Abstract
Systems and methods are described for encrypting an amount transacted on a blockchain ledger, while preserving the transaction's ability to be verified. A blinding amount is added to an input value, and an output value is generated and encrypted. Both the input value and the output value are within a value range, where a sum of any two values within the range does not exceed an overflow threshold. The sum of the encrypted input value and the encrypted output value may equal zero. Rangeproofs associated with each of the input value and the output value are generated. The rangeproofs prove that the input value and the output value fall within the value range, and each rangeproof may be associated with a different public key. Each public key may be signed with a ring signature based on a public key of a recipient in the transaction.
Claims

A method for encrypting an amount transacted on a blockchain ledger, the method comprising:
adding, by a processor, a blinding amount to an input value being transacted, thereby created an encrypted input value;
generating, by the processor, an output value corresponding to the input value;
encrypting, by the processor, the generated output value to create an encrypted output value, the encrypted output value including a corresponding blinding amount such that the input value blinding amount and the generated output value blinding amount cancel each other out when added together, wherein both the input value and the output value being transacted are values falling with a value range, the value range being defined so that a sum of any two values within the range does not exceed an overflow threshold, a sum of the encrypted input value and the encrypted output value equaling zero;
generating, by the processor, a plurality of rangeproofs, wherein a different rangeproof is associated with each of the input value being transacted and the generated output value, the rangeproofs showing that the value associated with the rangeproof falls within the value range, each rangeproof being associated with a different public key;
signing each public key, by the processor, with a ring signature based on a public key of a recipient, thereby encrypting the plurality of rangeproofs, wherein a single memory amount is shared among each pubkey;
storing, by the processor, the encrypted input value, the encrypted output value, and the encrypted rangeproofs in a block, the block being subsequently published on a blockchain.
 The method of claim 1, wherein at least one rangeproof comprises a message from a sender of an asset associated with the transaction to the recipient, the message comprising the blinding amounts for the input value and the generated output value.
 The method of claim 1, wherein each ring signature for each rangeproof comprises a plurality of component values, each component value being a base ten exponent, each component value being one of two predetermined values.
 The method of claim 1, wherein each ring signature is associated with a leftover amount that is not scaled by an exponent.
 The method of claim 1, wherein the value range is set by a sender of an asset associated with the input value.

The method of claim 1, the ring signature comprising;
assigning each digit in the input value to a ring, each ring having a plurality of public keys corresponding to possible values of the digit;
encrypting each digit using a digitspecific blinding factor;
assigning a potential value for the digit to a public key for that digit; and
generating the ring signature using a private key, the ring signature being associated with a correctlyvalued public key for each digit.
 The method of claim 6, further comprising rewriting the input value into base four, wherein each digit in the rewritten input value is assigned to a ring having four public keys corresponding to possible values of the digit.
 The method of claim 6, further comprising rewriting the input value a floating point value with a base ten exponent, thereby reducing the number of digits in the input value.
 The method of claim 1, wherein the block further includes an unencrypted fee associated with the transaction.
 The method of claim 1, wherein the public key is an elliptic curve cryptography pubkey that uses two generators, wherein the first generator and second generator are discrete logs of each other.
 The method of claim 1, the input value comprising a plurality of input values, and the output value comprising a plurality of output values, wherein each of the plurality of input values and each of the plurality of output values is encrypted and assigned a corresponding rangeproof.

A method for verifying an encrypted transaction on a blockchain ledger, the method comprising:
receiving, by a processor, an encrypted input value, an encrypted output value, and encrypted rangeproofs in a block appended to the blockchain;
extracting the encrypted input value and the encrypted output value from the received block, the encrypted input value comprising an input value being transacted and a blinding amount, the encrypted output value also comprising an associated blinding amount;
verifying the transaction if the sum of the encrypted input value and the encrypted output value is zero; and
denying verification to the transaction if the sum of the encrypted input value and the encrypted output value is a nonzero value.

A method for decrypting an amount transacted on a blockchain ledger, the method comprising:
retrieving a block from a blockchain, the block comprising an encrypted input value, an encrypted output value, and encrypted rangeproofs corresponding to each of the encrypted input value and the encrypted output value;
generating a ring signature using a private key, the ring signature being associated with a correctlyvalued public key for each digit of the encrypted input value, the correctlyvalued public key being selected from a group of four public keys for each digit of the encrypted input value;
applying an XOR operation to the smallest digit of the ring encrypted input value;
repeating the applying the XOR operation to each digit of the ring encrypted input value;
identifying a repeated pattern within an output of the XOR operation; and
using the positions of the repeated pattern within the output of the XOR operation to determine the input value from the encrypted input value.
 The method of claim 13, wherein at least one rangeproof comprises a message from a sender of an asset associated with the transaction to the recipient, the message comprising the blinding amounts for the input value and the generated output value.
 The method of claim 13, wherein each ring signature for each rangeproof comprises a plurality of component values, each component value being a base ten exponent, each component value being one of two predetermined values.
 The method of claim 13, wherein each ring signature is associated with a leftover amount that is not scaled by an exponent.
 The method of claim 13, wherein the value range is set by a sender of an asset associated with the input value.
 The method of claim 13, wherein the public key is an elliptic curve cryptography pubkey that uses two generators, wherein the first generator and second generator are discrete logs of each other.
 The method of claim 13, the input value comprising a plurality of input values, and the output value comprising a plurality of output values, wherein each of the plurality of input values and each of the plurality of output values is encrypted and assigned a corresponding rangeproof.
Owners (US)
Information currently unavailable.
Applicants

Blockstream Corp
Explore more patents:
Inventors

Maxwell Gregory
Explore more patents:
IPC Classifications

G06Q20/38
Explore more patents:
Document Preview
 Publication: Dec 8, 2016

Application:
Jun 8, 2016
US 201615176833 A

Priority:
Jun 8, 2016
US 201615176833 A

Priority:
Jun 8, 2015
US 201562172684 P