A Hub-Based Efficient Blind Transfer Method
By utilizing the ObliHub method and the Odd Puzzle Transfer Protocol (OPT), the issues of linkability of the sender's identity and communication overhead in blockchain payment channel networks are resolved, achieving efficient and secure off-chain transfer and improving blockchain scalability and privacy protection.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- QUFU NORMAL UNIV
- Filing Date
- 2022-11-02
- Publication Date
- 2026-06-30
AI Technical Summary
In existing blockchain payment channel networks, issues with the linkability of transmitted identities and communication overhead are not ideal, resulting in insufficient privacy protection and low efficiency.
The efficient oblivious transmission method based on Hub nodes (ObliHub) is adopted. Through a two-stage information transmission process, the oblivious puzzle transmission protocol (OPT) is used to ensure the unlinkability and anonymity of the transmission, avoid intermediate nodes from inferring the identity of the transmitter, and simplify cryptographic operations.
It achieves the non-linkability, anonymity, and atomicity of off-chain transmission, reduces communication overhead and the number of interactions, increases transmission throughput, and enhances the scalability and privacy protection of the blockchain.
Smart Images

Figure CN115695016B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of blockchain and cryptography, specifically to a high-efficiency blind transmission method based on a hub. Background Technology
[0002] In recent years, the scalability of blockchain has become a bottleneck restricting its large-scale commercial application. Therefore, scaling has become the most pressing issue for blockchain today.
[0003] Generally, there are two methods for scaling: Layer 1 and Layer 2 scaling techniques. The former achieves scaling by modifying the blockchain itself (e.g., the consensus mechanism), such as sharding. The latter achieves scaling by moving computation off-chain, such as sidechains, payment channel networks, Plasma, and the Tenfold protocol. Payment channel networks establish multiple bidirectional payment channels between multiple nodes, using hash time-locked contracts to complete data transmission between these nodes. However, the efficiency of hash time-locked contracts has long been criticized in industry. To reduce runtime and communication burden, Malavolta G et al. proposed multi-hop hash time-locked contracts, the core of Fulgor and Rayo, enabling the deployment of payment channel networks in practice. However, in the work of Poon, J. et al. and Malavolta G et al., all nodes use the same confirmation value when completing the contract, which may lead to the theft of transmission fees from intermediate nodes, potentially triggering wormhole attacks. To address this issue, Malavolta G et al. proposed Anonymous Multi-Hop Locks (AMHLs). By introducing an additional communication phase, different bidirectional payment channels use different confirmation values during contract execution, preventing any two nodes in the path from colluding to steal the node transmission fees between them, thus effectively resisting wormhole attacks.
[0004] However, AMHLs do not address the issue of identity linkability related to transmission. For example, in off-chain multi-node transmissions, intermediate nodes can still know sensitive information such as the identities of the participants, amounts, and transmission directions. Ferenc Beres et al. pointed out that due to the small-world nature of LNs, even if the two parties transmit via Tor, their identities can be inferred, and their relationship can be linked by the transmission direction. Ferenc Beres et al. proposed a method to inject additional hops into the routing path, enhancing privacy protection for both parties with minimal additional transmission costs. Furthermore, virtual payment channels establish a virtual channel between the initiating and receiving nodes, allowing most transmissions to be completed without intermediate nodes. However, intermediate nodes still know when the virtual payment channel is open and closed. Therefore, intermediate nodes can infer the transmission identities and relationships of the initiating and receiving nodes based on information such as the balance in the last transmission transaction.
[0005] Recently, payment gateway solutions have emerged that can guarantee the transmission relationship between the initiating and receiving nodes without linking them, thereby protecting the privacy of both parties. TumbleBit is the first payment gateway solution, primarily using off-chain puzzle-solving to achieve the effect of on-chain transmission. Similar solutions include BOLT and A 2 L. Where A 2 L transmits data through a non-trusted third-party payment channel hub node, ensuring the unlinkability, reliability, and atomicity of the transmission identities of the participating parties. While this solves the unlinkability problem, because A... 2 L uses a variety of complex cryptographic primitives, such as commitment, homomorphic encryption, zero-knowledge encryption, randomized puzzles, and adapter signatures, which leads to its inherent communication overhead and complexity being less than ideal. Summary of the Invention
[0006] To overcome the shortcomings of poor linkability and communication overhead in transmitting identity, this invention provides an efficient blind transmission method based on Hub nodes.
[0007] The technical solution adopted in this invention is as follows: First, a random puzzle transmission protocol (OPT) is constructed, which enables the initiator and the Hub to transmit information through a random puzzle channel using the puzzle number as the confirmation value. In other words, for other nodes such as the Hub, OPT can prevent other nodes from inferring the transmission relationship between the initiator and the receiver. We propose an efficient random transmission method based on the Hub—ObliHub. This method realizes the information transmission between the three parties in two stages. Specifically, in the first stage, the Hub and the receiver first generate some random puzzles. Then, the initiator obtains the solution to the puzzle from the Hub through random transmission and sends it to the receiver. The receiver solves the puzzle to complete the transmission. The second stage is for the initiator and the Hub to complete the transmission using the OPT protocol. This transmission is conditional; that is, the OPT process must be completed before the transmission between the Hub and the receiver can be completed. Therefore, ObliHub can guarantee the non-linkability, anonymity, and atomicity of off-chain transmissions.
[0008] The scheme for implementing a scalable and non-linkable payment channel center using unintentional puzzle transfer in this invention involves three entities: the payment channel center node Hub, the transmission initiator, and the transmission receiver. Attached Figure Description
[0009] The invention will now be further described with reference to the accompanying drawings, in which:
[0010] Figure 1 A framework diagram of an efficient blind transmission method based on a hub.
[0011] Figure 2 A comparison chart of the transmission throughput of the two methods.
[0012] Figure 3 A comparison chart of the number of interactions between the two methods.
[0013] Figure 4 A comparison chart of the communication overhead of the two methods. Detailed Implementation
[0014] To make the process, objectives, and advantages of this invention clearer, the two stages of this invention will be further described below.
[0015] ObliHub consists of two phases: the puzzle generation phase (in Hub P) and the puzzle generation phase. T and receiver P R (between) and the puzzle transmission phase (at the initiator P) S and Hub P T (between). During the puzzle generation phase, P R Send transmission request, P T Give P R A puzzle Z b (Including number b). If P R The transmission can only be completed by solving the puzzle within the specified time. Secondly, P R The number will be sent to P via their secure channel. S In the next stage, P T and P S Running the OPT protocol, P S From P T Obtain puzzle Z b Solution α b At the same time, the output q = pk⊕P is calculated as a marker indicating the end of the OPT protocol, thus avoiding the public disclosure of the data α that needs to be transmitted. b Subsequently, P S Solution α b Transmitted to P via secure channel R Subsequently, P R Send the solution to the puzzle to P T And complete the transmission. At this point, P... S and P R Transmission between them via P T Finish. Figure 1 It describes a framework for an efficient blind transmission method based on a hub.
[0016] F OPT This represents the function that can transmit the puzzle in the diagram. Release represents the receiver solving the puzzle.
[0017] (1) Puzzle generation stage:
[0018] Input: P R The requested message mes = (C(P) T ,P R ),C(P T ,P R ).state,V); Set the time to 3 days;
[0019] Output: P R I received a riddle;
[0020] ①P R Send request message mes = (C(P) T ,P R ),C(P T ,P R ).state,V), if P T Test C(P) T ,P R There exists a channel state C(P) T ,P R ).state ≠open or the amount of data to be transferred is greater than its maximum load capacity (V>cash) T If P is interrupted, then the process is interrupted. Otherwise, P... T Select a random number M b And g, calculate puzzle Z b =g Mb And generate a proof π←{P NIZK ({b and P) R It is the only corresponding one, and Z b There is a correct solution. Then, π and puzzle Z... b And its number b is sent to P R ;
[0021] ②P R Verify V NIZK If (b,π)≠1, then the operation is interrupted. Otherwise, P R Select random numbers r1 and P. S Using the public key Q1 and the base point G, the number of the puzzle Enc(b) = (r1G, b + r1Q1) is encrypted using elliptic curve cryptography. Then, the encrypted ciphertext Enc(b) and π are sent to P. S ;
[0022] (2) The stage of transmitting the puzzle of confusion.
[0023] Input: P S Input message request and number b, P T Input solution set {α0, α1, ..., α n Set the time to 2 days; auxiliary input: session ID sid;
[0024] Mixed ideality of function F mode CRS :F mode CRS Received P S The input (sid, b) and P T The input (sid, α0, α1, ..., α) n ), return to P S and P T The same (sid,crs);
[0025] Output: P S Received q=pk⊕P and α b P T Received q=pk⊕P;
[0026] ①P S Decrypt the ciphertext using your private key k to obtain the number b = Dec(Enc(b)) = {(b+rQ1)-k(r1G)} = {(b+r1(kG))-k(r1G)}, and send a request message mes to P. T P T Give P S Send a commitment c = Com(P; r) for the value P, where r is a random number;
[0027] ②P S and P T Input (sid,b) and (sid,α) respectively i ) to F mode CRS , where i = {1, ..., n}. P S and P T Received from F mode CRS (sid,crs). Then P S The public and private keys on encryption branch b are obtained by calculating KeyGen(crs,b), and the public key pk is sent to P. T ;
[0028] ③P T For each solution, calculate y. i =Enc(pk,i,α) i P T The calculated y i The settlement commitment decom(c) = (P; r) is sent to P. S ;
[0029] ④P S Dec(sk,y) is calculated by decryption. b ) to obtain α bIf decryption fails, the transmission protocol is terminated. Otherwise, P... S Calculate the output: q = pk⊕P; P T Calculate the output: q = pk⊕P. During transmission, verify that the q values of the two are the same to complete the transmission. Then, the initiator P... S Choose random numbers to let r2 and P R The public key Q2 will decrypt Enc(α) b )=(r2G,α b +r2Q2) sent to P R ;
[0030] Finally, receiver P R Using α b Solve the puzzle in the first stage to update the balance.
[0031] The steps of our method are shown above. In the first stage, π is used to verify the receiver, the number is bound, and the puzzle has a correct solution. This is to avoid P. R Cause P S Loss of transmission fees.
[0032] Validation of the invention
[0033] We conducted local simulation experiments to verify its effectiveness. Meanwhile, the present invention satisfies the following safety attributes:
[0034] Atomicity. The inability to complete atomic transmission occurs when one of the two channels fails to transmit, meaning only P... S and P T Complete transmission or only P T The transmission is completed with PR. In the first case, it's P... R No solution received, or P R The received solution is insufficient to solve the puzzle. One possibility is due to the delay P. R No solution received, but P S The payment initiator can try sending it again. On the other hand, if P... T If the given solution is incorrect, the second phase cannot be completed, and therefore the first scenario will not occur. The second scenario is P. R It can solve the puzzle and complete the transmission on its own, which also means P R Solving the Discrete Logarithm (DLOG) problem is difficult, as has been proven by the academic community.
[0035] Unlinkability. Unlinkability refers to the situation where, when two parties are transmitting data through the payment channel hub node, the hub node cannot obtain information about the transmission direction from the initiator and receiver. Based on our premise that the amount of data transmitted in the PCH is the same, therefore P... TThe relationship between the transmitting parties is not inferred from the data volume. Secondly, the concept of blind transmission ensures that the participants do not learn each other's private information (such as identity or transmission direction) during the interaction. In particular, we use multiple puzzles to prevent the Hub node from knowing the correspondence between the sender and receiver of each transmission. This further enhances the unlinkability of the sender and receiver.
[0036] Defending against DoS attacks. This article considers allowing P... R By using a smart contract to deposit a security stake, once P... R P does not respond within the specified time T The deposit will be deducted upon receiving the transmission request. R To become the primary bearer of the consequences of attacks and to curb the occurrence of such phenomena.
[0037] Experimental results show that: Figure 2 , Figure 4 This invention differs from the previous method A. 2 Compared to L, it has significant advantages in terms of transmission throughput and the total number of bytes required for communication. For example... Figure 3 When the initiator and receiver have m transmissions to complete, only 6m+2 interactions are needed, compared to 9m interactions required by the previous scheme. This invention eliminates the need for each user to calculate digital signatures except for the opening and closing of the two payment channels. It only requires linear computational complexity of the Odd Puzzle Transmission Protocol (OPT). In Table 2, we compare it with A... 2 The article L made a comparison, and in the column for the number of operations, the part before the semicolon indicates A. 2 The number of times L is represented by the semicolon, indicating the number of operations performed. This is quite evident. We used commitment schemes and non-interactive zero-knowledge proofs, but instead of complex cryptographic primitives like adapter signatures, we utilized blind transport and elliptic curve cryptography for transmission. From a phase perspective, this invention only requires two rounds to complete the puzzle answer transmission task. Therefore, this invention can increase the transmission throughput under blockchain, enabling more data transmission and thus facilitating our solution to the scalability problem of blockchain.
[0038] Table 1 and A 2 L's technical comparison
[0039]
[0040]
Claims
1. A high-efficiency blind transmission method based on a hub, characterized in that: (1) Since the payment channel central node Hub needs to perform multiple data transmission tasks, it will generate different puzzles for each receiver. The specific process of its puzzle generation stage is as follows: Input: P R The requested message mes = (C(P) T ,P R ),C(P T ,P R ).state,V); Set the time to 3 days; Output: P R I received a riddle; ①P R Send request message mes = (C(P) T ,P R ),C(P T ,P R ).state,V), if P T Test C(P) T ,P R There exists a channel state C(P) T ,P R ).state ≠open or the amount of data to be transferred is greater than its maximum load capacity (V>cash) T If P is interrupted, then P is interrupted; otherwise, P is interrupted. T Select a random number M b And g, calculate puzzle Z b =g Mb And generate a proof π←{P NIZK ({b and P) R It is the only corresponding one, and Z b There is a correct solution}); then π, puzzle Z b And its number b is sent to P R ; ②P R Verify V NIZK If (b,π)≠1, then the operation is interrupted; otherwise, P R Select random numbers r1 and P. S Using the public key Q1 and the base point G, the number of the puzzle Enc(b) = (r1G, b + r1Q1) is encrypted using elliptic curve cryptography. Then, the encrypted ciphertext Enc(b) and π are sent to P. S ; (2) The specific process of the puzzle transmission phase is as follows: Input: P S Input encrypted ciphertext Enc(b), P T Input solution set {α0, α1, ..., α n }; Set the time to 2 days; Auxiliary input: Session ID sid; Mixed ideality of function F mode CRS :F mode CRS Received P S The input (sid, b) and P T The input (sid, α0, α1, ..., α) n ), return to P S and P T The same (sid,crs); Output: P S Received q=pk⊕P and α b ;P T Received q=pk⊕P; ①P S Decrypt the ciphertext Enc(b) using your private key sk to obtain the number b = Dec(Enc(b)) = {(b + rQ1) - sk(r1G)} = {(b + r1(skG)) - sk(r1G)}, and send a request message mes to P. T P T Give P S Send a commitment c = Com(P; r) for the value P, where r is a random number; ②P S and P T Input (sid,b) and (sid,α) respectively i ) to F mode CRS Where i = {1, ..., n}; P S and P T Received from F mode CRS (sid,crs); then P S The public and private keys on encryption branch b are obtained by calculating KeyGen(crs,b), and the public key pk is sent to P. T ; ③P T For each solution, calculate y. i =Enc(pk,i,α) i ); P T The calculated y i The settlement commitment decom(c) = (P; r) is sent to P. S ; ④P S Dec(sk,y) is calculated by decryption. b ) to obtain α b If decryption is not possible, the transmission protocol is terminated; otherwise, P... S Calculate the output: q = pk⊕P; P T Calculate the output: q = pk⊕P; when transmitting, verify that the q values of the two are the same to complete the transmission; then the initiator P... S Choose random numbers r2 and P. R The public key Q2 will be used to decrypt Enc(α). b )=(r2G,α b +r2Q2) sent to P R ; Finally, receiver P R Using α b Solve the puzzle in the first stage to update the balance; at this point, P S and P R Transmission between them is via P T Finish.