Abstract: As an emerging distributed ledger technology, blockchain stores transaction records and private data between users. It has the characteristics of openness and transparency, transaction records cannot be changed, and sources can be traced. Industries such as the Internet of Things, finance, and medical care have integrated blockchain technology to solve industry pain points. Therefore, blockchain is developing very rapidly, and the scale of the industry is getting larger and larger. However, the data on the blockchain is public to all network nodes, and the data update operation is also transparent, which will leave room for hackers to attack and lead to the leakage of user information. The anonymity and privacy of the blockchain itself can no longer meet users' needs for privacy protection, which seriously affects the application and promotion of the blockchain. New solutions to protect data privacy and user privacy are urgently needed. In view of the security and privacy issues existing in the blockchain, this article studies key technologies such as identity privacy and data privacy protection.
Keywords: Blockchain technology, privacy protection, data encryption
1. Introduction
In modern society, private information is important privacy for a person and important intelligence for the country. With the development of computers over the years, computers have become an indispensable tool for us. However, our information is constantly being stolen and leaked, and we pay more and more attention to network security. Blockchain technology is a distributed Internet database technology. Its decentralization, trustlessness, openness and transparency and other characteristics enable unknown nodes to establish point-to-point connections without relying on third-party trusted institutions. The main advantage of trusted value delivery is that it can significantly reduce trust costs and improve interaction efficiency. There is no central server in the blockchain network. Each participating node in the system holds a complete copy of the data. They jointly maintain the integrity of the data and can effectively avoid the risk of single-point collapse of the centralized server and data leakage.
The blockchain system does not have a centralized organization to process and maintain data. In order for each node to quickly reach a consensus, all transactions in the system are open and transparent, which brings about the problem of data privacy leakage. Although the user's address in the blockchain is anonymous, some organizations or individuals track the user's transaction data through the address, analyze the transaction patterns, obtain the correlation between the user's transaction addresses, and infer the user's true identity information based on information from outside the network. In the financial field and supply chain, the open and transparent nature of blockchain allows users to obtain all transaction information and material supply information, including amounts, contract contents, etc. Data is the key to profitability for financial institutions, and it is also the object of confidentiality in supply chain services. Competing companies or individuals gain profits by analyzing transaction data, directly harming the company's interests. In the field of the Internet of Things, point-to-point transactions can be realized between devices. In this case, the blockchain system will leak sensitive information such as energy transmission, thus posing a threat to personal safety and national security. Therefore, while using blockchain technology, it is necessary to solve the privacy leakage problem of blockchain and ensure the security of user information.
2. High risk of privacy leakage
in blockchain Privacy protection issues in blockchain, such as anonymous transactions in cryptocurrency, privacy of smart contracts, and blockchain privacy protection infrastructure, are long-term research hotspots. Classified by privacy protection technology, zero-knowledge proof, secure multi-party computation, homomorphic encryption, ring signature, proxy re-encryption, etc. all rely on cryptography technology to protect data privacy. Among them, zero-knowledge proof, as a privacy protection technology that can achieve the strongest anonymity, has been the focus of research and exploration by various blockchain projects. From an application perspective, major application scenarios of blockchain technology, such as cryptocurrency, electronic certificates, identity recognition, financial data settlement, etc., have increasingly higher requirements for privacy protection. Among them, cryptocurrency is by far the most successful application of blockchain technology, giving birth to excellent privacy currencies such as Monero, ZCash, and Dash. Zero-knowledge proof, as a privacy protection technology that can achieve the strongest anonymity, has been the focus of research and exploration by these cryptocurrency projects. Zero-knowledge proof was proposed by S.Goldwasser, S.Micali and C.Rackoff in the early 1980s. It is a prover that can convince the verifier that a certain assertion is correct, and at the same time, the proof process does not reveal any useful information. Zero-knowledge proof is an interactive proof system. In addition to the traditional completeness and reliability that must be met, its unique zero-knowledge guarantees that the verifier cannot obtain the secrets owned by the prover or anything that helps to obtain the Additional information about the secret. For a long time, zero-knowledge proof, as a strongly secure privacy protection technology, has achieved great theoretical research and development. However, its performance parameters include the need for a very large number of interactive proof rounds, the data length of the proof, generation time and verification. Time is often the bottleneck restricting the practical application of this technology.
3. Blockchain privacy and security
Many times people talk about building applications on the blockchain, such as medical and financial services, which involve a lot of highly private information. Many people have misunderstandings about privacy and security. People say that blockchain is very secure, and they think that blockchain can also protect privacy, but in fact the two are completely separate. The security of the blockchain means that the blockchain is a distributed system, so in the case where each node may be malicious and it may not do things according to the rules, the architecture of the blockchain can make this distribution In this system, although a certain node is untrustworthy, the entire system can guarantee its certain rules. So in this case it's about its safety. But this kind of security has nothing to do with privacy protection. Most data and smart contracts on the current blockchain are public, without any privacy protection. Therefore, most blockchains may attach great importance to security, but in fact there is no privacy protection.
Privacy protection is a very complex issue that involves us doing calculations on very sensitive data. For example, the current blockchain does not have any privacy protection. When a node performs calculations, because the data is public, it will be leaked during the calculation process. There are some conflicts within the blockchain itself. On the one hand, it is decentralized and does have some inefficiencies from a theoretical perspective, so it has some disadvantages for blockchain applications; but at the same time, because it is Decentralized. Compared with centralization, the decentralized trust model has great advantages.
4. Blockchain privacy protection technology
In fact, long before Bitcoin, there was an ancient transaction form that could achieve very good privacy protection: both parties to the transaction would hide money in their sleeves to complete the transaction, so that even if other people witnessed the transaction It is impossible to know the transaction amount and other private information. But it is not easy to directly copy this idea into the blockchain. Because in a public ledger, the legitimacy of each transaction needs to be verified by others to ensure that the initiator of the transaction indeed authorized the transaction and that the transaction did not cause hyperinflation. How can we "hide the specific information of a transaction up our sleeves" while allowing others to verify the legitimacy of the transaction?
4.1 Anonymous Payments
The biggest challenge when improving privacy and the fungibility of encrypted digital currencies is the inability to encrypt the entire blockchain. In the encrypted digital currency system based on Bitcoin, you can see which outputs have not been sent and which ones have been sent. It is usually called UTXO (Unspent Transaction Output), which stands for Unspent Transaction Output. This allows each user to act as a guarantor of honest transactions in the public ledger. The Bitcoin protocol is designed without relying on the participation of a third party. Even without the participation of a third party, user information can be read at any time through the public blockchain to achieve auditing, which is crucial. . EIDchain's goal is to increase confidentiality and fungibility without losing these elements, which we firmly believe are key to the successful creation of digital currencies. We have also made a series of improvements such as decentralization, strong anonymity using links, same denomination and passive advanced coin mixing technology. We can make digital currencies themselves fully fungible. Fungibility is a property of money, and all units that determine digital currency must remain equal. When you receive funds in the form of currency, the funds should not retain records of previous users' use, or users should be able to easily erase previous use history, so that all digital currencies are equal. At the same time, any user can guarantee that every transaction in the public ledger is authentic without affecting the privacy of others. In order to improve fungibility and maintain the integrity of the public blockchain, we propose to use advanced trustless decentralized currency mixing technology. In order to maintain the fungibility of currency, this service is directly integrated into this digital currency system. , easy and safe to use for every user.
4.2 Transaction amount hiding mechanism
Blockchain is a data block chain structure arranged in chronological order. It is essentially a tamper-proof distributed database that uses cryptography to achieve security in all aspects in a decentralized manner. Blockchain has the characteristics of decentralization, tamper-proof, anonymity, public verifiability, traceability, and open source code. Currently, in most blockchain platforms, any node can access all data on the blockchain, so the issue of blockchain privacy security is particularly prominent and has become an important research topic in the field of blockchain. Current blockchain privacy technology mainly focuses on research on blockchain-based verifiable calculations, blockchain data privacy, blockchain transaction address hiding, and blockchain transaction amount hiding. First of all, since blockchain, secure multi-party computation and verifiable homomorphic secret sharing all aim to solve the problem of how untrusted groups work together, the combination of blockchain, secure multi-party computation and verifiable homomorphic secret sharing has inherent Advantage. Most existing homomorphic secret sharing and secure multi-party computation suffer from the problems of large number of communication rounds and large communication volume. However, in the blockchain environment, multiple rounds of communication and a large amount of communication data will inevitably lead to a reduction in the operating efficiency of the algorithm itself and the blockchain platform. In addition, since the nodes in the blockchain are untrustworthy, a large amount of communication data will bring a heavy verification burden to the nodes. Therefore, studying homomorphic verifiable secret sharing and secure multi-party computation of low-round communication is of great significance to verifiable computation based on blockchain. Secondly, there are common problems in existing blockchain-based applications such as data privacy leakage and difficulty in supporting homomorphic computing. Therefore, studying a decentralized outsourcing computing mechanism that is safe, efficient and supports homomorphic computing can effectively solve the problems of difficulty in supporting homomorphic computing and privacy leakage in blockchain application systems. Finally, according to the accounting method, the blockchain can be divided into UTXO-based blockchain and account-based blockchain. Since miners in the account-based blockchain need to update dynamically changing balances in real time, the transaction amount hiding mechanism of the blockchain is somewhat difficult. Therefore, the current blockchain platforms that provide amount hiding functions are all UTXO-based blockchains, while account-based blockchain platforms record all transactions in clear text. Therefore, studying the blockchain transaction amount hiding mechanism can make up for the lack of transaction amount hiding mechanism in the existing blockchain technology center.
4.3 Confidential Transaction Protocol
Before introducing confidential transactions, we first understand the transaction model of Bitcoin's UTXO (unspent transaction output).
UTXO is a very abstract concept. It can be simply understood as a large envelope containing an indefinite amount of legal currency, but can only be used once. In this big envelope, it might have a penny inside, but it might also have ten thousand dollars inside. In any case, the system sets the conditions for use of this envelope so that once it is opened, it cannot be used again. In a transfer transaction, after the miner fee and transaction amount have been paid, there will generally be change, so each transaction will generate two new transaction output UTXOs: 1) the transaction amount of the recipient; 2 ) Change from the transfer party.
Below we use examples to illustrate this transaction process.
If Alice needs to transfer 1 USD to Bob, the traditional transaction process will make the following records: Alice: -1 USD, Bob: +1 USD. But it is different in Bitcoin. BTC transactions are composed of a set of inputs and a set of output structures constructed by the sender. So, Bitcoin works like this: Alice wants to send 1 BTC to Bob. Instead of simply deducting a BTC from Alice's wallet, the network first finds the amount in your wallet that can be used to pay for the transaction and The miner packs a set of input UTXOs required for a fee (assuming 0.1 BTC), and then generates a new set of transaction output UTXOs (Alice's change and Bob's received transaction amount). Now, if you have found the following three UTXOs > 1.1 BTC:
UTXO 1: 0.1 BTC
UTXO 2: 0.25 BTC
UTXO 3: 0.8 BTC,
a total of 1.15 BTC
. With these three UTXOs forming three inputs, two more are generated. Transaction output:
1) Bob receives: 1 BTC
2) Alice’s change: 0.05 BTC
Finally, the miner’s handling fee: 0.1 BTC
After the transaction is completed, Alice’s three UTXOs will be spent, which means these three envelopes It will no longer be able to be used, and then two new UTXOs will be generated, namely two unopened large envelopes:
1) Bob's large envelope: income of 1 BTC;
2) Alice's large envelope: change of 0.05 BTC.
In the Bitcoin network, to complete a transaction, you need to use the private key signature algorithm to unlock all inputs and create a public key output script. Among them, ECDSA signatures cannot be multi-signed, and each input and output operation will be accompanied by a corresponding The cost, and the Schnorr signature we will talk about later solves this problem. Whether it is a smaller byte space occupied by the block, speed optimization, and more considerable advantages of multiple aggregate signatures, ECDSA incomparable.
Confidential Transaction (also known as CT), the core idea of Confidential Transaction is to hide the transaction amount with Pedersen Commitments. While ensuring privacy, it must also be verifiable. And in order to pursue performance and efficiency, multi-signature and more scalability in the future, we adopt Schnorr signature signature technology to complete transactions. The core of confidential transactions is the public and private key principle of ECC, which has the characteristics of additive homomorphic encryption and is completed together with the Schnorr multi-signature algorithm.
Here, the Pedersen commitment represents the transaction amount of all inputs and outputs v to one of its public keys. Where did this public key come from?
First, in order to convert the amount v (we call this v the private key) into a public key, it needs to be multiplied by a generator point (public key generator) on an ECC elliptic curve group to complete the conversion. Here we provide There are several corresponding public key generators:
1) First, the generator point H of the amount v.
2) In order to prevent brute force cracking, we added a random number r, so there is a random number public key generator point G.
Therefore, A complete commitment formula is: r * G + v * H.
Because of the appearance of r, both the transferor and the receiver have different r_s and r_r, which will lead to the result being necessarily not equal to 0, which is inconsistent with the result of the zero-knowledge proof algorithm. In order to ensure balance on both sides of the equation, we added an excess value (remainder), which can be regarded as the private key of the entire transaction:
excess_value * G = kernel_excess, which is the public key of the entire transaction. Any transaction must satisfy the condition: sum(outputs) – sum(inputs) = kernel_excess.
In order to further increase the concealment and thus improve the entire confidential transaction, we also added an offset value to the equation. Its main function is to find the input and output of the corresponding transaction from the input and output of the entire block through kernel_excess. In order to eliminate this correlation, we add an offset to each transaction, so that the formula becomes as follows:
offset * G = kernel_offset,
kernel_excess + kernel_offset = sum(inputs_commitments) - sum(outputs_commitments)
When packaging a block, the kernel_offsets of all transactions in the entire block are added up to form a total kernel_offsets. This total kernel_offsets can verify the legitimacy of the transactions in the block, and can also hide the kernel_offset of individual transactions and eliminate correlation. This is What CoinJoin does.
Okay, the transaction is basically completed. In the last step, in order to avoid the transaction amount being negative and not fabricating it out of thin air, we have added a range proof to each output (new UTXO) - Bulletproofs to prove the amount. The integer range is 0-264-1. Because each output must be accompanied by a bulletproof protocol, which is quite valuable for the data on the block, and also because we have optimized the algorithm of the bulletproof protocol and made a quantitative byte optimization. When there is only one bulletproof protocol, it takes up 674 bytes of the block, but for each additional bulletproof protocol, the number of bytes only increases by 64 bytes! Therefore, under normal circumstances, a general transaction only has two outputs (change and transaction amount), so the number of bytes is only 738. In addition, the input occupies a fairly small space, there is no transaction address and script, plus A very small kernel is used to store handling fees and for scalability. In this way, we have strictly controlled the space occupied by each transaction to be very small. In this way, a 1MB block size , then it will be able to accommodate at least 1000+ transactions.
Because each transaction output must carry a bulletproof proof, in order to further optimize the synchronization of blocks in the network, we have also trimmed the spent UTXO accordingly, which can greatly reduce the time required for synchronization.
4.4 Dandelion Spreading Protocol
The main purpose of the Dandelion Spreading Protocol is also to improve the privacy of Bitcoin transactions. You must know that Bitcoin transaction propagation cannot hide the source of the transaction very well. Whenever a transaction is made, it It will be disclosed to nodes across the entire network, so people can trace the source back to the initial node. Dandelion is a new transaction broadcast mechanism whose goal is to obfuscate the IP addresses of Bitcoin transactions. Like the stem and fluff contained in the petals of a dandelion, the dandelion protocol is broadcast to the network in two stages: the "stem" stage (transactions are obfuscated); and the "fluff" stage (broadcasted). In the "stem" phase each node communicates transactions to a single randomly selected peer. With a fixed probability, the transaction will transition to "fluff" mode and then be communicated using ordinary broadcasts. At this time, mapping it back to the original node becomes extremely challenging because the random nodes in the initial stage are Obfuscated, this prevents monitoring nodes from using Dandelion to map transactions back to the original address. EIDchain's transaction broadcast uses the Dandelion protocol, which hides the original IP of the sender well.
Figure 2 Dandelion Protocol
4.5 Decentralized currency mixing mechanism
The currency mixing process of the decentralized currency mixing solution is implemented through the currency mixing protocol and does not require the participation of third-party nodes. The earliest decentralized currency mixing solution is the CoinJoin mechanism proposed by Gregory Maxwell on the Bitcoin forum. The core idea of the CoinJoin mechanism is to hide the corresponding relationship between the input and output of both parties by merging multiple transactions into one transaction. As shown in Figure 4, when there is only one input address and one output address in a transaction, the attacker can directly observe the relationship between the two parties. Under the CoinJoin mechanism, several single input and single output transactions are merged into one For a multiple-input-one-multiple-output transaction, the two parties to the transaction change from two separate addresses to a collection of two addresses. For a multiple-input-multiple-output transaction, potential attackers cannot confirm the correspondence between inputs and outputs by observing the transaction information. Generally, the CoinJoin mechanism requires a third-party server to match all currency mixing applicants for signature. In a CoinJoin transaction, each user completes signatures independently and decentrally. Only when all signatures are provided and merged can the transaction be judged legitimate and accepted by the network. This decentralized currency mixing mechanism eliminates the need for third-party service providers to participate. The currency mixing process is completed with the joint participation of all currency mixing users, thus effectively avoiding the risk of third-party theft and leakage of currency mixing information. CoinJoin is the basis of the decentralized currency mixing mechanism, and its ideas are used in a variety of anonymous Bitcoin protocols.
Figure 3 Decentralized currency mixing transaction mechanism
4.6 Range proof and multi-signature technology
In the previous confidential transaction protocol, we have introduced the bulletproof protocol technology and Schnorr signature technology in the EID chain, so we will not go into details.
4.7 Scalable transaction pool technology
Every transaction on the EIDchain chain has no transaction address. We use a transaction pool technology and cleverly remove the wallet transaction address. This transaction pool is maintained on each node. The specific technical performance is as follows: after each wallet goes online, it will send all its transaction channels to the node to request transaction subscriptions. Once it goes offline, the subscription will be automatically canceled. The design of this trading pool will bring more ecological scalability in the future.
5. Future application scenarios
Privacy protection is a strong need for individuals and organizations in the real world, especially in the digital world. The main contribution of this article lies in the privacy of blockchain transaction amounts. Combining cryptographic technologies such as range proof, Pedersen commitment and zero-knowledge proof, a blockchain transaction amount hiding mechanism is proposed, including the process of establishing an anonymous currency account and the process of anonymous currency payment. This mechanism is the first to realize the hiding function of transaction amount in the blockchain, making up for the lack of transaction amount hiding mechanism in the existing blockchain technology center. The transfer amount and user balance are hidden in a real-time, secure and verifiable manner. Research and apply blockchain technology to block private data, decentralize structure, hierarchize information and manage smart contracts, establish a three-dimensional and full life cycle protection model, and a new trustless management mechanism to solve the problem of preventing privacy leaks, Privacy protection requirements such as tamper resistance and evidence traceability.
5.1 Financial Legal Privacy
The scope of legal use cases for financial privacy is very wide. Most transactions that occur in the world require financial privacy. The assets and transaction privacy data of related accounts in the digital world are exposed to everyone through transaction records stored on the blockchain. It's unreasonable in front of me. In the real world, the thorny issues we encounter with financial privacy might look something like this: a company wants to protect a supply chain information from competitors, a person doesn't want the public to know she's filing a lawsuit with a bankruptcy attorney or getting a divorce. Lawyers pay for consulting fees, a wealthy man doesn't want to keep his whereabouts known to potential criminals, and buyers and sellers of different goods want to avoid transactions being cut off by middlemen companies between them. At the same time, for those financial entities that invest in banks, hedge funds, and other types of trading (securities, bonds, derivatives), if others can figure out their positions or trading intentions, the exposure of this information can put the trade executioners at a disadvantage , thus affecting their profitability. However, in smart contracts, the complete sequence of financial actions will be transmitted through the network and recorded on the blockchain, so it is open and transparent. Since their financial transactions (such as insurance contracts or stock transactions) are highly confidential, they cannot be shared among multiple people. Transactions based on the details of certain terms may have required the protection of the parties’ information, but now this cannot be done due to the openness and transparency of the blockchain. Therefore, for those individuals and companies who do not want their financial status to be known, the lack of privacy protection is the main obstacle to the widespread adoption of decentralized smart contracts in the blockchain. The lack of privacy protection technology has become a factor in the popularization of decentralized applications. Therefore, the technological development process in related fields has also attracted public attention.
5.2 Supply chain system
Blockchain can solve the problems of upstream and downstream transaction vouchers and traceability in the supply chain system, simplify the difficulty of enterprise management in the supply chain center, and provide corresponding solutions for the financing of upstream and downstream enterprises. However, if sensitive data such as prices and goods are uploaded to the chain, companies will leak business secrets. This was a huge problem for the previous blockchain. Now by solving issues such as blockchain privacy encryption, business can be completely solved. The problem of confidentiality exposure, at the same time, allows all parties involved to enjoy the benefits brought by the application of the blockchain system.
5.3 Enterprise management
blockchain technology is trustless. Its application in the privacy protection of the Internet of Things will inevitably lead to changes in the management mechanism, that is, from centralized management to decentralization or weak center, system managers and other internal personnel The chance of privacy leakage is greatly reduced. At the same time, for any business operations and transactions, the blockchain will be recorded in chronological order, and it is tamper-proof, the evidence can be traced, and there is no need for third-party supervision, reducing the opportunities for customers, enterprises and third parties to leak private information. In management, it is not to strengthen the restriction measures of nodes, but to strengthen the design of consensus mechanism and incentive mechanism to attract more nodes to join. While improving the mutual restraint and balance between nodes, it also enhances computing power and storage capacity, saving more costs.
6. Conclusion
Generally speaking, personal data and sensitive data should not be trusted by third parties because they are vulnerable to attack and misuse. In the future, when all human information and data around the world are stored on the blockchain, this will become even more important. This article starts from blockchain technology and attempts to use a combination of technologies to achieve privacy. We have made a series of improvements based on the concept of Bitcoin and other privacy coins, resulting in a decentralized and more anonymous encrypted digital currency network, aiming to create an infinitely scalable and secure cryptocurrency network. privacy value network.
References
[1] J Zarrin, LA Rui, JP Barraca. Resource discovery for distributed computing systems: A comprehensive survey [J]. Journal of Parallel and Distributed Computing, 2018(113):1-45.
[2] M0NAC0 JV.Identifying Bitcoin users by transaction be havior [C]// The SPIEDSS, April 20-25, 2015, Baltimore, USA.Baltimore: SPIE, 2015.
[3] [27] Maxwell, Gregory. CoinJoin: bitcoin privacy for the real world, 2013: 1-13.
[4] ANTONOPOULOS A M. Mastering bitcoin: unlocking digital crypto-to-currencies[M].O'Reilly Media , Inc. 2014: 25-36.
[5] MILLER A, BENTOV I, KUMARESAN R, et al. Sprites: payment channels that go faster than lightning[J]. 2017: 1-23.
[6] ZHANG Y, WEN J. The IoT electric business model: using blockchain
technology for the Internet of things[J]. Peer-to-Peer Networking and
Applications, 2017, 10(4): 983-994.
[7] VALENTA L, ROWAN B. Blindcoin: blinded, accountable mixes for bitcoin[C]//International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2015: 112-126.