[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2022143798A1 - 跨链交易的验证方法、终端设备及可读存储介质 - Google Patents

跨链交易的验证方法、终端设备及可读存储介质 Download PDF

Info

Publication number
WO2022143798A1
WO2022143798A1 PCT/CN2021/142626 CN2021142626W WO2022143798A1 WO 2022143798 A1 WO2022143798 A1 WO 2022143798A1 CN 2021142626 W CN2021142626 W CN 2021142626W WO 2022143798 A1 WO2022143798 A1 WO 2022143798A1
Authority
WO
WIPO (PCT)
Prior art keywords
chain
cross
transaction
verification
gateway
Prior art date
Application number
PCT/CN2021/142626
Other languages
English (en)
French (fr)
Inventor
李伟
邱炜伟
蔡亮
汪小益
匡立中
Original Assignee
杭州趣链科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州趣链科技有限公司 filed Critical 杭州趣链科技有限公司
Publication of WO2022143798A1 publication Critical patent/WO2022143798A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present application belongs to the field of computer technology, and in particular relates to a verification method for cross-chain transactions, a terminal device and a readable storage medium.
  • cross-chain technology which mainly includes notary-based mechanisms, hash locking, and relay chains.
  • the cross-chain transaction based on the relay chain is that different application chains access the relay chain through the cross-chain gateway, and perform cross-chain operations through the relay chain.
  • One of the purposes of the embodiments of the present application is to provide a cross-chain transaction verification method, terminal device and readable storage medium, which can solve the problem that the cross-chain transaction is currently verified by the cross-chain gateway of the destination chain, and the cross-chain transaction is increased.
  • the problem of the processing burden of the gateway is to provide a cross-chain transaction verification method, terminal device and readable storage medium, which can solve the problem that the cross-chain transaction is currently verified by the cross-chain gateway of the destination chain, and the cross-chain transaction is increased.
  • an embodiment of the present application provides a cross-chain transaction verification method, which is applied to a source chain cross-chain gateway, and the method includes:
  • the embodiments of the present application provide a cross-chain transaction verification method, which is applied to the relay chain, and the method includes:
  • the running the verification code to verify the zero-knowledge proof includes:
  • the method further includes:
  • the second private key of the second asymmetric key decrypts the encrypted symmetric key to obtain the symmetric key; the transaction ciphertext is used to instruct the destination chain cross-chain gateway to decrypt the encrypted symmetric key using the symmetric key
  • the transaction ciphertext is obtained to obtain the transaction plaintext; the transaction plaintext is used to instruct the destination chain cross-chain gateway to initiate a call to the destination chain according to the cross-chain call information in the transaction plaintext.
  • the embodiments of the present application provide a cross-chain transaction verification method, which is applied to a destination chain cross-chain gateway, and the method includes:
  • the cross-chain transaction sent by the relay chain, where the cross-chain transaction includes the transaction ciphertext and the encrypted symmetric key; decrypt the encrypted symmetric key by using the second private key of the second asymmetric key to obtain Symmetric key; decrypt the transaction ciphertext using the symmetric key to obtain the transaction plaintext of the cross-chain transaction; initiate a call to the destination chain according to the cross-chain call information in the transaction plaintext.
  • the embodiments of the present application provide a verification system for cross-chain transactions, including:
  • the source chain cross-chain gateway is used to generate cross-chain transactions according to the cross-chain events of the source chain, and send the cross-chain transactions to the relay chain;
  • the relay chain is used to receive the cross-chain transaction sent by the cross-chain gateway of the source chain, and verify the verification protocol of the cross-chain transaction through the verification rules. After the verification is passed, send the cross-chain transaction to the cross-chain gateway of the destination chain. trade;
  • the destination chain cross-chain gateway is used to receive the cross-chain transaction sent by the relay chain, parse the cross-chain transaction, obtain the transaction plaintext, and call the destination chain according to the transaction plaintext.
  • an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, when the processor executes the computer program implement the method described.
  • an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program implements the method when executed by a processor.
  • an embodiment of the present application provides a computer program product, which enables the terminal device to execute the above-mentioned method when the computer program product is run on a terminal device.
  • the source chain cross-chain gateway obtains the cross-chain event submitted by the source chain; based on the cross-chain event, a cross-chain transaction is generated, and the cross-chain transaction includes verification.
  • the relay chain can send the cross-chain transaction to the cross-chain gateway of the destination chain only after the verification protocol is passed, without the need for the cross-chain gateway of the destination chain to verify again, so that the cross-chain gateway remains lightweight; At the same time, the verification of cross-chain transactions by the relay chain is more reliable; it has strong ease of use and practicability.
  • FIG. 1 is a schematic diagram of a system architecture of an application scenario provided by an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a verification method for a cross-chain transaction provided by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a verification method for a cross-chain transaction provided by another embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a verification method for a cross-chain transaction provided by another embodiment of the present application.
  • FIG. 5 is a schematic diagram of an interaction flow provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a cross-chain gateway of a source chain provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a relay chain provided by an embodiment of the present application.
  • FIG. 8 is a structural example diagram of a cross-chain gateway of a destination chain provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a verification system for cross-chain transactions provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a terminal device provided by an embodiment of the present application.
  • FIG. 1 is a schematic diagram of a system architecture of an application scenario provided by an embodiment of the present application
  • blockchain A and blockchain B conduct cross-chain transactions through relay chain R.
  • Blockchain A consists of institution a1, institution a2, institution a3, etc.
  • blockchain B consists of institution b1, institution b2, institution b3, etc.
  • the institution a1 of blockchain A and the institution b1 of blockchain B conduct business cooperation through cross-chain
  • the institution a1 at the node of blockchain A is connected to the relay chain R through the cross-chain gateway Pa
  • the institution b1 is in the blockchain.
  • the nodes of the block chain B access the relay chain R through the cross-chain gateway Pb.
  • Both the cross-chain gateway Pa and the cross-chain gateway Pb register the information of the application chain (blockchain) A and the application chain (blockchain) B with the relay chain R in advance, and register the verification rules of their respective application chains.
  • the cross-chain gateway Pa listens to the cross-chain event, converts it to generate a cross-chain transaction T, and submits it to the relay chain R; among them, the cross-chain transaction T contains Source chain A (blockchain A) and destination chain B (blockchain B) address information, source chain A (blockchain A) call information (contract, method, parameters, etc.), and the cross-chain transaction validity proof of source chain A (blockchain A).
  • the cross-chain transaction is packaged into a block, and the built-in cross-chain transaction verification engine invokes the pre-registered verification rules of blockchain A to verify the cross-chain transaction T of blockchain A.
  • the cross-chain transaction can be routed to the destination chain B (blockchain B).
  • the cross-chain gateway Pb of the destination chain B (blockchain B) synchronizes to the cross-chain transaction T, it converts the invocation information into the transaction of blockchain B, and calls the contract of blockchain B.
  • the cross-chain gateway Pb After receiving the receipt from blockchain B, the receipt is submitted to the relay chain R in the form of a cross-chain transaction.
  • the relay chain R produces blocks, performs the verification process and routes to the source chain A (blockchain A ).
  • the information in the cross-chain transaction involves the business-sensitive information of the institutions a1 and b1 on both sides of the cross-chain, it is not expected to be seen by other institutions, and the cross-chain transaction stored on the relay chain can be obtained by other institutions, resulting in The privacy of both parties to the transaction is leaked.
  • the call information and proof information in cross-chain transactions are sent to the relay chain in the form of cipher text.
  • the intercommunication method of the cross-chain gateway of the chain for verification For example: AppChain A's cross-chain gateway Pa registers AppChain with AppChain B's cross-chain gateway Pb, and deploys a verification rule for cross-chain transaction verification; AppChain A's cross-chain gateway Pa and AppChain B
  • the cross-chain gateway Pb performs key negotiation to obtain a symmetric key key; when application chain A initiates a cross-chain transaction to application chain B, the cross-chain gateway Pa uses the symmetric key key to encrypt the cross-chain transaction call information and certification information , and then send it to the relay chain.
  • the relay chain Since the relay chain receives the transaction ciphertext, the transaction information cannot be disclosed.
  • the relay chain routes the transaction ciphertext to the destination chain B.
  • the cross-chain gateway Pb of the destination chain B decrypts the transaction ciphertext with the key; The transaction is validated for validity.
  • the cross-chain gateway Pb converts the call information in the cross-chain transaction into the transaction of the destination application chain B, and submits it to the application chain B (destination chain B).
  • a cross-chain gateway is essentially an interactive component that connects different blockchain systems and is a lightweight node. After the verification of transaction validity is transferred to the cross-chain gateway, the burden of the cross-chain gateway will increase with the increase of cross-chain transactions with different application chains.
  • transaction verification is less reliable.
  • the cross-chain gateway is a single-point component architecture, and the single-point architecture is prone to errors, so the reliability of transaction verification performed by the cross-chain gateway is poor.
  • transaction verification via cross-chain gateways is less scalable. Every time an application chain conducts a cross-chain transaction with another application chain, the cross-chain gateway needs to register with the other side's cross-chain gateway and deploy a verification rule of the other side's application chain, which makes the transaction less scalable.
  • This application hides business-sensitive information in cross-chain transactions by means of zero-knowledge proof, and the validity of cross-chain transactions can still be verified through the relay chain, while protecting the privacy information of both parties in cross-chain transactions from being leaked.
  • the verification process in the cross-chain transaction process is described below through each unilateral node in the interaction process.
  • FIG. 2 it is a schematic flowchart of a verification method for a cross-chain transaction provided by an embodiment of the present application. This method is applied to the cross-chain gateway of the source chain, and the execution subject is the cross-chain gateway Pa as shown in FIG. 1 .
  • the method includes the following steps:
  • Step S201 acquiring the cross-chain event submitted by the source chain.
  • blockchain A and blockchain B conduct cross-chain transactions through relay chain R, and blockchain A is composed of institutions a1, a2, a3, etc.
  • the blockchain B consists of institutions b1, b2, b3, etc.
  • Blockchain A is the source chain, and Blockchain B is the destination chain.
  • the organization a1 of blockchain A and the organization b1 of blockchain B conduct business cooperation through cross-chain.
  • institution a1 deploys the node of blockchain A, the cross-chain gateway Pa and the node of relay chain R, and the institution b1 deploys the node of blockchain B, the cross-chain gateway Pb and the node of relay chain R, each
  • the cross-chain gateway has a pair of asymmetric keys, namely a public key and a private key pair.
  • the institution a1 throws a cross-chain event from the blockchain A by calling the business contract of the blockchain A.
  • the cross-chain gateway Pa listens to the cross-chain event and obtains the cross-chain event.
  • the cross-chain event includes the address information and transaction plaintext of source chain A (blockchain A) and destination chain B (blockchain B).
  • the transaction plaintext includes source chain A (blockchain A) to destination chain B (blockchain B).
  • the cross-chain call information (contracts, methods, parameters, etc.) of blockchain B), and the validity proof of cross-chain transactions of source chain A (blockchain A).
  • the method further includes:
  • the second public key of the second asymmetric key of the cross-chain gateway wherein the symmetric key is used to encrypt the transaction plaintext of the cross-chain event, and the verification rule is the verification code for verifying the verification protocol.
  • the first asymmetric key is generated by the cross-chain gateway Pa, and the first asymmetric key includes a first public key and a first private key.
  • the cross-chain gateway Pa registers the information and the first public key of the institution a1 of the blockchain A with the relay chain R, and registers the verification rules of the blockchain A with the relay chain R.
  • the source chain cross-chain gateway uses the generated symmetric key to encrypt the transaction plaintext of the cross-chain event.
  • the transaction plaintext of the cross-chain event includes the cross-chain call information and the validity proof of the cross-chain transaction;
  • the cross-chain call information includes the destination chain contract address, destination chain contract method and parameters.
  • Step S202 generating a cross-chain transaction based on the cross-chain event, where the cross-chain transaction includes a verification protocol.
  • the cross-chain gateway Pa monitors the cross-chain event, it generates a cross-chain transaction based on the cross-chain event.
  • the verification protocol can be a zero-knowledge proof, and the verification rule is a verification code of a zero-knowledge proof.
  • the verification engine of the relay chain R can call the verification code to verify the cross-chain transaction issued by the blockchain A.
  • cross-chain transactions include transaction ciphertext, encrypted symmetric keys, and zero-knowledge proofs.
  • generating cross-chain transactions based on cross-chain events includes:
  • the knowledge proof uses zero-knowledge proof as the verification protocol; encrypts the symmetric key with the second public key of the second asymmetric key of the destination chain cross-chain gateway to obtain the encrypted symmetric key.
  • the transaction plaintext is the transaction information in the cross-chain event, including the cross-chain call information Payload and the cross-chain transaction validity proof Proof.
  • the transaction ciphertext is obtained by encrypting the transaction plaintext with a symmetric key; the encrypted symmetric key is to encrypt the symmetric key of the cross-chain gateway Pa through the second public key of the second asymmetric key of the cross-chain gateway Pb. Obtained; the verification protocol is a zero-knowledge proof generated based on the transaction plaintext, transaction ciphertext and symmetric key.
  • the cross-chain gateway Pa uses the symmetric key K to encrypt the transaction plaintext in the cross-chain event (including cross-chain call information and cross-chain transaction validity proof); wherein, the cross-chain call information includes the destination chain contract address, destination chain Contract methods and parameters.
  • the cross-chain call information is encrypted and denoted as E(Payload, K), and the encrypted cross-chain call information E(Payload, K) is used as the public input for generating the verification protocol.
  • the cross-chain gateway Pa uses the symmetric key K to encrypt the cross-chain transaction validity proof, the encrypted cross-chain transaction validity proof is recorded as E(Proof, K), and the encrypted cross-chain transaction validity proof E(Proof, K) as public input to generate the verification protocol.
  • the symmetric key K and the transaction plaintext are used as privacy inputs to generate the verification protocol.
  • the cross-chain gateway Pa monitors the cross-chain event, it generates a zero-knowledge proof by running a preset zero-knowledge proof generation code, and uses the above E(Payload, K) and E(Proof, K) as the Public input, symmetric key K, cross-chain call information Payload and cross-chain transaction validity proof Proof are used as privacy input to generate zero-knowledge proof.
  • the preset zero-knowledge proof generation code can be zkSNARK.
  • the cross-chain gateway Pa also uses the second public key of the second asymmetric key of the target-chain cross-chain gateway to encrypt the symmetric key.
  • the cross-chain gateway Pb randomly generates a second asymmetric key, and the second asymmetric key includes a second public key and a second private key.
  • the cross-chain gateway Pb registers the information and the second public key of the organization b1 of the blockchain B with the relay chain R, and registers the verification rules of the blockchain B with the relay chain.
  • the verification rule can be a verification code of a zero-knowledge proof
  • the verification engine of the relay chain R can call the verification code to verify the cross-chain transaction issued by the blockchain B.
  • Step S203 sending the cross-chain transaction to the relay chain, instructing the relay chain to send the cross-chain transaction to the target chain cross-chain gateway after passing the verification of the verification protocol.
  • the cross-chain gateway Pa submits the cross-chain transaction to the relay chain R, and the relay chain R packages the cross-chain transaction into a block, and sends the cross-chain transaction to the destination chain cross-chain gateway.
  • Cross-chain transactions include transaction ciphertext, encrypted symmetric keys, and zero-knowledge proofs.
  • the method includes: sending the transaction ciphertext, the encrypted symmetric key and the zero-knowledge proof to the relay chain, and instructing the relay chain to run the verification code corresponding to the verification rule to verify the zero-knowledge proof. Since the relay chain receives the transaction ciphertext, the transaction information cannot be disclosed.
  • the method includes:
  • the encrypted symmetric key is used to instruct the destination chain cross-chain gateway to decrypt the encrypted symmetric key using the second private key of the second asymmetric key to obtain a symmetric key;
  • the transaction ciphertext is used to instruct the destination chain cross-chain gateway Decrypt the transaction ciphertext using the symmetric key to obtain the transaction plaintext;
  • the transaction plaintext is used to instruct the destination chain cross-chain gateway to initiate a call to the destination chain according to the calling information in the transaction plaintext.
  • the cross-chain gateway encrypts the transaction plaintext of the cross-chain event and uses the transaction plaintext as the privacy input for generating the zero-knowledge proof, and instructs the relay chain to verify the zero-knowledge of the cross-chain transaction.
  • Knowledge proof is used for verification.
  • the logic of zero-knowledge proof verification includes the verification of the validity of cross-chain transactions and the correctness of cross-chain call information, and the relay chain receives the transaction ciphertext, so the transaction cannot be disclosed. It protects the privacy of cross-chain transactions; at the same time, it is verified by the relay chain, which reduces the load of data processing by the cross-chain gateway and ensures the reliability of cross-chain transaction verification.
  • FIG. 3 it is a schematic flowchart of a verification method for a cross-chain transaction provided by another embodiment of the present application. This method is applied to the relay chain, and the execution subject is the relay chain R as shown in FIG. 1 . The method includes the following steps:
  • Step S301 Receive a cross-chain transaction sent by the source-chain cross-chain gateway, where the cross-chain transaction includes a verification protocol.
  • the cross-chain gateway Pa is the source-chain cross-chain gateway, and the relay chain R receives the cross-chain transaction submitted by the cross-chain gateway Pa.
  • the verification protocol can be a zero-knowledge proof
  • the verification rule is a piece of zero-knowledge proof verification code
  • the verification engine of the relay chain R can call the verification code to verify the cross-chain transaction issued by the blockchain A.
  • Cross-chain transactions can include transaction ciphertext, encrypted symmetric keys, and zero-knowledge proofs.
  • the encrypted symmetric key is obtained by the source-chain cross-chain gateway encrypting its own symmetric key by using the second public key of the second asymmetric key of the destination-chain cross-chain gateway.
  • the transaction plaintext includes the cross-chain call information and the validity proof of the cross-chain transaction; the cross-chain call information includes the destination chain contract address, destination chain contract method and parameters.
  • the transaction ciphertext is obtained by the source chain cross-chain gateway encrypting the transaction plaintext with its own symmetric key.
  • Zero-knowledge proof is a verification protocol generated by the source chain cross-chain gateway to verify the cross-chain transaction with the transaction plaintext and the symmetric key as the private input and the transaction ciphertext as the public input.
  • Step S302 verifying the verification protocol according to a preset verification rule.
  • the preset verification rule is the verification rule of the source chain registered by the source chain cross-chain gateway with the relay chain, and is the verification code of the verification protocol.
  • Different blockchains can register the verification rules with the relay chain in advance through the cross-chain gateway when conducting cross-chain transactions.
  • verifying the verification protocol according to the preset verification rules includes: obtaining the verification rules registered by the source chain cross-chain gateway, and the verification rules are verification codes for verifying the zero-knowledge proof; running the verification code to verify the zero-knowledge proof authenticating.
  • the cross-chain transaction includes transaction ciphertext, encrypted symmetric key and zero-knowledge proof;
  • the transaction ciphertext is obtained by the source chain cross-chain gateway using the symmetric key to encrypt the transaction plaintext in the cross-chain event;
  • the symmetric key is the cross-chain transaction The key pair generated by the chain gateway;
  • the zero-knowledge proof is that the source chain cross-chain gateway takes the transaction ciphertext as the public input, the transaction plaintext and the symmetric key as the private input, and runs the preset zero-knowledge proof generation code, and the generated verification protocol;
  • the encrypted symmetric key is obtained by encrypting the symmetric key by the source chain cross-chain gateway using the second public key of the second asymmetric key of the destination chain cross-chain gateway.
  • the cross-chain event submitted by the source chain to the source-chain cross-chain gateway includes transaction plaintext
  • the transaction plaintext includes cross-chain call information and cross-chain transaction validity proof.
  • the cross-chain gateway Pa uses the symmetric key K to encrypt the information that needs to be called in the cross-chain event, that is, the cross-chain call information; wherein, the cross-chain call information includes the destination contract address, destination Chain contract methods and parameters.
  • the cross-chain call information is encrypted and recorded as E(Payload, K), and the encrypted cross-chain call information E(Payload, K) is used as the public input for generating the verification protocol (zero-knowledge proof).
  • the cross-chain gateway Pa uses the symmetric key K to encrypt the cross-chain transaction validity proof, the encrypted cross-chain transaction validity proof is recorded as E(Proof, K), and the encrypted cross-chain transaction validity proof E(Proof, K), as public input to generate a verification protocol (zero-knowledge proof).
  • the relay chain R uses the verification engine to call the verification rules pre-registered by the cross-chain gateway Pa, that is, a verification code of a zkSNARK zero-knowledge proof, with E(payload, K) and E(Proof, K) are input to verify the zero-knowledge proof in cross-chain transactions.
  • running verification code to verify the zero-knowledge proof includes:
  • the transaction ciphertext is used as the public input, and the transaction plaintext and the symmetric key are used as the private input; in the verification process, the transaction ciphertext is used as the input, that is, E(payload, K ) and E(Proof, K) is the input, decrypt the input transaction ciphertext through the symmetric key to obtain the transaction plaintext, and compare the transaction plaintext with the transaction plaintext as the privacy input. If the comparison results are consistent, the internal logic of zero-knowledge proof The cross-chain transaction validity proof and cross-chain call information in the transaction plaintext are verified. If the result of the verification is that the cross-chain transaction is valid and the cross-chain call information is correct, the verification is passed.
  • the zero-knowledge proof is used to verify the cross-chain transaction. While verifying the above-mentioned transaction plaintext, the zero-knowledge proof will complete the validity verification of its own logic of the transaction plaintext as a privacy input, and obtain the verification result. If the verification is passed, there is no need to provide any private data related to the cross-chain transaction to the relay chain, so that the relay chain believes that it has the transaction information of the cross-chain transaction and the verification result proves that the cross-chain transaction is valid and the cross-chain call information is accurate.
  • the proof process of the transaction information implementation logic does not leak any information about the authenticated message to the relay chain; thus, it protects the privacy of both parties to the transaction and completes the verification of the validity of the cross-chain transaction.
  • the cross-chain transaction validity certificate records the legality and existence proof information of the cross-chain transaction.
  • the engine provides specific verification information to ensure that the privacy of cross-chain transactions is not leaked.
  • the specific verification rules and methods can be loaded into the verification process of zero-knowledge proof through flexible verification rules.
  • different blockchains correspond to different verification rules for validity verification, that is, the verification logic of the self-validation proof of the transaction plaintext; for example, for the fabric application chain (Fabric is a block with a highly modular and configurable architecture. Chain collectively), the cross-chain gateway needs to register the fabric's verification logic validator and endorsement policy information to the relay chain, and the generated validity proof information proof needs to include the endorsement response of the transaction.
  • the cross-chain gateway when the cross-chain gateway generates the validity proof information proof, it needs to carry the simple payment verification (Simplified Payment Verification) of the source chain transaction. Payment Verification (SPV) proof and transaction content, as well as the block header information of the exchange in the last n of the block (the n value is the number of blocks required for the confirmation of Ethereum transactions with high probability).
  • SPV Payment Verification
  • Step S303 if the verification is passed, the cross-chain transaction is sent to the target-chain cross-chain gateway.
  • the cross-chain transaction is verified by the relay chain verification engine, it is routed to the destination chain and received by the destination chain cross-chain gateway Pb.
  • the transaction ciphertext and the encrypted symmetric key are sent to the destination chain cross-chain gateway.
  • the encrypted symmetric key is used to instruct the destination chain cross-chain gateway to decrypt the encrypted symmetric key using the second private key of the second asymmetric key to obtain a symmetric key;
  • the transaction ciphertext is used to instruct the destination chain cross-chain
  • the chain gateway uses the symmetric key to decrypt the transaction ciphertext to obtain the transaction plaintext;
  • the transaction plaintext is used to instruct the destination chain cross-chain gateway to initiate a call to the destination chain according to the cross-chain call information in the transaction plaintext.
  • the cross-chain gateway Pb decrypts the encrypted symmetric key using the second private key of the second asymmetric key to obtain the symmetric key K, and then uses the symmetric key K Decrypt the encrypted cross-chain call information E(payload, K) to obtain the cross-chain call information payload, which includes the destination chain contract address, method and parameters.
  • the cross-chain gateway Pb converts the decrypted payload into the transaction of the destination chain, and initiates a call to the destination chain.
  • cross-chain gateway Pb uses the same method to encrypt the receipt of the destination chain, and generates a zero-knowledge proof, generates a new cross-chain transaction, and submits the new cross-chain transaction to the relay chain.
  • FIG. 4 it is a schematic flowchart of a verification method for a cross-chain transaction provided by another embodiment of the present application.
  • the method is applied to the cross-chain gateway of the destination chain, and the execution body is the cross-chain gateway Pb as shown in Figure 1.
  • the process of this method has been described in the above-mentioned embodiments. Based on the same processing principle, it will not be repeated here. Repeat.
  • the method includes the following steps:
  • Step S401 receiving a cross-chain transaction sent by the relay chain, where the cross-chain transaction includes the transaction ciphertext and the encrypted symmetric key.
  • Step S402 decrypt the encrypted symmetric key by using the second private key of the second asymmetric key to obtain a symmetric key.
  • Step S403 decrypt the ciphertext of the transaction by using the symmetric key to obtain the plaintext of the cross-chain transaction.
  • Step S404 initiate a call to the destination chain according to the cross-chain call information in the transaction plaintext.
  • FIG. 5 it is a schematic diagram of an interaction flow provided by an embodiment of the present application.
  • the implementation principles of each step are the same as the implementation processes described in FIG. 2 , FIG. 3 , and FIG.
  • the interaction process includes a registration phase and a cross-chain transaction phase.
  • the registration stage includes: the cross-chain gateway Pa generates the symmetric key K1 and the first asymmetric key, and registers the information of the relay chain R with the information of the institution a1 and the public key information of the first asymmetric key of the cross-chain gateway Pa Kpuba, and the verification rule 1 of the institution a1; the cross-chain gateway Pb generates the symmetric key K2 and the second asymmetric key, and registers the information of the institution b1 and the second asymmetric key of the cross-chain gateway Pb to the relay chain R
  • the cross-chain gateway Pa obtains the public key information Kpubb of the cross-chain gateway Pb stored in the relay chain R; the cross-chain gateway Pb obtains the public key information Kpuba of the cross-chain gateway Pa stored in the relay chain R.
  • the cross-chain transaction phase includes:
  • Institution a1 invokes the business contract of blockchain A and throws a cross-chain event to the cross-chain gateway Pa;
  • the cross-chain gateway Pa uses the symmetric key K1 to encrypt the cross-chain call information and the cross-chain valid proof information in the transaction plaintext respectively to obtain the transaction ciphertext; uses the public key information Kpubb to encrypt the symmetric key K1; uses the transaction plaintext , transaction ciphertext, and symmetric key K1 as input, run the preset zero-knowledge proof generation code, generate zero-knowledge proof, and obtain the first cross-chain transaction;
  • the cross-chain gateway Pa packages the transaction ciphertext, encrypted symmetric key K1 and zero-knowledge proof, and submits it to the relay chain R;
  • the verification engine of the relay chain R invokes the verification rules of the institution a1 registered by the cross-chain gateway Pa to verify the zero-knowledge proof;
  • the relay chain R sends the transaction ciphertext and the encrypted symmetric key K1 to the cross-chain gateway Pb;
  • the cross-chain gateway Pb uses the private key information of the second asymmetric key to decrypt the encrypted symmetric key K1 to obtain the symmetric key K1; uses K1 to decrypt the transaction ciphertext to obtain the transaction plaintext;
  • the cross-chain gateway Pb calls the institution b1 according to the calling information in the plaintext of the transaction;
  • the cross-chain gateway Pb obtains the receipt information of the institution b1;
  • the cross-chain gateway Pb generates the second cross-chain transaction based on the receipt information
  • the cross-chain gateway remains lightweight, and does not need to verify the validity of cross-chain transactions; the verification of cross-chain transactions performed by the relay chain is more reliable; the scalability is good, if a new application chain is added, It is only necessary to register the application chain information and verification rules with the relay chain.
  • FIG. 6 shows a block diagram of the structure of the verification device for the cross-chain transaction provided by the embodiment of the present application. relevant part.
  • the device includes:
  • an acquisition unit 61 used to acquire cross-chain events submitted by the source chain
  • a processing unit 62 configured to generate a cross-chain transaction based on the cross-chain event, where the cross-chain transaction includes a verification protocol;
  • the sending unit 63 is configured to send the cross-chain transaction to the relay chain, and instruct the relay chain to send the cross-chain transaction to the destination chain cross-chain gateway after passing the verification of the verification protocol.
  • FIG. 7 shows a structural block diagram of an apparatus for verifying a cross-chain transaction provided by an embodiment of the present application. For convenience of description, only parts related to the embodiment of the present application are shown.
  • the device includes:
  • a receiving unit 71 configured to receive a cross-chain transaction sent by the source-chain cross-chain gateway, where the cross-chain transaction includes a verification protocol;
  • a verification unit 72 configured to verify the verification protocol according to a preset verification rule
  • the routing unit 73 is configured to send the cross-chain transaction to the destination-chain cross-chain gateway if the verification is passed.
  • FIG. 8 shows a structural block diagram of an apparatus for verifying a cross-chain transaction provided by an embodiment of the present application. For convenience of description, only parts related to the embodiment of the present application are shown.
  • the device includes:
  • a receiving unit 81 configured to receive a cross-chain transaction sent by the relay chain, where the cross-chain transaction includes a transaction ciphertext and an encrypted symmetric key;
  • a first decryption unit 82 configured to decrypt the encrypted symmetric key by using the second private key of the second asymmetric key to obtain a symmetric key
  • the second decryption unit 83 is configured to decrypt the transaction ciphertext by using the symmetric key to obtain the transaction plaintext of the cross-chain transaction;
  • the calling unit 84 is configured to initiate a call to the destination chain according to the cross-chain calling information in the plaintext of the transaction.
  • FIG. 9 shows a structural block diagram of the verification system of the cross-chain transaction provided by the embodiment of the present application. relevant part.
  • the source chain cross-chain gateway 91 is used for generating cross-chain transactions according to cross-chain events of the source chain, and sending the cross-chain transactions to the relay chain;
  • the relay chain 92 is used to receive the cross-chain transaction sent by the cross-chain gateway of the source chain, verify the verification protocol of the cross-chain transaction through verification rules, and send the cross-chain transaction to the cross-chain gateway of the destination chain after the verification is passed. chain transaction;
  • the destination chain cross-chain gateway 93 is configured to receive the cross-chain transaction sent by the relay chain, parse the cross-chain transaction, obtain the transaction plaintext, and call the destination chain according to the transaction plaintext.
  • the cross-chain gateway encrypts the transaction plaintext of the cross-chain event and uses the transaction plaintext as the privacy input for generating the zero-knowledge proof, and instructs the relay chain to verify the zero-knowledge of the cross-chain transaction.
  • the verification of knowledge proof does not need to verify the logic and validity of the transaction plaintext, which protects the privacy of cross-chain transactions; at the same time, it is verified by the relay chain, which reduces the load of data processing by the cross-chain gateway and ensures the verification of cross-chain transactions.
  • the cross-chain gateway remains lightweight and does not need to verify the validity of the cross-chain transaction; the verification of the cross-chain transaction by the relay chain is more reliable; the scalability is good, if a new application chain is added, it only needs to The relay chain can register the application chain information and verification rules.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the steps in the foregoing method embodiments can be implemented.
  • the embodiments of the present application provide a computer program product, when the computer program product runs on a mobile terminal, the steps in the foregoing method embodiments can be implemented when the mobile terminal executes the computer program product.
  • FIG. 10 is a schematic structural diagram of a terminal device 10 according to an embodiment of the present application.
  • the terminal device 10 of this embodiment includes: at least one processor 100 (only one is shown in FIG. 10 ), a processor, a memory 101 , and a processor stored in the memory 101 and available for processing in the at least one processor
  • the computer program 102 running on the processor 100 when the processor 100 executes the computer program 102, implements the steps in any of the foregoing embodiments of the verification methods for cross-chain transactions.
  • the terminal device 10 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the terminal device 10 may include, but is not limited to, a processor 100 and a memory 101 .
  • FIG. 10 is only an example of the terminal device 10, and does not constitute a limitation on the terminal device 10. It may include more or less components than the one shown, or combine some components, or different components , for example, may also include input and output devices, network access devices, and the like.
  • the so-called processor 100 may be a central processing unit (Central Processing Unit, CPU), the processor 100 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 101 may be an internal storage unit of the terminal device 10 , such as a hard disk or a memory of the terminal device 10 .
  • the memory 101 may also be an external storage device of the terminal device 10, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, flash memory card (Flash Card), etc.
  • the memory 101 may also include both an internal storage unit of the terminal device 10 and an external storage device.
  • the memory 101 is used to store an operating system, an application program, a boot loader (Boot Loader), data, and other programs, for example, program codes of the computer program, and the like.
  • the memory 101 may also be used to temporarily store data that has been output or will be output.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as an independent product, may be stored in a computer-readable storage medium.
  • the present application realizes all or part of the processes in the methods of the above embodiments, which can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium.
  • the computer program includes computer program code
  • the computer program code may be in the form of source code, object code, executable file or some intermediate form, and the like.
  • the computer-readable medium may include at least: any entity or device capable of carrying the computer program code to the photographing device/terminal device, recording medium, computer memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunication signals, and software distribution media.
  • ROM read-only memory
  • RAM random access memory
  • electrical carrier signals telecommunication signals
  • software distribution media For example, U disk, mobile hard disk, disk or CD, etc.
  • computer readable media may not be electrical carrier signals and telecommunications signals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请适用于计算机应用技术领域,提供了一种跨链交易的验证方法、终端设备及可读存储介质,所述方法包括:获取源链提交的跨链事件;基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议;将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。通过本申请实施例,通过向中继链发送跨链交易,指示中继链仅对跨链交易中的验证协议进行验证,在保证隐私的前提下可以解决目前由目的链的跨链网关对跨链交易进行验证,增加了跨链网关的处理负担的问题。

Description

跨链交易的验证方法、终端设备及可读存储介质
本申请要求于2020年12月30日提交国家知识产权局、申请号为202011630475.0、申请名称为“跨链交易的验证方法、终端设备及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请属于计算机技术领域,尤其涉及一种跨链交易的验证方法、终端设备及可读存储介质。
背景技术
随着区块链应用技术的发展,不同的区块链之间可以通过跨链技术进行互相通信,跨链技术主要包括基于公证人机制、哈希锁定以及中继链等。其中,基于中继链的跨链交易为,不同的应用链通过跨链网关接入中继链,通过中继链进行跨链操作。
由于在跨链交易中涉及到交易双方机构的业务敏感信息,而通过中继链存储的跨链交易可以被其它机构获取,因此容易造成交易双方的隐私泄露。目前,为了避免跨链交易过程中的隐私泄露,将跨链交易中的信息以密文形式发送至中继链,通过中继链出块后不对跨链交易进行验证,而是由目的链的跨链网关进行验证,增加了跨链网关的处理负担。
技术问题
本申请实施例的目的之一在于:提供了一种跨链交易的验证方法、终端设备及可读存储介质,可以解决目前由目的链的跨链网关对跨链交易进行验证,增加了跨链网关的处理负担的问题。
技术解决方案
为解决上述技术问题,本申请实施例采用的技术方案是:
第一方面,本申请实施例提供了一种跨链交易的验证方法,应用于源链跨链网关,所述方法包括:
获取源链提交的跨链事件;基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议;将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。
第二方面,本申请实施例提供了一种跨链交易的验证方法,应用于中继链,所述方法包括:
接收源链跨链网关发送的跨链交易,所述跨链交易包括验证协议;根据预设的验证规则对所述验证协议进行验证;若验证通过,则向目的链跨链网关发送所述跨链交易。
示例性的,所述运行所述验证代码,对所述零知识证明进行验证,包括:
以所述交易密文为输入,通过所述零知识证明中的对称密钥解密所述交易密文,得到待验证的交易明文;将所述待验证的交易明文与所述零知识证明中的交易明文进行对比;若一致,则验证交易明文中的跨链交易有效性证明和跨链调用信息;若所述跨链交易验证为有效且所述跨链调用信息验证为正确,则验证通过。
示例性的,所述方法还包括:
若验证通过,则向所述目的链跨链网关发送所述交易密文和所述加密的对称密钥;其中,所述加密的对称密钥用于指示所述目的链跨链网关使用所述第二非对称密钥的第二私钥解密所述加密的对称密钥,得到所述对称密钥;所述交易密文用于指示所述目的链跨链网关使用所述对称密钥解密所述交易密文,得到所述交易明文;所述交易明文用于指示所述目的链跨链网关根据所述交易明文中的跨链调用信息向所述目的链发起调用。
第三方面,本申请实施例提供了一种跨链交易的验证方法,应用于目的链跨链网关,所述方法包括:
接收中继链发送的跨链交易,所述跨链交易包括交易密文和加密的对称密钥;利用第二非对称密钥的第二私钥对所述加密的对称密钥进行解密,得到对称密钥;利用所述对称密钥解密所述交易密文,得到所述跨链交易的交易明文;根据所述交易明文中的跨链调用信息,向目的链发起调用。
第四方面,本申请实施例提供了一种跨链交易的验证系统,包括:
源链跨链网关,用于根据源链的跨链事件生成跨链交易,并向中继链发送所述跨链交易;
中继链,用于接收源链跨链网关发送的所述跨链交易,并通过验证规则对所述跨链交易的验证协议进行验证,验证通过后向目的链跨链网关发送所述跨链交易;
目的链跨链网关,用于接收所述中继链发送的跨链交易,并对所述跨链交易进行解析,得到交易明文,根据所述交易明文调用目的链。
第五方面,本申请实施例提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现所述的方法。
第六方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现所述的方法。
第七方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在终端设备上运行时,使得终端设备执行上述所述的方法。
可以理解的是,上述第二方面至第七方面的有益效果可以参见上述第一方面中的相关描述,在此不再赘述。
有益效果
本申请实施例与现有技术相比存在的有益效果是:通过本申请实施例,源链跨链网关获取源链提交的跨链事件;基于跨链事件生成跨链交易,跨链交易包括验证协议;将跨链交易发送至中继链,指示中继链对所述验证协议验证通过后向目的链跨链网关发送跨链交易;通过跨链网关生成的跨链交易,跨链交易中包括验证协议,可以由中继链仅对验证协议验证通过后,即可将跨链交易发送至目的链跨链网关,无需目的链的跨链网关再次进行验证,使得跨链网关保持轻量级;同时由中继链进行跨链交易的验证更加可靠;具有较强的易用性与实用性。
附图说明
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或示范性技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。
图1是本申请一实施例提供的应用场景的系统架构示意图;
图2是本申请一实施例提供的跨链交易的验证方法的流程示意图;
图3是本申请另一实施例提供的跨链交易的验证方法的流程示意图;
图4是本申请另一实施例提供的跨链交易的验证方法的流程示意图;
图5是本申请一实施例提供的交互流程示意图;
图6是本申请一实施例提供的源链的跨链网关的结构示意图;
图7是本申请一实施例提供的中继链的结构示意图;
图8是本申请一实施例提供的目的链的跨链网关的结构示例图;
图9是本申请实施例提供的跨链交易的验证系统的结构示意图;
图10是本申请实施例提供的终端设备的结构示意图。
本发明的实施方式
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。
随着区块链技术的发展和创新,针对不同领域出现了具有不同特点及适应不同场景需求的大量区块链网络,每个区块链网络之间形成了诸多价值孤岛,通过区块链跨链技术实现了不同区块链之间的互联互通和价值转移。
其中一种跨链技术是基于中继链实现的跨链。如图1所示的,本申请一实施例提供的应用场景的系统架构示意图,区块链A和区块链B通过中继链R进行跨链交易。区块链A由机构a1、机构a2、机构a3等组成,区块链B由机构b1、机构b2、机构b3等组成。区块链A的机构a1和区块链B的机构b1之间通过跨链进行业务合作时,机构a1在区块链A的节点通过跨链网关Pa接入中继链R,机构b1在区块链B的节点通过跨链网关Pb接入中继链R。跨链网关Pa和跨链网关Pb均提前向中继链R注册应用链(区块链)A和应用链(区块链)B的信息,并注册各自应用链的验证规则。
机构a1从区块链A抛出跨链事件,跨链网关Pa监听到该跨链事件,将其转换生成跨链交易T,并提交到中继链R;其中,跨链交易T中包含了源链A(区块链A)和目的链B(区块链B)的地址信息、源链A(区块链A)对目的链B(区块链B)的调用信息(合约、方法、参数等),以及源链A(区块链A)的跨链交易有效性证明等。中继链R经过共识机制后,将跨链交易打包出块,并由内置的跨链交易验证引擎调用提前注册的区块链A的验证规则,验证区块链A的跨链交易T,通过验证后,才能将跨链交易路由到目的链B(区块链B)。目的链B(区块链B)的跨链网关Pb同步到跨链交易T之后将其中的调用信息转换成区块链B的交易,并对区块链B的合约进行调用,跨链网关Pb收到区块链B的回执后再将回执以跨链交易的形式提交到中继链R,中继链R以同样的方式出块、执行验证过程并路由给源链A(区块链A)。
由于跨链交易中的信息涉及了跨链双方机构a1和机构b1的业务敏感信息,不希望被其他机构看到,而在中继链上存储的跨链交易可以被其他机构获取,因此造成了交易双方的隐私泄露。
为了避免跨链交易隐私泄露的问题,通过采用将跨链交易中的调用信息和证明信息以密文形式发送至中继链,中继链出块后不对跨链交易进行验证,而是由目的链的跨链网关进行验证的互通方式。例如:应用链A的跨链网关Pa向应用链B的跨链网关Pb进行应用链注册,同时部署一个验证规则,用于跨链交易的验证;应用链A的跨链网关Pa与应用链B的跨链网关Pb进行密钥协商得到一个对称密钥key;当应用链A向应用链B发起跨链交易时,跨链网关Pa利用对称密钥key对跨链交易调用信息和证明信息进行加密,再发送给中继链。由于中继链收到的是交易密文,故无法泄露交易信息。中继链将交易密文路由至目的链B,目的链B的跨链网关Pb接收到跨链交易后,用key解密交易密文;并使用验证引擎调用应用链A的验证规则,对跨链交易进行有效性验证。通过验证后,跨链网关Pb将跨链交易中的调用信息转换成目的应用链B的交易,并提交至应用链B(目的链B)。
通过上述实施例方式,增加了跨链网关的负担。跨链网关本质上为一个连接不同区块链系统的交互组件,属于较轻量级的节点。将交易有效性的验证转移到跨链网关上后,跨链网关的负担会随着与不同应用链的跨链交易的增多而增加。其次,交易验证的可靠性较差。跨链网关是一个单点组件的架构,单点的架构容易出现错误,故由跨链网关执行交易验证可靠性较差。然后,通过跨链网关进行交易验证的扩展性较差。应用链每次和一个其他应用链进行跨链交易时,跨链网关都需和对方跨链网关进行相互注册,并相互部署一个对方应用链的验证规则,因此使得交易的可扩展性较差。
本申请通过零知识证明的方式将跨链交易中的业务敏感信息隐藏起来,通过中继链依然可以验证跨链交易的有效性,同时又保护了跨链交易的双方的隐私信息不被泄露。
下面通过交互过程中的每个单侧节点对跨链交易过程中的验证流程进行介绍。
参见图2,是本申请一实施例提供的跨链交易的验证方法的流程示意图。该方法应用于源链的跨链网关,执行主体为如图1中所示的跨链网关Pa。所述方法包括以下步骤:
步骤S201,获取源链提交的跨链事件。
在一些实施例中,以图1所示的应用场景的架构为例,区块链A和区块链B通过中继链R进行跨链交易,区块链A由机构a1、a2、a3等组成,区块链B由机构b1、b2、b3等组成。区块链A为源链,区块链B为目的链。区块链A的机构a1和区块链B的机构b1之间通过跨链进行业务合作。
其中,机构a1部署了区块链A的节点、跨链网关Pa和中继链R的节点,机构b1部署了区块链B的节点、跨链网关Pb和中继链R的节点,每个跨链网关都有一对非对称密钥,即公钥和私钥对。
示例性的,机构a1通过调用区块链A的业务合约,并从区块链A抛出跨链事件。跨链网关Pa监听机构a1抛出跨链事件的动作。跨链网关Pa监听到该跨链事件并获取该跨链事件。
其中,跨链事件包括源链A(区块链A)和目的链B(区块链B)的地址信息、交易明文;其中交易明文包括源链A(区块链A)对目的链B(区块链B)的跨链调用信息(合约、方法、参数等),以及源链A(区块链A)的跨链交易有效性证明等。
在一些实施例中,所述方法还包括:
生成第一非对称密钥和对称密钥;向中继链注册第一非对称密钥的第一公钥、源链的地址信息及源链的验证规则,并获取中继链中存储的目的链跨链网关的第二非对称密钥的第二公钥;其中,对称密钥用于对跨链事件的交易明文进行加密,验证规则为验证所述验证协议的验证代码。
示例性的,由跨链网关Pa生成第一非对称密钥,第一非对称密钥包括第一公钥和第一私钥。跨链网关Pa向中继链R注册区块链A的机构a1的信息和第一公钥,并向中继链R注册区块链A的验证规则。源链跨链网关利用生成的对称密钥对跨链事件的交易明文进行加密。其中,跨链事件的交易明文包括跨链调用信息和跨链交易有效性证明;跨链调用信息包括目的链合约地址、目的链合约方法和参数。
步骤S202,基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议。
在一些实施例中,跨链网关Pa监听到跨链事件后,基于该跨链事件生成跨链交易。验证协议可以为零知识证明,验证规则为一段零知识证明的验证代码,中继链R的验证引擎可以调用该验证代码对区块链A发出的跨链交易进行验证。
示例性的,跨链交易包括交易密文、加密的对称密钥以及零知识证明。
在一些实施例中,基于跨链事件生成跨链交易,包括:
通过对称密钥对跨链事件的交易明文进行加密,得到交易密文;以交易密文为公开输入,以交易明文和对称密钥为隐私输入,运行预设的零知识证明生成代码,生成零知识证明,将零知识证明作为验证协议;利用目的链跨链网关的第二非对称密钥的第二公钥对对称密钥进行加密,得到加密的对称密钥。
其中,交易明文为跨链事件中的交易信息,包括跨链调用信息Payload和跨链交易有效性证明Proof。交易密文为利用对称密钥对交易明文进行加密处理得到;加密的对称密钥为通过跨链网关Pb的第二非对称密钥的第二公钥对跨链网关Pa的对称密钥进行加密得到的;验证协议为基于交易明文、交易密文和对称密钥生成的零知识证明。
示例性的,跨链网关Pa使用对称密钥K加密跨链事件中的交易明文(包括跨链调用信息和跨链交易有效性证明);其中,跨链调用信息包括目的链合约地址、目的链合约方法和参数。跨链调用信息经过加密后记为E(Payload, K),并将加密后的跨链调用信息E(Payload, K)作为生成验证协议的公开输入。跨链网关Pa使用对称密钥K加密跨链交易有效性证明,加密后的跨链交易有效性证明记为E(Proof, K),并将加密后的跨链交易有效性证明E(Proof, K)作为生成验证协议的公开输入。将对称密钥K和交易明文(跨链调用信息和跨链交易有效性证明)作为生成验证协议的隐私输入。
在一些实施例中,跨链网关Pa监听到跨链事件后,通过运行一段预设的零知识证明生成代码,生成零知识证明,以上述E(Payload, K)、E(Proof, K)作为公开输入、以对称密钥K、跨链调用信息Payload和跨链交易有效性证明Proof作为隐私输入,生成零知识证明。其中,预设的零知识证明生成代码可以为zkSNARK。
另外,跨链网关Pa还使用目的链跨链网关的第二非对称密钥的第二公钥对对称密钥进行加密。跨链网关Pb随机生成第二非对称密钥,第二非对称密钥包括第二公钥和第二私钥。跨链网关Pb向中继链R注册区块链B的机构b1的信息和第二公钥,并向中继链注册区块链B的验证规则。其中,验证规则可以为一段零知识证明的验证代码,中继链R的验证引擎可以调用该验证代码对区块链B发出的跨链交易进行验证。
步骤S203,将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。
在一些实施例中,跨链网关Pa将跨链交易提交至中继链R,中继链R将跨链交易打包出块,向目的链跨链网关发送跨链交易。跨链交易包括交易密文、加密的对称密钥以及零知识证明。
在一些实施例中,所述方法包括:向中继链发送交易密文、加密的对称密钥以及零知识证明,指示中继链运行验证规则对应的验证代码,对零知识证明进行验证。由于中继链收到的是交易密文,故无法泄露交易信息。
在一些实施例中,所述方法包括:
向中继链发送跨链交易,指示中继链对验证协议验证通过后,通过中继链向目的链跨链网关发送交易密文和加密的对称密钥。
其中,加密的对称密钥用于指示目的链跨链网关使用第二非对称密钥的第二私钥解密加密的对称密钥,得到对称密钥;交易密文用于指示目的链跨链网关使用对称密钥解密交易密文,得到交易明文;交易明文用于指示目的链跨链网关根据交易明文中的调用信息向目的链发起调用。
通过本申请实施例,在进行跨链交易过程中,跨链网关对跨链事件的交易明文进行加密以及将交易明文作为生成零知识证明的隐私输入,并指示中继链对跨链交易的零知识证明进行验证,其中对零知识证明进行验证的逻辑包含了对跨链交易的有效性和跨链调用信息的正确性的验证,且中继链收到的是交易密文,故无法泄露交易信息;保护了跨链交易的隐私;同时由中继链进行验证,降低了跨链网关处理数据的负载,保证了跨链交易验证的可靠性。
参见图3,是本申请另一实施例提供的跨链交易的验证方法的流程示意图。该方法应用于中继链,执行主体为如图1中所示的中继链R。所述方法包括以下步骤:
步骤S301,接收源链跨链网关发送的跨链交易,跨链交易包括验证协议。
在一些实施例中,以图1中所示的架构为例,跨链网关Pa为源链跨链网关,中继链R接收跨链网关Pa提交的跨链交易。
其中,验证协议可以为零知识证明,验证规则为一段零知识证明的验证代码,中继链R的验证引擎可以调用该验证代码对区块链A发出的跨链交易进行验证。跨链交易可以包括交易密文、加密的对称密钥以及零知识证明。加密的对称密钥为源链跨链网关利用目的链跨链网关的第二非对称密钥的第二公钥对自身的对称密钥进行加密得到的。交易明文包括跨链调用信息和跨链交易有效性证明;跨链调用信息包括目的链合约地址、目的链合约方法和参数。交易密文为源链跨链网关利用自身的对称密钥对交易明文进行加密得到的。零知识证明为源链跨链网关以交易明文和对称密钥为隐私输入、以交易密文为公开输入,生成的用于对跨链交易进行验证的验证协议。
步骤S302,根据预设的验证规则对所述验证协议进行验证。
在一些实施例中,预设的验证规则为源链跨链网关向中继链注册的源链的验证规则,为验证协议的验证代码。不同的区块链在进行跨链交易时,都可以提前通过跨链网关向中继链注册该验证规则。
在一些实施例中,根据预设的验证规则对验证协议进行验证,包括:获取源链跨链网关注册的验证规则,验证规则为验证零知识证明的验证代码;运行验证代码,对零知识证明进行验证。
其中,跨链交易包括交易密文、加密的对称密钥以及零知识证明;交易密文为源链跨链网关利用对称密钥对跨链事件中的交易明文加密得到的;对称密钥为跨链网关生成的密钥对;零知识证明为源链跨链网关以交易密文为公开输入、以交易明文和对称密钥为隐私输入,并运行预设的零知识证明生成代码,生成的验证协议;加密的对称密钥为源链跨链网关利用目的链跨链网关的第二非对称密钥的第二公钥对对称密钥加密得到的。
示例性的,由源链向源链跨链网关提交的跨链事件包括交易明文,交易明文包括跨链调用信息和跨链交易有效性证明。在源链跨链网关生成跨链交易过程中,跨链网关Pa使用对称密钥K加密跨链事件中需要调用的信息,即跨链调用信息;其中,跨链调用信息包括目的合约地址、目的链合约方法和参数。跨链调用信息经过加密后记为E(Payload, K),并将加密后的跨链调用信息E(Payload, K),作为生成验证协议(零知识证明)的公开输入。跨链网关Pa使用对称密钥K加密跨链交易有效性证明,加密后的跨链交易有效性证明记为E(Proof, K),并将加密后的跨链交易有效性证明E(Proof, K),作为生成验证协议(零知识证明)的公开输入。在对跨链交易验证过程中,中继链R使用验证引擎调用跨链网关Pa事先注册的验证规则,即一段zkSNARK零知识证明的验证代码,以E(payload, K)和E(Proof, K)为输入,验证跨链交易中的零知识证明。
在一些实施例中,运行验证代码,对零知识证明进行验证,包括:
以交易密文为输入,通过零知识证明中的对称密钥解密交易密文,得到待验证的交易明文;将待验证的交易明文与零知识证明中的交易明文进行对比;若一致,则验证交易明文中的跨链交易有效性证明和跨链调用信息;若跨链交易验证为有效且跨链调用信息验证为正确,则验证通过。
示例性的,在生成零知识证明过程中,以交易密文为公开输入,以交易明文和对称密钥为隐私输入;在验证过程中,以交易密文为输入,即以E(payload, K)和E(Proof, K)为输入,通过对称密钥对输入的交易密文进行解密,得到交易明文,将该交易明文与作为隐私输入的交易明文进行对比,若对比结果一致,则通过零知识证明的内部逻辑对交易明文中的跨链交易有效性证明和跨链调用信息进行验证,若验证的结果为跨链交易有效且跨链调用信息正确,则验证通过。
需要说明的是,利用零知识证明对跨链交易进行验证,在验证上述交易明文的同时,零知识证明会对其作为隐私输入的交易明文的自身逻辑完成有效性验证,得出验证结果,证明验证通过,无需向中继链提供任何与跨链交易相关的隐私数据,从而使中继链相信拥有该跨链交易的交易信息且验证结果证明该跨链交易有效、跨链调用信息准确,其交易信息实现逻辑的证明过程不向中继链泄漏任何关于被证明消息的信息;从而保护了交易双方的隐私不被泄露的同时,完成对跨链交易有效性的验证。
需要说明的是,跨链交易有效性证明记载了跨链交易的合法性和存在性证明信息,在中继链对跨链交易的零知识证明验证的过程中,无需为中继链跨链验证引擎提供具体的验证信息,保证了跨链交易的隐私不被泄露。跨链交易有效性证明的字段内容根据具体应用链的特性和结构的不同,存在差异性。具体的验证规则及方式可以通过灵活的验证规则加载到零知识证明的验证过程中。
示例性的,不同的区块链对应不同的有效性验证的验证规则,即交易明文的自身有效性证明的验证逻辑;例如对于fabric应用链(Fabric是一个高度模块化和可配置架构的区块链统称),跨链网关进行注册时需要将fabric的验证逻辑validator和背书策略信息注册到中继链,产生的有效性证明信息proof需包含交易的背书响应。对于以太坊应用链,跨链网关生成有效性证明信息proof时需要携带源链交易的简单支付验证(Simplified Payment Verification,SPV)证明和交易内容,以及该交易所在区块的后n(该n值为以太坊交易大概率确认所需的区块数)个区块头信息。
步骤S303,若验证通过,则向目的链跨链网关发送所述跨链交易。
在一些实施例中,跨链交易由中继链验证引擎验证通过以后,路由至目的链,由目的链跨链网关Pb接收。
在一些实施例中,若验证通过,则向目的链跨链网关发送交易密文和加密的对称密钥。
其中,加密的对称密钥用于指示目的链跨链网关使用第二非对称密钥的第二私钥解密所述加密的对称密钥,得到对称密钥;交易密文用于指示目的链跨链网关使用对称密钥解密交易密文,得到交易明文;交易明文用于指示目的链跨链网关根据交易明文中的跨链调用信息向目的链发起调用。
示例性的,由目的链的跨链网关Pb接收后,跨链网关Pb使用第二非对称密钥的第二私钥解密加密的对称密钥,得到对称密钥K,然后使用对称密钥K解密加密的跨链调用信息E(payload, K),得到跨链调用信息payload,其中包含目的链合约地址、方法和参数。跨链网关Pb将解密后的payload转换成目的链的交易,对目的链发起调用。
需要说明的是,跨链网关Pb得到目的链的回执以后使用相同的方法加密,并生成零知识证明,生成新的跨链交易,并将新的跨链交易提交到中继链。
参见图4,是本申请另一实施例提供的跨链交易的验证方法的流程示意图。该方法应用于目的链的跨链网关,执行主体为如图1中所示的跨链网关Pb,该方法流程在上述实施例中已进行相应的说明,基于相同的处理原理,在此不再赘述。所述方法包括以下步骤:
步骤S401,接收中继链发送的跨链交易,跨链交易包括交易密文和加密的对称密钥。
步骤S402,利用第二非对称密钥的第二私钥对加密的对称密钥进行解密,得到对称密钥。
步骤S403,利用对称密钥解密交易密文,得到跨链交易的交易明文。
步骤S404,根据交易明文中的跨链调用信息,向目的链发起调用。
参见图5,是本申请一实施例提供的交互流程示意图,该实施例交互过程中,各个步骤的实现原理与图2、图3和图4分别描述的实施过程相同,在此不再赘述。以区块链A的机构a1与区块链B的机构b1进行业务交互为例,如图5所示,该交互过程包括注册阶段和跨链交易阶段。
其中,注册阶段包括:跨链网关Pa生成对称密钥K1和第一非对称密钥,并向中继链R注册机构a1的信息、跨链网关Pa的第一非对称密钥的公钥信息Kpuba,以及机构a1的验证规则1;跨链网关Pb生成对称密钥K2和第二非对称密钥,并向中继链R注册机构b1的信息、跨链网关Pb的第二非对称密钥的公钥信息Kpubb,以及机构b1的验证规则2。同时,跨链网关Pa获取中继链R中存储的跨链网关Pb的公钥信息Kpubb;跨链网关Pb获取中继链R中存储的跨链网关Pa的公钥信息Kpuba。
如图5所示,跨链交易阶段包括:
1.机构a1调用区块链A的业务合约,向跨链网关Pa抛出跨链事件;
2.跨链网关Pa使用对称密钥K1对交易明文中的跨链调用信息和跨链有效证明信息分别进行加密,得到交易密文;使用公钥信息Kpubb对对称密钥K1加密;以交易明文、交易密文、和对称密钥K1为输入,运行预设的零知识证明生成代码,生成零知识证明,得到第一跨链交易;
3.跨链网关Pa将交易密文、加密的对称密钥K1和零知识证明打包,并提交至中继链R;
4.中继链R的验证引擎调用跨链网关Pa注册的机构a1的验证规则,对零知识证明进行验证;
5.验证通过后,中继链R将交易密文和加密的对称密钥K1发送至跨链网关Pb;
6.跨链网关Pb使用第二非对称密钥的私钥信息解密加密的对称密钥K1,得到对称密钥K1;使用K1解密交易密文,得到交易明文;
7.跨链网关Pb根据交易明文中的调用信息调用机构b1;
8.跨链网关Pb获取机构b1的回执信息;
9.跨链网关Pb基于回执信息生成第二跨链交易;
10.将第二跨链交易发送至中继链R。
后续处理流程,采用与上述相同的处理方式,进行交易验证并将第二跨链交易路由至区块链A。
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。
通过本申请实施例,跨链网关依旧保持轻量级,不需要验证跨链交易的有效性;由中继链进行跨链交易的验证更加可靠;扩展性好,如果有新的应用链加入,只需要向中继链注册应用链信息和验证规则即可。
对应于上文实施例所述的跨链交易的验证方法,图6示出了本申请实施例提供的跨链交易的验证装置的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。
参照图6,该装置包括:
获取单元61,用于获取源链提交的跨链事件;
处理单元62,用于基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议;
发送单元63,用于将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。
图7示出了本申请实施例提供的跨链交易的验证装置的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。
参照图7,该装置包括:
接收单元71,用于接收源链跨链网关发送的跨链交易,所述跨链交易包括验证协议;
验证单元72,用于根据预设的验证规则对所述验证协议进行验证;
路由单元73,用于若验证通过,则向目的链跨链网关发送所述跨链交易。
图8示出了本申请实施例提供的跨链交易的验证装置的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。
参照图8,该装置包括:
接收单元81,用于接收中继链发送的跨链交易,所述跨链交易包括交易密文和加密的对称密钥;
第一解密单元82,用于利用第二非对称密钥的第二私钥对所述加密的对称密钥进行解密,得到对称密钥;
第二解密单元83,用于利用所述对称密钥解密所述交易密文,得到所述跨链交易的交易明文;
调用单元84,用于根据所述交易明文中的跨链调用信息,向目的链发起调用。
对应于上文实施例所述的跨链交易的验证方法,图9示出了本申请实施例提供的跨链交易的验证系统的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。
源链跨链网关91,用于用于根据源链的跨链事件生成跨链交易,并向中继链发送所述跨链交易;
中继链92,用于接收源链跨链网关发送的所述跨链交易,并通过验证规则对所述跨链交易的验证协议进行验证,验证通过后向目的链跨链网关发送所述跨链交易;
目的链跨链网关93,用于接收所述中继链发送的跨链交易,并对所述跨链交易进行解析,得到交易明文,根据所述交易明文调用目的链。
通过本申请实施例,在进行跨链交易过程中,跨链网关对跨链事件的交易明文进行加密以及将交易明文作为生成零知识证明的隐私输入,并指示中继链对跨链交易的零知识证明进行验证,无需对交易明文的逻辑及有效性进行验证,保护了跨链交易的隐私;同时由中继链进行验证,降低了跨链网关处理数据的负载,保证了跨链交易验证的可靠性;跨链网关依旧保持轻量级,不需要验证跨链交易的有效性;由中继链进行跨链交易的验证更加可靠;扩展性好,如果有新的应用链加入,只需要向中继链注册应用链信息和验证规则即可。
需要说明的是,上述装置/单元之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其具体功能及带来的技术效果,具体可参见方法实施例部分,此处不再赘述。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现可实现上述各个方法实施例中的步骤。
本申请实施例提供了一种计算机程序产品,当计算机程序产品在移动终端上运行时,使得移动终端执行时实现可实现上述各个方法实施例中的步骤。
图10为本申请一实施例提供的终端设备10的结构示意图。如图10所示,该实施例的终端设备10包括:至少一个处理器100(图10中仅示出一个)处理器、存储器101以及存储在所述存储器101中并可在所述至少一个处理器100上运行的计算机程序102,所述处理器100执行所述计算机程序102时实现上述任意各个跨链交易的验证方法的实施例中的步骤。
所述终端设备10可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。该终端设备10可包括,但不仅限于,处理器100、存储器101。本领域技术人员可以理解,图10仅仅是终端设备10的举例,并不构成对终端设备10的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如还可以包括输入输出设备、网络接入设备等。
所称处理器100可以是中央处理单元(Central Processing Unit,CPU),该处理器100还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路 (Application Specific Integrated Circuit,ASIC)、现成可编程门阵列 (Field-Programmable Gate Array,FPGA) 或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
所述存储器101在一些实施例中可以是所述终端设备10的内部存储单元,例如终端设备10的硬盘或内存。所述存储器101在另一些实施例中也可以是所述终端设备10的外部存储设备,例如所述终端设备10上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器101还可以既包括所述终端设备10的内部存储单元也包括外部存储设备。所述存储器101用于存储操作系统、应用程序、引导装载程序(BootLoader)、数据以及其他程序等,例如所述计算机程序的程序代码等。所述存储器101还可以用于暂时地存储已经输出或者将要输出的数据。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到拍照装置/终端设备的任何实体或装置、记录介质、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质。例如U盘、移动硬盘、磁碟或者光盘等。在某些司法管辖区,根据立法和专利实践,计算机可读介质不可以是电载波信号和电信信号。
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。

Claims (16)

  1. 一种跨链交易的验证方法,其特征在于,应用于源链跨链网关,所述方法包括:
    获取源链提交的跨链事件;
    基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议;
    将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。
  2. 如权利要求1所述的方法,其特征在于,所述基于所述跨链事件生成跨链交易之前,所述方法还包括:
    生成第一非对称密钥和对称密钥;
    向所述中继链注册所述第一非对称密钥的第一公钥、所述源链的地址信息及所述源链的验证规则,并获取所述中继链中存储的所述目的链跨链网关的第二非对称密钥的第二公钥;
    其中,所述对称密钥用于对所述跨链事件的交易明文进行加密,所述验证规则为验证所述验证协议的验证代码。
  3. 如权利要求2所述的方法,其特征在于,所述跨链交易包括交易密文、加密的对称密钥以及零知识证明;
    所述基于所述跨链事件生成跨链交易,包括:
    通过所述对称密钥对所述跨链事件的交易明文进行加密,得到所述交易密文;
    以所述交易密文为公开输入,以所述交易明文和所述对称密钥为隐私输入,运行预设的零知识证明生成代码,生成所述零知识证明,将所述零知识证明作为所述验证协议;
    利用所述目的链跨链网关的第二非对称密钥的第二公钥对所述对称密钥进行加密,得到所述加密的对称密钥。
  4. 如权利要求3所述的方法,其特征在于,所述方法包括:
    向所述中继链发送所述交易密文、所述加密的对称密钥以及所述零知识证明,指示所述中继链运行所述验证规则对应的所述验证代码,对所述零知识证明进行验证。
  5. 如权利要求3所述的方法,其特征在于,所述方法包括:
    向所述中继链发送跨链交易,指示所述中继链对所述验证协议验证通过后,通过所述中继链向所述目的链跨链网关发送所述交易密文和所述加密的对称密钥;
    其中,所述加密的对称密钥用于指示所述目的链跨链网关使用所述第二非对称密钥的第二私钥解密所述加密的对称密钥,得到所述对称密钥;所述交易密文用于指示所述目的链跨链网关使用所述对称密钥解密所述交易密文,得到所述交易明文;所述交易明文用于指示所述目的链跨链网关根据所述交易明文中的跨链调用信息向所述目的链发起调用。
  6. 一种跨链交易的验证方法,其特征在于,应用于中继链,所述方法包括:
    接收源链跨链网关发送的跨链交易,所述跨链交易包括验证协议;
    根据预设的验证规则对所述验证协议进行验证;
    若验证通过,则向目的链跨链网关发送所述跨链交易。
  7. 如权利要求6所述的方法,其特征在于,所述根据预设的验证规则对所述验证协议进行验证,包括:
    获取所述源链跨链网关注册的所述验证规则,所述验证规则为验证零知识证明的验证代码;
    运行所述验证代码,对所述零知识证明进行验证;
    其中,所述跨链交易包括交易密文、加密的对称密钥以及零知识证明;所述交易密文为源链跨链网关利用对称密钥对跨链事件中的交易明文加密得到的;所述对称密钥为跨链网关生成的密钥对;所述零知识证明为源链跨链网关以所述交易密文为公开输入、以所述交易明文和所述对称密钥为隐私输入,并运行预设的零知识证明生成代码生成的所述验证协议;所述加密的对称密钥为源链跨链网关利用目的链跨链网关的第二非对称密钥的第二公钥对所述对称密钥加密得到的。
  8. 如权利要求7所述的方法,其特征在于,所述运行所述验证代码,对所述零知识证明进行验证,包括:
    以所述交易密文为输入,通过所述零知识证明中的对称密钥解密所述交易密文,得到待验证的交易明文;将所述待验证的交易明文与所述零知识证明中的交易明文进行对比;若一致,则验证交易明文中的跨链交易有效性证明和跨链调用信息;若所述跨链交易验证为有效且所述跨链调用信息验证为正确,则验证通过。
  9. 如权利要求8所述的方法,其特征在于,所述方法还包括:
    若验证通过,则向所述目的链跨链网关发送所述交易密文和所述加密的对称密钥;其中,所述加密的对称密钥用于指示所述目的链跨链网关使用所述第二非对称密钥的第二私钥解密所述加密的对称密钥,得到所述对称密钥;所述交易密文用于指示所述目的链跨链网关使用所述对称密钥解密所述交易密文,得到所述交易明文;所述交易明文用于指示所述目的链跨链网关根据所述交易明文中的跨链调用信息向所述目的链发起调用。
  10. 一种跨链交易的验证方法,其特征在于,应用于目的链跨链网关,所述方法包括:
    接收中继链发送的跨链交易,所述跨链交易包括交易密文和加密的对称密钥;
    利用第二非对称密钥的第二私钥对所述加密的对称密钥进行解密,得到对称密钥;
    利用所述对称密钥解密所述交易密文,得到所述跨链交易的交易明文;
    根据所述交易明文中的跨链调用信息,向目的链发起调用。
  11. 一种跨链交易的验证系统,其特征在于,包括:
    源链跨链网关,用于根据源链的跨链事件生成跨链交易,并向中继链发送所述跨链交易;
    中继链,用于接收源链跨链网关发送的所述跨链交易,并通过验证规则对所述跨链交易的验证协议进行验证,验证通过后向目的链跨链网关发送所述跨链交易;
    目的链跨链网关,用于接收所述中继链发送的跨链交易,并对所述跨链交易进行解析,得到交易明文,根据所述交易明文调用目的链。
  12. 一种跨链交易的验证装置,其特征在于,包括:
    获取单元,用于获取源链提交的跨链事件;
    处理单元,用于基于所述跨链事件生成跨链交易,所述跨链交易包括验证协议;
    发送单元,用于将所述跨链交易发送至中继链,指示所述中继链对所述验证协议验证通过后向目的链跨链网关发送所述跨链交易。
  13. 一种跨链交易的验证装置,其特征在于,包括:
    接收单元,用于接收源链跨链网关发送的跨链交易,所述跨链交易包括验证协议;
    验证单元,用于根据预设的验证规则对所述验证协议进行验证;
    路由单元,用于若验证通过,则向目的链跨链网关发送所述跨链交易。
  14. 一种跨链交易的验证装置,其特征在于,包括:
    接收单元,用于接收中继链发送的跨链交易,所述跨链交易包括交易密文和加密的对称密钥;
    第一解密单元,用于利用第二非对称密钥的第二私钥对所述加密的对称密钥进行解密,得到对称密钥;
    第二解密单元,用于利用所述对称密钥解密所述交易密文,得到所述跨链交易的交易明文;
    调用单元,用于根据所述交易明文中的跨链调用信息,向目的链发起调用。
  15. 一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至5或权利要求6至9或权利要求10任一项所述的方法。
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至5或权利要求6至9或权利要求10任一项所述的方法。
PCT/CN2021/142626 2020-12-30 2021-12-29 跨链交易的验证方法、终端设备及可读存储介质 WO2022143798A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011630475.0A CN112822181B (zh) 2020-12-30 2020-12-30 跨链交易的验证方法、终端设备及可读存储介质
CN202011630475.0 2020-12-30

Publications (1)

Publication Number Publication Date
WO2022143798A1 true WO2022143798A1 (zh) 2022-07-07

Family

ID=75855186

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/142626 WO2022143798A1 (zh) 2020-12-30 2021-12-29 跨链交易的验证方法、终端设备及可读存储介质

Country Status (2)

Country Link
CN (1) CN112822181B (zh)
WO (1) WO2022143798A1 (zh)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051815A (zh) * 2022-08-15 2022-09-13 江苏通付盾区块链科技有限公司 用于区块链异构链之间的跨链数据交互方法、装置
CN115378942A (zh) * 2022-10-10 2022-11-22 北京理工大学 一种区块链的信息跨链交互方法和交互装置
CN115459921A (zh) * 2022-08-25 2022-12-09 浪潮云信息技术股份公司 一种基于代理重加密和有向无环图的跨链方法及系统
CN115499454A (zh) * 2022-09-20 2022-12-20 广西师范大学 基于联盟中继链的农产品数据跨链共享方法
CN115567311A (zh) * 2022-10-12 2023-01-03 贵州电网有限责任公司 一种基于数据信息加密的加密系统及加密方法
CN116562874A (zh) * 2023-04-27 2023-08-08 北京交通大学 一种基于零知识证明的隐私保护跨链交易验证方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822181B (zh) * 2020-12-30 2022-08-16 杭州趣链科技有限公司 跨链交易的验证方法、终端设备及可读存储介质
CN115460142B (zh) * 2021-06-07 2024-08-16 京东科技控股股份有限公司 一种基于跨链交易的路由寻址方法和装置
CN113434883B (zh) * 2021-06-29 2024-08-06 北京百度网讯科技有限公司 跨链处理方法、装置、电子设备及可读存储介质
CN113360547B (zh) * 2021-06-29 2024-08-06 北京百度网讯科技有限公司 跨链查询方法、装置、电子设备及可读存储介质
CN113420090B (zh) * 2021-06-29 2024-07-19 北京百度网讯科技有限公司 跨链处理方法、装置、电子设备及可读存储介质
CN113469689A (zh) * 2021-07-23 2021-10-01 永旗(北京)科技有限公司 一种区块链跨链交易方法及系统
CN114217911A (zh) * 2021-12-23 2022-03-22 杭州趣链科技有限公司 一种跨链事务处理方法、装置、计算设备和介质
CN114493862A (zh) * 2021-12-29 2022-05-13 杭州趣链科技有限公司 跨链交易的验证方法、装置、电子设备、系统及存储介质
CN114363416B (zh) * 2021-12-29 2024-01-23 杭州趣链科技有限公司 基于区块链的跨链处理方法、装置、存储介质及服务器
CN114298700A (zh) * 2021-12-29 2022-04-08 杭州趣链科技有限公司 区块链交易方法、装置、终端设备及计算机可读存储介质
CN114006911B (zh) * 2021-12-31 2022-04-26 杭州趣链科技有限公司 数据处理方法、装置、终端设备及存储介质
CN115204871A (zh) * 2022-06-30 2022-10-18 中国电信股份有限公司 一种区块链跨链交易方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018232493A1 (en) * 2017-06-24 2018-12-27 Zeu Crypto Networks Inc. DOUBLE CHAIN BLOCK CHAINS NETWORK FOR REALIZING CHAIN TRANSACTIONS
CN110266655A (zh) * 2019-05-30 2019-09-20 中国工商银行股份有限公司 一种基于区块链的跨链互联方法、设备以及系统
CN110751475A (zh) * 2019-10-24 2020-02-04 杭州趣链科技有限公司 一种区块链交易的跨链方法及系统、设备和存储介质
CN110766408A (zh) * 2019-10-24 2020-02-07 杭州趣链科技有限公司 异构区块链的跨链交易验证方法、引擎、设备和存储介质
CN112822181A (zh) * 2020-12-30 2021-05-18 杭州趣链科技有限公司 跨链交易的验证方法、终端设备及可读存储介质

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107862216B (zh) * 2017-10-13 2021-04-06 布比(北京)网络技术有限公司 用于匿名跨链交易的隐私保护方法、装置和存储介质
CN108288159A (zh) * 2018-03-07 2018-07-17 物数(上海)信息科技有限公司 基于多区块链的跨链交易方法、系统、设备及存储介质
US11030217B2 (en) * 2018-05-01 2021-06-08 International Business Machines Corporation Blockchain implementing cross-chain transactions
CN110035046B (zh) * 2018-11-16 2020-02-21 阿里巴巴集团控股有限公司 跨区块链的交互系统
CN110288345B (zh) * 2019-06-26 2022-04-05 深圳市迅雷网络技术有限公司 跨链通信方法、装置、主链节点及存储介质
CN110855631B (zh) * 2019-10-24 2022-05-17 南京可信区块链与算法经济研究院有限公司 一种区块链中可监管的零知识验证方法、系统及存储介质
CN111211909B (zh) * 2019-12-30 2023-03-21 深圳大学 一种基于零知识证明的分布式认证方法
CN111666325B (zh) * 2020-05-18 2024-04-19 国网浙江省电力有限公司 一种跨链接口调用的有效性验证方法
CN112003889B (zh) * 2020-07-10 2022-11-08 南京邮电大学 分布式跨链系统及跨链信息交互与系统访问控制方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018232493A1 (en) * 2017-06-24 2018-12-27 Zeu Crypto Networks Inc. DOUBLE CHAIN BLOCK CHAINS NETWORK FOR REALIZING CHAIN TRANSACTIONS
CN110266655A (zh) * 2019-05-30 2019-09-20 中国工商银行股份有限公司 一种基于区块链的跨链互联方法、设备以及系统
CN110751475A (zh) * 2019-10-24 2020-02-04 杭州趣链科技有限公司 一种区块链交易的跨链方法及系统、设备和存储介质
CN110766408A (zh) * 2019-10-24 2020-02-07 杭州趣链科技有限公司 异构区块链的跨链交易验证方法、引擎、设备和存储介质
CN112822181A (zh) * 2020-12-30 2021-05-18 杭州趣链科技有限公司 跨链交易的验证方法、终端设备及可读存储介质

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051815A (zh) * 2022-08-15 2022-09-13 江苏通付盾区块链科技有限公司 用于区块链异构链之间的跨链数据交互方法、装置
CN115459921A (zh) * 2022-08-25 2022-12-09 浪潮云信息技术股份公司 一种基于代理重加密和有向无环图的跨链方法及系统
CN115459921B (zh) * 2022-08-25 2024-04-30 浪潮云信息技术股份公司 一种基于代理重加密和有向无环图的跨链方法及系统
CN115499454A (zh) * 2022-09-20 2022-12-20 广西师范大学 基于联盟中继链的农产品数据跨链共享方法
CN115499454B (zh) * 2022-09-20 2024-03-22 广西师范大学 基于联盟中继链的农产品数据跨链共享方法
CN115378942A (zh) * 2022-10-10 2022-11-22 北京理工大学 一种区块链的信息跨链交互方法和交互装置
CN115378942B (zh) * 2022-10-10 2022-12-20 北京理工大学 一种区块链的信息跨链交互方法和交互装置
CN115567311A (zh) * 2022-10-12 2023-01-03 贵州电网有限责任公司 一种基于数据信息加密的加密系统及加密方法
CN115567311B (zh) * 2022-10-12 2023-05-05 贵州电网有限责任公司 一种基于数据信息加密的加密系统及加密方法
CN116562874A (zh) * 2023-04-27 2023-08-08 北京交通大学 一种基于零知识证明的隐私保护跨链交易验证方法
CN116562874B (zh) * 2023-04-27 2024-01-02 北京交通大学 一种基于零知识证明的隐私保护跨链交易验证方法

Also Published As

Publication number Publication date
CN112822181A (zh) 2021-05-18
CN112822181B (zh) 2022-08-16

Similar Documents

Publication Publication Date Title
WO2022143798A1 (zh) 跨链交易的验证方法、终端设备及可读存储介质
US10715339B1 (en) Distributed key management for trusted execution environments
CN110602138B (zh) 区块链网络的数据处理方法、装置、电子设备及存储介质
WO2022095244A1 (zh) 跨链交易方法、系统、装置、设备和存储介质
US10762197B1 (en) Program execution and data proof scheme using multiple key pair signatures
CN112035889B (zh) 计算外包的区块链隐私验证方法、装置及计算机设备
US20200342092A1 (en) Securely executing smart contract operations in a trusted execution environment
US11436599B2 (en) Blockchain-based identity verification method and related hardware
CN112737779A (zh) 一种密码机服务方法、装置、密码机及存储介质
US10715332B2 (en) Encryption for transactions in a memory fabric
WO2022193984A1 (zh) 跨链进行数据传输的方法、装置、计算机设备、存储介质和计算机程序产品
CN110096894B (zh) 一种基于区块链的数据匿名共享系统及方法
WO2022141700A1 (zh) 分布式节点设备的共识方法、节点设备及分布式网络
CN112734423A (zh) 一种基于区块链的交易方法及终端设备
CN112804217A (zh) 一种基于区块链技术的存证方法和装置
US11368288B2 (en) Apparatus and method of lightweight communication protocols between multiple blockchains
CN114338091B (zh) 数据传输方法、装置、电子设备及存储介质
CN115409511B (zh) 一种基于区块链的个人信息保护系统
CN114362925A (zh) 一种密钥协商方法、装置及终端
Dörre et al. Practically Efficient Private Set Intersection from Trusted Hardware with Side-Channels
CN112637124B (zh) 报文的处理方法、装置、电子设备及计算机可读存储介质
CN115549984A (zh) 跨链交易方法、装置、设备和存储介质
CN114978698A (zh) 网络接入方法、目标终端、凭证管理网元及验证网元
CN116722998A (zh) 一种基于中继链的无隐私泄露的跨链方法
CN118965449A (zh) 一种面向轻量级设备的云存储数据完整性校验方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21914530

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21914530

Country of ref document: EP

Kind code of ref document: A1