CN110061829A

CN110061829A - Multi-party computations method, apparatus and storage medium based on block chain network

Info

Publication number: CN110061829A
Application number: CN201910341818.2A
Authority: CN
Inventors: 史锋锋; 肖诗源; 刘辉
Original assignee: Shanghai Point Information Technology Co Ltd
Current assignee: Shanghai Point Information Technology Co Ltd
Priority date: 2019-04-26
Filing date: 2019-04-26
Publication date: 2019-07-26

Abstract

The present disclosure provides a kind of multi-party computations methods based on block chain network, the block chain network is connect with the first client, at least one second client and at least one third client communication, it include: at the block chain node of block chain network, receive the computation requests sent by the first client comprising the id information of the second client determined at random；Computation requests are sent to second and third client, to indicate that secret information is divided into multiple secret sub-informations by the second client, and indicate that third client obtains corresponding secret sub-information from the second client；From the second client and third client, the multiple calculated results at least generated based on multiple secret sub-informations are received respectively；Merge multiple calculated results, to obtain combined value；And combined value is returned to the first client.In addition, the content of present invention additionally provides a kind of multi-party computations device based on block chain network and a kind of corresponding computer readable storage medium.

Description

Multi-party computations method, apparatus and storage medium based on block chain network

Technical field

The content of present invention is related to block chain technology, relates more particularly to a kind of based on the Secure of block chain network Calculation method, a kind of multi-party computations device and a kind of corresponding computer readable storage medium based on block chain network.

Background technique

Block chain (Blockchain) is the intelligent peer-to-peer network with distributed data base identification, propagation and information-recording Network, also referred to as value internet.So-called value internet, refer to allow users to it is convenient, fast by network, at low cost Transmitting value.

It is calculated in service multi-party, mutual trust and data protection are always the multi-party bottleneck for calculating service development Multi-party calculating service obtains the biggest obstacle that multi-party participant supports in other words.Two sides are mainly derived from this trust problem Face, one is that cannot be directly acquired to be queried initial data by issuer, the other is how to prevent issuer and offer service Platform between malicious conspiracy obtain initial data.

Summary of the invention

In order to solve in many ways calculate service in mutual trust and the related technical problem of data protection, reality of the invention Apply example provide it is a kind of by the multi-party computations method of block chain network, it is a kind of based on the Secure of block chain network Device and corresponding computer readable storage medium are calculated, so that multi-party calculate the requestor in servicing, requested person and mention For this it is multi-party calculate service platform between do not need very strong trusting relationship, and can protect respective data safety and Privacy does not know initial data by other related sides, so that calculating service in many ways can be received by each participant.

For this purpose, being provided in the first aspect of the embodiment of the present invention a kind of based on the Secure of block chain network Calculation method, the block chain network and the first client, at least one second client and at least one third client are logical Letter connection, the multi-party computations method include:

At the block chain node of the block chain network, the computation requests sent by the first client, the meter are received Calculate the id information that request includes at least one the second client determined at random；

The computation requests are sent at least one described second client and at least one described third client, to refer to Show that secret information is divided into multiple secret sub-informations by least one described second client, and indicate it is described at least one the Three clients obtain corresponding secret sub-information from least one described second client；

From at least one described second client and at least one described third client, receive respectively at least based on institute State multiple calculated results that multiple secret sub-informations generate；

Merge the multiple calculated result, to obtain the combined value of the multiple calculated result；And

The combined value is returned to first client.

In addition, the second aspect of the embodiment of the present invention additionally provides a kind of multi-party computations based on block chain network Method, the block chain network and the first client, at least one second client and at least one third client communication Connection, the multi-party computations method include:

At at least one described second client, the calculating sent by the block chain node of the block chain network is received Request；

Secret information is divided into multiple secret sub-informations, wherein the secret sub-information is by least one described third Client obtains from least one described second client；

Calculated result is at least determined based on secret sub-information associated at least one described second client；And

The calculated result is returned to the block chain node.

Next, the third aspect of the embodiment of the present invention additionally provide it is a kind of based on the Secure of block chain network Calculation method, the block chain network and the first client, at least one second client and at least one third client are logical Letter connection, the multi-party computations method include:

At at least one third client, receives and asked by the calculating that the block chain node of the block chain network is sent It asks, the computation requests include the id information of at least one second client determined at random；

Corresponding secret sub-information is obtained from least one described second client, wherein the secret sub-information is Secret information partition is formed by least one described second client；

Calculated result is at least determined based on secret sub-information associated at least one described third client；

The calculated result is returned to the block chain node

The fourth aspect of the embodiment of the present invention additionally provides a kind of multi-party computations device based on block chain network, The block chain network is connect with the first client, at least one second client and at least one third client communication, The multi-party computations device includes:

Processor；And

Memory makes the processor execute following operation when described instruction executes for storing instruction:

The combined value is returned to first client.

In addition, the 5th aspect of the embodiment of the present invention provides a kind of multi-party computations dress based on block chain network It sets, the block chain network and the first client, at least one second client and at least one third client communication connect It connects, the multi-party computations device includes:

Processor；And

The calculated result is returned to the block chain node.

Furthermore the 6th aspect of the embodiment of the present invention additionally provides a kind of multi-party computations based on block chain network Device, the block chain network and the first client, at least one second client and at least one third client communication Connection, the multi-party computations device include:

Processor；And

The calculated result is returned to the block chain node.

Finally, the 7th aspect of the embodiment of the present invention provides a kind of computer readable storage medium, there is storage Computer-readable program instructions on it, the computer-readable program instructions are for executing according to an embodiment of the present invention the On the one hand, the multi-party computations method based on block chain network described in second aspect or the third aspect.

In an embodiment of the present invention, by generating secret sub-information by the secret splitting side being randomly assigned, to make Obtaining calculated result acquired in platform is not initial data, but according to the data of initial data and secret sub-information synthesis, therefore Even if platform and issuer's collusion will not allow issuer that can obtain the initial data of each side of being queried, and then improve number According to the safety of secret protection；Furthermore by being randomly assigned secret splitting side, even if thus secret splitting side previous and inquiry Collusion is also greatly lowered a possibility that obtaining initial data together for side and platform, this is because secret splitting side is not Fixed, but be randomly assigned, the risk of the leaking data due to caused by multi-party collusion is further prevented, to eliminate The multi-party participant that calculates is improved and multi-party to calculate service for providing the needs of the trust of the multi-party supplier for calculating service Participant participation wish so that the acceptable degree calculated in many ways is improved.Other advantages of the invention will be under It is further illustrated in text.

Detailed description of the invention

It refers to the following detailed description in conjunction with the accompanying drawings, the feature, advantage and other aspects of various embodiments of the present invention will become Must be more obvious, show several embodiments of the invention by way of example rather than limitation herein, in the accompanying drawings:

Fig. 1 shows the multi-party computations method 100 based on block chain network that content according to the present invention is proposed Flow chart；

The multi-party computations method 200 based on block chain network proposed Fig. 2 shows content according to the present invention Flow chart；

Fig. 3 shows the multi-party computations method 300 based on block chain network that content according to the present invention is proposed Flow chart；

Fig. 4 is shown wherein being capable of the implementation basis multi-party computations method shown in FIG. 1 based on block chain network It 100 or is based on according to the multi-party computations method 200 shown in Fig. 2 based on block chain network or according to shown in Fig. 3 The schematic diagram of one embodiment 400 of the network architecture of the multi-party computations method 300 of block chain network；

Fig. 5 shows the multi-party computations device 500 based on block chain network of one embodiment according to the present invention Schematic diagram；And

Fig. 6 shows the multi-party computations device based on block chain network of another embodiment according to the present invention 600 schematic diagram.

Specific embodiment

Below with reference to each exemplary embodiment of attached drawing detailed description of the present invention.Although examples described below side Method, device include the software and/or firmware executed on hardware in other components, it should be noted that these examples are only It is merely illustrative, and is not to be taken as restrictive.For example, it is contemplated that within hardware exclusively, in software exclusively or Any or all hardware, software and fastener components can be implemented in any combination of hardware and software.Therefore, although below Illustrative method and apparatus are described, but those skilled in the art should be easily understood that, provided example is not used to Limit the mode for realizing these method and apparatus.

In addition, flowcharts and block diagrams in the drawings show method and system according to various embodiments of the present invention can The architecture, function and operation being able to achieve.It should be noted that function marked in the box can also be according to different from attached drawing The sequence marked occurs.For example, two boxes succeedingly indicated can actually be basically executed in parallel or they have When can also execute in a reverse order, this depend on related function.It should also be noted that flow chart and/or Function as defined in execution or behaviour can be used in the combination of each box in block diagram and the box in flowchart and or block diagram The dedicated hardware based system made is realized, or the combination of specialized hardware and computer instruction can be used to realize.

Term " multi-party computations " in the content of present invention refers in the meter for not revealing initial data and signature request The multi-party calculating cooperation carried out in the case where calculating requesting party and calculating embodiment party, so as to realize that specific multi-party calculate takes Business, specifically, multi-party computations solve the problems, such as the cooperated computing for protecting privacy between the participant of one group of mutual mistrust, peace It is complete multi-party to calculate the independence that ensure inputting, the correctness of calculating, at the same do not reveal each input value to participate in calculating other Member.In the case that multi-party computations are primarily directed to without TTP, an agreement function how is safely calculated Problem.

Term " homomorphism calculated result " in the content of present invention, which refers to, utilizes homomorphic algorithm operation function (addition, multiplication etc.) The result being calculated is combined according to service logic to encrypted content.The result is also encrypted.

Such as among the economic entity participant of such as internet borrower's company, internet borrower's company D determine to Before the person's credit of some loan application, it is desirable to first inquire the loan Shen at other internet borrower's companies to cooperate with each other Please person with the presence or absence of bull borrow or lend money situation, if there is bull borrow or lend money, then internet borrower's company D may refuse the loan application The loaning bill of person is requested.

Simplest scheme is summarized as follows: i.e. internet borrower's company D directly should to internet borrower's company A, B, C inquiry The debt-credit situation of loan application person.But this scheme is difficult to execute in reality, because there is a problem of following:

1, internet borrower's company A, internet borrower's company B and internet borrower's company C generally will not be ready to allow mutually Networking borrower's company D directly knows loan application person in the loaning bill situation of oneself company；

2, internet borrower's company D is generally not desirable to internet borrower's company A, internet borrower's company B and internet Borrower's company C knows the bull debt-credit situation for being oneself in inquiry loan application person.

And another scheme is summarized as follows, i.e. internet borrower's company D is carried out by the query service of reference company E Inquiry, reference company E are looked on behalf of to internet borrower's company A, internet borrower's company B and internet borrower's company C It askes, then the query result of each company is summarized, returns again to give internet borrower's company D later.This scheme can be to avoid Internet borrower's company D directly knows loaning bill scheme of the loan application person between each company.But the program there is also Following problem:

Firstly, reference company E be known that loan application person internet borrower's company A, internet borrower's company B with And the loaning bill situation of internet borrower's company C, this is often also internet borrower's company A, internet borrower's company B and interconnection It is undesirable to net borrower's company C.

In addition, reference company E knows internet borrower's company D in the debt-credit situation of inquiry Zhang San, this point is also interconnection It is undesirable to net borrower's company D institute.

Furthermore the query result that reference company E is possible to send vacation gives inquiry internet borrower's company D, to mislead Internet borrower's company D.

Finally, reference company E is also possible to gang up with company therein, the information of other companies is revealed.Such as internet Borrower's company D and reference company E are ganged up, at this point, internet borrower's company A, internet borrower's company B and internet borrower's company The data of C just have the risk being compromised, and are specifically described as follows:

Due to be responsible for the intelligent contract that calculates safely be run on the block chain that reference company E is responsible for management, then Actually reference company E is available public to original internet borrower's company A, internet borrower's company B and internet debt-credit Take charge of the data after homomorphic cryptography of C.

If the original homomorphic cryptography leaking data that reference company E will acquire gives inquiry internet borrower's company D this time inquires corresponding homomorphism private key since internet borrower's company D possesses as issuer, so internet debt-credit is public Department D can decrypt the original number for getting internet borrower's company A, internet borrower's company B and internet borrower's company C According to.By way of batch query, internet borrower's company D can obtain a large amount of internet borrower's company A, internet debt-credit public affairs Take charge of the data of B and internet borrower's company C.

In view of this, cannot still give up doubt of the user for trust in the existing solution.

The invention proposes a kind of multi-party computations services based on block chain network to solve the problems, such as above.At this In the embodiment of invention, by generating secret sub-information by the secret splitting side being randomly assigned, so that acquired in platform Calculated result be not initial data, but according to the data of initial data and the synthesis of secret sub-information, even if therefore platform and looking into Inquiry side's collusion will not allow issuer that can obtain the initial data of each side of being queried, and then improve data-privacy protection Safety.

Before introducing a specific embodiment of the invention, will introduce first among technical solution of the present invention will be will use Homomorphic encryption iunctions and privacy sharing principle.

Homomorphic encryption iunctions, sometimes also referred to as homomorphic encryption algorithm.

The present invention is using (SEAL) the homomorphic encryption algorithm library Simple Encrypted Arithmetic Library as example To introduce homomorphic encryption iunctions.

It suppose there is a pair of of public key and private key pair, this is key1 to the public key of kind to public key and private key, and correspondingly private key is key2。

Homomorphic encryption iunctions are initialized using public key key1, E=Encryptor.init (key1)；

Decryption function is initialization D=Decryptor.init (key2) using private key key2.

Such as there are two integer x1 and x2, encrypted results are as follows: ex1=E.encrypt (x1), ex2=E.encrypt (x2).Unless the participant for obtaining ex1 knows private key key2, then ex1 is solved with decryption function D.decrypt (ex1) The close value to know x1, otherwise anyone can not know the value of x1, i.e. x1=D.decrypt (ex1) from ex1；Similarly, unless The participant for obtaining ex2 knows private key key2, then is decrypted to know to ex2 with decryption function D.decrypt (ex2) The value of x2, otherwise anyone can not know the value of x2 from ex2.

In addition, the homomorphic encryption algorithm of add operation is supported to have following characteristic:

Result1=E.add (ex1, ex2)=E.encrypt (x1+x2)

Equally unless knowing private key key2, with decryption function D.decrypt (result1) it is known that the value of x1+x2, no Then anyone can not know the value of x1+x2, i.e. x1+x2=D.decrypt (result1) from result1.

Ground is corresponded, the homomorphic encryption algorithm of multiplying is supported to have following characteristic:

Result2=E.multiply (ex1, ex2)=E.encrypt (x1*x2),

Equally unless knowing private key key2, with decryption function D.decrypt (result2) it is known that the value of x1*x2, no Then anyone can not know the value of x1*x2, i.e. x1*x2=D.decrypt (result2) from result2.

Support that (note: subtraction can be converted to addition for the hybrid operation of addition and multiplication in SEAL homomorphic encryption algorithm library Operation, division arithmetic can be converted to multiplying), it can be used to do more complicated operation.

Next the principle of privacy sharing will be introduced.

Privacy sharing (Secret Sharing) refers to splits secret in the right way, each share after fractionation Give different participants, single participant can not Restore Secret information, only several participants cooperate could restore together Classified information.Such as:

There is a secret S, to give N number of participant, then secret S can be divided into: S={ S1, S2 ..., SN }, If being capable of Restore Secret S, 1≤t≤N by t participant.

Consider following several situations:

1) t=1

Such case is practically without meaning, because any one participant can Restore Secret S.

2) t=N

Such case, which is meant, needs all participants together, by a part of secret s that oneself is obtained, joins together It can be with Restore Secret S.

Common practice is to generate random number R 1, R2 respectively for preceding N-1 participant ..., Rn-1, and n-th participant is raw - the Rn-1 at S-R1-R2 ....So want to add by the secret for obtaining all participants, so that it may obtain password S.

S=R1+R2+ ...+Rn-1+S-R1-R2- ...-Rn-1

For example:

Than if any 3 participants, P1, P2 and P3.There is a secret S to split, secret S can be split are as follows:

Random number R 1 is generated first for P1

Random number R 2 is generated for P2

So secret of P3 are as follows: S-R1-R2

The secret of 3 participants is thought plus secret S can be obtained.

3)1<t<N

Such case, refer to the secret obtained using any t participant can combined calculation secret S, it is general logical Polynomial mode is crossed to realize.

Present patent application mainly uses the case where t=N, the multi-party computations service discussed by present patent application In, all participants require contribution data, and participate in calculating, then being just suitable for the scene of t=N.

So present patent application, which is proposed using privacy sharing method, to be enhanced based on the Secure of block chain network The safety of calculation technically avoids inquiry and the platform of offer service from ganging up, and then the data of data providing is caused to be let out Reveal hidden danger.

Based on the introduction above to homomorphic encryption iunctions and privacy sharing principle, in order to solve to inquire bull in previous example The problem of debt-credit encounters, the present inventor propose a kind of total by block chain network, homomorphic encryption algorithm and secret Principle is enjoyed to realize the scheme of multi-party computations service.

Fig. 1 shows the multi-party computations method 100 based on block chain network that content according to the present invention is proposed Flow chart, wherein the block chain network and the first client, at least one second client and at least one third client End communication connection.It can be seen from the figure that following five should be included at least based on the multi-party computations method 100 of block chain network A step at the block chain node of the block chain network, is received by the first client that is, first in method and step 110 The computation requests of transmission, the computation requests include the id information of at least one the second client determined at random；Then, it is connecing The meter is sent at least one described second client and at least one described third client in the method and step 120 to get off Request is calculated, to indicate that secret information is divided into multiple secret sub-informations by least one described second client, and indicates institute It states at least one third client and obtains corresponding secret sub-information from least one described second client；Next exist In method and step 130 from least one described second client and at least one described third client, receive respectively at least The multiple calculated results generated based on the multiple secret sub-information；Then, the multiple calculating is merged in method and step 140 As a result, to obtain the combined value of the multiple calculated result；And it is finally returned in method and step 150 to first client Return the combined value.

In an embodiment of the present invention, by generating secret sub-information by least one second client being randomly assigned And by being randomly assigned at least one described second client, even if so that the first client and block chain network together It can also ensure that the confidentiality of initial data in the case where collusion, so as to give up the participant of multi-party computations (such as The first client, the second client, third client and block chain network herein) between trust doubt, greatly promote The deployment and implementation of multi-party computations.

It will be understood by those of skill in the art that homomorphic encryption algorithm can be introduced in the above-mentioned methods, i.e., optionally can It is enough include in the computation requests first information associated with the group of multi-party computations to be participated in and with it is to be checked Associated second information of information, wherein the group includes at least two participants and the first information includes ring label Name；In addition, being also able to verify that ring signatures in the method and in the case where the ring signatures are verified, using true in advance Fixed public key initialization homomorphic encryption iunctions and to block chain node associated with the group send the computation requests, Platform signature associated with the block chain and the party information for indicating at least one selected participant；It is excellent Selection of land can receive at least calculated result based on determined by the secret sub-information and according to service logic and initialized Homomorphic encryption iunctions determine homomorphism calculated result based on the calculated result and return to the homomorphism calculated result.

It is not seen in fig. 1, in one embodiment according to the present invention, the method also includes:

Receive the secret information determined at random sent by the first client；And

The secret information is sent at least one described second client.

In this way, such as the secret information only can be sent at least one described second client, from And the client in addition at least one described second client is made not know the secret information, further ensure secret The confidentiality of information, so further obviate initial data due to secret information acquisition and decrypted risk.

In one embodiment according to the present invention, the method also includes:

Receive the application request for including the group of at least two participant for multi-party computations；

It is at least two participants configuration and the platform label included by the group according to application request The associated public key of name.

In this way, block platform chain can be only that at least two participant included by the group is matched Public key associated with platform signature is set, so that it is flat from block chain that only there is the participant of the public key can decode It include the computation requests of platform signature received by platform, even if the participant without the public key has received computation requests, As not associated public key and cannot to decode include calculating that platform is signed received by the block platform chain Request, thus, it is possible to realize the secrecy of information.

In one embodiment according to the present invention, the method also includes:

Receive the application request for including the group of at least two participant for multi-party computations；And

It is that the group establishes independent block chain or is multiplexed shared block chain on the block chain；And

For the block chain creation block chain account book.

The group for carrying out multi-party computations can be needed to establish mutually independent block for different in this way Chain and be that it configures mutually independent block chain account book, so as to be the different groups for needing to carry out multi-party computations Multi-party computations service is provided independently of each other, without causing any adverse effect between each other.

In one embodiment according to the present invention, the method also includes:

Intelligent contract data packet is received, the intelligence contract data packet includes signing messages；

Judge whether the intelligent contract data packet is by described in included by the group according to the signing messages The intelligent contract data packet that at least two participants are approved；And

It is the intelligence approved by least two participant included by the group in the intelligent contract data packet In the case where energy contract data packet, installed on block chain associated with the group included by the intelligent contract data packet Intelligent contract.

It enables in this way only by each ginseng at least two participant included by group It can be installed on block chain associated with the group with the Fang Jun intelligent contract approved, so as to ensure intelligence The installation of contract needs each side to sign, can allow the update of calculating logic accomplish disclosure, it is transparent, consistent, can not distort.

In one embodiment according to the present invention, the intelligence contract data packet includes updated service logic.With Such mode can update the calculating logic of multi-party computations by upgrading intelligent contract, accomplish that upgrading intelligent contract needs Want each side to sign, can allow the update of calculating logic accomplish disclosure, it is transparent, consistent, can not distort.

In one embodiment according to the present invention, the method also includes:

Associated with computation requests issuer is stored on the block chain account book and should the side's of inquiry information.With this energy Enough technical support is provided for subsequent such as billing of services.

In one embodiment according to the present invention, the ring signatures have with the group for including at least two participants There is corresponding relationship and there is no corresponding relationship with any one participant at least two participant.With such side Formula can realize whether computation requests should be allowed under the premise of not exposing the specific participant for initiating computation requests It is verified.

In one embodiment according to the present invention, the calculating is sent to block chain node associated with the group Request and platform associated with block chain signature further comprise:

The computation requests are sent to block chain node associated with the group by Hyper text transfer security protocol And platform signature associated with the block chain.

Additional add can be provided for the information between participant by Hyper text transfer security protocol in this way Privacy protection thereby further ensures that data safety.

In one embodiment according to the present invention, second information uses preparatory via predetermined encryption method Determining key is encrypted.Enable to the second information of such as identity information only can be by the group in this way The participant with predetermined key be decrypted, without carrying out encryption and decryption by either party except group, from And ensure the information security of the second information.

In one embodiment according to the present invention, the calculated result is used via predetermined homomorphic encryption iunctions The public key of predetermined homomorphic encryption iunctions is encrypted.Calculated result is encrypted by homomorphic encryption iunctions, thus So that the safety for not having homomorphic cryptography private key, which calculates each side such as service providing platform, can not decode its initial data, thus So that the data safety of initial data is ensured.

It further include for the preparatory of homomorphic encryption iunctions in the computation requests in one embodiment according to the present invention Determining public key.It can be seen that the predetermined public key of homomorphic encryption iunctions can be transmitted by block platform chain, from And the privacy of the predetermined public key of homomorphic encryption iunctions is further ensured that by the characteristic of block platform chain.

The multi-party computations method 200 based on block chain network proposed Fig. 2 shows content according to the present invention Flow chart, wherein the block chain network and the first client, at least one second client and at least one third client End communication connection.From figure 2 it can be seen that the multi-party computations method energy implemented at such as at least one second client Enough include the following steps, it may be assumed that first in method and step 210 at least one described second client, receive by the area The computation requests that the block chain node of block chain network is sent；Then, in method and step 220, secret information is divided into multiple Secret sub-information, wherein the secret sub-information is by least one described third client from least one described second client It is obtained at end；Next in method and step 230, at least based on secret son associated at least one described second client Information determines calculated result；And the calculated result finally is returned to the block chain node in method and step 240.

Enable at least one described second client that secret information is divided into multiple secret sons in this way Information and secret sub-information associated according to generated at least one second client with this generate calculated result, from And can return and be not only the calculated result according to caused by initial data so that provide the multi-party platform for calculating service and Even if the first client collusion can not decrypt initial data, the safety of initial data is ensured that.

In one embodiment according to the present invention, the multi-party computations method further include:

Receive the secret information sent by the block chain node.

Secret information is enabled to receive from block chain node in this way, and secret sub-information can be based in this way Secret information determine, to further improve the confidentiality and safety of initial data.

Fig. 3 shows the multi-party computations method 300 based on block chain network that content according to the present invention is proposed Flow chart, wherein the block chain network and the first client, at least one second client and at least one third client End communication connection.From figure 3, it can be seen that the multi-party computations method energy implemented at such as at least one third client Enough include the following steps, it may be assumed that first in method and step 310 at least one third client, receive by the block chain The computation requests that the block chain node of network is sent, the computation requests include at least one described second client determined at random The id information at end；Then, in method and step 320, corresponding secret son letter is obtained from least one described second client Breath, wherein the secret sub-information is to decouple secret information by least one described second client and formed；Next In method and step 330, is at least determined based on secret sub-information associated at least one described third client and calculate knot Fruit；And the calculated result finally is returned to the block chain node in method and step 340.

At least one described third client is enabled to receive from least one second client in this way Secret sub-information associated at least one third client simultaneously at least generates calculated result accordingly, so as to return It is not only the calculated result according to caused by initial data, so that providing the multi-party platform for calculating service and the first client Even if collusion can not decrypt initial data, the safety of initial data is ensured that.

Illustrate hereinafter with reference to Fig. 4 according to Fig. 1, Fig. 2 and illustrated in fig. 3 based on the Secure of block chain network How calculation method is implemented step by step.Fig. 4 is shown wherein being capable of the implementation basis peace shown in FIG. 1 based on block chain network Complete multi-party calculation method 100 or according to the multi-party computations method 200 or foundation shown in Fig. 2 based on block chain network The signal of one embodiment 300 of the network architecture of the multi-party computations method 300 shown in Fig. 3 based on block chain network Figure.As can be seen from Figure 3:

First user A calculated result corresponding to query argument key when, it is random to generate number R as secret information R simultaneously And any one user is randomly assigned to decouple secret information R.In the example of fig. 3, such as designated user C decouples secret letter Cease R.Then entire computation requests are sent to block chain network, i.e. step 401 shown in Fig. 4, i.e., to block chain network It sends Query (key, signature1, user C:R).

Here, those skilled in the art it is to be appreciated that secret information R herein not necessarily, such as secret information R It can be set to default value such as zero, provide the platform of multi-party computations at this point, not needing to pass to secret information R.

Furthermore those skilled in the art is it is to be appreciated that multiple secret information R can be generated here and specify multiple use Family decouples secret information R.If there is 4 users will participate in calculating, then can specify 2 users decouples secret information respectively R (for example including secret information R1 and secret information R2), further enhances safety.

After executing the list that the intelligent contract calculated receives privacy sharing, further distribution request is to following user query Service.Before this, it will ask for an autograph in step 402 to the Digital signature service of such as BaaS Digital signature service and in step 403 It is middle to receive returned signature Signature2, then, in following step 404 to 409 respectively to corresponding user B, The query service of user C and user D forward the computation requests, platform signature and indicate at least one selected participant The party information (be herein user C).With secret information R, secret information R can be both sent to All is queried user, also only can send secret information R to selected user C.But secret as previously described Information R is not required.It is tight next, the user C selected query service can receive the secret information R that needs to decouple it Get out the secret sub-information of such as password split as early as possible afterwards.For example, after the user of partition secret receives collapsible request, according to Previously described method, it is first random to generate r1, r2, then generating r3=R-r1-r2.After user receives inquiry request, first Password after issuer (being herein, for example, user C) the inquiry partition for going partition secret, such as user B go user C to obtain r1, use Family D goes user C to obtain r3.After getting the results added with oneself, is encrypted and returned using homomorphic algorithm.

Then, after the result received is carried out operation by intelligent contract in step 410 and step 411, user A is returned to. User A uses the key decrypted result of homomorphism in step 412, and in this example, decrypting the result got actually includes Result can be obtained so subtracting the secret information R in request in R.It may be zero in this R, at this point, r1 is, for example, -2, r2 It is for example respectively 1 with r3.

If it is complicated linear operation, then following procedure is executed, i.e., in the above example, only gives one simply Results added the case where, that is, the case where Z=a+b+c.For complicated linear operation, such as shaped like: Z=u*a+v*b+ The case where w*c+t, the calculating process in upper figure need to be achieved in: the secret value that user A is returned are as follows: u*a+r1；User B is returned The secret value returned are as follows: v*b+r2；The secret value that user C is returned are as follows: w*c+r3.In intelligent contract, the phase of secret value is only calculated Add operation.That is, for complicated linear operation, the calculating section for the data for needing to provide user oneself is placed on number According to progress operation before providing.

The advantages of this method, is as follows:

For multi-party computations service provider, in the data that each user got provides, It joined random disturbance, even if having given the data leak to inquiry user A, can not also learn user's offer after user A decryption Initial data.

Secondly as partition secret side and the random password for generating partition are randomly assigned every time, so it is useful to obtain institute Family provide initial data, data query side, service provider and partition secret side can just gang up together could decrypt it is useful The data at family.Due to being the partition secret side for being randomly assigned such as the second client every time, so having prevented the such as first visitor Family end issuer only gangs up with service provider (such as block chain network), can draw the private data of user in batches.

Below by taking block chain as an example, the above-mentioned multi-party computations method 100 based on block chain network is illustrated.Base It is mainly managed by the block chain comprising multiple peer nodes, Digital signature service and user in the multi-party computations service of block chain network Manage console composition.Peer node can run the multi-party computations logic of user in the form of intelligent contract.

It needs to need to be registered as block chain cloud service platform user using the user (enterprise) of multi-party computations service.Into Multiple users (enterprise) of row multi-party computations can form a multi-party computations alliance on user console, and The multi-party computations service of collective's application block chain cloud service platform.

After applying successfully, multi-party computations service can be right for multi-party computations alliance creation one on block chain The group or alliance answered and corresponding block chain account book, each user (enterprise) in multi-party computations alliance have one A corresponding tissue belongs to the group or alliance.The multi-party computations service logic of user needs to be embodied as corresponding intelligence Contract, and be installed in the peer node for be added the account book and execute, so as to be written and read to the account book.Peace Complete multi-party calculating service can be by creating multiple groups or alliance and corresponding block chain account book, each on a block chain There are its independent group or alliance and account book in multi-party computations alliance, so as to simultaneously be multiple multi-party computations Alliance provides service.

Multi-party computations service passes through the permission control of block chain and Privacy Preservation Mechanism, it can be ensured that:

1) only just may be mounted on account book by the intelligent contract of members' signatures all in group or alliance or Upgraded on account book；

2) member just has permission the corresponding intelligent contract of execution only in the group or alliance, to realize read-write account This；

3) different multi-party computations alliances has group independent or alliance and block chain account book, can do To the mutually isolated of intelligent contract and block chain account book data, thus protect multi-party computations alliance, each side data safety and Privacy.

It is described below through the multi-party computations service and realizes the stream of the bull lending and borrowing business of the inquiry in previous example Journey is as follows:

It is ready the internet borrower's company A of shared debt-credit data, internet borrower's company B, internet borrower's company C, mutually Networking borrower's company D or more companies reach shared agreement and form a reference information sharing group or alliance, group Or any internet borrower's company in alliance can inquire the reference of borrower to other internet borrower's companies Information (this example is bull debt-credit situation).These companies appoint following content in advance:

For encryption and decryption inquiry content (this example is the name of borrower Zhang San, ID card No.) enciphering and deciphering algorithm and Key.Ensure that inquiry content only has these companies that can decrypt and knows, and includes that multi-party computations service mentions to other people Supplier's secrecy.

Using identical homomorphic encryption iunctions and parameter setting.

For generating the algorithm of inquiry ring signatures, for example, algorithm of token herein.This is used to generate inquiry ring signatures Algorithm must realize two kinds of purposes, first, the inquiry embodiment party for receiving inquiry request must be allowed to be able to verify that query originator is No have permission is able to carry out inquiry；Secondly the specific identity of query originator must cannot be exposed.Specifically, internet is borrowed or lent money Company A, internet borrower's company B, internet borrower's company C can verify the validity of token, to know the inquiry received Whether request, which has permission, is inquired；But internet borrower's company A, internet borrower's company B, internet borrower's company C are not It can be inferred to request is issued from which company by token, to protect the privacy of service of internet borrower's company D.

The multi-party computations service of the group or alliance's purchase block chain cloud service platform.Digital signature service is obtained simultaneously Public key.

The alliance cooperation realizes the relevant intelligent contract of service logic, and in the present example, which can ask inquiry The company all in alliance that is sent to is asked, and query result is summarized, calculates each company's query result by homomorphic encryption iunctions Summation.Each company in alliance all audits the code of intelligent contract, and with respective private key signature, to indicate The intelligence contract is approved by our company.Intelligent contract in alliance after all member's signatures just can be mounted into multi-party computations clothes It is engaged on the block chain provided.

In addition, alternatively, the above method can be by computer program product, i.e. computer readable storage medium is real It is existing.Computer program product may include computer readable storage medium, containing for executing each of the content of present invention The computer-readable program instructions of aspect.Computer readable storage medium, which can be, can keep and store by instruction execution equipment The tangible device of the instruction used.Computer readable storage medium for example can be but not limited to storage device electric, magnetic storage is set Standby, light storage device, electric magnetic storage apparatus, semiconductor memory apparatus or above-mentioned any appropriate combination.It is computer-readable The more specific example (non exhaustive list) of storage medium includes: portable computer diskette, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), static random access memory (SRAM), Portable compressed disk read-only memory (CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanical coding Equipment, the punch card for being for example stored thereon with instruction or groove internal projection structure and above-mentioned any appropriate combination.Here Used computer readable storage medium is not interpreted as instantaneous signal itself, such as radio wave or other Free propagations Electromagnetic wave, the electromagnetic wave (for example, the light pulse for passing through fiber optic cables) propagated by waveguide or other transmission mediums or pass through The electric signal of electric wire transmission.

Fig. 5 shows the multi-party computations device 500 based on block chain network of one embodiment according to the present invention Schematic diagram, wherein the block chain network and the first client, at least one second client and at least one third visitor The communication connection of family end.From figure 5 it can be seen that the multi-party computations device 500 based on block chain network includes processor 510 With the memory 520 coupled with processor 510.

Memory 520 is stored with instruction.Instruction makes processor 510 execute following movement when being executed by processor 510:

The combined value is returned to first client.

In one embodiment according to the present invention, execute the processor 510 with Lower operation:

The secret information is sent at least one described second client.

Those skilled in the art can also be preferably introduced homomorphic encryption algorithm it is to be appreciated that when running this device, Be optionally able in the computation requests include the first information associated with the group of multi-party computations to be participated in And second information associated with information to be checked, wherein the group includes at least two participants and first letter Breath includes ring signatures；In addition, being also able to verify that ring signatures in the method and in the case where the ring signatures are verified, Homomorphic encryption iunctions are initialized using predetermined public key and send institute to block chain node associated with the group State computation requests, platform associated with block chain signature and the ginseng for indicating at least one selected participant With square information；Preferably, at least calculated result based on determined by the secret sub-information can be received and according to service logic Homomorphism calculated result is determined based on the calculated result with initialized homomorphic encryption iunctions and returns to the homomorphism and is calculated As a result.

For the block chain creation block chain account book.

In one embodiment according to the present invention, the intelligence contract data packet includes updated service logic.

Associated with computation requests issuer is stored on the block chain account book and should the side's of inquiry information.

In one embodiment according to the present invention, the ring signatures have with the group for including at least two participants There is corresponding relationship and there is no corresponding relationship with any one participant at least two participant.

In one embodiment according to the present invention, second information uses preparatory via predetermined encryption method Determining key is encrypted.

In one embodiment according to the present invention, the calculated result is used via predetermined homomorphic encryption iunctions The public key of predetermined homomorphic encryption iunctions is encrypted.

It further include for the preparatory of homomorphic encryption iunctions in the computation requests in one embodiment according to the present invention Determining public key.

In addition, memory 520 can also be stored with other instructions.These instructions make when being executed by processor 510 Processor 510 executes following movement:

The calculated result is returned to the block chain node.

Receive the secret information sent by the block chain node.

Furthermore memory 520 can also be stored with other instructions.These instructions make when being executed by processor 510 Processor 510 executes following movement:

Calculated result is at least determined based on secret sub-information associated at least one described third client；And

The calculated result is returned to the block chain node.

Fig. 6 shows the multi-party computations device based on block chain network of another embodiment according to the present invention 600 schematic diagram.It should be appreciated that device 600 can be implemented as realizing the multi-party computations based on block chain network in Fig. 1 The function of method 100, can be implemented as realize Fig. 2 in the multi-party computations method 200 based on block chain network function, Also it can be implemented as realizing the function of the multi-party computations method 300 based on block chain network in Fig. 3.It can be with from Fig. 6 Find out that the multi-party computations device 600 based on block chain network includes central processing unit (CPU) 601 (such as processor), It can according to the computer program instructions being stored in read-only memory (ROM) 602 or from storage unit 608 be loaded into Machine accesses the computer program instructions in memory (RAM) 603, to execute various movements appropriate and processing.In RAM 603 In, it can also store the device 600 and operate required various programs and data.CPU 601, ROM 602 and RAM 603 pass through total Line 604 is connected with each other.Input/output (I/O) interface 605 is also connected to bus 604.

Multiple components in device 600 are connected to I/O interface 605, comprising: input unit 606, such as keyboard, mouse etc.； Output unit 607, such as various types of displays, loudspeaker etc.；Storage unit 608, such as disk, CD etc.；And it is logical Believe unit 609, such as network interface card, modem, wireless communication transceiver etc..It is all that communication unit 609 allows the device 600 to pass through As the computer network of internet and/or various telecommunication networks exchange information/data with other equipment.

Various methods described above, such as the multi-party computations method based on block chain network can be single by processing Member 601 executes.For example, in some embodiments, can be implemented as by the multi-party computations method 100 of block chain network based on Calculation machine software program is tangibly embodied in machine readable media, such as storage unit 608.In some embodiments, it calculates The some or all of of machine program can be loaded into and/or be installed to the device via ROM 602 and/or communication unit 609 On 600.When computer program is loaded into RAM 603 and is executed by CPU 601, method as described above 100 can be executed In one or more movements or step.

In general, various example embodiments of the invention can in hardware or special circuit, software, firmware, logic, or Implement in any combination thereof.Some aspects can be implemented within hardware, and other aspects can be can be by controller, micro process Implement in the firmware or software that device or other calculating equipment execute.When the various aspects of the embodiment of the present invention are illustrated or described as When block diagram, flow chart or other certain graphical representations of use, it will be understood that box described herein, device, system, techniques or methods Can be used as unrestricted example hardware, software, firmware, special circuit or logic, common hardware or controller or other It calculates and implements in equipment or its certain combination.

Although described above is various example embodiments of the invention can realize in hardware or special circuit, on Stating can both be implemented in hardware for the data processing equipment of block chain, can also be by way of software come real It is existing, this is because: in the 1990s, a technological improvement can easily belong to the improvement on hardware to the improvement (for example, improvement to circuit structures such as diode, transistor, switches) still falls within the improvement on software (such as method The improvement of process).However, with the sustainable development of technology, the improvement of many method flows of today can nearly all pass through by Improved method flow is programmed into hardware circuit to realize, in other words, by programming different programs for hardware circuit To obtaining corresponding hardware circuit, that is, realize the change of hardware circuit, therefore the improvement of such method flow It can also be considered as directly improving for hardware circuit.Therefore, it cannot be said that the improvement of a method flow cannot use hardware Entity module is realized.For example, programmable logic device (Programmable Logic Device:PLD) (such as scene can Program gate array (Field Programmable Gate Array:FPGA)) it is exactly such a integrated circuit, logic function Device programming can be determined by user.It is voluntarily programmed by designer a digital display circuit " integrated " may be programmed a piece of On logical device, dedicated IC chip is designed and made without asking chip maker.Moreover, nowadays replacing IC chip is manually made, this programming is also used " logic compiler (logic compi1er) " software instead mostly and come in fact Existing, software compiler used is similar when it writes with program development, and the source code before compiling is also handy specific Programming language write, this is referred to as hardware description language (Hardware Description Language:HDL), and HDL also not only-kind, but there are many kind, as ABEL (Advanced Boolean Expression Language), AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、 Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language) etc., most generally use at present VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) with Verilog.Those skilled in the art, which also will be apparent to the skilled artisan that, only to need with above-mentioned several hardware description languages slightly to patrol method flow It collects and programs and be programmed into integrated circuit, so that it may be readily available the hardware circuit for realizing the logical method process.

For executing the computer-readable program instructions or computer program product of the various aspects of the content of present invention It can store beyond the clouds, when needing to call, user can be accessed by mobile Internet, fixed network or other networks and is stored in The computer-readable program instructions of the one side for executing the content of present invention on cloud, thus implementation basis the content of present invention Various aspects disclosed in technical solution.

In conclusion by generating secret sub-information by the secret splitting side being randomly assigned, so that platform is obtained The calculated result taken is not initial data, but according to the data of initial data and the synthesis of secret sub-information, even if therefore platform and Issuer's collusion will not allow issuer that can obtain the initial data of each side of being queried, and then improve data-privacy protection Safety；Furthermore by being randomly assigned secret splitting side, even if thus secret splitting side previous and issuer and platform Collusion is also greatly lowered a possibility that obtaining initial data together, this is because secret splitting side is not fixed, and It is randomly assigned, further prevents the risk of the leaking data due to caused by multi-party collusion, to eliminate multi-party meter Participant is calculated for providing the needs of the trust of the multi-party supplier for calculating service, improves the multi-party participant for calculating service Participation wish so that the acceptable degree calculated in many ways is improved.

The foregoing is merely the embodiment alternative embodiment of the content of present invention, the embodiment being not intended to restrict the invention, For those skilled in the art, the embodiment of the present invention can have various modifications and variations.It is all in implementation of the invention Within the spirit and principle of example, made any modification, equivalence replacement, improvement etc. should be included in the embodiment of the present invention Within protection scope.

Although by reference to several embodiments that specific examples describe the present invention, but it is to be understood that of the invention Embodiment is not limited to disclosed specific embodiment.The embodiment of the present invention be intended to cover appended claims spirit and Included various modifications and equivalent arrangements in range.The scope of the claims meets broadest explanation, thus comprising all Such modification and equivalent structure and function.

Claims

1. a kind of multi-party computations method based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, the multi-party computations method include:

At the block chain node of the block chain network, the computation requests sent by the first client are received, the calculating is asked Seek the id information of at least one the second client including determining at random；

The computation requests are sent at least one described second client and at least one described third client, to indicate It states at least one second client and secret information is divided into multiple secret sub-informations, and indicate at least one third visitor Family end obtains corresponding secret sub-information from least one described second client；

From at least one described second client and at least one described third client, receive respectively at least based on described more Multiple calculated results that a secret sub-information generates；

The combined value is returned to first client.

2. multi-party computations method according to claim 1, which is characterized in that the multi-party computations method is also wrapped It includes:

The secret information is sent at least one described second client.

3. a kind of multi-party computations method based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, which is characterized in that the multi-party computations method packet It includes:

At at least one described second client, receives and asked by the calculating that the block chain node of the block chain network is sent It asks；

Secret information is divided into multiple secret sub-informations, wherein the secret sub-information is by least one third client End obtains from least one described second client；

The calculated result is returned to the block chain node.

4. multi-party computations method according to claim 3, which is characterized in that the multi-party computations method is also wrapped It includes:

Receive the secret information sent by the block chain node.

5. a kind of multi-party computations method based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, which is characterized in that the multi-party computations method packet It includes:

At at least one third client, the computation requests sent by the block chain node of the block chain network, institute are received State the id information that computation requests include at least one second client determined at random；

Corresponding secret sub-information is obtained from least one described second client, wherein the secret sub-information is by institute State what at least one second client formed secret information partition；

The calculated result is returned to the block chain node.

6. a kind of multi-party computations device based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, the multi-party computations device include:

Processor；And

The combined value is returned to first client.

7. multi-party computations device according to claim 6, which is characterized in that also make institute when described instruction executes It states processor and executes following operation:

The secret information is sent at least one described second client.

8. a kind of multi-party computations device based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, the multi-party computations device include:

Processor；And

The calculated result is returned to the block chain node.

9. multi-party computations device according to claim 9, which is characterized in that also make institute when described instruction executes It states processor and executes following operation:

Receive the secret information sent by the block chain node.

10. a kind of multi-party computations device based on block chain network, the block chain network and the first client, at least one A second client and the connection of at least one third client communication, the multi-party computations device include:

Processor；And

The calculated result is returned to the block chain node.

11. a kind of computer readable storage medium has the computer-readable program instructions being stored thereon, the computer Readable program instructions are according to any one of claim 1 to 5 based on the Secure of block chain network by executing Calculation method.