CN115473664A

CN115473664A - Credit data processing method and model based on block chain

Info

Publication number: CN115473664A
Application number: CN202210609769.8A
Authority: CN
Inventors: 马兆丰; 刘嘉微; 王姝爽; 罗守山
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2022-05-31
Filing date: 2022-05-31
Publication date: 2022-12-13

Abstract

The application provides a credit data processing method and a credit data processing model based on a block chain, wherein the method comprises the following steps: receiving a calling request aiming at target credit data sent by a data demand node in a layered acquisition block chain credit network; and checking whether the data demand node has the access control authority of the target credit data or not based on a preset access control algorithm, if so, distributing a private key to the data demand node, calling a ciphertext corresponding to the target credit data in a block chain and sending the ciphertext to the data demand node so that the data demand node decrypts the ciphertext based on the private key to obtain the target credit data. The method and the device can realize limited sharing and privacy protection of the credit data in the field of digital credit, can guarantee the credit data acquisition performance and data authenticity, reduce the possibility of data privacy disclosure, effectively solve the problem of overlarge overhead in ciphertext operation, and further effectively improve the safety and reliability of the credit data processing process.

Description

Credit data processing method and model based on block chain

Technical Field

The present application relates to the field of block chain technologies, and in particular, to a credit data processing method and model based on a block chain.

Background

With the rapid development of technologies such as big data and cloud computing, credit has been widely studied as a key technology in the financial field. The big data technology provides massive and diverse data for credit institutions, and solves the problem of single data source; the cloud computing provides a large-capacity computing space, and pain points of credit data storage and operation difficulty are solved; however, the authenticity of the credit data provided by the data source cannot be guaranteed, and the credit data contains sensitive data in the fields of user finance, education and the like. Therefore, when data privacy security cannot be guaranteed, data providers are reluctant to join credit evaluation organizations.

The block chain is used as a novel data sharing technology, has the characteristics of non-falsification and traceability, and can store data in a distributed manner on the premise of no trusted third party by using an intelligent contract and a consensus mechanism, so that the risk of artificial fraud is avoided. Due to the outstanding advantages of P2P networks, anonymous transactions, decentralized architecture, etc. in blockchains, blockchains have been widely used in many privacy-preserving scenarios.

However, the existing credit data processing method lacks a specific scheme for realizing user privacy protection and credit data sharing based on a block chain. Therefore, it is of great significance to research how to simultaneously achieve limited sharing of credit data and privacy protection in the field of digital credit.

Disclosure of Invention

In view of the above, embodiments of the present application provide a method and a model for processing credit data based on a block chain, so as to obviate or mitigate one or more of the drawbacks of the related art.

One aspect of the present application provides a method for processing credit data based on a block chain, including:

receiving a calling request aiming at target credit data sent by a data demand node in a layered acquisition block chain credit network;

and checking whether the data demand node has the access control authority of the target credit data or not based on a preset access control algorithm, if so, distributing a private key to the data demand node, calling a ciphertext corresponding to the target credit data in a block chain and sending the ciphertext to the data demand node, so that the data demand node decrypts the ciphertext based on the private key to obtain the target credit data.

In some embodiments of the present application, further comprising:

receiving a storage request aiming at target credit data sent by a data providing node in a layered acquisition block chain credit network;

encrypting the target credit data based on an asymmetric encryption algorithm to obtain a corresponding ciphertext, and storing the ciphertext into a distributed account book;

and performing homomorphic operation on the ciphertext at the cloud end according to a homomorphic encryption algorithm, setting the access control authority requirement of the target credit data, and storing the ciphertext corresponding to the target credit data into the block chain.

In some embodiments of the present application, before the receiving a call request for target credit data sent by a demand node in a hierarchical acquisition blockchain credit network or before the receiving a storage request for target credit data sent by a data providing node in the hierarchical acquisition blockchain credit network, the method further includes:

receiving a certificate registration request sent by a user, issuing or updating a certificate for the user, and initializing an attribute-based encryption algorithm CP-ABE to generate a private key of the user;

wherein the user provides a node or a data demand node for data in the hierarchical acquisition block chain credit network.

In some embodiments of the application, said initializing an attribute-based encryption algorithm CP-ABE for generating the private key of the user comprises:

a randomization algorithm and a preset safety factor are called to initialize and calculate to obtain a credit system public key and a credit system master key;

initializing and generating a prime number domain, a permission revocation list, a mapping table containing a user Gid and a unique prime number and a mapping table containing a user attribute and a revocation list corresponding to a user permission revocation mechanism based on the credit system public key;

and dynamically generating a unique private key of the user according to the credit system public key, the credit system master key and the attribute set of the user, selecting a prime number in the prime number domain to distribute to the user, and deleting the distributed prime number from the prime number domain.

In some embodiments of the present application, the checking, based on a preset access control algorithm, whether the data demand node has an access control authority over the target credit data, and if yes, distributing a private key to the data demand node includes:

acquiring the attribute of the data demand node in the layered acquisition block chain credit network, and extracting the access control authority requirement of the target credit data;

and judging whether the attribute of the data demand node meets the access control authority requirement of the target credit data, if so, determining that the data demand node has the access control authority of the target credit data, and distributing a private key to the data demand node.

In some embodiments of the present application, the encrypting the target credit data based on the asymmetric encryption algorithm includes:

and encrypting the target credit data based on an elliptic cryptography algorithm (ECC) in the asymmetric cryptography algorithm.

In some embodiments of the present application, said homomorphic operation on the ciphertext according to a homomorphic encryption algorithm at a cloud includes:

and performing approximate operation on the ciphertext at the cloud based on the approximate calculation homomorphic encryption algorithm CKKS in the homomorphic encryption algorithm.

In some embodiments of the present application, the hierarchical acquisition block chain credit network comprises: the system comprises a plurality of organizations belonging to different types of primary credit channels, wherein each organization consists of a plurality of credit nodes, each credit node comprises a data demand node or a data supply node, and the authority of each credit node can be management authority or common authority;

each organization comprises at least one credit node for managing authority and a plurality of credit nodes for common authority;

the credit nodes managing the rights in each of the organizations also belong to a premium credit channel.

Another aspect of the present application provides a block chain-based credit data processing model, including: a data block chain layer and an access control layer, the data block chain layer comprising: a hierarchical acquisition block chain credit network and a certificate authority;

the access control layer is provided with an access control algorithm which is a trusted third party based on the certificate authority;

the certificate authority in the data blockchain layer is used for receiving a calling request aiming at target credit data sent by a data demand node in a layered acquisition blockchain credit network;

the certificate issuing mechanism in the data block chain layer is further used for checking whether the data demand node has the access control authority of the target credit data or not based on the access control algorithm, if so, a private key is distributed to the data demand node, a ciphertext corresponding to the target credit data is called from the block chain and sent to the data demand node, and therefore the demand node decrypts the ciphertext based on the private key to obtain the target credit data.

In some embodiments of the present application, further comprising:

the credit data storage layer is used for receiving a storage request aiming at target credit data sent by a data providing node in the layered acquisition block chain credit network;

the credit data encryption layer is used for encrypting the target credit data based on an asymmetric encryption algorithm to obtain a corresponding ciphertext and storing the ciphertext into a distributed account book;

and the homomorphic encryption safety calculation layer is used for homomorphic operation on the ciphertext at the cloud end according to a homomorphic encryption algorithm, setting the access control authority of the target credit data and storing the ciphertext corresponding to the target credit data into the block chain.

The block chain-based credit data processing method receives a calling request aiming at target credit data sent by a data demand node in a layered acquisition block chain credit network; checking whether the data demand node has the access control authority of the target credit data or not based on a preset access control algorithm, if so, distributing a private key to the data demand node, calling a ciphertext corresponding to the target credit data in a block chain and sending the ciphertext to the data demand node, so that the data demand node decrypts the ciphertext based on the private key to obtain the target credit data; by adopting a layered acquisition block chain credit network, the credit data acquisition performance and the data authenticity can be ensured, and due to the characteristics of P2P communication and decentralization of a block chain, a user does not need to transfer data to an untrusted third party for storage, so that the possibility of data privacy disclosure can be reduced; by adopting an access control algorithm, fine-grained control of access authority of the credit data can be realized; by introducing fully homomorphic encryption operation, the difficult problem of overlarge expense in ciphertext operation can be effectively solved, privacy protection of credit data can be realized by combining an asymmetric encryption algorithm, and when the credit data leaves the local area, the original data is encrypted by using an asymmetric encryption layer in a design model. Meanwhile, a homomorphic encryption layer in the model is called in the cloud server to perform operation on the encrypted data, so that the output of the original data can be reduced, and the credit data processing method based on the block chain has good performances in the aspects of communication efficiency, interface performance and block chain performance. The method and the model have certain reference significance and application value in the field of actual credit.

Additional advantages, objects, and features of the application will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.

It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present application are not limited to the specific details set forth above, and that these and other objects that can be achieved with the present application will be more clearly understood from the detailed description that follows.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application, are incorporated in and constitute a part of this application, and are not intended to limit the application. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the application. For purposes of illustrating and describing certain portions of the present application, corresponding parts may be exaggerated in the drawings, i.e., may be larger relative to other components in an exemplary device actually made according to the present application. In the drawings:

fig. 1 is a schematic flowchart of a block chain-based credit data processing method according to an embodiment of the present application.

Fig. 2 is a schematic specific flowchart of a block chain-based credit data processing method according to an embodiment of the present application.

Fig. 3 is a third specific flowchart of a block chain-based credit data processing method according to an embodiment of the present application.

Fig. 4 is a schematic structural diagram of a digital credit blockchain network in the method for processing credit data based on blockchains in an embodiment of the present application.

Fig. 5 is a schematic diagram of a block chain-based credit data processing model provided in an application example of the present application.

Fig. 6 is a schematic diagram of a layered architecture of a credit data limited sharing and privacy protection model provided in an application example of the present application.

Fig. 7 is a credit architecture diagram composed of a data provider, a digital credit blockchain network and a data demander, provided by an application example of the present application.

Fig. 8 is a diagram illustrating a hierarchical network topology structure of a credit data block chain according to an exemplary application of the present application.

Fig. 9 is a flowchart of a user registering and applying for data access control authority according to an application example of the present application.

FIG. 10 is a diagram of a CP-ABE call architecture provided in an example application of the present application.

Fig. 11 is a schematic diagram of a user attribute policy tree provided in an application example of the present application.

Fig. 12 is a flowchart of a homomorphic encryption algorithm provided in an application example of the present application.

Fig. 13 is a flowchart of a homomorphic encryption process for credit data provided by an application example of the present application.

Fig. 14 is a flowchart of ECC data operation provided in the application example of the present application.

Fig. 15 is a schematic diagram of an average flow rate provided by an application example of the present application.

Fig. 16 is a schematic diagram of throughput TPS information provided by an application example of the present application.

Fig. 17 is a schematic diagram of an aggregate report provided in an application example of the present application.

FIG. 18 is a schematic diagram of the results of Tape read tests provided in the application example of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present application are provided to explain the present application and not to limit the present application.

Here, it should be further noted that, in order to avoid obscuring the present application with unnecessary details, only the structures and/or processing steps closely related to the scheme according to the present application are shown in the drawings, and other details not so relevant to the present application are omitted.

It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.

It is also noted that, unless otherwise specified, the term "coupled" is used herein to refer not only to a direct connection, but also to an indirect connection with an intermediate.

Hereinafter, embodiments of the present application will be described with reference to the drawings. In the drawings, the same reference numerals denote the same or similar parts, or the same or similar steps.

At present, two problems of difficult data sharing and easy leakage of user privacy exist in the credit field. At present, a mode of combining public credit investigation and civil camp credit investigation is adopted in China, and due to the fact that credit investigation institutions are different and business competition exists among the same civil camp institutions, a large amount of effective user credit data cannot be shared, and an 'information island' is easy to form. Meanwhile, the traditional credit mechanism is accompanied by the problems of single access authority, inflexibility and the like, so that the sharing of credit data, especially the limited sharing with fine-grained access control on the premise of ensuring data security becomes a problem to be solved urgently.

Secondly, the traditional credit system collects, processes and releases personal credit data through a centralized authority, once a centralized server is attacked by a hacker, the privacy and the security of the credit information of the user cannot be guaranteed. If the block chain is directly used to realize the uplink of the credit data, an attacker can also deduce the sensitive information of the user by analyzing the contact among different transactions. There is therefore also a need to develop a credit scheme that ensures user privacy while guaranteeing limited sharing.

Inspired by the characteristics of the block chain, the block chain technology is combined, and the model for solving the pain point problems in the aspects of data sharing and privacy protection in the current credit system is provided.

The block chain is essentially a linear linked list with blocks as basic units, and is connected through a hash value, a node in the network can pack a plurality of transactions into one block, and the block can be linked to a decentralized public account book which is only increased or not deleted after being confirmed through a consensus mechanism. The core technology mainly comprises a distributed account book, asymmetric encryption, a consensus mechanism and an intelligent contract; the block chain has the characteristics of unforgeability, openness and transparency, process marking, traceability and the like, and can be used as a trust basis of a traditional mechanism based on the characteristics. The method is widely applied to the fields of finance, internet of things, public services, digital copyright and insurance.

The cryptography technology is used as a core technology in the block chain and plays a core role in guaranteeing the integrity, confidentiality, authenticable and non-repudiation of the block chain and the distributed account book. The ciphers related to the block chain mainly include hash algorithm, homomorphic encryption, asymmetric encryption, merkel tree, certificate mechanism, digital signature, etc. Wherein the private key in the asymmetric encryption algorithm is generally generated by a random algorithm, and the public key can be generated from the private key. Because the public key and the private key in the algorithm are separated, a secure channel is not required to be additionally arranged to distribute the keys.

A homomorphic encryption algorithm is a special encryption algorithm. The result obtained by processing the ciphertext is the ciphertext, the decryption of the ciphertext is the same as or similar to the result obtained by processing the plaintext, and the homomorphism of data is kept. And homomorphic encryption is used in the block chain, so that the intelligent contract can process user data without acquiring plaintext data, and the privacy safety of the user is guaranteed. The homomorphic encryption comprises four algorithms of key generation, ciphertext calculation, encryption and decryption.

1) The key generation algorithm: using a randomization algorithm. The input parameter is a safety factor lambda, and the output parameters are an encryption public key pk, a decryption private key sk and a public key ek respectively.

2) And (3) encryption algorithm: using a randomization algorithm. The input parameters are plaintext message and public key pk, and the output parameter is ciphertext c. Because the random number is used, even if the same plaintext is used, different ciphertexts can be obtained after encryption.

3) And (3) ciphertext calculation: using a deterministic algorithm. Inputting the public key ek, the calculating circuit C and the ciphertext C, and outputting the result as calculated C ^* 。

4) And (3) decryption algorithm: a deterministic algorithm implementation is used. And inputting the decryption private key sk and the ciphertext c and outputting the decryption private key sk and the ciphertext c as a plaintext m.

Through the four probability polynomial time algorithms, the homomorphism, the correctness, the compactness and the safety of the encrypted data are ensured.

At present, a credit investigation mode with public credit investigation as a main mode and civil credit investigation as an auxiliary mode is adopted in China. Credit data is collected, processed and published by several authorities, such as the chinese people's bank, official agencies and third party credit investigation agencies. The third party credit investigation institution plays a supplementary role. The credit construction of developed countries in foreign countries has been a century history, and the most prominent characteristic is that the credit legislation is developed more mature.

In academic, an economist thinks that the characteristics of privacy protection, non-tampering, traceability and the like of the block chain can bring new development opportunities to the credit industry. The famous credit enterprises indicate that the alliance chain has the characteristics of identity authentication, public accounts, encryption algorithms, consensus mechanisms, intelligent contracts and the like, and is suitable for acquisition, transmission, storage, supervision and verification of credit data. Scholars detail the problems and challenges that need to be solved by applying a block chain-based distributed ledger; a learner constructs a credit data sharing database based on a block chain, and the authenticity and the reliability of the improved database are greatly improved. The learners realize a block chain-based cross-platform credit data sharing model and verify the feasibility of the design model through tests. The scholars provide a user credit evaluation system based on a block chain, and the credit data is not falsified and traceable through technologies such as intelligent contracts in the block chain; scholars have designed a blockchain credit model for enterprises, which solves the problem of information mismatch in credit markets, but does not solve the privacy security problem of users in the model. In consideration of the privacy protection problem, some researchers propose an asymmetric key based decentralized block chain credit model, which is mainly based on the support of cited documents, and no detailed implementation scheme is given.

However, according to the data collected at present, there is no specific solution for implementing user privacy protection and credit data sharing based on block chain. Therefore, it is of great significance to research how to simultaneously realize the limited sharing of credit data and the privacy protection in the field of digital credit. The credit data limited sharing and privacy protection model is designed based on the block chain, and processing such as credit data acquisition, transmission and calculation can be completed.

Specifically, the contributions of the present application are as follows:

1) Compared with the traditional credit system, the layered block chain credit model designed and realized by the application guarantees the credit data acquisition performance and the data authenticity. Due to the characteristics of block chain P2P communication and decentralization, a user does not need to transfer data to an untrusted third party for storage, and the possibility of data privacy disclosure is reduced.

2) To better achieve privacy protection, the original data is encrypted using an asymmetric encryption layer in the design model when the credit data leaves the local. And simultaneously calling a homomorphic encryption layer in the model in the cloud server to perform operation on the encrypted data. The output of the raw data is reduced.

3) Aiming at the potential sharing authority problem in the credit field, a certificate authority of a block chain is designed in a model provided by an article to serve as a trusted third party of an access control algorithm, a flexible access authority strategy is set, strategy initialization, key generation and distribution are achieved through the certificate authority, and the operations are executed by using an intelligent contract. Therefore, fine-grained control of the data authority is realized, and the problem of artificial counterfeiting in the traditional credit system is also eliminated.

4) The method and the device provide a specific implementation scheme based on a designed credit data limited sharing and privacy protection model.

Based on this, an embodiment of the present application provides a block chain-based credit data processing method that can be implemented by a block chain-based credit data processing model, and referring to fig. 1, the block chain-based credit data processing method specifically includes the following contents:

step 110: receiving a call request aiming at target credit data sent by a data demand node in a layered acquisition block chain credit network.

In step 110, a trusted third party in the data blockchain layer in the model may receive a credit data invocation request sent by a user who has issued or updated a certificate, and the user who has registered the certificate is a credit node in the hierarchical acquisition blockchain credit network, and if the credit node is a data demander, the credit node may be a data demander node in the hierarchical acquisition blockchain credit network; it can be understood that, if the credit node is a data provider, it may be a data providing node in a hierarchical acquisition block chain credit network, and specifically, the role switching may be performed according to an actual application scenario.

It will be appreciated that prior to step 110, if a credit data invocation request is received from a user who has not issued or updated a registration certificate, then a notification message of prior application for the certificate needs to be returned thereto, and upon receipt of a certificate registration request from a user who has not issued or updated a registration certificate, then the CA needs to issue or update a certificate for that user.

Step 120: and checking whether the data demand node has the access control authority of the target credit data or not based on a preset access control algorithm, if so, distributing a private key to the data demand node, calling a ciphertext corresponding to the target credit data in a block chain and sending the ciphertext to the data demand node, so that the data demand node decrypts the ciphertext based on the private key to obtain the target credit data.

It can be understood that the main body executing the "checking whether the data demand node has the access control authority of the target credit data based on the preset access control algorithm, if yes, distributing the private key to the data demand node, calling the ciphertext corresponding to the target credit data in the block chain and sending the ciphertext to the data demand node" may be a trusted third party, so as to implement fine-grained control of the data authority and eliminate the problem of artificial counterfeiting in the conventional credit system.

In a specific example of a trusted third party, a certificate authority CA may be employed, namely: the certificate authority of the block chain is used as a trusted third party of an access control algorithm, a flexible access authority strategy is set, strategy initialization, secret key generation and distribution are achieved through the certificate authority, and the operations are executed by using an intelligent contract.

As can be seen from the above description, the block chain-based credit data processing method provided in the embodiment of the present application can ensure the credit data acquisition performance and the data authenticity by using a hierarchical acquisition block chain credit network, and due to the characteristics of P2P communication and decentralization of the block chain, a user does not need to transfer data to an untrusted third party for storage, so that the possibility of data privacy disclosure can be reduced; by adopting an access control algorithm, fine-grained control of the access authority of the credit data can be realized; by introducing fully homomorphic encryption operation, the difficult problem of overlarge expense in ciphertext operation can be effectively solved, privacy protection of credit data can be realized by combining an asymmetric encryption algorithm, and when the credit data leaves the local area, the original data is encrypted by using an asymmetric encryption layer in a design model. Meanwhile, a homomorphic encryption layer in the model is called in the cloud server to perform operation on the encrypted data, so that the output of the original data can be reduced, and the credit data processing method based on the block chain has good performances in the aspects of communication efficiency, interface performance and block chain performance. The method and the model have certain reference significance and application value in the field of actual credit.

In order to better implement privacy protection, in a block chain-based credit data processing method provided in an embodiment of the present application, referring to fig. 2, the block chain-based credit data processing method further includes the following steps:

step 210: receiving a storage request for target credit data sent by a data providing node in a hierarchical acquisition block chain credit network.

Step 220: and encrypting the target credit data based on an asymmetric encryption algorithm to obtain a corresponding ciphertext, and storing the ciphertext into the distributed account book.

Step 230: and performing homomorphic operation on the ciphertext at the cloud end according to a homomorphic encryption algorithm, setting the access control authority requirement of the target credit data, and storing the ciphertext corresponding to the target credit data into the block chain.

In particular, to better achieve privacy protection, the original data is encrypted using an asymmetric encryption layer in the design model when the credit data leaves the local. And simultaneously calling a homomorphic encryption layer in the model in the cloud server to perform operation on the encrypted data. The output of the raw data is reduced.

It is understood that the execution sequence between steps 210 to 230, and between step 110 and step 120 is determined according to the actual application scenario, the former is the data uplink storage procedure, and the latter is the data retrieval procedure, and there is no fixed execution sequence therebetween.

In order to better implement the limited sharing and privacy protection, in the block chain-based credit data processing method provided in the embodiment of the present application, referring to fig. 2, before step 110 or step 210 in the block chain-based credit data processing method, the following may be further included:

step 010: receiving a certificate registration request sent by a user, issuing or updating a certificate for the user, and initializing an attribute-based encryption algorithm CP-ABE to generate a private key of the user; wherein the user provides a node or a data demand node for data in the hierarchical acquisition block chain credit network.

Specifically, in the CA, when a certificate application is received, a corresponding certificate is issued or updated for a user, and CP-ABE initialization and key generation and distribution are completed simultaneously to realize the authority setting of the user.

In order to further improve the application reliability of the CP-ABE, in the block chain based credit data processing method provided in the embodiment of the present application, referring to fig. 3, step 010 of the block chain based credit data processing method specifically includes the following steps:

step 011: receiving a certificate registration request sent by a user, and issuing or updating a certificate for the user;

step 012: a randomization algorithm and a preset safety coefficient are called to initialize and calculate to obtain a credit system public key and a credit system master key;

step 013: initializing and generating a prime number domain, a permission revocation list, a mapping table containing a user Gid and a unique prime number and a mapping table containing a user attribute and a revocation list corresponding to a user permission revocation mechanism based on the credit system public key;

step 014: and dynamically generating a unique private key of the user according to the credit system public key, the credit system master key and the attribute set of the user, selecting a prime number in the prime number domain to distribute to the user, and deleting the distributed prime number from the prime number domain.

Specifically, a randomization algorithm is called as an initialization algorithm of the credit system, and the initialization algorithm outputs a public key of the credit system and a master key of the system by inputting a safety factor; the access control scheme can realize the revocation function of the user authority, so a user authority revocation mechanism is arranged, the initialization process of the revocation mechanism is that a prime number domain, an authority revocation list, a mapping table containing Gid and unique prime numbers of a user and a mapping table containing user attributes and a revocation list are generated through a credit system public key generated in system initialization; and then, dynamically generating a unique private key of the user in the CA by inputting a public key of the credit system, a master key of the credit system and an attribute set of the user. And selecting a prime number in the prime number domain to distribute the prime number to the user, deleting the prime number from the prime number domain to ensure the uniqueness of the prime number of the user, and updating the mapping table by using the prime number.

In order to further improve the reliability of access control, in the block chain based credit data processing method provided in the embodiment of the present application, referring to fig. 3, step 120 in the block chain based credit data processing method further includes the following steps:

step 121: and acquiring the attribute of the data demand node in the layered acquisition block chain credit network, and extracting the access control authority requirement of the target credit data.

It is understood that the attributes of the data requirement node may include user information, information of the credit channel where the data requirement node is located, and the credit organization information. Reference to "credit organization" and "organization" in this application refers to the same.

Step 122: and judging whether the attribute of the data demand node meets the access control authority requirement of the target credit data, if so, determining that the data demand node has the access control authority of the target credit data, and distributing a private key to the data demand node.

Specifically, in the decryption process, a leaf node in the user attribute set policy tree is accessed first, the user name, organization name and channel name required by the access authority are accessed first, and the requirement of the access authority is acquired by traversing the attribute policy tree, for example, it is set herein that when a user is in the primary credit channel 1 and all members in the credit organization 1 can decrypt credit data. And then checking whether the user is revoked, traversing the revocation list of the user by a decryption algorithm to obtain a result of taking the revocation list and the unique prime number of the user, wherein if the result is 0, the user is revoked, and if not, the user is not revoked. The ciphertext can be decrypted to obtain the credit data only after the verification is passed.

Step 123: and calling a ciphertext corresponding to the target credit data in a block chain and sending the ciphertext to the data demand node, so that the data demand node decrypts the ciphertext based on the private key to obtain the target credit data.

In order to further improve the application reliability of asymmetric encryption, in the block chain based credit data processing method provided in the embodiment of the present application, referring to fig. 3, step 220 in the block chain based credit data processing method further includes the following contents:

step 221: and encrypting the target credit data based on an elliptic cryptography algorithm (ECC) in an asymmetric cryptography algorithm.

Specifically, the credit data is stored in the block chain safely by using an asymmetric encryption ECC algorithm before being sent to the cloud server and then by setting access control authority. The credit system selects an elliptic curve, simultaneously takes one point on the curve as a base point, takes one point as a private key, generates a public key through the private key, and sends the selected elliptic curve and the public key generated by base point clicking to a credit data owner, wherein DO of the credit data firstly encodes the credit data and generates a random number, the encoded data is encrypted and then uploaded to a cloud server for homomorphic calculation, when a credit data demand party needs the data, the data can be downloaded from the cloud server, the encoded data is obtained by decryption through the private key, and the original credit data is obtained after decoding.

In order to further improve the application reliability of asymmetric encryption, in the block chain based credit data processing method provided in the embodiment of the present application, referring to fig. 3, step 230 in the block chain based credit data processing method further includes the following contents:

step 231: and performing approximate operation on the ciphertext on the basis of an approximate calculation homomorphic encryption algorithm CKKS in the homomorphic encryption algorithm at a cloud end, setting the access control authority requirement of the target credit data, and storing the ciphertext corresponding to the target credit data into the block chain.

Particularly, in the scene of the credit field, a credit organization usually adopts complex number operation actually, and only a part of effective numbers need to be obtained for a required evaluation grade result, so that the CKKS algorithm in the SEAL library is improved and integrated to be used as a homomorphic encryption safety calculation layer of the model. The objective of utilizing the homomorphic encryption CKKS algorithm is to perform approximate calculation, allow errors and relax the limitation of accuracy, so that compared with other schemes based on Paillier equivalent homomorphic encryption, the scheme is greatly simplified, and the calculation efficiency is greatly improved. Before the credit data in the module is sent to the cloud server, a common public key encryption system is adopted, and then encoding, decoding, initialization, key generation, encryption, decryption, homomorphic multiplication and rescaling operation are carried out at the cloud end.

In order to further improve the application reliability of the hierarchical acquisition blockchain credit network, in the credit data processing method based on the blockchain provided in the embodiment of the present application, the hierarchical acquisition blockchain credit network may also be referred to as a digital credit blockchain network, and referring to fig. 4, the digital credit blockchain network includes:

the system comprises a plurality of organizations belonging to different types of primary credit channels, wherein each organization consists of a plurality of credit nodes, each credit node comprises a data demand node or a data supply node, and the authority of each credit node can be management authority or common authority;

Specifically, different data providers can be used as credit nodes and added into corresponding organizations, each organization comprises four types of nodes, namely an endorsement node, a submission node, a sequencing node and a leader, different organizations can be added into different initial channels to realize initial isolation of data, and anchor nodes in a plurality of primary credit channels are uniformly added into a high-level credit channel to realize data sharing. Meanwhile, the credit data ensures the traceability, integrity and safety of the data by executing an intelligent contract and an encryption algorithm.

Wherein, the data provider or the data providing node means: refers to government, medical, educational, and enterprise multi-party entities that are capable of providing effective credit data.

The data demander or data demander node refers to: users with a need for credit data, such as bidding for projects, market admission, credit report review, etc. And the data provider (or data providing node) and the data demander (or data requiring node) in the layered acquisition block chain credit network are dynamically convertible.

From a software aspect, the present application further provides a block chain-based credit data processing model for implementing all or part of the block chain-based credit data processing method, and referring to fig. 5, the block chain-based credit data processing model specifically includes the following contents:

a data block chain layer and an access control layer, the data block chain layer comprising: a hierarchical acquisition block chain credit network and a certificate authority;

Further, the block chain-based credit data processing model further includes:

The embodiment of the block chain-based credit data processing model provided in the present application may be specifically used to execute the processing procedure of the embodiment of the block chain-based credit data processing method in the foregoing embodiment, and the function of the embodiment is not described herein again, and reference may be made to the detailed description of the above block chain-based credit data processing method embodiment.

Part of the block chain based credit data processing performed by the certificate authority in the block chain based credit data processing model can be executed in the server, and in another practical application scenario, all operations can be completed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. If all operations are completed in the client device, the client device may further include a processor configured to provide the certificate authority with detailed processing of block chain-based credit data processing.

The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.

The server and the client device may communicate using any suitable network protocol, including network protocols not yet developed at the filing date of the present application. The network protocol may include, for example, a TCP/IP protocol, a UDP/IP protocol, an HTTP protocol, an HTTPS protocol, or the like. Of course, the network Protocol may also include, for example, an RPC Protocol (Remote Procedure Call Protocol), a REST Protocol (Representational State Transfer Protocol), and the like used above the above Protocol.

From the above description, compared with the conventional credit system, the block chain-based credit data processing model provided in the embodiments of the present application guarantees credit data acquisition performance and data authenticity. Due to the characteristics of block chain P2P communication and decentralization, a user does not need to hand data to an untrusted third party for storage, and the possibility of data privacy disclosure is reduced. By adopting a layered acquisition block chain credit network, the credit data acquisition performance and the data authenticity can be ensured, and due to the characteristics of P2P communication and decentralization of a block chain, a user does not need to transfer data to an untrusted third party for storage, so that the possibility of data privacy disclosure can be reduced; by adopting an access control algorithm, fine-grained control of access authority of the credit data can be realized; by introducing fully homomorphic encryption operation, the difficult problem of overlarge expense in ciphertext operation can be effectively solved, privacy protection of credit data can be realized by combining an asymmetric encryption algorithm, and when the credit data leaves the local area, the original data is encrypted by using an asymmetric encryption layer in a design model. Meanwhile, a homomorphic encryption layer in the model is called in the cloud server to perform operation on the encrypted data, so that the output of the original data can be reduced, and the credit data processing method based on the block chain has good performances in the aspects of communication efficiency, interface performance and block chain performance. The method and the model have certain reference significance and application value in the field of actual credit.

In order to further explain the scheme, the present application further provides a specific application example of a block chain-based credit data processing method and a model, where the block chain-based credit data processing method may also be referred to as a block chain-based credit data limited sharing and privacy protection method, and the block chain-based credit data processing model may also be referred to as a block chain-based credit data limited sharing and privacy protection model.

With the development of the current credit system, the digitization of credit data is a necessary choice for promoting the establishment of social credit. The current credit data of users are mainly stored in a centralized credit institution in a plaintext form, and the problems of difficult sharing and poor safety exist. Due to the traceable and non-falsifiable characteristic of the block chain, a novel distributed storage solution is provided for the credit field. The method includes the steps that a block chain, a homomorphic encryption algorithm, an access control algorithm and an asymmetric algorithm are combined, a block chain model with limited data sharing and privacy protection is provided, and credit data are encrypted in the block chain model by calling an ECC asymmetric algorithm and then sent to a cloud server; introducing a CKKS algorithm in a SEAL library at the cloud end for homomorphic encryption, so that pain points with high cost in ciphertext calculation are solved; taking a blockchain certificate authority as a trusted third party to complete initialization, key generation and distribution of the improved access control algorithm CP-ABE; and finally storing the credit data on the block chain. The system realized by the model can ensure fine-grained access control and privacy protection of the user authority. The function and performance evaluation shows that the method has good reference significance and application value in the aspects of privacy protection, credit evidence preservation, access control and the like in the field of digital credit, and the throughput of an application system and the block chain TPS can meet the requirements of actual application performance.

Correspondingly, the credit data processing method and the credit data processing model based on the block chain comprise the following contents:

credit data limited sharing and privacy protection method and model

Based on the pain points of centralization, poor safety and the like of the current traditional credit system, the credit data limited sharing and privacy protection model based on the block chain is designed, and a specific implementation method is provided.

1. Model hierarchy

The credit data restricted sharing and privacy preserving model architecture is divided into an application layer, a blockchain core layer, a network layer and a data layer from top to bottom as shown in fig. 6.

1) An application layer: the functions of credit data chaining, certificate issuing, safety calculation, node adding, intelligent contracts, consensus algorithms, identity authentication, data encryption and the like are realized through a system platform, and a user provides an interface through an application layer to perform corresponding operation.

2) Block chain core layer: is the core layer of the model, where the chain of vouchers uses the federation chain's credit information vouchers support as decentralized; based on a consensus algorithm and an intelligent contract of a block chain, an authorized user can access corresponding data to realize limited sharing of the data; by using an encryption algorithm and a homomorphic technology, the credit data is transmitted and calculated in a ciphertext mode, and the safety and the privacy of the data are ensured.

3) Block chain network layer: and storing credit data into a block chain, and realizing node discovery and joining by constructing a layered P2P network, communicating by using a gossip protocol, and using a broadcasting mechanism, a verification mechanism, a synchronization mechanism and the like.

4) A storage layer: as the support of the whole system, a layered credit network consisting of credit nodes and anchor nodes is constructed, wherein a plurality of credit nodes and anchor nodes form a primary credit network, and all anchor nodes form a high-level credit network. The integrity, consistency and reliability of the credit data in the storage layer are ensured by realizing the safe storage, content encryption, safe sharing and privacy protection of the credit data.

According to the actual scene of credit service, the application designs a credit system consisting of a data provider, a digital credit blockchain network (i.e. the aforementioned layered acquisition blockchain credit network) and a data demander, as shown in fig. 7.

1) A data provider: it refers to a multi-party organization such as an official agency, medical, educational, and enterprise that can provide effective credit data.

2) Digital credit blockchain network: different data providers can be used as credit nodes and added into corresponding organizations, each organization comprises four types of nodes including endorsement nodes, submission nodes, sequencing nodes and leaders, different organizations can be added into different initial channels to realize primary isolation of data, and anchor nodes in a plurality of primary credit channels are uniformly added into a high-grade credit channel to realize data sharing. Meanwhile, the credit data ensures the traceability, integrity and safety of the data by executing an intelligent contract and an encryption algorithm.

3) The data demand side: refers to users who have a need for credit data, such as bidding for projects, market admission, credit report review, etc. Wherein data providers and data consumers in the system are dynamically convertible.

Based on the characteristics of non-tampering, traceability, high safety, limited sharing and the like in the design scheme of the application, the defects caused by factors such as competition in a system business mode can be balanced, and therefore the sharing of credit data can be better promoted.

2. Detailed design of model

According to the design model, the detailed architecture of the design model is shown in FIG. 5. In the architecture, the credit data block chain layer, the access control layer, the homomorphic encryption security calculation layer, the credit data encryption layer and the credit data storage layer are divided into five modules from top to bottom. The design and implementation process will be described in detail in the following.

2.1 Credit data Block chaining layer

The data in the scheme framework is based on a distributed account book technology, and nodes in the network can store, use, inquire, update and the like. The credit data block chain hierarchical network topology structure designed by the application is shown in fig. 8 and comprises a high-level credit channel and a plurality of primary credit channels, various credit institutions can be used as sequencing or peer nodes to be added into the primary credit channels, and a client is arranged to start configuration files, execute commands and the like according to different organizations such as education, medical treatment, finance and the like of the types of credit data.

In the layer, the Raft sequencing service is adopted, member representatives (anchor nodes) in all organizations are added into a high-level credit channel, and the anchor nodes in each organization are responsible for sharing information with other nodes in the organizations. In the channel, a list of anchor nodes is set so that the peer can obtain peer information in other organizations. Through updating the anchor node, peers of different organizations in the same channel can communicate by using Gossip, the consistency of accounts in each primary channel is kept, and the accounts in the channel are called through chain codes. Table 1 is an example of code for updating the org1 anchor node.

TABLE 1

The fabric architecture is used in the layer, an 'Endorse- > Order- > Commit' model is adopted, the sequencing and other processing logics are decoupled, and the network performance is improved; allowing the client to adjust the type and the number of the deployed nodes according to the actual application load condition; by layering multiple channels, fine-grained authority access control is partially realized; the pluggable modules for consensus, encryption and decryption, authority management and the like are supported; various indexes in the block chain can be monitored in real time by calling the interface so as to ensure the normality of the block chain network.

Due to the contradiction between the sensitivity of data and the openness and transparency of block chain data, if a credit data content source file is directly stored in a block chain, safety problems such as data leakage can occur. Therefore, the encrypted credit data is stored in the distributed account book, and meanwhile, the credit data is stored in the block chain by setting the access control authority. The user accesses the credit data by registering and applying for the data access control authority, and the specific flow is shown in fig. 9. The user applies for the certificate containing the authority through the CA, encrypts and chains the credit data, and then obtains the credit data after verifying the access authority of the user by calling a method in an intelligent contract.

Before data is called, a user identity certificate needs to be verified before filtering of users with insufficient authority. Specific examples of the method for detecting the attribute of the user through the certificate are shown in table 2.

2.2 encrypted Access control layer based on CP-ABE

In the field of credit, data owners are not willing to disclose their own data directly, since they are involved in user sensitive data. If the data plaintext is directly stored on the chain, although data sharing can be realized, all people in the network node can view the data, so that the privacy of the user is poor. If the data owner uses the private key to encrypt and then stores the certificate on the chain, although the data privacy protection can be realized, the data owner cannot conveniently share the certificate to other people. The access control algorithm is called, so that the data can be accessed only by users with corresponding authorities, and the data privacy safety is guaranteed while the data sharing is realized.

The method adopts an attribute encryption mechanism based on a ciphertext strategy, takes a certificate issuing center as an authority mechanism, writes the decrypted strategy into the ciphertext during encryption, and writes the attribute into a private key of a user, thereby realizing fine-grained access control of credit privacy data. The layer relates to three main bodies, namely a blockchain network fabric, a certificate authority CA and a client, and specific calling is shown in FIG. 10.

In a block chain network, based on the functions of transaction sequencing, transaction endorsement, transaction verification and transaction chain connection in the fabric, ciphertext transactions needing to be stored are endorsed, sequenced, chain connected and verified, so that distributed storage of ciphertext data is realized.

In the client, the user receives the certificate with the authority, then issues the transaction of the data request, and utilizes the attribute key to realize the CP-ABE encryption and decryption of the ciphertext data.

In the CA, when receiving a certificate request, issuing or updating a corresponding certificate for a user, and completing CP-ABE initialization and key generation and distribution to implement the user's right setting, as can be seen from fig. 9, a user accesses a credit data plaintext through a blockchain network, and the steps are divided into three stages, namely key generation, encrypted uplink and access control.

The algorithm designed in this layer is specifically composed of the following 7 parts into a symbolic description table, as shown in table 3.

TABLE 3

1) Initialization: and calling a randomization algorithm as an initialization algorithm of the credit system, and outputting a public key of the credit system and a master key of the system by the initialization algorithm through inputting the safety factor. The method comprises the following specific steps:

Setup(λ)→(PK _C ，MK _C )

2) And (4) initializing a revocation mechanism: the access control scheme provided by the application can realize the revocation function of the user authority, so that a user authority revocation mechanism is arranged, and the initialization process of the revocation mechanism is as follows:

RevocationSstup(PK _C )→(P，list _auth ，map(U _Gid ，prime)，map(U _att ，list _auth ))

by the credit system public key generated in the system initialization, the revocation authority initializes and generates a prime number domain, a permission revocation list, a mapping table containing the Gid and the unique prime number of the user, and a mapping table containing the attribute and the revocation list of the user.

3) And (3) private key generation: and dynamically generating a private key unique to the user in the CA by inputting a public key of the credit system, a master key of the credit system and an attribute set of the user. And selecting a prime number in the prime number domain to distribute the prime number to the user, deleting the prime number from the prime number domain to ensure the uniqueness of the prime number of the user, and updating the mapping table by using the prime number. The specific process is as follows:

KeyGen(PK _C ，MK _C ，S _att )→UK _C

P(user)→map(U _Gid ，prime)

4) Encryption: and calling a randomization method as an encryption algorithm, and obtaining the CP-ABE ciphertext by inputting the public key of the credit system, the plaintext message to be encrypted and the access control structure associated with the access strategy. The method comprises the following specific steps:

Enc(PK _C ，M _C ，ACS _P )→C _C

5) And (3) decryption: calling a deterministic method as a decryption method, wherein the decryption process comprises the following specific steps:

Dec(UK _C ，C _C )→M _C

in the decryption process, first, a leaf node in the user attribute set policy tree is accessed, taking fig. 11 as an example, first, a user name, an organization name and a channel name required by the access authority are accessed, and the requirement of the access authority is obtained by traversing the attribute policy tree, for example, the application sets that when a user is in the primary credit channel 1 and all members in the credit organization 1 can decrypt credit data. And then checking whether the user is revoked, traversing the revocation list of the user by a decryption algorithm to obtain a result of taking the revocation list and the unique prime number of the user, wherein if the result is 0, the user is revoked, and if not, the user is not revoked. And decrypting the ciphertext to obtain the credit data only after the verification is passed.

6) And (4) user attribute revocation, namely inputting the user and the corresponding unique prime number, the revoked attribute and the revocation list corresponding to the attribute into a revocation algorithm to calculate a new attribute revocation list 'l' _auth And updates both mapping tables. The specific process is as follows:

Revoke(U _att ，list _auth ，user，prime)→(map(U _Gid ，prime)，map(U _att ，list′ _auth )list′ _auth ＝list×prime

7) And (4) recovering the user attribute, namely inputting the user needing the recovery authority, the corresponding unique prime number, the recovered attribute and the revocation list corresponding to the attribute into a recovery algorithm, and calculating a new attribute revocation list (list)', similarly to the recovery _auth And updates both mapping tables. The specific process is as follows:

Recover(U _att ，list _auth ，user，prime)→(map(U _Gid ，prime)，map(U _att ，list″ _auth )list″ _auth ＝list×prime

by the method, fine-grained access control on the encrypted data can be realized, and the DO has complete control right on the data. Since the CP-ABE does not need to know the identity information of the receiver during encryption, the CP-ABE does not need to encrypt the information for many times when the CP-ABE is sent to a plurality of users. The CP-ABE only needs to execute encryption once after setting the access policy, and the data user can decrypt when the user possession attribute conforms to the policy described by the encryptor. The method solves the problem of secret key leakage caused by a common encryption algorithm, ensures the privacy security of the credit DO, and improves the fine granularity of data access control.

2.3 secure computing layer with homomorphic encryption based on CKKS

From the foregoing, it can be seen that homomorphism encryption is homomorphic, and thus one can handle it without revealing information even in an untrusted third party. The homomorphic encryption algorithm flow is specifically shown in fig. 12.

In the context of the credit field, a credit organization usually performs complex operation actually, and only a part of valid numbers need to be obtained for a required evaluation level result, so that the CKKS algorithm integrated in the SEAL library is improved to be used as a homomorphic encryption security calculation layer of the model, and the designed work flow is shown in fig. 13.

The goal of utilizing the homomorphic encryption CKKS algorithm in the module is to perform approximate calculation, allow errors and relax the limitation of accuracy, so that compared with other schemes based on Paillier homomorphic encryption, the scheme has the advantages of great simplification and great improvement on calculation efficiency. Before the credit data in the module is sent to the cloud server, a common public key encryption system is adopted, and then encoding, decoding, initialization, key generation, encryption, decryption, homomorphic multiplication and rescaling operation are carried out at the cloud end. The method comprises the following specific steps:

1) And encoding the credit data, wherein the encoding is to map a complex plaintext message vector into a polynomial by using a scale factor so as to facilitate subsequent homomorphic security calculation. First, the credit data M is expressed as one

A complex vector of dimensions. Namely, it is

Computing an augmented vector M' of M, having a set R traversing X in the complex domain ⁿ +1 forms a set of polynomials with n complex roots θ _i And before

After and

are conjugated to each other. And (3) obtaining an interpolation polynomial m (X) of an integer coefficient by using vectors composed of all complex roots and a scaling factor delta in combination with Lagrange interpolation or Newton interpolation. Wherein the polynomial obtained satisfies:

m(θ)≈Δ*M _i ′

namely, the root of the polynomial in R is used as an independent variable to be substituted into the polynomial to obtain the corresponding component of M'. The coefficients of the interpolation polynomial m (X) are real numbers, in order to calculate CKKS, the coefficients of the m (X) polynomial are rounded, in order to reduce errors, an amplification factor delta is designed in the scheme, the real numbers are amplified first and then are corrected, effective bits are reserved to the maximum degree, and the precision is improved. The amplification factor satisfies:

m＝m*Δ

the overall encoding process can be expressed as follows:

wherein, beta is a standard embedding mapping, gamma is a natural projection mapping, and satisfies the following conditions:

γ∶γ(t)＝(t ₀ ，t ₁ ，…t _N/2 )∈C ^N/2

wherein t is the subring C ^N Any value of (1). M generated at this time is the final result of message encoding, and the coefficient of m may be stored finally.

2) Initializing, namely initializing and selecting generation by using a corresponding random algorithm: a power of 2N, a security level α, a private key distribution β _s Error distribution beta _e Randomly distributed beta _r P, while defining a particular modulus P, such that:

Q＝q ₀ *p ^L

(N，P*Q)→α

wherein Q refers to the scale of the modulus in the modulus chain, Q refers to the modulus of any layer, and L is the depth of the mode chain.

3) Generating a secret key by initializing and instantiating a corresponding vector in the previous step to obtain beta _s Instantiation s _x ，β _e Instantiation e _x ，β _Q Instantiation of a _r Calculating the generated private key K using a formula _S Public key K _P The method specifically comprises the following steps:

K _s ＝(1，s _x )

K _P ＝((-a _r *s _x +e _x )modQ，a _r )，

simultaneous corresponding generation of instantiated set of helper computation keys K _E The key is held by a computing authority that performs homomorphic encryption for performing homomorphic multiplications. First of all from R _PQ Instantiation of a' _r The key generation steps are specifically:

4) An encryption process, namely encrypting the encoded plaintext message m (X) to obtain a ciphertext C, which comprises the following specific steps:

m(X)→C

wherein, the encryption of m can not be decrypted to m precisely, if there is error, the m + e _x And (6) decrypting. In the encryption process, the required encryption parameter, beta, is first generated using the initialized distribution _r Instantiation r _x 、β _e Instantiation e _x0 ，e _x1 . Encrypting the encoded credit plaintext polynomial coefficients by using the encryption parameters, specifically:

C＝(r _x *K _P +(m(X)+e _x0 ，e _x1 ))modQ

the final result of encryption has noise, but the noise is also used as a part of the message, and the CKKS homomorphic encryption security calculation designed by the application does approximate processing.

5) Homomorphic encryption calculation, namely performing homomorphic multiplication operation on the encoded and encrypted credit data, wherein the homomorphic multiplication operation is as follows:

wherein:

(d ₀ ，d ₁ ，d ₂ )＝(c ₀ *c′ ₀ ，c ₀ *c′ ₁ +c ₁ *c′ ₀ ，c ₁ *c′ ₁ )

6) Rescaling simultaneously, namely adding a rescaling step to solve two problems of scale increase and large error caused by multiplication, wherein for a ciphertext c and a new modulus q', a rescaling formula is as follows:

and c is _resc ∈R′ _q′

After rescaling, the error can be increased from the original exponential to be reduced to linear increase, and the accuracy of the algorithm is greatly improved.

7) Decryption, namely a decryption process, namely a ciphertext C and a private key K _s And calculating to obtain the coded message:

C→m(X)′

the specific calculation process of the decryption process is as follows:

＜C，K _S ＞modq＝(c ₀ +c ₁ *s _x )modq

8) And (4) decoding the credit data, namely substituting theta into the polynomial in the known coded message M to obtain each amplified coefficient, and dividing the coefficient by an amplification factor delta to recover and obtain a plaintext M. Since the floating-point type value is inevitably rounded during the encoding and decoding processes, the final result and the source data are not necessarily completely equal but are approximately equal.

Through the 8 steps, homomorphic encryption safety calculation of the credit data can be realized.

2.4 asymmetric data encryption layer based on ECC

Before the credit data are sent to the cloud server, an asymmetric encryption ECC algorithm is used, and then the credit data are safely stored in a block chain by setting access control authority. The symbols involved are shown in table 4 below.

TABLE 4

The credit system selects an elliptic curve, simultaneously takes one point on the curve as a base point, takes one point as a private key, generates a public key through the private key, and sends the selected elliptic curve and the public key generated by base point clicking to a credit data owner, wherein DO of the credit data firstly encodes the credit data and generates a random number, the encoded data is encrypted, and then the encrypted data is uploaded to a cloud server for homomorphic calculation, when a credit data demand party needs the data, the data can be downloaded from the cloud server, the encoded data is obtained by decryption through the private key, and the original credit data is obtained after decoding, as shown in FIG. 14.

The data is transmitted in a ciphertext mode through encryption, and the privacy of a user is guaranteed.

2.5 data storage layer

The credit data is stored in a local database of the credit institution in a distributed manner, and the credit institution realizes the operations of encryption, homomorphic calculation, uplink and the like of the information data by adding a block chain hierarchical network.

By combining the above architecture and detailed design scheme, the present application implements a digital credit blockchain platform.

(II) results of the experiment

1. Experimental Environment

The application uses three tools, loadRunner, jeter and Tape to complete the test. The test uses an operating system of centros 7.4, hard disk 100G or above, CPU

The memory is 8G or more, the network card is more than hundred mega, mySQL 5.0.17Linux is installed as a database server for data management and storage, four application servers with the same configuration and additionally installed with JDK 1.5.0_06, apache 2.2.0 and Tomcat 5.5.15 software are simultaneously arranged for deploying and starting a bottom layer system, and finally a windows10 64-bit operating system with a Google browser and three testing tools is used as a client testing system platform.

2. System implementation

The credit data limited sharing and privacy protection platform based on the block chain is realized.

3. Results and analysis of the experiments

1) LoadRunner script communication efficiency test

The LoadRunner script is used for testing the communication efficiency of the implementation platform of the design scheme, the efficiency when the number of users is 100, 500 and 1000 is respectively tested by the method, the communication efficiency is tested and shown in the table 5, and the performance index under the test condition is shown in the figure 15.

TABLE 5

Number of users	Receive (number of bytes/second)	Bandwidth (M)
			100	254,387	100M
500	252,463	100M
			1000	254,257	100M

As can be seen from table 5, the communication efficiency of the system platform designed by the present scheme is above 252463 bytes/sec in all three cases.

The abscissa in fig. 15 is a time line, and the ordinate is the number of bytes returned from the server to the client, which can be seen that the returned average traffic fluctuates greatly in the initial access and end access stages, and the traffic fluctuates around the average value in the service test stage, so that the total returned value is stable, and the system is not unstable.

2) Jmeter blocklink interface test

The method includes the steps that a Jmeter test block chain interface is used, a block ID is used for inquiring a credit information block as an example, all concurrent threads 1000 and all concurrent threads are started within 20s, the threads are continuously tested for 120 seconds, meanwhile, a server IP address of a request is set, the block ID is set as a variable, a random block ID is used as a parameter to be transmitted each time, the test result is shown in fig. 16 and 17, and a throughput measurement attempt and an aggregation report can show that the number of concurrent retrieval users supported by the block ID inquiry block information interface of the digital credit block chain platform designed by the method is not less than 1000, the throughput reaches 2031.1tps, the error rate is 0, and good user concurrency performance is achieved.

3) Tape underlying Block chain test

The TPS test is carried out on the digital credit block chain network designed by the application by utilizing Tape, the script parameters are set through the config.

By executing the test script three times, the result is shown in fig. 18, the TPS of the obtained bottom layer module chain is 2518, 2512 and 2548 respectively, the average TPS reaches 2526, and the daily service requirement can be better met.

Tests show that the system platform supports simultaneous requests of multiple users, and the flow of the server returns stably within a certain number (1000 parallel rows) of access volumes. The system realizes the limited sharing and privacy protection of data through a bottom block chain technology, a cryptography technology, an access control algorithm and the like, and ensures the reliability and the safety of the system.

In summary, the present application comprehensively considers two pain point problems of privacy protection and limited sharing of credit data, and provides a credit scheme and system implementation based on a block chain. Full homomorphic encryption operation is introduced into the system, and the credit sensitive information of the user is stored in the cloud server for homomorphic calculation, so that the problem of overlarge expenditure in ciphertext operation is solved; and the fine-grained control and privacy protection of the access authority of the credit data are completed by combining the asymmetric encryption algorithm and the access control algorithm. The test result shows that the digital credit block chain system scheme provided by the application has good performance in the aspects of communication efficiency, interface performance and block chain performance. The scheme and the system have certain reference significance and application value in the field of actual credit. The next research direction is to combine the related algorithms of multi-party security calculation to further improve the data security of credit institutions under the participation of multiple parties.

The present application further provides a computer device (i.e., an electronic device), where the computer device may include a processor, a memory, a receiver, and a transmitter, and the processor is configured to execute the above-mentioned method for processing credit data based on a blockchain, where the processor and the memory may be connected by a bus or in another manner, for example, connected by a bus. The receiver can be connected with the processor and the memory in a wired or wireless mode. The computer device is communicatively coupled to a blockchain based credit data processing model to receive real-time motion data from sensors in the wireless multimedia sensor network and to receive raw video sequences from the video capture device.

The processor may be a Central Processing Unit (CPU). The Processor may also be other general purpose Processor, digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or a combination thereof.

The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the block chain based credit data processing method in the embodiments of the present application. The processor executes various functional applications and data processing of the processor by running non-transitory software programs, instructions and modules stored in the memory, that is, the block chain based credit data processing method in the above method embodiment is implemented.

The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor, and the like. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be coupled to the processor via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The one or more modules are stored in the memory and, when executed by the processor, perform a blockchain-based credit data processing method in an embodiment.

In some embodiments of the present application, the user equipment may include a processor, a memory, and a transceiving unit, the transceiving unit may include a receiver and a transmitter, the processor, the memory, the receiver, and the transmitter may be connected through a bus system, the memory to store computer instructions, the processor to execute the computer instructions stored in the memory to control the transceiving unit to transceive signals.

As an implementation manner, the functions of the receiver and the transmitter in this application may be considered to be implemented by a transceiving circuit or a transceiving dedicated chip, and the processor may be considered to be implemented by a dedicated processing chip, a processing circuit or a general-purpose chip.

As another implementation manner, a manner of using a general-purpose computer to implement the server provided in the embodiment of the present application may be considered. That is, program code that implements the functions of the processor, receiver and transmitter is stored in the memory, and a general-purpose processor implements the functions of the processor, receiver and transmitter by executing the code in the memory.

Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the steps of the above block chain based credit data processing method. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disks, removable storage disks, CD-ROMs, or any other form of storage medium known in the art.

Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein may be implemented as hardware, software, or combinations of both. Whether this is done in hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link.

It is to be understood that the present application is not limited to the particular arrangements and instrumentality described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps, after comprehending the spirit of the present application.

Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments.

The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made to the embodiment of the present application by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims

1. A credit data processing method based on a block chain is characterized by comprising the following steps:

2. The method of claim 1, further comprising:

3. The blockchain-based credit data processing method according to claim 2, further comprising, before the receiving the request for invoking the target credit data sent by the demand node in the hierarchical acquisition blockchain credit network or before the receiving the request for storing the target credit data sent by the data providing node in the hierarchical acquisition blockchain credit network:

4. The blockchain-based credit data processing method of claim 3, wherein initializing an attribute-based encryption algorithm CP-ABE for generating a private key of the user comprises:

initializing and generating a prime number domain, a permission revocation list, a mapping table containing user Gid and unique prime number and a mapping table containing user attribute and a revocation list corresponding to a user permission revocation mechanism based on the credit system public key;

5. The method of claim 1, wherein the checking whether the data requiring node has the access control authority of the target credit data based on the preset access control algorithm, and if yes, distributing a private key to the data requiring node comprises:

6. The blockchain-based credit data processing method according to claim 2, wherein the encrypting the target credit data based on the asymmetric encryption algorithm includes:

and encrypting the target credit data based on an elliptic cryptography algorithm (ECC) in an asymmetric cryptography algorithm.

7. The method of claim 2, wherein homomorphic computing the ciphertext according to a homomorphic encryption algorithm at a cloud comprises:

8. The blockchain-based credit data processing method according to any one of claims 1 to 7, wherein the hierarchical acquisition blockchain credit network comprises: the system comprises a plurality of organizations belonging to different types of primary credit channels, wherein each organization consists of a plurality of credit nodes, each credit node comprises a data demand node or a data supply node, and the authority of each credit node can be management authority or common authority;

the credit nodes managing the rights in each of said organizations also belong to a premium credit channel.

9. A blockchain-based credit data processing model, comprising: a data block chain layer and an access control layer, the data block chain layer comprising: a hierarchical acquisition blockchain credit network and a certificate authority;

10. The blockchain-based credit data processing model according to claim 9, further comprising: