CN111800275A - Zero-knowledge protocol parameter initialization method, device and storage medium - Google Patents

Zero-knowledge protocol parameter initialization method, device and storage medium Download PDF

Info

Publication number
CN111800275A
CN111800275A CN202010656234.7A CN202010656234A CN111800275A CN 111800275 A CN111800275 A CN 111800275A CN 202010656234 A CN202010656234 A CN 202010656234A CN 111800275 A CN111800275 A CN 111800275A
Authority
CN
China
Prior art keywords
base point
participating
zero
initialization
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010656234.7A
Other languages
Chinese (zh)
Inventor
陆陈一帆
贾牧
张鹏程
谢丹力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202010656234.7A priority Critical patent/CN111800275A/en
Publication of CN111800275A publication Critical patent/CN111800275A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a block chain technology, and discloses a zero-knowledge protocol parameter initialization method, which comprises the following steps: acquiring information of a third party platform to be selected, setting the number n of third parties participating in parameter initialization and selecting a corresponding number of participating third parties; each participating third party generates a random number a respectivelytSetting initialization parameters of the zero knowledge protocol in a coordinated manner according to a preset base point g and each random number, wherein the initialization parameters comprise initialization parameters of a base point h and a base point i; and uploading the initialization parameters to a public data storage system. The invention also discloses a zero-knowledge protocol parameter initialization device and a computer readable storage medium. By utilizing the invention, the parameter initialization process of the zero-knowledge protocol can be cooperatively completed by a plurality of trusted third parties in a multi-party polling participation mode, the security of the confidential data is ensured, and the third parties are effectively prevented from attacking the confidential data by utilizing the confidential dataThe zero knowledge protocol is described.

Description

Zero-knowledge protocol parameter initialization method, device and storage medium
Technical Field
The present invention relates to the field of block chaining technologies, and in particular, to a zero-knowledge protocol parameter initialization method, an apparatus, and a computer-readable storage medium.
Background
Zero Knowledge Proof (Zero-Knowledge Proof) was proposed by s.gold wasser, s.micali and c.rackoff in the beginning of the 80's 20 th century. It means that the prover can convince the verifier that some assertion is correct without providing the verifier with any useful information. Zero knowledge proof is essentially an agreement involving two or more parties, i.e., a series of steps that are required by two or more parties to complete a task. The prover proves to the verifier and convinces him that he knows or owns a certain message, but the proving process cannot reveal any information about the proven message to the verifier.
The current zero-knowledge algorithm has an obvious weakness that a trusted third party is required to complete parameter initialization. During the initialization process the third party needs to create some secret data. Since these secret data can be used to attack the zero knowledge algorithm, the trusted third party needs to discard these secret data after the initialization is completed. However, the biggest problem with this approach is that it cannot be proven whether the trusted third party really discards or steals the secret data to leave it for future attacks on the zero-knowledge protocol. This problem is common in many well-known zero knowledge algorithms, such as the 3D zero knowledge (3DZKP) and zksnorks algorithms.
Therefore, how to complete the parameter initialization of the zero-knowledge protocol on the premise of ensuring the security of the secret data created by the third party becomes a technical problem to be solved urgently.
Disclosure of Invention
In view of the above, the present invention provides a zero knowledge protocol parameter initialization method, apparatus and computer readable storage medium, which mainly aims to complete the parameter initialization of the zero knowledge protocol on the premise of ensuring the security of the secret data created by the third party.
In order to achieve the above object, the present invention provides a zero-knowledge protocol parameter initialization method, which is applied to a transaction processing system supporting multi-party cross-platform transaction, wherein the transaction processing system comprises a public data storage system and a plurality of third party platforms, and the method comprises:
acquiring information of a third party platform to be selected, setting the number n of third parties participating in parameter initialization and selecting a corresponding number of participating third parties;
each participating third party generates a random number a respectivelytCooperatively setting a base point g sum preset by the initialization parameter of the zero knowledge protocol according to a base point g preset by each random number; and
and after the initialization parameters are obtained through multi-party cooperative setting, uploading the initialization parameters to the public data storage system.
Optionally, the step of generating a random number by each participating third party, and cooperatively setting the initialization parameter of the zero-knowledge protocol according to a preset base point g and each random number includes:
first participating third party t1Generating a first random number a1And according to a preset base point g and the first random number a1Obtaining first stage values h _0 and i _0 of initialization parameters of a base point h and a base point i;
second participating third party t2Generating a second random number a2And according to the first stage values h _0 and i _0 and the second random number a2Obtaining second-stage values h _1 and i _1 of initialization parameters of a base point h and a base point i;
polling the remaining participating third parties in the n selected participating third parties according to the steps, generating a random number by each participating third party in turn, and adjusting the phase value of the initialization parameter set by the last participating third party according to the random number until all the n participating third parties participate to obtain the initialization parameters of the base point h and the base point i which are finally generated.
Optionally, the base point g is a common parameter.
Optionally, the method further includes, after obtaining the initialization parameter:
each of the participating third parties discards the random numbers generated by itself.
Optionally, the first stage value h _0 ═ g ^ a1,i_0=g^a1a1
Optionally, the second stage value h _1 ═ h _0^ a2=g^a1a2,i_1=i_0^a2a2=g^a1a1a2a2
Optionally, each of said participating third party generated random numbers atFor the secret data of the participating third parties, the n participating third parties together provide the complete secret data of the base point h and the base point i, wherein the complete secret data of the base point h
Figure BDA0002576850160000031
Complete secret data of base point i
Figure BDA0002576850160000032
Optionally, the initialization parameter h _ f of the base point h which is finally generated is g ^ mu, and the initialization parameter i _ f of the base point i is g ^ v.
In addition, in order to achieve the above object, the present invention further provides a zero knowledge protocol parameter initialization apparatus, including a memory and a processor, where the memory stores a zero knowledge protocol parameter initialization system operable on the processor, and the zero knowledge protocol parameter initialization system implements the steps of the zero knowledge protocol parameter initialization method when executed by the processor.
Further, to achieve the above object, the present invention also provides a computer readable storage medium storing a zero knowledge protocol parameter initialization system, which is executable by at least one processor to cause the at least one processor to perform the steps of the zero knowledge protocol parameter initialization method as described above.
The zero-knowledge protocol parameter initialization method, the zero-knowledge protocol parameter initialization device and the computer readable storage medium can cooperatively complete the parameter initialization process of the zero-knowledge protocol by a plurality of trusted third parties in a multi-party polling mode. In the process, no participating third party possesses the complete secret data required by parameter initialization, and the complete secret data is formed by splicing a plurality of participating third parties in turn. Each participating third party generates a portion of the secret data and uses the secret data to adjust the initialization parameters, and then discloses the adjusted initialization parameters, without the participating third parties disclosing their own secret data. The invention ensures the safety of the complete confidential data and effectively prevents a third party from attacking the zero knowledge protocol by using the confidential data.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of a zero knowledge protocol parameter initialization method of the present invention;
FIG. 2 is a detailed flowchart of step S2 in FIG. 1;
FIG. 3 is a diagram of a zero knowledge protocol parameter initialization apparatus according to a preferred embodiment of the present invention;
FIG. 4 is a block diagram of a preferred embodiment of the zero knowledge protocol parameter initialization system of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Before explaining the present invention, terms, symbols, and the like used will be explained.
The noun defines:
independent data storage system: the system refers to a third-party platform such as a block chain network, a distributed database, a cloud server, a distributed system and the like.
A public data storage system: the cloud storage can be used as well as the block chain network. The common data storage system is mainly used for storing common parameters (such as base points) and can also store parameters related to a zero knowledge proof protocol and the like. Before the zero-knowledge proof protocol can be used, the radix points g, h, i need to be created and uploaded to the common data storage system by one or more trusted third parties. The base point g is a public parameter, and the base point h and the base point i are set by a trusted third party or are cooperatively set by multiple trusted third parties through a network (such as the internet and a block chain network) and uploaded to the public data storage system.
Symbol definition:
h _ f, i _ f: initializing parameters of a base point h and a base point i;
n is the number of participating third parties;
t, participating in third party labels;
atparticipating in the random numbers (secret data) generated by the third party t;
μ complete secret data for base point h (n participating third parties provide together);
ν complete secret data of the base point i (n participating third parties provide together).
The invention provides a zero-knowledge protocol parameter initialization method which is applied to a transaction processing system supporting multi-party cross-platform transaction. The transaction processing system includes a common data storage system and a plurality of independent data storage systems (third party platforms). Before the transaction processing system can use the zero-knowledge protocol, base points g, h, i need to be created by one or more trusted third parties and uploaded to the common data storage system. The base point g is a preset public parameter, and the base point h and the base point i need to be set by a trusted third party and uploaded to the public data storage system.
In the embodiment of the invention, in order to ensure the security of the secret data created by the third party and prevent the third party from attacking the zero-knowledge protocol by using the secret data, a mode that a plurality of trusted third parties cooperatively set the initialization parameters of the base point h and the base point i is adopted.
Referring to fig. 1, a flow chart of a preferred embodiment of the zero-knowledge protocol parameter initialization method of the present invention is shown. In this embodiment, the execution order of the steps in the flowchart shown in fig. 1 may be changed and some steps may be omitted according to different requirements. The method comprises the following steps:
s1, obtaining the information of the credible third party platform to be selected, setting the number of the third parties participating in parameter initialization and selecting the participating third parties with corresponding number.
Specifically, in order to ensure the security of confidential data created by a third party, in the present embodiment, the operation of parameter initialization is cooperatively performed by a plurality of trusted third parties. First, information of all trusted third party platforms to be selected needs to be acquired from the transaction processing system for subsequent selection to participate in the third party. Then, the number n of third parties participating in parameter initialization is set, and n credible third parties are selected from the acquired third party platform information to cooperatively perform the parameter initialization, namely, n participating third parties are selected.
And S2, each participating third party generates a random number respectively, and sets initialization parameters of the zero knowledge protocol in cooperation with each random number according to a preset base point g, wherein the initialization parameters include initialization parameters of a base point h and an base point i.
In particular, the base points g, h, i need to be created by the third party before the zero knowledge protocol can be used. The base point g is a public parameter, and the base point h and the base point i are cooperatively set by a plurality of platforms of the participating third parties through a network (such as the internet and a block chain network) and uploaded to the public data storage system. The public data storage system can be cloud storage or a block chain network. The common data storage system is mainly used for storing common parameters (the base points), and can also store parameters related to the certification protocol and the like.
At present, a trusted third party generally generates a random number α, and obtains base points h and i by h ^ g ^ α, i ^ h ^ α ^ g ^ α based on a preset base point g. However, this method cannot guarantee whether the trusted third party discards the created secret data (the random number α) after the parameter initialization, so that the zero-knowledge protocol is at risk of being attacked (the trusted third party may choose to retain the random number α for launching a security attack at a later date), and the security is insufficient.
Therefore, in this embodiment, each participating third party t of the n trusted participating third parties generates a random number atAnd according to each of said random numbers atPiecing together the complete secret data (the complete secret data mu of the base point h and the complete secret data v of the base point i) in turn, so that the n participating third parties can use the preset base point g and each random number atInitialization parameters h _ f and i _ f of the base point h and the base point i are cooperatively set and adjusted in a multi-party polling manner. In the process, no participating third party possesses the complete secret data required by parameter initialization, and the complete secret data is formed by splicing a plurality of participating third parties in turn. Each participating third party generates a portion of the complete secret data and uses the portion of the secret data to adjust initialization parameters.
And S3, uploading the initialization parameters to a public data storage system after the initialization parameters are obtained through multi-party cooperative setting.
Specifically, after the n participating third parties cooperatively set and adjust the initialization parameters h _ f and i _ f of the base point h and the base point i, the parameter initialization process of the zero-knowledge protocol is completed, and then the initialization parameters h _ f and i _ f are disclosed (for example, the initialization process is disclosed in cloud storage, if a block chain network is adopted, the whole initialization process can be disclosed and completed on the block chain network), that is, the initialization process is uploaded to the public data storage system. Zero knowledge proof or the like can be subsequently performed based on the initialization parameters (the common parameter of the base point g and the initialization parameters h _ f and i _ f of the base point h and the base point i). In addition, the n participating third parties create their own secret data (the random number a generated in the previous step)t) And (4) discarding.
In this embodiment, all participating third parties need not disclose their own created secret data. Moreover, since each participating third party only knows the part of the secret data created by itself but cannot know the complete secret data, even if a participating third party does not discard the secret data created by itself, it cannot be used to attack the zero-knowledge protocol.
Referring to fig. 2, a detailed flowchart of step S2 is shown.
Preferably, the step S2 specifically includes:
s20, the first participating third party t1Generating a first random number a1And according to a preset base point g and the first random number a1And obtaining first stage values h _0 and i _0 of the initialization parameters of the base point h and the base point i.
Wherein h _0 ═ g ^ a1,i_0=g^a1a1
First participating third party t1The first stage values h _0 and i _0 are disclosed to other third parties.
S22, second party t2Generating a second random number a2And according to the first participating third party t1The first stage values h _0 and i _0 and the second random number a of the set base point h and base point i2To obtain a radicalSecond stage values h _1 and i _1 of the initialization parameters of the point h and the base point i.
Wherein h _1 ═ h _0^ a2=g^a1a2,i_1=i_0^a2a2=g^a1a1a2a2
Second participating third party t2And disclosing the second phase values h _1 and i _1 to other third parties.
And S24, polling the remaining participating third parties in the n participating third parties according to the steps, generating a random number by each participating third party in turn, and adjusting the phase value of the initialization parameter set by the last participating third party according to the random number until all the n participating third parties participate to obtain the initialization parameters of the base point h and the base point i which are finally generated.
In the above process, each participating third party generates a random number atFor the secret data of the participating third parties, all participating third parties (the n participating third parties) together provide the complete secret data of the base point h and the base point i. Wherein the complete secret data of base point h
Figure BDA0002576850160000081
Complete secret data of base point i
Figure BDA0002576850160000082
And finally generating the initialization parameter h _ f of the base point h, and the initialization parameter i _ f of the base point i. And no participating third party t knows the complete secret data, so that the safety of the complete secret data is guaranteed, and the zero-knowledge protocol is prevented from being attacked.
For more detailed explanation of the above steps of the method, specific embodiments are given as examples below, and it should be understood by those skilled in the art that the contents of the following embodiments are not intended to limit the inventive concept of the present invention, and those skilled in the art can easily make appropriate content divergence and extension according to the detailed description of the following embodiments.
In the following specific embodiment, the number of participating third parties, n, is 3.
(1) The first participating third party generates a random number alpha, and obtains phase values h _0 and i _0 of initialization parameters h _ f and i _ f of a base point h and a base point i through h _0^ g ^ alpha and i _0^ g ^ alpha based on a preset base point g and the random number alpha.
(2) And the second party generates a random number B, and based on the phase values h _0 and i _0 of the base point h and the base point i set by the first party and the random number beta, the phase values h _1 and i _1 of the initialization parameters h _ f and i _ f of the base point h and the base point i are obtained through h _1^ h _0^ β ^ g ^ α β and i _1^ i _0^ β ^ g ^ α β β.
(3) And the third party generates a random number gamma, and based on the phase values h _1 and i _1 of the base point h and the base point i set by the first and the second parties and the random number gamma, the initialization parameters h _ f and i _ f of the finally generated base point h and the base point i are obtained through h _ f ^ h _1^ y ^ g ^ α β γ, i _ f ^ i _1^ γ ^ g ^ α β β γ.
The embodiment of the invention can cooperatively complete the parameter initialization process of the zero-knowledge protocol by a plurality of credible participating third parties in a multi-party participating polling mode. In the process, no participating third party possesses the complete secret data required by parameter initialization, and the complete secret data is formed by splicing a plurality of participating third parties in turn. Each participating third party generates a portion of the secret data and uses the secret data to adjust the initialization parameters, and then discloses the adjusted initialization parameters, without the participating third parties disclosing their own secret data. The embodiment of the invention ensures the safety of the complete confidential data and effectively prevents a third party from attacking the zero knowledge protocol by using the confidential data.
The invention also provides a zero-knowledge protocol parameter initialization device. Referring to fig. 3, a schematic diagram of a zero knowledge protocol parameter initialization apparatus according to a preferred embodiment of the invention is shown.
In this embodiment, the zero knowledge protocol parameter initialization apparatus 1 is adapted to the zero knowledge protocol parameter initialization method, and the zero knowledge protocol parameter initialization apparatus 1 includes: memory 11, processor 12, and network interface 13.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the zero knowledge protocol parameter initialization apparatus 1, for example a hard disk of the zero knowledge protocol parameter initialization apparatus 1. The memory 11 may also be an external storage device of the zero knowledge protocol parameter initialization apparatus 1 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are equipped on the zero knowledge protocol parameter initialization apparatus 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the zero knowledge protocol parameter initialization apparatus 1.
The memory 11 may be used not only to store the application software installed in the zero knowledge protocol parameter initialization apparatus 1 and various types of data, for example, the program code of the zero knowledge protocol parameter initialization system 10 corresponding to the zero knowledge protocol parameter initialization method, but also to temporarily store data that has been output or will be output.
Processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, is configured to execute program code or process data stored in memory 11, such as program code of zero-knowledge protocol parameter initialization system 10 corresponding to the zero-knowledge protocol parameter initialization method.
The network interface 13 may optionally comprise a standard wired interface, a wireless interface (e.g. WI-FI interface), typically used for establishing a communication connection between the zero knowledge protocol parameter initialization apparatus 1 and other electronic devices. The components 11-13 of the zero knowledge protocol parameter initialization apparatus 1 communicate with each other via a communication bus.
Fig. 3 only shows the zero knowledge protocol parameter initialization apparatus 1 with the components 11-13, and it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the zero knowledge protocol parameter initialization apparatus 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
Referring to FIG. 4, a block diagram of the preferred embodiment of the zero knowledge protocol parameter initialization system 10 of the present invention is shown.
In this embodiment, the zero knowledge protocol parameter initialization system 10 includes a series of computer program instructions stored on the memory 11, which when executed by the processor 12, may implement the zero knowledge protocol parameter initialization operations of the embodiments of the present invention. In some embodiments, the zero knowledge protocol parameter initialization system 10 may be divided into one or more modules based on the particular operations implemented by the portions of the computer program instructions. For example, in fig. 4, the zero knowledge protocol parameter initialization system 10 may be divided into a selection module 101, a setting module 102, and an disclosure module 103. Wherein:
the selection module 101 is configured to acquire information of a trusted third party platform to be selected, set the number of third parties participating in parameter initialization, and select a corresponding number of third parties participating in parameter initialization.
Specifically, in order to ensure the security of confidential data created by a third party, in the present embodiment, the operation of parameter initialization is cooperatively performed by a plurality of trusted third parties. First, information of all trusted third party platforms to be selected needs to be acquired from the transaction processing system for subsequent selection to participate in the third party. Then, the number n of third parties participating in parameter initialization is set, and n credible third parties are selected from the acquired third party platform information to cooperatively perform the parameter initialization, namely, n participating third parties are selected.
The setting module 102 is configured to enable each participating third party to generate a random number, and cooperatively set initialization parameters of the zero knowledge protocol according to a preset base point g and each random number, where the initialization parameters include initialization parameters of a base point h and a base point i.
In particular, the base points g, h, i need to be created by the third party before the zero knowledge protocol can be used. The base point g is a public parameter, and the base point h and the base point i are cooperatively set by a plurality of platforms of the participating third parties through a network (such as the internet and a block chain network) and uploaded to the public data storage system. The public data storage system can be cloud storage or a block chain network. The common data storage system is mainly used for storing common parameters (the base points), and can also store parameters related to the certification protocol and the like.
At present, a trusted third party generally generates a random number α, and obtains base points h and i by h ^ g ^ α, i ^ h ^ α ^ g ^ α based on a preset base point g. However, this method cannot guarantee whether the trusted third party discards the created secret data (the random number α) after the parameter initialization, so that the zero-knowledge protocol is at risk of being attacked (the trusted third party may choose to retain the random number α for launching a security attack at a later date), and the security is insufficient.
Therefore, in this embodiment, each participating third party t of the n trusted participating third parties generates a random number atAnd according to each of said random numbers atPiecing together the complete secret data (the complete secret data mu of the base point h and the complete secret data v of the base point i) in turn, so that the n participating third parties can use the preset base point g and each random number atInitialization parameters h _ f and i _ f of the base point h and the base point i are cooperatively set and adjusted in a multi-party polling manner. In the process, no participating third party possesses the complete secret data required by parameter initialization, and the complete secret data is formed by splicing a plurality of participating third parties in turn. Each participating third party generates a portion of the complete secret data and uses the portion of the secret data to adjust initialization parameters.
The publishing module 103 is configured to upload the initialization parameter to a public data storage system after the initialization parameter is obtained through multi-party collaborative setting.
In particular toAfter the n participating third parties cooperatively set and adjust the initialization parameters h _ f and i _ f of the base point h and the base point i, the parameter initialization process of the zero-knowledge protocol is completed, and then the initialization parameters h _ f and i _ f are disclosed (for example, the initialization process is disclosed in cloud storage, if a block chain network is adopted, the whole initialization process can be disclosed and completed on the block chain network), that is, the initialization process is uploaded to the public data storage system. Zero knowledge proof or the like can be subsequently performed based on the initialization parameters (the common parameter of the base point g and the initialization parameters h _ f and i _ f of the base point h and the base point i). In addition, the n participating third parties create their own secret data (the random number a generated in the previous step)t) And (4) discarding.
In this embodiment, all participating third parties need not disclose their own created secret data. Moreover, since each participating third party only knows the part of the secret data created by itself but cannot know the complete secret data, even if a participating third party does not discard the secret data created by itself, it cannot be used to attack the zero-knowledge protocol.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a program code of the zero-knowledge protocol parameter initialization system 10 corresponding to the zero-knowledge protocol parameter initialization method, and the program code of the zero-knowledge protocol parameter initialization system 10 corresponding to the zero-knowledge protocol parameter initialization method, when executed by a processor, implements the steps as the zero-knowledge protocol parameter initialization method.
The specific implementation of the computer readable storage medium of the present invention is substantially the same as the above-mentioned zero-knowledge protocol parameter initialization method, and will not be described herein again.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A zero-knowledge protocol parameter initialization method is applied to a transaction processing system supporting multi-party cross-platform transaction, the transaction processing system comprises a public data storage system and a plurality of third-party platforms, and the method comprises the following steps:
acquiring information of a third party platform to be selected, setting the number n of third parties participating in parameter initialization and selecting a corresponding number of participating third parties;
each participating third party generates a random number a respectivelytAnd cooperatively setting the initial of the zero knowledge protocol according to a preset base point g and each random numberThe initialization parameters comprise initialization parameters of a base point h and a base point i; and
and after the initialization parameters are obtained through multi-party cooperative setting, uploading the initialization parameters to the public data storage system.
2. The zero-knowledge protocol parameter initialization method according to claim 1, wherein the step of generating a random number by each of the participating third parties, and cooperatively setting the initialization parameters of the zero-knowledge protocol according to a preset base point g and each of the random numbers comprises:
first participating third party t1Generating a first random number a1And according to a preset base point g and the first random number a1Obtaining first stage values h _0 and i _0 of initialization parameters of a base point h and a base point i;
second participating third party t2Generating a second random number a2And according to the first stage values h _0 and i _0 and the second random number a2Obtaining second-stage values h _1 and i _1 of initialization parameters of a base point h and a base point i;
polling the remaining participating third parties in the n selected participating third parties according to the steps, generating a random number by each participating third party in turn, and adjusting the phase value of the initialization parameter set by the last participating third party according to the random number until all the n participating third parties participate to obtain the initialization parameters of the base point h and the base point i which are finally generated.
3. The zero-knowledge protocol parameter initialization method according to claim 1 or 2, wherein the base point g is a common parameter.
4. The zero-knowledge protocol parameter initialization method according to claim 1 or 2, further comprising, after obtaining the initialization parameters:
each of the participating third parties discards the random numbers generated by itself.
5. The zero-knowledge protocol parameter initialization method of claim 2, wherein the first stage value h _0 ═ g ^ a1,i_0=g^a1a1
6. The zero-knowledge protocol parameter initialization method of claim 5, wherein the second phase value h _1 ═ h _0^ a2=g^a1a2,i_1=i_0^a2a2=g^a1a1a2a2
7. A zero knowledge protocol parameter initialization method according to claim 1 or 2 wherein each of the participating third party generated random numbers atFor the secret data of the participating third parties, the n participating third parties together provide the complete secret data of the base point h and the base point i, wherein the complete secret data of the base point h
Figure FDA0002576850150000021
Complete secret data of base point i
Figure FDA0002576850150000022
8. The zero-knowledge protocol parameter initialization method according to claim 7, wherein the initialization parameter h _ f of the base point h is g ^ mu, and the initialization parameter i _ f of the base point i is g ^ v.
9. A zero knowledge protocol parameter initialization apparatus, the apparatus comprising a memory, a processor, the memory having stored thereon a zero knowledge protocol parameter initialization system operable on the processor, the zero knowledge protocol parameter initialization system when executed by the processor implementing the steps of the zero knowledge protocol parameter initialization method according to any one of claims 1-8.
10. A computer-readable storage medium having stored thereon a zero knowledge protocol parameter initialization system executable by at least one processor to cause the at least one processor to perform the steps of the zero knowledge protocol parameter initialization method of any one of claims 1-8.
CN202010656234.7A 2020-07-09 2020-07-09 Zero-knowledge protocol parameter initialization method, device and storage medium Pending CN111800275A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010656234.7A CN111800275A (en) 2020-07-09 2020-07-09 Zero-knowledge protocol parameter initialization method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010656234.7A CN111800275A (en) 2020-07-09 2020-07-09 Zero-knowledge protocol parameter initialization method, device and storage medium

Publications (1)

Publication Number Publication Date
CN111800275A true CN111800275A (en) 2020-10-20

Family

ID=72809694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010656234.7A Pending CN111800275A (en) 2020-07-09 2020-07-09 Zero-knowledge protocol parameter initialization method, device and storage medium

Country Status (1)

Country Link
CN (1) CN111800275A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008152532A2 (en) * 2007-06-11 2008-12-18 Nxp B.V. Method of generating a public key for an electronic device and electronic device
DE102013203257A1 (en) * 2013-02-27 2014-08-28 Bundesdruckerei Gmbh Reading an attribute from an ID token
WO2019006446A1 (en) * 2017-06-30 2019-01-03 Visa International Service Association Method, system, and computer program product for determining solvency of a digital asset exchange
CN109255247A (en) * 2018-08-14 2019-01-22 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN110457006A (en) * 2019-07-22 2019-11-15 上海朝夕网络技术有限公司 The hardware based distributed multi-party random digit generation method of one kind and system
CN111245626A (en) * 2020-01-19 2020-06-05 平安科技(深圳)有限公司 Zero knowledge proving method, device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008152532A2 (en) * 2007-06-11 2008-12-18 Nxp B.V. Method of generating a public key for an electronic device and electronic device
DE102013203257A1 (en) * 2013-02-27 2014-08-28 Bundesdruckerei Gmbh Reading an attribute from an ID token
WO2019006446A1 (en) * 2017-06-30 2019-01-03 Visa International Service Association Method, system, and computer program product for determining solvency of a digital asset exchange
CN109255247A (en) * 2018-08-14 2019-01-22 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN110457006A (en) * 2019-07-22 2019-11-15 上海朝夕网络技术有限公司 The hardware based distributed multi-party random digit generation method of one kind and system
CN111245626A (en) * 2020-01-19 2020-06-05 平安科技(深圳)有限公司 Zero knowledge proving method, device and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
G.A.S. TORRELLAS: "Bridge certification authorities: connecting B2B public key infrastructure with PAK and zero-knowledge proof", 《IEEE》, 23 September 2003 (2003-09-23) *
李龚亮: "基于零知识证明的区块链隐私保护算法_李龚亮", 《华中科技大学学报》, 21 April 2020 (2020-04-21) *

Similar Documents

Publication Publication Date Title
CN110224837B (en) Zero-knowledge proof method and terminal based on distributed identity
CN110505046B (en) Multi-data provider encrypted data cross-platform zero-knowledge verification method, device and medium
US8646062B2 (en) Remote authentication based on challenge-response using digital certificates
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN111835526B (en) Method and system for generating anonymous credential
CN112801663B (en) Blockchain certification method, device, system, equipment and medium
US20200396063A1 (en) Batch-wise verification of multiparty computations
CN113746638B (en) NFT storage method, NFT restoration method, computer device, and storage medium
CN110430167B (en) Temporary account management method, electronic device, management terminal and storage medium
CN112000744A (en) Signature method and related equipment
CN111245626B (en) Zero knowledge proving method, device and storage medium
CN111800262A (en) Digital asset processing method and device and electronic equipment
CN113704357A (en) Smart city data sharing method and system based on block chain
CN111967060A (en) Data file integrity verification method and device
CN114900316A (en) Block chain-based rapid identity authentication method and system for Internet of things equipment
CN112751878B (en) Page request processing method and device
CN111800275A (en) Zero-knowledge protocol parameter initialization method, device and storage medium
CN111651536A (en) Data processing method and device
WO2021196478A1 (en) Method for comparing equality relationship of encryption data, device, computer apparatus, and storage medium
CN115473632A (en) Improved multi-layer linkable ring signature generation method and device
CN110781503B (en) Data calling method and device and computer readable storage medium
CN115174037A (en) Construction method and device of chameleon hash function based on SM9 signature
CN112385181B (en) Apparatus, method, and program for proving reliability of public key
CN109688158B (en) Financial execution chain authentication method, electronic device and storage medium
US11190343B2 (en) Multivariate quadratic signature scheme based on central map with oil-oil quadratic terms secure against quantum computers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination