VERIFIABLE RANDOM LOTTERY METHOD BASED ON MERKLE TREE AND SORTING MANNER

Abstract

Provided is a verifiable random lottery method based on a Merkle tree and a sorting manner, including: determining a number of winners and participants in a lottery, and allowing a lottery system to record personal data submitted by each of the participants and a random timestamp clicked and confirmed by the participant in a time period; constructing a Merkle tree with an SM3 algorithm, and taking a root of the Merkle tree as a random seed; taking the random seed as an input, iteratively running the SM3 algorithm to obtain a random string of each participant, sorting all of the random strings in a descending manner, and selecting the winners in the lottery; verifying the random seed in the lottery; and verifying a lottery result: iteratively running the SM3 algorithm on a legal random seed to reproduce and verify the lottery result.

Description

CROSS REFERENCE TO RELATED APPLICATION

This patent application claims the benefit and priority of Chinese Patent Application No. 202311405787.5, filed with the China National Intellectual Property Administration on Oct. 27, 2023, the disclosure of which is incorporated by reference herein in its entirety as part of the present application.

TECHNICAL FIELD

The present disclosure belongs to the field of random algorithms, and relates to a verifiable random lottery method based on a Merkle tree and a sorting manner.

BACKGROUND

For the sake of fairer distribution of market resources, lottery operations are increasingly used in house purchasing, car purchasing, school-age children enrollment and other scenarios in big cities. Nowadays, the large-scale lottery operations are mainly divided into two types. According to the first type of lottery operations, a random seed is generated with a random lottery ball, and then a random index is generated by invoking a classical random number algorithm (such as a rand function) to obtain a lottery result, for example, the lottery operations on house-purchasing qualification in Beijing. According to the second type of lottery operations, a random index is generated by directly invoking a classical random number algorithm on a computer to obtain a lottery result, and a random seed is generated by an entropy pool of an operation system, for example the lottery operations on house-purchasing qualification in Hangzhou. However, the two types of operations have the following defects:

• • 1. The random seed cannot be reproduced. For the first type, the single process realized by the lottery ball cannot be reproduced. For the second type, entropy sources in the entropy pool of the operation system are various uncertain device events, and also cannot be reproduced.
  • 2. The random seed is not associated with user data. Regardless of the lottery ball or the entropy pool of the operation system, the random seed is not associated with data of participants, which causes a low degree of participation in the lottery.

As is known to all, the Merkle tree is a binary hash tree, and is a classical data verification algorithm. It can provide a proof with a size of 0(log₂n), thereby verifying whether a member is included in an n-element set. Therefore, in combination with the Merkle tree and a sorting manner, a novel verifiable lottery algorithm is provided.

SUMMARY

In view of the above-mentioned technical problems in the prior art, the present disclosure provides a verifiable random lottery method based on a Merkle tree and a sorting manner. The present disclosure can realize subsequent verification on a lottery result, and fundamentally enhance fairness and persuasiveness of the lottery result. Specific technical solutions of the present disclosure are as follows:

A verifiable random lottery method based on a Merkle tree and a sorting manner includes the following steps:

• • step 1: determining a number of winners in a lottery and participants in the lottery;
  • step 2: allowing each of the participants to submit personal data;
  • step 3: allowing, at the beginning of the lottery, the participant to click and confirm a random timestamp;
  • step 4: allowing a lottery system to record the personal data and the random timestamp of each participant, constructing a Merkle tree with an SM3 algorithm, and taking a root of the Merkle tree as a random seed;
  • step 5: taking the random seed as an input, and iteratively running the SM3 algorithm to obtain a random string of the participant;
  • step 6: sorting all of the random strings in a descending manner;
  • step 7: selecting the winners in the lottery according to the given number of winners, and ending the lottery;
  • step 8: verifying the random seed of the lottery: allowing the participant to resubmit the personal data, and allowing the lottery system to verify a legality of the random seed with a membership certification function of the Merkle tree; and
  • step 9: verifying a lottery result: iteratively running the SM3 algorithm on a legal random seed to reproduce and verify the lottery result.

Further, the step 1 specifically includes:

• • step 1.1: determining the number of winners in the lottery, and labeling the number of winners as m; and
  • step 1.2: determining the participants in the lottery, and labeling the participants as P₀, . . . , P_n−1, a number of the participants being n, m≤n.

Further, the step 2 specifically includes: allowing the participant P_i to submit the personal data D_i to the lottery system, i=0, 1, . . . , n−1.

Further, the step 3 specifically includes:

• • step 3.1: setting a time period at the beginning of the lottery; and
  • step 3.2: allowing the participant to click a lottery confirmation through the lottery system in the time period, so as to determine the respective lottery timestamp t_i.

Further, the step 4 specifically includes:

• • step 4.1: allowing the lottery system to record the data D_i and the random timestamp t_i of the participant;
  • step 4.2: calculating a number d=[log₂n] of layers of the Merkle tree, assuming h₁^(d)=SM3(D_i∥t₁) for i=0,1, . . . , n−1, and assuming h_i^(d)=SM3(D_n−1∥t_n−1) for i=n, n+1, . . . , 2^d−1, thereby obtaining h_i^(d) for 2^d leaf nodes of the Merkle tree; where on a dth layer, a hash merging operation h_i^(d−1)=SM3(h_2i^(d)∥h_2i+1^(d)) is performed on i=0,1, . . . , 2^d−1−1, ∥representing splicing on two pieces of data, thereby obtaining h_i^(d−1) for 2^d−1 nodes on a (d−1)th layer; then on the (d−1)th layer, a hash merging operation h_i^(d−2)=SM3(h_2i^(d−1)∥h_2i+1^(d−1) is performed on i=0,1, . . . , 2^d−2−1, thereby obtaining h_i ^(d−2) for 2^d−2 nodes on a (d−2)th layer; and the same operation is performed until a first layer, h₀⁽⁰⁾=SM3(h₀⁽¹⁾∥h₁⁽¹⁾) for the root of the Merkle tree is calculated, and all nodes of the Merkle tree are stored; and
  • step 4.3: taking the h₀⁽⁰⁾ for the root of the Merkle tree as the random seed, and disclosing the seed.

Further, the step 5 specifically includes:

• • step 5.1: calculating the random string r₀=SM3(seed) of the participant P₀ according to the random seed; and
  • step 5.2: iteratively calculating r_i+1=SM3(r_i) for i=0,1, . . . , n−1 to obtain the random strings for P₁, . . . , P_n−1.

Further, the step 6 specifically includes: sorting the random strings r_i corresponding to all of the participants P_i in the descending manner according to corresponding binary values to obtain r_t0>r_t1>. . . >r_tn−1, and disclosing a sorted result.

Further, the step 7 specifically includes: selecting the winners P_t0, P_t1, . . . , P_tm−1 in the lottery according to the sorted result r_t0>r_t1>. . . >r_tn−1 of the random strings, and the number m of winners in the lottery.

Further, the step 8 specifically includes:

• • step 8.1: allowing the participant P_i to resubmit the personal data D_i and the random timestamp t_i to the lottery system;
  • step 8.2: allowing the lottery system to recalculate {tilde over (h)}_i^(d)=SM3(D_i∥t₁) for the leaf nodes, and provide a verification node sequence VN=[h_s(i)^(d), h_s(f(i))^(d−1), h_s(f(f(i)))^(d−2). . . h_s(fn−1(i))⁽¹⁾] from the {tilde over (h)}_i^(d) to the root according to the stored Merkle tree, s(i)=i+(−1)ⁱ representing a sibling to a node i, and f(i)=[i/2] representing a father to the node i; and
  • step 8.3: executing a for circulation, and for j=d, d−1, . . . , 1,
  • calculating {tilde over (h)}_f(i)^(j−1)=SM3(conc(i, SM3({tilde over (h)}_i^(j)), SM3(h _s(i)^(j)))); and
  • updating i=f(i),
  • where, if i is an even number, conc(i, x, y)=x∥y; and if i is an odd number, conc(i, x, y)=y∥x; and
  • obtaining a recalculated {tilde over (h)}_o⁽⁰⁾ of the root upon completion of the circulation, and comparing the {tilde over (h)}₀⁽⁰⁾ with a previously disclosed random seed, where if the {tilde over (h)}₀⁽⁰⁾ and the previously disclosed random seed {tilde over (h)}₀⁽⁰⁾ are the same, the random seed in the lottery is legal and is successfully verified.

Further, the step 9 specifically includes:

• • step 9.1: recalculating a random string =SM3(seed) of the participant P₀ according to a successfully verified random seed;
  • step 9.2: iteratively recalculating {tilde over (r)}_i+1=SM3({tilde over (r)}_i) for i=0,1, . . . , n−1 to obtain random strings {tilde over (r)}₁, . . . , {tilde over (r)}_n−1 for P₁, . . . , P_n−1; and
  • step 9.3: sorting all of the random strings {tilde over (r)}_i in the descending manner according to binary values to obtain a sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_tn−1, and comparing the sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_tn−1 with the previously disclosed sorted sequence r_t0>r_t1> . . . >r_tn−1, where if the sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_tn−1 and the previously disclosed sorted sequence r_t0>r_t1> . . . >r_tn−1 are completely the same, the lottery result is verified successfully.

The present disclosure achieves the following beneficial effects:

The present disclosure guarantees the randomness of the lottery content through the national cryptographic SM3 algorithm, and makes the lottery result verifiable through the Merkle tree. While ensuring fairness and security, the present disclosure provides a higher transparency and a verification mechanism, effectively solves the problems of a low degree of participation of users and a low transparency of the lottery result in existing lottery algorithms, and realizes a more reliable and credible lottery solution.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 schematically illustrates a main flowchart of a verifiable random lottery method based on a Merkle tree and a sorting manner according to the present disclosure.

DETAILED DESCRIPTION OF THE EMBODIMENTS

To make the objectives, technical solutions, and advantages of the present disclosure clearer, the present disclosure is described in further detail below with reference to the drawings and embodiments.

As shown in FIG. 1, the present disclosure provides a verifiable random lottery method based on a Merkle tree and a sorting manner, including the following steps:

Step 1: A number of winners in a lottery and participants in the lottery are determined.

Step 2: Each of the participants submits personal data.

Step 3: At the beginning of the lottery, the participant clicks and confirms a random timestamp.

Step 4: A lottery system records the personal data and the random timestamp of each participant, a Merkle tree is constructed with an SM3 algorithm, and a root of the Merkle tree is taken as a random seed.

Step 5: The random seed is taken as an input, and the SM3 algorithm is iteratively run to obtain a random string of the participant.

Step 6: All of the random strings are sorted in a descending manner.

Step 7: The winners in the lottery are selected according to the given number of winners, and the lottery is ended.

Step 8: The random seed of the lottery is verified: The participant resubmits the personal data, and the lottery system verifies a legality of the random seed with a membership certification function of the Merkle tree.

Step 9: A lottery result is verified: The SM3 algorithm is iteratively run on a legal random seed to reproduce and verify the lottery result.

The step 1 specifically includes:

Step 1.1: The number of winners in the lottery is determined, and labeled as m.

Step 1.2: The participants in the lottery are determined, and labeled as P₀, . . . , P_n−1, a number of the participants being n, m≤n.

The step 2 specifically includes: For i=0,1, . . . , n−1, the participant P_i submits the personal data D_i to the lottery system.

The step 3 specifically includes:

Step 3.1: A 1-h time period is set at the beginning of the lottery.

Step 3.2: The participant clicks a lottery confirmation through the lottery system in the time period, so as to determine the respective lottery timestamp t_i.

The step 4 specifically includes:

Step 4.1: The lottery system records the data Di and the random timestamp t_i of the participant.

Step 4.2: A number d=[log₂n] of layers of the Merkle tree is calculated, h_i^(d)=SM3(D_i∥t_i) is assumed for i=0,1, . . . , n−1, and h_i^(d)=SM3(D_n−1∥t_n−1) is assumed for i=n, n+1, . . . , 2^d−1, thereby obtaining h_i^(d) for 2^d leaf nodes of the Merkle tree. On a dth layer, for i=0,1, . . . , 2^d−1−1, a hash merging operation h₁^(d−1)=SM3(h_2i^(d)∥h_2i+1^(d)) is performed, ∥ representing splicing on two pieces of data, thereby obtaining h₁^(d−1) for 2^d−1 nodes on a (d−1)th layer. On the (d−1)th layer, for i=0,1, . . . ,2^d−2−1, a hash merging operation h_i^(d−2)=SM3(h_2i^(d−1)∥h_2i+1^(d−1) is performed, thereby obtaining h_i^(d−2) for 2^d−2 nodes on a (d−2)th layer. The same operation is performed until a first layer, h₀⁽⁰⁾=SM3(h₀⁽¹⁾∥h₁⁽¹⁾) for the root of the Merkle tree is calculated, and all nodes of the Merkle tree are stored.

Step 4.3: The h₀⁽⁰⁾ for the root of the Merkle tree is taken as the random seed, and the seed is disclosed.

The step 5 specifically includes:

Step 5.1: The random string r₀=SM3(seed) of the participant P₀ is calculated according to the random seed.

Step 5.2: r_i+1=SM3(r_i) is iteratively calculated for i=0,1, . . . , n−1 to obtain the random strings for P₁, . . . , P_n−1.

Further, the step 6 specifically includes: The random strings r₁ corresponding to all of the participants P_i are sorted in a descending manner according to corresponding binary values to obtain r_t0>r_t1> . . . >r_tn−1, and a sorted result is disclosed.

Further, the step 7 specifically includes: The winners P_t0, P_t1, . . . , P_tm−1 in the lottery are selected according to the sorted result r_t0>r_t1> . . . >r_tm−1, of the random strings, and the number m of winners in the lottery.

The step 8 specifically includes:

Step 8.1: The participant P_i resubmits the data D_i and the random timestamp t_i to the lottery system.

Step 8.2: The lottery system recalculates {tilde over (h)}₁^(d)=SM3(D_i∥t₁) for the leaf nodes, and provides a verification node sequence VN=[h_s(i)^(d), h_s(f(i))^(d−1), h_s(f(f(i)))^(d−2), . . . h_s(fn−1(i))⁽¹⁾] from the {tilde over (h)}_i^(d) to the root according to the stored Merkle tree, s(i)=i+(−1)ⁱ representing a sibling to the node i, and f(i)=[i/2] representing a father to the node i.

Step 8.3: A for circulation is calculated. For j=d, d−1, . . . , 1:

{tilde over (h)}_f(i)^(j−1)=SM3(conc(i, SM3({tilde over (h)}_i^(j)), SM3(h_s(i)^(j)))) is calculated.

i=f(i) is updated.

If i is an even number, conc(i, x, y)=x∥y. If i is an odd number, where conc(i, x, y)=y∥x. conc represents splicing.

A recalculated {tilde over (h)}₀⁽⁰⁾ of the root is obtained upon completion of the circulation, and the {tilde over (h)}₀⁽⁰⁾ is compared with a previously disclosed random seed. If the {tilde over (h)}₀⁽⁰⁾ and the previously disclosed random seed are the same, the random seed in the lottery is legal and is successfully verified.

The step 9 specifically includes:

Step 9.1: A random string {tilde over (r)}₀=SM3(seed) of the participant P₀ is recalculated according to a successfully verified random seed.

Step 9.2: {tilde over (r)}_i+1=SM3({tilde over (r)}_i) is iteratively recalculated for i=0,1, . . . , n−1 to obtain random strings {tilde over (r)}₁, . . . , {tilde over (r)}_n−1 for P₁, . . . , P_n−1

Step 9.3: All of the random strings {tilde over (r)}_i are sorted in the descending manner according to binary values to obtain a sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_tn−1, and the sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_tn−1 is compared with the previously disclosed sorted sequence r_t0>r_t1> . . . >r_tn−1. If the sorted sequence {tilde over (r)}_t0>{tilde over (r)}_t1> . . . >{tilde over (r)}_t−1 and the previously disclosed sorted sequence r_t0>r_t1> . . . >r_tn−1 are completely the same, the lottery result is verified successfully.

In order to better understand the details of the present disclosure, a specific implementation example for the verifiable random lottery method based on a Merkle tree and a sorting manner is provided below. Due to limitations in data size, the following descriptions are made to a case including eight participants and three winners. A Faker library of python is used to simulate and construct random user data, specifically:

• • (1) User data:
  • ID: 0001 Name: Liao Jun ID number: 3301XXXXXXXXXXXX45 Timestamp: 1421975140. ID: 0002 Name: Wang Juan ID number: 3301XXXXXXXXXXXX79 Timestamp: 883630529.
  • ID: 0003 Name: Xin Gang ID number: 3301XXXXXXXXXXXX28 Timestamp: 1059085504. ID: 0004 Name: Yang Na ID number: 3301XXXXXXXXXXXX10 Timestamp: 655185617.
  • ID: 0005 Name: Le Qian ID number: 3301XXXXXXXXXXXX29 Timestamp: 481534905.
  • ID: 0006 Name: Zhang Cheng ID number: 3301XXXXXXXXXXXX62 Timestamp: 1341518705. ID: 0007 Name: Nie Ling ID number: 3301XXXXXXXXXXXX29 Timestamp: 492833261. ID: 0008 Name: Song Guirong ID number: 3301XXXXXXXXXXXX28 Timestamp: 1213306144.

A Merkle tree with eight leaf nodes and three layers is constructed. Data of the leaf nodes on the third layer is as follows:

[h₀⁽³⁾, h₁⁽³⁾, h₂⁽³⁾, h₃⁽³⁾, h₄⁽³⁾, h₅⁽³⁾, h₆⁽³⁾, h₇⁽³⁾]=[4e2459a9418948a071b94594df64d3526a0cbfce6e4c30283d387e417d871ae6, 907a03f009cc911e8f959e264fbccb69aeea18d6c8405ealecd63ed3d6395a0b, 454285e96ae19dd91beca9fb2909888c07dbf58cb7c1c48597d9dacda777fdb3, c75e7aafa53cf03c26d398d2c1884e8b94769f9db74f72fb0f2ee6d22993d17c, 8bf8b1391e44e3553d514ca5c6ab89cb73125911046f76a5b80df1160e2fe610, a19a4d406dbf7bd86327c9f196eedd9c5cdb8bb17c63028193612247dbf9bd9d, 65e068clfe56c52593e87a70e2a8836d4ecd4ef7a3ca973b2824f891d534fd83, f0a256d28ac64630f4185c6bc8d2a4f7feb3bfaa3be49913d4ef5ac32f03c62c].

Through hash merging, data of the nodes on the second layer is as follows:

[h₀⁽²⁾, h₁⁽²⁾, h₂⁽²⁾, h₃⁽²⁾]=[08437ce83085caa2034b12c4d3fb573f0013c598533992ef9bf06441a0e3f7bc, 7ffb37d2e06d01d43a8207c72b19bac96eabac363d17d7ca895b091ec6f57d14, 86e8756dd63267bc8fe72c4ad92768858fbf3ffa2d4ff69ac3f3f1df5374ee3a, b1afe1db8d544e24c6121d2cc359d2b256a7cce92456d5fddd0b6eb53640c97b].

Through the hash merging, data of the nodes on the second layer is as follows:

[h₀⁽¹⁾, h₁⁽¹⁾]=[a1fb50a4d0c64341e037789c513e15ae3238bf69845b8bf82e32a65f1745277f, a596f45cb2b2fceafdcedadc6628ed6659aaf2166bd5dd36ca5cceee522bb0cf].

Through the hash merging, a root obtained is taken as an initial seed, and the result is as follows:

h₀⁽⁰⁾=3d2780bc197dec49b4e74dc60b804d00c53e0ff5f4fa9d03705f9dc081cdbe9d.

• • (2) An SM3 algorithm is run with the initial seed in (1) to obtain r₀=SM3(seed). For i=0,1, . . . , n−1, r_i+1=SM3(r_i) is iteratively calculated to obtain respective random strings of the eight participants.

Liao Jun:

3f1927472dd70dc678cadcef096a58d004d4cd5919cdb7c5c82aa9c4a2305578.

Wang Juan:

3c32f908242e2eb8ad6ea3accd327535c9ec12b7dd7d98fdbeea18f7905871c7.

Xin Gang:

eb0991f12a3b7f5737d9f0dabc3fd0dd69933d993346b4c2faf87cbbe46aa3f3.

Yang Na:

a815cfb79e2bc5f75d8c8b99cd01e5e4f6328170d42ce63aabc6e3ea95969b53.

Le Qian:

cb97e8236838aa361671a6167611b7b543fa5a81b19f1950cd12a77568fda02e.

Zhang Cheng:

e83de8ad84b65b54650b5d8b55eb1eb8e0e424aaff42f70582e84a7c98102285.

Nie Ling:

71845c8317dccd3789ee99d0b5e640bbb91e46cd28f9400e9c94fe2029ad9a6f.

Song Guirong:

34d7228e9a7dc07c4a87849ce6718e423e4b35b609d538dc40f7d6e0d4508c82.

• • (3) The eight random strings are sorted in a descending manner to a sorted sequence of the users:

Xin Gang>Zhang Cheng>Le Qian>Yang Na>Nie Ling>Liao Jun>Wang Juan>Song Guirong.

The three winners are Xin Gang, Zhang Cheng and Le Qian.

• • (4) The user data is reused. With membership certification of the Merkle tree, a legality of the initial seed is verified. For example, for the winner Xin Gang, a hash value of the user data in SM3 is {tilde over (h)}₂⁽³⁾=SM3(D₂∥t₂)=454285e96ae19dd91beca9fb2909888c07dbf58cb7c1c48597d9dacda777fdb3.

A lottery server can provide a verification node sequence VN=[h₃⁽³⁾, h₀⁽²⁾, h₁⁽¹⁾]=[c75e7aafa53cf03c26d398d2c1884e8b94769f9db74f72fb0f2ee6d22993d17c, 08437ce83085caa2034b12c4d3fb573f0013c598533992ef9bf06441a0e3f7bc, a596f45cb2b2fceafdcedadc6628ed6659aaf2166bd5dd36ca5cceee522bb0cf].

Three steps are performed for calculation: {tilde over (h)}₁⁽²⁾=SM3({tilde over (h)}₂⁽³⁾∥h₂⁽³⁾), {tilde over (h)}₀⁽¹⁾=SM3(h₀⁽²⁾∥{tilde over (h)}₁⁽²⁾), {tilde over (h)}₀⁽⁰⁾=SM3(h₀⁽¹⁾∥{tilde over (h)}₀⁽¹⁾),

• • thereby obtaining:

{tilde over (h)}₀⁽⁰⁾=3d2780bc197dec49b4e74dc60b804d00c53e0ff5f4fa9d03705f9dc081cdbe9d.

The seed is the same as the initial seed calculated in (2), and is successfully verified.

• • (5) The SM3 algorithm is iteratively run with the seed in (4) to reproduce the random strings of all people:

Liao Jun:

3f1927472dd70dc678cadcef096a58d004d4cd5919cdb7c5c82aa9c4a2305578.

Wang Juan:

3c32f908242e2eb8ad6ea3accd327535c9ec12b7dd7d98fdbeea18f7905871c7.

Xin Gang:

eb0991f12a3b7f5737d9f0dabc3fd0dd69933d993346b4c2faf87cbbe46aa3f3.

Yang Na:

a815cfb79e2bc5f75d8c8b99cd01e5e4f6328170d42ce63aabc6e3ea95969b53.

Le Qian:

cb97e8236838aa361671a6167611b7b543fa5a81b19f1950cd12a77568fda02e.

Zhang Cheng:

e83de8ad84b65b54650b5d8b55eb1eb8e0e424aaff42f70582e84a7c98102285.

Nie Ling:

71845c8317dccd3789ee99d0b5e640bbb91e46cd28f9400e9c94fe2029ad9a6f.

Song Guirong:

34d7228e9a7dc07c4a87849ce6718e423e4b35b609d538dc40f7d6e0d4508c82.

The result is the same as that calculated in (3), and the sorted result is also the same. That is, the winners are Xin Gang, Zhang Cheng and Le Qian, and the result is verified successfully.

In conclusion, the present disclosure generates the structure of the Merkle tree based on the SM3 algorithm through submitted data and respective confirmed random timestamps of the participants in the lottery, takes a root of the Merkle tree as a random seed, takes the random seed as an input, iteratively runs the SM3 algorithm to obtain random strings of the participants, and sorts the random strings, thereby determining the winners in the lottery. If there is a need to verify a lottery result, the participant resubmits the data, and verifies a legality of the random seed with membership certification of the Merkle tree. By taking the random seed as the input, random strings of all participants are further generated to verify the lottery result.

By combining the initial seed with the user data, the present disclosure enhances a degree of participation of the users in the lottery. With the verifiable mechanism, the present disclosure can verify the lottery result subsequently compared with the existing random lottery solution. The classical random lottery solution is based on a software-implemented pseudo-random number generator, and the seed is selected depending on an internal real-time state parameter of a computer or a ball lottery machine and cannot be reproduced and verified. With the verifiable mechanism, the present disclosure generates the random seed depending on data and selected random timestamps of the participants. With the structure of the Merkle tree, after all hash values of the Merkle tree are recorded, the random seed and the final lottery result can be verified. That is, the participant can provide information subsequently to verify the lottery result and the process. The present disclosure makes the result more transparent and credible, and makes the lottery result more persuasive.

The above described are merely preferred implementations of the present disclosure rather than limitations to the present disclosure in any form. Although the implementation process of the present disclosure is described in detail with reference to the foregoing embodiments, those skilled in the art can still make modifications to the technical solutions described in the foregoing embodiments, or make equivalent replacement to some of the technical features. Any modifications and equivalent substitutions made within the spirit and principle of the present disclosure should be included within the protection scope of the present disclosure.

Claims

1. A verifiable random lottery method based on a Merkle tree and a sorting manner, comprising the following steps: step 1: determining a number of winners in a lottery and participants in the lottery;step 2: allowing each of the participants to submit personal data;step 3: allowing, at the beginning of the lottery, the participant to click and confirm a random timestamp;step 4: allowing a lottery system to record the personal data and the random timestamp of each participant, constructing a Merkle tree with an SM3 algorithm, and taking a root of the Merkle tree as a random seed;step 5: taking the random seed as an input, and iteratively running the SM3 algorithm to obtain a random string of the participant;step 6: sorting all of the random strings in a descending manner;step 7: selecting the winners in the lottery according to the given number of winners, and ending the lottery;step 8: verifying the random seed of the lottery: allowing the participant to resubmit the personal data, and allowing the lottery system to verify a legality of the random seed with a membership certification function of the Merkle tree; andstep 9: verifying a lottery result: iteratively running the SM3 algorithm on a legal random seed to reproduce and verify the lottery result.

2. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 1, wherein the step 1 specifically comprises: step 1.1: determining the number of winners in the lottery, and labeling the number of winners as m; andstep 1.2: determining the participants in the lottery, and labeling the participants as P0, . . . , Pn−1, a number of the participants being n, m≤n.

3. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 2, wherein the step 2 specifically comprises: allowing the participant Pi to submit the personal data Di to the lottery system, i=0,1, . . . , n−1.

4. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 3, wherein the step 3 specifically comprises: step 3.1: setting a time period at the beginning of the lottery; andstep 3.2: allowing the participant to click a lottery confirmation through the lottery system in the time period, so as to determine the respective lottery timestamp ti.

5. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 4, wherein the step 4 specifically comprises: step 4.1: allowing the lottery system to record the data Di and the random timestamp ti of the participant;step 4.2: calculating a number d=[log2n] of layers of the Merkle tree, assuming hi(d)=SM3(Di∥ti) for i=0,1, . . . , n−1, and assuming hi(d)=SM3(Dn−1∥tn−1) for i=n, n+1, . . . , 2d−1, thereby obtaining hi(d) for 2d leaf nodes of the Merkle tree, wherein on a dth layer, a hash merging operation hi(d)=SM3(h2i(d)∥h2i+1(d)) is performed on i=0,1, . . . , 2d−1−1, ∥ representing splicing on two pieces of data, thereby obtaining hi(d−1) for 2d−1 nodes on a (d−1)th layer; then on the (d−1)th layer, a hash merging operation hi(d−2)=SM3h2i(d−1)∥h2i+1(d−1)) is performed on i=0,1, . . . , 2d−231 1, thereby obtaining hi(d−2) for 2d−2 nodes on a (d−2)th layer; and the same operation is performed until a first layer, h0(0)=SM3(h0(1)∥h1(1)) for the root of the Merkle tree is calculated, and all nodes of the Merkle tree are stored; andstep 4.3: taking the h0(0) for the root of the Merkle tree as the random seed, and disclosing the seed.

6. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 5, wherein the step 5 specifically comprises: step 5.1: calculating the random string r0=SM3(seed) of the participant P0 according to the random seed; andstep 5.2: iteratively calculating ri+1=SM3(ri) for i=0,1, . . . , n−1 to obtain the random strings for P1, . . . , Pn−1.

7. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 6, wherein the step 6 specifically comprises: sorting the random strings ri corresponding to all of the participants Pi in the descending manner according to corresponding binary values to obtain rt0>rt1> . . . >rtn−1, and disclosing a sorted result.

8. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 7, wherein the step 7 specifically comprises: selecting the winners Pt0, Pt1, . . . , Ptm−1 in the lottery according to the sorted result rt0>rt1> . . . >rtn−1 of the random strings, and the number m of winners in the lottery.

9. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 8, wherein the step 8 specifically comprises: step 8.1: allowing the participant Pi to resubmit the personal data Di and the random timestamp ti to the lottery system;step 8.2: allowing the lottery system to recalculate {tilde over (h)}i(d)=SM3(Di∥ti) for the leaf nodes, and provide a verification node sequence VN=[hs(i)(d), hs(f(i))(d−2), . . . hs(fn−1(i))(1)] from the {tilde over (h)}i(d) to the root according to the stored Merkle tree, s(i)=i+(−1)i representing a sibling to a node i, and f(i)=[i/2] representing a father to the node i; andstep 8.3: executing a for circulation, and for j=d, d−1, . . . , 1,calculating {tilde over (h)}f(i)(j−1)=SM3(conc(i, SM3({tilde over (h)}s(i)(j)))), andupdating i=f(i),wherein if i is an even number, conc(i, x, y)=x∥y; and if i is an odd number, conc(i, x, y)=y∥x, conc representing splicing; andobtaining a recalculated {tilde over (h)}0(0) of the root upon completion of the circulation, and comparing the {tilde over (h)}0(0) with a previously disclosed random seed, wherein if the {tilde over (h)}0(0) and the previously disclosed random seed are the same, the random seed in the lottery is legal and is successfully verified.

10. The verifiable random lottery method based on a Merkle tree and a sorting manner according to claim 9, wherein the step 9 specifically comprises: step 9.1: recalculating a random string {tilde over (r)}0=SM3(seed) of the participant P0 according to a successfully verified random seed;step 9.2: iteratively recalculating {tilde over (r)}i+1=SM3({tilde over (r)}i) for i=0,1, . . . , n−1 to obtain random strings {tilde over (r)}1, . . . , {tilde over (r)}n−1 for P1, . . . , Pn−1; andstep 9.3: sorting all of the random strings {tilde over (r)}i in the descending manner according to binary values to obtain a sorted sequence {tilde over (r)}t0>{tilde over (r)}t1> . . . {tilde over (r)}tn−1, and comparing the sorted sequence {tilde over (r)}t0>{tilde over (r)}t1> . . . {tilde over (r)}n−1 with the previously disclosed sorted sequence rt0>rt1> . . . >rtn−1, wherein if the sorted sequence {tilde over (r)}t0>{tilde over (r)}t1> . . . >{tilde over (r)}tn−1 and the previously disclosed sorted sequence rt0>rt1> . . . >rtn−1, are completely the same, the lottery result is verified successfully.