CN-121997367-A - Intelligent contract privacy protection method and device

Abstract

The invention discloses an intelligent contract privacy protection method and device, which are applied to a client, and the method comprises the steps of creating a security isolation environment through trusted hardware when the client is started, registering a blockchain node after remote certification, initiating balance withdrawal transaction request to an intelligent contract, enabling the intelligent contract to execute chain balance destruction on a blockchain account address of the client, returning second certification information to the security isolation environment, updating local available balance and encrypting after the second certification information is verified to pass in the security isolation environment, generating third certification information, receiving transfer transaction request of a user, and sending the transfer transaction request to the intelligent contract, and enabling the intelligent contract to update chain balance ciphertext of a sender and a receiver after the transfer transaction request is verified based on the registration information. The invention has high expandability, privacy and deployment flexibility.

Inventors

• LI RUJIA
• DUAN SISI
• WANG YOUHENG
• FENG KAIKAI
• CHEN QINGJIE
• CHEN XUANHUI
• HE MENGWEI

Assignees

• 清华大学
• 中国人民银行数字货币研究所

Dates

Publication Date

20260508

Application Date

20251230

Claims (13)

1. 1. An intelligent contract privacy protection method, which is applied to a client, comprises the following steps: When the method is started, a security isolation environment is created through trusted hardware, a remote certification process is initiated to a remote certification center, and registration is carried out to a blockchain node according to received first certification information, so that registration information is obtained; Initiating a balance withdrawal transaction request to an intelligent contract deployed on a blockchain node, so that the intelligent contract executes chain balance destruction on a blockchain account address of the client and returns second proving information to a security isolation environment of the client, wherein the second proving information is used for proving that the destruction is completed; after the second proving information passes through verification in the safety isolation environment, updating the local available balance according to the second proving information, encrypting the updated local available balance to obtain a local available balance ciphertext, and generating third proving information, wherein the third proving information is used for proving the updating correctness of the local available balance; Receiving a transfer transaction request of a user, wherein the transfer transaction request comprises a local available balance ciphertext and third proving information; And submitting the transfer transaction request to the intelligent contract, so that after the intelligent contract verifies the transfer transaction request based on the registration information, updating the on-chain balance ciphertext of a sender and a receiver under the ciphertext condition, wherein the sender is the client, and the sender is the client.
2. 2. The method of claim 1, further comprising, after creating the secure isolation environment by trusted hardware: generating a basic key in the security isolation environment, and generating a homomorphic key in the security isolation environment according to the basic key, wherein the basic key comprises a basic public key and a basic private key, and the homomorphic key comprises a homomorphic public key and a homomorphic private key; Initializing a metadata field of an available balance of the client to 0; Creating an empty Merkle tree in a safe isolation environment, and recording a root hash, wherein the Merkle tree is used for recording information of each balance withdrawal transaction.
3. 3. The method of claim 1, wherein registering with the blockchain node based on the received first attestation information to form registration information comprises: And sending a registration request to the blockchain node, wherein the registration request comprises the first certification information and the basic public key, so that the blockchain node realizes consensus after receiving the first certification information and the basic public key, and registers the basic public key to the blockchain and serves as the identity of the blockchain address account of the client.
4. 4. The method of claim 1, wherein the second attestation information includes balance ciphertext, new on-link balance ciphertext, destruction attestation, and on-link balance destruction identification; verifying that the second attestation information passes in a secure isolation environment includes: Decrypting the balance ciphertext on the new chain by using the homomorphic private key in the security isolation environment, and verifying whether a plaintext value corresponding to the balance ciphertext on the new chain is 0; if yes, judging whether the difference value of the balance ciphertext on the chain and the balance ciphertext on the new chain is consistent with the present amount; if yes, determining that the second proving information passes.
5. 5. The method of claim 4, wherein updating the local available balance based on the second attestation information comprises: constructing a leaf node, wherein the content of the leaf node comprises a balance destroying identifier, a withdrawal amount and a use zone bit on a chain, and the use zone bit is set to be unused; Inserting leaf nodes into Merkle trees; Calculating the root hash of the updated Merkle tree; and updating the local available balance according to the cash amount.
6. 6. An intelligent contract privacy protection method, characterized in that the intelligent contract privacy protection method applied to the deployment on a blockchain node comprises the following steps: Receiving a balance withdrawal transaction request initiated by a client, wherein the client creates a security isolation environment through trusted hardware when being started, initiates a remote certification process to a remote authentication center, and registers to a blockchain node according to received first certification information to obtain registration information; Performing chain balance destruction on the blockchain account address of the client, returning second certification information to the security isolation environment of the client so that the client updates the local available balance according to the second certification information after verifying that the second certification information passes in the security isolation environment, encrypting the updated local available balance to obtain a local available balance ciphertext and generating third certification information, wherein the second certification information is used for proving that the destruction is finished, and the third certification information is used for proving the updating correctness of the local available balance; Receiving a transfer transaction request submitted by a client, wherein the transfer transaction request comprises a local available balance ciphertext and third proving information; and verifying the transfer transaction request based on the registration information, and updating the on-chain balance ciphertext of the sender and the receiver under the ciphertext condition after the verification is passed, wherein the sender is the client.
7. 7. The method of claim 6, wherein performing on-chain balance destruction on the blockchain account address of the client comprises: Extracting a balance ciphertext on a chain according to a blockchain account address of a client in a balance withdrawal transaction request, and executing balance destruction on the chain, wherein the balance destruction on the chain is to clear the balance ciphertext on the chain to obtain a new balance ciphertext on the chain; After the validity of balance destruction on the chain is jointly authenticated by the block chain link points according to a preset consensus algorithm, a destruction certificate is generated according to the withdrawal amount, the balance ciphertext on the chain and the balance ciphertext on the new chain in balance destruction on the chain; updating the balance ciphertext on the chain of the blockchain account address into the balance ciphertext on the new chain, and storing a destruction record on the blockchain, wherein the destruction record comprises the blockchain account address, the balance ciphertext on the new chain and the destruction certificate.
8. 8. The method of claim 6, wherein the transfer transaction request further includes a sender homomorphic public key, a receiver homomorphic public key, a sender's pseudonym address, a receiver's pseudonym address, and a random number; after verification of the transfer transaction request is passed based on the registration information, updating the on-chain balance ciphertext of the sender and the receiver under the ciphertext condition, wherein the sender is the client and comprises the following steps: judging whether the third proving information is issued by a registered security isolation environment or not based on the registration information; if yes, determining that the third proving information is generated by a basic private key corresponding to the registered basic public key, and confirming that the transfer transaction request originates from a trusted security isolation environment; checking whether a random number has been used by the client; If not, recording the random number record into the used random number set of the client, and determining that the verification is passed; Based on the available balance ciphertext in the transfer transaction request, the public key of the sending Fang Tongtai, the homomorphic public key of the receiving party, the pseudonym address of the sending party and the pseudonym address of the receiving party, the balance ciphertext on the chains of the sending party and the receiving party is updated under the condition of the ciphertext.
9. 9. An intelligent contract privacy preserving apparatus, characterized in that it is applied to a client, comprising: the initialization module is used for creating a security isolation environment through trusted hardware when the system is started, initiating a remote certification process to a remote authentication center, registering the remote certification process to the blockchain node according to the received first certification information, and obtaining registration information; The balance withdrawal module is used for initiating a balance withdrawal transaction request to an intelligent contract deployed on a blockchain node so that the intelligent contract carries out chain balance destruction on a blockchain account address of the client and returns second proving information to a security isolation environment of the client, wherein the second proving information is used for proving that the destruction is completed; after the second proving information passes through verification in the safety isolation environment, updating the local available balance according to the second proving information, encrypting the updated local available balance to obtain a local available balance ciphertext, and generating third proving information, wherein the third proving information is used for proving the updating correctness of the local available balance; And the transfer module is used for receiving a transfer transaction request of a user, wherein the transfer transaction request comprises a local available balance ciphertext and third proving information, submitting the transfer transaction request to the intelligent contract, so that after the intelligent contract verifies the transfer transaction request based on registration information, the chain balance ciphertext of a sender and a receiver is updated under the condition of the ciphertext, and the sender is the client.
10. 10. An intelligent contract privacy preserving apparatus, for use with intelligent contracts deployed on blockchain nodes, comprising: The system comprises a first receiving module, a second receiving module and a block chain node, wherein the first receiving module is used for receiving a balance withdrawal transaction request initiated by a client, the client creates a safety isolation environment through trusted hardware when being started, initiates a remote proving process to a remote authentication center, and registers to the block chain node according to received first proving information to obtain registration information; The balance destroying module is used for executing chain balance destroying on the blockchain account address of the client and returning second proving information to the safe isolation environment of the client so that the client can update the local available balance according to the second proving information after verifying that the second proving information passes in the safe isolation environment, encrypt the updated local available balance to obtain a local available balance ciphertext and generate third proving information, wherein the second proving information is used for proving that the destroying is finished, and the third proving information is used for proving the updating correctness of the local available balance; the second receiving module is used for receiving a transfer transaction request submitted by the client, wherein the transfer transaction request comprises a local available balance ciphertext and third proving information; And the balance ciphertext updating module is used for verifying the transfer transaction request based on the registration information, and updating the balance ciphertext on the chains of the sender and the receiver under the ciphertext condition after the verification is passed, wherein the sender is the client.
11. 11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 8 when executing the computer program.
12. 12. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 8.
13. 13. A computer program product, characterized in that the computer program product comprises a computer program which, when executed by a processor, implements the method of any one of claims 1 to 8.

Description

Intelligent contract privacy protection method and device Technical Field The invention relates to the technical field of blockchains, in particular to an intelligent contract privacy protection method and device. Background This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section. Blockchains are a decentralized distributed ledger technique that ensures the security and consistency of data records through encryption mechanisms and consensus algorithms. The technology forms a non-tamperable ledger history by encapsulating transaction information into blocks and chaining them in time order. Because each node stores a complete account book copy, all data writing needs to be subjected to whole network consensus, the blockchain has obvious advantages in the aspects of realizing data transparency, tamper resistance, traceability and the like, and is widely applied to multiple fields of intelligent contracts, supply chain management and the like. An intelligent contract is an automated executive deployed on a blockchain network that allows transactions to be performed without the management of a trusted third party. Intelligent contracts, as distributed applications on blockchains, present privacy concerns during execution, i.e., contract code and contract state are transparent to all participants, which can expose sensitive information. As smart contracts are widely used, privacy concerns become an important area of research. Privacy concerns in intelligent contracts generally refer to contract status privacy, anonymity of contract transaction participants, contract instruction privacy, and the like. The transparency of blockchain data and the privacy protection of smart contracts form a natural contradiction. In particular, the execution and results of the smart contract may be observed by all nodes of the blockchain, resulting in any unauthorized user having access to the relevant information. This transparency not only exposes the identity and data in the transaction, but also affects the applicability of its application. The current privacy smart contracts are implemented mainly by four types of technologies, including trusted hardware (including but not limited to trusted execution environment TEE, trusted platform module TPM, secure chip Element), zero Knowledge Proof (ZKP), secure multiparty computing (MPC), and Homomorphic Encryption (HE). The method comprises the steps of providing an isolated execution environment by TEE depending on hardware, having superior performance but having the problems of concentrated trust root, easy attack of a side channel and the like, verifying calculation correctness by ZKP on the premise of not revealing data, having strong privacy but high calculation cost and poor adaptability, dispersing calculation to a plurality of participants by MPC to ensure privacy, having high safety but large communication cost and complex deployment, directly operating ciphertext by HE support, having strong privacy capability but low efficiency and being difficult to support complex contract logic. To overcome the limitations of a single technology path in terms of performance, versatility and security, there is a need for an intelligent contract privacy protection scheme that simultaneously satisfies the above requirements to support anonymous transaction operations in intelligent contracts. Disclosure of Invention The embodiment of the invention provides an intelligent contract privacy protection method which is applied to a client and has high expandability, privacy and deployment flexibility, and comprises the following steps: When the method is started, a security isolation environment is created through trusted hardware, a remote certification process is initiated to a remote certification center, and registration is carried out to a blockchain node according to received first certification information, so that registration information is obtained; Initiating a balance withdrawal transaction request to an intelligent contract deployed on a blockchain node, so that the intelligent contract executes chain balance destruction on a blockchain account address of the client and returns second proving information to a security isolation environment of the client, wherein the second proving information is used for proving that the destruction is completed; after the second proving information passes through verification in the safety isolation environment, updating the local available balance according to the second proving information, encrypting the updated local available balance to obtain a local available balance ciphertext, and generating third proving information, wherein the third proving information is used for proving the updating correctness of the local available balance; Receiving a transfer transaction request of a user, where