区块链上基于格的可监管隐私保护方案  

作　　者：曹博雅 高军涛[1] 李雪莲 CAO Bo-YA;GAO Jun-Tao;LI Xue-Lian(School of Telecommunications Engineering,Xidian University,Xi’an 710071,China;School of Mathematics and Statistics,Xidian University,Xi’an 710126,China)

机构地区：[1]西安电子科技大学通信工程学院,西安710071 [2]西安电子科技大学数学与统计学院,西安710126

出　　处：《密码学报(中英文)》2025年第1期69-83,共15页Journal of Cryptologic Research

基　　金：陕西省重点研发计划(2021ZDLGY06-04);陕西高校青年创新团队;西安电子科技大学交叉培育项目(21103240011)。

摘　　要：区块链账本中数据存储公开透明的特性导致了链上交易数据存在隐私泄露风险.现有的隐私保护方案难以在保护用户隐私与监管恶意用户的行为之间达到平衡,并且基于传统公钥密码学的隐私保护方案在量子环境下可能存在安全隐患.针对上述问题,本文提出了一种基于格的可监管区块链隐私保护方案,实现对正常用户身份、交易金额的保护,并对恶意用户身份和交易金额进行监管.本文通过秘密共享方案设计监管密钥生成算法,避免单一监管方权利过大;利用一次性密钥与一次性地址进行交易双方的对接,实现对接收方地址的隐藏;最后利用格上R-LWE困难问题与R-BGV加密方案设计用户身份公钥证明,保证用户的匿名与用户身份可监管;设计交易金额证明,保证交易金额平衡与可监管.通过对方案正确性、安全性和性能的分析,证明了本文方案既能在抗量子的前提下较为高效地保护交易数据隐私,又能实现对交易用户身份与交易金额的监管.The public and transparent nature of data storage in blockchain ledgers poses a privacy breach risk on chain transaction data.Existing privacy protection schemes struggle to strike a balance between protecting users’privacy and regulating the behavior of malicious users.Moreover,the privacy protection scheme based on traditional public key cryptography may have security risks in the quantum environment.In response to the above issues,this study proposes a lattice-based regulatory privacy protection scheme on blockchain,which achieves the protection of normal user’s identity and transaction amount,as well as the supervision of malicious user’s identity and transaction amount.Also the study designs the supervision key generation algorithm with the secret sharing scheme,avoiding excessive rights of a single regulator;utilizes one-time keys and one-time addresses to connect both parties in a transaction,while hiding the recipient’s address;designs a user identity public key proof with the R-LWE problem and R-BGV encryption algorithm to ensure the anonymity and supervision of the users’identity;and designs proof of transaction amount to ensure that the transaction amount is balanced and supervisable.Through the analysis of the correctness,security and performance of the scheme,it is proven that the proposed scheme can effectively protect transaction data privacy while resisting quantum interference and achieving supervision of transaction user’s identity and transaction amount.

关 键 词：一次性地址 R-LWE困难问题 R-BGV加密 可监管隐私保护 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]