基于聚合签名与加密交易的全匿名区块链

Full Anonymous Blockchain Based on Aggregate Signature and Confidential Transaction

通过揭示从区块奖励交易到未花费交易输出的所有交易细节,比特币区块链的公开账本为分布式用户提供交易权属证明.但是,正由于公开账本暴露所有交易细节,导致攻击者可通过去匿名化攻击连接交易实体,并通过显式的交易金额获取用户隐私.因此,针对比特币区块链系统所面临的隐私保护问题,该方案结合混币思想及加密交易技术,实现保护收付款者身份和交易金额隐私的全匿名区块链系统.其中,Boneh、Gentry和Lynn(EUROCRYPT 2003)单向聚合签名技术系统性嵌入混币思想到全区块中;Boneh、Goh和Nissim(TCC 2005)同态加密方案赋予矿工验证加密交易合法性的能力.矿工将在方案中作为验证交易、混淆交易和打包交易的实体.最后,通过比较各种隐私保护区块链方案,该方案既可实现全匿名,又可保证交易存储开销是合理的.

The public ledger of Bitcoin blockchain system offers ownership proof for distributed users by revealing all transaction details from coinbase transaction to unspent transaction output.However,an adversary could deanonymize user identities by transaction graph analysis and obtain transaction amount which reveals users privacy.This paper resolves this problem and uses both mixing and confidential transaction technique to achieve a full anonymous blockchain system by a one-way aggregate signature scheme and a homomorphic encryption scheme.It protects user identities and transaction amount to achieve full anonymity.The one-way aggregate signature scheme compresses all individual signatures to an aggregated one without additional storage space,which could neutralize the storage overhead caused by confidential transaction to a certain extent.The homomorphic encryption scheme encrypts the plaintext transaction amount to the Pedersen-style ciphertext,which is validated without decryption.In addition,miners in our system would become entities for verifying,mixing and packing all transactions in blocks.Four-step validation mechanism is also designed to prevent transaction makers from cheating.Finally,we evaluate our system with related work from the aspect of privacy protection,in which our storage overhead is acceptable with full anonymity.