ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (10): 2185-2198.doi: 10.7544/issn1000-1239.2018.20180430

所属专题: 2018分布式安全与区块链技术研究专题

• 信息安全 • 上一篇    下一篇

基于聚合签名与加密交易的全匿名区块链

王子钰1,2,刘建伟1,张宗洋1,3,喻辉1   

  1. 1(北京航空航天大学网络空间安全学院 北京 100191);2(北京航空航天大学高等理工学院 北京 100191);3(信息安全国家重点实验室(中国科学院信息工程研究所) 北京 100093) (wangziyu@buaa.edu.cn)
  • 出版日期: 2018-10-01
  • 基金资助: 
    国家重点研发计划项目(2017YFB1400700);北京市自然科学基金项目(4182033);“十三五”国家密码发展基金项目(MMJJ20180215)

Full Anonymous Blockchain Based on Aggregate Signature and Confidential Transaction

Wang Ziyu1,2, Liu Jianwei1, Zhang Zongyang1,3, Yu Hui1   

  1. 1(School of Cyber Science and Technology, Beihang University, Beijing 100191);2(Shenyuan Honors College of Beihang University, Beijing 100191);3(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)
  • Online: 2018-10-01

摘要: 通过揭示从区块奖励交易到未花费交易输出的所有交易细节,比特币区块链的公开账本为分布式用户提供交易权属证明.但是,正由于公开账本暴露所有交易细节,导致攻击者可通过去匿名化攻击连接交易实体,并通过显式的交易金额获取用户隐私.因此,针对比特币区块链系统所面临的隐私保护问题,该方案结合混币思想及加密交易技术,实现保护收付款者身份和交易金额隐私的全匿名区块链系统.其中,Boneh、Gentry和Lynn(EUROCRYPT 2003)单向聚合签名技术系统性嵌入混币思想到全区块中;Boneh、Goh和Nissim(TCC 2005)同态加密方案赋予矿工验证加密交易合法性的能力.矿工将在方案中作为验证交易、混淆交易和打包交易的实体.最后,通过比较各种隐私保护区块链方案,该方案既可实现全匿名,又可保证交易存储开销是合理的.

关键词: 全匿名区块链, 聚合签名, 身份隐私, 加密交易, 交易金额隐私

Abstract: The public ledger of Bitcoin blockchain system offers ownership proof for distributed users by revealing all transaction details from coinbase transaction to unspent transaction output. However, an adversary could deanonymize user identities by transaction graph analysis and obtain transaction amount which reveals users’ privacy. This paper resolves this problem and uses both mixing and confidential transaction technique to achieve a full anonymous blockchain system by a one-way aggregate signature scheme and a homomorphic encryption scheme. It protects user identities and transaction amount to achieve full anonymity. The one-way aggregate signature scheme compresses all individual signatures to an aggregated one without additional storage space, which could neutralize the storage overhead caused by confidential transaction to a certain extent. The homomorphic encryption scheme encrypts the plaintext transaction amount to the Pedersen-style ciphertext, which is validated without decryption. In addition, miners in our system would become entities for verifying, mixing and packing all transactions in blocks. Four-step validation mechanism is also designed to prevent transaction makers from cheating. Finally, we evaluate our system with related work from the aspect of privacy protection, in which our storage overhead is acceptable with full anonymity.

Key words: full anonymous blockchain, aggregate signature, identity privacy, confidential transaction, transaction amount privacy

中图分类号: