Anonymous scheme for blockchain atomic swap based on zero-knowledge proof

最新推荐文章于 2022-11-13 14:43:05 发布
最新推荐文章于 2022-11-13 14:43:05 发布
阅读量1.5k 收藏
点赞数
分类专栏: 小组小组鸭 区块链里的小世界鸭 文章标签: 区块链
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Touale/article/details/113814881
版权

Anonymous scheme for blockchain atomic swap based on zero-knowledge proof

在这里插入图片描述

摘要

区块链的跨链原子交换可以通过使用智能合约来代替可信的第三方,但是原子交换不能保证交易的匿名性和隐私性,因此,这篇论文提出一种基于零知识证明的原子交换。

Hash Lock

在这里插入图片描述
Assuming a real trading scenario, Alice holds 1 BTC and Bob holds 100 ETH.

Alice wants to use her 1 BTC to exchange the 100 ETH in Bob’s account.

Previously they usually chose a large exchange as a third party for trading, and put your own money on the exchange to exchange assets. This method is possible,but there are corresponding risks.

Finally, they decided to use atomic exchange to exchange.Alice first sent her 1BTC to a smart contract. The BTC is saved. When the smart contract receives B’s public key and a random number x, the smart contract will send Alice’s BTC to Bob. At the same time, there is a time limit on the smart contract. If you do not receive the unlocking information within this time, BTC will be returned to Alice. This time limit is called hash time lock.
. . .
看图可以解释整个过程的。

However

Traditional atomic swap technology uses smart contracts on two chains to set up transactions, but the information on the smart contract is open and transparent.

Enter the address of the smart contract in the browser, and you can clearly see all the code information in the smart contract.

Therefore, the traditional atomic exchange is information secure but does not have anonymity.

In the blockchain, the hash value of each transaction is stored in the
form of a Merkel Tree.

set the storage of the hash value to two lists

  • a full hash list

    • contains the hash values of all transactions in the chain

  • an nullifier list

    • contains the hash values of transactions that have already been performed.

the original input-output structure of the transaction --> a Note structure
the hash value of the Note structure --> H

left side --> the hash value of all transactions
right side --> the transaction that has been spent.
在这里插入图片描述

The specific scheme

1.Alice
- finds one or more unspent notes
- Use zeroknowledge proof to prove that you own the asset of ܰNote1

Initial stage

use libsnark to implement zkSNARKs.

generate a common reference string, or a pair of ݁݇ek and vk.

  • When performing trusted settings, select some random numbers to calculate ݁݇ek and vk,݇but these random numbers cannot be known by the prover and verifier.
  • The trusted setting should be done by a trusted third party

ek is used to generate the ܵproof, and vk ݇is used to verify the ܴ proof.

We use the symbol ݉m[1,q][1,n][0,s] to represent the asset of ܰNote1,and the initialization program randomly generates s+1 group elements:

ps:疑问为什么会是m[1,q][1,n][0,s]
: 这里是一个矩阵输入!!!用于表达note数据结构

在这里插入图片描述

The initializer calculates (n, q) validators:
在这里插入图片描述
O[1,q][1,n]

	- a common input
	- shared between the sender and the receiver

Another job of the initialization program is to set zkSNARK with the circuit C ,which calculates the hash value:
在这里插入图片描述
ek ݁݇ is the evaluation key of the sender, and vk ݇is the authentication key of the receiver.

Rܴ first uses the key bound to the key promise to verify that the authenticated encrypted data is correct:

在这里插入图片描述

Then the knowledge of the R verification key proves -
在这里插入图片描述

2.After Alice proves her ownership of the transaction Note1

  • decrypts ܰNote1 with her private key sk
  • obtains the data in ܰNote1
  • creates two new ܰNote2 and Note3

Note2: set to send to the smart contract
Note3: send the balance in Note1 to your account address.

3.Alice:

  • sends the hash value H1 of Note1 to the node network of the blockchain.
  • the node will determine whether the hash value exists in the discard list.
    • exists: double spent
    • Otherwise: recorded in the discard list
  • sends the hash values of Note2 and ܰ Note3 to the node

The transaction sent by Alice to the smart contract is hidden,and the address of the smart contract cannot be found .

ps:因为这里只能追溯到Note1的序号索引以及H值,从而在将资产存储到智能合约的过程中实现匿名。

在这里插入图片描述

Original exchange contract address

在这里插入图片描述

Improved protocol exchange

在这里插入图片描述

Alice’s private key --> sk
Bob owns the public key -->pk

New problem

Bob needs to verify that the private key owned by Alice is the correct private key corresponding to the public key, and that Alice and Bob can exchange the contract address of the assets stored by both parties through the smart contract

solve:
在这里插入图片描述

在这里插入图片描述

Zero-knowledge proof

感觉很清晰的一个例子,,,
在这里插入图片描述
接着只要证明 P1 + P2= Q,重复步骤循环m次,证明Gen知道s值,且奇妙之处在于证明拥有s值但不需要传递s值

总结

本文讲述了一个基于零知识证明的原子交换跨链,相比于原来仅仅基于智能合约的哈希锁定,在隐私性,匿名性起到了很好的保护效果,本文中涉及公式较多,且过程相比最初的哈希锁定还是比较复杂,目前来看,还是存在一知半解,仅以博客,日后回溯能从中get到一些新的idea。

Touale
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
深入理解Linux内核第3版--笔记-2.pdf
u011961033的专栏
10-16 673
Chapter 8. Memory Management       8.1. Page Frame Management          8.1.1. Page Descriptors                  State information of a page frame is kept in a page descriptor of type page         ...
Zero-Knowledge taxation on Ethereum
跨链技术践行者
09-26 482
At QED‐it, we have a mission to provide privacy preserving systems for the enterprise. For the last two years, we’ve worked on many projects, developing complex SNARK circuits and higher level protoco...
记录读的几篇文章
Mr.Yi的博客
10-20 1185
some papers
2022安全与软工顶会中区块链智能合约相关论文
SYSU_Zhiyuan
11-13 4591
主要整理了2022年四大安全顶会和六个软工顶会中,有关区块链智能合约的相关论文。 安全顶会:S&P、USENIX Security、CCS、NDSS 软工顶会:TOSEM、TSE、ISSTA、FSE、ASE、ICSE
AQS与CLH相关论文学习系列(一)- 排队式自旋锁思想启蒙
萧萧的专栏
09-02 1142
参考文章 Building FIFO and priority-queueing spin locks from atomic swap The java.util.concurrent Synchronizer Framework 前言 AbstractQueueSynchronizer 是 jdk1.5 及之后版本中 java.util.concurrent 包里很多同步器的实现基础, 例如locks, barriers 很多类都是基于 AbstractQueueSynchronizer 实现的, 后面
Java 中的本地线程 ThreadLocal<T> 与同步机制的比较和最佳实践
禅与计算机程序设计艺术
03-01 9023
是什么? java.lang.ThreadLocal<T> extends Object ThreadLocal 类提供线程局部变量。 ThreadLocal 解决线程安全持有对象访问的问题 . 通过 ThreadLocal.set() 方法将对象实例保存在每个线程自己所拥有的 ThreadLocalMap中,这样每个线程使用自己的对象实例,彼此不会影响达到隔离的作用,...
Linux源码研究-用户管理员手册-内核命令行参数
金溪的博客
05-04 3604
下面的列表是__setup(), core_param()和module_param()宏实现的内核参数,内核从命令-开始解析参数,如果参数不被识别,也不包含“.”,参数会被用来启动,含“=”的参数会初始化环境,其他的参数会被用作命令行参数初始化。 模块参数可以以两种方式指定,通过内核命令行(使用模块名前缀),或通过modprobe (kernel command line) usbcore...
0-java常见2000英语单词
m0_37987631的博客
10-22 912
单词
2020-09-15 JAVA面试题整理
weixin_44038860的博客
09-15 2712
2020年字节跳动Java面试题附答案解析 前言 个人觉得面试也像是一场全新的征程,失败和胜利都是平常之事。所以,劝各位不要因为面试失败而灰心、 丧失斗志。也不要因为面试通过而沾沾自喜,等待你的将是更美好的未来,继续加油! 本篇分享的面试题内容包括:Java、MyBatis、ZooKeeper、Dubbo、Elasticsearch、Redis、MySQL、Spring、Spring Boot、Spring Cloud、RabbitMQ、Kafka、Linux 等技术栈。 一、Java基础系列面试题 1、面
A Novel Anonymous Secret Sharing Scheme Based on BP Artificial Neural Network
02-09
In an anonymous secret sharing scheme, the secret can be reconstructed without knowledge of which participant hold which share. That is, in such scheme the secret can be recovered from the shares ...
An anonymous data access scheme for VANET using pseudonym-based cryptography
02-09
An anonymous data access scheme for VANET using pseudonym-based cryptography
A Provably secure password-based anonymous authentication scheme for wireless body area networks
02-07
A Provably secure password-based anonymous authentication scheme for wireless body area networks
Anonymous Identity-Based Hash Proof System from Lattices in the Standard Model
02-08
Anonymous Identity-Based Hash Proof System from Lattices in the Standard Model
Quantum election scheme based on anonymous quantum key distribution
02-09
Quantum election scheme based on anonymous quantum key distribution
公证人机制
Touale的博客
01-29 992
公证人机制 引入一方或多方可信实体做信用背书的跨链机制 公证人机制是技术上可实现的,最简单的跨链机制 实现方式 单签名公证人机制,即一个节点做公证人 多签名公证人机制,即多个节点利用多签名机制做公证人组 分布式签名公证人机制,指多个公证人持有一份密钥的碎片,密钥碎片随机发给公证人 瑞典的InterLeger协议中原子模式的实现方式是典型的公证人机制 在InterLeger协议中,包括发送者,连接者,接收者,和公证人等角色。 发送者把资产转给公证人组多签地址进行资产托管 接收者确认收到转账后在收据后签
区块链进程 —— v1.0 Ubuntu BCOS安装 以及 we-base安装
Touale的博客
10-29 663
区块链进程 —— v1.0 Ubuntu BCOS安装 以及 we-base安装 整个安装流程其实很easy,坑很少(最多就是个jdk配置麻烦) 好的,开局三连击 sudo apt install -y openssl curl cd ~ && mkdir -p fisco && cd fisco curl -#LO https://github.com/FISCO-BCOS/FISCO-BCOS/releases/download/v2.6.0/build_chain.sh
区块链进程 —— v1.1 docker 安装 remix
Touale的博客
10-29 596
区块链进程 —— v1.1 docker 安装 remix 看了好多文章关于remix的安装,好多基于npm,但是npm版本兼容性太差了,老发生出错,,,基于踩了好多坑,所以献上最实用的,百分之百搭建成功的技巧 开局受到亿点点伤害 更新源 sudo apt-get update sudo apt update 进行各种包安装 sudo apt install docker.io sudo apt install -yqq curl git python build-essential wget unzi
基于哈希锁定的原子交换
Touale的博客
01-29 439
基于哈希锁定的原子交换 保证不同链间资产交易的安全性和原子性,从而不需要第三方参与 提出 于2013年由TierNolan在比特币论坛上提出。 原子交换哈希锁机制 设A使用链A上的代币a与B交换B上的代币b A产生随机数s,计算哈希值H(s). A使用H(s)和一个时间t1在链A上产生一个合约交易Tx1=T(H(s),t1).Tx1会锁定A链上需要交易的代币a,锁定时间为t1。 A把计算的H(s)发给B,并发送交易Tx1至A链上,证明已经锁定自身的代交易代币a。 B使用H(s)和时间t2,锁定需要交
springsecurity中anonymous_Spring Security---安全管理框架(三)
最新发布
06-11
在Spring Security中,可以通过配置anonymous元素来启用anonymous身份验证。例如: ``` <security:intercept-url pattern="/public/**" access="permitAll"/> <security:intercept-url pattern="/admin/**" ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值