KR102149900B1 - Privacy-preserving Data Analysis Method on Permissioned Blockchain System - Google Patents

Abstract

The present invention relates to a privacy-preserving data analysis method in a permissioned blockchain system, and more particularly, a value in which noise is added to the response of the secret distributed ledger to a query when performing specific data analysis in a blockchain-based system. It relates to a privacy-preserving data analysis method on a permission-type blockchain system that enables data analysis to be performed in a state where personal privacy is preserved.

Description

Privacy-preserving Data Analysis Method on Permissioned Blockchain System}

The present invention relates to a privacy-preserving data analysis method in a permissioned blockchain system, and more particularly, a value in which noise is added to the response of the secret distributed ledger to a query when performing specific data analysis in a blockchain-based system. It relates to a privacy-preserving data analysis method on a permission-type blockchain system that enables data analysis to be performed in a state where personal privacy is preserved.

Blockchain technology is a widely known technology for cryptocurrency, and it is not a traditional centralized database, but a distributed database-based system in which all participants participating in the network have a shared database to perform secure and efficient data sharing. It is a technique for.

The cryptocurrency technology proposed by Non-Patent Literature 1 and the blockchain systems based on it can participate in the network, and all members (nodes) participating have a distributed ledger corresponding to the database. This is usually referred to as a permissionless blockchain system, and it is also commonly referred to as a public blockchain. Unlike this, a system in which only a set of institutions with a specific purpose or only a specific organization can participate in the network is called a permissioned blockchain, which is a private blockchain or a consortium block depending on the degree of centralization. It is also called the Consortium Blockchain.

Unauthorized blockchain proposed by Non-Patent Document 1 usually has scalability of scale that anyone can participate through complete decentralization rather than efficiency in processing and storage of transactions and secure distributed ledgers for them in the network. It is aimed at.

In contrast, permissioned blockchains are less scalable in scale than unlicensed blockchains in which anyone can participate, but compared to unlicensed blockchains, it is very fast for transaction execution and processing and storage of secure distributed ledgers. In addition to system performance, it is a system that can be applied to financial transactions, supply chains between manufacturers, distribution networks between manufacturers and consumers, disease history sharing between hospitals and other related companies in the medical field, and information sharing in the public sector led by the government. Permitted blockchain has been intensively researched by Hyperledger, a permissioned blockchain open source project established by the Linux Foundation, and currently representative permissioned blockchain technologies are Hyperledger Indy (Hyperledger Sawtooth, Hyperledger Fabric). ), and Samsung SDS's Nexledger in Korea.

In addition, many companies or organizations use data analysis technologies such as Data Mining and Machine Learning to obtain useful information from data for their own purposes. As a specific example, in finance and insurance related departments, insurance fraud can be prevented by analyzing a specific history of customers, and in commercial related departments, sellers of goods analyze consumers' preferences for characteristics of goods to obtain useful information for future sales In addition, medical-related departments can further increase the treatment rate of patients by analyzing the success rate of treatment technologies that can cope with rare diseases. Therefore, at this time, organizations or companies can obtain more meaningful and useful information if they share their data with each other, but in order to preserve the privacy of personal information according to non-patent document 2, data is not identified before data sharing. (De-identification) technology must be applied, and therefore, many studies related to this have been continuously receiving attention.

Also, in recent years, the size and scale of data are becoming vast day by day, and for this reason, data analysis technology in a distributed data environment is actively being studied. This is a technology that derives data analysis results by collecting and summing the results after analysis of variance, not performing data analysis after centralizing data. Hereinafter, in the present invention, a data analysis technique in a distributed data environment is replaced with a distributed learning technique and will be described later. The algorithm used in the data analysis technique performs repetitive learning several times, and the result of the final round is usually described as a learning model. Compared to data centralized data analysis where there is only one result value for each round, there are multiple result values for each round, and collecting and summing them correctly is the core of distributed learning technology.

In addition, these distributed learning technologies must also be applied with de-identification technologies to preserve privacy.

Among data non-identification techniques, differential privacy is one of the above non-identification techniques, and by adding noise based on mathematical probability when responding to a query for information performed by a data analyst, the analyst can easily access personal information. It is a technique that makes it impossible to infer.

Differential privacy mathematically defines the degree of privacy based on how much difference probabilistically between the outputs of the two databases for any query for two databases according to the presence or absence of specific personal data. Here, the personal data is a disease history including personal information on a patient in medical data, and may include personal information on a specific product and data including characteristics and transaction details of the product on the transaction data.

For example, suppose you have data on disease history, all of which are secret values. In this case, assume that a malicious analyst attempts to find out whether a specific attack target in the database has lung cancer by performing a specific query such as'How many lung cancer patients are there?' In this case, if the answer to the question is always the same, the malicious analyst asks,'How many lung cancer patients are?' and'How many lung cancer patients are excluded from the attack target?' It is easy to find out whether the attack target has lung cancer through two queries.

However, the data analysis method applied with differential privacy adds noise with randomness calculated based on the query to the response value, even if a specific attack target is actually a lung cancer patient, even if multiple queries are received in the same manner as the above query. It will respond with a different value.

This fundamentally informs the characteristics of the probability distribution map possessed by the data, but focuses on making it difficult for the attacker to infer accurate personal data values.

Therefore, the differential privacy in the above example cannot be easily determined whether the attacker has lung cancer, even though the malicious analyst knows the prior knowledge of the attacker, since the difference between the analysis before and after the analysis cannot be known.

This differential privacy method is designed based on a randomized algorithm. This means adding random noise to the sensitive attribute values of each data column in the database. However, in order not to damage the usefulness of data analysis from the standpoint of data analysts, appropriate noise is added to the extent that it does not reveal the properties of sensitive information. Can be decided.

In the current permission type blockchain system, there is data shared by all members of the system, while data shared only by specific members also exists. Therefore, when analyzing data, there is a need for a technology that can correctly analyze the information of such secret data without leaking it.

As such, techniques proposed by Non-Patent Documents 3, 4, and 5 exist as techniques for performing analysis without leaking information of secret data. The techniques proposed by the non-patent documents 3, 4, and 5 can obtain a value desired by an accessor without exposing privacy from data shared only by a specific member through Secure Multiparty Computation.

However, the technologies proposed by the above non-patent documents 3, 4, and 5 are very inefficient in calculation complexity when the number of secret data required for calculation increases, and specific value calculations such as performing auctions without revealing the bidders of buyers are performed. Because it is mainly used for technology for data analysis, it is not suitable for data analysis and processing techniques to determine the probability distribution of data.

In addition, technologies proposed by non-patent documents 6, 7 and 8 exist as technologies capable of performing transactions without leaking information of secret data. The technologies proposed by the non-patent documents 6, 7 and 8 can prove a correct transaction without showing transaction information to a third party other than the transaction party through Zero Knowledge Proof.

However, the technologies proposed by the non-patent documents 6, 7 and 8 are mainly used for technologies that guarantee confidentiality of transactions, and are therefore not suitable for data analysis and processing technologies to determine the probability distribution of data.

In addition, as a privacy-preserving distributed learning technology, there are technologies proposed by non-patent documents 9 and 10. The technologies proposed by the non-patent documents 9 and 10 propose a decentralized distributed analysis technique based on a permissionless blockchain.

The techniques proposed by the non-patent documents 9 and 10 are a method of generating a result value from each round as one block during distributed learning, recording it in the ledger, and then proceeding to the next round based on this.

However, the technologies proposed by the non-patent documents 9 and 10 are based on an unauthorized blockchain. Unauthorized blockchains and permissioned blockchains show very different structural characteristics. A normal permissionless blockchain requires a lot of time, such as about 10 minutes, to create one secure and reliable block in the distributed ledger. Most of the time, data analysis techniques are performed on large, time-consuming data, but the consumption of about 10 minutes per round is very inefficient.

In addition, the technologies proposed by the above non-patent documents 9 and 10 solve problems that cannot be simply applied to a number of fields such as the financial field, the supply chain between manufacturers, the distribution network between manufacturers and consumers, and the medical field using the existing licensed blockchain. Have.

Other examples of introducing blockchain technology for safe and efficient data de-identification include the technologies proposed by Patent Documents 1 and 2. The technologies proposed by Patent Documents 1 and 2 correspond to technologies applied when introducing differential privacy in a distributed data environment composed of a plurality of data owners.

However, the technologies proposed by Patent Documents 1 and 2 above are technologies that introduce a blockchain to solve factors that may occur in terms of safety and efficiency of the differential privacy algorithm when differential privacy is introduced in a distributed data environment. It is not suitable for data analysis and processing techniques trying to determine the enemy distribution.

US 2018-0307854 A1 "Tracking privacy budget with distributed ledger" US 2018-0173894 A1 "Differential privacy and outlier detection within a non-interactive model"

S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system" L. Sweeney, "k-anonymity: A model for protecting privacy" International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no.5, pp.557-570, 2002 F. Benhamouda et al., "Supporting Private Data on Hyperledger Fabric with Secure Multiparty Computation" Cloud Engineering (IC2E), IEEE International Conference on, IEEE, pp.357-363, 2018 G.Zyskind et al., "Decentralizing privacy: Using blockchain to protect personal data" IEEE Security and Privacy Workshops, IEEE, pp.180-184, 2015. G.Zyskind et al., "Enigma: Decentralized computation platform with guaranteed privacy" arXiv preprint arXiv:1506.03471, 2015. Zcash-all coins are created equal. https://z.cash/. Accesed Dec 2017. A. van Wirdum, ""Confidential assets" brings privacy to all blockchain assets: Blockstream" Bitcoin Magazine, April 2017, https://bitcoinmagazine.com/articles/confidential-assets-brings-privacy-all-blockchain-assets-blockstream /. E.Cecchetti et al., "Solidus: Confidential distributed ledger transactions via PVORM" Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2017. T. T. Kuo et al., "Modelchain: Decentralized Privacy-preserving Healthcare Predictive Modeling Framework on Private Blockchain Networks" arXiv preprint arXiv:1802.01746, 2018. X. Chen et al., "Distributed Machine Learning Meets Blockchain: A Decentralized, Secure, and Privacy-preserving Realization" IEEE International Conference on Big Data (IEEE Big Data'18), pp.1177-1186, 2018.

The present invention is a permission-type block that allows data analysis to be performed while personal privacy is preserved by returning a value added with noise to the response of the secret distributed ledger to a query when performing specific data analysis in a blockchain-based system. Its purpose is to provide a privacy-preserving data analysis method on a chain system.

In order to solve the above problems, the present invention is a privacy-preserving data analysis method on a permission-type blockchain system, wherein the permission-type blockchain system allows a node that is a system participant to access the permission-type blockchain system. Client application; Distributed ledger where transactions on the blockchain network are recorded; A distributed database including a personal database owned only by the distributed ledger and individual nodes; And a smart contract for controlling access to the distributed database. Including, the distributed ledger, a public distributed ledger shared by all members of the permission type blockchain system; A data public distribution ledger for storing transactions made in the permission type blockchain system, wherein the public distribution ledger includes one or more secret distributed ledgers shared only by a specific member of the permission type blockchain system; And a distributed learning model shared ledger storing a result of learning for each round and a final distributed learning model, wherein the data analysis method includes: a query calling step in which a client application calls a data analysis query function to a smart contract; A query response request step of performing, by the smart contract, a response request for the data analysis query function to the distributed database based on the data analysis query function; A query-response return step of returning a response value to the data analysis query function by applying differential privacy by the distributed database; And an analysis result return step of the smart contract analyzing and returning the response value. A distributed learning model storing step of storing the distributed learning model calculated by analyzing the response value by the smart contract; An error log storage step for subsequent error-based audit by the smart contract analyzing the response value; An analysis result return step of the smart contract analyzing and returning the response value; An error log request step in which the client requests an error log value stored for future error-based auditing; An error log return step in which the distributed learning model disclosure ledger returns a response value to the error log request; And an error-based audit execution step in which the client performs an error-based audit through a response value of the error log return step.

In the present invention, the data analysis query function is stored in the smart contract, and the data analysis query function may cause the distributed database to return a response value by applying differential privacy.

In the present invention, the data public distributed ledger returns a response value to the data analysis query function, and the secret distributed ledger and the personal database respond to the data analysis query function by adding noise based on differential privacy A value may be returned, and the distributed learning model shared ledger stores and holds a privacy-preserving distributed learning model for the distributed learning model storage step.

In the present invention, the question-and-answer request step includes: a public distributed data response request step of requesting a response value for a data analysis query function from the data public distribution ledger; And a secret distributed data response request step of requesting a response value to a data analysis query function to which differential privacy is applied to the secret distributed ledger and the personal database. It may include.

In the present invention, when there are two or more secret distributed ledgers, the two or more secret distributed ledgers may independently return response values to which differential privacy-based noise is added to the data analysis query function.

In the present invention, the analysis result return step may return an analysis result by performing an analysis based on a data analysis query function by integrating the response value returned by the data public distribution ledger, the secret distribution ledger, and the personal database. have.

In the present invention, the storing of the distributed learning model and the error log for error-based auditing may store a distributed learning model and an error log calculated based on the response value returned by the distributed database.

In the present invention, in the step of requesting an error log value and returning an error log value for performing an error-based audit, any participant who can perform data analysis may access the client and receive an error log value at any time, and the client This can be used to perform an error-based audit.

In the privacy-preserving data analysis method according to an embodiment of the present invention, it is possible to exert an effect of performing data analysis without exposing the value of secret data owned by only a specific member.

In the privacy-preserving data analysis method according to an embodiment of the present invention, it is possible to exert an effect of protecting secret data without changing the structure of an existing permission-type blockchain system.

In the privacy-preserving data analysis method according to an embodiment of the present invention, when using data analysis technology such as distributed learning technology, it is possible to safely and efficiently analyze data without changing the structure of the existing permissioned blockchain system. Can be demonstrated.

In the privacy-preserving data analysis method according to an embodiment of the present invention, a network configuration can be easily maintained by not adding a physical component to protect secret data.

In the privacy-preserving data analysis method according to an embodiment of the present invention, as in the properties of the existing blockchain system, each member has a smart contract and a distributed database, thereby preventing a single point of failure. Can exert.

1 is a diagram schematically showing the configuration of a permission type blockchain system according to an embodiment of the present invention.
2 is a diagram schematically showing the configuration of a smart contract according to an embodiment of the present invention.
3 is a diagram schematically showing the configuration of a query function according to an embodiment of the present invention.
3A is a diagram schematically showing the configuration of a distributed database according to an embodiment of the present invention.
4 is a diagram schematically showing the configuration of a distributed ledger according to an embodiment of the present invention.
4A is a diagram schematically showing the configuration of an open distributed ledger according to an embodiment of the present invention.
5 is a diagram schematically showing the configuration of two nodes according to an embodiment of the present invention.
6 is a flowchart of a data processing process of a permission type blockchain system.
7 is a request and response flowchart of an analysis method in which a database to which a privacy guard is applied performs a response by applying differential privacy.
8 is a request and response flow chart of a privacy-preserving data analysis method of a permission-type blockchain system according to an embodiment of the present invention.
8A is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.
9 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.

In the following, various embodiments and/or aspects are now disclosed with reference to the drawings. In the following description, for purposes of explanation, a number of specific details are disclosed to aid in an overall understanding of one or more aspects. However, it will also be appreciated by those of ordinary skill in the art that this aspect(s) may be practiced without these specific details. The following description and the annexed drawings set forth in detail certain illustrative aspects of one or more aspects. However, these aspects are exemplary and some of the various methods in the principles of the various aspects may be used, and the descriptions described are intended to include all such aspects and their equivalents.

Further, various aspects and features will be presented by a system that may include multiple devices, components and/or modules, and the like. It is also noted that various systems may include additional devices, components and/or modules, and/or may not include all of the devices, components, modules, etc. discussed in connection with the figures. It must be understood and recognized.

As used herein, “an embodiment,” “example,” “aspect,” “example,” and the like may not be construed as having any aspect or design described as being better or advantageous than other aspects or designs. . The terms'~part','component','module','system', and'interface' used below generally mean a computer-related entity, for example, hardware, hardware It can mean a combination of software and software, or software.

In addition, the terms "comprising" and/or "comprising" mean that the corresponding feature and/or element is present, but excludes the presence or addition of one or more other features, elements, and/or groups thereof. It should be understood as not.

In addition, terms including ordinal numbers such as first and second may be used to describe various elements, but the elements are not limited by the terms. These terms are used only for the purpose of distinguishing one component from another component. For example, without departing from the scope of the present invention, a first element may be referred to as a second element, and similarly, a second element may be referred to as a first element. The term and/or includes a combination of a plurality of related listed items or any of a plurality of related listed items.

In addition, in the embodiments of the present invention, unless otherwise defined, all terms used herein including technical or scientific terms are commonly understood by those of ordinary skill in the art to which the present invention belongs. It has the same meaning as. Terms as defined in a commonly used dictionary should be interpreted as having a meaning consistent with the meaning in the context of the related technology, and unless explicitly defined in the embodiments of the present invention, an ideal or excessively formal meaning Is not interpreted as.

1 is a diagram schematically showing the configuration of a permission type blockchain system according to an embodiment of the present invention.

The permissioned blockchain system described in this specification is defined based on Hyperledger Fabric.

Referring to FIG. 1, a permission type blockchain system according to an embodiment of the present invention includes one or more nodes 10; A client application 40 for a node that is a system participant to access the permission type blockchain system; A membership service provider 50 providing the client's credentials; And an orderer 60 for arranging transactions into blocks. Includes.

The node 10 is also called a peer and constitutes a blockchain network. The node 10 serves to maintain a blockchain network in which transaction information (transaction) is stored. Although only one node 10 is shown in FIG. 1, a plurality of nodes 10 may exist in the blockchain network to form a network. Some of these nodes 10 may perform the role of endorsers (endors). The guarantee peer plays a role of executing the chaincode and guaranteeing the result according to the request of the application 40. The guarantee of such a guarantee peer may be performed based on a guarantee policy linked to the chaincode.

The application 40 may request the guarantee of the transaction by generating a transaction by the client and submitting it to the guarantee peer that guarantees the transaction. Such an application 40 is not managed by a specific individual, but is performed by an administrator or institution of the corresponding blockchain network.

The membership service provider 50 verifies the credentials of the client using the application 40 so that the peer can participate in the blockchain network. The client authenticates the transaction using the credentials of the membership service provider 50, and the peer authenticates the processing result of the transaction using the credentials. Only clients authorized through the membership service provider 50 can participate in the blockchain network.

The orderer 60 is a set of nodes that arrange transactions into blocks. The orderer 60 exists independently of the general node 10, and orders and sorts the transactions proposed from the application 40 according to a consensus algorithm. The orderer 60 generates the arranged transaction as a block and delivers it to the node 10 on the blockchain network. The node 10 that has received such a block may operate as a definite peer (committer) to confirm a transaction.

The node 10 includes a distributed database 200 including a personal database in which transactions on the blockchain network are recorded and held only by individuals; And a smart contract 100 for controlling access to the distributed database 200. It may include.

The distributed database 200 is a block chain and transactions are recorded. In an embodiment of the present invention, the distributed database 200 includes a distributed ledger in which transactions on a blockchain network are recorded; And a personal database 220 owned only by the individual node 10. The smart contract 100 is written in a chain code and is called by the application 40 when the application 40 needs to interact with the distributed database 200. The smart contract 100 stores various functions for accessing the distributed database 200, so that the data of the distributed database 200 can be updated or necessary information can be extracted from the data. have.

2 is a diagram schematically showing the configuration of a smart contract according to an embodiment of the present invention.

Referring to FIG. 2, a query function 110 and a distribution function 120 are stored in the smart contract 100 according to an embodiment of the present invention. The query function 110 is a function for inquiring data of the distributed database 200, and the distribution function 120 is a function for writing data to the distributed database 200.

The query function 110 may search for a block in order to inquire the data of the distributed database 200, or the size of the data in the distributed database 200, and the execution result of the query function 110 Is not recorded in the distributed database 200.

The distribution function 120 is a function for recording data in the distributed database 200, and the distribution function 120 executes the chain code of the smart contract 100 or registers a new chain code. The operation can be executed. Data may be recorded in the distributed database 200 according to the execution of the distribution function 120.

In addition, various functions may be stored in the smart contract 100 in an embodiment of the present invention.

3 is a diagram schematically showing the configuration of a query function according to an embodiment of the present invention.

The query function 110 may include a general query function 111 and a data analysis query function 112. The general query function 111 is a function that performs a general query that cannot perform individual data analysis on the data stored in the distributed database 200, and the data analysis query function 112 is capable of performing data analysis. This is a function that executes a query.

That is, in an embodiment of the present invention, since the data analysis query function 112 is stored in the smart contract 100, it is possible to perform data analysis on the distributed database 200. In this case, the data analysis query function 112 may cause the distributed database 200 to return a response value by applying differential privacy in order to maintain the privacy of the distributed database 200.

3A is a diagram schematically showing the configuration of a distributed database according to an embodiment of the present invention.

Referring to FIG. 3A, a distributed database 200 according to an embodiment of the present invention includes a distributed ledger 210 shared by the permission type blockchain system; And a personal database 220 held by the nodes in the permission type blockchain system. It may include.

4 is a diagram schematically showing the configuration of a distributed ledger according to an embodiment of the present invention.

4, a distributed ledger 210 according to an embodiment of the present invention includes a public distributed ledger 211 shared by all members of the permission type blockchain system; And at least one secret distributed ledger 212 shared only by a specific member of the permission type blockchain system. It may include. 4 shows a distributed ledger 210 including n secret distributed ledgers 212. The number of such secret distributed ledgers 212 may be different for each node of the same blockchain system.

4A is a diagram schematically showing the configuration of an open distributed ledger according to an embodiment of the present invention.

Referring to FIG. 4A, a public distributed ledger 211 according to an embodiment of the present invention includes a data public distributed ledger 211.1 for storing transactions made in the permission type blockchain system; And a distributed learning model sharing ledger (211.2) for storing a result of learning for each round and a final distributed learning model in the permissioned blockchain system. It may include. The public distributed ledger 211 according to an embodiment of the present invention can be shared by all members of the permission-type blockchain system.

5 is a diagram schematically showing the configuration of two nodes according to an embodiment of the present invention.

Node A 10 and Node B 20 shown in FIG. 5 are nodes constituting the blockchain network. Both the node A 10 and the node B 20 include a smart contract 100 and a distributed database 200. In this case, the distributed database 200 includes a distributed ledger 210 and a personal database 220. In addition, the distributed ledger 210 includes a public distributed ledger 211 and a secret distributed ledger 212. In addition, the public distributed ledger 211 includes a data public distributed ledger 211.1 and a distributed learning model. It includes a shared ledger (211.2).

At this time, both the node A 10 and the node B 20 include secret distributed ledger #1 (212.1). The secret distributed ledger #1 (212.1) is a secret distributed ledger shared by the node A 10 and the node B 20 among nodes of the blockchain network. The secret distributed ledger #1 (212.1) may be included in other nodes in addition to the node A (10) and the node B (20).

Secret Distributed Ledger #2 (212.2) is included in Node A 10, but not included in Node B 20. The secret distributed ledger #2 (212.2) may be included in nodes other than the node A (10). However, since it is not included in the node B 20, the smart contract 100 of the node B 20 cannot access the data stored in the secret distributed ledger #2 212.2.

On the other hand, secret distributed ledger #3 (212.3) is included in the node B 20, but not included in the node A 10. The secret distributed ledger #3 (212.3) may be included in nodes other than the node B (20). However, since it is not included in the node A 10, the smart contract 100 of the node A 10 cannot access the data stored in the secret distributed ledger #3 212.3.

6 is a flowchart of a data processing process of a permission type blockchain system.

In FIG. 6, the requestor 70 is a node of a blockchain network that tries to analyze data stored in the distributed database 200. The requestor 70 may access the smart contract 100 through the application 40. In the embodiment of FIG. 6, the smart contract 100 may access one public distributed ledger 211, two secret distributed ledgers 212 and one personal database 220.

The data analysis method according to an embodiment of the present invention includes a query calling step (S100) in which the client application 40 calls the data analysis query function 112 to the smart contract 100; A query response request step (S200) in which the smart contract 100 performs a response request for the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112; A query response return step (S300) in which the distributed database 200 returns a response value for the data analysis query function 112 by applying differential privacy; An analysis result return step (S400) in which the smart contract 100 analyzes and returns the response value; And performing an error-based auditing step (S500) of preventing a malicious attacker's attack behavior in advance based on the error log. Includes.

7 is a request and response flowchart of an analysis method in which a database to which a privacy guard is applied performs a response by applying differential privacy.

In FIG. 7, a method of adding noise using differential privacy is illustrated. Referring to FIG. 7, a privacy guard 80 exists between a requestor 70 for data analysis and a distributed database 90 for managing a query function for analysis and calculating a response value to which noise is added. Although the distributed database 90 is shown in FIG. 7, the privacy guard 80 can operate in the same manner in a general database.

In order to apply differential privacy in the distributed database 90 to which the privacy guard 80 is applied as described above, the requestor 70 first requests a query to obtain specific information from the privacy guard 80 (S10). Performed.

Thereafter, a step (S20) of analyzing the query requested by the privacy guard 80 according to a preset policy is performed. The privacy guard 80 may evaluate the degree of privacy impact of the query according to a preset policy.

Thereafter, a step (S30) of transmitting the query from the privacy guard 80 to the distributed database 90 is performed. In response to such a query, the distributed database 90 returns a response value based on the undistorted data to the privacy guard 80 (S40).

Thereafter, a step (S50) of adding an appropriate amount of noise is performed by the privacy guard 80 based on the degree of privacy influence of the query evaluated in step S20. In this way, the privacy guard 80 generates a result value in which noise is added to the response value to protect the confidentiality of information in the distributed database 90, and a result value in which noise is added to the requestor 70 Performs a step (S60) of returning.

Through this process, the requestor 70 can not know specific data due to noise while receiving information on the requested query, so that the privacy of the distributed database 90 can be maintained.

8 is a request and response flow chart of a privacy-preserving data analysis method of a permission-type blockchain system according to an embodiment of the present invention.

Referring to FIG. 8, the smart contract 100 including the data analysis query function performs the same role as the privacy guard 80 in FIG. 7. In an embodiment of the present invention, the method of implementing differential privacy is not a form that is physically and singly divided like the privacy guard 80 of FIG. 7 but a form of an automatic function added to the inside of the smart contract 100 You get drunk. That is, a physical entity is not added but is logically added to the blockchain network, thereby reducing the burden on the network configuration, and all members share the same public distributed ledger 211, and each individual database 220 ), and some members based on the Secret Distributed Ledger 212 have the smart contract 100 including the same data analysis query function 112, so that the existing privacy guard 80-based differential privacy implementation method Compared to that, it can exhibit the effect of preventing a single point of failure.

Referring to FIG. 8, first, the requestor 70 performs a query calling step S100 of calling the data analysis query function 112 to the smart contract 100 through the application 40.

Thereafter, the query response request step (S200) of the smart contract 100 performing a response request to the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112 Is performed. In an embodiment of the present invention, the question-and-answer request step (S200) includes a public distributed data response request step (S210) of requesting a response value for the data analysis query function 112 from the data public distributed ledger 211.1; And a secret data response request step (S220) of requesting a response value for the data analysis query function 112 applying differential privacy to the secret distributed ledger 212 and the personal database 220. It may include. 8 shows that the secret data response request step (S220) is performed after the public distributed data response request step (S210) is performed, but in the present invention, the public distributed data response request step (S210) and the secret data response The request step (S220) may be performed at the same time, or the secret data response request step (S220) may be performed first. That is, it is preferable that the open distributed data response request step (S210) and the secret data response request step (S220) are independently performed.

Thereafter, the data disclosure and distribution ledger 211.1 returns a response value to the data analysis query function 112 (S310), and the secret distribution ledger 212 and the personal database 220 A response value to which noise based on differential privacy is added to the analysis query function 112 is returned (S320). In this way, the secret distributed ledger 212 and the personal database 220 return a response value to which noise based on differential privacy was added, so that the requestor 70 could find out the probability distribution characteristic of the distributed ledger 210. However, since individual information stored in the secret distribution ledger 212 and the personal database 220 cannot be found, it is possible to protect the privacy of the data of the secret distribution ledger 212 and the personal database 220. .

In an embodiment of the present invention, when two or more of the secret distributed ledger 212 or the personal database 220 exist, the two or more secret distributed ledgers 212 or the personal database 220 independently analyze the data. Response values to which noise based on differential privacy is added to the query function 112 may be returned, respectively.

Thereafter, the analysis result return step (S400) in which the smart contract 100 analyzes and returns the response value is performed. At this time, in the analysis result return step (S400), the public distributed ledger, the secret distributed ledger, and the response value returned by the personal database 220 are integrated to perform an analysis based on a data analysis query function, and the analysis result Can be returned.

To this end, in the analysis result return step (S400), the smart contract performs an analysis by integrating the response values of the public distributed ledger 211, the secret distributed ledger 212 and the personal database 220 (S410 ), and returning the analysis result to the requestor 70 through the application 40 (S420).

In addition, referring to FIG. 8, the error-based audit execution step S500 according to an embodiment of the present invention may be performed to prevent an attack behavior of a malicious attacker returning an incorrect response value. In FIG. 8, the application 40 of the requestor 70 is shown to be independently executed through the smart contract 100, but in the present invention, the smart contract 100 is a logical entity taking the form of an automatic function. In the error-based audit performance step (S500) according to an embodiment of the present invention, any participant in the permission-type blockchain accesses the smart contract 100 through the application 40 at any time to perform an error-based audit (S500). Can run.

In order to perform the error-based audit performance step (S500), the analysis result return step (S400) according to an embodiment of the present invention uses the distributed learning model calculated by the smart contract 100 analyzing the response value. The distributed learning model storage step of storing (S430); And an error log storing step (S440) in which the smart contract 100 analyzes the response value and stores an error log for subsequent error-based audit. It may further include.

In the distributed learning model storage step (S430) according to an embodiment of the present invention, the smart contract 1000 stores the distributed learning model derived by performing analysis in the distributed learning model sharing ledger 211.2, and the error In the log storage step S440, an error log for error-based audit may be stored.

The error-based audit performing step (S500) performed afterwards includes an error log request step (S510) in which the client requests the error log stored for future error-based auditing; An error log return step (S520) in which the distributed learning model disclosure ledger returns a response value to the error log request; And an audit performance step (S530) in which the client performs an error-based audit based on the response value of the error log return step. May include,

8A is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.

번의 라운드를 진행하게 된다. 이때 각 라운드마다 노드A(10)와 노드B(20)는

라운드결과값에 대한 저장요청(S441)을 하여 상기 분산학습모델공개원장(211.2)에 저장(S442)하게 된다. 구체적으로 상기 노드A는 1라운드에서 1라운드결과값에 대한 저장요??(S441.1A)을 하고, 상기 분산학습모델공개원장(211.2)는 이를 저장(S442.1A)한다. 또한, 상기 노드B는 1라운드에서 1라운드결과값에 대한 저장요??(S441.1B)을 하고, 상기 분산학습모델공개원장(211.2)는 이를 저장(S442.1B)한다. 이와 같은 단계가 반복되어 분산학습모델저장단계(S430) 및 오류로그저장단계(S440)가 수행될 수 있다.Figure 8a is a physical flow diagram of a request and flow chart of a privacy-preserving data analysis method of a permission-type blockchain system according to an embodiment of the present invention made in FIG. Represents. Referring to FIG. 8A, when data analysis on specific data is performed, all nodes owning the distributed database 200 store a calculated model and an error value thereof for each round. In FIG. 8A, to illustrate this example, an embodiment including only the node A 10 and the node B 20 is shown, and this may be from a small number to a large number depending on the size of the network. Referring to FIG. 8A, when performing data analysis, node A 10 and node B 20

Rounds are played. At this time, in each round, Node A (10) and Node B (20)

A storage request (S441) for the round result value is made and stored in the distributed learning model open ledger (211.2) (S442). Specifically, the node A stores the result value of the first round in the first round?? (S441.1A), and the distributed learning model disclosure ledger 211.2 stores it (S442.1A). In addition, the node B stores the result values of the first round in the first round?? (S441.1B), and the distributed learning model disclosure ledger 211.2 stores this (S442.1B). By repeating this step, the distributed learning model storage step (S430) and the error log storage step (S440) may be performed.

Thereafter, in the error-based audit execution step (S500), the requestor 70 driven by a specific node that wants to perform the error-based audit requests an error log value stored for the error-based audit (S510). ) And the error log value return step (S520) of returning the stored error log value for error-based auditing, the previously stored error values of the model for Node A 10 and Node B 20 are returned. Thereafter, the requestor 70 can easily identify a node having a high error by performing an error-based audit (S530).

In addition, referring to FIG. 8A, in the error-based audit execution step S500, specific nodes having high error values may be selected through the above process. The error-based audit execution step (S500) in the privacy-preserving data analysis method of the permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention is performed to manage the node as an object of future audit through the error value. This can be set flexibly according to the network policy. For example, in a network that represents an error value as a number from 0 to 1, it is possible to perform audit and management on nodes with an average error of 0.7 or more.

9 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.

In the blockchain network shown in FIG. 9, data on vehicles is stored. The data type stored in the blockchain network is {key value; manufacturer; Model; color; Borrower; Purchase cost; Installment payment (months)}, and are stored in the public distributed ledger 211, at least one secret distributed ledger 212, and the personal database 220, respectively.

In addition, the smart contract 100 is a distribution function 120 capable of performing operations such as writing, modification, and deletion on the distributed ledger 210, and reading basic information of the distributed database 200. It includes a general query function 111 and a data analysis query function 112 for performing data analysis. These functions are pre-designed and included before the blockchain network is started.

Referring to FIG. 9, first, the requestor 70 performs a query calling step (S100) of calling the data analysis query function 112 to the smart contract 100 through the application 40.

Thereafter, the query response request step (S200) of the smart contract 100 performing a response request to the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112 Is performed. The data analysis query function 112 may include a function such as searching for a higher manufacturer or higher model of the distributed database 200, searching for color distribution of stored vehicle data, or predicting and analyzing a future fashion model.

In this case, the question-and-answer request step (S200) includes a public distributed data response request step (S210) of requesting a response value for a data analysis query function from the public distributed ledger 211; And a secret data response request step (S220) of requesting a response value for a data analysis query function to which differential privacy is applied to the secret distributed ledger 212 and the personal database 220. Through this, the public distributed ledger 211 requests a response value for the data analysis query function 112, and the secret distributed ledger 212 and the personal database 220 request a response value to which differential privacy is applied. , It is possible to protect the privacy of the data of the secret distribution ledger 212 and the personal database 220.

Thereafter, the public distributed ledger 211 returns a response value to the data analysis query function 112 (S310), and the secret distributed ledger 212 and the personal database 220, the data analysis query A response value to which noise based on differential privacy is added is returned to the function 112 (S320).

Thereafter, the smart contract 100 performs an analysis based on a data analysis query function by integrating the response values returned by the public distributed ledger 211, the secret distributed ledger 212 and the personal database 220. Thus, the analysis result return step (S400) of returning the analysis result to the requestor 70 through the application 40 is performed.

As described above, in the privacy-preserving data analysis method according to an embodiment of the present invention, the data analysis can be performed without exposing the value of secret data owned by only a specific member.

In the privacy-preserving data analysis method according to an embodiment of the present invention, it is possible to exert an effect of protecting secret data without changing the structure of an existing permission-type blockchain system.

In the privacy-preserving data analysis method according to an embodiment of the present invention, a network configuration can be easily maintained by not adding a physical component to protect secret data.

In the privacy-preserving data analysis method according to an embodiment of the present invention, it may be performed in advance to prevent an attack behavior of a malicious attacker who returns an incorrect response value through the error-based audit execution step (S500). This can be done at any time by any participant in the permissioned blockchain network, and it is easy to determine whether a specific participant returned a correct value or incorrect value before.

In the privacy-preserving data analysis method according to an embodiment of the present invention, as in the properties of the existing blockchain system, each member has a smart contract and a distributed database, thereby preventing a single point of failure. Can exert.

Methods according to an embodiment of the present invention may be implemented in the form of program instructions that can be executed through various computing devices and recorded in a computer-readable medium. In particular, the program according to the present embodiment may be configured as a PC-based program or an application dedicated to a mobile terminal. An application to which the present invention is applied may be installed on a user terminal through a file provided by the file distribution system. For example, the file distribution system may include a file transmission unit (not shown) that transmits the file according to the request of the user terminal.

The apparatus described above may be implemented as a hardware component, a software component, and/or a combination of a hardware component and a software component. For example, the devices and components described in the embodiments are, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA). , A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions, such as one or more general purpose computers or special purpose computers. The processing device may execute an operating system (OS) and one or more software applications executed on the operating system. In addition, the processing device may access, store, manipulate, process, and generate data in response to the execution of software. For the convenience of understanding, although it is sometimes described that one processing device is used, one of ordinary skill in the art, the processing device is a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that it may include. For example, the processing device may include a plurality of processors or one processor and one controller. In addition, other processing configurations are possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of these, configuring the processing unit to operate as desired or processed independently or collectively. You can command the device. Software and/or data may be interpreted by a processing device or to provide instructions or data to a processing device, of any type of machine, component, physical device, virtual equipment, computer storage medium or device. , Or may be permanently or temporarily embodyed in a transmitted signal wave. The software may be distributed over networked computing devices and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like alone or in combination. The program instructions recorded on the medium may be specially designed and configured for the embodiment, or may be known and usable to those skilled in computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. -A hardware device specially configured to store and execute program instructions such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine language codes such as those produced by a compiler but also high-level language codes that can be executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules to perform the operation of the embodiment, and vice versa.

As described above, although the embodiments have been described by the limited embodiments and drawings, various modifications and variations are possible from the above description by those of ordinary skill in the art. For example, the described techniques are performed in a different order from the described method, and/or components such as a system, structure, device, circuit, etc. described are combined or combined in a form different from the described method, or other components Alternatively, even if substituted or substituted by an equivalent, an appropriate result can be achieved. Therefore, other implementations, other embodiments, and claims and equivalents fall within the scope of the claims to be described later.

Claims (10)

delete delete As a privacy-preserving data analysis method on a permissioned blockchain system,
The permission type blockchain system,
A client application for a node that is a system participant to access the permission type blockchain system;
Distributed ledger in which transactions on the blockchain network are recorded; And a personal database held only by the individual node. Distributed database including a; And
A smart contract for controlling access to the distributed ledger; Including,
The distributed ledger,
A public distributed ledger shared by all members of the permission type blockchain system; And
One or more secret distributed ledgers shared only by specific members of the permission type blockchain system; Including,
The data analysis method,
A query calling step in which the client application calls a data analysis query function to the smart contract;
A query response request step of the smart contract performing a response request to the data analysis query function to the distributed ledger based on the data analysis query function;
A query response return step in which the distributed ledger returns a response value to the data analysis query function by applying differential privacy; And
An analysis result return step of analyzing and returning the response value by the smart contract; Including,
The public distributed ledger,
Returns the response value for the data analysis query function,
The secret distributed ledger and the personal database,
A privacy-preserving data analysis method for returning a response value to which noise based on differential privacy is added to the data analysis query function.
The method of claim 3,
The question and answer request step,
A public distributed data response request step of requesting a response value for a data analysis query function from the public distributed ledger; And
A secret distributed data response request step of requesting a response value for a data analysis query function to which differential privacy is applied to the secret distributed ledger; Containing, privacy-preserving data analysis method.
The method of claim 3,
If there is more than one secret distributed ledger,
At least two secret distributed ledgers independently return response values to which noise based on differential privacy is added to the data analysis query function, respectively.
The method of claim 3,
The analysis result return step,
A privacy-preserving data analysis method for performing an analysis based on a data analysis query function by integrating the response value returned by the public distributed ledger and the private distributed ledger and the personal database to return an analysis result.
As a privacy-preserving data analysis method on a permissioned blockchain system,
The permission type blockchain system,
A client application for a node that is a system participant to access the permission type blockchain system;
Distributed ledger in which transactions on the blockchain network are recorded; And a personal database held only by the individual node. Distributed database including a; And
A smart contract for controlling access to the distributed ledger; Including,
The distributed ledger,
A public distributed ledger shared by all members of the permission type blockchain system; And
One or more secret distributed ledgers shared only by specific members of the permission type blockchain system; Including,
The data analysis method,
A query calling step in which the client application calls a data analysis query function to the smart contract;
A query response request step of the smart contract performing a response request to the data analysis query function to the distributed ledger based on the data analysis query function;
A query response return step in which the distributed ledger returns a response value to the data analysis query function by applying differential privacy; And
An analysis result return step of the smart contract analyzing and returning the response value; Including,
The public distributed ledger,
A data disclosure and distribution ledger that stores transactions made in the permission type blockchain system; And
A distributed learning model sharing ledger for storing a result of learning for each round and a final distributed learning model in the permissioned blockchain system; Including, privacy-preserving data analysis method.
The method of claim 7,
The data analysis method,
Further comprising an error-based audit execution step to prevent malicious attacker's attack behavior based on the error log,
The analysis result return step,
A distributed learning model storing step of storing the distributed learning model calculated by analyzing the response value by the smart contract; And
An error log storage step in which the smart contract analyzes the response value and stores an error log for subsequent error-based auditing; Further comprising, privacy-preserving data analysis method.
The method of claim 8,
In the distributed learning model sharing ledger,
In the distributed learning model storage step, a privacy-preserving distributed learning model may be stored.
The method of claim 8,
The step of performing the error-based audit,
An error log request step in which the client requests the error log stored for future error-based auditing;
An error log return step in which the distributed learning model sharing ledger returns a response value to the error log request; And
An audit performing step in which the client performs an error-based audit based on a response value of the error log return step; Containing, privacy-preserving data analysis method.

Images