CN108494558B

CN108494558B - Method and system for implementing fair switching

Info

Publication number: CN108494558B
Application number: CN201810149102.8A
Authority: CN
Inventors: 安德鲁.威廉.罗斯科; 陈邦道
Original assignee: Crosbil Ltd
Current assignee: Crosbil Ltd
Priority date: 2018-02-13
Filing date: 2018-02-13
Publication date: 2021-04-30
Anticipated expiration: 2038-02-13
Also published as: CN108494558A

Abstract

The invention discloses a method and a system for realizing fair exchange. The method is used for a first user to exchange first information and second information with a second user, wherein the first user possesses the first information and the second user possesses the second information, and the method comprises at the user end: splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m; respectively sending shares of the first information or the second information to a plurality of nodes of a block chain system, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k; and reconstructing the second information or the first information based on the at least k shares if the total number of shares of the second information or the first information received from the number of nodes is at least k. By adopting the technical scheme of the disclosure, fair exchange can be realized under the condition of no participation of TTP.

Description

Method and system for implementing fair switching

Technical Field

The present invention relates to the field of block chaining, and more particularly, to a method and system for implementing fair switching.

Background

With the rapid development of electronic information technology and network technology, people increasingly transmit information, exchange information and the like through networks. The information exchange through the network is different from the face-to-face information exchange, so that the two parties can exchange information at the same time, and the situation that the information is sent to the other party by one party but the information required by the other party cannot be obtained is avoided. However, this happens all the time when information is exchanged over the network, and it is difficult to ensure that the two parties exchanging information are truly synchronized in real time. For example, user a owns information X, user B owns information Y, and user a and user B have agreed to exchange information X and Y according to a certain procedure. After user a sends information X to user B, although there is an agreed procedure for exchanging information X and Y, user a does not get information Y if user B is dishonest and does not send information Y to user a according to the agreed procedure, but his information X has already been sent to user B. There is no mechanism to force user B to operate according to the agreed procedures, and there is a loss of fairness in switching. Exchange fairness may also be referred to as fairness exchange.

At present, fair exchange is mostly realized by obtaining Trusted Third Parties (TTP) Trusted by two or more parties, wherein TTP obtains Trusted qualification through legal, administrative, commercial and other ways, accepts supervision of related national management departments, and provides mechanisms for maintaining and operating various systems. For example, user a and user B first issue a certificate about their intention to exchange information X and Y and send the certificate to the TTP. User a and user B then send information X and information Y to the TTP, respectively. The TTP, after receiving the certificate and information X and information Y, sends information X to user B and information Y to user a. If the TTP does not receive any of the information X and the information Y at a prescribed time or situation, the TTP returns the information X to the user a and the information Y to the user B. Thus, either both parties can obtain the information of the other party or anyone can not obtain the information of the other party, thereby realizing fair exchange. In some cases, the TTP is also given the responsibility of verifying whether the received information X and information Y have the claimed properties.

Although fair exchange can be realized by the participation of the TTP, the real-time participation of the TTP in trading activity is likely to cause a bottleneck in network operation under the condition of large network trading volume, and the trading efficiency is also greatly influenced.

Disclosure of Invention

In view of the above technical problems, the present disclosure proposes a method and system for implementing fair exchange without participation of TTP.

In one aspect of the present disclosure, a method for implementing fair exchange is provided for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, and the method comprises at a user end: splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m; sending shares of the first information or the second information to a plurality of nodes of a block chain system respectively, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k; and reconstructing the second information or the first information based on at least k shares if a total number of shares of the second information or the first information received from the number of nodes is at least k.

In some embodiments, sending the share of the first information or the second information to the nodes of the blockchain system, respectively, may further include sending a share of the first information or the second information to a node of the blockchain system.

In some embodiments, sending the shares of the first information or the second information to the nodes of the blockchain system, respectively, may further include sending the respective shares of the first information or the second information to the nodes of the blockchain system according to their respective weights.

In some embodiments, the method for implementing fair exchange may further include hashing each share of the first information or the second information and placing the resulting hash value onto the blockchain system.

In some embodiments, reconstructing the second information or the first information based on the at least k shares may further comprise: performing a hash operation on each share of the received second information or the first information and comparing the resulting hash value with hash values of the shares placed on the blockchain system; and reconstructing the second information or the first information based on the at least k shares if the comparison results are all equal.

In some embodiments, the method for enabling fair exchange may further include signing each share of the first information with the first user's private key or signing each share of the second information with the second user's private key and placing the resulting signature onto the blockchain system.

In some embodiments, the number of nodes may be at least 2 k-1.

In some embodiments, the number of nodes may be at least 3 k-2.

In another aspect of the present disclosure, there is also provided a method for implementing fair exchange, for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, and at a node of a block chain system, the method includes: receiving shares of the first information from the first user, wherein the first information has been split into m shares and is only capable of reconstructing the first information based on at least k shares, and wherein k < m; receiving a share of the second information from the second user, wherein the second information has been split into m shares and is only capable of reconstructing the second information based on at least k shares, and wherein k < m; and sending the received share of the first information to the second user and the received share of the second information to the first user.

In some embodiments, sending the received share of the first information to the second user and sending the received share of the second information to the first user may further comprise: sending the share of the first information to the second user upon receiving the share of the first information and sending the share of the second information to the first user upon receiving the share of the second information.

In some embodiments, sending the received share of the first information to the second user and sending the received share of the second information to the first user may further comprise: upon receiving both the share of the first information and the share of the second information, posting a message signed with a private key of the node onto the blockchain system, the message indicating that the node received both the share of the first information and the share of the second information; and when the number of the messages is at least 2k-1, sending the received share of the first information to the second user and sending the received share of the second information to the first user.

In some implementations, posting a message signed with a private key of the node onto the blockchain system upon receiving both the share of the first information and the share of the second information may further include: upon receiving both the share of the first information and the share of the second information, hashing the share of the first information and comparing the resulting hash value to the hash value of the share of the first information placed on the blockchain system and hashing the share of the second information and comparing the resulting hash value to the hash value of the share of the second information placed on the blockchain system; and in the case that the comparison results are all equal, posting a message signed with the private key of the node to the blockchain system.

In some implementations, posting a message signed with a private key of the node onto the blockchain system upon receiving both the share of the first information and the share of the second information may further include: upon receiving both the share of the first information and the share of the second information, verifying the share of the first information with the public key of the first user based on the signature of the share of the first information on the blockchain system and verifying the share of the second information with the public key of the second user based on the signature of the share of the second information on the blockchain system; and if the verification is passed, posting a message signed by the private key of the node to the blockchain system.

In some embodiments, the method for enabling fair exchange may further include returning the share of the first information to the first user and the share of the second information to the second user if the number of messages has not reached 2k-1 and a threshold time has arrived.

In yet another aspect of the present disclosure, a system for implementing fair exchange is also presented, including a first user end, a second user end, and several nodes of a block chain system, wherein the first user end exchanges first information and second information with the second user end, and wherein the first user end may be configured to: partitioning the first information into m shares such that the first information can be reconstructed based on at least k shares, where k < m; sending shares of the first information to the nodes respectively, wherein the number of shares of the first information sent to each node is less than k; and reconstructing the second information based on at least k shares of the second information if a total number of shares of the second information received from the number of nodes is at least k. The second user end may be configured to: partitioning the second information into m shares such that the second information can be reconstructed based on at least k shares, where k < m; sending shares of the second information to the plurality of nodes respectively, wherein the number of shares of the second information sent to each node is less than k; and reconstructing the first information based on at least k shares of the first information if a total number of shares of the first information received from the number of nodes is at least k. The number of nodes may be configured to receive a share of the first information from the first user; receiving a share of the second information from the second user; and sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal.

In some embodiments, sending the shares of the first information to the number of nodes, respectively, may further comprise sending a share of the first information to a node, and wherein sending the shares of the second information to the number of nodes, respectively, may further comprise sending a share of the second information to a node.

In some embodiments, sending the shares of the first information to the number of nodes, respectively, may further include sending the respective shares of the first information to the number of nodes according to the respective weights of the number of nodes, and wherein sending the shares of the second information to the number of nodes, respectively, may further include sending the respective shares of the second information to the number of nodes according to the respective weights of the number of nodes.

In some embodiments, sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal may further comprise: sending the share of the first information to the second user terminal upon receiving the share of the first information and sending the share of the second information to the first user terminal upon receiving the share of the second information.

In some embodiments, sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal may further comprise: upon receiving both the share of the first information and the share of the second information, posting a message signed with a private key of the number of nodes to the blockchain system, the message indicating that the number of nodes received both the share of the first information and the share of the second information; and when the number of the messages is at least 2k-1, sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal.

In some embodiments, the number of nodes may be further configured to return the share of the first information to the first user and the share of the second information to the second user if the number of messages has not reached 2k-1 and a threshold time has arrived.

In some embodiments, the first user end may be further configured to hash each share of the first information and place the resulting hash value onto the blockchain system, and the second user end may be further configured to hash each share of the second information and place the resulting hash value onto the blockchain system.

In some embodiments, reconstructing the second information based on at least k shares of the second information may further comprise: performing a hash operation on each share of the received second information and comparing the resulting hash value to the hash values of the shares placed on the blockchain system; and reconstructing the second information based on at least k shares of the second information if the comparison results are all equal; and reconstructing the first information based on the at least k shares of the first information may further comprise: performing a hash operation on each share of the received first information and comparing the resulting hash value to the hash values of the shares placed on the blockchain system; and reconstructing the first information based on at least k shares of the first information if the comparison results are all equal.

In some embodiments, posting a message signed with a private key of the number of nodes onto the blockchain system upon receiving both the shares of the first information and the shares of the second information may further include: upon receiving both the share of the first information and the share of the second information, hashing the share of the first information and comparing the resulting hash value to the hash value of the share of the first information placed on the blockchain system and hashing the share of the second information and comparing the resulting hash value to the hash value of the share of the second information placed on the blockchain system; and if the comparison results are all equal, posting a message signed by the private keys of the plurality of nodes to the blockchain system.

In some embodiments, the first user end may be further configured to sign each share of the first information with a private key of the first user end and place the resulting signature onto the blockchain system, and the second user end may be further configured to sign each share of the second information with a private key of the second user end and place the resulting signature onto the blockchain system.

In some embodiments, posting a message signed with a private key of the number of nodes onto the blockchain system upon receiving both the shares of the first information and the shares of the second information may further include: upon receiving both the share of the first information and the share of the second information, verifying the share of the first information with the public key of the first user based on the signature of the share of the first information on the blockchain system and verifying the share of the second information with the public key of the second user based on the signature of the share of the second information on the blockchain system; and if the verification is passed, posting a message signed with the private keys of the plurality of nodes to the blockchain system.

In some embodiments, the number of nodes may be at least 2 k-1.

In some embodiments, the number of nodes may be at least 3 k-2.

In yet another aspect of the present disclosure, there is also provided a computing device comprising a processor and a memory, wherein the memory has stored thereon computer program instructions which, when executed by the processor, implement the method for implementing fair switching as described above.

In yet another aspect of the disclosure, there is also provided a machine-readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement a method for implementing fair switching as described above.

Compared with the prior art, the beneficial effects of the disclosure are:

the solution of the present disclosure first splits the information to be exchanged (e.g. the first information and the second information) into m shares and based on at least k shares of them the information to be exchanged can be reconstructed, and then sends the m shares to several nodes of the blockchain system, respectively, i.e. the information to be exchanged is hosted jointly by the several nodes. The user terminal as a first user can reconstruct the second information based on the at least k shares of the second information upon receiving the at least k shares of the second information from the nodes of the blockchain system, and the user terminal as a second user can reconstruct the first information based on the at least k shares of the first information upon receiving the at least k shares of the first information from the nodes of the blockchain system, thereby achieving a fair exchange of the first information and the second information between the first user and the second user without participation of the TTP based on the characteristics of the blockchain system.

Drawings

The novel features of the invention are set forth with particularity in the appended claims. A better understanding of the features and advantages of the present invention will be obtained by reference to the following detailed description that sets forth illustrative embodiments, in which the principles of the invention are utilized, and the accompanying drawings. The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, in the drawings, wherein like reference numerals refer to like elements throughout:

fig. 1 shows a flow diagram at a user end of a method for implementing fair switching according to an example embodiment of the present disclosure;

fig. 2 shows a flow diagram at a user end of a method for implementing fair switching in accordance with another example embodiment of the present disclosure;

FIG. 3 shows a flow diagram at a user end of a method for implementing fair switching in accordance with yet another example embodiment of the present disclosure;

figure 4 shows a flow diagram of a method for implementing fair switching at a node of a blockchain system according to an example embodiment of the present disclosure;

FIG. 5 shows a schematic diagram of a system for implementing fair switching, according to an example embodiment of the present disclosure; and

FIG. 6 shows a schematic diagram of a computing device in accordance with an example embodiment of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Nothing in the following detailed description is intended to indicate that any particular component, feature, or step is essential to the invention. Those skilled in the art will appreciate that various features or steps may be substituted for or combined with one another without departing from the scope of the present disclosure.

The block chain is a chain data structure formed by connecting data in a series of blocks in time sequence, and is a distributed account book which is cryptographically used for ensuring that the data cannot be tampered and forged. The block chain establishes a trust mechanism by using encryption technologies such as Hash and signature and a consensus algorithm, so that the cost of repudiation, tampering and fraud behaviors is huge, and the data cannot be tampered and counterfeited. The blockchain system adopts a decentralized structure, namely a central control mechanism does not exist, information stored on the blockchain system is managed by all nodes of the blockchain system together, each node has one blockchain, and all the nodes have the same blockchain. Theoretically, none of the nodes here is trusted, but the entire blockchain system is trusted.

Fair exchange is to assume that two parties of the exchange do not trust each other and that a loss of trust or fraud of the transaction may occur, with the aim of achieving real-time fairness of the exchange activity, i.e. either both parties can get the information to be exchanged from the other party or neither can get it.

Fig. 1 shows a flowchart of a method for implementing fair exchange at a user end for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, according to an example embodiment of the present disclosure. As shown in fig. 1, a method for implementing fair switching may include the steps of:

s101: splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m;

s102: sending shares of the first information or the second information to a plurality of nodes of a block chain system respectively, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k; and

s103: reconstructing the second information or the first information based on at least k shares if a total number of shares of the second information or the first information received from the number of nodes is at least k.

As can be seen from the above description, the method for implementing fair exchange first divides information to be exchanged, such as first information and/or second information, into m shares, and based on at least k shares of the m shares, can reconstruct the first information and/or second information, then sends the shares of information to be exchanged to several nodes of the block chain system, respectively, and the number of shares of the first information and/or the number of shares of the second information sent to each node is less than k, that is, the information to be exchanged is hosted by the several nodes of the block chain system together, and the several nodes as a whole correspond to a TTP. The shares of information to be exchanged are then sent by several nodes of the blockchain system to the respective users, e.g. the share of the first information is sent to the second user and the share of the second information is sent to the first user. The user terminal as the first user may reconstruct the second information based on the at least k shares of the second information upon receiving the at least k shares of the second information, and the user terminal as the second user may reconstruct the first information based on the at least k shares of the first information upon receiving the at least k shares of the first information, thereby achieving fair exchange without participation of the TTP based on the characteristics of the blockchain system.

The first user and the second user are both parties that need to exchange information, and

the "first" and "second" do not represent a sequential relationship, but are used to distinguish between two parties that exchange information, and the first user and the second user may be used interchangeably. Here, the first information and the second information refer to information to be exchanged, and "first" and "second" do not indicate an order relation but are used to distinguish the information to be exchanged, and the first information and the second information may be used interchangeably.

In some embodiments, the step S101 of splitting the first information or the second information into m shares enables the reconstruction of the first information or the second information based on at least k shares, the first information and/or the second information may be split using a threshold encryption scheme. For example, information a is to be combined₀Splitting into m shares, based on at least k of which the information a can be reconstructed₀K may also be referred to as a threshold. First, a random k-1 order polynomial is generated:

f(x)＝a_k-1x^k-1+a_k-2x^k-2+…+a₁x+a₀wherein the coefficient a_k-1，a_k-2，…,a₁Is chosen randomly, a₀Is the information. Subsequently, m portions are generated, respectively a first portion (1, f (1)), a second portion (2, f (2)), …, and an m-th portion (m, f (m)). Anyone can use any k shares to recompose the polynomial f (x) by lagrange's interpolation formula. After the polynomial f (x) is recombined, the information a can be calculated₀F (0). As another example, assume information a₀When 10, k 2, is divided into 3 shares, a polynomial of order 1 is generated: (x) 3x + 10. Three portions are calculated, namely portion 1(1,13), portion 2(2,16) and portion 3(3,19), in other words the information a₀The division 10 is divided into portions 1(1,13), 2(2,16) and 3(3,19), any two of which can be recombined f (x). Assuming that share 1 and share 2 are now known, f (x) is regrouped according to share 1 and share 2,

after f (x) is obtained, f (0) ═ 3 × 0+10 ═ 10 is calculated, and the information a is reconstructed₀. The values for m and k may be varied depending upon the particular application, and it will be understood by those skilled in the art that the invention is not limited in this respect as long as m and k are integers and k is<And m is just needed.

In some embodiments, the step S102 of sending the shares of the first information or the second information to the nodes of the blockchain system, respectively, may further comprise sending the shares of the first information or the second information to the nodes of the blockchain systemA share of the first information or the second information is sent to a node of the blockchain system, i.e. a share is hosted by a node. In other embodiments, two shares of the first information or the second information may be sent to one node of the blockchain system, such that one node hosts two shares. In still other embodiments, step S102 of sending the shares of the first information or the second information to the nodes of the blockchain system, respectively, may further include sending the respective shares of the first information or the second information to the nodes according to the weights of the nodes of the blockchain system, i.e., one node may host one or more shares. The number of shares each node hosts can be determined according to the weight of the node, and the larger the weight of the node is, the more shares the node hosts. The weight of a node may be determined according to the trustworthiness of the node, for example, a node with a high trustworthiness may be given a greater weight. The determination of weights and the determination of trustworthiness can be accomplished in any manner now known or later known in the art, and the invention is not limited in this respect. In some cases, a workload proving difficult problem may be created based on shares, the created workload proving difficult problem is sent to nodes, the nodes solve the workload proving difficult problem to obtain the shares, and the nodes may solve as many workload proving difficult problems as possible according to their own wishes and capabilities, but it is required to ensure that the number of shares that can be solved by one node is less than k. For example, a share of xyz, where xy constitutes a significant random bit, and x is r in length, then the workload proof puzzle created is (yz, hash (xyz)), where hash (xyz) is much longer than x, which would typically require 2 operations for a node to solve^r-1And performing secondary hash operation.

Fig. 2 shows a flowchart of a method for implementing fair exchange at a user end for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, according to another example embodiment of the present disclosure. As shown in fig. 2, the method for implementing fair switching may include the following steps:

s201: splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m;

s202: sending shares of the first information or the second information to a plurality of nodes of a block chain system respectively, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k;

s203: performing a hash operation on each share of the first information or the second information and placing a resulting hash value onto the blockchain system; and

s204: reconstructing the second information or the first information based on at least k shares if a total number of shares of the second information or the first information received from the number of nodes is at least k.

As can be seen from the above, the method for implementing fair exchange differs from the method shown in fig. 1 in that step S203 performs a hash operation on each share of the first information or the second information and places the resulting hash value on the blockchain system. This step S203 hashes each share of the first information or the second information and places the resulting hash value onto the blockchain system, so that for a node of the blockchain system that receives the respective share, the authenticity of the share it receives can be verified based on the hash value. For example, the first user sends a first share of the first information to a first node of the blockchain system, and also hashes the first share and places the resulting hash value on the blockchain system. The first node may hash the first share of the first information after receiving the first share, and then compare the resulting hash value with the hash value of the first share placed on the blockchain system, and if equal, indicate that the first share of the first information received by the first node is authentic. For the sake of brevity, the steps shown in fig. 2 that are the same as the steps shown in fig. 1 are not described again.

Placing the hash value of the shares of the first information and/or the second information onto the blockchain system not only helps the nodes of the blockchain system to verify the authenticity of their received shares, but also helps the information exchange party to verify the authenticity of the received shares. Thus, in some embodiments, reconstructing the second information or the first information based on the at least k shares in step 204 may further comprise: performing a hash operation on each share of the received second information or the first information and comparing the resulting hash value with hash values of the shares placed on the blockchain system; and reconstructing the second information or the first information based on the at least k shares if the comparison results are all equal. For example, for a user terminal that is a first user, after receiving shares of second information from several nodes of the blockchain system, the respective shares of second information may be hashed and the resulting hash value is then compared to the hash values of the shares placed on the blockchain system to verify the authenticity of the respective shares of second information; for a user's end that is a second user, after receiving shares of the first information from several nodes of the blockchain system, the shares of the first information may be hashed, and the resulting hash value is then compared to the hash values of the shares placed on the blockchain system to verify the authenticity of the shares of the first information.

Fig. 3 shows a flowchart of a method for implementing fair exchange at a user end for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, according to yet another example embodiment of the present disclosure. As shown in fig. 3, the method for implementing fair switching may include the following steps:

s301: splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m;

s302: sending shares of the first information or the second information to a plurality of nodes of a block chain system respectively, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k;

s303: signing each share of the first information with the first user's private key or each share of the second information with the second user's private key and placing the resulting signature onto the blockchain system; and

s304: reconstructing the second information or the first information based on at least k shares if a total number of shares of the second information or the first information received from the number of nodes is at least k.

As can be seen from the above, the method for implementing fair exchange differs from the method shown in fig. 2 in that step S303 signs each share of the first information with the private key of the first user or signs each share of the second information with the private key of the second user and places the resulting signature on the blockchain system. This step S303 is to place a signature of the share of the first information or the second information with the private key of the first user or the second user on the blockchain system, so that the node of the blockchain system receiving the corresponding share can verify the authenticity of the share it received according to the signature. For example, a first user sends a first share of first information to a first node of the blockchain system, and also signs the first share with its private key and places the resulting signature on the blockchain system. Upon receipt of the first share of the first information by the first node, the authenticity of the first share of the first information received by the first node may be verified with the public key of the first user based on the signature. For the sake of brevity, the steps shown in fig. 3 that are the same as the steps shown in fig. 1 are not described again.

Placing a signature of a share of the first or second information onto the blockchain system not only helps the nodes of the blockchain system to verify the authenticity of their received shares, but also helps the information exchange parties to verify the authenticity of the received shares. Thus, in some embodiments, reconstructing the second information or the first information based on the at least k shares in step 304 may further comprise: verifying the share of the first information with the public key of the first user based on signing the share of the first information with the private key of the first user, or verifying the share of the second information with the public key of the second user based on signing the share of the second information with the private key of the second user; and reconstructing the second information or the first information based on the at least k shares if the verification passes. For example, for a user side as a first user, after receiving shares of second information from several nodes of the blockchain system, hash operations may be performed on the shares of the second information, and the signature of each share placed on the blockchain system is decrypted by the public key of the second user, and then the hash value calculated by the hash operation is compared with the decrypted value, and if equal, it indicates that the share of the second information received by the user side from the nodes of the blockchain system is real; for the user end as the second user, after receiving the shares of the first information from the nodes of the blockchain system, the hash operation can be performed on the shares of the first information, the signature of each share placed on the blockchain system is decrypted by the public key of the first user, and then the calculated hash value is compared with the decrypted value, and if the calculated hash value is equal, the share of the first information received by the user end from the nodes of the blockchain system is true.

In some embodiments, the number of nodes may be at least 2 k-1. As can be seen from the above, the first information or the second information can be reconstructed based on at least k shares of the first information or the second information, and therefore, it is necessary to ensure that at least k valid shares of the first information or the second information are obtained for reconstructing the first information or the second information, and therefore, at least k trusted nodes in the blockchain system are required. As can be seen from the nature of the blockchain, the number of untrustworthy nodes in the nodes of the blockchain system should be less than half, and thus at least 2k-1 nodes are required to participate in the hosting of the shares of the first information and/or the second information. In other embodiments, the number of nodes may be at least 3k-2, if there are k-1 nodes that do not publish the shares they receive.

Fig. 4 shows a flowchart at a node of a blockchain system of a method for implementing fair exchange for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, according to an example embodiment of the present disclosure. As shown in fig. 4, the method for implementing fair switching may include the following steps:

s401: receiving shares of the first information from the first user, wherein the first information has been split into m shares and is only capable of reconstructing the first information based on at least k shares, and wherein k < m;

s402: receiving a share of the second information from the second user, wherein the second information has been split into m shares and is only capable of reconstructing the second information based on at least k shares, and wherein k < m; and

s403: sending the received share of the first information to the second user and sending the received share of the second information to the first user.

As can be seen from the above, in the technical solution of the present disclosure, by means of the nodes of the blockchain system, the first user sends the share of the first information to the nodes of the blockchain system, the second user sends the share of the second information to the nodes of the blockchain system, and then the nodes of the blockchain system send the share of the second information to the first user and send the share of the first information to the second user. In the method, although there is no participation of the TTP, the several nodes as a whole function as the TTP. In addition, the share number of the first information and/or the share number of the second information received by each node are smaller than k, so that it can be ensured that any node cannot reconstruct the first information and/or the second information, that is, the first information and/or the second information cannot be obtained. The first user and the second user are both parties that need to exchange information, and the "first" and the "second" do not represent a sequential relationship, but are used to distinguish between the two parties that exchange information, and the first user and the second user can be used interchangeably. Here, the first information and the second information refer to information to be exchanged, and "first" and "second" do not indicate an order relation but are used to distinguish the information to be exchanged, and the first information and the second information may be used interchangeably.

In some embodiments, the step S403 of sending the received share of the first information to the second user and sending the received share of the second information to the first user may further comprise: the share of the first information is sent to the second user upon receipt of the share of the first information and the share of the second information is sent to the first user upon receipt of the share of the second information, that is to say the nodes of the blockchain system send the shares of first and/or second information to the second user and/or first user, respectively, upon receipt of them. In still other embodiments, the step S403 transmitting the received share of the first information to the second user and transmitting the received share of the second information to the first user may further comprise: upon receiving both the share of the first information and the share of the second information, posting a message signed with a private key of the node onto the blockchain system, the message indicating that the node received both the share of the first information and the share of the second information; and when the number of the messages is at least 2k-1, sending the received share of the first information to the second user and sending the received share of the second information to the first user. In this case, the node of the blockchain system does not send the second user and/or the first user immediately after receiving the share of the first information and/or the second information, but places a message signed with its private key on the blockchain system, which indicates that the node has received both the share of the first information and the share of the second information, so that the first user and/or the second user can be prevented from sending their shares as intended. When the number of messages on the blockchain system is at least 2k-1, the nodes of the blockchain system can send the respective received shares of the first information to the second user and the received shares of the second information to the first user, thereby realizing fair exchange. The number of untrusted nodes in the nodes of the blockchain system receiving the shares is less than k-1, so that when at least 2k-1 messages are present on the blockchain system, it can be ensured that at least k messages of the 2k-1 messages are trusted, i.e. that at least k nodes in the nodes of the blockchain system transmit in total at least k valid shares of the first information and at least k valid shares of the second information. At this point, each node sends its received share of the first information to the second user and its received share of the second information to the first user. The first user can thus receive at least k valid shares of the second information, while the second user can receive at least k valid shares of the first information. The first user is able to reconstruct the second information based on the at least k valid shares of the second information and the second user is also able to reconstruct the first information based on the at least k valid shares of the first information, thereby further ensuring the achievement of a fair exchange. It is to be appreciated that the messages signed by their private keys for nodes of the blockchain system can be implemented in any form and/or manner now known or later known in the art, and the invention is not limited in this respect.

In some implementations, posting a message signed with a private key of the node onto the blockchain upon receiving both the share of the first information and the share of the second information may further include: upon receiving both the share of the first information and the share of the second information, hashing the share of the first information and comparing the resulting hash value to the hash value of the share of the first information placed on the blockchain system and hashing the share of the second information and comparing the resulting hash value to the hash value of the share of the second information placed on the blockchain system; and in the case that the comparison results are all equal, posting a message signed with the private key of the node to the blockchain system. The nodes of the blockchain system do not know the authenticity of the received shares of the first information and/or the received shares of the second information when they are received, so it is necessary to verify the authenticity of the received shares of the first information and/or the second information, provided of course that the first user has hashed the shares of the first information and placed the resulting hash value onto the blockchain system and the second user has hashed the shares of the second information and placed the resulting hash value onto the blockchain system. The node of the blockchain system may hash the received share of the first information and compare the resulting hash value with the hash value of the share placed on the blockchain system, and if equal, indicate that the received share of the first information is authentic. The node of the blockchain system may also hash the received share of the second information and compare the resulting hash value with the hash value of the share placed on the blockchain system, and if equal, indicate that the received share of the second information is authentic. In the event that both the received share of the first information and the received share of the second information are true, the node of the blockchain system posts a message to the blockchain system indicating that it received both the share of the first information and the share of the second information.

In further embodiments, posting a message signed with a private key of the node onto the blockchain upon receiving both the share of the first information and the share of the second information may further include: upon receiving both the share of the first information and the share of the second information, verifying the share of the first information with the public key of the first user based on the signature of the share of the first information on the blockchain system and verifying the share of the second information with the public key of the second user based on the signature of the share of the second information on the blockchain system; and if the verification is passed, posting a message signed by the private key of the node to the blockchain system. In these embodiments, verifying the authenticity of the received shares of the first and/or second information may be accomplished by a signature of the shares of the first and/or second information placed on the blockchain system, wherein the signature of the shares of the first information is obtained by a first user signing the shares of the first information with their private key and placed onto the blockchain system, and the signature of the shares of the second information is obtained by a second user signing the shares of the second information with their private key and placed onto the blockchain system. The node on the blockchain system can decrypt the signature of the share of the first information by using the public key of the first user, hash the received share of the first information, compare the decrypted value with the obtained hash value, and if the decrypted value is equal to the obtained hash value, the node indicates that the received share of the first information is real. In addition, the node on the blockchain system can also decrypt the signature of the share of the second information by using the public key of the second user, hash the received share of the second information, compare the decrypted value with the obtained hash value, and if the decrypted value is equal to the obtained hash value, the node indicates that the received share of the second information is real. In the event that both the received share of the first information and the received share of the second information are true, the node of the blockchain system posts a message to the blockchain system indicating that it received both the share of the first information and the share of the second information.

As can be seen from the above, in some cases, the number of said messages on the blockchain system is at least 2k "1 as a trigger condition for triggering each node of the blockchain system to send a share of the second information to the first user and a share of the first information to the second user, and this is waited for if the number of messages has not been 2 k" 1. However, it is understood that in practical situations, it is impossible for the first user and the second user to wait all the time, and in general, the first user and the second user agree in advance for a certain threshold time, and if the information exchange is not completed by the time of the threshold time, the information exchange is ended. Therefore, in some embodiments, the method for implementing fair exchange according to the exemplary embodiments of the present disclosure may further include returning the share of the first information to the first user and returning the share of the second information to the second user if the number of the messages is not yet 2k-1 and a threshold time has arrived, where the threshold time refers to a maximum time for the first user to perform the information exchange with the second user. In this way, when the threshold time is reached and the triggering conditions for each node to send the share of the second information to the first user and the share of the first information to the second user are not met, the information exchange is ended, i.e., the share of the first information is returned to the first user and the share of the second information is returned to the second user. In other words, each node returns its received share to the sender of the share, thereby ending the exchange of information. It is known that each node of the blockchain system has each block with a strictly sequential increasing timestamp, so that the timestamp of a later formed block must be greater than the timestamp of a previously formed block. Each node of the blockchain system can return the received share to the sender of the share when it is found that the timestamp of the blockchain is greater than the threshold time but there have not been at least 2k-1 of the messages at that time.

Fig. 5 shows a schematic diagram of a system for implementing fair switching, according to an example embodiment of the present disclosure. As shown in fig. 5, the system for implementing fair exchange may include a first user end 501, a second user end 502, and several nodes 5031 of a blockchain system 503, wherein the first user end 501 exchanges first information and second information with the second user end 502, and wherein the first user end 501 may be configured to: partitioning the first information into m shares such that the first information can be reconstructed based on at least k shares, where k < m; sending shares of the first information to the plurality of nodes 5031, respectively, wherein the number of shares of the first information sent to each node 5031 is less than k; and reconstructing the second information based on the at least k shares of the second information if the total number of shares of the second information received from the number of nodes 5031 is at least k. The second user terminal 502 may be configured to: partitioning the second information into m shares such that the second information can be reconstructed based on at least k shares, where k < m; sending shares of the second information to the plurality of nodes 5031, respectively, wherein the number of shares of the second information sent to each node 5031 is less than k; and reconstructing the first information based on the at least k shares of the first information if the total number of shares of the first information received from the number of nodes 5031 is at least k. Several nodes 5031 may be used to: receiving a share of the first information from the first user terminal 501; receiving a share of the second information from the second user terminal 502; and sending the received share of the first information to the second user terminal 502 and sending the received share of the second information to the first user terminal 501.

As can be seen from the above description, the first user end 501 of the system for implementing fair exchange divides the first information into m shares and sends the m shares to the nodes 5031, respectively, and the second user end 502 divides the second information into m shares and sends the m shares to the nodes 5031, respectively, that is, the nodes 5031 host the first information and the second information together as a whole. Since the shares of the first information sent by the first user terminal 501 to each node 5031 are all less than k, and the shares of the second information sent by the second user terminal 502 to each node 5031 are also all less than k, none of the nodes 5031 can have at least k shares of the first information and/or the second information, and thus each node 5031 cannot learn the first information and/or the second information. Each node 5031 then sends the received share of the first information to the second user 502 and the received share of the second information to the first user 501, so that the second user 502 can reconstruct the first information based on the received share of the first information from the node 5031, and the first user 501 can reconstruct the second information based on the received share of the second information from the node 5031, thereby achieving a fair exchange without participation of a TTP. Here, the first user terminal 501 and the second user terminal 502 refer to two parties that need to exchange information, and "first" and "second" do not represent a sequential relationship, but are used to distinguish the two parties that exchange information, and the first user terminal 501 and the second user terminal 502 may be used interchangeably. In addition, the first user terminal 501 may also be referred to as a first user, and the second user terminal 502 may also be referred to as a second user. In addition, the first user terminal 501 and/or the second user terminal 502 may be nodes of the blockchain system 503, and may exist independently of the blockchain system 503. Here, the first information and the second information refer to information to be exchanged, and "first" and "second" do not indicate an order relation but are used to distinguish the information to be exchanged, and the first information and the second information may be used interchangeably. For blockchain system 503, it may be implemented using any means currently known in the art or known in the future, such as Bitcoin (Bitcoin), etherhouse (Ethereum), etc., and the invention is not limited in this respect.

As further shown in fig. 5, each node 5031 of the blockchain system 503 may be connected via a network 5032, which may be, for example, a local area network, a metropolitan area network, a wide area network, and/or the internet, among others.

In some embodiments, the first user terminal 501 splits the first information into m shares such that the first information can be reconstructed based on at least k shares, and the second user terminal 502 splits the second information into m shares such that the second information can be reconstructed based on at least k shares, the splitting of the first information and/or the second information may be implemented using a threshold encryption scheme. For example, information a is to be combined₀Splitting into m shares, based on at least k of which the information a can be reconstructed₀K may also be referred to as a threshold. First, a random polynomial of order k-1 is generated, f (x) a_k-lx^k-1+a_k-2x^k-2+…+a₁x+a₀Wherein the coefficient a_k-1，a_k-2，…,a₁Is chosen randomly, a₀Is the information. Subsequently, m portions are generated, respectively a first portion (1, f (1)), a second portion (2, f (2)), …, and an m-th portion (m, f (m)). Any personThe polynomial f (x) can be recomposed by lagrange's interpolation formula using any number k of shares. After the polynomial f (x) is recombined, the information a can be calculated₀F (0). As another example, assume information a₀When 10, k 2, is divided into 3 shares, a polynomial of order 1 is generated: (x) 3x + 10. Three portions are calculated, namely portion 1(1,13), portion 2(2,16) and portion 3(3,19), in other words the information a₀The division 10 is divided into portions 1(1,13), 2(2,16) and 3(3,19), any two of which can be recombined f (x). Assuming that share 1 and share 2 are now known, the components are recombined according to share 1 and share 2

In some embodiments, the sending of the shares of the first information by the first user 501 to the nodes 5031, respectively, may further include the first user 501 sending a share of the first information to the nodes 5031, and the sending of the shares of the second information by the second user 502 to the nodes 5031, respectively, may further include the second user 502 sending a share of the second information to the nodes 5031. For example, the first user terminal 501 divides the first information into m shares, i.e. share S₁₁，S₁₂，…，S_1i，…,S_1mAnd will share S₁₁Is sent to node N₁Will share S₁₂Is sent to node N₂…, dividing the portion S_1iIs sent to node N_i…, dividing the portion S_1mIs sent to node N_m(ii) a The second user terminal 502 splits the second information into m shares, i.e. share S₂₁，S₂₂，…，S_2i，…,S_2mAnd will share S₂₁Is sent to node N₁Will share S₂₂Is sent to node N₂…, dividing the portion S_2iIs sent to node N_i…, dividing the portion S_2mIs sent to node N_m. In other embodiments, the first user terminal 501 sending the shares of the first information to the nodes 5031 respectively may further comprise the first user terminal 501 sending the corresponding shares of the first information to the nodes 5031 according to the respective weights of the nodes 5031, and the second user terminal 502 sending the shares of the second information to the nodes 5031 respectively may further comprise the second user terminal 502 sending the corresponding shares of the second information to the nodes 5031 according to the respective weights of the nodes 5031, that is, one node 5031 may host one or more shares. The number of shares hosted by each node 5031 can be determined by the weight of the node 5031, with the greater the weight of the node 5031, the greater the number of shares it hosts. The weight of the node 5031 may be determined according to the trustworthiness of the node 5031, for example, a node 5031 with a high trustworthiness may be given a large weight. The determination of weights and the determination of trustworthiness can be accomplished in any manner now known or later known in the art, and the invention is not limited in this respect. In some cases, a workload certification puzzle may be created based on shares, sent to node 5031, solved by node 5031 to obtain the shares, and node 5031 may solve as many workload certification puzzles as it wants and can, but need to ensure that node 5031 can solve less than k shares. For example, a share of xyz, where xy constitutes a significant random bit, and x is r in length, then the workload proof puzzle created is (yz, hash (xyz)), where hash (xyz) is much longer than x, which would typically require 2 for node 5031 to solve^r-1And performing secondary hash operation.

For several nodes 5031 of the blockchain system 503, in some embodiments, the share of the first information may be sent to the second user end 502 upon receiving the share of the first information and the share of the second information may be sent to the first user end 501 upon receiving the share of the second information. In other embodiments, number of nodes 5031 of blockchain system 503 may post a message signed with the private key of number of nodes 5031 to blockchain system 503 upon receiving both the share of the first information and the share of the second information, the message indicating that number of nodes 5031 received both the share of the first information and the share of the second information; and when the number of the messages is at least 2k-1, transmitting the received share of the first information to the second user terminal 502 and transmitting the received share of the second information to the first user terminal 501. In this case, the node 5031 of the blockchain system 503 does not send the second user terminal 502 and/or the first user terminal 501 immediately after receiving the share of the first information and/or the second information, but places a message signed with its private key on the blockchain system 503, the message indicating that the node 5031 receives both the share of the first information and the share of the second information, so that the first user terminal 501 and/or the second user terminal 502 can be prevented from sending its share as intended. When the number of messages on the blockchain system 503 is at least 2k-1, the nodes 5031 of the blockchain system 503 can send the respective received shares of the first information to the second user terminal 502 and the received shares of the second information to the first user terminal 501, thereby achieving a fair exchange. The number of nodes in the share-received nodes 5031 of the blockchain system 503 that are untrustworthy is less than k-1, so that when there are at least 2k-1 messages on the blockchain system, it can be ensured that at least k messages in the 2k-1 messages are trustworthy, i.e., it is ensured that at least k nodes 5031 in the nodes 5031 of the blockchain system 503 will transmit at least k valid shares of the first information and at least k valid shares of the second information in total. At this point each node 5031 sends its received share of the first information to the second user terminal 502 and its received share of the second information to the first user terminal 501. The first user terminal 501 may thus receive at least k valid shares of the second information, while the second user terminal 502 may receive at least k valid shares of the first information. The first user terminal 501 is able to reconstruct the second information based on the at least k valid shares of the second information and the second user terminal 502 is able to reconstruct the first information based on the at least k valid shares of the first information, thereby further ensuring the achievement of fair exchange. It is to be appreciated that the message signed by node 5031 of blockchain system 503 with its private key can be implemented in any form and/or manner now known in the art or known in the future, and the invention is not limited in this respect.

As can be seen from the above, in some cases, the number of messages on the blockchain system 503 is at least 2k "1 as a trigger condition for triggering each node 5031 of the blockchain system 503 to send a share of the second information to the first user terminal 501 and a share of the first information to the second user terminal 502, and so on if the number of messages has not been 2 k" 1. However, it is understood that in practical situations, the first user terminal 501 and the second user terminal 502 may not wait all the time, and in general, the first user terminal 501 and the second user terminal 502 agree a certain threshold time in advance, and if the information exchange is not completed when the threshold time is reached, the information exchange is ended. Thus, in some embodiments, several nodes 5031 of the blockchain system 503 may be further configured to return the share of the first information to the first user end 501 and the share of the second information to the second user end 502 if the number of the messages is not yet 2k-1 and a threshold time has arrived, where the threshold time is the longest time for the first user end 501 to exchange information with the second user end 502. In this way, when the threshold time is reached and the triggering conditions for each node 5031 to send the share of the second information to the first user and send the share of the first information to the second user are not met, the information exchange is ended, that is, the share of the first information is returned to the first user and the share of the second information is returned to the second user. In other words, each node 5031 returns the shares it receives to the sender of the shares, thereby ending the exchange of information. It is known that each node 5031 of the blockchain system 503 has each tile with a strictly sequentially increasing timestamp, and thus the timestamp of a later formed tile must be greater than the timestamp of a previously formed tile. Each node 5031 of the blockchain system 503 can return the received share to the sender of the share when it is found that the timestamp of having the tile is greater than the threshold time but there have not been at least 2k-1 of the messages at this time.

In some embodiments, the first user terminal 501 may be further configured to hash each share of the first information and place the resulting hash value onto the blockchain system 503, and the second user terminal 502 may be further configured to hash each share of the second information and place the resulting hash value onto the blockchain system 503. The purpose of the first and

second user terminals

501, 502 to do this is to help verify the authenticity of the shares they send. For example, the first user terminal 501 sends a first share of the first information to node N of the blockchain system 503₁And also hashes the first share and places the resulting hash value onto blockchain system 503. Then node N₁Upon receiving the first share of the first information, the first share may be hashed, and the resulting hash value may be compared to the hash value of the first share placed on blockchain system 503, and if equal, it may indicate that node N is present₁The received first share of the first information is authentic. Thus, in some embodiments, number of nodes 5031 of blockchain system 503, upon receiving both the share of the first information and the share of the second information, may hash the share of the first information and compare the resulting hash value to the hash value of the share of the first information placed on blockchain system 503 and hash the share of the second information and compare the resulting hash value to the hash value of the share of the second information placed on blockchain system 503, and in the event that the comparison results are all equal, post a message signed with the private key of number of nodes 5031 onto blockchain system 503.

The first user end 501 and the second user end 502 place the hash value of the shares of the first information and the second information, respectively, onto the blockchain system 503, which not only helps the node 5031 of the blockchain system 503 to verify the authenticity of the shares it receives, but also helps the information exchange party (e.g., the first user end 501 and the second user end 502) to verify the authenticity of the shares it receives. Thus, in some embodiments, after receiving shares of second information from number of nodes 5031, the first user end 501 hashes each share of the received second information and compares the resulting hash value with the hash values of the shares placed on the blockchain system 503 and reconstructs the second information based on at least k shares of second information if the comparison results are all equal. The second user end 502, after receiving shares of the first information from the number of nodes 5031, hashes each share of the received first information and compares the resulting hash value with the hash values of the shares placed on the blockchain system 503 and reconstructs the first information based on at least k shares of the first information if the comparison results are all equal.

In other embodiments, the first user terminal 501 may be further configured to sign each share of the first information with the private key of the first user terminal 501 and place the resulting signature on the blockchain system 503, and the second user terminal 502 may be further configured to sign each share of the second information with the private key of the second user terminal 502 and place the resulting signature on the blockchain system 503, so that the nodes 5031 of the blockchain system 503 can verify the authenticity of the shares they receive based on the signature. Thus, in some embodiments, upon receiving both the share of the first information and the share of the second information, several nodes 5031 of blockchain system 503 may verify the share of the first information with the public key of first user 501 based on the signature of the share of the first information on blockchain system 503 and the share of the second information with the public key of second user 502 based on the signature of the share of the second information on blockchain system 503, and if verification passes, post the private of nodes 5031 onto blockchain system 503The key signs the message. For example, the first user terminal 501 sends a first share of the first information to node N of the blockchain system 503₁And also signs the first share with its private key and places the resulting signature onto blockchain system 503. Node N₁Upon receiving the first share of the first information, the node N may be verified with the public key of the first user terminal 501 based on the signature₁Authenticity of the received first share of the first information.

The first user end 501 and the second user end 502 place signatures on the shares of the first information and the second information, respectively, onto the blockchain system 503, which not only helps the nodes 5031 of the blockchain system 503 to verify the authenticity of the shares it receives, but also helps the information exchange parties (e.g., the second user end 502 and the first user end 501) to verify the authenticity of the shares received. Thus, in some embodiments, the first user 501, after receiving the shares of the second information from the number of nodes 5031, can verify the shares of the second information with the public key of the second user 502 based on the signature of the shares of the second information with the private key of the second user 502; and reconstructing the second information based on at least k shares of the second information if the verification passes. For example, the first user terminal 501, after receiving shares of the second information from the nodes 5031 of the blockchain system 503, may perform a hash operation on the shares of the second information, decrypt the signature of each share placed on the blockchain system 503 with the public key of the second user terminal 502, compare the computed hash value with the decrypted value, and if equal, indicate that the share of the second information it received from the node 5031 of the blockchain system 503 is authentic. In addition, the second user terminal 502, after receiving the shares of the first information from the number of nodes 5031, may verify the shares of the first information with the public key of the first user terminal 501 based on the signature of the shares of the first information with the private key of the first user terminal 501; and reconstructing the first information based on at least k shares of the first information if the verification passes. For example, after receiving shares of the first information from nodes 5031 of the blockchain system 503, the second user end 502 may perform a hash operation on the shares of the first information, decrypt the signature of each share placed on the blockchain system 503 with the public key of the first user end 501, compare the computed hash value with the decrypted value, and if equal, indicate that the share of the first information it received from the nodes 5031 of the blockchain system 503 is authentic.

In some embodiments, the number of nodes is at least 2 k-1. As can be seen from the above, the first information or the second information can be reconstructed based on at least k shares of the first information or the second information, and therefore, at least k shares that are valid must be guaranteed to be obtained for reconstructing the first information or the second information, so that at least k trusted nodes 5031 in the blockchain system 503 are required. As can be seen by the nature of the blockchain, the number of untrusted nodes in the nodes 5031 of the blockchain system 503 should be less than half, thus requiring at least 2k-1 nodes 5031 to participate in the hosting of the share of the first information and/or the second information. In other embodiments, the number of nodes is at least 3 k-2.

In an aspect of the present disclosure, as shown in fig. 6, there is also provided a computing device 600 comprising a memory 602 and a processor 601, wherein the memory 602 has stored thereon computer program instructions 6020 that, when executed by the processor 601, implement the above-described method for implementing a fair exchange. Since the technical solutions of the method for implementing fair switching have been described in detail in the foregoing, they will not be described in detail herein.

In another aspect of the present disclosure, there is also provided a machine-readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the above-described method for implementing fair switching. The technical solutions for implementing the fair switching method have been described in detail above, and are not described again here. In some implementations, the machine-readable storage medium is a tangible component of a digital processing device. In other embodiments, the machine-readable storage medium is optionally removable from the digital processing apparatus. In some embodiments, the machine-readable storage medium may include, by way of non-limiting example, a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a flash Memory, a programmable Read-Only Memory (PROM), an erasable programmable Read-Only Memory (EPROM), a solid-state Memory, a magnetic disk, an optical disk, a cloud computing system or service, and so forth.

It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some embodiments, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

While exemplary embodiments of the present invention have been shown and described herein, it will be obvious to those skilled in the art that such embodiments are provided by way of example only. Numerous modifications, changes, and substitutions will now occur to those skilled in the art without departing from the invention. It should be understood that various alternatives to the embodiments of the invention described herein may be employed in practicing the invention. It is intended that the following claims define the scope of the invention and that methods and structures within the scope of these claims and their equivalents be covered thereby.

Claims

1. A method for implementing a fair exchange for a first user exchanging first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, and at a user end the method comprises:

splitting the first or second information into m shares such that the first or second information can be reconstructed based on at least k shares, where k < m;

sending shares of the first information or the second information to a plurality of nodes of a block chain system respectively, wherein the share number of the first information and/or the share number of the second information sent to each node are less than k; and

reconstructing the second information or the first information based on at least k shares if a total number of shares of the second information or the first information received from the number of nodes is at least k;

performing a hash operation on each share of the first information or the second information and placing a resulting hash value onto the blockchain system;

wherein reconstructing the second information or the first information based on the at least k shares further comprises:

performing a hash operation on each share of the received second information or the first information and comparing the resulting hash value with hash values of the shares placed on the blockchain system; and

reconstructing the second information or the first information based on the at least k shares if the comparison results are all equal.

2. A method for implementing a fair exchange as defined in claim 1, wherein sending a share of the first information or the second information to a number of nodes of a blockchain system, respectively, further comprises sending a share of the first information or the second information to a node of the blockchain system.

3. A method for implementing a fair exchange as defined in claim 1, wherein sending the respective shares of the first information or the second information to the nodes of the blockchain system further comprises sending the respective shares of the first information or the second information to the nodes of the blockchain system according to their respective weights.

4. A method for implementing a fair exchange as in any one of claims 1-3 further comprising signing each share of the first information with a private key of the first user or signing each share of the second information with a private key of the second user and placing the resulting signature onto the blockchain system.

5. A method for implementing a fair exchange as claimed in any one of claims 1 to 3 wherein the number of said nodes is at least 2k "1.

6. A method for implementing a fair exchange as claimed in any one of claims 1 to 3 wherein the number of said nodes is at least 3 k-2.

7. A method for implementing a fair exchange for a first user to exchange first information and second information with a second user, wherein the first user owns the first information and the second user owns the second information, and at a node of a blockchain system, the method comprising:

receiving shares of the first information from the first user, wherein the first information has been split into m shares and is only capable of reconstructing the first information based on at least k shares, and wherein k < m;

receiving a share of the second information from the second user, wherein the second information has been split into m shares and is only capable of reconstructing the second information based on at least k shares, and wherein k < m; and

sending the received share of the first information to the second user and the received share of the second information to the first user;

wherein sending the received share of the first information to the second user and sending the received share of the second information to the first user further comprises:

upon receiving both the share of the first information and the share of the second information, posting a message signed with a private key of the node onto the blockchain system, the message indicating that the node received both the share of the first information and the share of the second information; and

when the number of the messages is at least 2k-1, sending the received share of the first information to the second user and sending the received share of the second information to the first user;

wherein posting a message signed with a private key of the node onto the blockchain system upon receiving both the share of the first information and the share of the second information further comprises:

upon receiving both the share of the first information and the share of the second information, hashing the share of the first information and comparing the resulting hash value to the hash value of the share of the first information placed on the blockchain system and hashing the share of the second information and comparing the resulting hash value to the hash value of the share of the second information placed on the blockchain system; and

and in the case that the comparison results are all equal, posting a message signed by the private key of the node to the blockchain system.

8. The method for implementing a fair exchange as defined in claim 7, wherein sending the received share of the first information to the second user and the received share of the second information to the first user further comprises: sending the share of the first information to the second user upon receiving the share of the first information and sending the share of the second information to the first user upon receiving the share of the second information.

9. The method for implementing a fair exchange of claim 7 wherein posting a message signed with a private key of the node onto the blockchain system upon receiving both the share of the first information and the share of the second information further comprises:

upon receiving both the share of the first information and the share of the second information, verifying the share of the first information with the public key of the first user based on the signature of the share of the first information on the blockchain system and verifying the share of the second information with the public key of the second user based on the signature of the share of the second information on the blockchain system; and

and if the verification is passed, posting a message signed by the private key of the node to the blockchain system.

10. A method for implementing a fair exchange as in any one of claims 7-9 further comprising returning a share of the first information to the first user and a share of the second information to the second user if the number of messages has not reached 2k "1 and a threshold time has arrived.

11. A system for implementing fair switching, comprising a first user side, a second user side, and a number of nodes of a blockchain system, wherein the first user side exchanges first information and second information with the second user side, and wherein the first user side is configured to:

partitioning the first information into m shares such that the first information can be reconstructed based on at least k shares, where k < m;

sending shares of the first information to the nodes respectively, wherein the number of shares of the first information sent to each node is less than k; and

reconstructing the second information based on at least k shares of the second information if a total number of shares of the second information received from the number of nodes is at least k;

and wherein the second user end is configured to:

partitioning the second information into m shares such that the second information can be reconstructed based on at least k shares, where k < m;

sending shares of the second information to the plurality of nodes respectively, wherein the number of shares of the second information sent to each node is less than k; and

reconstructing the first information based on at least k shares of the first information if a total number of shares of the first information received from the number of nodes is at least k;

and wherein the number of nodes are to:

receiving a share of the first information from the first user;

receiving a share of the second information from the second user; and

sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal;

wherein the first user end is further configured to hash each share of the first information and place a resulting hash value onto the blockchain system, and the second user end is further configured to hash each share of the second information and place a resulting hash value onto the blockchain system;

wherein reconstructing the second information based on at least k shares of the second information further comprises:

performing a hash operation on each share of the received second information and comparing the resulting hash value to the hash values of the shares placed on the blockchain system; and

reconstructing the second information based on at least k shares of the second information if the comparison results are all equal;

and reconstructing the first information based on at least k shares of the first information further comprises:

performing a hash operation on each share of the received first information and comparing the resulting hash value to the hash values of the shares placed on the blockchain system; and

reconstructing the first information based on at least k shares of the first information if the comparison results are all equal.

12. The system for implementing a fair exchange as defined in claim 11 wherein sending the respective shares of the first information to the plurality of nodes further comprises sending a share of the first information to one node, and wherein sending the respective shares of the second information to the plurality of nodes further comprises sending a share of the second information to one node.

13. The system for implementing a fair exchange as defined in claim 11 wherein sending the shares of the first information to the plurality of nodes, respectively, further comprises sending respective shares of the first information to the plurality of nodes according to the respective weights of the plurality of nodes, and wherein sending the shares of the second information to the plurality of nodes, respectively, further comprises sending respective shares of the second information to the plurality of nodes according to the respective weights of the plurality of nodes.

14. The system for implementing a fair exchange as defined in claim 11 wherein sending the received share of the first information to the second user and the received share of the second information to the first user further comprises: sending the share of the first information to the second user terminal upon receiving the share of the first information and sending the share of the second information to the first user terminal upon receiving the share of the second information.

15. The system for implementing a fair exchange as defined in claim 11 wherein sending the received share of the first information to the second user and the received share of the second information to the first user further comprises:

upon receiving both the share of the first information and the share of the second information, posting a message signed with a private key of the number of nodes to the blockchain system, the message indicating that the number of nodes received both the share of the first information and the share of the second information; and

and when the number of the messages is at least 2k-1, sending the received share of the first information to the second user terminal and sending the received share of the second information to the first user terminal.

16. The system for implementing a fair exchange as in claim 15 wherein the number of nodes are further configured to return the share of the first information to the first user and the share of the second information to the second user if the number of messages has not reached 2k "1 and a threshold time has arrived.

17. The system for implementing a fair exchange of claim 15 wherein posting a message signed with a private key of the number of nodes onto the blockchain system upon receiving both the share of the first information and the share of the second information further comprises:

and if the comparison results are all equal, posting a message signed by the private keys of the nodes to the blockchain system.

18. A system for implementing a fair exchange as defined in any one of claims 11 to 16 wherein the first user end is further configured to sign each share of the first information with a private key of the first user end and place the resulting signature onto the blockchain system, and the second user end is further configured to sign each share of the second information with a private key of the second user end and place the resulting signature onto the blockchain system.

19. The system for implementing a fair exchange of claim 18 wherein posting a message signed with a private key of the number of nodes onto the blockchain system upon receiving both the share of the first information and the share of the second information further comprises:

if the verification passes, posting a message signed with the private keys of the plurality of nodes onto the blockchain system.

20. A system for implementing a fair exchange as defined in any one of claims 11 to 16 wherein the number of nodes is at least 2k "1.

21. A system for implementing a fair exchange as defined in any one of claims 11 to 16 wherein the number of nodes is at least 3k "2.

22. A computing device comprising a processor and a memory, wherein the memory has stored thereon computer program instructions which, when executed by the processor, implement the method for implementing a fair exchange of any of claims 1 to 10.

23. A machine readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method for implementing a fair exchange of any of claims 1 to 10.