International Journal of Computational Intelligence Systems

Volume 14, Issue 1, 2021, Pages 1642 - 1652

A Regulatable Blockchain Transaction Model with Privacy Protection

Authors
Zhiyuan Xue1, Miao Wang2, Qiuyue Zhang3, Yunfeng Zhang2, 4, Peide Liu3, *, ORCID
1School of Software, Shandong University, Jinan, 250101, China
2School of Computer Science and Technology, Shandong University of Finance and Economics, Jinan, 250014, China
3School of Management Science and Engineering, Shandong University of Finance and Economics, Jinan, 250014, China
4Shandong Key Laboratory of Blockchain Finance, Shandong University of Finance and Economics, Jinan, 250014, China
*Corresponding author. Email: peide.liu@gmail.com
Corresponding Author
Peide Liu
Received 4 March 2021, Accepted 25 May 2021, Available Online 7 June 2021.
DOI
10.2991/ijcis.d.210528.001How to use a DOI?
Keywords
Blockchain; Privacy protection; Supervision; Encryption
Abstract

Blockchain is a decentralized distributed ledger technology. The public chain represented by Bitcoin and Ethereum only realizes the limited anonymity of user identity, and the transaction amount is open to the whole network, resulting in user privacy leakage. Based on the existing anonymous technology, the concealment of the sender, receiver, amount of the transaction, and does not disclose any information, which makes the supervision difficult. Therefore, the design of blockchain scheme with privacy protection and supervision functions is of great significance. In this paper, a blockchain transaction model with both privacy and supervision function is proposed. It uses probability encryption to realize the hiding of the true identity of the blockchain transaction, and uses the commitment scheme and zero-knowledge proof technology to realize the privacy protection and guarantee legitimacy verification of the transaction. With the use of encryption technology, the regulators can supervise blockchain transactions without storing the users' information, which greatly reduces the pressure on storage, computing and key management. In addition, it does not rely on specific consensus mechanism and can be used as an independent module. The security performance analysis shows that the proposed scheme has great practicability and has potential application in many fields.

Copyright
© 2021 The Authors. Published by Atlantis Press B.V.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

1. INTRODUCTION

Blockchain technology first emerged as a tool to manage cryptocurrency in 2008 when Nakamoto introduced “Bitcoin” as first P2P digital cash system using blockchain [1]. It is a new application model for various computer technologies, such as data storage, peer-to-peer transmission, consensus mechanism, encryption algorithm, etc. The blockchain also known as distributed ledger technology, which leads a new round of technological and industrial changes around the world, playing an important role in improving corporate productivity, reducing corporate costs, increasing customer satisfaction and expanding new markets. Some researchers are integrating blockchain technology into some areas of daily life. For example, the application of blockchain has extended from the financial to the physical field, including electronic information storage, copyright management and trading, product traceability, digital asset trading, Internet of Things, intelligent manufacturing, supply chain management and other fields [2]. All these applications show that blockchain will take over some major areas of daily life in the future. Moreover, the blockchain can bring people into a fair, safe and transparent environment. Obviously, as a trust system construction technology, blockchain has great potential and is expected to become the cornerstone of the new era of digital economy. Now, blockchain has begun to be used in various industries such as energy, finance, e-commerce, e-government and medical care. Especially in the field of privacy protection, a large number of experts and scholars have been attracted to achieve better results. With the further development and wide application of blockchain, it also faces more and more technical challenges, especially in privacy protection and supervision.

Blockchain works in the use of shared distributed ledger distribution system, which is basically a data structure that contains transaction lists in an orderly form. However, these decentralized transactions have produced certain privacy risks and attacks in daily life, which need to be solved before blockchain integration [3]. First of all, Conti et al. [4] gave one of the groundbreaking research articles on bitcoin security and privacy, which highlighted all the basic technologies of bitcoin and its feasibility and robustness analysis. Up to now, some research has been devoted to the study of Bitcoin, and a lot of results have been achieved. Later, with the development of blockchain technology, Ethereum began to appear, intended for the next generation of cryptocurrency and decentralized application platform. Ethereum is the representative of Blockchain 2.0, which uses smart contracts to solve the problem of decentralized application in the monetary field [5,6]. Neither Bitcoin nor Ethereum can guarantee the privacy of the transaction [7]. For a transaction on the blockchain, the sender, receiver and transaction amount are mainly involved. The identities of the sender and receiver are realized by the user's public-key address with a certain degree of anonymity, but some related information of the transaction subject can mine through data analysis or machine learning methods, and then combine some background knowledge to obtain the identity information of trader [8]. Hence, the transaction amount is completely exposed on the public chain, anyone can query and access it through the entire node of the blockchain. Attackers can obtain valuable information by analyzing transaction records, such as specific account fund balances, transaction details and specific capital flows, so the privacy of transactions cannot be guaranteed [9].

At the beginning of the design, the blockchain provides a certain degree of security for the designed system through a series of technologies to avoid damage, modification and data leakage due to external malicious attacks. In terms of privacy, the open and transparent nature of the blockchain has caused serious privacy issues such as transaction data and network node addresses. In order to further ensure the protection of user privacy, some related technologies have been applied in this field in recent years. In particular, anonymous digital currencies, such as Monero, Zcash and the newly launched Beam and Grin, etc., using ring signatures, zero-knowledge proofs, password commitments and other technologies to ensure the privacy of transaction senders, receivers and transaction amounts [1013]. However, the privacy protection strategies are so strong that no one can supervise and control them, and they may be used in some illegal financial transaction activities, which is harmful to the society. Therefore, it is very valuable to find a suitable method that can protect privacy and facilitate supervision at the same time.

Blockchain, as a data structure that stores data in chronological order, can support different consensus mechanisms. The consensus mechanism is an important component of blockchain technology. The goal of the blockchain consensus mechanism is to enable all honest nodes to maintain a consistent view of the blockchain while satisfying consistency and effectiveness [14]. For example, there are plenty of consensus algorithms, such as proof of work (PoW), proof of importance (PoI), practical Byzantine fault tolerance (PBFT), measure of trust (MoT), proof of stake (PoS) and proof of space (PoSpace) [15,16]. In fact, the consensus mechanism is mainly used to eliminate trusted third parties or centralized entities. All nodes of the blockchain follow a specific consensus so that there will be no conflicts in the future, and the essence is to achieve privacy protection. However, the current consensus mechanism still has problems such as waste of computing power and energy, Matthew effect and low security. Therefore, adopting an effective consensus-based blockchain model to better solve the privacy protection is a current challenge.

To solve the above problems, this paper integrates multiple cryptographic technologies and proposes a blockchain transaction model with both privacy and supervision functions. First of all, we make use of the advantages of probabilistic public-key encryption to hide the real identity information of users. Then, with the help of the cryptographic commitment schemes and Zero-Knowledge Proof technology to verify the legality of blockchain transactions. Based on this, the regulators may obtain the real identity information of users through decryption, which fulfills the requirements of transaction privacy protection and the function of supervision. Moreover, regulators do not need to store the real identity and key information of user. Comparative analysis shows that the blockchain transaction model proposed in this paper is feasible and has practical value in various industrial scenarios such as digital currency, finance and energy.

The contributions of this paper are as follows:

  • We combine with the cryptographic commitment scheme and Zero-Knowledge Proof to complete the legality verification of privacy transactions for the first time. Therefore, the identity-based encryption system enables regulators to obtain transaction amounts through decryption calculations without storing the key information, which satisfies the requirements of transaction privacy protection and supervision functions.

  • Taking advantage of probabilistic public-key encryption to hide the users' real identity information. The same real identity can be encrypted for unlimited times to generate different anonymous identities. Regulators can directly obtain the real information by decrypting the anonymous identity without storing identity information.

  • The blockchain transaction model with privacy protection and supervision functions proposed in this paper does not rely on a specific consensus mechanism and can be used as an independent module in the existing blockchain technology.

The remainder of this paper is organized as follows. Section 2 describes recent advances in protecting the privacy of blockchain transactions. Section 3 describes background related to blockchain technology. Section 4 describes the overall methodology. Section 5 presents and discusses the experimental results. Section 6 summarizes and presents conclusions.

2. RELATED WORK

To protect the privacy of blockchain transactions and hide the information of the sender, receiver and transaction amount, many blockchain-based technologies have been proposed.

In 2015, DASH was proposed, the process of mixing coins is carried out by means of main node deposit, which can hide the mapping relationship between input address and output address to achieve the purpose of anonymity [17]. But this is a centralized processing method, so there may be problems such as denial of service attacks and mixed coin users of leaking the mixing process. Maurer et al. proposed CoinJoin, which merges multiple transactions into one transaction and hides the correspondence between input and output parties to enhance the privacy protection ability of users, but it also faces the threat of centralized mixing coins [18]. Compared with the mixing coins' scheme, Li et al. used a ring signature mechanism to implement privacy protection digital currency, and it no longer needs to interact with other users [10]. Users implement anonymous processing by themselves, which can effectively eliminate the problems faced by the centralized mixed coins scheme. However, due to the use of complex cryptography technology, the speed of system operation and verification process is reduced. Zcash is a new type of digital currency constructed on the basis of Zerocoin, which uses a cryptographic commitment scheme to encapsulate the sender, receiver and transaction amount of the transaction into parameters, and then uses zkSNARKs Zero-Knowledge Proof to prove the transaction and realize the concealment of the sender, receiver and transaction amount of blockchain transactions, it has the best privacy protection until now [11,19,20]. But the process of its proof is very slow, and there are bottlenecks in efficiency. In 2019, Beam and Grin went online, which used MimbelWimble protocol and aggregated signatures to achieve the purpose of privacy protection of blockchain transactions [12,13,21]. However, both parties of the transaction need to perform an online interaction process, which is not convenient to use in practice. Therefore, we need to develop an effective and practical method to solve the problem of privacy protection.

Due to the strong privacy protection capabilities of anonymous digital currency, it is difficult for financial institutions and state agencies to supervise digital currency participants and transactions between them, making digital currency has gradually become the tool of money laundering, tax evasion and illegal transactions. Sun et al. proposed a multi-chain model suitable for central bank-supervised digital currencies, but the communication between chain nodes is more complicated, and the design of super chain makes it lose decentralized characteristics and cannot guarantee the privacy of transactions [22]. Zhang et al. proposed a digital currency supervision model with a double-chain structure, anchoring the alliance chain on a public chain [23]. As a consensus participant, the alliance chain guarantees the privacy of transactions through secret sharing, and provides the characteristics of supervision, while ensuring the decentralization and anonymity of digital currencies. Therefore, how to enable blockchain transactions to achieve both privacy capabilities and requirement of regulatory is a hot topic of current research, but the current research results are still very few.

This paper integrates a variety of cryptographic techniques to propose a blockchain transaction model that takes into account privacy protection and supervision functions. Among them, the probabilistic public-key encryption algorithm is used to hide users' real identity information and realize the identity anonymity of user transactions. The cryptographic commitment scheme and Zero-Knowledge Proof are used to realize the privacy protection of the blockchain transaction amount and ensure the legality of transaction verification. In addition, the use of identity-based encryption technology to realize the supervision function of transaction information. Based on the above advantages, the blockchain transaction model proposed in this paper is of great application value while ensuring the privacy of users' transactions, making it easier for regulators to track illegal financial transaction activities.

3. BACKGROUND

In this section, through detailed theoretical analysis, we will reveal the internal process of the blockchain technology, unspent transaction output (UTXO) model and cryptography applied in this paper, which are the basic components of the scheme.

3.1. Blockchain Technology

Blockchain is a decentralized distributed ledger, which can be simply understood as a distributed database that distributed on various nodes around the world, which is connected by blocks in chronological order to form a chain. If the data in any block was changed, it will cause subsequent changes to the blockchain, which makes it immutable [15,24]. Current mainstream blockchain platforms include Bitcoin, Ethereum and Hyperledger Fabric [1,5,25]. From Figure 1, we can see the structure of the blockchain, there are multiple transactions recorded in the block. Whether blockchain is licensed or multi-licensed depends on how individuals verify and send transactions or how entities are authorized to verify and execute transactions (or conduct transactions alone). Blockchain is based on cryptography rather than credit, allowing any two parties to reach an agreement to pay directly without the involvement of a third-party intermediary.

Figure 1

The structure diagram of blockchain.

Transactions are written into the blockchain through a consensus mechanism. It is one of the core technologies of the blockchain and determines which node is responsible for accounting, and the accounting method will affect the security and reliability of the whole system. Common consensus mechanisms mainly include PoW, PoS, PBFT, etc. [2628]. This paper mainly studies the blockchain transaction model and does not rely on specific consensus mechanisms.

3.2. UTXO Model

Blockchain technology is the bottom technology of bitcoin and the core and basic structure of Bitcoin. We define bitcoin transaction as a transfer of BTC ownership from the buyer's purse to the seller's purse in exchange for a product or service. The buyer's BTC wallet assembles a transaction using the buyer's UTXO stored in the blockchain. A BTC amount claimed in advance by a UTXO designated buyer for transactions previously processed. UTXO stands for the unspent transaction output and is the core concept of bitcoin transaction generation and verification. Multiple transactions are recorded on the bitcoin ledger, each of which has several transaction inputs (transferors), which is the source of funds; and several transaction outputs (receivers), which is the destination of funds. Figure 2 is an example of the Bitcoin UXTO model. We can see that the input of transaction 1 is 1 BTC, and the two outputs are 0.4 BTC and 0.5 BTC. The difference of 0.1 BTC between input and output is caused by transaction fee. Transaction 2 is similar to transaction 1, and its output is used as the input of transaction 3, thus forming a chain structure of the transaction.

Figure 2

The example of Bitcoin UTXO transaction model.

In this paper, the blockchain transaction form mainly adopts bitcoin's UTXO model, and the transaction consists of sender, receiver and transaction amount. Transaction privacy refers to the protection of the sender's identity, receiver's identity and transaction amount without external disclosure; transaction supervision refers to the ability of regulators to query the information of the transaction sender, receiver and transaction amount by using curtain methods.

3.3. Cryptography

The cryptography is the most important invention and progress of modern cryptography. It is generally understood that cryptography is to protect the confidentiality of information transmission. The verification of the true identity of the sender and receiver of the information, the nonrepudiation of the sent/received information after the fact, and the protection of the integrity of the data are another aspect of modern cryptography. In blockchain transactions, it is necessary to adopt relevant cryptographic techniques to ensure security, we will introduce the probabilistic public-key cryptosystem, identity-based cryptographic algorithms and cryptographic commitment schemes in this subsection. These three technologies belong to classic cryptographic algorithms and play a vital role in ensuring the privacy of the transaction model proposed in this paper.

3.3.1. Probabilistic public-key cryptosystem

Probabilistic public-key encryption is a kind of nondeterministic cryptography. For the ciphertext generated by the same plaintext randomly changes, under the assumption of computational security, it is impossible to obtain any valid information of the plaintext through ciphertext related attacks in polynomial time. Goldwasser et al. used the quadratic residue theorem to design a probabilistic public-key cryptographic scheme, but it has high ciphertext scalability [29]. Blum et al. gave a more effective probabilistic public-key encryption system, which greatly reduces the expansion of ciphertext data [30]. Therefore, based on the above theoretical analysis, we chose the Blum–Goldwasser (BG) scheme to encrypt the users' identity information, which is more effective and uses the Blum Blum Shub (BBS) generator to improve the randomness of the ciphertext [31]. The idea of BG's probabilistic public-key cryptosystem is as follows: A random seed s0 uses a BBS generator to generate m pseudo-random bits z1,z2,zm, and then uses zi as a key stream, i.e., they are XORed with l-length plaintext bits to form a ciphertext. At the same time, the m+1th element sm+1=(s0)2m+1 mod n Transmit as part of the ciphertext. When the receiver receives the ciphertext, he can calculate si+1 from s0; then reconstruct the key stream, and finally XOR the key stream with m ciphertext bits to obtain the plaintext. The detailed algorithm process of BG is as follows:

Parameter setting: Set n=pq, where p and q are large prime numbers, pq3, then n is public key, and p and q are private keys. Suppose the plaintext space P=Z2m, ciphertext space C=Z2m×Zn and keyspace K=(n,p,q).

Encryption algorithm: For K=(n,p,q), xZ2m, rZn, the process of encryption is:

  • select the seed s0 randomly, use the BBS generator to generate m random bits z1,z2,zm as the keystream;

  • calculate sm+1=s02m+1 mod n;

  • calculate yi=xi+zi mod 2, where 1im;

  • ciphertext is c=Ek(x,r)=y1,,ym,sm+1.

Decryption algorithm: To decrypt y, the following steps should be completed:

  • calculate a1=(p+1)/4m+1 mod p1;

  • calculate a2=((q+1)/4)m+1 mod q1;

  • calculate b1=sm+1a1 mod p;

  • calculate b2=sm+1a2 mod q;

  • use Chinese Remainder Theorem calculates r and satisfies the following conditions:

    rb1 mod p and rb2 mod q;

  • use the BBS generator to calculate z1,z2,zm from the seed S0 = r;

  • calculate xi=yi+zi mod 2, where 1im;

  • the decrypted plaintext is x=x1,x2,,xm.

3.3.2. Identity-based cryptography

Identity-based cryptography (IBC) can effectively solve the problem of public key infrastructure (PKI) digital certificate management [32]. The security of cryptographic mechanisms mostly relies on the assumption of certain mathematical problems and achieves a certain security strength under a certain security model. Therefore, we first introduce the relevant theoretical hypothesis.

Definition 1.

The problem of Diffie–Hellman (DH) [33]. Given a large prime number q, a large integer generator gZq, and ga mod q and gb mod q generated by large random numbers a, b, gab mod q is required to be found.

Definition 2.

The problem of computational Diffie–Hellman (CDH) [33]. For randomly given <P,aP,bp>, where a, b belongs to the point group Zq with order q, calculate the value of abP.

Definition 3.

The problem of computational decision Diffie–Hellman (DDH) [34]. Distinguish the distribution between a given tuple <P,aP,bp,abp> and <P,aP,bp,cp>, i.e., determine whether c is equal to ab mod q, where a, b, c belong to the point group Z with order Zq.

Definition 4.

The problem of strong Diffie–Hellman inversion (q-SDH) [35]. Given q+1 dimensional tuple <g,gx,gx2,,gxp>G, calculate g1/xG.

Definition 5.

The problem of bilinear Diffie–Hellman (BDH) [36]. Let G1 and G2 be two point groups with prime order q, e:G1×G1G2 is an acceptable bilinear mapping, P is the generator of G1, for a given <P,aP,bP,Cp>, where a,b,cZq, calculate W=e(P,P)abcG2.

IBC generates the master public key and master private key by key generation center (KGC), then KGC uses its own key to generate the users' private key according to the identity information ID (such as name, email, ID number, etc.), which is the public key without digital certificate binding. This paper mainly adopts SM9 standard algorithm of China as an example of the IBC cryptosystem. SM9 uses various unique identifiers as public keys for data encryption and identity authentication, which is very suitable for applications such as email protection, secure circulation of official documents, multimedia converged secure communications, identity authentication, secure communications in the Internet of Things, cloud data protection, etc. The SM9 algorithm uses the bilinear pairing on the elliptic curve as the basic mathematical tool, and constructs a security proof based on the relevant calculation complexity assumptions, which greatly improves the protection level of my country's information security. Such a system has a natural password delegation function, which is very suitable for a supervised application environment, and has considerable advantages in the management and control of a large number of interconnected devices. SM9 standard is divided into five parts: general principles, digital signature algorithm, key exchange protocol, key encapsulation mechanism, public-key encryption algorithm and parameter definition. The following mainly introduces SM9 digital signature algorithm.

Let P1 be the generator of the elliptic curve additive cyclic group G1,P2 is the generator of the elliptic curve additive cyclic group G1,H is the Hash function and e is the bilinear pair. Assuming that A is the signer and B is the verifier, the process of generating the SM9 digital signature is as follows:

Key generation: The random number Ks[1,N1] generated by KGC is used as the master private key of signature, calculate Ppubs=[ke]P2 as the master public key of signature, then the encryption master key pair is ke,Ppubs. User A's identification is IDA. To generate user A's signature private key dsA, KGC calculates t1=HIDA,N+ks, t2=kst11 on the finite field FN, then gets dsA=t2P1.

Process of signing: Suppose the message to be signed is M, the signature process of user A is as follows:

  • calculate g=eP1,Ppubs;

  • choose a random number r[1,N1];

  • calculate w=gr, h=HMw,N, l=(rh) mod N;

  • calculate S=[l]dsA, then the signature of M is (h,S).

Process of verification: In order to verify the signature h,S of message M', B performs the following process:

  • calculate g=eP1,Ppubs;

  • calculate t=gh, h1=HIDA,N;

  • calculate P=h1P2+Ppubs, u=eS,P, w=u·t;

  • calculate h2=H2Mw,N, if h2=h, then sign verification passes, otherwise it fails.

3.3.3. Cryptographic commitment scheme

In this paper, cryptographic commitment scheme mainly adopts Pedersen commitment and is used in Monero to protect the privacy of transaction finance [10]. Pedersen commitment is a homomorphic commitment protocol that satisfies perfect concealment and computational binding. Its perfect concealment does not depend on any difficult assumptions. The computational binding relies on the discrete logarithm assumption (DLA). And its construction is divided into 3 stages.

  • Setup: Select the multiplicative group G and generator with the order of large prime q, G=<g>=<h>, open tuple g,h,q;

  • Commitment: The promise party chooses a random number r as the blind factor, calculates the promise value and then sends commitment to the receiver;

  • Open: The promiser chooses a random number r as the blind factor, calculates the promise value and then sends commitment to the receiver; open phase open: the promiser sends v,r to the receiver, and the receiver verifies whether commitment is equal to gvhr mod q, if they are equal, then accept, otherwise refuse to promise.

The complete data formula is expressed as follows:

P=xg+rH(1)
where g and H are the base points in elliptic curve cryptography (ECC), and r is the blind factor to protect the privacy of the value x. In addition, it is necessary to use Bulletproofs Zero-Knowledge Proof to realize the range proof of the transaction amount in a more efficient way [36]. Bulletproofs is a more space-efficient form of zero-knowledge proofs. Importantly, for our purposes, these proofs also have native support for commit values such as Pedersen commitments and public keys. This allows us to implement functions such as range proofs in a general zero-knowledge framework, instead of implementing complex elliptic curve algorithms in zero-knowledge.

4. REGULATABLE BLOCKCHAIN TRANSACTION PRIVACY PROTECTION MODEL

This paper combines UXTO, BG, IBC, Pedersen commitment and other technologies to propose a regulatable blockchain transaction privacy protection model, which could be seen in Figure 3. From the Figure, we can describe the complete implementation process as the regulators first realize the identity anonymity of the sender and the receiver, UTXO ensures the security of the amount during the transaction and the miner is used to ensure the legitimacy of the identity of the trader and the transaction amount. Next, we will introduce the design process in detail.

Figure 3

The example of Bitcoin UTXO transaction model.

4.1. Transaction Model

The participants of the transaction in this scheme are shown in Figure 4, mainly including (1) sender and receiver of the transaction, hoping to protect their identity anonymity and the privacy of the transaction amount through a secure transaction; (2) blockchain miner, verify the legitimacy of transactions and packing them into blocks and storing them on the blockchain through consensus mechanisms; (3) regulators, track relevant participants in transactions and transaction finance to combat financial illegality criminal activities if necessary; (4) third party, who steals transaction-related information through certain technical means to obtain improper benefits.

Figure 4

The blockchain transaction entity in the scheme proposed of this paper.

The blockchain transaction privacy protection is relative, which mainly prevents the third parties from maliciously collecting user information. However, for regulators, it's necessary to track some illegal transactions to combat illegal and criminal activities. Therefore, it is necessary to ensure that transactions are regulatable. The content of supervision includes the identity of participating traders and the amount of transactions.

4.2. Realization of Anonymous Identity

In the initial phase of the model, regulators need to generate three pairs of public and private keys: one pair is, regulators use BG to generate the corresponding private key SkBG and public key PkBG; another one, regulators act as the KGC in the IBC cryptosystem and generates the master public key MPK and master private key MSK; the other one, regulators define the identity of the IBC as IDa, and sets IDa as the public key, based on the IBC algorithm, use MSK to generate the corresponding signature's private key Ska.

Ska=IBC.KeyGenMSKIDa(2)

Then the user in the system applies for key distribution to regulators through the uniquely identifying information IDu. IDu needs to be self-certified, which can be the user's email address, ID number and mobile phone number, etc. After authenticating the user's identity information, the regulators use the BG algorithm's public key PkBG to encrypt the user's identity information IDu to generate AID1, as follows:

AID1=BG.EncPkBGIDu(3)

To ensure that the user's IDu is certified by regulators, need regulators to perform signature verification on AID1 and generate AID2,

AID2=IBC.SignSkaAID1(4)

Define AIDu=AID1AID2, because AID1 is obtained by using IDu with BG, with good randomness. AID2 is AID1 obtained by IBC signature, so AIDu also has good randomness, which can effectively hide the user's user real identity information IDu, realize identity anonymity.

Then use AIDu as the public-key identity. Based on the IBC algorithm, regulators use MSK to generate the user's corresponding private key Sku, which is

Sku=IBC.KeyGenMSKAIDu(5)

Users' self-certified real identity information is IDu, the calculated anonymous identity information is AIDu, and the corresponding private key is Sku. Due to the BG probabilistic public-key encryption algorithm, the same IDu can be encrypted to generate different AIDu, IDu and AIDu have a one-to-many relationship, and theoretically the same IDu can generate an unlimited number of AIDu, enabling users to continuously update AIDu, thereby achieving good anonymity of users' identity.

In order to facilitate the subsequent description, we define the identities of the sender and receiver of the transaction as IDs and IDr respectively. The corresponding anonymous identities are calculated as AIDs and AIDr, the private keys are Sks and Skr. When the sender conducts a transaction with the receiver, he only needs to use Sks to unlock the UTXO input script and use AIDr as the receiver's address to achieve identity anonymity. In order to prevent the sender from sending the transaction to an illegal address that does not exist, resulting in asset loss, it is necessary to verify the legitimacy of the receiver's address with the help of miners.

4.3. Privacy Protection of Transaction Amount

When the sender AIDs needs to conduct a transaction with the receiver AIDr, the generality is not lost, as shown in Figure 5:

Figure 5

The complete framework diagram of the scheme.

In the transaction, AIDs has two inputs, the amount is Vin1 and Vin2; there are two outputs, which are the transaction using AIDr, the amount is Vout1, and the change fee returned to itself is Vout1, and the other part of Vfee is the handling fee, i.e., the cost of the miner's package transaction.

The scheme in this paper mainly adopts Pedersen commitment to realize the privacy protection of the transaction amount Vin1,Vin2,Vout1,Vout2, and the handling fee Vfee is publicly disclosed. For transaction's input, the previous output needs to be introduced, then

Pin1=Vin1G+a1H(6)
Pin2=Vin2G+a2H(7)

Vin1,a1 and Vin2,a2 can be decrypted by AIDs with the private key Sks.

For output, the sender AIDs selects two random numbers b1, b2 and then calculate

Pout1=Vout1G+b1H(8)
Pout2=Vout2G+b2H(9)
Pfee=VfeeG(10)

Pout1 and Pout2 are mainly for miners to verify the legality of transactions. In order for the receiver to obtain Vout1,b1 and Vout2,b2 they need to be encrypted with receiver's public key respectively, then get

Cout1=IBC.EncAIDRVout1,b1(11)
Cout2=IBC.EncAIDsVout2,b2(12)

To ensure the legality of the transaction, it is necessary to calculate them. Moreover, we can define the public key of the transaction and calculate the private key of the transaction. Making use of the ECC to sign the transaction, we get the relevant results:

Vin1+Vin1=Vout1+Vout2+Vfee(13)
Pin1+Pin2Pout1+Pout2+Pfee=a1+a2b1b2H(14)
PkTz=a1+a2b1b2H(15)
SkTz=a1+a2b1b2(16)
MTz=Pin1,Pin2,Pout1,Cout1,Pout2,Cout2,Vfee(17)
SigTz=ECC.SignSkTxMTX(18)

In addition, it is necessary to prove the range of transaction amount to avoid negative value. It can be realized through Bulletproofs Zero-Knowledge Proof, which exists as an assistive technology in the blockchain. It means that the verifier cannot obtain any additional information other than the result of the judgment (wrong or right). In the late 1980s, Blum and others further proposed the concept of “Bulletproofs Zero-Knowledge Proof,” replacing the interactive process with a short random string and realizing zero-knowledge proof [30,37]. Therefore, the final transaction can be expressed as follows:

Tx=MTx,SigTx,Prange(19)
where Prange is the relevant content of the proof of transaction amount range. Broadcast Tx through the network to the outside world. After the miners verify its legitimacy, it is packaged into blocks and recorded on the blockchain ledger through the consensus mechanism. The receiver can confirm receipt of the transaction according to AIDr and then use the private key Skr decrypts Cout1 and obtains the transaction information. In summary, we have completed the entire transaction process while hiding the transaction amount. The legality of the transaction amount is verified in two aspects by miners: the input and output amounts are equal and the output amount is within the valid range.

5. EXPERIMENTAL ANALYSIS AND DISCUSSION

A thorough experimental and analytical analyses were carried out on the proposed model. Specifically, privacy tests on the blockchain model and analyzes the privacy protection capabilities of the proposed scheme and compares it with the existing blockchain privacy protection transaction schemes.

5.1. The Ability of Privacy Protection

For users' identity information, AIDu privacy users' real information IDu, if AIDu is used frequently (e.g., in a transaction), set AIDu as the transaction input and output address at the same time, it is easy to infer that this is the change information given by traders. In order to improve privacy, this paper uses BG so that different seed s0 can be randomly selected for each encryption, the same IDu can generate countless anonymous AIDu addresses and AIDu cannot be distinguished from each other. Therefore, the user can generate AIDu in batches by regulators without changing IDu, and replace the AIDu in each transaction. The third party cannot recognize the changes of output in a trading and track the whole process of trading, or even speculate any effective information, so this scheme can realize the strong ability of privacy protection.

5.2. Baselines Schemes

In this subsection, we compare the performance using 8 baseline models to test our proposed scheme.

  • Bitcoin: Public key is used to realize identity anonymity and transaction amount is disclosed.

  • Ethereum: Public key is used to realize identity anonymity and transaction amount is disclosed.

  • Dash: The scheme is simple and mainly depends on the master node.

  • Monero: The ring signature relies on other public keys and the verification is complicated.

  • Zcash: Strong anonymity, but the parameter initialization is complicated, and the proof generation is time-consuming.

  • Beam/Grin: Using MimbleWimble protocol, the implementation is simple, but requires an interactive process.

  • Literature 22: With the multi-chain architecture, the node communication is more complicated, and the decentralization characteristic is lost.

  • Literature 23: The double-chain structure is adopted to ensure the privacy of transactions. The chain structure is more complicated.

  • Our model: The solution is simple to implement, but requires initial user authentication.

5.3. Comparison and Analysis

This subsection compares and analyzes the proposed regulatable blockchain anonymous transaction scheme in this paper with the existing blockchain transaction scheme, as shown in Table 1. At the same time, in order to observe the performance of all methods more intuitively, Figure 6 shows them in the form of images. Different colors represent different baseline models, and we classify them according to their performance. To further verify the performance of the solution proposed in this article, we have added three additional indicators, namely, protection against Identification attack, low storage usage and independence. They are used to verify the sender and receiver's identity protection and the storage size of privacy protection models. Among the existing cryptocurrencies, Bitcoin and Ethereum have a weak realization of the anonymity of identities, and the transaction amount has been completely disclosed to the outside world without privacy protection. Dash uses hybrid coin technology to mix the input and output of multiple transactions through the master node, but there is a risk of centralization, it may lead to the disclosure of user privacy. Therefore, when the Dash model faces an identity attack, it is difficult to avoid the risk. However, Monero adopts hidden address and ring signature technology, which no longer relies on centralized nodes, but needs to be mixed with other users' public keys and verification is relatively complicated. Zcash adopts the zkSNARKs Zero-Knowledge Proof scheme, which can achieve very strong anonymous privacy protection and make the model unable to be effectively supervised and has certain supervision loopholes. Moreover, the zkSNARKs scheme is very complicated to implement and requires initial trusted parameter settings. The generation of the proof is very time-consuming, which affects the practical efficiency. This feature of zkSNARKs makes it require higher storage usage. Both Beam and Grin use Pedersen commitment and aggregate signature technology to use the MimbleWimble protocol, which makes the implementation of the two simple, but requires an interactive process between the two parties, so it is more inconvenient to use. The above features make the two parties unable to deal with identity attacks. None of the above blockchain transaction privacy protection schemes have regulatable functions, which is indispensable in the transaction model and can greatly reduce risks. Therefore, a trading plan with regulatory functions is an indispensable indicator for us. Literature [22] proposed a multi-chain model suitable for supervision, but the communication between chain nodes is more complicated, and the super chain structure also makes it lose the decentralization characteristics and cannot protect the privacy of transactions. Literature [23] proposed a digital currency supervision model that adopts a double-chain structure, which combines alliance chains and public chains to ensure the privacy of transactions through secret sharing, while providing regulatable features, but the realization of the double-chain structure is more complicated. Both the model and the method proposed in this article are used to improve the privacy protection and supervision of blockchain transactions, which allows them to obtain basically satisfactory results. However, the solution we proposed is simpler in comparison, and has low storage characteristics, which can be conveniently applied to physical places such as health monitoring and bank transactions. Through comparison, it can be found that our proposed method is superior to other traditional methods, which fully verifies the validity of the above argument and the superiority of our scheme. As far as independence is concerned, the abovementioned baseline method and our scheme have this characteristic, but their degree of independence is slightly different.

Blockchain Technology Main Technologies Privacy Protection Regulatable Function Protection Against Identification Attack Low Storage Usage Independence
Bitcoin ECDSA, SHA256 × × ×
Ethereum ECDSA, Keccak × × ×
Dash CoinJoin × ×
Monero Hidden address, Ring signature, Pedersen commitment × × ×
Zcash zkSNARKs, Pedersen commitment × × ×
Beam/Grin Pedersen commitment, Aggregate signature × ×
Literature 22 Multi-chain × ×
Literature 23 Alliance chain and public chain technology ×
Our model -
Table 1

Performance comparison of blockchain technology.

Figure 6

Intuitive schematic diagram of the models' performance.

By comparing with the existing schemes, it can be seen that the scheme proposed in this paper does not need to rely on a centralized master node, does not need to introduce other public keys for ring signatures, does not need to implement a complex zkSNARKs certification process, does not require a cumbersome interaction process and no complex multi-chain structure is required. Through the use of probabilistic public-key encryption, IBC cryptosystem and Pedersen commitments, the scheme have both privacy protection and regulatable functions, which make regulators do not need to store users' real identity and key information and greatly reduces the storage and calculation pressure. The abovementioned features make it possible to protect the user's identity, thereby avoiding attacks. Nowadays, more and more researchers are committed to the development of lightweight models, which are not only convenient, but also have certain application value. The scheme proposed in this paper has this characteristic, so it has great application prospects.

6. CONCLUSIONS AND FUTURE WORK

The application of blockchain technology not only protect the privacy of user transactions, but also ensure the legality of user transactions. Therefore, it is necessary to achieve a balance between privacy protection and regulatory requirements. While providing convenience to users, it strictly combats certain illegal transactions. Therefore, we integrate a variety of cryptographic techniques, using probabilistic public-key cryptography, IBC cryptography, Pedersen commitment, Bulletproofs Zero-Knowledge Proof, etc., to form a blockchain transaction model with privacy and supervision functions. With the advantages of probabilistic public-key encryption, the users' real identity information can be hidden and transaction anonymous identities can be generated, and the same real identity can be encrypted for unlimited times to generate different anonymous identities, which is convenient for users to realize the privacy protection of user transaction identity information by changing their anonymous identities. Pedersen promise and Bulletproofs technology are used to verify the legality of blockchain transactions. Regulators can use decryption to obtain the user's real identity information, and obtain the transaction amount through IBC cryptography, which satisfies the requirements of transaction privacy protection and supervision functions.

The blockchain transaction model proposed in this paper can be used as an independent module in the existing blockchain technology. Security performance analysis shows that the blockchain transaction scheme in this paper is simple and practical, and has a wide range of applications in the fields of digital assets and energy transactions.

Based on the above analysis, we find that the method proposed in this article can well balance privacy protection and supervision. We also believe that a lot of research is needed to enhance security and privacy protection. Typical network attacks and privacy issues can be used to undermine the stability of the blockchain system. Currently, all evolving solutions may slightly improve security and privacy, but usually accompanied by price increases make users suspicious of using such systems. However, with the help of this method to optimize the decision-making of users and regulators, further improvements are needed to realize the application. The fuzzy decision algorithm can evaluate the algorithm well and successfully capture the uncertainty, which is of great significance to improve the performance of the algorithm, and thus is applied to many industries [38]. Combining the solution proposed in this article with Pythagorean fuzzy uncertain environments will be our main research direction in the future.

CONFLICTS OF INTEREST

The authors declare they have no conflicts of interest.

AUTHORS' CONTRIBUTIONS

Conceptualization, Zhiyuan Xue and Miao Wang; methodology, Zhiyuan Xue, Peide Liu; software, Zhiyuan Xue and Miao Wang; writing—original draft preparation, Zhiyuan Xue; writing—review and editing, Miao Wang and Qiuyue Zhang; visualization, Miao Wang and Qiuyue Zhang; supervision, Yunfeng Zhang and Peide Liu.

ACKNOWLEDGMENTS

This research was funded by the National Natural Science Foundation of China (Grant Nos. 61972227), the Natural Science Foundation of Shandong Province (Grant Nos. ZR2019MF051 and ZR201808160102) and in part by the Fostering Project of Dominant Discipline and Talent Team of Shandong Province Higher Education Institutions.

REFERENCES

1.S. Nakamoto, Bitcoin: a peer-to-peer electronic cash system, 2008. Online https://bitcoin.org/bitcoin.pdf
2.Ministry of Industry and Information Technology, White paper for China blockchain technology and application development [EB/OL], 2016. http://5li08.cn/a4tzE
17.R. Horgan, Dash for the cash, New Civil Engineer, 2019, pp. 42-43.
24.Z. Kuo and X. Yongheng, Research review on internet of things security driven by blockchain technology, Inf. Netw. Secur., Vol. 17, 2017, pp. 1-6.
31.D.R. Stinson, Principles and Practices of Cryptography, third, Electronic Industry Press, Beijing, China, 2009.
Journal
International Journal of Computational Intelligence Systems
Volume-Issue
14 - 1
Pages
1642 - 1652
Publication Date
2021/06/07
ISSN (Online)
1875-6883
ISSN (Print)
1875-6891
DOI
10.2991/ijcis.d.210528.001How to use a DOI?
Copyright
© 2021 The Authors. Published by Atlantis Press B.V.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - JOUR
AU  - Zhiyuan Xue
AU  - Miao Wang
AU  - Qiuyue Zhang
AU  - Yunfeng Zhang
AU  - Peide Liu
PY  - 2021
DA  - 2021/06/07
TI  - A Regulatable Blockchain Transaction Model with Privacy Protection
JO  - International Journal of Computational Intelligence Systems
SP  - 1642
EP  - 1652
VL  - 14
IS  - 1
SN  - 1875-6883
UR  - https://doi.org/10.2991/ijcis.d.210528.001
DO  - 10.2991/ijcis.d.210528.001
ID  - Xue2021
ER  -