Search for a command to run...
With the accelerating growth of the digital economy, data has emerged as a core asset, making secure and private data trading a pressing necessity. However, traditional centralized data trading platforms face critical challenges, including identity exposure, data leakage, unclear ownership, and lack of trust. Although decentralized, blockchain-based solutions have been proposed, they typically protect only subsets of these properties and seldom provide a unified, verifiable privacy architecture over the entire trading lifecycle. This paper introduces a novel decentralized data trading system that comprehensively integrates Groth16-based zero-knowledge proofs (ZKPs), Merkle tree–based data ownership commitments, and smart contracts on blockchain. The proposed system ensures identity anonymity, data confidentiality, ownership traceability, and behavioral privacy while supporting regulatory auditability. Rather than proposing new cryptographic primitives, we reformulate data trading as a zero-knowledge–verifiable privacy problem and embed the resulting privacy logic into the protocol and contract design. The main contributions are as follows. (1) Developing a unified zero-knowledge privacy layer that combines Groth16-based ZKPs with proxy re-encryption, allowing participants to prove transaction eligibility without disclosing identity attributes while keeping traded data encrypted end-to-end. (2) Constructing a zero-knowledge-based ownership lifecycle in which Merkle trees are repurposed as privacy-preserving ownership commitment structures that support unlinkable ownership proof, secure ownership transfer, and privacy-preserving traceability. (3) Designing a malleability-aware ZKP execution framework for Groth16 proofs, implemented via dedicated “anti-malleability” contracts that bind proofs to ownership states, fresh randomness, and protocol stages, thereby mitigating proof malleability and unsafe reuse across the registration–sale–transfer lifecycle. (4) Integrating a trusted regulatory authority into the architecture to enable compliant yet anonymous audits and formulate a system-wide privacy framework covering identity, data, ownership, behavioral, and audit dimensions. Experimental results demonstrate that the system achieves strong privacy guarantees and low on-chain overhead, offering a more robust and privacy-centric approach to data transactions than existing solutions.