CN113328864A - Data transmission method and system based on function encryption, block chain and machine learning - Google Patents

Data transmission method and system based on function encryption, block chain and machine learning Download PDF

Info

Publication number
CN113328864A
CN113328864A CN202110884042.6A CN202110884042A CN113328864A CN 113328864 A CN113328864 A CN 113328864A CN 202110884042 A CN202110884042 A CN 202110884042A CN 113328864 A CN113328864 A CN 113328864A
Authority
CN
China
Prior art keywords
server
edge
data
blockchain
transaction information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110884042.6A
Other languages
Chinese (zh)
Other versions
CN113328864B (en
Inventor
蒋芃
杨晨杰
祝烈煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN202110884042.6A priority Critical patent/CN113328864B/en
Publication of CN113328864A publication Critical patent/CN113328864A/en
Application granted granted Critical
Publication of CN113328864B publication Critical patent/CN113328864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

本公开提供一种基于函数加密、区块链和机器学习的数据传输方法及系统,边缘服务器对边缘数据进行函数加密得到边缘加密数据,并发送至云存储服务器;边缘服务器构造与边缘加密数据对应的数据交易信息,并发送至区块链服务器;边缘服务器将已经构建并训练的令牌生成模型发送至中心服务器,中心服务器利用令牌生成模型生成令牌;其中,令牌生成模型为机器学习模型;中心服务器从区块链服务器获取数据交易信息并验证,响应于确定数据交易信息通过验证,利用令牌解密从云存储服务器获取的边缘加密数据,得到边缘数据中的预设范围的数据。通过将数据加密的相关操作与区块链中的交易结合起来,利用区块链不能篡改的特性保障了边缘数据的可靠性。

Figure 202110884042

The present disclosure provides a data transmission method and system based on functional encryption, blockchain and machine learning. An edge server performs functional encryption on edge data to obtain edge encrypted data, and sends it to a cloud storage server; the structure of the edge server corresponds to the edge encrypted data. The data transaction information is sent to the blockchain server; the edge server sends the constructed and trained token generation model to the central server, and the central server uses the token generation model to generate tokens; among them, the token generation model is machine learning Model; the central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information has passed the verification, uses the token to decrypt the edge encrypted data obtained from the cloud storage server, and obtains a preset range of data in the edge data. By combining the related operations of data encryption with the transactions in the blockchain, the reliability of edge data is guaranteed by the inability to tamper with the blockchain.

Figure 202110884042

Description

基于函数加密、区块链和机器学习的数据传输方法及系统Data transmission method and system based on functional encryption, blockchain and machine learning

技术领域technical field

本公开涉及数据传输技术领域,尤其涉及一种基于函数加密、区块链和机器学习的数据传输方法及系统。The present disclosure relates to the technical field of data transmission, and in particular, to a data transmission method and system based on functional encryption, block chain and machine learning.

背景技术Background technique

在“中心服务器-边缘服务器”数据管理体系中,中心服务器需要获取边缘服务器中的边缘数据时,边缘服务器会利用私钥将边缘数据加密得到边缘数据的密文信息,并将密文信息发送至中心服务器,中心服务器利用公钥将密文信息解密,从而获得边缘数据的明文信息,以查阅并使用。In the "central server-edge server" data management system, when the central server needs to obtain the edge data in the edge server, the edge server will use the private key to encrypt the edge data to obtain the ciphertext information of the edge data, and send the ciphertext information to the The central server uses the public key to decrypt the ciphertext information to obtain the plaintext information of the edge data for reference and use.

然而,在现有的数据传输方法中,潜在的恶意边缘服务器可能会破坏边缘数据的可靠性,例如破坏其他的边缘服务器,窃听密钥,上传伪造数据信息等,边缘数据的可靠性不能得到保证。However, in the existing data transmission methods, potential malicious edge servers may damage the reliability of edge data, such as destroying other edge servers, eavesdropping on keys, uploading forged data information, etc., the reliability of edge data cannot be guaranteed. .

发明内容SUMMARY OF THE INVENTION

有鉴于此,本公开的目的在于提出一种基于函数加密、区块链和机器学习的数据传输方法及系统。In view of this, the purpose of the present disclosure is to propose a data transmission method and system based on functional encryption, blockchain and machine learning.

基于上述目的,本公开提供了一种基于函数加密、区块链和机器学习的数据传输方法,所述方法由边缘服务器、中心服务器、区块链服务器和云存储服务器实现,所述方法包括:Based on the above purpose, the present disclosure provides a data transmission method based on functional encryption, blockchain and machine learning. The method is implemented by an edge server, a central server, a blockchain server and a cloud storage server. The method includes:

所述边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将所述边缘加密数据发送至所述云存储服务器;The edge server performs functional encryption on the edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server;

所述边缘服务器构造与所述边缘加密数据对应的数据交易信息,并将所述数据交易信息发送至所述区块链服务器;The edge server constructs data transaction information corresponding to the edge encrypted data, and sends the data transaction information to the blockchain server;

所述边缘服务器将已经构建并训练的令牌生成模型发送至所述中心服务器,所述中心服务器利用所述令牌生成模型生成令牌;其中,所述令牌生成模型为机器学习模型;The edge server sends the constructed and trained token generation model to the central server, and the central server uses the token generation model to generate tokens; wherein the token generation model is a machine learning model;

所述中心服务器从所述区块链服务器获取所述数据交易信息并验证,响应于确定所述数据交易信息通过验证,利用所述令牌解密从所述云存储服务器获取的所述边缘加密数据,得到所述边缘数据中的预设范围的数据。The central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information passes the verification, decrypts the edge encrypted data obtained from the cloud storage server by using the token , to obtain data of a preset range in the edge data.

基于同一发明构思,本公开提供了一种基于函数加密、区块链和机器学习的数据传输系统,包括边缘服务器、中心服务器、区块链服务器和云存储服务器,所述系统用于实现如上所述的方法。Based on the same inventive concept, the present disclosure provides a data transmission system based on functional encryption, blockchain and machine learning, including an edge server, a central server, a blockchain server and a cloud storage server, the system is used to realize the above method described.

从上面所述可以看出,本公开提供的基于函数加密、区块链和机器学习的数据传输方法及系统,包括:边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将边缘加密数据发送至云存储服务器;边缘服务器构造与边缘加密数据对应的数据交易信息,并将数据交易信息发送至区块链服务器;边缘服务器将已经构建并训练的令牌生成模型发送至中心服务器,中心服务器利用令牌生成模型生成令牌;其中,令牌生成模型为机器学习模型;中心服务器从区块链服务器获取数据交易信息并验证,响应于确定数据交易信息通过验证,利用令牌解密从云存储服务器获取的边缘加密数据,得到边缘数据中的预设范围的数据。通过将数据加密的相关操作与区块链中的交易结合起来,利用区块链不能篡改的特性保障了边缘数据的可靠性。It can be seen from the above that the data transmission method and system based on functional encryption, blockchain and machine learning provided by the present disclosure include: the edge server performs functional encryption on the edge data to obtain the edge encrypted data, and sends the edge encrypted data. to the cloud storage server; the edge server constructs the data transaction information corresponding to the edge encrypted data, and sends the data transaction information to the blockchain server; the edge server sends the constructed and trained token generation model to the central server, and the central server uses The token generation model generates tokens; wherein, the token generation model is a machine learning model; the central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information passes the verification, uses the token to decrypt the data from the cloud storage server The acquired edge encrypted data obtains data of a preset range in the edge data. By combining the related operations of data encryption with the transactions in the blockchain, the reliability of edge data is guaranteed by the inability to tamper with the blockchain.

附图说明Description of drawings

为了更清楚地说明本公开或相关技术中的技术方案,下面将对实施例或相关技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the present disclosure or related technologies more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments or related technologies. Obviously, the drawings in the following description are only for the present disclosure. In the embodiments, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1为相关技术中的中心-边缘数据管理系统的一种架构示意图;1 is a schematic diagram of a structure of a center-edge data management system in the related art;

图2为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输方法的一种流程示意图;2 is a schematic flowchart of a data transmission method based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure;

图3为本公开实施例提供的数据交易信息生成算法的一种示意图;3 is a schematic diagram of an algorithm for generating data transaction information provided by an embodiment of the present disclosure;

图4为本公开实施例提供的数据交易信息验证算法的一种示意图;4 is a schematic diagram of a data transaction information verification algorithm provided by an embodiment of the present disclosure;

图5为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输系统的一种架构示意图;FIG. 5 is a schematic structural diagram of a data transmission system based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure;

图6为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输系统的一种更为具体的架构示意图;FIG. 6 is a more specific schematic diagram of the architecture of the data transmission system based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure;

图7为本公开实施例提供的第一种仿真实验的结果示意图;7 is a schematic diagram of a result of a first simulation experiment provided by an embodiment of the present disclosure;

图8为本公开实施例提供的第二种仿真实验的结果示意图;FIG. 8 is a schematic diagram of the results of a second simulation experiment provided by an embodiment of the present disclosure;

图9为本公开实施例提供的一种更为具体的电子设备硬件结构示意图。FIG. 9 is a more specific schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.

具体实施方式Detailed ways

为使本公开的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本公开进一步详细说明。In order to make the objectives, technical solutions and advantages of the present disclosure clearer, the present disclosure will be further described in detail below with reference to the specific embodiments and the accompanying drawings.

需要说明的是,除非另外定义,本公开实施例使用的技术术语或者科学术语应当为本公开所属领域内具有一般技能的人士所理解的通常意义。本公开实施例中使用的“第一”、“第二”以及类似的词语并不表示任何顺序、数量或者重要性,而只是用来区分不同的组成部分。“包括”或者“包含”等类似的词语意指出现该词前面的元件或者物件涵盖出现在该词后面列举的元件或者物件及其等同,而不排除其他元件或者物件。“连接”或者“相连”等类似的词语并非限定于物理的或者机械的连接,而是可以包括电性的连接,不管是直接的还是间接的。“上”、“下”、“左”、“右”等仅用于表示相对位置关系,当被描述对象的绝对位置改变后,则该相对位置关系也可能相应地改变。It should be noted that, unless otherwise defined, the technical terms or scientific terms used in the embodiments of the present disclosure should have the usual meanings understood by those with ordinary skill in the art to which the present disclosure belongs. "First", "second" and similar words used in the embodiments of the present disclosure do not denote any order, quantity or importance, but are only used to distinguish different components. "Comprises" or "comprising" and similar words mean that the elements or things appearing before the word encompass the elements or things recited after the word and their equivalents, but do not exclude other elements or things. Words like "connected" or "connected" are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "Up", "Down", "Left", "Right", etc. are only used to represent the relative positional relationship, and when the absolute position of the described object changes, the relative positional relationship may also change accordingly.

参考图1,其为相关技术中的中心-边缘数据管理系统的一种架构示意图;在中心-边缘(中心服务器-边缘服务器)数据管理系统中,首先,边缘服务器在中心服务器注册,中心服务器对边缘服务器进行验证授权,从而建立中心服务器和边缘服务器之间的互信关系,包括达成协议和发送密钥等。中心服务器申请获取边缘服务器中的边缘数据时,边缘服务器会利用私钥将边缘数据加密得到边缘数据的密文信息,并将密文信息发送至中心服务器,中心服务器利用公钥将密文信息解密,从而获得边缘数据的明文信息,以查阅并使用边缘数据。Referring to FIG. 1, it is a schematic diagram of an architecture of a center-edge data management system in the related art; in a center-edge (center server-edge server) data management system, first, the edge server is registered with the center server, and the center server pairs The edge server performs authentication and authorization, thereby establishing a mutual trust relationship between the central server and the edge server, including reaching an agreement and sending keys. When the central server applies to obtain the edge data in the edge server, the edge server will use the private key to encrypt the edge data to obtain the ciphertext information of the edge data, and send the ciphertext information to the central server, and the central server will use the public key to decrypt the ciphertext information. , so as to obtain the plaintext information of the edge data to consult and use the edge data.

然而,在上述的这种数据传输方法中,潜在的恶意边缘服务器可能会破坏边缘数据的可靠性,例如违反签订的协议、破坏其他的边缘服务器、窃听密钥以及上传伪造数据信息等,但是,中心服务器不能有效确定潜在的恶意边缘服务器,因此,边缘数据的可靠性不能得到保证。However, in the above data transmission method, a potentially malicious edge server may damage the reliability of edge data, such as violating the signed agreement, destroying other edge servers, eavesdropping on keys, and uploading forged data information, etc. However, The central server cannot effectively identify potentially malicious edge servers, so the reliability of edge data cannot be guaranteed.

有鉴于此,本公开提出一种基于函数加密、区块链和机器学习的数据传输方法及系统。In view of this, the present disclosure proposes a data transmission method and system based on functional encryption, blockchain and machine learning.

参考图2,其为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输方法的一种流程示意图。所述方法由边缘服务器、中心服务器、区块链服务器和云存储服务器实现。其中,中心服务器仅有一个,边缘服务器可以有多个,对于区块链服务器和云存储服务器的数量不做限制。Referring to FIG. 2 , which is a schematic flowchart of a data transmission method based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure. The method is implemented by an edge server, a central server, a blockchain server and a cloud storage server. Among them, there is only one central server, and there can be multiple edge servers. There is no limit to the number of blockchain servers and cloud storage servers.

在首次实施本公开实施例提供的基于函数加密、区块链和机器学习的数据传输方法时,首先需要构建所述中心服务器和所述边缘服务器之间的密钥(即生成主公钥和主私钥),并且,需要所述边缘服务器和所述中心服务器在所述区块链服务器中进行注册,所述区块链服务器针对所述边缘服务器生成的公钥和私钥(为了便于区分,本公开称之为边缘服务器公钥和边缘服务器私钥)。When implementing the data transmission method based on functional encryption, blockchain, and machine learning provided by the embodiments of the present disclosure for the first time, it is first necessary to construct a key between the central server and the edge server (that is, private key), and the edge server and the central server need to be registered in the blockchain server, and the blockchain server generates the public key and private key for the edge server (for the convenience of distinction, This disclosure refers to edge server public key and edge server private key).

具体的,所述方法,还包括:所述中心服务器生成主公钥和主私钥,并将所述主公钥发送至所述边缘服务器。Specifically, the method further includes: the central server generates a master public key and a master private key, and sends the master public key to the edge server.

在一些实施方式中,所述中心服务器中包括授权服务器和业务服务器。In some embodiments, the central server includes an authorization server and a service server.

所述授权服务器获取安全参数λ。这里的安全参数是密码加密算法中产生一些需要的初始值时输入的一个参数,是对该算法中的密钥等数据达到计算上不可破解的一个规定。通常情况下,安全参数越大,密码算法的安全性越高。在实际中,一般直接选择一个比较大的安全常数(比如128)。生成非对称双线性配对群系统PG=(p,G1,G2,GT,e,g1,g2),其中,p是一个素数,其根据安全参数自动生成;G1,G2,GT均是p阶群;g1,g2分别是群G1和G2的生成元;e是一个双线性映射,且e = G1×G2 → GT The authorization server obtains the security parameter λ. The security parameter here is a parameter that is input when some required initial values are generated in the cryptographic encryption algorithm, and it is a requirement that the key and other data in the algorithm are computationally unbreakable. In general, the larger the security parameter, the higher the security of the cryptographic algorithm. In practice, a relatively large security constant (such as 128) is generally selected directly. Generate an asymmetric bilinear paired group system PG=(p,G 1 ,G 2 ,G T ,e,g 1 ,g 2 ), where p is a prime number, which is automatically generated according to the security parameters; G 1 ,G 2 , G T are both p-order groups; g 1 , g 2 are generators of groups G 1 and G 2 respectively; e is a bilinear map, and e = G 1 ×G 2 → G T .

所述授权服务器随机选择两个向量s、t∈Zp n,计算g1 s、g2 t;具体的,对于任意的s∈{1,2,T},gs代表不同的群的生成元,如果是一个整数x∈Zp,用[x]s = gs x∈Gs表示,如果是一个向量x∈Zp n,也用[x]s = gs x∈Gs表示;由此计算出所述主公钥和所述主私钥,分别用Tmpk=(PG,[s]1,[t]2)和Tmsk=(s,t)表示;其中,gs x =(gs x1… gs xnT,Zp是指整数集合{0,1,2,…,p-1},Zp n是一个域为p的n维向量集合。The authorization server randomly selects two vectors s, t∈Z p n , and calculates g 1 s and g 2 t ; specifically, for any s∈{1,2,T}, g s represents the generation of different groups element, if it is an integer x∈Z p , it is represented by [x] s = g s x ∈ G s , and if it is a vector x∈Z p n , it is also represented by [x] s = g s x ∈ G s ; From this, the master public key and the master private key are calculated, respectively represented by T mpk = (PG, [s] 1 , [t] 2 ) and T msk = (s, t); where g s x =(g s x1 … g s xn ) T , Z p refers to the set of integers {0,1,2,…,p-1}, and Z p n is a set of n-dimensional vectors with domain p.

所述授权服务器将所述主公钥Tmpk发送至所述边缘服务器。The authorization server sends the master public key Tmpk to the edge server.

所述方法,还包括:所述边缘服务器和所述中心服务器在所述区块链服务器中进行注册,所述区块链服务器针对所述边缘服务器生成边缘服务器公钥和边缘服务器私钥,并将所述边缘服务器公钥发送至所述中心服务器和将所述边缘服务器私钥发送至所述边缘服务器。The method further includes: the edge server and the central server are registered in the blockchain server, the blockchain server generates an edge server public key and an edge server private key for the edge server, and Sending the edge server public key to the central server and sending the edge server private key to the edge server.

中心服务器和边缘服务器共同维护一个全局账本。注册成功的用户可以将交易广播到区块链网络中,并随时读取区块链中的交易。区块链为注册用户生成一些必要的参数,例如公钥和私钥(边缘服务器公钥和边缘服务器私钥),其中公钥是公开参数,而私钥由用户自己保存且私密。边缘服务器公钥和边缘服务器私钥分别用KN P和KN S表示。The central server and the edge server jointly maintain a global ledger. Successfully registered users can broadcast transactions to the blockchain network and read transactions in the blockchain at any time. The blockchain generates some necessary parameters for registered users, such as public key and private key (edge server public key and edge server private key), where the public key is a public parameter, and the private key is kept and private by the user himself. The edge server public key and the edge server private key are represented by KNP and KNS , respectively .

参考图1,所述方法包括:Referring to Figure 1, the method includes:

S110、所述边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将所述边缘加密数据发送至所述云存储服务器。S110. The edge server performs functional encryption on the edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server.

具体包括:Specifically include:

对于所述边缘数据,所述边缘服务器随机选择一个整数和一个可逆矩阵,计算得到两个列向量,并根据两个所述列向量,进一步计算得到所述边缘加密数据。For the edge data, the edge server randomly selects an integer and an invertible matrix, calculates two column vectors, and further calculates the edge encrypted data according to the two column vectors.

具体的,对于所述边缘数据x={1,x1,…xn},所述边缘服务器随机选择一个整数r∈ Zp和一个可逆矩阵A∈GL2,计算得到两个列向量ai和bi,其中,Zp表示整数集合,GL2表示2×2 的可逆矩阵集合,

Figure 436199DEST_PATH_IMAGE001
Figure 87761DEST_PATH_IMAGE002
,i∈n,则计算得到所述边缘加 密数据为: Specifically, for the edge data x={1, x 1 ,...x n }, the edge server randomly selects an integer r∈ Z p and an invertible matrix A∈GL 2 , and calculates two column vectors a i and b i , where Z p represents the set of integers, GL 2 represents the set of 2×2 invertible matrices,
Figure 436199DEST_PATH_IMAGE001
,
Figure 87761DEST_PATH_IMAGE002
, i∈n, then the edge encrypted data is calculated as:

ct=([r]1,{[ai]1,[bi]2} i∈[n])。ct=([r] 1 ,{[a i ] 1 ,[b i ] 2 } i∈[n] ).

在一些情况下,中心服务器没必要获知边缘服务器中的边缘数据的全部信息本身,其只需要获知该边缘数据的部分内容或者基于该边缘数据的特定信息,以及知边缘服务器不愿意中心服务器获知除必要数据意外的其他边缘数据中的内容。但是,在相关技术中的“中心服务器-边缘服务器”数据管理体系中,密钥加密具有“all-or-nothing(全部有或者全部无)”的特性,也就是说,相关技术中,中心服务器只能获知所有的边缘数据,或者完全无法获知边缘数据。显然,在相关技术中,对于不必要获知的边缘数据,中心服务器也进行了获知,边缘服务器的数据隐私不能得到保障。In some cases, the central server does not need to know all the information of the edge data in the edge server itself, it only needs to know part of the content of the edge data or specific information based on the edge data, and knows that the edge server does not want the central server to know except Content in other edge data unexpected by necessary data. However, in the "central server-edge server" data management system in the related art, key encryption has the characteristics of "all-or-nothing", that is, in the related art, the central server Only all edge data can be obtained, or no edge data can be obtained at all. Obviously, in the related art, the central server also learns the unnecessary edge data, and the data privacy of the edge server cannot be guaranteed.

本公开在边缘服务器对边缘数据进行加密时,采用函数加密技术,同时利用函数f可以创建出解密私钥skf。当给定明文m加密后的密文C时,私钥skf的所有者通过解密只能得到f(m),而不是m本身,即解密者只能获取明文的特定函数,而不是完整的明文信息。利用函数加密的特点,中心服务器只能获得边缘服务器的边缘数据的特定信息,因此,边缘服务器可以毫无保留的上传其加密数据,同时又能保证中心服务器无法获取其数据的完整信息。边缘服务器的数据隐私能够得到保障。In the present disclosure, when the edge server encrypts the edge data, the function encryption technology is adopted, and the decryption private key sk f can be created by using the function f at the same time. When the ciphertext C encrypted by the plaintext m is given, the owner of the private key sk f can only obtain f(m) through decryption, not m itself, that is, the decryptor can only obtain the specific function of the plaintext, not the complete clear text information. Using the feature of functional encryption, the central server can only obtain the specific information of the edge data of the edge server. Therefore, the edge server can upload its encrypted data without reservation, while ensuring that the central server cannot obtain the complete information of its data. The data privacy of edge servers can be guaranteed.

S120、所述边缘服务器构造与所述边缘加密数据对应的数据交易信息,并将所述数据交易信息发送至所述区块链服务器。S120. The edge server constructs data transaction information corresponding to the edge encrypted data, and sends the data transaction information to the blockchain server.

其中,所述边缘服务器构造与所述边缘加密数据对应的数据交易信息,包括:Wherein, the edge server constructs data transaction information corresponding to the edge encrypted data, including:

所述边缘服务器调取与所述边缘加密数据对应的相关信息和所述区块链服务器针对所述边缘服务器生成的所述边缘服务器私钥,并利用所述相关信息和所述边缘服务器私钥生成所述数据交易信息;所述相关信息包括所述边缘服务器的标识、所述边缘加密数据的标识和所述边缘加密数据上传至所述云存储服务器的时间。The edge server retrieves relevant information corresponding to the edge encrypted data and the edge server private key generated by the blockchain server for the edge server, and uses the relevant information and the edge server private key The data transaction information is generated; the related information includes the identifier of the edge server, the identifier of the edge encrypted data, and the time when the edge encrypted data is uploaded to the cloud storage server.

参考图3,其为本公开实施例提供的数据交易信息生成算法的一种示意图。Referring to FIG. 3 , which is a schematic diagram of an algorithm for generating data transaction information according to an embodiment of the present disclosure.

具体包括:计算所述相关信息Tinfo的哈希值htx = H(Tinfo),利用所述边缘服务器私钥KA S生成数字签名Sign(htx)KA S,则得到所述数据交易信息为Tdata = {Tinfo,htx,Sign(htx)KA S}。Specifically, it includes: calculating the hash value htx = H(T info ) of the related information T info , and using the edge server private key K A S to generate a digital signature Sign(htx) K A S , then obtaining the data transaction information for T data = {T info , htx, Sign(htx) K A S }.

其中,在所述将所述数据交易信息发送至所述区块链服务器之后,还包括:Wherein, after the data transaction information is sent to the blockchain server, the method further includes:

所述区块链服务器将所述数据交易信息广播至所述区块链服务器的区块链网络;the blockchain server broadcasts the data transaction information to the blockchain network of the blockchain server;

所述区块链服务器利用所述区块链网络中的其他节点验证所述数据交易信息,响应于确定所述数据交易信息通过验证,将所述数据交易信息添加至所述区块链网络。The blockchain server verifies the data transaction information using other nodes in the blockchain network, and in response to determining that the data transaction information passes the verification, adds the data transaction information to the blockchain network.

具体包括:获取所述区块链服务器为所述边缘服务器生成的边缘服务器公钥;从所述数据交易信息中获取所述相关信息、所述数字签名和所述相关信息的哈希值,利用所述边缘服务器公钥解密所述数字签名生成验证用哈希值,响应于确定所述相关信息的哈希值和所述验证用哈希值相等,则所述数据交易信息通过验证。Specifically, it includes: obtaining the edge server public key generated by the blockchain server for the edge server; obtaining the relevant information, the digital signature and the hash value of the relevant information from the data transaction information, and using The edge server public key decrypts the digital signature to generate a hash value for verification, and in response to determining that the hash value of the relevant information is equal to the hash value for verification, the data transaction information passes the verification.

参考图4,其为本公开实施例提供的数据交易信息验证算法的一种示意图。Referring to FIG. 4 , which is a schematic diagram of a data transaction information verification algorithm provided by an embodiment of the present disclosure.

在一些实施方式中,获取所述区块链服务器为所述边缘服务器生成的边缘服务器公钥KA P;从所述数据交易信息Tdata中获取所述相关信息Tinfo、所述数字签名Sign(htx)KA S和所述相关信息Tinfo的哈希值htx,利用所述边缘服务器公钥KA P解密所述数字签名Sign(htx)KA S生成验证用哈希值htx’,响应于确定所述相关信息Tinfo的哈希值htx和所述验证用哈希值htx’相等,则所述数据交易信息通过验证。In some embodiments, obtain the edge server public key K A P generated by the blockchain server for the edge server; obtain the related information T info , the digital signature Sign from the data transaction information T data (htx) K A S and the hash value htx of the related information T info , use the edge server public key K A P to decrypt the digital signature Sign (htx) K A S to generate a hash value htx' for verification, In response to determining that the hash value htx of the related information T info and the verification hash value htx' are equal, the data transaction information passes the verification.

区块链本质上是一个去中心化的分布式账本,其链式结构的机制保证了区块链上的交易具有不可篡改和不可逆转的特点。此外,区块链的去中心化特性还能最大限度地避免因单点故障带来的网络瘫痪。利用区块链的密码技术和链式结构提高了数据的可靠性。The blockchain is essentially a decentralized distributed ledger, and the mechanism of its chain structure ensures that the transactions on the blockchain are immutable and irreversible. In addition, the decentralized nature of the blockchain can also minimize network paralysis caused by a single point of failure. Using the cryptographic technology and chain structure of the blockchain improves the reliability of the data.

S130、所述边缘服务器将已经构建并训练的令牌生成模型发送至所述中心服务器,所述中心服务器利用所述令牌生成模型生成令牌;其中,所述令牌生成模型为机器学习模型。S130. The edge server sends the constructed and trained token generation model to the central server, and the central server uses the token generation model to generate tokens; wherein the token generation model is a machine learning model .

其中,包括:Among them, including:

所述边缘服务器将所述令牌生成模型发送至所述授权服务器,所述授权服务器利用所述令牌生成模型和所述主私钥生成令牌,并将所述令牌发送至所述业务服务器。The edge server sends the token generation model to the authorization server, the authorization server generates a token using the token generation model and the master private key, and sends the token to the service server.

具体包括,所述令牌生成模型表示为:Specifically, the token generation model is expressed as:

f i (x)=(Px)T D i (Px),∀i∈[l ], f i ( x )=(P x ) T D i (P x ), ∀ i ∈[ l ],

其中,i∈[l ]表示数据x的不同标签,例如在手写数字识别中,图片上显示的数字和该数字的字体便是不同的标签,也即是获取的数据x的不同函数,矩阵P∈Zp n×d、Di∈Zp d ×dAmong them, i∈[ l ] represents different labels of data x. For example, in handwritten digit recognition, the number displayed on the picture and the font of the number are different labels, that is, different functions of the acquired data x, the matrix P ∈Z p n×d , D i ∈ Z p d ×d .

所述业务服务器向所述授权服务器申请所述令牌。所述授权服务器通过所述业务服务器创建时在所述授权服务器处的注册信息来验证所述业务服务器的身份,验证通过后,所述授权服务器生成所述令牌,并将所述令牌发送至所述业务服务器。The service server applies for the token from the authorization server. The authorization server verifies the identity of the service server through the registration information at the authorization server when the service server is created, and after the verification is passed, the authorization server generates the token and sends the token to the service server.

利用主私钥msk和令牌生成模型fi,所述授权服务器生成令牌skf iUsing the master private key msk and the token generation model fi , the authorization server generates the token sk fi :

skf i=( fi[s,t ]2, fi ),sk fi =( f i [ s , t ] 2 , f i ),

其中,f i (s,t)=(Ps)T D i (Pt)。where f i ( s , t )=(P s ) T D i (P t ).

然后,所述授权服务器将令牌skf i=( fi[s,t ]2, fi )发送给所述业务服务器。Then, the authorization server sends the token sk fi =( f i [ s , t ] 2 , f i ) to the service server.

S140、所述中心服务器从所述区块链服务器获取所述数据交易信息并验证,响应于确定所述数据交易信息通过验证,利用所述令牌解密从所述云存储服务器获取的所述边缘加密数据,得到所述边缘数据中的预设范围的数据。S140. The central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information passes the verification, decrypts the edge obtained from the cloud storage server by using the token Encrypt data to obtain data of a preset range in the edge data.

其中,包括:Among them, including:

所述中心服务器利用所述主公钥和所述令牌,解密所述边缘加密数据,得到所述边缘数据中的预设范围的数据。The central server decrypts the edge encrypted data by using the master public key and the token to obtain data of a preset range in the edge data.

所述业务服务器读取区块链账本,获取数据交易信息Tdata并验证交易是否被篡改,从而验证数据的可靠性,验证过程包括:获取所述区块链服务器为所述边缘服务器生成的边缘服务器公钥KA P;从所述数据交易信息Tdata中获取所述相关信息Tinfo、所述数字签名Sign(htx)KA S和所述相关信息Tinfo的哈希值htx,利用所述边缘服务器公钥KA P解密所述数字签名Sign(htx)KA S生成验证用哈希值htx’,响应于确定所述相关信息Tinfo的哈希值htx和所述验证用哈希值htx’相等,则所述数据交易信息通过验证。验证通过后,所述业务服务器将执行解密操作。The business server reads the blockchain ledger, obtains the data transaction information T data , and verifies whether the transaction has been tampered with, thereby verifying the reliability of the data. The verification process includes: obtaining the edge generated by the blockchain server for the edge server. Server public key K A P ; obtain the related information T info , the digital signature Sign(htx) K A S and the hash value htx of the related information T info from the data transaction information T data , and use the The edge server public key K A P decrypts the digital signature Sign(htx) K A S generates a hash value htx' for verification, in response to determining the hash value htx of the related information T info and the hash value for verification If the value htx' is equal, the data transaction information passes the verification. After the verification is passed, the service server will perform a decryption operation.

给定主公钥mpk和边缘服务器加密后的密文:Given the master public key mpk and the encrypted ciphertext of the edge server:

ct=([r]1,{[ai]1,[bi]2} i∈[n]),以及令牌生成过程中得到的令牌 skf i=( fi[s,t ]2,fi )所述业务服务器执行解密操作。ct=([r] 1 ,{[a i ] 1 ,[b i ] 2 } i∈[n] ), and the token sk fi =( f i [ s , t ] 2 , f i ) The service server performs a decryption operation.

其中,解密过程为:Among them, the decryption process is:

对,i∈[d ],计算

Figure 336339DEST_PATH_IMAGE003
Figure 403652DEST_PATH_IMAGE004
;其中A-1表示矩 阵A的逆矩阵,Pi表示矩阵P的第i行,s、t表示初始化过程中生成的随机向量,r表示初始化 过程中生成的随机整数; Right, i∈[ d ], compute
Figure 336339DEST_PATH_IMAGE003
,
Figure 403652DEST_PATH_IMAGE004
; where A -1 represents the inverse matrix of matrix A, Pi represents the i -th row of matrix P, s and t represent random vectors generated during initialization, and r represents random integers generated during initialization;

对i∈[d ],进行双线性映射操作

Figure 686866DEST_PATH_IMAGE005
; For i∈[ d ], perform a bilinear mapping operation
Figure 686866DEST_PATH_IMAGE005
;

其中,因为矩阵Di是d×d的矩阵,所以d表示矩阵Di的行数;即根据矩阵Di的行数,计算了d个数,所以进行双线性映射时也是进行了d个双线性映射。Among them, because the matrix D i is a d × d matrix, d represents the number of rows of the matrix D i ; that is, the number of d is calculated according to the number of rows of the matrix D i , so the bilinear mapping is also performed. Bilinear mapping.

对所有的i∈[l ],首先进行一个线性操作f i (s,t)=(Ps)T D i (Pt),然后进行双线 性映射操作

Figure 243749DEST_PATH_IMAGE006
。并计算
Figure 979624DEST_PATH_IMAGE007
。将上面两个运算结果进行相乘抵消,然后可 以得出
Figure 647366DEST_PATH_IMAGE008
,也即gfi(x) T记为outi; For all i∈[ l ], first perform a linear operation f i ( s , t )=(P s ) T D i (P t ), and then perform a bilinear mapping operation
Figure 243749DEST_PATH_IMAGE006
. and calculate
Figure 979624DEST_PATH_IMAGE007
. Multiply and cancel the results of the above two operations, and then we can get
Figure 647366DEST_PATH_IMAGE008
, that is, g fi(x) T is denoted as out i ;

其中,i∈[l ]表示边缘数据x的不同标签; dij表示矩阵Di的第i行和第j列的元素;Among them, i∈[ l ] represents the different labels of the edge data x; d ij represents the elements of the i-th row and j-th column of the matrix D i ;

最后,所述业务服务器利用离散对数函数log得到

Figure 253928DEST_PATH_IMAGE009
,作为 所述边缘数据中的预设范围的数据。 Finally, the service server uses the discrete logarithmic function log to obtain
Figure 253928DEST_PATH_IMAGE009
, as the data in the preset range in the edge data.

可以看出,中心服务器只能获知边缘服务器中的边缘数据的特定信息,而不能获知到边缘数据的全部明文。It can be seen that the central server can only obtain the specific information of the edge data in the edge server, but cannot obtain all the plaintext of the edge data.

从上面所述可以看出,本公开提供的基于函数加密、区块链和机器学习的数据传输方法及系统,包括:边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将边缘加密数据发送至云存储服务器;边缘服务器构造与边缘加密数据对应的数据交易信息,并将数据交易信息发送至区块链服务器;边缘服务器将已经构建并训练的令牌生成模型发送至中心服务器,中心服务器利用令牌生成模型生成令牌;其中,令牌生成模型为机器学习模型;中心服务器从区块链服务器获取数据交易信息并验证,响应于确定数据交易信息通过验证,利用令牌解密从云存储服务器获取的边缘加密数据,得到边缘数据中的预设范围的数据。通过将数据加密的相关操作与区块链中的交易结合起来,利用区块链不能篡改的特性保障了边缘数据的可靠性。It can be seen from the above that the data transmission method and system based on functional encryption, blockchain and machine learning provided by the present disclosure include: the edge server performs functional encryption on the edge data to obtain the edge encrypted data, and sends the edge encrypted data. to the cloud storage server; the edge server constructs the data transaction information corresponding to the edge encrypted data, and sends the data transaction information to the blockchain server; the edge server sends the constructed and trained token generation model to the central server, and the central server uses The token generation model generates tokens; wherein, the token generation model is a machine learning model; the central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information passes the verification, uses the token to decrypt the data from the cloud storage server The acquired edge encrypted data obtains data of a preset range in the edge data. By combining the related operations of data encryption with the transactions in the blockchain, the reliability of edge data is guaranteed by the inability to tamper with the blockchain.

同时,中心服务器只能获知边缘服务器中的边缘数据的特定信息,而不能获知到边缘数据的全部明文,边缘服务器的数据隐私能够得到保障。At the same time, the central server can only know the specific information of the edge data in the edge server, but cannot know all the plaintext of the edge data, and the data privacy of the edge server can be guaranteed.

需要说明的是,本公开实施例的方法可以由单个设备执行,例如一台计算机或服务器等。本实施例的方法也可以应用于分布式场景下,由多台设备相互配合来完成。在这种分布式场景的情况下,这多台设备中的一台设备可以只执行本公开实施例的方法中的某一个或多个步骤,这多台设备相互之间会进行交互以完成所述的方法。It should be noted that, the methods of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method in this embodiment can also be applied in a distributed scenario, and is completed by the cooperation of multiple devices. In the case of such a distributed scenario, one device among the multiple devices may only perform one or more steps in the method of the embodiment of the present disclosure, and the multiple devices will interact with each other to complete all the steps. method described.

需要说明的是,上述对本公开的一些实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于上述实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。It should be noted that some embodiments of the present disclosure are described above. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the above-described embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

参考图5,其为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输系统的一种架构示意图。基于函数加密、区块链和机器学习的数据传输系统,包括边缘服务器、中心服务器、区块链服务器和云存储服务器,所述系统用于实现如上所述的方法。Referring to FIG. 5 , it is a schematic diagram of an architecture of a data transmission system based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure. A data transmission system based on functional encryption, blockchain and machine learning, including an edge server, a central server, a blockchain server and a cloud storage server, the system is used to implement the method described above.

中心服务器用于管理边缘服务器,可以向边缘服务器请求数据。中心服务器中包括授权服务器和业务服务器。授权服务器用于对业务服务器和边缘服务器进行认证和授权,业务服务器和边缘服务器均需要经过其认证授权才能进行业务处理。业务服务器用于从边缘服务器获取数据,并进行数据分析和处理,从而为中心服务器提供数据支持。The central server is used to manage the edge servers and can request data from the edge servers. The central server includes an authorization server and a business server. The authorization server is used to authenticate and authorize the business server and the edge server, and both the business server and the edge server need to be authenticated and authorized to process business. The business server is used to obtain data from the edge server, and perform data analysis and processing, thereby providing data support for the central server.

边缘服务器用于处理本地业务,本地业务可以是由中心服务器下发或者授权的。边缘服务器拥有本地数据,为了便于区分,本公开称边缘服务器管理控制的本地数据为边缘数据。边缘服务器可以定时或者按照中心服务器的需求,向中心服务器提供边缘数据。The edge server is used to process local services, and local services can be issued or authorized by the central server. The edge server owns local data. For the convenience of distinction, the present disclosure refers to the local data managed and controlled by the edge server as edge data. The edge server can provide edge data to the central server regularly or according to the needs of the central server.

区块链服务器用于提供可信环境。区块链网络具有分散化以及独立可验证的特点,从而确保可靠性和问责制。任何节点上传数据的同时,将相应的交易广播到区块链网络中,这些信息一旦被记录到区块链上,便无法篡改,能够抵抗恶意行为。Blockchain servers are used to provide a trusted environment. Blockchain networks are decentralized and independently verifiable, ensuring reliability and accountability. When any node uploads data, it broadcasts the corresponding transaction to the blockchain network. Once the information is recorded on the blockchain, it cannot be tampered with and can resist malicious behavior.

云存储服务器用于提供数据存储平台。边缘服务器可以将其加密后的边缘数据上传到云存储服务器中,然后中心服务器便可以自由下载这些加密数据。云存储服务器可以减轻本地存储的压力,云服务器自身不需要且其不被允许执行任何解密计算。Cloud storage servers are used to provide a data storage platform. The edge server can upload its encrypted edge data to the cloud storage server, and then the central server can freely download the encrypted data. The cloud storage server can relieve the pressure of the local storage, the cloud server itself is not required and it is not allowed to perform any decryption computation.

边缘服务器、中心服务器、区块链服务器和云存储服务器共同构成实现本公开实施例提供的基于函数加密、区块链和机器学习的数据传输方法的总体架构。The edge server, the central server, the blockchain server, and the cloud storage server together constitute an overall architecture for implementing the data transmission method based on functional encryption, blockchain, and machine learning provided by the embodiments of the present disclosure.

参考图6,其为本公开实施例提供的基于函数加密、区块链和机器学习的数据传输系统的一种更为具体的架构示意图。Referring to FIG. 6 , which is a more specific schematic diagram of the architecture of the data transmission system based on functional encryption, block chain and machine learning provided by an embodiment of the present disclosure.

所述系统采用包括应用层、区块链层和存储层的三层架构,所述边缘服务器和所述中心服务器布置在所述应用层,所述区块链服务器布置在所述区块链层,所述云存储服务器布置在所述存储层。The system adopts a three-layer architecture including an application layer, a blockchain layer and a storage layer, the edge server and the central server are arranged in the application layer, and the blockchain server is arranged in the blockchain layer , the cloud storage server is arranged in the storage layer.

在一些实施方式中,所述边缘服务器、中心服务器、区块链服务器和云存储服务器在实现所述方法时,采用三层架构布置,所述边缘服务器和所述中心服务器布置在应用层,所述区块链服务器布置在区块链层,所述云存储服务器布置在存储层。应用层为边缘服务器和中心服务器提供加密学习和数据分析的入口,区块链层为应用层提供发起交易和读取交易的接口,存储层主要用于存储应用层的数据。In some embodiments, the edge server, the central server, the blockchain server and the cloud storage server are arranged in a three-tier architecture when implementing the method, and the edge server and the central server are arranged at the application layer, so The blockchain server is arranged at the blockchain layer, and the cloud storage server is arranged at the storage layer. The application layer provides the edge server and the central server with the entrance of encryption learning and data analysis, the blockchain layer provides the application layer with the interface to initiate transactions and read transactions, and the storage layer is mainly used to store the data of the application layer.

应用层:中心服务器和边缘服务器执行的如授权认证、加密解密和数据训练学习等操作都处于应用层。边缘服务器通过与存储层交互上传加密后的数据,同时与区块链层交互记录有关数据和存储数据的行为。业务服务器通过与存储层交互下载加密数据,同时与区块链层交互来验证数据的可靠性。Application layer: Operations such as authorization and authentication, encryption and decryption, and data training and learning performed by the central server and edge server are all at the application layer. The edge server uploads encrypted data by interacting with the storage layer, and at the same time interacts with the blockchain layer to record related data and store data behavior. The business server downloads encrypted data by interacting with the storage layer, and at the same time interacts with the blockchain layer to verify the reliability of the data.

区块链层:区块链层为数据传输提供可靠性保障。边缘服务器将与数据相对应的区块链交易广播到网络后,网络中的对等节点验证并记录该交易。网络中的交易类型主要包括数据交易和奖励交易。此外,不允许区块链中的节点学习应用层中数据的敏感信息。Blockchain layer: The blockchain layer provides reliability guarantees for data transmission. After the edge server broadcasts the blockchain transaction corresponding to the data to the network, peer nodes in the network verify and record the transaction. The types of transactions in the network mainly include data transactions and reward transactions. Furthermore, nodes in the blockchain are not allowed to learn sensitive information about the data in the application layer.

其中,区块链层中还包括矿工和共识机制。矿工是区块链运行的基础。没有矿工,区块链就无法运行。矿工不是区块链信息的生产者,但是是区块的生产者。区块链是一个以区块为商品,将用户信息打包成区块的产业。用户需要将信息写入块中,也需要使用区块中的信息。而区块链中的矿工提供这种服务。他们将信息写入区块,因此他们是区块链市场的卖家,而用户则是买家,交易的商品是区块链。交易的服务是将用户信息打包成块。而矿工们如何去生产区块,如何通过提供区块获得收益,这个机制就是共识机制。Among them, the blockchain layer also includes miners and consensus mechanisms. Miners are the foundation of blockchain operation. Without miners, the blockchain cannot function. Miners are not producers of blockchain information, but producers of blocks. Blockchain is an industry that uses blocks as commodities and packs user information into blocks. Users need to write information into the block, and also need to use the information in the block. And miners in the blockchain provide this service. They write information into blocks, so they are sellers in the blockchain marketplace, and users are buyers, and the goods traded are the blockchain. The service of the transaction is to pack user information into blocks. And how miners produce blocks and how to obtain benefits by providing blocks, this mechanism is the consensus mechanism.

存储层:存储层只是扮演了一个存储平台的角色,引入存储层是为了节省本地存储和区块链存储的成本。这里,使用云服务器来存储密码数据以及与密码数据搜索相关的一些计算。Storage layer: The storage layer just plays the role of a storage platform. The storage layer is introduced to save the cost of local storage and blockchain storage. Here, a cloud server is used to store cryptographic data and some computations related to cryptographic data searching.

在一些实施方式中,本公开还定义了威胁模型。In some implementations, the present disclosure also defines a threat model.

潜在的恶意用户为了使自己的利润最大化,可能会有与系统安全性要求相悖的行为,因此便有了安全威胁。In order to maximize their profits, potential malicious users may have behaviors that are contrary to system security requirements, and thus have security threats.

假设存在一个敌手,他的目标是尽可能多地获取秘密信息,从而谋取更多的利益。如果该敌手是诚实但好奇的,那么他必须信任本公开提供的机制并遵循本公开提供的机制中的协议规范。本公开提供的机制允许该敌手访问系统公共参数和在公共通道中传输的数据流以及相关的密码算法。当敌手转变成恶意敌手时,除了上述能力外,他还可以破坏任意数量的边缘服务器,窃听密钥信息,上传伪造数据来欺骗中心服务器以实现其阴谋。基于此,信息传输要在安全可信的信道中进行操作。Suppose that there is an adversary whose goal is to obtain as much secret information as possible, thereby making more profit. If the adversary is honest but curious, he must trust the mechanisms provided by this disclosure and follow the protocol specifications in the mechanisms provided by this disclosure. The mechanisms provided by the present disclosure allow the adversary to access system public parameters and data streams transmitted in public channels and associated cryptographic algorithms. When an adversary turns into a malicious adversary, in addition to the above capabilities, he can compromise any number of edge servers, eavesdrop on key information, and upload fake data to fool the central server to accomplish his conspiracy. Based on this, information transmission should operate in a secure and trusted channel.

威胁模型还做以下假设:默认情况下,授权服务器是完全可信的,任何敌手都无法破坏授权服务器的可信性。为了做到这一点,可以在授权服务器中进行权限界定。假设所有的授权都以一种安全有效的方式秘密执行,业务服务器的信息不会被泄露给任何敌手。业务服务器之间不会有勾结行为,所以未授权的业务服务器是无法获取数据信息的。The threat model also makes the following assumptions: by default, the authorization server is completely trusted, and no adversary can compromise the credibility of the authorization server. To do this, permissions can be delimited in the authorization server. Assuming that all authorizations are performed secretly in a safe and efficient manner, the information of the business server will not be leaked to any adversary. There will be no collusion between business servers, so unauthorized business servers cannot obtain data information.

为了验证本公开的可实施性,本公开进行了部署和仿真测试。实验使用的操作系统为安装在VMware Workstation Pro上的Linux(5.4.0-62-generic)Ubuntu 18.04.5,内存为4G,设备型号为Intel(R) Core(TM) i7-9700 CPU @3.00GHz 32G Memory。本公开旨在实现一个可靠的和有条件的隐私保护加密学习,因此测试至少包括数据处理和区块链交互。In order to verify the practicability of the present disclosure, deployment and simulation tests of the present disclosure are carried out. The operating system used in the experiment is Linux (5.4.0-62-generic) Ubuntu 18.04.5 installed on VMware Workstation Pro, the memory is 4G, and the device model is Intel(R) Core(TM) i7-9700 CPU @3.00GHz 32G Memory. This disclosure aims to achieve a reliable and conditional privacy-preserving cryptographic learning, so the test includes at least data processing and blockchain interaction.

实验利用Charm框架、PBC库和OpenSSL(1.1版),其中使用的椭圆曲线是 MNT159,嵌入度为 6 ,具有 80 位安全性。这可以用于实现本公开中的所有加密算法。还根据一个简化的工具箱部署了一个由五个节点组成的区块链网络,使用的语言是Python,IDE是PyCharm(2020版本),代码约有1500行。区块链共识算法为PoW,创世块的参数如下表1所示。此外,在TensorFlow上训练了一个神经网络来实现机器学习算法,训练使用的数据集是MNIST手写数字集,其中,训练数据集包含60,000个样本,测试数据集包含10,000样本。数据集中的每张图片由 28 x 28 个像素点构成,每个像素点用一个0−255范围内的灰度值表示。The experiments utilize the Charm framework, the PBC library, and OpenSSL (version 1.1), where the elliptic curve used is MNT159 with an embedding degree of 6 and 80-bit security. This can be used to implement all encryption algorithms in this disclosure. A blockchain network of five nodes was also deployed based on a simplified toolbox, the language used is Python, the IDE is PyCharm (2020 version), and the code is about 1500 lines of code. The blockchain consensus algorithm is PoW, and the parameters of the genesis block are shown in Table 1 below. In addition, a neural network is trained on TensorFlow to implement the machine learning algorithm. The training dataset is the MNIST handwritten digit set, where the training dataset contains 60,000 samples and the test dataset contains 10,000 samples. Each image in the dataset consists of 28 x 28 pixels, and each pixel is represented by a gray value in the range of 0−255.

表1 创世块的参数设置Table 1 Parameter settings of the genesis block

参数parameter 交易trade 哈希hash 前一区块哈希previous block hash 序列号serial number value GENESIS BLOCKGENESIS BLOCK a5fb4682b627e36c36a55ad6b4c8606465e9723fd48254b92c542e2773c3b05ea5fb4682b627e36c36a55ad6b4c8606465e9723fd48254b92c542e2773c3b05e nullnull 11

实验中使用的神经网络模型是一个2层全连接网络,目标是将输入分类为0 - 9范围内的10个数字之一,将输出层的大小设置为10,一次训练所选取的样本数(batch size)是100。The neural network model used in the experiments is a 2-layer fully connected network, the goal is to classify the input as one of 10 numbers in the range 0 - 9, the size of the output layer is set to 10, the number of samples selected for one training ( batch size) is 100.

参考图7,其为本公开实施例提供的第一种仿真实验的结果示意图。图7中的a显示了10 epochs的准确率,从图7中的a可以看出,训练可以达到97%的准确率。测试了加密和解密所需要的时间成本,由于FE在解密时需要执行耗时的离散对数和配对操作,考虑利用空间换时间,所以预先求解一些离散对数,将其存储在数据库中。这里,使用的是PostgreSQL数据库,它是一个具备可靠性和较好性能的开源对象关系数据库系统。图7中的b和图7中的c显示了解密/加密时间随着图片数量的增加而消耗的平均时间成本,在实验过程中,程序将自动选择其中一张图片进行加密和随后的解密操作,每次的加密/解密操作都是独立的,运行十次求取平均值。Referring to FIG. 7 , which is a schematic diagram of a result of a first simulation experiment provided by an embodiment of the present disclosure. a in Figure 7 shows the accuracy at 10 epochs, and as can be seen from a in Figure 7, the training can achieve 97% accuracy. The time cost required for encryption and decryption is tested. Since FE needs to perform time-consuming discrete logarithm and pairing operations during decryption, considering the use of space for time, some discrete logarithms are solved in advance and stored in the database. Here, the PostgreSQL database is used, which is an open source object-relational database system with reliability and better performance. b in Figure 7 and c in Figure 7 show the average time cost of decryption/encryption time as the number of pictures increases, during the experiment, the program will automatically select one of the pictures for encryption and subsequent decryption operations , each encryption/decryption operation is independent and averaged over ten runs.

还测试了区块链的交互性能,在区块链网络中,共识算法PoW保证了只有解决困难问题的节点才能获得记账权,成功获得记账权的节点负责记录交易信息,将交易打包并同步给整个网络。The interactive performance of the blockchain is also tested. In the blockchain network, the consensus algorithm PoW ensures that only the nodes that solve difficult problems can obtain the accounting right, and the nodes that successfully obtain the accounting right are responsible for recording transaction information, packaging the transaction and storing it. Sync to the entire network.

参考图8,其为本公开实施例提供的第二种仿真实验的结果示意图。图8中的a显示了交易生成时间随着数据量增长的变化情况,可以看出当数据大小增加时,交易生成需要花费的时间呈线性增长。图8中的b显示了交易确认消耗的时间随着区块内交易量增长的变化情况,可以看出交易确认消耗的时间很少而且无明显变化。图8中的c显示了CPU占用随着时间的变化情况,可以看出CPU消耗随着时间而增长,但是最后依然处于一个可接受范围内。图8中的d显示了随着并发数的增加响应时间的变化情况,可以看出时间成本随着交易数的增加上升,但是整体消耗时间较短,效率较高。Referring to FIG. 8 , which is a schematic diagram of a result of a second simulation experiment provided by an embodiment of the present disclosure. A in Figure 8 shows the change of transaction generation time with the increase of data volume. It can be seen that when the data size increases, the time required for transaction generation increases linearly. b in Figure 8 shows the change of transaction confirmation time with the increase of transaction volume in the block. It can be seen that the time consumed by transaction confirmation is very small and has no obvious change. C in Figure 8 shows the change of CPU usage over time. It can be seen that the CPU consumption increases with time, but it is still within an acceptable range in the end. d in Figure 8 shows the change of response time as the number of concurrency increases. It can be seen that the time cost increases with the increase of the number of transactions, but the overall consumption time is shorter and the efficiency is higher.

以上实验表明本公开在保障隐私性和可靠性的基本前提下,还具有较高的精确度和合理的吞吐量。The above experiments show that the present disclosure also has high accuracy and reasonable throughput under the basic premise of ensuring privacy and reliability.

基于同一发明构思,与上述任意实施例方法相对应的,本公开还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上任意一实施例所述的基于函数加密、区块链和机器学习的数据传输方法。Based on the same inventive concept and corresponding to any of the above-mentioned embodiments, the present disclosure also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor When the program is executed, the data transmission method based on function encryption, block chain and machine learning described in any one of the above embodiments is implemented.

图9示出了本实施例所提供的一种更为具体的电子设备硬件结构示意图, 该设备可以包括:处理器1010、存储器1020、输入/输出接口1030、通信接口1040和总线 1050。其中处理器1010、存储器1020、输入/输出接口1030和通信接口1040通过总线1050实现彼此之间在设备内部的通信连接。FIG. 9 shows a more specific schematic diagram of the hardware structure of an electronic device provided in this embodiment. The device may include: a processor 1010 , a memory 1020 , an input/output interface 1030 , a communication interface 1040 and a bus 1050 . The processor 1010 , the memory 1020 , the input/output interface 1030 and the communication interface 1040 realize the communication connection among each other within the device through the bus 1050 .

处理器1010可以采用通用的CPU(Central Processing Unit,中央处理器)、微处理器、应用专用集成电路(Application Specific Integrated Circuit,ASIC)、或者一个或多个集成电路等方式实现,用于执行相关程序,以实现本说明书实施例所提供的技术方案。The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit, central processing unit), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, and is used to execute related program to implement the technical solutions provided by the embodiments of this specification.

存储器1020可以采用ROM(Read Only Memory,只读存储器)、RAM(Random AccessMemory,随机存取存储器)、静态存储设备,动态存储设备等形式实现。存储器1020可以存储操作系统和其他应用程序,在通过软件或者固件来实现本说明书实施例所提供的技术方案时,相关的程序代码保存在存储器1020中,并由处理器1010来调用执行。The memory 1020 may be implemented in the form of a ROM (Read Only Memory, read only memory), a RAM (Random Access Memory, random access memory), a static storage device, a dynamic storage device, and the like. The memory 1020 may store an operating system and other application programs. When implementing the technical solutions provided by the embodiments of this specification through software or firmware, the relevant program codes are stored in the memory 1020 and invoked by the processor 1010 for execution.

输入/输出接口1030用于连接输入/输出模块,以实现信息输入及输出。输入输出/模块可以作为组件配置在设备中(图中未示出),也可以外接于设备以提供相应功能。其中输入设备可以包括键盘、鼠标、触摸屏、麦克风、各类传感器等,输出设备可以包括显示器、扬声器、振动器、指示灯等。The input/output interface 1030 is used to connect the input/output module to realize information input and output. The input/output/module can be configured in the device as a component (not shown in the figure), or can be externally connected to the device to provide corresponding functions. The input device may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output device may include a display, a speaker, a vibrator, an indicator light, and the like.

通信接口1040用于连接通信模块(图中未示出),以实现本设备与其他设备的通信交互。其中通信模块可以通过有线方式(例如USB、网线等)实现通信,也可以通过无线方式(例如移动网络、WIFI、蓝牙等)实现通信。The communication interface 1040 is used to connect a communication module (not shown in the figure), so as to realize the communication interaction between the device and other devices. The communication module can implement communication through wired means (such as USB, network cable, etc.), or can implement communication through wireless means (such as mobile network, WIFI, Bluetooth, etc.).

总线1050包括一通路,在设备的各个组件(例如处理器1010、存储器1020、输入/输出接口1030和通信接口1040)之间传输信息。The bus 1050 includes a path to transfer information between the various components of the device (eg, the processor 1010, the memory 1020, the input/output interface 1030, and the communication interface 1040).

需要说明的是,尽管上述设备仅示出了处理器1010、存储器1020、输入/输出接口1030、通信接口1040以及总线1050,但是在具体实施过程中,该设备还可以包括实现正常运行所必需的其他组件。此外,本领域的技术人员可以理解的是,上述设备中也可以仅包含实现本说明书实施例方案所必需的组件,而不必包含图中所示的全部组件。It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in the specific implementation process, the device may also include necessary components for normal operation. other components. In addition, those skilled in the art can understand that, the above-mentioned device may only include components necessary to implement the solutions of the embodiments of the present specification, rather than all the components shown in the figures.

上述实施例的电子设备用于实现前述任一实施例中相应的基于函数加密、区块链和机器学习的数据传输方法,并且具有相应的方法实施例的有益效果,在此不再赘述。The electronic device in the above embodiment is used to implement the corresponding data transmission method based on function encryption, block chain and machine learning in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which will not be repeated here.

基于同一发明构思,与上述任意实施例方法相对应的,本公开还提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行如上任一实施例所述的基于函数加密、区块链和机器学习的数据传输方法。Based on the same inventive concept and corresponding to any of the above-mentioned embodiments, the present disclosure also provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions use In order to make the computer execute the data transmission method based on functional encryption, block chain and machine learning as described in any of the above embodiments.

本实施例的计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。The computer readable medium of this embodiment includes both permanent and non-permanent, removable and non-removable media and can be implemented by any method or technology for information storage. Information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by a computing device.

上述实施例的存储介质存储的计算机指令用于使所述计算机执行如上任一实施例所述的基于函数加密、区块链和机器学习的数据传输方法,并且具有相应的方法实施例的有益效果,在此不再赘述。The computer instructions stored in the storage medium of the above embodiments are used to cause the computer to execute the data transmission method based on functional encryption, block chain and machine learning as described in any of the above embodiments, and have the beneficial effects of the corresponding method embodiments , and will not be repeated here.

需要说明的是,本公开的实施例还可以以下方式进一步描述:It should be noted that the embodiments of the present disclosure can also be further described in the following ways:

一种基于函数加密、区块链和机器学习的数据传输方法,所述方法由边缘服务器、中心服务器、区块链服务器和云存储服务器实现,所述方法包括:A data transmission method based on functional encryption, blockchain and machine learning, the method is implemented by an edge server, a central server, a blockchain server and a cloud storage server, and the method includes:

所述边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将所述边缘加密数据发送至所述云存储服务器;The edge server performs functional encryption on the edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server;

所述边缘服务器构造与所述边缘加密数据对应的数据交易信息,并将所述数据交易信息发送至所述区块链服务器;The edge server constructs data transaction information corresponding to the edge encrypted data, and sends the data transaction information to the blockchain server;

所述边缘服务器将已经构建并训练的令牌生成模型发送至所述中心服务器,所述中心服务器利用所述令牌生成模型生成令牌;其中,所述令牌生成模型为机器学习模型;The edge server sends the constructed and trained token generation model to the central server, and the central server uses the token generation model to generate tokens; wherein the token generation model is a machine learning model;

所述中心服务器从所述区块链服务器获取所述数据交易信息并验证,响应于确定所述数据交易信息通过验证,利用所述令牌解密从所述云存储服务器获取的所述边缘加密数据,得到所述边缘数据中的预设范围的数据。The central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information passes the verification, decrypts the edge encrypted data obtained from the cloud storage server by using the token , to obtain data of a preset range in the edge data.

可选的,还包括:所述中心服务器生成主公钥和主私钥,并将所述主公钥发送至所述边缘服务器。Optionally, the method further includes: the central server generates a master public key and a master private key, and sends the master public key to the edge server.

可选的,还包括:所述边缘服务器和所述中心服务器在所述区块链服务器中进行注册,所述区块链服务器针对所述边缘服务器生成边缘服务器公钥和边缘服务器私钥,并将所述边缘服务器公钥发送至所述中心服务器和将所述边缘服务器私钥发送至所述边缘服务器。Optionally, it further includes: the edge server and the central server are registered in the blockchain server, the blockchain server generates an edge server public key and an edge server private key for the edge server, and Sending the edge server public key to the central server and sending the edge server private key to the edge server.

可选的,其中,所述边缘服务器对边缘数据进行函数加密得到边缘加密数据,并将所述边缘加密数据发送至所述云存储服务器,包括:Optionally, the edge server performs functional encryption on edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server, including:

对于所述边缘数据,所述边缘服务器随机选择一个整数和一个可逆矩阵,计算得到两个列向量,并根据两个所述列向量,进一步计算得到所述边缘加密数据。For the edge data, the edge server randomly selects an integer and an invertible matrix, calculates two column vectors, and further calculates the edge encrypted data according to the two column vectors.

可选的,其中,所述边缘服务器构造与所述边缘加密数据对应的数据交易信息,包括:Optionally, wherein the edge server constructs data transaction information corresponding to the edge encrypted data, including:

所述边缘服务器调取与所述边缘加密数据对应的相关信息和所述区块链服务器针对所述边缘服务器生成的所述边缘服务器私钥,并利用所述相关信息和所述边缘服务器私钥生成所述数据交易信息;所述相关信息包括所述边缘服务器的标识、所述边缘加密数据的标识和所述边缘加密数据上传至所述云存储服务器的时间。The edge server retrieves relevant information corresponding to the edge encrypted data and the edge server private key generated by the blockchain server for the edge server, and uses the relevant information and the edge server private key The data transaction information is generated; the related information includes the identifier of the edge server, the identifier of the edge encrypted data, and the time when the edge encrypted data is uploaded to the cloud storage server.

可选的,其中,在所述边缘服务器将所述数据交易信息发送至所述区块链服务器之后,还包括:Optionally, after the edge server sends the data transaction information to the blockchain server, it further includes:

所述区块链服务器将所述数据交易信息广播至所述区块链服务器的区块链网络;the blockchain server broadcasts the data transaction information to the blockchain network of the blockchain server;

所述区块链服务器利用所述区块链网络中的其他节点验证所述数据交易信息,响应于确定所述数据交易信息通过验证,将所述数据交易信息添加至所述区块链网络。The blockchain server verifies the data transaction information using other nodes in the blockchain network, and in response to determining that the data transaction information passes the verification, adds the data transaction information to the blockchain network.

可选的,其中,所述中心服务器中包括授权服务器和业务服务器;所述边缘服务器将已经构建并训练的令牌生成模型发送至所述中心服务器,所述中心服务器利用所述令牌生成模型生成令牌,包括:Optionally, the central server includes an authorization server and a service server; the edge server sends the constructed and trained token generation model to the central server, and the central server uses the token generation model Generate tokens, including:

所述边缘服务器将所述令牌生成模型发送至所述授权服务器,所述授权服务器利用所述令牌生成模型和所述主私钥生成令牌,并将所述令牌发送至所述业务服务器。The edge server sends the token generation model to the authorization server, the authorization server generates a token using the token generation model and the master private key, and sends the token to the service server.

可选的,其中,所述中心服务器从所述区块链服务器获取所述数据交易信息并验证,响应于确定所述数据交易信息通过验证,利用所述令牌解密所述边缘加密数据,得到所述边缘数据中的预设范围的数据,包括:Optionally, the central server obtains the data transaction information from the blockchain server and verifies it, and in response to determining that the data transaction information passes the verification, decrypts the edge encrypted data by using the token, and obtains: The data of the preset range in the edge data includes:

所述中心服务器利用所述主公钥和所述令牌,解密所述边缘加密数据,得到所述边缘数据中的预设范围的数据。The central server decrypts the edge encrypted data by using the master public key and the token to obtain data of a preset range in the edge data.

一种基于函数加密、区块链和机器学习的数据传输系统,包括边缘服务器、中心服务器、区块链服务器和云存储服务器,所述系统用于实现如上所述的方法。A data transmission system based on functional encryption, block chain and machine learning, including an edge server, a central server, a block chain server and a cloud storage server, the system is used to implement the above method.

可选的,其中,所述系统采用包括应用层、区块链层和存储层的三层架构,所述边缘服务器和所述中心服务器布置在所述应用层,所述区块链服务器布置在所述区块链层,所述云存储服务器布置在所述存储层。Optionally, the system adopts a three-layer architecture including an application layer, a blockchain layer and a storage layer, the edge server and the central server are arranged in the application layer, and the blockchain server is arranged in the In the blockchain layer, the cloud storage server is arranged in the storage layer.

所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本公开的范围(包括权利要求)被限于这些例子;在本公开的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,步骤可以以任意顺序实现,并存在如上所述的本公开实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。Those of ordinary skill in the art should understand that the discussion of any of the above embodiments is only exemplary, and is not intended to imply that the scope of the present disclosure (including the claims) is limited to these examples; under the spirit of the present disclosure, the above embodiments or Technical features in different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the disclosed embodiments as described above, which are not provided in detail for the sake of brevity.

另外,为简化说明和讨论,并且为了不会使本公开实施例难以理解,在所提供的附图中可以示出或可以不示出与集成电路(IC)芯片和其它部件的公知的电源/接地连接。此外,可以以框图的形式示出装置,以便避免使本公开实施例难以理解,并且这也考虑了以下事实,即关于这些框图装置的实施方式的细节是高度取决于将要实施本公开实施例的平台的(即,这些细节应当完全处于本领域技术人员的理解范围内)。在阐述了具体细节(例如,电路)以描述本公开的示例性实施例的情况下,对本领域技术人员来说显而易见的是,可以在没有这些具体细节的情况下或者这些具体细节有变化的情况下实施本公开实施例。因此,这些描述应被认为是说明性的而不是限制性的。In addition, to simplify illustration and discussion, and in order not to obscure the embodiments of the present disclosure, well-known power/power sources associated with integrated circuit (IC) chips and other components may or may not be shown in the figures provided in the figures provided. ground connection. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the disclosed embodiments, and this also takes into account the fact that details regarding the implementation of these block diagram devices are highly dependent on the implementation of the disclosed embodiments platform (ie, these details should be well within the understanding of those skilled in the art). Where specific details (eg, circuits) are set forth to describe exemplary embodiments of the present disclosure, it will be apparent to those skilled in the art that these specific details may be made without or with changes The embodiments of the present disclosure are implemented as follows. Accordingly, these descriptions are to be considered illustrative rather than restrictive.

尽管已经结合了本公开的具体实施例对本公开进行了描述,但是根据前面的描述,这些实施例的很多替换、修改和变型对本领域普通技术人员来说将是显而易见的。例如,其它存储器架构(例如,动态RAM(DRAM))可以使用所讨论的实施例。Although the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations to these embodiments will be apparent to those of ordinary skill in the art from the foregoing description. For example, other memory architectures (eg, dynamic RAM (DRAM)) may use the discussed embodiments.

本公开实施例旨在涵盖落入所附权利要求的宽泛范围之内的所有这样的替换、修改和变型。因此,凡在本公开实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本公开的保护范围之内。The disclosed embodiments are intended to cover all such alternatives, modifications and variations that fall within the broad scope of the appended claims. Therefore, any omission, modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present disclosure should be included within the protection scope of the present disclosure.

Claims (10)

1. A data transmission method based on function encryption, blockchain and machine learning, the method is realized by an edge server, a center server, a blockchain server and a cloud storage server, and the method comprises the following steps:
the edge server performs function encryption on edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server;
the edge server constructs data transaction information corresponding to the edge encrypted data and sends the data transaction information to the block chain server;
the edge server sends the constructed and trained token generation model to the central server, and the central server generates a token by using the token generation model; wherein the token generation model is a machine learning model;
and the central server acquires and verifies the data transaction information from the block chain server, and decrypts the edge encrypted data acquired from the cloud storage server by using the token in response to the fact that the data transaction information is verified to obtain data in a preset range in the edge data.
2. The method of claim 1, further comprising: and the central server generates a main public key and a main private key and sends the main public key to the edge server.
3. The method of claim 1, further comprising: the edge server and the central server register in the blockchain server, and the blockchain server generates an edge server public key and an edge server private key for the edge server, and sends the edge server public key to the central server and the edge server private key to the edge server.
4. The method according to claim 1, wherein the edge server performs function encryption on edge data to obtain edge encrypted data, and sends the edge encrypted data to the cloud storage server, and the method comprises:
and for the edge data, the edge server randomly selects an integer and a reversible matrix, calculates to obtain two column vectors, and further calculates to obtain the edge encryption data according to the two column vectors.
5. The method of claim 3, wherein the edge server constructs data transaction information corresponding to the edge encrypted data, comprising:
the edge server calls relevant information corresponding to the edge encrypted data and the edge server private key generated by the blockchain server aiming at the edge server, and generates the data transaction information by using the relevant information and the edge server private key; the related information comprises the identification of the edge server, the identification of the edge encrypted data and the time for uploading the edge encrypted data to the cloud storage server.
6. The method of claim 1, wherein after the edge server sends the data transaction information to the blockchain server, further comprising:
the blockchain server broadcasts the data transaction information to a blockchain network of the blockchain server;
the blockchain server verifies the data transaction information with other nodes in the blockchain network and adds the data transaction information to the blockchain network in response to determining that the data transaction information is verified.
7. The method of claim 2, wherein the central server comprises an authorization server and a business server; the edge server sends the constructed and trained token generation model to the central server, and the central server generates a token by using the token generation model, including:
and the edge server sends the token generation model to the authorization server, and the authorization server generates a token by using the token generation model and the main private key and sends the token to the service server.
8. The method of claim 2, wherein the central server obtains and verifies the data transaction information from the blockchain server, and in response to determining that the data transaction information is verified, decrypts the edge encrypted data using the token to obtain a preset range of data in the edge data, including:
and the central server decrypts the edge encrypted data by using the main public key and the token to obtain the data in the preset range in the edge data.
9. A data transmission system based on function encryption, blockchain and machine learning, comprising edge servers, central servers, blockchain servers and cloud storage servers, the system being configured to implement the method according to any one of claims 1 to 8.
10. The system of claim 9, wherein the system employs a three-tier architecture comprising an application tier, a blockchain tier, and a storage tier, the edge servers and the central server being disposed at the application tier, the blockchain servers being disposed at the blockchain tier, and the cloud storage servers being disposed at the storage tier.
CN202110884042.6A 2021-08-03 2021-08-03 Data transmission method and system based on function encryption, block chain and machine learning Active CN113328864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110884042.6A CN113328864B (en) 2021-08-03 2021-08-03 Data transmission method and system based on function encryption, block chain and machine learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110884042.6A CN113328864B (en) 2021-08-03 2021-08-03 Data transmission method and system based on function encryption, block chain and machine learning

Publications (2)

Publication Number Publication Date
CN113328864A true CN113328864A (en) 2021-08-31
CN113328864B CN113328864B (en) 2021-12-07

Family

ID=77426953

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110884042.6A Active CN113328864B (en) 2021-08-03 2021-08-03 Data transmission method and system based on function encryption, block chain and machine learning

Country Status (1)

Country Link
CN (1) CN113328864B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710320A (en) * 2022-03-03 2022-07-05 湖南科技大学 Edge calculation privacy protection method based on block chain and multi-key fully homomorphic encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107249046A (en) * 2017-08-15 2017-10-13 李俊庄 A kind of distributed cloud storage system construction method based on block chain
US20180139056A1 (en) * 2016-11-15 2018-05-17 Fujitsu Limited Apparatus and method to perform secure data sharing in a distributed network by using a blockchain
US20190042315A1 (en) * 2018-09-28 2019-02-07 Ned M. Smith Secure edge-cloud function as a service
CN110581839A (en) * 2019-07-23 2019-12-17 中国空间技术研究院 Content protection method and device
CN111641641A (en) * 2020-05-29 2020-09-08 兰州理工大学 Block chain data sharing method based on searchable proxy re-encryption
CN111967056A (en) * 2020-07-18 2020-11-20 赣州市智能产业创新研究院 Wireless communication information acquisition method and system based on block chain
CN113079159A (en) * 2021-04-01 2021-07-06 北京邮电大学 Edge computing network architecture based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180139056A1 (en) * 2016-11-15 2018-05-17 Fujitsu Limited Apparatus and method to perform secure data sharing in a distributed network by using a blockchain
CN107249046A (en) * 2017-08-15 2017-10-13 李俊庄 A kind of distributed cloud storage system construction method based on block chain
US20190042315A1 (en) * 2018-09-28 2019-02-07 Ned M. Smith Secure edge-cloud function as a service
CN110581839A (en) * 2019-07-23 2019-12-17 中国空间技术研究院 Content protection method and device
CN111641641A (en) * 2020-05-29 2020-09-08 兰州理工大学 Block chain data sharing method based on searchable proxy re-encryption
CN111967056A (en) * 2020-07-18 2020-11-20 赣州市智能产业创新研究院 Wireless communication information acquisition method and system based on block chain
CN113079159A (en) * 2021-04-01 2021-07-06 北京邮电大学 Edge computing network architecture based on block chain

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WILLY SUSILO等: "Sanitizable Access Control System for Secure Cloud Storage Against Malicious Data Publishers", 《 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 *
周艺华,李洪明: "基于区块链的数据管理方案", 《信息安全研究》 *
祝烈煌,董慧,沈蒙: "区块链交易数据隐私保护机制", 《大数据》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710320A (en) * 2022-03-03 2022-07-05 湖南科技大学 Edge calculation privacy protection method based on block chain and multi-key fully homomorphic encryption

Also Published As

Publication number Publication date
CN113328864B (en) 2021-12-07

Similar Documents

Publication Publication Date Title
US11868486B2 (en) System and method for secure electronic transaction platform
US10491390B2 (en) Proof chaining and decomposition
US11757640B2 (en) Non-fungible token authentication
US8122255B2 (en) Methods and systems for digital authentication using digitally signed images
CN111181720A (en) Service processing method and device based on trusted execution environment
Xu et al. An efficient blockchain‐based privacy‐preserving scheme with attribute and homomorphic encryption
CN117560150A (en) Key determination method, device, electronic equipment and computer readable storage medium
CN116684102A (en) Message transmission method, message verification method, device, equipment, medium and product
CN113328864B (en) Data transmission method and system based on function encryption, block chain and machine learning
CN114240347B (en) Business service secure connection method, device, computer equipment, and storage medium
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
Zhang et al. Digital image copyright protection method based on blockchain and zero trust mechanism
CN116049802B (en) Application single sign-on method, system, computer equipment and storage medium
CN115174260B (en) Data verification method, device, computer, storage medium and program product
CN116015846A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN114244565B (en) Key distribution method, device, equipment and storage medium
CN116011042A (en) Data storage method, device, system, computer equipment and storage medium
CN119211932A (en) Data processing method, device, equipment, and readable storage medium based on digital certificate
CN117390665A (en) Identity information management method, apparatus, device, storage medium and program product
CN118075004A (en) File verification method, device, system, computer equipment and storage medium
CN117611165A (en) Abnormal object detection method, device, computer equipment and storage medium
CN117521040A (en) Service data calling method, device, computer equipment and storage medium
CN117714058A (en) Encryption and decryption algorithm switching method and device for financial business equipment and computer equipment
CN118264412A (en) Message decryption method, device, apparatus, storage medium and computer program product
CN116628636A (en) Software code hosting method, system, computer device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant