CN111433800A

CN111433800A - Transaction processing method and related equipment

Info

Publication number: CN111433800A
Application number: CN201780097441.XA
Authority: CN
Inventors: 阮子瀚; 吴双; 贺伟
Original assignee: Huawei International Pte Ltd
Current assignee: Huawei International Pte Ltd
Priority date: 2017-12-28
Filing date: 2017-12-28
Publication date: 2020-07-17
Anticipated expiration: 2037-12-28
Also published as: WO2019132767A1; CN111433800B

Abstract

The application discloses a transaction processing method and related equipment, wherein a terminal can generate first signature information of transaction content according to the credential of a first account, and the transaction content is initiated by the first account; the terminal sends a transaction request message to the transaction processing equipment, and the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message carries transaction result information; the terminal may send a transaction record message to the transaction processing device based on the transaction response message, where the transaction record message may instruct the transaction processing device to store the transaction record carried by the transaction record message onto a blockchain, where the blockchain stores a distributed database of transaction records for the transaction processing device. Therefore, the embodiment of the invention can adopt the credential of the first account to generate the front face, and avoids identity information leakage caused by adopting a long-term private key of the first account to generate a signature in the prior art, thereby protecting the anonymity of the first account.

Description

Transaction processing method and related equipment

\ break 02019/132767

The present application relates to the field of computer technologies, and in particular, to a transaction processing method and related devices.

Background

A blockchain is a distributed database that stores an ordered list of records that includes growing blocks, each block including a timestamp and a link to the previous block. The block chain system comprising the block chain consists of a plurality of common nodes, and each common node stores a complete block chain data and code. The consistency of the blockchain data can be realized through a consensus algorithm between the consensus nodes.

In the blockchain system, transaction records are recorded in a blockchain mode, and the transaction records cannot be modified in a single way, so that the characteristics of data such as non-falsification, non-forgery and the like are guaranteed. However, in a blockchain system, all of the consensus nodes maintain transaction records, each transaction record including a signature of the transaction content, an address of the recipient, and/or a transaction amount in the transaction content. The signature of the transaction content is generated by using a private key of the sender, so that a third party capable of obtaining the transaction record needs to verify by using a public key, and accordingly, the sender of the transaction record is identified.

However, in some business scenarios, for example, in the financial industry, many users do not want third parties other than the transaction parties to learn about the transaction information they have initiated. Therefore, privacy protection of the sender in the blockchain system is an urgent problem to be solved. Disclosure of Invention

The application provides a transaction processing method and related equipment, which can protect the privacy of a sender initiating a transaction in a block chain transaction.

In a first aspect, the present application provides a transaction processing method, in which a terminal may generate first signature information of transaction content according to a credential of a first account, where the transaction content is initiated by the terminal based on the first account, and the credential is generated for the first account by a transaction processing device that processes the transaction content; the terminal receives a transaction response message returned by the transaction processing equipment, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content; the terminal sends a transaction record message to the transaction processing equipment according to the transaction response message, wherein the transaction record message is used for indicating the transaction processing equipment to store the transaction record carried by the transaction record message to a block chain, the block chain is a distributed database for storing the transaction record in the transaction processing equipment, and the transaction record comprises the transaction content, the first signature information and the transaction result information.

The terminal is equipment for logging in by a first account; the first account is a party initiating transaction content and may be referred to as a payer or a sender, etc.

Therefore, the signature information of the transaction content is generated by adopting the credential of the first account number, so that the problem that in the prior art, the signature is generated by using the long-term private key of the first account number, and the identity information of the first account number is revealed because the verification device is required, such as the transaction processing device, to verify the signature by using the long-term public key is avoided, that is, the anonymity of the first account number can be protected.

The first account number is generated by the transaction processing device, so that the first account number cannot repudiate the transaction record once the terminal issues the transaction record to the blockchain based on the first account number, and therefore the privacy of the first account number can be protected, and the characteristic that the transaction record cannot be repudiated on the blockchain can be kept.

The terminal generates first signature information of the transaction content according to the credential of the first account, and the method comprises the following steps: the terminal takes a private key of a first account number, a certificate of the first account number and transaction content as input of a zero-knowledge proof algorithm, and calculates first signature information of the transaction content, wherein the private key comprises a long-term private key or a one-time private key.

The transaction response message is returned when the transaction processing equipment verifies that a first verification result obtained by the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device verifying the transaction record message is passed;

wherein the first verification result and the second verification result both include a verification result of the first signature information; and the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and the verification parameters in the first signature information. If the transaction processing device generates the credential of the first account, the transaction processing device performs verification calculation by using the public key of the transaction processing device and the verification parameter in the first signature information to obtain the verification result of the first signature information. If the management device generates the credential of the first account, the transaction processing device performs verification calculation by using the public key of the management device and the verification parameter in the first signature information to obtain a verification result of the first signature information. Therefore, the implementation mode can avoid the leakage of the identity information of the first account caused by the verification calculation of the long-term public key corresponding to the long-term private key in the prior art.

In addition, when the first verification result is obtained, the verification result of the first signature information is used for indicating whether the first account number is an account number capable of accessing the transaction processing equipment, or an account number issued by the transaction processing equipment, or whether the first account number has a right to access the transaction processing equipment; when the first account number is in the second verification result, the verification result of the first signature information is used to indicate whether the first account number has the right to use the blockchain, that is, whether the transaction record related to the first account number can be stored in the blockchain, optionally, the verification result of the first signature information may be related to an operation related to whether the verification is passed, and the application is not limited.

In a possible implementation manner, the transaction content is initiated by the terminal for the second account based on the first account, that is, the second account may be referred to as a receiver or a payee of the transaction content, or the terminal logging in the second account is the receiver of the transaction content, or the payee of the transaction amount in the transaction content. Thus, the terminal can generate a one-time public key of the second account according to the long-term public key of the second account; the terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account; the one-time public key of the second account is the address of the second account; the certificate is generated by using a private key of the certificate issuing equipment; the transaction request message and the transaction record include a one-time public key of the second account and second signature information.

Correspondingly, the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by performing verification calculation according to the one-time public key of the second account, the public key of the certificate issuing equipment, and the verification parameter in the second signature information.

Similarly, when the first verification result is obtained, the verification result of the second signature information is used to indicate whether the second account is an account capable of accessing the transaction processing device, or an account issued by the transaction processing device, or whether the second account has a right to access the transaction processing device; when the second verification result is obtained, the verification result of the second signature information is used to indicate whether the second account number has the right to use the blockchain, that is, whether the transaction record related to the second account number can be stored in the blockchain, optionally, the function of the verification result of the second signature information may be related to an operation related to whether the verification is passed, and the application is not limited.

As can be seen, in this implementation, the receiving address of the transaction content is a one-time public key, and the third party cannot identify the public key corresponding to the second account (i.e., the receiving party) of the transaction content according to the receiving address; in addition, a third party such as transaction processing equipment can also perform verification calculation by using the one-time public key, the public key of the certificate issuing equipment and the verification parameters in the second signature information to obtain a verification result of the second signature information, and further acquire the related authority of the second account according to the verification result of the second signature information, so that privacy disclosure caused by the fact that a hash value of a long-term public key of the second account is adopted as an address in the prior art can be avoided.

In a possible implementation manner, the terminal can obtain the ciphertext of each input amount and the ciphertext of each output amount; the terminal calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount; the terminal generates third signature information of the transaction content according to the ciphertext of the difference value; wherein the transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, and the verification result of the third signature information is used for indicating whether the total input amount is equal to the total output amount.

Therefore, the transaction content of the application does not need to carry the plain text of each input amount and each output amount, and a verifier such as a transaction processing device can verify whether the total input amount is equal to the total output amount according to the verification parameters in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, so that the correctness of the transaction is obtained. Thereby helping to protect the privacy of the transaction amount.

The cipher text of each input amount and the cipher text of each output amount are obtained by adopting an addition homomorphic encryption algorithm. The addition homomorphic encryption algorithm is to add the encrypted data to obtain an output, decrypt the output, and obtain the same result as the output obtained by processing the unencrypted original data. Therefore, the terminal does not need plaintext, but can obtain the ciphertext of the total input amount and the ciphertext of the total output amount by using the ciphertext of each input amount and the ciphertext of each output amount, and can also obtain the ciphertext of the difference value between the total input amount and the total output amount.

It can be seen that the above possible implementations may protect the privacy of the first account number (i.e., payer or sender), the second account number (payee or receiver), or the transaction amount. In other implementations, the terminal may set privacy of any one or more of the payer, the payee, and the transaction amount according to the service requirement of the user, and accordingly, any one or more of the three possible implementations may be adopted to implement privacy protection.

In a possible implementation manner, the transaction content may include a ciphertext of each input amount and a ciphertext of each output amount; in addition, the encryption key of the ciphertext of each input amount and the encryption key of the ciphertext of each output amount is a public key of an account approved by a third party.

Therefore, the third party audit account can decrypt the ciphertext of each input amount and the ciphertext of each output amount by using the private key of the third party audit account, so that an auditor with the third party audit account can audit the transaction amount in the transaction content. And because the transaction content contains the ciphertext of the transaction amount instead of the plaintext, and the ciphertext of the transaction amount is obtained by encrypting the public key of the third party audit account number, only an auditor of the third party audit account number can see the transaction amount except for both transaction parties, thereby being beneficial to protecting the privacy of the transaction amount and facilitating the audit work of the auditor. In a possible implementation manner, the terminal may generate an identifier of each input amount according to the one-time private key of the first account; the transaction request message and the transaction record also comprise the identification of each input amount, and the identification of each input amount is used for preventing each input amount from being consumed for the second time. For example, if the identified transaction record with the input amount already exists in the blockchain, the transaction processing device finds the identifier I with the input amount again when verifying the transaction content, and then the transaction processing device may determine that the transaction is a secondary consumption and the verification fails. As can be seen, the implementation may utilize the identification of each input amount to prevent secondary consumption of the input amount.

In a possible implementation manner, the terminal may further generate fourth signature information of the transaction content according to the identifier of each input amount, the transaction request message and the transaction record further include the fourth signature information, the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation by the transaction processing device according to the identifier of each input amount and a verification parameter in the fourth signature information, and the verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct. Therefore, if the identification of the input amount is incorrect, the verification result of the fourth signature information is also failed, and further secondary consumption of the input amount is avoided.

In a possible implementation manner, the terminal may encrypt the one-time public key of the first account according to the public key of the third party audit account to obtain a ciphertext of the one-time public key; correspondingly, the transaction request message and the transaction record can also include the cryptograph of the one-time public key. Therefore, the auditor with the third-party audit account number can decrypt the ciphertext of the one-time public key by using the private key of the auditor to obtain the one-time public key, so that the identity information of the first account number can be obtained, and the auditor can conveniently audit. For example, the first transaction is initiated by an account number, the receiver is an account number I), the second transaction is initiated by the account number, the receiver is the account number ^ after the auditor obtains the one-time public key of the account number according to the implementation mode, the auditor can also obtain the first transaction in which the account number 1. For another example, in combination with the implementation manner below, the terminal of the account may use a third party to audit the public key of the account to generate the ciphertext of the long-term public key of the account, and the auditor may obtain the ciphertext of the long-term public key of the account I.

In a possible implementation manner, the terminal may further generate fifth signature information of the transaction content according to the ciphertext of the one-time public key obtained in the above implementation manner, and accordingly, the transaction request message and the transaction record further include the fifth signature information, the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation by the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account number is correct.

In a possible implementation manner, the terminal may further encrypt the long-term public key of the second account according to a public key of a third party audit account to obtain a ciphertext of the long-term public key of the second account; correspondingly, the transaction request message and the transaction record also include the ciphertext of the long-term public key. Therefore, an auditor with the third-party audit account can decrypt the ciphertext of the long-term public key by using the private key of the auditor to obtain the long-term public key of the second account, so that the identity information of the second account is obtained, and the auditor can audit conveniently.

In a possible implementation manner, the terminal may further generate sixth signature information of the transaction content according to a ciphertext of the long-term public key of the second account; correspondingly, the transaction request message and the transaction record further include the sixth signature information; the first verification result and the second verification result further include a verification result of the sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether the ciphertext of the long-term public key of the second account number is correct.

In one possible implementation manner, the obtaining, by the terminal, the credential of the first account may include: the terminal sends a credential request message to a transaction processing device, wherein the credential request message comprises the one-time public key of the first account number and/or a cryptograph of a transaction amount of the first account number; and the terminal receives a credential response message returned by the transaction processing device, wherein the credential response message comprises a credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account.

In a possible implementation manner, the terminal may apply for the credential of the second account while applying for the credential of the first account to the transaction processing device, so that the second account may directly use the credential to protect the anonymity of the second account when using the transaction amount, for example, the implementation manner of the first aspect is adopted to protect the anonymity of the second account when the second account is used as a payment account.

That is to say, in the above implementation manner, the credential request message may further include a one-time public key of the second account and/or a cryptograph of a transaction amount that the second account has; correspondingly, the credential response message may further include the credential of the second account; the credential of the second account is generated by the management device according to the one-time public key of the first account and/or the cryptograph of the transaction amount of the first account, and the transaction request message and the transaction record further include the credential of the second account. Thus, the second account number can be used as a payment account number to protect the anonymity of the second account number when the transaction amount is used.

In a possible implementation manner, the credential of the second account may also be applied by the second account itself, for example, before the second account uses the transaction amount, the applying for the credential to the management device may specifically include: the terminal registered with the second account number can send a credential request message to the management device, wherein the credential request message includes a one-time public key of the second account number and/or a cryptograph of a transaction amount of the second account number; and receiving a credential response message returned by the management device, wherein the credential response message comprises a credential of the first account, and the credential of the first account is generated by the management device according to the one-time public key of the first account and/or the cryptograph of the transaction amount of the first account.

In a possible implementation manner, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information, or the sixth signature information may all be signatures certified by zero knowledge, that is, the signature information generation method may employ a zero knowledge certification algorithm. The zero-knowledge proof algorithm is that a prover performs a series of mathematical calculations on useful information to be kept secret to obtain a signature, wherein the signature is a series of verification parameters, and the series of verification parameters do not include the useful information to be kept secret; the verifier can perform a series of verification calculations by using the series of verification parameters, and can verify the conclusion of the prover for the useful information according to the result of the verification calculations, that is, verify whether the conclusion of the prover is correct, which is generally the conclusion that the prover can know the useful information to be kept secret. Therefore, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information or the sixth signature information can be verified by using a zero knowledge proof algorithm to obtain a verification result, and the verification calculation process only needs to use the signature information and the verification parameters, so that the leakage of useful information is avoided, and the privacy of the first account number, the second account number, the transaction amount and the like in each implementation mode is protected. In a second aspect, the present application further provides a transaction processing method, in the transaction processing method, a transaction processing device receives a transaction request message sent by a terminal, where the transaction request message includes transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to a credential of the first account; the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content; the transaction processing equipment receives a transaction record message sent by the terminal according to the transaction response message; the transaction processing device stores the transaction record carried in the transaction record message to a blockchain, the blockchain is a distributed database for storing the transaction record in the transaction processing party, and the transaction record comprises the transaction content, the first signature information and the transaction result information.

In the application, the first signature information is generated according to the credential of the first account, so that the problem that in the prior art, a signature is generated by using a long-term private key of the first account, and a verification device, such as a transaction processing device, is required to verify the signature by using a long-term public key, so that the identity information of the first account is revealed is avoided, that is, the anonymous nature of the first account can be protected.

Before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further includes: the transaction processing equipment verifies the transaction request message to obtain a first verification result; when the first verification result is passed, the transaction processing equipment operates the transaction content to obtain transaction result information; the method further comprises the following steps: the transaction processing equipment verifies the transaction record message to obtain a second verification result; and when the second verification result is that the transaction record carried by the transaction record message is passed, the transaction processing equipment executes the step of storing the transaction record carried by the transaction record message on a block chain.

The first verification result and the second verification result both comprise verification results of the first signature information; the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation by using the own public key and the verification parameter in the first signature information. Therefore, the transaction processing device can verify the first signature information of the transaction content according to the public key of the transaction processing device, and the verification by adopting the public key of the first account number is not needed as in the prior art, so that a third party cannot know the public key of the first account number, and the privacy of the first account number is protected.

The verifying the first signature information of the transaction content by the transaction processing device may include: and the transaction processing equipment performs verification calculation by using a zero-knowledge proof algorithm according to the verification parameters in the first signature information and the public key of the transaction processing equipment, so as to obtain a verification result of the first signature information.

In a possible implementation manner, the transaction content is initiated by the terminal based on the first account number with respect to the second account number, that is, the first account number may be an account number possessed by a sender or a payer of the transaction content, and the second account number may be an account number possessed by a receiver or a payee of the transaction content. The transaction request message and the transaction record may further include second signature information and a one-time public key of a second account number, where the one-time public key of the second account number is a receiving address of the transaction content, or may also be referred to as an address of a receiver or a payee of the transaction content. Correspondingly, the first verification result and the second verification result may further include a verification result of second signature information, where the verification result of the second signature information is obtained by the transaction processing device through verification calculation according to the one-time public key of the second account, the public key of the certificate issuing device, and the verification parameter in the second signature information.

As can be seen, in this implementation, the receiving address of the transaction content is a one-time public key, and the third party cannot identify the public key corresponding to the second account of the transaction content according to the receiving address. In addition, the transaction processing device uses the receiving address to verify the second signature information, and knows whether the second account number has the condition of storing the transaction record on the block chain, namely, the condition of verifying the admittance qualification of the second account number. Compared with the prior art that the hash value of the long-term public key of the second account is used as the receiving address, the implementation method can protect the privacy of the second account.

In a possible implementation manner, the transaction request message and the transaction record may further include third signature information, a ciphertext of each input amount, and a ciphertext of each output amount, and correspondingly, the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation by the transaction processing device according to the verification parameter in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount, and the verification result of the third signature information is used to indicate whether the total input amount in the transaction record is equal to the total output amount.

Therefore, the transaction content does not need to carry the plain texts of each input amount and each output amount, and even the transaction content does not need the cipher texts of each input amount and each output amount, and the verifier, such as the transaction processing equipment, can verify whether the total input amount is equal to the total output amount according to the third signature information, namely, the correctness of the transaction is obtained. Thereby helping to protect the privacy of the transaction amount.

In a possible implementation manner, the transaction content further includes a ciphertext of each input amount and a ciphertext of each output amount, and in addition, an encryption key of the ciphertext of each input amount and the ciphertext of each output amount is a public key of the third party auditing the account. In this way, the auditor with the third-party audit account can decrypt the ciphertext of each input amount and the ciphertext of each output amount by using the private key of the auditor to obtain the plaintext of each input amount and the plaintext of each output amount. Because the ciphertext is encrypted by the public key of the third party audit account number, only the private key of the third party audit account number can be decrypted, thereby being beneficial to protecting the privacy of the transaction amount and facilitating the audit of an auditor.

In a possible implementation manner, the transaction request message and the transaction record may further include an identifier of each input amount, where the identifier of each input amount is used to prevent each input amount from being consumed again. For example, if the transaction record with the identifier 1 ″ of the input amount already exists in the blockchain, the transaction processing device finds the identifier with the input amount again when verifying the transaction content, and can determine that the input amount is secondary payment and the verification fails. As can be seen, the implementation may utilize the identification of each input amount to prevent secondary spending of the input amount.

In a possible implementation manner, the transaction request message and the transaction record further include fourth signature information, and correspondingly, the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation by the transaction processing device according to the identifier of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used to indicate whether the identifier of each input amount is correct; therefore, if the identification of the input amount is incorrect, the verification result of the fourth signature information is also failed, and further secondary consumption of the input amount is avoided.

In a possible implementation manner, the transaction request message and the transaction record may further include a ciphertext of the one-time public key of the first account, where an encryption key of the ciphertext of the one-time public key of the first account is a public key of the third party audit account. Therefore, the auditor with the third-party audit account number can decrypt the ciphertext of the one-time public key by using the private key of the auditor to obtain the one-time public key, so that the identity information of the first account number is obtained, and the auditor can conveniently audit.

In a possible implementation manner, the transaction request message and the transaction record may further include fifth signature information, and correspondingly, the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation by the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used to indicate whether the ciphertext of the one-time public key of the first account number is correct.

In a possible implementation manner, the transaction request message and the transaction record further include a ciphertext of a long-term public key of a second account, where an encryption key of the ciphertext of the long-term public key of the second account is a public key of the third party audit account. Therefore, the auditor with the third-party audit account number can decrypt the ciphertext of the long-term public key by using the private key of the auditor to obtain the long-term public key of the second account number, so that the identity information of the second account number is obtained, and the auditor can audit conveniently.

In a possible implementation manner, the transaction request message and the transaction record further include the sixth signature information; the first verification result and the second verification result further comprise a verification result of sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing equipment according to the verification parameters in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether the ciphertext of the long-term public key of the second account number is correct or not.

Additionally, the credentials of the first account number may be generated by: the transaction processing equipment receives a credential request message sent by the terminal, wherein the credential request message comprises the one-time public key of the first account number and/or a cryptograph of a transaction amount of the first account number; the transaction processing device generating credentials for the first account number according to the credential request message; and the transaction processing equipment sends a credential response message to the terminal, wherein the credential response message carries the credential of the first account.

In a possible implementation manner, the terminal may apply for the credential of the second account while applying for the credential of the first account, so that the second account may directly use the credential to protect the anonymity of the terminal when using the transaction amount. That is, the credential request message further includes the one-time public key of the second account number and/or a cryptograph of a transaction amount that the second account number has; the transaction processing device may further generate a credential of a second account according to the credential request message, where the credential response message further includes the credential of the second account; the transaction request message and the transaction record may also include credentials for the second account number.

In one possible implementation, the credential of the second account number may also be applied by the second account number itself, for example, before the second account number is to use the transaction amount, the credential is applied to the management device.

In a possible implementation manner, the first signature information, the second signature information, the third signature information, the fourth signature information, the fifth signature information, or the sixth signature information may all be signatures certified by zero knowledge, that is, the signature information may be verified by using a zero knowledge certification algorithm, and the verification process may be verified only by using the signature information and system parameters, so that the disclosure of key information in the transaction is avoided, and the privacy of the first account number, the second account number, the transaction amount, and the like in each implementation manner is protected.

In a third aspect, the present application further provides a terminal, where the terminal has a function of implementing the terminal in the foregoing implementation method. The functionality may be implemented by hardware, for example comprising a processor and a transceiver, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules may be software and/or hardware.

In a fourth aspect, the present application further provides a transaction processing device, where the transaction processing device has a function of implementing the transaction processing device in the implementation method. The functionality may be implemented by hardware, for example comprising a processor and a transceiver, or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules may be software and/or hardware. The processor and the transceiver can process messages sent by a plurality of terminals in the implementation method and execute the transaction processing method described in the implementation method.

In a fifth aspect, the present application further provides a transaction processing device, which includes at least one textbook module, a consensus module, a submission module, and a management module;

the endorsement module is used for receiving a transaction request message sent by a terminal, wherein the transaction request message comprises transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to the credential of the first account;

the endorsement module is further used for returning a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content; the consensus module is used for receiving the transaction record message sent by the terminal according to the at least one transaction response message, sequencing the transaction records carried by the transaction record message and the transaction records received from other terminals according to the receiving time, generating a block comprising the transaction records, and submitting the block to the submitting module; the submitting module is used for receiving the blocks and storing the transaction records on a block chain in the form of the blocks; the management module of the transaction processing device is used for generating the credential of the first account according to the private key of the management module, the one-time public key of the first account and/or the ciphertext of the transaction amount.

In a sixth aspect, the present application further provides a transaction processing system, where the transaction processing system may include a terminal and a transaction processing device, and the terminal may execute the transaction processing method provided in the first aspect, or any one or more of possible implementations of the first aspect; the transaction processing device may perform the transaction processing method provided by the second aspect above, or the second aspect may be any one or more of the implementations.

In a seventh aspect, the present application further provides a computer-readable storage medium, where a program code for implementing the transaction processing method provided in the first aspect, or any one or more of the possible implementations of the first aspect, is stored on the readable storage medium, and the program code includes an execution instruction for executing the transaction processing method provided in the first aspect, or any one of the possible implementations of the first aspect.

In an eighth aspect, the present application further provides a computer-readable storage medium, on which a program code for implementing the transaction processing method provided in the second aspect, or any one or more of the possible implementations of the second aspect, is stored, where the program code includes execution instructions for executing the transaction processing method provided in the second aspect, or any one of the possible implementations of the second aspect. Drawings

FIG. 1 is a schematic diagram of a transaction processing system;

FIG. 2 is a flow chart illustrating a transaction processing method provided by the blockchain system shown in FIG. 1; fig. 3 eight is a schematic structural diagram of a transaction processing system according to an embodiment of the present invention;

FIG. 38 is a block diagram of another exemplary transaction processing system in accordance with an embodiment of the present invention;

FIG. 30 is a block diagram of another exemplary transaction processing system, according to an embodiment of the invention;

FIG. 4 is a flow chart illustrating a transaction processing method according to an embodiment of the invention;

FIG. 5 is a schematic flow chart diagram of another transaction processing method provided by an embodiment of the invention; FIG. 6 is a flow chart illustrating another transaction processing method according to an embodiment of the invention;

FIG. 7 is a schematic flow chart diagram illustrating another transaction processing method according to an embodiment of the invention;

FIG. 8 is a schematic diagram of a user interface provided by an embodiment of the invention;

fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention;

FIG. 11 is a schematic diagram of another transaction processing device according to an embodiment of the invention;

fig. 12 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described in detail below with reference to the accompanying drawings in the embodiments of the present invention.

Currently, a blockchain is a distributed database that includes an increasing number of ordered lists of records, called blocks, that is, each block includes transaction records sorted by time within a preset time period. Wherein each tile contains a timestamp that generated the tile and a link to the previous tile.

For example, please refer to fig. 1, fig. 1 is a schematic structural diagram of a transaction processing system, and the transaction processing system shown in fig. 1 includes a terminal, an endorsement node Endorsing peer, a consensus node order peer, and a submission node Committing peer. The terminal is a terminal for logging in a payment account, can also be called a payer or a sender, and can initiate a transaction; the endorsement node, the consensus node and the submission node can be respectively located in different servers, can also be located in the same server, and can also be deployed on a cloud platform to execute related functions, so that the endorsement node, the consensus node and the submission node are collectively called a transaction processing system.

The terminal is used for initiating a transaction and obtaining transaction content, a signature aiming at the transaction content, an address of a payee, a certificate of a payer and a certificate of the payee.

And the endorsement node is used for verifying the transaction request message initiated by the payer, simulating the operation of transaction content when the verification is passed, obtaining a transaction result and generating a signature aiming at the transaction result. For example, the endorsement node may verify the payer's signature for the transaction content, the payer's and payee's certificates, the payee's address, and the like.

The consensus node is used for executing a consensus algorithm, and in addition, the consensus node can obtain a plurality of transaction records submitted by a plurality of terminals and sort the transaction records according to the submission time to obtain an ordered transaction record list, wherein the ordered transaction record list is called a block.

And the submitting node is used for verifying the signature of the payer and the signature of the endorsement node in each transaction record in the block, and storing each transaction record in the block on the block chain when the verification is passed. For example, the submitting node verifies whether the transaction record satisfies a preset condition for each transaction record in the block, and if the preset condition is satisfied, the verification is passed, and the corresponding transaction record can be stored on the block chain. Wherein, the preset condition may be: each transaction record needs to have at least ten signatures of endorsement nodes and corresponding transaction results, and the transaction results corresponding to the signatures are consistent.

In addition, after the transaction record is stored on the block chain, the payee can determine whether the payee in the transaction record is the payee according to the private key of the payee and the address of the payee in the transaction record when receiving the money.

For example, referring to fig. 2, fig. 2 is a flow chart illustrating a transaction processing method provided based on the blockchain system shown in fig. 1, where the transaction processing method may include the following steps: \ break 02019/132767

201. The terminal generates a signature of the transaction content by using a private key of the payment account, acquires a certificate of the payment account and the collection account, and generates a receiving address of the collection account according to a public key of the collection account;

the certificate of the withdrawal account and the collection account is generated by a certificate authority according to public keys of the payment account and the collection account and used for verifying whether the payment account and the collection account are qualified to use the block chain system, namely whether the payment account and the collection account are qualified to be allowed. The collection account number can verify whether the receiving address is itself based on the way that its public key generates a hash value.

202. The terminal sends a transaction request message to at least one endorsement node;

203. each endorsement node in the at least one endorsement node can verify the transaction request message, and when the verification is passed, the transaction content is simulated to run to obtain transaction result information;

204. and each endorsement node in the at least one endorsement node respectively returns a transaction response message to the terminal.

The transaction response message carries corresponding transaction result information.

Wherein each endorsement node validating the transaction request message may comprise the steps of:

the endorsement node verifies the signature of the transaction content, namely the endorsement node verifies the signature of the transaction content by using the public key of the payment account, if the verification is passed, the transaction is initiated by the payment account, so that the non-repudiation of the payment account is ensured;

I) the endorsement node verifies the certificates of the payment account and the collection account, i.e. the endorsement node checks whether the certificates of the payment account and the collection account are certificate authorities

The issued certificate indicates that the payment account number and the collection account number have the qualification of executing the transaction, namely indicates that the payment account number and the collection account number have the admittance qualification;

the endorsement node verifies the address of the payee, wherein the certificate of the payee is the public key of the payee, so the hash value of the returned public key can be obtained to verify whether the address is consistent with the address of the payee, if so, the verification is passed, otherwise, the verification is not passed.

If the verification of the step 3, the verification of the step I) and the verification of the step I) are passed, the endorsement node can simulate to operate the transaction content to obtain transaction result information. The transaction result information comprises a transaction result and a signature of the transaction result generated by the endorsement node by using a private key of the endorsement node.

For example, if the transaction content is a certain amount of transaction amount paid by the payer to the payee, the endorsement node simulates the transaction content to be executed, and the obtained transaction result is that the amount owned by the payer is less than the amount owned by the payer and the amount owned by the payee is more than the amount owned by the payee.

The terminal can simultaneously send the transaction request message to the endorsement nodes, correspondingly, can obtain the transaction response messages returned by the endorsement nodes, and can obtain a plurality of signatures and a plurality of corresponding transaction results according to the transaction response messages.

205. And the terminal receives the transaction response message returned by the endorsement node and sends a transaction record message to the consensus node.

The transaction record message carries a transaction record, and the transaction record comprises transaction content, a signature of the transaction content, a certificate of a payment account number and a collection account number, and at least one piece of transaction result information.

206. The consensus node receives the transaction record message, sorts the transaction records carried by the transaction record message sent by the terminal and the transaction records sent by other terminals according to time, generates a block comprising an ordered transaction record list, and sends the block to the submitting node;

207. the commit node receives the block and validates each transaction record in the block, and when validated, \\ tear 02019/132767.

The method for verifying each transaction record in the block by the submitting node is the same, and therefore, the transaction record in the transaction record message sent by the terminal is verified by the submitting node as an example for explanation. The submitting node verifying transaction record mainly comprises the following steps: the submitting node verifies the signature of the transaction content according to the public key of the payment account; the submitting node verifies the signature of the corresponding transaction result according to the public key of the endorsement node; the submitting node verifies whether the transaction result information in the transaction record meets a preset condition, for example, the preset condition is that the transaction record needs to have at least ten signatures of endorsement nodes and corresponding transaction results, and the transaction results corresponding to the signatures are consistent. Thus, when all verifications are passed, the submitting node may store the transaction record on the blockchain. Specifically, the transaction record is stored in the form of a block generated by the consensus node on the blockchain, the timestamp of the block is the time when the block is generated by the consensus node, and the link pointing to the previous block in the block is the number determined according to the previous block.

It can be seen that in the transaction processing method shown in fig. 2, the signature of the transaction content is obtained according to the private key of the payment account, and the verifying party can verify the signature by using the public key of the payment account, and when the verification passes, confirm that the transaction content is originated by the payment account, thereby avoiding repudiation of the payment account. In the transaction processing method shown in fig. 2, the signature of the transaction content is generated by using the private key of the payment account, so that the verifier needs to know the public key of the payment account to verify the signature, so as to prevent the payment account from repudiating the transaction content. This results in that any third party, except the two parties of the transaction, who owns the public key of the payment account can recognize all transactions initiated by the payment account, and the identity anonymity of the payment account cannot be protected.

In addition, in fig. 2, the receiving address of the transaction content is a hash value of the public key of the collection account, and the verifier verifies that the qualification of the collection account for accessing the blockchain system is also determined according to the certificate of the collection account, so that once the third party knows the public key of the collection account, the third party can identify the transaction corresponding to the collection account, and the identity anonymity of the collection account cannot be protected.

In addition, in order to enable the verifying party to verify whether the transaction amount is correct, the transaction content also needs to carry the transaction amount, so that a third party can know the transaction amount between the payment account and the collection account. For example, whether the transaction input amount is equal to the transaction output amount or not avoids illegal transactions caused by the fact that the transaction input amount owned by the payment account is smaller than the transaction output amount.

As can be seen, in fig. 2, except for both transaction parties, third parties such as an endorsement node, a consensus node, and a submission node all need to know the public key of the payment account, the public key of the collection account, and the transaction content, and knowing the public keys of the payment account and the collection account is equivalent to knowing the identity information of the payer and the payee, which results in that the privacy of the payer, the payee, and the transaction amount in the transaction is not protected.

To solve the problem, embodiments of the present invention provide a transaction processing method, which can select to protect privacy of a payer, a payee, and/or a transaction amount according to service settings.

To facilitate an understanding of embodiments of the present invention, a related concept or terminology will be first set forth.

In the embodiment of the invention, the signature refers to a digital signature, or signature information of digital information, such as signature information or signature of transaction content; the digital signature is a common physical signature similar to that written on paper, is realized by using the technology in the field of public key cryptography, and is used for identifying digital information. The digital signature applies the one-way function principle used in the field of public key cryptography to generate a long-term public key and a long-term private key. The one-way function is a function that is very simple in forward operation and very difficult in reverse operation. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification; for example, the signer may compute a function using the private key and the digital information to generate a signature of the digital information; in a verification operation, the verifier may perform a calculation with the corresponding public key, the digital information, and the signature to determine whether the signature is correct.

In the embodiment of the invention, the first account is an account initiating transaction content and can be called a payment account or a payment account; the second account number is an account number for the transaction content initiated by the first account number, that is, the second account number may be a recipient of the transaction content and may be referred to as a collection account number; correspondingly, the first account number may also be referred to as a collection account number and the second account number may also be referred to as a payment account number in other transactions.

Correspondingly, the terminal for logging in the first account is the terminal in fig. 3A to 3D, and the terminal may be referred to as a payment terminal; the terminal that logs in the second account may be referred to as a payee terminal, which is not shown in fig. 3A to 3D.

Before executing the transaction processing method, the terminal may select to execute a corresponding transaction processing method according to a privacy protection manner selected by a user of the first account on the terminal logging in the first account, for example, selecting privacy of any one or more of the first account, the second account, and a transaction amount in transaction content.

For example, referring to fig. 8, fig. 8 is a schematic view of a user interface according to an embodiment of the present invention, as shown in fig. 8, the schematic view takes a mobile phone as an example, a plurality of payment account numbers may be included, and a user selects a payment account number to be used in the transaction from the payment account numbers in an input manner of a terminal; the user may also input the collection account and the amount of money to be paid of the recipient in the user interface by an input method of the terminal, and select an option requiring privacy protection in the user interface, as shown in fig. 8, to select privacy protection of the payment account. Optionally, in the embodiment of the present invention, the terminal receives a payment account input for the user interface or a selected payment account, a selected collection account, an amount, and a selected privacy protection option; the terminal performs the operations associated in the following embodiments according to the selected privacy protection option, and completes the payment process, i.e., completes the transaction process.

Alternative embodiments are detailed below. Example one

In order to protect the privacy of the payment account, the embodiment of the present invention provides a transaction processing method based on the transaction processing system shown in fig. 3A or fig. 3B, which can protect the privacy of the payment account. As shown in fig. 3A or fig. 3B, the transaction processing system at least includes at least one terminal and at least one transaction processing system, and the at least one terminal may respectively log in at least one payment account, which may also be referred to as a first account in the embodiment of the present invention, wherein in the transaction processing method, a processing procedure of a transaction initiated by each terminal to the logged-in payment account is the same. Each transaction processing system of the at least one transaction processing system is also configured to process transactions submitted by the terminals, each transaction processing system may be maintained by a respective institution, for example, in a corporate chain of the financial industry, and each bank may be configured to maintain a transaction processing system for processing transactions submitted by the terminals registered by the bank's user account; each transaction processing system at least comprises at least one endorsement node, a consensus node and a submission node, and the at least one endorsement node, the consensus node and the submission node have the same functions as the endorsement node, the consensus node and the submission node in the blockchain system shown in the figure 1.

In the transaction processing system shown in fig. 3A, each transaction processing system may further include a management node Group Manager, and in the transaction processing system shown in fig. 3B, the endorsement node may further execute the function of the management node. That is to say, the management node may be a node independent from the transaction processing system, may also be a node combined with a certificate issuing node of a certificate authority, and may also be a node combined with an endorsement node in the transaction processing system, where the management node is configured to generate a credential for the payment account to protect the identity privacy of the payment account.

In the embodiment of the invention, each transaction processing system can be a server which executes the functions of all nodes in the transaction processing system; each transaction processing system may also be a plurality of servers, for example, each node corresponds to one server to perform a corresponding function, and since the interaction among the endorsement node, the consensus node and the submission node in the transaction processing system in the embodiment of the present invention is similar to that in the prior art, the transaction processing system is referred to as a transaction processing device in the embodiment of the present invention, and the transaction processing device performs the function of each node; accordingly, since the interaction process between each terminal and the transaction processing device is the same, as shown in fig. 3C, the transaction processing system shown in fig. 3A is abstracted to a system including one terminal, one transaction processing device, and one management device; accordingly, as shown in fig. 3D, the transaction processing system shown in fig. 3B is abstracted to a system including a terminal and a transaction processing device, where in fig. 3D, the transaction processing device may further perform a function of a management device to generate a credential for a payment account to protect the identity privacy of the payment account.

In addition, in the embodiment of the present invention, the collection account is collectively referred to as a second account, and the terminal that logs in the collection account may also be referred to as a receiver or a receiver.

In the embodiment of the invention, when the terminal generates the signature information of the transaction content, the signature information of the transaction content is generated by using the evidence of the payment account instead of using the private key of the payment account. Thus, even a third party having the public key of the payment account cannot recognize that the signature information is generated by the terminal in which the payment account is registered; correspondingly, when verifying the signature information of the transaction content, the verifier, such as the endorsement node and the submission node, does not use the public key of the payment account to verify, but uses the public key of the management device generating the credential to verify, so that the public key of the payment account is prevented from being known by the verifier or any third party in the whole transaction processing process, and the privacy of the payment account is effectively protected.

For convenience of the following description, the signature information of the transaction content generated by the credential of the payment account is referred to as first signature information in the embodiments of the present invention.

In the embodiment of the invention, the terminal can send the content of the payment account needing privacy protection to the management device, and the management device generates the credential for the payment account according to the content needing privacy protection. For example, the management device generates the credentials of the payment account from the one-time public key of the payment account and/or the owned transaction amount.

Since the credential is issued by the management device for the payment account, the payment account cannot repudiate the transaction content once the signature of the transaction content is generated by the payment account using the credential. Thus, the privacy of the payment account number can be protected while maintaining non-repudiation of the transaction content.

In some embodiments, the terminal obtaining the credentials of the payment account may include the steps of:

11) The terminal sends a credential request message to a management device, wherein the credential request message comprises the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account;

12) and the terminal receives a credential response message returned by the management device, wherein the credential response message comprises the credential of the first account, and the credential of the first account is generated by the management device according to the one-time public key of the first account and/or the cryptograph of the transaction amount of the first account.

For example, the terminal will pay the one-time public key 0tpk of the account number Alice_AiieeSubmitting the data to a management device, wherein the management device is based on the private key ^ a = a and the random number X of the management device_iceThe credential generated for Alice is (a Alice, XAlice), where:

wherein the content of the first and second substances,_gl、 g₂and h is a system parameter.

For another example, the terminal sends the amount of money C owned by the payment account Alice and the one-time public key 0tpk_AiiceSubmitting to a management device, wherein the management device is used for providing a random number X and a private key gs/c = ir of the management device_AiiceThe createntry generated for Alice is (AA)_lice， ^A_lice) Wherein.

For another example, the terminal only sends the amount of money C owned by the payment account to the management device, and then the management device generates otpk in the credential generated by the payment account Alice_MiceEqual to 1.

Compared with the transaction processing method shown in fig. 2, the transaction processing method in the embodiment of the present invention is different in that, in the embodiment of the present invention, the terminal generates the first signature information of the transaction content according to the credential of the payment account, and correspondingly, the transaction processing device verifies the transaction request message to obtain a first verification result; and the transaction processing equipment verifies the transaction record message to obtain a second verification result, wherein the first verification result and the second verification result both comprise the verification result of the first signature information, and the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the management equipment and the verification parameters in the first signature information.

Specifically, as shown in fig. 4, the transaction processing method according to the embodiment of the present invention may include the following steps:

5301. the terminal generates first signature information of transaction content according to a credential of a first account, wherein the transaction content is initiated by the terminal based on the first account, and the credential is generated for the first account by using a private key of the terminal according to the management equipment;

when the terminal generates the first signature information of the transaction content according to the credential of the first account, it is further required to determine whether to generate the first signature information according to the one-time private key and the credential of the first account or generate the first signature information according to the address of the one-time public key or the address of the hash value of the long-term public key, which is used when the first account is used as a payee to receive the transaction amount; that is, when the first account is used as an address of the one-time public key when the payee receives the amount to be consumed, and the first account is used as the payer to consume the amount, step S301 is that the terminal generates the first signature information of the transaction content according to the one-time private key and the credential of the first account; when the first account number is used as an address of a hash value of the long-term public key when the payee receives the amount to be consumed, and the first account number is used as a payer to consume the amount, step S301 is that the terminal generates first signature information of the transaction content according to the long-term private key and the credential of the first account number.

5302. The terminal sends a transaction request message to the transaction processing equipment, wherein the transaction request message comprises the first signature information and the transaction content;

5303. the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises the transaction result information;

the transaction result information may be a plurality of transaction result information, and the plurality of transaction result information may be obtained by simulating the operation of the transaction content by the plurality of endorsement nodes in the transaction processing device, respectively.

Before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further comprises: the transaction processing equipment verifies the transaction request message to obtain a first verification result; and when the first verification result is passed, the transaction processing equipment operates the transaction content to obtain transaction result information.

8304. The terminal sends a transaction record message to the transaction processing equipment according to the transaction response message;

8305. the transaction processing device stores the transaction record carried by the transaction record message onto the blockchain.

The transaction processing equipment verifies the transaction record message to obtain a second verification result; when the second verification result is a pass, the transaction processing device executes 305 the step of storing the transaction record carried by the transaction record message on the blockchain.

Wherein the transaction record includes the transaction content, the first signature information, and the transaction result information;

the first verification result and the second verification result both comprise verification results of the first signature information, and the verification results of the first signature information are obtained by the transaction processing equipment through verification calculation according to the public key of the management equipment and the verification parameters in the first signature information.

It should be noted that although steps 8301 to 8305 do not refer to the second account number and the related processing steps of the transaction amount, in order to implement the transaction processing method, a person skilled in the art may combine the related processing steps of the second account number and the transaction amount described in the embodiment of the present invention or the related processing steps of the second account number and the transaction amount in the prior art as shown in fig. 2 to verify the admittance eligibility of the second account number, the correctness of the transaction amount, and the admittance eligibility of the first account number. For example, assuming that only the anonymity of the first account number is protected, and the second account number and the transaction amount both adopt the processing method in the prior art, except that the terminal generates the first signature information, the transaction content also needs to carry a plaintext of the input amount and a plaintext of the output amount so that the transaction processing device verifies the accuracy of the transaction; meanwhile, the transaction content also needs to carry a certificate of a general meaning of the second account number (i.e., a long-term public key of the second account number, which is different from the certificate which is generated by using the long-term public key of the second account number and can be subjected to zero knowledge certification in the second embodiment) so that the transaction processing device verifies the admittance qualification of the second account number, and meanwhile, the receiving address of the transaction content, i.e., the address of the second account number, is a hash value of the long-term public key of the second account number, so that the first verification result also includes a verification result of the transaction processing device on the transaction amount and a verification result of the certificate of the second account number.

The admission eligibility of the first account number or the admission eligibility of the second account number is obtained according to the verification result of the first signature information or the second signature information, and specifically, the admission eligibility refers to whether the first account number and the second account number have the permission to use the block chain, whether the first account number and the second account number can access the transaction processing equipment, whether the first account number and the second account number issue the account number for the transaction processing equipment, and the like, and can be defined according to whether the verification result passes the related operation after the verification result passes. For example, when the verification result of the first signature information is in the first verification result, the verification result of the first signature information is used for indicating whether the first account number can access the transaction processing device; and when the verification result of the first signature information is in the second verification result, the verification result of the first signature information is used for indicating whether the first account number has the authority of using the block chain.

In the embodiment of the invention, the first signature information is a zero-knowledge proof signature, namely, the terminal can generate the first signature information of the transaction content by using a zero-knowledge proof algorithm according to the evidence of the payment account number. Correspondingly, a verifier, such as a transaction processing device, can utilize the public key p ≥ of the management device_CTo verify the first signature information of the zero-knowledge proof. The zero-recognition certificate is that a certifier performs a series of mathematical calculations on useful information to be kept secret to obtain a signature, the signature is a series of parameters, and the series of parameters do not include the useful information to be kept secret; the verifier can perform a series of mathematical calculations using the series of parameters, and can verify the conclusion of the prover about the useful information according to the result of the mathematical calculations, that is, verify that the conclusion of the prover is correct, which is generally the conclusion that the prover can know the useful information to be kept secret.

For example, when the transaction processing device verifies, it can be trusted that the terminal asserts the first signature information: the payment account has a certificate issued by the management device and a one-time private key, namely the payment account has an admission certification.

Wherein, the expression of the zero knowledge proof (Signature of knowledge, SoK) is:

SoK{ (secret value):“relations to proof’} (Message to sign) ;

in the expression (secret value) is the secret of the prover, for example, the payment account has a one-time private key and the credential issued by the management device for the payment account; "relationships to proof' is a relationship that is desired to be proved, e.g., the relationship or argument that is desired to be proved is: the terminal can acquire a one-time private key of the payment account and a certificate issued by the management equipment for the payment account; part of (Message to sign) is a file to be signed, which may be, for example, the contents of a transaction initiated by a payment account number; all symbols which do not belong to the prover secret in the expression are public numerical values, for example, if a terminal logging in a payment account number sets anonymity of the payment account number and does not set privacy for protecting the collection account number and the transaction amount, relevant parameters related to the collection account number and the transaction amount are public; in addition, other parameters used in the zero-knowledge proof other than the prover secret may be public and may be included in the signature, e.g., system parameters may be included in the first signature information, collectively referred to as verification parameters.

For example, assuming that the payment account is Alice and the amount of money that Alice should consume is obtained from the address of her own one-time public key when Alice is the payee, the first signature information of the transaction needs to use Alice's one-time private key ots/microspheres_iic;eThe certificate issued by the management device for Alice is (A)_Ali。_e,_XAii。_e) The credential is generated by the management device according to the one-time public key of the first account and the ciphertext of the transaction amount of the first account, the public key gpk = g ^ of the management device, and the terminal proves that the expression of the signature generated for the transaction content by using zero knowledge is as follows:

S〇K{(〇tsk^|j_ce, A^|j_ce, XAlice) :

e(A_Alice, g₂- g₂ ^Alice) = e( tsk_Alice) -Txl, wherein Txl is the transaction content to be signed; system parameters;

good random generation

And o calculating:

good first signature letter

Therefore, the transaction request message and the transaction record message sent by the terminal to the transaction processing device only need to carry the first signature information generated by the zero-knowledge proof, and the verifier can know through the first signature information: the terminal can obtain the one-time private key of the payment account and the certificate issued by the group administrator, so that the payment account can be verified to have the admission qualification, and the payment account can be prevented from repudiating the transaction content because the certificate is generated by the credible management equipment.

Accordingly, the transaction processing device performs the following verification calculation using the public key of the management device § 1^ = and the first signature information generated by the zero-knowledge proof described above:

after 0 receives the first signature information = (microspheres ·, 7, the result is:, 2;, 2^ 2, 2;, 2^ later, calculate:

the transaction record is verified as passed, i.e., indicating that the first account number has the condition to store the transaction record on the blockchain.

Wherein, the function or mapping 6 is a bilinear pairing mapping, the mapping X ^ s_{7 ^}If the following conditions are met, the method is called a bilinear pairing mapping:

therefore, the embodiment of the invention can avoid that the verifier or other third parties capable of acquiring the signature can identify the identity information of the payment account by using the public key disclosed by the payment account, and meanwhile, the verifier and the third parties can acquire that the payment account has the admission qualification by adopting zero knowledge proof and the payment account has the certification issued by the management equipment, so that the payment account cannot be repudiated by corresponding transaction contents. Example two

If the transaction content is initiated by the first account with respect to the second account, that is, when the transaction content relates to both parties of a transaction, in order to protect the privacy of the second account, the embodiment of the present invention further provides a transaction processing method based on the transaction processing system shown in fig. 3 to 30, which can protect the privacy of the second account. In the transaction processing systems shown in fig. 3, each transaction processing system may further include a certificate issuing node of a certificate authority, where the certificate issuing node is configured to issue, for each collection account, a certificate for generating second signature information of the transaction content, that is, the certificate is different from an ordinary certificate, and the certificate does not need to be verified using a long-term public key. Alternatively, based on the transaction processing system shown in fig. 3B, the endorsement node may also perform the function of the certificate issuing node, and is further configured to issue the certificate for the user. Alternatively, the transaction processing system shown in fig. 3C further includes a certificate issuing device; or in the transaction processing system shown in fig. 3D, the transaction processing device further performs a function of a certificate issuing device, where the certificate issuing device is capable of issuing a certificate for the collection account number, where the certificate is different from a common certificate, and with the certificate, the terminal may generate second signature information of the transaction content, where the second signature information may protect privacy of the collection account number, and at the same time, enable the transaction processing device to verify whether the collection account number has a condition for storing the transaction record on the blockchain.

The embodiment of the present invention applies for a Certificate from a Certificate Authority (ca) device (or a transaction processing device, or a Certificate issuing node) by using a collection terminal that logs in a collection account, and may include the following steps:

21) the method comprises the steps that a collection terminal sends a certificate application message to C A equipment, wherein the certificate application message carries a long-term public key of a collection account and certification information with a long-term private key;

22) and when the CA equipment verifies that the certificate application message passes, generating a certificate of the collection account according to the long-term public key of the collection account, and returning a certificate response message to the collection terminal, wherein the certificate response message carries the certificate of the collection account.

In this way, when the payment account initiates the transaction content to the collection account, the certificate of the collection account can be acquired from the collection terminal, so that the second signature information of the transaction content is generated by using the certificate.

For example, the long-term public key Y of the collection account number Bob_BobIf the private key cask of the CA device is p and the public key capk is g ^ then the CA device can generate a certificate for zero knowledge proof for Bob after the certificate application message for CA device verification passes (F)_B。_b， w_B。_b) Wherein:

F_B〇_b= （h〇

wherein, h is a system parameter, WB. b is randomly generated.

In addition, in order to protect the privacy of the collection account, in the embodiment of the present invention, in addition to generating the second signature information of the transaction content to verify the admission qualification of the collection account, the one-time public key of the collection account may be used as the transaction content or the address of the receiver, and the hash value of the long-term public key of the collection account in the prior art is no longer used as the address of the transaction content, so that the problem that the transaction processing device in the prior art needs to verify the address of the receiver by using the long-term public key of the collection account, which causes the identity of the collection account to be leaked, can be avoided.

In the embodiment of the present invention, the one-time public key of the collection account may be generated according to the long-term public key of the collection account, for example, the one-time public key is used to generate a PKeyGen 0 function to generate the one-time public key of the collection account.

That is, the terminal generates the one-time public key of the collection account number, which may include: and the terminal generates a PKeyGen 0 function according to the long-term public key and the one-time public key of the collection account number and calculates the one-time public key of the collection account number.

For example, the long-term public key Y of the collection account Bob_B。_bExporting the one-time public key Otpk of Bob as input to the PKeyGen 0 function_B。_b=Y^^x _{b ;}Wherein r is_txIs a random number. In addition, the terminal can also be based on system parameters

The R is carried in the transaction content initiated by the payment account number_tx， R_teAnd the method is used for calculating the one-time private key of the collection account number. Wherein the one-time private key can be utilized to protect the anonymity of the recipient account number when the recipient account number initiates a transaction, such as the consumption of a transaction amount entered by the pen from a payment account number.

That is, when the user account is used as a collection account, the parameter R may be obtained when calculating the one-time public key of the user account_tx， R_xThus, the parameter R may be used when the user account requires the consumption of the transaction amount of the income_txGenerating a one-time private key, and generating first signature information as described in the first embodiment for the transaction content including the transaction amount by using the one-time private key and the credential generated by the management device, so as to ensure the anonymity of the user account as \ 02019/132767.

Wherein, the one-time private key of the collection account is obtained by the terminal logging in the collection account according to the long-term private key of the collection account and the parameter 1^ A_¾And (4) generating. For exampleThe one-time private key generation 0 function's input is the long-term private key 8 good 1 of the receiving account number) and the parameter 1,

calculated one-time private key =.

In addition, in the embodiment of the present invention, when the payment terminal uses the one-time public key of the collection account as the address of the collector, that is, the collection terminal that logs in the collection account, can confirm whether the collector is the collector itself by checking the address, that is, checking the one-time public key. Specifically, the receiving terminal may check the address of the receiving party in the transaction record by checking the 0 function through the one-time public key. For example, the collection terminal logging in the collection account number will exchange 1^ one-time public key in the transaction content

As a one-time public key check

The input of the function, if 91 microspheres.₁₃And = only ^.¹⁵I.e. the function output is 1, this indicates that the payee has an address of 1

That is, the payee of the transaction content is 8 good 1), and if the function output is 0, it indicates that the payee of the transaction content is not 8 good 1).

In the embodiment of the invention, the payment terminal uses the one-time public key of the collection account as the address of the transaction content, and also needs to generate second signature information of the transaction content according to the one-time public key of the collection account and the certificate of the collection account, the verification result of the second signature information is used for indicating whether the collection account has the condition of storing the transaction content on the block chain, and the condition can be whether the long-term private key of the collection account has a corresponding certificate. Correspondingly, the second signature information cannot include the certificate of the collection account, so that the embodiment of the invention not only verifies the admittance qualification of the second account, but also protects the anonymity of the collection account.

That is, in order to protect the anonymity of the second account number, as shown in fig. 5, the transaction processing method is different from the transaction processing method shown in fig. 4 in that step 301 in fig. 4 is replaced with step 401 and 402, in which:

401. the terminal generates a one-time public key of the second account according to the long-term public key of the second account;

402. and the terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account.

Wherein the certificate is generated from a private key of the certificate issuing device; e.g., generated according to steps 21) to 22) above; correspondingly, the transaction request message and the transaction record further include a one-time public key of the second account and second signature information, and the one-time public key of the second account is an address of the second account.

In addition, the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by performing verification calculation according to the one-time public key of the second account, the public key of the certificate issuing device, and the verification parameters in the second signature information.

Optionally, when the verification result of the second signature information is in the first verification result, the second signature information is used to indicate that the second account number has the right to access the transaction processing device, that is, the transaction processing device can simulate to run the transaction content; and when the verification result of the second signature information is in the second verification result, indicating that the second account has the authority of using the block chain.

It should be noted that although steps 8401 to 8402 do not refer to the first account number and the related processing steps of the transaction amount, in order to implement the transaction processing method, a person skilled in the art may combine the related processing steps of the first account number and the transaction amount described in the embodiment of the present invention or the related processing steps of the first account number and the transaction amount in the prior art as shown in fig. 2 to verify the admittance eligibility of the second account number, the correctness of the transaction amount, and the admittance eligibility of the first account number to complete the transaction processing process. For example, assuming that only the anonymity of the second account number is protected, and the first account number and the transaction amount both adopt the processing method in the prior art, except that the terminal generates the second signature information, the transaction content also needs to carry the plaintext of the input amount and the plaintext of the output amount so that the transaction processing device verifies the accuracy of the transaction; meanwhile, the transaction content also needs to carry a certificate of the first account in a normal sense (i.e., a long-term public key of the first account, which is different from the certificate for zero-knowledge proof in the second embodiment) so that the transaction processing device verifies the access qualification of the first account, and meanwhile, the terminal also needs to generate first signature information of the transaction content according to a one-time private key or a long-term private key of the first account so that the first account cannot be repudiated by the transaction, so that the first verification result also includes a verification result of the transaction processing device on the transaction amount and a verification result of the certificate of the first account, and the first verification result and the second verification result also include a verification result of the first signature information at the same time.

In some embodiments, the second signature information is a zero knowledge proof signature, e.g., assuming the second account number is

Specifically, the terminal has good 1 microspheres according to the one-time public key of the second account number.₁) Certificate, certificate

Public key of device

The calculation process for generating the second signature information comprises:

accordingly, the transaction processing device can utilize

Public key of device

The address of the second account, namely the one-time public key (^ and the second signature information of the second account, is verified and calculated as follows:

the good received the signature = (microspheres, (: after, calculate:

0

in addition, if only the anonymity of the second account is protected in the embodiment of the present invention, the transaction content has the second signature information, and in addition, the first signature information of the transaction content needs to be generated by using the long-term private key or the one-time private key of the first account, so as to verify the access qualification of the first account. At this time, whether the first signature information is generated by using the long-term private key or the one-time private key of the first account number is the address of the one-time public key of < 02019/132767 > < 01/802017/050654 > or the address of the hash value of the long-term public key used when the first account number is used as a payee to receive the amount of the transaction. Correspondingly, if only the anonymity of the second account is protected, in order to verify the correctness of the transaction, the transaction content needs to carry the plaintext of the transaction amount, so that the transaction processing device can verify the correctness of the transaction by using the transaction amount.

In the embodiment of the invention, in order to protect the anonymity of the second account, the terminal logging in the first account needs to generate the one-time public key of the second account according to the long-term public key of the second account, and the one-time public key is used as the address of the transaction content; and generating second signature information of the transaction content according to the one-time public key and the certificate of the second account, wherein the second signature information enables a verifier such as transaction processing equipment to verify the access qualification of the second account, so that a verifier such as the transaction processing equipment can verify the access qualification of the second account without acquiring the long-term public key of the second account and enables a receiver of the transaction content to acquire whether the receiver is the receiver according to the one-time public key, thereby avoiding the public key of the second account from being acquired by a third party except two parties of the transaction in the prior art and protecting the anonymity of the second account.

In addition, while generating the one-time public key, the parameters of the one-time private key generation function of the second account and the parameters of the one-time public key check function can be obtained, and the two parameters are stored in the transaction content, so that when the second account receives the transaction content, the parameters of the one-time public key check function are used for checking whether the address of the transaction content is the address of the second account, if the address is the address of the second account, when the transaction amount in the transaction content is consumed, the parameters of the one-time private key generation function and the evidence of the second account can be used for generating the signature information of the transaction content, that is, when the second account is a payment account and consumes the transaction amount, the parameters of the one-time private key generation function can be used for generating the one-time private key of the second account, and the signature information of the transaction content can be generated by using the one-time private key and the evidence, thus, as described in embodiment one, the anonymity of the second account when used as a payment account is protected. EXAMPLE III

According to the business setting, in order to protect privacy of the transaction amount in the transaction content, the embodiment of the invention provides a transaction processing method, in the transaction processing method, third signature information of the transaction content can be generated, and a verifier such as transaction processing equipment can know whether the total transaction input amount is equal to the total transaction output amount according to a verification result of the third signature information, so that the transaction amount is not carried in the transaction content, and meanwhile, the correctness of the transaction amount is ensured.

In the embodiment of the present invention, as shown in fig. 6, compared with the transaction processing method shown in fig. 4, the difference between the transaction processing method and the transaction processing method shown in fig. 4 is that step 301 in fig. 4 is replaced with step 501 and step 403, where:

501. the terminal determines the ciphertext of each input amount and the ciphertext of each output amount;

502. the terminal calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount;

503. the terminal generates third signature information of the transaction content according to the ciphertext of the difference value;

wherein the transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, and the verification result of the third signature information is used to indicate whether the total input amount is equal to the total output amount.

It should be noted that although steps 8501 to 8503 do not refer to the related processing steps of the first account number and the second account number, in order to implement the transaction processing method, a person skilled in the art may verify the admittance eligibility of the second account number, the correctness of the transaction amount, and the admittance eligibility of the first account number according to the related processing steps of the first account number and the transaction amount described in the embodiment of the present invention or the related processing steps of the first account number and the transaction amount in the prior art as shown in fig. 2, so as to complete the transaction processing process. For example, assuming that only anonymity of a transaction amount is protected, a first account and a second account both adopt a processing method in the prior art, except that a terminal generates third signature information, transaction content also needs to carry a certificate of a common meaning of the first account and the second account so that a transaction processing device verifies an admission qualification of the first account and the second account, and meanwhile, the terminal also needs to generate first signature information of the transaction content according to a one-time private key or a long-term private key of the first account so that the first account cannot repudiate the transaction; the terminal also needs to take the hash value of the long-term public key of the second account as a receiving address; therefore, the first verification result also comprises a verification result of the transaction processing equipment on the certificate of the first account and the second account, and the first verification result and the second verification result also comprise a verification result on the first signature information at the same time.

The terminal determines the ciphertext of each input amount and the ciphertext of each output amount, and an addition homomorphic encryption algorithm can be specifically adopted. The addition homomorphic encryption algorithm is to perform operation processing on encrypted data to obtain an output, decrypt the output, and obtain the same result as the output result obtained by processing unencrypted original data through addition. Therefore, the terminal obtains the ciphertext of the total input amount and the ciphertext of the total output amount by directly using the ciphertext of each input amount and the ciphertext of each output amount.

In some embodiments, the third signature information may also be a signature of zero knowledge proof, that is, a verifier, such as a transaction processing device, may perform a verification calculation of zero knowledge proof according to the verification parameters in the third signature information, the ciphertext of each input amount, and the ciphertext of each output amount, and may know the correctness of the transaction according to the calculation result. For example, assuming that the transaction input amounts are input l and input2, respectively, and the transaction output amounts are output 1 and output2, respectively, an addition homomorphic encryption algorithm HEnc is utilized_pk0 the cryptograms of the transaction input amounts obtained respectively are (a)]And (^ a)₂And C, the obtained cryptograph of the transaction output amount is obtained. And ^ PC.₂Then, then

c^'=^{Cil Ci2}/c_0lc₀₂=^HEncP^k(⁰)

Then, the terminal can generate "the C^'A signature obtained by encrypting the zero-knowledge proof of the ciphertext "whose plaintext is 0 may be used as the third signature information.

For example, assume that a transaction initiated by a payer has an input amount and an output amount, i.e., the payer and payee are in a one-to-one relationship, and the clear text of the transaction input amount is m_inThe ciphertext is C_in= gTⁱⁿglⁱⁿWherein r is_inA random number encrypted for the payer; the plaintext of the transaction output amount is C_out= gl°^utWherein the random number is encrypted for the payer; the expression when the third signature information is a zero-knowledge proof signature is:

SoK{(r^') : C_in/C_out= gi} (Txl)

where Txl is the transaction content to be signed, r^'= r_in- r_out, g₄Is a system parameter.

Specifically, the terminal calculating the signature of the zero-knowledge proof may include the following calculation processes:

good random generation of 7^, e z_p

Good calculation:

^■Ri = g/^rp

good results c = H (par am, R)_lMsg), wherein param is a system parameter and Msg is Eyi content.

Good for calculation

Good quality of

The transaction processing device performs the following verification calculation by using the ciphertext of the output amount of the ciphertext of the input amount in the transaction content and the third signature information of \ cutting 02019/132767:

after receiving the third signature information = (^7, 2^ at the good, calculate:

0

the verification passes.

That is, when the third signature information is verified, the transaction processing device can know that the transaction amount is correct, so that the correctness of the transaction is ensured.

Therefore, in the embodiment of the invention, the third signature information is used for ensuring the correctness of the transaction, so that the transaction request message and the transaction record are prevented from carrying the transaction amount, and the privacy of the transaction amount is protected. In the first to third embodiments, the transaction processing method described in the present application is described in terms of protecting privacy of the payer, i.e., the first account, the payee, i.e., the second account, or the transaction amount.

In some embodiments, privacy of any one or more of the payer, i.e., the first account, the payee, i.e., the second account, and the transaction amount may also be selected according to the service setting, and the specific transaction processing method may correspondingly include the relevant steps and implementation manners in the first to third embodiments. The embodiments of the present invention are not limited.

For example, in the embodiment of the present invention, if the terminal not only protects the privacy of the transaction amount, but also protects the privacy of the first account or the second account, the terminal may execute related operations to implement the privacy protection of the transaction amount and the first account, or implement the privacy protection of the transaction amount and the second account, or implement the privacy protection of the transaction amount, the first account, and the second account. Correspondingly, if the terminal only needs to protect the privacy of the transaction amount according to the input of the user interface shown in fig. 8, the first signature information of the transaction content may be generated by using the long-term private key or the one-time private key of the first account in the prior art, and the hash value of the long-term public key of the second account is used as the address of the second account. That is to say, the privacy protection operation in the transaction processing method according to the embodiment of the present invention may be combined with a transaction processing method in the prior art to implement schemes such as privacy protection of a transaction amount, privacy protection of a transaction amount and a first account, privacy protection of a transaction amount and a second account, privacy protection of a first account and a second account, and privacy protection of a first account, a second account, and a transaction amount, and the above combination modes all belong to the protection scope of the present application. Embodiment IV

In order to facilitate understanding of the above three aspects of the present application, the present application takes the fourth embodiment as an example, and details how to protect privacy of the first account number, the second account number, and the transaction amount at the same time.

Referring to fig. 7, fig. 7 is a schematic flow chart of another transaction processing method according to an embodiment of the present invention, and for convenience of description, a terminal logging in a first account is referred to as a payment terminal, and a terminal logging in a second account is referred to as a collection terminalThe first account is called a payment account and the second account is called a collection account, based on FIG. 3⁽: the transaction processing system shown, the transaction processing method shown in fig. 7 may include the steps of:

601. the terminal sends a credential request message to the management device;

the terminal is a terminal for logging in a first account. The credential request message includes a one-time public key of the first account and/or a cryptograph of a transaction amount of the first account. The one-time public key of the first account is generated by the corresponding payment account according to the long-term public key of the first account when the first account is used as a collection account.

602. The management device generates a credential of the first account according to the one-time public key of the first account and/or the message 02019/132767;

603. the management equipment returns a credential response message to the terminal;

wherein, the credential response message carries the credential of the first account.

604. The terminal generates a disposable public key of the second account according to the long-term public key of the second account, and the disposable public key is used as a receiving address of the transaction content;

the terminal may generate the one-time public key of the second account according to the one-time public key generating function in the second embodiment, which is not described in detail herein.

605. The terminal determines the ciphertext of each input amount and the ciphertext of each output amount, and calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount;

606. and the terminal generates signature information of the transaction content according to the one-time private key and the proof of the first account, the certificate of the second account, and the ciphertext of the difference value between the total input amount and the total output amount.

That is, the signature information of the transaction content includes the first signature information, the second signature information, and the third signature information in embodiments one to three.

607. And the terminal sends a transaction request message to the transaction processing equipment, wherein the transaction request message carries the signature information of the transaction content, the one-time public key of the second account as the receiving address and the transaction content.

The transaction content may include parameters of a one-time private key generation function and parameters of a one-time public key check function, which are obtained when the terminal generates the one-time public key of the second account. The terminal logging in the second account can check whether the receiving address of the transaction content is the terminal itself according to the parameters of the first-time public key check function and the long-term private key of the terminal; when the transaction amount of the transaction is consumed, the one-time private key of the second account can be generated according to the parameters of the one-time private key generation function and the long-term private key, and then the one-time private key is used for generating the signature of the transaction content, so that the anonymity of the second account as a payment account is protected.

In addition, the credential of the second account may be a credential applied to the second account when the terminal logging in the first account applies for the credential of the first account; the terminal that logs in the second account may also apply for the credential of the second account when consuming the transaction amount of the transaction, which is not limited in the embodiments of the present invention.

In addition, fig. 3 (: compare with fig. 30), based on the transaction processing system shown in fig. 3 (: there are several more steps for the transaction processing method to interact with the management device to generate the credentials of the first account number and/or the second account number.

608. The transaction processing equipment verifies the transaction request message to obtain a first verification result, and when the first verification result is passed, the transaction processing equipment simulates the operation of transaction content to obtain transaction result information.

The transaction processing device may include at least one endorsement node, and each endorsement node may simulate running of transaction content to obtain a transaction result when verifying that the transaction request message passes through, and sign the transaction result using its own private key, so that the transaction result information includes the transaction result of the at least one endorsement node and a corresponding signature.

609. The transaction processing equipment returns a transaction response message to the terminal, wherein the transaction response message carries the transaction result information;

610. the terminal sends a transaction record message to the transaction processing equipment; the transaction record carried by the transaction record message comprises transaction content, signature information of the transaction content, a transaction result of at least one endorsement node and a corresponding signature;

611. the transaction processing device receives the transaction record message, verifies the transaction record, obtains a second verification result, and stores the transaction record to the blockchain when the second verification result is passed.

In the embodiment of the present invention, as shown in fig. 7, after the consensus node in the transaction processing device receives the transaction record message, it is further required to sort the transaction records received by other consensus nodes according to the receiving time, generate a block of transaction records including a first account number, submit the transaction records to the submitting node in a block form, and verify the transaction records in the block by the submitting node, where the operation of the submitting node to verify each transaction record is similar, so as to take the transaction record of the transaction initiated by the first account number as an example, the second verification result includes a verification result of signature information of the transaction content and a verification result of signature information of the transaction result, where the verification result of the signature information of the transaction content is a one-time public key of the submitting node according to the public key of the management device, the one-time public key of the second account number, and the public key of the management device, And verifying the public key of the CA device and the verification parameters in the signature information. In addition, the second verification result further includes a verification result indicating whether the transaction result information meets a preset condition, that is, the submitting node further needs to verify whether the transaction result of at least one endorsement node and the corresponding signature meet the preset condition, for example, the preset condition is that at least ten endorsement node signatures and corresponding transaction results are required in each transaction record and the transaction results corresponding to the signatures are consistent.

The reason that the endorsement nodes are used for simulating the operation of the transaction contents is that the transaction results of a plurality of endorsement nodes are verified to be consistent in the submission node, and the transaction results are accepted and can be called as actual transaction results, so that the transaction results obtained by simulating the operation of the transaction contents can be called before the submission node, and the accuracy of the operation of the transaction contents is also ensured.

For example, assume that the transaction initiated by the first account number has an input amount and an output amount, where the plaintext of the input amount is m_inThe ciphertext is C_in= g^ⁱⁿglⁱⁿWherein r is_inA random number encrypted for the payer; the plaintext of the output amount is 771. The ciphertext is C_out= gT。^utgl。^utWherein the random number is encrypted for the payer; the terminal logging in the first account Alice generates a one-time public key otpk of the second account Bob by using the long-term public key of the second account Bob_B。_b=: ^ and random number (R)_tx,R '_tx) (ii) a The certificate of the second account Bob is

The disposable private key of the first account Alice is ots cellular Red_iceThe certificate issued by the management device for Alice is

When the signature information of the transaction content is a signature certified by zero knowledge, the expression of the signature certified by the zero knowledge that the first account has a one-time private key and a credential signed by the management device, the second account has a certificate corresponding to the long-term public key, and a ciphertext of a difference between the input amount and the output amount is a ciphertext obtained by encrypting the plaintext to be 0 is as follows:

e(A_Alice, g₂- g₂ ^AUce) = e(h - C_in, g₂) . e(g_1;〇tsk_Alice)

wherein Txl is the transaction content to be signed, r = r_in- r_out, gi_>g₂And h is a system parameter. Specifically, the terminal calculating the signature of the zero-knowledge proof may include the following calculation processes: \ break 02019/132767

Accordingly, the transaction processing device uses the public key of the management device

Public key of device

The one-time public key of the second account ^10^ and the system parameters verify the signature of the zero-proof of knowledge can include the following calculation processes:

0

the verification shows that the content proved by the signature proved by the zero knowledge is correct, namely the first account number has a primary private key and a certificate issued by the management equipment, the second account number has a certificate corresponding to the long-term public key, and a ciphertext of a difference value between the input amount and the output amount is a ciphertext of which the plaintext is 0; that is, the verification of the signature indicates that the first account number and the second account number have the conditions for using the blockchain, and that the transaction is correct.

Therefore, in the embodiment of the invention, the signature information of the transaction content is generated according to the one-time private key of the first account, the credential, the certificate of the second account, and the ciphertext of the difference value between the input amount and the output amount, so that a verifier, such as a transaction processing device, verifies the access qualification of the first account and the second account by using the signature information, and uses the one-time public key of the second account as the receiving address of the transaction content. In some possible implementations, in the above embodiment, the transaction content may further have a ciphertext of 02019/132767. For example, in the third or fourth embodiment, the terminal obtains the ciphertext of each input amount and the ciphertext of each output amount, and may obtain the ciphertext of each input amount and the ciphertext of each output amount by using an addition homomorphic encryption algorithm and a public key of an audit account of a third party, so that while protecting privacy of the transaction amount, an auditor can decrypt the ciphertext of each input amount and the ciphertext of each output amount by using a private key of an audit account of the third party, thereby obtaining the plaintext of each input amount and the plaintext of each output amount, so as to facilitate audit of the auditor.

Optionally, in the third or fourth embodiment, when auditing by an auditor is not required, the encryption key of the addition homomorphic encryption algorithm may be a random number, and the ciphertext of each input amount and the ciphertext of each output amount cannot be decrypted, so that the correctness of the transaction is ensured, and privacy protection of the transaction amount can be realized.

In some possible implementation manners, in the transaction processing method according to the above embodiment, the terminal may further generate an identifier of each input amount according to the one-time private key of the first account; the identification of each input amount is used for preventing each input amount from being consumed for the second time. For example, if the identified transaction record with the input amount already exists in the blockchain, the transaction processing device finds the identifier I with the input amount when verifying the transaction content, and then determines that the transaction is a secondary consumption and the verification fails. As can be seen, the implementation can utilize the identification of each input amount to prevent secondary consumption of the input amount.

Further, the transaction processing method according to this implementation may further include: the terminal generates fourth signature information of the transaction content according to the identification of each input fund amount; wherein, the transaction request message and the transaction record further include the fourth signature information and the identifier of each input amount; the identification of each input amount is used for preventing each input amount from being consumed for the second time; the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation by the transaction processing device according to the identification of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used for indicating whether the identification of each input amount is correct. Therefore, if the identification of the input amount is incorrect, the verification result of the fourth signature information is also failed, and further secondary consumption of the input amount is avoided.

The fourth signature information may be a signature of zero knowledge proof, the terminal may calculate the fourth signature information of the transaction content according to the identifier of each input amount and a zero knowledge proof algorithm, and correspondingly, the transaction processing device may also verify the fourth signature information in the transaction request message and the transaction record by using the zero knowledge proof algorithm.

In some possible implementations, the transaction processing method according to the foregoing embodiment may further include: the terminal encrypts the one-time public key of the first account according to the public key of the third party audit account to obtain the ciphertext of the one-time public key of the first account, and the transaction request message and the transaction record also comprise the ciphertext of the one-time public key of the first account.

Further, the transaction processing method in this implementation may further include: the terminal generates fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account; correspondingly, the transaction request message and the transaction record further include the fifth signature information, the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation by the transaction processing device according to the verification parameters in the fifth signature information, and the verification result of the fifth signature information, i.e. the break 02019/132767.

The fifth signature information may be a signature of zero knowledge proof, the terminal may calculate the fifth signature information of the transaction content according to the identifier of each input amount and a zero knowledge proof algorithm, and correspondingly, the transaction processing device may also verify the fifth signature information in the transaction request message and the transaction record by using the zero knowledge proof algorithm.

In some possible implementations, the transaction processing method according to the foregoing embodiment may further include: the terminal encrypts the long-term public key of the second account according to the public key of the third party audit account to obtain the ciphertext of the long-term public key of the second account; correspondingly, the transaction request message and the transaction record also include the ciphertext of the long-term public key. Therefore, the auditor with the third-party audit account number can decrypt the ciphertext of the long-term public key by using the private key of the auditor to obtain the long-term public key of the second account number, so that the identity information of the second account number is obtained, and the auditor can conveniently audit.

Further, the transaction processing method in this implementation may further include: the terminal generates sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account; correspondingly, the transaction request message and the transaction record further include the sixth signature information; the first verification result and the second verification result further include a verification result of the sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether the ciphertext of the long-term public key of the second account number is correct.

The sixth signature information may be a signature of zero knowledge proof, the terminal may calculate the sixth signature information of the transaction content according to the identifier of each input amount and a zero knowledge proof algorithm, and correspondingly, the transaction processing device may also verify the sixth signature information in the transaction request message and the transaction record by using the zero knowledge proof algorithm.

In the various optional embodiments and optional implementation manners, how to protect the privacy of the first account, how to protect the privacy of the second account, how to protect the privacy of the transaction amount in the transaction content, how to cooperate with auditing of an auditor, and the like in the transaction processing method provided by the embodiment of the present invention are explained from the perspective of interaction of a terminal, a transaction processing device, a management device, and a certificate issuing device, which log in the first account. It will be appreciated that to perform the above functions, the transaction processing device, the management device and the certificate issuing device may include corresponding hardware results and/or software modules, for example, the transaction processing device may include at least one endorsement node, a consensus node, a submission node, etc., the endorsement node may also perform the function of the management device generating credentials, and the management device and the certificate issuing device may be performed by the same device. In summary, one skilled in the art should readily appreciate that the present invention can be implemented in hardware or a combination of secure and computer software in conjunction with the various steps or elements described in the embodiments or implementations disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. Referring to fig. 9, fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention, where the terminal includes a processor 901, a memory 902, and a communication interface 903, the memory 902 is used for storing program instructions, and the processor 901 is used for calling the program instructions to perform the following operations.

The processor 901 is configured to generate first signature information of transaction content according to a credential of a first account number, where the transaction content is initiated by the terminal based on the first account number, and the credential is generated for the first account number by a transaction processing device that processes the transaction content;

the communication interface 903 is configured to send a transaction request message to the transaction processing device, where the transaction request message includes the first signature information and the transaction content;

the communication interface 903 is further configured to receive a transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

the communicator 903 is further configured to send a transaction record message to the transaction processing device according to the transaction response message, where the transaction record message is used to instruct the transaction processing device to store the transaction record onto a block chain, and the transaction record includes the transaction content, the first signature information, and the transaction result information.

The processor generates first signature information of the transaction content according to the credential of the first account, specifically: and taking a long-term private key/one-time private key of a first account number, the certificate of the first account number and the transaction content as the input of a zero-knowledge proof algorithm, and calculating first signature information of the transaction content.

Wherein, the transaction response message is returned when the transaction processing device verifies that a first verification result obtained by the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device verifying the transaction record message is passed;

wherein the first verification result and the second verification result both include a verification result of the first signature information;

and the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and the verification parameters in the first signature information.

The processor 901 is further configured to generate a one-time public key of the second account according to a long-term public key of the second account; the processor 901 is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

wherein the certificate is generated from a private key of a certificate issuing device; the transaction request message and the transaction record comprise a one-time public key of the second account and the second signature information, wherein the one-time public key of the second account is an address of the second account;

the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by the transaction processing device through verification according to the one-time public key of the second account, the public key of the certificate issuing device and verification parameters in the second signature information.

In one possible implementation form of the method,

the processor 901 is further configured to calculate a ciphertext of a difference between a total input amount and a total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;

the processor 901 is further configured to generate third signature information of the transaction content according to the ciphertext of the difference; wherein the transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, and the verification result of the third signature information is used for indicating whether the total input amount is equal to the total output amount. In a possible implementation manner, the encryption keys of the ciphertext of each input amount and the ciphertext of each output amount are public keys of the third party audit account.

In a possible implementation manner, the processor is further configured to generate an identifier of each input amount according to the one-time private key of the first account;

the processor is further used for generating fourth signature information of the transaction content according to the identification of each input amount;

the transaction request message and the transaction record further include the fourth signature information and the identifier of each input amount;

the identification of each input amount is used for preventing each input amount from being consumed for the second time;

the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation on the transaction processing device according to the identification of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used for indicating whether the identification of each input amount is correct.

In a possible implementation manner, the processor 901 is further configured to encrypt the one-time public key of the first account according to a public key of the third party audit account, so as to obtain a ciphertext of the one-time public key of the first account;

the processor 901 is further configured to generate fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;

the transaction request message and the transaction record further include the fifth signature information and a ciphertext of the one-time public key of the first account;

the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used for indicating whether the ciphertext of the one-time public key of the first account number is correct.

In a possible implementation manner, the processor 901 is further configured to encrypt the long-term public key of the second account according to a public key of the third party audit account, and obtain a ciphertext of the long-term public key of the second account; the processor 901 is further configured to generate sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;

the transaction request message and the transaction record further include the sixth signature information and a ciphertext of the long-term public key of the second account;

the first verification result and the second verification result further include a verification result of the sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether the ciphertext of the long-term public key of the second account number is correct.

In a possible implementation manner, the communication interface 903 is further configured to send a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account;

the communication interface 903 is further configured to receive a credential response message returned by the transaction processing device, where the credential response message includes a credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or a cryptograph of a transaction amount that the first account has.

In a possible implementation manner, the credential request message further includes the one-time public key of the second account and/or a cryptograph of a transaction amount that the second account has; the credential response message further comprises the credential of the second account; the credential of the second account is generated by the transaction processing device according to the primary public key of the first account and/or the cryptograph of the transaction amount of the first account; the transaction request message and the transaction record also include credentials of the second account number. Referring to fig. 10, fig. 10 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention, as shown in fig. 10, the transaction processing device may include at least one endorsement module 1001, a consensus module 1002, and a submission module 1003;

the endorsement module 1001 is configured to receive a transaction request message sent by a terminal, where the transaction request message includes first signature information of transaction content, and the transaction content is initiated by a first account;

the endorsement module 1001 is further configured to verify the transaction request message to obtain a first verification result, and when the first verification result is passed, simulate to run the transaction content to obtain transaction result information, and return a transaction response message carrying the transaction result information to the terminal;

the consensus module 1002 is configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, sort a transaction record carried in the transaction record message and a transaction record received from another terminal according to receiving time, generate a block including the transaction record, and submit the block to the submission module;

the submitting module 1003 is configured to receive the block, verify the transaction record in the block to obtain a second verification result, and store the transaction record in the block chain in the form of the block when the second verification result is passed;

the first verification result and the second verification result both include a verification result of the first signature information, and the verification result of the first signature information is obtained by the transaction processing device according to the public key verification of the authorization endorsement module 10011 in the endorsement module and is used to indicate whether the first account number has a condition for storing the transaction record onto a block chain;

the authorization endorsement module is used for generating a credential of the first account according to a private key of the authorization endorsement module, and the credential of the first account is used for generating the first signature information.

Referring to fig. 11, fig. 11 is a schematic structural diagram of another transaction processing device according to an embodiment of the present invention, and as shown in fig. 11, the transaction processing device includes at least one endorsement module 1101, a consensus module 1102, a submission module 1103 and a management module 1104;

the endorsement module 1101 is configured to receive a transaction request message sent by a terminal, where the transaction request message includes first signature information of transaction content, and the transaction content is initiated by a first account;

the at least one endorsement module 1101 is further configured to verify the transaction request message, obtain a first verification result, when the first verification result is passed, simulate to run the transaction content to obtain transaction result information, and return a transaction response message carrying the transaction result information to the terminal;

the consensus module 1102 is configured to receive a transaction record message sent by the terminal according to the at least one transaction response message, sort the transaction records carried in the transaction record message and the transaction records received from other terminals according to the receiving time, generate a block including the transaction records, and submit the block to the submission module;

the submitting module 1103 is configured to receive the block, verify the transaction record in the block to obtain a second verification result, and store the transaction record in the block chain in the form of the block when the second verification result is passed;

the first verification result and the second verification result both comprise verification results of the first signature information, and the verification results of the first signature information are obtained by the transaction processing equipment according to the public key verification of the management module and are used for indicating whether the first account number has conditions for storing the transaction record on a blockchain;

the management module 1104 is configured to generate a credential of the first account according to a private key of the management module, where the credential of the first account is used to generate the first signature information.

Additionally, in embodiments of the invention, the transaction processing device described in fig. 10 and 11 may also invoke related modules to perform the processing procedures of the transaction processing device described in fig. 4-7 and/or other procedures for the techniques described herein. For example, a management module or an authorization endorsement module in the transaction processing device performs relevant steps to generate a credential for the first account, and the like; at least one endorsement module and the submission module verifies the transaction request message and the relevant content in the transaction record, and the like. Referring to fig. 12, fig. 12 is a schematic structural diagram of a terminal according to an embodiment of the present invention, where the terminal shown in fig. 12 may be the terminal in fig. 3 eight-30 and fig. 4 to 8, and the terminal may include a processor, a memory, a control circuit, an antenna, and an input/output device. The processor is mainly configured to process a communication protocol and communication data, control the entire terminal device, execute a software program, and process data of the software program, for example, to support the terminal device to perform the actions described in the above embodiment of the method for indicating a transmission precoding matrix. The memory is mainly used for storing software programs and data, for example, storing credentials of the first account, a long-term private key or a one-time private key of the first account, and the like described in the above embodiments. The control circuit is mainly used for converting baseband signals and radio frequency signals and processing the radio frequency signals. The control circuit and the antenna together, which may also be called a transceiver, are mainly used for transceiving radio frequency signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, keyboards, etc., are used primarily for receiving data input by a user and for outputting data to the user.

When the terminal is started, the processor can read the software program in the storage unit, interpret and execute the instruction of the software program, and process the data of the software program. When data needs to be sent wirelessly, the processor outputs baseband signals to the radio frequency circuit after baseband processing is carried out on the data to be sent, and the radio frequency circuit carries out radio frequency processing on the baseband signals and sends the radio frequency signals outwards in the form of electromagnetic waves through the antenna. When data is sent to the terminal equipment, the radio frequency circuit receives radio frequency signals through the antenna, converts the radio frequency signals into baseband signals and outputs the baseband signals to the processor, and the processor converts the baseband signals into the data and processes the data.

Those skilled in the art will appreciate that fig. 12 shows only one memory and processor for ease of illustration. In an actual terminal device, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, and the like, which is not limited in this respect by the embodiment of the present invention.

As an alternative implementation manner, the processor may include a baseband processor and a central processing unit, where the baseband processor is mainly used to process a communication protocol and communication data, and the central processing unit is mainly used to control the whole terminal device, execute a software program, and process data of the software program. The processor in fig. 12 integrates the functions of the baseband processor and the central processing unit, and those skilled in the art will understand that the baseband processor and the central processing unit may also be independent processors, and are interconnected through a bus or the like. Those skilled in the art will appreciate that the terminal device may include a plurality of baseband processors to accommodate different network formats, a plurality of central processors to enhance its processing capability, and various components of the terminal device may be connected by various buses. The baseband processor can also be expressed as a baseband processing circuit or a baseband processing chip. The central processing unit can also be expressed as a central processing circuit or a central processing chip. The function of processing the communication protocol and the communication data may be built in the processor, or may be stored in the storage unit in the form of a software program, and the processor executes the software program to realize the baseband processing function.

For example, in the embodiment of the present invention, the antenna and the control circuit having the transceiving function may be regarded as the transceiving unit 1201 of the terminal, and the processor having the processing function may be regarded as the processing unit 1202 of the terminal. As shown in fig. 12, the terminal includes a transceiving unit 1201 and a processing unit 1202. A transceiver unit may also be referred to as a transceiver, a transceiving device, etc. Alternatively, a device for implementing a receiving function in the transceiving unit 1201 may be regarded as a receiving unit, and a device for implementing a transmitting function in the transceiving unit 1201 may be regarded as a transmitting unit, that is, the transceiving unit 1201 includes the receiving unit and the transmitting unit, the receiving unit may also be referred to as a receiver, a receiving circuit, or the like, and the transmitting unit may be referred to as a transmitter, a transmitting circuit, or the like. In an embodiment of the present invention, the transaction processing device may include a communication unit and a processing unit, where the processing unit and the communication unit perform, in combination, the relevant operations performed by the transaction processing device in the above embodiments, or perform the relevant functions of at least one endorsement node, consensus node, and submission node, or may also perform the relevant functions of a management device, a certificate issuing device, and the like.

Optionally, referring to fig. 13, fig. 13 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention, where the transaction processing device may include a processor 1301 and a memory 1302. The memory 1302 is configured to store instructions, and the processor 1301 is configured to execute the instructions stored in the memory 1302 to implement the steps and embodiments of the methods corresponding to fig. 4 to 8.

Further, the transaction processing device may also include an input port 1304 and an output port 1305. Further, the apparatus may further include a bus system 1303, wherein the processor 1301, the memory 1302, and the communication interface 1304 may be connected via the bus system 1303.

The processor 1301 is configured to execute the instructions stored in the memory 1302 to control the communication interface 1304 to receive the signal and control the communication interface 1304 to transmit the signal, so as to complete the steps of the terminal in the above-mentioned method. Communication interfaces 1304 may be the same or different physical entities, among others. When the same physical entity, may be collectively referred to as a transceiver. The memory 1302 may be integrated with the processor 1301 or may be separate from the processor 1301.

As an implementation manner, the function of the communication interface 1304 may be implemented by a transceiver circuit or a dedicated chip for transceiving. Processor 1301 may be considered to be implemented with a dedicated processing chip, processing circuit, processor, or a general purpose chip.

As another implementation manner, a manner of using a general-purpose computer to implement the terminal provided in the embodiment of the present application may be considered. Program code that implements the functions of the processor 1301 and the communication interface 1304 is stored in the memory, and the functions of the processor 1301 and the communication interface 1304 are implemented by the processor executing the code in the memory. The concept, explanation, and detailed description related to the technical solution provided by the embodiments of the present application and other steps related to the apparatus are described in the foregoing method or other embodiments, and are not described in here. It will be clear to those skilled in the art that for the convenience and brevity of description, the specific operations of the system, apparatus and units described above may be referred to the corresponding operations in the foregoing method embodiments and will not be described in any further detail herein at .

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and the actual implementation may have another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g., from one website site, computer, server, or data center via a wired (e.g., coaxial cable, optical fiber, digital subscriber line (DS L)) or wireless (e.g., infrared, wireless, microwave, etc.) manner to another website site, computer, server, or data center.

The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

The method of

1. A transaction processing method, comprising:

the terminal generates first signature information of transaction content according to the credential of a first account, wherein the transaction content is initiated by the terminal based on the first account; the credential is generated for the first account number by a transaction processing device that processes the transaction content;

the terminal sends a transaction request message to the transaction processing equipment, wherein the transaction request message comprises the first signature information and the transaction content;

the terminal receives a transaction response message returned by the transaction processing equipment, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;

and the terminal sends a transaction record message to the transaction processing equipment according to the transaction response message, wherein the transaction record message is used for indicating the transaction processing equipment to store the transaction record carried by the transaction record message to a block chain, the block chain is a distributed database for storing the transaction record in the transaction processing equipment, and the transaction record comprises the transaction content, the first signature information and the transaction result information.

2. The method of claim 1, wherein the terminal generates the first signature information of the transaction content according to the credential of the first account, and comprises:

the terminal takes a private key of a first account number, a certificate of the first account number and transaction content as input of a zero-knowledge proof algorithm, and calculates first signature information of the transaction content, wherein the private key comprises a long-term private key or a one-time private key.

3. The method according to claim 2, wherein the transaction response message is returned when the transaction processing device verifies that the first verification result obtained by the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device verifying the transaction record message is passed; wherein the first verification result and the second verification result both include a verification result of the first signature information;

and the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and the verification parameters in the first signature information.

4. The method of claim 3, wherein the transaction content is initiated by the terminal for a second account number based on the first account number, the method further comprising:

the terminal generates a one-time public key of the second account according to the long-term public key of the second account; the terminal generates second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

wherein the certificate is generated from a private key of a certificate issuing device; the transaction request message and the transaction record comprise a one-time public key of the second account and the second signature information, wherein the one-time public key of the second account is an address of the second account;

the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by the transaction processing device through verification calculation according to the one-time public key of the second account number, the public key of the certificate issuing device and verification parameters in the second signature information.

5. The method according to claim 3 or 4, characterized in that the method further comprises: the terminal calculates the ciphertext of the difference between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;

the terminal generates third signature information of the transaction content according to the ciphertext of the difference value;

wherein the transaction request message and the transaction record further include the third signature information; the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, and the verification result of the third signature information is used for indicating whether the total input amount is equal to the total output amount.

6. The method of claim 5,

and the encryption keys of the ciphertext of each input amount and the ciphertext of each output amount are public keys of the third party audit account.

7. The method of claim 5 or 6, further comprising:

the terminal generates an identifier of each input amount according to the one-time private key of the first account; the terminal generates fourth signature information of the transaction content according to the identification of each input amount; the transaction request message and the transaction record further include the fourth signature information and the identifier of each input amount;

the identification of each input amount is used for preventing each input amount from being consumed for the second time;

the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation on the transaction processing device according to the identification of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used for indicating whether the identification of each input amount is correct.

8. The method according to any one of claims 1 to 7, further comprising: the terminal encrypts the one-time public key of the first account according to the public key of the third party audit account to obtain the ciphertext of the one-time public key of the first account;

the terminal generates fifth signature information of the transaction content according to the ciphertext of the one-time public key of the first account;

the transaction request message and the transaction record further include the fifth signature information and a ciphertext of the one-time public key of the first account;

the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used for indicating whether the ciphertext of the one-time public key of the first account number is correct.

9. The method according to any one of claims 1 to 8, further comprising: the terminal encrypts the long-term public key of the second account according to the public key of the third party audit account to obtain the ciphertext of the long-term public key of the second account;

the terminal generates sixth signature information of the transaction content according to the ciphertext of the long-term public key of the second account;

the transaction request message and the transaction record further include the sixth signature information and a ciphertext of the long-term public key of the second account;

the first verification result and the second verification result further include a verification result of the sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether the ciphertext of the long-term public key of the second account number is correct.

10. The method according to any one of claims 4 to 9, further comprising: the terminal sends a credential request message to the transaction processing device, wherein the credential request message comprises the one-time public key of the first account number and/or a cryptograph of a transaction amount of the first account number;

and the terminal receives a credential response message returned by the transaction processing device, wherein the credential response message comprises a credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account.

11. The method of claim 10, wherein the credential request message further includes the one-time public key of the second account number and/or a cryptogram of a transaction amount the second account number has; the credential response message further comprises the credential of the second account; the credential of the second account is generated by the transaction processing device according to the one-time public key of the first account and/or the cryptograph of the transaction amount of the first account; the transaction request message and the transaction record also include credentials of the second account number.

12. A transaction processing method, comprising:

the method comprises the steps that a transaction processing device receives a transaction request message sent by a terminal, wherein the transaction request message comprises transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to the credential of the first account;

the transaction processing equipment returns a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;

the transaction processing equipment receives a transaction record message sent by the terminal according to the transaction response message; the transaction processing device stores the transaction record carried in the transaction record message to a blockchain, the blockchain is a distributed database for storing the transaction record in the transaction processing party, and the transaction record comprises the transaction content, the first signature information and the transaction result information.

13. The method of claim 12,

before the transaction processing device returns a transaction response message to the terminal according to the transaction request message, the method further includes:

the transaction processing equipment verifies the transaction request message to obtain a first verification result;

when the first verification result is passed, the transaction processing equipment operates the transaction content to obtain transaction result information;

the method further comprises the following steps:

the transaction processing equipment verifies the transaction record message to obtain a second verification result;

and when the second verification result is that the transaction record carried by the transaction record message is passed, the transaction processing equipment executes the step of storing the transaction record carried by the transaction record message on a block chain.

14. The method according to claim 13, wherein the first verification result and the second verification result each include a verification result of the first signature information;

the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation by using the public key of the transaction processing equipment and the verification parameter in the first signature information.

15. The method of any of claims 12 to 14, wherein the first account number is transactional content initiated for the second account number,

the transaction request message and the transaction record also comprise second signature information and a one-time public key of a second account number;

the one-time public key of the second account is the address of the second account;

the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by the transaction processing device through verification calculation according to the one-time public key of the second account, the public key of the certificate issuing device and the verification parameters in the second signature information.

16. The method according to any one of claims 12 to 15,

the transaction request message and the transaction record further include third signature information, ciphertexts of each input amount and the ciphertexts of each output amount;

the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, and the verification result of the third signature information is used for indicating whether the total input amount in the transaction record is equal to the total output amount.

17. The method of claim 16,

and the encryption keys of the ciphertext of each input amount and the ciphertext of each output amount are public keys of the third party audit account.

18. The method of claim 16 or 17,

the transaction request message and the transaction record further include the fourth signature information and the identifier of each input amount;

the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation on the transaction processing device according to the identifier of each input amount and a verification parameter in the fourth signature information, and the verification result of the fourth signature information is used for indicating whether the identifier of each input amount is correct or not;

the identification of each input amount is used to prevent secondary spending of each input amount.

19. The method according to any one of claims 12 to 18,

the transaction request message and the transaction record further include the fifth signature information and a ciphertext of the one-time public key of the first account;

the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used for indicating whether a ciphertext of the one-time public key of the first account number is correct or not;

and the encryption key of the ciphertext of the one-time public key of the first account is the public key of the third party audit account. \ break 02019/132767

20. The method according to any one of claims 12 to 19,

the transaction request message and the transaction record further include the sixth signature information and a ciphertext of the long-term public key of the second account;

the first verification result and the second verification result further include a verification result of the sixth signature information, the verification result of the sixth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the sixth signature information, and the verification result of the sixth signature information is used for indicating whether a ciphertext of the long-term public key of the second account number is correct or not;

and the encryption key of the ciphertext of the long-term public key of the second account is the public key of the third party audit account.

21. The method of claim 20, further comprising:

the transaction processing equipment receives a credential request message sent by the terminal, wherein the credential request message comprises the one-time public key of the first account number and/or a cryptograph of a transaction amount of the first account number;

the transaction processing device generates credentials of the first account number according to the credential request message;

and the transaction processing equipment sends a credential response message to the terminal, wherein the credential response message carries the credential of the first account.

22. The method of claim 21, wherein the credential request message further includes the one-time public key of the second account number and/or a cryptogram of a transaction amount the second account number has; the credential response message further comprises the credential of the second account; the transaction request message and the transaction record further include a credential of the second account number, which is generated by the transaction processing device according to the one-time public key of the second account number and/or a cryptograph of a transaction amount of the second account number.

23. The transaction processing equipment is characterized by comprising at least one endorsement module, a consensus module, a submission module and a management module;

the endorsement module is used for receiving a transaction request message sent by a terminal, wherein the transaction request message comprises transaction content and first signature information, the transaction content is initiated by the terminal based on a first account, and the first signature information is generated by the terminal according to the credential of the first account;

the endorsement module is further used for returning a transaction response message to the terminal according to the transaction request message, wherein the transaction response message comprises transaction result information generated by the transaction processing equipment according to the transaction content;

the consensus module is used for receiving transaction record information sent by the terminal according to the at least one transaction response message, sequencing the transaction records carried by the transaction record information and the transaction records received from other terminals according to receiving time, generating a block comprising the transaction records, and submitting the block to the submitting module;

the submitting module is used for receiving the blocks and storing the transaction records on a block chain in the form of the blocks;

the management module is used for generating the credential of the first account according to the private key of the management module, the one-time public key of the first account and/or the ciphertext of the transaction amount.

24. A terminal comprising a processor and a communication interface, wherein the processor is configured to generate first signature information for transaction content from credentials of a first account number, the transaction content being initiated by the terminal based on the first account number, the credentials generated for the first account number by a transaction processing device that processes the transaction content;

the communication interface is used for sending a transaction request message to the transaction processing equipment, wherein the transaction request message comprises the first signature information and the transaction content;

the communication interface is further configured to receive a transaction response message returned by the transaction processing device, where the transaction response message includes transaction result information generated by the transaction processing device according to the transaction content;

the communication interface is further configured to send a transaction record message to the transaction processing device according to the transaction response message, where the transaction record message is used to instruct the transaction processing device to store the transaction record onto a blockchain, and the transaction record includes the transaction content, the first signature information, and the transaction result information.

25. The terminal of claim 24, wherein the processor generates the first signature information of the transaction content according to the credential of the first account number, specifically:

and calculating first signature information of the transaction content by taking a private key of a first account number, a certificate of the first account number and the transaction content as input of a zero-knowledge proof algorithm, wherein the private key comprises a long-term private key or a one-time private key.

26. The terminal of claim 25, wherein the transaction response message is returned when the transaction processing device verifies that a first verification result obtained by the transaction request message is passed; the transaction record is stored when a second verification result obtained by the transaction processing device verifying the transaction record message is passed; wherein the first verification result and the second verification result both include a verification result of the first signature information;

and the verification result of the first signature information is obtained by the transaction processing equipment through verification calculation according to the public key of the transaction processing equipment and the verification parameters in the first signature information.

27. The terminal of claim 26, wherein the transaction content is initiated by the terminal for a second account number based on the first account number,

the processor is further configured to generate a one-time public key of the second account according to the long-term public key of the second account;

the processor is further configured to generate second signature information of the transaction content according to the one-time public key of the second account and the certificate of the second account;

wherein the certificate is generated from a private key of a certificate issuing device; the transaction request message and the transaction record comprise a one-time public key of the second account and the second signature information, wherein the one-time public key of the second account is an address of the second account;

the first verification result and the second verification result further include a verification result of the second signature information, and the verification result of the second signature information is obtained by the transaction processing device through verification according to the one-time public key of the second account, the public key of the certificate issuing device and verification parameters in the second signature information.

28. The terminal according to claim 26 or 27,

the processor is further used for calculating a ciphertext of a difference value between the total input amount and the total output amount according to the ciphertext of each input amount and the ciphertext of each output amount in the transaction content;

the processor is further configured to generate third signature information of the transaction content according to the ciphertext of the difference value; \ break 02019/132767; the first verification result and the second verification result further include a verification result of the third signature information, the verification result of the third signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the third signature information, the ciphertext of each input amount and the ciphertext of each output amount, and the verification result of the third signature information is used for indicating whether the total input amount is equal to the total output amount.

29. The terminal of claim 28,

and the encryption keys of the ciphertext of each input amount and the ciphertext of each output amount are public keys of the third party audit account.

30. The terminal according to claim 28 or 29, characterized in that the method further comprises: the processor is further configured to generate an identifier of each input amount according to the one-time private key of the first account;

the processor is further used for generating fourth signature information of the transaction content according to the identification of each input amount;

the transaction request message and the transaction record further include the fourth signature information and the identifier of each input amount;

the identification of each input amount is used for preventing each input amount from being consumed for the second time;

the first verification result and the second verification result further include a verification result of the fourth signature information, the verification result of the fourth signature information is obtained by performing verification calculation on the transaction processing device according to the identification of each input amount and the verification parameter in the fourth signature information, and the verification result of the fourth signature information is used for indicating whether the identification of each input amount is correct.

31. The terminal according to any of the claims 24 to 30,

the processor is further configured to encrypt the one-time public key of the first account according to the public key of the third party audit account to obtain a ciphertext of the one-time public key of the first account;

the processor is further configured to generate fifth signature information of the transaction content according to a ciphertext of the one-time public key of the first account;

the transaction request message and the transaction record further include the fifth signature information and a ciphertext of the one-time public key of the first account;

the first verification result and the second verification result further include a verification result of the fifth signature information, the verification result of the fifth signature information is obtained by performing verification calculation on the transaction processing device according to a verification parameter in the fifth signature information, and the verification result of the fifth signature information is used for indicating whether the ciphertext of the one-time public key of the first account number is correct.

32. The terminal according to any of the claims 24 to 31,

the processor is further configured to encrypt the long-term public key of the second account according to the public key of the third-party audit account, and obtain a ciphertext of the long-term public key of the second account;

the processor is further configured to generate sixth signature information of the transaction content according to a ciphertext of the long-term public key of the second account;

the transaction request message and the transaction record further include the sixth signature information and a ciphertext of the long-term public key of the second account; \ break 02019/132767.

33. The terminal according to any of the claims 24 to 32,

the communication interface is further configured to send a credential request message to the transaction processing device, where the credential request message includes the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account; the communication interface is further configured to receive a credential response message returned by the transaction processing device, where the credential response message includes a credential of the first account, and the credential of the first account is generated by the transaction processing device according to the one-time public key of the first account and/or a cryptograph of a transaction amount of the first account.

34. The terminal of claim 33, wherein the credential request message further comprises the one-time public key of the second account number and/or a cryptogram of a transaction amount the second account number has; the credential response message further comprises the credential of the second account; the credential of the second account is generated by the transaction processing device according to the one-time public key of the first account and/or the cryptograph of the transaction amount of the first account; the transaction request message and the transaction record also include credentials of the second account number.