Information disclosure method, information disclosure system, second terminal, and program

The method employs zero-knowledge proofs to verify the legitimacy of non-disclosed blockchain transaction items, ensuring confidentiality and consistency across multiple blockchain systems.

WO2026146561A1PCT designated stage Publication Date: 2026-07-09NT T INC

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
NT T INC
Filing Date
2025-01-06
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

Conventional blockchain cooperation methods fail to ensure the confidentiality of transaction data, particularly when non-disclosed items are involved, leading to inconsistencies and inability to verify the legitimacy of such data.

Method used

An information disclosure method using zero-knowledge proofs to verify the legitimacy of non-disclosed items in blockchain transactions without disclosing them, involving a certificate generation and verification process across multiple chain systems.

Benefits of technology

Enables verification of non-disclosed items' legitimacy without revealing their content, maintaining transaction integrity and consistency across blockchain systems.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure JP2025000027_09072026_PF_FP_ABST
    Figure JP2025000027_09072026_PF_FP_ABST
Patent Text Reader

Abstract

The present invention includes: a proof generation step in which a block is a combination of data including an undisclosed item and a signature for the data, and a proof generation device generates a portion or all of the information needed in order to prove whether or not the signature of the block is formal and whether or not the undisclosed item included in the data of the block is formal through a zero-knowledge proof; a proof verification step in which a proof verification device verifies the zero-knowledge proof by using all of the needed information, thereby verifying whether or not the signature of the block is formal and whether or not the undisclosed item included in the data of the block is formal; and a chain information verification step for verifying chain information which a second terminal included in a second chain system acquired when the signature of the block is formal and the undisclosed item included in the data of the block is formal, and with which it can be confirmed that the block is recorded at the leading end of the chain of a first chain system.
Need to check novelty before this filing date? Find Prior Art

Description

Information Disclosure Method, Information Disclosure System, Second Terminal, Program

[0001] The present invention relates to blockchain.

[0002] Blockchain is a mechanism for retaining records of transactions. Due to its high transparency, participants in the chain can reproduce or verify transactions themselves. Since transactions are verified and recorded by a large number of good participants, it is difficult to tamper with the records.

[0003] There is a blockchain for each target transaction, and since the verification protocols and asset values adopted in each blockchain vary, various methods for inter-blockchain cooperation have been proposed. For example, a method of installing a third party to monitor transactions between blockchains, and a method of replacing such a third party with a blockchain to ensure decentralization have been proposed. There is also a bridge that executes transactions by causing a smart contract to be executed on the blockchain of the counterparty (see Non-Patent Document 1).

[0004] zkBridge, [online],[retrieved on December 25, 2024], Internet <URL: https: / / www.zkbridge.com / >

[0005] However, since conventional cooperation methods target assets, the confidentiality of the content related to transactions is not sufficient. When the target of a transaction is an asset, the transaction partner can grasp how much asset has been received. Also, when the target of a transaction is not an asset but data, not all of the data is necessarily disclosed. In order to avoid disclosing all of the data, the data can be divided into parts that can be disclosed and other parts, and transactions can be conducted using only the parts that can be disclosed. However, doing so will make it impossible to maintain consistency with the records of previous transactions related to that data. That is, signature verification for ensuring the legitimacy / consistency of the data becomes impossible.

[0006] Therefore, the present invention aims to provide blockchain technology that can verify whether or not non-disclosed items included in the block data are legitimate, without disclosing such items.

[0007] One aspect of the present invention is an information disclosure method for disclosing a block included in the chain of the first chain system in an information disclosure system including a first chain system, a second chain system, a certificate generating device, and a certificate verification device, wherein the block is a pair of data including non-disclosure items and a signature for said data, and the method includes a certificate generation step in which the certificate generating device generates some or all of the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate (hereinafter referred to as first certificate information), and a method including the first certificate information for determining whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate The present invention includes a proof verification step in which all the information necessary to prove by zero-knowledge proof whether or not a displayed item is authentic is defined as second proof information, and the proof verification device verifies whether or not the signature of the block is authentic and whether or not the non-disclosed items contained in the data of the block are authentic by performing zero-knowledge proof verification using the second proof information, and a chain information verification step in which a second terminal included in the second chain system verifies chain information obtained when the signature of the block is authentic and the non-disclosed items contained in the data of the block are authentic, and which confirms that the block is recorded at the end of the chain of the first chain system.

[0008] According to the present invention, it is possible to verify whether or not a non-disclosed item included in the block data is official without disclosing the said non-disclosed item.

[0009] This is a block diagram showing the configuration of the information disclosure system 1. This is a block diagram showing the configuration of the first terminal 100. This is a block diagram showing the configuration of the second terminal 200. This is a block diagram showing the configuration of the certificate generation device 300. This is a block diagram showing the configuration of the certificate generation unit 310. This is a block diagram showing the configuration of the certificate verification device 400. This is a block diagram showing the configuration of the certificate verification unit 410. This is a sequence diagram showing the operation of the information disclosure system 1. This is a block diagram showing the configuration of the certificate generation unit 310. This is a block diagram showing the configuration of the certificate verification unit 410. This is a sequence diagram showing the operation of the information disclosure system 1. This is a diagram showing an example of the functional configuration of a computer that realizes each device in an embodiment of the present invention.

[0010] The embodiments of the present invention will be described in detail below. Components having the same function will be given the same number, and redundant explanations will be omitted.

[0011] <Technical Background> In embodiments of the present invention, zero-knowledge proofs are used to prove the validity / consistency of data without disclosing non-disclosed items included in the block data. Specific methods of zero-knowledge proofs include those described in Reference Non-Patent Documents 1, 2, and 3.

[0012] (Reference Non-Patent Literature 1: Jens Groth, "On the Size of Pairing-Based Non-interactive Arguments," Advances in Cryptology - EUROCRYPT 2016, pp.305-326, 2016.) (Reference Non-Patent Literature 2: Jens Groth and Mary Maller, "Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs," Advances in Cryptology - CRYPTO 2017, pp.581-612, 2017.) (Reference Non-Patent Literature 3: Bryan Parno, Jon Howell, Craig Gentry and Mariana Raykova, "Pinocchio: nearly practical verifiable computation," Communications of the ACM, Vol. 59, Issue 2, pp.103-112, 2016.) <First Embodiment> [Configuration of Information Disclosure System 1] The configuration of the information disclosure system 1 will be described below with reference to Figures 1 to 7. Figure 1 is a block diagram showing the configuration of the information disclosure system 1. Figure 2 is a block diagram showing the configuration of the first terminal 100. Figure 3 is a block diagram showing the configuration of the second terminal 200. Figure 4 is a block diagram showing the configuration of the certificate generation device 300. Figure 5 is a block diagram showing the configuration of the certificate generation unit 310. Figure 6 is a block diagram showing the configuration of the certificate verification device 400. Figure 7 is a block diagram showing the configuration of the certificate verification unit 410.

[0013] Information disclosure system 1 includes a first chain system 10, a second chain system 20, a certificate generation device 300, and a certificate verification device 400, as illustrated in Figure 1. The first chain system 10 includes one or more first terminals 100. The second chain system 20 includes one or more second terminals 200. The first terminals 100 of the first chain system 10, the second terminals 200 of the second chain system 20, the certificate generation device 300, and the certificate verification device 400 are each connected to a network 900. The network 900 can be any network configured to enable communication between the first terminals 100 of the first chain system 10, the second terminals 200 of the second chain system 20, the certificate generation device 300, and the certificate verification device 400; for example, the Internet can be used. The first chain system 10 is a system that manages chains composed of blocks, which are pairs of data containing non-disclosure items and signatures for said data. The second chain system 20 is a system that manages chains, and these chains are different from those managed by the first chain system 10. Information disclosure system 1 is a system that discloses blocks included in the chain of the first chain system.

[0014] As illustrated in Figure 2, the first terminal 100 includes a block generation unit 110, a certificate generation request unit 120, a chain information generation unit 130, a transmission / reception unit 180, and a recording unit 190. The transmission / reception unit 180 is a component for transmitting and receiving information necessary for processing the first terminal 100 via the network 900. The recording unit 190 is a component for appropriately recording information necessary for processing the first terminal 100.

[0015] As illustrated in Figure 3, the second terminal 200 includes a chain information acquisition request generation unit 210, a chain information verification unit 220, a transmission / reception unit 280, and a recording unit 290. The transmission / reception unit 280 is a component for transmitting and receiving information necessary for processing the second terminal 200 via the network 900. The recording unit 290 is a component for appropriately recording information necessary for processing the second terminal 200.

[0016] The proof generation device 300 includes a proof generation unit 310, a transmitting / receiving unit 380, and a recording unit 390, as illustrated in Figure 4. The proof generation unit 310 also includes a commitment generation unit 311 and a response generation unit 312, as illustrated in Figure 5. The transmitting / receiving unit 380 is a component for transmitting and receiving information necessary for processing by the proof generation device 300 via the network 900. The recording unit 390 is a component for appropriately recording information necessary for processing by the proof generation device 300. The proof generation device 300 is a device that generates proofs using zero-knowledge proofs.

[0017] The proof verification device 400 includes a proof verification unit 410, a transmitting / receiving unit 480, and a recording unit 490, as illustrated in Figure 6. The proof verification unit 410 also includes a challenge generation unit 411 and a verification unit 412, as illustrated in Figure 7. The transmitting / receiving unit 480 is a component for transmitting and receiving information necessary for processing by the proof verification device 400 via the network 900. The recording unit 490 is a component for appropriately recording information necessary for processing by the proof verification device 400. The proof verification device 400 is a device for verifying proofs using zero-knowledge proofs.

[0018] [Operation of Information Disclosure System 1] Here, the operation of Information Disclosure System 1 will be explained with reference to Figures 8 to 10. Specifically, the operation of Information Disclosure System 1 will be explained in two scenarios: (1) block generation and (2) block verification.

[0019] (1) Block Generation The operation of the information disclosure system 1 in block generation will be explained below with reference to Figure 8. Figure 8 is an example of a sequence diagram showing the operation of the information disclosure system 1.

[0020] In S110, the block generation unit 110 of the first terminal 100 generates a block which is a pair of data including non-disclosed items and a signature for said data, generates a record request instructing that the block be recorded in the chain, and the transmitting / receiving unit 180 of the first terminal 100 transmits the record request to a different first terminal 100' included in the first chain system. The transmitting / receiving unit 180 of the first terminal 100' receives the record request. Here, the data is, for example, transaction data entered by the user and may include disclosed items. The record request also includes the generated block.

[0021] In S190, the recording unit 190 of the first terminal 100' records the block included in the recording request received in S110 by adding it to the end of the chain.

[0022] (2) Block Verification The operation of the information disclosure system 1 in block verification will be explained below with reference to Figures 9 and 10. Figures 9 and 10 are examples of sequence diagrams showing the operation of the information disclosure system 1.

[0023] In S120, the certification generation request unit 120 of the first terminal 100 generates a certification request to prove that the non-disclosed items included in the data of the block generated in S110 are official, and the transmitting / receiving unit 180 of the first terminal 100 transmits the certification request to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the certification request and transmits it to the certification generation device 300. The transmitting / receiving unit 380 of the certification generation device 300 receives the certification request. Here, the certification request includes the block generated in S110.

[0024] In S311, the commitment generation unit 311 of the certification generation device 300 obtains the block generated in S110 from the certification request received in S120, generates a commitment from the block, and the transmitting / receiving unit 380 of the certification generation device 300 transmits the commitment to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the commitment and transmits the commitment to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the commitment and transmits the commitment to the certification verification device 400. The transmitting / receiving unit 480 of the certification verification device 400 receives the commitment.

[0025] In S411, the challenge generation unit 411 of the certification verification device 400 generates a challenge corresponding to the commitment received in S311, and the transmitting / receiving unit 480 of the certification verification device 400 transmits the challenge to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the challenge and transmits it to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the challenge and transmits it to the certification generation device 300. The transmitting / receiving unit 380 of the certification generation device 300 receives the challenge.

[0026] In S312, the response generation unit 312 of the certification generation device 300 generates a response corresponding to the challenge received in S411, and the transmitting / receiving unit 380 of the certification generation device 300 transmits the response to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the response and transmits the response to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the response and transmits the response to the certification verification device 400. The transmitting / receiving unit 480 of the certification verification device 400 receives the response.

[0027] In S412, the verification unit 412 of the proof verification device 400 performs zero-knowledge proof verification using the commitment received in S311, the challenge generated in S411, and the response received in S312. This verifies whether the signature of the block generated in S110 is legitimate and whether the non-disclosed items included in the data of the block are legitimate. The verification unit 480 of the proof verification device 400 then transmits the verification results to the second terminal 200. The transmission unit 280 of the second terminal 200 receives the verification results.

[0028] In other words, in the process from S311 to S412, the proof generation unit 310 of the proof generation device 300 generates some of the information (commitment and response) necessary to prove whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate using zero-knowledge proofs. On the other hand, the proof verification unit 410 of the proof verification device 400 verifies whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate by performing zero-knowledge proof verification using all of the information (commitment, challenge and response) necessary to prove whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate.

[0029] In S210, the chain information acquisition request generation unit 210 of the second terminal 200 generates a chain information acquisition request including the verification result if the verification result received in S412 confirms that the block signature is legitimate and that the non-disclosure items included in the block data are legitimate. The transmitting / receiving unit 280 of the second terminal 200 then transmits the chain information acquisition request to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the chain information acquisition request. Here, chain information refers to information that confirms that a block is recorded at the end of the chain in the first chain system, such as the block header and Tx information.

[0030] In S130, the chain information generation unit 130 of the first terminal 100' generates chain information for the block generated in S110 based on the chain information acquisition request received in S210, and the transmitting / receiving unit 180 of the first terminal 100' transmits the chain information to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the chain information.

[0031] In S220, the chain information verification unit 220 of the second terminal 200 verifies the chain information received in S130. Here, the chain information includes blocks. Then, if necessary, the transmitting / receiving unit 280 of the second terminal 200 transmits the blocks included in the chain information to a second terminal 200' that is included in the second chain system and is different from itself.

[0032] According to embodiments of the present invention, it is possible to verify whether or not a non-disclosure item included in the block data is official without disclosing the said non-disclosure item.

[0033] <Modification 1> The certificate generating device 300 may encrypt the commitment and response using the public key of the user of the second terminal 200. In this case, the processing from S311 to S412 will be as follows.

[0034] In S311, the commitment generation unit 311 of the certificate generation device 300 obtains the block generated in S110 from the certification request received in S120, generates a commitment from the block, and generates an encrypted commitment by encrypting the commitment using the public key of the user of the second terminal 200. The transmitting / receiving unit 380 of the certificate generation device 300 transmits the encrypted commitment to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the encrypted commitment and transmits the encrypted commitment to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the encrypted commitment and transmits the encrypted commitment to the certificate verification device 400. The transmitting / receiving unit 480 of the certificate verification device 400 receives the encrypted commitment.

[0035] In S411, the challenge generation unit 411 of the certification verification device 400 obtains a commitment by decrypting the encrypted commitment received in S311 using the user's secret key of the second terminal 200, generates a challenge corresponding to the obtained commitment, and the transmitting / receiving unit 480 of the certification verification device 400 transmits the challenge to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the challenge and transmits it to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the challenge and transmits it to the certification generation device 300. The transmitting / receiving unit 380 of the certification generation device 300 receives the challenge.

[0036] In S312, the response generation unit 312 of the certificate generation device 300 generates a response corresponding to the challenge received in S411, and generates an encrypted response by encrypting the response using the public key of the user of the second terminal 200. The transmitting / receiving unit 380 of the certificate generation device 300 transmits the encrypted response to the first terminal 100'. The transmitting / receiving unit 180 of the first terminal 100' receives the encrypted response and transmits the encrypted response to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the encrypted response and transmits the encrypted response to the certificate verification device 400. The transmitting / receiving unit 480 of the certificate verification device 400 receives the encrypted response.

[0037] In S412, the verification unit 412 of the proof verification device 400 decrypts the encrypted response received in S312 using the user's private key of the second terminal 200 to obtain a response. Using the commitment obtained in S411, the challenge generated in S411, and the obtained response, it performs zero-knowledge proof verification to verify whether the signature of the block generated in S110 is legitimate and whether the non-disclosed items included in the data of the block are legitimate. It generates a verification result including the results of this verification, and the transmitting / receiving unit 480 of the proof verification device 400 transmits the verification result to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the verification result.

[0038] Here, we have described an example in which the proof generation unit 310 of the proof generation device 300 encrypts both the commitment and the response. However, depending on the zero-knowledge proof method used by the information disclosure system 1, it may be sufficient to encrypt only one of the commitment or the response.

[0039] Alternatively, the challenge generation unit 411 of the proof verification device 400 may generate an encrypted challenge by encrypting the challenge using the public key of the user of the first terminal 100'. In this case, in S312, the response generation unit 312 of the proof generation device 300 acquires the challenge by decrypting the encrypted challenge received in S411 using the private key of the user of the first terminal 100'.

[0040] <Modification 2> In the verification of the block described above, an interactive zero-knowledge proof was used, but a non-interactive zero-knowledge proof may also be used. In this case, the configuration of the proof generation unit 310 of the proof generation device 300 and the configuration of the proof verification unit 410 of the proof verification device 400 are as shown in Figures 11 and 12, respectively. Furthermore, the operation of the information disclosure system 1 in the verification of the block is as shown in Figures 13 and 14.

[0041] First, the configuration of the certificate generation unit 310 of the certificate generation device 300 and the configuration of the certificate verification unit 410 of the certificate verification device 400 will be explained with reference to Figures 11 and 12.

[0042] As illustrated in Figure 11, the proof generation unit 310 includes a commitment generation unit 311, a response generation unit 312, and a challenge generation unit 313. The proof generation unit 310 differs from the proof generation unit 310 of the first embodiment in that it includes a challenge generation unit 313.

[0043] The certification and verification unit 410 includes a verification unit 412, as illustrated in Figure 12. The certification and verification unit 410 differs from the certification and verification unit 410 of the first embodiment in that it does not include a challenge generation unit 411.

[0044] Next, the operation of the information disclosure system 1 in block verification will be explained with reference to Figures 13 and 14. Figures 13 and 14 are examples of sequence diagrams showing the operation of the information disclosure system 1.

[0045] Since the operations in S120, S311, S210, S130, and S220 are the same as those in the first embodiment, the operations in S313, S312, and S412 will be described.

[0046] In S313, the challenge generation unit 313 of the proof generation device 300 generates a challenge corresponding to the commitment generated in S311, and the transmission / reception unit 380 of the proof generation device 300 transmits the challenge to the first terminal 100'. The transmission / reception unit 180 of the first terminal 100' receives the challenge and transmits the challenge to the second terminal 200. The transmission / reception unit 280 of the second terminal 200 receives the challenge and transmits the challenge to the proof verification device 400. The transmission / reception unit 480 of the proof verification device 400 receives the challenge.

[0047] In S312, the response generation unit 312 of the proof generation device 300 generates a response corresponding to the challenge generated in S313, and the transmission / reception unit 380 of the proof generation device 300 transmits the response to the first terminal 100'. The transmission / reception unit 180 of the first terminal 100' receives the response and transmits the response to the second terminal 200. The transmission / reception unit 280 of the second terminal 200 receives the response and transmits the response to the proof verification device 400. The transmission / reception unit 480 of the proof verification device 400 receives the response.

[0048] In S412, the verification unit 412 of the proof verification device 400 verifies the zero-knowledge proof by using the commitment received in S311, the challenge received in S313, and the response received in S312, thereby verifying whether the signature of the block generated in S11 is formal and whether the non-disclosed items included in the data of the block are formal, and generates a verification result including the verified result. The transmission / reception unit 480 of the proof verification device 400 transmits the verification result to the second terminal 200. The transmission / reception unit 280 of the second terminal 200 receives the verification result.

[0049] In other words, in the process from S311 to S412, the proof generation unit 310 of the proof generation device 300 generates all the information (commitment, challenge, and response) necessary to prove by zero-knowledge proof whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate. Meanwhile, the proof verification unit 410 of the proof verification device 400 verifies whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate by performing zero-knowledge proof verification using all the information (commitment, challenge, and response) necessary to prove by zero-knowledge proof whether the block signature is legitimate and whether the non-disclosed items contained in the block data are legitimate.

[0050] <Note> The functions realized by the components described herein may be implemented in circuitry or processing circuitry, including general-purpose processors, application-specific processors, integrated circuits, ASICs (Application Specific Integrated Circuits), CPUs (Central Processing Units), conventional circuits, and / or combinations thereof, programmed to realize the functions described herein. A processor is considered to be circuitry or processing circuitry, including transistors and other circuits. A processor may be a programmed processor that executes a program stored in memory.

[0051] In this specification, circuitry, unit, and means are hardware programmed to perform or execute the functions described herein. Such hardware may be any hardware disclosed herein, or any hardware known to be programmed to perform or execute the functions described herein.

[0052] If the hardware is a processor that is considered to be a type of circuitry, then the circuitry, means, or unit is a combination of hardware and software used to constitute the hardware and / or processor.

[0053] The various processes described above can be carried out by loading a program that executes each step of the above method into the recording unit 2020 of the computer 2000 shown in Figure 15, and then causing the control unit 2010, input unit 2030, output unit 2040, display unit 2050, etc. to operate.

[0054] The program describing this process can be recorded on a computer-readable recording medium. Any computer-readable recording medium can be used, such as a magnetic recording device, optical disc, magneto-optical recording medium, or semiconductor memory.

[0055] Furthermore, this program may be distributed, for example, by selling, transferring, or lending portable recording media such as DVDs or CD-ROMs on which the program is recorded. Alternatively, the program may be stored in the storage device of a server computer and distributed by transferring the program from the server computer to other computers via a network.

[0056] A computer executing such a program may, for example, first store the program, either recorded on a portable storage medium or transferred from a server computer, in its own memory. Then, when processing is to be executed, the computer reads the program stored in its memory and executes the processing according to the read program. Alternatively, the computer may directly read the program from the portable storage medium and execute the processing according to that program, or it may sequentially execute the processing according to the received program each time a program is transferred to it from a server computer. Furthermore, the processing may be executed using a so-called ASP (Application Service Provider) type service, where the processing function is realized only by issuing execution instructions and obtaining results, without transferring the program from the server computer to this computer.In addition, the processing may be executed using a so-called SaaS (Software as a Service) type service, where a part of the server computer is made available to the user along with the program. Furthermore, the term "program" in this form includes information used for processing by an electronic computer that is equivalent to a program (data, etc., that is not a direct instruction to the computer but has the property of defining the processing of the computer).

[0057] Furthermore, in this configuration, the device is configured by executing a predetermined program on a computer, but at least a part of these processes may be implemented in hardware.

[0058] The present invention is not limited to the embodiments described above, and can be modified as appropriate without departing from the spirit of the invention. Furthermore, the processes described in the above embodiments may not only be executed in chronological order according to the order described, but may also be executed in parallel or individually as needed, depending on the processing capacity of the device performing the process.

Claims

1. An information disclosure method for disclosing a block included in the chain of the first chain system in an information disclosure system including a first chain system, a second chain system, a certificate generation device, and a certificate verification device, wherein the block is a pair of data including non-disclosure items and a signature for said data, a certificate generation step in which the certificate generation device generates some or all of the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate (hereinafter referred to as first certificate information), and second certificate information including the first certificate information, which is all the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate, and a certificate verification step in which the certificate verification device verifies whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate by performing zero-knowledge proof verification using the second certificate information, An information disclosure method comprising: a chain information verification step in which a second terminal included in the second chain system verifies chain information that confirms the block is recorded at the end of the chain of the first chain system, obtained when the signature of the block is authentic and the non-disclosure items included in the data of the block are authentic; 2. An information disclosure system comprising a first chain system, a second chain system, a certificate generation device, and a certificate verification device, which discloses a block included in the chain of the first chain system, wherein the block is a pair of data including non-disclosure items and a signature for said data, the certificate generation device includes a certificate generation unit that generates some or all of the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate (hereinafter referred to as first certificate information), the second certificate information includes all of the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate, including the first certificate information, and the certificate verification device includes a certificate verification unit that verifies whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate by performing zero-knowledge proof verification using the second certificate information. The second terminal included in the second chain system is an information disclosure system that includes a chain information verification unit which verifies chain information obtained when the signature of the block is legitimate and the non-disclosure items included in the data of the block are legitimate, and which confirms that the block is recorded at the end of the chain of the first chain system.

3. A second terminal included in the second chain system, in an information disclosure system that includes a first chain system, a second chain system, a certificate generation device, and a certificate verification device, and discloses blocks included in the chain of the first chain system, wherein the block is a pair of data including non-disclosure items and a signature for said data, the certificate generation device generates some or all of the information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate (hereinafter referred to as first certificate information), all of the information including the first certificate information necessary to prove by zero-knowledge proof whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate is defined as second certificate information, and the certificate verification device verifies whether the signature of the block is legitimate and whether the non-disclosure items included in the data of the block are legitimate by performing zero-knowledge proof verification using the second certificate information. A second terminal including a chain information verification unit that verifies chain information obtained when the signature of the block is authentic and the non-disclosure items contained in the data of the block are authentic, and which confirms that the block is recorded at the end of the chain of the first chain system.

4. A program for causing a computer to function as the second terminal described in claim 3.