基于Borromean环签名的隐私数据认证方案

Privacy Data Authentication Schemes Based on Borromean Ring Signature

在区块链系统中,隐私保护是一个非常重要的问题.事实上,如果交易的金额比较大,那么交易的发起者和接收者都不希望将这笔金额公开.于是,解决这类隐私保护的直接方法是对交易的金额做同态加密或者承诺,以达到对该笔金额的隐藏.然而隐藏后的金额不一定是合法的,即不是正整数或不在某个规定的范围内(例如[0, 2～(48))),并且其他人也无法验证该金额的合法性,进而无法验证该笔交易的合法性.因此需要附上一个证据来证明该笔交易对应的金额是合法的.目前基于Borromean环签名的隐私数据认证(范围证明)方案已用在CT (confidential transaction)中,其基本思想是对隐藏金额按逐比特划分,进而产生相应的公钥组以及相应的环签名,最后利用Borromean环签名得到对金额承诺消息的最终签名,则该签名是对隐藏金额的范围证明.本文改进CT中的范围证明方案,通过对隐藏金额的每个比特采用另一种已知的环签名方案,本文的方案在保持证据长度不变的前提下,将证据生成的时间缩短了约22%,并将证据验证的时间缩短了约30%.

Privacy protection is a very important issue in the blockchain system. If the amount of value in some transaction is quite large, neither the payer nor the payee of the transaction wishes to disclose it. In order to hide the amount, a direct solution of this privacy protection is to make homomorphic encryption or commitment on the amount of the transaction. However, the hidden amount is not necessarily legal,which means that the amount is not a positive integer or not in certain range（e.g. [0, 2-（48）））. Besides, anyone else cannot verify the legitimacy of the amount nor the legitimacy of the transaction. Therefore, it is necessary to attach a proof to prove the legitimacy of the amount in a transaction. The data privacy authentication（range proof） schemes based on the Borromean ring signature is currently used in CT（confidential transaction）. The basic idea is to divide the secret amount in a transaction by bits, and generate the public key groups and the ring signature for each bit correspondingly. The final signature is obtained by the use of the Borromean ring signature, and then it is a proof of the range of the amount. This study improves the current scheme. As we take advantage of another known scheme to generate the ring signature for each bit of secret amount, our range proof scheme reduced the time of the proof generation by about 22 percent and the time of the proof verification by about 30 percent while keeping the length of evidence invariant.