CN114978490A - Encryption method and device for private data, processor and electronic equipment - Google Patents

Encryption method and device for private data, processor and electronic equipment Download PDF

Info

Publication number
CN114978490A
CN114978490A CN202210493613.8A CN202210493613A CN114978490A CN 114978490 A CN114978490 A CN 114978490A CN 202210493613 A CN202210493613 A CN 202210493613A CN 114978490 A CN114978490 A CN 114978490A
Authority
CN
China
Prior art keywords
private data
intelligent contract
data
target
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210493613.8A
Other languages
Chinese (zh)
Inventor
李曼潇
黄肇敏
陈金娣
江洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210493613.8A priority Critical patent/CN114978490A/en
Publication of CN114978490A publication Critical patent/CN114978490A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The application discloses an encryption method and device of private data, a processor and electronic equipment, and relates to the field of block chains. The method is applied to a blockchain system, the blockchain system comprises at least one blockchain node, and the at least one blockchain node at least comprises a plurality of intelligent contracts used for processing private data, and the method comprises the following steps: acquiring a target intelligent contract set from at least one block chain node; generating a distributed key according to a plurality of intelligent contracts in a target intelligent contract set; and performing threshold homomorphic encryption on the private data by adopting at least one intelligent contract in the target intelligent contract set in combination with the public key in the distributed secret key. Through the method and the device, the problem that the encryption effect of the private data in the block chain is poor due to the fact that the homomorphic encryption technology is adopted to encrypt the private data in the block chain in the related technology is solved.

Description

Encryption method and device for private data, processor and electronic equipment
Technical Field
The present application relates to the field of blockchains, and in particular, to an encryption method and apparatus for private data, a processor, and an electronic device.
Background
In the related art, combining blockchain and homomorphic encryption is one of the means for realizing that blockchain supports private transactions, wherein homomorphic encryption technology is also an important one in the privacy computing technology. However, most of the existing homomorphic encryption is single-key encryption, that is, only one private key is provided, and ciphertexts encrypted by different public keys cannot be mutually computed, which brings inconvenience and potential safety hazard to application of homomorphic encryption in privacy computation.
Moreover, the inconvenience of applying homomorphic encryption in privacy computing is manifested in: before homomorphic encryption calculation, in order to enable each homomorphic encryption participant to obtain the same homomorphic encryption public key, each homomorphic encryption participant needs to interact with a credible homomorphic encryption key calculation center to obtain the homomorphic encryption public and private keys. And the homomorphic encryption key calculation center is not a participant of any homomorphic calculation generally, but is a trusted third party.
In addition, the potential safety hazard brought by the application of homomorphic encryption in privacy computation is shown in the following steps: once a malicious party in the network intercepts the homomorphic encrypted public and private keys, the homomorphic calculation result can be easily decrypted or tampered.
Aiming at the problem that the encryption effect of the private data in the block chain is poor due to the fact that the homomorphic encryption technology is adopted to encrypt the private data in the block chain in the related technology, an effective solution is not provided at present.
Disclosure of Invention
The present application mainly aims to provide an encryption method and apparatus for private data, a processor, and an electronic device, so as to solve the problem that the encryption effect of the private data in a block chain is not good due to the adoption of a homomorphic encryption technology to encrypt the private data in the block chain in the related art.
In order to achieve the above object, according to one aspect of the present application, there is provided an encryption method of private data. The method is applied to a blockchain system, the blockchain system comprises at least one blockchain node, and the at least one blockchain node at least comprises a plurality of intelligent contracts used for processing private data, and the method comprises the following steps: acquiring a target intelligent contract set from the at least one blockchain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system; generating a distributed key according to a plurality of intelligent contracts in the target intelligent contract set, wherein the distributed key at least comprises: a public key for encrypting the private data and a partial private key for decrypting the private data; and performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
Further, after threshold homomorphic encrypting the private data with at least one smart contract of the target set of smart contracts in conjunction with a public key of the distributed key, the method further comprises: obtaining a plurality of ciphertexts, wherein the plurality of ciphertexts are obtained by performing threshold homomorphic encryption on the privacy data; homomorphic calculation is carried out on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to the verifiable random function and is used for calculating the private data; decrypting the calculation result by using the at least one intelligent contract in combination with a target number of the partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; providing the decryption result to a requestor that has been authorized to request access to the private data.
Further, after obtaining the target intelligent contract set from the at least one blockchain node, before generating a distributed key from a plurality of intelligent contracts in the target intelligent contract set, the method further includes: acquiring identity information of a plurality of private data providers in the blockchain system; determining a correspondence between the identity of each private data provider and each intelligent contract in the target set of intelligent contracts; and registering the corresponding relation into the block chain system.
Further, after registering the correspondence in the blockchain system, the method further comprises: obtaining authorization information of the plurality of private data providers, wherein the authorization information at least comprises: identity information of an authorizer, identity information of an authorized party, an intelligent contract that the authorizer has registered in the blockchain system, signature information of the authorizer; recording the authorization information into the blockchain system.
Further, before generating a distributed key from a plurality of smart contracts in the target set of smart contracts, the method further comprises: judging whether the distributed key exists in the block chain system or not; acquiring the distributed key under the condition that the distributed key exists in the blockchain system; and under the condition that the distributed key does not exist in the blockchain system, generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set.
Further, before determining whether the distributed key exists in the blockchain system, the method further comprises: judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; triggering first request information in the case that the provider of the private data has authorized the requester to access the private data, wherein the first request information is used for requesting to invoke at least one intelligent contract in the target intelligent contract set; responding to the first request information, calling the at least one intelligent contract, and judging whether the distributed key exists in the block chain system; and triggering first prompt information under the condition that the provider of the private data does not authorize the requester to access the private data, wherein the first prompt information is used for prompting that the requester cannot access the private data.
Further, before determining whether the provider of the private data has authorized the requester to access the private data according to the authorization information, the method further includes: acquiring target transaction parameters and a second intelligent contract, wherein the second intelligent contract is used for processing data except the private data in the blockchain system; determining a processing flow of the second intelligent contract processing data according to the target transaction parameters; judging whether the processing flow relates to the private data or not; triggering second request information in the case that the processing flow relates to the private data, wherein the second request information is used for requesting to perform a cross contract invoking operation, and the second request information at least comprises: identity information of the requestor, identity information of at least one provider of the private data, and query conditions of the private data; responding to the second request information, carrying out contract crossing calling operation, and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; and triggering second prompt information under the condition that the processing flow does not relate to the private data, wherein the second prompt information is used for prompting that the second intelligent contract does not relate to the private data.
In order to achieve the above object, according to another aspect of the present application, there is provided an encryption apparatus of private data. The device is applied to a blockchain system, the blockchain system comprises at least one blockchain node, the at least one blockchain node at least comprises a plurality of intelligent contracts used for processing private data, and the intelligent contracts comprise: a first obtaining unit, configured to obtain a target intelligent contract set from the at least one blockchain node, where the target intelligent contract set includes a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system; a first generating unit, configured to generate a distributed key according to a plurality of smart contracts in the target set of smart contracts, where the distributed key includes at least: a public key for encrypting the private data and a partial private key for decrypting the private data; and the first encryption unit is used for carrying out threshold homomorphic encryption on the private data by adopting at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed secret key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
Further, the apparatus further comprises: a second obtaining unit, configured to obtain multiple ciphertexts after performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, where the multiple ciphertexts are obtained by performing threshold homomorphic encryption on the private data; the first calculation unit is used for carrying out homomorphic calculation on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to the verifiable random function and is used for calculating the private data; the first decryption unit is used for decrypting the calculation result by adopting the at least one intelligent contract in combination with a target number of the partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; a first providing unit, configured to provide the decryption result to a requester that has been authorized to request access to the private data.
Further, the apparatus further comprises: a third obtaining unit, configured to, after obtaining a target intelligent contract set from the at least one blockchain node, obtain identity information of multiple privacy data providers in the blockchain system before generating a distributed key according to multiple intelligent contracts in the target intelligent contract set; a first determining unit, configured to determine a correspondence between an identity of each private data provider and each intelligent contract in the target set of intelligent contracts; a first registration unit, configured to register the correspondence relationship in the blockchain system.
Further, the apparatus further comprises: a fourth obtaining unit, configured to obtain authorization information of the multiple private data providers after the corresponding relationship is registered in the blockchain system, where the authorization information at least includes: identity information of an authorizer, identity information of an authorized party, an intelligent contract that the authorizer has registered in the blockchain system, and signature information of the authorizer; a first recording unit, configured to record the authorization information into the blockchain system.
Further, the apparatus further comprises: a first judging unit, configured to judge whether a distributed key exists in the blockchain system before generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set; a fifth obtaining unit, configured to obtain the distributed key when the distributed key exists in the blockchain system; a second generating unit, configured to generate the distributed key according to the plurality of smart contracts in the target smart contract set when the distributed key does not exist in the blockchain system.
Further, the apparatus further comprises: a second determining unit, configured to determine, before determining whether the distributed key exists in the blockchain system, whether a provider of the private data has authorized the requester to access the private data according to the authorization information; a first triggering unit, configured to trigger first request information in a case where a provider of the private data has authorized the requester to access the private data, where the first request information is used to request to invoke at least one intelligent contract in the target intelligent contract set; a first response unit, configured to respond to the first request information, invoke the at least one smart contract, and determine whether the distributed key exists in the blockchain system; the second triggering unit is used for triggering first prompting information under the condition that a provider of the private data does not authorize the requester to access the private data, wherein the first prompting information is used for prompting that the requester cannot access the private data.
Further, the apparatus further comprises: a sixth obtaining unit, configured to obtain target transaction parameters and a second intelligent contract before determining, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data, where the second intelligent contract is used to process data in the blockchain system except the private data; the second determining unit is used for determining the processing flow of the second intelligent contract processing data according to the target transaction parameters; a third judging unit configured to judge whether the processing flow relates to the private data; a third triggering unit, configured to trigger second request information when the processing flow relates to the private data, where the second request information is used to request a cross-contract invoking operation, and the second request information at least includes: identity information of the requestor, identity information of at least one provider of the private data, and query conditions of the private data; a second response unit, configured to perform a contract-crossing call operation in response to the second request information, and determine, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data; and the fourth triggering unit is used for triggering second prompting information under the condition that the processing flow does not relate to the private data, wherein the second prompting information is used for prompting that the second intelligent contract does not relate to the private data.
In order to achieve the above object, according to another aspect of the present application, there is provided a processor for executing a program, wherein the program executes to perform the encryption method of the private data according to any one of the above.
To achieve the above object, according to another aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the encryption method of private data according to any one of the above.
The method is applied to a blockchain system, the blockchain system comprises at least one blockchain node, the at least one blockchain node at least comprises a plurality of intelligent contracts used for processing private data, and the method comprises the following steps: acquiring a target intelligent contract set from at least one blockchain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in a blockchain system; generating a distributed key according to a plurality of intelligent contracts in a target intelligent contract set, wherein the distributed key at least comprises: a public key for encrypting the private data and a partial private key for decrypting the private data; the method comprises the steps that a public key in a distributed secret key is combined, at least one intelligent contract in a target intelligent contract set is adopted to conduct threshold homomorphic encryption on privacy data, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in a block chain system, and the problem that the privacy data in the block chain are encrypted by adopting a homomorphic encryption technology in the related technology, so that the encryption effect of the privacy data in the block chain is poor is solved. The distributed key is generated according to a plurality of intelligent contracts in a target intelligent contract set acquired from at least one block chain node, and at least one intelligent contract in the target intelligent contract set is adopted in combination with a public key in the distributed key, so that the privacy data in the block chain system are subjected to threshold homomorphic encryption, and the encryption effect of the privacy data in the block chain is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application, and the description of the exemplary embodiments of the application are intended to be illustrative of the application and are not intended to limit the application. In the drawings:
fig. 1 is a schematic diagram of a network structure of a blockchain system supporting threshold homomorphic encryption of private data in an embodiment of the present application;
FIG. 2 is a schematic diagram of a functional module of private data processing supporting threshold homomorphic encryption in an embodiment of the present application;
FIG. 3 is a flow chart of a method of encrypting private data provided in accordance with an embodiment of the present application;
FIG. 4 is a flow diagram of blockchain private data provider and private data encryption/decryption intelligent contract set information registration in an embodiment of the present application;
FIG. 5 is a flow diagram of blockchain private data provider authorization information updating in an embodiment of the present application;
FIG. 6 is a flowchart of a processing method for querying private data by a blockchain general data processing intelligent contract in an embodiment of the present application;
FIG. 7 is a flow chart of an alternative method of encrypting private data provided in accordance with an embodiment of the present application;
fig. 8 is a schematic diagram of an encryption apparatus for private data provided according to an embodiment of the present application;
fig. 9 is a schematic diagram of an electronic device provided according to an embodiment of the application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the relevant information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
For convenience of description, some terms or expressions referred to in the embodiments of the present application are explained below:
homomorphic encryption: a cryptographic technique based on the theory of computational complexity of mathematical problems. In brief, after homomorphic encryption is performed on data, a ciphertext can be directly operated, and after the operated ciphertext result is decrypted, the result is equal to the result obtained by performing the same operation on the corresponding data plaintext. The method has the significance of really and fundamentally solving the privacy data confidentiality problem when entrusting data and operation thereof to a third party.
Threshold homomorphic encryption: and supporting a plurality of private keys, distributing the private keys to all the participants holding the private data, wherein all the participants actually hold only one part of the complete private key. Each participant providing the privacy data can independently calculate a homomorphic encryption result, any entity can use each participant data to perform homomorphic calculation, and if the calculated result needs to be decrypted, at least more than a threshold number of participants holding private keys need to participate in decryption.
The random function can be verified: to obtain a network-wide verifiable random number in a distributed system, verifiable random functions are generally used, which can be said to be the product of a combination of hash functions and asymmetric encryption. To prevent messages from being tampered with, a message authentication code is typically appended to the message source associated with the computed random number.
The present invention is described below with reference to preferred implementation steps, fig. 1 is a schematic diagram of a network structure of a blockchain system supporting threshold homomorphic encryption of private data in an embodiment of the present application, and as shown in fig. 1, a blockchain system supporting threshold homomorphic encryption of private data includes: the system comprises a block chain node 11, a general data processing intelligent contract 12, a general data storage 13, a private data processing intelligent contract 14, a private data storage 15 and a cross contract invoking device 16. Wherein, general data processing intelligent contract 12, general data storage 13, private data processing intelligent contract 14, private data storage 15 and cross contract invoking device 16 are all part of block chain node 11. Moreover, the general data processing intelligent contract 12 and the general data storage 13 are directly interconnected, the private data processing intelligent contract 14 and the private data storage 15 are directly interconnected, and the general data processing intelligent contract 12 and the private data storage 15 are not directly communicated, so that the private data can not be illegally read.
Specifically, the blockchain node 11 refers to a software program having blockchain basic functions, which is connected to the blockchain system, and may be a hardware server exclusively owned by one blockchain node or a hardware server shared by a plurality of blockchain nodes.
The general data processing intelligent contract 12 means that the users of the block chain have some intelligent contract service data which are publicly transparent, and the general data are open to all users of the block chain and can be inquired.
The general data storage 13 refers to data generated by general data processing intelligent contracts, and the identity of a data owner is not used for private encryption special processing during storage, so that the general data processing intelligent contracts can be inquired and used.
Privacy data handling intelligent contracts 14 mean that users of a blockchain have certain intelligent contract business data that is sensitive and private, such privacy data being open to queries only for intelligent contracts whose identity is the owner of the privacy data. In order to support the private data service, besides the general data processing intelligent contract, the blockchain node needs to introduce a series of intelligent contracts or functional modules related to private data processing and supporting threshold homomorphic encryption, such as a private node registration system intelligent contract, a private data encryption and decryption intelligent contract, a private data calculation intelligent contract and a distributed key generation module for threshold homomorphic encryption.
The private data storage 15 refers to data generated by processing an intelligent contract by private data, and when the private data is stored, the identity of a data owner is used for private encryption special processing, and only the data owner and a person authorized by the owner are supported for inquiry and use.
The cross-contract calling device 16 refers to a private data processing intelligent contract support and returns processed data to other intelligent contracts for use, the other intelligent contracts use the private data on the premise that the private data is authorized by a private data owner, and an authorization processing flow is integrated in the cross-contract calling device and comprises a private data owner identity and private data encryption and decryption intelligent contract relation module, a private data owner authorization module and the like.
Fig. 2 is a schematic diagram of a functional module of private data processing supporting threshold homomorphic encryption in an embodiment of the present application, and as shown in fig. 2, the blockchain system needs to newly introduce several important functional modules in addition to the conventional blockchain function, that is, a functional module of private data processing supporting threshold homomorphic encryption includes: privacy node registration system intelligent contracts 21, privacy data encryption and decryption intelligent contracts 22, privacy data calculation intelligent contracts 23, verifiable random function module 24, privacy data owner identity and privacy data encryption and decryption intelligent contract relation module 25 and privacy data owner authorization module 26.
Specifically, the privacy node registration system intelligent contract 21 means that each privacy data provider uses the privacy node registration system intelligent contract to register the privacy data provider identity and the privacy data encryption and decryption intelligent contract set information to the blockchain. Each privacy data owner corresponds to a plurality of privacy data encryption and decryption intelligent contracts, and when the privacy data provider participates in privacy data calculation subsequently, only one privacy data encryption and decryption intelligent contract set registered by the user is selected to participate in privacy calculation.
The private data encryption and decryption intelligent contracts 22 refer to the interconnection of private data encryption and decryption intelligent contracts of all private data owners, and a distributed key with a homomorphic threshold encryption is generated after negotiation and interaction. The key is used for independently completing threshold homomorphic encryption by each subsequent privacy data encryption and decryption intelligent contract or completing decryption of homomorphic encryption results through cooperative calculation.
The private data computation intelligent contract 23 is a type of system intelligent contract that collects homomorphic encrypted cryptographs of each participant and performs homomorphic computation.
The verifiable random function module 24 refers to that the blockchain system randomly selects any registered private data encryption and decryption intelligent contract and private data calculation intelligent contract of the private data owner, and only the selected intelligent contract participates in threshold homomorphic encryption and decryption and homomorphic calculation of the private data. Since the private data queries in the blockchain are all managed through the cross-contract invocation means, the module is integrated in the cross-contract invocation means.
The privacy data owner identity and privacy data encryption and decryption intelligent contract relation module 25 indicates that one privacy data owner can own a plurality of privacy data encryption and decryption intelligent contracts and is used for processing different or same privacy data encryption and decryption, and when the intelligent contract specifies that data of a certain privacy data owner can be used, the corresponding privacy data encryption and decryption intelligent contract can be found according to the record.
The private data owner authorization module 26 indicates that private data encryption and decryption intelligent contracts only support private data owners and persons authorized by the owners to use, so that authorized white list information of each private data owner is recorded in the cross-contract invoking device, and intelligent contracts which are not white-listed are denied access to private data related intelligent contracts.
Fig. 3 is a flowchart of an encryption method for private data according to an embodiment of the present application, and as shown in fig. 3, the method includes the following steps:
step S301, a target intelligent contract set is obtained from at least one block chain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in the block chain system.
In this embodiment, an intelligent contract for encrypting and decrypting private data for all private data owners in the blockchain system may be obtained.
Step S302, generating a distributed key according to a plurality of intelligent contracts in a target intelligent contract set, wherein the distributed key at least comprises: a public key for encrypting the private data and a partial private key for decrypting the private data.
For example, private data encryption and decryption smart contracts of private data owners are interconnected, and joint computation generates distributed keys for threshold homomorphic encryption. Namely, private data encryption and decryption intelligent contracts of all private data owners are interconnected, and interaction is completed to generate a distributed key with a homomorphic threshold encryption. And the key is used for independently completing threshold homomorphic encryption of subsequent privacy data encryption and decryption intelligent contracts or completing decryption of homomorphic encryption results through cooperative calculation.
And step S303, performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the block chain system.
For example, each private data encryption and decryption intelligence contract independently completes a threshold homomorphic encryption of private data in a blockchain system using a distributed key.
Through the steps S301 to S303, the distributed key is generated according to the plurality of intelligent contracts in the target intelligent contract set acquired from the at least one block chain node, and the at least one intelligent contract in the target intelligent contract set is adopted in combination with the public key in the distributed key, so that the threshold homomorphic encryption is performed on the private data in the block chain system, and the encryption effect of the private data in the block chain is further improved.
Optionally, in the encryption method for private data provided in this embodiment of the present application, after threshold homomorphic encryption is performed on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, the method further includes: acquiring a plurality of ciphertexts, wherein the plurality of ciphertexts are obtained by performing threshold homomorphic encryption on the private data; performing homomorphic calculation on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to a verifiable random function and is used for calculating the private data; decrypting the calculation result by adopting at least one intelligent contract in combination with a target number of partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; the decryption result is provided to a requestor that has been authorized to request access to the private data.
For example, after each privacy data encryption and decryption intelligent contract independently completes threshold homomorphic encryption, the encryption result is sent to the privacy data calculation intelligent contract for further calculation, then the encryption calculation result is returned to each privacy data encryption and decryption intelligent contract, the threshold homomorphic decryption is completed through the cooperative calculation, and the calculation result plaintext is returned to the general data processing intelligent contract. Specifically, after the privacy data encryption and decryption intelligent contract completes threshold homomorphic encryption, an encryption result is returned to the cross-contract calling device; the cross-contract calling device forwards the encrypted result to private data to calculate an intelligent contract according to the verifiable random function; then the privacy data calculation intelligent contract executes homomorphic calculation based on the ciphertext, and a calculation result is returned to the cross contract calling device; a cross-contract calling device initiates a joint decryption calculation request of a threshold homomorphic encryption result to a related privacy data encryption and decryption intelligent contract; the privacy data encryption and decryption intelligent contract executes a threshold homomorphic encryption protocol, jointly calculates a decryption threshold homomorphic encryption result, and returns the decryption result to the cross-contract calling device; the cross contract calling device returns a decryption result of homomorphic calculation; and the general data processing intelligent contract continues the subsequent processing according to the returned result.
In summary, before the block chain uses the threshold homomorphic encryption, in the distributed key calculation stage, the private key used in the homomorphic encryption is split into a plurality of block chain nodes, each block chain node only holds a part of the private key, and as for the result of the homomorphic encryption, only more than t block chain nodes participate in the decryption calculation, and the plaintext data can be finally recovered. Therefore, threshold homomorphic encryption is used, a credible homomorphic encryption key calculation center is not needed, the operation cost of introducing the homomorphic encryption key calculation center can be reduced, simultaneously, a threshold homomorphic encryption protocol is used, each participant automatically calculates and deploys an encryption key when the protocol is finished, the cost of managing the key by a developer is reduced, and the interaction of homomorphic encryption public keys is more convenient. In addition, the threshold homomorphic encryption ensures that the paralysis of the privacy calculation function of the whole system can not be caused even if part of block chain nodes are broken down and the key fragments are lost, and ensures that the homomorphic ciphertext can not be restored into the plaintext when the number of the block chain nodes participating in homomorphic decryption is insufficient, thereby ensuring the security of the data after the block chain system uses the threshold homomorphic encryption. Moreover, a credible homomorphic encryption key calculation center is not needed by using threshold homomorphic encryption, and the risk of key leakage in the process of interacting homomorphic encryption keys by the homomorphic encryption key calculation center and block chain nodes is reduced to a certain extent.
Optionally, in the encryption method for private data provided in this embodiment of the present application, after obtaining the target intelligent contract set from at least one blockchain node, before generating a distributed key according to a plurality of intelligent contracts in the target intelligent contract set, the method further includes: acquiring identity information of a plurality of private data providers in a blockchain system; determining the corresponding relation between the identity of each privacy data provider and each intelligent contract in the target intelligent contract set; and registering the corresponding relation into the blockchain system.
Fig. 4 is a flowchart of blockchain privacy data provider and privacy data encryption/decryption intelligent contract set information registration in an embodiment of the present application, and as shown in fig. 4, the flow of blockchain privacy data provider and privacy data encryption/decryption intelligent contract set information registration relates to privacy node registration system intelligent contracts and cross-contract invoking devices. When a privacy data provider A is newly added into the blockchain network and several privacy data encryption and decryption intelligent contracts S1, S2 and S3 are newly started by the privacy data provider A, the processing steps are as follows:
step S401: the block chain private data provider starts private data encryption and decryption intelligent contracts S1, S2 and S3, a private node registration system intelligent contract is called, registration information of a private data provider identity A and a private data encryption and decryption intelligent contract set [ S1, S2 and S3] is generated, and the registration information is sent to the cross contract calling device.
Step S402: the cross contract invoking device records the corresponding relation between the identity of the private data provider and the private data encryption and decryption intelligent contract, and after the processing is completed, the private data encryption and decryption intelligent contracts S1, S2 and S3 only allow the private data provider to be invoked by related intelligent contracts.
By means of the scheme, the corresponding relation between the block chain private data provider and the private data encryption and decryption intelligent contract set information can be quickly and accurately registered in the block chain system, and the block chain private data is encrypted and padded subsequently.
Optionally, in the encryption method for private data provided in this embodiment of the present application, after registering the correspondence relationship in the blockchain system, the method further includes: obtaining authorization information of a plurality of privacy data providers, wherein the authorization information at least comprises: identity information of an authorizing party, identity information of an authorized party, an intelligent contract which is registered in the blockchain system by the authorizing party, and signature information of the authorizing party; the authorization information is recorded into the blockchain system.
Fig. 5 is a flowchart of updating blockchain private data provider authorization information in an embodiment of the present application, and as shown in fig. 5, the flow of updating blockchain private data provider authorization information relates to registering a system intelligent contract and a cross-contract invoking device with a private node. The processing steps of the private data provider A in the blockchain network for opening the private data encryption and decryption intelligent contract S1 to a certain caller B are as follows:
step S501: the privacy data provider calls an intelligent contract of a privacy node registration system to generate privacy data provider authorization information, parameters comprise identity information of an authorizer A, identity information of an authorized party B and signatures of the registered privacy data encryption and decryption intelligent contracts S1 and A of the authorizer A, and the authorization information is sent to a cross-contract calling device.
Step S502: the cross contract calling device records the authorization information, and after the processing is completed, the privacy data encryption and decryption intelligent contract S1 of the privacy data provider A allows A and B calling.
Through the scheme, the block chain privacy data provider can quickly and accurately authorize the caller of the privacy data in the block chain, and the block chain privacy data is prevented from being leaked.
Optionally, in the encryption method for private data provided in this embodiment of the present application, before determining, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data, the method further includes: acquiring target transaction parameters and a second intelligent contract, wherein the second intelligent contract is used for processing data except privacy data in a blockchain system; determining a processing flow of the second intelligent contract processing data according to the target transaction parameters; judging whether the processing flow relates to private data or not; in the case that the processing flow relates to private data, triggering second request information, where the second request information is used for requesting a cross contract invoking operation, and the second request information at least includes: identity information of a requester, identity information of at least one provider of private data, and query conditions of the private data; responding to the second request information, performing contract-crossing calling operation, and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; and in the case that the processing flow does not relate to the private data, triggering second prompt information, wherein the second prompt information is used for prompting that the second intelligent contract does not relate to the private data.
Fig. 6 is a flowchart of a processing method for querying private data by a blockchain general data processing intelligent contract in an embodiment of the present application, and as shown in fig. 6, the flow of the processing method for querying private data by a blockchain general data processing intelligent contract relates to a general data processing intelligent contract, a cross-contract invoking device, a private data encryption and decryption intelligent contract, and a private data calculation intelligent contract. The processing step of the general data processing intelligent contract in the block chain network to execute the block chain private data query comprises the following steps:
step S601: the general data processing intelligent contract receives the transaction parameters and executes the general data processing flow.
Step S602: the general data processing intelligent contract judges whether the processing flow relates to other person private data, if not, the step S603 is executed, and if so, the step S604 is executed.
Step S603: the general data processing flow does not relate to other person privacy data, and the processing is finished.
Step S604: the general data processing flow relates to other person private data, requests a cross contract calling from a cross contract calling device, and parameters comprise requester identity information, private data owner identity information, data query conditions and the like, wherein the private data owner identity information may be one or more.
By the scheme, whether the privacy data are related to the processing flow of the general data or not can be judged quickly and accurately.
Optionally, in the encryption method for private data provided in this embodiment of the present application, before determining whether a distributed key exists in a blockchain system, the method further includes: judging whether a provider of the private data authorizes a requester to access the private data or not according to the authorization information; triggering first request information under the condition that a provider of the private data authorizes a requester to access the private data, wherein the first request information is used for requesting to call at least one intelligent contract in a target intelligent contract set; responding to the first request information, calling at least one intelligent contract, and judging whether a distributed key exists in the block chain system; and under the condition that the provider of the private data does not authorize the requester to access the private data, triggering first prompt information, wherein the first prompt information is used for prompting that the requester cannot access the private data.
As shown in fig. 6, the processing method for querying private data by using a blockchain general data processing intelligent contract further includes:
step S605: the cross contract invoking device determines whether the owner of the private data has authorized the requestor to access the private data, if not, S606 is executed, and if so, S607 is executed.
Step S606: the private data owner does not authorize the requestor to access the private data, and the cross contract invoking device denies the request return.
Step S607: the privacy data owner authorizes the requester to access the privacy data, and the cross-contract calling device forwards the privacy data query request to the privacy data encryption and decryption intelligent contract according to the verifiable random function.
By the scheme, whether the provider of the private data authorizes the requester to access the private data or not can be judged quickly and accurately, and therefore the safety of the block chain private data can be protected.
Optionally, in the encryption method for private data provided in this embodiment of the present application, before generating a distributed key according to a plurality of smart contracts in a target smart contract set, the method further includes: judging whether a distributed key exists in a block chain system; acquiring a distributed key under the condition that the distributed key exists in a block chain system; and under the condition that the distributed key does not exist in the block chain system, generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set.
As shown in fig. 6, the processing method for querying private data by using a blockchain general data processing intelligent contract further includes:
step S608: and the privacy data encryption and decryption intelligent contract judges whether a key pair with threshold homomorphic encryption exists locally or not, if so, S610 is executed, and otherwise, S609 is executed.
Step S609: the private data encryption and decryption intelligent contract is locally provided with no key pair with threshold homomorphic encryption, a threshold homomorphic encryption protocol is executed, and the private data encryption and decryption intelligent contract completes joint calculation to generate a threshold homomorphic encryption distributed key.
Step S610: the private data encryption and decryption intelligent contract local has a key pair with threshold homomorphic encryption, and the key is loaded before encryption is executed.
Step S611: the privacy data encryption and decryption intelligent contract locally completes threshold homomorphic encryption, and an encryption result is returned to the cross-contract calling device.
Step S612: and the cross-contract calling device forwards the encrypted result to private data to calculate the intelligent contract according to the verifiable random function.
Step S613: the privacy data calculation intelligent contract executes homomorphic calculation based on the ciphertext, and a calculation result is returned to the cross contract calling device.
Step S614: and the cross-contract invoking device initiates a joint decryption calculation request of the threshold homomorphic encryption result to the related privacy data encryption and decryption intelligent contract.
Step S615: the privacy data encryption and decryption intelligent contract executes a threshold homomorphic encryption protocol, jointly calculates a decryption threshold homomorphic encryption result, and returns the decryption result to the cross-contract calling device.
Step S616: the cross-contract invocation means returns the decryption result of the homomorphic computation.
Step S617: and the general data processing intelligent contract continues the subsequent processing according to the returned result.
By means of the scheme, whether the distributed key exists in the block chain system can be judged quickly and accurately, so that the distributed key exists in the block chain system can be guaranteed, and further threshold homomorphic encryption is carried out on the block chain private data subsequently.
Fig. 7 is a flowchart of an optional private data encryption method provided according to an embodiment of the present application, and as shown in fig. 7, the optional private data encryption method includes:
in the preparation stage, a private data provider starts a private data encryption and decryption intelligent contract, executes a private data provider identity and private data encryption and decryption intelligent contract set information registration process, records registration information to a block chain, executes a private data encryption and decryption intelligent contract authorization process of the private data provider, and records authorization information to the block chain.
In the external service stage, the general data processing intelligent contract initiates inquiry of private data, each private data owner corresponds to a plurality of private data encryption and decryption intelligent contracts, the cross-contract calling device is combined with a verifiable random function, and one of the private data encryption and decryption intelligent contract set of the private data provider and the private data computing system intelligent contract is randomly selected to participate in private computing. And encrypting and decrypting the private data of the private data owner by the intelligent contract interconnection, generating a distributed key with homomorphic threshold encryption by joint calculation, independently executing the homomorphic threshold encryption, and sending an encryption result to the intelligent contract for calculating the private data for further calculation. And the encryption calculation result is returned to each privacy data encryption and decryption intelligent contract, the threshold homomorphic decryption is completed through cooperative calculation, and the calculation result plaintext is returned to the general data processing intelligent contract.
In summary, the encryption method for private data provided by the embodiment of the present application is applied to a blockchain system, where the blockchain system includes at least one blockchain node, and the at least one blockchain node includes at least multiple intelligent contracts for processing private data, and a target intelligent contract set is obtained from the at least one blockchain node, where the target intelligent contract set includes multiple intelligent contracts for encrypting and decrypting private data in the blockchain system; generating a distributed key according to a plurality of intelligent contracts in a target intelligent contract set, wherein the distributed key at least comprises: a public key for encrypting the private data and a partial private key for decrypting the private data; the method comprises the steps that a public key in a distributed secret key is combined, at least one intelligent contract in a target intelligent contract set is adopted to conduct threshold homomorphic encryption on privacy data, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in a block chain system, and the problem that the privacy data in the block chain are encrypted by adopting a homomorphic encryption technology in the related technology, so that the encryption effect of the privacy data in the block chain is poor is solved. The distributed key is generated according to a plurality of intelligent contracts in a target intelligent contract set acquired from at least one block chain node, and at least one intelligent contract in the target intelligent contract set is adopted in combination with a public key in the distributed key, so that the privacy data in the block chain system are subjected to threshold homomorphic encryption, and the encryption effect of the privacy data in the block chain is improved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the present application further provides an encryption apparatus for private data, and it should be noted that the encryption apparatus for private data according to the embodiment of the present application may be used to execute the encryption method for private data according to the embodiment of the present application. The following describes an encryption device for private data according to an embodiment of the present application.
Fig. 8 is a schematic diagram of an encryption apparatus of private data according to an embodiment of the present application. The apparatus is applied to a blockchain system, where the blockchain system includes at least one blockchain node, and the at least one blockchain node includes at least a plurality of intelligent contracts for processing private data, as shown in fig. 8, the apparatus includes: a first acquisition unit 801, a first generation unit 802, and a first encryption unit 803.
Specifically, the first obtaining unit 801 is configured to obtain a target intelligent contract set from at least one blockchain node, where the target intelligent contract set includes a plurality of intelligent contracts used for encrypting and decrypting private data in a blockchain system;
a first generating unit 802, configured to generate a distributed key according to a plurality of smart contracts in a target smart contract set, where the distributed key includes at least: a public key for encrypting the private data and a partial private key for decrypting the private data;
a first encryption unit 803, configured to perform threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with the public key in the distributed key, where the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
To sum up, the encryption apparatus for private data provided in this embodiment of the present application obtains, by using the first obtaining unit 801, a target intelligent contract set from at least one blockchain node, where the target intelligent contract set includes a plurality of intelligent contracts used for encrypting and decrypting private data in a blockchain system; the first generating unit 802 generates a distributed key according to a plurality of smart contracts in the target smart contract set, where the distributed key at least includes: a public key for encrypting the private data and a partial private key for decrypting the private data; the first encryption unit 803, in conjunction with the public key of the distributed key, threshold homomorphic encrypts the private data using at least one intelligent contract of the target set of intelligent contracts, wherein, at least one intelligent contract is an intelligent contract determined from a target intelligent contract set according to a verifiable random function in the block chain system, which solves the problem that the encryption effect of the private data in the block chain is poor because the privacy data in the block chain is encrypted by adopting a homomorphic encryption technology in the related technology, generating a distributed key by generating a plurality of intelligent contracts in a target intelligent contract set acquired from at least one blockchain node, and at least one intelligent contract in the target intelligent contract set is adopted in combination with the public key in the distributed secret key, therefore, threshold homomorphic encryption is carried out on the private data in the block chain system, and the encryption effect of the private data in the block chain is further improved.
Optionally, in an encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: the second obtaining unit is used for obtaining a plurality of ciphertexts after threshold homomorphic encryption is carried out on the private data by adopting at least one intelligent contract in the target intelligent contract set in combination with the public key in the distributed secret key, wherein the plurality of ciphertexts are obtained by carrying out threshold homomorphic encryption on the private data; the first calculation unit is used for homomorphically calculating the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to a verifiable random function and is used for calculating the private data; the first decryption unit is used for decrypting the calculation result by adopting at least one intelligent contract in combination with a target number of partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; a first providing unit for providing the decryption result to a requesting party authorized to request access to the private data.
Optionally, in the encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: the third acquisition unit is used for acquiring the identity information of a plurality of privacy data providers in the blockchain system before generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set after acquiring the target intelligent contract set from at least one blockchain node; a first determining unit, configured to determine a correspondence between an identity of each private data provider and each intelligent contract in a target intelligent contract set; the first registration unit is used for registering the corresponding relation to the block chain system.
Optionally, in the encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: a fourth obtaining unit, configured to obtain authorization information of a plurality of privacy data providers after the correspondence is registered in the blockchain system, where the authorization information includes at least: identity information of an authorizing party, identity information of an authorized party, an intelligent contract which is registered in the blockchain system by the authorizing party, and signature information of the authorizing party; the first recording unit is used for recording the authorization information into the block chain system.
Optionally, in an encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: the first judgment unit is used for judging whether the distributed key exists in the block chain system before generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set; a fifth obtaining unit, configured to obtain the distributed key when the distributed key exists in the blockchain system; and the second generating unit is used for generating the distributed key according to the plurality of intelligent contracts in the target intelligent contract set under the condition that the distributed key does not exist in the block chain system.
Optionally, in the encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: the second judging unit is used for judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information before judging whether the distributed key exists in the blockchain system or not; the device comprises a first triggering unit, a second triggering unit and a third triggering unit, wherein the first triggering unit is used for triggering first request information under the condition that a provider of the private data authorizes a requester to access the private data, and the first request information is used for requesting to call at least one intelligent contract in a target intelligent contract set; the first response unit is used for responding to the first request information, calling at least one intelligent contract and judging whether a distributed key exists in the block chain system or not; the second triggering unit is used for triggering first prompting information under the condition that a provider of the private data does not authorize a requester to access the private data, wherein the first prompting information is used for prompting that the requester cannot access the private data.
Optionally, in the encryption apparatus for private data provided in an embodiment of the present application, the apparatus further includes: a sixth obtaining unit, configured to obtain the target transaction parameter and a second intelligent contract before determining, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data, where the second intelligent contract is used to process data in the blockchain system except the private data; the second determining unit is used for determining the processing flow of the second intelligent contract processing data according to the target transaction parameters; a third judging unit configured to judge whether the processing flow involves private data; a third triggering unit, configured to trigger second request information when the processing flow relates to private data, where the second request information is used to request a contract-crossing call operation, and the second request information at least includes: identity information of a requester, identity information of at least one provider of private data, and query conditions of the private data; the second response unit is used for responding to the second request information, carrying out contract crossing calling operation and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; and the fourth triggering unit is used for triggering second prompting information under the condition that the processing flow does not relate to the private data, wherein the second prompting information is used for prompting that the second intelligent contract does not relate to the private data.
The encryption device for the private data includes a processor and a memory, the first acquisition unit 801, the first generation unit 802, the first encryption unit 803, and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more, and the encryption effect of the private data in the block chain is improved by adjusting the kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), including at least one memory chip.
The embodiment of the invention provides a processor, which is used for running a program, wherein the encryption method of the private data is executed when the program runs.
As shown in fig. 9, an embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor executes the program to implement the following steps: acquiring a target intelligent contract set from the at least one blockchain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system; generating distributed keys from a plurality of intelligent contracts in the target set of intelligent contracts, wherein the distributed keys at least comprise: a public key for encrypting the private data and a partial private key for decrypting the private data; and performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
The processor executes the program and further realizes the following steps: after threshold homomorphic encryption of the private data with at least one smart contract of the target set of smart contracts in conjunction with a public key of the distributed key, the method further comprises: obtaining a plurality of ciphertexts, wherein the plurality of ciphertexts are obtained by carrying out threshold homomorphic encryption on the private data; homomorphic calculation is carried out on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to the verifiable random function and is used for calculating the private data; decrypting the calculation result by using the at least one intelligent contract in combination with a target number of the partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; providing the decryption result to a requester authorized to request access to the private data.
The processor executes the program and further realizes the following steps: after obtaining a target intelligent contract set from the at least one blockchain node, before generating a distributed key from a plurality of intelligent contracts in the target intelligent contract set, the method further includes: acquiring identity information of a plurality of private data providers in the blockchain system; determining a correspondence between the identity of each private data provider and each intelligent contract in the target set of intelligent contracts; and registering the corresponding relation into the block chain system.
The processor executes the program and further realizes the following steps: after registering the correspondence in the blockchain system, the method further comprises: obtaining authorization information of the plurality of private data providers, wherein the authorization information at least comprises: identity information of an authorizer, identity information of an authorized party, an intelligent contract that the authorizer has registered in the blockchain system, signature information of the authorizer; recording the authorization information into the blockchain system.
The processor executes the program and further realizes the following steps: prior to generating a distributed key from a plurality of smart contracts in the target set of smart contracts, the method further comprises: judging whether the distributed key exists in the block chain system or not; acquiring the distributed key under the condition that the distributed key exists in the blockchain system; and under the condition that the distributed key does not exist in the blockchain system, generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set.
The processor executes the program and further realizes the following steps: before determining whether the distributed key is present in the blockchain system, the method further comprises: judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; triggering first request information in the case that the provider of the private data has authorized the requester to access the private data, wherein the first request information is used for requesting to invoke at least one intelligent contract in the target intelligent contract set; responding to the first request information, calling the at least one intelligent contract, and judging whether the distributed key exists in the block chain system; and triggering first prompt information under the condition that the provider of the private data does not authorize the requester to access the private data, wherein the first prompt information is used for prompting that the requester cannot access the private data.
The processor executes the program and further realizes the following steps: before determining, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data, the method further includes: acquiring target transaction parameters and a second intelligent contract, wherein the second intelligent contract is used for processing data except the private data in the blockchain system; determining a processing flow of the second intelligent contract processing data according to the target transaction parameters; judging whether the processing flow relates to the private data or not; triggering second request information in the case that the processing flow relates to the private data, wherein the second request information is used for requesting to perform a cross contract invoking operation, and the second request information at least comprises: identity information of the requestor, identity information of at least one provider of the private data, and query conditions of the private data; responding to the second request information, carrying out contract crossing calling operation, and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; and triggering second prompt information under the condition that the processing flow does not relate to the private data, wherein the second prompt information is used for prompting that the second intelligent contract does not relate to the private data. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application also provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: acquiring a target intelligent contract set from the at least one blockchain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system; generating distributed keys from a plurality of intelligent contracts in the target set of intelligent contracts, wherein the distributed keys at least comprise: a public key for encrypting the private data and a partial private key for decrypting the private data; and performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: after threshold homomorphic encryption of the private data with at least one smart contract of the target set of smart contracts in conjunction with a public key of the distributed key, the method further comprises: obtaining a plurality of ciphertexts, wherein the plurality of ciphertexts are obtained by performing threshold homomorphic encryption on the privacy data; homomorphic calculation is carried out on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to the verifiable random function and is used for calculating the private data; decrypting the calculation result by using the at least one intelligent contract in combination with a target number of the partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the private data; providing the decryption result to a requestor that has been authorized to request access to the private data.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: after obtaining a target set of intelligent contracts from the at least one blockchain node, before generating a distributed key from a plurality of intelligent contracts in the target set of intelligent contracts, the method further comprises: acquiring identity information of a plurality of private data providers in the blockchain system; determining a corresponding relation between the identity of each privacy data provider and each intelligent contract in the target intelligent contract set; and registering the corresponding relation into the block chain system.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: after registering the correspondence in the blockchain system, the method further comprises: obtaining authorization information of the plurality of private data providers, wherein the authorization information at least comprises: identity information of an authorizer, identity information of an authorized party, an intelligent contract that the authorizer has registered in the blockchain system, signature information of the authorizer; recording the authorization information into the blockchain system.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: prior to generating a distributed key from a plurality of smart contracts in the target set of smart contracts, the method further comprises: judging whether the distributed key exists in the block chain system or not; acquiring the distributed key under the condition that the distributed key exists in the blockchain system; and under the condition that the distributed key does not exist in the blockchain system, generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: before determining whether the distributed key is present in the blockchain system, the method further comprises: judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; triggering first request information in the case that the provider of the private data has authorized the requester to access the private data, wherein the first request information is used for requesting to invoke at least one intelligent contract in the target intelligent contract set; responding to the first request information, calling the at least one intelligent contract, and judging whether the distributed key exists in the block chain system; and triggering first prompt information under the condition that the provider of the private data does not authorize the requester to access the private data, wherein the first prompt information is used for prompting that the requester cannot access the private data.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: before determining, according to the authorization information, whether a provider of the private data has authorized the requester to access the private data, the method further includes: acquiring target transaction parameters and a second intelligent contract, wherein the second intelligent contract is used for processing data except the private data in the blockchain system; determining a processing flow of the second intelligent contract processing data according to the target transaction parameters; judging whether the processing flow relates to the private data or not; triggering second request information in the case that the processing flow relates to the private data, wherein the second request information is used for requesting a cross-contract invoking operation, and the second request information at least comprises: identity information of the requestor, identity information of at least one provider of the private data, and query conditions of the private data; responding to the second request information, carrying out contract crossing calling operation, and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information; and triggering second prompt information under the condition that the processing flow does not relate to the private data, wherein the second prompt information is used for prompting that the second intelligent contract does not relate to the private data.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A method for encrypting private data, the method being applied in a blockchain system, the blockchain system including at least one blockchain node, the at least one blockchain node including at least a plurality of intelligent contracts for processing private data, the method comprising:
acquiring a target intelligent contract set from the at least one blockchain node, wherein the target intelligent contract set comprises a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system;
generating a distributed key according to a plurality of intelligent contracts in the target intelligent contract set, wherein the distributed key at least comprises: a public key for encrypting the private data and a partial private key for decrypting the private data;
and performing threshold homomorphic encryption on the private data by using at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
2. The method of claim 1, wherein after threshold homomorphic encryption of the private data using at least one smart contract of the target set of smart contracts in conjunction with a public key of the distributed key, the method further comprises:
obtaining a plurality of ciphertexts, wherein the plurality of ciphertexts are obtained by performing threshold homomorphic encryption on the privacy data;
homomorphic calculation is carried out on the plurality of ciphertexts by adopting a first intelligent contract to obtain a calculation result, wherein the first intelligent contract is an intelligent contract which is determined according to the verifiable random function and is used for calculating the private data;
decrypting the calculation result by adopting the at least one intelligent contract in combination with the target number of the partial private keys to obtain a decryption result, wherein the target number is determined according to a threshold value of a participant of the privacy data;
providing the decryption result to a requestor that has been authorized to request access to the private data.
3. The method of claim 2, wherein after obtaining a target set of smart contracts from the at least one blockchain node, prior to generating a distributed key from a plurality of smart contracts in the target set of smart contracts, the method further comprises:
acquiring identity information of a plurality of private data providers in the blockchain system;
determining a correspondence between the identity of each private data provider and each intelligent contract in the target set of intelligent contracts;
and registering the corresponding relation into the block chain system.
4. The method of claim 3, wherein after registering the correspondence relationship in the blockchain system, the method further comprises:
obtaining authorization information of the plurality of private data providers, wherein the authorization information at least comprises: identity information of an authorizer, identity information of an authorized party, an intelligent contract that the authorizer has registered in the blockchain system, and signature information of the authorizer;
recording the authorization information into the blockchain system.
5. The method of claim 4, wherein prior to generating a distributed key from a plurality of smart contracts in the target set of smart contracts, the method further comprises:
judging whether the distributed key exists in the block chain system or not;
acquiring the distributed key under the condition that the distributed key exists in the blockchain system;
and under the condition that the distributed key does not exist in the blockchain system, generating the distributed key according to a plurality of intelligent contracts in the target intelligent contract set.
6. The method of claim 5, wherein prior to determining whether the distributed key is present in the blockchain system, the method further comprises:
judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information;
triggering first request information in the case that the provider of the private data has authorized the requester to access the private data, wherein the first request information is used for requesting to invoke at least one intelligent contract in the target intelligent contract set;
responding to the first request information, calling the at least one intelligent contract, and judging whether the distributed key exists in the block chain system;
and triggering first prompt information under the condition that the provider of the private data does not authorize the requester to access the private data, wherein the first prompt information is used for prompting that the requester cannot access the private data.
7. The method of claim 6, wherein before determining whether the provider of the private data has authorized the requestor to access the private data based on the authorization information, the method further comprises:
acquiring target transaction parameters and a second intelligent contract, wherein the second intelligent contract is used for processing data except the private data in the blockchain system;
determining a processing flow of the second intelligent contract processing data according to the target transaction parameters;
judging whether the processing flow relates to the private data or not;
triggering second request information in the case that the processing flow relates to the private data, wherein the second request information is used for requesting to perform a cross contract invoking operation, and the second request information at least comprises: identity information of the requestor, identity information of at least one provider of the private data, and query conditions of the private data;
responding to the second request information, carrying out contract crossing calling operation, and judging whether a provider of the private data authorizes the requester to access the private data or not according to the authorization information;
and triggering second prompt information under the condition that the processing flow does not relate to the private data, wherein the second prompt information is used for prompting that the second intelligent contract does not relate to the private data.
8. An apparatus for encrypting private data, the apparatus being applied in a blockchain system, the blockchain system including at least one blockchain node, the at least one blockchain node including at least a plurality of intelligent contracts for processing private data, the apparatus comprising:
a first obtaining unit, configured to obtain a target intelligent contract set from the at least one blockchain node, where the target intelligent contract set includes a plurality of intelligent contracts used for encrypting and decrypting private data in the blockchain system;
a first generating unit, configured to generate a distributed key according to a plurality of smart contracts in the target set of smart contracts, where the distributed key includes at least: a public key for encrypting the private data and a partial private key for decrypting the private data;
and the first encryption unit is used for carrying out threshold homomorphic encryption on the private data by adopting at least one intelligent contract in the target intelligent contract set in combination with a public key in the distributed secret key, wherein the at least one intelligent contract is an intelligent contract determined from the target intelligent contract set according to a verifiable random function in the blockchain system.
9. A processor, characterized in that the processor is configured to execute a program, wherein the program when executed performs the encryption method of private data according to any one of claims 1 to 7.
10. An electronic device comprising one or more processors and memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the encryption method of private data of any one of claims 1 to 7.
CN202210493613.8A 2022-05-07 2022-05-07 Encryption method and device for private data, processor and electronic equipment Pending CN114978490A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210493613.8A CN114978490A (en) 2022-05-07 2022-05-07 Encryption method and device for private data, processor and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210493613.8A CN114978490A (en) 2022-05-07 2022-05-07 Encryption method and device for private data, processor and electronic equipment

Publications (1)

Publication Number Publication Date
CN114978490A true CN114978490A (en) 2022-08-30

Family

ID=82980899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210493613.8A Pending CN114978490A (en) 2022-05-07 2022-05-07 Encryption method and device for private data, processor and electronic equipment

Country Status (1)

Country Link
CN (1) CN114978490A (en)

Similar Documents

Publication Publication Date Title
CN107743133B (en) Mobile terminal and access control method and system based on trusted security environment
US11128447B2 (en) Cryptographic operation method, working key creation method, cryptographic service platform, and cryptographic service device
US7877604B2 (en) Proof of execution using random function
US11025415B2 (en) Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device
EP3345372B1 (en) Secure key management and peer-to-peer transmission system with a controlled, double-tier cryptographic key structure and corresponding method thereof
WO2004061628A2 (en) Attestation using both fixed token and portable token
US20210006548A1 (en) Method for authorizing access and apparatus using the method
JP2010514000A (en) Method for securely storing program state data in an electronic device
CN111914293A (en) Data access authority verification method and device, computer equipment and storage medium
CN111597583A (en) Data sharing and exchanging method based on block chain
CN114547648A (en) Data hiding trace query method and system
CN110545325B (en) Data encryption sharing method based on intelligent contract
CN112418850A (en) Transaction method and device based on block chain and electronic equipment
CN113901507B (en) Multi-party resource processing method and privacy computing system
CN115065542A (en) Permission verification method and device, processor and electronic equipment
CN115048672A (en) Data auditing method and device based on block chain, processor and electronic equipment
CN114866328A (en) Block chain-based cross-domain access control method and system in edge computing environment
CN114978490A (en) Encryption method and device for private data, processor and electronic equipment
CN114338091A (en) Data transmission method and device, electronic equipment and storage medium
CN112131597A (en) Method and device for generating encrypted information and intelligent equipment
EP3432534B1 (en) Local authorization decision method
CN113132328A (en) Data processing method, system, equipment and computer readable storage medium
TWM585941U (en) Account data processing system
RU2386220C2 (en) Method and device for authentication and confidentiality
CN113946864B (en) Confidential information acquisition method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination