Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a block chain system of an alliance facing to data privacy protection, and solves the problem that data cannot be protected in privacy in the prior art.
The technical scheme for solving the technical problems is as follows: a federation blockchain system for data privacy protection, the federation blockchain system comprising: the system comprises a certification node, a verification node and a block chain account book module; wherein the attestation nodes and the verification nodes contain intelligent contracts, the intelligent contracts including scope management contracts and attestation contracts;
the certification node preprocesses private data read from a client to generate parameters, calls the range management contract to download a range on a specified position from the block chain account book module, and generates a zero-knowledge certification according to the parameters and the range and uploads the zero-knowledge certification to the block chain account book module;
the verification node calls the certification contract to determine the zero-knowledge certification, calls the scope management contract to determine the scope according to the zero-knowledge certification, and verifies the private data based on the scope.
The invention has the beneficial effects that: standard proof of generation relative to zk-SNARKs (i.e., 0-2)nRange of-1), the invention provides a privacy protection oriented alliance block chain data auditing implementation method based on HF and latest non-interactive zero knowledge range certification Bulletprofs (bulletproof certification) technology, which can support certification of a value range to which data belongs without revealing specific values of the data, and support generation and verification of zero knowledge range certification of a standard range and an arbitrary range, namely, the range certification of arbitrary two non-negative integers a and b, namely, the fact that one number of block chains is in the standard range can be provedQuasi-range, again this number can be demonstrated to be in any range; the verification method based on Bulletprofs can be used for quickly and easily realizing verification scenes of privacy protection data under cross-organization supervision and management without initializing parameters of each node in an initialization stage.
On the basis of the technical scheme, the invention can be further improved as follows.
Further, in the process of initializing the block chain system of the federation, the verification node invokes the range management contract to upload the upper limit and the lower limit of the range to the block chain ledger module through the range identifier in a data storage structure of a range binary tuple.
Further, the generated zero-knowledge proof is a standard range proof, and the generation process of the standard range proof includes:
generating a Pedersen commitment Com (v) from the private data v, converting the Com (v) to an inner product attestation Com (l, r); packing Com (v), Com (l, r) and the parameters into the standard range certification;
wherein v ∈ [0, 2 ]n) L, r are vector polynomials generated from private data v.
Further, the generated zero-knowledge proof is an arbitrary range proof, and the generation process of the arbitrary range proof includes:
assuming that the range of the private data v is 0. ltoreq. a.ltoreq.v < b.ltoreq.2nObtaining v ∈ [ a, a +2 ]n) And v ∈ [ b-2 ]n,b);
Converting the zero knowledge arbitrary range proof of the private data v into a standard range proof of two data: v. ofa=v-a∈[0,2n) And vb=v-b+2n∈[0,2n) (ii) a V is to bea、vbAnd packing the parameters into the arbitrary range proof.
Further, the generated zero knowledge proof is aggregated by a plurality of standard range proofs, and the generating process of the aggregated standard range proofs comprises:
according to the private data viGeneratingPedersen promises Com (v)i)、Ai=Com(aLi,aRi) And Si=Com(sLi,sRi) Wherein v isi∈[0,2n),i=1,2,...,m,sLiAnd sRiIs a blinding factor, vi=<aLi,2nIs > and aRi=aLi-1;
A is to bei,SiAll tuples of (a) are accumulated to obtain A, S, then all l are addedi,riConcatenated and converted to 2log by inner product proof2(nm) Point and 2 scalars, Com (v)i) A, S, all points, scalars, and the parameters are packaged into the plurality of standard range proof aggregations.
Further, the generated zero-knowledge proof is aggregated by a plurality of arbitrary range proofs, and the generating process of the aggregation of the plurality of arbitrary range proofs includes:
assuming said private data viIn the range of 0. ltoreq. a.ltoreq.vi<b≤2nTo obtain vi∈[a,a+2n) And vi∈[b-2n,b);
The private data viThe zero knowledge arbitrary range proof translates to a standard range proof of two data: v. ofai=vi-a∈[0,2n) And vbi=vi-b+2n∈[0,2n) (ii) a V is to beai、vaiAnd packaging the parameters into the plurality of arbitrary range attestation aggregates.
Further, in the process of initializing the block chain system of the alliance, a range identifier Rangeid and a proof identifier Proofid are set, the range at the designated position is uploaded or downloaded according to the range identifier, and the zero-knowledge proof at the designated position is uploaded or downloaded according to the proof identifier.
Further, the proving node downloads the range at a specified location from the block chaining ledger module through the range identifier Rangeid;
the certification node uploads the zero knowledge certification to the block chain ledger module in a data storage structure of a binary element group < prf, rngID > through the certification identifier Proofid;
where prf denotes the zero knowledge proof and rngID denotes the range identifier Rangeid.
Further, the verifying node invoking the attestation contract to determine the zero knowledge attestation comprises:
the verification node downloads the binary element group < prf, rngID > of the specified location through the proof identifier Proofid, and determines the zero-knowledge proof and the range identifier Rangeid from the binary element group < prf, rngID >.
Further, the verifying the private data based on the scope by the verifying node comprises:
verifying whether the range identifier Rangeid used is a specified ID;
verifying whether the acquired history of the range is the same as the specified range of the zero knowledge proof and whether the history of the range is modified;
verifying whether the private data is within the specified range of the zero-knowledge proof.
The beneficial effect of adopting the further scheme is that: aggregation and batch verification of a plurality of proofs in any range are supported, linear proofs and verification time and logarithmic proofs are provided, throughput is effectively improved, and storage space on a block chain is saved; a plurality of scope-proven aggregations (Aggregation of Multiple Range products) and Batch Verification (Batch Verification) are designed simultaneously to improve efficiency; and provides client code, contracts and related interfaces so that application developers can create their own privacy preserving data auditing applications.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
Alliance blockchains have been widely used in different scenarios, and due to underlying transaction data structures, existing work is difficult to be directly used in scenarios such as food security supervision, in which case the identity of a trader should be kept in a public state and private data auditing is to be protected. Furthermore, current work does not support arbitrary range audits of blind data, which is necessary in some regulatory schemes as above, let alone aggregation and batch validation of multiple range proofs.
As shown in fig. 1, which is an interaction diagram of a federation blockchain system oriented to data privacy protection provided by the present invention, it can be seen from fig. 1 that the federation blockchain system oriented to data privacy protection provided by the present invention includes: the system comprises a proving node, a verifying node and a block chain account book module.
The attestation nodes and the verification nodes contain intelligent contracts that include scope management contracts and attestation contracts. Further, the intelligent contract also comprises a verification contract; private data is validated by validating the contract invocation scope management contract and the attestation contract.
The block chain system of the alliance facing to data privacy protection is mainly based on an intelligent contract and is almost independent of the basic implementation of the block chain of the alliance. Because the intelligent contract and the account book are opened to all nodes in one channel, the scheme can be easily expanded to a scene with multiple proofings and multiple verification nodes.
The certification node preprocesses the private data read from the client to generate parameters, calls a range management contract to download a range on a designated position from the block chain account book module, and generates a zero-knowledge certification according to the parameters and the range and uploads the zero-knowledge certification to the block chain account book module.
Specifically, the certification node reads private data from a private database under the chain through a client code, the data in the private database under the chain is original data, each private data item is stored in a separate row, and the certification node preprocesses the read private data to serve as a parameter of a certification contract. The zero-knowledge proof is a designated range generated according to the parameters and the range, and the verification node can verify the private data by judging whether the private data is in the designated range.
The verification node calls the proof contract to determine a zero-knowledge proof, manages the contract determination range according to the zero-knowledge proof call range, and verifies the private data based on the range and the zero-knowledge proof.
The latest non-interactive zero knowledge range proving technology is combined with the block chain of the alliance in a weak coupling mode, the numerical range to which the data belong can be proved under the condition that specific numerical values of the data are not leaked, and the generation and verification of the zero knowledge range proving of a standard range and an arbitrary range are supported, namely the range proving of any two non-negative integers a and b can prove that one number of the block chain is in the standard range and the number is in the arbitrary range; the verification method based on Bulletprofs can be used for quickly and easily realizing verification scenes of privacy protection data under cross-organization supervision and management without initializing parameters of each node in an initialization stage.
Example 1
Embodiment 1 provided in the present invention is an embodiment of a federation blockchain system for data privacy protection, where the embodiment of the federation blockchain system includes: the system comprises a proving node, a verifying node and a block chain account book module. The attestation nodes and the verification nodes contain intelligent contracts that include scope management contracts and attestation contracts.
In the specific implementation process, firstly, initializing the block chain system of the alliance, firstly, establishing a block chain network, instantiating three intelligent contracts on all nodes, and verifying the specified range of a node calling range management contract; secondly, the certification node calls a certification contract to preprocess the private data of the certification node; thirdly, generating a range certificate and uploading the range certificate to a block chain; and fourthly, the verifying node checks the scope management contract and proves whether the contract is unmodified, if the contract is unmodified, the verifying contract is executed, and the certificate is downloaded from the block chain and verified.
Specifically, the process of verifying the specified range of the node call range management contract in the initialization process of the block chain system of the federation includes:
the verification node invokes a range management contract to upload the upper and lower limits of the range to the blockchain ledger module via the range designator in the data storage structure of a range binary tuple.
The range bin may be < a, b >, a representing the lower range limit and b representing the upper range limit.
The process of initializing the block chain system of the alliance further comprises the following steps:
setting a range identifier Rangeid and a proof identifier Proofid, uploading or downloading the range on the designated position according to the range identifier, and uploading or downloading the zero knowledge proof on the designated position according to the proof identifier.
In a specific implementation, data on the block chain is accessed through Keyid, and a certification-verification session between a certification node and a verification node is consistent on Rangeid and Proofid through a chain-down method.
As shown in fig. 2, which is a flowchart executed by an attestation node according to an embodiment of the present invention, as can be seen from fig. 2, the flowchart executed by the attestation node includes: the certification node preprocesses the private data read from the client to generate parameters, calls a range management contract to download a range on a designated position from the block chain account book module, returns the range to the certification contract, and generates a zero-knowledge certification according to the parameters and the range and uploads the zero-knowledge certification to the block chain account book module.
In a specific implementation, the certifying node downloads the range at the specified location from the blockchain ledger module via the range identifier Rangeid.
The proving node uploads the zero knowledge proof to the block chain ledger module with a data storage structure of a binary element group < prf, rngID > by the proving identifier Proofid.
Wherein prf represents zero knowledge proof, rngID represents range identifier Rangeid, which facilitates further verification.
The zero-knowledge proof is a designated range generated according to the parameters and the range, and the verification node can verify the private data by judging whether the private data is in the designated range. Preferably, the zero knowledge proof may be a standard range proof, an arbitrary range proof, a plurality of standard range proof aggregations, and a plurality of arbitrary range proof aggregations.
Specifically, the generation process of the standard range certification comprises the following steps:
generating a Pedersen commitment Com (v) according to the private data v, and converting the Com (v) into an inner product certification Com (l, r); packing Com (v), Com (l, r) and parameters into standard range certification; wherein v ∈ [0, 2 ]n) L, r are vector polynomials generated from private data v.
In particular implementations, Bulletproofs natively supports certification and validation of a standard range.
The generation process of the arbitrary range proof comprises the following steps:
suppose the range of the private data v is 0. ltoreq. a.ltoreq.v.ltoreq.b.ltoreq.2nObtaining v ∈ [ a, a +2 ]n) And v ∈ [ b-2 ]n,b)。
The zero knowledge arbitrary range proof of the private data v is converted into a standard range proof of two data: v. ofa=v-a∈[0,2n) And vb=v-b+2n∈[0,2n) (ii) a V is to bea、vbAnd packing the parameters into any range proof.
There is no explicit mention of any range of certification and verification in Bulletproofs, but this can be done by conversion.
Following the notion of standard scope certification, the generation of a plurality of standard scope certification aggregations includes:
according to private data viGenerating the Pedersen acceptance Com (v)i)、Ai=Com(aLi,aRi) And Si=Com(sLi,sRi) Wherein v isi∈[0,2n),i=1,2,...,m,sLiAnd sRiIs a blinding factor, vi=<aLi,2n>And a isRi=aLi-1。
A is to bei,SiAll tuples of (a) are accumulated to obtain A, S, then all l are addedi,riConcatenated and converted to 2log by inner product proof2(nm) Point and 2 scalars, Com (v)i) A, S, all points, scalars, and parameters are packaged into multiple standard range proof aggregations.
The idea of arbitrary range attestation is also followed, and the generation process of multiple arbitrary range attestation aggregations includes:
suppose private data viIn the range of 0. ltoreq. a.ltoreq.vi<b≤2nTo obtain vi∈[a,a+2n) And vi∈[b-2n,b)。
To private data viThe zero knowledge arbitrary range proof translates to a standard range proof of two data: v. ofai=vi-a∈[0,2n) And vbi=vi-b+2n∈[0,2n) (ii) a V is to beai、vaiAnd packing the parameters into a plurality of arbitrary range attestation aggregates.
I.e. viConversion of one polymerization certificate for e [ a, b) into two polymerization certificates vai=vi-a∈[0,2n) And vbi=vi-b+2n∈[0,2n)。
The verification node calls the certification contract to determine the zero-knowledge certification, manages the contract determination range according to the zero-knowledge certification calling range, and verifies the private data based on the range.
In specific implementation, after receiving the private data sent by the client, the verification node queries the version information of the proof contract in the client and performs a subsequent verification process after the version information of the proof contract is not modified.
The verification node checks whether the proof contract version is unmodified, if the proof contract version is unmodified, the subsequent verification flow is continuously executed, and if the proof contract version is not unmodified, the verification is judged to fail.
The verifying node invoking the attestation contract to determine zero knowledge attestation includes:
the verification node downloads the binary element group < prf, rngID > of the designated position through the proof identifier Proofid, and determines zero knowledge proof and the range identifier Rangeid according to the binary element group < prf, rngID >.
The verifying node invoking the scope management contract to determine the scope according to the zero-knowledge proof comprises:
and the verification node calls the history of the downloading range of the range management contract according to the acquired range identifier Rangeid.
The verifying the private data by the verifying node based on the scope comprises:
it is verified whether the range identifier Rangeid used is the specified ID.
It is verified whether the history of the acquired range is the same as the specified range of the zero knowledge proof and whether the history of the range is modified.
Verifying whether the private data is within a specified range of zero knowledge proof.
Specifically, the specified range corresponds to the generated zero-knowledge proof, and there are four ways for verification, which are: the range of the verification criteria proves whether v is [0, 2 ]n) Within the range; verifying whether the arbitrary range proves that v is in the range of [ a, b); batch validation of multiple standard range proofs vi∈[0,2n) Whether the result is true or not; batch verification of multiple arbitrary range proofs viE [ a, b) is true. And if the verification is passed, the zero knowledge range proof process is successful, otherwise, the failure exit is performed.
Specifically, as shown in fig. 3, an execution flow diagram of a verification node according to an embodiment of the present invention is provided, and as can be seen from fig. 3, the execution flow of the attestation node includes:
step 1, checking whether the contract version is never modified, if so, judging to quit after the verification fails; otherwise, executing step 2.
And 2, the verification node calls a certification contract through the certification identifier Proofid.
And 3, proving that the contract downloads the binary element group < prf, rngID > at the specified position and returning the binary element group < prf, rngID > to the verification contract.
And 4, determining a zero knowledge proof and a range identifier Rangeid according to the binary element group < prf, rngID >, and calling the history record of the range management contract downloading range by the verification node according to the acquired range identifier Rangeid.
Step 5, the history of the range is returned to the verification contract.
And 6, verifying whether the acquired range history record is the same as the specified range proved by zero knowledge and whether the range history record is modified, executing the step 7 when the acquired range history record is the same and is not modified, and otherwise, exiting after the verification fails.
And 7, verifying whether the private data is in the specified range of the zero-knowledge proof, judging that the private data passes the verification if the private data passes the verification, and quitting if the private data fails the verification.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.