CN113726767A - Block chain based distributed multi-party privacy computing system and method - Google Patents

Abstract

The invention relates to a block chain-based distributed multi-party privacy computing system and a block chain-based distributed multi-party privacy computing method, wherein the multi-party privacy computing system comprises a block chain safety computing node and a plurality of node APIs (application program interfaces), and the node APIs and the block chain safety computing node are in information interaction. The multi-party privacy calculation method comprises the following steps: step 1: registering; step 2: maintaining a data certificate; and step 3: registering and recording data through a node API; and 4, step 4: data computation is initiated through the node API. Compared with the prior art, the invention has the advantages of high safety, low cost, good popularization and the like.

Description

Block chain based distributed multi-party privacy computing system and method

Technical Field

The invention relates to the technical field of multi-party privacy computation, in particular to a distributed multi-party privacy computation system and method based on a block chain.

Background

In the background of the big data era, daily life is increasingly influenced by big data-based applications. From the perspective of a service provider, in order to provide more targeted personalized services, a large amount of personalized data is needed to provide calculation, and the requirements of users can be met more accurately. However, in the actual application process, it is found that the digitization degree of the service application is still not high, the portrayed user image is not accurate enough, even the risk recognition capability cannot support the whole-line visualization, and the pain points are analyzed as follows: 1. the data acquisition cost is high, the difficulty is high, a large amount of external data are needed to participate in business related collaborative calculation besides the data in the mechanism for business development, the acquired data volume is larger, the data types are richer, the portrayed customer image is more accurate, and therefore risk identification and accurate business development are facilitated. At present, data sharing is basically cooperated in a point-to-point mode, a large amount of safety measures need to be suggested to guarantee data privacy safety, and the data acquisition cost exceeds the business value, so that the promotion of data sharing is hindered. 2. At present, the data sharing calculation aspect is not transparent enough, no complete specification is formed, and the data sharing is also one aspect of hindering data sharing, a data provider worrys about privacy security risks caused by data leakage or over-limit use, and a data demander worrys about deviation of data reliability aggravating model results, so that the development of data as a production element is seriously hindered.

One of privacy calculation methods in the prior art is to develop a data docking module specially for summary calculation by a service application system, both parties of supply and demand of data define the range, the purpose of use, and the like of data sharing in a negotiation manner, realize data call inquiry in a point-to-point manner, and calculate after summarizing inquiry results by a data demand party, under the condition of a condition, guarantee the privacy of a data inquiry target by means of data encryption, privacy security inquiry, and the like, generally develop a special data docking platform for a system with more data demands, and realize docking with a plurality of data providers by a platform development basis. The method can meet the inquiry and access requirements of data providers to a certain extent, but with the continuous and deep development of services, the range and types of data are gradually increased, more and more external data providers need to be connected with an application system, and the application system needs to be adapted to various data inquiry services without service standards and different protocols, so that the inquiry services become complicated. Meanwhile, even if privacy security technology is added, the risk of privacy data leakage to a data provider is difficult to avoid, and after all, data is already transmitted from the data provider to a data demand side. The other method is that a data platform is built by a trusted third party for summary calculation, multiple parties provided by data provide data to the data platform by a standard protocol, the data are calculated by the trusted third party and then fed back to a data demand party, the trusted third party guarantees the safety and accuracy of the data calculation process through a safety calculation technology, privacy data required by calculation are not reserved or stored in any party, and the risk of data leakage in the demand party is prevented. Firstly, the middleman is opened enough as a core computing party, and needs to undertake auditing responsibility of data computing to guarantee reliable and credible computing. Secondly, the broker is trusted enough that the entire business trust chain and trusted computing will be broken down once a centralized trust crisis occurs. The selection and validation of the trusted third party can be a significant challenge.

At present, data between each organization and each enterprise can not be subjected to smooth joint calculation basically, although cooperative calculation is performed in an organization-level cooperation mode, the data is subjected to unified calculation after being acquired, so that the worry of data privacy disclosure can not be relieved, the risk that a data demand party is abused after acquiring the data cannot be prevented, and further cooperation of a data layer is hindered. For a computing mode with a trusted third party as a trust broker, data of each party needs to be transmitted to the broker, so that the invoking cost is high, the efficiency is low, and meanwhile, the trust problem of service invoking exists.

Disclosure of Invention

The invention aims to overcome the defects in the prior art and provide a block chain-based distributed multi-party privacy computing system and method which are high in safety, low in cost and good in popularization.

The purpose of the invention can be realized by the following technical scheme:

a distributed multi-party privacy computing system based on a block chain comprises a block chain security computing node and a plurality of node APIs; the node API and the block chain safety computing node carry out information interaction;

the block chain safety computing node is used for data publishing and data computing;

and the node API is deployed at the supply and demand side of the data and is used for realizing data publishing and data calculation functions initiated by a data platform system in a service system or a mechanism.

Preferably, the blockchain security computing node comprises a data publishing module and a data computing module;

the data publishing module comprises:

the data demand contract unit is used for registering a data demand contract of a data demand party;

the data issuing and registering unit is used for registering self information issued by a data provider, and the self information of the data provider is issued by the data provider according to a data demand contract;

the data editing unit is used for carrying out data standardized editing and recording after the number of data releasing users meets the data requirement, or initiating editing and recording operation after a data demand party completes the releasing of the data requirement, registering in an editing contract according to an editing catalog in the data requirement, and finishing the registration by taking date as a version number;

the certificate management unit is used for establishing a data certificate under the user information;

the data calculation module is used for carrying out calculation initiation, calculation matching and result calculation on the private data.

More preferably, the data requirement contract comprises data type, length, value, format, calculation mode, number of nodes participating in calculation and record path of required data.

More preferably, the number of the participating computation nodes is more than three.

More preferably, the data provider information includes user information of the data provider, a user certificate, a data security certificate, and a validity period.

More preferably, after the data logging unit finishes registering, it is required that all user signatures in the data distribution can be validated after any, and the signature content is Enc (privkey, SHA256 (data requirement ID)).

Preferably, the node API simultaneously listens to the calculation tasks of the block chain, and the automation of data provision is realized.

Preferably, the data calculation method of the blockchain security calculation node is as follows:

the data demand side inquires the matched catalogue information according to the data demand and initiates a calculation task according to the catalogue number;

the block chain safety computing node generates computing tasks, automatically matches the computing sequence of a user list in the recorded information in a random mode, and feeds back the number of the computing tasks to a data demand side;

the data demand party generates data corresponding to the calculation task and encrypts the data;

the block chain safety computing node registers a computing process and carries out flow transfer among data users according to a computing sequence until a user list in the recorded information is traversed;

the block chain safety calculation node feeds back a ciphertext of a calculation result to a data demand side;

and the data requiring party decrypts the ciphertext to obtain a calculation result, and the data calculation is completed.

More preferably, the method for encrypting data by the data demander specifically comprises:

firstly, generating a homomorphic calculation key MKey and acquiring local calculation data D;

next, data D is homomorphic encrypted, i.e., meD [0] ═ MENC (MKey, D), where MENC is a homomorphic encryption algorithm

Subsequently, the ciphertext meD [0] is data signed;

finally, the ciphertext meD [0] is encrypted using the next user key, i.e., r [1] ═ enc (PUBKEY [1], meD [0]), where enc is the asymmetric encryption algorithm and PUBKEY is the user key;

when the flow is circulated according to the calculation sequence, the processing method of each data user comprises the following steps:

firstly, checking the data;

secondly, using own private key to decrypt and obtain meD [ n-1 ];

then, obtaining the present data D [ n ], and homomorphically calculating meD [ n ] ═ HE (meD [ n-1], D [ n ]), where HE is a homomorphic calculation method;

subsequently, the ciphertext meD [ n ] is data signed;

finally, the ciphertext meD [ n ] is encrypted using the next user key, i.e., r [ n +1] ═ enc (PUBKREY [ n +1], meD [ n ]);

wherein n is the data user serial number in the user list, and n is more than or equal to 1.

A block chain based distributed multi-party privacy computation method for the multi-party privacy computation system, the multi-party privacy computation method comprising:

step 1: registering;

the supplier and demander of the data generates a block chain identity certificate according to the own cryptology characteristic, and calculates the public key address to register on the privacy security block chain to obtain the legal identity;

step 2: maintaining a data certificate;

maintaining the data certificate and the certificate index number thereof according to the identity address information by calling a contract module;

and step 3: registering and recording data through a node API;

the data demand is registered by the data demand side, each provider side responds to the data demand and issues user information, and after the data demand is met, standardized data compiling is carried out to form data elements;

and 4, step 4: initiating data calculation through a node API;

and a data demand party initiates a calculation task, a data provider participates in safe calculation according to system rules, calculation results are stored in a block chain, after all the data providers participate in the calculation, the results are fed back to the data demand party, the result data are decrypted according to the cryptology characteristics, and related services are developed by applying the data.

Compared with the prior art, the invention has the following beneficial effects:

firstly, the safety is high: the distributed multi-party privacy computation system and the distributed multi-party privacy computation method construct a data computation result sharing platform on a block chain system, compute multi-party data on the block chain, only feed back results after multiple rounds of computation to a data demand party, and on the premise of ensuring that original data is not computed, the data demand party only obtains result data and does not output the data; meanwhile, all calculation flow information and data hash values are registered by the platform, so that subsequent tracing and auditing are facilitated, and the safety of multi-party safety calculation is effectively improved.

Secondly, the cost is low: the distributed multi-party privacy computing system and the distributed multi-party privacy computing method have the advantages that data elements are cooperated in a standardized and marketized mode to form a standardized data record set, arithmetic operation is carried out on multiple parties in an encrypted state by means of cryptography computation, results are cooperatively computed in a mode that original privacy data are not exposed, result computing cost is effectively reduced, and data use efficiency is improved.

Thirdly, the popularization is good: the distributed multi-party privacy computing system and the distributed multi-party privacy computing method can be applied to scenes such as comprehensive credit giving and financial wind control which need collaborative computing, data which need collaborative multi-party computing in a service development process are reflected in the system in a factor mode and are recorded into recorded factor data, the data can be service data of a supplier, limited financial data and even related data of the Internet of things, more efficient financial wind control and more targeted financial services can be realized through real-time shared computing, cost reduction and efficiency improvement of services are realized, and a service beneficiary is promoted; the invention can realize the safe and credible data sharing calculation among multiple organizations, break the data barrier and improve the data utilization value.

Drawings

FIG. 1 is a schematic diagram of a multi-party privacy computing system according to the present invention;

FIG. 2 is a schematic diagram of a process for performing data computation by a blockchain security computation node in the multi-party privacy computation system according to the present invention;

FIG. 3 is a flow chart of a multi-party privacy computation method according to the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.

A multi-party privacy computing system is structurally shown in FIG. 1 and comprises a blockchain security computing node and a plurality of node APIs, wherein the node APIs perform information interaction with the blockchain security computing node.

The block chain safety computing node is used for data publishing and data computing;

and the node API is a calling interface of the block chain safety computing node, is deployed at the supply and demand side of the data and is used for realizing data publishing and data computing functions initiated by a service system or a data platform system in a mechanism. Meanwhile, the calculation task of the block chain is monitored by an automatic means, and the data supply automation is realized. The node API module is beneficial to data supply and isolation from the service system data of the node API module, and the availability and invisibility of the data are guaranteed.

In the embodiment, the node API respectively performs information interaction with the block chain security computing node and the data service application terminal, and the service system performs interaction with the data service application terminal.

The block chain security computing node comprises a data issuing module and a data computing module, wherein the data issuing module comprises a data demand contract unit, a data issuing and registering unit, a data cataloging unit and a certificate management unit, and the specific description of each unit is as follows:

(1) data demand contract element

The data demand is mainly registered, and information such as the type, length, value, format, calculation mode, number of participating calculation nodes, and cataloging path of the data is generally registered on a block chain by a data demand party by calling an intelligent contract, wherein the number of participating calculation nodes must be more than 3 (including 3), and the data on the chain is disclosed to all users of the platform and participates in data sharing calculation in a marketized mode.

(2) Data distribution registration unit

The method mainly comprises the steps of initiating registration according to a data requirement contract, and issuing user information, user certificates, data security certificates, validity periods and the like of a data provider according to data information registered by the requirement contract so as to make clear that the data provider can provide data service for sharing calculation of block chain security calculation nodes in the validity period. In addition, in order to guarantee the fair sharing principle of data, the data demander must provide data support for the computing platform for one member of the data provider.

(3) Data recording unit

The method mainly comprises the steps that after the number of data issuing users meets the data requirement, data standardized cataloging can be carried out, and after the data requiring party completes issuing the data requirement, cataloging operation can be initiated, cataloging in the data requirement is registered into a cataloging contract, the registration is completed by taking the date as a version number, and meanwhile, all the user signatures in the data issuing need to be approved and then can take effect. The content of the signature is Enc (privkey, SHA256 (data requirement ID)). After the data is compiled, the type, the length, the value, the format, the computing mode and the number of the nodes participating in computing can be definitely compiled, and the user public key certificate and the data public key certificate of the user already participate in the computing.

(4) Certificate management unit

The data certificate is mainly established under user information, a user mark is identity address information of the user certificate, the identity address information is calculated by SHA256(PUBKEY), namely, the public key address is subjected to SHA256 calculation to obtain 64-bit address information. The identity address by the identification mode is convenient to exchange and has certain secrecy. Through the certificate management module, a user can define a certificate list, public key certificates are stored in the certificate module in a list mode, in order to facilitate management, the user needs to start an alias for each certificate, and data needs to be encrypted by a data certificate of the next user in the process of participating in private data calculation.

The data calculation module is a core module of the whole calculation and takes the functions of calculation initiation, calculation matching and calculation results of the private data. The calculation of the module is used for calculating a data result corresponding to the data catalog under the condition of ensuring that the data of the data provider is not divulged, and the data result is stored in the calculation transaction block in an encrypted mode.

The method for performing data computation by the block chain security computation node shown in fig. 2 is as follows:

(1) the data demand side inquires the matched catalogue information according to the data demand and initiates a calculation task according to the catalogue number;

(2) the block chain safety computing node generates computing tasks, automatically matches the computing sequence of a user list in the recorded information in a random mode, and feeds back the number of the computing tasks to a data demand side;

(3) the data requiring party generates data corresponding to the calculation task and encrypts the data, and the specific method comprises the following steps:

firstly, generating a homomorphic calculation key MKey and acquiring local calculation data D;

secondly, data D is homomorphic encrypted, that is, meD [0] ═ MENC (MKey, D), where MENC is a homomorphic encryption algorithm;

subsequently, the ciphertext meD [0] is data signed;

finally, the ciphertext meD [0] is encrypted using the next user key, i.e., r [1] ═ enc (PUBKEY [1], meD [0]), where enc is the asymmetric encryption algorithm and PUBKEY is the user key;

(4) the block chain safety computing node registers a computing process and carries out flow transfer among data users according to a computing sequence until a user list in the recorded information is traversed;

the processing method of each data user comprises the following steps:

firstly, checking the data;

secondly, using own private key to decrypt and obtain meD [ n-1 ];

then, obtaining the present data D [ n ], and homomorphically calculating meD [ n ] ═ HE (meD [ n-1], D [ n ]), where HE is a homomorphic calculation method;

subsequently, the ciphertext meD [ n ] is data signed;

finally, the ciphertext meD [ n ] is encrypted using the next user key, i.e., r [ n +1] ═ enc (PUBKREY [ n +1], meD [ n ]);

wherein n is the data user serial number in the user list, and n is more than or equal to 1.

(5) The block chain safety calculation node feeds back a ciphertext of a calculation result to a data demand side;

(6) the data demand party decrypts the ciphertext to obtain a calculation result and completes data calculation, and the specific method comprises the following steps:

firstly, acquiring ciphertext data and decrypting to obtain a calculation result meD [ n ];

subsequently, homomorphic decryption SD [ n ] ═ HD (MKey, meD [ n ]) is performed;

finally, SD [ n ] is the result of the joint calculation of each party, and for example, the result SD [ n ] is D + D [1] + D [2] + … + D [ n ].

In the whole process, the data demand side cannot know the actual value provided by other data, and the more data providers participate, the more reliable the security is. All calculation processes are recorded on the block chain, and the following audit verification and the data credibility and reliability of the data provider are guaranteed.

The embodiment also relates to a block chain-based distributed multi-party privacy computation method, the flow of which is shown in fig. 3, and fig. 3 describes that after data elements are published and recorded from a data demanding party, each party participates in secure computation and finally feeds back the result to the data demanding party in an encrypted manner, and the specific flow includes:

step 1: registering;

the supplier and demander of the data generates a block chain identity certificate according to the own cryptology characteristic, and calculates the public key address to register on the privacy security block chain to obtain the legal identity;

step 2: maintaining a data certificate;

maintaining the data certificate and the certificate index number thereof according to the identity address information by calling a contract module;

and step 3: registering and recording data through a node API;

the data demand is registered by the data demand side, each provider side responds to the data demand and issues user information, and after the data demand is met, standardized data compiling is carried out to form data elements;

meanwhile, after more data providers respond, version upgrading can be carried out on the recorded data in an upgrading mode, and data accuracy and usability are improved;

and 4, step 4: initiating data calculation through a node API;

and (2) initiating a calculation task by a data demand party, enabling a data provider to participate in safe calculation according to system rules, storing a calculation result in a block chain, feeding the result back to the data demand party after all the data providers (generally more than three parties) participate in the calculation, decrypting the result data according to the cryptography characteristics, and applying the data to develop related services. Meanwhile, any data provider can be converted into a data demander to perform shared computation in the data alliance.

While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A distributed multi-party privacy computing system based on a block chain is characterized in that the multi-party privacy computing system comprises a block chain security computing node and a plurality of node APIs; the node API and the block chain safety computing node carry out information interaction;

the block chain safety computing node is used for data publishing and data computing;

and the node API is deployed at the supply and demand side of the data and is used for realizing data publishing and data calculation functions initiated by a data platform system in a service system or a mechanism.

2. The system according to claim 1, wherein the blockchain-based distributed multi-party privacy computing node comprises a data publishing module and a data computing module;

the data publishing module comprises:

the data demand contract unit is used for registering a data demand contract of a data demand party;

the data issuing and registering unit is used for registering self information issued by a data provider, and the self information of the data provider is issued by the data provider according to a data demand contract;

the data editing unit is used for carrying out data standardized editing and recording after the number of data releasing users meets the data requirement, or initiating editing and recording operation after a data demand party completes the releasing of the data requirement, registering in an editing contract according to an editing catalog in the data requirement, and finishing the registration by taking date as a version number;

the certificate management unit is used for establishing a data certificate under the user information;

the data calculation module is used for carrying out calculation initiation, calculation matching and result calculation on the private data.

3. The block chain-based distributed multi-party privacy computing system of claim 2, wherein the data demand contract comprises data type, length, value, format, computing mode, number of participating computing nodes and directory path of the required data.

4. The distributed multi-party privacy computing system based on block chains according to claim 3, wherein the number of the participating computing nodes is more than three.

5. The system according to claim 2, wherein the data provider self-information includes user information, user certificate, data security certificate and validity period of the data provider.

6. The system according to claim 2, wherein the data cataloging unit needs all user signatures in the data distribution to be valid after completing registration, and the signature content is Enc (privkey, SHA256 (data requirement ID)).

7. The system according to claim 1, wherein the node API listens to the blockchain computation tasks simultaneously to automate data delivery.

8. The system according to claim 1, wherein the data calculation method of the blockchain security calculation node is as follows:

the data demand side inquires the matched catalogue information according to the data demand and initiates a calculation task according to the catalogue number;

the block chain safety computing node generates computing tasks, automatically matches the computing sequence of a user list in the recorded information in a random mode, and feeds back the number of the computing tasks to a data demand side;

the data demand party generates data corresponding to the calculation task and encrypts the data;

the block chain safety computing node registers a computing process and carries out flow transfer among data users according to a computing sequence until a user list in the recorded information is traversed;

the block chain safety calculation node feeds back a ciphertext of a calculation result to a data demand side;

and the data requiring party decrypts the ciphertext to obtain a calculation result, and the data calculation is completed.

9. The block chain-based distributed multi-party privacy computing system according to claim 8, wherein the method for encrypting data by a data demanding party is specifically:

firstly, generating a homomorphic calculation key MKey and acquiring local calculation data D;

secondly, data D is homomorphic encrypted, that is, meD [0] ═ MENC (MKey, D), where MENC is a homomorphic encryption algorithm;

subsequently, the ciphertext meD [0] is data signed;

finally, the ciphertext meD [0] is encrypted using the next user key, i.e., r [1] ═ enc (PUBKEY [1], meD [0]), where enc is the asymmetric encryption algorithm and PUBKEY is the user key;

when the flow is circulated according to the calculation sequence, the processing method of each data user comprises the following steps:

firstly, checking the data;

secondly, using own private key to decrypt and obtain meD [ n-1 ];

then, obtaining the present data D [ n ], and homomorphically calculating meD [ n ] ═ HE (meD [ n-1], D [ n ]), where HE is a homomorphic calculation method;

subsequently, the ciphertext meD [ n ] is data signed;

finally, the ciphertext meD [ n ] is encrypted using the next user key, i.e., r [ n +1] ═ enc (PUBKREY [ n +1], meD [ n ]);

wherein n is the data user serial number in the user list, and n is more than or equal to 1.

10. A block-chain-based distributed multi-party privacy computation method for use in the multi-party privacy computation system of claim 1, wherein the multi-party privacy computation method comprises:

step 1: registering;

the supplier and demander of the data generates a block chain identity certificate according to the own cryptology characteristic, and calculates the public key address to register on the privacy security block chain to obtain the legal identity;

step 2: maintaining a data certificate;

maintaining the data certificate and the certificate index number thereof according to the identity address information by calling a contract module;

and step 3: registering and recording data through a node API;

the data demand is registered by the data demand side, each provider side responds to the data demand and issues user information, and after the data demand is met, standardized data compiling is carried out to form data elements;

and 4, step 4: initiating data calculation through a node API;

and a data demand party initiates a calculation task, a data provider participates in safe calculation according to system rules, calculation results are stored in a block chain, after all the data providers participate in the calculation, the results are fed back to the data demand party, the result data are decrypted according to the cryptology characteristics, and related services are developed by applying the data.

Images