CN116614231B

CN116614231B - Data holding proving method, system, equipment and storage medium

Info

Publication number: CN116614231B
Application number: CN202310890878.6A
Authority: CN
Inventors: 张宇; 王翊心; 张庆勇
Original assignee: Beijing Infosec Technologies Co Ltd
Current assignee: Beijing Infosec Technologies Co Ltd
Priority date: 2023-07-19
Filing date: 2023-07-19
Publication date: 2023-09-22
Anticipated expiration: 2043-07-19
Also published as: CN116614231A

Abstract

The embodiment of the invention provides a data holding proving method, a system, equipment and a storage medium, wherein the method comprises the following steps: the target proving party acquires target data to be protected, and generates a first target proving according to a key negotiation result held by the target proving party and the target data to be protected. The target prover then sends the first target proof to the other provers to generate a second target proof by the other provers from the first target proof and the alternative data to be protected. Wherein, other proving party is at least one. When the verifier is used as an attacker to acquire complete data to be protected, at least two proving parties need to be invaded, which obviously increases the difficulty of acquiring the data to be protected, thereby improving the security of the data to be protected.

Description

Data holding proving method, system, equipment and storage medium

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, a system, an apparatus, and a storage medium for proving data holding performance.

Background

Zero knowledge proof methods include interactive proof methods and non-interactive proof methods. Non-interactive attestation methods do not require the interaction between the attestation party and the verifier to produce an attestation, which has significant advantages over interactive attestation methods. In the non-interactive proof method, zero-knowledge succinct non-interactive proof of knowledge (zero knowledge Succinct Non-interactive Argument of Knowledge, abbreviated as ) Is a non-interactive zero knowledge proving method commonly used at present.

At the position ofIn the method, the prover sends a proof to the verifier to indicate that the prover holds the secret, i.e. the data to be protected. And sent by the verifier according to the proverDuring the course of determining that the prover holds the data to be protected, the prover does not reveal any information about the data itself to be protected. If the verifier acts as an attacker when the prover has an attack after the process of determining that the prover holds the data to be protected, the security of the data to be protected is greatly reduced. Therefore, on the basis of the above description, how to increase the difficulty of acquiring the data to be protected is a problem to be solved.

Disclosure of Invention

In view of this, the embodiments of the present invention provide a method, a system, an apparatus, and a storage medium for proving data holding capability, which are used to increase difficulty in acquiring data to be protected and improve security of the data to be protected.

In a first aspect, an embodiment of the present invention provides a data-holding proving method, applied to a target proving party, including:

acquiring target data to be protected;

generating a first target certificate according to a key negotiation result held by the target proving party and the target data to be protected, wherein the first target certificate reflects the target data to be protected and is stored in the target proving party;

Sending the first target certificate to other certificates to generate a second target certificate by the other certificates according to the first target certificate and the alternative data to be protected, wherein the target data to be protected and the alternative data to be protected form original data to be protected;

the second target attestation reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target attestation party and the other attestation party, and the other attestation party is at least one.

In a second aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory, where the memory is configured to store one or more computer instructions, and the one or more computer instructions implement the method for proving data holding in the first aspect when executed by the processor. The electronic device may also include a communication interface for communicating with other devices or communication networks.

In a third aspect, embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to at least implement a method of proving data-holding properties as described in the first aspect.

In a fourth aspect, embodiments of the present invention provide a data-holding attestation system, the system comprising a target attestation party and other attestation parties, the other attestation parties being at least one;

the target proving party is used for acquiring target data to be protected; generating a first target certificate according to a key negotiation result held by the target proving party and the target data to be protected, wherein the first target certificate reflects the target data to be protected and is stored in the target proving party; transmitting the first target attestation to the other attestation party;

the other proving party is used for generating a second target proving according to the first target proving and the alternative data to be protected, and the target data to be protected and the alternative data to be protected form original data to be protected; the second target attestation reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target attestation party and the other attestation party.

According to the data holding proving method provided by the embodiment of the invention, the target proving party acquires target data to be protected. Then, the target proving party can generate a first target proving according to the key negotiation result held by the target proving party and the target data to be protected. The first target proving reflects that target data to be protected is stored in the target proving party. The target prover may then send the first target proof to the other prover to generate a second target proof by the other prover from the first target proof and the alternative data to be protected. The target data to be protected and the alternative data to be protected form original data to be protected, the second target evidence reflects that the target data to be protected and the alternative data to be protected are respectively stored in a target proving party and other proving parties, and at least one other proving party is used.

It can be seen that a plurality of proving parties can jointly generate target proving according to the data to be protected which are stored respectively. When the verifier is used as an attacker to acquire complete data to be protected, at least two proving parties are required to be invaded, and a plurality of proving parties are obviously invaded with higher difficulty, so that the acquisition difficulty of the data to be protected is obviously increased, and the safety of the data to be protected is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flowchart of a method for proving data holding property according to an embodiment of the present invention;

FIG. 2 is a flowchart of a method for generating a first target certificate according to an embodiment of the present invention;

FIG. 3 is a flowchart of a method for generating a second target certificate according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a data-holding verification system according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a data-holding proving apparatus according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device corresponding to the data-holding proving apparatus provided by the embodiment shown in fig. 5.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, the "plurality" generally includes at least two, but does not exclude the case of at least one.

It should be understood that the term "and/or" as used herein is merely one relationship describing the association of the associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to an identification", depending on the context. Similarly, the phrase "if determined" or "if identified (stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when identified (stated condition or event)" or "in response to an identification (stated condition or event), depending on the context.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a product or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such product or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a commodity or system comprising such elements.

Fig. 1 is a flowchart of a method for proving data holding property according to an embodiment of the present invention. The data holding proving method provided by the embodiment of the invention can be executed by the data holding proving device. It is understood that the data-holding proving device may be implemented as software, or as a combination of software and hardware. The method of proving data holding is as shown in fig. 1, and includes the steps of:

s101, acquiring target data to be protected.

Alternatively, in the scenario where the bank handles a loan for the user, the original data to be protected may be the user's real payroll, i.e. the secret data that the user does not want the bank to learn. In a blockchain privacy transaction scenario, the original data to be protected may be the transfer amount between the payer and the payee, i.e., secret data that the payer does not want others other than the payee to learn.

Alternatively, for the splitting of the original data to be protected, it may be performed by the proving device or other stand-alone device, and the proving device may be in the role of the target proving party throughout the scheme. The target prover may be any one of the at least one prover.

The original data to be protected can be split in a mode of unequal splitting of the data. Wherein, the meaning of unequal split is: the data in each piece of data to be protected obtained after splitting is different, and a specific splitting process can be described in the following embodiments. After splitting the original data to be protected into a plurality of data to be protected, any one of the plurality of data to be protected can be used as target data to be protected, and other data to be protected can be used as alternative data to be protected and obtained by different other proving parties.

S102, generating a first target certificate according to a key negotiation result held by the target proving party and target data to be protected, wherein the first target certificate reflects the target data to be protected and is stored in the target proving party.

Based on the target data to be protected obtained in step S101, the proving apparatus may calculate the target data to be protected and the key negotiation result held by itself, so as to generate a first target proof. The first target certificate may reflect that the target data to be protected is stored in the target proving party. The key negotiation result may specifically be a result obtained by the target proving party and other proving parties through a key negotiation algorithm.

And S103, the first target certification is sent to other certifiers, so that the other certifiers generate second target certification according to the first target certification and the alternative data to be protected, the target data to be protected and the alternative data to be protected form original data to be protected, the second target certification reflects the target data to be protected and the alternative data to be protected and are respectively stored in the target certifiers and the other certifiers, and the other certifiers are at least one.

The proving device may send the first target proof obtained in step S102 to other proving parties, so that the other proving parties calculate the first target proof and the alternative data to be protected stored by themselves to generate the second target proof. The target data to be protected and the alternative data to be protected form original data to be protected, the second target certificate can reflect that the target data to be protected and the alternative data to be protected are respectively stored in a target proving party and other proving parties, and at least one other proving party is used.

If the other proving party is one, the proving device can directly send the first target proving to the other proving party, and the other proving party can calculate the first target proving and the alternative data to be protected stored by the other proving party so as to obtain the second target proving.

If the other proving parties are two, the proving device can send the first target proving to a first other proving party in the plurality of other proving parties, the first other proving party can calculate the first target proving and the first alternative data to be protected stored in the first other proving party, and send the calculation result to a second other proving party, and the second other proving party calculates according to the calculation result and the second alternative data to be protected stored in the second other proving party, so as to obtain the second target proving. Wherein the first other proving party may be any one of a plurality of other proving parties.

In this embodiment, the proving device obtains the target data to be protected, and generates the first target certificate according to the key negotiation result held by the target proving party and the target data to be protected. The first target proving reflects that target data to be protected is stored in the target proving party. The attestation means then sends the first target attestation to the other attestation party to generate a second target attestation by the other attestation party from the first target attestation and the alternative data to be protected. The target data to be protected and the alternative data to be protected form original data to be protected, and the second target certificate reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target proving party and other proving parties.

For the unequal splitting process mentioned in the embodiment shown in fig. 1, the splitting process is to restrict the original data to be protected within a certain range, that is, only the target data to be protected and the alternative data to be protected obtained after splitting meet the preset condition. The preset conditions may include: the original data to be protected is equal to a remainder result of the first calculation result and the preset prime number, and the first calculation result may include a sum of the target data to be protected and the alternative data to be protected. The original data to be protected may be represented as a first array, the target data to be protected obtained by splitting may be represented as a second array, the candidate data to be protected obtained by splitting may be represented as a third array, and the first calculation result may be represented as a fourth array. That is, the preset condition may be further understood from the following description, the first array is equal to a remainder result of the fourth array and the preset prime number, and the elements in the fourth array may include a sum of elements in the same position in the second array and the third array.

For easy understanding, the above-mentioned unequal splitting process of the original data to be protected can be described in detail with the following formula:

if other syndromesThe total number of proving parties is 2 if the number of proving parties is one. At this time, the target proving party can protect the original dataSplitting to obtain target data to be protected +.>And alternative data to be protected +.>. And the following relations are satisfied among the elements in the original data to be protected, the elements in the target data to be protected and the elements in the alternative data to be protected: />, …，. Wherein (1)>Representing a finite field; (m-l) is the number of elements in the data to be protected; p is a preset prime number, and the value range is +.>。

Wherein, the first element in the target to-be-protected data obtained after splittingFirst element +.>And the other elements in the target data to be protected are not equal to the other elements in the same position in the alternative data to be protected.

If the other proving parties are two, the total number of proving parties is 3. At this time, the target proving party can protect the original dataSplitting to obtain target data to be protected +.>First alternative data to be protected +.>Second alternative data to be protected . And the following relations are satisfied among the elements in the original data to be protected, the elements in the target data to be protected and the elements in the alternative data to be protected: />，…，。

Wherein, the first element in the target to-be-protected data obtained after splittingFirst element +.>And the first element +.in the second alternative data to be protected>All are not equal, and the other elements in the target data to be protected are not equal to the other elements in the same position in the alternative data to be protected.

It should be noted that, in this embodiment, only one and two other proving parties are listed, and this splitting manner is equally applicable to the case of three other proving parties, or even more other proving parties, which is not limited in any way.

In this embodiment, the splitting process of the original data to be protected is constrained within a certain range, so that the target data to be protected and the candidate data to be protected obtained after splitting are unequal. Compared with the method that the original data to be protected is split in an equivalent way, namely, the plurality of provinces can know the stored data to be protected mutually, the method that the original data to be protected is split in an unequal way through the preset condition can ensure that the split data to be protected stored in the plurality of provinces has certain randomness, namely, the plurality of provinces cannot know the stored data to be protected mutually. When any one of the plurality of proving parties is used as an attacker to acquire complete data to be protected, the plurality of proving parties do not know the data to be protected which are stored respectively, the difficulty in acquiring the data to be protected is obviously increased, and therefore the security of the data to be protected is improved.

In the embodiment shown in fig. 1, it has been described that the proving apparatus may generate the first target proof according to the key negotiation result held by itself and the target data to be protected.

The generation process of the first target credential when the other credential is one may be described in detail below: the first target proof may appear as a fifth array, i.e. Wherein (1)>Representing a first target proof->Representing the first element in the fifth array, < +.>Representing the second element in the fifth array, < +.>Representing the third element in the fifth array.

The generating process of the first element to the third element in the first target certificate may be specifically shown in fig. 2, and fig. 2 is a flowchart of a generating method of the first target certificate provided by an embodiment of the present invention, where the method may include the following steps:

s201, adding the inner product result between the target data to be protected and the corresponding element in the first weight parameter, the first random parameter, the inner product result between the published data and the corresponding element in the second weight parameter and the product result between the second random parameter and the first result to obtain a first intermediate element.

First intermediate elementThe calculation process of (1) is as follows: the proving device can perform addition operation on the inner product result between the target data to be protected and the corresponding element in the first weight parameter, the first random parameter, the inner product result between the disclosed data and the corresponding element in the second weight parameter and the product result between the second random parameter and the first result to obtain a first intermediate element- >. Wherein the first weight parameter and the second weight parameter may be represented as an array. The first intermediate element may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing a first random parameter, ">Representing a second random parameter, the random parameter acts to constrain the polynomial equation so that the equation in the verification process holds. />The first result is represented, and the first result may be a key negotiation result calculated by the target proving party and other proving parties through a key negotiation algorithm, which is used for increasing randomness of data.Representing the result of the inner product between the target data to be protected and the corresponding element in the first weight parameter,。/>representing the result of the inner product between the published data and the corresponding element in the second weight parameter,. When x is given a particular value, +.>Can be regarded as a known value.

S202, adding the inner product result between the target data to be protected and the corresponding element in the third weight parameter, the inner product result between the third random parameter, the published data and the corresponding element in the fourth weight parameter and the product result between the second random parameter and the second result to obtain a second intermediate element.

Second intermediate element The calculation process of (1) is as follows: the proving device can add the inner product result between the target data to be protected and the corresponding element in the third weight parameter, the third random parameter, the inner product result between the disclosed data and the corresponding element in the fourth weight parameter and the product result between the second random parameter and the second result to obtain a second intermediate element->. The second intermediate element may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing a third random parameter whose effect is equal to the first random parameter +.>And a second random parameter->The same is not described in detail herein. In addition, the first to third random parameters mentioned above may be obtained by a key agreement algorithm, and the first to third random parameters may be shared between the target proving party and other proving parties. />And representing a second result, which may be a key negotiation result calculated by the target proving party and other proving parties through a key negotiation algorithm, and is used for increasing the randomness of the data. />Representing the result of the inner product between the target data to be protected and the corresponding element in the third weight parameter,/-, and>。/>representing the result of the inner product between the published data and the corresponding element in the fourth weight parameter,/- >. When x is given a particular value, +.>Can be regarded as a known value.

S203, performing addition operation on the product result between the third random parameter and the first weight parameter, the product result between the first random parameter and the third weight parameter and the fifth weight parameter to obtain a second calculation result.

S204, performing addition operation on the first inner product result and the first product result to obtain a third calculation result, wherein the first inner product result comprises an inner product result between the second calculation result and a corresponding element in the target data to be protected, and the first product result comprises a product result between a sixth weight parameter and a seventh weight parameter.

S205, adding the division result between the third calculation result and the second random parameter, the product result between the first intermediate element and the second result and the product result between the second intermediate element and the first result to obtain a fourth calculation result.

S206, subtracting a second product result from the fourth calculation result to obtain a third intermediate element, wherein the second product result comprises a product result among the first result, the second result and the second random parameter.

Third intermediate elementThe calculation process of (1) is as follows: the proving device can perform addition operation on the product result between the third random parameter and the first weight parameter, the product result between the first random parameter and the third weight parameter and the fifth weight parameter to obtain a second calculation result. The proving device may then add the first inner product result to the first product result to obtain a third calculation result. The first inner product result comprises an inner product result between the second calculation result and a corresponding element in the target data to be protected, and the first product result comprises a product result between the sixth weight parameter and the seventh weight parameter.

Then, the proving device can add the division result between the third calculation result and the second random parameter, the product result between the first intermediate element and the second result, and the product result between the second intermediate element and the first result to obtain a fourth calculation result. Finally, the proving apparatus may subtract the second product result from the fourth calculation result to obtain a third intermediate element. Wherein the second productThe result comprises a product result between the first result, the second result and the second random parameter.

The third intermediate element may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing the first inner product result,/->Representing the second calculation result,/->Representing a fifth weight parameter, when x is given to be a specific value +.>Can be regarded as a known value. />The third random parameter is represented, the first to third random parameters mentioned above may be shared between the target proving party and the other proving party, and each random parameter may be generated by a key agreement algorithm. />Representing a sixth weight parameter,/->The seventh weight parameter is indicated, and the sixth weight parameter and the seventh weight parameter are also known values. ThenRepresenting the third calculation result.

First resultAnd second outcome->And the key agreement results are obtained, and r and s are numerical values, so that the randomness of the data is increased. Then->The fourth calculation result is represented.

S207, determining the dot product result of the first intermediate element and the first generator as the first element in the fifth array, wherein the first generator is a point on the elliptic curve.

S208, determining the dot product result of the second intermediate element and the second generator as the second element in the fifth array, wherein the second generator is a point on the elliptic curve.

S209, determining the dot product result of the third intermediate element and the first generator as the third element in the fifth array.

S210, determining a first target proof according to the first element in the fifth array, the second element in the fifth array and the third element in the fifth array.

For the first element in the fifth arrayThe proving means can add the first intermediate element +.>The dot product result with the first generator, which is a point on the elliptic curve and can be expressed as ++>I.e. +.>。

For the second element in the fifth arrayThe proving means can add the second intermediate element +.>The dot product with the second generator, which is also a point on the elliptic curve, can be expressed as +. >I.e. +.>。

For the third element in the fifth arrayThe proving means can add the third intermediate element +.>Is->As the third element in the fifth array, i.e. +.>。

Based on the calculated first element in the fifth arraySecond element in fifth array +.>And third element +.in fifth array>Combining the first element to the third element to obtain a final fifth array, namely a first target evidence +.>。

In this embodiment, after the split data to be protected is respectively stored in the multiple provinces, the proving device may perform corresponding calculation according to the target data to be protected stored by the target proving party and the held key negotiation result, so as to better generate the first target proving.

The process by which the attestation means generates the first target attestation has been described in the embodiment shown in fig. 2. After the attestation means generates the first target attestation, the first target attestation may also be sent to the other attestation party to generate a second target attestation from this first target attestation by the other attestation party. Wherein the second target proof may appear as a sixth array, i.e. Wherein (1)>Representing a second target proof- >Representing the first element in the sixth array, < +.>Representing the second element in the sixth array, < +.>Representing the third element in the sixth array.

When the other proving party is one, fig. 3 is a flowchart of a second target proving generation method provided by the embodiment of the present invention, where the method may include the following steps:

s301, determining a dot product result of the first generating element and a second inner product result as a fifth calculation result, wherein the second inner product result comprises inner product results between the candidate data to be protected and corresponding elements in the first weight parameters.

S302, performing point addition operation on the fifth calculation result and the first element in the fifth array to obtain the first element in the sixth array.

First element in sixth arrayThe calculation process of (1) is as follows: other proving parties can make the right toFive calculation results and the first element in the fifth array +.>And performing a point addition operation to obtain a first element in the sixth array. The fifth calculation result is a dot product result of the second inner product result and the first generation element, the second inner product result comprises an inner product result between the data to be protected and the corresponding element in the first weight parameter, the first element in the fifth array is the dot product result, and the dot addition operation is to add the two dot product results.

The first element in the sixth array may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing the fifth calculation result,/->Representing the second inner product result.

S303, determining a third inner product result and a dot product result of the second generator as a sixth calculation result, wherein the third inner product result comprises an inner product result between the candidate data to be protected and the corresponding element in the third weight parameter.

S304, performing point addition operation on the sixth calculation result and the second element in the fifth array to obtain the second element in the sixth array.

Second element in sixth arrayThe calculation process of (1) is as follows: other proving party can add the second element in the sixth calculation result and the fifth array +.>And performing a point addition operation to obtain a second element in the sixth array.

The second element in the sixth array may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing the sixth calculation result,/->And representing a third inner product result, wherein the third inner product result comprises an inner product result between the alternative data to be protected and the corresponding element in the third weight parameter.

S305, performing division operation on the fourth inner product result and the second random parameter to obtain a seventh calculation result, wherein the fourth inner product result comprises an inner product result between the second calculation result and a corresponding element in the alternative data to be protected.

S306, determining a dot product result between the seventh calculation result and the first generator as an eighth calculation result.

S307, determining a dot product result between a third product result and the first generator as a ninth calculation result, wherein the third product result comprises a product result between the second inner product result and the second result.

S308, determining a dot product result between the fourth product result and the first generator as a tenth calculation result, wherein the fourth product result comprises a product result between the third inner product result and the first result.

S309, performing a dot addition operation on the third element, the eighth calculation result, the ninth calculation result and the tenth calculation result in the fifth array to obtain the third element in the sixth array.

Third element in sixth arrayThe calculation process of (1) is as follows: the other proving party can perform division operation on the fourth inner product result and the second random parameter to obtain a seventh calculation result, and compare the seventh calculation result with the second random parameterThe dot product result between the first generation elements is used as an eighth calculation result. The fourth inner product result comprises an inner product result between the second calculation result and a corresponding element in the alternative data to be protected. Then, the other proving party may take, as a ninth calculation result, a dot product result between a third product result and the first generator, the third product result including a product result between the second inner product result and the second result. The other proving party may then take as a tenth calculation result a dot product result between a fourth product result and the first generator, the fourth product result comprising a product result between the third inner product result and the first result. Finally, the third element in the fifth array is +. >And performing point addition operation on the eighth calculation result, the ninth calculation result and the tenth calculation result to obtain a third element in the sixth array.

The third element in the sixth array may be formulated as follows:

wherein, the liquid crystal display device comprises a liquid crystal display device,representing the eighth calculation result, ++>Representing the ninth calculation result,/->The tenth calculation result is shown. In addition, the meaning and effect of each parameter in the formula can be referred to the description in each embodiment, and will not be repeated here.

S310, determining a second target proof according to the first element in the sixth array, the second element in the sixth array and the third element in the sixth array.

Based on the first element in the sixth array obtained by calculationSecond element in sixth array +.>And a third element in a sixth array +.>Combining the first element to the third element to obtain the final sixth array, namely the second target evidence +.>。

In this embodiment, based on the first target certificate generated by the certification device, other certificates may calculate according to the received first target certificate and the alternative data to be protected stored in the other certificates, so as to better generate the second target certificate.

The target proving party and other proving parties mentioned in the above embodiments can together form a data-holding proving system, which can perform corresponding processing on the original data to be protected to finally generate the target proving. Fig. 4 is a schematic structural diagram of a data-holding verification system according to an embodiment of the present invention, where, as shown in fig. 4, the data-holding verification system includes: target proving party and other proving party, other proving party is at least one.

The target proving party can acquire target data to be protected, and calculate a key negotiation result held by the target proving party and the target data to be protected so as to generate a first target proving. The target prover then sends the first target proof to the other provers. The first target certificate reflects that target data to be protected is stored in the target certificate party, and the key negotiation result is obtained after the target certificate party performs key negotiation with other certificate parties.

The other proving party can generate a second target proving according to the first target proving generated by the target proving party and the alternative data to be protected stored by the other proving party, wherein the target data to be protected and the alternative data to be protected form original data to be protected, and the second target proving reflects the target data to be protected and the alternative data to be protected to be stored in the target proving party and the other proving party respectively.

The proving device can split the original data to be protected in a mode of unequal data splitting, namely the data in each piece of data to be protected obtained after splitting is different. Specifically, the unequal splitting process refers to a splitting process of restricting original data to be protected within a certain range, namely, only if target data to be protected and alternative data to be protected obtained after splitting meet preset conditions. The preset conditions may include: the original data to be protected is equal to a remainder result of the first calculation result and the preset prime number, and the first calculation result may include a sum of the target data to be protected and the alternative data to be protected. The original data to be protected may be represented as a first array, the target data to be protected obtained after splitting may be represented as a second array, the candidate data to be protected obtained after splitting may be represented as a third array, and the first calculation result may be represented as a fourth array. That is, the preset condition may be further understood from the following description, the first array is equal to a remainder result of the fourth array and the preset prime number, and the elements in the fourth array may include a sum of elements in the same position in the second array and the third array.

In addition, for the specific generation process of the first target proof and the second target proof, reference may be made to the descriptions in the above embodiments, and a detailed description is not given here.

In this embodiment, the data-holding proving system includes: target proving party and other proving party, other proving party is at least one. The target proving party is used for acquiring target data to be protected, and calculating a key negotiation result held by the target proving party and the target data to be protected so as to generate a first target proving. The first target proving reflects that target data to be protected is stored in the target proving party. The other proving party can generate a second target proving according to the first target proving generated by the target proving party and the alternative data to be protected stored by the other proving party. The target data to be protected and the alternative data to be protected form original data to be protected, and the second target certificate reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target proving party and other proving parties.

In addition, the details of the embodiment that are not described in detail and the technical effects that can be achieved can be referred to the related descriptions in the above embodiments, which are not described herein.

A data-holding proving apparatus of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these data holding verification means may be constructed using commercially available hardware components configured by the steps taught by the present solution.

Fig. 5 is a schematic structural diagram of a device for proving data holding property according to an embodiment of the present invention, where, as shown in fig. 5, the device includes:

the acquiring module 11 is configured to acquire target data to be protected.

And the first target proof generating module 12 is configured to generate a first target proof according to a key negotiation result held by the target proof party and the target data to be protected, where the first target proof reflects the target data to be protected and is stored in the target proof party.

A sending module 13, configured to send the first target credential to another proving party, so that the other proving party generates a second target credential according to the first target credential and the alternative data to be protected, where the target data to be protected and the alternative data to be protected form original data to be protected; the second target attestation reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target attestation party and the other attestation party, and the other attestation party is at least one.

The original data to be protected is represented as a first array, the target data to be protected is represented as a second array, the alternative data to be protected is represented as a third array, and the number of elements from the first array to the third array is the same; the first array is equal to a first calculation result and a remainder result of a preset prime number, the first calculation result is a fourth array with the same number as the first array elements, and the elements in the fourth array comprise the sum of the elements in the same positions in the second array and the third array.

Optionally, the first target proof generating module 12 is configured to perform an addition operation on an inner product result between the target data to be protected and a corresponding element in the first weight parameter, a first random parameter, an inner product result between the published data and a corresponding element in the second weight parameter, and a product result between a second random parameter and the first result, so as to obtain a first intermediate element;

performing addition operation on an inner product result between the target data to be protected and a corresponding element in the third weight parameter, a third random parameter, an inner product result between the published data and a corresponding element in the fourth weight parameter, and a product result between the second random parameter and the second result to obtain a second intermediate element;

Performing addition operation on the product result between the third random parameter and the first weight parameter, the product result between the first random parameter and the third weight parameter and the fifth weight parameter to obtain a second calculation result;

performing addition operation on a first inner product result and a first product result to obtain a third calculation result, wherein the first inner product result comprises an inner product result between the second calculation result and a corresponding element in the target data to be protected, and the first product result comprises a product result between a sixth weight parameter and a seventh weight parameter;

performing an addition operation on the division result between the third calculation result and the second random parameter, the product result between the first intermediate element and the second result, and the product result between the second intermediate element and the first result to obtain a fourth calculation result;

subtracting a second product result from the fourth calculation result to obtain a third intermediate element, wherein the second product result comprises a product result among the first result, the second result and the second random parameter;

Determining the dot product result of the first intermediate element and a first generating element as a first element in the fifth array, wherein the first generating element is a point on an elliptic curve;

determining the dot product result of the second intermediate element and a second generator as a second element in the fifth array, wherein the second generator is a point on an elliptic curve;

determining the dot product result of the third intermediate element and the first generator as a third element in the fifth array;

and determining a first target proof according to the first element in the fifth array, the second element in the fifth array and the third element in the fifth array.

Wherein the first target proof is represented as a fifth array, and the first weight parameter to the fifth weight parameter are represented as arrays; the key agreement result includes a first result and a second result.

Optionally, the apparatus further includes a second target proof generating module 14, configured to determine a second inner product result and a dot product result of the first generator as a fifth calculation result, where the second inner product result includes an inner product result between the candidate data to be protected and a corresponding element in the first weight parameter;

Performing point addition operation on the fifth calculation result and the first element in the fifth array to obtain the first element in the sixth array;

determining a third inner product result and a dot product result of the second generator as a sixth calculation result, wherein the third inner product result comprises an inner product result between the alternative data to be protected and a corresponding element in the third weight parameter;

performing point addition operation on the sixth calculation result and the second element in the fifth array to obtain a second element in the sixth array;

performing division operation on a fourth inner product result and the second random parameter to obtain a seventh calculation result, wherein the fourth inner product result comprises an inner product result between the second calculation result and a corresponding element in the alternative data to be protected;

determining a dot product result between the seventh calculation result and the first generation element as an eighth calculation result;

determining a dot product result between a third product result and the first generator as a ninth calculation result, wherein the third product result comprises a product result between the second inner product result and the second result;

determining a dot product result between a fourth product result and the first generator as a tenth calculation result, the fourth product result including a product result between the third inner product result and the first result;

Performing point addition operation on the third element in the fifth array, the eighth calculation result, the ninth calculation result and the tenth calculation result to obtain the third element in the sixth array;

and determining a second target proof according to the first element in the sixth array, the second element in the sixth array and the third element in the sixth array.

Wherein the second target proof appears as a sixth array.

The apparatus shown in fig. 5 may perform the method of the embodiment shown in fig. 1 to 3, and reference is made to the relevant description of the embodiment shown in fig. 1 to 3 for parts of this embodiment which are not described in detail. The implementation process and technical effects of this technical solution are described in the embodiments shown in fig. 1 to 3, and are not described herein.

The internal functions and structures of the data-holding proving apparatus are described above, and in one possible design, the structure of the data-holding proving apparatus may be implemented as an electronic device, as shown in fig. 6, which may include: a processor 21 and a memory 22. Wherein the memory 22 is for storing a program for supporting the electronic device to perform the method of proving data holding provided in the embodiments shown in fig. 1 to 3 described above, the processor 21 is configured for executing the program stored in the memory 22.

The program comprises one or more computer instructions which, when executed by the processor 21, are capable of carrying out the steps of:

acquiring target data to be protected;

sending the first target certification to the other certifiers to generate a second target certification by the other certifiers according to the first target certification and the alternative data to be protected, wherein the target data to be protected and the alternative data to be protected form original data to be protected;

Optionally, the processor 21 is further configured to perform all or part of the steps in the embodiments shown in fig. 1 to 3.

The structure of the electronic device may further include a communication interface 23, for the electronic device to communicate with other devices or a communication network.

In addition, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for use in the above-described electronic device, which includes a program for executing the method for proving data holding in the embodiment of the method shown in fig. 1 to 3.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A proving method of data holding based on zero-knowledge succinct non-interactive knowledge proving, which is characterized in that the proving method is applied to a target proving party and comprises the following steps:

acquiring target data to be protected;

generating a first target certificate according to a key negotiation result held by the target proving party and the target data to be protected, wherein the first target certificate reflects the target data to be protected to be stored in the target proving party, the key negotiation result is obtained by the target proving party and other proving parties through a key negotiation algorithm, and the key negotiation result comprises a first result and a second result;

the second target certification reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target certification party and the other certification party, and the other certification party is at least one;

the original data to be protected is represented as a first array, the target data to be protected is represented as a second array, the alternative data to be protected is represented as a third array, the first array is equal to a first calculation result and a remainder result of a preset prime number, the first calculation result is represented as a fourth array, elements in the fourth array comprise the sum of elements in the same position in the second array and the third array, and the number of elements from the first array to the fourth array is the same;

wherein the first target proof appears as a fifth array comprising three elements and the second target proof appears as a sixth array comprising three elements;

Wherein the generating, by the other proving party, a second target proving according to the first target proving and the alternative data to be protected, includes:

determining a dot product result of a second inner product result and a first generating element as a fifth calculation result, wherein the second inner product result comprises an inner product result between the alternative data to be protected and a corresponding element in a first weight parameter, the first generating element is a point on an elliptic curve, and the first weight parameter is expressed as an array;

determining a third inner product result and a dot product result of a second generator as a sixth calculation result, wherein the third inner product result comprises inner product results between the alternative data to be protected and corresponding elements in a third weight parameter, the second generator is a point on an elliptic curve, and the third weight parameter is expressed as an array;

dividing a fourth inner product result and a second random parameter to obtain a seventh calculation result, wherein the fourth inner product result comprises an inner product result between a second calculation result and a corresponding element in the alternative data to be protected, the second calculation result is a result obtained by adding a product result between a third random parameter and the first weight parameter, a product result between the first random parameter and the third weight parameter and a fifth weight parameter, and the fifth weight parameter is expressed as an array;

and performing a dot-adding operation on the third element in the fifth array, the eighth calculation result, the ninth calculation result and the tenth calculation result to obtain the third element in the sixth array.

2. The method of claim 1, wherein the generating a first target attestation based on the key agreement result held by the target attestation party and the target data to be protected comprises:

performing addition operation on an inner product result between the target data to be protected and a corresponding element in the first weight parameter, an inner product result between the first random parameter, the published data and a corresponding element in a second weight parameter, and a product result between the second random parameter and the first result to obtain a first intermediate element, wherein the second weight parameter is expressed as an array;

Performing addition operation on the inner product result between the target data to be protected and the corresponding element in the third weight parameter, the inner product result between the third random parameter, the published data and the corresponding element in the fourth weight parameter and the product result between the second random parameter and the second result to obtain a second intermediate element, wherein the fourth weight parameter is expressed as an array;

Determining the dot product result of the first intermediate element and the first generator as a first element in the fifth array;

determining the dot product result of the second intermediate element and the second generator as a second element in the fifth array;

and determining the dot product result of the third intermediate element and the first generator as a third element in the fifth array.

3. A data-holding zero-knowledge succinct non-interactive knowledge proof-based certification system, the system comprising: a target proving party and other proving parties, the other proving party being at least one;

the target proving party is used for acquiring target data to be protected; generating a first target certificate according to a key negotiation result held by the target proving party and the target data to be protected, wherein the first target certificate reflects that the target data to be protected is stored in the target proving party, the key negotiation result is obtained by the target proving party and the other proving parties through a key negotiation algorithm, and the key negotiation result comprises a first result and a second result; transmitting the first target attestation to the other attestation party;

The other proving party is used for generating a second target proving according to the first target proving and the alternative data to be protected, and the target data to be protected and the alternative data to be protected form original data to be protected; the second target certification reflects that the target data to be protected and the alternative data to be protected are respectively stored in the target certification party and the other certification parties;

wherein the other proving party is configured to generate the second target proof in the following manner:

4. A system according to claim 3, wherein the target proving party is configured to perform an addition operation on an inner product result between the target data to be protected and a corresponding element in the first weight parameter, an inner product result between the first random parameter, the published data and a corresponding element in a second weight parameter, and a product result between the second random parameter and the first result, so as to obtain a first intermediate element, and the second weight parameter is represented as an array;

5. An electronic device, comprising: a memory, a processor; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the data-holding, zero-knowledge succinct non-interactive knowledge proof-of-proof method of any of claims 1 to 2.

6. A non-transitory machine-readable storage medium having executable code stored thereon, which when executed by a processor of an electronic device, causes the processor to perform the data-holding zero-knowledge succinct non-interactive proof of knowledge method of any of claims 1 to 2.