KR102475221B1 - A decision tree-based covert channel generation method, apparatus and system therefor - Google Patents

Abstract

According to an embodiment of the present invention, in a method for generating a covert channel of a blockchain network, a first step of mining a first block including a first block hash value; a second step of broadcasting the first block to the blockchain network; A third step of verifying the first block and adding it to the block chain; A fourth step of obtaining M samples by repeatedly performing the first to third steps a predetermined number of times (M); a fifth step of obtaining M samples for each candidate first threshold value by performing the first to fourth steps on a plurality of candidate first threshold values to which different arbitrary values are set; A sixth step of training a decision tree using M samples obtained for each candidate first threshold value; A seventh step of determining a first threshold value that is a classification criterion of the decision tree from among the plurality of candidate first threshold values based on a Classification And Regression Tree (CART) algorithm; and an eighth step of generating the covert channel by applying the determined first threshold value to the decision tree. can include

Description

A decision tree-based covert channel generation method, apparatus and system therefor}

The present specification proposes a method for generating a covert channel based on a decision tree and an apparatus therefor.

A covert channel corresponds to a kind of covert (or secret communication) channel. A covert channel does not mean a secret communication path between a sender and a receiver, but means that data or messages exchanged between a sender and a receiver are encrypted/encoded and transmitted using a specific encryption/encoding method. When transmitted, the corresponding data may be expressed as being transmitted through a covert channel.

For example, assuming that a sender sends a message [a b c d] to a receiver, and a covert channel does not exist, the sender, receiver, and a third party all recognize the message as [a b c d]. However, assuming that the sender encodes 1 as [a b c d] and the receiver decodes [a b c d] as 1, the sender and receiver interpret [a b c d] as 1, while the third party interprets it as [a b c d] as it is. will do In this way, a covert channel is created by designating/promising an encryption/encoding method between the sender and the receiver.

Various methods/types of covert channels have been proposed in various systems/networks such as the Internet, wireless networks, and Android systems, and covert channels have also been proposed in blockchain systems.

The conventional covert channel proposed in the blockchain system was mainly a method of utilizing transaction information or cryptographic functions. However, such a conventional covert channel has a problem that the technology method is complicated and inconvenient.

Therefore, the purpose of this specification is to propose a simpler and more convenient covert channel compared to the conventional covert channel.

According to an embodiment of the present invention, in a method for generating a covert channel of a blockchain network, a first step of mining a first block including a first block hash value; a second step of broadcasting the first block to the blockchain network; A third step of verifying the first block and adding it to the block chain; A fourth step of obtaining M samples by repeatedly performing the first to third steps a predetermined number of times (M); a fifth step of obtaining M samples for each candidate first threshold value by performing the first to fourth steps on a plurality of candidate first threshold values to which different arbitrary values are set; A sixth step of training a decision tree using M samples obtained for each candidate first threshold value; A seventh step of determining a first threshold value that is a classification criterion of the decision tree from among the plurality of candidate first threshold values based on a Classification And Regression Tree (CART) algorithm; and an eighth step of generating the covert channel by applying the determined first threshold value to the decision tree. can include

According to an embodiment of the present invention, encoding/decoding/encryption/non-encryption of data is easily possible based on the characteristics of a blockchain network, so it is possible to create a covert channel that is simpler than the prior art but has a high security level. have

In addition, according to an embodiment of the present invention, since a new covert channel generation method based on a blockchain network is proposed, there is an effect that the covert channel area is expanded.

Effects of the present invention are not limited to the above, and various other effects will be described in detail below.

1 is a diagram illustrating a blockchain network according to an embodiment of the present invention.
2 is a flowchart of a method for generating a covert channel according to an embodiment of the present invention.
3 is a flowchart illustrating a method for generating a covert channel according to an embodiment of the present invention.
4 is a conceptual diagram of a decision tree according to an embodiment of the present invention.
5 is a block diagram of a blockchain node according to an embodiment of the present invention.

Since the technology to be described below can have various changes and various embodiments, specific embodiments will be illustrated in the drawings and described in detail. However, this is not intended to limit the technology described below to specific embodiments, and it should be understood to include all modifications, equivalents, or substitutes included in the spirit and scope of the technology described below.

Terms such as first, second, A, B, etc. may be used to describe various elements, but the elements are not limited by the above terms, and are merely used to distinguish one element from another. used only as For example, without departing from the scope of the technology described below, a first element may be referred to as a second element, and similarly, the second element may be referred to as a first element. The terms and/or include any combination of a plurality of related recited items or any of a plurality of related recited items. For example, 'A and/or B' may be interpreted as meaning 'at least one of A or B'. Also, '/' can be interpreted as 'and' or 'or'.

In the terms used in this specification, singular expressions should be understood to include plural expressions unless clearly interpreted differently in context, and terms such as “comprising” refer to the described features, numbers, steps, operations, and components. , parts or combinations thereof, but it should be understood that it does not exclude the possibility of the presence or addition of one or more other features or numbers, step-action components, parts or combinations thereof.

Prior to a detailed description of the drawings, it is to be clarified that the classification of components in the present specification is merely a classification for each main function in charge of each component. That is, two or more components to be described below may be combined into one component, or one component may be divided into two or more for each more subdivided function. In addition, each component to be described below may additionally perform some or all of the functions of other components in addition to its main function, and some of the main functions of each component may be performed by other components. Of course, it may be dedicated and performed by .

In addition, in performing a method or method of operation, each process constituting the method may occur in a different order from the specified order unless a specific order is clearly described in context. That is, each process may occur in the same order as specified, may be performed substantially simultaneously, or may be performed in the reverse order.

1 is a diagram illustrating a blockchain network according to an embodiment of the present invention.

Referring to FIG. 1 , a blockchain network 100 may be composed of a plurality of blockchain nodes 110-1 to 110-N. The blockchain nodes 110-1 to 110-N are IoT devices constituting the blockchain network 100, and are mining nodes that participate in mining operations and verification operations that perform verification of mined blocks. ) can be divided into nodes. In particular, the mining node may configure a plurality of transactions into one block to perform block mining, and may broadcast the mined block to other blockchain nodes included in the blockchain network 100. The verification node performs verification work based on the Proof of Work mechanism on the block received from the mining node, and only blocks that have been verified can be selectively added to the block chain. More specifically, the verification node performs verification based on whether the block hash value of the block containing the transaction is smaller than the preset hash value, and only when it is determined that the block hash value is smaller than the preset hash value. Verification of the block is considered successful and can be added to the blockchain. Conversely, if it is determined that the block hash value is greater than or equal to the preset hash value, the verification node may not add the block to the blockchain considering that the verification of the corresponding block has failed.

A transaction refers to IoT-related data transmitted from one blockchain node to another blockchain node, and can be included in a block as a component of a block and broadcast to the blockchain network 100.

This specification relates to a method for generating a covert channel in a blockchain network, and requires an encoder node for encoding data in a covert channel and a decoder node for decoding encoded data. These encoder and decoder nodes may be configured by selecting at least one of a mining node and a verification node in the aforementioned blockchain network. That is, at least one mining node can be an encoder or decoder node, and at least one verification node can be an encoder or decoder node.

2 is a flowchart of a method for generating a covert channel according to an embodiment of the present invention.

Referring to FIG. 2 , the covert channel generation method proposed in this specification may be largely composed of a training step ( S210 ) and a prediction step ( S210 ).

The training step (S210) is a step of building an encoding/decoding model to be used for a covert channel by training a decision tree. Here, training refers to a procedure of repeatedly performing calculations in order to impart appropriate classification ability to a decision tree. Therefore, the trained decision tree can be used to predict which class future input data belongs to. In particular, in this specification, training may be performed based on the CART algorithm/mechanism, and when training is completed, a decision tree having a binary tree structure may be completed. The binary tree structure of the decision tree may refer to a decision tree structure composed of a root node, a left descendant node branched from the root node to the left, and a right descendant node branched to the right. In the present specification, different classes may be assigned to the left and right descendant nodes of the decision tree completed in this way, and may be used to encode/decode target data.

In the prediction step (S220), as a result of inputting a newly created sample to the decision tree completed as a result of training, if the sample is classified as a left descendant node, the corresponding sample is predicted as a class assigned to the left descendant node, and the corresponding sample is classified as a left descendant node. If a sample is classified as a right descendant node, the corresponding sample is predicted as a class assigned to the right descendant node. A specific encoding/decoding operation is performed in the prediction step.

That is, the encoder and decoder nodes build/generate a decision tree that is the basis for generating a covert channel through a training step (S210), and based on the decision tree built/generated in this way, data is generated in a prediction step (S220). By encoding/decoding, a covert channel is created.

A more specific covert channel generation method will be described in detail below with reference to FIGS. 3 and 4 .

3 is a flowchart illustrating a method for generating a covert channel according to an embodiment of the present invention.

This flow chart corresponds to a more specific/subdivided flow chart of the embodiment of FIG. 2 . This flowchart may be performed by encoder and/or decoder nodes. Thus, some steps are commonly performed by the encoder and decoder nodes, while others may be performed by either the encoder or decoder nodes alone.

In particular, this flowchart may be repeatedly performed for different candidate first threshold values. For example, in this flowchart, iteration is performed until x=M for the first candidate first threshold value, iteration is performed until x=M for the second candidate first threshold value, ... It may be repeatedly performed for the Nth candidate first threshold values until x=M, and as a result, M samples may be collected for each candidate first threshold value. Here, each candidate first threshold value may be set to an arbitrary value, and is set to a different value from other candidate first threshold values.

Referring to FIG. 3 , first, an encoder and/or decoder node may mine a first block including a first block hash value (S310). Furthermore, the encoder and/or decoder node may broadcast the mined first block to the blockchain network (S320). The verification node may verify the received first block and add it to the blockchain (S330).

Steps S310 to S330 described above are steps of mining and verifying blocks, and may be repeated M times to secure M samples (more specifically, M first blocks) to be used for training the decision tree. M can be set to various values by the blockchain network manager/operator or covert channel operator/user. To this end, the encoder and / or decoder node increases the count value whose initial value is set to 0 by 1 each time steps S310 to S330 are completed (S340), and when the count value becomes M (S350), S360 You can go step by step.

Next, the encoder and/or decoder node may repeatedly perform steps S310 to S350 for another candidate first threshold value until x=M is satisfied (S360).

Next, although not shown in this flowchart, as a result of training the decision tree based on the CART algorithm using the first threshold values of the candidates collected in this way and the M samples collected for each candidate, the first optimal value The threshold value may be finally selected/determined. The first threshold value selected/determined in this way becomes a classification criterion for determining whether a sample entered into the decision tree is classified as a left descendant node or a right descendant node from the root node, and is used to generate a covert channel later It becomes.

A training method based on the CART algorithm will be described in detail below with reference to FIG. 4 .

4 is a conceptual diagram of a decision tree according to an embodiment of the present invention.

Referring to FIG. 4 , the decision tree 410 used in the present invention may have a binary tree structure as described above, and a sample input to the decision tree 410 is left based on a first threshold value. It can be classified as descendant node or right descendant node. More specifically, when the first block hash value of the sample (first block) input to the decision tree 410 is less than or equal to the first threshold value, the corresponding sample is classified as a left descendant node, and the first threshold value If it exceeds the value, the corresponding sample can be classified as a right descendant node. In this case, class 1 defined as a value of '1' among bit values may be assigned to the left descendant node, and class 0 defined as a value of '0' may be allocated/assigned to the right descendant node.

The first threshold value may be selected/determined as a value that minimizes a cost function value among values smaller than a predetermined hash value that is a criterion for verifying a block in a proof-of-work mechanism. In particular, the first threshold value may be selected/determined as a value that minimizes a cost function value among a plurality of candidate first threshold values.

For example, a decision tree may be trained based on a first candidate first threshold value (ie, T_f=T_f') fixed at an arbitrary T_f' value until M samples are collected. Similarly, a decision tree can be trained based on the second candidate first threshold value (i.e., T_f=T_f″) fixed at another random value of T_f″ until M samples are collected. . In this way, a plurality of candidate first threshold values of different values may be arbitrarily set, M samples are collected for each candidate first threshold, and determined using the M samples collected for each candidate Trees can be trained. Among the plurality of candidate first threshold values obtained in this way, the first threshold value is finally selected as a value that minimizes the value of the cost function among values smaller than a preset hash value that is a criterion for verifying a block in a proof-of-work mechanism / can be determined.

The cost function is defined as in Equation 1.

In Equation 1, f is the first block hash value, T_f is the candidate first threshold value, n is the total number of first block hash values collected so far by block mining, and n_l is the total first block hash value The number of first block hash values satisfying f <= T_f, n_r is the number of first block hash values satisfying f > T_f among all first block hash values, G_l is the Gini impurity of the left descendant node ), G_r corresponds to the Gini impurity of the left and right nodes respectively. Since up to M samples are collected, the value of n varies from 1 to M.

G_l and G_r are defined as in Equation 2.

In Equation 2, R_(l,j) is the ratio of the number of samples belonging to class j to the number of samples belonging to the left descendant node, R_(r,j) is the number of samples belonging to class j to the number of samples belonging to the right and left node corresponding to the ratio of

The above-described processes may eventually be interpreted as a training process for finding a first threshold value suitable for use in the decision tree 410 .

For example, if the number of samples in the training process is 1000 (i.e. M=1000), the number of samples satisfying the condition f <= T_f is 300, and the number of samples satisfying the condition f > T_f is 700. , the number of samples classified as the left descendant node (class 1) is 300, and the number of samples classified as the right descendant node (class 0) is 700. At this time, the sample ratio of the node of the left descendant and the node of the right descendant is determined as 7:3. However, given the purpose of the present invention in generating the decision tree 410 to be used to encode the subject data, the samples are classified in substantially equal proportions (e.g., 5:5) to left- and right-child nodes. A first threshold value may be required for this to happen. This is because a '1' bit value is assigned to the left descendant node and a '0' bit value is assigned to the right descendant node. However, it is not limited thereto, and it goes without saying that a first threshold value for separating samples at various ratios may be set by a designer/operator of the covert channel according to an embodiment, a purpose of use, and the like.

That is, whether a sample is classified as a left descendant node or a right descendant node is determined according to the first threshold value applied to the decision tree 410, and accordingly, in the training process, the sample classified as the left descendant node The number and the number of samples classified as right descendant nodes are also determined. Therefore, the covert channel designer/operator figures out how the ratio of the left descendant node to the right descendant node is set among the total number of samples (M) in the training process, and sets a first threshold value suitable for the desired sample ratio / will be decided.

Since the training process of the decision tree 410 proceeds offline, the encoder and/or decoder node repeats the training several times by applying different first threshold values to achieve the ratio intended by the designer/operator of the Covert channel. A suitable first threshold value of can be derived.

The encoder and/or decoder node may generate a covert channel by applying the first threshold value determined through the CART algorithm to the decision tree (S370). As described above, generating a covert channel here does not mean an actual communication path, but means encoding and decoding data to be transmitted in a predetermined manner. Accordingly, generation of a covert channel may mean that data is transmitted/received using a decision tree to which a first threshold value determined according to training is applied.

In the present specification, a method of encoding and decoding data to be transmitted using a decision tree to which a first threshold value is applied is proposed as follows, and encoding may be performed by an encoder node and decoding may be performed by a decoder node, respectively have.

After generating the covert channel, the encoder node may input the mined second block to the decision tree in which the first threshold value is determined. Based on the output result of the decision tree, the encoder node may encode target bits to be encoded into a second block and transmit the second block through a covert channel.

More specifically, the encoder node may input the second block to a decision tree, and the decision tree may compare a second block hash value of the second block to a first threshold value. If the second block hash value is less than or equal to the second threshold value, the decision tree classifies the second block as a left descendant node, and if the second block hash value exceeds the first threshold value, the decision tree classifies the second block as the second block can be classified as a right-descendant node.

Furthermore, the encoder node determines whether the target bit matches the class assigned to the node where the sample is classified, and if it matches, considers the sample as the result of encoding the target bit, and transmits the corresponding sample instead of the target bit. can More specifically, if the second block is classified as a left descendant node and the class value defined for the left descendant node is the same as the target bit, the encoder node regards the second block as a value in which the target bit is encoded, and 2 blocks can be transmitted to the decoder node through the covert channel. For example, when the transmission target bit value is '1' and the second block is classified as a left descendant node to which class 1 is assigned, the encoder node may transmit the second block to the decoder node instead of the bit value '1' . That is, the second block corresponds to the encoded result value of the bit value '1' to be transmitted.

Similarly, if the second block is classified as a right-child node and the class value defined for the right-child node is the same as the target bit, the encoder node regards the second block as a value in which the target bit is encoded, and The block can be transmitted to the decoder node through a covert channel. For example, when the transmission target bit value is '0' and the second block is classified as a right-child node to which class 0 is assigned, the encoder node may transmit the second block to the decoder node instead of the bit value '0' . That is, the second block corresponds to the encoded result value of the bit value '0' to be transmitted.

The decoding scheme by the decoder node is similar to the encoding scheme.

The decoder node may receive the second block from the encoder node, and may input the second block to a decision tree in which a first threshold value is determined. Furthermore, the decoder node may decode the second block into target bits based on the classification result of the decision tree.

More specifically, the decoder node may input the second block to a decision tree, and the decision tree may compare a second block hash value of the second block to a first threshold value. If the second block hash value is less than or equal to the second threshold value, the decision tree classifies the second block as a left descendant node, and if the second block hash value exceeds the first threshold value, the decision tree classifies the second block as the second block can be classified as a right-descendant node. The decoder node may decode the second block with a class value assigned/assigned to the node where the second block is classified. For example, if the second block is classified as a left descendant node assigned class 1, the second block may be decoded with a '1' bit value, and the second block is classified as a right descendant node assigned class 0. In this case, the second block may be decoded with a '0' value.

As a precondition for this embodiment, a decision tree to which the same first threshold value is applied must be constructed in the encoder and decoder nodes. To this end, it is assumed that the encoder and decoder nodes may have the same M value, and that the same first threshold value is set as a result of training the decision tree by the same algorithm (ie, the CART algorithm). In addition, it is assumed that the encoder and decoder nodes know the identifier of the other party and the public key of the other party in order to transmit and receive data through the covert channel.

Even if a decision tree is not used as proposed in the present specification, a covert channel designer/operator may simply set a specific first threshold value and generate a covert channel by comparing it with a block hash value. However, in this case, since the sample ratio of the left-child node and the right-child node cannot be set to the ratio desired by the covert channel designer/operator, the predictability of the class for the left-child node and the right-child node is low. It is efficient to determine the first threshold value by training a decision tree as As an extreme example, as a result of the user arbitrarily setting the first threshold value, the sample ratio of the left descendant node and the right descendant node may be set to 9:1, and in this case, the encoder node corresponds to the target bit value '1'. Although encoding into a block is easy, encoding into a block becomes very difficult for a target bit value of '0'. This is because there are almost no blocks that are classified as right descendant nodes due to incorrect setting of the first threshold value.

5 is a block diagram of a blockchain node according to an embodiment of the present invention.

Referring to FIG. 5 , a blockchain node 500 may include a processor 510, a memory unit 520, and a communication unit 530.

The processor 510 may perform a data processing/processing operation for performing at least one embodiment proposed in this specification. Therefore, in the above-described embodiments, the blockchain node 500 may be replaced with the processor 510 and described. The processor 510 may execute various mechanisms/algorithms/programs stored in the memory unit 520 and process internal data. In addition, in order to perform at least one embodiment proposed in this specification, the memory unit 520 and the communication unit 530 may be controlled, and data transmission/reception between components may be managed. The processor 510 may be a Central Processing Unit (CPU), Micro Processor Unit (MPU), Micro Controller Unit (MCU), Application Processor (AP), Application Processor (AP), or any type well known in the art. It may be configured to include at least one processor of.

In particular, the processor 510 of the present specification may generate a covert channel by training the above-described decision tree and performing an encoding/decoding operation based on the training result, and basically block mining and/or verifying operations. Operations related to blockchain network functions such as can also be performed in various ways.

The memory unit 520 may store various digital data (eg, transactions, blocks including transactions, etc.). The memory unit 520 represents various digital data storage spaces such as a flash memory, a hard disk drive (HDD), and a solid state drive (SSD).

The communication unit 530 may transmit/receive data by performing communication using at least one wired/wireless communication protocol. In particular, the communication unit 530 may transmit/receive a transaction (or a block including the transaction).

An embodiment according to the present invention may be implemented by various means, for example, hardware, firmware, software, or a combination thereof. In the case of hardware implementation, one embodiment of the present invention provides one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), FPGAs ( field programmable gate arrays), processors, controllers, microcontrollers, microprocessors, etc.

In addition, in the case of implementation by firmware or software, an embodiment of the present invention is implemented in the form of a module, procedure, function, etc. that performs the functions or operations described above, and is stored on a recording medium readable through various computer means. can be recorded. Here, the recording medium may include program commands, data files, data structures, etc. alone or in combination. Program instructions recorded on the recording medium may be those specially designed and configured for the present invention, or those known and usable to those skilled in computer software. For example, recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CD-ROMs (Compact Disk Read Only Memory) and DVDs (Digital Video Disks), floptical It includes hardware devices specially configured to store and execute program instructions, such as magneto-optical media, such as a floptical disk, and ROM, RAM, flash memory, and the like. Examples of program instructions may include high-level language codes that can be executed by a computer using an interpreter or the like as well as machine language codes generated by a compiler. These hardware devices may be configured to act as one or more software modules to perform the operations of the present invention, and vice versa.

In addition, an apparatus or terminal according to the present invention may be driven by a command that causes one or more processors to perform the functions and processes described above. For example, such instructions may include interpreted instructions, such as script instructions such as JavaScript or ECMAScript instructions, or executable code or other instructions stored on a computer readable medium. Furthermore, the device according to the present invention may be implemented in a distributed manner over a network, such as a server farm, or may be implemented in a single computer device.

In addition, a computer program (also known as a program, software, software application, script or code) loaded into a device according to the present invention and executing the method according to the present invention includes a compiled or interpreted language or a priori or procedural language. It can be written in any form of programming language, and can be deployed in any form, including stand-alone programs, modules, components, subroutines, or other units suitable for use in a computer environment. A computer program does not necessarily correspond to a file in a file system. A program may be in a single file provided to the requested program, or in multiple interacting files (e.g., one or more modules, subprograms, or files that store portions of code), or parts of files that hold other programs or data. (eg, one or more scripts stored within a markup language document). A computer program may be deployed to be executed on a single computer or multiple computers located at one site or distributed across multiple sites and interconnected by a communication network.

For convenience of description, each drawing has been divided and described, but it is also possible to design to implement a new embodiment by merging the embodiments described in each drawing. In addition, the present invention is not limited to the configuration and method of the described embodiments as described above, but the above-described embodiments are configured by selectively combining all or part of each embodiment so that various modifications can be made. It could be.

In addition, although preferred embodiments have been shown and described above, this specification is not limited to the specific embodiments described above, and those skilled in the art in the art to which the specification pertains without departing from the subject matter claimed in the claims Of course, various modifications are possible by the person, and these modifications should not be individually understood from the technical spirit or perspective of the present specification.

100: blockchain network
110-1~110-N: Blockchain Nodes

Claims (17)

In the method of creating a covert channel of a blockchain network,
A first step of mining a first block including a first block hash value;
a second step of broadcasting the first block to the blockchain network;
A third step of verifying the first block and adding it to the block chain;
A fourth step of repeatedly performing the first to third steps a predetermined number of times (M) to obtain M samples of the first block;
a fifth step of obtaining M samples for each candidate first threshold value by performing the first to fourth steps on a plurality of candidate first threshold values to which different arbitrary values are set;
A sixth step of training a decision tree using M samples obtained for each candidate first threshold value;
A seventh step of determining a first threshold value that is a classification criterion of the decision tree from among the plurality of candidate first threshold values based on a Classification And Regression Tree (CART) algorithm; and
An eighth step of generating the covert channel by applying the determined first threshold value to the decision tree; Including, Covert channel generation method. According to claim 1,
Wherein the third step is performed based on a Proof of Work mechanism. According to claim 2,
The third step,
When the first block hash value is smaller than a predefined second threshold value in the proof-of-work mechanism, the verification of the first block is regarded as successful and the block is added to the block chain;
not adding the first block to the block chain considering that the verification of the first block has failed when the first block hash value is equal to or greater than the second threshold value; Including, Covert channel generation method. According to claim 3,
The decision tree corresponds to a binary tree in which only a first branch is made from a root node to a left child node and a right child node,
The first block hash value,
If it is less than the first threshold value, it is classified as the left child node, and if it exceeds the first threshold value, it is classified as the right child node. According to claim 4,
The left descendant node is divided into 1 class defined as a '1' value, and the right and left descendant node is divided into a 0 class defined as a '0' value. According to claim 5,
The first threshold value is selected as a value that minimizes a value of the cost function defined in the CART algorithm among the plurality of candidate first threshold values. According to claim 6,
The cost function is defined by Equation 1, Covert channel generation method.
[Equation 1]

where f is the first block hash value, T_f is a candidate first threshold value, n is the total number of first block hash values collected by block mining so far, and n_l is the total first block hash value The number of first block hash values satisfying f <= T_f, n_r is the number of first block hash values satisfying f > T_f among all first block hash values, and G_l is the Gini impurity of the left descendant node. Impurity, G_r is the Gini impurity of the right-left node. According to claim 7,
The G_l and the G_r are defined by Equation 2, Covert channel generation method.
[Equation 2]

R_(l,j) is the ratio of the number of samples belonging to class j to the number of samples belonging to the left descendant node, and R_(r,j) is the ratio of the number of samples belonging to class j to the number of samples belonging to the right and left node. is the ratio. According to claim 6,
inputting a second block mined after the covert channel is created into a decision tree in which the first threshold value is determined; and
encoding a target bit to be encoded into the second block based on a classification result of the decision tree and transmitting the second block through the covert channel; Including, Covert channel generation method. According to claim 9,
The decision tree compares the input second block hash value of the second block with the first threshold value to:
When the second block hash value is less than or equal to the first threshold value, classifying the second block as the left descendant node;
When the second block hash value exceeds the first threshold value, the second block is classified as the right-child node. According to claim 9,
Based on the classification result of the decision tree, encoding a target bit to be encoded into the second block and transmitting the second block through the covert channel,
When the second block is classified as the left descendant node and the class value defined for the left descendant node is the same as the target bit, the second block is regarded as a value in which the target bit is encoded, and the second block transmitting a block through the covert channel; Including, Covert channel generation method. According to claim 9,
Based on the classification result of the decision tree, encoding a target bit to be encoded into the second block and transmitting the second block through the covert channel,
When the second block is classified as the right-child node and the class value defined for the right-child node is the same as the target bit, the second block is regarded as a value in which the target bit is encoded, and the second block transmitting a block through the covert channel; Including, Covert channel generation method. According to claim 9,
Receiving the second block transmitted through the covert channel;
inputting the received second block into a decision tree in which the first threshold value is determined; and
Further comprising, decoding the second block into the target bit based on a classification result of the decision tree. According to claim 13,
Decoding the second block into the target bit based on the classification result,
decoding a class value defined for the second block as the target bit when the second block is classified as the left descendant node; Including, Covert channel generation method. According to claim 13,
Decoding the second block into the target bit based on the classification result,
decoding a class value defined for the second block as the target bit when the second block is classified as the right descendant node; Including, Covert channel generation method. According to claim 13,
The encoding of the target bit is performed by an encoder node included in the blockchain network, and the decoding of the second block is performed by a decoder node included in the blockchain network. 17. The method of claim 16,
The encoder node and the decoder node know the identifier of the other party and the public key of the other party, and the M value is set to the same value.

Images