摘要
以区块链和密码学技术为支撑的加密货币的兴起,打破了传统的中心化交易模式。但在它带来诸多便利的同时,也暴露了缺陷。当加密货币的合法用户密钥遗失或有攻击者利用合约漏洞非法转移资金时,系统缺乏额外的身份认证和资金托管功能,这会导致用户失去资金的控制权。针对这些问题,本文方案将对用户的账户资金跟踪管理规则写进智能合约中,在特定的异常情况下,强制用户调用双因素认证方案(结合非交互零知识证明、默克尔树、ElGamal算法等方法)来验证合法身份,防止攻击者非法转移资金。通过仿真实验与其他方案对比的结果显示,该方案在安全性和效率上有一定的提升。
Due to the rise of cryptocurrencies underpinned by blockchain and cryptography,the traditional centralized transac-tion model has been broken.But while it brings many conveniences,it also exposes flaws.When the user key of the cryptocur-rency is lost or an attacker exploits the contract vulnerability to illegally transfer funds,the system lacks additional authentication and fund custody functions,which will cause the user to lose control of the funds.In view of these problems,the proposed pro-posal will write the user’s account fund tracking management rules into the smart contract,and force the user to call the two-factor authentication scheme(combined with non-interactive zero-knowledge proof,Merkle tree,ElGamal algorithm and other methods)to verify the legal identity and prevent attackers from illegally transferring funds under specific abnormal circumstances.The results of comparison with other schemes show that the scheme has a certain improvement in safety and efficiency.
作者
刘鑫
柳毅
LIU Xin;LIU Yi(School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China)
出处
《计算机与现代化》
2023年第10期121-126,共6页
Computer and Modernization
基金
广东省重点领域研发计划项目(2021B0101200002)。
