区块链密码学隐私保护技术综述

doi:10.11959/j.issn.2096-109x.2022054

摘要/Abstract

摘要：

近年来，数据隐私问题日益明显，如何在区块链中实现有效的隐私保护是研究热点。针对区块链在隐私保护上的研究现状与发展态势，阐述了区块链在交易地址、预言机以及智能合约上的隐私保护方法，归纳出区块链在基本要素防护上的隐私策略。基于国内外高水平文献梳理分析了特殊密码学原语、后量子密码学两类区块链密码学防护方法及使用场景，综述其研究思路，并给出属性基加密、特殊数据签名、同态加密、安全多方计算、零知识证明、格密码等适用于区块链隐私保护的密码学技术的优缺点，得出区块链应用的隐私防护离不开密码学技术支持的结论。针对区块链隐私保护技术，从基本要素防护和密码学防护两个方面进行了分析，总结出仅从区块链的应用层、合约层出发难以有效解决隐私问题，还需要利用各类密码学技术根据需求和应用场景的不同进行优势互补。根据区块链隐私加密技术发展现状，从区块链基本要素防护和基于密码学的防护展开叙述。从内生性基本要素安全和外生性密码学隐私安全两个角度出发，先研究基本要素隐私防护，再深入分析区块链隐私密码学防护技术。在对应防护措施中以技术联合实际应用发展，考虑技术时效性的同时，衡量其隐私处理方面的优劣势以及潜在价值。展望了未来区块链隐私保护技术的发展方向，说明了需要重点解决的问题。

关键词: 区块链, 隐私保护, 密码学原语, 现代密码学, 后量子密码学

Abstract:

In recent years, the issue of data privacy has attracted increased attention, and how to achieve effective privacy protection in blockchain is a new research hotspot.In view of the current research status and development trend of blockchain in privacy protection, the privacy protection methods of blockchain in transaction address,prophecy machine and smart contract were explained, and the privacy strategies of blockchain in the protection of basic elements were summarized.Based on high-level literature at home and abroad, two types of blockchain cryptographic protection methods and usage scenarios were analyzed, including special cryptographic primitives and post-quantum cryptography.The advantages and disadvantages of seven cryptographic techniques applicable to current blockchain privacy protection were also reviewed, including attribute-based encryption, special data signature, homomorphic encryption, secure multi-party computation, zero-knowledge proofs, and lattice ciphers.It was concluded that the privacy protection of blockchain applications cannot be achieved without cryptographic technology.Meanwhile, the blockchain privacy protection technologies were analyzed in terms of both basic element protection and cryptographic protection.It was concluded that it was difficult to effectively solve the privacy problem only from the application and contract layers of the blockchain, and various cryptographic technologies should be used to complement each other according to different needs and application scenarios.In addition, according to the current development status of blockchain privacy cryptography, the narrative was developed from blockchain basic element protection and cryptography-based protection.From the perspectives of both endogenous basic element security and exogenous cryptographic privacy security, basic element privacy protection should be studied first, followed by an in-depth analysis of cryptographic protection techniques for blockchain privacy.The strengths and weaknesses and the potential value of the privacy handling aspects of the corresponding safeguards should be measured in terms of the development of technology in conjunction with practical applications, while considering the timeliness of the technology.Finally, an outlook on the future direction of blockchain privacy protection technologies was provided, indicating the issues that need to be addressed in focus.

Key words: blockchain, privacy protection, cryptographic primitives, modern cryptography, post-quantum cryptography

中图分类号:

TP311

刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.

Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography[J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.

图/表 9

图1

图2

表1

图3

图4

表2

图5

表3

表4

参考文献 96

[1]	LISCHKE M , FABIAN B . Analyzing the bitcoin network:the first four years[J]. Future Internet, 2016,8(4): 7-47.
[2]	NEUDECKER T , HARTENSTEIN H . Could network information facilitate address clustering in bitcoin[C]// International Conference on Financial Cryptography and Data Security. 2017: 155-169.
[3]	GOLDFEDER S , KALODNEEER H , REISMAN D ,et al. When the cookie meets the blockchain:privacy risks of web payments via cryptocurrencies[J]. Proceedings on Privacy Enhancing Technologies, 2018,2018(4): 179-199.
[4]	SAYEED S , MARCO-GISBERT H , . Assessing blockchain consensus and security mechanisms against the 51% attack[J]. Applied Sciences, 2019,9(9): 1788-1805.
[5]	Nicolas van Saberhagen. CryptoNote v 2.0[EB].
[6]	CHAN W , OLMSTED A . Ethereum transaction graph analysis[C]// Proceedings of 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST). 2017: 498-500.
[7]	RUFFING T , MORENO-SANCHEZ P A , . Mixing confidential transactions:comprehensive transaction privacy for bitcoin[J]. IACR Cryptol EPrint Arch, 2017,2017: 238-260.
[8]	BONNEAU J , NARAYANAN A , MILLER A ,et al. Mixcoin:anonymity for bitcoin with accountable mixes[C]// Financial Cryptography and Data Security. 2014: 486-504.
[9]	RANSHOUS S , JOSLYN C A , KREYLING S ,et al. Exchange pattern mining in the bitcoin transaction directed hypergraph[C]// Financial Cryptography and Data Security, 2017: 248-263.
[10]	HEILMAN E , ALSHENIBR L , BALDIMTSI F ,et al. TumbleBit:an untrusted bitcoin-compatible anonymous payment hub[C]// Proceedings 2017 Network and Distributed System Security Symposium. 2017.
[11]	FERRETTI C , LEPORATI A , MARIOT L ,et al. Transferable anonymous payments via tumblebit in permissioned blockchains[C]// DLT@ ITASEC. 2019: 56-67.
[12]	VALENTA L , ROWAN B . BlindCoin:blinded,accountable mixes for bitcoin[M]// Financial Cryptography and Data Security. Berlin,Heidelberg: Springer Berlin Heidelberg, 2015: 112-126.
[13]	ZIEGELDORF J H , GROSSMANN F , HENZE M ,et al. CoinParty:secure multi-party mixing of bitcoins[C]// Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. 2015: 75-86.
[14]	BISSIAS G , OZISIK A P , LEVINE B N ,et al. Sybil-resistant mixing for bitcoin[C]// Proceedings of the 13th Workshop on Privacy in the Electronic Society. 2014: 149-158.
[15]	LEE S , YOON C , KANG H ,et al. Cybercriminal Minds:an investigative study of cryptocurrency abuses in the Dark Web[C]// Proceedings 2019 Network and Distributed System Security Symposium. 2019: 1-15.
[16]	CHEN W L , WU J , ZHENG Z B ,et al. Market manipulation of bitcoin:evidence from mining the Mt.gox transaction network[C]// Proceedings of IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. 2019: 964-972.
[17]	ERMILOV D , PANOV M , YANOVICH Y . Automatic bitcoin address clustering[C]// Proceedings of 2017 16th IEEE International Conference on Machine Learning and Applications. 2017: 461-466.
[18]	M?SER M , SOSKA K , HEILMAN E ,et al. An empirical analysis of traceability in the monero blockchain[J]. Proceedings on Privacy Enhancing Technologies, 2018,2018(3): 143-163.
[19]	ZHANG F , MARAM D , MALVAI H ,et al. DECO:liberating web data using decentralized oracles for TLS[C]// Proceedings of CCS '20:Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020: 1919-1938.
[20]	WOOD G . Polkadot:vision for a heterogeneous multi-chain framework.White Paper[EB].
[21]	JIANG Y M , WANG C X , WANG Y W ,et al. A privacy-preserving E-commerce system based on the blockchain technology[C]// Proceedings of 2019 IEEE International Workshop on Blockchain Oriented Software Engineering. 2019: 50-55.
[22]	BREIDENBACH L . Mixicles:simple private decentralized finance ari juels[EB].
[23]	BüNZ B , AGRAWAL S , ZAMANI M ,et al. Zether:towards privacy in a smart contract world[C]// Financial Cryptography and Data Security. 2020: 423-443.
[24]	ZHANG F , HE W , CHENG R ,et al. The ekiden platform for confidentiality-preserving,trustworthy,and performant smart contracts[C]// Proceedings of IEEE Security ＆ Privacy. 2019: 185-200.
[25]	ZYSKIND G , NATHAN O , PENTLAND A ,et al. Enigma:decentralized computation platform with guaranteed privacy[EB].
[26]	蔡亮, 端豪, 鄢萌 ,等. 基于双层协同的联盟区块链隐私数据保护方法[J]. 软件学报, 2020,31(8): 2557-2573.
	CAI L , DUAN H , YAN M ,et al. Private data protection scheme for consortium blockchain based on two-layer cooperation[J]. Journal of Software, 2020,31(8): 2557-2573.
[27]	PODGORELEC B , TURKANOVI? M , KARAKATI? S , . A machine learning-based method for automated blockchain transaction signing including personalized anomaly detection[J]. Sensors (Basel,Switzerland), 2019,20(1): 147.
[28]	黄克振, 连一峰, 冯登国 ,等. 基于区块链的网络安全威胁情报共享模型[J]. 计算机研究与发展, 2020,57(4): 836-846.
	HUANG K Z , LIAN Y F , FENG D G ,et al. Cyber security threat intelligence sharing model based on blockchain[J]. Journal of Computer Research and Development, 2020,57(4): 836-846.
[29]	ASHIZAWA N , YANAI N , CRUZ J P ,et al. Eth2Vec:learning contract-wide code representations for vulnerability detection on ethereum smart contracts[C]// Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure. 2021: 47-59.
[30]	HE N , ZHANG R , WANG H ,et al. {EOSAFE}:security analysis of {EOSIO} smart contracts[C]// 30th {USENIX} Security Symposium. 2021: 1271-1288.
[31]	KRUPP J , ROSSOW C . teether:gnawing at ethereum to automatically exploit smart contracts[C]// 27th {USENIX} Security Symposium. 2018: 1317-1333.
[32]	KALRA S , GOEL S , DHAWAN M ,et al. ZEUS:analyzing safety of smart contracts[C]// Proceedings 2018 Network and Distributed System Security Symposium. 2018:2017, 16-17.
[33]	BHARGAVAN K , DELIGNAT-LAVAUD A , FOURNET C . Formal verification of smart contracts:short paper[C]// Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. 2016: 91-96.
[34]	ABDELLATIF T , BROUSMICHE K L . Formal verification of smart contracts based on users and blockchain behaviors models[C]// Proceedings of 2018 9th IFIP International Conference on New Technologies,Mobility and Security (NTMS). 2018: 1-5.
[35]	MEHAR M I , SHIER C L , GIAMBATTISTA A ,et al. Understanding a revolutionary and flawed grand experiment in blockchain[J]. Journal of Cases on Information Technology, 2019,21(1): 19-32.
[36]	CHAUM D , VAN-HEYST E , . Group signatures[C]// Workshop on the Theory and Application of of Cryptographic Techniques. 1991: 257-265.
[37]	RIVEST R L , SHAMIR A , TAUMAN Y . How to leak a secret[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2001: 552-565.
[38]	MAXWELL G , POELSTRA A . Borromean ring signatures[EB].
[39]	CHAUM D , . Blind signatures for untraceable payments[C]// Advances in Cryptology. 1983: 199-203.
[40]	GREEN M , MIERS I . Bolt:anonymous payment channels for decentralized currencies[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 473-489.
[41]	HEILMAN E , BALDIMTSI F , GOLDBERG S . Blindly signed contracts:anonymous on-blockchain and off-blockchain bitcoin transactions[C]// Financial Cryptography and Data Security. 2016: 43-60.
[42]	江泽涛, 徐娟娟 . 云环境下基于代理盲签名的高效异构跨域认证方案[J]. 计算机科学, 2020,47(11): 60-67.
	JIANG Z T , XU J J . Efficient heterogeneous cross-domain authentication scheme based on proxy blind signature in cloud environment[J]. Computer Science, 2020,47(11): 60-67.
[43]	SCHNORR C P . Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991,4(3): 161-174.
[44]	MAXWELL G , POELSTRA A , SEURIN Y ,et al. Simple schnorr multi-signatures with applications to bitcoin[J]. Designs,Codes and Cryptography, 2019,87(9): 2139-2164.
[45]	NICK J , RUFFING T , SEURIN Y ,et al. MuSig-DN:schnorr multi-signatures with verifiably deterministic nonces[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020: 1717-1731.
[46]	BONEH D , LYNN B , SHACHAM H . Short signatures from the Weil pairing[C]// Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security:Advances in Cryptology. 2001: 514-532.
[47]	SCHOLL T . Isolated elliptic curves and the MOV attack[J]. Journal of Mathematical Cryptology, 2017,11(3): 131-146.
[48]	BONEH D , DRIJVERS M , NEVEN G . Compact multi-signatures for smaller blockchains[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2018: 435-464.
[49]	DOERNER J , KONDI Y , LEE E ,et al. Secure two-party threshold ECDSA from ECDSA assumptions[C]// Proceedings of 2018 IEEE Symposium on Security and Privacy. 2018: 980-997.
[50]	CASTAGNOS G , CATALANO D , LAGUILLAUMIE F ,et al. Two-party ECDSA from hash proof systems and efficient instantiations[C]// Advances in Cryptology-CRYPTO 2019. 2019: 191-221.
[51]	AHMAT D , CHOROMA M , BISSYANDé T F , . Multipath key exchange scheme based on the diffie-Hellman protocol and the Shamir threshold[J]. Int J Netw Secur, 2019,21: 418-427.
[52]	SOLTANI R , NGUYEN U T , AN A J . Practical key recovery model for self-sovereign identity based digital wallets[C]// Proceedings of 2019 IEEE Intl Conf on Dependable,Autonomic and Secure Computing,Intl Conf on Pervasive Intelligence and Computing,Intl Conf on Cloud and Big Data Computing,Intl Conf on Cyber Science and Technology Congress. 2019: 320-325.
[53]	SAXENA A , MISRA J , DHAR A . Increasing anonymity in bitcoin[C]// International Conference on Financial Cryptography and Data Security. 2014: 122-139.
[54]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// Advances in Cryptology-EUROCRYPT 2005. 2005: 457-473.
[55]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM Conf on Computer and Communications Security. 2006. 89-98.
[56]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy (SP '07). 2007: 321-334.
[57]	RAHULAMATHAVAN Y , PHAN R C W , RAJARAJAN M ,et al. Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption[C]// Proceedings of 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems. 2017: 1-6.
[58]	汪金苗, 谢永恒, 王国威 ,等. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020,20(9): 47-51.
	WANG J M , XIE Y H , WANG G W ,et al. A method of privacy preserving and access control in blockchain based on attribute-based encryption[J]. Netinfo Security, 2020,20(9): 47-51.
[59]	闫玺玺, 原笑含, 汤永利 ,等. 基于区块链且支持验证的属性基搜索加密方案[J]. 通信学报, 2020,41(2): 187-198.
	YAN X X , YUAN X H , TANG Y L ,et al. Verifiable attribute-based searchable encryption scheme based on blockchain[J]. Journal on Communications, 2020,41(2): 187-198.
[60]	杜瑞忠, 刘妍, 田俊峰 . 物联网中基于智能合约的访问控制方法[J]. 计算机研究与发展, 2019,56(10): 2287-2298.
	DU R Z , LIU Y , TIAN J F . An access control method using smart contract for Internet of Things[J]. Journal of Computer Research and Development, 2019,56(10): 2287-2298.
[61]	PEDERSEN T P , . Non-interactive and information-theoretic secure verifiable secret sharing[C]// Annual international cryptology conference. 1991: 129-140.
[62]	RUFFING T , MALAVOLTA G . Switch commitments:a safety switch for confidential transactions[C]// International Conference on Financial Cryptography and Data Security. 2017: 170-181.
[63]	KOSBA A , MILLER A , SHI E ,et al. Hawk:the blockchain model of cryptography and privacy-preserving smart contracts[C]// Proceedings of 2016 IEEE Symposium on Security and Privacy. 2016: 839-858.
[64]	POELSTRA A , BACK A , FRIEDENBACH M ,et al. Confidential assets[C]// International Conference on Financial Cryptography and Data Security. 2018: 43-63.
[65]	王童, 马文平, 罗维 . 基于区块链的信息共享及安全多方计算模型[J]. 计算机科学, 2019,46(9): 162-168.
	WANG T , MA W P , LUO W . Information sharing and secure multi-party computing model based on blockchain[J]. Computer Science, 2019,46(9): 162-168.
[66]	BENTOV I , KUMARESAN R , MILLER A . Instantaneous decentralized poker[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2017: 410-440.
[67]	CHOUDHURI A R , GREEN M , JAIN A ,et al. Fairness in an unfair world:fair multiparty computation from public bulletin boards[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 719-728.
[68]	CHOR B , GOLDWASSER S , MICALI S ,et al. Verifiable secret sharing and achieving simultaneity in the presence of faults[C]// Proceedings of 26th Annual Symposium on Foundations of Computer Science (sfcs 1985). 1985: 383-395.
[69]	BEN SASSON E , CHIESA A , GARMAN C ,et al. Zerocash:decentralized anonymous payments from bitcoin[C]// Proceedings of 2014 IEEE Symposium on Security and Privacy. 2014: 459-474.
[70]	BEN-SASSON E , BENTOV I , HORESH Y ,et al. Scalable,transparent,and post-quantum secure computational integrity[J]. IACR Cryptol ePrint Arch.2018, 2018: 46-129.
[71]	BüNZ B , BOOTLE J , BONEH D ,et al. Bulletproofs:short proofs for confidential transactions and more[C]// 2018 IEEE Symposium on Security and Privacy (SP). 2018: 315-334.
[72]	MALLER M , BOWE S , KOHLWEISS M ,et al. Sonic:zero-knowledge SNARKs from linear-size universal and updatable structured reference strings[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019: 2111-2128.
[73]	GABIZON A , WILLIAMSON Z J , CIOBOTARU O . PLONK:permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge[J]. IACR Cryptol ePrint Arch,2019, 2019:953.
[74]	BüNZ B , FISCH B , SZEPIENIEC A . Transparent snarks from dark compilers[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2020: 677-706.
[75]	BOWE S , CHIESA A , GREEN M ,et al. Zexe:enabling decentralized private computation[C]// 2020 IEEE Symposium on Security and Privacy (SP). 2020: 947-964.
[76]	FERNáNDEZ-CARAMèS T M , FRAGA-LAMAS P . Towards post-quantum blockchain:a review on blockchain cryptography resistant to quantum computing attacks[J]. IEEE Access, 2020,8: 21091-21116.
[77]	ESGIN M F , STEINFELD R , SAKZAD A ,et al. Short lattice-based one-out-of-many proofs and applications to ring signatures[C]// International Conference on Applied Cryptography and Network Security. 2019: 67-88.
[78]	GENTRY C , . Fully homomorphic encryption using ideal lattices[C]// Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing. 2009: 169-178.
[79]	YIN W , WEN Q , LI W ,et al. A anti-quantum transaction authentication approach in blockchain[J]. IEEE Access, 2018,6: 5393-5401.
[80]	CHEN H , LAINE K , RINDAL P . Fast private set intersection from homomorphic encryption[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 1243-1255.
[81]	汤永利, 胡明星, 叶青 ,等. 改进的格上基于多身份全同态加密方案[J]. 北京邮电大学学报, 2018,41(1): 125-133.
	TANG Y L , HU M X , YE Q ,et al. Improved multi-identity based fully homomorphic encryption scheme over lattices[J]. Journal of Beijing University of Posts and Telecommunications, 2018,41(1): 125-133.
[82]	GENTRY C , SAHAI A , WATERS B . Homomorphic encryption from learning with errors:conceptually-simpler,asymptotically-faster,attribute-based[C]// Annual Cryptology Conference. 2013: 75-92.
[83]	BRAKERSKI Z , GENTRY C , VAIKUNTANATHAN V . (leveled) fully homomorphic encryption without bootstrapping[J]. ACM Transactions on Computation Theory, 2014,6(3): 1-36.
[84]	DUCAS L , KILTZ E , LEPOINT T ,et al. CRYSTALS-dilithium:a lattice-based digital signature scheme[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018: 238-268.
[85]	FOUQUE P A , HOFFSTEIN J , KIRCHNER P ,et al. Falcon:Fast-Fourier lattice-based compact signatures over NTRU[J]. Submission to the NIST’s Post-Quantum Cryptography Standardization Process, 2018,36.
[86]	DING J , SCHMIDT D . Rainbow,a new multivariable polynomial signature scheme[C]// International Conference on Applied Cryptography and Network Security. 2005: 164-175.
[87]	BEN-SASSON E , BENTOV I , HORESH Y ,et al. Scalable zero knowledge with no trusted setup[C]// Advances in Cryptology –CRYPTO 2019, 2019: 701-732.
[88]	CHOUDHURI A R , GOYAL V , JAIN A . Founding secure computation on blockchains[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2019: 351-380.
[89]	KERBER T , KIAYIAS A , KOHLWEISS M ,et al. Ouroboros crypsinous:Privacy-preserving proof-of-stake[C]// 2019 IEEE Symposium on Security and Privacy (SP). 2019: 157-174.
[90]	刘海, 李兴华, 雒彬 ,等. 基于区块链的分布式K匿名位置隐私保护方案[J]. 计算机学报, 2019,42(5): 942-960.
	LIU H , LI X H , LUO B ,et al. Distributed K-anonymity location privacy protection scheme based on blockchain[J]. Chinese Journal of Computers, 2019,42(5): 942-960.
[91]	LI H , PEI L S , LIAO D ,et al. Blockchain meets VANET:an architecture for identity and location privacy protection in VANET[J]. Peer-to-Peer Networking and Applications, 2019,12(5): 1178-1193.
[92]	董祥千, 郭兵, 沈艳 ,等. 一种高效安全的去中心化数据共享模型[J]. 计算机学报, 2018,41(5): 1021-1036.
	DONG X Q , GUO B , SHEN Y ,et al. An efficient and secure decentralizing data sharing model[J]. Chinese Journal of Computers, 2018,41(5): 1021-1036.
[93]	YAJI S , BANGERA K , NEELIMA B . Privacy preserving in blockchain based on partial homomorphic encryption system for ai applications[C]// Proceedings of 2018 IEEE 25th International Conference on High Performance Computing Workshops (HiPCW). 2018: 81-85.
[94]	MENDKI P , . Blockchain enabled IoT edge computing:addressing privacy,security and other challenges[C]// Proceedings of the 2020 The 2nd International Conference on Blockchain Technology. 2020: 63-67.
[95]	PASSERAT-PALMBACH J , FARNAN T , MCCOY M ,et al. Blockchain-orchestrated machine learning for privacy preserving federated learning in electronic health data[C]// Proceedings of 2020 IEEE International Conference on Blockchain (Blockchain). 2020: 550-555.
[96]	周家顺, 王娜, 杜学绘 . 基于区块链的数据完整性多方高效审计机制[J]. 网络与信息安全学报, 2021,7(6): 113-125.
	ZHOU J S , WANG N , DU X H . Multi-party efficient audit mechanism for data integrity based on blockchain[J]. Chinese Journal of Network and Information Security, 2021,7(6): 113-125.

类别	混币机制	性能开销	主要隐私安全问题及风险
	Mixcoin	交易时延高	混币服务商掌握用户隐私
中心化混币	BlindCoin	计算开销与存储开销大	混币服务商掌握用户隐私
	TumbleBit	交易时延与交易费用高	易遭受中继节点窃取个人隐私
	CoinJoin	交易时延随参与用户增加而增加	混币服务商掌握用户隐私
去中心化混币	CoinShuffle	交易时延随参与用户增加而增加	易遭受分布式拒绝服务攻击
	CoinParty	交易时延随参与用户增加而增加	未经认证的恶意用户易盗取他人资产
	Xim	混币时间长且混币轮换次数多	混币期间易遭受攻击和盗窃

对比内容	参与方隐私性	签名消息隐私性	地址隐私性
环签名	基于环密钥分发中心	基于环状签名结构	隐私性强
盲签名	盲化消息者隐私性强	基于盲化函数与因子	盲化消息者隐私性强
Schnorr签名	签名时隐私性差	基于离散对数难解	签名后隐私性强
BLS签名	签名时隐私性差	基于离散对数难解	签名后隐私性强

算法	算数复杂度：证明方	算数复杂度：验证方	通信复杂度（证明大小）	单笔交易大小评估	1万笔交易大小评估	以太坊gas费用	可信设置	后量子安全	密码学假设性强度
SNARK	O(n log(N))	O(1)	O(1)	Tx:200 byte, Key:50 MB	Tx:200 byte, Key:500	600 kB （Groth16）	是	否	强
STARK	O(n polylog(N))	O(polylog(N))	O(polylog(N))	45 kB	135 kB	2.5 MB （预估）	否	是	抗强哈希碰撞
BulletProof	O(n log(N))	O(N)	O(log(N))	1.5 kb	2.5 kB	N/A	否	否	离散对数安全

名称	主要技术特点	主要适用场景
聚合签名	签名分片	多方参与
属性基加密	访问控制	身份验证
同态加密	密文计算	敏感数据处理
安全多方计算	多方计算	多方协作
零知识证明	零知识性	保密交易
格密码	抗量子计算	隐私技术融合
全同态加密	抗量子计算	隐私技术融合