CN114124347A - Safe multi-party computing method and system based on block chain - Google Patents

Abstract

The invention discloses a safe multi-party computing method and a safe multi-party computing system based on a block chain, belonging to the field of block chain and safe multi-party computing; the S1 utilizes the multi-party cooperation calculation aggregation public key to carry out security setting; s2 private data encryption write chain, multiple users write the private data encrypted by the aggregation public key into the block chain; s3 ciphertext calculation, using ciphertext homomorphism characteristic to program limited function in intelligent contract; s4, multiple decryption, namely, the plaintext share collection and share aggregation are completed in the block chain transaction process to obtain the plaintext; s5, performing security audit, recording the decryption behavior of the time by a block chain, and forming an audit log on the chain; the invention encrypts each private input of the secure multi-party calculation respectively and writes the chain, so that a developer can realize the same effect of the secure multi-party calculation as long as the developer knows the intelligent contract programming and the homomorphic ciphertext calculation, thereby reducing the learning threshold of the secure multi-party calculation and promoting the popularization of the privacy calculation technology.

Description

Safe multi-party computing method and system based on block chain

Technical Field

The invention discloses a safe multi-party computing method and system based on a block chain, and relates to the technical field of block chains and safe multi-party computing.

Background

The architecture of secure multiparty computing, which is one of the core techniques of privacy computing, is complex, and the design and programming thresholds are high, so that the secure multiparty computing is difficult to popularize. The block chain technology is mature, many block chains support various traditional programming languages, and it is easy for a developer to find the block chain technology. The invention combines homomorphic encryption and secure multiparty computation, replaces the customized part of the secure multiparty computation with an intelligent contract programming containing homomorphic encryption algorithm, performs distributed ciphertext computation in the intelligent contract, and finally decrypts the distributed ciphertext into plaintext through a universal threshold homomorphic decryption algorithm.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a safe multi-party computing method and system based on a block chain, and the adopted technical scheme is as follows: a safe multiparty computing method based on a block chain comprises the following specific steps:

s1, utilizing the multi-party cooperation to calculate the aggregation public key to carry out security setting;

s2 private data encryption write chain, multiple users write the private data encrypted by the aggregation public key into the block chain;

s3 ciphertext calculation, using ciphertext homomorphism characteristic to program limited function in intelligent contract;

s4, multiple decryption, namely, the plaintext share collection and share aggregation are completed in the block chain transaction process to obtain the plaintext;

and S5, performing security audit, and recording the decryption behavior of the block chain to form an audit log on the chain.

The S1 utilizes the multi-party cooperative computing aggregation public key to perform security setting, that is, the security setting is realized by building an ElGamal multiple decryption algorithm program in each endorsement node.

The specific steps of calculating the ciphertext of the S3 and performing limited function programming by using the homomorphic characteristic of the ciphertext in the intelligent contract are as follows:

s301, performing homomorphic calculation on the intelligent contract codes;

s302, limited customized function operation is carried out by utilizing homomorphism characteristics of the selective encryption algorithm.

The step S4 of multiple decryption, which completes the plaintext share collection and share aggregation in the blockchain transaction process, is as follows:

s401, embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

s402, explicitly calling a bottom decryption program through an intelligent contract;

s403, carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

s404 generates a plaintext share and a zero knowledge proof and returns the plaintext share and the zero knowledge proof to the intelligent contract.

A safe multi-party computing system based on a block chain specifically comprises a safety setting module, a data writing module, a ciphertext computing module, a multiple decryption module and a safety audit module:

a safety setting module: utilizing a multi-party cooperation calculation aggregation public key to carry out security setting;

a data writing module: the private data encryption writing chain is used for writing the private data encrypted by using the aggregation public key into the block chain by a plurality of users;

the ciphertext calculation module: limited function programming is carried out in the intelligent contract by utilizing the homomorphic characteristic of the ciphertext;

multiple decryption module: in the block chain transaction process, plaintext share collection is completed and plaintext is aggregated from shares;

a security audit module: and recording the decryption behavior of the time by the block chain to form an audit log on the chain.

The security setting module utilizes a multi-party cooperative computing aggregation public key to carry out security setting, namely, the security setting is realized by internally arranging an ElGamal multiple decryption algorithm program in each endorsement node.

The ciphertext calculation module specifically comprises a homomorphic calculation module and a function operation module:

a homomorphic calculation module: homomorphic calculation is carried out on the intelligent contract codes;

a function operation module: and performing limited customized function operation by utilizing homomorphism characteristics of the selective encryption algorithm.

The multiple decryption module specifically comprises an algorithm embedding module, a program calling module, a decryption calculation module and a certification returning module:

an algorithm embedding module: embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

a program calling module: explicitly invoking the underlying decryption program through the smart contract;

a decryption calculation module: carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

a certification return module: and generating a plaintext share and a zero knowledge proof and returning the plaintext share and the zero knowledge proof to the intelligent contract.

The invention has the beneficial effects that: the invention encrypts each private input of the safe multiparty computation respectively and writes the chain, replaces the function computation part of the safe multiparty computation with the ciphertext computation coded in the intelligent contract, and reveals the ciphertext settlement result by multiple decryption, so that a developer can realize the same effect of the safe multiparty computation as long as knowing the intelligent contract programming and homomorphic ciphertext computation, thereby reducing the learning threshold of the safe multiparty computation and promoting the popularization of the privacy computation technology.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a flow chart of the method of the present invention; fig. 2 is a schematic diagram of the system of the present invention.

Detailed Description

The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.

First, some of the terms used in the present invention will be explained:

1) secure multiparty computing

Secure Multiparty Computing (SMC) is a powerful and interesting tool in the field of cryptography that allows untrusted parties to cooperate to jointly perform the Computation of a function; specifically, assume that the function has n inputs x1, x2, …, xn, respectively held in different participants; for each participant Pi (i e {1, 2., n }), the input xi that it grasps is his private information; the safe multi-party calculation is realized by completing the calculation of a function f on the premise of ensuring the privacy of input of each participant; after the calculation is finished, each participant can not obtain any other information except the predefined function output;

the secure multi-party computation can be divided into two types, namely secure multi-party computation based on secret sharing and secure multi-party computation based on threshold homomorphic encryption; in secret sharing-based secure multi-party computation, the protocol is that the input and most intermediate results of the protocol based on a linear secret sharing scheme are shared among the participants and participate in computation in a sharing mode; in the safe multi-party calculation based on the threshold homomorphic encryption, the protocol is that the input and most intermediate results of the protocol based on a public key encryption scheme with homomorphism are in an encryption state, and a private key which participates in the operation in a ciphertext mode and is used for decryption is shared among all participants in a threshold secret sharing mode;

2) homomorphic encryption

Homomorphic Encryption (Homomorphic Encryption) is a type of Encryption method with special natural attributes, and the concept is proposed by Rivest et al in the seventies of the last century; compared with a common encryption algorithm, homomorphic encryption can realize basic encryption operation and also can realize various calculation functions among ciphertexts, namely calculation before decryption can be equivalent to calculation after decryption; this property is of great importance for securing information: by utilizing the homomorphic encryption technology, a plurality of ciphertexts can be decrypted after being calculated, and the high calculation cost caused by decryption of each cipher text is not needed; the homomorphic encryption technology can be used for realizing the calculation of a cipher text by a non-key party, and the calculation of the cipher text does not need to pass through a key party, thereby not only reducing the communication cost, but also transferring the calculation task, and balancing the calculation cost of each party; by using the homomorphic encryption technology, the decryption party can only obtain the final result but cannot obtain the message of each ciphertext, so that the safety of the information can be improved;

the key of homomorphic decryption is a private key, and who holds the private key can decrypt the encrypted data; when the private key is held by multiple parties, the decryption behavior becomes a safe multiparty computing paradigm, and the ciphertext can be decrypted into the plaintext only by cooperation of the multiple parties; when the private key is held by n parties, each participant holds a private key share, and the plaintext can be recovered only by the cooperation of the parties exceeding t (t is less than or equal to n), which is called as (t, n) threshold cryptographic algorithm;

the intelligent contract language is generally complete in graphic and can be used for transplanting a homomorphic encryption algorithm into an intelligent contract to be executed so as to form a block chain + safe multiparty computing fusion framework;

3) block chain and ElGamal multiple decryption

Multiple decryption is a special case of (t, n) threshold decryption, i.e., t ═ n; the threshold decryption means that n participants participate in the decryption process, and as long as t or more than t participants successfully complete the protocol, the ciphertext can be decrypted into plaintext; multiple decryption, which means that all n participants can successfully complete the protocol and then can decrypt the ciphertext into the plaintext; ElGamal is a common encryption algorithm and has an addition homomorphism characteristic under an elliptic curve;

the invention designs an ElGamal multiple decryption method realized by using a block chain endorsement mechanism; the method allows multiple endorsement nodes to perform ElGamal multiple decryption using their own private keys as key shares, multiple decryption (threshold decryption) capability for block chaining to privately compute one of the key capabilities; the block chain user can encrypt private data of the user through an ElGamal algorithm and then write the encrypted data into the block chain, and the encrypted public key adopts an aggregated public key of endorsement nodes, so that a ciphertext can be decrypted only by cooperation of a plurality of endorsement nodes, and the privacy of the user is protected; meanwhile, the ElGamal algorithm under the elliptic curve has the homomorphic characteristic of addition, so that ciphertext of a plurality of users can be decrypted after being added, and more application scenes can be brought to ElGamal multiple decryption of data on a chain;

the first embodiment is as follows:

a safe multiparty computing method based on a block chain comprises the following specific steps:

s1, utilizing the multi-party cooperation to calculate the aggregation public key to carry out security setting;

s2 private data encryption write chain, multiple users write the private data encrypted by the aggregation public key into the block chain; assuming each participant Pi, the private data owned by each participant is zi; the ElGamal encryption algorithm is a function Enc (public, plain), and then the algorithm for Pi to encrypt the private data Zi to the ciphertext Zi is

Each private data owner converts the private data of the owner into an ElGamal ciphertext and writes the ElGamal ciphertext; the invention replaces the complicated multi-party concurrent communication in the safe multi-party calculation process by the encrypted write chain of private data, which is one of the key characteristics of the invention;

s3 ciphertext calculation, using ciphertext homomorphism characteristic to program limited function in intelligent contract;

s4, multiple decryption, namely, the plaintext share collection and share aggregation are completed in the block chain transaction process to obtain the plaintext;

s5, performing security audit, recording the decryption behavior of the time by a block chain, and forming an audit log on the chain; the method of the invention leaves marks on the block chain for both the intermediate result and the final decryption behavior of the secure multi-party calculation, thereby improving the auditability and the security of the secure multi-party calculation;

furthermore, each endorsement node of S1 needs to be internally provided with an ElGamal multiple decryption algorithm program, and performs security setting; assuming that n endorsement nodes participate in homomorphic encryption calculation and multiple decryption calculation, each endorsement node Pi publishes its own public key share Xi, and calculates an aggregated public key

Further, the S3 ciphertext computation, the specific steps of using the ciphertext homomorphism feature to perform limited function programming in the intelligent contract are as follows:

s301, performing homomorphic calculation on the intelligent contract codes;

s302, performing limited customized function operation by using homomorphism characteristics of a selective encryption algorithm;

some asymmetric encryption algorithms (ElGamal) have homomorphic properties, such as:

Enc(a+b)＝Enc(a)Enc(b)

enc (a + a +. + a) ═ Enc (n × a) ═ Enc (a) n (n × a is n a additions)

By utilizing the homomorphism characteristics, some ciphertext functions can be calculated; the specific supported algorithm is related to the selection of the encryption algorithm; for example, the ElGamal encryption algorithm under the elliptic curve has an addition homomorphic property, and may calculate the sum of private data of multiple participants, i.e., Zsum ═ Enc (Z1+. Zn) ═ Enc (Z1) +.. + Enc (Zn) · Z1+.. + Zn; the plaintext Zsum is obtained from Zsum by multiple decryptions (threshold decryptions); the invention allows the homomorphic calculation of intelligent contract coding, and utilizes the homomorphic characteristic of the selective encryption algorithm to carry out finite customized function operation, thereby avoiding the conversion of the function to a confusion circuit and reducing the technical threshold; the second feature of the present invention is to replace the garbled circuit with homomorphic function operation with limited capability;

further, the step of multiple decryption at S4 to complete plaintext share collection and share aggregation during blockchain transaction is as follows:

s401, embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

s402, explicitly calling a bottom decryption program through an intelligent contract;

s403, carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

s404, generating a plaintext share and a zero knowledge proof and returning the plaintext share and the zero knowledge proof to the intelligent contract;

the eLGAMAL SDK can be embedded into the bottom layer implementation of the endorsement node, the intelligent contract can explicitly call a bottom layer decryption program, and the parameters are ciphertext (A and B); the bottom-layer program of the endorsement node Pi utilizes an ElGamal multiple decryption algorithm SDK to decrypt the ciphertext (A, B) by utilizing the private key xi of the bottom-layer program, generates a plaintext share Mi and zero knowledge proofs ri, Ni, Mi and Ni, and returns the plaintext share Mi and the zero knowledge proofs ri, Ni, Mi and Ni to the intelligent contract; (for specific algorithms reference is made to another patent application "an ElGamal multiple decryption algorithm"); the intelligent contract returns the plaintext share Mi and the zero knowledge proofs ri, Ni, Mi and Ni to the block chain client;

the client verifies the zero knowledge proof corresponding to each plaintext share to ensure the validity of the plaintext shares, namely, the verification equation

And

whether the result is true or not;

after the client collects all n plaintext shares mi, calculate

m is a plaintext, and decryption is completed; returning the plaintext m to the application program;

no matter the private data encryption writing chain or the multiple decryption after the ciphertext calculation is realized by using the intelligent contract, the calling of the intelligent contract can write the chain and leave marks on the chain, and the evidence which can not be forged and repudiated is left on the block chain and becomes an audit log, so that the safety of the safe multiparty calculation is further improved.

Example two:

a safe multi-party computing system based on a block chain specifically comprises a safety setting module, a data writing module, a ciphertext computing module, a multiple decryption module and a safety audit module:

a safety setting module: utilizing a multi-party cooperation calculation aggregation public key to carry out security setting;

a data writing module: the private data encryption writing chain is used for writing the private data encrypted by using the aggregation public key into the block chain by a plurality of users;

the ciphertext calculation module: limited function programming is carried out in the intelligent contract by utilizing the homomorphic characteristic of the ciphertext;

multiple decryption module: in the block chain transaction process, plaintext share collection is completed and plaintext is aggregated from shares;

a security audit module: the block chain records the decryption behavior at this time to form an audit log on the chain;

further, the security setting module performs security setting by using a multi-party cooperative computing aggregation public key, namely, the security setting is realized by internally arranging an ElGamal multiple decryption algorithm program in each endorsement node;

further, the ciphertext calculation module specifically includes a homomorphic calculation module and a function operation module:

a homomorphic calculation module: homomorphic calculation is carried out on the intelligent contract codes;

a function operation module: performing limited customized function operation by using homomorphism characteristics of a selective encryption algorithm;

still further, the multiple decryption module specifically comprises an algorithm embedding module, a program calling module, a decryption calculation module and a certification returning module:

an algorithm embedding module: embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

a program calling module: explicitly invoking the underlying decryption program through the smart contract;

a decryption calculation module: carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

a certification return module: and generating a plaintext share and a zero knowledge proof and returning the plaintext share and the zero knowledge proof to the intelligent contract.

Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (8)

1. A safe multiparty computing method based on a block chain is characterized by comprising the following specific steps:

s1, utilizing the multi-party cooperation to calculate the aggregation public key to carry out security setting;

s2 private data encryption write chain, multiple users write the private data encrypted by the aggregation public key into the block chain;

s3 ciphertext calculation, using ciphertext homomorphism characteristic to program limited function in intelligent contract;

s4, multiple decryption, namely, the plaintext share collection and share aggregation are completed in the block chain transaction process to obtain the plaintext;

and S5, performing security audit, and recording the decryption behavior of the block chain to form an audit log on the chain.

2. The method as claimed in claim 1, wherein the S1 is implemented by building ElGamal multiple decryption algorithm program in each endorsement node by using multi-party cooperative computing aggregate public key for security setup.

3. The method as claimed in claim 2, wherein said S3 ciphertext computation, the finite function programming using ciphertext homomorphism in the intelligent contract comprises the following steps:

s301, performing homomorphic calculation on the intelligent contract codes;

s302, limited customized function operation is carried out by utilizing homomorphism characteristics of the selective encryption algorithm.

4. The method as claimed in claim 3, wherein said step of S4 multiple decryption, the specific steps of complete plaintext share collection and share aggregation during blockchain transaction are as follows:

s401, embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

s402, explicitly calling a bottom decryption program through an intelligent contract;

s403, carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

s404 generates a plaintext share and a zero knowledge proof and returns the plaintext share and the zero knowledge proof to the intelligent contract.

5. A safe multi-party computing system based on a block chain is characterized by specifically comprising a safety setting module, a data writing module, a ciphertext computing module, a multiple decryption module and a safety audit module:

a safety setting module: utilizing a multi-party cooperation calculation aggregation public key to carry out security setting;

a data writing module: the private data encryption writing chain is used for writing the private data encrypted by using the aggregation public key into the block chain by a plurality of users;

the ciphertext calculation module: limited function programming is carried out in the intelligent contract by utilizing the homomorphic characteristic of the ciphertext;

multiple decryption module: in the block chain transaction process, plaintext share collection is completed and plaintext is aggregated from shares;

a security audit module: and recording the decryption behavior of the time by the block chain to form an audit log on the chain.

6. The system as claimed in claim 5, wherein the security setup module utilizes a multi-party cooperative computing aggregation public key to perform security setup by building an ElGamal multiple decryption algorithm program in each endorsement node.

7. The system as claimed in claim 6, wherein the ciphertext computation module comprises a homomorphic computation module and a function operation module:

a homomorphic calculation module: homomorphic calculation is carried out on the intelligent contract codes;

a function operation module: and performing limited customized function operation by utilizing homomorphism characteristics of the selective encryption algorithm.

8. The system according to claim 7, wherein said multiple decryption modules comprise an algorithm embedding module, a program calling module, a decryption computation module and a proof return module:

an algorithm embedding module: embedding an ElGamal multiple decryption algorithm SDK into the bottom layer of the endorsement node;

a program calling module: explicitly invoking the underlying decryption program through the smart contract;

a decryption calculation module: carrying out decryption calculation on the ciphertext by using an ElGamal multiple decryption algorithm SDK and using a private key of the SDK;

a certification return module: and generating a plaintext share and a zero knowledge proof and returning the plaintext share and the zero knowledge proof to the intelligent contract.

Images