CN115913513B - Distributed trusted data transaction method, system and device supporting privacy protection - Google Patents

Abstract

The invention provides a distributed trusted data transaction method, a system and a device supporting privacy protection, wherein in the data transaction process, the privacy protection of data in the storage process is ensured by introducing disc-falling encryption on the basis of distributed storage; in the transaction process, the decentralized identity information is provided for a data provider and a data demander through a distributed multi-center identity identification protocol, so that the identity privacy of a user can be ensured; by introducing homomorphic encryption and zero knowledge proof in the transaction process, service of transaction calculation or authentication is provided for users under the condition that data originals do not need to be disclosed, and transaction data privacy is guaranteed.

Description

Distributed trusted data transaction method, system and device supporting privacy protection

Technical Field

The present invention relates to the field of blockchain technology, and in particular to a distributed trusted data transaction method, system and device supporting privacy protection.

Background Art

As Internet applications become increasingly popular, a large number of applications need to record the events, behaviors, and states that occur in a persistent manner in the database for future queries, that is, for persistent storage. The traditional method uses a data management service platform as an impartial third party to perform unified accounting. All query operations for transaction information are processed on this platform, and the data of other institutions and organizations are also added to the transaction service platform in an access manner. In this traditional centralized accounting method, the main transaction information is stored in a single accounting party. This is a "logical" centralized storage model, that is, the transaction data is stored in a single business participant and is managed by it.

The centralized accounting method has data access performance issues, that is, the accounting party needs to store multiple copies of data to ensure reliability, which creates a performance bottleneck for data access; data trust issues, that is, transaction data may be tampered with by the accounting party and cannot be verified, so all participants need to fully trust the accounting party; data disaster recovery issues, that is, it is difficult to recover data after the accounting party is attacked. Therefore, the traditional centralized accounting method has the disadvantages of low storage efficiency, poor credibility, and vulnerability to attacks.

With the popularity of cryptocurrency and decentralized applications, blockchain technology has received great attention from various industries. From the perspective of data management, blockchain can be regarded as a ledger that is jointly maintained and cannot be tampered with by many untrusted nodes in a distributed environment. Since the nodes are mutually untrustworthy, blockchain uses consensus protocols to ensure the consistency of data storage and realize decentralized data management. Blockchain-based data management technology distributes such excessive authority to all node participants through the chain structure and distributed consensus mechanism of blockchain, avoiding the possibility of centralized third parties with excessive authority maliciously destroying data, and can effectively solve the problems of centralized authority and data authenticity and reliability faced by traditional data management.

Compared with traditional distributed database systems, blockchain systems provide better distribution, transparency and credibility in accounting methods, and provide tamper-proof verification mechanisms and smart contract mechanisms in terms of functions. Therefore, they are more suitable for anonymous use in non-trusted environments. However, while blockchain technology improves efficiency, reduces costs and improves data security, it also faces serious privacy leakage problems. The first is the privacy and threats of on-chain data, including transaction privacy, account address privacy, user identity privacy and other on-chain data information. The second is the privacy and threats of smart contracts. The concept of smart contracts provides a broader application scenario for blockchain, but smart contract technology may lead to data privacy leakage in actual application. After the user initiates a function call, the system will build a smart contract transaction, and many nodes in the blockchain system will process the transaction. This requires that operations and data related to the transaction need to be open to all nodes. There will be privacy leakage problems in application scenarios that process sensitive data, such as voting schemes and medical data collection.

Summary of the invention

In view of this, the embodiments of the present invention provide a distributed trusted data transaction method, system and device that support privacy protection, so as to eliminate or improve one or more defects existing in the prior art, so as to solve the problem that privacy data cannot be guaranteed due to the transparent trust mechanism of the existing blockchain technology.

In one aspect, the present invention provides a distributed trusted data transaction method supporting privacy protection, the method being executed by a data management module, the data management module also calling a privacy protection module, a blockchain infrastructure and a storage module through a data interface connection, the method comprising the following steps:

The data management module receives a data upload request sent by a data provider, wherein the data upload request includes first permission information of the data provider; verifies the first permission information, and receives transaction data of the data provider if the verification passes;

The data management module calls the privacy protection module to generate the first decentralized identity of the data provider using a distributed multi-center-based identity identification protocol, and feeds back to the data provider; the privacy protection module uses a homomorphic encryption algorithm to encrypt the transaction data to obtain a transaction ciphertext;

The data management module calls the blockchain infrastructure to store the first decentralized identity and the transaction ciphertext in a distributed manner on the chain to the storage module based on disk encryption, obtains a first storage result and a first on-chain transaction receipt, and sends them to the data management module;

The data management module receives a data transaction request sent by a data demander, wherein the data transaction request includes the second permission information of the data demander; verifies the second permission information, and if the verification is passed, the privacy protection module generates a second decentralized identity of the data demander using an identity identification protocol based on a distributed multi-center, and sends it to the data demander;

The data management module calls the privacy protection module to perform homomorphic calculation on the transaction ciphertext or generate zero-knowledge proof according to the data transaction request;

The data management module calls the blockchain infrastructure to obtain a first decentralized identity of a data provider corresponding to the data transaction request;

The data management module calls the privacy protection module to send the result of the homomorphic computation or the zero-knowledge proof to the blockchain infrastructure, which is then distributed and stored in the storage module based on disk encryption by the blockchain infrastructure to obtain a second storage result and a second on-chain transaction receipt;

The blockchain infrastructure sends the second storage result and the second on-chain transaction receipt to the data management module;

The data management module sends the result of the homomorphic computation or the zero-knowledge proof to the data demander, and sends the trusted credential containing the first decentralized identity to the data demander.

In some embodiments, the privacy protection module uses a homomorphic encryption algorithm to encrypt the transaction data to obtain a transaction ciphertext, and the homomorphic encryption algorithm uses a fully homomorphic encryption algorithm based on a lattice cipher.

，公钥pk表示为A，明文表示为

，密文表示为C；In some embodiments, in the fully homomorphic encryption algorithm based on lattice cipher, the private key sk is represented as a vector

, the public key pk is represented by A, and the plain text is represented by

, the ciphertext is represented by C;

Get the Setup function for generating security parameters, the SecretKeyGen function for generating private keys, and the PublicKeyGen function for generating public keys;

选择一个模数q，

比特长，晶格尺寸参数

和误差分布函数

，

表示加密算法的系统安全参数，

表示同态运算的层数；同时选择参数

，并合并参数

，

，

；函数

表示复杂度；In the Setup function,

Choose a modulus q,

Bit length, lattice size parameters

and the error distribution function

,

Represents the system security parameters of the encryption algorithm,

Indicates the number of layers of homomorphic operations; at the same time, select the parameters

, and merge the parameters

,

,

;function

Represents complexity;

，代表向量t的维度为n且属于素数有限域，输出私钥sk=

，并满足

；In the SecretKeyGen function, SecretKeyGen(params) samples

, which means that the dimension of vector t is n and belongs to the prime finite field, and the output private key sk=

, and meet

;

和向量

，令

，让A是由

与n列矩阵B一起组成的n+1列矩阵，设公钥pk=A；In the PublicKeyGen function, PublicKeyGen(params,sk) uniformly randomly generates a matrix

and vector

,make

, let A be

Together with the n-column matrix B, it forms an n+1-column matrix. Let the public key pk=A;

，

表示素数有限域，范围为(-q/2,q/2)，取样一个均值矩阵

，输出密文C，计算式如下：Message encryption algorithm Enc(params,pk,μ), which is the encrypted plaintext

,

Represents a prime finite field, ranging from (-q/2,q/2), sampling a mean matrix

, output ciphertext C, the calculation formula is as follows:

；

;

是它的反函数，Flatten(•)函数为

；The BitDecomp(•) function represents expanding each bit of the input in binary format.

is its inverse function, and the Flatten(•) function is

;

。Message decryption algorithm Decry(params,sk,C), decrypt ciphertext C to get

.

In some embodiments, the message decryption algorithm Decry(params,sk,C) introduces two decryption algorithms Dec(params,sk,C) and MPDec(params,sk,C);

前

个系数

，让

，让

是C的第i行，计算：In Dec(params,sk,C), the observation vector

forward

Coefficient

,let

,let

is the i-th row of C, calculate:

；

;

，

的前

个系数为

，因此如果满足

，那么

的前

个系数为

，其中

。从

中恢复

，然后从

中恢复下一个最低有效位，以此类推，最终得到明文

；其中，Small表示在能够接受的噪音范围之内。In MPDec(params,sk,C), it is known that

,

Before

The coefficient is

, so if

,So

Before

The coefficient is

,in

.from

Recovery

, then from

Recover the next least significant bit from the original text, and so on, and finally get the plaintext

; Among them, Small means it is within the acceptable noise range.

In some embodiments, the method uses the FISCO BCOS distributed storage architecture to store the first decentralized identity, the transaction ciphertext, the result of the homomorphic computation and/or the zero-knowledge proof.

On the other hand, the present invention also provides a distributed trusted data transaction system supporting privacy protection, comprising:

A data management module, used to connect the clients of data providers and data demanders, and execute the above-mentioned distributed trusted data transaction method supporting privacy protection;

A privacy protection module, connected to the data management module via a data interface, for calling and executing a homomorphic encryption algorithm;

A blockchain infrastructure, including a plurality of network nodes, connecting the privacy protection module and the data management module, for recording transactions;

Storage module, used for distributed storage of transaction data.

In some embodiments, the storage module is based on the FISCO BCOS distributed storage architecture and unifies SQL and NOSQL through an abstract table structure to support LevelDB, RocksDB and MySQL.

In some embodiments, the privacy protection module provides decentralized identity identification for the clients of the data provider and the data demander based on the WeIdentity DID distributed multi-center identity identification protocol.

On the other hand, the present invention also provides a distributed trusted data transaction device that supports privacy protection, including a processor and a memory, characterized in that computer instructions are stored in the memory, and the processor is used to execute the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the device implements the steps of the above method.

On the other hand, the present invention also provides a computer-readable storage medium having a computer program stored thereon, which implements the steps of the above method when executed by a processor.

The beneficial effects of the present invention are at least:

The distributed trusted data transaction method, system and device supporting privacy protection described in the present invention, during the data transaction process, introduces disk encryption on the basis of distributed storage to ensure the privacy of data during the storage process; during the transaction process, a distributed multi-center identity identification protocol is used to provide decentralized identity information for data providers and data demanders, thereby ensuring the identity privacy of users; by introducing homomorphic encryption and zero-knowledge proof in the transaction process, transaction calculation or authentication services are provided to users without disclosing the original data, thereby ensuring the privacy of transaction data.

Additional advantages, purposes, and features of the present invention will be described in part in the following description, and will become apparent to those skilled in the art after studying the following, or may be learned from the practice of the present invention. The purposes and other advantages of the present invention may be achieved and obtained by the structures specifically indicated in the specification and the accompanying drawings.

Those skilled in the art will appreciate that the objectives and advantages that can be achieved with the present invention are not limited to the above specific description, and the above and other objectives that can be achieved by the present invention will be more clearly understood from the following detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings described herein are used to provide a further understanding of the present invention, constitute a part of the present application, and do not constitute a limitation of the present invention. In the drawings:

FIG1 is a flow chart of a distributed trusted data transaction method supporting privacy protection according to an embodiment of the present invention.

FIG2 is a timing diagram of an algorithm protocol based on homomorphic encryption and zero-knowledge proof according to another embodiment of the present invention.

DETAILED DESCRIPTION

In order to make the purpose, technical solution and advantages of the present invention more clearly understood, the present invention is further described in detail below in conjunction with the embodiments and the accompanying drawings. Here, the illustrative embodiments of the present invention and their descriptions are used to explain the present invention, but are not intended to limit the present invention.

It should also be noted that, in order to avoid obscuring the present invention due to unnecessary details, only structures and/or processing steps closely related to the solutions according to the present invention are shown in the accompanying drawings, while other details that are not closely related to the present invention are omitted.

It should be emphasized that the term “include/comprises” when used herein refers to the presence of features, elements, steps or components, but does not exclude the presence or addition of one or more other features, elements, steps or components.

It should also be noted that, unless otherwise specified, the term “connection” herein may refer not only to a direct connection but also to an indirect connection with an intermediate.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the accompanying drawings, the same reference numerals represent the same or similar components, or the same or similar steps.

Traditional data management encrypts and stores data in a credible third party, and binds timestamps, operators and other information to prove the reliability of the source information. The access and verification of data requires unconditional trust in the third party. The third party's authority is too centralized. If the third party maliciously tampers with or deletes the data, it cannot be verified, and the data cannot be guaranteed to be true and reliable. Blockchain-based data management technology can establish an efficient and transparent trust mechanism, effectively solving the centralized authority and trust problems faced by traditional data management in the access and use process. However, there are still a large number of data management problems in the development of blockchain applications, such as data privacy, scalability and latency. In response to the above problems, the present invention proposes a distributed trusted data management system and method that supports privacy protection, which can effectively solve the pain points of traditional centralized data management and realize privacy protection from three aspects: storage privacy, data privacy and identity privacy. The combination of "privacy protection and blockchain" technology is adopted, and the privacy protection technology and blockchain data management technology complement each other to ensure the confidentiality, integrity, availability, authentication and non-repudiation of the information system. The data is stored and processed by the system, and the data is made secure and available under the condition of ensuring privacy.

Specifically, on the one hand, the present invention provides a distributed trusted data transaction method supporting privacy protection, which is executed by a data management module, and the data management module also calls a privacy protection module, a blockchain infrastructure, and a storage module through a data interface connection. In the actual operation process, the data management module and the privacy protection module can use independent hardware or be loaded on an intelligent body of the blockchain network for operation.

The method comprises the following steps S101 to S109:

Step S101: The data management module receives a data upload request sent by a data provider, the data upload request includes the first permission information of the data provider; verifies the first permission information, and receives the transaction data of the data provider if the verification passes.

Step S102: The data management module calls the privacy protection module to use the distributed multi-center-based identity identification protocol to generate the first decentralized identity of the data provider, and feeds it back to the data provider; the privacy protection module uses the homomorphic encryption algorithm to encrypt the transaction data to obtain the transaction ciphertext.

Step S103: The data management module calls the blockchain infrastructure to store the first decentralized identity and transaction ciphertext in a distributed manner on the chain to the storage module based on disk encryption, obtains the first storage result and the first on-chain transaction receipt and sends them to the data management module.

Step S104: The data management module receives a data transaction request sent by the data demander, which includes the second permission information of the data demander; verifies the second permission information, and if the verification is successful, the privacy protection module uses an identity identification protocol based on a distributed multi-center to generate a second decentralized identity of the data demander, and sends it to the data demander.

Step S105: The data management module calls the privacy protection module to perform homomorphic calculation on the transaction ciphertext or generate zero-knowledge proof according to the data transaction request.

Step S106: The data management module calls the blockchain infrastructure to obtain the first decentralized identity of the data provider corresponding to the data transaction request.

Step S107: The data management module calls the privacy protection module to send the result of the homomorphic computing or the zero-knowledge proof to the blockchain infrastructure, which then stores the result in a distributed manner based on disk encryption to the storage module to obtain a second storage result and a second on-chain transaction receipt.

Step S108: The blockchain infrastructure sends the second storage result and the second on-chain transaction receipt to the data management module.

Step S109: The data management module sends the result of the homomorphic computing or the zero-knowledge proof to the data demander, and sends the trusted certificate containing the first decentralized identity to the data demander.

In step S101, the data provider makes a data upload request for the data to be stored on the chain, wherein the first permission information of the data provider can add an identity in a specific field to confirm that it has the authority to upload data. The first permission information can not only mark the subject with data upload authority, but also mark the type, data format and data length of the data allowed to be uploaded. Only if the verification is passed, the subsequent upload operation is allowed to be performed. If the verification fails, the transaction is stopped.

In step S102, the distributed multi-center identity identification protocol in this embodiment is WeIdentity DID, which can be selectively disclosed or provided by the user during the transaction process to achieve the purpose of identity privacy protection. Distributed digital identity advocates that users manage and control digital identities, and different users do not rely on third parties for secure communication. Through the DID identifier and key managed by the user himself and the distributed digital identity data registered to the distributed ledger, the needs of point-to-point mutual authentication and secure communication based on DID are met. As far as communication between two points is concerned, the working principle of its secure communication is still based on the traditional PKI challenge response mechanism and negotiated data encryption method. The underlying protocol of this secure communication can use HTTP, RPC, Bluetooth, NFC or other protocols, becoming a standard communication method for end-to-end interconnection between different solutions; as far as all nodes in the entire network are concerned, through the identity key wallet deployed on the decentralized server and personal client, and the DID distributed ledger shared by the entire network, nodes representing any different entity identities can realize authentication interaction based on asymmetric key mode, and finally realize network-wide trust through such trust transfer between entities.

In this embodiment, homomorphic encryption is introduced to homomorphically encrypt the original data, perform specific operations on the obtained ciphertext, and then homomorphically decrypt the calculation result to obtain a plaintext equivalent to the data result obtained by directly performing the same calculation on the original plaintext data. In homomorphic encryption, other users can process the encrypted data without leaking any original content in the process. After the data processing is completed, it is decrypted and the result is the result of the same processing on the original data. It can improve the security performance of data processing and protect data privacy.

In step S103, the present application adopts disk encryption technology for distributed storage, and the disk encryption is performed within the organization. In the intranet environment of the organization, each organization independently encrypts the hard disk data of the node. When the hard disk of the machine where the node is located is taken away from the organization, and the node is started in a network outside the organization's intranet, the hard disk data cannot be decrypted and the node cannot be started. Therefore, the data on the alliance chain cannot be stolen. Therefore, by means of disk encryption, privacy protection during data storage can be effectively achieved.

In step S104, corresponding to step S101, the data demander's authority is also required to be checked to confirm that it has access rights to the corresponding data. The form and content of the second permission information can be set with reference to the first permission information. Providing a second decentralized identity through the WeIdentity DID protocol can effectively protect the identity privacy of the data demander.

In step S105, based on the data transaction request, the privacy protection module performs homomorphic calculation on the required transaction ciphertext or generates a zero-knowledge proof. Specifically, for data that needs to be calculated, homomorphic encryption is used for calculation, and for data that needs to be proved, a zero-knowledge proof is provided.

In steps S106 to S109, the first decentralized identity is synchronously sent to the data demander to prove that the provided homomorphic computing results or zero-knowledge proofs are indeed derived from the required data provider, and the transaction process is stored and recorded on the chain.

In some embodiments, in step S102, the privacy protection module uses a homomorphic encryption algorithm to encrypt the transaction data to obtain a transaction ciphertext, and the homomorphic encryption algorithm uses a fully homomorphic encryption algorithm based on a lattice cipher. Correspondingly, in step S105, a fully homomorphic encryption algorithm is also used for calculation.

，公钥pk表示为A，明文表示为

，密文表示为C。Specifically, in the fully homomorphic encryption algorithm based on lattice cryptography, the private key sk is represented as a vector

, the public key pk is represented by A, and the plain text is represented by

, the ciphertext is represented by C.

Get the Setup function for generating security parameters, the SecretKeyGen function for generating private keys, and the PublicKeyGen function for generating public keys.

选择一个模数q，

比特长，晶格尺寸参数

和误差分布函数

，

和

表示与

、

相关，

表示加密算法的系统安全参数，

表示同态运算的层数。同时选择参数

，并合并参数

，

，

；函数

表示复杂度。In the Setup function,

Choose a modulus q,

Bit length, lattice size parameters

and the error distribution function

,

and

Representation and

,

Related,

Represents the system security parameters of the encryption algorithm,

Indicates the number of layers of homomorphic operations. At the same time, select the parameter

, and merge the parameters

,

,

;function

Indicates complexity.

，代表向量t的维度为n且属于素数有限域，输出私钥sk=

，并满足

。In the SecretKeyGen function, SecretKeyGen(params) sampling

, which means that the dimension of vector t is n and belongs to the prime finite field, and the output private key sk=

, and meet

.

和向量

，令

，让A是由

与n列矩阵B一起组成的n+1列矩阵，设公钥pk=A。In the PublicKeyGen function, PublicKeyGen(params,sk) uniformly randomly generates a matrix

and vector

,make

, let A be

Together with the n-column matrix B, it forms an n+1-column matrix, and the public key pk=A.

，

表示素数有限域，范围为(-q/2,q/2)，取样一个均值矩阵

，输出密文C，计算式如下：Message encryption algorithm Enc(params,pk,μ), which is the encrypted plaintext

,

Represents a prime finite field, ranging from (-q/2,q/2), sampling a mean matrix

, output ciphertext C, the calculation formula is as follows:

；

;

是它的反函数，Flatten(•)函数为

。The BitDecomp(•) function represents expanding each bit of the input in binary format.

is its inverse function, and the Flatten(•) function is

.

。Message decryption algorithm Decry(params,sk,C), decrypt ciphertext C to get

.

In some embodiments, the message decryption algorithm Decry(params,sk,C) introduces two decryption algorithms Dec(params,sk,C) and MPDec(params,sk,C);

，Dec(params,sk,C)中，观察向量

前

个系数

，让

，让

是C的第i行，计算：Dec can fully recover information

, in Dec(params,sk,C), the observation vector

forward

Coefficient

,let

,let

is the i-th row of C, calculate:

；

;

，MPDec(params,sk,C)中，已知

，

的前

个系数为

，因此如果满足

，那么

的前

个系数为

，其中

。从

中恢复

，然后从

中恢复下一个最低有效位，以此类推，最终得到明文

；其中，Small表示在能够接受的噪音范围之内，比如q/4；LSB表示最低有效位（Least SignificantBit）是指一个二进制数字中的第0位（即最低位），权值为2^0，可以用它来检测数的奇偶性。与之相反的称之为最高有效位。在大端序中，LSB指最右边的位。最低有效位代表二进制数中的最小的单位，可以用来指示数字很小的变化。MPDec can recover any

, in MPDec(params,sk,C), it is known that

,

Before

The coefficient is

, so if

,So

Before

The coefficient is

,in

.from

Recovery

, then from

Recover the next least significant bit from the original text, and so on, and finally get the plaintext

; Small means within the acceptable noise range, such as q/4; LSB stands for Least Significant Bit, which refers to the 0th bit (i.e. the lowest bit) in a binary number, with a weight of 2^0, and can be used to detect the parity of a number. The opposite is called the Most Significant Bit. In big-endian order, LSB refers to the rightmost bit. The least significant bit represents the smallest unit in a binary number and can be used to indicate very small changes in a number.

In some embodiments, in steps S101 to S109, the method uses the FISCO BCOS distributed storage architecture to store the first decentralized identity, transaction ciphertext, results of homomorphic computing and/or zero-knowledge proof.

On the other hand, the present invention also provides a distributed trusted data transaction system supporting privacy protection, comprising:

A data management module, used to connect the clients of data providers and data demanders, and execute the above-mentioned distributed trusted data transaction method supporting privacy protection;

A privacy protection module, connected to the data management module via a data interface, for calling and executing a homomorphic encryption algorithm;

A blockchain infrastructure, including a plurality of network nodes, connecting the privacy protection module and the data management module, for recording transactions;

Storage module, used for distributed storage of transaction data.

In some embodiments, the storage module is based on the FISCO BCOS distributed storage architecture and unifies SQL and NOSQL through an abstract table structure to support LevelDB, RocksDB, and MySQL.

In some embodiments, the privacy protection module provides decentralized identity identification for the clients of the data provider and the data demander based on the WeIdentity DID distributed multi-center identity identification protocol.

On the other hand, the present invention also provides a distributed trusted data transaction device that supports privacy protection, including a processor and a memory, characterized in that computer instructions are stored in the memory, and the processor is used to execute the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the device implements the steps of the above method.

On the other hand, the present invention also provides a computer-readable storage medium having a computer program stored thereon, which implements the steps of the above method when executed by a processor.

The present invention will be described below in conjunction with specific embodiments:

Build a distributed trusted data transaction system that supports privacy protection, including a data management module, which also calls the privacy protection module, blockchain infrastructure and storage module through a data interface connection. Define the data provider and sharer as DO, the data demander and user as DU, the decentralized unique identity proof as DID, the homomorphic operation result as DR, and the zero-knowledge trusted proof as Proof.

This embodiment provides a distributed trusted data transaction method that supports privacy protection, as shown in FIG1 , and the specific steps are as follows:

Step 1: DO initiates a data upload request based on business needs, and the request reaches the data management module.

Step 2: The data management module first verifies the access rights of the DO, and receives the data from the requester after the permission is passed.

Step 3: Generate DID for DO’s identity, perform privacy protection on DO’s data, and encrypt it using the homomorphic encryption algorithm.

Step 4: Return the DID to the DO.

Step 5: Distribute the encrypted data and DID for storage. First, perform storage access control based on the DO's permissions, and upload the encrypted data and DID to the chain after the permissions are passed.

Step 6: Return the storage results and on-chain transaction receipt to the data management module.

Step 7: Return the message of successful data upload to DO.

Step 8: DU initiates a request to obtain data and sends the request content to the data management module.

Step 9: Verify access rights for DU. If the rights are approved, generate DU’s DID and return it to DU.

Step 10: Perform ciphertext homomorphic calculation on the DO data according to the content requested by DU to obtain the data result DR, or generate a trusted proof Proof based on zero-knowledge proof.

Step 11: Provide DU with the DID of DO.

Step 12: Store the transaction process on the chain.

Step 13: Return the storage results and on-chain transaction receipt to the data management module.

Step 14: Return the DR or Proof required by DU.

In the above steps S1~S14, the storage module uses distributed storage technology to store identity proof DID, data encrypted by homomorphic operation, and the result of homomorphic operation is DR and zero-knowledge trusted proof is Proof. The storage module mainly includes two parts: world state and distributed storage. The world state can be further divided into MPTState and StorageState. Among them, MPTState uses MPT tree to store the state of the account, which is consistent with Ethereum. StorageState uses the table structure of distributed storage to store account status, does not store historical information, removes the dependence on MPT tree, and has higher performance. Distributed storage (AdvancedMass Database, AMDB): Through the abstract table structure, the unification of SQL and NOSQL is realized. By implementing the corresponding storage driver, various databases can be supported, including LevelDB, RocksDB and MySQL.

In the above steps S1 to S14, access control is used, on the one hand, for user authority management and identity management; on the other hand, it is for node storage data access control, that is, the application of disk encryption technology. It can effectively prevent data from being accessed and unauthorized access when it is out of the intranet.

In the above steps S1 to S14, data privacy protection is adopted, mainly combining homomorphic encryption and zero-knowledge proof. Homomorphic encryption is used to perform ciphertext operations during data use, and zero-knowledge proof technology is used for trusted proof in scenarios where proof is required.

In the above steps S1~S14, distributed identity technology is also used, mainly using a distributed multi-center identity identification protocol based on WeIdentity DID, so that the real identity of the entity (person or thing) can be realized on the chain; at the same time, WeIdentity DID gives the Entity (person or thing) the ability to directly own and control its own identity ID, so as to achieve the purpose of selective disclosure or provision of identity proof during the transaction process to achieve identity privacy.

Specifically, the three cores adopted in this embodiment are described below, including blockchain-based disk encryption technology, homomorphic encryption and zero-knowledge proof technology, and identity privacy protection technology based on distributed identity.

1. Explain the blockchain-based disk encryption technology

Blockchain deployment involves multiple parties. In order to simplify the establishment of a multi-party collaborative environment, blockchain is usually deployed using a public cloud. Institutions deploy their own nodes on the cloud, allowing services to interact with nodes on the cloud to achieve multi-party collaboration. In this architecture, the security within the institution is very high, especially for financial institutions. Although the nodes are restricted to the "intranet" through the network isolation mechanism, data cannot be easily stolen through the network, but all data is hosted on the cloud. Since all participants will save a copy of the data, in extreme cases such as omissions in network and system security measures or improper operation, a copy of the data may be accessed without authorization. The disk encryption technology based on FISCOBCOS can effectively prevent the data disk from being hacked or stolen, and avoid data leakage.

Specifically, disk encryption is accomplished through the secret key (dataKey) held by the node itself and the global secret key (superKey) managed by the Key Manager.

The node uses its own dataKey to encrypt and decrypt its own encrypted data (Encrypted Space). The node itself does not store dataKey in the local disk, but stores cipherDataKey after dataKey is encrypted. When the node starts, it takes cipherDataKey to request Key Manager to obtain dataKey. dataKey is only in the node's memory. When the node is shut down, dataKey is automatically discarded.

The Key Manager holds the global superKey and is responsible for responding to authorization requests when all nodes start. The Key Manager must be online when the node starts and respond to the node's startup request. When the node starts, it sends the cipherDataKey, and the Key Manager uses the superKey to decrypt the cipherDataKey. If the decryption is successful, the dataKey of the node is returned to the node. The Key Manager can only be accessed on the intranet, and the external network outside the organization cannot access the KeyManager.

2. Description of Homomorphic Encryption and Zero-Knowledge Proof Technology

In this embodiment, homomorphic encryption and zero-knowledge proof are used as the core of privacy protection. When homomorphic encryption and zero-knowledge proof technology are used to complete a transaction in the blockchain, all input addresses in the same transaction belong to the same user set (the same person or an organization). The application layer needs to use the key pair (public key and private key) generated by the homomorphic encryption algorithm to process the transaction data. The processing process includes generating relevant evidence for various zero-knowledge proofs. Next, the application layer sends these encrypted transaction data and related evidence to the blockchain network, allowing the blockchain endorsement node to verify the legitimacy of the transaction data. Because the transaction data processed by all nodes in the whole process are encrypted ciphertext, the privacy protection of the data is achieved. The protocol design uses the existing homomorphic encryption algorithm and zero-knowledge proof algorithm to ensure correctness. In this embodiment, homomorphic encryption is combined with zero-knowledge proof to encrypt the data to be uploaded to the chain to ensure the privacy and security of the data on the chain. Zero-knowledge proof is used to ensure that the correctness of the constraint relationship is proved to the verifier without revealing the plaintext of the proved data. As shown in Figure 2, the specific steps are as follows:

Step 200: Initialize the key and generate the key generation functions, namely Setup, SecretKeyGe and PublickeyGen functions. Generate system security parameters params1 and params2 by running Setup. They are used for homomorphic encryption and zero-knowledge proof respectively.

Step 201: The client requests the privacy protection module to generate the user's public key Pk and private key Sk, as shown in the following formula:

；

;

；

;

Step 202: Return Pk and Sk to the client.

Step 203: The client requests data to be uploaded to the chain, and the request will be intercepted by the access control module and released after the authority is verified.

Step 204: After receiving the permission approval message, the client prepares to generate zero-knowledge proof or encrypt local data.

Step 205: The client encrypts the local data and generates a zero-knowledge proof. The specific formula for encrypting the local data is as follows:

；

;

The specific formula for generating zero-knowledge proof is as follows:

；

;

Step 206: The client uploads the encrypted data or zero-knowledge proof to the blockchain network interface.

Step 207: The network interface verifies the zero-knowledge proof or calculates the encrypted data according to the business scenario.

Step 208: If ciphertext calculation is required, the homomorphic encryption algorithm of the privacy protection module will be requested to perform homomorphic calculation. The specific formula is as follows:

；

;

Step 209: Return the operation result sData to the requesting node.

Step 210: In the scenario where zero-knowledge proof needs to be verified, the verification algorithm of zero-knowledge proof is used to ensure the correctness of the data source and protect the user's identity privacy. The specific verification formula is as follows:

Step 211: Return the calculation result or proof to the interface layer, and the interface layer makes a judgment based on the result.

Furthermore, in order to ensure that all transaction data in the blockchain is open and transparent, every participant can obtain a complete data backup, and to prevent data tampering from causing great troubles to users and enterprises due to the leakage of corporate trade secrets and personal privacy. This embodiment is based on homomorphic encryption and zero-knowledge proof data privacy protection algorithms. Different homomorphic encryption or zero-knowledge proof encryption algorithms are selected according to blockchain application scenarios and design requirements, breaking through the conditions for data privacy protection in the process of data sharing, collaboration and circulation, and ensuring the authenticity, validity, privacy and security of data in multiple scenarios.

In this embodiment, the fully homomorphic encryption algorithm GSW (fully homomorphic encryption algorithm based on lattice cipher) is selected as the homomorphic encryption algorithm. The GSW scheme proposes a homomorphic encryption scheme based on approximate eigenvectors to address the problem that the relinearization technology in the LWE algorithm is complex and computationally intensive. As a fully homomorphic encryption algorithm, it has the characteristics of simpler calculation and easier understanding.

，公钥pk表示为A，明文表示为

，密文表示为C。In the fully homomorphic encryption algorithm based on lattice cipher, the private key sk is represented as a vector

, the public key pk is represented by A, and the plain text is represented by

, the ciphertext is represented by C.

Get the Setup function for generating security parameters, the SecretKeyGen function for generating private keys, and the PublicKeyGen function for generating public keys.

选择一个模数q，

比特长，晶格尺寸参数

和误差分布函数

，

表示加密算法的系统安全参数，

表示同态运算的层数；同时选择参数

，并合并参数

，

，

；函数

表示复杂度；。In the Setup function,

Choose a modulus q,

Bit length, lattice size parameters

and the error distribution function

,

Represents the system security parameters of the encryption algorithm,

Indicates the number of layers of homomorphic operations; at the same time, select the parameters

, and merge the parameters

,

,

;function

Indicates complexity;.

，代表向量t的维度为n且属于素数有限域，输出私钥sk=

，并满足

。In the SecretKeyGen function, SecretKeyGen(params) sampling

, which means that the dimension of vector t is n and belongs to the prime finite field, and the output private key sk=

, and meet

.

和向量

，令

，让A是由

与n列矩阵B一起组成的n+1列矩阵，设公钥pk=A。In the PublicKeyGen function, PublicKeyGen(params,sk) uniformly randomly generates a matrix

and vector

,make

, let A be

Together with the n-column matrix B, it forms an n+1-column matrix, and the public key pk=A.

，

表示素数有限域，范围为(-q/2,q/2)，取样一个均值矩阵

，输出密文C，计算式如下：Message encryption algorithm Enc(params,pk,μ), which is the encrypted plaintext

,

Represents a prime finite field, ranging from (-q/2,q/2), sampling a mean matrix

, output ciphertext C, the calculation formula is as follows:

；

;

是它的反函数，Flatten(•)函数为

。The BitDecomp(•) function represents expanding each bit of the input in binary format.

is its inverse function, and the Flatten(•) function is

.

。Message decryption algorithm Decry(params,sk,C), decrypt ciphertext C to get

.

In some embodiments, the message decryption algorithm Decry(params,sk,C) introduces two decryption algorithms Dec(params,sk,C) and MPDec(params,sk,C);

，Dec(params,sk,C)中，观察向量

前

个系数

，让

，让

是C的第i行，计算：Dec was able to fully recover

, in Dec(params,sk,C), the observation vector

forward

Coefficient

,let

,let

is the i-th row of C, calculate:

；

;

，MPDec(params,sk,C)中，已知

，

的前

个系数为

，因此如果满足

，那么

的前

个系数为

，其中

。从

中恢复

，然后从

中恢复下一个最低有效位，以此类推，最终得到明文

；其中，Small表示在能够接受的噪音范围之内，LSB表示最低有效位（Least Significant Bit）是指一个二进制数字中的第0位（即最低位），权值为2^0，可以用它来检测数的奇偶性。与之相反的称之为最高有效位。在大端序中，LSB指最右边的位。最低有效位代表二进制数中的最小的单位，可以用来指示数字很小的变化。MPDec can recover any

, in MPDec(params,sk,C), it is known that

,

Before

The coefficient is

, so if

,So

Before

The coefficient is

,in

.from

Recovery

, then from

Recover the next least significant bit from the original text, and so on, and finally get the plaintext

; Small means within the acceptable noise range, LSB stands for Least Significant Bit, which refers to the 0th bit (i.e. the lowest bit) in a binary number, with a weight of 2^0, and can be used to detect the parity of a number. The opposite is called the Most Significant Bit. In big-endian order, LSB refers to the rightmost bit. The least significant bit represents the smallest unit in a binary number and can be used to indicate very small changes in a number.

Further, verify the full homomorphism, as follows:

(a) The BSW scheme provides four homomorphisms, namely MultConst (multiplication constant), Add (addition homomorphism), Mult (multiplication homomorphism) and NAND (NAND gate homomorphism).

(b) MultConst(C,a)

乘以已知常数

，设置

，并输出

，则：Ciphertext

Multiply by a known constant

,set up

, and output

,but:

(c) Add

，根据矩阵性质可知是满足加法同态的。Perform ciphertext addition and return

According to the properties of the matrix, it satisfies additive homomorphism.

(d) Mult

，可得以下公式。Perform ciphertext multiplication and return

, we can get the following formula.

，已知

的取值在{0,1}范围内，因此重点关注

。消息

的值越小，同态运算误差的增长就越小。Observation Noise

, known

The value of is in the range of {0,1}, so we focus on

.information

The smaller the value of , the smaller the growth of homomorphic operation error.

。Therefore, the NA Boolean circuit using NAND operation is introduced to limit the message space to small messages, namely NAND

.

(e) NAND

，可得以下公式。Perform NAND operation and return

, we can get the following formula.

；

;

是小消息，由于

，因此乘法的误差最多为N+1。NAND operation maintains homomorphism. If the input message satisfies the range of {0,1}, the output ciphertext will also be the encryption of {0,1}, thus ensuring

It's small news, because

, so the error of multiplication is at most N+1.

Zero-knowledge proof was first proposed by cryptographers such as Goldwasser in 1985. The prover needs to prove that they know certain secrets, but they do not need to show any useful information about the secret to convince the verifier that they are correct. The verifier converts the information they want to verify into evidence in the zero-knowledge proof through calculation, and the verifier randomly generates a series of challenges based on this information. The prover needs to complete these challenges with the secret information he owns, and this challenge process continues multiple times. If the prover can complete all the challenges randomly selected by the verifier, the zero-knowledge proof is verified and the verifier can believe that the prover knows the secret. This embodiment studies the zero-knowledge proof (zk-SNARK) algorithm, from QSP/QAP to Groth16. The algorithm proposed by Groth16 has very little proof data (2/3 proof data) and an expression verification. The following is an example of zero-knowledge proof verification:

Let 𝐹q be a finite field, elliptic curve E, Q be a point on elliptic curve E, and Q=nP, P is a public value, and n is a secret. For public points P, Q and elliptic curve E, the proof and verification method of zero-knowledge proof is as follows:

The prover needs to prove to the verifier that he knows the secret n without revealing it. He can do so by following the steps below.

Setp1: The prover randomly selects an integer 𝑟, 𝑟 < 𝑞. Calculate 𝑃1 = 𝑟𝑃, 𝑃2 = (𝑛−𝑟)𝑃, and send 𝑃1, 𝑃2 to the verifier.

Setp2: The verifier randomly asks the prover to send 𝑟i, i = 1, 2, where 𝑟1=𝑟, 𝑟2=𝑛−𝑟.

Setp3: After receiving 𝑟i, the prover verifies whether 𝑃i= 𝑟𝑖𝑃 and 𝑃1+𝑃2= 𝑄 hold.

Repeat the above three steps m times until the prover believes that the prover knows the secret n.

It can be proved that the probability of the prover successfully deceiving the verifier in each round is 1/2, because if the prover does not know the secret n, the prover wants to successfully deceive the verifier. The prover can do the following process:

The prover chooses an integer r and remembers 𝑃1= 𝑟𝑃, 𝑃2= 𝑄−𝑃1, and then sends it to the verifier according to the above steps. Suppose the verifier asks the prover to send 𝑟1= 𝑟, which happens to provide r. At this time, the prover successfully deceives the verifier. Suppose the verifier asks to send the number 𝑟2 corresponding to 𝑃2. Because the prover does not know the secret n, and getting the corresponding number 𝑟2 through 𝑃2 is a discrete logarithm problem based on the elliptic curve, the prover cannot get 𝑟2 anyway. Therefore, the probability that the prover can successfully deceive the verifier in each round is 1/2. After m rounds, the probability that the prover can successfully deceive the verifier is 1/2m. So after a sufficiently large number of times, if the prover can answer correctly every time, the verifier believes that the prover knows the secret n.

After the above process, the prover proves to the verifier that he knows the secret n without revealing any information about n to the verifier. In the specific zero-knowledge proof application environment, the proof problem must first be converted into the form of circuit gates and R1CS constraints, and then the transformed vector group is converted into a polynomial form. This transformation process is called QAP. A pair of keys (ek, vk) is generated during the trusted setup phase. ek is used to generate the proof condition, and vk is used to generate the verification proof.

3. Explain the identity privacy protection technology based on distributed identity

In the traditional way, user registration and identity management completely rely on a single central registration agency; with the emergence of distributed ledger technology (such as blockchain), distributed multi-center identity registration, identification and management become possible. In view of the problem that blockchain technology is difficult to prevent identity privacy leakage while maintaining identity and transaction anonymity, this embodiment studies blockchain identity privacy protection technology that avoids user identity information leakage, and achieves high security of user identity anonymity and privacy.

The WeIdentity distributed multi-center technical solution based on FISCO BCOS is studied. The WeIdentityDID module implements a set of distributed multi-center identity identification protocols that comply with the W3C DID specification on the underlying platform of the FISCO-BCOS blockchain, which enables the real identity of the entity (person or object) to realize the identity identification on the chain; at the same time, WeIdentity DID gives the Entity (person or object) the ability to directly own and control its own identity ID. In the real world, there are various data used to describe the identity of entities and the relationship between entities, such as identity cards, driving licenses, deposit certificates, prescriptions, graduation certificates, real estate certificates, credit reports, etc. WeIdentity Credential provides a complete set of solutions based on the W3C VC specification, aiming to standardize and digitize this type of data, generate verifiable and exchangeable "credentials", support selective disclosure of the attributes of the credentials, and generate on-chain evidence (Evidence). This embodiment combines its distributed identity identification module and verifiable digital credential module to achieve distributed and trusted data management.

WeIdentity can be widely used in entity identity identification and trusted data exchange scenarios. In the WeIdentity ecosystem, there are the following different roles: User (Entity), Issuer, the issuer of the certificate; Verifier, the user of the certificate.

The user (entity) will register their own WeIdentity DID on the chain, apply for a certificate from the issuer, and authorize the forwarding or directly present it to the user for use. The issuer verifies the entity's ownership of the WeIdentity DID, and then issues the entity's related certificates. The user will verify the entity's ownership of the WeIdentity DID, and then verify the authenticity of the certificate on the chain in order to handle related business.

By storing the entity's real identity and the content of the verifiable digital certificate off-chain, the entity is supported to minimize information or selectively disclose it to other institutions, while preventing any third party from reversely inferring the entity's identity in the real world or other scenarios to achieve privacy protection. First, an independent and unique DID is generated for different entities through user agents; second, the issuer verifies the entity's identity and DID ownership, and issues various electronic certificates for the entity. When the entity needs to handle business, the certificate can be presented directly to the user, or it can be forwarded to the user by the previously authorized credential storage institution through active authorization and authorization certificate storage on the chain. The above process ensures that the data is centered on the entity user, and at the same time, the entity identity, right confirmation, authorization and other operations are completed on the chain, which are traceable, verifiable and cannot be tampered with.

This embodiment uses a distributed trusted data transaction system and method that supports privacy protection to effectively solve the pain points of traditional data management, such as defects in data trust, data access, and data disaster recovery; at the same time, it focuses on solving the problem of data and identity privacy leakage after the addition of blockchain technology. Ensure that multiple users do not expose or selectively expose their identities during the transaction process, and use homomorphic computing to ensure the privacy of user data during data calculation. At the same time, for data stored on the chain, disk encryption and group isolation are used to control access to the stored content to prevent leakage of stored data. The specific beneficial effects can be divided into the following two aspects:

1) Protection against illegal use of data

The system is based on the unified digital identity system of the blockchain platform and adopts a distributed identity authentication model based on permission control. It changes the logic of user data usage, and the data rights are transferred from the custodian to the user. In a real sense, the user decides the access rights to their own data. It effectively solves the redundancy, island, privacy and regulatory issues that arise during the operation process. The system has the following characteristics: First, identity uniqueness, using DID-based identity information authentication to improve identity credibility; second, strong privacy, the participants have ownership, management and control rights over their digital identity and behavior data, and can be combined with zero-knowledge proof technology to make data available but invisible; third, strong supervision, users need the authorization of the regulatory agency when opening their identity, which facilitates the regulatory agency to supervise the users on the chain in real time. The system authenticates and controls data from multiple aspects such as storage management, permission control, and identity management to ensure that the data user will only expose the data access interface to the user on the basis of having the right to use the data.

2) Data privacy and security protection

The system uses homomorphic encryption and zero-knowledge proof combined with computing protocols to achieve identity anonymity privacy protection and data privacy protection in different scenarios. The fully homomorphic encryption algorithm is used to realize data calculation under ciphertext conditions without decryption, which improves data privacy and thus realizes ciphertext calculation. The use of zero-knowledge proof and identity privacy protection technology based on distributed identity can provide identity privacy protection and proof generation verification for scenarios involving both parties. In terms of data storage, disk encryption is used to ensure data storage privacy. The cost of data encryption and decryption calculations is reduced, and the privacy and security of data are improved.

An important significance of blockchain privacy protection is to reduce privacy threats in the real world. We cannot completely protect our privacy, but we can use blockchain technology to keep our data in our own hands and reduce the channels for leakage. Distributed high-trust data management systems and methods that support privacy protection are of great significance in dealing with the current blockchain technology facing the risk of privacy leakage and the dilemma of traditional data management being unable to guarantee credibility.

In summary, the distributed trusted data transaction method, system and device supporting privacy protection described in the present invention, during the data transaction process, introduces disk encryption on the basis of distributed storage to ensure the privacy of data during the storage process; during the transaction process, a distributed multi-center identity identification protocol is used to provide decentralized identity information for data providers and data demanders, thereby ensuring the user's identity privacy; by introducing homomorphic encryption and zero-knowledge proof in the transaction process, transaction calculation or authentication services are provided to users without disclosing the original data, thereby ensuring the privacy of transaction data.

Corresponding to the above method, the present invention also provides an apparatus/system, which includes a computer device, the computer device includes a processor and a memory, the memory stores computer instructions, the processor is used to execute the computer instructions stored in the memory, and when the computer instructions are executed by the processor, the apparatus/system implements the steps of the method described above.

The embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the aforementioned edge computing server deployment method are implemented. The computer-readable storage medium can be a tangible storage medium, such as a random access memory (RAM), a memory, a read-only memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a floppy disk, a hard disk, a removable storage disk, a CD-ROM, or any other form of storage medium known in the technical field.

It should be understood by those skilled in the art that the exemplary components, systems and methods described in conjunction with the embodiments disclosed herein can be implemented in hardware, software or a combination of the two. Whether it is performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of the present invention. When implemented in hardware, it can be, for example, an electronic circuit, an application-specific integrated circuit (ASIC), appropriate firmware, a plug-in, a function card, etc. When implemented in software, the elements of the present invention are programs or code segments used to perform the required tasks. The program or code segment can be stored in a machine-readable medium, or transmitted on a transmission medium or a communication link via a data signal carried in a carrier.

It should be clear that the present invention is not limited to the specific configuration and processing described above and shown in the figures. For the sake of simplicity, a detailed description of the known method is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of the present invention is not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps after understanding the spirit of the present invention.

In the present invention, features described and/or illustrated for one embodiment may be used in the same or similar manner in one or more other embodiments, and/or combined with features of other embodiments or replace features of other embodiments.

The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. For those skilled in the art, the embodiments of the present invention may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection scope of the present invention.

Claims (10)

1. A distributed trusted data transaction method supporting privacy protection, the method being performed by a data management module that also invokes a privacy protection module, a blockchain infrastructure, and a storage module via a data interface connection, the method comprising the steps of:

receiving a data uploading request sent by a data provider by the data management module, wherein the data uploading request comprises first authority information of the data provider; verifying the first authority information, and receiving transaction data of the data provider under the condition that verification is passed;

The data management module invokes the privacy protection module to generate a first decentralised identity of the data provider by using an identity identification protocol based on a distributed multi-center, and feeds the first decentralised identity back to the data provider; the privacy protection module encrypts the transaction data by adopting a homomorphic encryption algorithm to obtain a transaction ciphertext;

the data management module invokes the blockchain infrastructure to store the first decentralised identity and the transaction ciphertext in a distributed uplink manner to the storage module based on falling disk encryption, and obtains a first storage result and a first uplink transaction receipt which are sent to the data management module;

receiving a data transaction request sent by a data demand party by the data management module, wherein the data transaction request comprises second authority information of the data demand party; verifying the second authority information, and under the condition that verification is passed, generating a second decentralised identity of the data requiring party by using an identity identification protocol based on a distributed multi-center by using the privacy protection module, and sending the second decentralised identity to the data requiring party;

the data management module calls the privacy protection module to perform homomorphic calculation on the transaction ciphertext or generate zero knowledge proof according to the data transaction request;

The data management module invokes the blockchain infrastructure to acquire a first decentralised identity of a data provider corresponding to the data transaction request;

the data management module calls the privacy protection module to send the homomorphic calculation result or the zero knowledge proof to the blockchain infrastructure, and the blockchain infrastructure performs distributed storage to the storage module based on the disc-falling encryption to obtain a second storage result and a second uplink transaction receipt;

the blockchain infrastructure sending the second stored result and the second uplink transaction receipt to the data management module;

the data management module sends the results of the homomorphic calculation or the zero knowledge proof to the data demander and sends a trusted credential containing the first decentralized identity to the data demander.

2. The method for transaction of distributed trusted data supporting privacy protection according to claim 1, wherein the privacy protection module encrypts the transaction data by using a homomorphic encryption algorithm to obtain a transaction context, and the homomorphic encryption algorithm uses a homomorphic encryption algorithm based on a lattice password.

3. The privacy preserving distributed trusted data transaction method as claimed in claim 2, whichCharacterized in that, in the isomorphic encryption algorithm based on the lattice password, the private key sk is expressed as a vector

Public key pk is denoted as A and plaintext is denoted as +.>

Ciphertext is denoted as C;

acquiring a Setup function for generating security parameters, a SecretKeyGen function for generating a private key and a PublicKeyGen function for generating a public key;

in the set function, the set function is used,

selecting a modulus q,

Bit length, lattice size parameter

And error distribution function->

，

System security parameters representing encryption algorithm +.>

The number of layers representing homomorphic operation; simultaneously select the parameters->

And combining parameters->

，

The method comprises the steps of carrying out a first treatment on the surface of the Function->

Representing complexity;

in the SecretKeyGen function, secretKeyGen (params) samples

The dimension representing the vector t is n and belongs to prime finite field, and the output private key sk= = -j>

And meet->

；

In the publicKeyGen function, a matrix is uniformly and randomly generated by publicKeyGen (params, sk)

Sum vector->

Let->

Let A be->

An n+1 column matrix composed with n column matrices B, provided with a public key pk=a;

message encryption algorithm Enc (params, pk, μ), which is encryption of plaintext

Representing prime finite field, the range is (-q/2, q/2), sampling an average matrix >

The ciphertext C is output as follows:

；

wherein the BitDecomp ()'s function represents that each bit of the input is spread out in binary,

is an inverse function thereof, the Flatten ()'s function is +.>

；

Message decryption algorithm Decry (params, sk, C), decrypting ciphertext C

。

4. A distributed trusted data transaction method supporting privacy protection as claimed in claim 3, wherein said message decryption algorithm Dec (params, sk, C) is introduced with two decryption algorithms Dec (params, sk, C) and MPDec (params, sk, C);

in Dec (params, sk, C), the vectors are observed

Front->

Personal coefficient->

Let->

Let->

Is line i of C, calculate:

；

MPDec (params, sk, C) is known to

，

Before->

The number of coefficients is->

Thus if it meets->

Then->

Before->

The number of coefficients is->

Wherein->

The method comprises the steps of carrying out a first treatment on the surface of the From->

Middle recovery->

Then from->

The next least significant bit is recovered, and so on, finally the plaintext ++>

The method comprises the steps of carrying out a first treatment on the surface of the Wherein Small represents within an acceptable noise range.

5. The privacy preserving distributed trusted data transaction method of claim 1, wherein said method employs a fsco BCOS distributed storage architecture to store said first de-centralized identity, said transaction ciphertext, results of said homomorphic computation, and/or said zero knowledge proof.

6. A distributed trusted data transaction system supporting privacy protection, comprising:

a data management module for connecting the data provider and the data demander's clients and performing the distributed trusted data transaction method supporting privacy protection as claimed in any one of claims 1 to 5;

the privacy protection module is connected with the data management module through a data interface and is used for calling and executing homomorphic encryption algorithms;

a blockchain infrastructure comprising a plurality of network nodes connecting the privacy protection module and the data management module for accounting transactions;

and the storage module is used for storing the transaction data in a distributed mode.

7. The privacy preserving distributed trusted data transaction system of claim 6 wherein the storage module unifies SQL and NOSQL via abstract table structures based on a fsco BCOS distributed storage architecture to support LevelDB, rocksDB and MySQL.

8. The privacy preserving distributed trusted data transaction system of claim 6 wherein the privacy preserving module provides de-centralized identification for the data provider and the data demander's clients based on the identification protocol of the weidity DID distributed multi-center.

9. A distributed trusted data transaction device supporting privacy protection, comprising a processor and a memory, wherein said memory has stored therein computer instructions for executing the computer instructions stored in said memory, which when executed by the processor, implement the steps of the method of any one of claims 1 to 5.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 5.

Images