CN-121981721-A - Encryption wallet damaged data recovery system with zero knowledge proof

Abstract

The invention belongs to the technical field of encryption wallet damaged data recovery systems, and particularly relates to an encryption wallet damaged data recovery system with zero knowledge proof, which comprises a distributed key fragment storage module, a zero knowledge proof generation and verification module, a data restoration engine and a privacy protection interaction module, wherein the distributed key fragment storage module is used for splitting a key of a user encryption wallet into a plurality of fragments and storing the fragments in different nodes in a scattered manner, a threshold k is set, key reconstruction can be performed only when at least k key fragments are collected, the zero knowledge proof generation and verification module is used for generating zero knowledge proof by a user to prove ownership of the encryption wallet when the user initiates a data recovery request, verifying the zero knowledge proof by the system, and entering a subsequent recovery flow after verification.

Inventors

• CHEN XIAOGUO

Assignees

• 宁波链盾科技有限公司

Dates

Publication Date

20260505

Application Date

20251215

Claims (10)

1. 1. The encryption wallet damaged data recovery system with zero knowledge proof is characterized by comprising a distributed key fragment storage module, a zero knowledge proof generation and verification module, a data restoration engine and a privacy protection interaction module; The distributed key fragment storage module is used for splitting the key of the user encryption wallet into a plurality of fragments and storing the fragments in different nodes in a scattered manner, setting a threshold value k, and carrying out key reconstruction only when at least k key fragments are collected; The zero knowledge proof generation and verification module is used for generating a zero knowledge proof by a user to prove ownership of the encryption wallet when the user initiates a data recovery request, verifying the zero knowledge proof by a system, and entering a subsequent recovery flow after verification; The data restoration engine comprises a data integrity detection unit and a data reconstruction unit, wherein the data integrity detection unit is used for detecting the damage range and the damage degree of damaged wallet data, and the data reconstruction unit is used for reconstructing and restoring the damaged data by using a reconstruction key after the key reconstruction is completed; the privacy protection interaction module is used for processing interaction data by adopting a privacy protection technology in the whole data interaction process of the user and the system, so that the disclosure of the user privacy information is prevented.
2. 2. The system for recovering damaged data of the encryption wallet with zero knowledge proof as set forth in claim 1, wherein the distributed key fragment storage module employs a threshold cryptographic algorithm to realize the key splitting, the threshold cryptographic algorithm is Shamir threshold secret sharing algorithm, and the value of the total number of fragments n and the threshold k can be adjusted according to the type of the encryption wallet.
3. 3. The system for recovering damaged data from an encrypted wallet with zero knowledge proof of claim 2, wherein the storage nodes of the distributed key fragment storage module comprise a user owned device node, a trusted third party node and a decentralised storage node, and wherein each key fragment is stored in association with unique identification information of the encrypted wallet.
4. 4. The system for recovering damaged data from an encrypted wallet with zero knowledge proof of claim 3, wherein the distributed key fragment storage module further comprises a fragment security mechanism, wherein a fragment validity pre-verification mechanism is added for a hardware wallet scene, a storage node periodically performs survival verification without data interaction with the hardware wallet, a tamper detection watermark is added for a software wallet scene, a hash chain based on a timestamp is embedded in fragment data, the storage node periodically verifies the integrity of the hash chain, if the fragment tamper is detected, the fragment is frozen and the generation of spare fragments is triggered, and a cross-chain consistency verification field is added for a multi-chain wallet scene, so that fragments associated with different public chains can cooperatively participate in the reconstruction of a main private key.
5. 5. The system for recovering damaged data from an encrypted wallet with zero knowledge proof as recited in claim 4, wherein the zero knowledge proof technology adopted by the zero knowledge proof generating and verifying module is zk-SNARKs or zk-STARKs, and the zero knowledge proof generated by the user needs to include at least one core assertion, wherein the core assertion comprises ownership of a key fragment in a certain storage node, binding relation between the user and a unique identifier of the encrypted wallet, and association relation between the user and each public chain light node in a multi-chain wallet scene.
6. 6. The system for recovering the encrypted wallet damaged data of the zero knowledge proof of claim 5, wherein the zero knowledge proof generation and verification module further comprises an anti-attack mechanism, wherein an anti-replay attack mechanism is introduced when the zero knowledge proof is generated, a unique one-time random number is associated for each proof, the proof is immediately invalid after verification is passed, a distributed verification node cluster is ended by system verification, a fragmentation verification and result consensus mode is adopted, an attack behavior recognition engine is additionally arranged, false requests are recognized by analyzing the initiating IP of the recovery request, device fingerprints and interaction frequency, and secondary verification is triggered on the high-risk requests.
7. 7. The system for recovering damaged data from an encrypted wallet with zero knowledge proof as recited in claim 6, wherein the data integrity detection unit of the data recovery engine adopts at least one of the following detection modes: hash checking, namely calculating a hash value of each file in wallet data, and comparing the hash value with a pre-stored correct hash value to locate damaged files/data blocks; Multi-source data cross checking, namely obtaining three types of data, namely local damaged data, historical data snapshot stored in a distributed mode and wallet transaction records on a blockchain, and positioning tampered/lost data blocks through a three-party data consistency comparison algorithm; And extracting residual data, namely extracting the data blocks which are not damaged in the memory chip by special hardware reading equipment aiming at the physical damage scene of the hardware wallet, and constructing a repair path by combining the key fragments.
8. 8. The zero-knowledge proof encryption wallet compromised data recovery system of claim 7, wherein said data reconstruction unit of said data recovery engine implements data recovery using: the hierarchical decryption reconstruction comprises the steps of firstly decrypting wallet core asset metadata by using a reconstruction key, then obtaining a historical transaction record snapshot through a trusted node, and finally completing data reconstruction; Reconstructing a trusted execution environment, namely performing a reconstruction process in a hardware-level isolated TEE, and avoiding the key data from being stolen in the reconstruction process; and (3) cross-chain synchronous reconstruction, namely aiming at a multi-chain wallet scene, deriving sub-private keys of each public chain by using a reconstructed main private key, respectively acquiring latest asset data from corresponding public chain full nodes, and finally realizing multi-chain data synchronous update through a cross-chain data consistency protocol.
9. 9. The system for recovering damaged data of an encrypted wallet with zero knowledge proof as set forth in claim 8, wherein the privacy protection interaction module employs a differential privacy technique to achieve basic privacy protection, the differential privacy technique is a Laplacian mechanism, and Laplacian noise intensity can be dynamically adjusted according to an interaction scene risk level, and a noise generation seed is bound with a user biometric hash value to avoid noise cancellation.
10. 10. The zero-knowledge proof encryption wallet compromised data retrieval system of claim 1, wherein said privacy preserving interaction module further comprises an enhanced privacy preserving mechanism: homomorphic encryption and differential privacy dual protection, namely encrypting interactive data through a Paillier homomorphic encryption algorithm, and adding differential privacy noise; The interactive data desensitization tunnel is that the interactive data of the user and the storage node are transmitted through an encryption tunnel based on WireGuard protocol, the tunnel key is dynamically generated after the zero knowledge proof verification is passed, and the interactive data is destroyed immediately after the recovery flow is finished; and the temporary anonymous identity mechanism is used for distributing a temporary anonymous ID for the user initiating the recovery request, wherein all interaction data are only associated with the anonymous ID, and the anonymous ID is immediately de-registered after the recovery process is finished.

Description

Encryption wallet damaged data recovery system with zero knowledge proof Technical Field The invention belongs to the technical field of encryption wallet damaged data recovery systems, and particularly relates to an encryption wallet damaged data recovery system with zero knowledge proof. Background With the popularization of blockchain technology and the rapid increase of the digital asset scale, the encryption wallet is used as a core carrier for digital asset storage, management and transaction, and the security and the data reliability of the encryption wallet are directly related to the security of user assets. The main current encryption wallets are mainly divided into three types, namely a hardware wallet, a software wallet and a multi-chain wallet, wherein the hardware wallet relies on a physically isolated security chip to store keys, the software wallet depends on terminal equipment to store locally or store clouds, the multi-chain wallet supports unified management of a plurality of public chain assets, the three types of wallets face data damage risks in application scenes, and the traditional data recovery scheme has obvious technical defects. In the field of hardware wallets, due to physical factors such as dropping, water inflow, high temperature and the like in daily use of users, a built-in security chip is extremely easy to damage, so that stored key data cannot be directly read. The hardware wallet partially supporting fragment backup has the advantages that the fragment storage is not bound with the equipment identity, the fragment validity checking mechanism is lacking, the problem that the secret key cannot be normally reconstructed after the fragments are stolen or tampered easily occurs, and privacy information such as the equipment serial number is required to be provided by the user in the recovery process, so that the hidden danger of privacy leakage exists. For the software wallet, the core risks are from malicious attacks and software faults, namely, on one hand, malicious software such as a luxury virus and a Trojan program can tamper with a locally stored private key file, delete a transaction record and even encrypt wallet data so as to luxury ransom, the traditional recovery scheme needs to upload locally damaged data to a third-party server for repairing, and is easy to intercept and steal by an attacker in the data transmission and processing process, on the other hand, the problems of software version update faults, terminal equipment system breakdown and the like can cause the wallet data to be abnormal in synchronization, the existing recovery means depend on backup data of a single node, a multi-source data cross-validation mechanism is lacked, the integrity and the authenticity of the recovered data are difficult to ensure, and in addition, user identity validation only depends on an account number password or a short message validation code in the recovery process, and is easy to be bypassed by the attacker to initiate a false recovery request. Under the multi-chain wallet scene, the data structure is complex and the cross-chain data synchronization depends on the on-chain data analysis capability of the software itself due to the compatibility with protocol standards of multiple public chains such as Ethernet, solana and the like. When software version update faults or on-chain data analysis is abnormal, the problems that the balance of the asset of a certain chain is displayed in error, NFT (network File transfer) holding records are lost, and cross-chain transaction history is incomplete and the like are easy to occur. The current multi-chain wallet recovery scheme mostly adopts a single-chain independent recovery mode, a user is required to initiate a recovery request for each abnormal chain respectively, the operation is complex and the efficiency is low, meanwhile, sensitive information such as wallet addresses, transaction hash and the like of each public chain is required to be transmitted in the cross-chain recovery process, and a differential protection strategy for privacy characteristics of different public chains is lacking, so that interactive data in a transparent account book on the chain is easy to be associated and analyzed, and user asset distribution and transaction habits are revealed. In addition, the existing encryption wallet data recovery technology has a dual short board of privacy protection and security, most recovery schemes require users to provide sensitive data such as private key fragments and identity information to verify ownership, the core requirements of proving ownership and not revealing privacy cannot be achieved, key storage is mainly realized by adopting centralized backup or simple fragmentation storage, the key is easily stolen by single-point attack due to the lack of combined application of distributed storage and threshold cryptography, data interaction in the recovery process does not adopt an effective privacy enhanc