CN115242398A - Knowledge question-answering system, method and device based on block chain - Google Patents

Knowledge question-answering system, method and device based on block chain Download PDF

Info

Publication number
CN115242398A
CN115242398A CN202210722715.2A CN202210722715A CN115242398A CN 115242398 A CN115242398 A CN 115242398A CN 202210722715 A CN202210722715 A CN 202210722715A CN 115242398 A CN115242398 A CN 115242398A
Authority
CN
China
Prior art keywords
responder
information
blockchain
attribute
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210722715.2A
Other languages
Chinese (zh)
Inventor
张如意
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202210722715.2A priority Critical patent/CN115242398A/en
Publication of CN115242398A publication Critical patent/CN115242398A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The embodiment of the specification provides a knowledge question-answering system, a knowledge question-answering method and a knowledge question-answering device based on a block chain. The block chain stores attribute information of a responder, the management device comprises a main public key, and the encrypted question information stored in the block chain is obtained by attribute encryption of the questioner device based on the main public key and a first encryption strategy; the management equipment acquires attribute information of the responder from the block chain, generates a first attribute list of the responder based on the attribute information, generates a responder sub-private key corresponding to the responder based on the first attribute list, the main public key and the main private key, and uploads the responder sub-private key to the block chain; the responder device acquires the responder sub-private key and the encrypted question information from the block chain, decrypts the encrypted question information by using the responder sub-private key, and successfully decrypts to obtain the question information under the condition that the first attribute list conforms to the first encryption strategy; the responder device receives answer information input by an responder and uploads the answer information to the block chain; the questioner device obtains answer information from the blockchain.

Description

Knowledge question-answering system, method and device based on block chain
Technical Field
The embodiment of the specification belongs to the technical field of block chains, and particularly relates to a system for knowledge question answering based on a block chain, and a method and a device for knowledge question answering based on the block chain.
Background
With the rapid development of communication technology, the internet has gradually become an important way for people to obtain information. For example, a user can ask a question through the knowledge question and answer platform, and other users can answer the question after seeing the question. Generally, on a knowledge questioning and answering platform, questions asked by a questioner are directly disclosed to all users, and the questioner cannot select an answerer. However, in some cases, some questions may relate to the questioner's private information, and thus the questioner may not want his or her own questions to be seen by all people. Some questions may be of a strong professional nature and the questioner may only want to ask the respondents with the relevant professional background. For example, consulting urologists for related conditions, consulting lawyers for marital questions, consulting counselors for family questions, etc. Therefore, in the knowledge question-answering process, the protection of the privacy information of the questioner and the specification of the answerer of the question have great significance.
Disclosure of Invention
One or more embodiments of the present specification describe a system for knowledge question answering based on a blockchain, and a method and apparatus for knowledge question answering based on a blockchain.
According to a first aspect, a knowledge question-answering system based on a block chain is provided, the system comprises an answerer device, a questioner device, a management device and a block chain, wherein attribute information of an answerer is stored in the block chain, the management device comprises a main public key and a main private key which are used for being generated based on an attribute encryption algorithm, and encrypted question information stored in the block chain is obtained by attribute encryption of the questioner device based on the main public key and a first encryption strategy; the management device is configured to obtain attribute information of the responder from the blockchain, generate a first attribute list of the responder based on the attribute information, generate a responder sub-private key corresponding to the responder based on the first attribute list, the main public key and the main private key, and upload the responder sub-private key to the blockchain; the responder device is further configured to obtain the responder sub-private key and the encrypted question information from the blockchain, decrypt the encrypted question information using the responder sub-private key, and obtain the question information by successfully decrypting the encrypted question information in the case that the first attribute list conforms to the first encryption policy; the responder device is also used for receiving answer information input by the responder for the question information and uploading the answer information to the block chain; the questioner device is configured to obtain the answer information from the blockchain.
According to a second aspect, there is provided a method for question and answer based on a blockchain, applied to a node of the blockchain, wherein attribute information of an answerer is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by performing attribute encryption on a questioner device based on the master public key and a first encryption policy, the method including: transmitting the attribute information of the responder to the management device in response to a request transmitted by the management device; receiving a sub-private key of a responder corresponding to the responder from the management device, and storing the sub-private key of the responder in the block chain, wherein the sub-private key of the responder is generated based on the attribute information, the main public key and the main private key; in response to a request sent by the responder device, sending the responder sub-private key and the encrypted question information to the responder device; receiving answer information sent by the responder device, wherein the answer information is obtained by the responder device through the following processes: decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information after successful decryption under the condition that the first attribute list corresponding to the responder equipment conforms to the first encryption strategy; receiving answer information input by the answerer aiming at the question information; and responding to the request sent by the questioner device, and sending the answer information to the questioner device.
According to a third aspect, there is provided a method of question answering based on a blockchain, which is applied to an answerer device, wherein attribute information of an answerer is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by attribute encryption by the questioner device based on the master public key and a first encryption policy, the method including: obtaining a sub-private key of a responder and the encrypted question information from the blockchain, decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information by successfully decrypting the encrypted question information in the case that a first attribute list corresponding to the responder device conforms to the first encryption policy, wherein the sub-private key of the responder is generated by the management device based on the attribute information of the responder, the main public key and the main private key; receiving answer information input by the answerer aiming at the question information, and sending the answer information to the block chain.
According to a fourth aspect, there is provided a device for question and answer knowledge based on a blockchain, which is provided at a node of the blockchain, wherein attribute information of an answerer is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by performing attribute encryption by a questioner device based on the master public key and a first encryption policy, the device comprising: a first transmission unit configured to transmit attribute information of the responder to the management apparatus in response to a request transmitted by the management apparatus; a first receiving unit configured to receive, from the management apparatus, a responder sub-private key corresponding to the responder, the responder sub-private key being stored in the block chain, wherein the responder sub-private key is generated based on the attribute information, the master public key, and the master private key; a second transmitting unit configured to transmit the sub-private key of the responder and the encrypted question information to the responder device in response to a request transmitted by the responder device; a second receiving unit configured to receive answer information sent by the responder device, wherein the answer information is obtained by the responder device through the following processes: decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information after successful decryption under the condition that the first attribute list corresponding to the responder equipment conforms to the first encryption strategy; receiving answer information input by the answerer aiming at the question information; and a third sending unit configured to send the answer information to the questioner device in response to the request sent by the questioner device.
According to a fifth aspect, there is provided a device for question and answer based on a blockchain, which is provided in an answerer device, wherein attribute information of an answerer is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by attribute encryption by the questioner device based on the master public key and a first encryption policy, the device comprising: an information obtaining unit configured to obtain a sub-private key of a responder and the encrypted question information from the blockchain, decrypt the encrypted question information using the sub-private key of the responder, and obtain the question information by successfully decrypting the encrypted question information in a case where a first attribute list corresponding to the responder device conforms to the first encryption policy, wherein the sub-private key of the responder is generated by the management device based on the attribute information of the responder, the main public key, and the main private key; an information receiving unit configured to receive answer information input by the answerer for the question information and transmit the answer information to the block chain.
According to a sixth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method as described in any one of the implementation manners of the second or third aspect.
According to a seventh aspect, there is provided a computing device comprising a memory and a processor, wherein the memory stores executable codes, and the processor executes the executable codes to implement the method described in any implementation manner of the second aspect or the third aspect.
The system for knowledge question answering based on the block chain comprises a responder device, a questioner device, a management device and the block chain, wherein the block chain is stored with attribute information of the responder, the management device comprises a main public key and a main private key which are generated based on an attribute encryption algorithm, and the encrypted question information stored in the block chain is obtained by attribute encryption of the questioner device based on the main public key and a first encryption strategy. The management device may obtain attribute information of the responder from the blockchain, generate a first attribute list of the responder based on the attribute information, generate a responder sub-private key corresponding to the responder based on the first attribute list, the master public key and the master private key, and upload the responder sub-private key to the blockchain. The responder device may obtain the responder sub-private key and the encrypted question information from the blockchain, decrypt the encrypted question information using the responder sub-private key, and obtain the question information after the decryption is successful in the case that the first attribute list conforms to the first encryption policy. Then, the responder device receives the answer information input by the responder for the question information and uploads the answer information to the block chain. In this way, the questioner device may obtain answer information from the blockchain. In the system, only the answerer equipment of which the first attribute list conforms to the first encryption strategy corresponding to the encrypted question information can successfully decrypt the encrypted question information to obtain the question information, so that the question information is protected, and meanwhile, the questioner equipment can specify the answerer equipment for solving the question by setting the first encryption strategy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 illustrates a block chain architecture diagram in one embodiment;
FIG. 2 is a diagram illustrating an application scenario in which the system for knowledge question answering based on block chains in the embodiments of the present specification may be applied;
FIG. 3 is a schematic diagram showing a process of storing attribute information of a solver to a blockchain;
FIG. 4 shows a timing diagram of one example of interaction between a solver device, a questioner device, a management device and a blockchain in a blockchain-based knowledge question-answering system;
FIG. 5 shows a schematic diagram of a first encryption strategy;
fig. 6 shows a schematic diagram disclosing a second signature strategy with an example of attributes including "psychology" and "philosophy";
FIG. 7 is a diagram illustrating an account information structure for a blockchain account;
FIG. 8 shows a schematic block diagram of an apparatus for block chain based knowledge question answering according to one embodiment;
FIG. 9 shows a schematic block diagram of an apparatus for block chain based knowledge question answering according to another embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
The block chain technology is a special distributed database technology designed by artificial bitcoin (a digital currency) with a certain name of 'Zhongxiong', is suitable for storing simple data which have precedence relationship and can be verified in a system, and the data is ensured to be not falsified and forged by using cryptography and consensus algorithm. To further illustrate the blockchain technique, FIG. 1 illustrates a blockchain architecture diagram in one embodiment. In the block chain architecture diagram shown in fig. 1, the block chain 100 includes, for example, 6 nodes. The lines between the nodes schematically represent P2P (Peer to Peer) connections. The nodes may have a full ledger stored on them, i.e. the status of all blocks and all accounts. Wherein each node in the blockchain can generate the same state in the blockchain by performing the same transaction, and each node in the blockchain can store the same state database. It is to be understood that although fig. 1 illustrates 6 nodes included in the blockchain, embodiments of the present specification are not limited thereto and may include other numbers of nodes. Specifically, the nodes included in the block chain can meet the Byzantine Fault Tolerance (BFT) requirement. The byzantine fault tolerance requirement can be understood as that byzantine nodes can exist in a block chain, and the block chain does not show the byzantine behavior to the outside. Generally, some Byzantine Fault-tolerant algorithms require that the number of nodes is greater than 3f +1, and f is the number of Byzantine nodes, such as Practical Byzantine Fault-tolerant algorithm PBFT (Practical Byzantine Fault Tolerance).
A transaction in the blockchain domain may refer to a unit of a task that is performed in the blockchain and recorded in the blockchain. The transaction typically includes a send field (From), a receive field (To), and a Data field (Data). Where the transaction is a transfer transaction, the From field indicates the account address From which the transaction was initiated (i.e. the transfer task To another account was initiated), the To field indicates the account address From which the transaction was received (i.e. the transfer was received), and the Data field includes the transfer amount. In the case of a transaction calling an intelligent contract in a blockchain, the From field represents the account address From which the transaction was initiated, the To field represents the account address of the contract called by the transaction, and the Data field includes the name of the function in the calling contract, and Data such as incoming parameters To the function, for use in retrieving the code of the function From the blockchain and executing the code of the function when the transaction is executed.
The function of the intelligent contract can be provided in the block chain. An intelligent contract on a blockchain is a contract that can be executed on a blockchain system triggered by a transaction. An intelligent contract may be defined in the form of code. The intelligent contract is called in the Ethernet workshop, and a transaction pointing to the intelligent contract address is initiated, so that each node in the Ethernet workshop network runs the intelligent contract code in a distributed mode. It should be noted that, in addition to the creation of the smart contracts by the users, the smart contracts may also be set by the system in the creation block. This type of contract is generally referred to as a startup contract. In general, the data structure, parameters, attributes and methods of some blockchains may be set in the startup contract. Further, an account with system administrator privileges may create a contract at the system level, or modify a contract at the system level (simply a system contract). Wherein the system contract is usable to add data structures for different services in a blockchain.
In the scenario of contract deployment, for example, bob sends a transaction containing information to create an intelligent contract (i.e., a deployment contract) into the blockchain as shown in fig. 1, the data field of the transaction includes the code (e.g., bytecode or machine code) of the contract to be created, and the to field of the transaction is null to indicate that the transaction is for contract deployment. After the agreement is achieved among the nodes through a consensus mechanism, a contract address 0x6f8ae93 \ 8230of a contract is determined, each node adds a contract account corresponding to the contract address of the intelligent contract in a state database, allocates state storage corresponding to the contract account, and stores a contract code in the state storage of the contract, so that the contract is successfully created.
In the scenario of invoking a contract, for example, bob sends a transaction for invoking a smart contract into the blockchain as shown in fig. 1, where the from field of the transaction is the address of the account of the transaction initiator (i.e., bob), "0x6f8ae93 \8230inthe to field, which represents the address of the invoked smart contract, and the data field of the transaction includes the method and parameters for invoking the smart contract. After the transaction is identified in the blockchain, each node in the blockchain can execute the transaction respectively, so that the contract is executed respectively, and the state database is updated based on the execution of the contract.
As described above, in the knowledge question-answering process, it is important to protect the privacy information of the questioner and specify the answerer of the question. To this end, an embodiment of the present specification provides a knowledge question-answering system based on a block chain, which realizes protection of question information of a questioner, and at the same time, a questioner device may specify a answerer device for solving a question by setting an encryption policy. By way of example, fig. 2 illustrates a schematic diagram of an application scenario in which the system for knowledge question answering based on block chains according to the embodiments of the present specification may be applied. As shown in fig. 2, in the present application scenario, a responder device 201, a questioner device 202, a management device 203 and a blockchain 100 may be included. The block chain 100 stores attribute information of the solver in advance. Here, the responder device 201 may be a terminal device used by the responder, the questioner device 202 may be a terminal device used by the questioner, the management device 203 may be a device corresponding to a regulatory body, and the regulatory body may be responsible for assigning an attribute tag to a user (including the questioner, the responder, and the like), generating a sub-private key, and the like. Here, the answerer device 201, the questioner device 202 and the management device 203 may be provided with encryption modules, for example, CP-ABE (ciphertext based attribute encryption) encryption modules may be provided, where a ciphertext of the CP-ABE corresponds to an access policy, and a key corresponds to an attribute set, and the ciphertext may be decrypted only when an attribute in the attribute set can satisfy the access policy. The management device 203 may generate a master public key and a master private key based on an attribute encryption algorithm and upload the master public key to the blockchain 100. The questioner device 202 may attribute encrypt the question information based on the master public key and the first encryption policy, resulting in encrypted question information, and store the encrypted question information into the blockchain 100. The management device 203 may obtain attribute information of the responder from the blockchain 100, generate a first attribute list of the responder based on the attribute information, generate a responder sub-private key corresponding to the responder based on the first attribute list, the master public key and the master private key, and upload the responder sub-private key to the blockchain. In this way, the responder device 201 may obtain the responder subprivate key and the encrypted question information from the blockchain 100, and decrypt the encrypted question information using the responder subprivate key, where in a case where the first attribute list conforms to the first encryption policy, the decryption is successful, resulting in the question information. The solver can see the question information through the display of the solver device 201 and input answer information to the solver device 201. The responder device 201 may receive answer information input by the responder for the question information and transmit the answer information to the block chain 100. The questioner device 202 may obtain answer information from the blockchain 100. It will be appreciated that the solver device and the questioner device referred to in the embodiments of this specification are merely relative and not fixed. For example, in a question-answering scenario, user a may be a responder and the device used by user a is the responder device. In another question-and-answer scenario, user A may be a questioner and the device used by user A is a questioner device.
Fig. 3 shows a schematic diagram of a flow of storing attribute information of a solver to a blockchain. In the example shown in fig. 3, CP-ABE encryption modules may be provided in the responder device 201, the management device 203, and the certification authority device 204 that interact with the blockchain 100. The process of storing attribute information of a solver may be as follows:
s301, the management device 203 generates a master public key and a master private key.
As an example, the management device 203 may generate a master public key and a master private key by calling a Setup function of the CP-ABE encryption module, the master public key may be uploaded to the blockchain 100 for disclosure, and the master private key is kept by the management device 203 and cannot be revealed. As another example, a secure multiparty computation may also be employed to generate a master public key and a master private key, where the master private key is commonly maintained by multiple management devices 203 and needs to be used by multiple management devices 203 to participate in computation at the same time. The generation process of the master public key and the master private key may be as follows: CPABE _ Setup (msk, mpk), where mpk may represent the master public key and msk may represent the master private key.
S302, the management apparatus 203 uploads the master public key to the blockchain 100.
In this embodiment, the management device 203 may send a transaction Tx1 to any blockchain node of the blockchain 100, where the transaction Tx1 may be sent by a blockchain account A1 of the management organization corresponding to the management device 203, the account A1 corresponds to an account private key system sk and an account public key system mpk, the private key system msk may be used to generate a digital signature of the transaction Tx1, and the public key system mpk may be used to verify the digital signature. This transaction Tx1 may invoke a data management contract C1 (hereinafter abbreviated as contract C1) in the blockchain to upload the master public key to the blockchain. Wherein the contract may be deployed into the blockchain by the management device 203 for managing digital identities corresponding to blockchain accounts. The above-mentioned blockchain node, after receiving the transaction, sends the transaction to other nodes in the blockchain, so that each node in the blockchain can execute the transaction. Each node of the blockchain stores the master public key into the contract state of contract C1 by performing the transaction.
S303, the certification authority device 204 acquires the master public key from the blockchain 100.
Certificate authority device 204 may receive master public key mpk from any node in blockchain 100 by sending a query transaction invoking contract C1 to that node. Meanwhile, the certificate authority device 204 may similarly acquire the public key system mpk of the account A1 corresponding to the management device 203 from the blockchain.
S304, the responder device 201 uploads the responder information of the responder to the blockchain 100.
In the present embodiment, the responder device 201 may upload the responder information of the responder to the blockchain 100. The responder information may be various identity information related to the identity of the responder, including but not limited to a name, a nickname, an identification picture, a passport picture, and the like. The responder device 201 may also upload the asymmetrically encrypted public key accountPK to the block chain 100, and the responder device 201 locally and securely stores the private key accountSK corresponding to the accountPK. The public key accountPK may be used for subsequent encrypted information transmission.
Here, the responder information uploaded by the responder device 201 may also be used to register an account on the personal chain on the blockchain. Based on this, the responder device 201 may receive the on-chain account information, e.g., the on-chain account ID, returned by the blockchain 100. Specifically, the responder device 201 may send a transaction to the blockchain 100, which may invoke the contract C1 to register an External Owned Accounts (EOA) with the blockchain. The nodes of the blockchain execute the transaction, generate on-chain account information, and return the on-chain account information to the responder device 201. The blockchain may store the generated account information of the responder device 201 under the contract account. For example, the information included in the responder information may be concatenated and then subjected to hash calculation, so as to obtain the chain account ID. In particular, the method comprises the following steps of,
accountID=RegisterAccount(accountInfo,accountPK)=HASH(accountInfo||accountPK)。
wherein, accountInfo represents the information of the responder, accountID represents the account ID on the chain corresponding to the equipment of the responder.
In practice, the blockchain 100 may directly generate the on-chain account information corresponding to the responder device based on the responder information uploaded by the responder device 201, and return the on-chain account information to the responder device 201. The block chain 100 may also verify the responder information uploaded by the responder device 201 by the management device 203, generate the on-chain account information corresponding to the responder device based on the responder information, and then return the on-chain account information to the responder device 201. Specifically, after monitoring the on-chain register account contract calling event, the management device 203 may acquire the responder information uploaded by the responder device 201, check the responder information (for example, perform identity check and authentication, and the like), and upload the check-passing information to the block chain 100 after the responder information passes the check. After receiving the verification pass information, the blockchain 100 may create the on-chain account information corresponding to the responder device 201 based on the responder information and return the on-chain account information to the responder device 201.
In some optional implementations, the attribute information may include identity information of the responder, and the management device 203 may further generate a system public key and a system private key and upload the system public key to the blockchain 100. Specifically, the management device 203 may generate an encrypted authentication key pair of the system, where the encrypted authentication key pair may include a system public key systemPK and a system private key systemSK, and the key pair may support an asymmetric encryption Algorithm and a Signature Algorithm, for example, an Elliptic Curve Cryptography (ECC) Algorithm key, an Elliptic Curve Digital Signature Algorithm (ECDSA), and an Elliptic Curve comprehensive encryption scheme (ECIES) encryption and decryption Algorithm. Taking ECC as an example, the system public key system pkk and the system private key system sk can be generated by calling KeyGen, and the specific calculation process is as follows:
systemPK,systemSK=ECC_KeyGen()。
based on this, the responder device 201 may encrypt the responder information using the system public key systemPK acquired from the blockchain and upload the encrypted identity information to the blockchain 100. Taking ECIES as an example, encryption may be performed by calling ENCRYPT, specifically,
accountInfoCipher=ECIES_ENCRYPT(systemPK,accountInfo)。
wherein accountInfo represents the responder information, and accountInfoCipher represents the encrypted decryptor information. At this time, the accountID may be generated by:
accountID=RegisterAccount(accountInfoCipher,accountPK)。
through the implementation mode, the responder device 201 can encrypt and upload the responder information, so that the responder identity information is safer.
S305, the management apparatus 203 acquires the responder information from the blockchain.
Here, the management device 203 may acquire the responder information of the responder uploaded by the responder device 201 from the blockchain 100. If the responder information acquired by the management device 203 is the encrypted responder information accountInfoCipher, the management device 203 may decrypt the acquired encrypted responder information using the system private key systemSK, specifically,
accountInfo=ECIES_DECRYPT(systemSK,accountInfoCipher)。
s306, the management device 203 generates an attribute list and a child private key of the responder.
In this embodiment, after the identity information of the responder included in the responder information passes verification, the management device 203 may create a blockchain account of the responder from a node of the blockchain, which may be referred to as a first account in this example. The responder may have the first account. Thereafter, the management device 203 may generate an attribute list corresponding to the responder based on the responder information uploaded by the responder device 201, where the attribute list may include the identity information (or identity attribute) of the first account and the responder. The attribute list of the responder may include a plurality of attribute tags of the responder, and the attribute tags may be the sum of a class of features and may be a set of data describing the responder. As an example, the attributes included in the attribute list of the responder may be used to describe the basic identity of the responder, e.g., the attributes may include, but are not limited to, the first account, the name, the nickname, the identification, etc. in the attribute list. Thereafter, the management device 203 may generate a child private key of the responder device 201 based on the attribute list, the master public key, and the master private key. The management device 203 may generate, for example, a sub-private key sk corresponding to the responder device 201 through the KeyGen function of the CP-ABE, and specifically,
sk=CPABE_KeyGen(AttriList,msk,mpk)。
as can be seen from the above equation, the input parameters to the function CPABE _ keygen () include three items of attribute lists attrill, msk and mpk, and a sub-private key sk is generated by an attribute-based encryption algorithm, and the sub-private key sk can be used for attribute signature based on a signature policy to obtain a signature for proving that the responder to which the first account corresponds has a specific attribute in the attribute list (i.e. meets the signature policy), and the mpk can be used for verifying that the signature is true based on the signature policy, i.e. verifying that the responder to which the first account corresponds has a specific attribute in the attribute list.
S307, the management device 203 uploads the child private key and the attribute list to the blockchain 100.
In this embodiment, after the management device 203 generates the sub private key and the attribute list, the blockchain account id corresponding to the responder device and the blockchain 100 of the sub private key may be used for the responder device 201 to obtain the sub private key from the blockchain.
In some optional implementations, the foregoing S307 may be further implemented as follows:
first, the management device 203 may encrypt the child private key based on the public key accountPK of the blockchain account corresponding to the responder device 201, to obtain an encrypted child private key. As an example, the management device 203 may encrypt the sub-private key by using an encryption scheme, such as an ECIES (elliptic curve comprehensive encryption scheme), using a public key of the blockchain account corresponding to the responder device 201, to obtain a first encrypted sub-private key, and upload the blockchain account corresponding to the responder device 201 and the first encrypted sub-private key to the blockchain in an associated manner. In this way, the responder device 201 may obtain the first encrypted sub-private key corresponding to its own blockchain account from the blockchain, and may obtain the sub-private key by decrypting the first encrypted sub-private key. As another example, the management device 203 may further encrypt the attribute list and the sub-private key of the responder using the public key accountPK of the blockchain account corresponding to the responder device 201, to obtain a second encrypted sub-private key, specifically,
second cipher sub-private key = ECIES _ ENCRYPT (accountPK, attribute list, sk).
The responder device 201 may obtain the corresponding attribute list and child private keys by decrypting the second encrypted child private key.
Then, the management device 203 uploads the encrypted sub-private key to the blockchain 100 in association with the blockchain account corresponding to the responder device 201, so that the responder device 201 obtains the encrypted sub-private key from the blockchain 100 and decrypts the encrypted sub-private key to obtain the sub-private key.
For example, the blockchain may store the encrypted child private key accountCipher generated for the responder device 201 uploaded by the management device 203 into a contract state of a contract on the chain. For example, a list accountInfoList may be preset, and each piece of information stored in the list accountInfoList may contain data { accountID, accountPK, accountCipher }. In this way, the responder device 201 may obtain the corresponding encrypted sub-private key accountcipher from the blockchain 100 according to accountID, and decrypt the encrypted sub-private key using the private key accountSK corresponding to accountPK to obtain the sub-private key. As an example, when the encrypted sub-private key accountCipher is the second encrypted sub-private key, the responder device 201 may obtain the sub-private key and the attribute list through decryption, specifically:
attribute list, sk = ECIES _ DECRYPT (accountSK, second ciphering sub-private key).
Through the implementation mode, the sub-private key can be encrypted and then uploaded to the block chain, so that the protection of the sub-private key can be realized, and the safety of the sub-private key is improved.
S308, the responder device acquires the sub private key and the attribute list from the block chain.
S309, attribute signing is carried out on the responder device based on the first signature strategy and the sub private key to obtain a first signature.
In this implementation, the responder device 201 needs to prove to the certification authority that the blockchain account accountID is its own on-chain account ID, for which reason the responder device 201 generates a first signature. Wherein the first signature may be obtained by attribute signing based on the first signature policy and the child private key. Here, the first signature policy may include identity information of the responder and a blockchain account, i.e., a first account.
For example, attribute-based signature (ABS) may be used for attribute signature. The ABS is a public key signature verification algorithm, and the user's key and signature structure depend on attributes. A signature and verification is successful only if the set of attributes of the user key (including a plurality of attribute tags) match the signature policy. In this example, the responder device 201 may: { identity information and blockchain account }, the sub private key sk performs attribute signature on the identity information (for example, identity) of the responder and the summary data 1of the combined information of the blockchain account, and obtains a first signature sign1. In particular, the method comprises the following steps of,
data1= HASH ("identity information" + accountID),
Sign1=ABS_Sign(sk,policy,data1)。
s310, the responder device 201 sends the first signature and the first signature policy to the certification authority device 204.
Specifically, in order to protect the information in the first signature policy, the responder device may encrypt the first signature and the first signature policy using a public key of a certificate authority corresponding to the certificate authority device 204, and send an encrypted ciphertext to the certificate authority device 204, so that the certificate authority device 204 may decrypt the ciphertext using a private key of the certificate authority device 204 to obtain the first signature and the first signature policy.
S311, the certification authority device 204 verifies the first signature based on the pre-acquired master public key and the first signature policy.
In this example, the certificate authority device may verify the first signature based on the first signature policy and the master public key mpk of the management device.
For example, the certification authority device may obtain the identity information and the blockchain account corresponding to the responder device in advance, so that after the certification authority device obtains the first signature sign1, verification may be performed, specifically calculated as follows:
data1= HASH ("identity information" + accountID),
result1=ABS_Verify(mpk,policy,data1,sign1)。
only if result1 is true, the identity information of the responder and the blockchain account can be proved to be bound one by one. Namely, the proof blockchain account is the on-chain account corresponding to the identity information of the responder.
S312, in case of passing the verification, the certification authority device 204 uploads the certification attribute corresponding to the first account to the blockchain 100.
Here, the certification attribute may be an attribute issued by the certification authority device for the responder device. Taking the certification authority as university and the issued attribute as academic degree attribute as an example, the certification attribute may be as follows: info = { accountID, "university of XXX 2022 major's degree" }. Alternatively, the certificate authority device may sign the certificate attribute using its own private key companySK and encrypt it using the system public key systemPK of the management device. In particular, the method comprises the following steps of,
infoHash=HASH(info),
infoSign=ECIES_Sign(companySK,infoHash),
infoCipher=ECIES_ENCRYPT(systemPK,info)。
wherein infoCipher may represent an encryption authentication attribute. infoSign may represent a digital signature.
The certification authority device may then call the contract interface PublishCert, and upload the certification attribute information including the blockchain account accountID and the encrypted certification attribute infoCipher of the responder device to the blockchain, for example, the certification authority device may store the certification attribute information in the account certificate list accountcertsslist preset in the contract state, specifically,
PublishCert(accountID,infoCipher,infoSign)。
through the implementation mode, the certification authority equipment can issue the certification attribute for the responder equipment.
S313, the blockchain stores the authentication attribute in association with the first account.
In this embodiment, the authentication attribute may be stored in association with the first account corresponding to the responder in the blockchain. In this way, the identity attribute and the authentication attribute of the responder may be stored in association with the first account in the blockchain. The identity attribute and the authentication attribute in the attribute list belong to attribute information of the responder. Through the implementation mode, the authentication attribute of the responder is continuously added, the attribute corresponding to the responder is gradually enriched, and the basic information, the learning information, the social practice information, the skill authentication information and the like corresponding to the responder can form a complete digital identity of the responder.
Thus, based on the flow shown in fig. 3, the attribute information of the solver can be stored in the blockchain 100.
With continuing reference to fig. 4, fig. 4 shows a timing diagram of an example of interaction between the solver device 201, the questioner device 202, the management device 203 and the blockchain 100 in the system for knowledge question-answering based on blockchain according to the embodiments of the present specification.
S401, the questioner device 202 obtains the master public key uploaded by the management device 203 from the blockchain 100;
s402, the questioner device 202 conducts attribute encryption based on the master public key, the question information and the first encryption strategy to obtain encrypted question information;
s403, the questioner device 202 uploads the encrypted question information to the blockchain 100.
In practice, a questioner may set a first encryption policy according to an actual scene and needs, and the first encryption policy may be used to specify that the device can decrypt encrypted question information only when satisfying the condition of the attribute tags. Corresponding first encryption strategies can be set for different problem information. As an example, the structure of the first encryption policy may be a tree structure. With continued reference to fig. 5, fig. 5 is a schematic diagram of a first encryption strategy, based on the encryption question information obtained by the first encryption strategy, a solver having "education" attribute and one of "subject", "master" or "doctor" attribute is required to successfully decrypt, otherwise, the decryption fails. It is understood that the first encryption policy shown in fig. 5 is only used for explaining the tree structure, and the content of the first encryption policy is not limited, and in practice, different problem information may correspond to different first encryption policies.
As an example, the structure of the question information/answer information may include the following: { MID information unique ID, QID question unique ID, content encrypted (or plaintext) question information/answer information content, relatedID association ID }, where association ID (identification) can be used in answering questions and supplementing questions.
As one example, in some scenarios, a questioner may ask a questioner to a respondent to a limited number of blockchain accounts. In these scenarios, the content may be encrypted based on the attributes.
For example, the questioner consults the educator for the Question "how to better communicate with adolescent traitory children and direct directions". The questioner finds on the blockchain, has "education" attribute and has score greater than ten thousand blockchain accounts, for example, finds three such blockchain accounts { AccountIdA, accountIdB, accountIdC }, and then designs a first encryption policy of {1of3} { AccountIdA, accountIdB, accountIdC }, that is, only these three blockchain accounts can decrypt the encrypted question information. Based on this example, the structure of the question information may be as follows:
Figure BDA0003712189720000121
it will be appreciated that since the structure of this example is that of question information, the AccountId herein may represent the account of the questioner.
As another example, in some scenarios, a questioner may ask a question to a class of people. In these scenarios, the content may be encrypted based on the attributes.
For example, ask the cryptology professional to teach the problem of "whether important data between banks can be guaranteed only by TLS, and whether there are other recommended schemes". When a query is asked to a blockchain account with a "cryptography" attribute, the designed first encryption policy may be {1of1} { "cryptography" }, that is, only the device corresponding to the blockchain account with the "cryptography" attribute can decrypt the encrypted problem information. Based on this example, the structure of the question information may be as follows:
Figure BDA0003712189720000131
it is understood that since the structure of this example is that of question information, the AccountId herein may represent the account of the questioner.
As yet another example, in some scenarios, a questioner may disclose a question to all. In these scenarios, the content can be uploaded to the blockchain in the clear.
For example, asking the owner about the Question "how the character relationship and timeline of movie M" without designing an encryption policy, based on this example, the Question information may have the following structure:
Figure BDA0003712189720000132
it will be appreciated that since the structure of this example is that of question information, the AccountId herein may represent the account of the questioner.
In a scenario where attribute encryption is required, the questioner device may perform attribute encryption based on the master public key, the question information and the first encryption policy to obtain encrypted question information, and upload the encrypted question information to the block chain. In scenarios where attribute encryption is not required, the questioner device may upload question information in clear to the blockchain. For example, encrypted (or plaintext) question information may be stored into a question answer list questientandanswerlist preset in the contract state of the contract. The encrypted question information can be decrypted and seen only by the responder device which accords with the first encryption strategy, so that the privacy information of the questioner is protected.
S404, the management apparatus 203 acquires the attribute information from the blockchain.
S405, the management device 203 generates an attribute list of the responder based on the attribute information, and generates a sub-private key of the responder corresponding to the responder based on the attribute list, the master public key, and the master private key.
In this embodiment, the management device may obtain the attribute information from the blockchain, and if the attribute information includes the encrypted authentication attribute, the management device may decrypt the encrypted authentication attribute to obtain the authentication attribute for the responder.
For example, after the management device may obtain the authentication attribute information (accountcertslst) from the account certificate list accountcertslst, the management device may first verify the validity of the attribute information, specifically,
decryption gets the authentication attribute, info = ECIES _ DECRYPT (systemSK, infoCipher),
infoHash=HASH(info)。
the validity of the digital signature infoSign of the certificate authority device is verified, and in particular,
result=ECIES_Verify(companyPK,infoSign,infoHash)。
as an example, after the digital signature verification passes, the management device may check the validity and validity of the certification attribute info = { accountID, "university of XXX 2022 university bit" } under a chain, e.g., whether the certification authority is qualified enough, whether the issuance time is reasonable, and the like. After the verification is passed, the management device may generate an attribute list of the responder based on the attribute information, where the attribute list may include an identity attribute and an authentication attribute of the responder.
Thereafter, the management device may generate a responder sub-private key corresponding to the responder based on the attribute list, the master public key, and the master private key.
Taking the certification authority as university, the issued attribute as degree attribute, and the certification attribute as info = { accountID, "XXX university 2022 major degree" }, the management device may add an attribute label "XXX university 2022 major degree" to the responder device on the basis of the identity attribute included in the attribute list, so as to obtain an updated attribute list for the responder device, including identity attribute and certification attribute. Based on this, the management device may generate an updated responder sub-private key corresponding to the responder. The KeyGen function of CP-ABE may be invoked, for example, to generate a private key of the responder child, specifically,
skNew=CPABE_KeyGen(AttriListNew,msk,mpk)。
the skNew may represent an updated responder child private key, the attrilstnew may represent an updated attribute list of the responder device, and the attrilstnew may include an authentication attribute and an identity attribute.
The management device may then encrypt the attribute tag attriltnew and the private key skNew of the solver child using the public key accountPK of the solver device, which may be encrypted using, for example, the ECIES algorithm or the RSA algorithm, which is taken as an example, in particular,
accountCipherNew=ECIES_ENCRYPT(accountPK,AttriListNew,skNew)。
and stores the data { accountID, accountPK, accountCipherNew } in a list accountInfoList of contract states of contracts on the chain. Wherein the accountID is an on-chain account ID of the responder device.
Optionally, the responder may have a first account in a blockchain, the attribute list includes the first account, the management device is further configured to upload the attribute list to the blockchain, and the blockchain is configured to store the attribute list and the responder sub-private key in association.
For example, the blockchain is specifically used when the attribute list and the responder sub-private key are stored in association: and storing a first ciphertext obtained by encrypting the sub-private key of the responder and the attribute list of the first account in association with the first account, wherein the first ciphertext is generated by the management device through encryption by using the public key of the first account.
S406, the management device 203 uploads the sub-private key of the responder to the blockchain.
S407, the responder device 201 acquires the responder sub-private key and the encrypted question information from the blockchain 100.
Specifically, the responder device 201 may send a transaction to the blockchain 100, which may invoke the contract C1 to obtain the responder subprivate key and the encrypted question information from the blockchain 100. The nodes of the blockchain may perform transactions, sending the responder sub-private key and the encrypted question information to the responder device 201.
For example, the responder device may obtain the attribute tag attrilstnew and the responder child private key skNew allocated to it by the management device from the list accountlnfolist of contract states according to accountID and accountPK. In particular, the method comprises the following steps of,
AttriListNew,skNew=ECIES_DECRYPT(accountSK,accountCipherNew)。
the responder device may then decrypt the encrypted question information stored in the blockchain using the responder sub-private key skNew.
S408, the responder device 201 decrypts the encrypted question information by using the responder sub-private key, and in the case that the attribute list conforms to the first encryption strategy, the decryption is successful to obtain the question information.
In this embodiment, the responder device 201 may obtain the responder sub-private key and the encrypted question information from the blockchain 100, and attempt to decrypt the encrypted question information using the sub-private key, where in the case that the attribute list corresponding to the responder conforms to the first encryption policy, the decryption is successful, and the question information is obtained. The responder device 201 may attempt to Decrypt the encrypted question information, for example, by calling the Decrypt function of the CP-ABE, specifically,
question information = CPABE _ DECRYPT (encryption question information, skNew).
Through a DECRYPT function, the problem information can be obtained only by successfully decrypting the attribute list corresponding to the responder when the attribute list conforms to the first encryption strategy of the encrypted problem information.
S409, the responder device 201 receives the answer information input by the responder for the question information, and uploads the answer information to the block chain 100.
In this embodiment, after the responder device 201 successfully decrypts the encrypted question information, the decrypted question information may be displayed for the responder to view. The responder device 201 may also receive answer information input by the responder for the question information and transmit the answer information to the block chain, for example, the answer information may be transmitted in the clear to the block chain.
In some alternative implementation modes, sometimes the answerer does not want the answer information input by the answerer to be seen by all people, on one hand, the knowledge copyright of the answerer is protected, and on the other hand, the privacy information of the questioner is protected. Based on this, after the answer device receives the answer information input by the answer for the question information, the attribute encryption can be performed based on the main public key, the answer information and the second encryption strategy to obtain the encrypted answer information, and the encrypted answer information is uploaded to the block chain.
Wherein the second encryption policy may be used to specify that the device can decrypt the encrypted answer information only if the device satisfies the attribute tags. Assuming that the Answer information is Answer, for example, and the second encryption policy is policy, the responder device may generate encrypted Answer information for the Answer information Answer by calling the Encrypt function of the CP-ABE, and specifically,
encrypted Answer information = CPABE _ ENCRYPT (Answer, policy, mpk).
By the implementation mode, the answerer can specify the equipment which can check the answer information by setting the second encryption strategy, thereby realizing the protection of the answer information,
at S410, the questioner device 202 may obtain answer information from the blockchain.
In this embodiment, the questioner device may acquire answer information from the blockchain, thereby implementing knowledge questioning and answering between the questioner device and the answerer device.
In some alternative implementations, a first information identifier associated with the encrypted problem information, such as an MID in the structure of the problem information, may be stored in the blockchain. It will be appreciated that different encryption (or plaintext) problem information may correspond to different information identifications. The responder device may then send the answer information in association with the first information identification to the blockchain.
Specifically, the responder device may obtain all encrypted question information from a question answer list questionandaddressarist in a contract state, decrypt the encrypted question information by using the responder sub-private key of the responder device, and if decryption is successful, indicate that the question is a question oriented to the responder device; if the decryption is unsuccessful, this indicates that the problem is not a self-directed problem.
Question=CPABE_DECRYPT(content,sk)。
For the problem of successful decryption or public problem, the solver can decide whether to solve or not. For example, the responder device may assemble the answer information input by the responder into the following form:
Figure BDA0003712189720000161
it is understood that since the structure of this example is the structure of answer information, the AccountId herein may represent the account of the responder. Here, whether the Answer information Answer is encrypted or not is determined by the answerer, for example, if the Answer information relates to the privacy of the questioner, or the Answer information includes more important information, the answerer may choose to encrypt only to allow the questioner to decrypt and see the Answer information. The relatedID represents an information identification of the question information of the relevant question for marking the answer made to that piece of information.
In some alternative implementations, the responder device may generate a second information identifier for the answer information, e.g., an MID in the structure of the answer information of the above example. In this way, the questioner device may also transmit the additional question information to the blockchain in association with the second information identification.
For example, after the questioner obtains the answer information, if there is a question, the additional question may be continued, and the questioner device may assemble the additional question information questiennew into the following form:
Figure BDA0003712189720000162
Figure BDA0003712189720000171
it will be appreciated that since the structure of this example is that of question information, the AccountId herein may represent the account of the questioner.
Here, whether or not the additional question information questiennew is encrypted may be determined by the questioner. For example, in some scenarios requiring encryption, the questioner device may perform attribute encryption based on the master public key mpk, additional question information questingnew, and a third encryption policy to obtain encrypted additional question information, specifically, ABE _ ENCRYPT (questingnew, policy, mpk). And uploading the encrypted append problem information to the blockchain. For example, the encrypted append problem information can be sent to the blockchain in association with the second information identification. For another example, in some scenarios where encryption is not required, the questioner device may send additional question information questiennew in clear text to the block chain in association with the second information identification. This means that the additional problem information questiennew corresponds to the second information identifier.
Based on the additional question information uploaded by the questioner, the answerer may continue to supplement the answers until the questioner has no questions. With this implementation, the questioner can continue to add questions.
In some optional implementations, in practice, the responder device may correspond to a certification attribute issued by a certification authority in addition to the attribute list including the identity attribute. For example, after a person completes the school at university, the person obtains corresponding academic calendar and academic degree certification, and obtains a paper certificate issued by a certification authority related to education in the physical world. In the digital world, the certification authority should also issue academic calendar and academic degree attributes for the devices corresponding to individuals. Here, the certification authority device may be a device used by some subjects who can issue attributes for individuals socially. For example, a subject related to education may issue a scholarly calendar, a degree attribute, a subject related to a wedding registration transaction may issue a wedding status attribute, a subject related to training may issue a skills training attribute, and so on.
The certification authority device may upload the authority information of the certification authority to the blockchain 100, for example, directly. The organization information may include, among other things, various information related to the organization, including but not limited to the type of organization, the level of the organization, the location of the organization, credential information, certification material, and so forth. In addition, the public key companyPK encrypted asymmetrically may be uploaded to the block chain 100 by the certification authority device, and the private key companySK corresponding to the companyPK is locally and securely stored by the certification authority device. The companyPK may be used for subsequent encrypted information transfer.
Here, the institution information uploaded by the certification authority device may also be used to register accounts on the institution chain on the blockchain. Based on this, the certificate authority device may receive the on-chain account information returned by the blockchain 100, e.g., an on-chain account ID. As an example, the certification authority device may also encrypt the authority information using the system public key system mpk and upload the encrypted authority information to the blockchain 100. Taking ECIES as an example, encryption may be performed by calling ENCRYPT, specifically,
companyInfoCipher=ECIES_ENCRYPT(systemPK,companyInfo)。
wherein the company info may represent organization information. The company infocipher may represent the encrypted organization information. At this time, the company id may be generated by:
companyID=RegisterCompany(companyInfoCipher,companyPK)。
in practice, the blockchain 100 may directly generate the on-chain account information corresponding to the certification authority device based on the authority information uploaded by the certification authority device, and return the on-chain account information to the certification authority device. The blockchain 100 may also generate the on-chain account information corresponding to the certification authority device based on the institution information after the management device 203 verifies the institution information uploaded by the certification authority device. Specifically, the management device 203 may obtain the organization information uploaded by the certification authority device after monitoring the contract invoking event of the register company in the chain. If the organization information acquired by the management apparatus 203 is the encrypted organization information companyInfoCipher, the management apparatus 203 may decrypt the acquired encrypted organization information using the system private key systemSK, specifically,
companyInfo=ECIES_DECRYPT(systemSK,companyInfoCipher)。
thereafter, the management device 203 may verify the institution information (e.g., perform identity verification and authentication, etc.), upload verification passing information to the blockchain 100 after the verification passes, and after receiving the verification passing information, the blockchain may generate chain account information corresponding to the certification institution device based on the institution information and return the chain account information to the certification institution device.
After obtaining the mechanism information uploaded by the certification authority device from the blockchain 100, the management device 203 may determine, based on the mechanism information, a mechanism attribute tag corresponding to the certification authority device, generate, based on the mechanism attribute tag, the master public key, and the master private key, a mechanism sub-private key of the certification authority device, and upload the mechanism sub-private key to the blockchain 100.
Here, the organization attribute tags may be a sum of a class of characteristics, e.g., the type of organization, which may include skill training, certification training, infant interest training, and so forth; the level of the organization, which may include, provincial, city, etc.; the place of the organization: shanghai, beijing, fujian, etc. Thereafter, the management device 203 may generate an authority child private key of the certification authority device based on the authority attribute tag, the master public key, and the master private key. For example, the management device 203 may generate an authority child private key of the certification authority device by calling the KeyGen function of the CP-ABE. The management device 203 may upload the generated organization sub-private key to the blockchain 100, for example, upload the organization attribute tag and the public key of the organization sub-private key certificate authority device, which is encrypted with the companyPK, to the blockchain 100. The certification authority device may obtain the authority sub-private key from the blockchain 100, and may decrypt the acquired authority sub-private key to obtain the authority sub-private key if the acquired authority sub-private key is the encrypted authority sub-private key. By the implementation mode, the authentication mechanism equipment can obtain the mechanism sub private key.
In some optional implementation manners, on the basis of digital identity, for a knowledge question-answering scenario, an answerer can select to disclose which attributes of the answerer to prove that the answerer has professions and experiences in relevant aspects, and in order to achieve the purpose:
first, the responder device may obtain the responder subprivate key and the first attribute list from the blockchain, and perform attribute signature based on the responder subprivate key and the second signature policy to obtain a second signature.
Here, the second signature policy includes an attribute for disclosure, and the second signature is used to prove that the first account owned by the responder possesses all the attributes included in the second signature policy.
For example, a certain responder chooses to disclose his own psychological and philosophical attributes. In this regard, the responder may set a public attribute of the corresponding blockchain account through the responder device, and set a corresponding second signature policy, where the second signature policy may include the public attribute and the blockchain account. As shown in fig. 6, fig. 6 shows a schematic diagram disclosing a second signature strategy including an example of "psychology" and "philosophy" with attributes, the second signature strategy including a blockchain account id, "psychology" and "philosophy" of the responder device.
In this example, the responder device may perform an attribute signature on the blockchain account of the responder based on the second signature policy and the responder sub-private key to obtain a second signature, specifically,
the signature data = accountId,
sign=ABS_Sign(sk,policy,data)。
the responder device may then upload the public attribute and the second signature to the blockchain.
Finally, the questioner device and other participant devices may obtain the blockchain accounts and public attributes uploaded by the responder device from the blockchain. And the questioner device and the other participant devices can verify the second signature based on the pre-acquired master public key and the second signature strategy, and the first account is determined to have the attribute for public use after verification is passed. The specific calculation may be as follows:
result=ABS_Verify(mpk,policy,data,sign)。
and if result is true, proving that the attribute disclosed by the blockchain account corresponding to the responder device is the attribute corresponding to the responder device. By the implementation mode, the attribute that the disclosure of the responder device is inconsistent with the attribute of the responder device can be effectively prevented, namely the responder device is prevented from disclosing the false attribute.
In some alternative implementations, the responder may obtain points in the questioning and answering session, which may be a reward transferred from the blockchain account of the questioner or other participant capable of viewing answer information to the blockchain account of the responder. Taking the questioner as an example, the questioner device may send to the blockchain a transaction for transferring points to the blockchain account corresponding to the responder device, where the transaction may include the number of points N. The blockchain node may then execute the transaction, decreasing the number of points N from the blockchain account of the questioner device and increasing the number of points N to the blockchain account of the responder device. It is understood that the credit of the blockchain account may be a number, and if the account chooses to hide its own credit amount, and can be maintained on the blockchain after homomorphic encryption, other participants may use homomorphic addition and homomorphic subtraction to increase the credit of the responder's account and decrease their own credit.
As shown in fig. 7, fig. 7 is a schematic diagram illustrating an account information structure of a blockchain account, where the account information structure includes account ID, account public key account pk, public attributes of publicatttributes, and Points. It is understood that the account information structure shown in fig. 7 is only an exemplary structure, and is not limited to the account information structure, and in practice, information may be added or removed from the account information structure according to actual needs, and details are not described here.
Reviewing the above process, in the above embodiments of the present specification, the system of knowledge question answering based on a block chain includes an answerer device, a questioner device, a management device, and a block chain, wherein attribute information of the answerer is stored in the block chain, the management device includes a master public key and a master private key for generation based on an attribute encryption algorithm, and the encrypted question information stored in the block chain is obtained by the questioner device performing attribute encryption based on the master public key and a first encryption policy. The management device can obtain attribute information of the responder from the blockchain, generate an attribute list of the responder based on the attribute information, generate a sub-private key of the responder corresponding to the responder based on the attribute list, the main public key and the main private key, and upload the sub-private key of the responder to the blockchain. The responder device can obtain the responder sub-private key and the encrypted question information from the blockchain, decrypt the encrypted question information by using the responder sub-private key, and obtain the question information by successfully decrypting the encrypted question information under the condition that the attribute list conforms to the first encryption strategy. Then, the responder device receives answer information input by the responder for the question information and uploads the answer information to the block chain. In this way, the questioner device may obtain answer information from the blockchain. In the system, only the answerer equipment of which the attribute list conforms to the first encryption strategy corresponding to the encrypted question information can successfully decrypt the encrypted question information to obtain the question information, so that the protection of the question information is realized, and meanwhile, the questioner equipment can specify the answerer equipment for solving the question by setting the first encryption strategy.
This description illustrates one embodiment of a method for blockchain-based knowledge question-answering that may be applied to nodes of a blockchain. Wherein, the nodes of the blockchain can be executed by any device, equipment, platform or equipment cluster with computing and processing capability. The management device comprises a main public key and a main private key which are used for being generated based on an attribute encryption algorithm, and the encrypted question information stored in the block chain can be obtained by attribute encryption of the questioner device based on the main public key and a first encryption strategy. Specifically, the questioner device may perform attribute encryption based on the master public key, the question information, and the first encryption policy to obtain encrypted question information, and upload the encrypted question information to the block chain.
Based on the method, the method for knowledge question answering based on the block chain can comprise the following steps:
step one, responding to the request sent by the management device, and sending the attribute information of the responder to the management device.
In this embodiment, the responder may have a first account in the blockchain. The attribute information of the responder may include an identity attribute and an authentication attribute of the responder. Wherein, the attribute information of the responder may be generated by the following method: 1) The management equipment acquires the responder information of the responder uploaded by the responder equipment from the blockchain, generates a second attribute list and a second sub private key of the responder according to the responder information, and uploads the second sub private key and the second attribute list to the blockchain, wherein the second attribute list can comprise the identity information (or identity attributes) of the first account and the responder; 2) The responder device acquires a second sub private key and a second attribute list from the block chain, performs attribute signature based on a first signature strategy and the second sub private key to obtain a first signature, and sends the first signature and the first signature strategy to the certification authority device; 3) The certification authority equipment verifies the first signature based on a pre-acquired main public key and a first signature strategy, and uploads the certification attribute corresponding to the first account to the block chain when the verification is passed; 4) The blockchain stores the authentication attribute in association with the first account. And the identity attribute and the authentication attribute in the first attribute list both belong to attribute information of the responder. By continuously adding the authentication attribute, the attribute corresponding to the responder is gradually enriched, and the basic information, the learning, the social practice, the skill authentication and other attribute information corresponding to the responder can form a complete digital identity of the responder.
And step two, receiving the sub private key of the responder corresponding to the responder from the management equipment, and storing the sub private key of the responder in the block chain.
In this embodiment, the node of the blockchain may receive the responder child private key of the responder device from the management device and store it in the blockchain. The sub private key of the responder is generated by the management device based on the attribute information of the responder, the main public key and the main private key.
For example, the blockchain may store an encrypted child private key accountCipher uploaded by the management device and generated for the responder device into a contract state of the on-chain contract. For example, a list accountInfoList may be preset, and each piece of information stored in the list accountInfoList may contain data { accountID, accountPK, accountCipher }.
And step three, responding to the request sent by the responder device, and sending the responder sub-private key and the encrypted question information to the responder device.
In this embodiment, the responder device may send a request for obtaining the responder sub-private key to the blockchain, and in response to the request sent by the responder device, the nodes of the blockchain may send the responder sub-private key to the responder device. The responder device may also send a request to the blockchain for obtaining the encrypted question information, and the nodes of the blockchain may send the encrypted question information to the responder device in response to the request sent by the responder device. And then, the responder device can decrypt the encrypted question information by using the responder sub-private key, and the problem information is obtained by successfully decrypting the encrypted question information under the condition that the basic attribute label accords with the first encryption strategy.
And step four, receiving answer information sent by the responder equipment.
In this embodiment, the node of the blockchain may receive answer information sent by the responder device. Wherein the answer information may be obtained by the responder device through the following process: first, the responder device may decrypt the encrypted question information using the responder sub-private key, and when the first attribute list corresponding to the responder device conforms to the first encryption policy, the decryption is successful, and the question information is obtained. The responder device may then receive the responder information input by the responder for the question information.
And step five, responding to the request sent by the questioner device, and sending answer information to the questioner device.
In this embodiment, the questioner device may send a request for obtaining answer information to the nodes of the blockchain, and in response to the request sent by the questioner device, the nodes of the blockchain may send the answer information to the questioner device.
In some alternative implementations, the responder may have a first account in the blockchain, the attribute information includes identity information of the responder, and the method for knowledge question answering based on the blockchain may further include the steps of: receiving an authentication attribute corresponding to a first account sent by authentication mechanism equipment, wherein the authentication attribute is determined by the following method:
1) The management equipment acquires the identity information of the responder from the blockchain, creates a first account after the identity information of the responder passes verification, and generates a second attribute list of the responder, wherein the second attribute list comprises the first account and the identity information of the responder.
2) And the management device generates a second sub private key based on the second attribute list, the main public key and the main private key, and uploads the second sub private key and the second attribute list to the block chain.
3) The responder device obtains a second sub-private key and a second attribute list from the blockchain, performs attribute signature based on a first signature strategy and the second sub-private key to obtain a first signature, and sends the first signature to the certification authority device, wherein the first signature strategy comprises identity information of the responder and a first account.
4) And the certification authority device verifies the first signature based on the pre-acquired master public key, and determines the corresponding certification attribute of the first account when the verification is passed.
In some optional implementations, the above method for knowledge question answering based on a block chain may further include the following:
first, a node of the blockchain may receive a transaction sent by the questioner device to transfer points to a blockchain account corresponding to the responder device, where the transaction may include a number of points.
The nodes of the blockchain may then perform a transaction, decrementing the points by the number of points from the blockchain account of the questioner device, and incrementing the points by the number of points to the blockchain account corresponding to the responder device.
In some alternative implementations, the questioner may further add questions to the answer information of the answerer. As one example, the questioner device may send encrypted additional question information to a node of the blockchain, where the encrypted additional question information may be obtained by the questioner device performing attribute encryption based on the master public key of the management device, the additional question information, and the third encryption policy. As another example, the questioner device may transmit a second information identification and additional question information to the nodes of the blockchain, wherein the second information identification may be generated by the answerer device for the answer information.
The present specification further illustrates an embodiment of a method for question answering based on a blockchain, which may be applied to an answerer device, wherein the blockchain stores attribute information of an answerer, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain may be obtained by attribute encryption by the questioner device based on the master public key and a first encryption policy. Specifically, the questioner device may perform attribute encryption based on the master public key, the question information, and the first encryption policy to obtain encrypted question information, and upload the encrypted question information to the block chain.
Based on the method, the method for knowledge question answering based on the block chain can comprise the following steps:
and step 1), acquiring the private sub-key of the responder and the encrypted question information from the block chain.
In this embodiment, the responder device may obtain the responder sub-private key from the blockchain, where the responder sub-private key may be generated by the management device based on the attribute information of the responder, the master public key, and the master private key. In addition, the responder device may also obtain encrypted question information from the blockchain. And then, the responder device can decrypt the encrypted question information by using the responder sub-private key, and the decryption is successful to obtain the question information under the condition that the first attribute list corresponding to the responder device conforms to the first encryption strategy. The responder device may display the question information for review by the responder.
And 2) receiving answer information input by the answerer aiming at the question information, and sending the answer information to the block chain.
In this embodiment, the responder device may receive the answer information input by the responder and send the answer information to the blockchain, for example, the answer information may be sent to the blockchain in the clear text.
In some optional implementations, step 2) may also be specifically performed as follows: receiving answer information input by an answerer aiming at the question information, carrying out attribute encryption on the basis of the main public key, the answer information and a second encryption strategy to obtain encrypted answer information, and uploading the encrypted answer information to the block chain.
In some optional implementations, the responder has a first account in the blockchain, the attribute information includes identity information of the responder, and the method further includes:
first, a second sub private key and a second attribute list are acquired from the blockchain, wherein the second attribute list is generated by the management device based on the identity information of the responder acquired from the blockchain, and the second sub private key is generated by the management device based on the second attribute list, the master public key and the master private key.
And then, performing attribute signature based on the first signature strategy and the second sub private key to obtain a first signature, sending the first signature to the certification authority equipment so that the certification authority equipment verifies the first signature based on the pre-obtained main public key and the first signature strategy, and uploading the certification attribute corresponding to the first account to the block chain in the case of passing the verification, wherein the first signature strategy comprises the identity information of the responder and the first account.
According to another aspect of the embodiments, an apparatus for knowledge question and answer based on a block chain is provided, which is disposed at a node of the block chain, wherein the block chain node may be deployed in any device, platform or device cluster with computing and processing capabilities.
FIG. 8 shows a schematic block diagram of an apparatus for block chain based knowledge question answering according to one embodiment. Wherein, the block chain stores attribute information of a responder, the management device includes a main public key and a main private key generated based on an attribute encryption algorithm, and the encrypted question information stored in the block chain is obtained by a questioner device performing attribute encryption based on the main public key and a first encryption policy, and the apparatus 800 includes: a first transmission unit 801 configured to transmit attribute information of the responder to the management apparatus in response to a request transmitted by the management apparatus; a first receiving unit 802 configured to receive, from the management device, a responder sub-private key corresponding to the responder, the responder sub-private key being stored in the block chain, wherein the responder sub-private key is generated based on the attribute information, the master public key, and the master private key; a second transmitting unit 803 configured to transmit the sub-private key of the responder and the encrypted question information to the responder device in response to the request transmitted by the responder device; a second receiving unit 804, configured to receive answer information sent by the responder device, where the answer information is obtained by the responder device through the following processes: decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information after successful decryption under the condition that the first attribute list corresponding to the responder equipment conforms to the first encryption strategy; receiving answer information input by the answerer aiming at the question information; a third sending unit 805 configured to send the answer information to the questioner device in response to the request sent by the questioner device.
In some optional implementations of this embodiment, the responder has a first account in the blockchain, the attribute information includes identity information of the responder, and the apparatus 800 further includes: a third receiving unit (not shown in the figure), configured to receive an authentication attribute sent by the authentication mechanism device and corresponding to the first account, wherein the authentication attribute is determined by: the management equipment acquires the identity information of the responder from the blockchain, creates a first account after the identity information of the responder is verified, and generates a second attribute list of the responder, wherein the second attribute list comprises the first account and the identity information of the responder; the management device generates a second sub-private key based on the second attribute list, the main public key and the main private key, and uploads the second sub-private key and the second attribute list to the block chain; the responder device acquires the second sub-private key and the second attribute list from the blockchain, performs attribute signature based on a first signature policy and the second sub-private key to obtain a first signature, and sends the first signature to the certification authority device, wherein the first signature policy comprises the identity information of the responder and the first account; the certification authority device verifies the first signature based on a pre-acquired master public key, and determines a certification attribute corresponding to the first account when the verification is passed.
In some optional implementations of this embodiment, the apparatus 800 further includes: a fourth receiving unit, configured to receive a transaction sent by the questioner device and used for transferring points to a blockchain account corresponding to the responder device, where the transaction includes a number of points; an execution unit configured to execute the transaction, reduce the points of the number of points from the blockchain account of the questioner device, and increase the points of the number of points to the blockchain account corresponding to the responder device.
In some optional implementations of this embodiment, the apparatus 800 further includes: a fifth receiving unit, configured to receive encrypted additional question information sent by the questioner device, wherein the encrypted additional question information is obtained by the questioner device performing attribute encryption based on the master public key, the additional question information and a third encryption policy.
In some optional implementations of this embodiment, the apparatus 800 further includes: a sixth receiving unit, configured to receive a second information identifier and additional question information sent by the questioner device, where the second information identifier is generated by the answerer device for the answer information.
According to another embodiment, the device for knowledge question answering based on the block chain is further provided and arranged on the answerer device.
FIG. 9 shows a schematic block diagram of an apparatus for block chain based knowledge question answering according to another embodiment. Wherein, the blockchain stores attribute information of a responder, the management device includes a main public key and a main private key generated based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by the questioner device performing attribute encryption based on the main public key and a first encryption policy, and the apparatus 900 includes: an information obtaining unit 901 configured to obtain a sub-private key of a responder and the encrypted question information from the blockchain, decrypt the encrypted question information using the sub-private key of the responder, and obtain the question information by successfully decrypting the encrypted question information in a case where a first attribute list corresponding to the responder device conforms to the first encryption policy, wherein the sub-private key of the responder is generated by the management device based on the attribute information of the responder, the main public key, and the main private key; an information receiving unit 902 configured to receive answer information input by the answerer for the question information and transmit the answer information to the block chain.
In some optional implementations of this embodiment, the responder has a first account in the blockchain, the attribute information includes identity information of the responder, and the apparatus 900 further includes: a sub-private key obtaining unit configured to obtain, from the blockchain, a second sub-private key and a second attribute list, where the second attribute list is generated by the management device based on the identity information of the responder obtained from the blockchain, and the second sub-private key is generated by the management device based on the second attribute list, the master public key, and the master private key; and a signature sending unit configured to perform attribute signature based on a first signature policy and the second sub-private key to obtain a first signature, send the first signature to a certificate authority device, so that the certificate authority device verifies the first signature based on a pre-obtained main public key and the first signature policy, and upload the authentication attribute corresponding to the first account to the block chain when the verification passes, where the first signature policy includes the identity information of the responder and the first account.
In some optional implementations of this embodiment, the information receiving unit 902 is further configured to receive answer information input by the responder for the question information, perform attribute encryption based on the master public key, the answer information, and a second encryption policy to obtain encrypted answer information, and upload the encrypted answer information to the block chain.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to execute a method of block-chain-based question answering.
According to another embodiment of the present invention, there is also provided a computing device, including a memory and a processor, wherein the memory stores executable codes, and the processor implements a method for block chain based question answering when executing the executable codes.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development, but the original code before compiling is also written in a specific Programming Language, which is called Hardware Description Language (HDL), and the HDL is not only one kind but many kinds, such as abll (Advanced boot Expression Language), AHDL (alternate hard Description Language), traffic, CUPL (computer universal Programming Language), HDCal (Java hard Description Language), lava, lola, HDL, PALASM, software, rhydl (Hardware Description Language), and vhul-Language (vhyg-Language), which is currently used in the field. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium that stores computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a server system. Of course, this application does not exclude that with future developments in computer technology, the computer implementing the functionality of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle mounted human interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in processes, methods, articles, or apparatus that include the recited elements is not excluded. For example, the use of the terms first, second, etc. are used to denote names, but not to denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or the modules implementing the same functions may be implemented by a combination of a plurality of sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is intended to be illustrative of one or more embodiments of the disclosure, and is not intended to limit the scope of one or more embodiments of the disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement made within the spirit and principle of the present specification shall be included in the scope of the claims.

Claims (24)

1. A knowledge question-answering system based on a blockchain, the system comprising a responder device, a questioner device, a management device and a blockchain, wherein attribute information of the responder is stored in the blockchain, the management device comprises a main public key and a main private key which are used for generating based on an attribute encryption algorithm, and encrypted question information stored in the blockchain is obtained by attribute encryption of the questioner device based on the main public key and a first encryption policy;
the management equipment is used for acquiring the attribute information of the responder from the blockchain, generating a first attribute list of the responder based on the attribute information, generating a responder sub-private key corresponding to the responder based on the first attribute list, the main public key and the main private key, and uploading the responder sub-private key to the blockchain;
the responder device is further configured to obtain the responder sub-private key and the encrypted question information from the blockchain, decrypt the encrypted question information using the responder sub-private key, and obtain the question information by successfully decrypting the encrypted question information in the case that the first attribute list conforms to the first encryption policy;
the responder device is also used for receiving answer information input by the responder for the question information and uploading the answer information to the block chain;
the questioner device is configured to obtain the answer information from the blockchain.
2. The system of claim 1, wherein the responder has a first account in the blockchain, the first attribute list including the first account, the management device further to upload the first attribute list to the blockchain, the blockchain to store the first attribute list and the responder sub-private key in association.
3. The system of claim 2, wherein the blockchain, when associatively storing the first list of attributes and the responder sub-private key, is specifically configured to: storing, in association with the first account, a first ciphertext that is obtained by encrypting the first attribute list and a child private key of a responder of the first account, wherein the first ciphertext is generated by the management device using public key encryption of the first account.
4. The system of claim 2, wherein the system further comprises a certification authority device, the attribute information includes identity information of the responder, and
the management equipment is further configured to acquire identity information of the responder from the blockchain, create a first account after the identity information of the responder is verified, and generate a second attribute list of the responder, where the second attribute list includes the first account and the identity information of the responder; generating a second sub private key based on the second attribute list, the main public key and the main private key, and uploading the second sub private key and the second attribute list to the block chain;
the responder device is further configured to obtain the second sub-private key and the second attribute list from the blockchain, perform attribute signing based on a first signing policy and the second sub-private key to obtain a first signature, and send the first signature and the first signing policy to the certificate authority device, where the first signing policy includes identity information of the responder and the first account;
the certification authority equipment is used for verifying the first signature based on a pre-acquired main public key and the first signature strategy, and uploading the certification attribute corresponding to the first account to the block chain when the first signature passes verification;
the blockchain is further to store the authentication attribute in association with the first account.
5. The system of claim 2, wherein the responder device is further configured to obtain the responder sub-private key and the first attribute list from the blockchain, perform attribute signing based on the responder sub-private key and a second signature policy to obtain a second signature, and upload the public attribute and the second signature to the blockchain, wherein the second signature policy comprises the public attribute, and the second signature is used for proving that the first account has all attributes included in the second signature policy;
the questioner device is configured to verify the second signature based on the pre-acquired master public key and the second signature policy, and determine that the first account has the attribute for public use after verification is passed.
6. The system of claim 1, wherein the responder device is further configured to receive answer information input by the responder for the question information and upload the answer information to the blockchain, including:
the responder device is used for receiving answer information input by the responder for the question information, carrying out attribute encryption on the answer information based on the main public key, the answer information and a second encryption strategy to obtain encrypted answer information, and uploading the encrypted answer information to the block chain.
7. The system of claim 1, wherein the blockchain further stores therein a first information identifier associated with the encryption problem information; and the responder device uploading the answer information to the blockchain, including:
and uploading the answer information and the first information identification association to the block chain.
8. The system of claim 1, wherein the questioner device is further configured to send to the blockchain a transaction for transferring points to a blockchain account corresponding to the responder device, wherein the transaction includes a number of points;
the nodes of the blockchain execute the transaction, reduce the points of the number of points from the blockchain account of the questioner device, and increase the points of the number of points to the blockchain account corresponding to the responder device.
9. The system of claim 1, wherein the questioner device is further configured to perform attribute encryption based on the master public key, additional question information and a third encryption policy to obtain encrypted additional question information, and upload the encrypted additional question information to a blockchain.
10. The system of claim 1, wherein the responder device is further configured to generate a second information identification for the answer information;
the questioner device is further configured to send supplemental question information to the blockchain in association with the second information identification.
11. The system of claim 1, wherein the system further comprises a certification authority device for uploading authority information of a certification authority to the blockchain;
the management equipment is used for acquiring the mechanism information from the block chain, determining a mechanism attribute label corresponding to the certification mechanism equipment based on the mechanism information, generating a mechanism sub private key of the certification mechanism equipment based on the mechanism attribute label, the main public key and the main private key, and uploading the mechanism sub private key to the block chain;
the certification authority device is further configured to obtain the authority sub-private key from the blockchain.
12. The system of claim 1, wherein the attribute information comprises identity information of the responder, and the management device is further configured to generate a system public key and a system private key, upload the system public key to a blockchain;
the responder device is further configured to encrypt the identity information of the responder by using the system public key acquired from the blockchain, and upload the encrypted identity information to the blockchain.
13. A method of knowledge question answering based on a blockchain, applied to nodes of the blockchain, wherein attribute information of a responder is stored in the blockchain, the management device comprises a main public key and a main private key which are used for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by attribute encryption of a questioner device based on the main public key and a first encryption policy, the method comprises:
in response to a request sent by the management device, sending attribute information of the responder to the management device;
receiving a responder sub-private key corresponding to the responder from the management device, and storing the responder sub-private key in the blockchain, wherein the responder sub-private key is generated based on the attribute information, the main public key and the main private key;
sending the sub-private key of the responder and the encrypted question information to the responder device in response to a request sent by the responder device;
receiving answer information sent by the responder device, wherein the answer information is obtained by the responder device through the following processes: decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information after successful decryption under the condition that a first attribute list corresponding to the responder equipment conforms to the first encryption strategy; receiving answer information input by the answerer for the question information;
and responding to the request sent by the questioner device, and sending the answer information to the questioner device.
14. The method of claim 13, wherein the responder has a first account in the blockchain, the attribute information includes identity information of the responder, the method further comprising:
receiving an authentication attribute corresponding to the first account sent by a certificate authority device, wherein the authentication attribute is determined by the following method:
the management equipment acquires the identity information of the responder from the blockchain, creates a first account after the identity information of the responder is verified, and generates a second attribute list of the responder, wherein the second attribute list comprises the first account and the identity information of the responder;
the management device generates a second sub private key based on the second attribute list, the main public key and the main private key, and uploads the second sub private key and the second attribute list to the block chain;
the responder device acquires the second sub private key and the second attribute list from the block chain, performs attribute signature based on a first signature strategy and the second sub private key to obtain a first signature, and sends the first signature to the certification authority device, wherein the first signature strategy comprises the identity information of the responder and the first account;
and the certification authority equipment verifies the first signature based on a pre-acquired master public key, and determines the certification attribute corresponding to the first account when the first signature passes verification.
15. The method of claim 13, wherein the method further comprises:
receiving a transaction sent by the questioner device and used for transferring points to a blockchain account corresponding to the responder device, wherein the transaction comprises the number of the points;
executing the transaction, decreasing the points of the number of points from the blockchain account of the questioner device, and increasing the points of the number of points to the blockchain account corresponding to the responder device.
16. The method of claim 13, wherein the method further comprises:
and receiving encrypted additional question information sent by the questioner device, wherein the encrypted additional question information is obtained by performing attribute encryption on the questioner device based on the main public key, the additional question information and a third encryption strategy.
17. The method of claim 13, wherein the method further comprises:
and receiving a second information identifier and additional question information sent by the questioner device, wherein the second information identifier is generated by the answerer device aiming at the answer information.
18. A method of question-answering based on a blockchain, applied to a responder device, wherein attribute information of the responder is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by attribute encryption of the responder device based on the master public key and a first encryption policy, the method comprising:
obtaining a sub-private key of a responder and the encrypted question information from the blockchain, decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information by successfully decrypting the encrypted question information under the condition that a first attribute list corresponding to the responder device conforms to the first encryption strategy, wherein the sub-private key of the responder is generated by the management device based on the attribute information of the responder, the main public key and the main private key;
receiving answer information input by the answerer aiming at the question information, and sending the answer information to the block chain.
19. The method of claim 18, wherein the responder has a first account in the blockchain, the attribute information includes identity information of the responder, and the method further comprises:
obtaining a second sub private key and a second attribute list from the blockchain, wherein the second attribute list is generated by the management device based on the identity information of the responder obtained from the blockchain, and the second sub private key is generated by the management device based on the second attribute list, the main public key and a main private key;
and performing attribute signature on the basis of a first signature strategy and the second sub private key to obtain a first signature, sending the first signature to certification authority equipment so that the certification authority equipment can verify the first signature on the basis of a pre-obtained main public key and the first signature strategy, and uploading the certification attribute corresponding to the first account to the block chain in the case of passing verification, wherein the first signature strategy comprises the identity information of the responder and the first account.
20. The method of claim 18, wherein the receiving answer information input by the solver for the question information and sending the answer information to the blockchain comprises:
receiving answer information input by the answerer aiming at the question information, carrying out attribute encryption on the basis of the main public key, the answer information and a second encryption strategy to obtain encrypted answer information, and uploading the encrypted answer information to the block chain.
21. An apparatus for question-and-answer knowledge based on a blockchain, which is provided at a node of the blockchain, wherein attribute information of a responder is stored in the blockchain, the management device includes a main public key and a main private key for generating based on an attribute encryption algorithm, and the encrypted question information stored in the blockchain is obtained by attribute encryption by a questioner device based on the main public key and a first encryption policy, the apparatus comprising:
a first transmission unit configured to transmit attribute information of the responder to the management device in response to a request transmitted by the management device;
a first receiving unit configured to receive, from the management device, a responder sub-private key corresponding to the responder, the responder sub-private key being stored in the blockchain, wherein the responder sub-private key is generated based on the attribute information, the master public key, and the master private key;
a second transmitting unit configured to transmit the sub-private key of the responder and the encrypted question information to the responder device in response to a request transmitted by the responder device;
a second receiving unit configured to receive answer information transmitted by the responder device, wherein the answer information is obtained by the responder device through the following processes: decrypting the encrypted question information by using the sub-private key of the responder, and obtaining the question information after successful decryption under the condition that the first attribute list corresponding to the responder equipment conforms to the first encryption strategy; receiving answer information input by the answerer for the question information;
a third sending unit configured to send the answer information to the questioner device in response to a request sent by the questioner device.
22. An apparatus for question and answer knowledge based on a blockchain, provided in an answerer device, wherein attribute information of an answerer is stored in the blockchain, the management device includes a master public key and a master private key for generating based on an attribute encryption algorithm, and encrypted question information stored in the blockchain is obtained by attribute encryption by a questioner device based on the master public key and a first encryption policy, the apparatus comprising:
an information obtaining unit, configured to obtain a sub-private key of a responder and the encrypted question information from the blockchain, decrypt the encrypted question information using the sub-private key of the responder, and obtain the question information by successfully decrypting the encrypted question information in a case that a first attribute list corresponding to the responder device conforms to the first encryption policy, where the sub-private key of the responder is generated by the management device based on the attribute information of the responder, the master public key, and the master private key;
an information receiving unit configured to receive answer information input by the answerer for the question information and transmit the answer information to the block chain.
23. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to carry out the method of any one of claims 13-20.
24. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that, when executed by the processor, implements the method of any of claims 13-20.
CN202210722715.2A 2022-06-24 2022-06-24 Knowledge question-answering system, method and device based on block chain Pending CN115242398A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210722715.2A CN115242398A (en) 2022-06-24 2022-06-24 Knowledge question-answering system, method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210722715.2A CN115242398A (en) 2022-06-24 2022-06-24 Knowledge question-answering system, method and device based on block chain

Publications (1)

Publication Number Publication Date
CN115242398A true CN115242398A (en) 2022-10-25

Family

ID=83668834

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210722715.2A Pending CN115242398A (en) 2022-06-24 2022-06-24 Knowledge question-answering system, method and device based on block chain

Country Status (1)

Country Link
CN (1) CN115242398A (en)

Similar Documents

Publication Publication Date Title
Li et al. Efficient and privacy-preserving carpooling using blockchain-assisted vehicular fog computing
JP6892513B2 (en) Off-chain smart contract service based on a reliable execution environment
CN108600272B (en) Block chain data processing method, device, processing equipment and system
KR102145701B1 (en) Prevent false display of input data by participants in secure multi-party calculations
CN111492634A (en) Secure and confidential custody transaction systems, methods, and apparatus using zero-knowledge protocols
US11251977B2 (en) Validation data structure for decentralized identity claim
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
Sun et al. A searchable personal health records framework with fine-grained access control in cloud-fog computing
US11128457B2 (en) Cryptographic key generation using external entropy generation
ES2961364T3 (en) Control of the delegated use of data related to decentralized identifiers or DIDs
Cui et al. A practical and efficient bidirectional access control scheme for cloud-edge data sharing
EP4152197A1 (en) Methods and systems for managing user data privacy
CN114065271A (en) Data processing method and device
Keshta et al. Blockchain aware proxy re-encryption algorithm-based data sharing scheme
Yildiz et al. A tutorial on the interoperability of self-sovereign identities
Gowda et al. BPCPR-FC: blockchain-based privacy preservation with confidentiality using proxy reencryption and ring signature in fog computing environments
Bossuat et al. Unlinkable and invisible γ-sanitizable signatures
Huynh et al. A reliability guaranteed solution for data storing and sharing
Mittal et al. A novel two-level secure access control approach for blockchain platform in healthcare
CN115277002A (en) Digital identity management method, block chain node and system
CN115242398A (en) Knowledge question-answering system, method and device based on block chain
CN115134136B (en) System, method, device, storage medium and computing device for socializing based on blockchain
CN115580412B (en) System, method and device for managing digital heritage based on block chain
CN115037548B (en) System, method, device, medium and equipment for secure multiparty computation of data based on blockchain
CN115118485A (en) Method and device for acquiring data based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination