account according to the long-term public key of the second account, and uses the one-time public key as a receiving address for the transaction content;

其中,终端可以根据实施例二中的一次性公钥生成函数来生成第二账号的一次性公钥,此处不再详述。Among them, the terminal can generate a one-time public key of the second account according to the one-time public key generation function in Example 2, which will not be described in detail here.

605、终端确定各输入金额的密文以及各输出金额的密文,根据所述各输入金额的密文和所述各输出金额的密文,计算总输入金额与总输出金额之间差值的密文;605. The terminal determines the ciphertext of each input amount and the ciphertext of each output amount, and calculates the ciphertext of the difference between the total input amount and the total output amount based on the ciphertext of each input amount and the ciphertext of each output amount;

606、终端根据第一账号的一次性私钥、凭据,第二账号的证书,总输入金额与总输出金额之间的差值的密文,生成交易内容的签名信息。606. The terminal generates signature information of the transaction content according to the one-time private key and credential of the first account, the certificate of the second account, and the ciphertext of the difference between the total input amount and the total output amount.

也就是说,该交易内容的签名信息包括实施例一至三中的第一签名信息、第二签名信息以及第三签名信息。That is to say, the signature information of the transaction content includes the first signature information, the second signature information and the third signature information in embodiments one to three.

607、终端向交易处理设备发送交易请求消息,该交易请求消息中携带交易内容的签名信息、作为接收地址的第二账号的一次性公钥以及交易内容。607. The terminal sends a transaction request message to the transaction processing device. The transaction request message carries signature information of the transaction content, a one-time public key of the second account as a receiving address, and the transaction content.

其中,该交易内容中可以包括终端生成第二账号的一次性公钥时,获得的一次性私钥生成函数的参数和一次性公钥检查函数的参数。登录第二账号的终端可以根据第一次性公钥检查函数的参数以及自身的长期私钥来检查交易内容的接收地址是否为自身;并在消费该次交易的交易金额时,可以根据一次性私钥生成函数的参数和长期私钥来生成第二账号的一次性私钥,进而,使用该一次性私钥来生成交易内容的签名,从而保护第二账号作为付款账号时的匿名性。The transaction content may include the parameters of the one-time private key generation function and the one-time public key check function obtained when the terminal generates the one-time public key of the second account. The terminal that logs into the second account can check whether the receiving address of the transaction content is itself based on the parameters of the first one-time public key check function and its own long-term private key; and when consuming the transaction amount of the transaction, it can generate the one-time private key of the second account based on the parameters of the one-time private key generation function and the long-term private key, and then use the one-time private key to generate the signature of the transaction content, thereby protecting the anonymity of the second account as a payment account.

另外,第二账号的凭据,可以为登录第一账号的终端在申请第一账号的凭据时,同时为第二账号申请该凭据;也可以为登录第二账号的终端在消费该笔交易的交易金额时,申请第二账号的凭据,本发明实施例不做限定。In addition, the credentials of the second account can be applied for by the terminal that logs into the first account when applying for the credentials of the first account, and the credentials for the second account at the same time; or the credentials of the second account can be applied for by the terminal that logs into the second account when consuming the transaction amount of the transaction, which is not limited in the embodiment of the present invention.

另外,图3C与图3D相比,基于图3C所示的交易处理系统中,交易处理方法会多一些与管理设备交互来生成第一账号和/或第二账号的凭据的步骤。In addition, compared with FIG. 3D , in the transaction processing system shown in FIG. 3C , the transaction processing method has more steps of interacting with the management device to generate credentials of the first account and/or the second account.

608、交易处理设备验证该交易请求消息,获得第一验证结果,当该第一验证结果为通过时,模拟运行交易内容,获得交易结果信息。608. The transaction processing device verifies the transaction request message and obtains a first verification result. When the first verification result is passed, the transaction content is simulated and the transaction result information is obtained.

其中,交易处理设备中可以包括至少一个背书节点,每个背书节点验证该交易请求消息通过时,都可以模拟运行交易内容,获得交易结果,并利用自身的私钥对交易结果签名,因此,该交易结果信息中包括至少一个背书节点的交易结果以及相应的签名。Among them, the transaction processing device may include at least one endorsement node. When each endorsement node verifies that the transaction request message is passed, it can simulate the transaction content, obtain the transaction result, and use its own private key to sign the transaction result. Therefore, the transaction result information includes the transaction result of at least one endorsement node and the corresponding signature.

609、交易处理设备向终端返回交易响应消息,该交易响应消息中携带该交易结果信息;609. The transaction processing device returns a transaction response message to the terminal, and the transaction response message carries the transaction result information;

610、终端向交易处理设备发送交易记录消息;该交易记录消息携带的交易记录中包括交易内容、交易内容的签名信息、至少一个背书节点的交易结果以及相应的签名;610. The terminal sends a transaction record message to the transaction processing device; the transaction record carried in the transaction record message includes transaction content, signature information of the transaction content, transaction result of at least one endorsement node, and corresponding signature;

611、交易处理设备接收该交易记录消息,并验证交易记录,获得第二验证结果,并在第二验证结果为通过时,将交易记录存储到区块链上。611. The transaction processing device receives the transaction record message, verifies the transaction record, obtains a second verification result, and stores the transaction record on the blockchain when the second verification result is passed.

本发明实施例中,如图7所示,交易处理设备中的共识节点接收该交易记录消息后,还需要将其他共识节点接收的交易记录一起根据接收时间进行排序,生成包括第一账号的交易记录的区块,将交易记录以区块形式提交给提交节点,由提交节点来验证区块中的交易记录,其中,提交节点验证每个交易记录的操作类似,故以第一账号发起交易的交易记录为例,第二验证结果中包括交易内容的签名信息的验证结果和交易结果的签名信息的验证结果,其中,交易内容的签名信息的验证结果是提交节点根据管理设备的公钥、第二账号的一次性公钥、CA设备的公钥以及签名信息中的验证参数进行验证的。另外,第二验证结果中还包括交易结果信息是否满足预设条件的验证结果,即提交节点还需要验证至少一个背书节点的交易结果和相应的签名是否满足预设条件,例如,预设条件为每条交易记录中需至少有十个背书节点的签名及相应的交易结果且各签名对应的交易结果是一致的。In the embodiment of the present invention, as shown in FIG7, after the consensus node in the transaction processing device receives the transaction record message, it is also necessary to sort the transaction records received by other consensus nodes together according to the receiving time, generate a block including the transaction record of the first account, submit the transaction record in the form of a block to the submission node, and the submission node verifies the transaction record in the block, wherein the operation of the submission node to verify each transaction record is similar, so taking the transaction record initiated by the first account as an example, the second verification result includes the verification result of the signature information of the transaction content and the verification result of the signature information of the transaction result, wherein the verification result of the signature information of the transaction content is verified by the submission node according to the public key of the management device, the one-time public key of the second account, the public key of the CA device, and the verification parameters in the signature information. In addition, the second verification result also includes the verification result of whether the transaction result information meets the preset conditions, that is, the submission node also needs to verify whether the transaction result and the corresponding signature of at least one endorsement node meet the preset conditions, for example, the preset condition is that there must be at least ten signatures and corresponding transaction results of endorsement nodes in each transaction record and the transaction results corresponding to each signature are consistent.

其中,背书节点运行交易内容之所以成为模拟,是因为在提交节点中验证多个背书节点的交易结果均一致,该交易结果才被接受,才可以称为实际交易结果,因此,在提交节点之前,可以称为模拟运行交易内容获得的交易结果,也保证了交易内容运行的准确性。The reason why the endorsement node runs the transaction content is called a simulation because the transaction results of multiple endorsement nodes are verified to be consistent in the submission node. Only then is the transaction result accepted and can it be called the actual transaction result. Therefore, before the submission node, it can be called the transaction result obtained by simulating the operation of the transaction content, which also ensures the accuracy of the transaction content operation.

举例来说,假设第一账号发起的交易有一个输入金额和一个输出金额,输入金额的明文为min,密文为其中,rin为付款方加密的随机数;输出金额的明文为mout,密文为其中,rout为付款方加密的随机数;登录第一账号Alice的终端利用第二账号Bob的长期公钥YBob生成Bob的一次性公钥与随机数(Rtx,R’tx);第二账号Bob的证书为(FBob,wBob);第一账号Alice的一次性私钥为otskAlice,管理设备为Alice签发的凭据为(AAlice,xAlice),则交易内容的签名信息为零知识证明的签名时,该零知识证明来证明“第一账号具有一次性私钥以及管理设备为其签发的凭据,第二账号具有长期公钥对应的证书,以及输入金额与输出金额之间差值的密文为加密了明文为0的密文”的签名的表达式为:For example, suppose the transaction initiated by the first account has an input amount and an output amount. The plaintext of the input amount is min and the ciphertext is Among them, r in is the random number encrypted by the payer; the plain text of the output amount is m out and the cipher text is Among them, r out is the random number encrypted by the payer; the terminal that logs in to the first account Alice uses the long-term public key Y Bob of the second account Bob to generate Bob's one-time public key and a random number (R tx , R' tx ); the certificate of the second account Bob is (F Bob , w Bob ); the one-time private key of the first account Alice is otsk Alice , and the credential issued by the management device to Alice is (A Alice , x Alice ), then when the signature information of the transaction content is a zero-knowledge proof signature, the zero-knowledge proof proves that "the first account has a one-time private key and a credential issued by the management device for it, the second account has a certificate corresponding to the long-term public key, and the ciphertext of the difference between the input amount and the output amount is a ciphertext encrypted with a plaintext of 0" The expression of the signature is:

SoK{(otskAlice,AAlice,xAlice,Cin,r′,FBob,wBob,rtx):SoK{(otsk Alice , A Alice , x Alice , C in , r′, F Bob , w Bob , r tx ):

其中,Tx1为要签名的交易内容,r′=rin-rout,g1、g2以及h为系统参数。Wherein, Tx1 is the transaction content to be signed, r′= rin - rout , g1 , g2 and h are system parameters.

具体的,终端计算该零知识证明的签名可以包括以下计算过程:Specifically, the terminal may calculate the signature of the zero-knowledge proof by including the following calculation process:

○随机生成a,k,ρ,ra,rb,rx,rk,rt1,rt2,rω,rτ,rρ,rσ∈Zp ○ Randomly generate a, k, ρ, r a , r b , r x , r k , r t1 , r t2 , r ω , r τ , r ρ , r σ ∈Z p

○计算:○ Calculation:

■T=e(f,otskAlice),■T=e(f,otsk Alice ),

○计算c=H(param,gpk,S,K,T,θ,R1,R2,R3,Msg),param为系统参数,Msg为交易内容(包括Cout),H为哈希函数。○ Calculate c=H(param, gpk, S, K, T, θ, R 1 , R 2 , R 3 , Msg), where param is the system parameter, Msg is the transaction content (including C out ), and H is the hash function.

○计算○Calculation

■zk=rk+ck,■z k = r k + ck,

■za=ra+ca,zara +ca,

■zx=rx+cx,■ z x = r x + c x,

■zb=rb+cax,■z b = r b + c ax,

■zrp=rrp+cr′,■z rp = r rp + cr′,

■zω=rω+c·wBob ■ z ω = r ω + c · w Bob

■zτ=rτ+c/rtx ■z τ =r τ +c/r tx

■zρ=rρ+cρ +cρ

■zσ=rσ+cρwBob ■ z σ = r σ + cρw Bob

○签名=(S,K,T,θ,c,zk,za,zx,zb,zrp,zω,zτ,zρ,zσ)○Signature = (S, K, T, θ, c, z k , z a , z x , z b , z rp , z ω , z τ , z ρ , z σ )

相应的,交易处理设备使用管理设备的公钥CA设备的公钥第二账号的一次性公钥OtpkBob与系统参数验证该零知识证明的签名可以包括以下计算过程:Accordingly, the transaction processing device uses the public key of the management device Public key of the CA device The one-time public key Otpk Bob of the second account and the system parameters verifying the signature of the zero-knowledge proof may include the following calculation process:

○如果c=H(param,gpk,S,K,T,θ,R1,R2,R3,Msg),则验证通过。○ If c = H(param, gpk, S, K, T, θ, R 1 , R 2 , R 3 , Msg), the verification passes.

验证通过就表明该零知识证明的签名所证明的内容是正确的,即第一账号具有一次性私钥以及管理设备为其签发的凭据,第二账号具有长期公钥对应的证书,以及输入金额与输出金额之间差值的密文为加密了明文为0的密文;也就是说,该签名的验证结果指示了第一账号和第二账号具有使用该区块链的条件、该交易是正确的。If the verification is successful, it means that the content proved by the signature of the zero-knowledge proof is correct, that is, the first account has a one-time private key and a credential issued by the management device, the second account has a certificate corresponding to the long-term public key, and the ciphertext of the difference between the input amount and the output amount is a ciphertext encrypted with a plaintext of 0; in other words, the verification result of the signature indicates that the first account and the second account have the conditions to use the blockchain and the transaction is correct.

可见,本发明实施例根据第一账号的一次性私钥、凭据、第二账号的证书以及输入金额与输出金额之间差值的密文生成交易内容的签名信息,使得验证方如交易处理设备利用该签名信息来验证第一账号和第二账号的准入资格,以及将第二账号的一次性公钥作为交易内容的接收地址,与现有技术中交易处理设备需要利用第一账号的公钥验证利用第一账号的私钥生成交易内容的签名、第二账号的公钥来验证第二账号的长期公钥的哈希值以及需要具体交易金额验证交易准确性相比,本发明实施例保护了第一账号、第二账号以及交易金额的隐私性。It can be seen that the embodiment of the present invention generates signature information of the transaction content based on the one-time private key of the first account, the credential, the certificate of the second account and the ciphertext of the difference between the input amount and the output amount, so that the verification party such as the transaction processing device uses the signature information to verify the access qualifications of the first account and the second account, and uses the one-time public key of the second account as the receiving address of the transaction content. Compared with the prior art in which the transaction processing device needs to use the public key of the first account to verify the signature of the transaction content generated by the private key of the first account, the public key of the second account to verify the hash value of the long-term public key of the second account, and the specific transaction amount is required to verify the accuracy of the transaction, the embodiment of the present invention protects the privacy of the first account, the second account and the transaction amount.

在一些可能的实现方式中,上述实施例中,交易内容中还可以具有各输入金额的密文以及各输出金额的密文,各输入金额的密文以及各输出金额的密文的加密密钥为第三方审核账号的公钥。例如,实施例三或四中,终端获取各输入金额的密文以及各输出金额的密文,可以为利用加法同态加密算法以及第三方审核账号的公钥获得各输入金额的密文和各输出金额的密文,这样,在保护交易金额隐私性的同时,还可以方便审计员使用第三方审核账号的私钥来解密上述各输入金额的密文和各输出金额的密文,从而获得各输入金额的明文和各输出金额的明文,以便于审计员的审计。In some possible implementations, in the above embodiments, the transaction content may also include the ciphertext of each input amount and the ciphertext of each output amount, and the encryption key of the ciphertext of each input amount and the ciphertext of each output amount is the public key of the third-party audit account. For example, in Embodiment 3 or 4, the terminal obtains the ciphertext of each input amount and the ciphertext of each output amount, and the ciphertext of each input amount and the ciphertext of each output amount can be obtained by using the additive homomorphic encryption algorithm and the public key of the third-party audit account. In this way, while protecting the privacy of the transaction amount, it is also convenient for the auditor to use the private key of the third-party audit account to decrypt the ciphertext of each input amount and the ciphertext of each output amount, thereby obtaining the plaintext of each input amount and the plaintext of each output amount, so as to facilitate the auditor's audit.

可选的,若上述实施例三或四中,不需要配合审计员的审计时,加法同态加密算法的加密密钥可为一随机数,则各输入金额的密文和各输出金额的密文将不能被解密,从而在保证交易正确性的同时,可以实现交易金额的隐私性保护。Optionally, if in the above-mentioned embodiment three or four, when there is no need to cooperate with the audit of the auditor, the encryption key of the additive homomorphic encryption algorithm can be a random number, then the ciphertext of each input amount and the ciphertext of each output amount will not be able to be decrypted, thereby ensuring the correctness of the transaction while achieving the privacy protection of the transaction amount.

在一些可能的实现方式中,上述实施例所述的交易处理方法中,还可以包括终端根据所述第一账号的所述一次性私钥生成所述各输入金额的标识;所述各输入金额的标识用于防止所述各输入金额被二次消费。例如,若区块链中已存在具有输入金额的标识T的交易记录,则交易处理设备验证该交易内容时再发现具有该输入金额的标识T,则可以确定为二次消费,验证不通过。可见,该实现方式可以利用各输入金额的标识来防止输入金额的二次消费。In some possible implementations, the transaction processing method described in the above embodiment may also include the terminal generating an identifier of each input amount based on the one-time private key of the first account; the identifier of each input amount is used to prevent the input amount from being consumed twice. For example, if a transaction record with the identifier T of the input amount already exists in the blockchain, when the transaction processing device verifies the transaction content and finds the identifier T of the input amount, it can be determined as a secondary consumption and the verification fails. It can be seen that this implementation method can use the identifier of each input amount to prevent the secondary consumption of the input amount.

进一步的,该实现方式所述的交易处理方法还可以包括:终端根据所述各输入金额的标识生成所述交易内容的第四签名信息;其中,所述交易请求消息和所述交易记录中还包括所述第四签名信息以及所述各输入金额的标识;所述各输入金额的标识用于防止所述各输入金额被二次消费;所述第一验证结果和所述第二验证结果还包括所述第四签名信息的验证结果,所述第四签名信息的验证结果是由所述交易处理设备根据所述各输入金额的标识和所述第四签名信息中的验证参数进行验证计算获得的,所述第四签名信息的验证结果用于指示所述各输入金额的标识是否正确。可见,若输入金额的标识不正确,则该第四签名信息的验证结果也是不通过的,进一步的避免输入金额的二次消费。Furthermore, the transaction processing method described in the implementation may also include: the terminal generates the fourth signature information of the transaction content according to the identification of each input amount; wherein the transaction request message and the transaction record also include the fourth signature information and the identification of each input amount; the identification of each input amount is used to prevent the input amount from being consumed twice; the first verification result and the second verification result also include the verification result of the fourth signature information, the verification result of the fourth signature information is obtained by the transaction processing device according to the identification of each input amount and the verification parameters in the fourth signature information, and the verification result of the fourth signature information is used to indicate whether the identification of each input amount is correct. It can be seen that if the identification of the input amount is incorrect, the verification result of the fourth signature information is also not passed, further avoiding the secondary consumption of the input amount.

其中,第四签名信息可以为零知识证明的签名,终端可以根据各输入金额的标识以及零知识证明算法计算所述交易内容的第四签名信息,相应的,交易处理设备验证交易请求消息和交易记录中的第四签名信息时也可以利用零知识证明算法来验证。Among them, the fourth signature information can be a zero-knowledge proof signature. The terminal can calculate the fourth signature information of the transaction content based on the identification of each input amount and the zero-knowledge proof algorithm. Correspondingly, the transaction processing device can also use the zero-knowledge proof algorithm to verify the fourth signature information in the transaction request message and the transaction record.

在一些可能的实现方式中,上述实施例所述的交易处理方法还可以包括:终端根据所述第三方审核账号的公钥加密所述第一账号的所述一次性公钥,获得所述第一账号的所述一次性公钥的密文,交易请求消息和交易记录中还包括第一账号的一次性公钥的密文,这样,审计员审计发起交易的账号时可以利用第三方审核账号的私钥来解密获得第一账号的一次性公钥,进一步,根据该一次性公钥可以获知第一账号的长期公钥,以便于审计员对该第一账号进行审计。In some possible implementations, the transaction processing method described in the above embodiment may further include: the terminal encrypts the one-time public key of the first account according to the public key of the third-party review account to obtain the ciphertext of the one-time public key of the first account, and the transaction request message and transaction record also include the ciphertext of the one-time public key of the first account. In this way, when the auditor audits the account that initiates the transaction, the private key of the third-party review account can be used to decrypt and obtain the one-time public key of the first account. Furthermore, the long-term public key of the first account can be obtained based on the one-time public key, so that the auditor can audit the first account.

进一步的,该实现方式中的交易处理方法还可以包括:终端根据第一账号的所述一次性公钥的密文,生成所述交易内容的第五签名信息;相应的,交易请求消息和所述交易记录中还包括所述第五签名信息,所述第一验证结果和所述第二验证结果还包括所述第五签名信息的验证结果,所述第五签名信息的验证结果是由所述交易处理设备根据所述第五签名信息中的验证参数进行验证计算获得的,所述第五签名信息的验证结果用于指示所述第一账号的所述一次性公钥的密文是否正确。Furthermore, the transaction processing method in this implementation may also include: the terminal generates fifth signature information of the transaction content based on the ciphertext of the one-time public key of the first account; accordingly, the transaction request message and the transaction record also include the fifth signature information, the first verification result and the second verification result also include the verification result of the fifth signature information, the verification result of the fifth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the fifth signature information, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

其中,第五签名信息可以为零知识证明的签名,终端可以根据各输入金额的标识以及零知识证明算法计算所述交易内容的第五签名信息,相应的,交易处理设备验证交易请求消息和交易记录中的第五签名信息时也可以利用零知识证明算法来验证。Among them, the fifth signature information can be a zero-knowledge proof signature. The terminal can calculate the fifth signature information of the transaction content based on the identification of each input amount and the zero-knowledge proof algorithm. Correspondingly, the transaction processing device can also use the zero-knowledge proof algorithm to verify the transaction request message and the fifth signature information in the transaction record.

在一些可能的实现方式中,上述实施例所述的交易处理方法还可以包括:终端根据所述第三方审核账号的公钥加密所述第二账号的所述长期公钥,获得所述第二账号的所述长期公钥的密文;相应的,交易请求消息和所述交易记录中还包括该长期公钥的密文。这样,具有第三方审核账号的审计员就可以利用自身的私钥来解密该长期公钥的密文,获得第二账号的长期公钥,从而获知该第二账号的身份信息,便于审计员的审计。In some possible implementations, the transaction processing method described in the above embodiment may also include: the terminal encrypts the long-term public key of the second account according to the public key of the third-party audit account to obtain the ciphertext of the long-term public key of the second account; accordingly, the transaction request message and the transaction record also include the ciphertext of the long-term public key. In this way, the auditor with the third-party audit account can use his own private key to decrypt the ciphertext of the long-term public key and obtain the long-term public key of the second account, thereby obtaining the identity information of the second account, which is convenient for the auditor's audit.

进一步的,该实现方式中的交易处理方法还可以包括:终端根据所述第二账号的所述长期公钥的密文,生成所述交易内容的第六签名信息;相应的,所述交易请求消息和所述交易记录中还包括所述第六签名信息;所述第一验证结果和所述第二验证结果还包括所述第六签名信息的验证结果,所述第六签名信息的验证结果是由所述交易处理设备根据所述第六签名信息中的验证参数进行验证计算获得的,所述第六签名信息的验证结果用于指示所述第二账号的所述长期公钥的密文是否正确。Furthermore, the transaction processing method in this implementation may also include: the terminal generates the sixth signature information of the transaction content based on the ciphertext of the long-term public key of the second account; accordingly, the transaction request message and the transaction record also include the sixth signature information; the first verification result and the second verification result also include the verification result of the sixth signature information, and the verification result of the sixth signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the sixth signature information, and the verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

其中,第六签名信息可以为零知识证明的签名,终端可以根据各输入金额的标识以及零知识证明算法计算所述交易内容的第六签名信息,相应的,交易处理设备验证交易请求消息和交易记录中的第六签名信息时也可以利用零知识证明算法来验证。Among them, the sixth signature information can be a zero-knowledge proof signature. The terminal can calculate the sixth signature information of the transaction content based on the identification of each input amount and the zero-knowledge proof algorithm. Correspondingly, the transaction processing device can also use the zero-knowledge proof algorithm to verify the sixth signature information in the transaction request message and the transaction record.

上述各种可选的实施例和可选的实现方式,分别从登陆第一账号的终端、交易处理设备、管理设备以及证书颁发设备交互的角度对本发明实施例提供的交易处理方法中如何保护第一账号的隐私性、如何保护第二账号的隐私性、如何保护交易内容中交易金额的隐私性以及如何配合审计员的审计等方面进行了阐述。可以理解的是,为了执行上述功能,交易处理设备、管理设备以及证书颁发设备可以包括相应的硬件结果和/软件模块,例如,交易处理设备可以包括至少一个背书节点、共识节点以及提交节点等,还可以由背书节点执行管理设备生成凭据的功能,还可以管理设备与证书颁发设备由同一个设备执行相应的功能。总之,本领域技术人员应该很容易意识到,结合本文中所公开的实施例或实现方式中中描述的各步骤或单元,本发明能够以硬件或已安检和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。The above various optional embodiments and optional implementation methods respectively describe how to protect the privacy of the first account, how to protect the privacy of the second account, how to protect the privacy of the transaction amount in the transaction content, and how to cooperate with the auditor's audit in the transaction processing method provided by the embodiment of the present invention from the perspective of the interaction between the terminal for logging into the first account, the transaction processing device, the management device, and the certificate issuing device. It can be understood that in order to perform the above functions, the transaction processing device, the management device, and the certificate issuing device may include corresponding hardware results and/software modules. For example, the transaction processing device may include at least one endorsement node, a consensus node, and a submission node, etc. The endorsement node may also perform the function of the management device to generate credentials, and the management device and the certificate issuing device may also perform the corresponding functions by the same device. In short, it should be easy for those skilled in the art to realize that, in combination with the steps or units described in the embodiments or implementation methods disclosed herein, the present invention can be implemented in the form of hardware or a combination of security inspection and computer software. Whether a function is executed in the form of hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to exceed the scope of the present invention.

请参阅图9,图9是本发明实施例提供的一种终端的结构示意图,所述终端包括处理器901、存储器902和通信接口903,存储器902用于存储程序指令,所述处理器901用于调用该程序指令来执行以下操作。Please refer to Figure 9, which is a structural diagram of a terminal provided in an embodiment of the present invention. The terminal includes a processor 901, a memory 902 and a communication interface 903. The memory 902 is used to store program instructions, and the processor 901 is used to call the program instructions to perform the following operations.

所述处理器901,用于根据第一账号的凭据生成交易内容的第一签名信息,所述交易内容是所述终端基于所述第一账号发起的,所述凭据是是由处理所述交易内容的交易处理设备为所述第一账号生成的;The processor 901 is configured to generate first signature information of transaction content according to a credential of a first account, wherein the transaction content is initiated by the terminal based on the first account, and the credential is generated for the first account by a transaction processing device that processes the transaction content;

所述通信接口903,用于向所述交易处理设备发送交易请求消息,所述交易请求消息包括所述第一签名信息和所述交易内容;The communication interface 903 is used to send a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

所述通信接口903,还用于接收所述交易处理设备返回的交易响应消息,所述交易响应消息包括所述交易处理设备根据所述交易内容生成的交易结果信息;The communication interface 903 is further used to receive a transaction response message returned by the transaction processing device, wherein the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

所述通信器903,还用于根据所述交易响应消息向所述交易处理设备发送交易记录消息,所述交易记录消息用于指示所述交易处理设备将所述交易记录存储到区块链上,所述交易记录包括所述交易内容、所述第一签名信息以及所述交易结果信息。The communicator 903 is also used to send a transaction record message to the transaction processing device according to the transaction response message, and the transaction record message is used to instruct the transaction processing device to store the transaction record on the blockchain, and the transaction record includes the transaction content, the first signature information and the transaction result information.

所述处理器根据第一账号的凭据生成交易内容的第一签名信息,具体为:The processor generates first signature information of the transaction content according to the credentials of the first account, specifically:

将第一账号的长期私钥/一次性私钥、所述第一账号的凭据以及交易内容作为零知识证明算法的输入,计算所述交易内容的第一签名信息。The long-term private key/one-time private key of the first account, the credentials of the first account and the transaction content are used as inputs of the zero-knowledge proof algorithm to calculate the first signature information of the transaction content.

其中,所述交易响应消息是所述交易处理设备验证所述交易请求消息获得的第一验证结果为通过时返回的;所述交易记录是所述交易处理设备验证所述交易记录消息获得的第二验证结果为通过时存储的;The transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction processing device for the transaction request message is passed; the transaction record is stored when the transaction processing device verifies that the second verification result obtained by the transaction processing device for the transaction record message is passed;

其中,所述第一验证结果和所述第二验证结果中均包括所述第一签名信息的验证结果;Wherein, both the first verification result and the second verification result include the verification result of the first signature information;

所述第一签名信息的验证结果是由所述交易处理设备根据自身的公钥以及所述第一签名信息中的验证参数进行验证计算获得的。The verification result of the first signature information is obtained by the transaction processing device performing verification calculation based on its own public key and the verification parameters in the first signature information.

其中,所述交易内容是所述终端基于所述第一账号针对第二账号发起的,所述处理器901,还用于根据所述第二账号的长期公钥生成所述第二账号的一次性公钥;The transaction content is initiated by the terminal for the second account based on the first account, and the processor 901 is further configured to generate a one-time public key of the second account according to the long-term public key of the second account;

所述处理器901,还用于根据所述第二账号的一次性公钥和所述第二账号的证书生成所述交易内容的第二签名信息;The processor 901 is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

其中,所述证书是根据证书颁发设备的私钥生成的;所述交易请求消息和所述交易记录中包括所述第二账号的一次性公钥和所述第二签名信息,所述第二账号的所述一次性公钥为所述第二账号的地址;The certificate is generated according to the private key of the certificate issuing device; the transaction request message and the transaction record include the one-time public key of the second account and the second signature information, and the one-time public key of the second account is the address of the second account;

其中,所述第一验证结果和所述第二验证结果还包括所述第二签名信息的验证结果,所述第二签名信息的验证结果是由所述交易处理设备根据所述第二账号的所述一次性公钥、所述证书颁发设备的公钥以及所述第二签名信息中的验证参数进行验证获得的。Among them, the first verification result and the second verification result also include the verification result of the second signature information, and the verification result of the second signature information is obtained by the transaction processing device based on the one-time public key of the second account, the public key of the certificate issuing device and the verification parameters in the second signature information.

在一种可能的实现方式中,In one possible implementation,

所述处理器901,还用于根据所述交易内容中各输入金额的密文和所述各输出金额的密文,计算总输入金额与总输出金额之间差值的密文;The processor 901 is further configured to calculate the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;

所述处理器901,还用于根据所述差值的密文生成所述交易内容的第三签名信息;The processor 901 is further configured to generate third signature information of the transaction content according to the ciphertext of the difference;

其中,所述交易请求消息和所述交易记录中还包括所述第三签名信息;Wherein, the transaction request message and the transaction record also include the third signature information;

所述第一验证结果和所述第二验证结果还包括所述第三签名信息的验证结果,所述第三签名信息的验证结果是由所述交易处理设备根据所述第三签名信息中的验证参数、所述各输入金额的密文以及所述各输出金额的密文进行验证计算获得的,所述第三签名信息的验证结果用于指示所述总输入金额是否等于所述总输出金额。The first verification result and the second verification result also include the verification result of the third signature information. The verification result of the third signature information is obtained by the transaction processing device through verification calculation based on the verification parameters in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount. The verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

在一种可能的实现方式中,所述各输入金额的密文以及所述各输出金额的密文的加密密钥为第三方审核账号的公钥。In a possible implementation, the encryption key of the ciphertext of each input amount and the ciphertext of each output amount is the public key of the third-party audit account.

在一种可能的实现方式中,所述处理器,还用于根据所述第一账号的所述一次性私钥生成所述各输入金额的标识;In a possible implementation, the processor is further configured to generate an identifier of each input amount according to the one-time private key of the first account;

所述处理器,还用于根据所述各输入金额的标识生成所述交易内容的第四签名信息;The processor is further configured to generate fourth signature information of the transaction content according to the identifiers of the input amounts;

其中,所述交易请求消息和所述交易记录中还包括所述第四签名信息以及所述各输入金额的标识;The transaction request message and the transaction record further include the fourth signature information and the identifiers of the input amounts;

所述各输入金额的标识用于防止所述各输入金额被二次消费;The identifier of each input amount is used to prevent the input amount from being consumed twice;

所述第一验证结果和所述第二验证结果还包括所述第四签名信息的验证结果,所述第四签名信息的验证结果是由所述交易处理设备根据所述各输入金额的标识和所述第四签名信息中的验证参数进行验证计算获得的,所述第四签名信息的验证结果用于指示所述各输入金额的标识是否正确。The first verification result and the second verification result also include the verification result of the fourth signature information. The verification result of the fourth signature information is obtained by the transaction processing device through verification calculation based on the identification of each input amount and the verification parameters in the fourth signature information. The verification result of the fourth signature information is used to indicate whether the identification of each input amount is correct.

在一种可能的实现方式中,所述处理器901,还用于根据所述第三方审核账号的公钥加密所述第一账号的所述一次性公钥,获得所述第一账号的所述一次性公钥的密文;In a possible implementation, the processor 901 is further configured to encrypt the one-time public key of the first account according to the public key of the third-party review account to obtain a ciphertext of the one-time public key of the first account;

所述处理器901,还用于根据所述第一账号的所述一次性公钥的密文,生成所述交易内容的第五签名信息;The processor 901 is further configured to generate fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;

其中,所述交易请求消息和所述交易记录中还包括所述第五签名信息以及所述第一账号的所述一次性公钥的密文;The transaction request message and the transaction record further include the fifth signature information and a ciphertext of the one-time public key of the first account;

所述第一验证结果和所述第二验证结果还包括所述第五签名信息的验证结果,所述第五签名信息的验证结果是由所述交易处理设备根据所述第五签名信息中的验证参数进行验证计算获得的,所述第五签名信息的验证结果用于指示所述第一账号的所述一次性公钥的密文是否正确。The first verification result and the second verification result also include the verification result of the fifth signature information. The verification result of the fifth signature information is obtained by the transaction processing device performing verification calculation based on the verification parameters in the fifth signature information. The verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account is correct.

在一种可能的实现方式中,所述处理器901,还用于根据所述第三方审核账号的公钥加密所述第二账号的所述长期公钥,获得所述第二账号的所述长期公钥的密文;In a possible implementation, the processor 901 is further configured to encrypt the long-term public key of the second account according to the public key of the third-party review account to obtain a ciphertext of the long-term public key of the second account;

所述处理器901,还用于根据所述第二账号的所述长期公钥的密文,生成所述交易内容的第六签名信息;The processor 901 is further configured to generate sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;

其中,所述交易请求消息和所述交易记录中还包括所述第六签名信息以及所述第二账号的所述长期公钥的密文;The transaction request message and the transaction record further include the sixth signature information and the ciphertext of the long-term public key of the second account;

所述第一验证结果和所述第二验证结果还包括所述第六签名信息的验证结果,所述第六签名信息的验证结果是由所述交易处理设备根据所述第六签名信息中的验证参数进行验证计算获得的,所述第六签名信息的验证结果用于指示所述第二账号的所述长期公钥的密文是否正确。The first verification result and the second verification result also include the verification result of the sixth signature information. The verification result of the sixth signature information is obtained by the transaction processing device performing verification calculation based on the verification parameters in the sixth signature information. The verification result of the sixth signature information is used to indicate whether the ciphertext of the long-term public key of the second account is correct.

在一种可能的实现方式中,所述通信接口903,还用于向所述交易处理设备发送凭据请求消息,所述凭据请求消息中包括所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文;In a possible implementation, the communication interface 903 is further used to send a credential request message to the transaction processing device, wherein the credential request message includes the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account;

所述通信接口903,还用于接收所述交易处理设备返回的凭据响应消息,所述凭据响应消息中包括所述第一账号的凭据,所述第一账号的凭据是所述交易处理设备根据所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文生成的。The communication interface 903 is also used to receive a credential response message returned by the transaction processing device, wherein the credential response message includes the credentials of the first account, and the credentials of the first account are generated by the transaction processing device based on the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account.

在一种可能的实现方式中,所述凭据请求消息中还包括所述第二账号的所述一次性公钥和/或所述第二账号具有的交易金额的密文;所述凭据响应消息中还包括所述第二账号的凭据;所述第二账号的凭据是所述交易处理设备根据所述第一账号的所述一次性公钥和/或所述第一账号具有的交易金额的密文生成的;所述交易请求消息以及所述交易记录中还包括所述第二账号的凭据。In one possible implementation, the credential request message also includes the one-time public key of the second account and/or the ciphertext of the transaction amount of the second account; the credential response message also includes the credentials of the second account; the credentials of the second account are generated by the transaction processing device based on the one-time public key of the first account and/or the ciphertext of the transaction amount of the first account; the transaction request message and the transaction record also include the credentials of the second account.

请参阅图10,图10是本发明实施例提供的一种交易处理设备的结构示意图,如图10所示,该交易处理设备可以包括至少一个背书模块1001、共识模块1002以及提交模块1003;Please refer to FIG. 10 , which is a schematic diagram of the structure of a transaction processing device provided by an embodiment of the present invention. As shown in FIG. 10 , the transaction processing device may include at least one endorsement module 1001, a consensus module 1002, and a submission module 1003;

所述至少一个背书模块1001,用于接收终端发送的交易请求消息,所述交易请求消息中包括交易内容的第一签名信息,所述交易内容是第一账号发起的;The at least one endorsement module 1001 is configured to receive a transaction request message sent by a terminal, wherein the transaction request message includes first signature information of a transaction content, and the transaction content is initiated by a first account;

所述至少一个背书模块1001,还用于验证所述交易请求消息,获得第一验证结果,在所述第一验证结果为通过时,模拟运行所述交易内容获得交易结果信息,向所述终端返回携带了所述交易结果信息的交易响应消息;The at least one endorsement module 1001 is further used to verify the transaction request message to obtain a first verification result, and when the first verification result is passed, simulate the transaction content to obtain transaction result information, and return a transaction response message carrying the transaction result information to the terminal;

所述共识模块1002,用于接收所述终端根据所述至少一个交易响应消息发送的交易记录消息,并将所述交易记录消息携带的交易记录与从其他终端接收的交易记录一并根据接收时间进行排序,生成包括所述交易记录的区块,并将所述区块提交给所述提交模块;The consensus module 1002 is used to receive the transaction record message sent by the terminal according to the at least one transaction response message, and sort the transaction record carried by the transaction record message and the transaction records received from other terminals according to the receiving time, generate a block including the transaction record, and submit the block to the submission module;

所述提交模块1003,用于接收所述区块,并验证所述区块中的所述交易记录,获得第二验证结果,在所述第二验证结果为通过时,将所述交易记录以所述区块的形式存储到区块链上;The submission module 1003 is used to receive the block, verify the transaction record in the block, obtain a second verification result, and when the second verification result is passed, store the transaction record in the form of the block on the blockchain;

所述第一验证结果和所述第二验证结果均包括所述第一签名信息的验证结果,所述第一签名信息的验证结果是所述交易处理设备根据所述背书模块中授权背书模块10011的公钥验证获得的,用于指示所述第一账号是否具有将所述交易记录存储到区块链上的条件;The first verification result and the second verification result both include a verification result of the first signature information, the verification result of the first signature information is obtained by the transaction processing device according to the public key verification of the authorization endorsement module 10011 in the endorsement module, and is used to indicate whether the first account has the conditions for storing the transaction record on the blockchain;

所述授权背书模块用于根据自身的私钥生成所述第一账号的凭据,所述第一账号的凭据用于生成所述第一签名信息。The authorization endorsement module is used to generate the credentials of the first account according to its own private key, and the credentials of the first account are used to generate the first signature information.

请参阅图11,图11是本发明实施例提供的另一种交易处理设备的结构示意图,如图11所示,该交易处理设备包括至少一个背书模块1101、共识模块1102、提交模块1103以及管理模块1104;Please refer to FIG. 11 , which is a schematic diagram of the structure of another transaction processing device provided by an embodiment of the present invention. As shown in FIG. 11 , the transaction processing device includes at least one endorsement module 1101, a consensus module 1102, a submission module 1103, and a management module 1104;

所述至少一个背书模块1101,用于接收终端发送的交易请求消息,所述交易请求消息中包括交易内容的第一签名信息,所述交易内容是第一账号发起的;The at least one endorsement module 1101 is configured to receive a transaction request message sent by a terminal, wherein the transaction request message includes first signature information of a transaction content, and the transaction content is initiated by a first account;

所述至少一个背书模块1101,还用于验证所述交易请求消息,获得第一验证结果,在所述第一验证结果为通过时,模拟运行所述交易内容获得交易结果信息,向所述终端返回携带了所述交易结果信息的交易响应消息;The at least one endorsement module 1101 is further configured to verify the transaction request message to obtain a first verification result, and when the first verification result is passed, simulate the transaction content to obtain transaction result information, and return a transaction response message carrying the transaction result information to the terminal;

所述共识模块1102,用于接收所述终端根据所述至少一个交易响应消息发送的交易记录消息,并将所述交易记录消息携带的交易记录与从其他终端接收的交易记录一并根据接收时间进行排序,生成包括所述交易记录的区块,并将所述区块提交给所述提交模块;The consensus module 1102 is configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, and sort the transaction record carried by the transaction record message and the transaction records received from other terminals according to the receiving time, generate a block including the transaction record, and submit the block to the submission module;

所述提交模块1103,用于接收所述区块,并验证所述区块中的所述交易记录,获得第二验证结果,在所述第二验证结果为通过时,将所述交易记录以所述区块的形式存储到区块链上;The submission module 1103 is used to receive the block, verify the transaction record in the block, obtain a second verification result, and when the second verification result is passed, store the transaction record in the form of the block on the blockchain;

所述第一验证结果和所述第二验证结果均包括所述第一签名信息的验证结果,所述第一签名信息的验证结果是所述交易处理设备根据所述管理模块的公钥验证获得的,用于指示所述第一账号是否具有将所述交易记录存储到区块链上的条件;The first verification result and the second verification result both include a verification result of the first signature information, the verification result of the first signature information is obtained by the transaction processing device according to the public key verification of the management module, and is used to indicate whether the first account has the conditions for storing the transaction record on the blockchain;

所述管理模块1104,用于根据自身的私钥生成所述第一账号的凭据,所述第一账号的凭据用于生成所述第一签名信息。The management module 1104 is used to generate the credentials of the first account according to its own private key, and the credentials of the first account are used to generate the first signature information.

另外,本发明实施例中,图10和图11所述的交易处理设备还可以调用相关模块来执行图4至图7中涉及的交易处理设备的处理过程和/或用于本申请所描述的技术的其他过程。例如,交易处理设备中的管理模块或授权背书模块执行相关步骤为第一账号生成凭据等;至少一个背书模块和提交模块验证交易请求消息和交易记录中的相关内容等。In addition, in the embodiment of the present invention, the transaction processing device described in Figures 10 and 11 can also call relevant modules to execute the processing process of the transaction processing device involved in Figures 4 to 7 and/or other processes used for the technology described in this application. For example, the management module or the authorization endorsement module in the transaction processing device executes relevant steps to generate credentials for the first account, etc.; at least one endorsement module and submission module verify the transaction request message and the relevant content in the transaction record, etc.

请参阅图12,图12是本发明实施例提供的一种终端的结构示意图,图12所示的终端可以为图3A-3D,图4至图8中的终端,所述终端可以包括处理器、存储器、控制电路、天线以及输入输出装置。处理器主要用于对通信协议以及通信数据进行处理,以及对整个终端设备进行控制,执行软件程序,处理软件程序的数据,例如用于支持终端设备执行上述传输预编码矩阵的指示方法实施例中所描述的动作。存储器主要用于存储软件程序和数据,例如存储上述实施例中所描述的第一账号的凭据,第一账号的长期私钥或一次性私钥等。控制电路主要用于基带信号与射频信号的转换以及对射频信号的处理。控制电路和天线一起也可以叫做收发器,主要用于收发电磁波形式的射频信号。输入输出装置,例如触摸屏、显示屏,键盘等主要用于接收用户输入的数据以及对用户输出数据。Please refer to Figure 12, which is a schematic diagram of the structure of a terminal provided by an embodiment of the present invention. The terminal shown in Figure 12 may be the terminal in Figures 3A-3D, 4 to 8, and the terminal may include a processor, a memory, a control circuit, an antenna, and an input-output device. The processor is mainly used to process the communication protocol and the communication data, and to control the entire terminal device, execute the software program, and process the data of the software program, such as to support the terminal device to perform the actions described in the above-mentioned transmission precoding matrix indication method embodiment. The memory is mainly used to store software programs and data, such as storing the credentials of the first account described in the above-mentioned embodiment, the long-term private key or the one-time private key of the first account, etc. The control circuit is mainly used for the conversion of the baseband signal and the radio frequency signal and the processing of the radio frequency signal. The control circuit and the antenna together can also be called a transceiver, which is mainly used to send and receive radio frequency signals in the form of electromagnetic waves. Input-output devices, such as touch screens, display screens, keyboards, etc., are mainly used to receive data input by users and output data to users.

当终端开机后,处理器可以读取存储单元中的软件程序,解释并执行软件程序的指令,处理软件程序的数据。当需要通过无线发送数据时,处理器对待发送的数据进行基带处理后,输出基带信号至射频电路,射频电路将基带信号进行射频处理后将射频信号通过天线以电磁波的形式向外发送。当有数据发送到终端设备时,射频电路通过天线接收到射频信号,将射频信号转换为基带信号,并将基带信号输出至处理器,处理器将基带信号转换为数据并对该数据进行处理。When the terminal is turned on, the processor can read the software program in the storage unit, interpret and execute the instructions of the software program, and process the data of the software program. When data needs to be sent wirelessly, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the RF circuit. The RF circuit performs RF processing on the baseband signal and then sends the RF signal outward in the form of electromagnetic waves through the antenna. When data is sent to the terminal device, the RF circuit receives the RF signal through the antenna, converts the RF signal into a baseband signal, and outputs the baseband signal to the processor. The processor converts the baseband signal into data and processes the data.

本领域技术人员可以理解,为了便于说明,图12仅示出了一个存储器和处理器。在实际的终端设备中,可以存在多个处理器和存储器。存储器也可以称为存储介质或者存储设备等,本发明实施例对此不做限制。Those skilled in the art will appreciate that, for ease of explanation, FIG. 12 shows only one memory and processor. In an actual terminal device, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, etc., which is not limited in the embodiment of the present invention.

作为一种可选的实现方式,处理器可以包括基带处理器和中央处理器,基带处理器主要用于对通信协议以及通信数据进行处理,中央处理器主要用于对整个终端设备进行控制,执行软件程序,处理软件程序的数据。图12中的处理器集成了基带处理器和中央处理器的功能,本领域技术人员可以理解,基带处理器和中央处理器也可以是各自独立的处理器,通过总线等技术互联。本领域技术人员可以理解,终端设备可以包括多个基带处理器以适应不同的网络制式,终端设备可以包括多个中央处理器以增强其处理能力,终端设备的各个部件可以通过各种总线连接。所述基带处理器也可以表述为基带处理电路或者基带处理芯片。所述中央处理器也可以表述为中央处理电路或者中央处理芯片。对通信协议以及通信数据进行处理的功能可以内置在处理器中,也可以以软件程序的形式存储在存储单元中,由处理器执行软件程序以实现基带处理功能。As an optional implementation, the processor may include a baseband processor and a central processor, the baseband processor is mainly used to process the communication protocol and communication data, and the central processor is mainly used to control the entire terminal device, execute the software program, and process the data of the software program. The processor in Figure 12 integrates the functions of the baseband processor and the central processor. Those skilled in the art will understand that the baseband processor and the central processor may also be independent processors, interconnected by technologies such as buses. Those skilled in the art will understand that the terminal device may include multiple baseband processors to adapt to different network formats, the terminal device may include multiple central processors to enhance its processing capabilities, and the various components of the terminal device may be connected through various buses. The baseband processor may also be described as a baseband processing circuit or a baseband processing chip. The central processor may also be described as a central processing circuit or a central processing chip. The function of processing the communication protocol and communication data may be built into the processor, or may be stored in the storage unit in the form of a software program, and the processor executes the software program to implement the baseband processing function.

示例性的,在发明实施例中,可以将具有收发功能的天线和控制电路视为终端的收发单元1201,将具有处理功能的处理器视为终端的处理单元1202。如图12所示,终端包括收发单元1201和处理单元1202。收发单元也可以称为收发器、收发机、收发装置等。可选的,可以将收发单元1201中用于实现接收功能的器件视为接收单元,将收发单元1201中用于实现发送功能的器件视为发送单元,即收发单元1201包括接收单元和发送单元示例性的,接收单元也可以称为接收机、接收器、接收电路等,发送单元可以称为发射机、发射器或者发射电路等。Exemplarily, in an embodiment of the invention, an antenna with a transceiver function and a control circuit may be regarded as a transceiver unit 1201 of a terminal, and a processor with a processing function may be regarded as a processing unit 1202 of a terminal. As shown in FIG12 , the terminal includes a transceiver unit 1201 and a processing unit 1202. A transceiver unit may also be referred to as a transceiver, a transceiver, a transceiver device, etc. Optionally, a device for implementing a receiving function in the transceiver unit 1201 may be regarded as a receiving unit, and a device for implementing a transmitting function in the transceiver unit 1201 may be regarded as a transmitting unit, that is, the transceiver unit 1201 includes a receiving unit and a transmitting unit. Exemplarily, a receiving unit may also be referred to as a receiver, a receiver, a receiving circuit, etc., and a transmitting unit may be referred to as a transmitter, a transmitter, or a transmitting circuit, etc.

本发明实施例中,该交易处理设备可以包括通信单元和处理单元,所述处理单元和所述通信单元相结合执行上述实施例中交易处理设备所执行的相关操作,或者执行至少一个背书节点、共识节点、提交节点的相关功能,或者,还可以执行管理设备、证书颁发设备等的相关功能。In an embodiment of the present invention, the transaction processing device may include a communication unit and a processing unit. The processing unit and the communication unit may be combined to perform the relevant operations performed by the transaction processing device in the above embodiment, or perform the relevant functions of at least one endorsement node, consensus node, and submission node, or may also perform the relevant functions of a management device, a certificate issuing device, etc.

可选的,请参阅图13,图13是本发明实施例提供的一种交易处理设备的结构示意图,该交易处理设备可以包括处理器1301和存储器1302。该存储器1302用于存储指令,该处理器1301用于执行该存储器1302存储的指令,以实现如上图4至8对应的方法中的步骤以及实施例。Optionally, please refer to FIG. 13, which is a schematic diagram of the structure of a transaction processing device provided in an embodiment of the present invention, and the transaction processing device may include a processor 1301 and a memory 1302. The memory 1302 is used to store instructions, and the processor 1301 is used to execute the instructions stored in the memory 1302 to implement the steps and embodiments in the methods corresponding to FIGS. 4 to 8 above.

进一步的,该交易处理设备还可以包括输入口1304和输出口1305。进一步的,该设备还可以进一步包括总线系统1303,其中,处理器1301、存储器1302、通信接口1304可以通过总线系统1303相连。Furthermore, the transaction processing device may further include an input port 1304 and an output port 1305. Furthermore, the device may further include a bus system 1303, wherein the processor 1301, the memory 1302, and the communication interface 1304 may be connected via the bus system 1303.

处理器1301用于执行该存储器1302存储的指令,以控制通信接口1304接收信号,并控制通信接口1304发送信号,完成上述方法中终端的步骤。其中,通信接口1304可以为相同或者不同的物理实体。为相同的物理实体时,可以统称为收发器。所述存储器1302可以集成在所述处理器1301中,也可以与所述处理器1301分开设置。The processor 1301 is used to execute the instructions stored in the memory 1302 to control the communication interface 1304 to receive signals and control the communication interface 1304 to send signals to complete the steps of the terminal in the above method. Among them, the communication interface 1304 can be the same or different physical entities. When they are the same physical entities, they can be collectively referred to as transceivers. The memory 1302 can be integrated in the processor 1301, or it can be set separately from the processor 1301.

作为一种实现方式,通信接口1304的功能可以考虑通过收发电路或者收发的专用芯片实现。处理器1301可以考虑通过专用处理芯片、处理电路、处理器或者通用芯片实现。As an implementation, the function of the communication interface 1304 may be implemented by a transceiver circuit or a dedicated transceiver chip. The processor 1301 may be implemented by a dedicated processing chip, a processing circuit, a processor or a general-purpose chip.

作为另一种实现方式,可以考虑使用通用计算机的方式来实现本申请实施例提供的终端。即将实现处理器1301,通信接口1304功能的程序代码存储在存储器中,通用处理器通过执行存储器中的代码来实现处理器1301,通信接口1304的功能。As another implementation method, it is possible to use a general-purpose computer to implement the terminal provided in the embodiment of the present application. That is, the program code that implements the functions of the processor 1301 and the communication interface 1304 is stored in the memory, and the general-purpose processor implements the functions of the processor 1301 and the communication interface 1304 by executing the code in the memory.

该设备所涉及的与本申请实施例提供的技术方案相关的概念,解释和详细说明及其他步骤请参见前述方法或其他实施例中关于这些内容的描述,此处不做赘述。For the concepts, explanations, detailed descriptions and other steps involved in the device and related to the technical solutions provided in the embodiments of the present application, please refer to the descriptions of these contents in the aforementioned methods or other embodiments, which will not be repeated here.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本发明实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。In the above embodiments, it can be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the process or function described in the embodiment of the present invention is generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions can be transmitted from one website site, computer, server or data center to another website site, computer, server or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) mode. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more available media integrated. The available medium can be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state hard disk Solid State Disk (SSD)), etc.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art who is familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed by the present invention, which should be included in the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (34)

1. A transaction processing method, comprising:
the terminal generates first signature information of transaction content according to credentials of a first account, wherein the transaction content is initiated by the terminal based on the first account; the credentials are generated for the first account number by a transaction processing device that processes the transaction content;
the terminal sends a transaction request message to the transaction processing equipment, wherein the transaction request message comprises the first signature information and the transaction content;
the terminal receives a transaction response message returned by the transaction processing equipment, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;
the terminal sends a transaction record message to the transaction processing equipment according to the transaction response message, wherein the transaction record message is used for indicating the transaction processing equipment to store a transaction record carried by the transaction record message on a blockchain, the blockchain is a distributed database for storing the transaction record in the transaction processing equipment, and the transaction record comprises the transaction content, the first signature information and the transaction result information.
2. The method of claim 1, wherein the terminal generates the first signature information of the transaction content from the credentials of the first account number, comprising:
the terminal takes a private key of a first account, credentials of the first account and transaction content as inputs of a zero knowledge proof algorithm, and calculates first signature information of the transaction content, wherein the private key comprises a long-term private key or a disposable private key.
3. The method of claim 2, wherein the transaction response message is returned when a first verification result obtained by the transaction processing device verifying the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device for verifying the transaction record message is passed;
wherein the first verification result and the second verification result both comprise verification results of the first signature information;
the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and verification parameters in the first signature information.
4. A method according to claim 3, wherein the transaction content is initiated by the terminal for a second account based on the first account, the method further comprising:
The terminal generates a disposable public key of the second account according to the long-term public key of the second account;
the terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;
wherein the certificate is generated from a private key of a certificate issuing device; the transaction request message and the transaction record comprise a disposable public key of the second account and the second signature information, wherein the disposable public key of the second account is an address of the second account;
the first verification result and the second verification result further comprise verification results of the second signature information, and the verification results of the second signature information are obtained by verification calculation of the transaction processing equipment according to the one-time public key of the second account, the public key of the certificate issuing equipment and verification parameters in the second signature information.
5. The method according to claim 4, wherein the method further comprises:
the terminal calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;
The terminal generates third signature information of the transaction content according to the ciphertext of the difference value;
wherein the transaction request message and the transaction record further comprise the third signature information;
the first verification result and the second verification result further comprise verification results of the third signature information, the verification results of the third signature information are obtained by the transaction processing device through verification calculation according to verification parameters in the third signature information, ciphertext of each input amount and ciphertext of each output amount, and the verification results of the third signature information are used for indicating whether the total input amount is equal to the total output amount.
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
and the encryption key of the ciphertext of each input amount is the public key of the third party audit account.
7. The method of claim 6, wherein the method further comprises:
the terminal generates an identifier of each input amount according to the one-time private key of the first account;
the terminal generates fourth signature information of the transaction content according to the identification of each input amount;
Wherein the transaction request message and the transaction record further comprise the fourth signature information and the identification of each input amount;
the identification of each input amount is used for preventing each input amount from being consumed for a second time;
the first verification result and the second verification result further comprise verification results of the fourth signature information, the verification results of the fourth signature information are obtained by verification calculation of the transaction processing equipment according to the identification of each input amount and verification parameters in the fourth signature information, and the verification results of the fourth signature information are used for indicating whether the identification of each input amount is correct or not.
8. The method of claim 6, wherein the method further comprises:
the terminal encrypts the disposable public key of the first account according to the public key of the third party audit account to obtain a ciphertext of the disposable public key of the first account;
the terminal generates fifth signature information of the transaction content according to the ciphertext of the disposable public key of the first account;
the transaction request message and the transaction record further comprise the fifth signature information and ciphertext of the disposable public key of the first account;
The first verification result and the second verification result further comprise verification results of the fifth signature information, the verification results of the fifth signature information are obtained by verification calculation of the transaction processing equipment according to verification parameters in the fifth signature information, and the verification results of the fifth signature information are used for indicating whether ciphertext of the disposable public key of the first account is correct or not.
9. The method of claim 6, wherein the method further comprises:
the terminal encrypts the long-term public key of the second account according to the public key of the third party audit account to obtain a ciphertext of the long-term public key of the second account;
the terminal generates sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;
wherein the transaction request message and the transaction record further comprise the sixth signature information and ciphertext of the long-term public key of the second account;
the first verification result and the second verification result further comprise verification results of the sixth signature information, the verification results of the sixth signature information are obtained by the transaction processing device through verification calculation according to verification parameters in the sixth signature information, and the verification results of the sixth signature information are used for indicating whether ciphertext of the long-term public key of the second account is correct or not.
10. The method of claim 6, wherein the method further comprises:
the terminal sends a credential request message to the transaction processing equipment, wherein the credential request message comprises the one-time public key of the first account and/or ciphertext of transaction amount possessed by the first account;
the terminal receives a credential response message returned by the transaction processing device, wherein the credential response message comprises the credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or ciphertext of transaction amount possessed by the first account.
11. The method according to claim 10, wherein the credential request message further comprises a cryptogram of the transaction amount possessed by the one-time public key of the second account and/or the second account; the credential response message further comprises a credential of the second account; the credentials of the second account are generated by the transaction processing device according to the one-time public key of the first account and/or ciphertext of the transaction amount possessed by the first account; the transaction request message and the transaction record also comprise credentials of the second account.
12. A transaction processing method, comprising:
the method comprises the steps that transaction processing equipment receives a transaction request message sent by a terminal, wherein the transaction request message comprises transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to credentials of the first account;
the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;
the transaction processing equipment receives a transaction record message sent by the terminal according to the transaction response message;
the transaction processing equipment stores the transaction record carried in the transaction record message on a blockchain, wherein the blockchain is a distributed database for storing the transaction record in the transaction processing party, and the transaction record comprises the transaction content, the first signature information and the transaction result information.
13. The method of claim 12, wherein the step of determining the position of the probe is performed,
before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further comprises:
The transaction processing equipment verifies the transaction request message to obtain a first verification result;
when the first verification result is passed, the transaction processing equipment operates the transaction content to obtain transaction result information;
the method further comprises the steps of:
the transaction processing equipment verifies the transaction record message to obtain a second verification result;
when the second verification result is passed, the transaction processing device performs the step of storing the transaction record carried by the transaction record message on a blockchain.
14. The method of claim 13, wherein the first verification result and the second verification result each include a verification result of the first signature information;
the verification result of the first signature information is obtained by the transaction processing device through verification calculation by using the public key of the transaction processing device and verification parameters in the first signature information.
15. The method of claim 13 or 14, wherein the first account is transaction content initiated for a second account,
the transaction request message and the transaction record also comprise second signature information and a disposable public key of a second account;
The one-time public key of the second account is the address of the second account;
the first verification result and the second verification result further comprise verification results of the second signature information, and the verification results of the second signature information are obtained by verification calculation of the transaction processing equipment according to the disposable public key of the second account, the public key of the certificate issuing equipment and verification parameters in the second signature information.
16. The method of claim 15, wherein the step of determining the position of the probe is performed,
the transaction request message and the transaction record also comprise third signature information, ciphertext of each input amount and ciphertext of each output amount;
the first verification result and the second verification result further comprise verification results of the third signature information, the verification results of the third signature information are obtained by the transaction processing device through verification calculation according to verification parameters in the third signature information, ciphertext of each input amount and ciphertext of each output amount, and the verification results of the third signature information are used for indicating whether the total input amount in the transaction record is equal to the total output amount.
17. The method of claim 16, wherein the step of determining the position of the probe comprises,
And the encryption key of the ciphertext of each input amount is the public key of the third party audit account.
18. The method of claim 17, wherein the step of determining the position of the probe is performed,
the transaction request message and the transaction record also comprise fourth signature information and identifiers of the input amounts;
the first verification result and the second verification result further comprise verification results of the fourth signature information, the verification results of the fourth signature information are obtained by verification calculation of the transaction processing equipment according to the identification of each input amount and verification parameters in the fourth signature information, and the verification results of the fourth signature information are used for indicating whether the identification of each input amount is correct or not;
the identification of each of the input amounts is used to prevent secondary spending of each of the input amounts.
19. The method according to any one of claims 13 to 18, wherein,
the transaction request message and the transaction record also comprise fifth signature information and ciphertext of a disposable public key of the first account;
the first verification result and the second verification result further comprise verification results of the fifth signature information, the verification results of the fifth signature information are obtained by verification calculation of the transaction processing equipment according to verification parameters in the fifth signature information, and the verification results of the fifth signature information are used for indicating whether ciphertext of the disposable public key of the first account is correct or not;
And the encryption key of the ciphertext of the disposable public key of the first account is the public key of a third party audit account.
20. The method according to any one of claims 17 to 18, wherein,
the transaction request message and the transaction record also comprise sixth signature information and ciphertext of a long-term public key of the second account;
the first verification result and the second verification result further comprise verification results of the sixth signature information, the verification results of the sixth signature information are obtained by verification calculation of the transaction processing equipment according to verification parameters in the sixth signature information, and the verification results of the sixth signature information are used for indicating whether ciphertext of the long-term public key of the second account is correct or not;
and the encryption key of the ciphertext of the long-term public key of the second account is the public key of the third party audit account.
21. The method of claim 20, wherein the method further comprises:
the transaction processing equipment receives a credential request message sent by the terminal, wherein the credential request message comprises the one-time public key of the first account and/or ciphertext of transaction amount possessed by the first account;
The transaction processing equipment generates a credential of the first account according to the credential request message;
the transaction processing equipment sends a credential response message to the terminal, wherein the credential response message carries the credential of the first account.
22. The method of claim 21, wherein the credential request message further includes a cryptogram of a transaction amount possessed by the one-time public key of the second account and/or the second account; the credential response message further comprises a credential of the second account; the transaction request message and the transaction record further comprise the evidence of the second account, wherein the evidence of the second account is generated by the transaction processing equipment according to the one-time public key of the second account and/or ciphertext of the transaction amount possessed by the second account.
23. A transaction processing device, characterized in that the transaction processing device comprises at least one endorsement module, a consensus module, a submission module and a management module;
the at least one endorsement module is used for receiving a transaction request message sent by a terminal, wherein the transaction request message comprises transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to the credentials of the first account;
The at least one endorsement module is further used for returning a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;
the consensus module is used for receiving a transaction record message sent by the terminal according to the at least one transaction response message, sequencing transaction records carried by the transaction record message and transaction records received from other terminals according to the receiving time, generating a block comprising the transaction records, and submitting the block to the submitting module;
the submitting module is used for receiving the block and storing the transaction record to a block chain in the form of the block;
the management module is used for generating the credentials of the first account according to the private key of the management module and the disposable public key of the first account and/or the ciphertext of the transaction amount.
24. A terminal, characterized in that the terminal comprises a processor and a communication interface,
the processor is used for generating first signature information of transaction content according to a credential of a first account, wherein the transaction content is initiated by the terminal based on the first account, and the credential is generated for the first account by transaction processing equipment for processing the transaction content;
The communication interface is used for sending a transaction request message to the transaction processing equipment, wherein the transaction request message comprises the first signature information and the transaction content;
the communication interface is further used for receiving a transaction response message returned by the transaction processing equipment, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;
the communication interface is further configured to send a transaction record message to the transaction processing device according to the transaction response message, where the transaction record message is configured to instruct the transaction processing device to store the transaction record on a blockchain, and the transaction record includes the transaction content, the first signature information, and the transaction result information.
25. The terminal of claim 24, wherein the processor generates the first signature information of the transaction content according to the credentials of the first account number, specifically:
the method comprises the steps of taking a private key of a first account, credentials of the first account and transaction content as inputs of a zero knowledge proof algorithm, and calculating first signature information of the transaction content, wherein the private key comprises a long-term private key or a disposable private key.
26. The terminal according to claim 25, wherein the transaction response message is returned when a first verification result obtained by the transaction processing device verifying the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device for verifying the transaction record message is passed;
wherein the first verification result and the second verification result both comprise verification results of the first signature information;
the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and verification parameters in the first signature information.
27. The terminal of claim 26, wherein the transaction content is initiated by the terminal for a second account based on the first account,
the processor is further configured to generate a one-time public key of the second account according to the long-term public key of the second account;
the processor is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;
wherein the certificate is generated from a private key of a certificate issuing device; the transaction request message and the transaction record comprise a disposable public key of the second account and the second signature information, wherein the disposable public key of the second account is an address of the second account;
The first verification result and the second verification result further comprise verification results of the second signature information, and the verification results of the second signature information are obtained by the transaction processing device through verification according to the one-time public key of the second account, the public key of the certificate issuing device and verification parameters in the second signature information.
28. The terminal of claim 27, wherein the terminal comprises a base station,
the processor is also used for calculating the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;
the processor is further used for generating third signature information of the transaction content according to the ciphertext of the difference value;
wherein the transaction request message and the transaction record further comprise the third signature information;
the first verification result and the second verification result further comprise verification results of the third signature information, the verification results of the third signature information are obtained by the transaction processing device through verification calculation according to verification parameters in the third signature information, ciphertext of each input amount and ciphertext of each output amount, and the verification results of the third signature information are used for indicating whether the total input amount is equal to the total output amount.
29. The terminal of claim 28, wherein the terminal comprises a base station,
and the encryption key of the ciphertext of each input amount is the public key of the third party audit account.
30. The terminal of claim 29, wherein the terminal further comprises:
the processor is further configured to generate an identifier of each input amount according to the one-time private key of the first account;
the processor is further used for generating fourth signature information of the transaction content according to the identification of each input amount;
wherein the transaction request message and the transaction record further comprise the fourth signature information and the identification of each input amount;
the identification of each input amount is used for preventing each input amount from being consumed for a second time;
the first verification result and the second verification result further comprise verification results of the fourth signature information, the verification results of the fourth signature information are obtained by verification calculation of the transaction processing equipment according to the identification of each input amount and verification parameters in the fourth signature information, and the verification results of the fourth signature information are used for indicating whether the identification of each input amount is correct or not.
31. The terminal of claim 30, wherein the terminal comprises a base station,
the processor is further configured to encrypt the one-time public key of the first account according to a public key of the third party audit account, and obtain a ciphertext of the one-time public key of the first account;
the processor is further configured to generate fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;
the transaction request message and the transaction record further comprise the fifth signature information and ciphertext of the disposable public key of the first account;
the first verification result and the second verification result further comprise verification results of the fifth signature information, the verification results of the fifth signature information are obtained by verification calculation of the transaction processing equipment according to verification parameters in the fifth signature information, and the verification results of the fifth signature information are used for indicating whether ciphertext of the disposable public key of the first account is correct or not.
32. The terminal of claim 31, wherein the terminal comprises a base station,
the processor is further configured to encrypt the long-term public key of the second account according to a public key of the third party audit account, and obtain a ciphertext of the long-term public key of the second account;
The processor is further configured to generate sixth signature information of the transaction content according to ciphertext of the long-term public key of the second account;
wherein the transaction request message and the transaction record further comprise the sixth signature information and ciphertext of the long-term public key of the second account;
the first verification result and the second verification result further comprise verification results of the sixth signature information, the verification results of the sixth signature information are obtained by the transaction processing device through verification calculation according to verification parameters in the sixth signature information, and the verification results of the sixth signature information are used for indicating whether ciphertext of the long-term public key of the second account is correct or not.
33. The terminal according to any of the claims 29 to 32, characterized in that,
the communication interface is further configured to send a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or a ciphertext of a transaction amount possessed by the first account;
the communication interface is further configured to receive a credential response message returned by the transaction processing device, where the credential response message includes a credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or a ciphertext of a transaction amount possessed by the first account.
34. The terminal of claim 33, wherein the credential request message further includes a cryptogram of a transaction amount possessed by the one-time public key of the second account and/or the second account; the credential response message further comprises a credential of the second account; the credentials of the second account are generated by the transaction processing device according to the one-time public key of the first account and/or ciphertext of the transaction amount possessed by the first account; the transaction request message and the transaction record also comprise credentials of the second account.
CN201780097441.XA 2017-12-28 2017-12-28 Transaction processing method and related equipment Active CN111433800B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2017/050654 WO2019132767A1 (en) 2017-12-28 2017-12-28 Transaction processing method and related equipment

Publications (2)

Publication Number Publication Date
CN111433800A CN111433800A (en) 2020-07-17
CN111433800B true CN111433800B (en) 2024-04-09

Family

ID=67067956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780097441.XA Active CN111433800B (en) 2017-12-28 2017-12-28 Transaction processing method and related equipment

Country Status (2)

Country Link
CN (1) CN111433800B (en)
WO (1) WO2019132767A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111260349B (en) * 2020-01-10 2023-10-03 中国工商银行股份有限公司 Real-time payment method and system based on block chain
CN112785307A (en) * 2021-01-28 2021-05-11 联想(北京)有限公司 Request message processing method and device
CN113469690B (en) * 2021-07-23 2024-03-26 佳乔(深圳)投资有限公司 Transaction settlement method based on blockchain
CN114389819A (en) * 2021-12-31 2022-04-22 航天信息股份有限公司 Signature verification method and device
CN116132062B (en) * 2023-01-13 2025-06-24 郑州轻大产业技术研究院有限公司 Cold chain data non-repudiation authentication method, device and equipment based on block chain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1493063A (en) * 2001-06-01 2004-04-28 Method and device for certification of trasaction
CN106372941A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 CA authentication management method, device and system based on block chain
CN106934619A (en) * 2017-03-13 2017-07-07 杭州复杂美科技有限公司 A kind of method and system of transaction record
CN107180350A (en) * 2017-03-31 2017-09-19 唐晓领 A method, device and system for multi-party sharing of transaction metadata based on blockchain
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170147808A1 (en) * 2015-11-19 2017-05-25 International Business Machines Corporation Tokens for multi-tenant transaction database identity, attribute and reputation management
US10230756B2 (en) * 2015-11-25 2019-03-12 International Business Machines Corporation Resisting replay attacks efficiently in a permissioned and privacy-preserving blockchain network
CN107306183B (en) * 2016-04-22 2021-12-21 索尼公司 Client, server, method and identity verification system
CN107230056B (en) * 2017-06-28 2021-02-26 无锡井通网络科技有限公司 Quick transaction system based on block chain contract
CN107451874A (en) * 2017-07-27 2017-12-08 武汉天喻信息产业股份有限公司 Electronic invoice integrated conduct method and system based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1493063A (en) * 2001-06-01 2004-04-28 Method and device for certification of trasaction
CN106372941A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 CA authentication management method, device and system based on block chain
CN106934619A (en) * 2017-03-13 2017-07-07 杭州复杂美科技有限公司 A kind of method and system of transaction record
CN107180350A (en) * 2017-03-31 2017-09-19 唐晓领 A method, device and system for multi-party sharing of transaction metadata based on blockchain
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system

Also Published As

Publication number Publication date
WO2019132767A1 (en) 2019-07-04
CN111433800A (en) 2020-07-17

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
US12375304B2 (en) Mutual authentication of confidential communication
CN111433800B (en) Transaction processing method and related equipment
EP4066434B1 (en) Password-authenticated public key establishment
US11870891B2 (en) Certificateless public key encryption using pairings
US8122245B2 (en) Anonymity revocation
US9705683B2 (en) Verifiable implicit certificates
CN107483212A (en) A kind of method of both sides' cooperation generation digital signature
CN106576043A (en) Virally distributable trusted messaging
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
US12206767B2 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN113365264B (en) Block chain wireless network data transmission method, device and system
JP4750274B2 (en) Key sharing attack defense method
CN111264045A (en) Interaction system and method based on heterogeneous identity
Zhang et al. Data security in cloud storage
CN115396096B (en) Encryption and decryption method and protection system for secret files based on national secret algorithm
Chen et al. How to bind a TPM’s attestation keys with its endorsement key
Barker Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
Hasan et al. Blockchain-based key sharing mechanism for iot device-to-device (d2d) secure communications
WO2023025369A1 (en) Client application entity, target application entity, root of trust device, and methods for establishing a secure communication channel
KR101482232B1 (en) Digital signature method, system performing the same and storage media storing the same
US12341910B1 (en) Systems and methods for blockchain-enabled end-to-end encryption
US12445310B2 (en) Systems and methods for blockchain-enabled end-to-end encryption in instant messaging applications
Zhang et al. Basic Techniques for Data Security
WO2024150412A1 (en) Linkable ring signature generation device, linkable ring signature generation method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant