Detailed Description
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure. It is to be understood that the described embodiments are only a few, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from one or more embodiments of the disclosure without making any creative effort shall fall within the scope of the disclosure.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of systems and methods consistent with certain aspects of the present description, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In daily life, people are often faced with the following scenarios: certain confidential information can be issued only if the corresponding issuance conditions are satisfied; such as a regularly released business plan, a regularly released list of winners, an order released after the party has died, etc. Once the confidential information is released in advance, the value of the confidential information itself is slightly decreased, and a series of disputes and losses are caused.
In the related art, a mechanism similar to the timed mail transmission may be adopted, in which the confidential information is first stored in the server in advance, and then published in the case where it is determined that the publishing condition is satisfied, so as to avoid leakage of the confidential information in the case where the publishing condition is not satisfied.
However, in this process, the confidential information does not need to be leaked, and needs not to be tampered or replaced, and in the above mechanism, the confidential information stored in the server in advance may be tampered or replaced, and thus, the confidential information does not have sufficient reliability.
Based on this, the present specification discloses an information publishing method based on a blockchain, which aims to utilize the characteristic that data linked with a chain certificate in a blockchain network can be mutually verified by each node and is difficult to tamper, to broadcast encrypted data to be published to the blockchain network in advance, and then the information publishing node publishes a decryption key under the condition that corresponding publishing conditions are met, so as to complete conditional publishing of the information to be published.
In implementation, a block chain structure as shown in fig. 1 may be adopted. Fig. 1 is a schematic structural diagram of a block chain described in the specification, where, in a plurality of nodes of the block chain, a node carrying a decryption key of encrypted data to be distributed may be denoted as an information distribution node; an intelligent contract is pre-deployed in the block chain, and the intelligent contract comprises encrypted data to be issued, corresponding decryption logic and issuing logic;
under the condition that the information issuing node determines that the issuing condition corresponding to the information to be issued is met, the information issuing node calls the intelligent contract in a broadcast transaction mode, and transmits the decryption key into the decryption logic of the intelligent contract in a parameter mode, so that the decryption logic of the intelligent contract is successfully completed, and finally, the issuing logic in the intelligent contract is utilized to complete the issuing of the information to be issued.
Referring to fig. 2, fig. 2 illustrates a typical process of deploying and invoking intelligent contracts on a blockchain. A Smart contract (Smart contract) on a blockchain is a contract on the blockchain that may be executed by a transaction trigger. The intelligent contract can be defined by the form of codes, and specifically can be byte codes which are compiled by a developer after being compiled by a high-level language and can be directly executed by block link points; when the nodes reach the agreement through the consensus mechanism, the intelligent contract is successfully deployed, and a subsequent user can invoke the intelligent contract.
Generally, a transaction containing information for calling the intelligent contract is sent to an Ethernet shop network, so that each node executes the transaction to call the intelligent contract; specifically, the transaction may include information such as an address and parameters of the intelligent contract to be invoked; the intelligent contract can be independently executed at each node in the blockchain network in a specified mode, and all execution records and data are stored on the blockchain, so that after the transaction is executed, transaction certificates which cannot be tampered and lost are stored on the blockchain.
By applying the technical scheme, on one hand, in the block chain network, the information publishing node broadcasts the decryption key only under the condition that the publishing condition corresponding to the information to be published is met, so that the information to be published cannot be directly read under the condition that the corresponding publishing condition is not met;
on the other hand, as the block chain has the characteristics of transparent disclosure and mutual authentication, the encrypted information to be disclosed is disclosed to the block chain network in advance, so that the possibility of tampering and replacement of the information to be disclosed can be avoided, and the reliability of the mechanism is improved.
The technical solution described in the present specification is described in detail by specific examples below.
Referring to fig. 3, fig. 3 is a block chain-based information distribution method applied to a node in a block chain network according to an embodiment of the present disclosure; wherein the blockchain deploys an intelligent contract for publishing information; the intelligent contract stores information to be issued encrypted by the information issuing node in the block chain network based on the held encryption key; the method performs the steps of:
s301, receiving a target transaction which is broadcast by an information publishing node in the block chain network and sent to the block chain network when the information to be published meets a publishing condition and is used for calling the intelligent contract; wherein the target transaction includes a decryption key corresponding to the encryption key;
s302, responding to the target transaction, calling a decryption logic in the intelligent contract, and decrypting the information to be issued stored in the intelligent contract based on the decryption key; and after the information to be issued is decrypted, further calling an issuing logic in the intelligent contract to issue the decrypted information to be issued.
The scheme is described step by step according to three links of intelligent contract deployment, issuing information to be issued according to issuing conditions and key handover.
In this specification, a blockchain may adopt a structure as shown in fig. 1, and nodes in the blockchain may be divided into two types from a functional perspective: a common node and an information publishing node; the information publishing node can encrypt the information to be published based on an encryption key held by the information publishing node in advance, and deploy the encrypted information to be published and corresponding decryption logic (not including the decryption key) and publishing logic on the whole block chain network in the form of an intelligent contract;
for an ordinary node, after the smart contract is deployed and before the smart contract is invoked, the encrypted to-be-issued information in the smart contract, and the corresponding decryption logic and issuing logic may be regarded as being held, but due to the lack of the decryption key and the fact that the smart contract is not invoked, the specific content of the to-be-issued information is still in an encrypted and agnostic state for the ordinary node.
For the whole blockchain network, under the condition that the distribution condition of the information to be distributed is not met, a decryption key for decrypting the encrypted information to be distributed is only held by the information distribution node in a secret manner, so that the information to be distributed is still in an encrypted state under the public environment, and the actual content cannot be known by the public.
It can be understood that, the specific algorithm for encrypting/decrypting the encrypted information, the detailed process for deploying the intelligent contract, and the implementation details of the programming language, the decryption logic, the release logic and the like adopted by the intelligent contract may all depend on the specific implementation environment; for example, as shown in fig. 2, when a contract is created, a developer may write in a high-level language and deploy it on a blockchain via compilation and packaging, and when the contract is invoked, the specific manner may be that a node initiates a transaction that includes a contract address. Therefore, a person skilled in the art can refer to the relevant technical documents to complete the specific design of the above process, and the specification is not necessarily limited to the specific design.
In this specification, it is to be understood that the information distribution node may be a specific node in a block chain, or may be a plurality of nodes that cooperate with each other; for example, the node a encrypts the data to be issued by using the public key of the node B, and completes the deployment of the corresponding intelligent contract, in this case, the decryption key of the data to be issued is the private key of the node B, and therefore, the node B can undertake the tasks of judging whether the issuing condition is satisfied, issuing the decryption key, and calling the corresponding intelligent contract, and therefore, the node a and the node B jointly implement the function of information issuing.
In this specification, the information publishing node may construct, according to the decryption key of the information to be published, a target transaction capable of invoking a corresponding intelligent contract when a publishing condition corresponding to the information to be published is satisfied, and broadcast-transmit the target transaction to the blockchain network; correspondingly, the common node can receive the target transaction which is broadcast and sent to the block chain network by the information publishing node when the publishing condition corresponding to the information to be published is met, and obtain the decryption key from the target transaction;
for example, if the information to be released is a business plan of a certain company, which needs to be released at 3, 2 and 2 days 14:00 of 2020 in beijing, and a node device of the company on the blockchain is used as an information release node, then the business plan may be encrypted in advance and deployed on the blockchain network in the manner of an intelligent contract; when the information issuing node determines that the information issuing condition is met in 14:00 days 3, 2 and 3 of 2020 in Beijing, the information issuing node sends a target transaction for calling the intelligent contract to the block chain broadcast, wherein the target transaction carries a corresponding decryption key; for other nodes on the blockchain network (e.g., other corporate uplink smart devices), upon receiving the target transaction, the corresponding decryption key is obtained.
In this specification, the common node may invoke a decryption logic in the intelligent contract in response to the target transaction, and complete decryption of encrypted information to be issued stored in the intelligent contract based on a decryption key obtained in the above process; then, the issuing logic in the intelligent contract can be further called to issue the decrypted information to be issued;
still taking the above scenario as an example, after receiving the target transaction of the invoking intelligent contract, the common node in the block chain may execute the decryption logic in the intelligent contract, complete decryption of the pre-encrypted business plan by using the decryption key obtained from the target transaction, and further issue the decrypted business plan by invoking the issue logic in the intelligent contract; from the public perspective, all people can review the business plan published at regular time after 3, 2, 14:00 of Beijing, 2020, and the initial objective is achieved.
In this specification, the distribution conditions in the above design may be set according to specific requirements, and only the information distribution node may recognize and make a judgment, and this specification does not need to be specifically limited.
In an embodiment, the publishing condition may include: the current moment reaches a preset release moment; for example, in the example of the timed distribution business plan, the preset state is "14: 00 at 3/month and 2/day and after 2020", and thus by 14:00 at 3/month and 2/day of 2020, the information distribution node can determine that the current time reaches the preset state, and trigger the subsequent action.
In an embodiment, the publishing condition may include: the state of an information release event corresponding to the information to be released reaches a preset state; for example, if a wisdom needs to be disclosed after zhang xiao died, the information to be issued is the wisdom, the corresponding information issuing event is zhang xiao died, the preset state is that the event has occurred, and after zhang xiao died indeed, the information issuing node can be triggered to perform subsequent actions.
In the present specification, the type of blockchain may be selected by a person skilled in the art according to specific requirements, and the present specification is not particularly limited; for example, for the publication of information inside a company, a private chain inside the company can be used to reduce cost and improve efficiency; for more important protocols, a public chain can be selected to obtain higher security; and so on.
In one embodiment shown, the blockchain may be selected from a federation chain; a federation chain can be a compromise because it has both faster processing speed relative to a public chain and higher security relative to a private chain.
In this specification, the information distribution node may transfer the decryption key held by the information distribution node to another node, so that the other node may also provide the function of the information distribution node. Referring to fig. 4, fig. 4 shows an interactive process of key handover.
In one embodiment shown, corresponding to the key handover stage in fig. 4, for the information distribution node, the public key of some common node may be used to encrypt the decryption key, so as to construct a key handover transaction, and the key handover transaction is broadcast and sent to the blockchain network; for a corresponding common node, the node can receive a key handover transaction sent to a blockchain network by the broadcast of an information distribution node in the blockchain network; wherein, the key transfer transaction comprises a decryption key encrypted by using the public key of the node;
further, the common node may decrypt the encrypted decryption key based on the private key of the node in response to the key handover transaction, to obtain the decryption key; the node can be switched from the common node to the information publishing node.
In this specification, after confirming that the handover key is successful, the information distribution node may switch to a normal node, and no longer provide the function of the information distribution node.
In one embodiment shown, corresponding to the key handover confirmation phase in fig. 4, for a new information publishing node receiving a decryption key, a key handover confirmation transaction containing its own digital signature may be constructed and broadcast to the blockchain network; the original information issuing node responds to the key handover confirmation transaction, and after the digital signature passes verification, the stored decryption key can be deleted and the original information issuing node is switched to a common node.
By adopting the scheme, on one hand, only a specific node (namely, the node providing the public key used for encrypting the decryption key) has the corresponding private key, so that the decryption key can still be regarded as an unpublished state, and the confidentiality of the original information to be issued is not influenced; on the other hand, the new information publishing node can be used as a backup, and negative effects caused by failure and abnormity of the original information publishing node can be avoided to a certain extent.
In practical application, a node directly holds a finished decryption key and still has certain risk, so the specification also discloses another information issuing method based on a block chain, on the basis of the scheme, the decryption key is processed into a plurality of fragments through a threshold algorithm and is jointly stored by a plurality of nodes in the block chain; only when the nodes exceeding the threshold number corresponding to the threshold algorithm disclose the key fragments thereof, the nodes on the block chain can restore the decryption key according to the disclosed key fragments, and further finish decryption and disclosure of the information to be issued.
The threshold algorithm based fragment processing means that data to be processed is divided into n fragments and distributed to n holders, the data can be recovered according to any fragments not less than k, and any information of a ciphertext cannot be obtained by any fragments less than k; where k is the "threshold".
By adopting the scheme, because a single node does not hold a complete decryption key, taking n nodes respectively holding fragments and taking a threshold as k as an example, if the decryption key is leaked maliciously, at least k nodes are required to be badly used; as long as the number of the failed nodes is not more than n-k, the key recovery can be successfully completed; therefore, the method obviously avoids the risk of single node doing badness, reduces the risk brought by node failure and improves the reliability of the whole mechanism.
It can be understood that, in the actual design, the number n of the fragments and the value of the threshold k may be adjusted and set by a person skilled in the art according to specific requirements, and the specification does not need to be specifically limited.
Please refer to fig. 5, fig. 5 is another structural diagram of the block chain described in the present specification. Similar to the previous example, in this scenario, an intelligent contract is pre-deployed in the blockchain, the intelligent contract includes encrypted data to be issued, and corresponding decryption logic and issue logic, and a plurality of common nodes not carrying decryption keys also exist in the blockchain; different from the previous example, the information distribution function is not provided by a single node in the block chain, but is cooperatively provided by a plurality of nodes carrying the decryption key fragments of the encrypted data to be distributed.
Specifically, please refer to fig. 6, fig. 6 is a flow chart of another block chain-based information distribution method described in this specification; the method is applied to nodes in a block chain network; the blockchain deploys intelligent contracts for publishing information; the intelligent contract stores information to be issued which is encrypted by an information issuing node in the block chain network based on a held encryption key; the decryption key corresponding to the encryption key is converted into a plurality of key fragments after fragmentation processing is carried out by the information issuing node based on a threshold algorithm, and the key fragments are respectively sent to a plurality of nodes in the block chain network; the method comprises the following steps:
s601, determining whether the information to be issued meets the issuing condition;
s602, if the information to be issued meets the issuing condition, the received key fragment broadcast sent by the information issuing node is sent to a block chain network, and the key fragments broadcast by other nodes are collected; and reducing the decryption key based on the collected key fragments;
s603, after the decryption key is restored, constructing a target transaction for calling the intelligent contract; wherein the target transaction includes the restored decryption key;
s604, the target transaction broadcast is sent to a block chain network, so that nodes in the block chain network respond to the target transaction, a decryption logic in the intelligent contract is called, the information to be issued stored in the intelligent contract is decrypted based on the decryption key, and after the decryption is completed, the issuing logic in the intelligent contract is further called to issue the decrypted information to be issued.
The scheme is described step by step according to three links of intelligent contract deployment, issuing information to be issued according to issuing conditions and key handover.
In this specification, a blockchain may adopt a structure as shown in fig. 5, and nodes in the blockchain may be divided into three types from a functional perspective: an information distribution node (not shown in fig. 5), a node holding a key fragment, and a common node; the information publishing node can encrypt the information to be published based on an encryption key held by the information publishing node in advance, and deploy the encrypted information to be published and corresponding decryption logic (not including the decryption key) and publishing logic on the whole block chain network in the form of an intelligent contract; in addition, the information issuing node can also process the corresponding decryption key into a plurality of key fragments based on a threshold algorithm and respectively send the key fragments to a plurality of other nodes, and the nodes receiving the key fragments can be marked as the nodes holding the key fragments;
for an ordinary node, after the smart contract is deployed and before the smart contract is invoked, the encrypted to-be-issued information in the smart contract, and the corresponding decryption logic and issuing logic may be regarded as being held, but due to the lack of the decryption key and the fact that the smart contract is not invoked, the specific content of the to-be-issued information is still in an encrypted and agnostic state for the ordinary node.
For the whole blockchain network, under the condition that the publishing condition of the information to be published is not met, the decryption key for decrypting the encrypted information to be published is in a fragmentation state, so that the information to be published is still in an encrypted state in a public environment, and the actual content cannot be ascertained by the public.
It can be understood that, the specific algorithm for encrypting/decrypting the encrypted information, the detailed process for deploying the intelligent contract, and the implementation details of the programming language, the decryption logic, the release logic and the like adopted by the intelligent contract may all depend on the specific implementation environment; for example, as shown in fig. 2, when a contract is created, a developer may write in a high-level language and deploy it on a blockchain via compilation and packaging, and when the contract is invoked, the specific manner may be that a node initiates a transaction that includes a contract address. Therefore, a person skilled in the art can refer to the relevant technical documents to complete the specific design of the above process, and the specification is not necessarily limited to the specific design.
In this specification, it can be understood that, in the execution process of the method, in order to ensure that the reassembly through the fragments is the only way to obtain the complete decryption key, the information distribution node holding the complete decryption key should ensure that the complete decryption key is not leaked, the specific manner may be direct deletion, or exit from the blockchain network, and the like, and a person skilled in the art may design the method by himself according to specific situations, and this specification is not limited specifically.
In this specification, the execution subject of the method is the node holding the key fragment; the node holding the key fragment can send the held key fragment broadcast from the information publishing node to the block chain network when the publishing condition corresponding to the information to be published is met, and collect the key fragments broadcast by other nodes; due to the characteristics of the threshold algorithm, under normal conditions (the number of invalid nodes holding the key fragments is not too large, and the number of malicious nodes holding the key fragments is not too large), if and only if the nodes holding the key fragments can meet the distribution condition corresponding to the information to be distributed, enough key fragments can be collected, so that the decryption key can be restored.
In this specification, after the decryption key is restored, a target transaction capable of invoking a corresponding intelligent contract may be constructed according to the decryption key, and the target transaction is broadcast and sent to a block chain network; correspondingly, the common node can receive the target transaction and obtain a decryption key from the target transaction;
for example, the information to be issued is a business plan of a certain company, and needs to be issued 14:00 3/2/2020 in beijing, the business plan may be encrypted in advance and deployed on a block chain network in the form of an intelligent contract in the manner described above, and the fragments of the decryption key are held by a plurality of nodes respectively; in 14:00, 3, 2 and 2 of 2020 by Beijing, the information distribution node determines that the information distribution condition is satisfied, and the node holding the decryption key fragment broadcasts the respective key fragment to the blockchain and restores the decryption key according to the received key fragment; then sending a target transaction for calling the intelligent contract, wherein the target transaction carries a corresponding decryption key; for other nodes on the blockchain network (e.g., other corporate uplink smart devices), upon receiving the target transaction, the corresponding decryption key is obtained.
In this specification, after the target transaction is broadcast to the blockchain network, a node in the blockchain may respond to the target transaction, may invoke a decryption logic in the intelligent contract, and complete decryption of the encrypted to-be-issued information stored in the intelligent contract based on the decryption key obtained in the above process; then, the issuing logic in the intelligent contract can be further called to issue the decrypted information to be issued;
still taking the above scenario as an example, after receiving the target transaction of the invoking intelligent contract, the node in the block chain may execute the decryption logic in the intelligent contract, complete decryption of the pre-encrypted business plan by using the decryption key obtained from the target transaction, and further issue the decrypted business plan by invoking the issue logic in the intelligent contract; from the public perspective, all people can review the business plan published at regular time after 3, 2, 14:00 of Beijing, 2020, and the initial objective is achieved.
In this specification, the distribution conditions in the above design may be set according to specific requirements, and only the information distribution node may recognize and make a judgment, and this specification does not need to be specifically limited.
In an embodiment, the publishing condition may include: the current moment reaches a preset release moment; for example, in the example of the timed distribution business plan, the preset state is "14: 00 at 3/month and 2/day and after 2020", and thus by 14:00 at 3/month and 2/day of 2020, the information distribution node can determine that the current time reaches the preset state, and trigger the subsequent action.
In an embodiment, the publishing condition may include: the state of an information release event corresponding to the information to be released reaches a preset state; for example, if a wisdom needs to be disclosed after zhang xiao died, the information to be issued is the wisdom, the corresponding information issuing event is zhang xiao died, the preset state is that the event has occurred, and after zhang xiao died indeed, the information issuing node can be triggered to perform subsequent actions.
In the present specification, the type of blockchain may be selected by a person skilled in the art according to specific requirements, and the present specification is not particularly limited; for example, for the publication of information inside a company, a private chain inside the company can be used to reduce cost and improve efficiency; for more important protocols, a public chain can be selected to obtain higher security; and so on.
In one embodiment shown, the blockchain may be selected from a federation chain; in the alliance chain, a plurality of committee nodes with the issuing authority of the information to be issued can be selected to be responsible for carrying the key fragments; the specific selection manner can be determined according to specific situations, and the person skilled in the art can select the selection manner by referring to the related art, and the specification is not particularly limited. A federation chain can be a compromise because it has both faster processing speed relative to a public chain and higher security relative to a private chain.
In this specification, a node may have a validity period for an authority for issuing information to be issued, and if the authority of a node holding a key fragment expires, the node may hand over a decryption key fragment held by the node to another node holding the key fragment.
In an illustrated embodiment, please refer to fig. 7, fig. 7 shows an interactive process of key handover by way of twice fragmentation; under the condition that the issuing condition is not satisfied, in response to the expiration of the validity period of the issuing authority of the information to be issued, the committee node can perform secondary fragmentation processing on the key fragments held by the committee node based on a threshold algorithm; encrypting the obtained fragments of the plurality of key fragments respectively by using public keys of other committee nodes in the block chain, and constructing secondary fragment transaction based on the obtained encrypted fragments of the key fragments;
after the secondary fragment transaction broadcast is sent to the blockchain network, other committee nodes in the blockchain network can respond to the secondary fragment transaction and decrypt the fragments of the key fragments encrypted by the respective public keys according to the respective private keys to obtain the fragments of the key fragments.
It can be understood that, after the authority of any committee node is exceeded, committee nodes can be elected in the block chain, so that the common node becomes a new committee node to ensure that the number of the committee nodes is relatively stable.
Through the process, the node with the overdue authority can distribute the key fragments carried by the node with the overdue authority to other committee nodes, and the other committee nodes can restore the fragments of the key fragments into the key fragments originally held by the node with the overdue authority through a similar method, so that the smooth restoration of the original decryption key cannot be influenced finally.
The present specification provides an information distribution apparatus based on a block chain, which is applied to a node in a block chain network; wherein intelligent contracts used for issuing information are deployed in the blockchain; the intelligent contract stores information to be issued which is encrypted by the information issuing node in the block chain network based on the held encryption key; referring to fig. 8, fig. 8 is a schematic structural diagram of the information distribution apparatus based on a blockchain, the apparatus including:
the target transaction receiving module 801 is used for receiving a target transaction which is broadcast and sent to the blockchain network by an information publishing node in the blockchain network when the information to be published meets publishing conditions and is used for calling the intelligent contract; wherein the target transaction includes a decryption key corresponding to the encryption key;
the information decryption issuing module 802, in response to the target transaction, invokes a decryption logic in the intelligent contract, and decrypts the information to be issued stored in the intelligent contract based on the decryption key; and after the information to be issued is decrypted, further calling an issuing logic in the intelligent contract to issue the decrypted information to be issued.
In this specification, the information publishing node may construct, according to the decryption key of the information to be published, a target transaction capable of invoking a corresponding intelligent contract when a publishing condition corresponding to the information to be published is satisfied, and broadcast-transmit the target transaction to the blockchain network; correspondingly, the target transaction receiving module 801 may receive the target transaction broadcast by the information publishing node and sent to the blockchain network when the publishing condition corresponding to the information to be published is satisfied, and obtain the decryption key therefrom.
In this specification, the information decryption issuing module 802 may invoke a decryption logic in the intelligent contract in response to the target transaction, and complete decryption of the encrypted to-be-issued information stored in the intelligent contract based on the decryption key obtained in the above process; and then, further calling a publishing logic in the intelligent contract to publish the decrypted information to be published.
In this specification, the distribution conditions in the above design may be set according to specific requirements, and only the information distribution node may recognize and make a judgment, and this specification does not need to be specifically limited.
In an embodiment, the publishing condition may include: the current moment reaches a preset release moment; for example, the release time may be preset to 14:00 at 2020, 5, month and 2 of beijing, and the subsequent action may be triggered when the current time reaches 14:00 at 2020, 5, month and 2 of beijing.
In an embodiment, the publishing condition may include: the state of an information release event corresponding to the information to be released reaches a preset state; for example, if a wisdom needs to be disclosed after zhang xiao died, the information to be issued is the wisdom, the corresponding information issuing event is zhang xiao died, the preset state is that the event has occurred, and after zhang xiao died indeed, the information issuing node can be triggered to perform subsequent actions.
In the present specification, the type of blockchain may be selected by a person skilled in the art according to specific requirements, and the present specification is not particularly limited; for example, for the publication of information inside a company, a private chain inside the company can be used to reduce cost and improve efficiency; for more important protocols, a public chain can be selected to obtain higher security; and so on.
In one embodiment shown, the blockchain may be selected from a federation chain; a federation chain can be a compromise because it has both faster processing speed relative to a public chain and higher security relative to a private chain.
In this specification, the apparatus may further include a key receiving module, configured to receive a decryption key handed over by the information distribution node, so that the node may also provide the function of the information distribution node. Referring to fig. 4, fig. 4 shows an interactive process of key handover.
In one embodiment, corresponding to the key handover stage in fig. 4, the apparatus may further include a key receiving module, which may accept a key handover transaction sent by the information distribution node in the blockchain network to the blockchain network in a broadcast manner; wherein, the key transfer transaction comprises a decryption key encrypted by using the public key of the node; further, the module may decrypt the encrypted decryption key based on the private key of the node to obtain the decryption key; and the node is switched from the common node to the information distribution node.
In this specification, the apparatus may further include a key reception confirmation module, so that the information distribution node may switch to a normal node after confirming that the handover key is successful, and no function of the information distribution node is provided.
In an embodiment shown, corresponding to the key handover confirmation stage in fig. 4, the apparatus may further include a key reception confirmation module, which may construct a key handover confirmation transaction including a digital signature of itself, and broadcast and send the key handover confirmation transaction to the blockchain network, so that the original information issuing node may delete the stored decryption key and switch itself to a normal node in response to the key handover confirmation transaction after the digital signature is verified.
By adopting the scheme, on one hand, only a specific node (namely, the node providing the public key used for encrypting the decryption key) has the corresponding private key, so that the decryption key can still be regarded as an unpublished state, and the confidentiality of the original information to be issued is not influenced; on the other hand, the new information publishing node can be used as a backup, and negative effects caused by failure and abnormity of the original information publishing node can be avoided to a certain extent.
The specification also discloses an information issuing device based on the block chain, which is applied to the nodes in the block chain network; the block chain is provided with an intelligent contract used for issuing information; the intelligent contract stores information to be issued encrypted by the information issuing node in the block chain network based on the held encryption key; the decryption key corresponding to the encryption key is converted into a plurality of key fragments after fragmentation processing is carried out by the information publishing node based on a threshold algorithm, and the key fragments are respectively sent to a plurality of nodes in the block chain network;
referring to fig. 9, fig. 9 is a schematic structural diagram of the apparatus, which includes:
a publishing condition determining module 901, configured to determine whether the information to be published meets a publishing condition;
a decryption key restoration module 902, configured to send the received key fragment broadcast sent by the information distribution node to the block link network and collect the key fragments broadcast by other nodes when the information to be distributed meets the distribution condition; and recovering the decryption key based on the collected key fragments;
a target transaction construction module 903, which constructs a target transaction for calling the intelligent contract after the decryption key is restored; wherein, the target transaction comprises the restored decryption key;
and the target transaction sending module 904 is configured to send the target transaction broadcast to a blockchain network, so that a node in the blockchain network invokes a decryption logic in the intelligent contract in response to the target transaction, decrypts the to-be-issued information stored in the intelligent contract based on the decryption key, and further invokes an issuing logic in the intelligent contract to issue the decrypted to-be-issued information after decryption is completed.
It can be understood that, in the actual design, the number n of the fragments and the value of the threshold k may be adjusted and set by a person skilled in the art according to specific requirements, and the specification does not need to be specifically limited.
In this specification, the execution subject of the method is the node holding the key fragment; the decryption key restoring module 902 may send the held key fragments from the information distribution node to the block chain network in a broadcast manner when the distribution condition determining module 901 determines that the distribution condition corresponding to the information to be distributed is satisfied, and collect the key fragments broadcast by other nodes; and restoring the decryption key based on the collected key fragments.
In this specification, after the decryption key is restored, the target transaction construction module 903 may construct a target transaction capable of invoking a corresponding intelligent contract according to the decryption key, and the target transaction transmission module 904 may broadcast and transmit the target transaction to a block chain network, so that a node in a block chain may respond to the target transaction, invoke a decryption logic in the intelligent contract, and complete decryption of encrypted information to be issued stored in the intelligent contract based on the decryption key obtained in the above process; and then, further calling a publishing logic in the intelligent contract to publish the decrypted information to be published.
In this specification, the distribution conditions in the above design may be set according to specific requirements, and only the information distribution node may recognize and make a judgment, and this specification does not need to be specifically limited.
In an embodiment, the publishing condition may include: the current moment reaches a preset release moment; for example, the release time may be preset to 14:00 at 2020, 5, month and 2 of beijing, and the subsequent action may be triggered when the current time reaches 14:00 at 2020, 5, month and 2 of beijing.
In an embodiment, the publishing condition may include: the state of an information release event corresponding to the information to be released reaches a preset state; for example, if a wisdom needs to be disclosed after zhang xiao died, the information to be issued is the wisdom, the corresponding information issuing event is zhang xiao died, the preset state is that the event has occurred, and after zhang xiao died indeed, the information issuing node can be triggered to perform subsequent actions.
In the present specification, the type of blockchain may be selected by a person skilled in the art according to specific requirements, and the present specification is not particularly limited; for example, for the publication of information inside a company, a private chain inside the company can be used to reduce cost and improve efficiency; for more important protocols, a public chain can be selected to obtain higher security; and so on.
In one embodiment shown, the blockchain may be selected from a federation chain; in the alliance chain, a plurality of committee nodes with the issuing authority of the information to be issued can be selected to be responsible for carrying the key fragments; the specific selection manner can be determined according to specific situations, and the person skilled in the art can select the selection manner by referring to the related art, and the specification is not particularly limited. A federation chain can be a compromise because it has both faster processing speed relative to a public chain and higher security relative to a private chain.
In this specification, a node may have a validity period for an authority for issuing information to be issued, and if the authority of a node holding a key fragment expires, the node may hand over a decryption key fragment held by the node to other nodes holding key fragments through a secondary fragment module.
In an illustrated embodiment, please refer to fig. 7, fig. 7 shows an interactive process of key handover by way of twice fragmentation; under the condition that the issuing condition is not satisfied, the secondary fragmentation module responds to the expiration of the validity period of the issuing authority of the information to be issued, and can perform secondary fragmentation processing on the key fragments held by the secondary fragmentation module based on a threshold algorithm; encrypting the obtained fragments of the plurality of key fragments respectively by using public keys of other committee nodes in the block chain, and constructing secondary fragment transaction based on the obtained encrypted fragments of the key fragments;
after the secondary fragmentation module sends the secondary fragmentation transaction broadcast to the blockchain network, other committee nodes in the blockchain network can respond to the secondary fragmentation transaction and decrypt the fragments of the key fragments encrypted by the respective public keys according to the respective private keys, and then the fragments of the key fragments can be obtained.
It can be understood that, after the authority of any committee node is exceeded, committee nodes can be elected in the block chain, so that the common node becomes a new committee node to ensure that the number of the committee nodes is relatively stable.
By means of the secondary fragmentation module, the nodes with the overdue authority can distribute the key fragments carried by the nodes with the overdue authority to other committee nodes, and the other committee nodes can restore the fragments of the key fragments into the key fragments originally held by the nodes with the overdue authority by a similar method, so that the smooth restoration of the original decryption key cannot be influenced finally.
The embodiments of the present specification further provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the aforementioned information distribution method based on the blockchain.
Fig. 10 is a more specific hardware structure diagram of a computing device provided in an embodiment of the present specification, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The embodiments of the present specification further provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the aforementioned another block chain-based information distribution method.
Fig. 11 is a more specific hardware structure diagram of a computing device provided in an embodiment of the present specification, where the device may include: a processor 1110, a memory 1120, an input/output interface 1130, a communication interface 1140, and a bus 1150. Wherein the processor 1110, memory 1120, input/output interface 1130, and communication interface 1140 enable communication connections within the device with each other via the bus 1150.
The processor 1110 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1120 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random access Memory), a static storage device, a dynamic storage device, or the like. The memory 1120 can store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1120 and called by the processor 1110 for execution.
The input/output interface 1130 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1140 is used to connect a communication module (not shown in the figure) to enable the device to interact with other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1150 includes a pathway for communicating information between various components of the device, such as processor 1110, memory 1120, input/output interface 1130, and communication interface 1140.
It should be noted that although the above-mentioned device only shows the processor 1110, the memory 1120, the input/output interface 1130, the communication interface 1140 and the bus 1150, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the aforementioned information distribution method based on the blockchain.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
Embodiments of the present specification also provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement another block chain-based information distribution method described above.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.