CN112765631B - Safe multi-party computing method based on block chain - Google Patents

Abstract

A multi-party security computing method based on a block chain. The method comprises the steps that a certain node randomly generates a plurality of garbled circuits with the same function but different functions; the other nodes respectively run the disappearing transmission protocol with the node to respectively obtain one of the garbled circuits; the hash value of the confusion circuit of other nodes is compared with the corresponding hash value uploaded to the block chain by the node; the other nodes calculate the right according to the credit competition; and the nodes which acquire the competitive computation right acquire all encrypted data and corresponding garbled circuits and start computation, and upload the computation results to a block chain through an intelligent contract for public notice and the like. The block chain-based multi-party safety calculation method provided by the invention has the following beneficial effects: the method can solve the problems of few participants, low efficiency, incapability of guaranteeing trust, low safety and the like in the conventional safe multi-party computing technology, and has strong theoretical significance and practical significance for the development of safe multi-party computing.

Description

Safe multi-party computing method based on block chain

Technical Field

The invention belongs to the technical field of privacy protection, and particularly relates to a block chain-based multi-party security calculation method.

Background

Secure multiparty computing (SMPC) is a universal cryptographic primitive that can be jointly computed in a privacy-preserving manner. As an important fundamental research topic in the field of cryptography, SMPC solves the problem of multiple participants performing collaborative computing on private data in a secure manner in a distributed computing scenario. Informally, in an SMPC scenario, two or more parties holding private inputs wish to use those inputs to compute some federated function. In this task, maintaining security requires only that each participant obtain its own target output. Here, functionality is a generic concept, referring to any cryptographic task, such as encryption, authentication, zero knowledge proof, commitment planning, indifferent transfer, and other none-cryptographic agreements (e.g., application-oriented tasks including contract signing, electronic voting, machine learning, genome data processing, etc.). It can be said that SMPC is the most common and fundamental theoretical research topic in the field of cryptography. Any cryptographic task involving multiple parties can be considered an SMPC task. Intensive research on SMPC has facilitated the development of basic primitives such as zero knowledge proofs, forgetting to transfer, and secret sharing. SMPC establishes theoretical basis for testable security of interactive protocol, and greatly promotes development of modern cryptography.

Current secure multiparty computing protocols can be broadly divided into three categories:

universal secure multi-party computing protocol

The general safe multi-party calculation allows two parties or multiple parties to jointly calculate any function in a safe mode, and the safe multi-party calculation protocol under the semi-honest model can only calculate between two parties mostly, so that after the participants are added, the computation becomes extremely unsafe, and the significance of the safe multi-party calculation is greatly limited. Under the malicious model, to resist attacks by malicious adversaries, a generic zero-knowledge proof is typically applied to constrain the behavior of the participants. While these techniques help to design constant wheel safety protocols, these protocols are not practical. Literature exists on methods that avoid the use of general zero knowledge proofs, but the complexity of these protocols is linear in circuit depth. For more complicated calculation, huge calculation time and calculation power are often required, and therefore, the real requirements cannot be met.

Secure multi-party computing protocol based on cloud computing

The cloud computing-based secure multi-party computing protocol utilizes the strong computing capability of a cloud platform to outsource a high-strength computing part in general secure multi-party computing to the cloud platform, and although the protocol efficiency is obviously improved by doing so, cloud-assisted secure multi-party computing also faces new security challenges. For example, the cloud server may be in-line with a subset of parties to obtain additional information about other parties' inputs. In addition, a malicious or lazy cloud server may return forged computing results to the outsourcer.

Secure multi-party computing protocol based on trusted execution environment

The secure multi-party computing protocol based on the trusted execution environment essentially hands high-strength computing tasks to a trusted third party for computing, but the third party is a trusted execution environment, namely a so-called black box, but the supervision problem of the trusted execution environment is not effectively solved, the trusted execution environment is based on hardware, and if the trusted execution environment returns to reality, the ownership of the hardware still cannot effectively guarantee private data of a participant.

Disclosure of Invention

In order to solve the above problems, an object of the present invention is to provide a block chain-based multi-party secure computing method, so as to alleviate the problems that in the existing secure multi-party computing protocol, it is difficult to guarantee trust, protect privacy, and cannot really participate in computing in multiple parties.

In order to achieve the above object, the block chain-based multi-party security computing method provided by the present invention comprises the following steps performed in sequence:

1) in a block chain with a plurality of nodes A, B and C …, any node can be used as a calculation initiator, and the rest nodes have data required by calculation;

2) when multi-party safety calculation is needed, the node A is used as a calculation initiator and randomly generates a plurality of confusion circuits with the same function but different functions, namely C_a，C_b，C_c…, and then calculating a plurality of garbled circuits C_a，C_b，C_c… hash value H_a，H_b，H_c… and uploading the same to the block chain together with the own calculation method, and simultaneously generating corresponding intelligent contracts between any two nodes in all the nodes respectively, wherein the intelligent contracts are defined as follows: any party can terminate the execution of the whole multi-party secure computation protocol, confirm the authenticity of a certain garbled circuit issued by the node A and issue a final computation result;

3) the other nodes respectively operate the loss transmission protocol with the node A to respectively obtain one of the garbled circuits, and then respectively calculate the hash value H of each obtained garbled circuit_B，H_C…；

4) The other nodes respectively utilize the self-acquiredHash value H of the garbled circuit_B，H_C… hash value H corresponding to the upload by node A onto the blockchain_a，H_b，H_c…, comparing, if the comparison result is consistent, confirming the node A is honest and credible through the intelligent contract, otherwise, confirming the node A is not honest, and terminating the protocol;

5) the other nodes calculate the right according to credit competition, wherein the node B obtains the calculation right;

6) the node B runs the ubiquitous transmission protocol with the rest of the nodes, and obtains the encrypted data E of the corresponding node A from the node A_a；

7) The node B runs the disappearing transmission protocol with the other nodes respectively and obtains the encrypted data E corresponding to the other nodes from the other nodes_i(i∈[1,2,3…])；

8) The node B generates its own encrypted data E according to the corresponding garbled circuit_b；

9) So far node B has possessed all the encrypted data E required for the calculation_a，E_b，E_i(i∈[1,2,3…]) And a corresponding garbled circuit C_bAnd at the moment, the node B starts to calculate, and uploads a calculation result to a block chain through an intelligent contract for display.

The block chain-based multi-party safety calculation method provided by the invention has the following beneficial effects:

the method can solve the problems of few participants, low efficiency, incapability of guaranteeing trust, low safety and the like in the conventional safe multi-party computing technology, and has strong theoretical significance and practical significance for the development of safe multi-party computing.

Drawings

Fig. 1 is a flowchart of a block chain-based multi-party security computing method provided by the present invention.

Detailed Description

The invention is described in detail below with reference to the figures and specific embodiments.

As shown in fig. 1, the block chain-based multi-party secure computation method provided by the present invention is performed in a semi-honest model, and all parties participating in computation in the semi-honest model can perform according to the correct flow of the protocol, and thus the sequential execution of the protocol cannot be destroyed without any reason. This embodiment takes the case that nodes a, B, and C in the blockchain perform secure multi-party computation by three parties as an example. The method comprises the following steps which are carried out in sequence:

1) in a block chain with three nodes A, B and C, any node can be used as a calculation initiator, and the rest nodes have data required by calculation;

2) when three-party safe calculation is needed, suppose that the node A is used as a calculation initiator and randomly generates three confusion circuits with the same function but different functions, namely C_a，C_b，C_cThen calculate three garbled circuits C_a，C_b，C_cHash value of H_a，H_b，H_cAnd uploading the data to a block chain together with a self calculation method, and simultaneously generating corresponding intelligent contracts between the nodes B and C respectively, wherein the intelligent contracts are defined as follows: any party can terminate the execution of the whole multi-party secure computation protocol, confirm the authenticity of a certain garbled circuit issued by the node A and issue a final computation result;

garbled Circuit (GC), also known as Yao's Circuit (Yao's GC), is a solution proposed by Yao wisdom in 1986 to the problem of paul. The obfuscated circuit is a basic cryptology primitive, and the core technology of the obfuscated circuit is to compile a security calculation function participated by two parties into a Boolean circuit form and to scramble the truth table encryption, so that the normal output of the circuit is realized without leaking private information of the two parties participating in calculation. Any safety calculation function can be converted into a corresponding Boolean circuit form, and the safety calculation method has higher universality compared with other safety calculation methods. The garbled circuit may have multiple inputs.

3) Respectively running the disappearing transmission protocol with the node A by the nodes B and C to respectively obtain one of the garbled circuits, and respectively calculating the hash value H of the respectively obtained garbled circuit_B，H_C…；

The transmission protocol is at a loss: the ubiquitous transmission (OT), a basic cryptology primitive, is widely used for secure multi-party metersComputing, etc. OT was first proposed in 1981 by Michael o. rabin, in 1985 s.even, o.goldreich, and a.lempel by 1-out-2OT, in a new scheme where the information sender S sends 2 information m at a time₀And m₁And the information receiver R inputs one selection a at a time (a is equal to 0, 1)]). When the protocol is over, the information sender S cannot obtain any valuable information about the choice a, while the information receiver R can only obtain the information m_aFor information m_1-aThe message receiver R is also unknown.

4) Nodes B and C respectively use the hash value H of the garbled circuit obtained by the nodes B and C_B，H_CHash value H corresponding to uploading of node A to block chain_a，H_b，H_cComparing, if the comparison result is consistent, confirming that the node A is honest and credible through the intelligent contract, otherwise, considering that the node A is not honest, and terminating the protocol;

5) the node B and the node C calculate the right according to credit competition, and the node B is assumed to obtain the calculation right;

6) node B and node A, node C running a ubiquitous transmission protocol and obtaining encrypted data E of the corresponding node A from the node A_a；

7) The node B runs a blank transmission protocol with the node A and the node C respectively, and obtains the encrypted data E of the corresponding node C from the node C_c；

8) The node B generates its own encrypted data E according to the corresponding garbled circuit_b；

9) So far node B has possessed all the encrypted data E required for the calculation_a，E_b，E_cAnd a corresponding garbled circuit C_bAnd at the moment, the node B starts to calculate, and uploads a calculation result to a block chain through an intelligent contract for display.

Claims (1)

1. A multi-party security computing method based on a block chain is characterized in that: the method comprises the following steps which are carried out in sequence:

1) in a block chain with a plurality of nodes A, B and C …, any node can be used as a calculation initiator, and the rest nodes have data required by calculation;

2) when multi-party safety calculation is needed, the node A is used as a calculation initiator and randomly generates a plurality of confusion circuits with the same function but different functions, namely C_a，C_b，C_c…, and then calculating a plurality of garbled circuits C_a，C_b，C_c… hash value H_a，H_b，H_c… and uploading the same to the block chain together with the own calculation method, and simultaneously generating corresponding intelligent contracts between any two nodes in all the nodes respectively, wherein the intelligent contracts are defined as follows: any party can terminate the execution of the whole multi-party secure computation protocol, confirm the authenticity of a certain garbled circuit issued by the node A and issue a final computation result;

3) the other nodes respectively operate the loss transmission protocol with the node A to respectively obtain one of the garbled circuits, and then respectively calculate the hash value H of each obtained garbled circuit_B，H_C…；

4) The hash values H of the garbled circuits obtained by other nodes are respectively utilized by other nodes_B，H_C… hash value H corresponding to the upload by node A onto the blockchain_a，H_b，H_c…, comparing, if the comparison result is consistent, confirming the node A is honest and credible through the intelligent contract, otherwise, confirming the node A is not honest, and terminating the protocol;

5) the other nodes calculate the right according to credit competition, wherein the node B obtains the calculation right;

6) the node B runs the ubiquitous transmission protocol with the rest of the nodes, and obtains the encrypted data E of the corresponding node B from the node A_a；

7) The node B runs the disappearing transmission protocol with the other nodes respectively and obtains the encrypted data E corresponding to the other nodes from the other nodes_i(i∈[1,2,3…])；

8) The node B generates its own encrypted data E according to the corresponding garbled circuit_b；

9) So far node B has possessed all the encrypted data E required for the calculation_a，E_b，E_i(i∈[1,2,3…]) And a corresponding garbled circuit C_bAnd at the moment, the node B starts to calculate, and uploads a calculation result to a block chain through an intelligent contract for display.

Images