在账本公开、多方共识情况下确保交易身份的隐私保护是区块链技术面临的主要挑战之一. 目前公有链中基于匿名认证和交易混淆的身份隐私保护方案由于缺乏监管又难于在行业应用中推广. 借鉴门罗币中的身份隐私保护方案, 引入监管方的角色, 基于一次性地址加密和零知识证明设计了可监管的交易接收方身份隐私保护方案; 结合可链接环签名和可撤销环签名设计了可链接可撤销环签名方案, 以实现基于自主混淆的可监管交易发送方身份隐私保护方案. 基于上述方案, 系统在保护交易方身份隐私的同时, 还支持监管方可离线恢复交易参与方的真实身份, 从而达到“可控匿名”的监管目的. 分析和测试结果表明, 方案设计的算法运算时间均为毫秒级, 可满足区块链非高频交易场景下的性能需求.
One of the main challenges of blockchain technology is to ensure the privacy protection of transaction identity under the condition of open ledger and multi-party consensus. At present, the identity privacy protection scheme based on anonymous authentication and transaction mixing in public blockchain is difficult to be popularized in the industry due to the lack of supervision. Based on the identity privacy protection scheme in Monero, this study introduces the role of the regulator, designs a supervised privacy protection scheme for the transaction receiver based on one-time address encryption and zero knowledge proof. It also designs a linkable revocable ring signature scheme based on linkable ring signature and revocable ring signature so as to implement the supervised privacy protection scheme for transaction sender based on autonomous mixing. The scheme can not only protect the identity privacy of the participants, but also support the offline transaction identity recovery for the regulator so as to achieve the regulatory purpose of “controllable anonymity”. The analysis and test results show that the algorithm operation time is millisecond in this scheme, which can meet the performance requirements of blockchain in non-high frequency transaction scenarios.