CN114900290A - Data transaction model and privacy protection method based on block chain - Google Patents

Data transaction model and privacy protection method based on block chain Download PDF

Info

Publication number
CN114900290A
CN114900290A CN202210215840.4A CN202210215840A CN114900290A CN 114900290 A CN114900290 A CN 114900290A CN 202210215840 A CN202210215840 A CN 202210215840A CN 114900290 A CN114900290 A CN 114900290A
Authority
CN
China
Prior art keywords
data
transaction
algorithm
blockchain
ipfs
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210215840.4A
Other languages
Chinese (zh)
Inventor
张佩云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Information Science and Technology
Original Assignee
Nanjing University of Information Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN202210215840.4A priority Critical patent/CN114900290A/en
Publication of CN114900290A publication Critical patent/CN114900290A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data transaction models, and discloses a data transaction model based on a block chain, which comprises the following steps: DP, used for storing to IPFS after encrypting the data selectively, offer the data through the data transaction system, the relevant regulation makes the rational intellectual contract, in order to control the authority of its data, and obtain the reward due; DR, data transaction process is completed through contract matching data, and real identity is not exposed in data transaction; a blockchain network to provide data storage, management and trading strategies for the proposed model; and the zero-knowledge proof system is used for verifying the block chain accounts of both data transaction parties, and can pay DR and DP direct transaction fees if the verification is passed. According to the data transaction model and the privacy protection method based on the block chain, through the privacy protection scheme, the two transaction parties can complete data transaction and simultaneously protect the security and the privacy of data and the privacy of user identities.

Description

Data transaction model and privacy protection method based on block chain
Technical Field
The invention relates to the technical field of data transaction models, in particular to a data transaction model and a privacy protection method based on a block chain.
Background
The blockchain technology is a technology for maintaining a complete, distributed and non-falsifiable account book database by using a decentralized consensus mechanism, and can enable participants in a blockchain to realize a uniform account book system on the premise of not establishing a trust relationship, wherein the blocks are public account books and are maintained at multiple points; the chain is marked with a time stamp and cannot be forged, data stored in the blockchain consists of node data and record data, the node data is each virtual digital currency transaction performed on the blockchain, the record data records the state of each account main body and the state of the intelligent contract, the node data and the record data are stored in the blockchain, the blockchain node is a distributed data program, and the blockchain is a technology which basically focuses on safety and credibility to surpass efficiency [1, 2 ].
DATA is an important asset in DATA driving type economy, which promotes the rise of a new DATA transaction industry, a DATA market is an important form of DATA capitalization today, each organization and organization start to pay attention to the circulation and transaction of DATA due to the functions of optimizing decision and providing service, DATA transaction is a behavior of buying and selling DATA, enterprises or governments can find DATA resources through a transaction platform, each organization and organization start to pay attention to the circulation and transaction of DATA due to the functions of optimizing decision and providing service, for example, companies such as Datashift, Gnip and NTT DATA forward and sell DATA from social networks such as Twitter, Xignite sells DATA of financial industry, Factual concerns the transaction of geographic location DATA, and the Guidot DATA transaction platform provides nationwide DATA transaction service, and the DATA sources mainly comprise government public DATA, Data transaction, such as Infochimps, AWS (enterprise data exchange), Qlik datamark, Here and the like [3] [4] [5], is promoted by matching data requirements with data sources, if data can be effectively circulated at high speed, higher-level value promotion is realized for enterprises and individuals in the network world, currently, block chain technology is applied and researched in the aspects of Internet of things, Internet of vehicles, medical data sharing and the like at home and abroad, and application and research in the aspect of data transaction privacy protection are less, so that a data transaction model and a privacy protection method based on the block chain are provided to solve the problems.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a data transaction model and a privacy protection method based on a block chain, wherein a zero-knowledge proof system in the model is used for paying transaction commission charge to both transaction parties, and the identity privacy of both transaction parties is protected in the process.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: a blockchain-based data transaction model, comprising:
DP, used for storing to IPFS after encrypting the data selectively, offer the data through the data transaction system, DP can formulate the rational intellectual contract according to the relevant stipulations, in order to control the authority of its data, and obtain the reward due;
the DR is used for issuing data requirements through intelligent contracts, completing data transaction processes through contract matching data and not exposing real identities in data transaction;
a blockchain network to provide data storage, management and trading strategies for the proposed model;
the zero-knowledge proof system is used for building a bridge between the data transaction parties and the blockchain network, verifying blockchain accounts of the data transaction parties under the condition that privacy information of the transaction parties is not disclosed, and paying DR and DP direct transaction fees if verification is passed.
Further, the blockchain network comprises an IPFS, a blockchain and an intelligent contract, wherein the IPFS is a distributed storage database and is used for storing transaction data uploaded by both transaction parties after encryption, the blockchain is used for being linked to the IPFS so as to perform offline processing and online verification on the data stored in the IPFS and store information and certificates related to data transaction, the intelligent contract can make a strategy for data transaction, and therefore the DP can write the intelligent contract conveniently to achieve different transaction strategies, besides, the intelligent contract allows non-repudiation in transaction execution to be achieved without involving a third party, and the result is recorded on the blockchain.
Further, the DP and the DR register an Etherhouse account through a client, the account is generated by a public key and a private key, and the public key is stored in a block chain and used as a transaction address; the private key is stored by each user, the security of the private key is ensured, the user can use a plurality of transaction addresses to carry out transaction, the association among a plurality of transactions is weakened, and the data transaction protocol process can be divided into four stages according to the difference of functions of each stage of the data transaction process: 1) a CA verification stage; 2) a data storage stage; 3) a demand release stage; 4) transaction response and acquisition phase.
Further, the CA verification phase:
in order to prove the authenticity and the security of the DR identity, identity authentication must be completed before the DR identity is added into a block chain network, a unique identity certificate is obtained, firstly, the DR generates n Ether Fang addresses, personal real information and the Ether Fang addresses are sent to a CA (certificate Authority), the CA signs the Ether Fang addresses by using an RSA private key of the CA, n signature data is obtained, namely a token, and the token pair is a token:
TokenR=<Addr i ,Token i >
wherein i ∈ n, Addr i Denotes the ith address, Token i Representing the token corresponding to the ith address, DP using Addr in the system i When a transaction is made, a Token is sent to the DR i
Further, the data storage stage:
in IPFS, data can only be accessed using SHA-256 hash values stored in base58 format, and for secure access to data, the SHA-256 hash function is as follows:
H S :{0,1} * →{0,1} n
wherein H S The hash function is SHA-256 hash function, and the hash algorithm used is SHA-256, so that n is 256 in the present invention, in the IPFS, each data entry is stored in the form of MerkleDAG, and if the data changes, the hash value corresponding to the data will also be changed, so that the data stored in the IPFS has the characteristic of tamper resistance, and the privacy of the data file can be protected to a certain extent.
Note H M For the data file after the hash operation is carried out by utilizing the SHA-256 hash function:
H M =H S (M)
in formula (3), H S Is the SHA-256 hash function and M is the data file provided by the DP and placed in IPFS for encrypted storage.
In the process of IPFS storage, in order to protect the security of the data file, the invention uses an AES encryption algorithm [25] and an RSA encryption algorithm [29] to encrypt the data file in a double-layer mode so as to ensure the security of the data file.
And (3) creating an RSA key pair for the ith address of the DR by using an RSA encryption algorithm, wherein the key pair is marked as KP, and the formula (4) is as follows:
K P =<PK i ,SK i >
in formula (4), PK i For generating a public key, SK, for the ith blockchain address of DR using the RSA algorithm i Is a private key generated for the ith blockchain address of the DR using the RSA algorithm.
Encrypting the data file M provided by the DP by using an AES encryption algorithm, and recording theta as the encrypted data file:
θ=<C M ,K A ’>
in formula (5), C M Encrypting a ciphertext generated by a data file M with an AES key KA for DP, where K is A Random numbers generated for the key generation function of AES and as keys for AES, K A ' is a key obtained by encrypting the AES key KA by PKi, and uploads θ to the IPFS, and the IPFS returns its storage address (denoted as AddrDP), and stores the address in the block chain system.
Let MDP be data information that DP publishes to blockchain system:
MDP=<addrProvider,dataRequest,dataID,category,H M ,dataPrice,PK i ,K A ’>
wherein addrProvider is the address of DP in the system; dataRequest is data of DR request; dataID is the identification of the data in the system; category is the category to which the data belongs; HM is the hash value of the original data file issued by DP; DataPrice is a transaction fee set by the DP for data to be provided by itselfUsing; PKi is a public key generated for the ith blockchain address of DR using the RSA algorithm (see equation (4)); k A ' is PK i For AES key K A And (4) encrypting the obtained key.
In order to protect the privacy and security of data, the blockchain system only displays data information issued by a part of DPs, the DR may input a keyword into the system to query the data information displayed by the DPs to the system, and the INFO is written as the data information displayed by the system:
INFO=<addrProvider,dataRequest,dataID,category,H M ,dataPrice>
further, the demand release phase:
note that the data request proposed by DR is DRequest, as shown in equation (8):
DRequest=<addrRequester,dataRequestID,dataID,Addr i ,Token i >
wherein, addrRequester is the address of DR in the system, as the only identification identity; dataRequestID is the number of data transaction requests created by the DR, dataID is the identification of the DR-requested data in the system, Addr i Ith Address, Token, generated in the Block chain for DR i The token passing authentication for the DR.
Further, the transaction response and acquisition phase:
let dreesponse be the response message sent by the system to DR:
DResponse=<Addr DP ,dataRequestID,dataID,dataPrice>
in the formula (9), AddrDP is the storage address of the encrypted data file in IPFS; the dataPrice is the transaction fee that the DP sets for the data that it will provide.
After receiving the response message sent by the blockchain system, the DR pays the transaction fee required by the transaction and then pays the AES key K A ' decryption is carried out to obtain a decrypted AES key K A (ii) a Finally using K A For ciphertext C M And decrypting to generate the unencrypted data message M.
A privacy protection method of a data transaction model based on a block chain comprises the following steps:
1) algorithm 1 is designed for securely storing data files using IPFS, obtaining the address of the encrypted data store and the associated key;
2) based on the result of the algorithm 1, firstly calling an algorithm 2 to broadcast the DR requirement to a block chain network, and calling an algorithm 4 to store the cost of a data file into the block chain;
3) the block chain carries out matching query on information stored in the IPFS and request information of the DR, sends a response message to the DR, and then the DR calls an algorithm 3 to decrypt an obtained ciphertext according to the response message, so that an unencrypted data file is obtained;
4) calling the intelligent contract 1 to perform zero-knowledge proof and verification on the identity of a transaction party;
5) and if the zero knowledge proof passes the verification, the DP calls the algorithm 5 to obtain the cost, so that the payment of the transaction cost is finished, otherwise, the DP returns to the block chain to process the transaction, and the algorithm is finished.
Further, the algorithm 1 is an AES-RSA double-layer encryption storage algorithm, the algorithm 2 is an IPFS information security matching algorithm, the algorithm 3 is a ciphertext AES-RSA decryption algorithm, the algorithm 4 is a zero knowledge payment algorithm, the algorithm 5 is a zero knowledge verification and money-drawing algorithm, and the intelligent contract 1 is a zero knowledge proof generation and verification contract.
(III) advantageous effects
Compared with the prior art, the invention provides a data transaction model and privacy protection method based on a block chain, which has the following beneficial effects:
according to the data transaction model and the privacy protection method based on the block chain, through researches based on a block chain technology, an intelligent contract and a cryptography technology, the invention provides a data transaction model based on block chain data transaction privacy protection, which is proved by using an interplanetary file system (IPFS) and zero knowledge to solve the problems of the security of a data file and the identity privacy of a transaction party, wherein the IPFS is used for storing the data file of a user and protecting the data from being checked and stolen by others; the invention provides an optimized data transaction privacy protection method based on a data transaction model, and firstly, the data file is safely stored and accessed by utilizing IPFS and cryptography; secondly, based on the safe storage and access, broadcasting a data transaction request to a blockchain network, and responding to the transaction request by the blockchain; and finally, the payment of transaction commission fees is carried out on both transaction parties through a zero-knowledge proof system in the model, the identity privacy of both transaction parties is protected in the process, and through the privacy protection scheme, both transaction parties can complete data transaction and simultaneously protect the security and privacy of data and the privacy of user identities.
Drawings
Fig. 1 is a schematic diagram of a block chain-based data transaction model and a block chain-based decentralized data transaction model of a privacy protection method according to the present invention;
fig. 2 is a schematic diagram of a data transaction protocol process of a data transaction model and privacy protection method based on a block chain according to the present invention;
FIG. 3 is a flow chart of a data transaction model and privacy protection method ODTPP method based on a block chain according to the present invention;
fig. 4 is a schematic diagram illustrating an influence of different storage modes of a data transaction model and a privacy protection method based on a block chain on a data file transmission delay according to the present invention;
fig. 5 is a schematic diagram illustrating an influence of a block chain-based data transaction model and the number of nodes of a privacy protection method on a data file transmission delay according to the present invention;
FIG. 6 is a schematic diagram illustrating the influence of different tokens on the Gas unit price in a block chain-based data transaction model and privacy protection method according to the present invention;
FIG. 7 is a schematic diagram illustrating the influence of different tokens on the usage rate of Gas according to a data transaction model and privacy protection method based on a blockchain according to the present invention;
FIG. 8 is a diagram illustrating the impact of different tokens on renewal fees according to a data transaction model and privacy protection method based on a blockchain.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-8, a block chain-based data transaction model includes:
DP, used for storing to IPFS after encrypting the data selectively, offer the data through the data transaction system, DP can formulate the rational intellectual contract according to the relevant stipulations, in order to control the authority of its data, and obtain the reward due;
DR, for issuing data demand through intelligent contract, matching data through contract, completing data transaction process, and not exposing real identity in data transaction;
a blockchain network to provide data storage, management and trading strategies for the proposed model;
the zero-knowledge proof system is used for building a bridge between the data transaction parties and the blockchain network, verifying blockchain accounts of the data transaction parties under the condition that privacy information of the transaction parties is not disclosed, and paying DR and DP direct transaction fees if verification is passed.
It should be noted that the blockchain network includes an IPFS, a blockchain, and an intelligent contract, where the IPFS is a distributed storage database for storing transaction data uploaded by both parties of a transaction after encryption, and the blockchain is used to link to the IPFS to perform offline processing and online verification on the data stored in the IPFS, and store information and credentials related to data transaction, and the intelligent contract may make a policy for data transaction, thereby helping DP write the intelligent contract conveniently to implement different transaction policies, and in addition, the intelligent contract allows non-repudiation in transaction execution to be implemented without involving a third party, and records the result on the blockchain.
DP and DR register an Ether account number through a client, the account number is generated by a public key and a private key, wherein the public key is stored in a block chain and used as a transaction address; the private key is stored by each user, the security of the private key is ensured, the user can use a plurality of transaction addresses to carry out transaction, the association among a plurality of transactions is weakened, and the data transaction protocol process can be divided into four stages according to the difference of functions of each stage of the data transaction process: 1) a CA verification stage; 2) a data storage stage; 3) a demand release stage; 4) transaction response and acquisition phase.
Wherein, CA verification stage:
in order to prove the authenticity and the security of the DR identity, identity authentication must be completed before the DR identity is added into a block chain network, a unique identity certificate is obtained, firstly, the DR generates n Ether Fang addresses, personal real information and the Ether Fang addresses are sent to a CA (certificate Authority), the CA signs the Ether Fang addresses by using an RSA private key of the CA, n signature data is obtained, namely a token, and the token pair is a token:
TokenR=<Addr i ,Token i >
wherein i ∈ n, Addr i Denotes the ith address, Token i Representing the token corresponding to the ith address, DP using Addr in the system i When a transaction is made, a Token is sent to the DR i
And a data storage stage:
in IPFS, data can only be accessed using SHA-256 hash values stored in base58 format, and for secure access to data, the SHA-256 hash function is as follows:
H S :{0,1} * →{0,1} n
wherein H S The hash function is SHA-256 hash function, since the hash algorithm used is SHA-256, n of the present invention is 256, in IPFS, each data entry is stored in the form of MerkleDAG, if data changes, the hash value corresponding to the data will also be changed, and thus the data stored in IPFS is protected against changeTampering characteristics, and the privacy of the data file can be protected to a certain extent.
Note H M For the data file after the hash operation is carried out by utilizing the SHA-256 hash function:
H M =H S (M)
in formula (3), H S Is the SHA-256 hash function and M is the data file provided by the DP and placed in IPFS for encrypted storage.
In the process of IPFS storage, in order to protect the security of the data file, the invention uses an AES encryption algorithm [25] and an RSA encryption algorithm [29] to encrypt the data file in a double-layer mode so as to ensure the security of the data file.
And (3) creating an RSA key pair for the ith address of the DR by using an RSA encryption algorithm, wherein the key pair is marked as KP, and the formula (4) is as follows:
K P =<PK i ,SK i >
in formula (4), PK i For generating a public key, SK, for the ith blockchain address of DR using the RSA algorithm i Is a private key generated for the ith blockchain address of the DR using the RSA algorithm.
Encrypting the data file M provided by the DP by using an AES encryption algorithm, and recording theta as the encrypted data file:
θ=<C M ,K A ’>
in formula (5), C M Encrypting a ciphertext generated by a data file M with an AES key KA for DP, where K is A Random numbers generated for the key generation function of AES and as keys for AES, K A ' is a key obtained by encrypting the AES key KA by PKi, and uploads θ to the IPFS, and the IPFS returns its storage address (denoted as AddrDP), and stores the address in the block chain system.
Let MDP be data information that DP publishes to blockchain system:
MDP=<addrProvider,dataRequest,dataID,category,H M ,dataPrice,PK i ,K A ’>
wherein addrProvider is the address of DP in the system; dataRequest is data requested by the DR; dataID is the identification of the data in the system; category is the category to which the data belongs; HM is the hash value of the original data file issued by DP; the dataPrice is a transaction fee set by the DP for data to be provided by the DP; PKi is a public key generated for the ith blockchain address of DR using the RSA algorithm (see equation (4)); k A ' is PK i For AES key K A And (4) encrypting the obtained key.
In order to protect the privacy and security of data, the blockchain system only displays data information issued by a part of DPs, the DR may input a keyword into the system to query the data information displayed by the DPs to the system, and the INFO is written as the data information displayed by the system:
INFO=<addrProvider,dataRequest,dataID,category,H M ,dataPrice>
a requirement issuing stage:
note that the data request proposed by DR is DRequest, as shown in equation (8):
DRequest=<addrRequester,dataRequestID,dataID,Addr i ,Token i >
wherein addrRequester is the address of DR in the system and is the unique identification identity; DataRequestID is the number of data transaction requests created by the DR, DataID is the identification of the data requested by the DR in the system, Addr i Ith Address, Token, generated in the Block chain for DR i The token passing authentication for the DR.
Transaction response and acquisition phase:
let dreesponse be the response message sent by the system to DR:
DResponse=<Addr DP ,dataRequestID,dataID,dataPrice>
in equation (9), AddrDP is the storage address of the encrypted data file in IPFS; the dataPrice is the transaction fee that the DP sets for the data that it will provide.
After receiving the response message sent by the blockchain system, the DR pays the transaction fee required by the transaction and then pays the AES key K A ' decryption is carried out to obtain a decrypted AES key K A (ii) a Finally using K A For ciphertext C M And decrypting to generate the unencrypted data message M.
Three key problems exist in the data transaction process, namely centralization, data security and privacy disclosure of transaction parties, and in order to solve the problem of data security, a privacy protection method of a data transaction model based on a block chain is provided.
A privacy protection method of a data transaction model based on a block chain comprises the following steps:
1) algorithm 1 is designed for securely storing data files using IPFS, obtaining the address of the encrypted data store and the associated key;
2) based on the result of the algorithm 1, firstly calling an algorithm 2 to broadcast the DR requirement to a block chain network, and calling an algorithm 4 to store the cost of a data file into the block chain;
3) the block chain carries out matching query on information stored in the IPFS and request information of the DR, sends a response message to the DR, and then the DR calls an algorithm 3 to decrypt an obtained ciphertext according to the response message, so that an unencrypted data file is obtained;
4) calling the intelligent contract 1 to perform zero-knowledge proof and verification on the identity of a transaction party;
5) and if the zero knowledge proof passes the verification, the DP calls the algorithm 5 to obtain the cost, so that the payment of the transaction cost is finished, otherwise, the DP returns to the block chain to process the transaction, and the algorithm is finished.
It should be noted that the algorithm 1 is an AES-RSA double-layer encryption storage algorithm, the algorithm 2 is an IPFS information security matching algorithm, the algorithm 3 is a ciphertext AES-RSA decryption algorithm, the algorithm 4 is a zero-knowledge payment algorithm, the algorithm 5 is a zero-knowledge verification and money-drawing algorithm, and the intelligent contract 1 is a zero-knowledge proof generation and verification contract.
The detailed description is as follows:
step 1: and the DP sends the data set file to an IPFS (internet protocol file system) in the blockchain network for storage, and the blockchain network returns the encrypted address of the data storage and the related key to the DP.
Step 2-3: the DR initiates a data transaction request and sends the data transaction request to the blockchain network together with the transaction fee.
And 4-5: and the block chain network carries out matching query on the data request information of the DR and the information stored in the IPFS, if the information matching is successful, a response message DResponse is sent to the DR, otherwise, the step 2-3 is returned, and the information matching is carried out again.
Step 6: and the DR calls an algorithm 3 to decrypt the obtained ciphertext according to the response message, so that an unencrypted data file is obtained.
And 7-10: and calling the intelligent contract 1 to perform zero knowledge proof and verification on the identity of the transaction party, if the verification is passed, calling an algorithm 5 by the DP to obtain the cost and finish the transaction cost settlement process, otherwise, returning to the block chain to process the transaction, and ending the algorithm.
The specific process of data transaction is as follows:
1) the DP and the DR are added into the system, before the DR is added into the transaction system, the real identity needs to be shown to the CA, after the CA passes the verification, a digital signature (namely a token) is issued to the DR, otherwise, the digital signature is rejected;
2) issuing a token to the DR;
3) DP encrypts the personal data file M by using the symmetric key to generate a ciphertext CM, and then sends a data packet theta to IPFS for data storage;
4) when the IPFS completes the storage task, it generates a file storage address AddrDP, and the file address is composed of three parts of a hash function, the length of the hash value and the hash value.
5) The DP distributes data information (MDP) to a block chain system;
6) the block chain system sends the displayed data Information (INFO) to the DR;
7) the DR sends a data request (DRequest) to the blockchain system and pays a transaction fee for the data request to the blockchain;
8) the block chain system responds to the received data request and sends a response message (DResponse) to the DR;
9) the DR acquires a data file from the IPFS according to the file storage address AddrDP in the response message DResponse;
10) IPFS sends the data packet θ to the DR, which then decrypts using the corresponding key K, resulting in the requested original data. (ii) a
11) DP provides knowledge claims to zero knowledge proof system for identity verification;
12) the zero knowledge proving system sends the verification result to the DP;
13) the DP sends the verification result to a block chain system;
14) if the verification is passed, the transaction fee with the corresponding amount can be extracted from the intelligent contract, and the payment process is completed.
After obtaining the requested data, the DR needs to pay the system for the corresponding transaction fee; the DP can then extract the corresponding amount of reward from the system, and the zero knowledge proof of knowledge in the proposed model of the invention uses zkSNARKs to complete the transfer payment process between DP and DR, including the following four stages:
(1) problem transformation stage
The identity of the data transaction parties is assumed by the respective attributes, so the invention uses a tree structure to store the attribute set of each transaction party, the emphasis is limited on a simple access structure [36], and the invention refers to the tree as an attribute tree and marks T. The attribute tree can conveniently represent the access query strategy, and the attribute tree is composed of non-leaf nodes and leaf nodes.
Note Pedersen hash function [37 ]]Is H 1
H 1 :K * →Z p
In equation (10), K is the value of all leaf nodes, and K ═ 0, 1, and at initialization, the values of all leaf nodes are 0, and as the hash proceeds, zero values are gradually changed by Z p And other values of (a).
Memory MiMC Hash function [38] Is H 2
H 2 :(Z p ,Z p )→Z p
The most important data structure in the mixed currency is a Merkle tree, and in the Merkle tree, each non-leaf node hashes 2 child nodes of the non-leaf node by using a formula (7).
Hash value of the invalid marked h:
h=H 1 (u)
in equation (12), u ∈ K248 is invalid, indicating that a certain fund has been used; h is the hash value of the invalidator calculated using equation (7), and in order to prevent double spending, when a certain transaction is executed, it is determined whether a certain available fund has been used or not by the hash value of the invalidator.
Knowledge statements are generated using knowledge of known DR, which may be: o (HM, l) is a leaf node with an index l opened in the Merkle tree, wherein l is the index corresponding to the leaf node and H M Height of Merkle tree; l is V Is the value of other nodes on the path from the index l of the leaf node to the root node of the Merkle tree; addrProvider is the address of DP in the system; f is the transaction fee paid by DR to the blockchain; t is the generation time of the knowledge Statement, and state is recorded as the knowledge Statement:
Statement=<u,r,l,O> (13)
O=H 2 (u||r)
in formula (13), r ∈ K248 is a random number.
(2) Trusted authority (TrustedSetup TS for short)
The TS is responsible for registration of the user or verifier DP, keeping KeyPair as the key pair generated by DP for Statement in the TS:
KeyPair=<PrivateInput,PublicInput>
C H =H 1 (u||r)
PrivateInput=<C H ,O,l>
PublicInput=<u,root>
in equation (15), PrivateInput is one input of DP in the system, PublicInput is another input of DP in the system, and in equation (16), the currency for paying the transaction fee on the Merkle tree is C (u, r); c H Is the currency for payment of the transaction fee after hashing using equation (10) and is a leaf node in the Merkle tree; wherein, in formula (17), O is a node in the Statement obtained by formula (14);l is the node index in the Statement obtained by equation (13), u is invalid in equation (17), and root is the root node of the Merkle tree.
(3) Cave Process
In this process, the zero knowledge Proof system generates a Proof using the PublicInput in equation (15) and the knowledge Statement obtained in equation (13), which is denoted as Proof:
Proof=Prover(PublicInput,Statement)
in equation (19), the knowledge Statement and Proof can be issued and provided to anyone in the zero knowledge Proof system.
(4) VerifyProof Process
In the process, the Proof generated in the PrivateInput and the Proof generated in the pro process are submitted to a blockchain together for verification, if the Proof is established, the zero knowledge Proof system outputs 1, otherwise, 0. Recording the output Result as Result:
Result=VerifyProof(PrivateInput,Statement,Proof)
in equation (20), if Proof check is successful, Result is 1; otherwise, the output Result is 0. PrivateInput is another input of DP in the system (equation (17)), Proof is generated in the Prove process, State is the knowledge Statement used in equation (13) to generate Proof.
In order to protect the security and privacy of data files and data transaction parties in the data transaction process of the block chain network, an optimized data transaction privacy protection algorithm is provided, and dishonest behaviors of the data transaction parties are prevented to a certain extent.
In the IPFS storage process, in order to protect the security of the data file, the invention designs an AES-RSA double-layer encryption storage algorithm by utilizing an AES encryption algorithm and an RSA encryption algorithm, and the algorithm aims to utilize IPFS to safely store the DP data file and safely access DR, as shown in algorithm 1. The description of algorithm 1 is as follows:
Figure BDA0003534590200000161
Figure BDA0003534590200000171
algorithm 1 is illustrated below:
1) in the IPFS storage process, the SHA-256 hash algorithm is used for carrying out hash processing on the source data file M, and the hash value H is obtained and stored M (line 2), the hash value may be used by both DP and DR to verify the integrity of the data file;
2) generating a random number K for DP A As the key of AES encryption algorithm (line 3), the source data file is encrypted by the AES encryption algorithm and the key KA to obtain the encrypted data file C M (line 4);
3) generation of key pairs, including PKs, using RSA encryption algorithms i (line 5) and SK i (line 6) public Key PK generated by RSA i Sent to DP (line 7) while preserving the RSA private key SK i (line 8);
4) DP uses the received RSA public key PK i For AES key K A Encrypting to form an AES ciphertext (line 9) and sending it to DR (line 10);
5) generating an encrypted data file θ (line 11);
6) uploading the encrypted data file to the IPFS (line 12);
7) IPFS returns the memory address AddrDP (line 13);
8) saving the address in the blockchain system (line 14);
9) DP issues data information about data file M to the blockchain system (line 15) for DR queries.
IPFS information security matching algorithm
The DR sends a data transaction request to the blockchain system, the blockchain system carries out matching query on the data transaction request of the DR according to the data information sent by the DP in the blocks, and if the data transaction request passes the matching, the DR can acquire an encrypted data file meeting the self requirement, so that the invention provides an IPFS information security matching algorithm, as shown in algorithm 2:
Figure BDA0003534590200000181
Figure BDA0003534590200000191
algorithm 2 is illustrated below:
1) algorithm 2 aims to broadcast data transaction requests to the blockchain system, match the data transaction requests according to the data information issued by the DP in the block, and return response information.
2) As input to algorithm 2, MDP and DRequest come from equations (6) and (8), respectively, in order to protect the privacy and security of the data, for each data message that DP publishes to the blockchain system, the blockchain system only shows a portion of the data message INFO (lines 1-8), the data request message DRequest for DR is broadcast into the blockchain system (lines 9-10), and the numbers of data transaction requests created by DR are sequentially accumulated (line 11).
3) DR issues a data transaction request including data identification dataID, hash value H of file of original data through smart contract M The ith address Addr generated by DR in block chain i Token that DR passes CA authentication i
4) For each INFO published on the blockchain system, a matching query is made with DR published data transaction request DRequest (lines 12-21), if the information matches (line 13), the private key SK generated by RSA algorithm for the ith blockchain address of DR is generated i (line 14), AES Key K A The key K obtained after encryption A ' (line 15) and the memory address Addr of the encrypted data file in the IPFS DP (line 16) to the DR, and the blockchain system sends a response message dreresponse to the DR (lines 17-19).
Cipher text AES-RSA decryption algorithm
The data file obtained by the DR from the block chain system is an encrypted file, so that the data file can be obtained only by decrypting the encrypted file, the invention provides a ciphertext AES-RSA decryption algorithm, and the algorithm 3 is as follows:
Figure BDA0003534590200000201
algorithm 3 is illustrated below:
1) algorithm 3 is intended to decrypt the encrypted data file obtained from the blockchain system, thereby obtaining the source data file.
2) After the response information of the blockchain system is received by the DR, the DR needs to pay a certain amount of transaction cost for data use to the blockchain network according to the transaction in the response information (lines 3-4), and the malicious behavior that the DR refuses to pay the transaction cost to the DP after acquiring the data is effectively avoided by paying the transaction cost in advance.
3) DR utilizing RSA private key SK i For encrypted AES key K A ' decryption is carried out to obtain a decrypted AES key K A (line 5), the response message received by DR to the blockchain system includes the ciphertext C M (line 6), the ciphertext is the AES Key K for DP A Generated by encrypting the data file M, requiring K A The ciphertext θ is decrypted to obtain the unencrypted data message M (line 7).
4) Note that the response information dreresponse of the block chain system is received at DR, and the RSA private key SK sent by DP is received at DR i And an encrypted AES key K A The DP may then collect transaction fees for the transaction from the blockchain network.
Zero-knowledge proof payment verification algorithm
The DR requests data from the DP, a certain amount of fee needs to be paid to the DP to serve as a transaction fee, and in the process of paying the transaction fee to the DP, a zero knowledge proof payment verification algorithm is provided based on a zero knowledge proof theory for protecting privacy of two transaction parties, wherein the algorithm comprises an intelligent contract 1 and algorithms 4-5.5.
Zero knowledge payment algorithm
When the DR makes a data transaction request to the blockchain network, it needs to pay a certain transaction fee to the blockchain, as shown in algorithm 4:
Figure BDA0003534590200000211
Figure BDA0003534590200000221
algorithm 4 is illustrated below:
(1) algorithm 4 is intended to pay the blockchain for a transaction.
(2) Algorithm 4 first generates two random numbers, one of which is the invalidator (line 2), and based on the two random numbers, calculates the hashed currency of a transaction for payment of the transaction fee using equation (16) (line 3).
(3) For each data transaction requested by the DR, a transaction fee is paid to the blockchain for an amount associated with the random number generated by the zero knowledge proof system for DR.
(4) And if the Merkle tree is not full, adding the encrypted currency corresponding to the transaction as a leaf node to the Merkle tree, and returning the index corresponding to the leaf node in the Merkle tree.
Zero knowledge proof generation and verification contract
In order to verify the information of the DP and the DR, an intelligent contract 1 is provided, which is used for generating a Proof of zero knowledge Proof system, verifying the Proof, and finally outputting a verification result, as shown in the intelligent contract 1.
Figure BDA0003534590200000231
Figure BDA0003534590200000241
Figure BDA0003534590200000251
The description of the intelligent contract 1 is as follows:
(1) the intelligent contract 1 is intended to protect the privacy of both transaction parties (DR and DP) during payment with zero knowledge proof, while allowing both transaction parties to confirm their identities to complete the payment transfer process, with a unique proof for a transaction, and the intelligent contract 1 verifies each proof.
(2) Smart contract 1 has two functions, the first function (lines 1-17) is intended to generate a proof for DR, and the second function (lines 18-36) verifies the proof generated in the first function by calling the verify () function in zksscarks and outputs the verification result.
(3) In the first function, knowledge statements Statement generated as a result of knowledge known to the input DR of the function and an input PublicInput of the zero knowledge proof system, both from algorithm 4, are intended to utilize the input to generate a proof about it.
(4) In the second function, as the input of the function, PrivateInput, Statement and proof come from algorithm 4 and the first function of intelligent contract 1, first, the root node root and the invalidator u of the Merkle tree in PublicInput, the invalidator hash h and the transaction cost f in Statement, and the index l and the node hash value O of the leaf node in PrivateInput are used to declare a temporary variable, then, the verify () function in zksearks is called, and the temporary variable and proof are input as the verify () function to verify the correctness of the generated proof, and finally, the verification result is output.
Zero knowledge verification and money-taking algorithm
The invention designs a zero knowledge verification and money-withdrawing algorithm, and utilizes a zero knowledge system to perform safe identity verification under the condition of protecting the privacy of both sides of a transaction, so that a DP providing data for a DR can obtain a currency reward related to the transaction from a block chain, and the algorithm 5 is as follows:
Figure BDA0003534590200000261
some of the descriptions of algorithm 5 are as follows:
(1) the algorithm 5 is used to derive a certain reward for transaction fees from the blockchain based on the verification returned by the smart contract 1, wherein the fees are stored by the DR into the blockchain at the time of the data transaction request.
(2) If the identity of both parties is verified by the zero knowledge system, the DP can obtain the transaction fee stored by DR from the blockchain (line 3), and by this point, the transaction initiated by DR is completed, and the invalidator generated for the transaction is hashed by equation (12) (line 4), and the hash of the invalidator is added to the hash list of invalidators, and the algorithm 5 is completed.
Experimental example:
(1) comparison method
1) Mongo DB [40 ]: the system is an open-source document-oriented database system [41] based on NoSQL, Mongo DB stores structured data as a heterogeneous document with a dynamic mode and can query the database, and Mongo DB has expandability and flexibility in the structured storage format, wherein NoSQL is a database with strong scalability and aims at accessing and analyzing unstructured data and remote data, and solves the scalability and performance problems existing in the SQL database [42 ].
2) To analyze the impact of different tokens on the performance of payment verification in the proposed model, the present invention selects five different tokens: comparative experiments were performed on ETH, DAI, cDAI, USDC and USDT, and the latter four tokens were designed according to ERC20 standard.
ETH (Unit: Ether) [43 ]: are native tokens used at the ether house.
DAI Stablecoin(DAI)[44]: is an EtherFang-based decentralized stable currency developed by MakerDAO, and the exchange rate of DAI currency to U.S. dollars is stable, and the DAI is decentralized, unbiased and collateral-supported encrypted currency, is the current leading chain guarantee stable currency, and can resist malignant because of low volatilityInflation of the currency, wherein, MakerDAO [45] Is an organization that aims to bring stable rights for the cryptocurrency economy.
cDAI: is a token designed according to the ERC20 standard and has good utility and flow, cDAI is equivalent to a real-time DAI deposit account with certain interest, so any token can be exchanged for cDAI to obtain interest [46 ].
USD Coin (USDC) [47 ]: it is the off-chain guaranteed stable currency whose collateral is deposited in the bank, so the USDC is functional to reserve currency, as long as the bank has sufficient funds to satisfy the withdrawal requirements, the bank can reserve only a portion of the deposit, the remainder being used to invest or issue a loan.
USDT [48 ]: is a type of under-chain guaranteed stable coin issued by the Tether, and is one of the earliest stable coins, the closest competitor to the token is the USDC, using the same stabilizing mechanism and guarantee, and the USDT is widely traded in various exchanges for payment and as collateral or deposit.
(2) Index of experiment
1) Data file transmission delay (abbreviated as T) M )
T M =T F –T S
Wherein, T F For the data file transfer completion time, T S For the start time of data file transmission, because a data transaction can be successfully completed and non-abnormal transmission delay is generated, if a transaction is maliciously terminated, the transaction is returned to a block chain for processing, which may bring long transmission delay, the invention assumes that the non-abnormal transmission delay represents that a transaction is successfully completed, and judges whether the model provided by the invention succeeds in privacy protection in the data transaction process by judging whether the transmission delay is abnormal, if the transmission delay of a certain transaction is large, the privacy of the data transaction is not successfully protected, thereby causing transaction failure.
2) Privacy protection unit price for transmitting data transaction
Note G P For transmitting a data transactionThe required privacy protection unit price is as shown in formula (22):
G P =minimum{G 1 ,G 2 ,…,G k } (22)
in formula (22), G k Because a data transaction can be successfully privacy-protected and completed in the model provided by the invention, a certain amount of Gas is consumed, and the Gas unit price represents the lowest price that DR is willing to pay for Gas per unit, so that the Gas unit price influences the privacy-protection unit price required for transmitting the data transaction, wherein the Gas is the currency circulated inside an Etherhouse Virtual Machine (EVM), and the Etherhouse virtual machine uses the Gas to charge the operations of transaction packaging, intelligent contract execution and the like [49 The smaller the privacy protection unit price required, the smaller the Gas unit price, and the better the privacy protection performance.
3) Privacy preserving usage rate for transmitting a data transaction
Note G R Privacy preserving usage for transmitting a data transaction, as shown in equation (23):
Figure BDA0003534590200000281
in formula (23), G L Means the amount of Gas most willing to be paid for executing a transaction; g U Is the amount of Gas actually used after a transaction is performed, if G U Less than G L The Gas with the commission fee deducted is returned to DR.
Because a data transaction is transmitted on the premise of privacy protection, the proportion of the amount of Gas actually used after the execution is finished to the maximum amount of payment willing (namely the Gas utilization rate) may be different, so that the privacy protection utilization rate of the data transaction is influenced by the Gas utilization rate, the lower the privacy protection utilization rate of the data transaction is, the lower the Gas utilization rate is, and the better the privacy protection performance is.
4) Transmitting a required privacy preserving commission for a data transaction
Note G C The privacy protection commission required for transmitting a data transaction, as shown in equation (24)
G C =G P ×G U (24)
In formula (24), G P Gas unit price, G, for a certain payment transaction U The amount of Gas for a certain transaction is paid, and since Gas is required to be used as a commission charge for each data transaction transmitted on the premise of privacy protection, the Gas commission charge is related to the privacy protection commission charge required for transmitting the data transaction, and the lower the privacy protection commission charge required for transmitting the data transaction, the lower the Gas commission charge and the better the privacy protection performance.
The experimental content includes verifying the performance of payment verification and data transaction protocols in the decentralized data transaction model proposed by the present invention.
(1) Data file transfer delay
1) Influence of different storage modes on data file transmission delay influence of different data storage modes on data file transmission delay in a block chain network.
In fig. 4, as the number of data files to be stored increases, the delay caused by storage using IPFS is slightly longer than the delay caused by storage using MongoDB because: the speed of acquiring the data file from the IPFS depends on a plurality of factors, such as encryption and decryption of the data file, the number of stored data files, the storage position of the data file in the IPFS and the like, so that the time for acquiring the data file from the IPFS can be influenced by the factors, the transmission delay of the data file is increased, even if the delay caused by the IPFS is slightly longer than that of a traditional data storage mode MongoDB, the security of the IPFS is derived from the hash of tamper-proof data, as the IPFS provides the advantages of tamper-proof and decentralization of data file storage records, the security of the data file is changed by slightly more transmission delay, the method is more efficient when being integrated with a block chain network (such as an Ethern), and the method is also beneficial to improving the transaction processing speed of the Ethern.
The time delay brought by the IPFS is only slightly larger than that of a MongoDB in a traditional data storage mode while the data security and the privacy are protected, so the IPFS is still an ideal choice of the proposed model for better protecting the security of data files.
2) Influence of node number on data file transmission delay
The number of different nodes in a blockchain network affects the data file transmission delay,
in fig. 5, to verify the influence of the number of nodes on the transmission delay of a data file in a blockchain network, experimental results obtained based on different numbers of nodes are compared, and the numbers of nodes are set to 1000, 2000, and 3000, respectively, to verify the influence of the number of nodes on the transmission delay, three sets of data showing the transmission delay caused by retrieving a data file from an IPFS when the number of nodes in the network is changed, in fig. 5, as the number of data files increases,
as can be seen from FIG. 5, the three groups of experimental results with different numbers of nodes are well matched, which indicates that the IPFS retrieval time is less in change with the number of the nodes.
(2) Gas unit price
By using different tokens as transaction currencies to analyze the influence of different tokens on the unit price of privacy protection required for transmitting a data transaction, and in addition, the unit price of Gas affects the unit price of privacy protection required for transmitting a data transaction, therefore, the influence on the unit price of privacy protection required for transmitting a data transaction can be analyzed based on the unit price of Gas because the smaller the unit price of Gas, the smaller the unit price of privacy protection required for transmitting a data transaction, the better the privacy protection performance of the proposed algorithm, and the experimental results are as shown in fig. 6:
in fig. 6, ETH, DAI, cDAI, USDC and USDT are used as the proposed model of transaction currency to analyze the effect of transactions with these five different tokens on Gas unit price, respectively, where ETH is the native token used in the ether house; DAI is a decentralised, unbiased, collateral-backed cryptocurrency; cDAI is a real-time DAI savings account; the USDC is a type of under-link guaranteed stable currency that meets the ERC20 standard and can be used as a reserve currency, with the USDT being one of the earliest stable currencies that meet the ERC20 standard.
As can be seen from fig. 6, the Gas unit price increases with the increase of the transaction amount by using different tokens in the model, and although there is a gap between the increase of different tokens, the Gas unit price increases linearly with the increase of the transaction amount, and since cDAI has a certain interest, the Gas unit price of cDAI is smaller than DAI, that is: the privacy preserving unit price of the proposed method increases linearly with the increase of the transaction amount.
(3) Gas usage rate
By using different tokens as transaction money, the influence of different tokens on the privacy protection utilization rate of transmitting a data transaction is analyzed, and in addition, the Gas utilization rate influences the privacy protection utilization rate of transmitting a data transaction, so that the influence on the privacy protection utilization rate of transmitting a data transaction can be analyzed based on the Gas utilization rate, because the lower the Gas utilization rate is, the lower the privacy protection utilization rate required for transmitting a data transaction is, the better the privacy protection performance of the proposed algorithm is.
Inventive arrangement G L 1200000Gas, i.e. DR can pay 21000 Gas for each transaction at most, if the setting is too small and the number of Gas is not enough to perform all operations, the operation will fail and the state will roll back, however G L Should not be too large, should be traded G L If the setting is too high (e.g. more than 800 ten thousand), it will be reported directly as an error, and the effect of different tokens on the Gas usage is shown in fig. 7:
in fig. 7, ETH, DAI, cDAI, USDC and USDC are used as the transaction currencies of the proposed model to analyze the effect of transactions with the above five different tokens on the Gas usage rate, and as can be seen from fig. 7, the Gas usage rate increases first and then decreases as the transaction amount increases, and because cDAI has better fluidity, the fluctuation of the Gas usage rate of cDAI is lower than that of DAI, and similarly, because USDT and USDC use the same stabilizing mechanism and mortgage, the effect of USDT and USDC on the Gas change rate is similar.
As can be seen from fig. 7, the model uses different tokens for the transaction, and as the amount of the transaction increases,the Gas utilization rates are increased and then decreased, and due to the difference of working mechanisms of different tokens, the Gas utilization rates of different tokens are slightly different, namely: the privacy preserving usage of the proposed method increases linearly with the amount of the transaction, and moreover, the Gas usage decreases after increasing to a certain extent, which is illustrated in G L Under certain conditions, the amount of Gas actually used for executing one transaction is reduced, so that the data transaction model provided by the invention can use less Gas to complete the data transaction under the condition that the user is willing to pay the maximum amount of Gas, and the reasonable use of the Gas is realized.
(4) Gas commission
By using different tokens as transaction currencies to analyze the effect of different tokens on the required privacy preserving commission for transmitting a data transaction, and in addition, the Gas commission affects the required privacy preserving commission for transmitting a data transaction, therefore, the effect on the required privacy preserving commission for transmitting a data transaction can be analyzed based on the Gas commission because the lower the Gas commission, the lower the privacy preserving commission required for transmitting a data transaction, the better the privacy preserving performance of the proposed algorithm, and the experimental results are shown in fig. 8:
in fig. 8, ETH, DAI, cDAI, USDC and USDT were used as the proposed model of transaction currency to analyze the effect of transactions with the above five different tokens on renewal rates.
As can be seen from fig. 8, when the model uses different tokens to perform transactions, the commission fees increase with the increase of the transaction amount, although the increase of the tokens varies, the commission fees increase with the increase of the transaction amount, and the commission of the cDAI is slightly smaller than the DAI because the cDAI has a certain interest, that is: the privacy preserving commission of the proposed method increases linearly with the amount of the transaction.
The experimental analysis is summarized as follows:
1) analyzing the transmission delay of the data file: the IIPFS is used for safely storing and accessing the data file in the model provided by the invention, so that the privacy protection of the data is realized, and 1) in 6.2 shows that the time delay brought by the IPFS while the data security and the privacy are protected is only slightly larger than that of a MongoDB in a traditional data storage mode, so that the performance of the method provided by the invention is better; from 2) in 6.2, it can be known that the number of different nodes has less influence on the transmission delay of the data file.
2) Gas monovalent analysis: the Gas unit price increases with the amount of the transaction for different tokens, and increases linearly with the amount of the transaction although there is a gap between the magnitudes of the increases for different tokens.
3) Gas usage analysis: as the amount of a transaction increases, Gas usage increases to some extent and decreases for different tokens.
4) Gas commission analysis: the Gas commission increases with the amount of the transaction for each token, and increases with the amount of the transaction, although there is a gap between the magnitude of the increase in tokens.
In summary, the data transaction transmission model of the present invention performs best in terms of overall performance in terms of data file transmission delay, Gas unit price, Gas usage rate, and Gas commission.
Examples of the embodiments
To create a simulation of blockchain networks, the invention uses ganache-cli as the test blockchain of the invention and uses Web3 js to interact with blockchains, and to test IPFS networks, the invention uses Infura [39] Is a platform that allows DApp to quickly access the ethernet premises and provides a secure, reliable and extensible IPFS gateway access, INFURA provides TLS-enabled IPFS gateways that in turn can be used to access and run IPFS nodes.
The invention has the beneficial effects that:
according to the data transaction model and the privacy protection method based on the block chain, through researches on a block chain technology, an intelligent contract and a cryptography technology, the invention provides a data transaction model for data transaction privacy protection based on the block chain, which utilizes an interplanetary file system (IPFS) and zero knowledge proof to solve the problems of security of a data file and identity privacy of a transaction party, wherein the IPFS is used for storing the data file of a user and protecting the data from being checked and stolen by others; the invention provides an optimized data transaction privacy protection method based on a data transaction model, and firstly, the data file is safely stored and accessed by utilizing IPFS and cryptography; secondly, based on the safe storage and access, broadcasting a data transaction request to a blockchain network, and responding to the transaction request by the blockchain; and finally, the payment of transaction commission fees is carried out on both transaction parties through a zero-knowledge proof system in the model, the identity privacy of both transaction parties is protected in the process, and through the privacy protection scheme, both transaction parties can complete data transaction and simultaneously protect the security and privacy of data and the privacy of user identities.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. A blockchain-based data transaction model, comprising:
DP, used for storing to IPFS after encrypting the data selectively, offer the data through the data transaction system, DP can formulate the rational intellectual contract according to the relevant stipulations, in order to control the authority of its data, and obtain the reward due;
the DR is used for issuing data requirements through intelligent contracts, completing data transaction processes through contract matching data and not exposing real identities in data transaction;
a blockchain network to provide data storage, management and trading strategies for the proposed model;
the zero-knowledge proof system is used for building a bridge between the data transaction parties and the blockchain network, verifying blockchain accounts of the data transaction parties under the condition that privacy information of the transaction parties is not disclosed, and paying DR and DP direct transaction fees if verification is passed.
2. The blockchain-based data transaction model of claim 1, wherein the blockchain network includes an IPFS, a blockchain and a smart contract, the IPFS is a distributed storage database for storing transaction data uploaded by both transaction parties after encryption, the blockchain is used for linking to the IPFS to perform offline processing and online verification on the data stored in the IPFS and storing information and credentials related to data transaction, the smart contract can make a policy for data transaction, thereby facilitating DP to write the smart contract conveniently to implement different transaction policies, and further, the smart contract allows non-repudiation in transaction execution without involving a third party and records the result on the blockchain.
3. The blockchain-based data transaction model of claim 2, wherein the DP and DR register an ethernet account number with the client, the account number is generated by a public key and a private key, and the public key is stored in the blockchain and used as a transaction address; the private key is stored by each user, the security of the private key is ensured, the user can use a plurality of transaction addresses to carry out transaction, the association among a plurality of transactions is weakened, and the data transaction protocol process can be divided into four stages according to the difference of functions of each stage of the data transaction process: 1) a CA verification stage; 2) a data storage stage; 3) a demand release stage; 4) transaction response and acquisition phase.
4. The blockchain-based data transaction model of claim 3, wherein the CA validation phase:
in order to prove the authenticity and the security of the DR identity, identity authentication must be completed before the DR identity is added into a block chain network, a unique identity certificate is obtained, firstly, the DR generates n Ether Fang addresses, personal real information and the Ether Fang addresses are sent to a CA (certificate Authority), the CA signs the Ether Fang addresses by using an RSA private key of the CA, n signature data is obtained, namely a token, and the token pair is a token:
TokenR=<Addr i ,Token i >
wherein i ∈ n, Addr i Denotes the ith address, Token i Representing the token corresponding to the ith address, DP using Addr in the system i When a transaction is made, a Token is sent to the DR i
5. The blockchain-based data transaction model of claim 3, wherein the data storage phase:
in IPFS, data can only be accessed using SHA-256 hash values stored in base58 format, and for secure access to data, the SHA-256 hash function is as follows:
H S :{0,1} * →{0,1} n
wherein H S The hash function is SHA-256 hash function, and the hash algorithm used is SHA-256, so that n is 256 in the present invention, in the IPFS, each data entry is stored in the form of MerkleDAG, and if the data changes, the hash value corresponding to the data will also be changed, so that the data stored in the IPFS has the characteristic of tamper resistance, and the privacy of the data file can be protected to a certain extent.
Note H M For the data file after the hash operation is carried out by utilizing the SHA-256 hash function:
H M =H S (M)
in formula (3), H S Is the SHA-256 hash function and M is the data file provided by the DP and placed in IPFS for encrypted storage.
In the process of storing the IPFS, in order to protect the security of the data file, the invention uses an AES encryption algorithm [25] and an RSA encryption algorithm [29] to encrypt the data file in a double-layer way so as to ensure the security of the data file.
And (3) creating an RSA key pair for the ith address of the DR by using an RSA encryption algorithm, wherein the key pair is marked as KP, and the formula (4) is as follows:
K P =<PK i ,SK i >
in formula (4), PK i For generating a public key, SK, for the ith blockchain address of DR using the RSA algorithm i Is a private key generated for the ith blockchain address of the DR using the RSA algorithm.
Encrypting the data file M provided by the DP by using an AES encryption algorithm, and recording theta as the encrypted data file:
θ=<C M ,K A ’>
in formula (5), C M Encrypting ciphertext generated by a data file M with an AES key KA for DP, where K A Random numbers generated for the key generation function of AES and as keys for AES, K A ' is a key obtained by encrypting the AES key KA by PKi, and uploads θ to the IPFS, and the IPFS returns its storage address (denoted as AddrDP), and stores the address in the block chain system.
Let MDP be data information that DP publishes to blockchain system:
MDP=<addrProvider,dataRequest,dataID,category,H M ,dataPrice,PK i ,K A ’>
wherein addrProvider is the address of DP in the system; dataRequest is data of DR request; dataID is the identification of the data in the system; category is the category to which the data belongs; HM is the hash value of the original data file issued by DP; the dataPrice is a transaction fee set by the DP for data to be provided by the DP; PKi is a public key generated for the ith blockchain address of DR using the RSA algorithm (see equation (4)); k A ' is PK i For AES key K A And (4) encrypting the obtained key.
In order to protect the privacy and security of data, the blockchain system only displays data information issued by a part of DPs, the DR may input a keyword into the system to query the data information displayed by the DPs to the system, and the INFO is written as the data information displayed by the system:
INFO=<addrProvider,dataRequest,dataID,category,H M ,dataPrice>
6. the blockchain-based data transaction model of claim 3, wherein the demand release phase:
note that the data request proposed by DR is DRequest, as shown in equation (8):
DRequest=<addrRequester,dataRequestID,dataID,Addr i ,Token i >
wherein addrRequester is the address of DR in the system and is the unique identification identity; DataRequestID is the number of data transaction requests created by the DR, DataID is the identification of the data requested by the DR in the system, Addr i Ith Address, Token, generated in the Block chain for DR i The token passing authentication for the DR.
7. The blockchain-based data transaction model of claim 3, wherein the transaction response and acquisition phase:
let DResponse be the response message sent by the system to DR:
DResponse=<Addr DP ,dataRequestID,dataID,dataPrice>
in equation (9), AddrDP is the storage address of the encrypted data file in IPFS; datacrace is the transaction fee that the DP sets for the data it will provide.
After receiving the response message sent by the blockchain system, the DR pays the transaction fee required by the transaction and then pays the AES key K A ' decryption is carried out to obtain a decrypted AES key K A (ii) a Finally using K A For ciphertext C M And decrypting to generate the unencrypted data message M.
8. A privacy protection method of a data transaction model based on a block chain is characterized by comprising the following steps:
1) algorithm 1 is designed for securely storing data files using IPFS, obtaining the address of the encrypted data store and the associated key;
2) based on the result of the algorithm 1, firstly calling an algorithm 2 to broadcast the DR requirement to a block chain network, and calling an algorithm 4 to store the cost of a data file into the block chain;
3) the block chain carries out matching query on information stored in the IPFS and request information of the DR, sends a response message to the DR, and then the DR calls an algorithm 3 to decrypt an obtained ciphertext according to the response message so as to obtain an unencrypted data file;
4) calling the intelligent contract 1 to perform zero-knowledge proof and verification on the identity of a transaction party;
5) and if the zero knowledge proof passes the verification, the DP calls the algorithm 5 to obtain the cost, so that the payment of the transaction cost is finished, otherwise, the DP returns to the block chain to process the transaction, and the algorithm is finished.
9. The privacy protection method of the data transaction model based on the block chain as claimed in claim 8, wherein the algorithm 1 is AES-RSA double-layer encryption storage algorithm, the algorithm 2 is IPFS information security matching algorithm, the algorithm 3 is ciphertext AES-RSA decryption algorithm, the algorithm 4 is zero knowledge payment algorithm, the algorithm 5 is zero knowledge verification and money-drawing algorithm, and the intelligent contract 1 is a contract for generation and verification of zero knowledge proof.
CN202210215840.4A 2022-03-07 2022-03-07 Data transaction model and privacy protection method based on block chain Pending CN114900290A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210215840.4A CN114900290A (en) 2022-03-07 2022-03-07 Data transaction model and privacy protection method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210215840.4A CN114900290A (en) 2022-03-07 2022-03-07 Data transaction model and privacy protection method based on block chain

Publications (1)

Publication Number Publication Date
CN114900290A true CN114900290A (en) 2022-08-12

Family

ID=82716451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210215840.4A Pending CN114900290A (en) 2022-03-07 2022-03-07 Data transaction model and privacy protection method based on block chain

Country Status (1)

Country Link
CN (1) CN114900290A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913513A (en) * 2023-01-07 2023-04-04 北京邮电大学 Distributed credible data transaction method, system and device supporting privacy protection
CN115982746A (en) * 2023-03-17 2023-04-18 南京信息工程大学 Data sharing method based on block chain
CN117194359A (en) * 2023-11-07 2023-12-08 国网信息通信产业集团有限公司 Data sharing method, device, equipment and medium supporting privacy protection
CN117318914A (en) * 2023-09-12 2023-12-29 上海兴岩信息科技有限公司 Block chain service platform based on terminal equipment
CN117499159A (en) * 2023-12-27 2024-02-02 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913513A (en) * 2023-01-07 2023-04-04 北京邮电大学 Distributed credible data transaction method, system and device supporting privacy protection
CN115913513B (en) * 2023-01-07 2023-05-12 北京邮电大学 Distributed trusted data transaction method, system and device supporting privacy protection
CN115982746A (en) * 2023-03-17 2023-04-18 南京信息工程大学 Data sharing method based on block chain
CN115982746B (en) * 2023-03-17 2023-06-27 南京信息工程大学 Block chain-based data sharing method
CN117318914A (en) * 2023-09-12 2023-12-29 上海兴岩信息科技有限公司 Block chain service platform based on terminal equipment
CN117194359A (en) * 2023-11-07 2023-12-08 国网信息通信产业集团有限公司 Data sharing method, device, equipment and medium supporting privacy protection
CN117499159A (en) * 2023-12-27 2024-02-02 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment
CN117499159B (en) * 2023-12-27 2024-03-26 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US11669811B2 (en) Blockchain-based digital token utilization
CN108833081B (en) Block chain-based equipment networking authentication method
JP7128111B2 (en) Systems and methods for controlling asset-related activities via blockchain
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
WO2020119294A1 (en) Data sharing method, apparatus, and system, and electronic device
Salviotti et al. A structured framework to assess the business application landscape of blockchain technologies.
CN114900290A (en) Data transaction model and privacy protection method based on block chain
CN108418783A (en) A kind of protection method of block chain intelligence contract privacy, medium
CN110335147A (en) A kind of digital asset Information Exchange System and method based on block chain
US20190295069A1 (en) Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates
KR102347022B1 (en) The encrypted data sharing system based on block chain and IPFS(InterPlanetary File System)
TW202029086A (en) Block chain-based evidence storage method and device
CN111418184A (en) Credible insurance letter based on block chain
KR102383099B1 (en) The non-face-to-face large document access blockchain system that combines blockchain-based DID service and IPFS-based data sharing technology and private key distributed storage technology
Li et al. Comparative analysis of bitcoin, ethereum, and libra
CN108876669A (en) Course notarization system and method applied to multi-platform shared education resources
CN113302610B (en) Trusted platform based on blockchain
Li et al. A decentralized and secure blockchain platform for open fair data trading
CN113347008B (en) Loan information storage method adopting addition homomorphic encryption
CN115380303A (en) Trusted platform based on block chain
CN111417945A (en) Credible insurance letter based on block chain
CN112801778A (en) Federated bad asset blockchain
CN113947394A (en) Block chain-based fair payment method for deletable duplicate data in cloud storage
CN111433799A (en) Credible insurance letter based on block chain
CN113302612B (en) Computer implementation method, system and device for cross-chain and cross-network data transmission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination