Blockchain cross-chain scenario digital asset secure transfer and privacy protection system
By employing a collaborative architecture of a decentralized notary network and a privacy computing relay chain, combined with BLS signature and distributed key generation technologies, the problem of insufficient privacy protection and security in cross-chain technology is solved, enabling secure transfer and consistency of cross-chain assets and meeting compliance traceability requirements.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING LIBAO TECH CO LTD
- Filing Date
- 2026-04-02
- Publication Date
- 2026-07-14
AI Technical Summary
Existing cross-chain technologies have shortcomings in terms of privacy protection and security. Hash time locking contracts lead to the leakage of transaction graphs, and traditional notary mechanisms have the risk of single point of failure and moral hazard, as well as high computational overhead, and cannot effectively solve the problem of inconsistent cross-chain states.
It adopts a collaborative architecture of decentralized notary network and privacy computing relay chain, utilizes trusted execution environment and one-time address derivation mechanism, combined with BLS signature algorithm and distributed key generation technology to achieve secure transfer and privacy protection of cross-chain assets.
It effectively blocks the correlation between the source chain and the target chain transactions, avoids the risk of single point of failure, ensures the consistency of cross-chain asset locking and minting status, achieves strong atomicity guarantee, and meets compliance traceability requirements while protecting user privacy.
Smart Images

Figure CN122390742A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of blockchain technology, specifically to a system for secure transfer and privacy protection of digital assets in cross-chain blockchain scenarios. Background Technology
[0002] Currently, with the diversified development of blockchain technology, the demand for value exchange between heterogeneous blockchain systems such as the Bitcoin network, Ethereum network, and Hyperledger Fabric is growing. Cross-chain technology aims to solve the interoperability problem between different blockchain platforms. The mainstream technical approaches currently include hash time-locked contracts, notary mechanisms, and sidechain / relay mechanisms.
[0003] However, existing technologies have revealed some shortcomings when dealing with increasingly complex cross-chain asset transfer scenarios. For example, in terms of privacy protection, hash time locking contracts require both parties to disclose the same hash preimage on both chains. This means that any third party that can observe on-chain information can use the hash value to associate transactions on the source chain and the target chain, thereby inferring the existence of cross-chain behavior and the address association between the two parties, resulting in serious transaction graph leakage.
[0004] In addition, in terms of security, traditional notary mechanisms usually rely on a single centralized node or a fixed multi-signature group to maintain the cross-chain transaction state. This model not only introduces the risk of single point of failure, but also cannot effectively resist internal malicious behavior. Notaries are subject to the moral hazard of misappropriating locked assets.
[0005] While some existing solutions attempt to introduce zero-knowledge proof technology to enhance privacy, their computational overhead is significant, and they lack systematic atomicity guarantees for double-spending or transaction rollback issues caused by inconsistencies between the source and target chains during cross-chain processes.
[0006] In addition, while some newer studies have begun to explore combining trusted execution environments with cross-chain communication or introducing threshold signature mechanisms to enhance decentralization, they have not yet effectively solved how to achieve regulatory compliance and traceability while protecting the privacy of transaction associations, nor have they fully resolved the issue of high consistency between asset locking and minting states in heterogeneous chain environments. Summary of the Invention
[0007] To address these issues, this invention provides a system for secure transfer and privacy protection of digital assets in cross-chain blockchain scenarios.
[0008] To achieve the above objectives, the present invention provides the following technical solution:
[0009] A secure digital asset transfer and privacy protection system for cross-chain blockchain scenarios, including;
[0010] Source Chain is equipped with asset locking contracts, which are used to receive asset locking transactions initiated by users and generate locking events containing transaction commitment values and regulatory encrypted information.
[0011] The target chain is equipped with an asset minting contract, which is used to mint mapped assets based on the aggregated verification results and transfer them to the recipient's one-time privacy address.
[0012] The decentralized notary network consists of multiple notary nodes with a trusted execution environment, used to monitor the locking event, verify the legality of the transaction, and generate partial transfer proofs; the decentralized notary network randomly elects committee nodes from all notary nodes, and only the elected committee nodes participate in generating partial transfer proofs;
[0013] The privacy computing relay chain is communicatively connected to the decentralized notary network and the target chain, respectively, and is used to aggregate and verify the partial transfer proofs, and submit the aggregated proofs and transaction parameters to the target chain;
[0014] The regulatory interface module, linked to the privacy computing relay, is used to authorize regulatory agencies to decrypt transaction information, thereby achieving traceable privacy protection.
[0015] Furthermore, the notary node executes verification logic within the trusted execution environment, and the notary node can verify the matching of the number of block confirmations for the locked transaction, the transaction amount and the shadow address hash, as well as the correctness of the encrypted information format.
[0016] Furthermore, the privacy computing relay chain adopts a threshold signature mechanism to aggregate and verify the partial transfer proofs. The threshold signature mechanism is based on the BLS signature algorithm and requires that a valid aggregate signature can only be generated after the number of collected partial signatures reaches a preset threshold value.
[0017] Furthermore: the BLS signature algorithm is based on bilinear pairing groups. and The signature generation formula is:
[0018] ;
[0019] ;
[0020] The verification formula is:
[0021] The global public key is:
[0022] ;
[0023] in, and These are two different elliptic curve groups; and Groups and Generators; To send any message Hash to group The function; The message to be signed; h represents the message. The group obtained after hashing element; is the signer's private key; 'e' is a bilinear pairing mapping; is the BLS signature result; pk is the global public key.
[0024] Furthermore: the threshold signature mechanism combines distributed key generation technology, with each notary node holding a share of the private key. The total private key is The aggregate signature is generated by combining Lagrange interpolation values.
[0025] Furthermore: the one-time privacy address is generated by a one-time address derivation module, which derives a unique target link receiving address within a trusted execution environment based on the recipient's public key and the transaction random number.
[0026] Furthermore, the regulatory encrypted information includes the real addresses of both parties to the transaction and the transaction amount, and is encrypted and stored in the privacy computing relay chain using a regulatory public key.
[0027] Furthermore, upon startup, the notary node registers its identity and the measurement value of the trusted execution environment with the privacy computing relay chain through a remote authentication mechanism.
[0028] Furthermore: After verifying the validity of the aggregated signature proof, the asset minting contract mints an equal amount of mapped assets and transfers them to a one-time privacy address, completing the secure transfer of assets from the source chain to the target chain.
[0029] This invention has the following advantages: By introducing a decentralized notary network with a trusted execution environment and a privacy computing relay chain collaborative architecture, this invention effectively solves the shortcomings of existing cross-chain technologies in terms of privacy protection and security; by utilizing the internal verification of the trusted execution environment and the one-time address derivation mechanism, it blocks the correlation between transactions between the source chain and the target chain, overcoming the problem that traditional hash time-locked contracts are prone to leakage of transaction graphs; at the same time, by adopting a threshold signature mechanism based on BLS signatures and distributed key generation technology, it avoids the risk of malicious behavior by a single notary node or single point of failure, ensuring a high degree of consistency between the cross-chain asset locking and minting state, and achieving strong atomicity guarantee.
[0030] In addition, the introduction of the regulatory interface module enables compliance traceability requirements to be met while protecting user privacy, thus balancing privacy and regulatory compliance.
[0031] Other features and advantages of the present invention will be set forth in the following description. Attached Figure Description
[0032] To more intuitively illustrate the prior art and this application, exemplary drawings are provided below. It should be understood that the specific shapes and structures shown in the drawings should not generally be regarded as limiting conditions for implementing this application; for example, based on the technical concept disclosed in this application and the exemplary drawings, those skilled in the art are able to easily make conventional adjustments or further optimizations to the addition / reduction / classification, specific shapes, positional relationships, connection methods, size ratios, etc. of certain units (components).
[0033] Figure 1 This is an architecture diagram of a blockchain cross-chain scenario digital asset secure transfer and privacy protection system provided in this application embodiment. Detailed Implementation
[0034] The following specific embodiments illustrate the implementation of the present invention. Those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this specification. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. It should be understood that these embodiments are merely for further explanation of the present invention and should not be construed as limiting the scope of protection of the present invention. Those skilled in the art can make some non-essential improvements and adjustments to the present invention based on the above-described content.
[0035] A system for secure transfer and privacy protection of digital assets in a blockchain cross-chain scenario includes a source chain, a target chain, a decentralized notary network, a privacy computing relay chain, and a regulatory interface module.
[0036] The source chain has an asset locking contract deployed to receive asset locking transactions initiated by users and generate locking events that include transaction commitment values and regulatory cryptographic information.
[0037] The target chain has an asset minting contract deployed on it, which is used to mint the corresponding mapped assets based on the aggregated verification results submitted by the privacy computing relay chain and transfer them to the recipient's one-time privacy address.
[0038] The decentralized notary network consists of multiple independently deployed notary nodes with trusted execution environments. Each notary node listens for locking events on the source chain, verifies the legality of transactions within the trusted execution environment, and generates partial transfer proofs based on distributed key generation technology.
[0039] The privacy computing relay chain communicates with the decentralized notary network and the target chain respectively, uses a threshold signature mechanism to aggregate and verify the collected partial transfer proofs, and submits the aggregated proofs and transaction parameters to the target chain;
[0040] The threshold signature mechanism uses the BLS signature algorithm, which requires that a valid aggregate signature be generated and submitted to the target chain only after the number of collected partial signatures reaches a preset threshold, in order to prevent a few nodes from acting maliciously.
[0041] The regulatory interface module is connected to the privacy computing relay chain. By submitting authorization credentials, regulatory agencies can decrypt and obtain the anonymous shadow addresses of both parties to the transaction and the transaction amount, enabling authorized transaction traceability.
[0042] See Figure 1 An asset locking contract is deployed on the source chain. When user A initiates a cross-chain transfer, he first constructs and broadcasts a transaction on the source chain, sending a specific number of digital assets to the address of the asset locking contract. After the asset locking contract confirms that the assets have arrived and the transaction has reached a sufficient number of confirmations, it issues a "Locked" event containing the transaction commitment value and encrypted information.
[0043] The transaction contains the hash value of the shadow address of the transaction recipient (User B) on the target chain, as well as the real transaction information encrypted using the regulatory public key; the real transaction information includes the real addresses of both parties and the transaction amount.
[0044] The decentralized notary network has several notary nodes; each notary node is a server deployed on hardware that supports a trusted execution environment (such as Intel SGX or ARM TrustZone); each notary node listens for the "Locked" event of the source chain.
[0045] Upon detecting an event, the node performs the following operations within its trusted execution environment:
[0046] First, verify the depth and legitimacy of the locked transaction; second, based on the information contained in the locked event, combined with the transaction random number and the recipient's public key, generate a target link receiving address specific to this transaction through a one-time address derivation module; third, use the private key held within the trusted execution environment to sign the above information and generate a "partial transfer proof".
[0047] In each round of cross-chain transaction verification, not all nodes (e.g., hundreds) of nodes in a decentralized notary network participate in signing. Instead, a small committee is randomly elected from all nodes using a verifiable random function based on the unique identifier of the source chain locking event (such as the transaction hash). The selected nodes execute the verification logic and generate partial transfer proofs within a trusted execution environment.
[0048] The election process itself is verifiable; any observer can verify whether a particular node has been legitimately elected as the validator of the transaction. The privacy computing relay chain only receives partial proofs from the elected committee members.
[0049] Privacy Computation Relay Chain is a lightweight blockchain specifically designed for coordinating cross-chain states; Privacy Computation Relay Chain receives partial transfer proofs from nodes of a decentralized notary network; A verification and aggregation contract runs on the Privacy Computation Relay Chain, which collects proofs from different notary nodes for the same source chain locking event;
[0050] When the number of collected partial proofs reaches a preset threshold (e.g., 3 out of 5 nodes), the verification and aggregation contract uses the BLS threshold signature algorithm to aggregate these proofs into a single, compact aggregate signature proof; this aggregate signature proof represents the consensus of the entire decentralized notary network on this source chain locking event.
[0051] The essence of BLS signature is a scalar multiplication of "message hash to G2"; verification relies on bilinear pairing consistency; and DKG (Distributed Key Generation) allows each node to hold a share. Master private key During aggregation, Lagrange interpolation is used to combine shares on subset S. The linear combination of these shares is equal to the effective "sub-private key" applied to the same h. Therefore, they can be directly added in G1 to obtain a single-party signature.
[0052] The basic formula for BLS is:
[0053] ;
[0054] ;
[0055] The verification formula is: ;
[0056] Distributed Key Generation (DKG) is as follows:
[0057] A (t,n) threshold private sharing method is adopted, where t is the threshold value (the minimum number of signature nodes required) and n is the total number of notary nodes.
[0058] Then each node i receives a share of the private key. ;
[0059] The global private key s satisfies:
[0060] For any set S containing at least t nodes, there exists a Lagrange coefficient. Make:
[0061] ;
[0062] The global public key is:
[0063] ;
[0064] Then threshold aggregation signature (for messages) ):
[0065] Calculate hash value ;
[0066] Each participating node Generate partial signature:
[0067] ;
[0068] The aggregate signature is calculated from at least t collected partial signatures:
[0069] ;
[0070] in, and For two distinct elliptic curve groups, the bilinear pairing property is satisfied. and Groups and Generators (base points); To send any message Hash to group The function; The message to be signed; h represents the message. The group obtained after hashing element; is the signer's private key; 'e' is a bilinear pairing mapping. ;in, For the target group; The result is a BLS signature and belongs to the group. ; This is a global private key, which exists only theoretically and is not publicly disclosed. t represents the share of private keys held by the i-th notary node; t is the threshold value; n is the total number of notary nodes participating in DKG; pk is the integer field modulo q; q is the order of the elliptic curve; pk is the global public key; S is the subset of notary nodes selected to participate in this round of signing; For Lagrange coefficients; For the partial signature of node i; This is the complete signature after aggregation.
[0071] Subsequently, the privacy computing relay chain submits a cross-chain instruction containing asset information, a one-time target link receiving address, and aggregated signature proof to the target chain.
[0072] An asset minting contract is deployed on the target chain. After receiving instructions from the privacy computing relay chain, the asset minting contract first verifies the validity of the aggregated signature proof and confirms that it has reached the consensus threshold of the notary network. Once the verification is successful, the asset minting contract mints an equal amount of mapped assets for the recipient user B on the target chain and transfers them to a dedicated receiving address generated by the one-time address derivation module, which is ultimately controlled by user B.
[0073] The regulatory interface module is connected to the privacy computing relay chain. When regulatory agencies need to audit specific transactions, they can submit authorization credentials and regulatory private keys through this regulatory interface module to decrypt the ciphertext of the transaction stored on the privacy computing relay chain, obtain the real addresses of the two parties to the transaction and the amount, and achieve auditable privacy protection.
[0074] In addition, in this embodiment, the system also has a one-time address derivation module. This one-time address derivation module generates a unique target link receiving address for this transaction within a trusted execution environment based on the recipient's public key and the transaction random number. The addresses on the source chain and the target chain are not linkable.
[0075] In this embodiment, the complete flow of assets from the source chain to the target chain is as follows:
[0076] Step 1: Initialization and remote authentication;
[0077] When each notary node in the decentralized notary network starts up, it registers its identity and trusted execution environment metrics with the privacy computing relay chain through a remote authentication mechanism. The privacy computing relay chain records a list of public keys of these trusted nodes and generates public parameters for distributed key generation.
[0078] Step 2: Initiate a cross-chain locking request;
[0079] User A constructs a transaction on the source chain, invokes an asset locking contract, and transfers a specified amount of assets to the contract address; the transaction includes the target chain shadow address hash of the recipient (User B), a random number (Nonce), and real transaction information encrypted using a regulatory public key.
[0080] Step 3: Source chain event monitoring and verification within the trusted execution environment;
[0081] After each notary node detects the locking event of the source chain, it executes the verification logic within its trusted execution environment. The trusted execution environment runs consensus-based verification code to ensure that all nodes execute the same verification rules. The verification content includes: whether the locked transaction has obtained sufficient block confirmation, whether the transaction amount matches the shadow address hash, and whether the encrypted information format is correct.
[0082] Step 4: Generate a one-time address and partial transfer proof;
[0083] After verification, the trusted execution environment of each notary node derives a unique one-time receiving address for this transaction based on the recipient's public key and the transaction random number; at the same time, it uses the node's private key to sign the message "source chain transaction ID + one-time receiving address + asset quantity" to generate a partial transfer proof.
[0084] Step 5: Aggregation and Consensus;
[0085] Each node submits a partial transfer proof to the privacy computing relay chain; the aggregation nodes on the privacy computing relay chain collect these partial proofs, and when the number collected reaches a preset threshold, they are combined into a complete aggregate signature proof using the BLS threshold signature algorithm.
[0086] Step 6: Submit cross-chain instructions to the target chain;
[0087] The privacy computing relay chain packages the aggregated signature proof along with transaction parameters (including the one-time receiving address and the amount of assets, but excluding the real address of the source chain) into a single transaction and submits it to the asset minting contract of the target chain.
[0088] Step 7: Asset Casting and Notification;
[0089] The target chain asset minting contract verifies the correctness of the aggregated signature proof and the threshold achievement status; after confirming that there are no errors, it executes the minting logic and sends the corresponding number of mapped assets to the one-time receiving address; finally, the target chain issues a "minted" event to notify the user that asset B has been received.
[0090] Step 8: Optional regulatory audit;
[0091] When regulatory agencies need to trace specific transactions, they submit authorization credentials through the regulatory interface module. After the privacy computing relay chain verifies the authorization, it allows regulatory agencies to use their regulatory private keys to decrypt the ciphertext of transactions stored on the chain and obtain the true transaction flow information, thereby achieving auditable privacy protection.
[0092] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims
1. A system for secure transfer and privacy protection of digital assets in a blockchain cross-chain scenario, characterized in that: include: Source Chain is equipped with asset locking contracts, which are used to receive asset locking transactions initiated by users and generate locking events containing transaction commitment values and regulatory encrypted information. The target chain is equipped with an asset minting contract, which is used to mint mapped assets based on the aggregated verification results and transfer them to the recipient's one-time privacy address. The decentralized notary network consists of multiple notary nodes with a trusted execution environment, used to monitor the locking event, verify the legality of the transaction, and generate partial transfer proofs; the decentralized notary network randomly elects committee nodes from all notary nodes, and only the elected committee nodes participate in generating partial transfer proofs; The privacy computing relay chain is communicatively connected to the decentralized notary network and the target chain, respectively, and is used to aggregate and verify the partial transfer proofs, and submit the aggregated proofs and transaction parameters to the target chain; The regulatory interface module, linked to the privacy computing relay, is used to authorize regulatory agencies to decrypt transaction information, thereby achieving traceable privacy protection.
2. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, The notary node executes verification logic within the trusted execution environment. The notary node can verify the matching of the number of block confirmations for locked transactions, the transaction amount and the shadow address hash, and the correctness of the encrypted information format.
3. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, The privacy computing relay chain adopts a threshold signature mechanism to aggregate and verify the partial transfer proofs. The threshold signature mechanism is based on the BLS signature algorithm and requires that a valid aggregate signature can only be generated after the number of collected partial signatures reaches a preset threshold value.
4. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 3, characterized in that, The BLS signature algorithm is based on bilinear pairing groups. and The signature generation formula is: ; ; The verification formula is: The global public key is: ; in, and These are two different elliptic curve groups; and Groups and Generators; To send any message Hash to group The function; The message to be signed; h represents the message. The group obtained after hashing element; is the signer's private key; 'e' is a bilinear pairing mapping; is the BLS signature result; pk is the global public key.
5. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 4, characterized in that, The threshold signature mechanism, combined with distributed key generation technology, allows each notary node to hold a share of the private key. The total private key is The aggregate signature is generated by combining Lagrange interpolation values.
6. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, The one-time privacy address is generated by the one-time address derivation module, which derives a unique target link receiving address within the trusted execution environment based on the recipient's public key and the transaction random number.
7. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, The regulatory encrypted information includes the real addresses of both parties to the transaction and the transaction amount, and is stored in the privacy computing relay chain using a regulatory public key.
8. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, Upon startup, the notary node registers its identity and trusted execution environment metrics with the privacy computing relay chain through a remote authentication mechanism.
9. The blockchain cross-chain scenario digital asset secure transfer and privacy protection system according to claim 1, characterized in that, After verifying the validity of the aggregated signature proof, the asset minting contract mints an equal amount of mapped assets and transfers them to a one-time privacy address, thus completing the secure transfer of assets from the source chain to the target chain.