CN112887399A - Privacy security management system and method based on block chain - Google Patents
Privacy security management system and method based on block chain Download PDFInfo
- Publication number
- CN112887399A CN112887399A CN202110097676.7A CN202110097676A CN112887399A CN 112887399 A CN112887399 A CN 112887399A CN 202110097676 A CN202110097676 A CN 202110097676A CN 112887399 A CN112887399 A CN 112887399A
- Authority
- CN
- China
- Prior art keywords
- privacy
- data
- block chain
- gateway
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000004364 calculation method Methods 0.000 claims abstract description 105
- 238000007726 management method Methods 0.000 claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 6
- 239000012634 fragment Substances 0.000 claims description 30
- 238000013467 fragmentation Methods 0.000 claims description 23
- 238000006062 fragmentation reaction Methods 0.000 claims description 23
- 230000002776 aggregation Effects 0.000 claims description 21
- 238000004220 aggregation Methods 0.000 claims description 21
- 230000002688 persistence Effects 0.000 claims description 15
- 238000013500 data storage Methods 0.000 claims description 4
- 239000004743 Polypropylene Substances 0.000 claims description 3
- 230000004931 aggregating effect Effects 0.000 claims description 3
- -1 polypropylene Polymers 0.000 claims description 3
- 229920001155 polypropylene Polymers 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 5
- KAICRBBQCRKMPO-UHFFFAOYSA-N phosphoric acid;pyridine-3,4-diamine Chemical compound OP(O)(O)=O.NC1=CC=NC=C1N KAICRBBQCRKMPO-UHFFFAOYSA-N 0.000 abstract 2
- 238000009795 derivation Methods 0.000 description 3
- 241001175904 Labeo bata Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a privacy security management system and a method based on a block chain, wherein the system comprises a DAPP application layer, a privacy computation point-to-point network layer and a block chain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation, and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation. The privacy security management system and method based on the block chain provided by the invention have the advantages that based on the block chain technology, multiple parties which are not credible mutually are enabled to realize the private storage and reading of data and the linked sum calculation on respective private data sets under the scheduling of the block chain.
Description
Technical Field
The invention relates to the technical field of privacy security management, in particular to a privacy security management system and method based on a block chain.
Background
With the rapid development of the internet, the privacy disclosure problem is more and more serious, personal privacy data are easily disclosed when being applied, and the personal privacy data are unknown and can be used by people and organizations with no intention to do some bad things, governments, enterprises and public institutions and personal data are stored in plain texts, so that the safety protection is seriously insufficient, once the personal privacy data are disclosed, irreparable loss is caused, the data are uncontrollable after being sent out, the governments, the enterprises and public institutions and the individuals are inconvenient or do not have power to share the data, and the problem that the personal privacy data cannot be fully cooperated is caused. In view of the above situation, it is important to provide a scheme for implementing private storage of data and associated management on respective private data sets by multiple untrusted parties under the scheduling of a block chain.
Disclosure of Invention
The invention aims to provide a privacy security management system and a method based on a block chain, which enable multiple mutually untrusted parties to realize private storage and reading of data and linked calculation on respective private data sets under the scheduling of the block chain based on the block chain technology.
In order to achieve the purpose, the invention provides the following scheme:
a privacy security management system based on a block chain comprises a DAPP application layer, a privacy computation point-to-point network layer and a block chain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation, and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation.
Further, the DAPP application layer includes a plurality of DAPPs, the private computation peer-to-peer network layer includes a plurality of private computation nodes, the blockchain network layer includes a plurality of blockchain nodes, the DAPP is communicatively connected to the private computation nodes through a gateway of the private computation nodes, and the private computation nodes are communicatively connected to the blockchain nodes through blockchain gateways.
Further, the private computing peer-to-peer network layer further comprises:
the encryption unit is used for carrying out encryption processing on the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
a storage unit for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
The invention also provides a privacy security management method based on the block chain, which is applied to the privacy security management system based on the block chain and comprises the following steps:
s1, the user is connected to the gateway of any privacy computation node in the privacy computation point-to-point network layer through DAPP, applies for encrypted data, and sends the privacy data to the gateway of the privacy computation node;
s2, the gateway of the privacy computation node receives the privacy data, and interacts between the privacy computation point-to-point network layer and the block chain network to complete privacy storage, privacy reading and privacy computation;
and S3, transmitting the results of the privacy storage, the privacy reading and the privacy calculation back to the DAPP through the gateway of the privacy calculation node.
Further, in step S2, the privacy storage specifically includes the following steps:
the gateway of the privacy computing node sends the privacy data to the encryption unit, and the encryption unit encrypts the privacy data to obtain a ciphertext;
the encryption unit sends the ciphertext to the decryption slicing unit, and the decryption slicing unit divides the privacy ciphertext into N decryption shared segments;
the decryption fragmentation unit sends the decrypted sharing fragments to a consensus engine to request storage;
the consensus engine requests the storage unit and stores the decrypted sharing segment into the data persistence unit;
the data persistence unit stores the decrypted sharing segment and then sends the decrypted sharing segment to a storage certificate of the storage unit for decrypting the sharing segment;
the storage unit sends the storage certificate for decrypting the shared segment to the consensus engine to request to record data to the block link point;
the consensus engine forwards the storage certificate for decrypting the shared segment to the blockchain gateway;
the block chain network is connected to the block chain network, and the storage certificate of the decrypted sharing segment is delivered to the block chain network, and the block chain network records the storage certificates;
the blockchain network returns the blockchain signature of the storage certificate of the decrypted shared segment to the blockchain gateway;
the blockchain gateway sends the blockchain signature of the decrypted shared segment to the consensus engine;
the consensus engine returns the block chain signature of the storage certificate of the decrypted shared segment to the gateway of the privacy computing node;
the gateway of the private compute node returns the blockchain signature and public key of the stored credential to the DAPP.
Further, in step S2, the privacy reading specifically includes the following steps:
a user sends a block chain signature and a public key of private data to a gateway of a private computing node through DAPP;
the gateway of the privacy computation node verifies that the public key corresponds to the block chain signature one by one, and then sends the block chain signature of the encrypted data to the consensus engine to apply for data decryption;
the consensus engine sends the blockchain signature of the encrypted data to a blockchain gateway to request for reading a blockchain account book of the data;
after receiving the reading request, the block chain gateway sends a block chain signature of the encrypted data to a block chain network layer;
the block chain network finds the account book information of the encrypted data and returns the storage certificate of the decryption sharing segment of the encrypted data to the block chain gateway;
the block chain gateway sends the obtained storage certificate of the decrypted shared segment of the encrypted data to the consensus engine;
the consensus engine sends the storage certificate of the decryption shared segment of the encrypted data to the storage unit to request to load the data;
the storage unit loads data from the data persistence unit according to the storage certificate of the decryption sharing segment to obtain the decryption sharing segment;
the storage unit sends the decrypted sharing segment to the consensus engine;
the consensus engine sends the decryption shared segment to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments, wherein M is less than N;
the encryption and decryption fragments send M decryption shared fragments to the data aggregation unit;
the data aggregation unit combines the M decrypted shared segments according to rules to form new overall encrypted data, and sends the new overall encrypted data to the decryption unit;
the decryption unit decrypts the encrypted data to obtain plaintext data, and then sends the plaintext data to a gateway of the privacy computation node;
and the gateway of the privacy computing node sends the data obtained by decryption to the DAPP of the user.
Further, in step S2, the privacy calculation specifically includes: the privacy calculation is performed on private data of multiple parties, each participating party performs privacy storage and then performs privacy calculation, each participating party comprises multiple data owners and data users, and the privacy calculation comprises the following steps:
data storage: the data owner uploads respective data to a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), and the privacy computing point-to-point network layer stores the data through a privacy storage step and returns respective public keys and block chain signatures of the data owner;
obtaining a privacy calculation function: the data user is connected to a gateway of a privacy computation node in a privacy computation point-to-point network layer through the DAPP, applies for privacy computation, and the gateway returns a public key to the DAPP; then, the DAPP sends the data to be calculated, the public key and the privacy calculation function to a gateway of the privacy calculation node, and the gateway sends the data to be calculated and the privacy calculation function to a consensus engine; the consensus engine sends the calculation task to the block chain gateway to request privacy calculation task records, and the block chain gateway sends the privacy calculation data signature and the privacy calculation function to the block chain network; the blockchain network informs the blockchain gateway that the privacy calculation task is successfully recorded, and the blockchain gateway informs the consensus engine that the privacy calculation task is successfully calculated; the consensus engine deploys the privacy calculation function to the homomorphic calculation unit, so that the privacy data can be conveniently calculated;
the privacy calculation process comprises the following steps: the consensus engine executes privacy reading on data stored by each data owner, the data are sent to the loading and decryption fragmentation unit to be loaded to obtain M decryption shared fragments of each data owner, the loading and decryption fragmentation sends the M decryption shared fragments of each data owner to the homomorphic calculation unit to be calculated by using a privacy calculation function, and a calculated result is obtained;
returning of privacy calculation results: the homomorphic calculation unit sends the calculation results of the M decrypted shared segments of each data owner to the data aggregation unit, and the data aggregation unit combines the calculation results according to the rules to obtain the ciphertext of each data owner; the data aggregation unit sends the ciphertext calculation result of each data owner to the decryption unit to decrypt to obtain a plaintext; and the gateway of the privacy calculation node sends each plaintext result of the privacy calculation to the DAPP of each party, so that the whole privacy calculation process is completed.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the privacy security management system and the method based on the block chain are based on the block chain technology, and realize the technical scheme of combining multi-party privacy computation on privacy data, the privacy storage can ensure that all data added into a platform are private, the privacy computation loads decrypted data fragments (ciphertext) stored in the privacy storage into a homomorphic computing unit through privacy reading to execute the privacy computation to obtain privacy computation fragment results (ciphertext), and then the privacy computation fragment results (ciphertext) are aggregated in a data aggregation unit to obtain the whole computation result (plaintext).
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of a block chain-based privacy security management system according to the present invention;
fig. 2 is a flowchart of a privacy security management method based on a block chain according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a privacy security management system and a method based on a block chain, which enable multiple mutually untrusted parties to realize private storage and reading of data and linked calculation on respective private data sets under the scheduling of the block chain based on the block chain technology.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As shown in fig. 1, the privacy security management system based on the blockchain according to the embodiment of the present invention includes a DAPP application layer, a privacy computation peer-to-peer network layer, and a blockchain network layer, which are sequentially connected in a communication manner, where the DAPP application layer is configured to issue privacy storage, privacy reading, and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation, and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation.
The DAPP application layer comprises a plurality of DAPPs, the privacy computation peer-to-peer network layer comprises a plurality of privacy computation nodes, the blockchain network layer comprises a plurality of blockchain nodes, the DAPPs are in communication connection with the privacy computation nodes through gateways of the privacy computation nodes, and the privacy computation nodes are in communication connection with the blockchain nodes through the blockchain gateways.
The private computing peer-to-peer network layer further comprises:
the encryption unit is used for carrying out encryption processing on the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
a storage unit for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
As shown in fig. 2, the present invention further provides a privacy security management method based on a block chain, which is applied to the privacy security management system based on a block chain, and includes the following steps:
s1, the user is connected to the gateway of any privacy computation node in the privacy computation point-to-point network layer through DAPP, applies for encrypted data, and sends the privacy data to the gateway of the privacy computation node;
s2, the gateway of the privacy computation node receives the privacy data, and interacts between the privacy computation point-to-point network layer and the block chain network to complete privacy storage, privacy reading and privacy computation;
and S3, transmitting the results of the privacy storage, the privacy reading and the privacy calculation back to the DAPP through the gateway of the privacy calculation node.
In step S2, the privacy storage specifically includes the following steps:
(1) a user is connected to a gateway of a privacy computing node in a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), applies for encrypted Data and sends Data (private key, photo, video and document) of the privacy Data to the gateway;
(2) the gateway of the privacy computing node then sends the Data to the encryption unit, and the encryption unit encrypts the privacy Data to obtain a ciphertext sData;
(3) the encryption unit sends the sData to the decryption fragmentation unit, and the decryption fragmentation unit divides the sData into N decryption shared fragments (sData1, sData 2.., sDataN);
(4) the decryption fragmentation unit then sends the decrypted shared fragment (sData1, sData 2.., sDataN) to the consensus engine, requesting storage;
(5) the consensus engine requests the storage unit and stores the decrypted shared segment (sData1, sData2, sDataN) to the data persistence unit;
(6) the data persistence unit stores the decrypted shared segment (sData1, sData 2.., sDataN) and sends the stored certificate (hash _ sData1, hash _ sData 2.., hash _ sDataN) of the decrypted shared segment to the storage unit;
(7) the storage unit sends a storage certificate (hash _ sData1, hash _ sData2, hash _ sDataN) for decrypting the shared segment to the consensus engine to request to record data on the block chain;
(8) the consensus engine forwards the storage credential (hash _ sData1, hash _ sData 2.., hash _ sDataN) decrypting the shared segment to the blockchain gateway;
(9) the block chain network is connected to the block chain network, and storage certificates (hash _ sData1, hash _ sData2, and hash _ sDatan) for decrypting the shared segments are delivered to the block chain network, and the block chain network records the storage certificates;
(10) the block chain network returns the block chain signature signed _ data _ hash of the storage certificate of the decrypted sharing segment to the block chain gateway;
(11) the block chain gateway sends the decrypted block chain signature signed _ data _ hash of the shared segment to the consensus engine;
(12) the consensus engine returns the block chain signature signed _ data _ hash of the storage certificate of the decrypted sharing segment to the gateway;
(13) the gateway returns the block chain signature signed _ data _ hash storing the credential and the public key PK1 to the DAPP.
The following is a simplified derivation formula for the privacy storage procedure:
privacy store (Data) - > (signed _ Data _ hash + PK 1).
In step S2, the privacy reading specifically includes the following steps:
(1b) the user is connected to a gateway of a privacy computation node in a privacy computation point-to-point network layer through DAPP (digital Address protocol), applies for data decryption, and sends a block chain signature signed _ data _ hash and a public key PK1 of the data to the gateway;
(2b) the gateway verifies that the public keys PK1 correspond to the block chain signatures signed _ data _ hash one by one, and then sends the block chain signatures signed _ data _ hash of the encrypted data to the consensus engine for applying for data decryption;
(8) the consensus engine sends the block chain signature signed _ data _ hash of the encrypted data to a block chain account book of the block chain gateway for requesting to read the data;
(9) and after receiving the reading request, the block chain gateway sends the block chain signature signed _ data _ hash of the encrypted data to the block chain network.
(10) The block chain network finds the account book information of the encrypted data and returns storage certificates (hash _ sData1, hash _ sData2, hash _ sDatan) of the decrypted shared segments of the encrypted data to the block chain gateway;
(11) the block chain gateway sends the storage certificate (hash _ sData1, hash _ sData2, hash _ sDatan) of the decryption sharing segment of the obtained encrypted data to the consensus engine;
(5) the consensus engine sends storage certificates (hash _ sData1, hash _ sData2, hash _ sData) of decrypted shared segments of encrypted data to the storage units to request the data to be loaded;
(6) the storage unit loads data from the data persistence unit according to storage certificates (hash _ sData1, hash _ sData 2.., hash _ sDatan) of the decrypted shared segment to obtain the decrypted shared segment (sData1, sData 2.., sDatan);
(7) the storage unit sends the decrypted shared segment (sData1, sData 2.., sDataN) to the consensus engine;
(3b) the consensus engine sends the decryption shared segment (sData1, sData 2.., sDataN) to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments (sData1, sData 3.., sDataM), wherein M < N;
(4b) the encryption and decryption fragmentation unit sends M decryption shared fragments (sData1, sData3, sDataM) to the data aggregation unit;
(5b) the data aggregation unit combines M decryption sharing segments (sData1, sData3,.., sDataM) according to rules to form new integral encryption data sData, and sends the new integral encryption data sData to the decryption unit;
(6b) the decryption unit decrypts the encrypted Data to obtain Data of a plaintext, and then sends the Data to the gateway;
(7b) the gateway sends the decrypted Data to the user's Dapp so that the user decrypts the Data.
The following is a simplified derivation of the privacy reading process:
a. private read (signed _ Data _ hash, PK1, step 0) - > Data.
b. Private read (signed _ data _ hash, PK1, step ═ 1) - > M shares decrypt the shared fragment (sData1, sData3, sData).
Formula a is the whole private Data reading process, the result Data is plaintext, and formula b executes the steps (1b-3b) to read the partial result of the private Data, the result is ciphertext, and the subsequent private calculation process is served.
In step S2, the privacy calculation specifically includes: the privacy calculation is performed on private data of multiple parties, each participating party performs privacy storage and then performs privacy calculation, each participating party comprises multiple data owners and data users, the following describes a privacy calculation process by taking four parties (A, B, C and D) as an example, the party A, B, C is a data owner, the party D is a data user, and D is to perform calculation by using data of three parties A, B, C.
First, the privacy storing step includes the following steps:
a. the method comprises the following steps that a participant A uploads Data A _ Data to a privacy computing network through a DAPP (Data privacy protocol) step, and the privacy computing network returns to a public key PK1a of the participant A and a block chain signature signed _ adata _ hash of the A _ Data;
privacy store (AData) - > (signed _ AData _ hash + PK1 a);
b. the participant B uploads the Data B _ Data to a privacy computing network through a privacy storage step, and the privacy computing network returns to the public key PK1B of the participant B and the block chain signature signed _ bdata _ hash of the B _ Data;
privacy store (BData) - > (signed _ BData _ hash + PK1 b);
c. the participator C uploads the Data C _ Data to a privacy computing network through a DAPP step, and the privacy computing network returns to a public key PK1C of the participator C and a block chain signature signed _ cdata _ hash of the C _ Data;
private store (CData) - > (signed _ CData _ hash + PK1 c).
Second, the obtaining of the privacy computation function includes the following steps:
(1b) participant D connects to the gateway of a private compute node in the private compute peer-to-peer network layer through the DAPP, applies for the private compute, the gateway returns to the DAPP a public key PK1D, the DAPP then sends the data to be computed:
CalData (signed _ adata _ hash, PK1a, signed _ bdata _ hash, PK1b, signed _ cdata _ hash, PK1c), public key PK1d and privacy computation function sf (x) are issued to the gateway;
(2b) CalData (signed _ adata _ hash, PK1a, signed _ bdata _ hash, PK1b, signed _ cdata _ hash, PK1c) and a privacy computation function sf (x) are issued to the consensus engine;
(8) the consensus engine sends the calculation task to the block chain gateway to request privacy calculation task records;
(9) the block chain gateway sends a privacy-calculated data signature hash _ cal _ data and a privacy-calculated function hash _ sF (x) to a block chain network;
(10) the block chain network informs that the privacy calculation task of the block chain gateway is successfully recorded;
(11) the block chain gateway informs the consensus engine of successful calculation of the privacy calculation task;
(3e) the consensus engine deploys a privacy computation function hash _ sF (x) to the homomorphic computation unit, so that the privacy data can be conveniently computed.
Thirdly, after the steps of a, b and c of privacy storage are completed,
the consensus engine executes privacy reading and sends the privacy reading to the loading and decryption fragmentation unit for loading to obtain data as follows:
privacy read (signed _ adata _ hash, PK1a, step ═ 1) - > M share a decrypt shared fragment (sAData1, sAData3
Private read (signed _ bata _ hash, PK1B, step ═ 1) - > M parts B decrypt shared fragment (sBData1, sBData10
Private read (signed _ bata _ hash, PK1b, step ═ 1) - > M shares C decrypt shared fragment (scddata 1, scddata 15
A step of performing privacy computation on the privacy data by using a privacy computation function hash _ sF (x):
(3c) loading the decryption fragment, and sending M parts of A decryption shared fragments, M parts of B decryption shared fragments and M parts of C decryption shared fragments to a homomorphic calculation unit for calculation to obtain calculated results, wherein the M parts of A decryption shared fragment calculation results (sAData1_ cal, sAData3_ cal, sADataM _ cal), the M parts of B decryption shared fragment calculation results (sBData1_ cal, sBData3_ cal, sBDataM _ cal), the M parts of C decryption shared fragment calculation results (sCData1_ cal, sCD 3_ cal, sCDataM _ cal);
(4c) the homomorphic calculation unit sends the calculation results of M parts of A decrypted shared segments, the calculation results of M parts of B decrypted shared segments and the calculation results of M parts of C decrypted shared segments to the data aggregation unit, the data aggregation unit is combined according to rules, and three ciphertext calculation results are obtained after aggregation:
sAData1_cal,sBData1_cal,sCData1_cal;
(5b) the data aggregation unit calculates the results of three or ciphertext calculations:
sAData1_cal,sBData1_cal,sCData1_cal
sending the data to a decryption unit for decryption to obtain plaintext adata _ cal, bdata _ cal and cdata _ cal, wherein adata _ cal is a privacy calculation result of data (signed _ adata _ hash + PK1a) of the participant A, bdata _ cal is a privacy calculation result of data (signed _ bdata _ hash + PK1B) of the participant B, and cdata _ cal is a privacy calculation result of data (signed _ cdata _ hash + PK1C) of the participant C;
(7b) and the gateway sends the three plaintext results adata _ cal, bdata _ cal and cdata _ cal of the privacy calculation to the DAPP of the participant D, so that the whole privacy calculation process is completed.
The following is a simplified derivation formula of the privacy computation process ((signed _ AData _ hash, PK1a), (signed _ BData _ hash, PK1b), (signed _ CData _ hash, PK1c),. ·, (block chain credentials for other party data, public keys for other parties), public keys for the using party) > (AData _ cal, BData _ cal, CData _ cal. ·, results of privacy data computation for other parties).
The sequence numbers in the above steps are the corresponding flow paths in fig. 2, which is convenient for corresponding to the respective flows in fig. 2, and are not actual sequencing numbers.
The privacy security management system and the method based on the block chain are based on the block chain technology, and realize the technical scheme of combining multi-party privacy computation on privacy data, wherein privacy storage can ensure that all data added into a platform are private, and the privacy computation loads decrypted data fragments (ciphertext) stored in the privacy storage into a homomorphic computing unit through privacy reading to execute the privacy computation to obtain privacy computation fragment results (ciphertext), and then aggregates the privacy computation fragment results (ciphertext) in a data aggregation unit to obtain the whole computation result (plaintext).
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (7)
1. A privacy security management system based on a block chain is characterized by comprising a DAPP application layer, a privacy computation point-to-point network layer and a block chain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation, and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation.
2. The blockchain-based privacy security management system of claim 1, wherein the DAPP application layer includes a plurality of DAPPs, the privacy computing peer-to-peer network layer includes a plurality of privacy computing nodes, the blockchain network layer includes a plurality of blockchain nodes, the DAPP is communicatively coupled to the privacy computing nodes through a privacy computing node gateway, and the privacy computing nodes are communicatively coupled to the blockchain nodes through a blockchain gateway.
3. The blockchain-based privacy security management system of claim 2, wherein the privacy computing peer-to-peer network layer further comprises:
the encryption unit is used for carrying out encryption processing on the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
a storage unit for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
4. A privacy security management method based on a blockchain, which is applied to the privacy security management system based on a blockchain of any one of claims 1 to 3, and is characterized by comprising the following steps:
s1, the user is connected to the gateway of any privacy computation node in the privacy computation point-to-point network layer through DAPP, applies for encrypted data, and sends the privacy data to the gateway of the privacy computation node;
s2, the gateway of the privacy computation node receives the privacy data, and interacts between the privacy computation point-to-point network layer and the block chain network to complete privacy storage, privacy reading and privacy computation;
and S3, transmitting the results of the privacy storage, the privacy reading and the privacy calculation back to the DAPP through the gateway of the privacy calculation node.
5. The privacy security management method based on the block chain according to claim 4, wherein in the step S2, the privacy storage specifically includes the following steps:
the gateway of the privacy computing node sends the privacy data to the encryption unit, and the encryption unit encrypts the privacy data to obtain a ciphertext;
the encryption unit sends the ciphertext to the decryption slicing unit, and the decryption slicing unit divides the privacy ciphertext into N decryption shared segments;
the decryption fragmentation unit sends the decrypted sharing fragments to a consensus engine to request storage;
the consensus engine requests the storage unit and stores the decrypted sharing segment into the data persistence unit;
the data persistence unit stores the decrypted sharing segment and then sends the decrypted sharing segment to a storage certificate of the storage unit for decrypting the sharing segment;
the storage unit sends the storage certificate for decrypting the shared segment to the consensus engine to request to record data to the block link point;
the consensus engine forwards the storage certificate for decrypting the shared segment to the blockchain gateway;
the block chain network is connected to the block chain network, and the storage certificate of the decrypted sharing segment is delivered to the block chain network, and the block chain network records the storage certificates;
the blockchain network returns the blockchain signature of the storage certificate of the decrypted shared segment to the blockchain gateway;
the blockchain gateway sends the blockchain signature of the decrypted shared segment to the consensus engine;
the consensus engine returns the block chain signature of the storage certificate of the decrypted shared segment to the gateway of the privacy computing node;
the gateway of the private compute node returns the blockchain signature and public key of the stored credential to the DAPP.
6. The privacy security management method based on the block chain according to claim 5, wherein in the step S2, the privacy reading specifically includes the following steps:
a user sends a block chain signature and a public key of private data to a gateway of a private computing node through DAPP;
the gateway of the privacy computation node verifies that the public key corresponds to the block chain signature one by one, and then sends the block chain signature of the encrypted data to the consensus engine to apply for data decryption;
the consensus engine sends the blockchain signature of the encrypted data to a blockchain gateway to request for reading a blockchain account book of the data;
after receiving the reading request, the block chain gateway sends a block chain signature of the encrypted data to a block chain network layer;
the block chain network finds the account book information of the encrypted data and returns the storage certificate of the decryption sharing segment of the encrypted data to the block chain gateway;
the block chain gateway sends the obtained storage certificate of the decrypted shared segment of the encrypted data to the consensus engine;
the consensus engine sends the storage certificate of the decryption shared segment of the encrypted data to the storage unit to request to load the data;
the storage unit loads data from the data persistence unit according to the storage certificate of the decryption sharing segment to obtain the decryption sharing segment;
the storage unit sends the decrypted sharing segment to the consensus engine;
the consensus engine sends the decryption shared segment to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments, wherein M is less than N;
the encryption and decryption fragments send M decryption shared fragments to the data aggregation unit;
the data aggregation unit combines the M decrypted shared segments according to rules to form new overall encrypted data, and sends the new overall encrypted data to the decryption unit;
the decryption unit decrypts the encrypted data to obtain plaintext data, and then sends the plaintext data to a gateway of the privacy computation node;
and the gateway of the privacy computing node sends the data obtained by decryption to the DAPP of the user.
7. The block chain-based privacy security management system and method according to claim 6, wherein in step S2, the privacy calculation specifically includes: the privacy calculation is performed on private data of multiple parties, each participating party performs privacy storage and then performs privacy calculation, each participating party comprises multiple data owners and data users, and the privacy calculation comprises the following steps:
and (4) private storage: the data owner uploads respective data to a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), and the privacy computing point-to-point network layer stores the data through a privacy storage step and returns respective public keys and block chain signatures of the data owner;
obtaining a privacy calculation function: the data user is connected to a gateway of a privacy computation node in a privacy computation point-to-point network layer through the DAPP, applies for privacy computation, and the gateway returns a public key to the DAPP; then, the DAPP sends the data to be calculated, the public key and the privacy calculation function to a gateway of the privacy calculation node, and the gateway sends the data to be calculated and the privacy calculation function to a consensus engine; the consensus engine sends the calculation task to the block chain gateway to request privacy calculation task records, and the block chain gateway sends the privacy calculation data signature and the privacy calculation function to the block chain network; the blockchain network informs the blockchain gateway that the privacy calculation task is successfully recorded, and the blockchain gateway informs the consensus engine that the privacy calculation task is successfully calculated; the consensus engine deploys the privacy calculation function to the homomorphic calculation unit, so that the privacy data can be conveniently calculated;
the privacy calculation process comprises the following steps: the consensus engine executes privacy reading on data stored by each data owner, the data are sent to the loading and decryption fragmentation unit to be loaded to obtain M decryption shared fragments of each data owner, the loading and decryption fragmentation sends the M decryption shared fragments of each data owner to the homomorphic calculation unit to be calculated by using a privacy calculation function, and a calculated result is obtained;
returning of privacy calculation results: the homomorphic calculation unit sends the calculation results of the M decrypted shared segments of each data owner to the data aggregation unit, and the data aggregation unit combines the calculation results according to the rules to obtain the ciphertext of each data owner; the data aggregation unit sends the ciphertext calculation result of each data owner to the decryption unit to decrypt to obtain a plaintext; and the gateway of the privacy calculation node sends each plaintext result of the privacy calculation to the DAPP of each party, so that the whole privacy calculation process is completed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110097676.7A CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110097676.7A CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112887399A true CN112887399A (en) | 2021-06-01 |
CN112887399B CN112887399B (en) | 2022-10-25 |
Family
ID=76051105
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110097676.7A Active CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112887399B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118250350A (en) * | 2024-05-24 | 2024-06-25 | 杭州金智塔科技有限公司 | Multiparty privacy computing communication system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020123926A1 (en) * | 2018-12-13 | 2020-06-18 | Login Id Inc. | Decentralized computing systems and methods for performing actions using stored private data |
CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
CN111507712A (en) * | 2020-04-09 | 2020-08-07 | 链博(成都)科技有限公司 | User privacy data management method, system and terminal based on block chain |
-
2021
- 2021-01-25 CN CN202110097676.7A patent/CN112887399B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020123926A1 (en) * | 2018-12-13 | 2020-06-18 | Login Id Inc. | Decentralized computing systems and methods for performing actions using stored private data |
CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
CN111507712A (en) * | 2020-04-09 | 2020-08-07 | 链博(成都)科技有限公司 | User privacy data management method, system and terminal based on block chain |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118250350A (en) * | 2024-05-24 | 2024-06-25 | 杭州金智塔科技有限公司 | Multiparty privacy computing communication system and method |
Also Published As
Publication number | Publication date |
---|---|
CN112887399B (en) | 2022-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109587132B (en) | Data transmission method and device based on alliance chain | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
CN110011795B (en) | Symmetric group key negotiation method based on block chain | |
CN112906030B (en) | Data sharing method and system based on multi-party homomorphic encryption | |
CN111368318B (en) | Object tracking method for multi-mode blockchain transaction | |
CN110599163B (en) | Transaction record outsourcing method facing block chain transaction supervision | |
CN111275202A (en) | Machine learning prediction method and system for data privacy protection | |
CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
CN106656997B (en) | One kind being based on the cross-domain friend-making method for secret protection of mobile social networking proxy re-encryption | |
CN106209790B (en) | Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy | |
CN112862616B (en) | Secure multi-party computing method, device and storage medium supporting block chain | |
CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
CN103534975A (en) | Discovery of security associations for key management relying on public keys | |
CN111639345B (en) | Method and system for secure multi-party cloud computing based on homomorphic encryption | |
WO2014078951A1 (en) | End-to-end encryption method for digital data sharing through a third party | |
CN118337367B (en) | Intelligent networking vehicle track prediction method and related device based on federal learning | |
CN107767281A (en) | A kind of friend-making matching method for secret protection and system based on two degree of human connections of mobile social networking | |
CN113972981A (en) | Efficient threshold signature method based on SM2 cryptographic algorithm | |
CN106412087A (en) | Method and system for sharing ownership proofs | |
US10530581B2 (en) | Authenticated broadcast encryption | |
CN114915401A (en) | Verifiable homomorphic proxy re-encryption method and system | |
CN115834067A (en) | Ciphertext data sharing method in edge cloud collaborative scene | |
CN112887399B (en) | Privacy security management system based on block chain | |
CN118133985A (en) | Task processing method, device, system and medium | |
CN112152808B (en) | Multi-party collaborative digital signature method based on SM2 algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Bai Xin Inventor after: Tian Fang Inventor after: Luo Yuan Inventor after: Lu Xiao Inventor after: Tang Weidong Inventor before: Bai Xin Inventor before: Lu Xiao Inventor before: Tang Weidong |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |