TWI728899B - Methods and apparatuses for processing chaining data - Google Patents

Abstract

Methods and apparatuses for processing chaining data are provided. The method includes storing a plurality of binary trees in a database in an off-chain manner. Each binary tree includes a root and a plurality of leaf nodes. Each leaf node includes a root hash. The method further includes reading the root hashes from the database, performing a hashing and chaining operation on the root hashes read from the database to determine a calculated root hash, reading a specific root hash from a blockchain, determining whether the specific root hash is the same as the calculated root hash, and determining that the root hashes in the database are correct when the specific root hash is the same as the calculated root hash.

Description

Method and device for processing linked data

The present invention relates to a method and device that can cooperate with blockchain and used to process linked data.

In the existing technology, the blockchain adopts a decentralized architecture to achieve the purpose of decentralization. Terminal computers all over the world can be connected through the blockchain, and any terminal computer transmits to the blockchain. Data can be distributed in other terminal computers on the blockchain through a specific calculation method. Since these data exist in a large number of terminal computers on the blockchain, the correctness of the data can be mutually verified through a large number of terminal computers on the blockchain, which makes it difficult for the blockchain data to be altered or altered.

In the traditional terminal computer-to-central server architecture, when a terminal computer wants to upload data to the server or download data from the server, this operation only involves the terminal computer, the central server, and the network between the two. For the operation of limited devices such as road servers, this operation can be performed extremely fast in terms of current network speed and computer computing power. But in the blockchain architecture, when a terminal computer wants to upload data to the blockchain or download data from the blockchain, based on the characteristics of the blockchain, this operation will involve a large number of other on the blockchain. The verification procedures of the terminal computers (such as miners) lead to huge network transmission requirements and calculations. Therefore, it is relatively time-consuming and the calculation costs (such as miners’ fees) remain high.

Generally speaking, a blockchain uses a binary tree or Merkle tree as a tree-like data structure. All data undergoes a hash operation to generate a hash value. The binary tree includes a root at the top level and multiple leaf nodes at the bottom. The hash value of each piece of data will be stored in the leaf node, and the hash value of all leaf nodes will be processed layer by layer. Finally, the root hash at the root of the tree is generated. All binary trees will be stored in each terminal computer on the blockchain. If you want to verify the correctness of a certain piece of data of a binary tree, you can compare the root hash of the binary tree on each terminal computer. Value to verify the correctness of this binary tree and its data.

Based on the existing blockchain, when a large amount of data on the blockchain is read, it will cause a load on the terminal computer on the blockchain, and the efficiency is not high. In addition, if a large amount of data reading is regarded as malicious by the terminal computer on the blockchain, the reading request will be blocked by the terminal computer on the blockchain, causing the data to be unreadable, and the reading request will be issued if it is heavy. The network address of is blacklisted by the terminal computer on the blockchain, and the terminal computer can no longer access the blockchain from then on.

In view of this, in some embodiments of the present invention, a method, device, and verification system for processing linked data are proposed, so as to solve the problem of inefficiency caused by a large amount of data on the blockchain, and Solve the problem that the network transmission demand of the blockchain and the computing load are too large when a large number of readings occur.

An embodiment of the present invention provides a method for processing linked data executed by a security protocol device. The method includes: storing a plurality of binary trees in a database under the chain, wherein each binary tree includes a tree root and a plurality of leaf nodes, and each tree root stores a root hash value. This method further includes: reading the root hash values on the database; performing hash and link operations on the root hash values read from the database to determine an estimated root hash value; reading a root hash value from the blockchain The specific root hash value is to determine whether the specific root hash value is consistent with the estimated root hash value; and when the specific root hash value is consistent with the estimated root hash value, it is determined that the root hash values of the database are correct.

An embodiment of the present invention provides a security protocol device. The security protocol device includes a memory and a processor. The processor is coupled to the memory and used for storing a plurality of binary trees in a database under the chain, wherein each binary tree includes a tree root and a plurality of leaf nodes, and each tree root stores a root hash value. The processor is further used to: read the root hash values on the database; perform hash and link operations on the root hash values read from the database to determine an estimated root hash value; read from the blockchain A specific root hash value; to determine whether the specific root hash value is consistent with the estimated root hash value; and when the specific root hash value is consistent with the estimated root hash value, it is determined that the root hash values of the database are correct.

An embodiment of the present invention provides a method executed by a blockchain device, which includes: receiving a plurality of root hash values from a security protocol device, and generating a link data string based on the root hash values, wherein the link data string includes a plurality of root hash values. Data collections linked in a row, each data collection includes each root hash value and the corresponding link hash value. The link hash value of the first of these data sets is generated by the initial link value of the hash, and after the first data set The link hash value of each data set of is generated by hashing the previous data set. This method further includes: sending a specific root hash value to the security protocol device for the security protocol device to verify the correctness of the multiple binary trees stored in the database under the chain; wherein the specific root hash value is the link data string The root hash value of the last data set in the data section, and the data section corresponds to the data read range indicated by the read command provided to the security protocol device.

An embodiment of the present invention provides a blockchain device, which includes a memory and a processor. The processor is coupled to the memory, and is used for receiving a plurality of root hash values from the security protocol device, and generating a link data string based on the root hash values, wherein the link data string includes a plurality of data sets linked in a serial manner, and each data The collection includes each root hash value and the corresponding link hash value. The link hash value of the first of these data sets is generated by hashing the initial link value, and the link hash value of each data set after the first data set is Generated by hashing the previous data set. The processor is further used to send a specific root hash value to the security protocol device for the security protocol device to verify the correctness of the multiple binary trees stored in the database under the chain; wherein the specific root hash value is the link data string The root hash value of the last data set in the data section, and the data section corresponds to the data read range indicated by the read command provided to the security protocol device.

An embodiment of the present invention provides a verification system, which is suitable for collaboration with a blockchain and used for linking data. The verification system includes a security protocol device, a blockchain device, and a database device. The security protocol device receives multiple record data and integrates the record data into multiple binary trees according to the hash function. Each binary tree includes a tree root and multiple leaf nodes. Each tree root stores a root hash value, and each record data The hash value of is stored in each leaf node. The blockchain device is located in the blockchain and is in communication with the security protocol device, and the security protocol device transmits the root hash values of the binary trees to the blockchain device. The blockchain device includes at least one link data string, the link data string includes a plurality of data sets linked in a serial manner, each data set includes each root hash value and the corresponding link hash value, and the link hash value of each data set The root hash value and the link hash value of the previous data set are related, and the link hash value of the first data set is related to the initial link value. The database device communicates with the security protocol device under the chain that does not involve the blockchain, and the security protocol device stores the binary trees and the initial link value in the database device.

An embodiment of the present invention provides a verification method, which is suitable for collaboration with a blockchain. The verification method includes: receiving multiple record data under a chain that is not involved in the blockchain; integrating the record data into multiple binary trees according to a hash function, where each binary tree includes a tree root and multiple leaf nodes, The root hash value of each tree is stored, and the hash value of each record data is stored in each leaf node; the root hash values of the binary trees are sent to the blockchain, where at least one Linked data string. The linked data string includes multiple data sets linked in a series. Each data set includes each root hash value and the corresponding link hash value. The link hash value of each data set is related to the previous data set. The root hash value and the link hash value, and the link hash value of the first of these data sets is associated with the initial link value; and the binary trees and the initial link value are stored under a chain that does not involve the blockchain.

In summary, according to the verification system, method, and device of the embodiments of the present invention, when a large number of root hash values of a binary tree need to be read, these root hash values can be read from the off-chain database device, and the difference The data collection of the link data string on the blockchain uses the link hash value of the latter to verify the correctness of the root hash value read by the chain, thereby reducing the network of the blockchain while maintaining the trustworthiness of the data. Transmission demand and computing load.

The detailed features and advantages of the present invention are described in detail in the following embodiments. The content is sufficient to enable anyone familiar with the relevant technology to understand the technical content of the present invention and implement it accordingly, and is based on the content disclosed in this specification, the scope of patent application and the drawings. Anyone familiar with the relevant technology can easily understand the purpose and advantages of the present invention.

Please refer to FIG. 1, which is a block diagram of a verification system 10 according to an embodiment of the present invention. In this embodiment, the verification system 10 is adapted to cooperate with the blockchain BC, and the blockchain BC may include a public blockchain, a private blockchain, or a combination thereof. The verification system 10 is used for off-chain OC, that is, through an off-chain channel, to communicate with multiple terminal devices 400, and to cooperate between the blockchain BC and the off-chain OC, and Each terminal device 400 can generate at least one record RD. The off-chain OC refers to a path independent of the blockchain BC, that is, a path that does not involve the blockchain BC; the off-chain OC communication connection refers to a path independent of the blockchain BC It has a communication connection relationship, that is, a communication connection is established through a path that does not involve the blockchain BC. For example, two devices are connected in an off-chain OC communication, which means that the two devices can be directly connected through the network and transmit signals to each other without involving the blockchain BC. The terminal device 400 is, for example, a desktop computer, a notebook computer, or various sensors, and the record data RD is, for example, a file or transaction information generated by a desktop computer or a notebook computer, or numerical information sensed by the sensor. Not limited to this.

As shown in FIG. 1, in this embodiment, the verification system 10 includes a security protocol device 100, a database device 200 and a blockchain device 300. The security protocol device 100 is connected to the database device 200 in an off-chain OC communication that does not involve the blockchain BC, and the security protocol device 100 is communicatively connected to the blockchain device 300 on the blockchain BC. The database device 200 is, for example, a data storage server independent of the blockchain BC, and the blockchain device 300 is, for example, a collection of multiple computers connected to the blockchain BC, but is not limited to this. In this embodiment, the security protocol device 100 is a server with both the communication capabilities of the blockchain BC and the off-chain OC. For example, the security protocol device 100 is an intermediary between the off-chain OC and the blockchain BC, which can serve as a bridge between the terminal device 400 and the database device 200 and the blockchain device 300, which will be described in detail later .

Please refer to FIG. 2 again, which is a schematic diagram of a binary tree BT according to an embodiment of the present invention. As shown in FIG. 1 and FIG. 2, in this embodiment, after each terminal device 400 generates the record data RD, each terminal device 400 transmits the record data RD to the security protocol device 100 in the off-chain OC. After the security protocol device 100 receives the record data RD of each terminal device 400 in the off-chain OC, the security protocol device 100 integrates the record data RD into at least one binary tree BT according to the hash function.

As shown in FIG. 2, in this embodiment, the binary tree BT includes a tree root R, a plurality of intermediate nodes MN, and a plurality of leaf nodes LN. From the tree-like data structure of the binary tree BT, the tree root R is located The top and leaf nodes LN are located at the bottom layer, and the intermediate nodes MN are distributed in one or more layers between the top layer and the bottom layer. Every two adjacent leaf nodes LN meet in the upper layer to become an intermediate node MN, and every two adjacent intermediate nodes MN in each layer meet in the upper layer to become an intermediate node MN, which is located at The two uppermost intermediate nodes MN meet to form the root R of the tree. Each leaf node LN stores the hash value RDH of each record data RD, and the hash value of each intermediate node MN and the root hash value RH in the root R are associated with the hash value RDH of each record data RD.

For example, the security protocol device 100 can use the SHA-256 hash function to hash each record data RD to generate a corresponding hash value RDH, and the security protocol device 100 stores the hash value RDH of each record data RD respectively in Each leaf node LN. In addition, the two hash values stored in each group of two adjacent leaf nodes LN will be concatenated and then hashed and stored in the intermediate node MN of the upper layer. Each group of two adjacent leaf nodes in each layer The two hash values stored in the intermediate node MN will also be connected and then hashed and stored in the intermediate node MN at a higher level, and so on. In this embodiment, the implementation of the two hash values being concatenated and then being hashed may be that the two hash values are first concatenated into a string of codes and then the string of codes is hashed, but it is not limited to this. For example, if the first hash value is "xxx" and the second hash value is "ooo", these two hash values will first be concatenated into a string of codes of "xxxooo", and this string of codes "xxxooo" will be It is then hashed to produce a hash value. Finally, the two hash values stored in the two middle nodes MN at the top level will be connected and then hashed to generate the root hash value RH. In other words, the binary tree BT includes the hash value RDH of the record data RD stored in each leaf node LN and the root hash value RH stored in the root R of the tree, and the record data RD cannot be tampered with, because as long as the binary If any record data RD in the tree BT is tampered, the hash value RDH of this record data RD will change, and as long as the hash value RDH of the record data RD of any leaf node LN changes, the root hash of the binary tree BT will be changed. The value RH will also change accordingly. By judging whether the root hash value RH has changed, the correctness of the record data RD corresponding to the binary tree BT can be verified. In different embodiments, a single leaf node LN can also store the hash value RDH of more than two record data RD. In this case, the hash value RDH stored in this leaf node LN is more than two record data. The hash value of RD RDH is concatenated and then hashed.

As shown in FIGS. 1 and 2, in this embodiment, the security protocol device 100 includes a binary tree processing unit 110 and a verification unit 120. The binary tree processing unit 110 and the verification unit 120 are, for example, but not limited to, functional modules composed of software/hardware to perform specific functions, and the binary tree processing unit 110 and the verification unit 120 may be independent modules. Or integrated into one module.

In this embodiment, the binary tree processing unit 110 of the security protocol device 100 automatically hashes the received record data RD and integrates the binary tree BT. The security protocol device 100 will transmit the root hash value RH of the binary tree BT to the blockchain device 300, that is, the root hash value RH will be stored on the blockchain BC. In addition, the security protocol device 100 stores the binary tree BT in the database device 200, that is, the complete binary tree BT is stored in the off-chain OC, but not on the blockchain BC. In other embodiments, the complete binary tree BT can also be stored in the database device 200 and sent to the blockchain device 300 at the same time.

In this embodiment, the verification unit 120 of the security protocol device 100 verifies the correctness of the binary tree BT stored in the database device 200. When the security protocol device 100 receives a verification request, and the verification request is to verify the correctness of a certain record data RD, the verification unit 120 will automatically compare the data on the blockchain device 300 corresponding to the record data RD. The root hash value RH of the binary tree BT and the root hash value RH of the binary tree BT stored in the database device 200 corresponding to the record data RD are used to verify the correctness of the binary tree BT stored in the database device 200. If the root hash value RH on the blockchain device 300 is consistent with the root hash value RH of the binary tree BT stored in the database device 200, then based on the characteristics of the blockchain BC, it represents the database device 200 The binary tree BT of the stored record data RD is correct.

Since the complete binary tree BT is located in the database device 200 of the off-chain OC, the access and operation of the hash value RDH of the record data RD is mainly performed in the off-chain OC, which can save the traditional way of performing in the blockchain BC The network transmission requirements, calculation amount, calculation time and calculation cost of this operation. In addition, the root hash value RH of the binary tree BT in the database device 200 can be verified by comparing with the corresponding root hash value RH on the blockchain device 300, and the correctness of the data of the database device 200 of the off-chain OC It can also be ensured.

Please refer to FIG. 3. FIG. 3 is a schematic diagram of a link data string CDS according to an embodiment of the present invention. As shown in FIGS. 1 and 3, in this embodiment, the blockchain device 300 includes at least one linked data string CDS, and the linked data string CDS includes a plurality of data sets DS linked in a serial manner. The series means from the first, second, and third to the penultimate and last in order, and each data will be related to the previous data, for example, the second data will be related to the first The data and the third data will be related to the second data and the last data will be related to the penultimate data, and so on. In this embodiment, each data set DS includes each root hash value RH and a corresponding link hash value CH. The link hash value CH of each data set DS is related to the root hash value RH and link hash of the previous data set DS. Value CH, and the link hash value CH of the first one of the data sets DS is associated with an initial link value CH ₀ .

As shown in FIG. 1, in this embodiment, the blockchain device 300 includes a link processing unit 311, and the link processing unit 311 is used to generate a link data string CDS. As shown in FIGS. 1 and 3, in this embodiment, after the blockchain device 300 receives the root hash value RH of a plurality of binary trees BT, the link processing unit 311 according to the received roots of the binary trees BT When the hash value RH is generated or received, the data set DS is sequentially generated. The link hash value CH of each data set DS is generated by hashing the previous data set DS, and the link hash value CH of the first data set DS is the hash The initial link value CH ₀ is generated.

In this embodiment, the link processing unit 311 first generates the initial link value CH ₀ , and the initial link value CH ₀ can be any numerical value or any combination of letters or numbers. In addition, the link processing unit 311 generates multiple serially linked data sets DS in the linked data string CDS according to the following two formulas:

CH _i =hash(RH _i-1 | CH _i-1 ); and

CH ₁ =hash(CH ₀ ).

Among them, RH _i-1 is the root hash value RH, CH _i-1 is the link hash value CH, and i is an integer from 2 to k.

As shown in FIG. 3, the root hash value RH of the first data set DS is RH ₁ and the link hash value CH is CH ₁ , and CH ₁ is a hash value generated by hashing _{CH 0.} The root hash value RH of the second data set DS following (after the first data set DS) is RH ₂ and the link hash value CH is CH ₂ , and CH _{2 is the RH 1} and CH after the hybridization connection ₁ and the hash value generated. As described above, the RH of the connector ₁ and the hash implementations CH _1, may then be connected to the CH ₁ RH ₁ hashed of, but is not limited thereto. The root hash value RH of the third data set DS after (arranged after the second data set DS) is RH ₃ and the link hash value CH is CH ₃ , and CH ₃ is the RH ₂ and The hash value generated by _{CH 2.} The root hash value RH of the final data set DS is RH _k and the link hash value CH is CH _k , and CH _k is the hash value generated by the hybridized _{connection RH k-1} and CH _k-1. The root hash value RH and the link hash value CH of the remaining data sets DS can be deduced by analogy. In addition, these data sets DS linked in series form a linked data string CDS. In this embodiment, the security protocol device 100 stores the initial link value CH _{0 in the} database device 200, but it is not limited to this.

As shown in FIGS. 1 and 3, in this embodiment, the security protocol device 100 further includes a reading unit 130, and the reading unit 130 is used for reading corresponding data from the blockchain device 300 and the database device 200. The terminal device 400 may send a read request RR to the security protocol device 100 to read the root hash value RH of one or more binary trees BT. When the security protocol device 100 receives a read request RR, and the read request RR is a request to read multiple root hash values RH, and the multiple root hash values RH belong to multiple data sets DS of the linked data string CDS, read The unit 130 reads from the blockchain device 300 the data sets DS of the link data string CDS in the latter's root hash value RH, and reads the data sets DS of the link data string CDS from the database device 200 One or more root hash values RH of the former, and the security protocol device 100 uses the link hash value CH of the subsequent data set DS of the blockchain device 300 to verify the previous one or more root hash values of the database device 200 The correctness of RH.

For example, when the security protocol device 100 receives a read request RR, the read request RR is a request to read _{k root hash values RH of RH 1} to RH _k of the link data string CDS as shown in FIG. 3, and the reading unit 130 _{The root hash value RH and the link hash value CH (ie RH k} and CH _k ) of the last data set DS of the data set DS of this link data string CDS will be read from the blockchain device 300, and the reading unit 130 will read the root hash value RH (ie RH ₁ to RH _k-1 ) of the previous data set DS from the database device 200, and the verification unit 120 will verify the data _{with the RH k of the last data set DS} The correctness _{of RH 1} to RH _k-1 of the previous data set DS of the library device 200. The verification unit 120 can use the aforementioned two formulas, and use the initial link values CH ₀ and RH ₁ to RH _k-1 stored in the database device 200 to perform hash and link operations to calculate CH _k , and use the calculated CH _k to calculate CH k. _{Compare CH k} on the blockchain device 300. If deduced CH _k CH _k coincides with the block chain means 300, 200 indicates a storage library device RH RH RH _k-1 to the apparatus 300 ₁ and the block chain ₁ will RH _k-1 Unanimous. Because based on the hash calculation, as long as any one of the root hash values RH _{among RH 1} to RH _k-1 stored in the database device 200 is inconsistent with the corresponding root hash value RH _{among RH 1} to RH _{k-1 on the blockchain device 300,} Then the calculated CH _k will be different from the CH _k on the blockchain device 300.

Please refer to FIG. 3a. FIG. 3a is a second schematic diagram of a linked data string CDS according to an embodiment of the present invention. The linked data string CDS in FIG. 3a is substantially the same as the linked data string CDS in FIG. 3, but for ease of description, the linked data string CDS in FIG. 3a shows the data section SEC of a continuous data set DS. As shown in FIG. 3a, in this embodiment, the security protocol device 100 can also read the data set DS of any data section SEC of the linked data string CDS, and perform data set DS of the last data section SEC of the data section SEC. verification. For example, when the security protocol device 100 receives a read request RR, the read request RR is a request to read a total of eleven roots _{RH x-10} to RH _{x of the data section SEC of the link data string CDS as shown in FIG. 3} The hash value RH, where x is less than k and greater than or equal to 10, the reading unit 130 reads the root hash value RH and link of the last data set DS of the data set DS of the data segment SEC from the blockchain device 300 The hash value CH (ie RH _x and CH _x ), and the reading unit 130 will read from the database device 200 the root hash value RH of the previous data set DS of the data segment SEC (ie RH _x-10 to RH _x-1 ), and the verification unit 120 will use the RH _{x of the last data set DS of the data section SEC to verify the RH x-10} to the previous data set DS of the data section SEC of the database device 200 The correctness of RH _x-1.

In some embodiments, the initial link value CH ₀ may not be stored in the database device 200. Instead, when the security protocol device 100 receives the read request RR, the reading unit 130 will read the initial link value CH ₀ of the link data string CDS from the blockchain device 300 and the data set DS in the latter data set DS. Root hash value RH, and read from the database device 200 one or more root hash values RH of the data sets DS of the link data string CDS in the former.

Please refer to FIG. 4, which is a block diagram of a verification system 10a according to another embodiment of the present invention. The same or similar components, connection relationships and functions of the verification systems 10 and 10a in FIG. 1 and FIG. 4 will not be repeated. One of the differences between the verification system 10a in FIG. 4 and the verification system 10 in FIG. 1 is that the verification in FIG. 4 The security protocol device 100 of the system 10a further includes a link processing unit 140, while the blockchain device 300 does not have a link processing unit. After the binary tree processing unit 110 of the security protocol device 100 generates multiple binary trees BT, the link processing unit 140 of the security protocol device 100 sequentially generates a data set DS according to the multiple root hash values RH of the binary trees BT. , And generate the link data string CDS according to the aforementioned two formulas, and the security protocol device 100 transmits the link data string CDS to the blockchain device 300. In other words, the data sent by the security protocol device 100 to the blockchain BC already has a data structure with a link data string CDS.

Please refer to FIG. 5, which is a block diagram of a verification system 10b according to another embodiment of the present invention. The same or similar components, connection relationships and functions of the verification systems 10 and 10b in FIG. 1 and FIG. 5 will not be repeated. One of the differences between the verification system 10b in FIG. 5 and the verification system 10 in FIG. 1 is that the verification in FIG. 5 The system 10b includes a security protocol device 100, a database device 200, a blockchain device 300, and a plurality of terminal devices 400. The security protocol device 100 is communicatively connected to the blockchain device 300 located in the blockchain BC and is connected to the data in the off-chain OC. The library device 200 is connected to each terminal device 400, and each terminal device 400 is also communicatively connected to the blockchain device 300. The security protocol device 100 includes a binary tree processing unit 110, a verification unit 120, a reading unit 130, an identification number unit 150, a positioning search unit 160, a slicing unit 170, and an identification number unit 180, wherein the binary tree processing unit 110, the verification unit 120. The reading unit 130, the identification number unit 150, the positioning search unit 160, the slicing unit 170, and the identification number unit 180 are, for example, but not limited to, functional modules composed of software/hardware to perform specific functions respectively, and are binary The tree processing unit 110, the verification unit 120, the reading unit 130, the identification number unit 150, the positioning search unit 160, the slicing unit 170, and the identification number unit 180 may be independent modules or integrated modules.

As shown in FIG. 5, in this embodiment, the blockchain device 300 includes at least one smart contract (smart contract) 310, and the root hash value RH transmitted by the security protocol device 100 to the blockchain device 300 is stored in the corresponding smart contract. Contract 310. In different embodiments, the blockchain device 300 may also include a program structure or interface different from a smart contract, and the root hash value RH may be stored in the blockchain device 300 corresponding to a different program structure or interface.

As shown in FIG. 5, in this embodiment, each terminal device 400 includes a record data generating unit 410, an identification data generating unit 420, and a slice verification unit 430. The record data generation unit 410, the identification data generation unit 420, and the slice verification unit 430 are, for example, but not limited to, functional modules composed of software/hardware to perform specific functions, and the record data generation unit 410 and the identification data generation unit 420 The slice verification unit 430 may be separate modules or an integrated module. The record data generating unit 410 is used to generate the aforementioned record data RD, and when the record data generating unit 410 of each terminal device 400 generates the record data RD, the identification data generating unit 420 of each terminal device 400 also generates the identification data corresponding to each The multiple identification data IDs of the record data RD, so that each record data RD has a corresponding identification data ID. The terminal device 400 transmits the record data RD and the corresponding identification data ID to the security protocol device 100 at the same time. In some embodiments, the terminal device 400 can integrate the record data RD and the corresponding identification data ID into the same integrated data and send the integrated data to the security protocol device 100. In some embodiments, the identification data ID is a clear code.

As shown in FIG. 5, in this embodiment, the security protocol device 100 receives the record data RD and the corresponding identification data IDs, and the security protocol device 100 stores the hash value of each record data RD according to the identification data IDs. RDH to the corresponding leaf node LN. For example, after the security protocol device 100 receives the identification data IDs, the identification number unit 150 of the security protocol device 100 generates a plurality of identification numbers IN corresponding to each leaf node LN according to the identification data IDs, and the security protocol The device 100 stores the hash value RDH of each record data RD to each corresponding leaf node LN according to each identification number IN. In this case, each identification number IN is unique in any binary tree BT, and each identification number IN corresponds to each leaf node LN in the binary tree BT. Therefore, the hash value RDH of each record data RD can be located at each leaf node LN by the corresponding identification number IN, which will be described in detail later.

In this embodiment, the identification number unit 150 of the security protocol device 100 extracts a plurality of predetermined bits from the hash value of each identification data ID to generate each identification number IN. And, the number of the predetermined bits may be associated with the height value H of the corresponding binary tree BT. In the case where the binary tree BT has a height value H, the binary tree BT will have 2 ^(H-1) leaf nodes LN. In order to make each leaf node LN of the binary tree BT have a corresponding and exclusive unique identification number IN, the predetermined bits are at least H-1 bits taken from the hash value of each identification data ID. In this way, The permutation and combination of these H-1 bits can satisfy the number of leaf nodes LN, so that the identification number IN corresponding to the leaf node LN will not be repeated but unique. In this embodiment, the H-1 bits are, for example, but not limited to, the first H-1 bits in the hash value of the identification data ID. In other embodiments, the H-1 bits may be the last H-1 bits or H-1 bits at any position in the hash value of the identification data ID.

For example, the height value H of the binary tree BT in FIG. 2 is 5, and the binary tree BT has 2 ^(5-1) leaf nodes LN, that is, the binary tree BT has 16 leaf nodes LN. Assuming that the identification data ID corresponding to a certain record data RD is "E1534391", the identification number unit 150 will hash the identification data ID with the hash function of SHA-256 to generate the hash value "dbb9ed8b677468b4834d2f634a77ea1e6663431bf1ee7523041467ff8023fa64", and then the identification number The unit 150 takes out the first 4 bits "1101" of the bit array after the hash value is converted into a binary number, and converts 1101 to a decimal value "13", thereby generating the identification number IN as "13". The identification number unit 150 can sequentially set all 16 leaf nodes LN of the binary tree BT as leaf nodes LN numbered 1 to 16, and the hash value RDH of the record data RD with the identification number IN of 13 is stored in number 13. The leaf node LN. In some embodiments, different identification data IDs may generate the same identification number IN, or different record data RD may have the same identification data ID and generate the same identification number IN. In this case, multiple records RD The hash value RDH corresponding to the same identification number IN can be stored in the same leaf node LN. In some embodiments, each leaf node LN of the binary tree BT can store the hash value RDH of more than two record data RD, and the hash value RDH of the two or more record data RD corresponding to a certain leaf node LN will be After the connection, it is hashed to generate a hash value, and the hash value corresponding to two or more record data RD will be stored in this leaf node LN.

As shown in FIG. 5, in this embodiment, the location search unit 160 of the security protocol device 100 can locate the hash value RDH of the record data RD by the identification number IN. When the user needs to find or verify the hash value RDH corresponding to a record data RD in a binary tree BT in the database device 200, the user can perform the above operations through the security protocol device 100. At this time, the location search unit 160 of the security protocol device 100 uses the identification number IN to locate the location of the hash value RDH of the record data RD (that is, the stored leaf node LN), and directly determines the location of the hash value RDH corresponding to the identification number IN. The hash value RDH of this record data RD is extracted from the leaf node LN of the binary tree BT, so as to achieve the purpose of quickly locating and searching data. Moreover, to verify that a certain record data RD does not exist, it can also be completed by the identification number IN. The security protocol device 100 does not need to obtain all the hash values in the complete binary tree BT. The location search unit 160 of the security protocol device 100 The identification number IN corresponding to this record data RD can be used to locate the location of the hash value RDH of this record data RD, that is, the corresponding leaf node LN, and it can be directly confirmed whether the hash value RDH of this record data RD exists here Leaf node LN. If the leaf node LN does not have the hash value RDH of the record data RD, it can be verified that the record data RD does not exist. In this way, the network transmission requirements, calculation amount, calculation time, and calculation cost of the entire verification operation can be greatly reduced.

As mentioned above, in some embodiments, the identification data ID of different record data RD may generate the same identification number IN. In this case, the hash value RDH of a certain record data RD may be located to two or more If the leaf node LN needs to verify the record data RD, the security protocol device 100 can obtain the hash value RDH in the two or more leaf nodes LN from the database device 200 and verify it. In this embodiment, the probability of the repeated identification number IN is relatively low. Even if the hash value RDH of a certain record data RD is located at more than two leaf nodes LN, the number of these located leaf nodes LN is still less than or It is much smaller than the number of all leaf nodes LN, and the network transmission requirements, calculation amount, calculation time and calculation cost of the entire verification operation can still be greatly reduced.

As shown in FIG. 5, in this embodiment, the terminal device 400 further includes an identification number unit 440. The identification number unit 440 of the terminal device 400 has the same function as the identification number unit 150 of the security protocol device 100, and the identification number unit 440 also The identification number IN can be generated according to the identification data ID of the record data RD, and the terminal device 400 can verify through the identification number unit 440 whether the security protocol device 100 obtains data from the correct leaf node LN. For example, if the terminal device 400 needs to verify a certain record data RD, and the identification data ID of the record data RD is "E1534391" (please refer to the aforementioned example), when the terminal device 400 sends the verification request to the security protocol device 100, The location search unit 160 of the security protocol device 100 can locate the location of the hash value RDH of the record data RD through the identification number IN corresponding to the record data RD, and find out that it is a binary in the database device 200 In the leaf node LN numbered 13 of the tree BT, and the hash value RDH in the leaf node LN numbered 13 is returned to the terminal device 400 for the terminal device 400 to verify. The identification number unit 440 of the terminal device 400 can also generate an identification number IN based on the identification data ID of the record data RD being "E1534391", and according to the identification number IN, the hash value RDH of this record data RD can be stored in number 13 In the leaf node LN, the terminal device 400 can confirm whether the hash value RDH of the record data RD returned by the security protocol device 100 comes from the correct location (ie, the leaf node LN numbered 13).

Please refer to FIG. 6 again, which is a schematic diagram of a slice BTS of a binary tree BT according to an embodiment of the present invention. As shown in FIGS. 5 and 6, in this embodiment, when the security protocol device 100 transmits the root hash value RH of the binary tree BT to the blockchain device 300, the slicing unit 170 of the security protocol device 100 will automatically cut two The metatree BT is a plurality of slice BTSs and each slice BTS is returned to each corresponding terminal device 400, and the slice verification unit 430 of each terminal device 400 verifies the correctness of each slice BTS received. As shown in Figures 2 and 6, in this embodiment, each slice BTS is a modular proof (Merkle proof) composed of the root R of the binary tree BT, the corresponding two leaf nodes LN, and the necessary intermediate node MN. proof). The hash value RDH of the record data RD stored in this group of leaf nodes LN can be obtained through the aforementioned calculation process to obtain the root hash value RH at the root R of the tree, and the root hash value RH of the slice BTS should be the same as the complete binary tree BT The root hash value RH is the same. For example, after a terminal device 400 sends a record data RD and identification data ID to the security protocol device 100, the security protocol device 100 stores the hash value RDH of the record data RD in a binary tree BT A certain leaf node LN will return the slice BTS corresponding to this leaf node LN to this terminal device 400, and this terminal device 400 will compare the hash value RDH of the record data RD in the leaf node LN of this slice BTS with Whether the original hash value RDH of the original record data RD generated by the terminal device 400 is consistent, if they are consistent, the verification is correct, and if they are inconsistent, the verification is incorrect. If the verification is incorrect, the corresponding terminal device 400 can send a protest message to the blockchain device 300 for subsequent data correction or invalidation procedures.

In this embodiment, each terminal device 400 includes a blockchain chip. The blockchain chip is, for example, but not limited to, an integrated circuit that can automatically transmit signals between the blockchain BC and the verification system 10, 10b ( IC). With the blockchain chip, the terminal device 400 can be designed to be lighter, thinner, shorter and smaller, and the terminal device 400 can be more easily installed on any object or integrated into any electronic device. For example, the terminal device 400 can be installed or integrated into batteries (such as electric or hybrid buses or large battery packs for automobiles), electric meters, car headlights, and car bodies (such as the trip computer of a car connected via 5G) Or picture frames, and the terminal device 400 will automatically and continuously upload the record data RD of each object, such as but not limited to the battery, electric meter or car headlight hourly or daily (depending on the upload interval) Historical usage, or hourly or daily historical sensing data of various sensor information of the car body (such as engine, odometer, number of starts... etc.), or hourly or daily sensed by the sensor on the picture frame Daily humidity and humidity change historical sensing data and original artist data, etc., and the security protocol device 100 can store the hash value RDH of the record data RD to the database device 200 of the off-chain OC, and upload the root hash value RH To the blockchain device 300.

Based on the verification systems 10, 10a, and 10b, in addition to quickly locating and searching various data through the off-chain OC database device 200, the non-repudiation of the data can also be achieved through the verification of the blockchain BC . And based on the matching application of the terminal device 400, the condition of the object can be guaranteed, and the value of the object can be increased. For example, the old large battery packs originally used for long-distance vehicles can be transferred to short-range vehicles after a certain level of use, while the large secondary battery packs used for short-distance vehicles can be transferred to places such as Yuyuan and other places as backup power generation batteries after a certain level of use. And each conversion between these can be traded through a trading platform such as the Middle Ages, and each transaction can be verified by the verification system 10, 10a, 10b to verify the condition of the object, thereby improving the reliability of the quality of the object and the value of the object.

As shown in FIG. 5, in this embodiment, the smart contract 310 of the blockchain device 300 further includes a link processing unit 311 and an accumulating serial number unit 312. The identification serial number unit 180 of the security protocol device 100 is used to generate the identification serial number IS, the cumulative serial number unit 312 of the blockchain device 300 is used to generate the cumulative serial number AS, and the link processing unit 311 is used to generate the link data string CDS.

Please refer to FIG. 7. FIG. 7 is a schematic diagram of a link data string CDS according to another embodiment of the present invention. As shown in Figures 5 and 7, in this embodiment, each data set DS of the linked data string CDS includes a root hash value RH, an identification number IS, an accumulated serial number AS, and a link hash value CH. The link hash value CH is related to the root hash value RH of the previous data set DS, the identification number IS, the cumulative serial number AS, and the link hash value CH, and the link hash value CH of the first data set DS is related to the initial link value CH ₀ . In some embodiments, each data set DS of the link data string CDS includes the root hash value RH, the identification number IS, and the link hash value CH, but does not include the cumulative serial number AS, and the link hash value CH of each data set DS is associated The root hash value RH, the identification number IS and the link hash value CH of the previous data set DS. In the present embodiment, each data set DS link hash value CH front hash of a data set DS is generated, and the information on the foremost set DS link hash value CH as a hash of the initial chaining value CH ₀ is generated.

As shown in FIG. 5 and FIG. 7, in this embodiment, the identification number IS of each data set DS of the linked data string CDS corresponds to each root hash value RH, respectively. When the security protocol device 100 transmits the root hash values RH to the blockchain device 300, the security protocol device 100 will also correspondingly generate and transmit the identification serial numbers IS to the blockchain device 300. For example, the identification number IS includes a time stamp, and the time stamp is associated with the corresponding root hash value RH. When the security protocol device 100 generates a certain root hash value RH at a specific time point, the identification number unit 180 will correspond to this The identification number IS is generated at a specific time point, and the identification number IS includes a time stamp corresponding to the specific time point. In other words, the root hash value RH generated at different time points must correspond to different identification numbers IS, and the time is constantly advancing, the time point corresponding to the time stamp of the identification number IS of the root hash value RH generated later must be It will be later than the time point corresponding to the time stamp of the identification number IS of the previously generated root hash value RH. Correspondingly, in the linked data string CDS, the time point corresponding to the time stamp of the identification number IS of the subsequent data set DS must be later than the time point corresponding to the time stamp of the identification number IS of the previous data set DS . Thereby, the unmodifiable of the data set DS of the linked data string CDS can be strengthened, and the data of the linked data string CDS is difficult to be tampered with.

As shown in Figures 5 and 7, in this embodiment, the cumulative sequence number AS of each data set DS of the linked data string CDS corresponds to each root hash value RH, and the cumulative sequence number AS of each data set DS is the previous one. The cumulative value of the cumulative serial number AS of the data set DS. When the security protocol device 100 transmits the root hash values RH and the identification serial numbers IS to the blockchain device 300, the cumulative serial number unit 312 of the blockchain device 300 will correspond to the root hash values RH and the identification serial numbers IS The cumulative sequence numbers AS are sequentially generated. For example, when the blockchain device 300 receives the first root hash value RH and the corresponding identification serial number IS, the cumulative serial number unit 312 will generate the cumulative serial number AS whose value is an integer 1, and the link processing unit 311 will integrate the first The data set DS includes the first root hash value RH, the corresponding identification serial number IS, the cumulative serial number AS whose value is an integer 1, and the corresponding link hash value CH. When the security protocol device 100 receives the second root hash value RH and the corresponding identification serial number IS, the cumulative serial number unit 312 will accumulate 1 to the previous cumulative serial number AS to generate the cumulative serial number AS whose value is an integer 2, and the link processing unit 311 will integrate the second data set DS, which includes the second root hash value RH, the corresponding identification serial number IS, the cumulative serial number AS whose value is an integer of 2, and the corresponding link hash value CH. In other words, the cumulative sequence number AS is continuously accumulated, and the cumulative sequence number AS of the data set DS generated later must be greater than the cumulative sequence number AS of the data set DS generated before. Moreover, the cumulative serial number AS is generated by the blockchain device 300 on the blockchain, which is undeniable. Thereby, the unmodifiable of the data set DS of the linked data string CDS can be strengthened, and the data of the linked data string CDS is difficult to be tampered with.

In this embodiment, the link processing unit 311 generates multiple serially linked data sets DS in the link data string CDS according to the following two formulas:

CH _i =hash(RH _i-1 | IS _i-1 | i-1 | CH _i-1 ); and

CH ₁ =hash(CH ₀ ).

Among them, RH _i-1 is the root hash value RH, IS _i-1 is the identification serial number IS, i-1 is the cumulative serial number AS, CH _i-1 is the link hash value CH, and i is an integer from 2 to k.

As shown in Figure 7, the root hash value RH of the first data set DS is RH ₁ , the identification number IS is IS ₁ , the cumulative number AS is 1, and the link hash value CH is CH ₁ , and CH ₁ is the hash CH ₀ and The resulting hash value. The root hash value RH of the second data set DS following (after the first data set DS) is RH ₂ , the identification number IS is IS ₂ , the cumulative number AS is 2 and the link hash value CH is CH ₂ , And CH ₂ is the hash value generated by _{RH 1} , IS ₁ , 1 and CH ₁ after the hybridization connection. The root hash value RH of the third data set DS following (after arranging the second data set DS) is RH ₃ , the identification serial number IS is IS ₃ , the cumulative serial number AS is 3, and the link hash value CH is CH ₃ , And CH ₃ is the hash value generated by hybridizing the _{connected RH 2} , IS ₂ , 2 and CH _2. The root hash value RH of the final data set DS is RH _k , the identification serial number IS is IS _k , the cumulative serial number AS is k, and the link hash value CH is CH _k , and CH _{k is the RH k-1} and IS after the hash connection The hash value generated by _k-1 , k-1 and CH _k-1. The root hash value RH, identification serial number IS, cumulative serial number AS, and link hash value CH of the remaining data sets DS can be deduced by analogy. In addition, these data sets DS linked in series form a linked data string CDS.

As shown in FIG. 5 and FIG. 7, in this embodiment, in addition to _{storing the binary tree BT and the initial link value CH 0} in the database device 200, the security protocol device 100 will also correspond to each The identification serial number IS and the cumulative serial number AS of each root hash value RH of the binary tree BT (or each data set DS corresponding to the link data string CDS) are stored in the database device 200. When the security protocol device 100 receives a read request RR, and the read request RR requires to read multiple root hash values RH, and the multiple root hash values RH belong to multiple data sets DS of a certain linked data string CDS, The reading unit 130 reads the root hash value RH of the data sets DS of the link data string CDS from the blockchain device 300, and reads the data sets of the link data string CDS from the database device 200 DS is at one or more root hash values RH of the former, and the security protocol device 100 uses the link hash value CH of the subsequent data set DS of the blockchain device 300 to verify the previous one or more roots of the database device 200 The correctness of the hash value RH.

For example, when the security protocol device 100 receives a read request RR, the read request RR is a request to read k root hash values RH _{of RH 1} to RH _{k of the link data string CDS as shown in FIG. 7, the reading unit 130 The root hash value RH and the link hash value CH (ie RH k} and CH _k ) of the last data set DS of the data set DS of this link data string CDS will be read from the blockchain device 300, and the reading unit 130 will read from the database device 200 the root hash value RH (ie RH ₁ to RH _k-1 ), the identification number IS (ie IS ₁ to IS _k-1 ) and the cumulative sequence number AS (ie 1 to k-1), and the verification unit 120 uses the RH _{k of the} last data set DS to verify the correctness _{of the RH 1} to RH _k-1 of the previous data set DS of the database device 200. The verification unit 120 can use the aforementioned two formulas, and use the initial link values CH ₀ , RH ₁ to RH _k-1 , IS ₁ to IS _k-1 and 1 to k-1 stored in the database device 200 to perform hashing and linking operations. and calculate CH _k, and to calculate the ratio of the CH _k CH _k to the block chain means 300. If deduced CH _k CH _k coincides with the block chain means 300, 200 indicates a storage library device RH RH RH _k-1 to the apparatus 300 ₁ and the block chain ₁ will RH _k-1 Unanimous. Because based on the hash calculation, as long as any one of the root hash values RH _{among RH 1} to RH _k-1 stored in the database device 200 is inconsistent with the corresponding root hash value RH _{among RH 1} to RH _{k-1 on the blockchain device 300,} Then the calculated CH _k will be different from the CH _k on the blockchain device 300.

In different embodiments, the components of the verification systems 10, 10a, and 10b can be combined arbitrarily. For example, the verification system 10b may not include the terminal device 400; or, the verification system 10, 10a may include the terminal device 400 similar to the verification system 10b, but is not limited thereto.

Please refer to FIG. 8, which is a flowchart of a verification method according to an embodiment of the present invention. In this embodiment, the verification method can be implemented through the verification systems 10 and 10a shown in FIG. 1 or FIG. 4, but is not limited to this. The verification method is suitable for collaboration with the blockchain BC. In step S101, the security protocol device 100 receives multiple record data RD from multiple terminal devices 400 in the off-chain OC. In step S103, the security protocol device 100 integrates the record data RD into at least one binary tree BT according to the hash function, and the hash value RDH of each record data RD is stored in each leaf node LN of the binary tree BT. In step S105, the security protocol device 100 will transmit the root hash value RH of the binary tree BT to the blockchain BC, and the blockchain device 300 will store these root hash values RH. In step S107, the blockchain device 300 or the security protocol device 100 generates the link data string CDS according to the aforementioned formula.

In step S109, the security protocol device 100 stores the binary tree BT and the initial link value CH ₀ in the off-chain OC, that is, the security protocol device 100 stores the complete binary tree BT and the initial link value CH ₀ in the off-chain OC的Database device 200. In different embodiments, the initial link value CH ₀ may not be stored in the database device 200; when necessary, the security protocol device 100 can read the initial link value CH ₀ from the blockchain device 300.

In step S111, when the security protocol device 100 receives a verification request, the security protocol device 100 compares the root hash value RH in the blockchain device 300 on the blockchain BC with the database device 200 in the off-chain OC. The root hash value RH of the binary tree BT stored in OC is used to verify the correctness of the binary tree BT stored in the off-chain OC. In step S113, when the security protocol device 100 receives a read request RR, and the read request RR requests to read multiple root hash values RH of multiple data sets DS in the link data string CDS, the security protocol device 100 will read Take the root hash value RH of the data set DS on the blockchain BC in the latter and read one or more root hash values RH of the data set DS stored in the off-chain OC in the former. In step S115, the security protocol device 100 uses the link hash value CH of the subsequent data set DS on the blockchain BC to verify the correctness of the previous one or more root hash values RH stored in the off-chain OC.

Please refer to FIG. 9, which is a flowchart of a verification method according to another embodiment of the present invention. In this embodiment, the verification method can be implemented through the verification system 10b shown in FIG. 5, but it is not limited to this. In step S201, the security protocol device 100 receives multiple record data RD and multiple identification data IDs from multiple terminal devices 400 in the off-chain OC, and each identification data ID corresponds to each record data RD. In step S203, after the security protocol device 100 receives the identification data IDs, the security protocol device 100 generates a plurality of identification numbers IN corresponding to each leaf node LN according to each identification data ID, and each leaf of the binary tree BT The node LN will correspond to the unique identification number IN. For example, the security protocol is to extract multiple predetermined bits from the hash value of each identification data ID to generate each identification number IN, and if the binary tree BT has a height value H, these predetermined bits are the identification data The first H-1 bits of the hash value of the ID. In step S205, the security protocol device 100 integrates the record data RD into at least one binary tree BT according to the hash function. In step S207, the security protocol device 100 stores the hash value RDH of each record data RD to each corresponding leaf node LN according to each identification number IN. In step S209, the security protocol device 100 will transmit the root hash value RH of the binary tree BT and the corresponding identification number IS to the blockchain BC, and the blockchain device 300 will store the root hash value RH and the corresponding identification number. IS. In step S211, the security protocol device 100 cuts the binary tree BT into multiple slice BTSs. In step S213, the security protocol device 100 will return each slice BTS to the corresponding terminal device 400 in the off-chain OC.

Next, each terminal device 400 verifies the correctness of each slice BTS received. In step S215, when the slice BTS verification is incorrect, the corresponding terminal device 400 sends a protest message to the blockchain BC. In step S217, when the slice BTS is verified to be correct, the terminal device 400 does not need to send a protest message to the blockchain BC.

In step S219, the blockchain device 300 of the blockchain BC corresponds to the root hash value RH and the identification serial number IS, and sequentially generates the cumulative serial number AS. In step S221, the blockchain device 300 of the blockchain BC generates the link data string CDS according to the root hash value RH, the identification serial number IS, and the cumulative serial number AS. In step S223, the security protocol device 100 stores the binary tree BT, the initial link value CH ₀ , the identification serial number IS, and the cumulative serial number AS to the database device 200 in the off-chain OC.

In step S225, when the security protocol device 100 receives a verification request, the security protocol device 100 compares the root hash value RH in the blockchain device 300 on the blockchain BC with the database device 200 in the off-chain OC. The root hash value RH of the binary tree BT stored in OC is used to verify the correctness of the binary tree BT stored in the off-chain OC. In step S227, when the security protocol device 100 receives a search request, and the search request is for a certain record data RD, the security protocol device 100 locates the OC storage under the chain according to the identification number IN corresponding to the record data RD The leaf node LN of the binary tree BT to search for the leaf node LN corresponding to the identification number IN and obtain the hash value RDH of the record data RD from the leaf node LN, or verify that the hash value RDH of the record data RD does not exist. Leaf node LN.

In step S229, when the security protocol device 100 receives a read request RR, and the read request RR requests to read multiple root hash values RH of multiple data sets DS in the link data string CDS, the security protocol device 100 will read Take the root hash value RH of the data set DS on the blockchain BC in the latter and read one or more root hash values RH of the data set DS stored in the off-chain OC in the former. In step S231, the security protocol device 100 uses the link hash value CH of the subsequent data set DS on the blockchain BC to verify the correctness of the previous one or more root hash values RH stored in the off-chain OC.

With the verification systems 10, 10a, and 10b, when a large amount of data needs to be read, a relatively large amount of data can be read by the off-chain OC under the structure based on the link data string CDS, and only the blockchain BC can be read Take a relatively small amount of data, and use the data of the blockchain BC to verify the data of the off-chain OC, so that both efficiency and credibility can be taken into account. For example, in a company, the hash value of each employee's daily clock-in record will be correspondingly stored in each leaf node LN in the binary tree BT, and each binary tree BT is all employees of this company Single-day up and down spot clocking records. Then, the check-in records of all employees for a whole year will accumulate into hundreds of data, that is, hundreds of binary tree BT, and these data will be stored and used based on the verification system 10, 10a or 10b. If one day, the company’s internal control department needs to call out the check-in records of an employee for several years, the verification system 10, 10a, or 10b does not need to read a lot of the blockchain BC, just read the information on the blockchain BC The root hash value RH and the link hash value CH of the last data set DS of each link data string CDS, and the remaining root hash values RH of each link data string CDS can be read by the database device 200 of the off-chain OC and can be The link hash value CH of the last data set DS on the blockchain BC is used to verify the correctness of the remaining root hash values RH of the database device 200. In this way, the network transmission demand and computing load of the blockchain can be greatly reduced, and at the same time, the correctness of the off-chain OC data can be ensured through verification.

In summary, the conventional blockchain architecture transmits all data to the blockchain, and then verifies the data through the blockchain miners, which will consume a lot of blockchain computing resources. According to the verification system and method of the embodiment of the present invention, under the premise of maintaining the trustworthiness (non-repudiation) of the data, most of the data can be set in the off-chain database device, and the off-chain comparison can be performed through the security protocol device The root hash value of the binary tree of the database device and the corresponding root hash value of the blockchain are used to verify the correctness of the binary tree, thereby turning the main calculations into off-chain execution and greatly reducing the load of the blockchain. In addition, the security protocol device can locate the record data according to the identification number, thereby quickly searching for leaf nodes stored in the hash value of the record data in the database device, and quickly verifying whether the record data does not exist. With the verification system and method of the embodiment of the present invention, the overall calculation amount, calculation time, and calculation cost of the system can be reduced. In addition, the terminal device with the blockchain chip can be installed or integrated into various objects, which is simpler and more convenient in practical application, and can improve the reliability of the object quality and the value of the object.

In addition, with the link data string of the verification system and method of the embodiment of the present invention, when a large number of root hash values of a binary tree need to be read, these root hash values can be read from the off-chain database device, and Use the link hash value of the data collection of the link data string on the blockchain to verify the correctness of the root hash value read by the chain, so as to reduce the blockchain’s problems while maintaining the trustworthiness of the data. Network transmission requirements and computing load.

Although the technical content of the present invention has been disclosed in the preferred embodiment as above, it is not intended to limit the present invention. Anyone who is familiar with this technology and makes some changes and modifications without departing from the spirit of the present invention should be covered by the present invention. Therefore, the scope of protection of the present invention shall be subject to the scope of the attached patent application.

10.10a, 10b: verification system 100: security protocol device 110: binary tree processing unit 120: verification unit 130: reading unit 140: link processing unit 150: identification number unit 160: positioning search unit 170: slicing unit 180: Identification serial number unit 200: database device 300: blockchain device 310: smart contract 311: link processing unit 312: cumulative serial number unit 400: terminal device 410: record data generation unit 420: identification data generation unit 430: slice verification unit 440 : Identification number unit AS: Cumulative serial number BT: Binary tree BTS: Slice of binary tree CDS: Link data string CH: Link hash value CH ₀ : Initial link value DS: Data set H: Height value ID: Identification data IN: Identification number IS: identification number LN: leaf node MN: intermediate node OC: off-chain BC: blockchain R: tree root RD: record data RDH: hash value of record data RH: root hash value RR: read request SEC: Data section S101: Receive multiple record data from multiple terminal devices under the chain S103: Integrate the record data into a binary tree according to the hash function S105: Send the root hash value of the binary tree to the blockchain S107: Generate a link data string S109: Store the binary tree and the initial link value under the chain S111: When receiving the verification request, compare the root hash value on the blockchain with the root hash value of the binary tree stored under the chain S113: When receiving the read request , Read the root hash value of the data set on the blockchain in the latter and read one or more root hash values of the data set stored under the chain in the former S115: take the subsequent data set on the blockchain The link hash value verifies the correctness of the previous one or more root hash values stored under the chain S201: Multiple record data and multiple identification data are received from multiple terminal devices under the chain S203: After the identification data is received, Generate multiple identification numbers corresponding to each leaf node according to each identification data S205: Integrate the record data into a binary tree according to the hash function S207: Store the hash value of each record data according to each identification number to the corresponding leaf node S209: Send The root hash value and identification number of the binary tree are sent to the blockchain S211: Cut the binary tree into multiple slices S213: Send each slice back to the corresponding terminal device under the chain S215: The verification is incorrect, the corresponding terminal device transmits Protest message to the blockchain S217: The verification is correct, and the terminal device does not need to send the protest message to the blockchain S219: Sequentially generate cumulative serial numbers S221: Generate link data string S223: Store binary tree, initial link value, and identification number under the chain S225: When receiving a verification request, compare the root hash value on the blockchain with the root hash value of the binary tree stored off-chain. S227: When receiving a search request, locate the binary stored off-chain according to the identification number. Leaf node S229 of the meta-tree: When receiving a read request, read the root hash value of the data set on the blockchain in the latter and read the data set stored off-chain in the former One or more root hash values of S231: Use the link hash value of the subsequent data set on the blockchain to verify the correctness of the previous one or more root hash values stored off-chain

Fig. 1 is a block diagram of a verification system according to an embodiment of the present invention; FIG. 2 is a schematic diagram of a binary tree according to an embodiment of the present invention; FIG. 3 is a first schematic diagram of a linked data string according to an embodiment of the present invention; Fig. 3a shows a second schematic diagram of a link data string according to an embodiment of the present invention; FIG. 4 is a schematic block diagram of a verification system according to another embodiment of the present invention; FIG. 5 is a schematic block diagram of a verification system according to another embodiment of the present invention; Fig. 6 is a schematic diagram of a slice of a binary tree according to an embodiment of the present invention; FIG. 7 is a schematic diagram of a link data string according to another embodiment of the present invention; FIG. 8 is a flowchart of a verification method according to an embodiment of the present invention; and Fig. 9 is a flowchart of a verification method according to another embodiment of the present invention.

10b: Verification system

100: Security Protocol Device

110: Binary tree processing unit

120: Verification Unit

130: Reading unit

150: Identification number unit

160: Location search unit

170: Slicing unit

180: Identify the serial number unit

200: database device

300: Blockchain device

310: Smart Contract

311: Link Processing Unit

312: Cumulative serial number unit

400: terminal device

410: record data generating unit

420: Identification data generation unit

430: Slice Verification Unit

440: Identification Number Unit

AS: cumulative serial number

BT: Binary Tree

BTS: slicing of a binary tree

CDS: link data string

CH ₀ : Initial link value

ID: identification data

IS: Identification number

OC: off-chain

BC: Blockchain

RD: record data

RDH: hash value of record data

RH: Root hash value

RR: Reading requirements

Claims (6)

A method for processing link data is executed by a security protocol device. The verification method includes: storing a plurality of binary trees in a database under the chain, wherein each of the binary trees includes a tree root and a plurality of leaves Node, each root of the tree stores a hash value; read the root hash values on the database; perform a hash and link operation on the root hash values read from the database to determine a deduced root Hash value; read a specific root hash value from a blockchain; determine whether the specific root hash value is consistent with the estimated root hash value; and when the specific root hash value is consistent with the estimated root hash value, determine the data The root hash values of the database are correct; wherein the hash and link operation includes: generating a plurality of data sets under the chain linked in a serial manner, and each of the data sets under the chain includes each root read from the database. A hash value and a corresponding first link hash value. The first link hash value of the first of the off-chain data sets is generated by hashing an initial link value, and each off-chain data after the first data set The first link hash value of the set is generated by the previous off-chain data set before the hashing, and the root hash value in the last of the off-chain data sets is the estimated root hash value; wherein, each off-chain data The collection further includes an identification serial number and a cumulative serial number. Each cumulative serial number corresponds to the root hash value of each off-chain data set. The cumulative serial number of each off-chain data set is derived from the previous off-chain data set. The cumulative value of the cumulative sequence number, and each chain The first link hash value of the lower data set is generated by hashing the root hash value, the identification serial number, the cumulative serial number, and the first link hash value of the previous off-chain data set. For example, the method of claim 1, further comprising: receiving multiple record data; integrating the record data into the binary trees according to a hash function, wherein the hash values of the record data are stored in the leaf nodes respectively; and storing the The root hash values of the binary trees are in the blockchain. Such as the method of claim 2, wherein the root hash values stored on the blockchain are included in a linked data string, and the linked data string includes a plurality of data sets linked in a serial manner, and each data set is respectively It includes each root hash value stored on the blockchain and a corresponding second link hash value. The second link hash value of the first one of the data sets is generated by hashing the initial link value, and the first The second link hash value of each data set after the data set is generated by the previous data set that was hashed, and the root hash value in the last of the data sets is the specific root hash value; wherein the method It further includes: transmitting a plurality of identification serial numbers to the blockchain, so that each of the data sets includes each identification serial number, and each identification serial number includes a time stamp. A security protocol device includes: a memory; and a processor coupled to the memory. The processor is used for storing a plurality of binary trees in a database under the chain, wherein each of the binary trees includes A tree root and multiple leaf nodes, each of the tree roots stores a hash value; read the root hash values on the database; Perform a hash and link operation on the root hash values read from the database to determine a calculated root hash value; read a specific root hash value from a blockchain; determine the specific root hash value and the calculation Whether the root hash value is consistent; when the specific root hash value is consistent with the estimated root hash value, determine that the root hash values of the database are correct; and generate multiple serially linked off-chain data sets, each The off-chain data set includes each root hash value read from the database and a corresponding first link hash value. The first link hash value of the first one of the off-chain data sets is initialized by hashing Link value generation, the first link hash value of each off-chain data set after the first data set is generated by the previous off-chain data set before the hashing, and the last one of the off-chain data sets The root hash value is the inferred root hash value; wherein, each of the off-chain data sets further includes an identification serial number and a cumulative serial number, and each cumulative serial number corresponds to the root hash value of each off-chain data set, and each chain The cumulative serial number of the lower data set is derived from the cumulative value of the cumulative serial number of the previous off-chain data set, and the first link hash value of each off-chain data set is hashed by the root of the previous off-chain data set The hash value, the identification serial number, the cumulative serial number, and the first link hash value are generated. For example, the security protocol device of claim 4, the processor is further used to: receive multiple record data; integrate the record data into the binary trees according to the hash function, wherein the hash values of the record data are respectively stored in the Leaf nodes; and storing the root hash values of the binary trees in the blockchain. For example, the security protocol device of claim 5, wherein the root hash values stored on the blockchain are included in a link data string, and the link data string includes a plurality of data sets linked in a serial manner, each of the data The sets respectively include each root hash value stored on the blockchain and a corresponding second link hash value. The second link hash value of the first one of the data sets is generated by hashing the initial link value. The second link hash value of each data set after the first data set is generated by hashing the previous data set, and the root hash value in the last of the data sets is the specific root hash value; where The processor is further used for transmitting a plurality of identification serial numbers to the blockchain, so that each of the data sets includes each identification serial number, and each identification serial number includes a time stamp.

Images