CN117176335B - Data tracking method based on alliance chain and related equipment - Google Patents
Data tracking method based on alliance chain and related equipment Download PDFInfo
- Publication number
- CN117176335B CN117176335B CN202310878963.0A CN202310878963A CN117176335B CN 117176335 B CN117176335 B CN 117176335B CN 202310878963 A CN202310878963 A CN 202310878963A CN 117176335 B CN117176335 B CN 117176335B
- Authority
- CN
- China
- Prior art keywords
- configuration
- data
- ciphertext
- target
- data configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 230000002159 abnormal effect Effects 0.000 claims abstract description 98
- 239000012634 fragment Substances 0.000 claims abstract description 76
- 230000004044 response Effects 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 24
- 230000003993 interaction Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 22
- 238000004891 communication Methods 0.000 description 18
- 239000004576 sand Substances 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000002674 ointment Substances 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application provides a data tracking method and related equipment based on a alliance chain, which are used for determining a target allocation identifier, determining a target allocation ciphertext based on configuration ciphertexts of a plurality of data allocation ends corresponding to the target allocation identifier, generating a data allocation result, receiving the Shamir secret sharing fragments of the target data allocation end transmitted by any data allocation end, determining the target data allocation end as an abnormal data allocation end when the counted number of the Shamir secret sharing fragments is greater than or equal to a preset threshold value, acquiring and transmitting account information of the abnormal data allocation end to the data allocation ends except the abnormal data allocation end in the plurality of data allocation ends through a secret reconstruction algorithm based on each Shamir secret sharing fragment, and the data allocation end corresponding to the target allocation identifier, and avoiding the influence of the abnormal data allocation end on the data allocation process in a mode of reconstructing and exposing the account information of the abnormal data allocation end, so that the accuracy of the data allocation process can be ensured.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a data tracking method and related device based on a coalition chain.
Background
In the process of configuring data of a data distribution terminal to a data configuration terminal, how to ensure accuracy becomes an important problem.
However, in many existing data configuration processes, an abnormal data configuration end cannot be tracked, which affects the accuracy of the data configuration process.
Disclosure of Invention
In view of the foregoing, an objective of the present application is to provide a data tracking method and related device based on a federated chain, so as to solve the above-mentioned technical problems.
With the above object in view, a first aspect of the present application provides a data tracking method based on a federation chain, which is applied to a server, where the server is provided with the federation chain, and the method includes:
determining a target allocation identifier;
acquiring configuration ciphertexts of a plurality of data configuration ends corresponding to the target allocation identifier, determining a target configuration ciphertext based on the configuration ciphertexts of the data configuration ends, and generating a data configuration result;
receiving a sal secret sharing fragment of a target data configuration end sent by any data configuration end, counting the number of the sal secret sharing fragments, and determining the target data configuration end as an abnormal data configuration end when the number of the sal secret sharing fragments is greater than or equal to a preset threshold, wherein the target data configuration end is at least one of the plurality of data configuration ends;
Obtaining account information of an abnormal data configuration end based on each Shamir secret sharing fragment through a secret reconstruction algorithm, and sending the account information of the abnormal data configuration end to data configuration ends except the abnormal data configuration end in a plurality of data configuration ends and a data distribution end corresponding to the target distribution identification.
Optionally, the determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end includes:
in response to determining that the data allocation type corresponding to the target allocation identifier is the first type, comparing configuration ciphertext except the configuration ciphertext of the current data configuration end, and determining the current highest configuration ciphertext;
comparing the configuration ciphertext of the current data configuration end with the current highest configuration ciphertext to obtain a first comparison result;
in response to determining that the first comparison result is that the configuration ciphertext of the current data configuration end is larger than the current highest configuration ciphertext, determining that the data configuration of the current data configuration end is successful, and taking the configuration ciphertext of the current data configuration end as a target configuration ciphertext; or,
and determining that the data configuration of the current data configuration end fails in response to the fact that the first comparison result is that the configuration ciphertext of the current data configuration end is smaller than or equal to the current highest configuration ciphertext.
Optionally, the determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end includes:
responding to the determination that the data distribution type corresponding to the target distribution identification is the second type, and acquiring a configuration ciphertext of the data distribution end;
comparing the configuration ciphertext of each data configuration end with the configuration ciphertext of the data distribution end respectively to obtain a plurality of second comparison results;
responding to the fact that a second comparison result is that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, and taking the configuration ciphertext of the data configuration end as a target configuration ciphertext; or,
in response to determining that at least two second comparison results are that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, acquiring new configuration ciphertext of the data configuration end corresponding to the at least two second comparison results;
and selecting the highest new configuration ciphertext from the new configuration ciphertext of the data configuration end corresponding to at least two second comparison results as a target configuration ciphertext.
Optionally, before determining the target allocation identity, the method further comprises:
acquiring account information of a data distribution end in response to determining that a data distribution request is received;
Determining whether account information identical to the account information of the data distribution end exists in a pre-stored abnormal data configuration end account information database;
when the account information which is the same as the account information of the data distribution end exists, the verification fails, and the data distribution request is refused;
when the account information which is the same as the account information of the data distribution end does not exist, the verification is successful, the data distribution information is received through the data distribution request, and a data distribution identifier is generated, wherein the data distribution information comprises at least one of the following components: data allocation type, data allocation start time, data allocation end time, and initial configuration ciphertext.
Optionally, before acquiring configuration ciphertexts of a plurality of data configuration ends corresponding to the target allocation identifier, the method further includes:
acquiring account information of a data configuration end in response to determining that the data configuration request of the target allocation identifier is received;
determining whether account information identical to the data configuration side account information exists in a prestored abnormal data configuration side account information database;
when the account information which is the same as the account information of the data configuration end exists, the verification fails, and the data configuration request is refused;
And when the account information which is the same as the account information of the data configuration end does not exist, the verification is successful, and the data configuration request is passed.
Optionally, after determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end and generating the data configuration result, the method further includes:
and verifying the target configuration ciphertext and determining whether the target configuration ciphertext is valid or not.
Optionally, the verifying the target configuration ciphertext, determining whether the target configuration ciphertext is valid, includes:
acquiring a public key of a data distribution terminal and a private key of a data configuration terminal;
encrypting configuration plaintext of a data configuration end corresponding to the target configuration ciphertext by using the public key of the data distribution end to obtain a first encryption configuration;
decrypting the first encryption configuration by using the private key of the data distribution terminal to obtain a first configuration plaintext;
encrypting the first configuration plaintext by the order-preserving encryption algorithm to obtain a second encryption configuration;
comparing the second encryption configuration with the stored highest configuration ciphertext corresponding to the target allocation identifier;
if the second encryption configuration is the same as the highest configuration ciphertext, determining that the target configuration ciphertext is valid; or,
And if the second encryption configuration is not the same as the highest configuration ciphertext, determining that the target configuration ciphertext is invalid.
Optionally, the verifying the target configuration ciphertext, determining whether the target configuration ciphertext is valid, includes:
obtaining a public key of a data configuration end corresponding to the target configuration ciphertext, a private key of the data configuration end corresponding to the target configuration ciphertext, and a data distribution end configuration plaintext;
encrypting the configuration plaintext of the data distribution end by using the public key of the data configuration end to obtain a third encryption configuration;
decrypting the third encryption configuration by using the private key of the data configuration end to obtain a second configuration plaintext;
encrypting the second configuration plaintext by the order-preserving encryption algorithm to obtain a fourth encryption configuration;
comparing the fourth encryption configuration with the stored data distribution end configuration ciphertext;
if the fourth encryption configuration is the same as the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is valid; or,
and if the fourth encryption configuration is different from the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is invalid.
Optionally, the obtaining the account information of the abnormal data configuration end based on each samier secret sharing fragment through a secret reconstruction algorithm includes:
constructing a plurality of polynomials based on the respective samil secret sharing fragments and the preset threshold;
solving the polynomials to obtain the serial numbers of the abnormal data configuration end, and obtaining the account information of the abnormal data configuration end based on the serial numbers.
A second aspect of the present application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of the first aspect when executing the program.
As can be seen from the above description, the data tracking method and the related device based on the alliance chain provided by the application determine the target allocation identifier, obtain the configuration ciphertext of the plurality of data configuration ends corresponding to the target allocation identifier, determine the target configuration ciphertext based on the configuration ciphertext of each data configuration end, generate a data configuration result, receive the samell secret sharing fragments of the target data configuration end sent by any data configuration end, and count the number of samell secret sharing fragments, when the number of samell secret sharing fragments is greater than or equal to the preset threshold, determine that the target data configuration end is an abnormal data configuration end, achieve the effect of being able to track out the abnormal data configuration end, obtain account information of the abnormal data configuration end based on each samell secret sharing fragment through a secret reconstruction algorithm, achieve the effect of being able to restore account information of the abnormal data configuration end, then send account information of the abnormal data configuration end to the data configuration end except the abnormal data configuration end in the plurality of data configuration ends, and the data allocation end corresponding to the target allocation identifier, and guarantee that the data configuration end is able to be able to accurately configure data by reconstructing and exposing the abnormal data configuration end account information, thereby avoiding the influence on the data configuration process.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a flowchart of a federated chain-based data tracking method in accordance with an embodiment of the present application;
FIG. 2A is a schematic diagram of generating a salmeter secret sharing shard according to an embodiment of the present application;
fig. 2B is a schematic diagram of reconstructing account information at an abnormal data configuration end based on a samier secret sharing shard according to an embodiment of the present application;
FIG. 2C is a schematic diagram of a processing procedure for federated chain-based data tracking in accordance with an embodiment of the present application;
FIG. 3 is a block diagram of a federated chain-based data tracking apparatus in accordance with an embodiment of the present application;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In the related art, how to ensure accuracy in the process of configuring data from a data distribution end to a data configuration end becomes an important issue.
However, in many existing data configuration processes, an abnormal data configuration end cannot be tracked, which affects the accuracy of the data configuration process.
The embodiment of the application provides a data tracking method based on a alliance chain, which is applied to a server, wherein the alliance chain is arranged in the server, and the influence of an abnormal data configuration end on a data configuration process is avoided by reconstructing and exposing account information of the abnormal data configuration end, so that the accuracy of the data configuration process can be ensured.
A federated chain is one type of blockchain, which is a chain of blocks one after the other. Each block holds certain information which is linked in a chain according to the time sequence of their respective generation. This chain is kept in all servers, and the entire blockchain is secure as long as one server in the entire system can work. These servers, referred to as nodes in the blockchain system, provide storage space and computational support for the entire blockchain system.
The data tracking method based on the alliance chain can be applied to the alliance chain, the alliance chain is an alliance network interaction link formed by a server and terminal equipment communicated with the server, and the node formed by the alliance chain can be a base station, cloud servers for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, basic cloud computing services such as big data and an artificial intelligent platform, and terminals can be mobile phones, tablet computers, intelligent watches and computers.
For example, determining a target allocation identifier of communication data to be transmitted by a base station (i.e., a data allocation end), acquiring configuration ciphertexts of a plurality of terminal devices (i.e., data configuration ends) corresponding to the target allocation identifier, determining a target configuration ciphertexts based on the configuration ciphertexts of the plurality of terminal devices, generating a data configuration result, and determining the terminal device to which the base station is to transmit the communication data corresponding to the target allocation identifier according to the data configuration result.
And receiving the Shamir secret sharing fragments of the target terminal equipment (namely the target configuration end) sent by the terminal equipment, counting the number of the Shamir secret sharing fragments, and determining that the target terminal equipment is abnormal terminal equipment (namely the abnormal data configuration end) when the number of the Shamir secret sharing fragments is greater than or equal to a preset threshold value.
Obtaining abnormal terminal equipment information (namely account information of an abnormal data configuration end) based on each sand secret sharing fragment through a secret reconstruction algorithm, sending the abnormal terminal equipment information to terminal equipment (namely a data configuration end) except for the abnormal terminal equipment in a plurality of terminal equipment, and a base station (namely a data distribution end) corresponding to a target distribution identification, and avoiding the influence of the abnormal terminal equipment on the communication data transmission process of the base station by reconstructing and exposing the abnormal terminal equipment information, so that reasonable and effective communication data transmission of the base station can be realized, and the accuracy of the communication data transmission process of the base station can be further ensured.
Wherein the terminal device comprises at least one of: cell phones, tablet computers, smart watches, and computers.
As shown in fig. 1, the method includes:
step 101, determining a target allocation identifier.
In this step, the destination allocation identifier is used to represent an identifier of the data to be allocated, and the destination allocation identifier may be a letter, a serial number, a code, a symbol, a number, or a letter, or any combination of a letter, a serial number, a code, a symbol, a number, and a letter.
For example, the target allocation is identified as (8-4-4-4-12), or the target allocation is identified as (Af 123xxa #).
And after the data distribution terminal initiates a data configuration request and receives data distribution information sent by the data distribution terminal, generating a distribution identifier corresponding to the data distribution terminal.
One data distribution end generates one distribution identifier for the same data to be distributed, different distribution identifiers can be generated for different data to be distributed, different data distribution ends correspondingly generate different distribution identifiers, a plurality of distribution identifiers exist because a plurality of different data distribution ends exist, and after a selected instruction of a target distribution identifier is received, the target distribution identifier is selected from the plurality of distribution identifiers according to the selected instruction.
There may be only one data distribution end, where the data distribution end corresponds to a plurality of different data to be distributed, so there are a plurality of different data to be distributed, and thus there are a plurality of distribution identifiers, and after receiving a selected instruction of the target distribution identifier, the target distribution identifier is selected from the plurality of distribution identifiers according to the selected instruction.
Step 102, obtaining configuration ciphertexts of a plurality of data configuration ends corresponding to the target allocation identifier, determining a target configuration ciphertext based on the configuration ciphertexts of the data configuration ends, and generating a data configuration result.
In this step, the data configuration side represents a terminal that is likely to receive data to be allocated represented by the target allocation identifier, and the data configuration side includes at least one of: cell phones, tablet computers, smart watches, and computers.
The configuration ciphertext of the data configuration end is used for representing encrypted interaction data sent by the data configuration end, the configuration ciphertext of the data configuration end can be obtained by encrypting plaintext interaction data through a sequence-preserving encryption algorithm, so that the interaction data sent by the data configuration end can be protected, and the safety of the interaction data in the transmission process is guaranteed.
The data configuration result is used for representing the data configuration end which is allocated to the data to be allocated represented by the target allocation identifier.
Because the configuration ciphertext of each configuration end is obtained through the order-preserving encryption algorithm, the order of the configuration ciphertext of each configuration end obtained through the order-preserving encryption algorithm is matched with the order of the plaintext interaction data, for example, if the plaintext interaction data a and b meet a < b, the configuration ciphertext k (a) and k (b) encrypted through the order-preserving encryption algorithm also meet k (a) < k (b), and then the target configuration ciphertext can be determined based on the configuration ciphertext of each data configuration end, a data configuration result is generated, and the data security in the transmission process is ensured.
Step 103, receiving a sal secret sharing fragment of a target data configuration end sent by any data configuration end, counting the number of the sal secret sharing fragments, and determining that the target data configuration end is an abnormal data configuration end when the number of the sal secret sharing fragments is greater than or equal to a preset threshold, wherein the target data configuration end is at least one of the plurality of data configuration ends.
In the step, when the number of the received salmeter secret sharing fragments of the target data configuration end is counted and is larger than or equal to a preset threshold value, the target data end is indicated to be an abnormal data configuration end, and the effect of tracking the abnormal data configuration end is achieved.
The preset threshold may be set according to specific situations, where the preset threshold is preferably 2/3 of the total number of data configuration ends corresponding to the target allocation identifier.
The target data configuration end is any one of the data configuration ends except the data configuration end for transmitting the salmeter secret sharing fragments of the target data configuration end in the data configuration ends corresponding to the target allocation identifier.
Step 104, obtaining account information of an abnormal data configuration end through a secret reconstruction algorithm based on each of the sand secret sharing fragments, and sending the account information of the abnormal data configuration end to data configuration ends except the abnormal data configuration end and a data distribution end corresponding to the target distribution identifier.
In this step, the Shamir secret sharing fragments are obtained by Shamir secret sharing technology (Shamir), and the specific procedures are:
a plurality of sub-secrets (i.e., the samil secret sharing fragments) are generated by a secret distribution algorithm based on a master secret of the target data configuration side (i.e., a serial number of the target data configuration side).
For example, as shown in FIG. 2A, the master secret is S and the child secrets 1, … …, sn, respectively. The secret management center P0 then transmits the sub-secrets s1, … …, sn generated by the secret distribution algorithm, respectively, to the participants Pi, pi being any of P1 to Pn, via the secure communication channel between P0 and Pi (i.e. the data configuration side), which cannot reveal the received sub-secret si to anyone.
Obtaining a serial number of the abnormal data configuration end based on each of the shamir secret sharing fragments through a secret reconstruction algorithm, obtaining account information of the abnormal data configuration end based on the serial number of the abnormal data configuration end, for example, when the number of the shamir secret sharing fragments of the received target data configuration end is counted to be greater than or equal to a preset threshold t as shown in fig. 2B, sharing the sub-secrets si about the target data configuration end received by each participant (for example, P1 to Pt) sending the shamir secret sharing fragments of the target data configuration end, recovering a master secret S through the secret reconstruction algorithm, and obtaining account information of the abnormal data configuration end based on the master secret S.
Each data configuration terminal registers in a trusted third party, and generates a corresponding serial number, a corresponding public key and a corresponding private key after account information is input. Wherein the account information includes at least one of: an identity card number, a mobile phone number, a user name and a password corresponding to the user name. Taking one data configuration end as an example, generating a plurality of Shamir secret sharing fragments by using a Shamir secret sharing technology based on a serial number corresponding to the data configuration end, and distributing the plurality of Shamir secret sharing fragments corresponding to the data configuration end to each other data configuration end. And in the process of being distributed to each other data configuration end, encrypting by using the public key of the other data configuration end which receives the Shamir secret sharing fragments, and decrypting the encrypted Shamir secret sharing fragments by using the private key of the other data configuration end after the distributed Shamir secret sharing fragments are received. And when the number of the received sand secret sharing fragments of the target data configuration end is counted to be larger than or equal to a preset threshold value, determining the abnormal data configuration end, and reconstructing to obtain account information of the abnormal data configuration end through a secret reconstruction algorithm based on each sand secret sharing fragment.
For example, the data configuration terminal registers with a trusted third party, and generates a corresponding serial number, a corresponding public key and a corresponding private key after inputting account information.
Generating a plurality of Shamir secret sharing fragments by a Shamir secret sharing technology based on a serial number corresponding to a data configuration end, distributing the fragments to each data configuration end corresponding to a target distribution identifier, encrypting the Shamir secret sharing fragments to be distributed to the data configuration end 6 by using a public key of the data configuration end 6 in the process of being distributed to the data configuration end except the data configuration end, for example, distributing the fragments to the data configuration end 6, and decrypting the encrypted Shamir secret sharing fragments by using a private key of the data configuration end 6 after receiving the distributed Shamir secret sharing fragments.
If the number of the data configuration ends sending the salmeter secret sharing fragments of the target data configuration end is 3, the data configuration ends are respectively a data configuration end 1, a data configuration end 2 and a data configuration end 3.
And obtaining the serial numbers of the abnormal data configuration ends by utilizing the Shamir secret sharing fragments of the target data configuration ends received by the data configuration ends 1, 2 and 3 through a secret reconstruction algorithm, and obtaining account information of the abnormal data configuration ends based on the serial numbers of the abnormal data configuration ends.
The account information of the abnormal data configuration end is sent to the data configuration ends except the abnormal data configuration end and the data distribution end corresponding to the target distribution identification, the account information of the abnormal data configuration end is exposed, and the abnormal data configuration end can be forbidden to continuously participate in the data configuration process after exposure, so that the accuracy of the data configuration process can be ensured.
According to the scheme, the target allocation identification is determined, the configuration ciphertext of each data configuration end corresponding to the target allocation identification is obtained, the target configuration ciphertext is determined based on the configuration ciphertext of a plurality of data configuration ends, a data configuration result is generated, the Shamir secret sharing fragments of the target data configuration end transmitted by any data configuration end are received, the number of the Shamir secret sharing fragments is counted, when the number of the Shamir secret sharing fragments is greater than or equal to a preset threshold value, the target data configuration end is determined to be an abnormal data configuration end, the effect of tracking the abnormal data configuration end is achieved, the account information of the abnormal data configuration end is obtained through a secret reconstruction algorithm based on each Shamir secret sharing fragment, the effect of recovering the account information of the abnormal data configuration end is achieved, then the account information of the abnormal data configuration end is transmitted to the data configuration ends except the abnormal data configuration end in the plurality of data configuration ends, the data allocation end corresponding to the target allocation identification is counted, the abnormal data configuration end is prevented from influencing the data configuration process by reconstructing and exposing the account information of the abnormal data configuration end, and further the accuracy of the data configuration process can be guaranteed.
In some embodiments, in step 102, the determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end includes:
and step A1, in response to determining that the data allocation type corresponding to the target allocation identifier is a first type, comparing configuration ciphertexts except the configuration ciphertexts of the current data configuration terminal, and determining the current highest configuration ciphertexts.
And step A2, comparing the configuration ciphertext of the current data configuration end with the current highest configuration ciphertext to obtain a first comparison result.
And step A3, determining that the data configuration of the current data configuration end is successful in response to the fact that the first comparison result is that the configuration ciphertext of the current data configuration end is larger than the current highest configuration ciphertext, and taking the configuration ciphertext of the current data configuration end as a target configuration ciphertext. Or,
and step A3, determining that the data configuration of the current data configuration end fails in response to the fact that the first comparison result is that the configuration ciphertext of the current data configuration end is smaller than or equal to the current highest configuration ciphertext.
In the above scheme, the data allocation type is used for indicating the type of distinguishing the data configuration rule, when the data allocation type is the first type, the target configuration ciphertext is determined according to the data configuration rule corresponding to the first type based on the configuration ciphertext of each data configuration end, and the data configuration rule corresponding to the first type specifically includes:
And comparing the configuration ciphertext except the configuration ciphertext of the current data configuration end to determine the current highest configuration ciphertext.
And comparing the configuration ciphertext of the current data configuration end with the current highest configuration ciphertext to obtain a first comparison result.
And when the first comparison result is that the configuration ciphertext of the current data configuration end is larger than the current highest configuration ciphertext, determining that the data configuration of the current data configuration end is successful, and taking the configuration ciphertext of the current data configuration end as a target configuration ciphertext. Or,
and when the first comparison result is that the configuration ciphertext of the current data configuration end is smaller than or equal to the configuration ciphertext of the current highest configuration ciphertext, determining that the data configuration of the current data configuration end fails.
In some embodiments, in step 102, the determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end includes:
and step B1, responding to the fact that the data distribution type corresponding to the target distribution identification is determined to be the second type, and acquiring the configuration ciphertext of the data distribution end.
And B2, comparing the configuration ciphertext of each data configuration end with the configuration ciphertext of the data distribution end respectively to obtain a plurality of second comparison results.
And B3, responding to the fact that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end when a second comparison result is determined, and taking the configuration ciphertext of the data configuration end as a target configuration ciphertext. Or,
and step B4, acquiring new configuration ciphertext of the data configuration end corresponding to the at least two second comparison results in response to the fact that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end.
And B5, selecting the highest new configuration ciphertext from the new configuration ciphertext of the data configuration end corresponding to at least two second comparison results as a target configuration ciphertext.
In the above scheme, the data allocation type is used for indicating the type of distinguishing the data configuration rule, when the data allocation type is the second type, the target configuration ciphertext is determined according to the data configuration rule corresponding to the second type based on the configuration ciphertext of each data configuration end, and the data configuration rule corresponding to the second type specifically includes:
and acquiring a configuration ciphertext of the data distribution terminal.
And comparing the configuration ciphertext of each data configuration end with the configuration ciphertext of the data distribution end respectively to obtain a plurality of second comparison results.
And when the second comparison result is that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, taking the configuration ciphertext of the data configuration end as a target configuration ciphertext. Or,
when at least two second comparison results are that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, acquiring new configuration ciphertexts of the data configuration end corresponding to the at least two second comparison results, and selecting the highest new configuration ciphertext from the new configuration ciphertexts of the data configuration end corresponding to the at least two second comparison results as a target configuration ciphertext.
In some embodiments, prior to step 101, the method further comprises:
and step C1, acquiring account information of a data distribution end in response to the fact that the data distribution request is received.
And step C2, determining whether account information identical to the account information of the data distribution end exists in a pre-stored account information database of the abnormal data configuration end.
And step C3, when the account information which is the same as the account information of the data distribution end exists, the verification fails, and the data distribution request is refused.
Step C4, when the account information which is the same as the account information of the data distribution end does not exist, the verification is successful, the data distribution information is received through the data distribution request, and a data distribution identifier is generated, wherein the data distribution information comprises at least one of the following components: data allocation type, data allocation start time, data allocation end time, and initial configuration ciphertext.
In the above scheme, the data end allocation account information includes at least one of the following: an identity card number, a mobile phone number, a user name and a password corresponding to the user name.
When a data distribution request sent by a data distribution terminal is received, acquiring account information of the data distribution terminal, searching whether account information which is the same as the account information of the data distribution terminal exists in a pre-stored account information database of an abnormal data configuration terminal, if so, failing to verify, and failing to verify the data distribution request sent by the data distribution terminal, if not, successful to verify, and ensuring that the data distribution terminal is not the abnormal data configuration terminal but can pass through the data distribution request sent by the data distribution terminal.
In some embodiments, prior to step 102, the method further comprises:
and step D1, acquiring account information of a data configuration end in response to the data configuration request of the target allocation identifier.
And D2, determining whether account information identical to the data configuration side account information exists in a pre-stored abnormal data configuration side account information database.
And D3, when the account information which is the same as the account information of the data configuration end exists, the verification fails, and the data configuration request is refused.
And D4, if the account information which is the same as the account information of the data configuration end does not exist, the verification is successful, and the data configuration request is passed.
In the above scheme, the data side configuration side account information includes at least one of the following: an identity card number, a mobile phone number, a user name and a password corresponding to the user name.
When a data allocation request sent by a data configuration end is received, acquiring account information of the data configuration end, searching whether account information which is the same as the account information of the data configuration end exists in a pre-stored account information database of the abnormal data configuration end, if so, failing to verify, and failing to verify the data configuration request sent by the data configuration end, if not, successful to verify, and ensuring that the data configuration end is not the abnormal data configuration end but can pass through the data configuration request sent by the data configuration end.
In some embodiments, after step 102, the method further comprises:
and E1, verifying the target configuration ciphertext and determining whether the target configuration ciphertext is effective.
In the scheme, the target configuration ciphertext is verified, and whether the target configuration ciphertext is effective or not is determined, so that the accuracy of the data configuration process is ensured.
In some embodiments, step E1 comprises:
and F1, acquiring a public key of a data distribution terminal and a private key of a data configuration terminal.
And F2, encrypting the configuration plaintext of the data configuration end corresponding to the target configuration ciphertext by using the public key of the data distribution end to obtain a first encryption configuration.
And F3, decrypting the first encryption configuration by using the private key of the data distribution terminal to obtain a first configuration plaintext.
And F4, encrypting the plaintext of the first configuration through the order-preserving encryption algorithm to obtain a second encryption configuration.
And F5, comparing the second encryption configuration with the stored highest configuration ciphertext corresponding to the target allocation identifier.
And F6, if the second encryption configuration is the same as the highest configuration ciphertext, determining that the target configuration ciphertext is valid. Or,
and F7, if the second encryption configuration is different from the highest configuration ciphertext, determining that the target configuration ciphertext is invalid.
In the scheme, the public key of the data distribution end and the private key of the data configuration end are obtained, and the configuration plaintext of the data configuration end corresponding to the target configuration ciphertext is encrypted by using the public key of the data distribution end, so that the first encryption configuration is obtained. Decrypting the first encryption configuration by using a private key of the data distribution terminal to obtain a first configuration plaintext, encrypting the first configuration plaintext by using a sequence-preserving encryption algorithm to obtain a second encryption configuration, comparing the second encryption configuration with a stored highest configuration ciphertext corresponding to the target distribution representation, determining that the target configuration ciphertext is valid if the second encryption configuration is identical to the highest configuration ciphertext, and determining that the target configuration ciphertext is invalid if the second encryption configuration is not identical to the highest configuration ciphertext.
For example, the highest configuration ciphertext represents the ciphertext of the highest data configuration emergency degree, the configuration plaintext of the data configuration end corresponding to the target configuration ciphertext is encrypted by using the public key of the data distribution end, then decrypted by using the private key of the data distribution end, encryption is performed by using the order-preserving encryption algorithm, whether the second encryption configuration obtained by using the order-preserving encryption algorithm is consistent with the highest configuration ciphertext is determined, if so, the target configuration ciphertext is effective, and if the data configuration emergency degree represented by the target configuration ciphertext is the highest, at this time, if the data configuration is accurate according to the data configuration end corresponding to the target configuration ciphertext. If the data configuration ends are inconsistent, the target configuration ciphertext is invalid, the data configuration emergency degree represented by the target configuration ciphertext is not the highest, and if the data configuration ends corresponding to the target configuration ciphertext are inaccurate in data configuration.
In some embodiments, step E1 comprises:
and G1, acquiring a public key of a data configuration end corresponding to the target configuration ciphertext, a private key of the data configuration end corresponding to the target configuration ciphertext and a data distribution end configuration plaintext.
And G2, encrypting the data distribution end configuration plaintext by using the public key of the data distribution end to obtain a third encryption configuration.
And G3, decrypting the third encryption configuration by using the private key of the data configuration end to obtain a second configuration plaintext.
And G4, encrypting the plaintext of the second configuration through the order-preserving encryption algorithm to obtain a fourth encryption configuration.
And G5, comparing the fourth encryption configuration with the stored data distribution end configuration ciphertext.
And G6, if the fourth encryption configuration is the same as the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is valid. Or,
and G7, if the fourth encryption configuration is different from the data distribution end configuration ciphertext, determining that the target configuration ciphertext is invalid.
In the above scheme, the public key of the data configuration end corresponding to the target configuration ciphertext, the private key of the data configuration end corresponding to the target configuration ciphertext, and the data distribution end configuration plaintext are obtained, the data distribution end configuration plaintext is encrypted by using the public key of the data configuration end, the third encryption configuration is decrypted by using the private key of the data configuration end, the second configuration plaintext is obtained, and the second configuration plaintext is encrypted by using the order-preserving encryption algorithm, so as to obtain the fourth encryption configuration. Comparing the fourth encryption configuration with the stored configuration ciphertext of the data distribution terminal, if the fourth encryption configuration is the same as the configuration ciphertext of the data distribution terminal, the encryption process of the data distribution terminal corresponding to the target configuration ciphertext is correct, if no abnormality exists, the target configuration ciphertext is determined to be effective, if the fourth encryption configuration is different, the encryption process of the data distribution terminal corresponding to the target configuration ciphertext is inaccurate, and if abnormality exists, the target configuration ciphertext is determined to be ineffective.
In some embodiments, step 104, the obtaining, based on each of the samier secret sharing fragments, the account information of the abnormal data configuration end through a secret reconstruction algorithm includes:
step 1041, constructing a plurality of polynomials based on the individual samil secret sharing fragments and the preset threshold.
Step 1042, solving the polynomials to obtain the serial numbers of the abnormal data configuration end, and obtaining the account information of the abnormal data configuration end based on the serial numbers.
In the above scheme, a plurality of polynomials are constructed based on each of the shamir secret sharing fragments and a preset threshold, equation sets are listed based on the polynomials, the polynomials are solved, a serial number of an abnormal data configuration end is obtained, and account information of the abnormal data configuration end is obtained according to the serial number.
For example, the number of received samil secret sharing fragments is 3, the number of secret sharing fragments transmitted by the data configuration terminal 1 is (8, 1), the number of secret sharing fragments transmitted by the data configuration terminal 2 is (7, 2), and the number of secret sharing fragments transmitted by the data configuration terminal 5 is (11, 5).
Listing a plurality of polynomials to form a system of equations, in particular:
a 0 +a 1 *(1mod 17)+a 2 *(1 2 mod 17)=8
a 0 +a 1 *(2mod 17)+a 2 *(2 2 mod 17)=7
a 0 +a 1 *(5mod 17)+a 2 *(5 2 mod 17)=11
solving the equation set to obtain a 0 =13,a 1 =10,a 2 =2, then s=a 0 At this time, the serial number of the abnormal data configuration terminal is 13, and the account information of the abnormal data configuration terminal corresponding to the serial number 13 is acquired.
The method comprises the following steps of: the serial number of the abnormal data configuration end is 13, the random prime number p is 17, the preset threshold t is 3, t-1 random numbers smaller than or equal to p are selected as coefficients of a polynomial, and the coefficients are respectively as follows:
a 1 =10,a 2 =2,a 0 =S=13
randomly generating 5 sand secret sharing fragments based on a serial number 13, specifically:
S 1 =(13+10*1+2*1 2 )mod 17=8
S 2 =(13+10*2+2*2 2 )mod 17=7
S 3 =(13+10*3+2*3 2 )mod 17=10
S 4 =(13+10*4+2*4 2 )mod 17=0
S 5 =(13+10*5+2*5 2 )mod 17=11
the data configuration terminal 1 distributes the sand secret sharing fragments (8, 1), the data configuration terminal 2 distributes the sand secret sharing fragments (7, 2), the data configuration terminal 3 distributes the sand secret sharing fragments (10, 3), the data configuration terminal 4 distributes the sand secret sharing fragments (0, 4), the data configuration terminal 5 distributes the sand secret sharing fragments (11, 5), and the serial numbers of the abnormal data configuration terminal can be restored by using the number of the sand secret sharing fragments greater than or equal to a preset threshold t through a secret reconstruction algorithm.
The present application describes a federated chain-based data tracking process in one embodiment, as shown in FIG. 2C, in particular as follows:
the server is provided with a alliance chain and a trusted third party, the data distribution end and each data distribution end can register on the trusted third party of the server, a user name and a public key generated after the registration of the data distribution end are stored in the alliance chain, then the data distribution end initiates a data distribution request to the alliance chain, a target distribution identification is generated, the data distribution end initiates a data distribution request corresponding to the target distribution identification to the alliance chain, a target distribution ciphertext is determined, after a data distribution result is generated, the data distribution end verifies whether the target distribution ciphertext is valid or not, the data distribution end sends the Shamir secret sharing fragments of the target data distribution end to the alliance chain, the alliance chain collects and counts the number of the Shamir secret sharing fragments, when the number of the Shamir secret sharing fragments is larger than or equal to a preset threshold, the target data distribution end is determined to be an abnormal data distribution end, account information of the abnormal data distribution end is obtained through a secret reconstruction algorithm based on the various Shamir secret sharing fragments, the abnormal data distribution end account information is sent to the data distribution end except the abnormal data distribution end, and the data distribution end corresponding to the target distribution identification, and the exposure data distribution end account information is obtained.
It should be noted that, the method of the embodiments of the present application may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of embodiments of the present application, and the devices may interact with each other to complete the methods.
It should be noted that some embodiments of the present application are described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the application also provides a data tracking device based on the alliance chain, which corresponds to the method of any embodiment.
Referring to fig. 3, the data tracking apparatus based on the federation chain includes:
a target allocation identity determination module 301 configured to determine a target allocation identity;
the target configuration ciphertext determining module 302 is configured to obtain configuration ciphertexts of a plurality of data configuration ends corresponding to the target allocation identifier, determine a target configuration ciphertext based on the configuration ciphertexts of the data configuration ends, and generate a data configuration result;
an abnormal data configuration end determining module 303, configured to receive a salve secret sharing fragment of a target data configuration end sent by any data configuration end, and count the number of the salve secret sharing fragments, and determine that the target data configuration end is an abnormal data configuration end when the number of the salve secret sharing fragments is greater than or equal to a preset threshold, where the target data configuration end is at least one of the plurality of data configuration ends;
the account information reconstruction module 304 is configured to obtain account information of an abnormal data configuration end through a secret reconstruction algorithm based on each of the samier secret sharing fragments, and send the account information of the abnormal data configuration end to data configuration ends except for the abnormal data configuration end in a plurality of data configuration ends, and a data distribution end corresponding to the target distribution identifier.
In some embodiments, the target configuration ciphertext determination module 302 may be specifically configured to:
in response to determining that the data allocation type corresponding to the target allocation identifier is the first type, comparing configuration ciphertext except the configuration ciphertext of the current data configuration end, and determining the current highest configuration ciphertext;
comparing the configuration ciphertext of the current data configuration end with the current highest configuration ciphertext to obtain a first comparison result;
in response to determining that the first comparison result is that the configuration ciphertext of the current data configuration end is larger than the current highest configuration ciphertext, determining that the data configuration of the current data configuration end is successful, and taking the configuration ciphertext of the current data configuration end as a target configuration ciphertext; or,
and determining that the data configuration of the current data configuration end fails in response to the fact that the first comparison result is that the configuration ciphertext of the current data configuration end is smaller than or equal to the current highest configuration ciphertext.
In some embodiments, the target configuration ciphertext determination module 302 may be specifically configured to:
responding to the determination that the data distribution type corresponding to the target distribution identification is the second type, and acquiring a configuration ciphertext of the data distribution end;
Comparing the configuration ciphertext of each data configuration end with the configuration ciphertext of the data distribution end respectively to obtain a plurality of second comparison results;
responding to the fact that a second comparison result is that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, and taking the configuration ciphertext of the data configuration end as a target configuration ciphertext; or,
in response to determining that at least two second comparison results are that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, acquiring new configuration ciphertext of the data configuration end corresponding to the at least two second comparison results;
and selecting the highest new configuration ciphertext from the new configuration ciphertext of the data configuration end corresponding to at least two second comparison results as a target configuration ciphertext.
In some embodiments, the federation chain based data tracking apparatus further includes a first verification module, prior to determining the target allocation identification, specifically configured to:
acquiring account information of a data distribution end in response to determining that a data distribution request is received;
determining whether account information identical to the account information of the data distribution end exists in a pre-stored abnormal data configuration end account information database;
When the account information which is the same as the account information of the data distribution end exists, the verification fails, and the data distribution request is refused;
when the account information which is the same as the account information of the data distribution end does not exist, the verification is successful, the data distribution information is received through the data distribution request, and a data distribution identifier is generated, wherein the data distribution information comprises at least one of the following components: data allocation type, data allocation start time, data allocation end time, and initial configuration ciphertext.
In some embodiments, the data tracking apparatus based on a federation chain further includes a second verification module, where before obtaining configuration ciphertexts of the plurality of data configuration ends corresponding to the target allocation identifier, the second verification module is specifically configured to:
acquiring account information of a data configuration end in response to determining that the data configuration request of the target allocation identifier is received;
determining whether account information identical to the data configuration side account information exists in a prestored abnormal data configuration side account information database;
when the account information which is the same as the account information of the data configuration end exists, the verification fails, and the data configuration request is refused;
And when the account information which is the same as the account information of the data configuration end does not exist, the verification is successful, and the data configuration request is passed.
In some embodiments, the data tracking apparatus based on a federation chain further includes a third verification module, after determining a target configuration ciphertext based on the configuration ciphertext of each data configuration end, the third verification module includes:
and the verification unit is configured to verify the target configuration ciphertext and determine whether the target configuration ciphertext is valid or not.
In some embodiments, the verification unit is specifically configured to:
acquiring a public key of a data distribution terminal and a private key of a data configuration terminal;
encrypting configuration plaintext of a data configuration end corresponding to the target configuration ciphertext by using the public key of the data distribution end to obtain a first encryption configuration;
decrypting the first encryption configuration by using the private key of the data distribution terminal to obtain a first configuration plaintext;
encrypting the first configuration plaintext by the order-preserving encryption algorithm to obtain a second encryption configuration;
comparing the second encryption configuration with the stored highest configuration ciphertext corresponding to the target allocation identifier;
If the second encryption configuration is the same as the highest configuration ciphertext, determining that the target configuration ciphertext is valid; or,
and if the second encryption configuration is not the same as the highest configuration ciphertext, determining that the target configuration ciphertext is invalid.
In some embodiments, the verification unit is specifically configured to:
obtaining a public key of a data configuration end corresponding to the target configuration ciphertext, a private key of the data configuration end corresponding to the target configuration ciphertext, and a data distribution end configuration plaintext;
encrypting the configuration plaintext of the data distribution end by using the public key of the data configuration end to obtain a third encryption configuration;
decrypting the third encryption configuration by using the private key of the data configuration end to obtain a second configuration plaintext;
encrypting the second configuration plaintext by the order-preserving encryption algorithm to obtain a fourth encryption configuration;
comparing the fourth encryption configuration with the stored data distribution end configuration ciphertext;
if the fourth encryption configuration is the same as the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is valid; or,
and if the fourth encryption configuration is different from the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is invalid.
In some embodiments, account information reconstruction module 304 is specifically configured to:
constructing a plurality of polynomials based on the respective samil secret sharing fragments and the preset threshold;
solving the polynomials to obtain the serial numbers of the abnormal data configuration end, and obtaining the account information of the abnormal data configuration end based on the serial numbers.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
The device of the foregoing embodiment is configured to implement the corresponding federation chain-based data tracking method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the application also provides an electronic device corresponding to the method of any embodiment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the data tracking method based on the alliance chain according to any embodiment when executing the program.
Fig. 4 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 401, a memory 402, an input/output interface 403, a communication interface 404, and a bus 405. Wherein the processor 401, the memory 402, the input/output interface 403 and the communication interface 404 are in communication connection with each other inside the device via a bus 405.
The processor 401 may be implemented by a general purpose CPU (Central Processing Unit ), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 402 may be implemented in the form of ROM (Read Only Memory), RAM (RandomAccess Memory ), static storage device, dynamic storage device, or the like. Memory 402 may store an operating system and other application programs, and when implementing the solutions provided by the embodiments of the present specification by software or firmware, the relevant program code is stored in memory 402 and invoked for execution by processor 401.
The input/output interface 403 is used to connect with an input/output module to realize information input and output. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
The communication interface 404 is used to connect a communication module (not shown in the figure) to enable communication interaction between the present device and other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 405 includes a path to transfer information between components of the device (e.g., processor 401, memory 402, input/output interface 403, and communication interface 404).
It should be noted that, although the above device only shows the processor 401, the memory 402, the input/output interface 403, the communication interface 404, and the bus 405, in the implementation, the device may further include other components necessary for realizing normal operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding data tracking method based on the federation chain in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, corresponding to any of the above embodiments of the method, the present application further provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the coalition chain based data tracking method according to any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the data tracking method based on the federation chain according to any one of the foregoing embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the application (including the claims) is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the present application, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements and/or the like which are within the spirit and principles of the embodiments are intended to be included within the scope of the present application.
Claims (8)
1. A data tracking method based on a coalition chain, which is applied to a server, wherein the server is provided with the coalition chain, and the method comprises the following steps:
determining a target allocation identifier;
acquiring configuration ciphertexts of a plurality of data configuration ends corresponding to the target allocation identifier through a sequence preserving encryption algorithm, determining the target configuration ciphertexts based on the configuration ciphertexts of the data configuration ends, and generating a data configuration result, wherein the configuration ciphertexts of the data configuration ends are used for representing encrypted interaction data sent by the data configuration ends, and the data configuration result is used for representing the data configuration ends which are allocated to the data to be allocated and represented by the target allocation identifier;
The determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end comprises the following steps:
in response to determining that the data allocation type corresponding to the target allocation identifier is the first type, comparing configuration ciphertext except the configuration ciphertext of the current data configuration end, and determining the current highest configuration ciphertext;
comparing the configuration ciphertext of the current data configuration end with the current highest configuration ciphertext to obtain a first comparison result;
in response to determining that the first comparison result is that the configuration ciphertext of the current data configuration end is larger than the current highest configuration ciphertext, determining that the data configuration of the current data configuration end is successful, and taking the configuration ciphertext of the current data configuration end as a target configuration ciphertext; or,
determining that the data configuration of the current data configuration end fails in response to the fact that the first comparison result is that the configuration ciphertext of the current data configuration end is smaller than or equal to the current highest configuration ciphertext;
the determining the target configuration ciphertext based on the configuration ciphertext of each data configuration end comprises the following steps:
responding to the determination that the data distribution type corresponding to the target distribution identification is the second type, and acquiring a configuration ciphertext of the data distribution end;
Comparing the configuration ciphertext of each data configuration end with the configuration ciphertext of the data distribution end respectively to obtain a plurality of second comparison results;
responding to the fact that a second comparison result is that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, and taking the configuration ciphertext of the data configuration end as a target configuration ciphertext; or,
in response to determining that at least two second comparison results are that the configuration ciphertext of the data configuration end is larger than the configuration ciphertext of the data distribution end, acquiring new configuration ciphertext of the data configuration end corresponding to the at least two second comparison results;
selecting the highest new configuration ciphertext from the new configuration ciphertext of the data configuration end corresponding to at least two second comparison results as a target configuration ciphertext;
receiving a sal secret sharing fragment of a target data configuration end sent by any data configuration end, counting the number of the sal secret sharing fragments, and determining the target data configuration end as an abnormal data configuration end when the number of the sal secret sharing fragments is greater than or equal to a preset threshold, wherein the target data configuration end is at least one of the plurality of data configuration ends;
Obtaining account information of an abnormal data configuration end based on each Shamir secret sharing fragment through a secret reconstruction algorithm, and sending the account information of the abnormal data configuration end to data configuration ends except the abnormal data configuration end in a plurality of data configuration ends and a data distribution end corresponding to the target distribution identification.
2. The method of claim 1, wherein prior to determining the target allocation identity, the method further comprises:
acquiring account information of a data distribution end in response to determining that a data distribution request is received;
determining whether account information identical to the account information of the data distribution end exists in a pre-stored abnormal data configuration end account information database;
when the account information which is the same as the account information of the data distribution end exists, the verification fails, and the data distribution request is refused;
when the account information which is the same as the account information of the data distribution end does not exist, the verification is successful, the data distribution information is received through the data distribution request, and a data distribution identifier is generated, wherein the data distribution information comprises at least one of the following components: data allocation type, data allocation start time, data allocation end time, and initial configuration ciphertext.
3. The method of claim 1, wherein prior to obtaining configuration ciphertexts for a plurality of data configuration ends corresponding to the target allocation identity, the method further comprises:
acquiring account information of a data configuration end in response to determining that the data configuration request of the target allocation identifier is received;
determining whether account information identical to the data configuration side account information exists in a prestored abnormal data configuration side account information database;
when the account information which is the same as the account information of the data configuration end exists, the verification fails, and the data configuration request is refused;
and when the account information which is the same as the account information of the data configuration end does not exist, the verification is successful, and the data configuration request is passed.
4. The method according to claim 1, wherein after determining a target configuration ciphertext based on the configuration ciphertext of the respective data configuration end, generating a data configuration result, the method further comprises:
and verifying the target configuration ciphertext and determining whether the target configuration ciphertext is valid or not.
5. The method of claim 4, wherein verifying the target configuration ciphertext to determine whether the target configuration ciphertext is valid comprises:
Acquiring a public key of a data distribution terminal and a private key of a data configuration terminal;
encrypting configuration plaintext of a data configuration end corresponding to the target configuration ciphertext by using the public key of the data distribution end to obtain a first encryption configuration;
decrypting the first encryption configuration by using the private key of the data distribution terminal to obtain a first configuration plaintext;
encrypting the first configuration plaintext by the order-preserving encryption algorithm to obtain a second encryption configuration;
comparing the second encryption configuration with the stored highest configuration ciphertext corresponding to the target allocation identifier;
if the second encryption configuration is the same as the highest configuration ciphertext, determining that the target configuration ciphertext is valid; or,
and if the second encryption configuration is not the same as the highest configuration ciphertext, determining that the target configuration ciphertext is invalid.
6. The method of claim 4, wherein verifying the target configuration ciphertext to determine whether the target configuration ciphertext is valid comprises:
obtaining a public key of a data configuration end corresponding to the target configuration ciphertext, a private key of the data configuration end corresponding to the target configuration ciphertext, and a data distribution end configuration plaintext;
Encrypting the configuration plaintext of the data distribution end by using the public key of the data configuration end to obtain a third encryption configuration;
decrypting the third encryption configuration by using the private key of the data configuration end to obtain a second configuration plaintext;
encrypting the second configuration plaintext by the order-preserving encryption algorithm to obtain a fourth encryption configuration;
comparing the fourth encryption configuration with the stored data distribution end configuration ciphertext;
if the fourth encryption configuration is the same as the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is valid; or,
and if the fourth encryption configuration is different from the configuration ciphertext of the data distribution end, determining that the target configuration ciphertext is invalid.
7. The method according to claim 1, wherein the obtaining the abnormal data configuration side account information based on the respective samier secret sharing fragments through a secret reconstruction algorithm includes:
constructing a plurality of polynomials based on the respective samil secret sharing fragments and the preset threshold;
solving the polynomials to obtain the serial numbers of the abnormal data configuration end, and obtaining the account information of the abnormal data configuration end based on the serial numbers.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310878963.0A CN117176335B (en) | 2023-07-17 | 2023-07-17 | Data tracking method based on alliance chain and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310878963.0A CN117176335B (en) | 2023-07-17 | 2023-07-17 | Data tracking method based on alliance chain and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117176335A CN117176335A (en) | 2023-12-05 |
| CN117176335B true CN117176335B (en) | 2024-03-15 |
Family
ID=88941992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310878963.0A Active CN117176335B (en) | 2023-07-17 | 2023-07-17 | Data tracking method based on alliance chain and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117176335B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2701337A2 (en) * | 2012-08-24 | 2014-02-26 | Panasonic Corporation | Secret sharing method and system |
| CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
| CN113079008A (en) * | 2021-04-26 | 2021-07-06 | 北京玻色量子科技有限公司 | Data communication method, device and system |
-
2023
- 2023-07-17 CN CN202310878963.0A patent/CN117176335B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2701337A2 (en) * | 2012-08-24 | 2014-02-26 | Panasonic Corporation | Secret sharing method and system |
| CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
| CN113079008A (en) * | 2021-04-26 | 2021-07-06 | 北京玻色量子科技有限公司 | Data communication method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117176335A (en) | 2023-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109583887B (en) | Block chain transaction method and device | |
| AU2017395785B2 (en) | Voting system and method | |
| JP7371015B2 (en) | Computer-implemented systems and methods for performing atomic swaps using blockchain | |
| US10833871B2 (en) | System and method for deterministic signing of a message using a multi-party computation (MPC) process | |
| CN111401902A (en) | Service processing method, device and equipment based on block chain | |
| US10846372B1 (en) | Systems and methods for trustless proof of possession and transmission of secured data | |
| CN111783136A (en) | Data protection method, device, equipment and storage medium | |
| CN114358764A (en) | Privacy calculation method based on intelligent contracts in block chain and related equipment | |
| CN114500119B (en) | Method and device for calling block chain service | |
| US20150023498A1 (en) | Byzantine fault tolerance and threshold coin tossing | |
| CN116599669A (en) | Data processing method, device, computer equipment and storage medium | |
| CN112466032B (en) | Electronic voting method and device and electronic equipment | |
| CN112165383A (en) | Encryption method, device, equipment and medium based on shared root key | |
| CN117176335B (en) | Data tracking method based on alliance chain and related equipment | |
| CN116633533A (en) | Key generation method, device and equipment for KMS (KMS) system key encryption | |
| CN115632777A (en) | Data processing method and electronic equipment | |
| CN116155483A (en) | Block chain signing machine safety design method and signing machine | |
| CN113051622B (en) | Index construction method, device, equipment and storage medium | |
| JP5651611B2 (en) | Key exchange device, key exchange system, key exchange method, program | |
| CN112507369B (en) | Service processing method and device based on block chain, readable medium and electronic equipment | |
| CN114128213B (en) | Apparatus, method, and program for verifying the authenticity of a public key | |
| CN112100637A (en) | Encryption method, device, equipment and medium based on correction quantity | |
| CN118133328B (en) | Decentralised chemistry method, system and related equipment | |
| CN118133355B (en) | Federal learning method based on identity-based homomorphic signature and related equipment | |
| CN115396122B (en) | Message processing method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |