Efficient Privacy-Preserving Account-Model Blockchain Based On Zero-knowledge Proof

With the rapid development of information technology and the Internet of Things,the disruptive blockchain technology is expected to have broad applications in many areas,such as data sharing,copyright protection,goods traceability,supply chain finance,cross-border payment due to its advantages of transparency,fault tolerance,and decentralization.As a public ledger,blockchain records all transaction information including account balance,transaction amount and sender/recipient addresses,which also brings serious privacy problems.Since anyone can access and view all the transaction information recorded on the blockchain,attackers can infer the personal information of the relevant accounts involved in the transactions by analyzing a large number of transaction records.As the transaction information is permanently recorded on the blockchain,which will lead to another problem:once a historical transaction reveals the real identity of its user,all the information in the transaction records related to the user will also be leaked.Therefore,it is very important to achieve privacy protection in blockchains.There are two popular balance models in blockchain networks:UTXO(Unspent Transaction Output)model and account model.Transactions in the UTXO model are just like banknotes,each user adds up the number of bills(UTXOs)in the purse(associated with his address)to record how much money he has.However,the record keeping for the account model is similar to the real world bank account,and each user spends their money using a credit card.Both models accomplish the same goal of balances in their blockchain system.Clearly,the account model is more user-friendly than the UTXO model.In the account model,one needs to not only realize private fund transfer,but also update the accumulated balances for relevant accounts.In the UTXO model,however,one can generate many randomized addresses for his/her account(the actual wallet)without the trouble to accumulate them together.One straightforward way to enhance privacy is for a user to generate many random addresses,and use each of them for only once.However,holding a large number of addresses will be cumbersome for each user as well as smart contracts.Hence this thesis aims to solve the privacy problem for account-model blockchains where each user has only one address/account,which is much more challenging situation than the UTXO model.Based on zero-knowledge proofs,this thesis proposes BlockMaze,an effective privacy protection proposal for account-model blockchains,hiding users' private data such as account balances,transaction amounts,and sender/recipient addresses.More specifically,BlockMaze uses a hash commitment,which is a statistically-hiding non-interactive commitment scheme with hiding and binding properties,to hide account balance and transfer amount.Then,BlockMaze designs a two-step fund transfer procedure based on zk-SNARKs(Zero-Knowledge Succinct-Non-interactive ARguments of knowledge)and utilizes it to disconnect the linkage between senders and recipients.In the first step,the sender makes the fund transfer commitment with a zero-knowledge transaction.To enforce the zero-knowledge balance update,BlockMaze utilize zero-knowledge proofs to guarantee the validity of transactions and its serial number to prevent double-spending issues.After the zero-knowledge transaction is confirmed on the blockchain,the recipient collates its fund transfer commitment with other fund transfer commitments to form a Merkle tree.Then the recipient generates a zero-knowledge proof to receive the transferred fund without leaking from which transaction he/she receives the fund.When miners verify the validity of transactions,they only need to verify the zero knowledge proof contained in each transaction,and then update the balance of corresponding accounts.In addition,this thesis provides a detailed construction for BlockMaze,and designs the circuit diagram for different zero-knowledge transfer operations.Meanwhile,it provides a formal security model for BlockMaze scheme which satisfies ledger indistinguishability,transaction unlinkability,transaction non-malleability,and balance,and prove secure properties of BlockMaze scheme.Then,this thesis discusses the compatibility and scalability of BlockMaze,privacy protection and the attacks.Finally,this thesis implemented a prototype of BlockMaze based on Libsnark and Go-Ethereum and conduct comprehensive experiments evaluating its performance.Our 300-node experiment results show that BlockMaze has high efficiency in computation and transaction throughput:one transaction verification takes about 13.8 ms,one transaction generation takes 4.6-18.2 seconds,and its throughput is around 20 TPS.