CN111597586B - Block chain privacy protection method, system and device - Google Patents
Block chain privacy protection method, system and device Download PDFInfo
- Publication number
- CN111597586B CN111597586B CN202010456239.5A CN202010456239A CN111597586B CN 111597586 B CN111597586 B CN 111597586B CN 202010456239 A CN202010456239 A CN 202010456239A CN 111597586 B CN111597586 B CN 111597586B
- Authority
- CN
- China
- Prior art keywords
- transaction
- privacy
- algorithm
- verification
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 187
- 238000012545 processing Methods 0.000 claims abstract description 94
- 238000012795 verification Methods 0.000 claims abstract description 93
- 230000006870 function Effects 0.000 claims description 42
- 238000005516 engineering process Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 abstract description 5
- 238000010200 validation analysis Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention discloses a blockchain privacy protection method, a blockchain privacy protection system and a blockchain privacy protection device, which are used for receiving an established privacy model containing a transaction format and privacy requirements of a target transaction; according to the transaction format and the privacy requirement, respectively generating a local encryption SDK containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing, and linking the verification contract and the algorithm library; calling an encryption API to encrypt a transaction plaintext of a target transaction to obtain a ciphertext transaction; after the ciphertext transaction is uplink, a transaction verification API is called to verify the ciphertext transaction, and after the ciphertext transaction is verified to be legal, service processing is performed on the ciphertext transaction based on an algorithm library and defined service contracts, so that a service processing result is obtained. Therefore, the novel privacy protection scheme is provided, a user only needs to provide a privacy model, and the system can automatically execute the works such as model analysis, transaction encryption, transaction verification, transaction processing and the like, so that the learning cost is low.
Description
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a blockchain privacy protection method, system, and device.
Background
The block chain technology is characterized in that the block chain technology is 'decentralised' and 'distrusted', and can effectively construct programmable currency, programmable finance and programmable society as a distributed general ledger technology, an intelligent contract basic platform and a distributed novel calculation paradigm, and the block chain technology has a profound effect on finance and other fields. At present, a billing participating entity in a blockchain needs to achieve data uplink and business uplink as much as possible, so that the function of a blockchain 'trust machine' is exerted to a greater extent. However, in a real business scenario, enterprise data and business contain large amounts of confidential information that needs to be properly hidden to protect privacy, while well compromising the relevant needs of its computation, verification, and administration.
In the prior art, there are two protection modes of data privacy security: 1) The key idea of cryptographic technology-based secret state calculation is to design a special encryption algorithm and protocol so as to support direct calculation on encrypted data (without decryption) to obtain a required calculation result, and meanwhile, the key point is not in contact with the plaintext content of the data, thereby playing a role in protecting the data privacy. 2) The core idea of the trusted computing based on the TEE (Trusted Execution Environment) technology is to take trusted hardware as a carrier, provide hardware-level strong security isolation and general computing environment, form a 'secret room' under the condition of perfect cryptographic service, decrypt and compute data only in the 'secret room', and besides, any other method cannot contact the plaintext content of the data, and encrypt the data before leaving the 'secret room', thereby realizing the data privacy security. However, whichever way the user realizes the data privacy protection, the user needs to know the cryptography principle in depth and select the cryptography algorithm, resulting in too high learning cost.
Therefore, how to provide a solution to the above technical problem is a problem that a person skilled in the art needs to solve at present.
Disclosure of Invention
The invention aims to provide a blockchain privacy protection method, a blockchain privacy protection system and a blockchain privacy protection device, a user only needs to provide a privacy model with clear privacy requirements, and the blockchain privacy protection system can automatically execute works such as model analysis, transaction encryption, transaction verification, transaction processing and the like, so that the learning cost is low.
In order to solve the technical problems, the invention provides a blockchain privacy protection method, which comprises the following steps:
receiving an established privacy model containing the transaction format and privacy requirements of the target transaction;
analyzing the privacy model to obtain the transaction format and privacy requirements of the target transaction;
according to the transaction format and privacy requirements of the target transaction, respectively generating a local encryption SDK (secure digital memory card) containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing of the target transaction, and linking the verification contract and the algorithm library;
invoking an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction;
and uploading the ciphertext transaction, calling a transaction verification API of the verification contract to verify the ciphertext transaction after the ciphertext transaction is uplink, and carrying out service processing on the ciphertext transaction based on the algorithm library and the defined service contract after the ciphertext transaction is verified to be legal, so as to obtain a service processing result.
Preferably, the blockchain privacy protection method further includes:
pre-establishing a cryptographic algorithm library comprising a plurality of cryptographic algorithms and a plurality of functional interfaces;
correspondingly, the process of respectively generating the local encryption SDK containing the encryption API, the verification contract containing the transaction verification API and the algorithm library containing the algorithm required by the on-chain transaction processing of the target transaction according to the transaction format and the privacy requirement of the target transaction comprises the following steps:
selecting a plaintext processing algorithm, a verification algorithm and an algorithm required by on-chain transaction processing which meet the conditions from the cryptography algorithm library according to the transaction format and privacy requirements of the target transaction;
based on the selected algorithm, a local encryption SDK including an encryption API for invoking the plaintext processing algorithm, a validation contract including a transaction validation API for invoking the validation algorithm, and an algorithm library including algorithms required for on-chain transaction processing are generated.
Preferably, the privacy model further comprises an execution environment of a transaction based on TEE technology;
and the blockchain privacy protection method further comprises:
pre-establishing a TEE function library comprising a plurality of TEE function algorithms;
after analyzing the privacy model to obtain the execution environment of the transaction, selecting a TEE function algorithm meeting the conditions from the TEE function library according to the execution environment of the transaction;
generating a local encryption SDK containing a device encryption API for calling the TEE function algorithm according to the selected algorithm;
calling a device encryption API of the local encryption SDK to encrypt a transaction plaintext of the transaction to obtain a transaction ciphertext;
and carrying out service processing on the transaction ciphertext through corresponding TEE equipment to obtain a service processing result.
Preferably, the cryptographic algorithm library comprises a series of cryptographic algorithms and scope certificates of zero knowledge certificates, homomorphic encryption, multiparty security computation, group signature and ring signature, a series of functional interfaces of logic certificates and collection membership certificates.
Preferably, the execution environment includes SGX of Intel, SEV of AMD, and Trust Zone of ARM.
Preferably, the process of receiving the established privacy model including the transaction format and privacy requirements of the target transaction includes:
receiving an established privacy model containing transaction formats and privacy requirements of different types of transactions; wherein the target transaction is any type of transaction; the privacy requirements include a series of different levels of privacy requirements, a field encryption requirement, a field interval attestation requirement, and a field support algorithm requirement.
In order to solve the technical problem, the invention also provides a blockchain privacy protection system, which comprises:
the model compiler is used for receiving the established privacy model containing the transaction format and the privacy requirement of the target transaction, and analyzing the privacy model to obtain the transaction format and the privacy requirement of the target transaction;
an SDK generator for generating a local encrypted SDK containing an encryption API of the target transaction according to the transaction format and privacy requirements of the target transaction;
the contract generator is used for generating a verification contract containing a transaction verification API of the target transaction and an algorithm library containing an algorithm required by on-chain transaction processing according to the transaction format and privacy requirements of the target transaction;
the SDK privacy device is used for calling an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction;
and the contract validator is used for calling a transaction verification API of the verification contract to verify the ciphertext transaction after the verification contract, the algorithm library and the ciphertext transaction are uplink, so that after the transaction verification is legal, the ciphertext transaction is subjected to service processing based on the algorithm library and the defined service contract, and a service processing result is obtained.
Preferably, the SDK generator is specifically configured to select a plaintext processing algorithm according to conditions from a pre-established cryptographic algorithm library according to a transaction format and privacy requirements of the target transaction, and generate a local encrypted SDK including an encryption API for calling the plaintext processing algorithm according to the selected algorithm; wherein the cryptographic algorithm library comprises a plurality of cryptographic algorithms and a plurality of functional interfaces;
the contract generator is specifically configured to select a verification algorithm meeting the conditions and an algorithm required by on-chain transaction processing from the cryptographic algorithm library according to the transaction format and privacy requirements of the target transaction, and generate a verification contract containing a transaction verification API for calling the verification algorithm and an algorithm library containing the algorithm required by on-chain transaction processing according to the selected algorithm.
Preferably, the privacy model further comprises an execution environment of a transaction based on TEE technology;
correspondingly, the model compiler is specifically configured to parse the privacy model to obtain a transaction format and a privacy requirement of the target transaction and an execution environment of the transaction;
the SDK generator is also used for selecting a TEE function algorithm meeting the conditions from a pre-established TEE function library according to the execution environment of the transaction, and generating a local encryption SDK containing an equipment encryption API for calling the TEE function algorithm according to the selected algorithm; wherein the TEE function library comprises a plurality of TEE function algorithms;
the SDK privacy device is also used for calling the equipment encryption API of the local encryption SDK to encrypt the transaction plaintext of the transaction to obtain a transaction ciphertext, so that the transaction ciphertext is subjected to service processing through the corresponding TEE equipment to obtain a service processing result.
In order to solve the technical problem, the invention also provides a blockchain privacy protection device, which comprises:
a memory for storing a computer program;
a processor for implementing the steps of any of the blockchain privacy protection methods described above when executing the computer program.
The invention provides a blockchain privacy protection method, which is used for receiving an established privacy model containing the transaction format and the privacy requirement of a target transaction; analyzing the privacy model to obtain transaction formats and privacy requirements; according to the transaction format and the privacy requirement, respectively generating a local encryption SDK containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing, and linking the verification contract and the algorithm library; calling an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction; and uploading the ciphertext transaction, calling a transaction verification API of a verification contract after the ciphertext transaction is uploaded to verify the ciphertext transaction, and carrying out service processing on the ciphertext transaction based on an algorithm library and a defined service contract after the ciphertext transaction is verified to be legal, so as to obtain a service processing result. Therefore, the brand-new blockchain privacy protection scheme is provided, a user only needs to provide a privacy model with clear privacy requirements, and the system can automatically execute the works such as model analysis, transaction encryption, transaction verification, transaction processing and the like, so that the learning cost is low.
The invention also provides a block chain privacy protection system and device, which have the same beneficial effects as the privacy protection method.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the prior art and the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a blockchain privacy protection method provided by an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a blockchain privacy protection system according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a blockchain privacy protection method, a blockchain privacy protection system and a blockchain privacy protection device, a user only needs to provide a privacy model with clear privacy requirements, and the blockchain privacy protection system can automatically execute works such as model analysis, transaction encryption, transaction verification, transaction processing and the like, so that the learning cost is low.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a blockchain privacy protection method according to an embodiment of the present invention.
The blockchain privacy protection method comprises the following steps:
step S1: and receiving the established privacy model containing the transaction format and the privacy requirement of the target transaction, and analyzing the privacy model to obtain the transaction format and the privacy requirement of the target transaction.
Specifically, the user needs to establish a privacy model including the transaction format and privacy requirements of the target transaction in advance as the system input. After receiving the established privacy model, the privacy model is analyzed to obtain the transaction format and the privacy requirement of the target transaction, and the target transaction is used for the follow-up transaction privacy protection processing.
Step S2: according to the transaction format and privacy requirements of the target transaction, respectively generating a local encryption SDK (secure digital memory card) containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing of the target transaction, and linking the verification contract and the algorithm library.
Specifically, after the transaction format and the privacy requirement of the target transaction are obtained in step S1, on the one hand, according to the transaction format and the privacy requirement of the target transaction, the application generates a local encrypted SDK (Software Development Kit ) of the target transaction, which includes an encryption API (Application Programming Interface ), for encrypting the plaintext of the subsequent target transaction; on the other hand, according to the transaction format and privacy requirements of the target transaction, the method and the system generate a verification contract comprising a transaction verification API and an algorithm library comprising algorithms required by on-chain transaction processing, and link the verification contract and the algorithm library for on-chain verification and processing of the subsequent target transaction. Step S3: and calling an encryption API of the local encryption SDK to encrypt the transaction plaintext of the target transaction to obtain the ciphertext transaction.
Specifically, after generating the local encryption SDK including the encryption API of the target transaction in step S2, the present application calls the encryption API of the local encryption SDK, so as to encrypt the transaction plaintext of the target transaction, and obtain the ciphertext transaction for processing on a subsequent chain.
Step S4: and uploading the ciphertext transaction, calling a transaction verification API of a verification contract after the ciphertext transaction is uploaded to verify the ciphertext transaction, and carrying out service processing on the ciphertext transaction based on an algorithm library and a defined service contract after the ciphertext transaction is verified to be legal, so as to obtain a service processing result.
Specifically, after the ciphertext transaction is obtained in step S3, the ciphertext transaction is uplink, after the verification contract, the algorithm library and the ciphertext transaction are all uplink, the transaction verification API of the verification contract is called to verify the ciphertext transaction so as to judge whether the ciphertext transaction is legal, after the ciphertext transaction is verified to be legal, the service processing logic of the ciphertext transaction is determined according to the defined service contract including the service processing logic of the ciphertext transaction, and the corresponding transaction processing algorithm is called from the algorithm library according to the service processing logic of the ciphertext transaction so as to complete the service processing of the ciphertext transaction, and a service processing result is obtained.
Therefore, the business processing of the ciphertext transaction is directly calculated on the encrypted data (without decryption), so that the required business processing result is obtained, and the process does not contact the plaintext content of the transaction, thereby playing a role in protecting the transaction privacy.
The invention provides a blockchain privacy protection method, which is used for receiving an established privacy model containing the transaction format and the privacy requirement of a target transaction; analyzing the privacy model to obtain transaction formats and privacy requirements; according to the transaction format and the privacy requirement, respectively generating a local encryption SDK containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing, and linking the verification contract and the algorithm library; calling an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction; and uploading the ciphertext transaction, calling a transaction verification API of a verification contract after the ciphertext transaction is uploaded to verify the ciphertext transaction, and carrying out service processing on the ciphertext transaction based on an algorithm library and a defined service contract after the ciphertext transaction is verified to be legal, so as to obtain a service processing result. Therefore, the brand-new blockchain privacy protection scheme is provided, a user only needs to provide a privacy model with clear privacy requirements, and the system can automatically execute the works such as model analysis, transaction encryption, transaction verification, transaction processing and the like, so that the learning cost is low.
Based on the above embodiments:
as an alternative embodiment, the blockchain privacy protection method further includes:
pre-establishing a cryptographic algorithm library comprising a plurality of cryptographic algorithms and a plurality of functional interfaces;
correspondingly, according to the transaction format and privacy requirements of the target transaction, respectively generating a local encryption SDK containing encryption API, a verification contract containing transaction verification API and an algorithm library containing algorithms required by on-chain transaction processing of the target transaction, which comprises the following steps:
selecting a plaintext processing algorithm, a verification algorithm and an algorithm required by on-chain transaction processing which meet the conditions from a cryptography algorithm library according to the transaction format and privacy requirements of the target transaction;
based on the selected algorithm, a local encrypted SDK containing an encryption API for invoking a plaintext processing algorithm, a validation contract containing a transaction validation API for invoking a validation algorithm, and an algorithm library containing algorithms required for on-chain transaction processing are generated.
Specifically, the application establishes a cryptographic algorithm library containing a plurality of cryptographic algorithms and a plurality of functional interfaces in advance for flexibly selecting algorithms for use in subsequent transaction privacy protection. Based on this, after the transaction format and the privacy requirement of the target transaction are obtained in step S1, on one hand, the present application selects a plaintext processing algorithm meeting the conditions from a cryptographic algorithm library according to the transaction format and the privacy requirement of the target transaction, and generates a local encrypted SDK including an encryption API for calling the plaintext processing algorithm; on the other hand, according to the transaction format and privacy requirements of the target transaction, a qualified verification algorithm and an algorithm required by the on-chain transaction processing are selected from a cryptography algorithm library, and a verification contract containing a transaction verification API for calling the verification algorithm and an algorithm library containing the algorithm required by the on-chain transaction processing are generated. The plaintext processing algorithm and the verification algorithm are matched and correspondingly used, and after the transaction plaintext of the target transaction is encrypted by the plaintext processing algorithm, the ciphertext transaction is verified by the verification algorithm corresponding to the plaintext processing algorithm, so that the encryption verification of the target transaction can be realized.
Therefore, the method and the device can flexibly select the algorithm configuration meeting the conditions from the cryptography algorithm library for use according to the transaction format and the privacy requirement of the target transaction, so that the expansibility and the universality of the privacy protection scheme are improved.
As an alternative embodiment, the privacy model further comprises an execution environment for a transaction based on TEE technology;
and the blockchain privacy protection method further comprises the following steps:
pre-establishing a TEE function library comprising a plurality of TEE function algorithms;
after analyzing the privacy model to obtain the execution environment of the transaction, selecting a TEE function algorithm conforming to the conditions from a TEE function library according to the execution environment of the transaction;
generating a local encryption SDK containing a device encryption API for calling the TEE function algorithm according to the selected algorithm;
calling a device encryption API of the local encryption SDK to encrypt a transaction plaintext of a transaction to obtain a transaction ciphertext;
and carrying out service processing on the transaction ciphertext through the corresponding TEE equipment to obtain a service processing result.
Further, the privacy model of the application may further include an execution environment of the transaction based on TEE technology, and after receiving the established privacy model, the application may parse the execution environment of the transaction, that is, the TEE device specifically processing the transaction.
Based on the method, the TEE function library comprising a plurality of TEE function algorithms is established in advance and is mainly used for flexibly selecting the TEE equipment for use in the follow-up transaction privacy protection. After analyzing the execution environment of the transaction, the application selects a TEE function algorithm meeting the conditions from a TEE function library according to the execution environment of the transaction, generates a local encryption SDK comprising an equipment encryption API for calling the TEE function algorithm, and then calls the equipment encryption API of the local encryption SDK to encrypt a transaction plaintext of the transaction to obtain a transaction ciphertext, and performs service processing on the transaction ciphertext through corresponding TEE equipment to obtain a service processing result. More specifically, TEE function algorithms may include TEE encryption algorithms, TEE decryption algorithms, algorithms for key management, algorithms for artificial intelligence training, and the like.
It should be noted that, in this embodiment, the TEE device is used as a carrier, providing a hardware-level strong security isolation and a general computing environment, forming a "secret room" under the perfect cryptographic service, where the transaction ciphertext is decrypted and computed only in the "secret room", and besides, any other method cannot contact the transaction plaintext content, where the transaction plaintext is encrypted before leaving the "secret room", so as to realize transaction privacy security.
Therefore, the method and the device support cryptography to protect transaction privacy and TEE to protect transaction privacy, and achieve combination of software and hardware privacy protection schemes.
As an alternative embodiment, the cryptographic algorithm library comprises a series of cryptographic algorithms and scope certificates of zero knowledge certificates, homomorphic encryption, multiparty security computation, group signature, ring signature, logical certificates, and collection membership certificates.
Specifically, the cryptographic algorithm library of the present application may include cryptographic algorithms such as zero knowledge proof, homomorphic encryption, multiparty secure computation, group signature, ring signature, and the like, and may further include functional interfaces such as scope proof, logical proof, set membership proof, and the like, which are not particularly limited herein, and are determined according to actual needs.
As an alternative embodiment, the execution environment includes Intel's SGX, AMD's SEV and ARM's Trust Zone.
Specifically, the transaction execution environment of the present application may include TEE devices such as SGX (software guard extensions, instruction set extension) of Intel, SEV (Secure Encrypted Virtualization, secure encryption virtualization) of AMD (a processor), and Trust Zone of ARM (Advanced RISC Machines, RISC microprocessor), which are not particularly limited herein, depending on the actual requirements.
As an alternative embodiment, the process of receiving the established privacy model including the transaction format and privacy requirements of the target transaction includes:
receiving an established privacy model containing transaction formats and privacy requirements of different types of transactions; wherein the target transaction is any type of transaction; the privacy requirements include a range of different levels of privacy requirements, a field encryption requirement, a field interval attestation requirement, and a field support algorithm requirement.
Specifically, the privacy model of the present application may include transaction formats and privacy requirements of different types of transactions, and the privacy requirements of each type of transaction need to be set according to the privacy requirements of each type of transaction, such as field encryption, field interval certification, and field support algorithm.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a blockchain privacy protection system according to an embodiment of the present invention.
The blockchain privacy protection system includes:
the model compiler 1 is used for receiving the established privacy model containing the transaction format and the privacy requirement of the target transaction, and analyzing the privacy model to obtain the transaction format and the privacy requirement of the target transaction;
an SDK generator 2 for generating a local encrypted SDK of the target transaction including an encryption API according to the transaction format and privacy requirements of the target transaction;
a contract generator 3 for generating a verification contract of the target transaction including a transaction verification API and an algorithm library including an algorithm required for processing the on-chain transaction according to the transaction format and privacy requirements of the target transaction;
the SDK privacy device 4 is used for calling an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction;
and the contract verifier 5 is used for calling a transaction verification API of the verification contract to verify the ciphertext transaction after the verification contract, the algorithm library and the ciphertext transaction are uplink, so that after the transaction verification is legal, the ciphertext transaction is subjected to service processing based on the algorithm library and the defined service contract, and a service processing result is obtained.
As an optional embodiment, the SDK generator 2 is specifically configured to select a plaintext processing algorithm that meets the conditions from a pre-established cryptographic algorithm library according to a transaction format and a privacy requirement of a target transaction, and generate a local encrypted SDK including an encryption API for calling the plaintext processing algorithm according to the selected algorithm; the cryptographic algorithm library comprises a plurality of cryptographic algorithms and a plurality of functional interfaces;
the contract generator 5 is specifically configured to select a verification algorithm and an algorithm required for processing a link transaction, which are in accordance with conditions, from a cryptographic algorithm library according to a transaction format and privacy requirements of a target transaction, and generate a verification contract including a transaction verification API for calling the verification algorithm and an algorithm library including the algorithm required for processing the link transaction according to the selected algorithm.
As an alternative embodiment, the privacy model further comprises an execution environment for a transaction based on TEE technology;
correspondingly, the model compiler 1 is specifically configured to parse the privacy model to obtain a transaction format and a privacy requirement of the target transaction and an execution environment of the transaction;
the SDK generator 2 is further configured to select a TEE function algorithm that meets the conditions from a pre-established TEE function library according to the execution environment of the transaction, and generate a local encrypted SDK including an equipment encryption API for calling the TEE function algorithm according to the selected algorithm; the TEE function library comprises a plurality of TEE function algorithms;
the SDK privacy device 4 is further configured to call a device encryption API of the local encryption SDK to encrypt a transaction plaintext of the transaction to obtain a transaction ciphertext, so that the transaction ciphertext is subjected to service processing by the corresponding TEE device to obtain a service processing result.
Next, a blockchain privacy protection scheme is illustrated:
step 1: the user builds a privacy model: based on the self business scenario, the user can configure the transaction format, the privacy requirement or the execution environment of the uplink transaction, and establish a privacy model. For convenience of description, the privacy model may be expressed as follows:
SendOrder(s,r,price,num,total)
·sender,receiver:hide
·price:[60,100]
·num,total:cipher addition
CancelOrder(order)
CheckPOF(company,begin,end):TEE
step 2: the user inputs the privacy model to a model compiler, and the model compiler analyzes the privacy model to acquire the semantics of the privacy model as follows: three transaction types SendOrder, cancelOrder, checkPOF are specified, input parameters of the three transaction types are specified, and the parsed contents are respectively transferred to the contract generator and the SDK generator. The sender and receiver parameters are required to be encrypted and hidden, the price field is required to prove that the sender and receiver parameters are in the [60, 100] interval, and the num and total fields are required to support ciphertext-based addition calculation; cancelOrder has no privacy requirement; the CheckPOF function requires execution in TEE.
Step 3: the SDK generator generates a local SDK according to the privacy model semantics, wherein the local SDK comprises three encryption APIs of transactions: sendOrder, cancelOrder and CheckPOF, which are consistent with the parameters of the transaction type, the function of the encryption API is mainly to call the functions in the cryptographic algorithm library and the TEE function library, and encrypt the fields. For example, if the user designates that the CheckPOF is executed in the TEE device, i.e. SGX, three parameters thereof are encrypted with a public key of a preset SGX enclave. Meanwhile, the contract generator generates the following contract validator based on the privacy model semantics, the cryptography algorithm library and the TEE function library:
step 4: based on the generated contract verifier, the business contract of the self is realized, the business contract comprises specific business logic of the transaction, and the contract verifier and the business contract are deployed and uplink. Wherein, the business contracts are as follows:
step 5: the plaintext of the transaction parameters is input to an SDK privacy device, the SDK privacy device calls an API in a local SDK, the API encrypts each parameter according to the requirement, and then the encrypted ciphertext transaction is sent to a chain.
Step 6: and verifying whether the ciphertext parameters of the transaction accord with the privacy model by a contract verifier, and after the verification is passed, processing specific business logic based on the business contract. For example, after receiving a SendOrder transaction, the service contract first invokes the API of the validation contract to verify the legitimacy of the ciphertext transaction, and then performs specific service logic such as a recipient account balance update after verifying that legitimacy.
For other descriptions of the privacy protection system provided in the present application, reference is made to the embodiments of the privacy protection method described above, and the disclosure is not repeated herein.
The application also provides a blockchain privacy protection device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of any of the blockchain privacy protection methods described above when executing a computer program.
The disclosure of the privacy protection apparatus provided in the present application refers to the embodiment of the privacy protection method, and is not described herein.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (6)
1. A blockchain privacy protection method, comprising:
receiving an established privacy model containing the transaction format and privacy requirements of the target transaction;
analyzing the privacy model to obtain the transaction format and privacy requirements of the target transaction;
according to the transaction format and privacy requirements of the target transaction, respectively generating a local encryption SDK (secure digital memory card) containing an encryption API, a verification contract containing a transaction verification API and an algorithm library containing an algorithm required by on-chain transaction processing of the target transaction, and linking the verification contract and the algorithm library;
invoking an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction;
the ciphertext transaction is uplink, the transaction verification API of the verification contract is called after the ciphertext transaction is uplink to verify the ciphertext transaction, and after verification is legal, service processing is carried out on the ciphertext transaction based on the algorithm library and the defined service contract, so that a service processing result is obtained;
the blockchain privacy protection method further comprises the following steps:
pre-establishing a cryptographic algorithm library comprising a plurality of cryptographic algorithms and a plurality of functional interfaces;
correspondingly, the process of respectively generating the local encryption SDK containing the encryption API, the verification contract containing the transaction verification API and the algorithm library containing the algorithm required by the on-chain transaction processing of the target transaction according to the transaction format and the privacy requirement of the target transaction comprises the following steps:
selecting a plaintext processing algorithm, a verification algorithm and an algorithm required by on-chain transaction processing which meet the conditions from the cryptography algorithm library according to the transaction format and privacy requirements of the target transaction;
generating a local encryption SDK containing an encryption API for calling the plaintext processing algorithm, a verification contract containing a transaction verification API for calling the verification algorithm and an algorithm library containing algorithms required by on-chain transaction processing according to the selected algorithm;
and, the privacy model also includes an execution environment for a transaction based on TEE technology;
and the blockchain privacy protection method further comprises:
pre-establishing a TEE function library comprising a plurality of TEE function algorithms;
after analyzing the privacy model to obtain the execution environment of the transaction, selecting a TEE function algorithm meeting the conditions from the TEE function library according to the execution environment of the transaction;
generating a local encryption SDK containing a device encryption API for calling the TEE function algorithm according to the selected algorithm;
calling a device encryption API of the local encryption SDK to encrypt a transaction plaintext of the transaction to obtain a transaction ciphertext;
and carrying out service processing on the transaction ciphertext through corresponding TEE equipment to obtain a service processing result.
2. The blockchain privacy protection method of claim 1, wherein the cryptographic algorithm library includes a set of cryptographic algorithms and scope certificates, logical certificates, collection membership certificates, a set of functional interfaces of zero knowledge certificates, homomorphic encryption, multiparty security computation, group signatures, ring signatures.
3. The blockchain privacy protection method of claim 1, wherein the execution environment includes SGX of Intel, SEV of AMD, and Trust Zone of ARM.
4. The blockchain privacy protection method of claim 1, wherein the process of receiving the established privacy model including the transaction format and privacy requirements of the target transaction comprises:
receiving an established privacy model containing transaction formats and privacy requirements of different types of transactions; wherein the target transaction is any type of transaction; the privacy requirements include a series of different levels of privacy requirements, a field encryption requirement, a field interval attestation requirement, and a field support algorithm requirement.
5. A blockchain privacy protection system, comprising:
the model compiler is used for receiving the established privacy model containing the transaction format and the privacy requirement of the target transaction, and analyzing the privacy model to obtain the transaction format and the privacy requirement of the target transaction;
an SDK generator for generating a local encrypted SDK containing an encryption API of the target transaction according to the transaction format and privacy requirements of the target transaction;
the contract generator is used for generating a verification contract containing a transaction verification API of the target transaction and an algorithm library containing an algorithm required by on-chain transaction processing according to the transaction format and privacy requirements of the target transaction;
the SDK privacy device is used for calling an encryption API of the local encryption SDK to encrypt a transaction plaintext of the target transaction to obtain a ciphertext transaction;
the contract validator is used for calling a transaction verification API of the verification contract to verify the ciphertext transaction after the verification contract, the algorithm library and the ciphertext transaction are uplink, so that after the transaction verification is legal, service processing is carried out on the ciphertext transaction based on the algorithm library and the defined service contract, and a service processing result is obtained;
the SDK generator is specifically configured to select a plaintext processing algorithm meeting the conditions from a pre-established cryptographic algorithm library according to the transaction format and privacy requirements of the target transaction, and generate a local encrypted SDK including an encryption API for calling the plaintext processing algorithm according to the selected algorithm; wherein the cryptographic algorithm library comprises a plurality of cryptographic algorithms and a plurality of functional interfaces;
the contract generator is specifically configured to select a verification algorithm meeting the conditions and an algorithm required by on-chain transaction processing from the cryptographic algorithm library according to the transaction format and privacy requirements of the target transaction, and generate a verification contract containing a transaction verification API for calling the verification algorithm and an algorithm library containing the algorithm required by on-chain transaction processing according to the selected algorithm;
the privacy model also includes an execution environment for a transaction based on TEE technology;
correspondingly, the model compiler is specifically configured to parse the privacy model to obtain a transaction format and a privacy requirement of the target transaction and an execution environment of the transaction;
the SDK generator is also used for selecting a TEE function algorithm meeting the conditions from a pre-established TEE function library according to the execution environment of the transaction, and generating a local encryption SDK containing an equipment encryption API for calling the TEE function algorithm according to the selected algorithm; wherein the TEE function library comprises a plurality of TEE function algorithms;
the SDK privacy device is also used for calling the equipment encryption API of the local encryption SDK to encrypt the transaction plaintext of the transaction to obtain a transaction ciphertext, so that the transaction ciphertext is subjected to service processing through the corresponding TEE equipment to obtain a service processing result.
6. A blockchain privacy protection apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the blockchain privacy protection method of any of claims 1-4 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456239.5A CN111597586B (en) | 2020-05-26 | 2020-05-26 | Block chain privacy protection method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456239.5A CN111597586B (en) | 2020-05-26 | 2020-05-26 | Block chain privacy protection method, system and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111597586A CN111597586A (en) | 2020-08-28 |
| CN111597586B true CN111597586B (en) | 2023-06-09 |
Family
ID=72184401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010456239.5A Active CN111597586B (en) | 2020-05-26 | 2020-05-26 | Block chain privacy protection method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111597586B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632014A (en) * | 2020-12-30 | 2021-04-09 | 杭州亿房达科技有限公司 | Private data sharing method based on block chain and private security calculation |
| CN114036551A (en) * | 2021-10-22 | 2022-02-11 | 杭州趣链科技有限公司 | Data processing method and device for private data, computer equipment and medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103211A (en) * | 2016-02-19 | 2017-08-29 | 腾讯科技(深圳)有限公司 | SDK is sent, using issue, using operation method and device |
| CN107911216A (en) * | 2017-10-26 | 2018-04-13 | 矩阵元技术(深圳)有限公司 | A kind of block chain transaction method for secret protection and system |
| CN109493072A (en) * | 2018-10-24 | 2019-03-19 | 杭州趣链科技有限公司 | A method of the privacy contract protection based on alliance's block chain |
| CN109598616A (en) * | 2018-12-09 | 2019-04-09 | 大连飞创信息技术有限公司 | A method of introducing the block chain data-privacy protection of arbitration mechanism |
| CN109840771A (en) * | 2019-04-01 | 2019-06-04 | 西安电子科技大学 | A kind of block chain intimacy protection system and its method based on homomorphic cryptography |
| CN110020856A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of three handed deal are realized in block chain |
| CN110147994A (en) * | 2019-04-13 | 2019-08-20 | 山东公链信息科技有限公司 | A kind of instant execution method of the block chain based on homomorphic cryptography |
| CN110807206A (en) * | 2019-10-07 | 2020-02-18 | 复旦大学 | College certificate storage management system based on block chain and attribute password |
| CN110809876A (en) * | 2019-03-04 | 2020-02-18 | 阿里巴巴集团控股有限公司 | Method and equipment for executing out-of-chain test on intelligent contract |
| CN110914851A (en) * | 2019-03-27 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462472A (en) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of data encryption and decryption |
| US20200007344A1 (en) * | 2018-06-28 | 2020-01-02 | Blockchain Integrated Partners, Llc | Systems and methods for data validation and assurance |
-
2020
- 2020-05-26 CN CN202010456239.5A patent/CN111597586B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103211A (en) * | 2016-02-19 | 2017-08-29 | 腾讯科技(深圳)有限公司 | SDK is sent, using issue, using operation method and device |
| CN107911216A (en) * | 2017-10-26 | 2018-04-13 | 矩阵元技术(深圳)有限公司 | A kind of block chain transaction method for secret protection and system |
| CN109493072A (en) * | 2018-10-24 | 2019-03-19 | 杭州趣链科技有限公司 | A method of the privacy contract protection based on alliance's block chain |
| CN109598616A (en) * | 2018-12-09 | 2019-04-09 | 大连飞创信息技术有限公司 | A method of introducing the block chain data-privacy protection of arbitration mechanism |
| CN110020856A (en) * | 2019-01-31 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Method, node and the storage medium of three handed deal are realized in block chain |
| CN110809876A (en) * | 2019-03-04 | 2020-02-18 | 阿里巴巴集团控股有限公司 | Method and equipment for executing out-of-chain test on intelligent contract |
| CN110914851A (en) * | 2019-03-27 | 2020-03-24 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN109840771A (en) * | 2019-04-01 | 2019-06-04 | 西安电子科技大学 | A kind of block chain intimacy protection system and its method based on homomorphic cryptography |
| CN110147994A (en) * | 2019-04-13 | 2019-08-20 | 山东公链信息科技有限公司 | A kind of instant execution method of the block chain based on homomorphic cryptography |
| CN110807206A (en) * | 2019-10-07 | 2020-02-18 | 复旦大学 | College certificate storage management system based on block chain and attribute password |
| CN111191286A (en) * | 2019-12-28 | 2020-05-22 | 南京理工大学 | HyperLegger Fabric block chain private data storage and access system and method thereof |
Non-Patent Citations (2)
| Title |
|---|
| "FabZK: Supporting Privacy-Preserving, Auditable Smart Contracts in Hyperledger Fabric";Hui Kang等;《2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)》;全文 * |
| "区块链交易数据隐私保护方法";许重建等;《计算机科学》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111597586A (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110855671B (en) | Trusted computing method and system | |
| CN109067528B (en) | Password operation method, work key creation method, password service platform and equipment | |
| JP2022095891A (en) | Implementation of logic gate function using block chain | |
| EP2095288B1 (en) | Method for the secure storing of program state data in an electronic device | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN106055936B (en) | Executable program data packet encrypting/decrypting method and device | |
| CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
| JP2007049708A (en) | System and method for updating keys used for public key cryptography | |
| CN109561110A (en) | A kind of cloud platform audit log guard method based on SGX | |
| CN109284618B (en) | Data source data verification method and system | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN110061957A (en) | Data encryption, decryption method, user terminal, server and data management system | |
| CN109309566B (en) | Authentication method, device, system, equipment and storage medium | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| CN111597586B (en) | Block chain privacy protection method, system and device | |
| CN115242553B (en) | Data exchange method and system supporting safe multi-party calculation | |
| CN113055376A (en) | Block chain data protection system | |
| CN115270159A (en) | Intelligent contract calling method, device and equipment for block chain and storage medium | |
| CN109768969A (en) | Authority control method and internet-of-things terminal, electronic equipment | |
| CN109660490A (en) | Data processing method, device, system and storage medium | |
| CN112948789A (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN114244501A (en) | Power data privacy protection system and implementation method thereof, and encryption attribute revocation method | |
| CN113328860A (en) | Block chain-based user privacy data security providing method | |
| Joseph et al. | Design a hybrid optimization and homomorphic encryption for securing data in a cloud environment | |
| CN113691373B (en) | Anti-quantum key escrow system and method based on alliance block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240131 Address after: 571924, Building 8831, Walker Park, Hainan Ecological Software Park, Old City High tech Industrial Demonstration Zone, Hainan Province Patentee after: Yunhai Chain Holdings Co.,Ltd. Country or region after: China Patentee after: Oxford (Hainan) blockchain Research Institute Co.,Ltd. Address before: 571924 Building 8848, Walker Park, Hainan Ecological Software Park, Old Town High tech Industry Demonstration Zone, Chengmai County, Hainan Province Patentee before: Oxford (Hainan) blockchain Research Institute Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |