CN114139206A - Multi-user heterogeneous data merging and concurrent certification method based on block chain privacy protection - Google Patents
Multi-user heterogeneous data merging and concurrent certification method based on block chain privacy protection Download PDFInfo
- Publication number
- CN114139206A CN114139206A CN202111477576.3A CN202111477576A CN114139206A CN 114139206 A CN114139206 A CN 114139206A CN 202111477576 A CN202111477576 A CN 202111477576A CN 114139206 A CN114139206 A CN 114139206A
- Authority
- CN
- China
- Prior art keywords
- data
- hash
- verification
- certificate
- abstract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012795 verification Methods 0.000 claims abstract description 75
- 230000002776 aggregation Effects 0.000 claims abstract description 25
- 238000004220 aggregation Methods 0.000 claims abstract description 25
- 238000004364 calculation method Methods 0.000 claims description 18
- 238000007781 pre-processing Methods 0.000 claims description 15
- 238000013524 data verification Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 claims description 8
- 238000013496 data integrity verification Methods 0.000 claims description 5
- 230000009191 jumping Effects 0.000 claims description 5
- 238000010276 construction Methods 0.000 claims description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 7
- 230000004931 aggregating effect Effects 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006116 polymerization reaction Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a multi-user heterogeneous data merging and certification method based on block chain privacy protection, and belongs to the field of block chain privacy protection. Aiming at the problems of easy tampering, poor data privacy, low reliability and the like of the conventional data certificate storing system, a data aggregation certificate storing model is provided by utilizing the characteristics of decentralization, data non-tampering, traceability and the like of a block chain and aiming at a digital certificate storing scene with large data volume and high certificate storing time requirement, the heterogeneous certificate storing data of multiple users are aggregated, so that the evidence chaining efficiency is improved and the chaining cost is saved; on the basis, the invention designs a privacy protection scheme, performs hash (also called hash, hash) processing on the uplink evidence, realizes a multi-user heterogeneous data merging and certificate and independent verification system based on block chain privacy protection, and considers the privacy security of the user while aggregating and storing the data.
Description
Technical Field
The invention belongs to the field of block chain privacy protection, and particularly relates to a block chain privacy protection-based multi-user heterogeneous data concurrent evidence and independent verification method.
Background
With the continuous development of the internet, the traditional paper file is continuously digitalized, the electronic data is easy to store, convenient to carry and low in storage cost, and great convenience is brought to the life and work of people. Electronic data is easily lost and easily tampered, and therefore security of electronic data during storage and preservation becomes particularly important. The traditional data property right service has long time for right confirmation, higher cost, complex flow and low right maintenance efficiency, for example, the digital copyright industry proves very difficult.
The data storage certificate firstly needs to store and store data well according to data types, and also needs to guarantee the credibility and integrity of the data well. The integrity and legal effectiveness of the electronic data evidence can be well guaranteed through characteristics such as the tamper-proof property and the time stamp of the block chain, and therefore the method for storing the data into the block chain is a good electronic data evidence storing mode.
However, the current block chain-based electronic data evidence storing technology has the following problems:
1. data is not aggregated, resulting in higher cost of evidence storage. In the document [ hou, gao, occupy small yoga ] electronic evidence system architecture model [ J ] based on block chains, 2018,045(0z1): 348-. An electronic evidence processing method, device and readable medium based on a block chain are provided in the documents of road completion, royal, sun flare and the like, and a supervision department verifies the authenticity of the electronic evidence of an auditing enterprise through hash value comparison.
2. Aggregate evidence but do not consider privacy security. For example, the document (Yang is ghost-free, Maheng, Li Fang Jian.) is an electronic evidence storing and verifying method and device based on a block chain. The method for storing and verifying the electronic evidence aggregates the hash values corresponding to each electronic evidence into a Mercker tree, and when verification is carried out, the hash values of other electronic evidences are needed to be used as verification parameters, so that the privacy of other users can be leaked.
Disclosure of Invention
Aiming at the problems of easy tampering, poor data privacy, low reliability and the like of the conventional data certificate storing system, a data aggregation certificate storing model is provided by utilizing the characteristics of decentralization, data non-tampering, traceability and the like of a block chain and aiming at a digital certificate storing scene with large data volume and high certificate storing time requirement, the heterogeneous certificate storing data of multiple users are aggregated, so that the evidence chaining efficiency is improved and the chaining cost is saved; on the basis, the invention designs a privacy protection scheme, performs hash (also called hash, hash) processing on the uplink evidence, realizes a method for multi-user heterogeneous data coexistence and authentication and independent authentication based on block chain privacy protection, and considers the privacy security of the user while aggregating and storing the data.
The technical scheme of the invention is as follows:
a multi-user heterogeneous data merging and concurrent certification method based on block chain privacy protection specifically comprises the following steps:
the method comprises three participation roles and three modules, wherein the three participation roles comprise a depositor, an aggregator and a verifier; the three modules comprise a data preprocessing module, a data aggregation module and a data verification module.
The depositor is intended to retain the electronic data generated by the depositor in the blockchain as evidence, and the deposited data cannot be acquired by third parties and aggregators.
The aggregator can provide data aggregation service for a plurality of depositors within a certain period of time for depositing evidence, links the depositors to different block chain platforms for storage according to the demands of the depositors, and returns verification parameters on a corresponding 'evidence storing tree' to the depositors.
The verifier verifies the verification parameter set provided by the depositor, and proves the authenticity and integrity of the data and the identity authentication of the depositor.
In the data preprocessing module, a depositor firstly processes heterogeneous data through a secure hash function to obtain a hash value character string with uniform length, namely a data abstract. A secure hash function can resist second primitive attacks, namely, the original data cannot be known through the digital abstract, so that privacy protection can be performed on the original data of the depositor. And then the depositor signs the data abstract by using a signature algorithm in the digital signature technology, and sends the data abstract and the signature of the data abstract to the aggregator together, and at the moment, the preprocessing of the data is completed.
In the data aggregation module, an aggregator dynamically constructs a 'evidence storage Tree' from data sent by different depositors in a certain time period according to different aggregation modes, wherein the 'evidence storage Tree' is a complete binary Tree (similar to a Merkle Tree data structure). The construction process comprises the following steps: the data abstract and the data abstract signature sent by the depositors are used as leaf nodes to carry out hash calculation to obtain corresponding hash values, then every two data hash values of the depositors are continuously subjected to hash calculation and are upwards aggregated, finally, the root node hash value of the evidence storage tree is obtained, and then the root node hash value is linked up for storage, so that the data aggregation evidence storage of a plurality of depositors is completed. And simultaneously sending the verification parameter set corresponding to the verification data to each depositor.
In the data verification module, verification is carried out for three times in total, so that authenticity verification, data identity authentication and data integrity verification of the stored-certificate data are completed.
And Step 1, firstly, the verifier calculates the verification data sent by the depositor and the verification parameter set to obtain a hash value through an algorithm, compares the hash value with the hash value of the certificate stored on the block chain, if the hash value is consistent with the hash value of the certificate stored on the block chain, the data digest and the data digest signature can be proved to be true and not to be tampered, and the timestamp on the block chain can prove the time of chaining of the data.
And Step 2, the verifier inputs the public key of the verifier, the data abstract and the signature of the data abstract by using a verification algorithm in the digital signature technology to verify the authenticity of the signature of the data abstract, and if the verification is passed, the data abstract is proved to belong to a depositor, the identity authentication is completed, and the impersonation or repudiation behavior is prevented.
And Step 3, the verifier completes the integrity certification of the data if the hash value obtained by calculating the original data through the hash function is the same as the data abstract.
Further, in the data preprocessing module, the secure hash function includes, but is not limited to, SHA256, SHA1, MD5, and SM 3.
Further, in the data preprocessing module, the digital signature technology includes, but is not limited to, RSA, DSA, ECDSA, SM 2.
Further, in the data aggregation module, the number of the verification parameters is determined according to the number of layers of the "evidence tree", and the specific relationship is that the number of the verification parameters is equal to the height of the "evidence tree" -2.
Further, in the data verification module, Step 1 includes the specific steps of:
the verifier needs to input a verification parameter set, which specifically includes: original data file f, data abstract h and data abstract signature hsignedThe verification parameter set params, the certificate deposit transaction tx and the public key pubkey of the depositor are verified by the certificate deposit tree. The data abstract, the data abstract signature and the depositor public key are used for identity authentication to confirm the attribution of the data; the original data file and the data abstract are used for verifying the integrity of the data and ensuring that the data is not tampered; the certificate storing tree verifies the parameter set, the data abstract and the data abstract signature to verify the authenticity of the data and confirm the time of data certificate storing; deposit certificateThe transaction is used for verifying the authenticity of the calculated certificate storing number and the hash value;
after the verifier inputs the verification parameter set, the calculation and comparison are carried out, and the specific steps are as follows:
the first step is as follows: performing hash function calculation on an original data file f to be verified, and obtaining a result hash value h':
h′=hash(f)
the second step is that: and h' is compared with h, if the results are equal, the step is shifted to the third step, otherwise, the data is tampered, and the data integrity verification is not satisfied.
The third step: verification algorithm ver using digital signaturek() For pubkey, hsignedThe operation is carried out to obtain a result h':
h″=verpubkey(hsigned)
the fourth step: and h 'and h' are compared, if the results are equal, the step is skipped to the fifth step, otherwise, the data do not belong to the depositor, and the identity authentication fails.
The fifth step: first using params { t }0,t1,t2,t3,t4,t5,…,tn}、h、hsignedFinishing the calculation of a certain branch of the evidence storing tree, which comprises the following steps:
H1=hash(t0,t1)
H2=hash(H1,tt)
H3=hash(H2,t3)
H4=hash(H3,t4)
……
Hn=hash(Hn-1,tn)
wherein, for a certificate tree with a height of n +2, the verification parameter set params of the 'certificate tree' has n items, wherein t1For data abstract h and data abstract signature h in the certificate storing treesignedOf the parent node of (1) value of the sibling node of (t)2For data abstract h, data abstract signature hsignedFather node ofValue of sibling of parent node of point, t3For data abstract h, data abstract signature hsignedThe values of the sibling nodes of the parent node, and so on, and finally tnIs the value of the left child of the prover root node (if the data digest and the data digest signature of the prover are on the right subtree of the root node of the prover tree) or the value of the right child of the prover root node (if the data digest and the data digest signature of the prover are on the left subtree of the root node of the prover tree).
And a sixth step: h is to benAnd comparing the data with the value of the certificate in the certificate-storing transaction tx in the block chain, if the data are equal to each other, jumping to the seventh step, otherwise, not meeting the authenticity of the data.
The seventh step: and the verification is successful.
The invention has the beneficial effects that:
1. anti-counterfeiting preservation: the method utilizes two basic characteristics of the block chain to realize the function of anti-counterfeiting storage of the digital evidence. One is to take advantage of the inability of data on the blockchain to be tampered with, i.e., evidence to be tampered with once written to the blockchain. Secondly, by using the timestamp function of the block chain, all data on the block chain have the uplink timestamp thereof, so that the time for generating the uplink digital evidence cannot be later than the corresponding timestamp thereof.
2. Polymerization: the method aggregates digital evidences of different users and different types into one piece of data through a hash function at the same time. Eventually, only this piece of data needs to be uplinked. Thus, the chain of the aggregated digital evidence only needs to pay a commission fee, and the cost is greatly reduced. (this approach has the advantage of saving cost while chaining large amounts of data.)
3. Privacy protection: in the method, the data submitted to the aggregator by each user is a data abstract and a data abstract signature of original data after hash calculation, and the calculation process of the hash function is irreversible according to the hidden characteristic of the hash function, so that anyone including the aggregator cannot deduce the real data according to the data abstract of the depositor if the user does not actively provide the original data. In addition, in the verification process, the verifier can complete verification without a third-party platform, so that the data privacy of the user is protected.
4. And (3) quick verification: the method reduces data transmission in the verification process by means of the characteristic that the hash function is fast in one-way calculation and combining with the quick verification algorithm of the Merkle Tree, and is high in verification speed and time complexity of O (n). The invention can provide three different degrees of data verification of data authenticity, data identity authentication and data integrity, thereby completing the verification target of 'which data is generated by who and when'.
5. And (3) data fine granularity storage: in a conventional block-based chain evidence storing method, an entire file or several files are chained together for evidence storing, and all file contents need to be provided during verification, which results in a high data transmission amount on one hand, and also reveals a part of contents which do not need to be verified on the other hand. By using the method, a certain file can be split into a plurality of atomic data, and then the atomic data and the atomic data are combined and certified, when the verification is needed, only verification data and a corresponding verification parameter set are needed to be provided, and the certification of data fine granularity is realized.
The innovation of the invention is that the 5-point technology is combined, and the functions of fine-grained storage and rapid independent verification of multi-user heterogeneous data can be realized at low cost under the condition of protecting the privacy of users.
Drawings
FIG. 1 participates in a subject relationship diagram.
FIG. 2 is a system block diagram of the method of the present invention.
Fig. 3 data aggregation diagram.
FIG. 4 is a verification parameter graph.
Figure 5 data verification diagram.
Detailed Description
The technical solution of the present invention is further explained below with reference to the accompanying drawings and examples.
Example (b):
(1) selecting 4 test files, and obtaining corresponding hash values through SHA-256 hash functions respectively
(2) And (3) carrying out hash processing on each test file to obtain a data abstract and a matched data abstract signature, wherein 8 values are obtained in total and correspond to 8 leaf nodes respectively.
(3) And executing the function to obtain a certificate storage tree, and returning a verification parameter set corresponding to each user. The user 0 performs hash operation on the verification parameter sets from top to bottom to obtain the root hash value, wherein the first verification parameter set is a data summary corresponding to the real data. The detailed process is as follows:
the participation roles of the invention are as follows: depositor, aggregator, verifier. The relationship of the three roles is shown in fig. 1, and their respective business requirements and security requirements are as follows:
1. and (4) a depositor: the depositor hopes that the electronic data generated by the depositor can be preserved in the blockchain as evidence, so that the depositor can conveniently serve as effective evidence to maintain own rights and interests in case of infringement behaviors or legal disputes. The business requirements of the depositor are as follows: credible deposit certificate can be completed on a large amount of data with low cost and high efficiency, and meanwhile, the safety requirements of a depositor are as follows: data that is expected to be self-certified cannot be obtained by third parties and aggregators.
2. The polymerization is as follows: the aggregator provides data aggregation uplink evidence storage service for the depositor, the aggregator is a semi-trusted third party, the service requirement of the aggregator is that data aggregation service is provided for multiple users within a certain evidence storage duration, the aggregator links the data aggregation service to different block chain platforms for storage according to the user requirement, and meanwhile, verification parameters on a corresponding 'evidence storage tree' of the users are returned. The aggregator may be a business company or organization that provides aggregation services to third parties.
3. And (3) verifier: the verifier verifies the set of verification parameters provided by the user, for example, the judicial authority as a verifier at the time of legal dispute verifies the evidence provided by the litigator. The business requirement of the verifier is to be able to quickly and efficiently verify the data provided by the depositor, prove the authenticity and integrity of the data and the identity authentication of the data owner.
The invention provides a block chain based privacy protection multi-user heterogeneous data merging and concurrent certification and independent verification method. The system related to the method is mainly divided into a data preprocessing module, a data aggregation module and a data verification module, and fig. 2 is a system structure diagram of the invention, which is explained in detail below.
Data preprocessing module
The data preprocessing module is mainly used for carrying out isomorphism processing, privacy processing and signature processing on the heterogeneous data of the depositor.
As shown in the data preprocessing section in fig. 2, the depositor first inputs data to be credited to the data preprocessing module. Since different users input data of different types and sizes, the input module first isomorphizes them. The specific method is that any data f input by a depositor is subjected to Hash operation on x by adopting a secure Hash function (such as SHA256) to obtain a string of binary strings with the fixed length of n. This binary string, which is the data digest h, can be used to uniquely identify the data f, and therefore also corresponds to the digital fingerprint of the data, at which point the heterogeneous data isomorphism step is completed. (note that the abstract file is changed arbitrarily, and the abstracts obtained after the one-way hash function processing are different, so that the data and the digital fingerprints have strong corresponding relation). The original data of the user can be hidden due to the unidirectional property of the hash function, so that the data privacy protection of the user is realized.
The depositor then uses the signature algorithm sigk() And the private key of the depositor signs h to the data abstract to obtain the signature h of the data abstractsigned:
hsigned=sigprikey(h)
The data digest and the digital digest signature are then submitted to the aggregator. The purpose of this step is to effectively prove the authenticity of the data abstract information, and the identity authentication of the data can be completed, so as to avoid the following situations: if the depositor provides the original data and the verification parameter set to a certain verifier, the depositor can lie as the owner of the data by virtue of the owned data and the verification parameter set if the verifier has malicious behavior after the verification is completed.
(II) data aggregation module
In the data aggregation module, an aggregator is responsible for aggregating data digests into a "certificate-preserving tree", and the construction process of the certificate-preserving tree "is shown in fig. 3. First, the certificate storing tree is a complete binary tree structure, and leaf nodes are data digests and data digest signatures. The non-leaf node performs string concatenation on the data of the left child and the data of the right child, and then performs Hash operation to obtain a corresponding Hash value, for example, Hash value 1 is Hash (data digest 1, timestamp 1). And calculating layer by layer from bottom to top according to the algorithm, and finally obtaining a root hash value so as to finish the aggregation of the data.
In practical application, an aggregator dynamically constructs a "certificate storage tree" for all data digests needing certificate storage in a set certificate storage time period (for example, data certificate storage is performed every 5 minutes). The data aggregation module immediately acquires the timestamp each time the data abstract and the data abstract signature received by the data depositor are received, and immediately performs Hash operation to upwards construct a layer of branch nodes
For example, in fig. 3, the deposit time period is set to h, and the deposit start time is set to t. At t, depositor A submits data digest x1And a data digest signature s1. The aggregator immediately calculates the Hash value 1 ═ Hash (x)1,s1) (ii) a At t + 1, the depositor B submits the data digest x2And a data digest signature s2. The aggregator immediately calculates the Hash value 2 ═ Hash (x)2,s2) (ii) a At t + h, the data digest 4 submitted by depositor D, called x4. The aggregator immediately calculates the Hash value 4 ═ Hash (x)4,s4). Because the evidence storage duration is reached, the data reception is stopped, the upward Hash operation is performed on 4 groups of data in the aggregation pool layer by layer, and finally the data are aggregated into a root node, namely, a Hash value 7 is equal to a Hash (Hash value 1, Hash value 2), and a Hash (Hash value 3, Hash value 4)).
After the data aggregation is finished, the aggregator links the aggregated data, namely the root hash value of the evidence storing tree, to the block chain for storage. And writing an intelligent contract in an Ether house by using a Solidity language according to different data uplink modes of different block chain platforms, and storing the aggregated root hash value into the block chain.
After the evidence is linked up, the aggregator needs to return the corresponding verification parameters on the evidence storing tree to each depositor, so that the aggregator can be conveniently used for data verification. Taking fig. 3 as an example, the verification parameters output to the four depositors are shown in fig. 4. The number of verification parameters is determined according to the number of layers of the evidence storage tree, and the specific relation is that the number of the verification parameters is equal to the height-2 of the evidence storage tree. The "certificate-deposit tree" corresponding to fig. 3 has 4 layers in total, and then 3 "certificate-deposit tree" verification parameters are generated, as follows:
1. the first verification parameter is the data of the depositor and the data hash value 2 of the sibling node of the hash value 1 generated by the time stamp of the depositor.
2. The second verification parameter is a data hash value 6 of a sibling node of which the node data is a hash value 5, which is obtained by performing hash calculation on the node data being a hash value 1 and the node data being a hash value 2.
3. The third verification parameter is a node whose node data is hash value 5 and node data is hash value 6, and the node data obtained by performing hash calculation is hash value 7, and the node is a root node, so that the generation of the verification parameter is completed.
(III) data verification module
In the data verification module, the verifier can verify the authenticity and integrity of the data and the attribute of the data according to the data and the verification parameters provided by the depositor.
First, the verifier needs to input a verification parameter set, as shown in table 1:
TABLE 1 set of verification parameters
The data abstract, the data abstract signature and the depositor public key are used for identity authentication to confirm the attribution of the data; the original data file and the data abstract are used for verifying the integrity of the data and ensuring that the data is not tampered; the verification parameter set, the data abstract and the data abstract signature of the certificate-storing tree are used for verifying the authenticity of the data and confirming the time of data certificate storage. And the certificate storing transaction is used for verifying the authenticity of the calculated certificate storing number and the hash value. As shown in fig. 5, after the verifier inputs the verification parameter set, the calculation and comparison are performed, which specifically includes the following steps:
the first step is as follows: performing hash function calculation on an original data file f to be verified, and obtaining a result hash value h':
h′=hash(f)
the second step is that: and h' is compared with h, if the results are equal, the step is shifted to the third step, otherwise, the data is tampered, and the data integrity verification is not satisfied.
The third step: verification algorithm ver using digital signaturek() For pubkey, hsignedThe operation is carried out to obtain a result h':
h″=verpubkey(hsigned)
the fourth step: and h 'and h' are compared, if the results are equal, the step is skipped to the fifth step, otherwise, the data do not belong to the depositor, and the identity authentication fails.
The fifth step: first using params { t }0,t1,t2,t3,t4,t5,…,tn}、h、hsignedFinishing the calculation of a certain branch of the evidence storing tree, which comprises the following steps:
H1=hash(t0,t1)
H2=hash(H1,tt)
H3=hash(H2,t3)
H4=hash(H3,t4)
……
Hn=hash(Hn-1,tn)
and a sixth step: h is to benAnd comparing the value with the value of the certificate in tx transaction in the block chain, if the value is equal, jumping to the seventh step, otherwise, the authenticity of the data is not satisfied.
The seventh step: and the verification is successful.
Claims (8)
1. A multi-user heterogeneous data merging and concurrent certification method based on block chain privacy protection is characterized by comprising the following steps:
the method comprises three participation roles and three modules, wherein the three participation roles comprise a depositor, an aggregator and a verifier; the three modules comprise a data preprocessing module, a data aggregation module and a data verification module;
in the data preprocessing module, a storer firstly processes heterogeneous data through a safe hash function to obtain a hash value character string with uniform length, namely a data abstract; a secure hash function can resist second primitive image attack, namely, the original data can not be known through the digital abstract, so that privacy protection can be performed on the original data of the depositor; then the depositor signs the data abstract by using a signature algorithm in the digital signature technology, and sends the data abstract and the signature of the data abstract to the aggregator together, and at the moment, the preprocessing of the data is completed;
in the data aggregation module, an aggregator dynamically constructs a 'certificate storage tree' which is a complete binary tree from data sent by different depositors in a certain time period; the construction process comprises the following steps: the data abstract and the data abstract signature sent by the depositors are used as leaf nodes to carry out hash calculation to obtain corresponding hash values, then every two data hash values of all the depositors are continuously subjected to hash calculation and are aggregated upwards, finally, the root node hash value of a certificate storage tree is obtained, and then the root node hash value is linked up for storage to finish the aggregation of the data of the depositors; meanwhile, sending the verification parameter set corresponding to the evidence storing data of each depositor;
in the data verification module, three times of verification are carried out in total, so that authenticity verification, data identity authentication and data integrity verification of the stored certificate data are completed;
step 1, firstly, the verifier calculates the verification data sent by the depositor and the verification parameter set through an algorithm to obtain a hash value, compares the hash value with the hash value of the certificate stored on the block chain, if the hash value is consistent with the hash value of the certificate stored on the block chain, the verifier can prove that the data abstract and the signature of the data abstract are real and not tampered, and the timestamp on the block chain can prove the time of chaining of the data;
step 2, the verifier inputs the public key of the verifier, the data abstract and the signature of the data abstract by using a verification algorithm in the digital signature technology to verify the authenticity of the signature of the data abstract, if the verification is passed, the data abstract is proved to belong to a depositor, the identity authentication is completed, and the impersonation or repudiation behavior is prevented;
and Step 3, the verifier completes the integrity certification of the data if the hash value obtained by calculating the original data through the hash function is the same as the data abstract.
2. The method as claimed in claim 1, wherein the depositor wishes to preserve the electronic data generated by the depositor in the blockchain as proof, and the data of the depositor cannot be obtained by third parties and aggregators.
3. The method as claimed in claim 1, wherein the aggregator is capable of providing data aggregation service for multiple depositors within a certain period of time for credentialing, and linking the depositors to different blockchain platforms for saving according to depositor requirements, and returning verification parameters corresponding to the credentialing tree to the depositors.
4. The method for merging and certifying multi-user heterogeneous data based on block chain privacy protection as claimed in claim 1, wherein the verifier verifies the verification parameter set provided by the depositor, and proves the authenticity and integrity of the data and the identity authentication of the depositor.
5. The method as claimed in claim 1, wherein the secure hash function in the data preprocessing module is SHA256, SHA1, MD5, or SM 3.
6. The method as claimed in claim 1, wherein the digital signature technology in the data preprocessing module is RSA, DSA, ECDSA or SM 2.
7. The method according to claim 1, wherein in the data aggregation module, the number of authentication parameters is determined according to the number of layers of the "certificate storage tree", and the specific relationship is that the number of authentication parameters is equal to the height of the "certificate storage tree" -2.
8. The method as claimed in claim 1, wherein the Step 1 in the data verification module comprises the following specific steps:
the verifier needs to input a verification parameter set, which specifically includes: original data file f, data abstract h and data abstract signature hsignedThe verification parameter set params, the certificate storing transaction tx and the public key pubkey of the depositor are verified by the certificate storing tree; the data abstract, the data abstract signature and the depositor public key are used for identity authentication to confirm the attribution of the data; the original data file and the data abstract are used for verifying the integrity of the data and ensuring that the data is not tampered; the certificate storing tree verifies the parameter set, the data abstract and the data abstract signature to verify the authenticity of the data and confirm the time of data certificate storing; the certificate storing transaction is used for verifying the authenticity of the calculated certificate storing number and the hash value;
after the verifier inputs the verification parameter set, the calculation and comparison are carried out, and the specific steps are as follows:
the first step is as follows: performing hash function calculation on an original data file f to be verified, and obtaining a result hash value h':
h′=hash(f)
the second step is that: comparing h' with h, if the results are equal, jumping to the third step, otherwise, the data is tampered and the data integrity verification is not satisfied;
the third step: verification algorithm ver using digital signaturek() For pubkey, hsignedThe operation is carried out to obtain a result h':
h″=verpubkey(hsigned)
the fourth step: comparing h 'with h', if the results are equal, jumping to the fifth step, otherwise, representing that the data does not belong to the depositor, and the identity authentication fails;
the fifth step: first using params { t }0,t1,t2,t3,t4,t5,…,tn}、h、hsignedFinishing the calculation of a certain branch of the evidence storing tree, which comprises the following steps:
H1=hash(t0,t1)
H2=hash(H1,tt)
H3=hash(H2,t3)
H4=hash(H3,t4)
……
Hn=hash(Hn-1,tn)
wherein, for a certificate-storing tree with the height of n +2, the verification parameter set params of the 'certificate-storing tree' has n items, t1For data abstract h and data abstract signature h in the certificate storing treesignedOf the parent node of (1) value of the sibling node of (t)2For data abstract h, data abstract signature hsignedOf the parent node, t3For data abstract h, data abstract signature hsignedThe values of the sibling nodes of the parent node, and so on, and finally tnThe value of the left child of the evidence-storing tree root node or the value of the right child of the evidence-storing tree root node;
and a sixth step: h is to benComparing the value of the deposit certificate in the deposit certificate transaction tx in the block chain, if the value of the deposit certificate is equal to the value of the deposit certificate in the deposit certificate transaction tx, jumping to the seventh step, otherwise, not meeting the authenticity of the data;
the seventh step: and the verification is successful.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111477576.3A CN114139206B (en) | 2021-12-06 | 2021-12-06 | Multi-user heterogeneous data merging and concurrent evidence method based on blockchain privacy protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111477576.3A CN114139206B (en) | 2021-12-06 | 2021-12-06 | Multi-user heterogeneous data merging and concurrent evidence method based on blockchain privacy protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114139206A true CN114139206A (en) | 2022-03-04 |
| CN114139206B CN114139206B (en) | 2024-04-05 |
Family
ID=80384260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111477576.3A Active CN114139206B (en) | 2021-12-06 | 2021-12-06 | Multi-user heterogeneous data merging and concurrent evidence method based on blockchain privacy protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114139206B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051799A (en) * | 2022-06-13 | 2022-09-13 | 北京天华星航科技有限公司 | Digital information processing system based on block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888375A (en) * | 2017-11-08 | 2018-04-06 | 深圳市携网科技有限公司 | A kind of electronic evidence safety system and method based on block chain technology |
| WO2021012841A1 (en) * | 2019-07-23 | 2021-01-28 | 深圳前海微众银行股份有限公司 | Verification method and device applied to blockchain |
| CN113360951A (en) * | 2021-05-12 | 2021-09-07 | 电子科技大学 | Electronic evidence preservation method based on partitioned block chain |
-
2021
- 2021-12-06 CN CN202111477576.3A patent/CN114139206B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888375A (en) * | 2017-11-08 | 2018-04-06 | 深圳市携网科技有限公司 | A kind of electronic evidence safety system and method based on block chain technology |
| WO2021012841A1 (en) * | 2019-07-23 | 2021-01-28 | 深圳前海微众银行股份有限公司 | Verification method and device applied to blockchain |
| CN113360951A (en) * | 2021-05-12 | 2021-09-07 | 电子科技大学 | Electronic evidence preservation method based on partitioned block chain |
Non-Patent Citations (1)
| Title |
|---|
| 刘格昌;李强;: "基于可搜索加密的区块链数据隐私保护机制", 计算机应用, no. 2, 30 December 2019 (2019-12-30) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051799A (en) * | 2022-06-13 | 2022-09-13 | 北京天华星航科技有限公司 | Digital information processing system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114139206B (en) | 2024-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Leng et al. | Blockchain security: A survey of techniques and research directions | |
| CN108833081B (en) | Block chain-based equipment networking authentication method | |
| Zhang et al. | Outsourcing service fair payment based on blockchain and its applications in cloud computing | |
| US10735207B2 (en) | System and method for implementing blockchain-based digital certificates | |
| Goldwasser et al. | Public accountability vs. secret laws: can they coexist? A cryptographic proposal | |
| Wang et al. | Image copyright protection based on blockchain and zero-watermark | |
| US10498535B2 (en) | Method and system for verifying information of a data item in a plurality of different data items | |
| EP3863220A1 (en) | System and method for generating digital marks | |
| Zhu et al. | Efficient publicly verifiable 2pc over a blockchain with applications to financially-secure computations | |
| Bose et al. | BLIC: A blockchain protocol for manufacturing and supply chain management of ICS | |
| CN113302610A (en) | Trusted platform based on block chain | |
| CN114139206A (en) | Multi-user heterogeneous data merging and concurrent certification method based on block chain privacy protection | |
| Wang et al. | A blockchain-based system for secure image protection using zero-watermark | |
| Hou et al. | Fine-grained and controllably redactable blockchain with harmful data forced removal | |
| Li et al. | ZKCPlus: Optimized fair-exchange protocol supporting practical and flexible data exchange | |
| Li et al. | Nf-crowd: Nearly-free blockchain-based crowdsourcing | |
| Beal et al. | Derecho: Privacy pools with proof-carrying disclosures | |
| CN114565485A (en) | Labor contract management method and system based on block chain ipfs storage | |
| CN114090995A (en) | Contract signing method, system and storage medium based on alliance chain and biological characteristics | |
| Shi et al. | Design of electronic contract architecture based on blockchain technology | |
| Knirsch et al. | Evaluation of a Blockchain-Based Proof-of-Possession Implementation | |
| CN113491090A (en) | Trusted platform based on block chain | |
| Fiore et al. | Efficient zero-knowledge proofs on signed data with applications to verifiable computation on data streams | |
| CN115473632B (en) | Improved multi-layer linkable ring signature generation method and device | |
| Zou et al. | A new digital signature primitive and its application in blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |