CN116980117A - Secure multi-party computing collusion attack resisting method based on alliance chain - Google Patents
Secure multi-party computing collusion attack resisting method based on alliance chain Download PDFInfo
- Publication number
- CN116980117A CN116980117A CN202310591350.9A CN202310591350A CN116980117A CN 116980117 A CN116980117 A CN 116980117A CN 202310591350 A CN202310591350 A CN 202310591350A CN 116980117 A CN116980117 A CN 116980117A
- Authority
- CN
- China
- Prior art keywords
- computing
- participant
- data
- intelligent contract
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004364 calculation method Methods 0.000 claims abstract description 89
- 239000012634 fragment Substances 0.000 claims abstract description 86
- 238000012795 verification Methods 0.000 claims abstract description 22
- 238000009826 distribution Methods 0.000 claims abstract description 9
- 238000007781 pre-processing Methods 0.000 claims abstract description 3
- 238000003860 storage Methods 0.000 claims description 7
- 239000003999 initiator Substances 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 9
- 238000009825 accumulation Methods 0.000 description 4
- 239000000654 additive Substances 0.000 description 3
- 230000000996 additive effect Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000000452 restraining effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to a secure multi-party computing collusion attack resisting method based on a alliance chain, and belongs to the technical field of information security. The method comprises the following steps: defining a alliance chain network, a data owner, a task demand party, a computing participant and an intelligent contract; computing participant registration and initialization; the task demand side calls an intelligent contract to issue a computing task; the intelligent contract completes the node selection of the computing participant according to the computing task information; the selected computing participant generates pre-processing data; the data owner utilizes the addition secret sharing to divide private data and completes the distribution of data fragments; the computing participant acquires the encrypted data fragments, the blinding factors and the promise values from the alliance chain, verifies the validity of the data fragments, computes the data fragments according to the computing function, and calls the intelligent contract to submit and output the result fragments for verification; the task demand party reconstructs the calculation result. The invention effectively solves the problem of collusion attack in secure multiparty computation.
Description
Technical Field
The invention relates to a secure multi-party computing collusion attack resisting method based on a alliance chain, and belongs to the technical field of information security.
Background
In the big data age, the digitalization and informatization degree of daily production and life are continuously improved, data circulation becomes more frequent, and the demands of people on privacy protection are increasing. Data circulation sharing is an important way to fully utilize the data value, and is an important factor to determine the development of digital economy, but the data security and privacy in the circulation process face challenges, so that the cooperation of data of multiple parties is blocked, and the data island phenomenon is formed. In order to break the data islanding phenomenon, an important technology of privacy calculation, namely a calculation theory and a method for protecting the whole life cycle of privacy information, is developed.
In the privacy computing technology, secure multiparty computing is a technical means for realizing data collaborative computing through a cryptography technology, and is commonly used for solving the problem of privacy collaborative computing among mutually untrusted participants in a distributed network. However, in the conventional secure multiparty computing scheme, the computing transparency is poor, and there is a problem in that a plurality of participants collude with each other, resulting in leakage of private data. Currently, a blockchain technology based on a distributed architecture is one of main technologies for solving the problems of poor computing transparency and privacy disclosure existing in the traditional secure multiparty computing. The blockchain technology is also called as a distributed ledger wall technology, and the characteristics of decentralization, tamper resistance and public transparency provide a safe and reliable execution environment for safe multiparty computation. The technical characteristics of the blockchain and the intelligent contract can ensure the transparency and verifiability of the calculation process, thereby effectively restraining the wrought behaviors of the participants.
Despite the great development and advancement of secure multiparty computing technology, there is still a problem with collusion attacks. By collusion attack is meant that malicious participants collude to reconstruct secret parameters, thereby masquerading as network attacks by normal/benign participants.
Disclosure of Invention
Aiming at the problem of collusion attack existing in the secure multiparty computing technology, the invention provides a secure multiparty computing collusion attack resisting method based on a alliance chain, which is used for improving the computing transparency, realizing the verifiability of computing and further restraining the wrought behaviors of participants.
In order to achieve the above purpose, the present invention adopts the following technical scheme.
First, description will be made of the definition of the correlation:
definition 1: the alliance chain network is a blockchain network formed by participant nodes calculated by secure multiparty, and endorsement nodes in the network execute intelligent contracts;
definition 2: the data owner refers to a private data holder calculated by the secure multiparty, the calculation capacity is weak, and the user groups are not trusted;
definition 3: the task demand party refers to an initiator of a secure multiparty computing task, and is also a private data holder, so that the computing capacity is weak;
definition 4: the computing party refers to a computing party for secure multiparty computing, has computing resources and is a node in a alliance chain network;
definition 5: the intelligent contract is a computer protocol loaded with calculation tasks, node score maintenance, verifiable random function verification and secure multi-party calculation result verification, and has the characteristics of decentralization, disclosure and transparency, and is executed by endorsement nodes in a network.
The invention discloses a secure multi-party computing collusion attack resisting method based on a alliance chain, which comprises the following steps:
step 1, calculating the registration and initialization of the participants, and specifically, the method comprises the following steps:
step 1.1: the computing participant generates a public key and a private key of the computing participant locally, invokes the intelligent contract to upload the public key to the alliance chain for storage, and completes the registration of the computing participant, wherein the computing participant generates the public key and the private key of the computing participant locally, and the computing participant can be realized by using an RSA key generation method.
Step 1.2: the smart contract then initializes the node scores of the registered computing participants to the same default value.
Step 2, the task demand party calls the intelligent contract to issue the calculation task, and specifically, the method comprises the following steps:
step 2.1: the task demand party and the data owner party negotiate a calculation task together, wherein the calculation task comprises a calculation function, the number of calculation participants, promised value parameter information and a public key of the task demand party.
Step 2.2: and then the task demand party calls an intelligent contract interface to upload the calculation task information so as to finish the issuing of the calculation task.
Step 3: after the computation task is released, the intelligent contract completes the node selection of the computation participant according to the computation task information, and specifically, the intelligent contract comprises the following steps:
step 3.1: the computing party takes a public seed and a private key of the computing party as input of a verifiable random function locally to generate a random number and a proof, wherein the public seed is a hash value of a latest block in a alliance chain.
Step 3.2: the computing party converts the generated random number into a fraction between 0 and 1.
Step 3.3: the computing party invokes the intelligent contract to calculate to obtain own weight score, wherein the weight score is calculated based on the node score of the computing party.
Step 3.4: and the computing participant completes drawing locally based on a cryptographic drawing algorithm to obtain a drawing result.
Step 3.5: the computing party invokes the intelligent contract to upload the drawing result, the random number and the proof, and the intelligent contract completes verification of the drawing result.
Step 3.6: after the intelligent contract verifies and completes the drawing results of all the calculation participants, selecting the participants corresponding to the first t largest drawing results as the selected calculation participants, wherein t is the number of the calculation participants of the calculation task.
Step 4: the selected computing participant generates pre-processed data, comprising, in particular, the steps of:
step 4.1: and (3) locally running a multiplication triplet generation algorithm of the SPDZ scheme by the calculation party to generate a multiplication triplet fragment.
Step 4.2: and calculating a randomly selected blinding factor of the participator, and generating a Pedersen promise value of the multiplication triplet fragment.
Step 4.3: the computing party invokes the intelligent contract, and uploads the blinding factor and the petersen commitment value to the federation chain store.
Step 5: the data owner utilizes the addition secret sharing to divide private data and complete the distribution of data fragments, and specifically comprises the following steps of;
step 5.1: the data owner uses the addition secret sharing to divide private data into q data fragments, wherein q is the number of the data fragments of the current task, and q is equal to the number t of the computing participants of the current computing task in value.
Step 5.2: the data owner encrypts the data fragments using the public key of the corresponding computing party.
Step 5.3: the data owner randomly selects q blinding factors and calculates Pedersen commitment values of q data fragments respectively.
Step 5.4: and the data owner accumulates q blinding factors to obtain new blinding factors, and calculates Pedersen promise values of the private data according to the new blinding factors.
Step 5.5: and the data owner invokes the intelligent contract and uploads all commitments, blinding factors and encrypted data fragments to the alliance chain for storage.
Step 6: calculating a data fragment, a blinding factor and a promise value which are obtained by a participant from a alliance chain in an encrypted form, and verifying the validity of the data fragment, wherein the method specifically comprises the following steps of;
step 6.1: the computing party invokes the intelligent contract to obtain the encrypted form of the data fragments, the blinding factors and the commitment values from the federation chain.
Step 6.2: the computing participant decrypts the encrypted version of the data fragment using the private key to obtain the original data fragment.
Step 6.3: the computing participant opens the petersen commitment to verify the validity of the data fragments.
Step 7: the computing participant computes the data fragments according to a computing function, and specifically comprises the following steps of;
step 7.1: for addition in the computation function, the computation participant performs addition locally on the data slices.
Step 7.2: for the constant multiplication in the computation function, the computation participant performs the constant multiplication locally on the data slices.
Step 7.3: for multiplication in the calculation function, the calculation participant completes multiplication by means of the multiplication triplet fragment data generated in step 4.1.
Step 8: the computing party invokes the intelligent contract to submit the output result fragment for result verification, and specifically comprises the following steps:
step 8.1: and the computing party encrypts the output result fragments after the last round of computation by using the public key of the task demand party to obtain the output result fragments in the ciphertext state.
Step 8.2: the computing participant invokes the intelligent contract and submits the output result fragments in the ciphertext state.
Step 8.3: the intelligent contract obtains Pedersen commitment value information of the initial data slice from the blockchain.
Step 8.4: and the intelligent contract carries out the same operation on the Pedersen promise value information according to a calculation function in the calculation task to obtain the Pedersen promise value corresponding to the output result fragment.
Step 8.5: and (3) verifying whether the original output result fragments are matched with the Pedersen promise value calculated in the step (8.4) according to the output result fragments of the ciphertext state by the intelligent contract.
Step 8.6: the intelligent contract updates and calculates the node score of the participant according to the verification result.
Step 9: the task demand party obtains a calculation result, and specifically comprises the following steps of;
step 9.1: the task demand party calls the intelligent contract to acquire output result fragments of all ciphertext states from the blockchain after verification is passed.
Step 9.2: the task requester decrypts the output result fragments using the private key.
Step 9.3: the task demander uses the reconstruction algorithm of the addition secret sharing to reconstruct the calculation result.
Advantageous effects
Compared with the prior art, the method has the following beneficial effects:
1. the method has good collusion resistance, and concretely comprises the following steps: the data owner uses the additive secret sharing to divide private data into a plurality of data fragments and encrypts the different data fragments using public keys of different computing participants, each computing participant only having access to one of the data fragments. Furthermore, the additive secret sharing is a full threshold secret sharing scheme where only all computing parties are joined to recover the original data. Therefore, the method can effectively resist collusion attack of the participants.
2. The method has good transparency, and concretely comprises the following steps: after the calculation is completed, the intelligent contract is called to complete the calculation of the promise value and the verification of the output result fragments, and the transparency of the calculation is improved due to the fact that the intelligent contract is transparent.
3. The method has good verifiability, and concretely comprises the following steps: and generating a Pedersen commitment value of the initial data fragment, executing the same operation as the data fragment in the intelligent contract by utilizing the property of the addition homomorphism of the Pedersen commitment scheme to obtain the Pedersen commitment value corresponding to the output result fragment, and completing verification of the output result fragment in a secret state to prevent the output result from being leaked, so that the correctness of the output result can be verified finally.
Drawings
FIG. 1 is a schematic representation of the practice of the method of the present invention.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments of the present invention, and are not intended to limit the present invention. The symbols in the examples are described in table 1.
Examples
Referring to fig. 1 of the specification, this embodiment includes the following procedures:
step 1: each server P i (i=1, 2, …, n) completes registration and initialization, specifically comprising the following sub-steps:
step 1.1: each server P i (i=1, 2, …, n) locally generating itselfPublic key pk of (a) i And private key sk i Invoking the Smart contract to transfer the public Key pk i Uploading to a alliance chain for storage, and finishing the registration of the server;
step 1.2: the intelligent contract will register the server P i Node score R of (2) i Initialized to the same default value R init 。
Step 2: the terminal equipment calls the intelligent contract and issues the calculation task, and the specific implementation comprises the following sub-steps:
step 2.1: the terminal equipment negotiates a calculation task together, wherein the calculation task comprises a calculation function func, the number t of servers participating in calculation, promised value parameters G and H and a public key pk of the terminal equipment dev ;
Step 2.2: and the terminal equipment calls an intelligent contract interface, uploads the calculation task information and completes the issuing of the calculation task.
Step 3: after the calculation task is released, the intelligent contract completes the selection of the server node for calculating the calculation task according to the calculation task information, and the specific implementation comprises the following sub-steps:
step 3.1: each server P i (i=1, 2, …, n) locally taking a public seed, a private key sk of the public seed as input of a verifiable random function VRF, generating a random number value and a proof, value, proof=vrf (seed, sk), wherein the public seed is a hash value of the latest chunk in the coalition chain;
step 3.2: each server converts the generated random number value into a fraction s between 0 and 1, s=value/2 hashlen . Wherein hashlen is the bit length of the random number value;
step 3.3: each server calls intelligent contract to calculate weight score, and the calculation process is as follows Wherein c i For the server P i Node score, w i For the server P i Drawing weight scores for all serversTotal weight->
Step 3.4: each server completes drawing based on Algornd cryptography drawing algorithm locally to obtain drawing result j, specifically, server P is used i (i=1, 2, …, n) for example, the probability p=t/W of the bernoulli test is calculated first, where t is the number of servers involved in the calculation task and W is the total weight of all servers in step 3.3, after which the server P i Based on the weight value w by the probability p i Performing Bernoulli test, and when s obtained in the step 3.2 is greater than or equal to j times of binomial distribution accumulation probability and is smaller than j+1 times of binomial distribution accumulation probability, j is a drawing result of the server;
step 3.5: each server invokes the intelligent contract to upload the drawing result, the random number and the proof, and the intelligent contract completes the verification of the drawing result, in particular to verify the server P i As an example of a drawing result of (i=1, 2, …, n), first the smart contract verifies the server P based on a verifiable random function VRF i If the submitted random number is correct, if the verification fails, the server P i If the verification is successful, according to the server P i Node weight value w of (2) i The Bernoulli test is performed when the server P i The submitted converted random number s is larger than or equal to j ' binomial distribution accumulation probability, when the submitted converted random number s is smaller than j ' +1 binomial distribution accumulation probability, j ' is a drawing result obtained by intelligent contract calculation, and when j ' is the drawing result obtained by intelligent contract calculation, the drawing result is the drawing result obtained by intelligent contract calculation, and when j ' is the drawing result, the drawing result is the drawing result obtained by intelligent contract calculation i When the submitted drawing result j is equal, the drawing result is effective, otherwise, the drawing result is ineffective;
step 3.6: after the intelligent contract verifies the drawing results of all the servers, selecting the servers corresponding to the first t largest drawing results as the servers participating in the calculation task. Wherein t is the number of participating servers of the calculation task.
Step 4: the server selected in the step 3 generates preprocessing data, including multiplication triples and Pedersen commitments, and the specific implementation includes the following sub-steps:
step 4.1: the selected t servers locally run a multiplication triplet generation algorithm of the SPDZ scheme to generate multiplication triplet patches (a i ,b i ,c i ),i=1,2,…,t;
Step 4.2: the selected t servers randomly select a blinding factor r, and the Pedersen promise value of the multiplication triplet fragments is calculated, wherein the promise value calculation process is as follows: wherein, the liquid crystal display device comprises a liquid crystal display device,and->A is respectively a i 、b i And c i Pedersen commitment value of (2);
step 4.3: the selected t servers invoke the intelligent contract, uploading the blinding factors and the petersen commitment values in step 4.2 to the federation chain store.
Step 5: the terminal equipment utilizes the addition secret sharing to divide private data and completes the distribution of data fragments, and the specific implementation comprises the following sub-steps:
step 5.1: terminal equipment D i (i=1, 2, …, n) sharing private data x using an additive secret i (i=1, 2, …, n) divided into q data slices, denoted as { x }, respectively i1 ,x i2 ,…,x iq }. Wherein n is the number of terminal devices participating in the data distribution of the task, q is the number of data fragments of private data in the task, and q is equal to the number t of servers participating in the calculation task in value;
step 5.2: terminal equipment D i (i=1, 2, …, n) use of the corresponding calculation-participating server public key pk j (j=1, 2, …, t) encrypted data fragments { x } i1 ,x i2 ,…,x iq Obtaining encrypted data fragmentsValue of
Step 5.3: terminal equipment D i (i=1, 2, …, n) randomly selecting q blinding factors r ij (j=1, 2, …, q), the petersen commitment values for q data slices are calculated separately, and the commitment value calculation process is as follows: wherein (1)>For data slicing x ij Pedersen commitment value of (2);
step 5.4: terminal equipment D i (i=1, 2, …, n) accumulating q blinding factors to obtain a new blinding factorCalculating Pedersen promise value of private data according to the new blinding factor, and the promise value calculating process is as followsWherein (1)>As private data x i Pedersen commitment value of (2);
step 5.5: and the terminal equipment calls an intelligent contract and uploads the promised value, the blinding factor and the encrypted data fragments to the alliance chain for storage.
Step 6: server P participating in this calculation task j (j=1, 2, …, t) obtaining the encrypted form of the data fragments, the blinding factor and the commitment value from the coalition chain and verifying the validity of the data fragments, the specific implementation comprises the following sub-steps:
step 6.1: the server calls an intelligent contract to acquire data fragments, blinding factors and promise values in an encrypted form from a alliance chain;
step 6.2: the server decrypts the encrypted data fragments by using the private key to obtain the original data fragments;
step 6.3: server P j (j=1, 2, …, t) open petersen commitment, verify the validity of the data fragment, verify if the following equation holds: the establishment of the two equations indicates that the data slicing is valid.
Step 7: computing-involved server P j (j=1, 2, …, t) calculating the data fragments according to a calculation function, the specific implementation comprising the following sub-steps:
step 7.1: for x in the calculation function m +x n In the form of addition, the server performs an operation x locally on the data slice mj +x nj ,j=1,2,…,q;
Step 7.2: for v x in the calculation function m Form of constant multiplication, where the server performs the operation v x locally on the data slices mj ,j=1,2,…,q;
Step 7.3: for x in the calculation function m *x n The server completes multiplication operation by means of the multiplication triplet fragment data generated in the step 4.1, and the specific operation process is as follows: first, d is calculated j =x mj -a j J=1, 2, …, q and e j =x nj -b j J=1, 2, …, q, then according to the formulaAnd->Reconstructing d and e, and finally calculating c j +e*a j +d*b j +d*e,j=1,2,…,q;
Step 8: the server participating in the calculation calls the intelligent contract to submit the output result fragment for result verification, and the specific implementation comprises the following sub-steps:
step 8.1: the server participating in the calculation uses the public key of the terminal equipment to encrypt the output result fragment y after the last round of calculation j (j=1, 2, …, q) to obtain output result fragments of ciphertext stateSpecifically, the output result is first fragmented y j Splitting 16 bits into 8 groups, i.e. y j =v 0 +v 1 *2 16 +…+v 7 *2 112 Wherein v is 0 ,v 1 ,…,v 7 For outputting 8 values after the result is fragmented and split, then randomly selecting a random number l 1 ,l 2 ,…,l 7 Let l 0 =r-(l 1 *2 16 +l 2 *2 32 +…+l 7 *2 112 ) Wherein r is a blinding factor corresponding to Pedersen promise value of output result fragments, l 0 ,l 1 ,…,l 7 For 8 random values selected in the Lifted ElGamal encryption scheme, use the random number l 0 ,l 1 ,…,l 7 And the public key pk of the terminal device dev Respectively Lifted ElGamal encryption v 0 ,v 1 ,…,v 7 Obtaining output result fragments y j Ciphertext of (2)
Step 8.2: the server participating in calculation calls the intelligent contract and submits the output result fragment of the ciphertext state
Step 8.3: the intelligent contract obtains promise value data of the initial data fragment from the alliance chain;
step 8.4: the intelligent contract performs the same operation on the promise value data according to the calculation function in the calculation taskObtain Pedersen promise value Comm (y) j R), in particular, in data x for addition operations m +x n For example, the commitment value is calculated:for multiplication operations, data x m *x n For example, the commitment value is calculated: /> In addition, intermediate values d and e during the multiplication process need to be verified: />Andfinally, the Pedersen promise value Comm (y) corresponding to the output result fragment is obtained j ,r);
Step 8.5: intelligent contract is fragmented according to output results of ciphertext statesVerifying whether the original output result fragments match the petersen commitment value, specifically, verifying whether the following formula holds:if yes, verifying to be effective, otherwise, verifying to be ineffective;
step 8.6: the intelligent contract updates node scores of the servers based on whether the verification result is valid, specifically, server node scores For the server P i Total number of calculation tasks performed honest, +.>For the server P i The total number of calculation tasks with malicious behaviors is calculated if the server P i Failure of verification of the results of the submission, which +.>Value increases, trust score R i And (3) lowering. If the server P i The submitted result verifies that it is valid, then +.>Value increases, trust score R i Improving the quality.
Step 9: the terminal equipment obtains the calculation result, and the specific implementation comprises the following substeps:
step 9.1: the terminal device calls the intelligent contract to acquire output result fragments of all ciphertext states from the alliance chain after verification is passed
Step 9.2: the terminal device uses the private key sk dev Output result slicing for decrypting ciphertext state Obtaining the original output result fragment y j (j=1,2,…,q);
Step 9.3: the terminal equipment uses the reconstruction algorithm of the addition secret sharing to reconstruct the calculation result
Table 1 description of characters in this embodiment
The foregoing is a preferred embodiment of the present invention, and the present invention should not be limited to the embodiment and the disclosure of the drawings. All equivalents and modifications that come within the spirit of the disclosure are desired to be protected.
Claims (11)
1. A secure multi-party computing collusion attack defending method based on a alliance chain is characterized in that: the method comprises the following steps: s0, defining a alliance chain network, a data owner, a task demand party, a calculation participant and an intelligent contract; s1, calculating the registration and initialization of a participant; s2, the task demand party calls the intelligent contract to issue the calculation task; s3, the intelligent contract completes the node selection of the computing participant according to the computing task information; s4, the selected computing participant generates preprocessing data; s5, the data owner utilizes the addition secret sharing to divide private data and completes the distribution of data fragments; s6, the computing participant acquires the encrypted data fragments, the blinding factors and the promise values from the alliance chain, and verifies the validity of the data fragments; s7, the calculation participant calculates the data fragments according to a calculation function, wherein the calculation function is contained in the calculation task; s8, the computing party invokes the intelligent contract to submit and output the result fragment for result verification; and S9, the task demand party uses a reconstruction algorithm of the addition secret sharing to reconstruct a calculation result.
2. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 1, wherein: in the step S0, the alliance chain network refers to a blockchain network formed by participant nodes calculated by secure multiparty, wherein the blockchain network contains endorsement nodes; the data owner refers to a private data holder calculated by the secure multiparty; the task demand party refers to an initiator of a secure multiparty computing task and is also a private data holder; the computing participant is a computing participant for secure multiparty computing, has computing resources and is a node in a alliance chain network; the intelligent contract refers to a computer protocol loaded with computing tasks, node score maintenance, verifiable random function verification and secure multi-party computing result verification, and is executed by endorsement nodes in the alliance network.
3. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S1 includes:
s1.1: the computing participant generates a public key and a private key of the computing participant locally, invokes an intelligent contract to upload the public key to a alliance chain for storage, and completes the registration of the computing participant, wherein the computing participant generates the public key and the private key of the computing participant locally, and the computing participant can be realized by using an RSA key generation method;
s1.2: the intelligent contract initializes the node score of the registered computing participant to the same default value.
4. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S2 includes:
s2.1: the task demander and the data owner jointly negotiate a calculation task, wherein the calculation task comprises the calculation function, the number of calculation participants, promised value parameter information and a public key of the task demander;
s2.2: and the task demand party calls an intelligent contract interface, uploads the calculation task information and completes the issuing of the calculation task.
5. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S3 includes:
s3.1: the computing participant takes a public seed and a private key of the computing participant as inputs of a verifiable random function locally to generate a random number and a proof, wherein the public seed is a hash value of a latest block in a alliance chain;
s3.2: the computing participant converts the generated random number into a decimal between 0 and 1;
s3.3: the computing participant invokes the intelligent contract to calculate to obtain own weight score, and the weight score is calculated based on the node score of the computing participant;
s3.4: the computing participant completes drawing on the local basis of a cryptographic drawing algorithm to obtain a drawing result;
s3.5: the computing participant invokes an intelligent contract to upload a drawing result, a random number and a proof, and the intelligent contract completes verification of the drawing result;
s3.6: after the intelligent contract verifies the drawing results of all the calculation participants, selecting the participants corresponding to the first t largest drawing results as the selected calculation participants, wherein t is the number of the calculation participants of the calculation task.
6. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S4 includes:
s4.1: the computing participant locally runs a multiplication triplet generation algorithm of the SPDZ scheme to generate a multiplication triplet slice;
s4.2: the computing participant randomly selects a blinding factor, and calculates and generates a Pedersen promise value of the multiplication triplet fragment;
s4.3: and the computing participant invokes the intelligent contract and uploads the blinding factor and the Pedersen promise value to the alliance chain storage.
7. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S5 includes:
s5.1: the data owner uses addition secret sharing to divide private data into q data fragments, wherein q is the number of the data fragments of the current task, and q is equal to the number t of the calculation participants of the current calculation task in value;
s5.2: the data owner encrypts the data fragments by using the public key of the corresponding computing participant;
s5.3: the data owner randomly selects q blinding factors and calculates Pedersen promise values of q data fragments respectively;
s5.4: the data owner accumulates q blinding factors to obtain new blinding factors, and calculates Pedersen promise values of private data according to the new blinding factors;
s5.5: and the data owner invokes the intelligent contract and uploads all commitments, blinding factors and encrypted data fragments to the alliance chain for storage.
8. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S6 includes:
s6.1: the computing participant invokes an intelligent contract to acquire data fragments, blinding factors and promise values in an encrypted form from a alliance chain;
s6.2: the computing participant uses the private key to decrypt the encrypted data fragments, so as to obtain the original data fragments;
s6.3: the computing participant opens the petersen commitment to verify the validity of the data fragments.
9. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S7 includes:
s7.1: for addition in a computing function, the computing participant performs addition locally on the data slices;
s7.2: for constant multiplication in a computing function, the computing participant performs the constant multiplication locally on the data slices;
s7.3: for the multiplication in the calculation function, the calculation participant performs the multiplication by means of the multiplication triplet slice data generated in the step S4.1.
10. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S8 includes:
s8.1: the computing participant encrypts the output result fragments after the last round of computation by using the public key of the task demand side to obtain the output result fragments in the ciphertext state;
s8.2: the computing participant calls an intelligent contract and submits output result fragments in a ciphertext state;
s8.3: the intelligent contract obtains Pedersen commitment value information of the initial data fragment from the blockchain;
s8.4: the intelligent contract carries out the same operation on the Pedersen promise value information according to a calculation function in a calculation task to obtain the Pedersen promise value corresponding to the output result fragment;
s8.5: the intelligent contract verifies whether the original output result fragments are matched with the Pedersen promise value obtained by calculation in the step 8.4 according to the output result fragments of the ciphertext state;
s8.6: and the intelligent contract updates and calculates the node score of the participant according to the verification result.
11. The secure multi-party computing collusion attack resistant method based on federation chain according to claim 2, wherein: the step S9 includes:
s9.1: the task demand party invokes an intelligent contract to acquire output result fragments of all ciphertext states from the blockchain after verification is passed;
s9.2: the task requiring party decrypts the output result fragments by using the private key;
s9.3: and the task demander uses a reconstruction algorithm of the addition secret sharing to reconstruct a calculation result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310591350.9A CN116980117A (en) | 2023-05-24 | 2023-05-24 | Secure multi-party computing collusion attack resisting method based on alliance chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310591350.9A CN116980117A (en) | 2023-05-24 | 2023-05-24 | Secure multi-party computing collusion attack resisting method based on alliance chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116980117A true CN116980117A (en) | 2023-10-31 |
Family
ID=88473826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310591350.9A Pending CN116980117A (en) | 2023-05-24 | 2023-05-24 | Secure multi-party computing collusion attack resisting method based on alliance chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980117A (en) |
-
2023
- 2023-05-24 CN CN202310591350.9A patent/CN116980117A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Authenticated garbling and efficient maliciously secure two-party computation | |
| CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| Miao et al. | Secure multi-server-aided data deduplication in cloud computing | |
| CN109495465B (en) | Privacy set intersection method based on intelligent contracts | |
| Chang et al. | A communication-efficient three-party password authenticated key exchange protocol | |
| Wang et al. | Certificateless public auditing for data integrity in the cloud | |
| CN112106322A (en) | Password-based threshold token generation | |
| Alawatugoda et al. | Modelling after-the-fact leakage for key exchange | |
| CN103563288B (en) | Single-round password-based key exchange protocols | |
| JP2016526342A (en) | Multifactor zero-knowledge authentication using pairing | |
| CN105187425B (en) | Facing cloud calculus communication system safety without certificate thresholding decryption method | |
| US10050789B2 (en) | Kerberos preauthentication with J-PAKE | |
| Ni et al. | Strongly secure identity-based authenticated key agreement protocols without bilinear pairings | |
| Liu et al. | Attacks to some verifiable multi-secret sharing schemes and two improved schemes | |
| CN112417489B (en) | Digital signature generation method and device and server | |
| CN114124371A (en) | Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security | |
| Xu et al. | FPGA based blockchain system for industrial IoT | |
| Ruan et al. | Provably leakage-resilient password-based authenticated key exchange in the standard model | |
| Li et al. | Recoverable private key scheme for consortium blockchain based on verifiable secret sharing | |
| CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
| Li et al. | A forward-secure certificate-based signature scheme | |
| Eslami et al. | Provably Secure Group Key Exchange Protocol in the Presence of Dishonest Insiders. | |
| CN116980117A (en) | Secure multi-party computing collusion attack resisting method based on alliance chain | |
| Yang et al. | Security enhancement for protecting password transmission | |
| CN113541963A (en) | TEE-based extensible secure multi-party computing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |