A non-contact security chip binding and verification method and system for digital collectibles

Abstract

The application discloses a kind of non-contact security chip and digital collection binding, verification method and system, by the signature of non-exportable private key is bound to digital collection, realize the trusted association of non-contact security chip and digital asset;Introduce the zero-knowledge proof of chip signature verification process generation zkVM, while protecting the privacy of verification, ensure that calculation is auditable;Identity root and state root are separated using double Merkle tree structure, identity and business state are independently managed and efficiently updated;Build the hierarchical model of off-chain real-time state maintenance and on-chain periodic anchoring, consider high-frequency interaction performance and blockchain final trustability;Rely on the physical security unit of non-contact chip as trust root, form complete trust chain from hardware layer to application layer, realize the private verifiable binding between physical trust root and on-chain digital asset.

Description

Technical Field

[0001] This invention relates to the field of digital artifact security technology, specifically to a non-contact security chip binding and verification method and system for digital artifacts. Background Technology

[0002] With the development of the digital economy, the integration of digital collectibles (digital certificates) with the real economy is becoming increasingly prominent. Anchoring and binding physical goods in the physical world with virtual assets in the digital world has become an important means of brand anti-counterfeiting, supply chain management, art authentication, and the digitization of membership rights. Through this binding, each physical item can obtain a unique digital identity, and its circulation information, ownership, and attached rights can be recorded and verified in the digital world. However, the aforementioned existing technologies have significant technical defects and security risks in practical applications, and cannot yet constitute a complete, reliable, and tamper-proof systematic solution. The following technical defects still exist:

[0003] 1. QR codes or NFC tags are easy to copy;

[0004] 2. Server-centralized verification can be tampered with;

[0005] 3. On-chain records alone cannot prove the authenticity of an entity;

[0006] 4. Cannot prevent replay attacks;

[0007] 5. Unable to defend against supply chain clone chip attacks.

[0008] Therefore, how to overcome the above-mentioned defects and provide a highly secure, reliable solution for binding digital collectibles with physical items that can resist physical and network layer attacks has become a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0009] The technical problem this invention aims to solve is that existing methods of binding digital collectibles to physical items cannot achieve a one-to-one binding and have poor security. The goal is to provide a contactless security chip binding and verification method and system for digital collectibles. By combining a non-derivative private key signature with the binding of digital collectibles, a trusted association between the contactless security chip and digital assets is achieved. ZKVM is introduced to generate zero-knowledge proofs for the chip signature verification process, ensuring auditable computation while protecting verification privacy. A dual Merkle tree structure is used to separate the identity root and state root, enabling independent management and efficient updates of identity and business state. A layered model is constructed, combining off-chain real-time state maintenance with on-chain periodic anchoring, balancing high-frequency interaction performance with the ultimate trustworthiness of the blockchain. Relying on the physical security unit of the contactless chip as the root of trust, a complete trust chain is formed from the hardware layer to the application layer, achieving a privacy-verifiable binding between the physical root of trust and on-chain digital assets.

[0010] This invention is achieved through the following technical solution:

[0011] The first aspect of this invention provides a method for binding and verifying a contactless security chip with a digital collectible, comprising the following specific steps:

[0012] A unique asymmetric key pair is generated for each contactless security chip. An on-chain identity root is constructed based on the unique asymmetric key pair, and an on-chain zero-knowledge verification contract is deployed to form a chip-level trusted identity anchor.

[0013] The server generates a random unique value Nonce and obtains a unique identifier TokenID for the digital collectible pre-stored on the blockchain. These are then sent to the contactless chip via the user's mobile phone. The contactless chip signs the message containing Nonce, TokenID, and chip serial number SN based on the private key of the key pair to generate a chip signature.

[0014] The edge computing node verifies the signature validity of the signature data and verifies that the public key belongs to the legitimate chip set, generating a zero-knowledge proof for the verification process in a zero-knowledge virtual machine environment;

[0015] Public inputs and zero-knowledge proofs are submitted to a blockchain smart contract, which verifies the legality of the zero-knowledge proofs and completes the binding confirmation or authenticity verification between the physical entity and the digital collectible after the verification is passed.

[0016] Furthermore, the formation of the chip-level trusted identity anchor point includes:

[0017] A unique asymmetric key pair (SK, PK) is generated for each contactless security chip, where the private key SK is stored in the chip's secure unit and cannot be exported;

[0018] A unique and unalterable chip serial number (SN) is physically written into the contactless security chip.

[0019] Obtain the ManufacturerID identifier for the contactless security chip;

[0020] Calculate the chip identity hash DeviceRoot based on the public key PK of the unique asymmetric key pair, the chip manufacturer identifier ManufacturerID, and the chip serial number SN;

[0021] All valid DeviceRoots are constructed into a Merkle tree to obtain the IdentityRoot, and the IdentityRoot is stored in the blockchain smart contract;

[0022] Deploy zero-knowledge proof validator contracts, RootHistory structures, and Nonce anti-replay record structures on the blockchain.

[0023] Furthermore, the generation of the chip signature includes:

[0024] Obtain the timestamp, system random number, and block height read from the blockchain in the current environment, generate a random unique value Nonce, and send it to the contactless security chip;

[0025] The contactless security chip performs a hash operation on the unique digital collectible identifier TokenID, chip serial number SN, and random unique value Nonce. Then, it uses the private key SK to sign the hash value to generate SignData and returns SignData, public key PK, and chip serial number SN.

[0026] Furthermore, the edge computing node verifies the signature validity of the signature data and verifies that the public key belongs to the legitimate chip set. The generation of zero-knowledge proofs for the verification process in a zero-knowledge virtual machine environment includes:

[0027] Edge nodes execute verification logic and generate zero-knowledge proofs in a zero-knowledge virtual machine. The verification logic includes: verifying the validity of the signature SignData, verifying whether the DeviceRoot to which the PK belongs exists in the IdentityRoot, verifying whether the current collection is not bound to other TokenIDs, and generating a new state leaf node StateLeaf.

[0028] Furthermore, the specific content of the verification includes:

[0029] The signature verification constraint is Verify(PK, Hash(Nonce+TokenID+SN), SignData)=true;

[0030] The authentication constraint, MerkleVerify(DeviceRoot, IdentityRoot)=true, is used to prove that DeviceRoot exists in the set of legitimate chips represented by IdentityRoot;

[0031] State transition legality constraints are used to ensure that the updates of state leaf nodes conform to preset state transition rules.

[0032] Furthermore, the generation of the new StateLeaf node specifically includes:

[0033] Define a StateLeaf node, where the leaf state includes unbound, bound, transferred, and invalid.

[0034] Construct a state tree, StateRoot, and maintain the State tree, StateRoot, off-chain in real time.

[0035] Furthermore, the zero-knowledge proof is generated by the prover using private and public inputs, and is used to prove that the prover possesses a legitimate identity associated with the digital collection, wherein:

[0036] Zero-knowledge proofs include: commitment values, query responses, polynomial low-degree proofs, and public input binding hashes;

[0037] The private inputs include: SignData, PK, Merkle path, and state old leaf;

[0038] The public inputs include: TokenID, IdentityRoot, CheckpointStateRoot, and NonceHash.

[0039] Furthermore, verifying the validity of the zero-knowledge proof includes:

[0040] Edge nodes submit ZK_Proof and public inputs to the blockchain smart contract;

[0041] The smart contract executes the following verification logic:

[0042] Call the STARK validator contract deployed on the chain to verify the validity of the zero-knowledge proof;

[0043] Verify that the IdentityRoot in the public input matches the identity root hash stored in the contract;

[0044] Verify that the NonceHash has not been used before, and record the NonceHash used this time to prevent replay attacks;

[0045] After successful verification, the binding status is updated, and the binding confirmation between the digital collection and the physical entity is executed.

[0046] Furthermore, after successful verification and confirmation of the binding or authenticity of the physical and digital collectibles, the process also includes real-time maintenance of the StateRoot and constraining state changes through zero-knowledge proofs, periodically aggregating the CheckpointStateRoot and IdentityRoot into the GlobalRoot for on-chain storage.

[0047] StateRoot is updated off-chain in real time, and all state changes must be verified by zero-knowledge proof constraints before they can be written.

[0048] The system generates a CheckpointStateRoot whenever a preset trigger condition is met.

[0049] The global root, GlobalRoot, is calculated by combining CheckpointStateRoot and IdentityRoot.

[0050] The GlobalRoot is sent as transaction data to the blockchain smart contract. After verification by the smart contract, the GlobalRoot is stored in the on-chain state space to form a traceable historical root record.

[0051] A second aspect of this invention provides a system for binding and verifying digital artifacts based on a contactless security chip, applied to a method for binding and verifying digital artifacts based on a contactless security chip, comprising:

[0052] A contactless security chip used to store a non-exportable private key and generate a chip signature;

[0053] On the server side, it is used to generate a random unique value Nonce and obtain the unique identifier TokenID of the digital collection pre-stored on the blockchain through the server side, and send it to the contactless chip through the user's mobile phone.

[0054] Edge computing nodes are used to perform signature verification and generate zero-knowledge proofs;

[0055] Blockchain smart contracts are used to verify zero-knowledge proofs and record binding results;

[0056] The identity registration module is used to maintain the root hash of the legitimate chip set.

[0057] Compared with the prior art, the present invention has the following advantages and beneficial effects:

[0058] By binding non-derivative private key signatures with digital collectibles, a trusted association between contactless security chips and digital assets is achieved. The zkVM is introduced to generate zero-knowledge proofs for the chip signature verification process, ensuring auditable computation while protecting verification privacy. A dual Merkle tree structure is used to separate the identity root and state root, enabling independent management and efficient updates of identity and business state. A layered model is constructed, combining off-chain real-time state maintenance with on-chain periodic anchoring, balancing high-frequency interaction performance with the ultimate trustworthiness of the blockchain. Relying on the physical security unit of the contactless chip as the root of trust, a complete trust chain is formed from the hardware layer to the application layer, achieving a privacy-verifiable binding between the physical root of trust and on-chain digital assets. Attached Figure Description

[0059] To more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, the accompanying drawings used in the embodiments will be briefly described below. It should be understood that the following drawings only show some embodiments of the present invention and should not be considered as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort. In the drawings:

[0060] Figure 1 This is a flowchart of the method in an embodiment of the present invention. Detailed Implementation

[0061] To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments and accompanying drawings. The illustrative embodiments and descriptions of the present invention are only used to explain the present invention and are not intended to limit the present invention.

[0062] As one possible implementation method, such as Figure 1 As shown, this embodiment provides a method for binding and verifying a contactless security chip with a digital collectible, including the following specific steps:

[0063] A unique asymmetric key pair is generated for each contactless security chip. Based on this unique asymmetric key pair, an on-chain identity root is constructed, and an on-chain zero-knowledge verification contract is deployed to form a chip-level trusted identity anchor. The server generates a random unique value (Nonce) and obtains a unique identifier (TokenID) for the digital collectible pre-stored on the blockchain. These are sent to the contactless chip via the user's mobile phone. The contactless chip signs the message containing the Nonce, TokenID, and chip serial number (SN) based on the private key of the key pair, generating a chip signature. Edge computing nodes verify the signature data for legality and verify that the public key belongs to the legitimate chip set. A zero-knowledge proof is generated for the verification process in a zero-knowledge virtual machine environment. The public input and the zero-knowledge proof are submitted to the blockchain smart contract, which verifies the legality of the zero-knowledge proof. Upon successful verification, the binding confirmation or authenticity verification between the entity and the digital collectible is completed. By binding non-derivative private key signatures with digital collectibles, a trusted association between contactless security chips and digital assets is achieved. The zkVM is introduced to generate zero-knowledge proofs for the chip signature verification process, ensuring auditable computation while protecting verification privacy. A dual Merkle tree structure is used to separate the identity root and state root, enabling independent management and efficient updates of identity and business state. A layered model is constructed, combining off-chain real-time state maintenance with on-chain periodic anchoring, balancing high-frequency interaction performance with the ultimate trustworthiness of the blockchain. Relying on the physical security unit of the contactless chip as the root of trust, a complete trust chain is formed from the hardware layer to the application layer, achieving a privacy-verifiable binding between the physical root of trust and on-chain digital assets.

[0064] The specific implementation process of this embodiment is as follows:

[0065] S1, System initialization and trust anchoring phase;

[0066] A unique asymmetric key pair (SK, PK) is generated for each contactless security chip, where the private key SK is stored within the chip's secure unit and cannot be exported; the public key PK can be publicly disclosed.

[0067] A unique and unalterable chip serial number (SN) is physically written into the contactless security chip.

[0068] Obtain the ManufacturerID for contactless security chips:

[0069] Calculate the chip identity hash DeviceRoot based on the public key PK of the unique asymmetric key pair, the chip manufacturer identifier ManufacturerID, and the chip serial number SN;

[0070] DeviceRoot = H(PK + SN + ManufacturerID), where H is a secure hash function;

[0071] All legitimate DeviceRoots are constructed into a Merkle tree to obtain the identity root, and the IdentityRoot is stored in the blockchain smart contract. The root hash of the legitimate chip set, IdentityRoot, is Merkle(DeviceRoot[]), which is used to prove that a certain chip's public key PK belongs to the legitimate chip set, that is, this chip is indeed an officially produced legitimate chip.

[0072] In this embodiment, all legitimate DeviceRoots are constructed into a Merkle tree to obtain the identity root. The chip identity hash DeviceRoot is calculated based on the unique public key PK, serial number SN, and manufacturer identifier ManufacturerID of each chip. Then, the DeviceRoots corresponding to the legitimate chips are collected to construct a Merkle tree.

[0073] S2, Initial binding process between physical and digital collections;

[0074] The server generates a random unique value Nonce=H(timestamp+blockHeight+random) and sends it to the contactless chip via the user's mobile phone. Here, blockHeight represents the restricted block range, which is read from the chain and verified by the contract to be less than the threshold when the difference between blockHeight and the current block is less than the threshold. timestamp represents the restricted time generated by the server, and random represents the anti-prediction function.

[0075] The contactless chip uses the private key SK to sign the hash (Nonce + TokenID + SN) to generate SignData, and returns SignData, public key PK and chip serial number SN. TokenID is a unique digital collectible identifier issued in the blockchain smart contract and is written into the contract after being generated on the digital collectible platform.

[0076] S3, Generation of zero-knowledge proofs for edge nodes

[0077] Edge nodes execute verification logic and generate zero-knowledge proofs within the zero-knowledge virtual machine. These proofs are then submitted to the blockchain smart contract, which in turn calls the zero-knowledge proof verifier to verify: the validity of the signature (SignData), the existence of the DeviceRoot to which the PK belongs in the IdentityRoot, whether the current collection is not bound to any other TokenID, and the generation of a new StateLeaf node. Specific verification content includes:

[0078] The signature verification constraint is Verify(PK, Hash(Nonce+TokenID+SN), SignData)=true;

[0079] The authentication constraint, MerkleVerify(DeviceRoot, IdentityRoot)=true, is used to prove that DeviceRoot exists in the set of legitimate chips represented by IdentityRoot;

[0080] State transition legality constraints are used to ensure that the updates of state leaf nodes conform to preset state transition rules.

[0081] The generation of a new StateLeaf node specifically includes:

[0082] Define a StateLeaf node, where the leaf state includes: 0 for unbound, 1 for bound, 2 for transferred, and 3 for invalid.

[0083] Construct a state tree StateRoot, StateRoot=Merkle(StateLeaf[]), and maintain the state tree StateRoot off-chain in real time.

[0084] S4. Submit the zero-knowledge proof to the blockchain smart contract;

[0085] Deploying zero-knowledge proof validator contracts, a RootHistory structure, and a Nonce anti-replay record structure on the blockchain, where RootHistory represents the on-chain history of Root versions, the system continuously updates the state tree to ensure historical traceability and verify the validity of a state at a specific point in time; and to prevent state rollback attacks. Without RootHistory, attackers could attempt to replay old state proofs or induce state rollback. With RootHistory, the on-chain record is immutable.

[0086] The zero-knowledge proof generated above is produced by the prover using private and public inputs, and is used to prove that the prover possesses a legitimate identity associated with the digital collectible, wherein:

[0087] Zero-knowledge proofs include: commitment values, query responses, polynomial low-degree proofs, and public input binding hashes;

[0088] Private inputs include: SignData, PK, Merkle path, and state old leaf;

[0089] The public inputs include: TokenID, IdentityRoot, CheckpointStateRoot, and NonceHash; among them, for the on-chain anti-replay record NonceHash, the original Nonce is not stored on the chain, but NonceHash=H(Nonce), and the on-chain storage is: mapping(bytes32=>bool)usedNonce;

[0090] When a user submits a NonceHash, the contract checks usedNonce[NonceHash]. If it is false, the contract passes and sets usedNonce[NonceHash] to true. This is mainly used to prevent replay attacks.

[0091] CheckpointStateRoot is the checkpoint root of the state tree. The system has a state Merkle Tree, StateRoot = Merkle(StateLeaf[]), but there is a problem that the state is updated very frequently. If it is updated on the chain every time, it will cause a gas explosion. Therefore, in this embodiment, the StateRoot is updated off-chain in real time, and CheckpointStateRoot is generated every once in a while.

[0092] S5, On-chain verification and binding confirmation;

[0093] Edge nodes submit ZK_Proof and public inputs to the blockchain smart contract;

[0094] The smart contract executes the following verification logic:

[0095] Call the STARK validator contract deployed on the chain to verify the validity of the zero-knowledge proof;

[0096] Verify that the IdentityRoot in the public input matches the identity root hash stored in the contract;

[0097] Verify that the NonceHash has not been used before, and record the NonceHash used this time to prevent replay attacks;

[0098] After successful verification, the binding status is updated, and the binding confirmation between the digital collection and the physical entity is executed.

[0099] After successful verification and confirmation of the binding or authenticity of the entity and digital collectible, the process also includes real-time maintenance of the final anchor StateRoot of the identity tree and state tree, constraining state changes through zero-knowledge proofs, and periodically aggregating the state tree checkpoints CheckpointStateRoot and IdentityRoot into GlobalRoot for on-chain storage. GlobalRoot = H(IdentityRoot + CheckpointStateRoot), which binds the chip identity set with the digital collectible state set together. GlobalRoot includes IdentityRoot and CheckpointStateRoot; IdentityRoot includes the chip identity hash DeviceRoot corresponding to multiple legitimate chips.

[0100] StateRoot is updated off-chain in real time. All state changes must be verified by zero-knowledge proof constraints before they can be written. The update interval can be every 5 minutes or every 1000 system updates.

[0101] The system generates a CheckpointStateRoot whenever a preset trigger condition is met.

[0102] The global root, GlobalRoot, is calculated by combining CheckpointStateRoot and IdentityRoot.

[0103] The GlobalRoot is sent as transaction data to the blockchain smart contract. After verification by the smart contract, the GlobalRoot is stored in the on-chain state space to form a traceable historical root record.

[0104] In this embodiment, the following security improvements have been made:

[0105] 1. Protection against replay attacks. The Nonce contains a timestamp and block height; the on-chain smart contract verifies whether the timestamp in the Nonce is within a valid window of the current block height (e.g., ±10 blocks), rather than storing all historical Nonces.

[0106] 2. Prevent chip cloning. Only PKs within IdentityRoot are legitimate.

[0107] 3. Prevent database tampering. The database is not used as a source of trust; the on-chain root is the ultimate anchor point.

[0108] 4. Prevent malicious behavior by edge nodes. All verification logic is constrained by zero-knowledge proofs; edge nodes cannot be forged.

[0109] As one possible implementation, this embodiment provides a system for binding and verifying digital artifacts based on contactless security chips, applied to the method of binding and verifying contactless security chips and digital artifacts, including:

[0110] A contactless security chip used to store a non-exportable private key and generate a chip signature;

[0111] On the server side, it is used to generate a random unique value Nonce and obtain the unique identifier TokenID of the digital collection pre-stored on the blockchain through the server side, and send it to the contactless chip through the user's mobile phone.

[0112] Edge computing nodes are used to perform signature verification and generate zero-knowledge proofs;

[0113] Blockchain smart contracts are used to verify zero-knowledge proofs and record binding results;

[0114] The identity registration module is used to maintain the root hash of the legitimate chip set.

[0115] The specific embodiments described above further illustrate the purpose, technical solution, and beneficial effects of the present invention. It should be understood that the above description is only a specific embodiment of the present invention and is not intended to limit the scope of protection of the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.

Claims

1. A method for binding and verifying a contactless security chip with a digital artifact, characterized in that, The specific steps include the following: A unique asymmetric key pair is generated for each contactless security chip. An on-chain identity root is constructed based on the unique asymmetric key pair, and an on-chain zero-knowledge verification contract is deployed to form a chip-level trusted identity anchor. The server generates a random unique value Nonce and obtains a unique identifier TokenID for the digital collectible pre-stored on the blockchain. These are then sent to the contactless chip via the user's mobile phone. The contactless chip signs the message containing Nonce, TokenID, and chip serial number SN based on the private key of the key pair to generate a chip signature. The edge computing node verifies the signature validity of the signature data and verifies that the public key belongs to the legitimate chip set, generating a zero-knowledge proof for the verification process in a zero-knowledge virtual machine environment; Public inputs and zero-knowledge proofs are submitted to a blockchain smart contract, which verifies the legality of the zero-knowledge proofs and completes the binding confirmation or authenticity verification between the physical entity and the digital collectible after the verification is passed.

2. The method for binding and verifying a contactless security chip with a digital collectible according to claim 1, characterized in that, The formation of chip-level trusted identity anchors includes: A unique asymmetric key pair (SK, PK) is generated for each contactless security chip, where the private key SK is stored in the chip's secure unit and cannot be exported; A unique and unalterable chip serial number (SN) is physically written into the contactless security chip. Obtain the ManufacturerID identifier for the contactless security chip; Calculate the chip identity hash DeviceRoot based on the public key PK of the unique asymmetric key pair, the chip manufacturer identifier ManufacturerID, and the chip serial number SN; All valid DeviceRoots are constructed into a Merkle tree to obtain the IdentityRoot, and the IdentityRoot is stored in the blockchain smart contract; Deploy zero-knowledge proof validator contracts, RootHistory structures, and Nonce anti-replay record structures on the blockchain.

3. The method for binding and verifying a contactless security chip with a digital collectible according to claim 1, characterized in that, The generation of the chip signature includes: Obtain the timestamp, system random number, and block height read from the blockchain in the current environment, generate a random unique value Nonce, and send it to the contactless security chip; The contactless security chip performs a hash operation on the unique digital collectible identifier TokenID, chip serial number SN, and random unique value Nonce. Then, it uses the private key SK to sign the hash value to generate SignData and returns SignData, public key PK, and chip serial number SN.

4. The method for binding and verifying a contactless security chip with a digital artifact according to claim 1, characterized in that, The edge computing node verifies the signature validity of the signature data and verifies that the public key belongs to the legitimate chip set. The generation of zero-knowledge proofs for the verification process in the zero-knowledge virtual machine environment includes: Edge nodes execute verification logic and generate zero-knowledge proofs in a zero-knowledge virtual machine. The verification logic includes: verifying the validity of the signature SignData, verifying whether the DeviceRoot to which the PK belongs exists in the IdentityRoot, verifying whether the current collection is not bound to other TokenIDs, and generating a new state leaf node StateLeaf.

5. The method for binding and verifying a contactless security chip with a digital artifact according to claim 4, characterized in that, The specific content of the verification includes: The signature verification constraint is Verify(PK, Hash(Nonce+TokenID+SN), SignData)=true; The authentication constraint, MerkleVerify(DeviceRoot, IdentityRoot)=true, is used to prove that DeviceRoot exists in the set of legitimate chips represented by IdentityRoot; State transition legality constraints are used to ensure that the updates of state leaf nodes conform to preset state transition rules.

6. The method for binding and verifying a contactless security chip with a digital artifact according to claim 4, characterized in that, The generation of the new StateLeaf node specifically includes: Define a StateLeaf node, where the leaf state includes unbound, bound, transferred, and invalid. Construct a state tree, StateRoot, and maintain the State tree, StateRoot, off-chain in real time.

7. The method for binding and verifying a contactless security chip with a digital artifact according to claim 1, characterized in that, The zero-knowledge proof is generated by the prover using private and public inputs, and is used to prove that the prover possesses a legitimate identity associated with the digital collectible, wherein: Zero-knowledge proofs include: commitment values, query responses, polynomial low-degree proofs, and public input binding hashes; The private inputs include: SignData, PK, Merkle path, and state old leaf; The public inputs include: TokenID, IdentityRoot, CheckpointStateRoot, and NonceHash.

8. The method for binding and verifying a contactless security chip with a digital collectible according to claim 1, characterized in that, Verifying the validity of the zero-knowledge proof includes: Edge nodes submit ZK_Proof and public inputs to the blockchain smart contract; The smart contract executes the following verification logic: Call the STARK validator contract deployed on the chain to verify the validity of the zero-knowledge proof; Verify that the IdentityRoot in the public input matches the identity root hash stored in the contract; Verify that the NonceHash has not been used before, and record the NonceHash used this time to prevent replay attacks; After successful verification, the binding status is updated, and the binding confirmation between the digital collection and the physical entity is executed.

9. The method for binding and verifying a contactless security chip with a digital collectible according to claim 1, characterized in that, After successful verification and confirmation of the binding or authenticity of the physical and digital collectibles, the process also includes real-time maintenance of the StateRoot and constraint of state changes through zero-knowledge proofs, and periodically aggregating the CheckpointStateRoot and IdentityRoot into the GlobalRoot for on-chain storage. StateRoot is updated off-chain in real time, and all state changes must be verified by zero-knowledge proof constraints before they can be written. The system generates a CheckpointStateRoot whenever a preset trigger condition is met. The global root, GlobalRoot, is calculated by combining CheckpointStateRoot and IdentityRoot. The GlobalRoot is sent as transaction data to the blockchain smart contract. After verification by the smart contract, the GlobalRoot is stored in the on-chain state space to form a traceable historical root record.

10. A system for binding and verifying digital artifacts based on a contactless security chip, applied to the contactless security chip and digital artifact binding and verification method described in claims 1-9, characterized in that, include: A contactless security chip used to store a non-exportable private key and generate a chip signature; On the server side, it is used to generate a random unique value Nonce and obtain the unique identifier TokenID of the digital collection pre-stored on the blockchain through the server side, and send it to the contactless chip through the user's mobile phone. Edge computing nodes are used to perform signature verification and generate zero-knowledge proofs; Blockchain smart contracts are used to verify zero-knowledge proofs and record binding results; The identity registration module is used to maintain the root hash of the legitimate chip set.

Images