Search

US-12626254-B2 - Encrypted transfers in a distributed ledger

US12626254B2US 12626254 B2US12626254 B2US 12626254B2US-12626254-B2

Abstract

Various aspects of the subject technology relate to systems, methods, and machine-readable media for improving the privacy of transfers in a distributed ledger. Various aspects may include encrypting a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user. Aspects may also include transmitting the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount, a zero-knowledge proof, and an encrypted balance of the first user. Aspects may also include verifying a correctness of the zero-knowledge proof. Aspects may also include, based on the correctness, executing the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount.

Inventors

  • Furkan Boyraz
  • Emre Kaan Satiş
  • Mehmet Berat Öztürk

Assignees

  • Ava Labs, Inc.

Dates

Publication Date
20260512
Application Date
20241203

Claims (17)

  1. 1 . A computer-implemented method for implementing secure transfers, the method comprising: encrypting a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user; transmitting the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount of the transaction, a zero-knowledge proof, and an encrypted account balance of the first user corresponding to an account balance when the zero-knowledge proof was generated; verifying a correctness of the zero-knowledge proof, the verifying including at least in part: determining whether a hash corresponding to the encrypted account balance is included in an account balance list maintaining a record of a user's previous account balances; and based on the correctness, executing the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount and a latest balance on the account balance list of the first user after verifying the existence of the hash of the encrypted balance within the account balance list of the first user, wherein encrypting the transaction further comprises: deconstructing, based on a predetermined prime number, an amount to be transferred in the transaction into a set of congruences; mapping congruences in the set of congruences to a point on an elliptical curve to generate elliptical curve representations; encrypting the elliptical curve representations to generate a first ciphertext based on the first public key and a second ciphertext based on the second public key; and generating the encrypted amount based on an aggregation of the first ciphertext and the second ciphertext associated with the encrypted elliptical curve representations for each of the congruences in the set of congruences.
  2. 2 . The computer-implemented method of claim 1 , further comprising: generating the zero-knowledge proof indicating that a current account balance corresponding to the first user is greater than an amount being transferred in the encrypted transaction.
  3. 3 . The computer-implemented method of claim 1 , wherein verifying the correctness of the zero-knowledge proof further comprises: verifying that (i) the encrypted balance is greater than the encrypted amount and (ii) the first public key is used to encrypt the transaction.
  4. 4 . The computer-implemented method of claim 1 , further comprising: registering an account with a smart contract on the blockchain, the registering including: generating a public key by mapping the private key to an elliptical curve; verifying ownership of the private key using a second zero-knowledge proof; based on results of the verifying indicating correct ownership, storing the public key in state of the smart contract; and linking the account with an address on the blockchain; and generating an initial encrypted balance for the account.
  5. 5 . The computer-implemented method of claim 1 , further comprising: generating a transaction summary; and encrypting, via symmetric encryption, the transaction summary using a shared secret key generated based on an auditor public key, wherein the encrypted transaction summary is included in the transaction, and an auditor private key corresponding to the auditor public key can decrypt the encrypted transaction summary.
  6. 6 . The computer-implemented method of claim 1 , further comprising: generating, in a smart contract on the blockchain, the account balance list for storing hashes corresponding to previous encrypted account balances.
  7. 7 . The computer-implemented method of claim 6 , further comprising: determining whether a first hash corresponding to the encrypted balance is included in the list; based on the first hash being included in the list, resetting the list and adding a second hash corresponding to a second encrypted balance, the second encrypted balance corresponding to an aggregate of the encrypted balance and the encrypted amount; and based on the first hash not being included in the list, adding the first hash to the list.
  8. 8 . The computer-implemented method of claim 6 , further comprising: determining whether the transaction increases or decreases the encrypted balance; based on the transaction decreasing the encrypted balance, resetting the list and adding a hash corresponding to a second encrypted balance to the list, the second encrypted balance corresponding to an aggregate of the encrypted balance and the encrypted a mount; and based on the transaction increasing the encrypted balance, adding the hash to the list.
  9. 9 . The computer-implemented method of claim 1 , wherein executing the transaction further comprises: homomorphically subtracting a first encrypted amount from the latest balance in the account balance list encrypted balance of the first user, wherein the account balance list is then cleared and a new hash of a new latest balance is added to the account balance list; homomorphically adding a second encrypted amount to a latest balance in an account balance list an encrypted balance of the second user, wherein a hash of a most recent balance of the second user is added to the account balance list of the second user; and updating a state of the smart contract via a consensus mechanism in accordance with updated encrypted balances the new latest balance of the first user and the most recent balance of the second user.
  10. 10 . The computer-implemented method of claim 1 , wherein the second user decrypts an updated encrypted balance corresponding to the second user using the second private key.
  11. 11 . The computer-implemented method of claim 1 , wherein the second user retrieves a latest encrypted balance stored on the smart contract based on the updated encrypted balances.
  12. 12 . A system for implementing secure transfers, comprising: one or more processors; and a memory comprising instructions stored thereon, which when executed by the one or more processors, causes the one or more processors to: encrypt a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user; transmit the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount of the transaction, a zero-knowledge proof, and an encrypted account balance of the first user corresponding to an account balance when the zero-knowledge proof was generated; verify a correctness of the zero-knowledge proof, the verifying including at least in part: determining whether a hash corresponding to the encrypted account balance is included in an account balance list maintaining a record of a user's previous account balances; and based on the correctness, execute the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount and a latest balance on the account balance list of the first user after verifying the existence of the hash of the encrypted balance within the account balance list of the first user, wherein the instructions, when executed by at least one of the one or more processors, further causes the system to: deconstruct, based on a predetermined prime number, an amount to be transferred in the transaction into a set of congruences; map congruences in the set of congruences to a point on an elliptical curve to generate elliptical curve representations; encrypt the elliptical curve representations to generate a first ciphertext based on the first public key and a second ciphertext based on the second public key; and generate the encrypted amount based on an aggregation of the first ciphertext and the second ciphertext associated with the encrypted elliptical curve representations for each of the congruences in the set of congruences.
  13. 13 . The system of claim 12 , wherein the instructions, when executed by at least one of the one or more processors, further causes the system to: generate the zero-knowledge proof indicating that a current account balance corresponding to the first user is greater than an amount being transferred in the encrypted transaction, wherein verifying the correctness of the zero-knowledge proof includes verifying that (i) the encrypted balance is greater than the encrypted amount and (ii) the first public key is used to encrypt the transaction.
  14. 14 . The system of claim 12 , wherein the instructions, when executed by at least one of the one or more processors, further causes the system to: generate a transaction summary; and encrypt, via symmetric encryption, the transaction summary using a shared secret key generated based on an auditor public key, wherein the encrypted transaction summary is included in the transaction, and an auditor private key corresponding to the auditor public key can decrypt the encrypted transaction summary.
  15. 15 . The system of claim 12 , wherein the instructions, when executed by at least one of the one or more processors, further causes the system to: generate, in a smart contract on the blockchain, the account balance list for storing hashes corresponding to previous account encrypted balances; determine whether a first hash corresponding to the encrypted balance is included in the list; based on the first hash being included in the list, reset the list and add a second hash corresponding to a second encrypted balance, the second encrypted balance corresponding to an aggregate of the encrypted balance and the encrypted amount; and based on the first hash not being included in the list, add the first hash to the list.
  16. 16 . The system of claim 12 , wherein the instructions, when executed by at least one of the one or more processors, further causes the system to: homomorphically subtract a first encrypted amount from the latest balance in the account balance list encrypted balance of the first user, wherein the account balance list is then cleared and a new hash of a new latest balance is added to the account balance list; homomorphically add a second encrypted amount to a latest balance in an account balance list an encrypted balance of the second user, wherein a hash of a most recent balance of the second user is added to the account balance list of the second user; and update a state of the smart contract via a consensus mechanism in accordance with updated encrypted balances the new latest balance of the first user and the most recent balance of the second user.
  17. 17 . A non-transitory computer-readable medium storing a program for implementing secure transfers, which when executed by a computer, configures the computer to: encrypt a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user; transmit the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount of the transaction, a zero-knowledge proof, and an encrypted account balance of the first user corresponding to an account balance when the zero-knowledge proof was generated; verify a correctness of the zero-knowledge proof, the verifying including at least in part: determining whether a hash corresponding to the encrypted account balance is included in an account balance list maintaining a record of a user's previous account balances; and based on the correctness, executing the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount and a latest balance on the account balance list of the first user after verifying the existence of the hash of the encrypted balance within the account balance list of the first user, wherein the program, when executed by a computer, further configures the computer to: deconstruct, based on a predetermined prime number, an amount to be transferred in the transaction into a set of congruences; map congruences in the set of congruences to a point on an elliptical curve to generate elliptical curve representations; encrypt the elliptical curve representations to generate a first ciphertext based on the first public key and a second ciphertext based on the second public key; generate the encrypted amount based on an aggregation of the first ciphertext and the second ciphertext associated with the encrypted elliptical curve representations for each of the congruences in the set of congruences; and generate the zero-knowledge proof indicating that a current account balance corresponding to the first user is greater than an amount being transferred in the encrypted transaction.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present disclosure is related and claims priority under 35 U.S.C. § 119(e), to U.S. Provisional Patent Application No. 63/606,301, entitled METHOD, SYSTEMS, AND PROTOCOLS FOR ENCRYPTED STORAGE AND TRANSFERS OF USER BALANCES AND AUDITABLE PRIVATE ASSET TRANSFER FRAMEWORK IN A DISTRIBUTED LEDGER, to Furkan Boyraz et al., filed on Dec. 5, 2023, the contents of which are hereby incorporated by reference in their entirety, for all purposes. TECHNICAL FIELD The present disclosure generally relates to a confidentiality-preserving token (CPT) protocol which provides confidentiality for transactions in a distributed ledger and confidential transfers of balances between users. The CPT protocol leverages zero-knowledge proofs and additively homomorphic encryption to enable confidential transfers of balances between users and keep account states hidden from third parties. The CPT protocol further provides auditability for transactions to auditors while protecting the information from non-auditors. BACKGROUND Blockchain technology has surged in popularity for creating distributed applications that foster trustlessness and transparency. This decentralized approach ensures that no single entity has control, thereby enhancing security and reliability. However, integrating substantial privacy measures into these platforms remains a complex challenge. Despite numerous propositions aimed at providing privacy within blockchain ecosystems in recent years, widespread adoption has been hindered due to limitations in versatility, user experience complications, or impractical implementation. With the widespread adoption of blockchains, various decentralized applications (dApps) and digital assets used in dApps are becoming increasingly popular. These applications leverage the inherent benefits of blockchain technology, such as immutability and transparency, to offer innovative services and solutions. However, unlike traditional banking systems, the blockchain creates privacy concerns about digital assets since all transaction information is shared across the network to ensure strong data integrity. This transparency, while beneficial for security, poses privacy risks for users and their transactions. Addressing these privacy concerns is crucial for the continued growth and acceptance of blockchain technology in various sectors. Therefore, there is a pressing need for solutions that can provide robust privacy measures without compromising the core principles of blockchain technology. BRIEF SUMMARY The subject disclosure provides for systems and methods for enhancing security and privacy of transactions through a confidentiality-preserving token (CPT) protocol that leverages zk-proofs and ECEG encryption to provide on-chain confidentiality for transactions. According to embodiments, a computer-implemented method for implementing secure transfers in a distributed ledger is provided. The method includes encrypting a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user. The method also includes transmitting the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount, a zero-knowledge proof, and an encrypted balance of the first user. The method also includes verifying a correctness of the zero-knowledge proof. The method also includes, based on the correctness, executing the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount. According to embodiments, a system is provided including a processor and a memory comprising instructions stored thereon, which when executed by the processor, cause the processor to perform operations to improve security of transfers in a distributed ledger. The operations include encrypting a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user. The operations also include transmitting the encrypted transaction to a blockchain, the encrypted transaction including at least an encrypted amount, a zero-knowledge proof, and an encrypted balance of the first user. The operations also include verifying a correctness of the zero-knowledge proof. The operations also include, based on the correctness, executing the transaction through a smart contract of the blockchain and homomorphically updating encrypted balances of the first user and the second user in accordance with the encrypted amount. According to embodiments, a non-transitory computer-readable medium storing a program for implementing secure transfers in a distributed ledger is provided. The program, which when executed by a computer, configures the computer to encrypt a transaction using a first public key corresponding to a first user and a second public key corresponding to a second user. The program, when