Reliable blockchain-based ring signature protocol for online financial transactions

Abstract

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

1. Introduction

The rapid rise of blockchain technology is due to the growing maturity of Internet information technology in the era of Industry 5.0. Blockchain technology and cryptography are playing a key role in the design and deployment of all kinds of financial transactions [1]. Now from 4.0 to 5.0 industry due to its adaptability, efficiency and responsiveness [2]. Industrial blockchain can play an important role at the infrastructure level of trusted data collection, cloud storage and integration of industrial platform services, as well as at the application level where it can enable the transfer of value in online transactions of financial assets. Essentially, the blockchain is a decentralized, secure ledger that links devices, systems, plants and regions through a hierarchical chain structure, particularly for data decision-making [3]. It can be combined with industrial networks to provide responsibility and trade and has a wide range of applications [4]. Currently, the existing asset trading technology is centralized, where data and information are stored in a centralized database, and the transaction process is completed by a "trusted" third party institution [5]. On the one hand, the failure of a centralized institution can bring the entire trading system to a standstill and also bring about a massive leakage of personal information, making it difficult to guarantee the security of the system [6]. On the other hand, compared with cash transactions, financial asset transactions have special data characteristics, and the imitation of data products is indistinguishable [7]. Registration data and transaction data are stored in a centralized database, which makes it easy to forge once the database is attacked, leaving the security of financial consumers and financial institutions unprotected in Internet financial transactions [8]. Therefore, the creation of a secure and secure environment for asset trading is of particular importance [9].

The rapid growth of blockchain applications is due to its advanced features of immutability, transparency, distribution, traceability, security and reliability [10]. Nakamoto first proposed blockchain technology in 2008 and designed a cryptocurrency scheme based on blockchain technology to achieve secure transfers between two parties, opening up a new field of vision to solve the information security problems of third-party institutions [11]. Using blockchain to store data has the advantages of being secure, trustworthy, non-repudiation and tamper-proof, allowing consensus and data sharing between untrusted nodes, as well as decentralisation and storing information in a peer-to-peer (P2P) network by automatically recording information in code [12]. Blockchain is important not only because it changes the process of online transactions, but also because of its ability to achieve consistency by storing data in a de-trusted environment. Using the signature principle of public key cryptography, people around the world can securely transfer different types of digital assets peer-to-peer over the internet[13].

However, current blockchain-based transaction mechanisms are constantly changing, making them still highly vulnerable to a wide range of cyber threats. Ring signatures are an important method for ensuring blockchain security. This method is a promising class of group signatures, characterized by the ability to achieve arbitrary anonymity for the signer, and the ability for the verifier to validate the signature without others being able to determine the authenticity of the signature by the result of that signature. With the development of ring signature technology, ring signature technology has received extensive attention from scholars at home and abroad. Furthermore, ring signatures can be divided into threshold ring signatures, verifiable ring signatures and identity-based ring signatures. The verifiable ring signature enables the identity of the messenger to be verifiable. The receiver can verify and trace the identity information of the message sender after receiving the message, achieving a higher level of trust. Therefore, in this paper, we propose a verifiable ring signature scheme for privacy and security protection when users pass information in online transactions.

1.1 Our Contribution

In the paper, we propose a blockchain-based ring signature protocol for online financial transactions, with the aim of adding a ring signature algorithm to the process of blockchain-based online financial transactions to anonymize and protect transaction data by leveraging the unconditional anonymity of ring signature technology. Unlike traditional transactions, ring signatures allow users to transact anonymously by sending transaction information with a signature, ensuring that the user of the transaction is anonymous and that the information is not tampered with during transmission.

In summary, this paper has three main contributions:

(1) First, to solve the privacy and security threats in the process of online financial transactions based on blockchain technology, we introduce ring signature technology and propose a verifiable ring signature algorithm. At the same time, the operational efficiency of the system can be greatly improved while ensuring security.

(2) Second, we have designed a reliable ring signature protocol for online financial transactions. This system combines blockchain technology with a proposed ring signature algorithm that can be used for anonymous authentication and encrypted storage in blockchain systems.

(3) Based on the concept of distributed key agreement, this algorithm improves the traditional key distribution of third party trust bonds, and solve the problem of key loss caused by the unrealistic or malicious attacks of the trusted third party. The results of this project will provide a new solution for the problems of data sharing, synchronization of information and privacy in Internet financial transactions.

1.2 Organization

The remainder of the paper has the following structure. In Sect. 2, we summarize and analyze the relevant work in the article. In Sect. 3, we describe the mechanism of action of blockchain and ring signatures and their application in the context of this paper. In Sect. 4, we design a solution for online financial transactions based on blockchain technology combined with ring signature algorithms and present a verifiable ring signature algorithm. In sect. 5, we perform an auditable safety analysis. In Sect. 6, We evaluate and compare the proposed solution with other similar solutions. Finally, in Sect. 7, we summarize the article and make a few conclusions.

2. Related Work

Over the past few years, a number of blockchain-related studies have been conducted by a variety of scholars on asset trading. Christidis et al. [14] proposed a scheme to transfer digital ring assets on the blockchain. On this basis, the flow of digital assets is achieved through smart contracts using the characteristics of blockchain and the Internet of Things. Cui et al. [15] proposed a blockchain-based trading system, which addresses issues related to data caching, data replication and retention of transaction data in data asset transactions, safeguarding the rights and interests of transaction users from being appropriated by the trading platform and protecting their data privacy and security. Roman et al. [16] studied the use of smart contracts for trading digital assets. However, due to its publicly traceable nature, while blockchain is able to build trusted interaction environments between untrustworthy parties, it does not allow for true anonymity.

As a result, a great deal of research has been carried out by scholars in recent years to address both privacy and security issues. For example, Pramanik et al. [17] proposed a four-dimensional framework the same big data analytics approach used to analyze and remove the new generation of privacy-preserving data, for protecting data privacy. The advantage is that people will be able to use their critical analysis results to improve their Big Data analytics strategy deployment in their business environment, to make better use of Big Data to innovate and grow sustainably. He et al. [18] proposed a new blockchain privacy-preserving search model and designed a new blockchain searchable encryption scheme for this problem. The model can realize the virtual search and matching efficiently, but the efficient work makes the computational cost increase as well. Bhushan et al. [19] provide insights into the security and privacy of blockchain technology to reveal the challenges it faces and to explore how blockchain technologies are addressing them. But do not actually provide empirical proof of a solution to any privacy problem.

Sun et al. [20] highlight the high risk that at-tackers may pose to business transactions and private data by compromising sensitive assets to gain access to financial information, thus posing a high risk to commercial transactions and private data. However, since the solution uses Answer Set Programming (ASP) to expand the logic of LC, it overcomes the special limitation of LC which has unconditional security, despite their advantages, offer limited protection to users of the same node. Peng et al. [21] proposed VF-Chain, a verifiable and auditable blockchain-based federated learning framework for addressing their user privacy concerns. The advantage of this method is that it can increase the efficiency of verification proof and support the safe rotation of committees. Dai et al. [22] integrated blockchain into network slices and network software specifically for SAGSINs, targeting Internet privacy violations. Zaghloul et al. [23] discussed the security and privacy protection of bitcoin. Andola et al. [24] analyzed the anonymity of blockchain-based electronic cash. However, they all have the problem of high overheads.

To enhance anonymity, many people have applied ring signatures in blockchain systems, among which, in 2001, in the context of how to leak secrets anonymously, Rivest first proposed a new signature technique, the ring signature. Chow et al. [25] proposed a novel identity-based ring signature scheme that only requires two pairing operations to be performed for any group size. Chen et al. [26] proposed based on an anonymous identity of ring signature P2P network system. However, the application of bilinear pairing adds significant computational costs and communication overheads, making the application of the scheme significantly more expensive. It can be seen that the privacy mechanism of the ring can indeed mix many public keys to hide the real input address. It is possible to use ring signatures as an encryption tool for hiding inputs. Breaking event tracking in the mix of real event addresses makes it difficult to create event hiding maps and reach destinations, but the communication overhead and computational costs are also difficult to cut, depending on the application scenario and the basics of the program.

According to the above summary, we can see that the property security and privacy of online users has been paid attention to all over the world, and ring signature as an emerging tool has natural anonymity advantages in applying to the privacy and security issues of blockchain. At present, domestic and international research on the application of ring signatures on blockchain has become mature, but there are still problems such as large scheme overhead, large computational cost and long running time. It is still challenging to design a secure and efficient verifiable ring signature scheme with low overhead for blockchain financial online transactions.

3. Preliminaries

3.1 Blockchain and Smart Contract

Blockchain is a decentralized distributed ledger, often used in new digital cryptocurrencies. Blockchain theory is the foundation and technology that has led to applications such as bitcoin and Ethernet [27]. The decentralized, transparent, immutable, non-falsifiable and traceable characteristics of blockchain can make it excellent for application scenarios that require information interaction, such as finance, healthcare, communications, cybersecurity and resource sharing, and it has attracted considerable attention and innovative research from scholars in these fields.

Blockchain is a data structure assembled in the order of time, similar to a linked list. It is a distributed, decentralized ledger that uses cryptography to ensure it is immutable and tamper-proof, allowing simple, sequential relationships to be securely stored and verified within the system [28]. Each block contains all the information that makes up the block at the current time, providing an immutable data store. Depending on the type of access that an application or system uses, they can generally be categorized as public, specialized, and federated. Its universal underlying technology framework can bring about profound changes in finance, business, science and technology, politics and other fields.

Blockchain integrates multiple technologies into a complex and large-scale architecture [29]. Based on the blockchain infrastructure model proposed by Zhang et al.[30] and Zuo et al. [31], this paper enriches the content of the model as shown in Fig. 1. Based on the structure of top to bottom, there are 6 levels: Application, Contract, Motivation, Consensus, Network and Data.

Fig. 1. Blockchain Infrastructure Model

• Application Layer: For blockchain application scenarios and cases, enhance and encapsulate existing blockchain technology.

• Contract Layer: Smart Contracts Encapsulation, Scripts, Algorithms.

• Incentive layer: In the blockchain technology system, an economic element is introduced, rewards are distributed in the form of tokens, and a uniform algorithm is used.

• Consensus Layer: Ensure that decision making across the distributed network is fast, efficient, effective and consistent.

• Network Layer: Networking mechanism, transmission protocol, data verification mechanism and other information for distributed networks.

• Data Layer: The basic block of the block is wrapped up, and it is associated with the structure information of the data, the timestamp of the data.

Among them, time stamp based blockchain structure, distributed node consensus mechanism, economic motive based on consensus computation ability. In addition, flexible and programmable smart contracts are a distinctive innovation point of blockchain technology.

One of the most attractive uses of blockchain technology is the Intelligent Contract Concept, which is transparent, immutable, and free from corruption [32]. The Smart Contract, originally introduced in 1995 by Nick Szabo, is a set of obligations in digital form, which contains all the obligations that can be fulfilled by all parties [33]. The perfect combination of blockchain and smart contracts is Ethereum. Smart contracts can receive external transaction requests and event triggers as code running in the Ethereum virtual machine. Smart contracts herald the start of the Blockchain 2.0 era, in which smart contracts offer a safe, secure platform for automatic execution of contractual clauses, rather than relying on trusted intermediaries. Lawyers or banks, for instance, resulting in lower transaction costs, lower administrative costs and faster transaction times. Fig. 2 illustrates how a smart contract can be structured.

Fig. 2. Smart Contract Model

3.2 Ring Signature

Ring signatures are a class of signatures that evolved from group signatures. In 2001, in the context of how to leak secrets anonymously, Rivest first proposed a new signature technique, the ring signature. The signer can temporarily filter and randomly select members to form a group according to different scenarios, and the signer collects the member's public key and combines it with his own private key to create a ring signature [34]. Instead of a specific public key, the signature is verified with a set of public keys. There is no central trust, no swarm building process, and the signers are completely anonymous to the verifier [35]. The advantage of this solution is that no one else in the ring can forge it except for the person who signed it. An external attacker cannot forge a signature even if he has obtained a valid ring signature [36]. In a particular environment that requires long-term protection of information, the absolute anonymity of a ring signature can be very useful.

There are three underlying algorithms for ring signature, namely: Keygen, Sign, Verify. Fig. 3 shows the flowchart of the ring signature algorithm.

Fig. 3. Ring Signature Algorithm Model

• Keygen: The user creates a key pair (pk, sk), where sk is the private key, which pk is the public key.

• Sign: The signer signs the information 𝑀 with his own private key and the public key collection 𝐿 = {pk₁, pk₂,…,pk_n} of the owner, generating a ring signature 𝜎, one of these parameters 𝜎 forms a ring according to certain rules.

• Verify: In the ring signature scenario, after entering a signature 𝜎, a message 𝑀, and the public key of a ring member, if the ring signature is verified, it is output True. Otherwise, output False.

3.3 Bilinear Maps

Bilinear groups can be described by quintuples (𝑝, 𝐺₁, 𝐺₂, 𝐺_𝑇, e). In the quintuple, 𝑝 is a given security constant 𝜆. The related large prime numbers, 𝐺₁, 𝐺₂ and 𝐺_𝑇, are multiplicative cyclic groups of order 𝑝, and e is a bilinear map e: 𝐺₁ × 𝐺₂ → 𝐺_𝑇, which meets the following three conditions:

• Bilinearity: given any 𝑃 ∈ 𝐺₁, 𝑄 ∈ 𝐺₂, a, b ∈ 𝑍*_𝑞, there is always e(aP, 𝑏𝑄) = e(𝑃, 𝑄)^ab；

• Non-degeneracy: for ∃𝑃 ∈ 𝐺₁, 𝑄 ∈ 𝐺₂, it is satisfied that e(𝑃 , 𝑄)≠1;

• Computability: the bilinear map e: 𝐺₁ × 𝐺₂ → 𝐺_𝑇 is efficiently computable. For all 𝑃 ∈ 𝐺₁, 𝑄 ∈ 𝐺₂, the map e is symmetric since e(𝑃^𝑎, 𝑄^b) = e(𝑃^𝑎, 𝑄^𝑎) = e(𝑃, 𝑄)^ab.

3.4 Difficult Assumptions

The following describes the difficult assumptions underlying the security of the ring signature scheme in this paper.

Suppose that G₁ is a cyclic group generated by P, the order of which is a prime number q, and there exists a bilinear map e: 𝐺₁ × 𝐺₁ → 𝐺₂. We assume that multiplication and inversion in G₁ can be computed in a unit time, and let a, b, and c be elements of 𝑍*_𝑞.

• Definition 1. Discrete Logarithm Problem : Pick the generating element 𝑔 and given 𝑦, compute α ∈ 𝑍*_𝑞 such that 𝑦 = 𝑔^𝑎mod p is difficult.

• Definition 2. Decision Bilinear Diffie-Hellman: It is known that 𝐺₁ is a group of order 𝑔, and that 𝑔 is a generating element of this group. Given a random choice of a, b, c on 𝑍*_𝑞 and given that the attacker A knows 𝑔^𝑎 and 𝑔^𝑏, it is impossible to distinguish (𝑔, 𝑔^𝑎, 𝑔^𝑏, 𝑔^ab) and (𝑔, 𝑔^𝑎, 𝑔^𝑏, 𝑔^𝑐) with negligible probability.

4. Blockchain-Based Online Financial Transaction Ring Signature Model

In this section, we present a safe and secure solution for the protection of the privacy of financial transactions. Combined with the tracking ring signature algorithm, the transaction data can be safely shared.

4.1 System Model

The online financial transaction model of this article is shown in Fig. 4, which includes four entities: transaction user A, transaction user B, blockchain, and third-party financial institutions, as described below:

1. Transaction User A (Trading Data Generator): User A generates system parameters and keys through a decentralized exchange, outputs transactions and uploads them encrypted. Then, an intelligent contract is established with access control and decryption algorithms, which are packaged and sent to the blockchain nodes.

2. Transaction User B (Transaction Data Receiver): User B is the recipient of the transaction data for this program. By decrypting and verifying the plaintext of the received message, the correct and complete transaction data is obtained.

3. Blockchain (Transaction Record): This article's blockchain is a decentralized wallet. The nodes of the blockchain in our system include network routing, Full Blockchain Database, Miners and Wallets. The network routing module is responsible for discovering and maintaining the connection of peers, as well as broadcasting and accepting new blocks. The Full Blockchain Database Module is responsible for preserving the complete and up-to-date blockchain data. On Bitcoin's blockchain network, mining modules are tasked with creating new blocks in a competitive manner by executing POW consensus algorithms on some special hardware device. The wallet module completes the management of user keys, assets, transactions and other information.

4. Decentralized exchanges (Transaction data sharers): OTC (Over the Counter) trading is a peer-to-peer transaction outside the exchange, guaranteed by a third party. Responsible for the initial registration of the transaction user, generating the system parameters and the key of the trading user at the same time, and sending it to the trading user through a secure channel, generally defaulting to a trusted authority.

Fig. 4 shows the blockchain-based online financial transaction ring signature scenario model. There are 𝑛 trading users in ring 𝐿, 𝐿={id₁, id₂, ⋯, id_n}, suppose that user A in the ring signs message 𝑚 on behalf of all users in the ring. After acceptance, the validation program verifies the correctness of this signature. After confirmation, this information is transmitted to the recipient user B. Afterwards, user B obtains the relevant information by comparing the results of the transaction.

Fig. 4. Blockchain-based Online Financial Transaction Ring Signature Model

4.2 System security goals

1. Unconditional anonymity: In a ring, both the sender and the recipient are anonymous, and only when necessary can the receiver and the sender be able to trace the sender's real identity.

2. Verifiability: We can verify the validity of the membership of nodes in the network, the validity of the trace markers, the integrity of the message passed and the ring signature.

3. Anti-forgery: An adversary cannot forge the identity of the signer for communication transactions, nor can it forge the ring signature to pass the recipient's verification.

4.3 Scheme Description

Step 1: Data Generation

1. Identity Registration. User A publishes the resulting identification information to the entire network. After having been verified by the network, their personal information is compressed into a single file, which is then registered.

2. System Initialization. The additive loop group with the order 𝑞 is the prime number, and the generator of 𝐺₁ is 𝑃, and 𝐺₂ is a group of multiplicative loops of the 𝑞 same order. Select a generator P for 𝐺₁. Choose a bilinear map e: 𝐺₁ × 𝐺₁ → 𝐺₂. Choose two anti-collision hash functions: 𝐻₁ : {0,1}* → 𝐺₁, 𝐻₂ : 𝐺₂ → {0,1}¹ × 𝐺₁ → 𝑍*_𝑞. Enter a security parameter k, the security parameters k is a large enough prime number, and 𝑞 > k.

3. Key Generation. The external exchange is responsible for the initial registration of the trading user, while generating the system parameters and keys of the trading user and sending them to the trading user through a secure channel. The transaction originator id_i selects a random number 𝑠 ∈ 𝑍*_𝑞 as the master private key, and calculates the system public key PK₀ = 𝑠𝑃 and 𝑄_𝑖 = 𝐻₁(ID_i), 𝑖 = 1,2,⋯, 𝑛.

4. The originator id_i arbitrarily selects 𝑥_𝑖 ∈ 𝑍*_𝑞, and then calculates the originator’s private key SK_idi = 𝑥_𝑖 ∙ psk_idi = 𝑥_𝑖 ∙ 𝑠 ∙ 𝑄_𝑖 and public key PK_idr = (𝑋_𝑖, 𝑌_𝑖) = (𝑥_𝑖𝑄_𝑖, 𝑥_𝑖PK₀)(𝑖 = 1,2,⋯, 𝑛) according to his identity id_i. The identity of the receiving user is id_k. The user id_k randomly selects 𝑥_𝑘 ∈ 𝑍*_𝑞, and the receiver’s private key SK_idk = 𝑥_𝑘 ∙ 𝑠 ∙ 𝑄_𝑘 and public key PK_idk = (𝑋_𝑘, 𝑌_𝑘) = (𝑥_𝑘𝑄_𝑘, 𝑥_𝑘PK₀) are calculated.

Step 2: Data Generation

The user A initiates a transaction and generates a smart contract for signature, the signing process is as follows:

1. We set the signatory user's serial number to r and the key pair to (PK_idr, SK_idi), and select any N user identities on the exchange to form the set 𝐿 = {id₁, id₂, ⋯, id_n}, including the signer id_r.

2. The message to be signed is clearly 𝑚. And randomly select 𝛼_𝑖 ∈ 𝑍*_𝑞, 𝛼_𝑠 ∈ 𝑍*_𝑞, 𝛼 ∈ {0,1}*, and calculate 𝑅_𝑖, ℎ_𝑖, 𝑅_𝑠, ℎ_𝑠, 𝑉, 𝑇, 𝑡, 𝐿. Finally, generate a ring signature 𝜎 = (𝑚, 𝑅, 𝑅₁, ⋯, 𝑅_𝑛, 𝑉, 𝑡, 𝐶).

3. The user A turns the transaction data and signature into a message (𝑚, 𝜎) encrypted with the user B's public key, and sends it to User B.

Step 3: Data sharing

1. Transaction Generation. User A generates 𝑛 − 1 multiple transactions with the same amount value as the output of the transaction, and mixes the transactions to user B in all output transactions without the participation of others, hashed the transaction and constructs the address image of the transaction 𝑌 = 𝐸_PKids (hash(𝑏)) and the related witness. Then, run the ring signature algorithm to sign the hash value ℎ to generate a ring signature 𝜎.

2. Transaction Node. Each transaction user in the network has a communication sensor that interacts with other users, and the transaction user can communicate or trade with other users through 4G/5G. User A encapsulates a smart contract containing access control, cryptographic hash index, private key and decryption in a block.

3. Verification Unit. The decentralized exchanges mainly responsible for checking the address image, verifying the validity and correctness of the ring signature containing the transaction, and if the verification passes, it will be sent to the receiving user.

4. Transaction Verification. First, the authenticator checks the address mirror to see if the sender spends the same account twice. The verification algorithm verifies that the signature 𝜎 of the transaction is correct. The proposed signature scheme is verified, and if all the verifications pass, the scheme is shown to be correct, and then packaged and encapsulated in a new block. Otherwise, the transaction will be deemed null and void.

Step 4: Transaction Confirmation.

1. Signature verification. After the receiving user id_k receives the ring signature 𝜎, verify its legitimacy. If the signature is valid, the verifier will accept it. Otherwise, the verifier rejects the ring signature.

2. Signer Authentication. When the message recipient discovers that the signer sent illegal information, he can apply to Decentralized Exchange to trace the true identity of the message sender. The receiving user can confirm the identity 𝑡 = 𝐻₂(𝑇, 𝑉, 𝑋_𝑆, 𝑌_𝑠, 𝛼), e(𝑌_𝑠, 𝑇) = e(𝑃, 𝑉) of the true signer of the signature by verifying that the equation is true. If the equation is true, the signature can be considered valid and the true signer can be confirmed id_r. If not, it means that the signature was not signed by a genuine signer and is invalid.

3. User B checks multiple transaction outputs for comparison, extracts the target value from these transactions and calculates 𝑌′ = 𝐸_PKids (hash(𝑏)). If 𝑌′ = 𝑌, proves that the transaction was sent to user B by user A. So, accept the output of the transaction and put 𝑌 and record keeping the (PK_ids, SK_ids).

4.4 Proposed Verifiable Ring Signature Algorithm

1. System Initialization. System parameter generation algorithm: The additive loop group with the order 𝑞 is the prime number, and the generator of 𝐺₁ is 𝑃, and 𝐺₂ is a group of multiplicative loops of the 𝑞 same order. Select a generator P for 𝐺₁. Choose a bilinear map e: 𝐺₁ × 𝐺₁ → 𝐺₂. Choose two anti-collision hash functions: 𝐻₁ : {0,1}* → 𝐺₁, 𝐻₂ : 𝐺₂ → {0,1}¹ × 𝐺₁ → 𝑍*_𝑞. Enter a security parameter k, the security parameters k is a large enough prime number, and 𝑞 > k. The sender id_i selects a random number 𝑠 ∈ 𝑍*_𝑞 as the primary private key, and calculates system public key PK₀ = 𝑠𝑃 and 𝑄_𝑖 = 𝐻₁(ID_i), 𝑖 = 1,2, ⋯, 𝑛. Therefore, the system exposes parameters is Params = {𝑞, e, 𝐺₁, 𝐺₂, 𝐻₁, 𝐻₂, 𝑃, PK, PK₀}. The message space is 𝑚 ∈ {0,1}*.

2. User Authorization. The user id_i initiates a request authorization operation, the Key Generation Center (KGC) calculates a portion of the user's private key psk_idi = 𝑠 ∙ 𝐻₁(ID_i) = 𝑠𝑄_𝑖, after authentication of the user's identity ID. Then, KGC computes part of its private key and transmits it to the user over a secure channel id.

3. Key Generation. First, after the user id_i gets part of the private key, enter the Params. Pick a random number 𝑥_𝑖 ∈ 𝑍*_𝑞 as its secret value. Then, the KGC calculates the public key PK_idi of the receiving user and will (𝑄_𝑖, psk_idi) sends to the user id_i: PK_idr = (𝑋_𝑖, 𝑌_𝑖) = (𝑥_𝑖𝑄_𝑖, 𝑥_𝑖PK₀)(𝑖 = 1,2, ⋯, 𝑛). Second, the user id_i enters the system master private key 𝑠 to generate its own complete private key: SK_idi = 𝑥_𝑖 ∙ psk_idi = 𝑥_𝑖 ∙ 𝑠 ∙ 𝑄_𝑖.

4. Signature Generation. Suppose there are 𝑛 trading users in the ring 𝐿, their identities are set for 𝐿 = {id₁, id₂, ⋯, id_n}. The corresponding public key set is 𝐶 = {PK_id1, PK_id2, ⋯, PK_idn}. The message is clearly written 𝑚 and signer is id_r. Enter the exposed Params, public and private keys PK_idr, SK_idr :

(1) For any 𝑖 ∈ {1,2, ⋯, 𝑛}, if 𝑖 ≠ 𝑠, then randomly select an integer 𝛼_𝑖 ∈ 𝑍*_𝑞, and compute: 𝑅_𝑖 = 𝛼_𝑖𝑋_𝑖, ℎ_𝑖 = 𝐻₂(𝑚, 𝑅_𝑖, 𝐿).

(2) If 𝑖 = 𝑠.then randomly select an integer 𝛼_𝑠 ∈ 𝑍*_𝑞, and compute the following:

𝑅_𝑠 = 𝛼_𝑠𝑋_𝑠 − ∑^𝑛_{𝑖=1,𝑖≠𝑠}(𝛼_𝑖 + ℎ_𝑖)𝑋_𝑖       (1)

ℎ_𝑠 = 𝐻₂(𝑚, 𝑅_𝑠, 𝐿)       (2)

𝑉 = (ℎ_𝑠 + 𝛼_𝑠) ∙ SK_ids       (3)

(3) For any 𝛼 ∈ {0,1}*, calculate the trace key:

𝑇 = (𝛼_𝑠 + ℎ_𝑠)𝑄_𝑠       (4)

𝑡 = 𝐻₂(𝑇, 𝑉, 𝑋_𝑆, 𝑌_𝑠, 𝛼)       (5)

(4) Generate Signature: Ultimately, sends the generated ring signature 𝜎 to the receiving user id_r.

𝜎 = (𝑚, 𝑅, 𝑅₁, ⋯, 𝑅_𝑛, 𝑉, 𝑡, 𝐶)       (6)

5. Signature Verification. After receiving the ring signature 𝜎, the receiving user id_r verifies its legitimacy by doing the following for all 𝑖 ∈ {1,2,⋯, 𝑛}.

(1) Verify equation (7) is true. If not, the public key is not legitimate. Conversely, if the equation holds, it is calculated: ℎ_𝑖 = 𝐻₂(𝑚, 𝑅_𝑖, 𝐿, 𝑌_𝑖).If the equation holds, the public key is valid. Otherwise, the public key is invalid.

e(𝑋_𝑖, PK₀) = e(𝑄_𝑖, 𝑌_𝑖)       (7)

(2) Verify the equation (8) is true. If the equation is true, the above signature is valid and the verifier accepts it. Otherwise, the validator rejects the ring signature.

e(PK₀, ∑ⁿ_𝑖=1(R_i + h_iX_i) = e(𝑃, 𝑉)       (8)

6. Signer Authentication. The receiving user can pass the authentication equation: 𝑡 = 𝐻₂(𝑇, 𝑉, 𝑋_𝑆, 𝑌_𝑠, 𝛼), e(𝑌_𝑠, 𝑇) = e(𝑃, 𝑉). Whether it is true or false, it is necessary to verify the authenticity of the signature. If the equation is true, the signature can be considered valid, and the true signer can be confirmed. If not, it means that the signature was not signed by a genuine signer and is invalid. Fig. 5 shows the specific ring signature implementation steps.

Fig. 5. Ring Signature Algorithm Flowchart

5. Security Analysis

5.1 Unconditional Anonymity

This security nature is mainly guaranteed by the anonymous authentication mechanism of the scheme. In ring signature 𝜎 = (𝑚, 𝐿, 𝑅, 𝑅₁, ⋯, 𝑅_𝑛, 𝑉), 𝑉 =(ℎ_𝑠 + 𝛼_𝑠) ∙ SK_ids , 𝑅_𝑖 = 𝛼_𝑖𝑋_𝑖, 𝑅_𝑠 = 𝛼_𝑠 ∙ 𝑋_𝑠 − ∑^𝑛_{𝑖=1,𝑖≠𝑠}(𝛼_𝑖 + ℎ_𝑖)𝑋_𝑖. These are randomly selected by the signer. The result of this choice is that the 𝜎 = (𝑚, 𝐿, 𝑅, 𝑅₁, ⋯, 𝑅_𝑛, 𝑉, 𝑡, 𝐶) appear evenly distributed in 𝐺.

In the ring signing algorithm, when the message receiver performs the authentication operation, it enters the identity set 𝐿. To the receiver, each user in the identity collection may be the legitimate sender of the clear text of the message. Therefore, the receiver cannot determine who is the real sender, thus ensuring the privacy nature of the sender's identity on the basis of authentication.

5.2 Verifiability

First of all, the signature's private key consists of a random secret value selected by the signer and a portion of the private key produced by an external transaction, which is synthesized by the signer. At the time of registration, the authenticity of the identity of the transaction initiator can be verified by the external exchange, and the transaction initiator can use the part of the private key sent by the external exchange.

After receiving the ring signature, We can verify the correctness of the user key by the following equation e(𝑋_𝑖, PK₀) = e(𝑄_𝑖, 𝑌_𝑖), which is proved as follows: e(𝑋_𝑖, PK₀) = e(𝑥_𝑖𝑄_𝑖, PK₀) = e(𝑄_𝑖, 𝑥_𝑖PK₀) = e(𝑄_𝑖, 𝑌_𝑖).

If the user key is correct, then in the signature verification phase, we verify that the equation e(PK₀, ∑^𝑛_𝑖=1(𝑅_𝑖 + ℎ_𝑖𝑋_𝑖)) = e(𝑃, 𝑉) is true. we have,

\(\begin{aligned} e\left(P K_{0}, \sum_{i=1}^{n}\left(R_{i}\right.\right. & \left.\left.+h_{i} X_{i}\right)\right)=e\left(P K_{0}, \sum_{i=1, i \neq s}^{n}\left(R_{i}+h_{i} X_{i}\right)\right) e\left(P K_{0}, R_{s}+h_{s} X_{s}\right) \\ & =e\left(P K_{0}, \sum_{i=1, i \neq s}^{n}\left(R_{i}+h_{i} X_{i}\right)\right) e\left(P K_{0}, \alpha_{s} \cdot X_{s}-\sum_{i=1, i \neq s}^{n}\left(\alpha_{i}+h_{i}\right) X_{i}\right. \\ & \left.+h_{s} X_{s}\right) \\ & =e\left(P K_{0}, \sum_{i=1, i \neq s}^{n}\left(\alpha_{i} \cdot X_{i}+h_{i} X_{i}\right)+\alpha_{s} X_{s}-\sum_{i=1, i \neq s}^{n}\left(\alpha_{i}+h_{i}\right) X_{i}+h_{s} X_{s}\right) \\ & =e\left(P K_{0}, \sum_{i=1, i \neq s}^{n}\left(\alpha_{i}+h_{i}\right) X_{i}+\alpha_{s} X_{s}-\sum_{i=1, i \neq s}^{n}\left(\alpha_{i}+h_{i}\right) X_{i}+h_{s} X_{s}\right) \\ & =e\left(P K_{0}, \alpha_{s} X_{s}+h_{s} X_{s}\right)=e\left(s P,\left(\alpha_{s}+h_{s}\right) X_{s}\right)=e\left(s P,\left(\alpha_{s}+h_{s}\right) x_{s} Q_{s}\right) \\ & =e\left(P,\left(\alpha_{s}+h_{s}\right) s \cdot x_{s} \cdot Q_{s}\right)=e\left(P,\left(\alpha_{s}+h_{s}\right) S K_{i d_{s}}\right)=e(P, V)\end{aligned}\)

If any of the items are tampered with during the ring signing process, the verification will not be passed.

Secondly, in the process of confirming the identity of the real signer, it is necessary to verify that the equation e(𝑌_𝑠, 𝑇) = e(𝑃, 𝑉) be valid, which is proved as follows: e(𝑌_𝑠, 𝑇) = e(𝑥_𝑠 ∙ 𝑠𝑃, (𝛼_𝑠 + ℎ_𝑠)𝑄_𝑠) = e(𝑃, 𝑉).

Where the calculation of the value 𝑇 uses 𝑄_𝑠, the purpose of binding the identity of the real signer, a process that indicates that the signature satisfies the verifiability.

5.3 Unforgeability

Assuming that an attacker id_k attempts to forge the signature id_r of a real signer, a valid signature can be constructed directly using the signer's private key, but this process cannot be completed in this scenario.

Because in the above scenario, the private key of id_r is defined as SK_idr = 𝑥_𝑟 ∙ 𝑠 ∙ 𝑄_𝑟. Therefore, the attacker id_k must know two important parameters 𝑥_𝑟 and 𝑠. However, since 𝑥_𝑖 ∈ 𝑍*𝑞 is randomly selected by the signer, there is no way for id_k to obtain the private key SK_idr of id_r in the completely unknown case. Thus, in this case, there is no way to forge the valid signature.

6. Benchmark Test

This part simulates a verifiable ring signature algorithm and compares it with other methods for performance and functionality. The experimental running configuration is:I5-1135G7 @ 2.40GHz, 8GBRAM on the HUAWEI desktop, running on Windows 11, Eclipse development environment, using JAVA version 1.8.0 and JPBC version 2.0.0, in an implementation of the library Type-A-Class curves to form a symmetric first-order bilinear group.

6.1 Calculate overhead analysis

In this paper, the effectiveness of this scheme is evaluated by computational cost, the evaluation results are analyzed, and the computational overhead of several traceable ring signature schemes is compared [37-40]. Table 1 illustrates the meaning represented by the arithmetic symbols. A comparison of the performance of the various methods is given in Table 2. Fig. 6 shows how long the various methods take when n varies from 100 to 1000. For a clearer comparison, we specifically list the performance of total operations when n=1000, as shown in Fig. 7.

Table 1. Description of the symbols and different operation times

Table 2. Performance Comparison with Other Schemes

Fig. 6. Comparison of Total Cost

Fig. 7. Comparison of Total Cost (n=1000)

Regarding the whole cryptographic operation, we will find that Shen et al. [37] is 7nOP, Gayathri et al. [38] is 6nOP +7nOM, Wu et al. [39] is nOP+7nOM, Cui et al. [40] is 3nOM+2nOp, and ours are 2nOM+nOP. It can be seen that the scheme in this paper is more efficient and has a shorter overall length compared to those schemes in the literature.

7. Conclusion

In this paper, we construct a blockchain online financial transaction privacy protection protocol based on ring signatures. To achieve the hiding of transaction user information in the ring signature transaction protocol, we first design a verifiable ring signature scheme based on difficult problem assumptions, which is unforgeable, anonymous and verifiable. Secondly, our paper aims to build a scenario for blockchain online financial transactions using the high integrity of blockchain and the unconditional anonymity of ring signature, supplemented by smart contract technology, and proposes a privacy protection protocol for blockchain online financial transactions based on ring signature, which saves signature execution time and storage space, has lower complexity, shorter signature length and lower overhead, and can effectively improve the efficiency of signature and better protect the privacy of users in the transaction process.

In summary, this paper can achieve anonymity, verifiability and unforgeability of online transactions of digital assets with the help of blockchain and ring signature function, which is a secure and efficient ring signature scheme.