CN112887399B - Privacy security management system based on block chain - Google Patents
Privacy security management system based on block chain Download PDFInfo
- Publication number
- CN112887399B CN112887399B CN202110097676.7A CN202110097676A CN112887399B CN 112887399 B CN112887399 B CN 112887399B CN 202110097676 A CN202110097676 A CN 202110097676A CN 112887399 B CN112887399 B CN 112887399B
- Authority
- CN
- China
- Prior art keywords
- privacy
- data
- calculation
- block chain
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004364 calculation method Methods 0.000 claims abstract description 131
- 238000007726 management method Methods 0.000 claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000004891 communication Methods 0.000 claims abstract description 6
- 239000012634 fragment Substances 0.000 claims description 32
- 238000013467 fragmentation Methods 0.000 claims description 25
- 238000006062 fragmentation reaction Methods 0.000 claims description 25
- 230000002776 aggregation Effects 0.000 claims description 21
- 238000004220 aggregation Methods 0.000 claims description 21
- 230000002688 persistence Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 11
- 238000013500 data storage Methods 0.000 claims description 4
- 239000004743 Polypropylene Substances 0.000 claims description 3
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- -1 polypropylene Polymers 0.000 claims description 3
- 229920001155 polypropylene Polymers 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 5
- KAICRBBQCRKMPO-UHFFFAOYSA-N phosphoric acid;pyridine-3,4-diamine Chemical compound OP(O)(O)=O.NC1=CC=NC=C1N KAICRBBQCRKMPO-UHFFFAOYSA-N 0.000 abstract 2
- 230000006870 function Effects 0.000 description 12
- 238000009795 derivation Methods 0.000 description 3
- 241001175904 Labeo bata Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a privacy security management system and a method based on a blockchain, wherein the system comprises a DAPP application layer, a privacy calculation point-to-point network layer and a blockchain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy calculation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; and the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation. The privacy security management system and method based on the block chain provided by the invention have the advantages that based on the block chain technology, multiple parties which are not credible mutually are enabled to realize the private storage and reading of data and the linked sum calculation on respective private data sets under the scheduling of the block chain.
Description
Technical Field
The invention relates to the technical field of privacy security management, in particular to a privacy security management system and method based on a block chain.
Background
With the rapid development of the internet, the privacy disclosure problem is more and more serious, personal privacy data are easily disclosed when being applied and are unknown by individuals, the individuals and organizations do some bad things with different usefulness, governments, enterprises and public institutions and personal data are stored in plain texts, safety protection is seriously insufficient, once the data are disclosed, irreparable loss is caused, the data are uncontrollable after being sent out, and the governments, the enterprises and public institutions and individuals are inconvenient or do not have power to share the data, so that the problem of insufficient cooperation is caused. In view of the above situation, it is important to provide a scheme for implementing private storage of data and associated management on respective private data sets by multiple untrusted parties under the scheduling of a block chain.
Disclosure of Invention
The invention aims to provide a privacy security management system and a method based on a block chain, which enable multiple mutually untrusted parties to realize private storage and reading of data and linked calculation on respective private data sets under the scheduling of the block chain based on the block chain technology.
In order to achieve the purpose, the invention provides the following scheme:
a privacy security management system based on a blockchain comprises a DAPP (distributed application) application layer, a privacy computation point-to-point network layer and a blockchain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; and the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation.
Further, the DAPP application layer includes a plurality of DAPPs, the privacy computation peer-to-peer network layer includes a plurality of privacy computation nodes, the blockchain network layer includes a plurality of blockchain nodes, the DAPP is communicatively connected to the privacy computation nodes through gateways of the privacy computation nodes, and the privacy computation nodes are communicatively connected to the blockchain nodes through the blockchain gateways.
Further, the private computing peer-to-peer network layer further comprises:
the encryption unit is used for encrypting the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
the storage unit is used for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
The invention also provides a privacy security management method based on the block chain, which is applied to the privacy security management system based on the block chain and comprises the following steps:
s1, a user is connected to a gateway of any privacy computation node in a privacy computation point-to-point network layer through DAPP (digital Address protocol), applies for encrypted data and sends the privacy data to the gateway of the privacy computation node;
s2, a gateway of the privacy computing node receives the privacy data, and interaction is carried out between a privacy computing point-to-point network layer and a block chain network to complete privacy storage, privacy reading and privacy computing;
and S3, transmitting the results of the privacy storage, the privacy reading and the privacy calculation back to the DAPP through the gateway of the privacy calculation node.
Further, in step S2, the privacy storage specifically includes the following steps:
the gateway of the privacy computing node sends the privacy data to the encryption unit, and the encryption unit encrypts the privacy data to obtain a ciphertext;
the encryption unit sends the ciphertext to the decryption slicing unit, and the decryption slicing unit divides the privacy ciphertext into N decryption shared segments;
the decryption fragmentation unit sends the decrypted sharing fragments to a consensus engine to request storage;
the consensus engine requests the storage unit and stores the decrypted sharing segment into the data persistence unit;
the data persistence unit stores the decrypted sharing segment and then sends the decrypted sharing segment to a storage certificate of the storage unit for decrypting the sharing segment;
the storage unit sends the storage certificate for decrypting the shared segment to the consensus engine to request to record data to the block link point;
the consensus engine forwards the memory certificate for decrypting the shared segment to the blockchain gateway;
the block chain network is connected to the block chain network, and the storage certificate of the decrypted sharing segment is delivered to the block chain network, and the block chain network records the storage certificates;
the blockchain network returns the blockchain signature of the storage certificate of the decrypted shared segment to the blockchain gateway;
the blockchain gateway sends the blockchain signature of the decrypted shared segment to the consensus engine;
the consensus engine returns the block chain signature of the storage certificate of the decrypted shared segment to the gateway of the private computing node;
the gateway of the private compute node returns the blockchain signature and public key of the stored credential to the DAPP.
Further, in step S2, the privacy reading specifically includes the following steps:
a user sends a block chain signature and a public key of private data to a gateway of a private computing node through DAPP;
the gateway of the privacy computation node verifies that the public key corresponds to the block chain signature one by one, and then sends the block chain signature of the encrypted data to the consensus engine to apply for data decryption;
the consensus engine sends the blockchain signature of the encrypted data to a blockchain gateway to request for reading a blockchain account book of the data;
after receiving the reading request, the block chain gateway sends a block chain signature of the encrypted data to a block chain network layer;
the block chain network finds the account book information of the encrypted data and returns the storage certificate of the decryption sharing segment of the encrypted data to the block chain gateway;
the block chain gateway sends the obtained storage certificate of the decryption shared segment of the encrypted data to the consensus engine;
the consensus engine sends the storage certificate of the decryption shared segment of the encrypted data to the storage unit to request to load the data;
the storage unit loads data from the data persistence unit according to the storage certificate of the decryption shared segment to obtain the decryption shared segment;
the storage unit sends the decrypted sharing segment to the consensus engine;
the consensus engine sends the decryption shared segment to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments, wherein M is less than N;
the encryption and decryption fragments send M decryption shared fragments to the data aggregation unit;
the data aggregation unit combines the M decrypted shared segments according to rules to form new overall encrypted data, and sends the new overall encrypted data to the decryption unit;
the decryption unit decrypts the encrypted data to obtain plaintext data, and then sends the plaintext data to a gateway of the privacy computation node;
and the gateway of the privacy calculation node sends the data which is decrypted to obtain the plaintext to the DAPP of the user.
Further, in step S2, the privacy calculation specifically includes: the privacy calculation is carried out on private data of multiple parties, each party carries out privacy storage and then carries out privacy calculation, each party comprises multiple data owners and data users, and the privacy calculation comprises the following steps:
data storage: the data owner uploads respective data to a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), and the privacy computing point-to-point network layer stores the data through a privacy storage step and returns respective public keys and block chain signatures of the data owner;
obtaining a privacy calculation function: the data user is connected to a gateway of a privacy computing node in a privacy computing point-to-point network layer through the DAPP, applies for privacy computing, and the gateway returns a public key to the DAPP; then, the DAPP sends the data to be calculated, the public key and the privacy calculation function to a gateway of the privacy calculation node, and the gateway sends the data to be calculated and the privacy calculation function to a consensus engine; the consensus engine sends the calculation task to the block chain gateway to request privacy calculation task records, and the block chain gateway sends the privacy calculation data signature and the privacy calculation function to the block chain network; the blockchain network informs the blockchain gateway that the privacy calculation task is successfully recorded, and the blockchain gateway informs the consensus engine that the privacy calculation task is successfully calculated; the consensus engine deploys the privacy calculation function to the homomorphic calculation unit, so that the privacy data can be conveniently calculated;
the privacy calculation process comprises the following steps: the consensus engine executes privacy reading on data stored by each data owner, the data are sent to the loading and decryption fragmentation unit to be loaded to obtain M decryption shared fragments of each data owner, the loading and decryption fragmentation sends the M decryption shared fragments of each data owner to the homomorphic calculation unit to be calculated by using a privacy calculation function, and a calculated result is obtained;
and returning a privacy calculation result: the homomorphic calculation unit sends the calculation results of the M decrypted shared segments of each data owner to the data aggregation unit, and the data aggregation unit combines the calculation results according to rules to obtain the ciphertext of each data owner; the data aggregation unit sends the ciphertext calculation result of each data owner to the decryption unit to decrypt to obtain a plaintext; and the gateway of the privacy calculation node sends each plaintext result of the privacy calculation to the DAPP of each party, so that the whole privacy calculation process is completed.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the privacy security management system and the method based on the block chain are based on the block chain technology, and realize the technical scheme of combining multi-party privacy computation on privacy data, the privacy storage can ensure that all data added into a platform are private, the privacy computation loads decrypted data fragments (ciphertext) stored in the privacy storage into a homomorphic computing unit through privacy reading to execute the privacy computation to obtain privacy computation fragment results (ciphertext), and then the data aggregation unit aggregates the privacy computation fragment results (ciphertext) to obtain the whole computation result (plaintext).
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of a block chain-based privacy security management system according to the present invention;
fig. 2 is a flowchart of a privacy security management method based on a block chain according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a privacy security management system and a method based on a block chain, which enable multiple mutually untrusted parties to realize private storage and reading of data and linked calculation on respective private data sets under the scheduling of the block chain based on the block chain technology.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As shown in fig. 1, the privacy security management system based on the blockchain according to the embodiment of the present invention includes a DAPP application layer, a privacy computation peer-to-peer network layer, and a blockchain network layer, which are sequentially connected in a communication manner, where the DAPP application layer is configured to issue privacy storage, privacy reading, and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; and the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation.
The DAPP application layer comprises a plurality of DAPPs, the privacy calculation point-to-point network layer comprises a plurality of privacy calculation nodes, the blockchain network layer comprises a plurality of blockchain nodes, the DAPPs are in communication connection with the privacy calculation nodes through gateways of the privacy calculation nodes, and the privacy calculation nodes are in communication connection with the blockchain nodes through the blockchain gateways.
The private computing peer-to-peer network layer further comprises:
the encryption unit is used for encrypting the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
a storage unit for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
As shown in fig. 2, the present invention further provides a privacy security management method based on a block chain, which is applied to the privacy security management system based on a block chain, and includes the following steps:
s1, a user is connected to a gateway of any privacy computation node in a privacy computation point-to-point network layer through DAPP (digital Address protocol), applies for encrypted data and sends the privacy data to the gateway of the privacy computation node;
s2, a gateway of the privacy calculation node receives the privacy data, and interaction is carried out between a privacy calculation point-to-point network layer and a block chain network to complete privacy storage, privacy reading and privacy calculation;
and S3, transmitting the results of the privacy storage, the privacy reading and the privacy calculation back to the DAPP through the gateway of the privacy calculation node.
In step S2, the privacy storage specifically includes the following steps:
(1) A user is connected to a gateway of a privacy computing node in a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), applies for encrypted Data and sends Data (private key, photo, video and document) of the privacy Data to the gateway;
(2) The gateway of the privacy computing node then sends the Data to the encryption unit, and the encryption unit encrypts the privacy Data to obtain a ciphertext sData;
(3) The encryption unit sends the sData to the decryption fragmentation unit, and the decryption fragmentation unit then divides the sData into N decryption shared fragments (sData 1, sData 2., sDataN);
(4) The decryption fragmentation unit then sends the decrypted shared fragment (sData 1, sData 2.,. SDataN) to the consensus engine to request storage;
(5) The consensus engine requests the storage unit to store the decrypted shared segment (sData 1, sData 2.,. SDataN) in the data persistence unit;
(6) The data persistence unit stores the decrypted shared segment (sData 1, sData2,.. SDatan) and then sends the storage certificate (hash _ sData1, hash _ sData2,.. SDatan, hash _ sDatan) of the decrypted shared segment to the storage unit;
(7) The storage unit sends storage certificates (hash _ sData1, hash _ sData2, hash _ sDatan) for decrypting the shared segments to the consensus engine to request to record data on the block chain;
(8) The consensus engine forwards the storage certificate (hash _ sData1, hash _ sData2,., hash _ sDataN) of the decrypted shared segment to the block chain gateway;
(9) The block chain network is connected to the block chain network, and the storage certificates (hash _ sData1, hash _ sData2, hash _ sDatan) for decrypting the shared segments are delivered to the block chain network, and the block chain network records the storage certificates;
(10) The block chain network returns the block chain signature signed _ data _ hash of the storage certificate of the decrypted sharing segment to the block chain gateway;
(11) The block chain gateway sends the decrypted block chain signature signed _ data _ hash of the shared segment to the consensus engine;
(12) The consensus engine returns the block chain signature signed _ data _ hash of the storage certificate of the decrypted sharing segment to the gateway;
(13) And the gateway returns the block chain signature signed _ data _ hash of the stored certificate and the public key PK1 to the DAPP.
The following is a simplified derivation formula for the privacy save process:
the privacy store (Data) - > (signed _ Data _ hash + PK 1).
In step S2, the privacy reading specifically includes the following steps:
(1b) The user is connected to a gateway of a privacy computation node in a privacy computation point-to-point network layer through DAPP (digital Address protocol), applies for data decryption, and sends a block chain signature signed _ data _ hash and a public key PK1 of the data to the gateway;
(2b) The gateway verifies that the public keys PK1 correspond to the block chain signatures signed _ data _ hash one by one, and then sends the block chain signatures signed _ data _ hash of the encrypted data to the consensus engine for data decryption;
(8) The consensus engine sends the block chain signature signed _ data _ hash of the encrypted data to a block chain account book of the block chain gateway for requesting to read the data;
(9) And after receiving the reading request, the block chain gateway sends the signed _ data _ hash of the block chain signature of the encrypted data to the block chain network.
(10) The block chain network finds the account book information of the encrypted data and returns storage certificates (hash _ sData1, hash _ sData2, and hash _ sDatan) of the decrypted and shared segments of the encrypted data to the block chain gateway;
(11) The block chain gateway sends the obtained storage certificates (hash _ sData1, hash _ sData2, and hash _ sDatan) of the decrypted shared segments of the encrypted data to the consensus engine;
(5) Sending storage certificates (hash _ sData1, hash _ sData2, hash _ sDatan) of the decrypted shared segments of the encrypted data to the storage unit by the consensus engine to request to load the data;
(6) The storage unit loads data from the data persistence unit according to storage certificates (hash _ sData1, hash _ sData2, and hash _ sDatan) of the decryption shared segments to obtain the decryption shared segments (sData 1, sData2, and sDatan);
(7) The storage unit sends the decrypted shared segment (sData 1, sData2,.. SDataN) to the consensus engine;
(3b) The consensus engine sends the decryption shared segments (sData 1, sData2, sData, sDataN) to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments (sData 1, sData3, sData, sDataM), wherein M < N;
(4b) The encryption and decryption fragmentation unit sends M decryption shared fragments (sData 1, sData3 and sDataM) to the data aggregation unit;
(5b) The data aggregation unit combines M decryption sharing segments (sData 1, sData3,.., sDataM) according to rules to form new integral encryption data sData, and sends the new integral encryption data sData to the decryption unit;
(6b) The decryption unit decrypts the encrypted Data to obtain Data of a plaintext, and then sends the Data to the gateway;
(7b) The gateway sends the decrypted Data to the user's DAPP, so that the user decrypts the Data.
The following is a simplified derivation formula for the privacy reading process:
a. private read (signed _ Data _ hash, PK1, step = 0) - > Data.
b. Private read (signed _ data _ hash, PK1, step = 1) - > M shares decrypt the shared fragment (sData 1, sData3, sDataM).
Formula a is the whole private Data reading process, the result Data is plaintext, and formula b executes the steps (1 b-3 b) to read the partial result of the private Data, the result is ciphertext, and the subsequent private calculation process is served.
In step S2, the privacy calculation specifically includes: the privacy calculation is carried out on private data of multiple parties, each participating party carries out privacy storage and then carries out privacy calculation, each participating party comprises multiple data owners and data users, the privacy calculation process is described by taking four participating parties (A, B, C and D) as an embodiment, the participating parties A, B and C are data owners, the participating party D is a data user, and D needs to carry out calculation by using data of the three parties A, B and C.
First, the privacy storing step includes the following steps:
a. the method comprises the following steps that a participant A uploads Data A _ Data to a privacy computing network through a DAPP (Data and privacy protocol) step, and the privacy computing network returns a block chain signature signed _ adata _ hash of a public key PK1a and A _ Data of the participant A;
privacy store (AData) - > (signed _ AData _ hash + PK1 a);
b. the participant B uploads the Data B _ Data to a privacy computing network through a privacy storage step, and the privacy computing network returns a block chain signature signed _ bdata _ hash of a public key PK1B and the B _ Data of the participant B;
privacy store (BData) - > (signed _ BData _ hash + PK1 b);
c. the participator C uploads the Data C _ Data to a privacy computing network through a DAPP (Data and privacy protocol) step, and the privacy computing network returns a public key PK1C of the participator C and a block chain signature signed _ cdata _ hash of the Data C _ Data;
privacy store (CData) - > (signed _ CData _ hash + PK1 c).
Second, the obtaining of the privacy computation function includes the following steps:
(1b) The participant D is connected to a gateway of a privacy computing node in a privacy computing point-to-point network layer through the DAPP, applies for privacy computing, the gateway returns a public key PK1D to the DAPP, and the DAPP then sends data to be computed:
CalData (signed _ adata _ hash, PK1a, signed _ bdata _ hash, PK1b, signed _ cdata _ hash, PK1 c), a public key PK1d and a privacy calculation function sf (x) are sent to the gateway;
(2b) CalData (signed _ adata _ hash, PK1a, signed _ bdata _ hash, PK1b, sign d _ cdata _ hash, PK1 c) and a privacy computation function sF (x) are sent to a consensus engine;
(8) The consensus engine sends the calculation task to the block chain gateway to request privacy calculation task records;
(9) The block chain gateway sends a privacy-calculated data signature hash _ cal _ data and a privacy calculation function hash _ sF (x) to a block chain network;
(10) The block chain network informs that the privacy calculation task of the block chain gateway is successfully recorded;
(11) The block chain gateway informs the consensus engine of successful calculation of the privacy calculation task;
(3e) The consensus engine deploys the privacy calculation function hash _ sF (x) to the homomorphic calculation unit, so that the privacy data can be conveniently calculated.
Thirdly, after the steps of a, b and c privacy storage are completed,
the consensus engine executes privacy reading and sends the privacy reading to the loading and decryption fragmentation unit for loading to obtain data as follows:
privacy read (signed _ adata _ hash, PK1a, step = 1) - > M shares a decrypt shared fragment (sAData 1, sAData3
Private read (signed _ bata _ hash, PK1B, step = 1) - > M shares B decrypt shared fragment (sBData 1, sBData10
Private read (signed _ bata _ hash, PK1b, step = 1) - > M parts C decrypt shared fragment (scddata 1, scddata 15,
a step of performing privacy computation on the privacy data by using a privacy computation function hash _ sF (x):
(3c) Loading the decryption fragments, and sending M parts of A decryption shared fragments, M parts of B decryption shared fragments, M parts of C decryption shared fragments to a homomorphic calculation unit for calculation to obtain a calculated result, wherein M parts of A decryption shared fragment calculation results (sAData 1_ cal, sAData3_ cal, sAData M _ cal), M parts of B decryption shared fragment calculation results (sBData 1_ cal, sBData3_ cal, sBDataM _ cal), M parts of C decryption shared fragment calculation results (sCData 1_ cal, sCData3_ cal, sCDataM _ cal);
(4c) The homomorphic calculation unit sends M parts of the calculation results of the decryption shared segments A, M parts of the calculation results of the decryption shared segments B and M parts of the calculation results of the decryption shared segments C to the data aggregation unit, the data aggregation unit combines the calculation results of the decryption shared segments B and M parts of the calculation results of the decryption shared segments C according to rules, and three ciphertext calculation results are obtained after aggregation:
sAData1_cal,sBData1_cal,sCData1_cal;
(5b) The data aggregation unit calculates the results of three or ciphertext calculations:
sAData1_cal,sBData1_cal,sCData1_cal
sending the data to a decryption unit for decryption to obtain plaintext adata _ cal, bdata _ cal and cdata _ cal, wherein adata _ cal is a privacy calculation result of data (signed _ adata _ hash + PK1 a) at the participant a, bdata _ cal is a privacy calculation result of data (signed _ bdata _ hash + PK 1B) at the participant B, and cdata _ cal is a privacy calculation result of data (signed _ cdata _ hash + PK 1C) at the participant C;
(7b) And the gateway sends three plaintext results adata _ cal, bdata _ cal and cdata _ cal of the privacy calculation to the DAPP of the participant D, so that the whole privacy calculation process is completed.
The following is a simplified derivation formula of the privacy calculation process ((signed _ AData _ hash, PK1 a), (signed _ BData _ hash, PK1 b), (signed _ CData _ hash, PK1 c),., (block chain credentials for other participant data, public keys for other participants), public key for the using party) - > (AData _ cal, BData _ cal, CData _ cal., privacy data calculation results for other participants).
The sequence numbers in the above steps are the corresponding flow paths in fig. 2, which is convenient for corresponding to the respective flows in fig. 2, and are not actual sequencing numbers.
The privacy security management system and the method based on the block chain are based on the block chain technology, and realize the technical scheme of combining multi-party privacy computation on privacy data, wherein privacy storage can ensure that all data added into a platform are private, and the privacy computation loads decrypted data fragments (ciphertext) stored in the privacy into a homomorphic computing unit through privacy reading to execute the privacy computation to obtain privacy computation fragment results (ciphertext), and then aggregates the privacy computation fragment results (ciphertext) in a data aggregation unit to obtain the whole computation result (plaintext).
The principle and the embodiment of the present invention are explained by applying specific examples, and the above description of the embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (3)
1. A privacy security management system based on a block chain is characterized by comprising a DAPP application layer, a privacy computation point-to-point network layer and a block chain network layer which are sequentially in communication connection, wherein the DAPP application layer is used for issuing privacy storage, privacy reading and privacy computation tasks; the privacy computation point-to-point network layer is used for privacy storage, privacy reading and multi-party privacy computation on data stored in the privacy storage; the block chain network layer is used for controlling privacy storage, privacy reading and privacy calculation, and commanding the privacy calculation point-to-point network layer to complete multiparty security privacy calculation;
the privacy security management method based on the block chain of the privacy security management system based on the block chain comprises the following steps:
s1, a user is connected to a gateway of any privacy calculation node in a privacy calculation point-to-point network layer through a DAPP (digital Address protocol), applies for encrypted data and sends the privacy data to the gateway of the privacy calculation node;
s2, a gateway of the privacy calculation node receives the privacy data, and interaction is carried out between a privacy calculation point-to-point network layer and a block chain network to complete privacy storage, privacy reading and privacy calculation;
s3, the results of the privacy storage, the privacy reading and the privacy calculation are transmitted back to the DAPP through a gateway of the privacy calculation node;
in step S2, the privacy storage specifically includes the following steps:
the gateway of the privacy computing node sends the privacy data to the encryption unit, and the encryption unit encrypts the privacy data to obtain a ciphertext;
the encryption unit sends the ciphertext to the decryption fragmentation unit, and the decryption fragmentation unit divides the privacy ciphertext into N decryption shared fragments;
the decryption fragmentation unit sends the decrypted sharing fragments to a consensus engine to request storage;
the consensus engine requests the storage unit and stores the decrypted sharing segment into the data persistence unit;
the data persistence unit stores the decrypted shared segment and then sends the storage certificate of the decrypted shared segment to the storage unit;
the storage unit sends the storage certificate for decrypting the shared segment to the consensus engine to request to record data to the block link point;
the consensus engine forwards the storage certificate for decrypting the shared segment to the blockchain gateway;
the block chain network is connected to the block chain network, the storage voucher for decrypting the shared segment is delivered to the block chain network, and the block chain network records the storage vouchers;
the block chain network returns the block chain signature of the storage certificate of the decrypted shared segment to the block chain gateway;
the blockchain gateway sends the blockchain signature of the decrypted shared segment to the consensus engine;
the consensus engine returns the block chain signature of the storage certificate of the decrypted shared segment to the gateway of the private computing node;
the gateway of the privacy computation node returns the block chain signature and the public key of the storage certificate to the DAPP;
in step S2, the privacy reading specifically includes the following steps:
a user sends a block chain signature and a public key of private data to a gateway of a private computing node through a DAPP (digital Address protocol);
the gateway of the privacy computing node verifies that the public keys correspond to the block chain signatures one by one, and then sends the block chain signatures of the encrypted data to a consensus engine to apply for data decryption;
the consensus engine sends the blockchain signature of the encrypted data to a blockchain gateway to request for reading a blockchain account book of the data;
after receiving the reading request, the block chain gateway sends a block chain signature of the encrypted data to a block chain network layer;
the block chain network finds the account book information of the encrypted data and returns the storage certificate of the decryption sharing segment of the encrypted data to the block chain gateway;
the block chain gateway sends the obtained storage certificate of the decrypted shared segment of the encrypted data to the consensus engine;
the consensus engine sends the storage certificate of the decryption shared segment of the encrypted data to the storage unit to request to load the data;
the storage unit loads data from the data persistence unit according to the storage certificate of the decryption sharing segment to obtain the decryption sharing segment;
the storage unit sends the decrypted sharing segment to the consensus engine;
the consensus engine sends the decryption shared segment to the loading decryption fragmentation unit, and the loading decryption fragmentation unit randomly takes out M decryption shared segments, wherein M is less than N;
the encryption and decryption fragments send M decryption shared fragments to the data aggregation unit;
the data aggregation unit combines the M decrypted shared fragments according to rules to form new overall encrypted data, and the new overall encrypted data is sent to the decryption unit;
the decryption unit decrypts the encrypted data to obtain plaintext data, and then sends the plaintext data to a gateway of the privacy calculation node;
the gateway of the privacy computation node sends the data of the plaintext obtained by decryption to the DAPP of the user;
in step S2, the privacy calculation specifically includes: the privacy calculation is carried out on private data of multiple parties, each party carries out privacy storage and then carries out privacy calculation, each party comprises multiple data owners and data users, and the privacy calculation comprises the following steps:
and (4) private storage: the data owner uploads respective data to a privacy computing point-to-point network layer through DAPP (digital addressable polypropylene), and the privacy computing point-to-point network layer stores the data through a privacy storage step and returns respective public keys and block chain signatures of the data owner;
obtaining a privacy calculation function: the data user is connected to a gateway of a privacy computing node in a privacy computing point-to-point network layer through the DAPP, applies for privacy computing, and the gateway returns a public key to the DAPP; then, the DAPP sends the data to be calculated, the public key and the privacy calculation function to a gateway of the privacy calculation node, and the gateway sends the data to be calculated and the privacy calculation function to a consensus engine; the consensus engine sends the calculation task to the block chain gateway to request a privacy calculation task record, and the block chain gateway sends a data signature and a privacy calculation function of the privacy calculation to the block chain network; the blockchain network informs the blockchain gateway that the privacy calculation task is successfully recorded, and the blockchain gateway informs the consensus engine that the privacy calculation task is successfully calculated; the consensus engine deploys the privacy calculation function to the homomorphic calculation unit, so that the privacy data can be conveniently calculated;
the privacy calculation process comprises the following steps: the consensus engine executes privacy reading on data stored by each data owner, the data are sent to the loading and decryption fragmentation unit to be loaded to obtain M decryption shared fragments of each data owner, the loading and decryption fragmentation sends the M decryption shared fragments of each data owner to the homomorphic calculation unit to be calculated by using a privacy calculation function, and a calculated result is obtained;
returning of privacy calculation results: the homomorphic calculation unit sends the calculation results of the M decrypted shared segments of each data owner to the data aggregation unit, and the data aggregation unit combines the calculation results according to the rules to obtain the ciphertext of each data owner; the data aggregation unit sends the ciphertext calculation result of each data owner to the decryption unit for decryption to obtain a plaintext; and the gateway of the privacy calculation node sends each plaintext result of the privacy calculation to the DAPP of each participant, thereby completing the whole privacy calculation process.
2. The blockchain-based privacy security management system of claim 1 wherein the DAPP application layer includes a plurality of DAPPs, the privacy computing peer-to-peer network layer includes a plurality of privacy computing nodes, the blockchain network layer includes a plurality of blockchain nodes, the DAPP is communicatively coupled to the privacy computing nodes through a privacy computing node gateway, and the privacy computing nodes are communicatively coupled to the blockchain nodes through blockchain gateways.
3. The blockchain-based privacy security management system of claim 2, wherein the privacy computing peer-to-peer network layer further comprises:
the encryption unit is used for encrypting the private data;
the decryption fragmentation unit is used for carrying out fragmentation processing on the encrypted private data;
the consensus engine is a centralized transceiver for coordinating all privacy computing nodes and internal units of the privacy computing nodes;
the storage unit is used for data storage management;
the data persistence unit is used for persistence processing of the private data;
the homomorphic calculation unit is used for calculating the private data;
the data aggregation unit is used for aggregating the decrypted partitioned private data;
the decryption unit is used for decrypting the aggregated encrypted data and converting the encrypted data into a plaintext;
the synchronization task between the privacy computing nodes is carried out through respective consensus engines and gateways.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110097676.7A CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110097676.7A CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112887399A CN112887399A (en) | 2021-06-01 |
| CN112887399B true CN112887399B (en) | 2022-10-25 |
Family
ID=76051105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110097676.7A Active CN112887399B (en) | 2021-01-25 | 2021-01-25 | Privacy security management system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112887399B (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020123926A1 (en) * | 2018-12-13 | 2020-06-18 | Login Id Inc. | Decentralized computing systems and methods for performing actions using stored private data |
| CN111310225A (en) * | 2020-01-17 | 2020-06-19 | 北京众信易保科技有限公司 | Method and system for decentralized privacy data authorization based on block chain |
| CN111507712B (en) * | 2020-04-09 | 2021-02-23 | 链博(成都)科技有限公司 | User privacy data management method, system and terminal based on block chain |
-
2021
- 2021-01-25 CN CN202110097676.7A patent/CN112887399B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112887399A (en) | 2021-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109587132B (en) | Data transmission method and device based on alliance chain | |
| CN112906030B (en) | Data sharing method and system based on multi-party homomorphic encryption | |
| CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
| CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
| CN110011795B (en) | Symmetric group key negotiation method based on block chain | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| CN112862616B (en) | Secure multi-party computing method, device and storage medium supporting block chain | |
| CN109743171A (en) | It is a kind of to solve multiple party digital signatures, timestamp and the key series connection method of encryption | |
| CN111368318B (en) | Object tracking method for multi-mode blockchain transaction | |
| CN106209790B (en) | Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy | |
| CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
| CN112165472A (en) | Internet of things data security sharing method based on privacy protection | |
| CN112260829B (en) | Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud | |
| WO2014078951A1 (en) | End-to-end encryption method for digital data sharing through a third party | |
| CN113972981B (en) | SM2 cryptographic algorithm-based efficient threshold signature method | |
| CN104158880A (en) | User-end cloud data sharing solution | |
| CN112580072A (en) | Data set intersection method and device | |
| CN111030821A (en) | Alliance chain encryption method based on bilinear mapping technology | |
| CN107767281A (en) | A kind of friend-making matching method for secret protection and system based on two degree of human connections of mobile social networking | |
| CN112152808B (en) | Multi-party collaborative digital signature method based on SM2 algorithm | |
| CN115834067A (en) | Ciphertext data sharing method in edge cloud collaborative scene | |
| CN113761594A (en) | Three-party authenticable key agreement and data sharing method based on identity | |
| CN117240433A (en) | Information sharing method and device based on proxy re-encryption | |
| CN107682158A (en) | It is a kind of can trustship authentication encryption method | |
| CN112887399B (en) | Privacy security management system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Bai Xin Inventor after: Tian Fang Inventor after: Luo Yuan Inventor after: Lu Xiao Inventor after: Tang Weidong Inventor before: Bai Xin Inventor before: Lu Xiao Inventor before: Tang Weidong |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |