WO2020037654A1 - Blockchain data protection method, device and system, and computer-readable storage medium - Google Patents

Blockchain data protection method, device and system, and computer-readable storage medium Download PDF

Info

Publication number
WO2020037654A1
WO2020037654A1 PCT/CN2018/102264 CN2018102264W WO2020037654A1 WO 2020037654 A1 WO2020037654 A1 WO 2020037654A1 CN 2018102264 W CN2018102264 W CN 2018102264W WO 2020037654 A1 WO2020037654 A1 WO 2020037654A1
Authority
WO
WIPO (PCT)
Prior art keywords
encrypted
data
blockchain
ciphertext
blockchain node
Prior art date
Application number
PCT/CN2018/102264
Other languages
French (fr)
Chinese (zh)
Inventor
袁振南
谈扬
Original Assignee
区链通网络有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 区链通网络有限公司 filed Critical 区链通网络有限公司
Priority to CN201880002220.4A priority Critical patent/CN109690551B/en
Priority to PCT/CN2018/102264 priority patent/WO2020037654A1/en
Publication of WO2020037654A1 publication Critical patent/WO2020037654A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies

Definitions

  • This application relates to the field of blockchain technology, and in particular, this application relates to a method, device, system, and computer-readable storage medium for protecting blockchain data.
  • Blockchain technologies such as Bitcoin and Ethereum provide the foundation for building a completely decentralized Internet application.
  • the underlying technology of the blockchain builds a decentralized and trusted distributed network, all nodes maintain a shared database ledger, and all records are traceable and cannot be changed.
  • this application proposes a method, a device, a system, and a computer-readable storage medium for protecting blockchain data to protect the blockchain data and improve the efficiency of the calculation and processing of the blockchain data.
  • Embodiments of the present application provide a method for protecting blockchain data according to a first aspect, including:
  • the first blockchain node performs homomorphic encryption on the encrypted data to obtain the encrypted ciphertext
  • the second blockchain node obtains the request from the blockchain system
  • the second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain system.
  • the embodiments of the present application also provide another method for protecting blockchain data, including:
  • the embodiments of the present application also provide another method for protecting blockchain data, including:
  • the calculation results are uploaded to the blockchain system.
  • the embodiment of the present application further provides a blockchain data protection system according to the fourth aspect, including a first blockchain node and a second blockchain node;
  • the first blockchain node is configured to perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext; upload a request for calculating the encrypted ciphertext to a blockchain system;
  • the second blockchain node is configured to obtain the request from the blockchain system; obtain the encrypted ciphertext according to the request; calculate the obtained encrypted ciphertext, and upload the calculation result to the area Blockchain system.
  • the embodiment of the present application further provides a blockchain data protection device according to a fifth aspect, including:
  • An encryption module for homomorphically encrypting the encrypted data to obtain encrypted cipher text
  • a request uploading module is configured to upload a request for calculating the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system perform the encryption ciphertext upon receiving the request. Calculation.
  • the embodiments of the present application further provide another blockchain data protection device, including:
  • a request obtaining module configured to obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
  • An encrypted ciphertext obtaining module configured to obtain the encrypted ciphertext according to the request
  • An uploading module is configured to upload the calculation result to the blockchain system.
  • the embodiments of the present application further provide a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the method for protecting a blockchain data according to any one of the foregoing is implemented. .
  • the foregoing blockchain data protection method, device, system, and computer-readable storage medium perform homomorphic encryption on encrypted data, and uploads the obtained encrypted ciphertext to the blockchain system, thereby protecting the security of the blockchain data.
  • Homomorphic encryption supports multiple operations (addition, multiplication) and high computational efficiency. Therefore, by introducing efficient homomorphic encryption with more abundant computing operation types, the efficiency of blockchain data calculation processing is improved.
  • FIG. 1 is a schematic structural diagram of a communication system applicable to a blockchain data protection method according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of a blockchain data protection method according to an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a blockchain data protection method according to an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a blockchain data protection system according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a blockchain data protection method according to another embodiment of the present application.
  • FIG. 6 is a schematic diagram of a blockchain data protection device according to an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a blockchain data protection method according to another embodiment of the present application.
  • FIG. 8 is a schematic diagram of a blockchain data protection device according to another embodiment of the present application.
  • FIG. 9 is a schematic diagram of a server according to an embodiment of the present application.
  • first, second, and the like used in this application can be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish the first element from another element.
  • a first blockchain node may be referred to as a second blockchain node, and similarly, a second blockchain node may be referred to as a first block Chain node.
  • Both the first blockchain node and the second blockchain node are blockchain nodes, but they are not the same blockchain node.
  • the blockchain data protection method provided in this application can be applied to the communication system shown in FIG. 1.
  • the communication system includes: a blockchain network, a first blockchain node 11 and a second blockchain node 12.
  • a blockchain network includes: a blockchain network, a first blockchain node 11 and a second blockchain node 12.
  • This is for illustrative purposes only, and does not limit the specific number of blockchain nodes. It also does not limit the types of blockchain nodes.
  • Blockchain nodes can specifically be smartphones, tablets, laptops, etc., and combinations thereof.
  • the first blockchain node 11 is used to encrypt the data to be encrypted and upload a calculation request to the blockchain system
  • the second blockchain node 12 is used to obtain the request and calculate the encrypted ciphertext performed in the request.
  • a method for protecting blockchain data includes:
  • the first blockchain node performs homomorphic encryption on the encrypted data to obtain encrypted ciphertext.
  • Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms.
  • the so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system.
  • Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc.
  • the person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
  • Homomorphic encryption is a special kind of encryption that allows calculations (addition, multiplication) to be performed directly on the ciphertext, and after decryption, the result corresponding to the plaintext calculation is obtained.
  • Homomorphic encryption is divided into full homomorphic encryption (supporting both addition and multiplication) and partial homomorphic encryption (addition or multiplication), which is an important research direction of current cryptography. Especially in terms of full homomorphic encryption, it has a wide range of application scenarios in terms of user privacy protection, such as implementing searchable encryption, and cloud platforms analyzing user encrypted data.
  • the first fully homomorphic encryption scheme was based on lattice ciphers, which was proposed by Craig Gentry in 2009, and has led to a boom in research in this direction.
  • Homomorphic encryption can use the existing encryption methods in the prior art, and it will be described below with reference to two examples.
  • Nebula Genomics is committed to using blockchain technology to promote the research and development of genetic analysis. Eliminate middlemen in the gene market, so that users can control the buying and selling of their own genetic data, and scientific research institutions such as hospitals and universities can also purchase genetic data directly from individuals. In this process, users are inevitably required to send genetic data to the buyer, and the buyer then performs calculation analysis on the data.
  • Nebula Genomics uses Intel Software Guard Extensions (SGX, Intel Software Protection Extensions) and some homomorphic encryption (addition), as shown in Figure 3.
  • Enigma provides a more extensive privacy-protected computing platform. Applicable to secure multi-party computing, users can split the data to be processed into multiple copies and distribute them to different nodes for calculation, further improving the calculation processing speed.
  • SPDZ is used to prevent attacks by malicious nodes and perform related homomorphic encryption operations on ciphertext.
  • the homomorphic encryption algorithm selected and designed needs to support multiple operations (addition, multiplication) and high computational efficiency.
  • the first blockchain node performs homomorphic encryption on the encrypted data to obtain encrypted ciphertext, including: the first blockchain node performs homomorphism on the encrypted data through a multi-key privacy protection outsourcing computing algorithm. Encrypt to get encrypted ciphertext.
  • Multi-key privacy protection outsourcing calculation algorithms support addition (SAD), multiplication (SMD), and even division (SDIV) over integers, solving the greatest common factor (SGCD), maximum and minimum filtering (SMMS), and more.
  • the blockchain platform integrates the addition and multiplication in the multi-key privacy protection outsourcing calculation algorithm, which can already meet almost all application requirements, such as counting employee salaries, performing machine neural network learning on user data samples, and other operations. Two operations are derived. In order to better understand the algorithm, we will use add homomorphism and multiplication homomorphism for illustration.
  • the first blockchain node performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
  • the first blockchain node splits the data to be encrypted into a first part and a second part.
  • each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
  • the first blockchain node encrypts the sum of the first part and the first random number by a set first public key to obtain a first encrypted data; and the second public key sets the second public key.
  • the sum of the partial and second random numbers is encrypted to obtain second encrypted data.
  • This step is expressed as a formula:
  • X is a first encrypted data
  • pka of the first public key x is a first portion
  • r a is a first random number
  • [] pka a first public key pair [] is the number of encrypted
  • pkb second Public key y is the second part
  • r b is the second random number
  • [] pkb is the second public key to encrypt the number in [].
  • the first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain the first decrypted data; and using the first decryption algorithm and the The first private key decrypts the second encrypted data to obtain second decrypted data.
  • This step is expressed as a formula:
  • X ′ is the first decrypted data
  • PDO is the first decrypted algorithm
  • SK (1) is the first private key
  • Y ′ is the second decrypted data.
  • the first blockchain node decrypts the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data.
  • the second decryption algorithm and the second private key decrypt the second encrypted data and the second decrypted data to obtain fourth decrypted data.
  • This step is expressed as a formula:
  • X is the third decrypted data
  • Y is the fourth decrypted data
  • PDT is the second decryption algorithm
  • SK (2) is the second private key.
  • the first blockchain node encrypts the difference between the first sum value and the second sum value through a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the A sum of the third decrypted data and the fourth decrypted data, and the second sum value is a sum of the first random number and the second random number.
  • This step is expressed as a formula:
  • S is the first sum value
  • R is the second sum value
  • pkc is the third public key
  • N is the size of the integer field.
  • the ordinary homomorphic addition encryption algorithm only supports the calculation on the ciphertext encrypted under the same key, and SAD in this algorithm, given the ciphertext encrypted by different keys, [x] pka, [x] pkb, and the introduction
  • the random numbers r a and r b can also obtain the ciphertext corresponding to the plaintext addition.
  • the first blockchain node performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
  • the first blockchain node splits the data to be encrypted into a first part and a second part.
  • each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
  • the first blockchain node encrypts the first part and the first random number through a set first public key, and multiplies the two values obtained after encryption to obtain the first encrypted data. Encrypts the second part and the second random number with the second public key, and multiplies the two values obtained after encryption to obtain the second encrypted data; Encrypt the difference between the product of the second random number and the first part to obtain third encrypted data; use the second public key to pair the fourth random number with the product of the first random number and the second part The difference is encrypted, and the fourth encrypted data is obtained.
  • This step is expressed as a formula:
  • X is the first encrypted data
  • Y is the second encrypted data
  • S is the third encrypted data
  • T is the fourth encrypted data
  • pka is the first public key
  • [] pka is the first public key pair [].
  • Data is encrypted, x is the first part, r x is the first random number, y is the second part, r y is the second random number, [] pkb is the data in [] encrypted by the second public key, pkb is the second public key, R x is the third random number, and R y is the fourth random number.
  • the first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data.
  • the first private key decrypts the second encrypted data to obtain second decrypted data; and decrypts the third encrypted data through the first decryption algorithm and the first private key to obtain third decrypted data ; Decrypting the fourth encrypted data by using the first decryption algorithm and the first private key to obtain fourth decrypted data.
  • This step is expressed as a formula:
  • X 1 PDO SK (1) (X)
  • Y 1 PDO SK (1) (Y)
  • S 1 PDO SK (1) (S)
  • T 1 PDO SK (1) (T)
  • PDO is the first decryption algorithm
  • SK (1) is the first private key
  • X 1 , Y 1 , S 1 , and T 1 are the first decrypted data, the second decrypted data, the third decrypted data, and the fourth decrypted in this order. data.
  • the first blockchain node decrypts the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and using the second decryption algorithm and Decrypting the second decrypted data and the first encrypted data by the second private key, and multiplying the two values obtained after the decryption to obtain fifth decrypted data; by the second decryption algorithm and the The second private key decrypts the third decrypted data and the third encrypted data to obtain a sixth decrypted data; the fourth decrypted data and all the encrypted data are obtained through the second decryption algorithm and the second private key. Decrypt the fourth encrypted data to obtain the seventh decrypted data.
  • This step is expressed as a formula:
  • h is the fifth decrypted data
  • PDT is the second decrypted algorithm
  • SK (2) is the second private key
  • S2 is the sixth decrypted data
  • T2 is the seventh decrypted data.
  • the first blockchain node encrypts the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data and the sixth Encrypted data and seventh encrypted data; encrypting a product of the first random number and the second random number with the third public key, and calculating the (N-1) th power of the value obtained after the encryption, Obtain the eighth encrypted data; encrypt the third random number by the third public key, and calculate the (N-1) -th power of the encrypted value to obtain the ninth encrypted data; pass the third The public key encrypts the fourth random number, and calculates the (N-1) -th power of the value obtained after encryption to obtain tenth encrypted data; N represents the size of the integer field.
  • This step is expressed as a formula:
  • H, S3, T3, S4, S5, and S6 are the fifth decrypted data, the sixth decrypted data, the seventh decrypted data, the eighth encrypted data, the ninth encrypted data, and
  • pkc is a third public key
  • N represents a size of an integer domain.
  • the first blockchain node sends the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth Multiply the encrypted data to obtain the encrypted ciphertext of the data to be encrypted.
  • This step is expressed as a formula:
  • the multiplication homomorphism (SMD) given the ciphertexts [x] pka, [x] pkb, and random numbers rx, ry encrypted with different keys can also obtain the ciphertext corresponding to the plaintext multiplication.
  • the multi-key privacy protection outsourced computing algorithm can not only realize the encryption of the data to be encrypted, but also has higher computational efficiency than other homomorphic encryption algorithms.
  • the data to be encrypted is data that needs to be protected, such as transaction data.
  • multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data, the encrypted ciphertext can be obtained.
  • the first blockchain node uploads a request for computing the encrypted ciphertext to a blockchain system.
  • the request for calculating the encrypted cipher text may be specifically determined according to service requirements, such as calculating an average value or a variance of the encrypted cipher text.
  • the first blockchain node can upload a request to calculate encrypted ciphertext through a smart contract or op_return.
  • Smart contract is a computer protocol designed to spread, verify or execute contracts in an information-based manner. Smart contracts allow trusted transactions to be performed without a third party. These transactions are traceable and irreversible.
  • OP_RETURN can realize the broadcasting and recording of data in the blockchain, omitting the calculation steps, thus achieving the purpose of saving time and computing power.
  • the uploading, by the first blockchain node to the blockchain system, a request to calculate the encrypted ciphertext includes:
  • the first blockchain node uploads the encrypted ciphertext to a distributed file system, and obtains a file hash value of the encrypted ciphertext.
  • Distributed file system refers to the physical storage resources managed by the file system are not necessarily directly connected to the local node, but connected to the node through a computer network.
  • the distributed file system may be an IPFS file system (InterPlanetary File System, Interstellar File System).
  • IPFS is a peer-to-peer distributed file system. It attempts to connect the same file system for all computing devices (IPFS miners).
  • the first blockchain node uploads the encrypted ciphertext to the distributed file system.
  • the file hash value (file hash) can be calculated before uploading the encrypted ciphertext, or the hash value of the file can be returned when uploading IPFS.
  • the first blockchain node stores a correspondence between the file hash value and the encrypted cipher text in the distributed file system into a pre-created distributed hash table.
  • the first blockchain node creates a distributed hash-table (DHT, distributed hash table) in advance, and the DHT is accessed through the blockchain (Ethereum smart contract or Bitcoin op_return, etc.).
  • DHT stores file hash indexes.
  • Other blockchain nodes can obtain specific encrypted cipher text in the distributed file system through hash indexes.
  • the first blockchain node uploads a request for calculating the encrypted ciphertext to a blockchain system; the request includes a file hash value of the encrypted ciphertext.
  • the request for calculating the encrypted ciphertext uploaded by the first blockchain node may include the file hash value of the encrypted ciphertext.
  • the second blockchain node obtains the request from the blockchain system.
  • the second blockchain node can obtain the request from the blockchain system. If the request includes a file hash value of the encrypted ciphertext, the second blockchain node obtains the file hash value of the encrypted ciphertext.
  • the second blockchain node obtains the encrypted ciphertext according to the request.
  • the second blockchain node needs to obtain the corresponding encrypted ciphertext according to the request for calculation.
  • the obtaining, by the second blockchain node, the encrypted ciphertext according to the request includes:
  • the second blockchain node accesses the distributed hash table through the blockchain system.
  • the distributed hash table stores the correspondence between the file hash value and the encrypted cipher text in the distributed file system.
  • the second blockchain node needs to access the distributed hash table through the blockchain system.
  • the second blockchain node searches the distributed file system for the encrypted ciphertext corresponding to the file hash value in the request according to the distributed hash table.
  • the request contains a file hash value.
  • the encrypted cipher text in the distributed file system corresponding to the file hash value can be determined, and then the encrypted cipher text is obtained from the distributed file system.
  • the second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain system.
  • the second blockchain node can directly perform calculations on the encrypted ciphertext, such as averaging or variance, to obtain the calculation result, and upload the calculation result to the blockchain system. Since the multi-key privacy protection outsourcing calculation algorithm is adopted, not only the encryption of the blockchain data is realized, but also the efficiency of the calculation of the blockchain data is improved.
  • the second blockchain node calculates the obtained encrypted ciphertext, uploads the calculation result to the blockchain system, and then further includes: the blockchain system verifies the calculation. When the result is valid, a token reward is issued to the second blockchain node. The blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
  • the present application also provides a blockchain data protection system, including a first blockchain node 41 and a second blockchain node 42;
  • the first blockchain node 41 is configured to perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext; upload a request for computing the encrypted ciphertext to a blockchain system;
  • the second blockchain node 42 is configured to obtain the request from the blockchain system; obtain the encrypted ciphertext according to the request; perform calculation on the obtained encrypted ciphertext, and upload the calculation result to the Blockchain system.
  • the first blockchain node 41 performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext.
  • the first blockchain node 41 obtains the encrypted ciphertext through the following operations:
  • the first blockchain node splits the data to be encrypted into a first part and a second part
  • the first blockchain node encrypts the sum of the first part and the first random number by a set first public key to obtain the first encrypted data; and sets the second part and the second part by a set second public key. Encrypt the sum of the second random number to obtain second encrypted data;
  • the first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypting the second encrypted data to obtain second decrypted data;
  • the first blockchain node decrypts the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data; through the first Two decryption algorithms and the second private key decrypt the second encrypted data and the second decrypted data to obtain fourth decrypted data;
  • the first blockchain node encrypts the difference between the first sum value and the second sum value through a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third The sum of the decrypted data and the fourth decrypted data, and the second sum is a sum of the first random number and the second random number.
  • the first blockchain node 41 obtains the encrypted ciphertext through the following operations:
  • the first blockchain node splits the data to be encrypted into a first part and a second part
  • the first blockchain node encrypts the first part and the first random number respectively through a first public key that is set, and multiplies the two values obtained after encryption to obtain the first encrypted data.
  • Two public keys respectively encrypt the second part and the second random number, and multiply the two values obtained after encryption to obtain the second encrypted data; the third random number and the third random number are obtained by the first public key Encrypt the difference between the second random number and the first partial product to obtain third encrypted data; perform the difference between the fourth random number and the first random number and the second partial product by using the second public key; Encrypt to obtain the fourth encrypted data;
  • the first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypts the second encrypted data to obtain second decrypted data; decrypts the third encrypted data through the first decryption algorithm and the first private key to obtain third decrypted data; Decrypting the fourth encrypted data by the first decryption algorithm and the first private key to obtain fourth decrypted data;
  • the first blockchain node decrypts the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and by using the second decryption algorithm and the The second private key decrypts the second decrypted data and the first encrypted data, and multiplies the two values obtained after decryption to obtain a fifth decrypted data; the second decryption algorithm and the second decrypted data are obtained.
  • a private key decrypts the third decrypted data and the third encrypted data to obtain a sixth decrypted data; the fourth decrypted data and the first decrypted data are obtained through the second decryption algorithm and the second private key.
  • Four encrypted data are decrypted to obtain seventh decrypted data;
  • the first blockchain node encrypts the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data and the sixth encrypted data.
  • the seventh encrypted data encrypt the product of the first random number and the second random number with the third public key, and calculate the (N-1) -th power of the value obtained after encryption to obtain the first Eight encrypted data;
  • the third random number is encrypted by the third public key, and the (N-1) -th power of the value obtained after the encryption is calculated, to obtain the ninth encrypted data; by the third public key Encrypt the fourth random number, and calculate the (N-1) th power of the value obtained after encryption to obtain tenth encrypted data;
  • N represents the size of the integer field;
  • the first blockchain node sends the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data. Multiply to obtain the encrypted ciphertext of the data to be encrypted.
  • the first blockchain node 41 uploads the encrypted ciphertext to a distributed file system, and obtains a file hash value of the encrypted ciphertext;
  • the correspondence between the encrypted ciphertext in the distributed file system is stored in a pre-created distributed hash table; a request to calculate the encrypted ciphertext is uploaded to a blockchain system; the request includes the encrypted ciphertext File hash.
  • the second blockchain node 42 accesses the distributed hash table through the blockchain system; according to the distributed hash table, looks up all the addresses in the distributed file system.
  • a token reward is issued to the second blockchain node.
  • the blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
  • a method for protecting blockchain data includes:
  • Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms.
  • the so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system.
  • Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc.
  • the person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
  • Homomorphic encryption is a special kind of encryption that allows calculations (addition, multiplication) to be performed directly on the ciphertext, and after decryption, the result corresponding to the plaintext calculation is obtained.
  • Homomorphic encryption is further divided into full homomorphic encryption (supporting both addition and multiplication) and partial homomorphic encryption (addition or multiplication), which is an important research direction of current cryptography. Especially in terms of full homomorphic encryption, it has a wide range of application scenarios in terms of user privacy protection, such as implementing searchable encryption, and cloud platforms analyzing user encrypted data.
  • performing homomorphic encryption on the encrypted data to obtain the encrypted ciphertext includes: performing homomorphic encryption on the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain the encrypted ciphertext.
  • Multi-key privacy protection outsourcing calculation algorithms support addition (SAD), multiplication (SMD), and even division (SDIV) over integers, solving the greatest common factor (SGCD), maximum and minimum filtering (SMMS), and more.
  • the blockchain platform will integrate the addition and multiplication in the multi-key privacy protection outsourcing calculation algorithm. This can already meet almost all application requirements, such as counting employee salaries, performing machine neural network learning on user data samples, etc. Other operations can Derived on these two operations. In order to better understand the algorithm, we will use add homomorphism and multiplication homomorphism for illustration.
  • the encrypted data is homomorphically encrypted by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted cipher text, including:
  • each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
  • S512 Encrypt the sum of the first part and the first random number by using the set first public key to obtain the first encrypted data; sum the sum of the second part and the second random number by using the set second public key. Encrypt to obtain the second encrypted data.
  • This step is expressed as a formula:
  • X is a first encrypted data
  • pka of the first public key x is a first portion
  • r a is a first random number
  • [] pka a first public key pair [] is the number of encrypted
  • pkb second Public key y is the second part
  • r b is the second random number
  • [] pkb is the second public key to encrypt the number in [].
  • This step is expressed as a formula:
  • X ′ is the first decrypted data
  • PDO is the first decrypted algorithm
  • SK (1) is the first private key
  • Y ′ is the second decrypted data.
  • This step is expressed as a formula:
  • X is the third decrypted data
  • Y is the fourth decrypted data
  • PDT is the second decryption algorithm
  • SK (2) is the second private key.
  • This step is expressed as a formula:
  • S is the first sum value
  • R is the second sum value
  • pkc is the third public key
  • N is the size of the integer field.
  • the ordinary homomorphic addition encryption algorithm only supports the calculation on the ciphertext encrypted under the same key, and SAD in this algorithm, given the ciphertext encrypted by different keys, [x] pka, [x] pkb, and the introduction
  • the random numbers r a and r b can also obtain the ciphertext corresponding to the plaintext addition.
  • the encrypted data is homomorphically encrypted by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
  • each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
  • S51b Encrypt the first part and the first random number respectively by using a set first public key, and multiply the two values obtained by encryption to obtain the first encrypted data; and separately set the second public key to each The second part and the second random number are encrypted, and the two encrypted values are multiplied to obtain the second encrypted data; the third random number and the second random number are summed by the first public key. Encrypt the difference of the first partial product to obtain third encrypted data; encrypt the difference between the fourth random number and the first random number and the second partial product by the second public key to obtain a fourth encryption data.
  • This step is expressed as a formula:
  • X is the first encrypted data
  • Y is the second encrypted data
  • S is the third encrypted data
  • T is the fourth encrypted data
  • pka is the first public key
  • [] pka is the first public key pair [].
  • Data is encrypted, x is the first part, r x is the first random number, y is the second part, r y is the second random number, [] pkb is the data in [] encrypted by the second public key, pkb is the second public key, R x is the third random number, and R y is the fourth random number.
  • S51c Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the first encrypted data.
  • Decrypt the second encrypted data to obtain the second decrypted data; decrypt the third encrypted data by the first decryption algorithm and the first private key to obtain third decrypted data; and pass the first decryption algorithm Decrypt the fourth encrypted data with the first private key to obtain fourth decrypted data.
  • This step is expressed as a formula:
  • X 1 PDO SK (1) (X)
  • Y 1 PDO SK (1) (Y)
  • S 1 PDO SK (1) (S)
  • T 1 PDO SK (1) (T)
  • PDO is the first decryption algorithm
  • SK (1) is the first private key
  • X 1 , Y 1 , S 1 , and T 1 are the first decrypted data, the second decrypted data, the third decrypted data, and the fourth decrypted in this order. data.
  • S51d Decrypt the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and perform decryption by using the second decryption algorithm and the second private key.
  • the second decrypted data and the first encrypted data are decrypted, and the two values obtained after decryption are multiplied to obtain a fifth decrypted data; the second decrypted algorithm and the second private key are used to pair the first Decrypt the three decrypted data and the third encrypted data to obtain a sixth decrypted data; and decrypt the fourth decrypted data and the fourth encrypted data by using the second decryption algorithm and the second private key, Get the seventh decrypted data.
  • This step is expressed as a formula:
  • h is the fifth decrypted data
  • PDT is the second decrypted algorithm
  • SK (2) is the second private key
  • S2 is the sixth decrypted data
  • T2 is the seventh decrypted data.
  • This step is expressed as a formula:
  • H, S3, T3, S4, S5, and S6 are the fifth decrypted data, the sixth decrypted data, the seventh decrypted data, the eighth encrypted data, the ninth encrypted data, and
  • pkc is a third public key
  • N represents a size of an integer domain.
  • S51f Multiply the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data to obtain the The encrypted cipher text of the data to be encrypted.
  • This step is expressed as a formula:
  • the multiplication homomorphism (SMD) given the ciphertexts [x] pka, [x] pkb, and random numbers rx, ry encrypted with different keys can also obtain the ciphertext corresponding to the plaintext multiplication.
  • the multi-key privacy protection outsourced computing algorithm can not only realize the encryption of the data to be encrypted, but also has higher computational efficiency than other homomorphic encryption algorithms.
  • the data to be encrypted is data that needs to be protected, such as transaction data.
  • multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data, the encrypted ciphertext can be obtained.
  • the request for calculating the encrypted cipher text may be specifically determined according to service requirements, such as calculating an average value or a variance of the encrypted cipher text.
  • the first blockchain node can upload a request to calculate encrypted ciphertext through a smart contract or op_return.
  • Smart contract is a computer protocol designed to spread, verify or execute contracts in an information-based manner. Smart contracts allow trusted transactions to be performed without a third party. These transactions are traceable and irreversible.
  • OP_RETURN can realize the broadcasting and recording of data in the blockchain, omitting the calculation steps, thus achieving the purpose of saving time and computing power.
  • the uploading a request for computing the encrypted ciphertext to a blockchain system includes:
  • Distributed file system refers to the physical storage resources managed by the file system are not necessarily directly connected to the local node, but connected to the node through a computer network.
  • the distributed file system may be an IPFS file system (InterPlanetary File System).
  • IPFS is a peer-to-peer distributed file system. It attempts to connect the same file system for all computing devices (IPFS miners).
  • the first blockchain node uploads the encrypted ciphertext to the distributed file system.
  • the file hash value (file hash) can be calculated before uploading the encrypted ciphertext, or the hash value of the file can be returned when uploading IPFS.
  • the first blockchain node creates a distributed hash-table (DHT, distributed hash table) in advance, and the DHT is accessed through the blockchain (Ethereum smart contract or Bitcoin op_return, etc.).
  • DHT stores file hash indexes.
  • Other blockchain nodes can obtain specific encrypted cipher text in the distributed file system through hash indexes.
  • the request for calculating the encrypted ciphertext uploaded by the first blockchain node may include the file hash value of the encrypted ciphertext.
  • the second blockchain node can obtain the request from the blockchain, obtain the encrypted ciphertext according to the request, and obtain the The encrypted ciphertext is calculated.
  • the present application also provides a blockchain data protection device 60, as shown in FIG. 6, including:
  • An encryption module 61 configured to perform homomorphic encryption on the encrypted data to obtain encrypted cipher text
  • the request uploading module 62 is configured to upload a request for calculating the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system may receive the request for the encrypted ciphertext when receiving the request. Calculation.
  • the encryption module 61 performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain the encrypted ciphertext.
  • the encryption module 61 obtains the encrypted ciphertext through the following operations:
  • Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the second encrypted data Decrypt the encrypted data to obtain the second decrypted data;
  • the difference between the first sum value and the second sum value is encrypted by a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third decrypted data and the fourth decryption The sum of data, the second sum value is the sum of the first random number and the second random number.
  • the encryption module 61 obtains the encrypted ciphertext through the following operations:
  • the first part and the first random number are respectively encrypted by the set first public key, and the two encrypted values are multiplied to obtain the first encrypted data.
  • the second public key is set to the first public key, respectively.
  • the second part and the second random number are encrypted, and the two values obtained after encryption are multiplied to obtain a second encrypted data;
  • the third random number is paired with the second random number and the first random number through the first public key. Encrypting a difference of a part of the product to obtain third encrypted data; encrypting a difference of the fourth random number with the first random number and the second part of the product by the second public key to obtain fourth encrypted data;
  • Decrypting the first decrypted data and the first encrypted data by a preset second decryption algorithm and a set second private key, and using the second decryption algorithm and the second private key to decrypt the first decrypted data and the first encrypted data Decrypt the second decrypted data and the first encrypted data, and multiply the two values obtained after decryption to obtain the fifth decrypted data; and decrypt the third by the second decryption algorithm and the second private key Decrypt the data and the third encrypted data to obtain a sixth decrypted data; decrypt the fourth decrypted data and the fourth encrypted data by the second decryption algorithm and the second private key to obtain a first Seven decrypted data;
  • the third public key encrypts a product of the first random number and the second random number, and calculates the (N-1) -th power of the value obtained after encryption to obtain eighth encrypted data; through the first Three public keys encrypt the third random number, and calculate the (N-1) th power of the value obtained after encryption to obtain the ninth encrypted data;
  • the fourth random number is performed by the third public key Encrypt and calculate the (N-1) power of the value obtained after encryption to obtain the tenth encrypted data;
  • N represents the size of the integer field;
  • the request uploading module 62 includes: an encrypted ciphertext uploading unit 621, configured to upload the encrypted ciphertext to a distributed file system, and obtain a file hash value of the encrypted ciphertext;
  • the correspondence relationship storage unit 622 is configured to store a correspondence relationship between the file hash value and the encrypted cipher text in the distributed file system into a pre-created distributed hash table; and a request upload unit 623, configured to: Upload a request to the blockchain system to calculate the encrypted ciphertext; the request includes a file hash value of the encrypted ciphertext.
  • a method for protecting blockchain data includes:
  • Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms.
  • the so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system.
  • Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc.
  • the person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
  • the encrypted ciphertext is obtained through a multi-key privacy protection outsourcing calculation algorithm for homomorphic encryption of encrypted data.
  • the multi-key privacy protection outsourcing calculation algorithm supports addition (SAD), multiplication (SMD), etc. This kind of operation can not only realize the encryption of the data to be encrypted, but also has higher calculation efficiency than other homomorphic encryption algorithms.
  • the data to be encrypted is data that needs to be protected, such as transaction data.
  • multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data the encrypted ciphertext can be obtained.
  • the first blockchain node uploads a request for computing the encrypted ciphertext to a blockchain system.
  • the second blockchain node obtains the request from the blockchain system. If the request includes a file hash value of the encrypted ciphertext, the second blockchain node obtains the file hash value of the encrypted ciphertext.
  • the second blockchain node needs to obtain the corresponding encrypted ciphertext according to the request for calculation.
  • the encrypted ciphertext is stored in a distributed file system; the request includes a file hash value of the encrypted ciphertext; and the obtaining the encrypted ciphertext according to the request includes:
  • the distributed hash table created in advance by the first blockchain node through the blockchain system; the distributed hash table stores a file hash value of the encrypted ciphertext and the distribution Corresponding relationship of the encrypted cipher text in the file system.
  • the distributed hash table stores the correspondence between the file hash value and the encrypted cipher text in the distributed file system.
  • the second blockchain node needs to access the distributed hash table through the blockchain system.
  • the request contains a file hash value.
  • the encrypted cipher text in the distributed file system corresponding to the file hash value can be determined, and then the encrypted cipher text is obtained from the distributed file system.
  • the second blockchain node can directly perform calculations on the encrypted ciphertext, such as averaging or variance. Since the multi-key privacy protection outsourcing calculation algorithm is adopted, not only the encryption of the blockchain data is realized, but also the efficiency of the calculation of the blockchain data is improved.
  • the second blockchain node calculates the encrypted ciphertext to obtain the calculation result, and uploads the calculation result to the blockchain system.
  • the blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
  • this application also provides a blockchain data protection device, as shown in FIG. 8, including:
  • a request obtaining module 81 is configured to obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
  • An encrypted ciphertext obtaining module 82 configured to obtain the encrypted ciphertext according to the request
  • a calculation module 83 configured to calculate the obtained encrypted cipher text
  • the uploading module 84 is configured to upload the calculation result to the blockchain system.
  • the encrypted ciphertext is stored in a distributed file system; the request includes a file hash value of the encrypted ciphertext; the encrypted ciphertext acquisition module 82 is configured to pass the blockchain
  • the system accesses a distributed hash table created in advance by the first blockchain node; the distributed hash table stores a file hash value of the encrypted ciphertext and the encrypted password in the distributed file system Correspondence between texts; according to the distributed hash table, look up the encrypted ciphertext corresponding to the file hash value in the request in the distributed file system.
  • An embodiment of the present application further provides a computer-readable storage medium on which a computer program is stored.
  • the storage medium includes, but is not limited to, any type of disk (including a floppy disk, a hard disk, an optical disk, a CD-ROM, and a magneto-optical disk), a ROM (Read-Only Memory, read-only memory), and a RAM (RandomAcceSS Memory, immediately (Memory), EPROM (EraSable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically EraSable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card. That is, the storage medium includes any medium that stores or transfers information in a readable form by a device (for example, a computer). It can be read-only memory, magnetic disk or optical disk, etc.
  • Each blockchain node (including the first blockchain node and the second blockchain node) in FIG. 1 is equivalent to a server.
  • FIG. 9 it is a schematic structural diagram of a server according to an embodiment of the present application, including a processor 92 and a storage device 93.
  • the storage device 93 may be used to store an application program 91 and various functional modules.
  • the processor 92 runs the application program 91 stored in the storage device 93 to execute various functional applications and data processing of the device.
  • the storage device 93 may be an internal memory or an external memory, or include both an internal memory and an external memory.
  • the internal memory may include a read-only memory, a programmable ROM (PROM), an electrically programmable ROM (EPROM), an electrically erasable programmable ROM (EEPROM), a flash memory, or a random access memory.
  • External storage may include hard disks, floppy disks, ZIP disks, U disks, magnetic tapes, and so on.
  • the storage devices disclosed in this application include, but are not limited to, these types of storage devices.
  • the storage device 93 disclosed in the present application is only an example and not a limitation.
  • the processor 92 is a control center of the server, and uses various interfaces and lines to connect various parts of the entire computer. By running or executing software programs and / or modules stored in the storage device 93, and calling data stored in the storage device, Perform various functions and process data. If the server is the server of the first blockchain node, the processor 92 encrypts the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, and uploads the encrypted ciphertext to the blockchain system to calculate the encrypted ciphertext. request. If the server is a server of a second blockchain node, the processor 92 obtains the request from the blockchain system, obtains the encrypted ciphertext according to the request, and calculates the obtained encrypted ciphertext.
  • steps in the flowchart of the drawings are sequentially displayed in accordance with the directions of the arrows, these steps are not necessarily performed in the order indicated by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited, and they can be performed in other orders. Moreover, at least a part of the steps in the flowchart of the drawing may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily performed at the same time, but may be performed at different times. The execution order is also It is not necessarily performed sequentially, but may be performed in turn or alternately with other steps or at least a part of the sub-steps or stages of other steps.

Abstract

The present application provides a blockchain data protection method, device and system, and a computer-readable storage medium, wherein same are applied in the technical field of blockchain. The method comprises: a first blockchain node performing homomorphic encryption on data to be encrypted so as to obtain encrypted ciphertext; the first blockchain node uploading a request for computing the encrypted ciphertext to a blockchain system; a second blockchain node acquiring the request from the blockchain system; the second blockchain node acquiring the encrypted ciphertext according to the request; and the second blockchain node computing the acquired encrypted ciphertext, and uploading a computation result to the blockchain system. The embodiments of the present application can protect blockchain data and improve the efficiency of the computation and processing of the blockchain data.

Description

区块链数据保护方法、装置、系统及计算机可读存储介质Blockchain data protection method, device, system and computer-readable storage medium 技术领域Technical field
本申请涉及区块链技术领域,具体而言,本申请涉及一种区块链数据保护方法、装置、系统及计算机可读存储介质。This application relates to the field of blockchain technology, and in particular, this application relates to a method, device, system, and computer-readable storage medium for protecting blockchain data.
背景技术Background technique
过去20年间,我们见证了互联网的快速发展,给我们带来了极大的生活便利。然而互联网应用却越来越集中化,资源大多被大型企业所掌控(如Google,Facebook,Twitter等)。为了使用这些应用,用户须将自己的隐私信息交给企业管理,对他们给与完全信任。目前的互联网充斥着身份盗用、垃圾邮件、广告和黑客等等。In the past 20 years, we have witnessed the rapid development of the Internet, which has brought us great convenience in life. However, Internet applications are becoming more and more centralized, and resources are mostly controlled by large enterprises (such as Google, Facebook, Twitter, etc.). In order to use these applications, users must give their private information to corporate management and give them full trust. The current Internet is flooded with identity theft, spam, advertising, hacking, and more.
比特币以太坊等区块链技术则提供了构建一个完全去中心化的互联网应用的基础。区块链底层技术构建了一个去中心化的可信任的分布式网络,所有节点维护一个共享的数据库账本,且所有记录可追溯,不可更改。Blockchain technologies such as Bitcoin and Ethereum provide the foundation for building a completely decentralized Internet application. The underlying technology of the blockchain builds a decentralized and trusted distributed network, all nodes maintain a shared database ledger, and all records are traceable and cannot be changed.
然而,用区块链去构造一个大型的互联网应用还有很多问题需要解决。现代的互联网应用往往需要在用户的隐私数据上进行大量的分析和计算。而区块链的公开可追溯可验证属性,导致目前区块链上的数据都是公开可见的(如比特币,所有交易记录均可查),如果用户上传隐私数据到区块链上,那么所有节点都可见。另外区块链也不适合计算繁重的应用,区块链上的计算资源主要用来记录数据库账本的变更、交易验证以及达成共识等,并不适合在大量数据上进行分析。However, there are still many problems to be solved by using blockchain to construct a large-scale Internet application. Modern Internet applications often require a lot of analysis and calculations on users' private data. The publicly traceable and verifiable attributes of the blockchain cause the data on the current blockchain to be publicly visible (such as Bitcoin, all transaction records can be checked). If users upload private data to the blockchain, then All nodes are visible. In addition, the blockchain is not suitable for calculation-intensive applications. The computing resources on the blockchain are mainly used to record changes in database ledgers, transaction verification, and reach consensus, etc., and are not suitable for analysis on large amounts of data.
因此,为了能够在区块链上搭建更加现代互联网应用,需要解决区块链数据隐私和计算效率的问题。Therefore, in order to be able to build more modern Internet applications on the blockchain, the issues of blockchain data privacy and computing efficiency need to be addressed.
发明内容Summary of the Invention
本申请针对现有方式的缺点,提出一种区块链数据保护方法、装置、系统及计算机可读存储介质,以保护区块链数据并提高区块链数据计算处理的效率。In view of the shortcomings of the existing methods, this application proposes a method, a device, a system, and a computer-readable storage medium for protecting blockchain data to protect the blockchain data and improve the efficiency of the calculation and processing of the blockchain data.
本申请的实施例根据第一个方面,提供了一种区块链数据保护方法,包括:Embodiments of the present application provide a method for protecting blockchain data according to a first aspect, including:
第一区块链节点对待加密数据进行同态加密,获得加密密文;The first blockchain node performs homomorphic encryption on the encrypted data to obtain the encrypted ciphertext;
所述第一区块链节点向区块链系统上传计算所述加密密文的请求;Uploading, by the first blockchain node, a request for computing the encrypted ciphertext to a blockchain system;
第二区块链节点从所述区块链系统获取所述请求;The second blockchain node obtains the request from the blockchain system;
所述第二区块链节点根据所述请求获取所述加密密文;Obtaining, by the second blockchain node, the encrypted ciphertext according to the request;
所述第二区块链节点对获取的加密密文进行计算,将计算结果上传到所述区块链系统。The second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain system.
本申请的实施例根据第二个方面,还提供了另一种区块链数据保护方法,包括:According to the second aspect, the embodiments of the present application also provide another method for protecting blockchain data, including:
对待加密数据进行同态加密,获得加密密文;Homomorphically encrypt encrypted data to obtain encrypted ciphertext;
向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区块链节点在接收到所述请求时对所述加密密文进行计算。Upload a request to calculate the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system can calculate the encrypted ciphertext when receiving the request.
本申请的实施例根据第三个方面,还提供了另一种区块链数据保护方法,包括:According to the third aspect, the embodiments of the present application also provide another method for protecting blockchain data, including:
从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得;Obtaining a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
根据所述请求获取所述加密密文;Obtaining the encrypted ciphertext according to the request;
对获取的加密密文进行计算;Calculate the obtained encrypted ciphertext;
将计算结果上传到所述区块链系统。The calculation results are uploaded to the blockchain system.
本申请的实施例根据第四个方面,还提供了一种区块链数据保护系统,包括第一区块链节点和第二区块链节点;The embodiment of the present application further provides a blockchain data protection system according to the fourth aspect, including a first blockchain node and a second blockchain node;
所述第一区块链节点用于对待加密数据进行同态加密,获得加密密文;向区块链系统上传计算所述加密密文的请求;The first blockchain node is configured to perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext; upload a request for calculating the encrypted ciphertext to a blockchain system;
所述第二区块链节点用于从所述区块链系统获取所述请求;根据所述请求获取所述加密密文;对获取的加密密文进行计算,将计算结果上传到所述区块链系统。The second blockchain node is configured to obtain the request from the blockchain system; obtain the encrypted ciphertext according to the request; calculate the obtained encrypted ciphertext, and upload the calculation result to the area Blockchain system.
本申请的实施例根据第五个方面,还提供了一种区块链数据保护装置,包括:The embodiment of the present application further provides a blockchain data protection device according to a fifth aspect, including:
加密模块,用于对待加密数据进行同态加密,获得加密密文;An encryption module for homomorphically encrypting the encrypted data to obtain encrypted cipher text;
请求上传模块,用于向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区块链节点在接收到所述请求时对所述加密密文进行计算。A request uploading module is configured to upload a request for calculating the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system perform the encryption ciphertext upon receiving the request. Calculation.
本申请的实施例根据第六个方面,还提供了另一种区块链数据保护装置,包括:According to a sixth aspect, the embodiments of the present application further provide another blockchain data protection device, including:
请求获取模块,用于从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得;A request obtaining module, configured to obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
加密密文获取模块,用于根据所述请求获取所述加密密文;An encrypted ciphertext obtaining module, configured to obtain the encrypted ciphertext according to the request;
计算模块,用于对获取的加密密文进行计算;A calculation module for calculating the obtained encrypted ciphertext;
上传模块,用于将计算结果上传到所述区块链系统。An uploading module is configured to upload the calculation result to the blockchain system.
本申请的实施例根据第七个方面,还提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述任意一项所述的区块链数据保护方法。According to a seventh aspect, the embodiments of the present application further provide a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the method for protecting a blockchain data according to any one of the foregoing is implemented. .
上述的区块链数据保护方法、装置、系统及计算机可读存储介质,对待加密数据进行同态加密,将得到的加密密文上传到区块链系统中,从而保护了区块链数据的安全;同态加密支持多个运算(加法,乘法)以及计算上的高效率,因此通过引进高效、计算操作类型更加丰富的同态加密,提高了区块链数据计算处理的效率。The foregoing blockchain data protection method, device, system, and computer-readable storage medium perform homomorphic encryption on encrypted data, and uploads the obtained encrypted ciphertext to the blockchain system, thereby protecting the security of the blockchain data. ; Homomorphic encryption supports multiple operations (addition, multiplication) and high computational efficiency. Therefore, by introducing efficient homomorphic encryption with more abundant computing operation types, the efficiency of blockchain data calculation processing is improved.
本申请附加的方面和优点将在下面的描述中部分给出,这些将从下面的描述中变得明显,或通过本申请的实践了解到。Additional aspects and advantages of the present application will be given in the following description, which will become apparent from the following description or be learned through the practice of the present application.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
本申请上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and / or additional aspects and advantages of this application will become apparent and easily understood from the following description of the embodiments in conjunction with the accompanying drawings, in which:
图1为本申请一个实施例的区块链数据保护方法所适用通信系统的结构示意图;FIG. 1 is a schematic structural diagram of a communication system applicable to a blockchain data protection method according to an embodiment of the present application;
图2为本申请一个实施例的区块链数据保护方法的示意图;2 is a schematic diagram of a blockchain data protection method according to an embodiment of the present application;
图3为本申请一个实施例的区块链数据保护方式的示意图;3 is a schematic diagram of a blockchain data protection method according to an embodiment of the present application;
图4为本申请一个实施例的区块链数据保护系统的示意图;4 is a schematic diagram of a blockchain data protection system according to an embodiment of the present application;
图5为本申请另一个实施例的区块链数据保护方法的示意图;5 is a schematic diagram of a blockchain data protection method according to another embodiment of the present application;
图6为本申请一个实施例的区块链数据保护装置的示意图;6 is a schematic diagram of a blockchain data protection device according to an embodiment of the present application;
图7为本申请另一个实施例的区块链数据保护方法的示意图;7 is a schematic diagram of a blockchain data protection method according to another embodiment of the present application;
图8为本申请另一个实施例的区块链数据保护装置的示意图;8 is a schematic diagram of a blockchain data protection device according to another embodiment of the present application;
图9为本申请一个实施例的服务器的示意图。FIG. 9 is a schematic diagram of a server according to an embodiment of the present application.
具体实施方式detailed description
下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至 终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本申请,而不能解释为对本申请的限制。Hereinafter, embodiments of the present application will be described in detail. Examples of the embodiments are shown in the drawings, wherein the same or similar reference numerals indicate the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the drawings are exemplary and are only used to explain the present application, and cannot be construed as limiting the present application.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本申请的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。Those skilled in the art will understand that, unless specifically stated otherwise, the singular forms "a", "an", "the" and "the" may include plural forms. It should be further understood that the word "comprising" used in the specification of this application refers to the presence of the described features, integers, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components, and / or groups thereof.
可以理解,本申请所使用的术语“第一”、“第二”等可在本文中用于描述各种元件,但这些元件不受这些术语限制。这些术语仅用于将第一个元件与另一个元件区分。举例来说,在不脱离本申请的范围的情况下,可以将第一区块链节点称为第二区块链节点,且类似地,可将第二区块链节点称为第一区块链节点。第一区块链节点和第二区块链节点两者都是区块链节点,但其不是同一个区块链节点。It is understood that the terms "first", "second", and the like used in this application can be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish the first element from another element. For example, without departing from the scope of this application, a first blockchain node may be referred to as a second blockchain node, and similarly, a second blockchain node may be referred to as a first block Chain node. Both the first blockchain node and the second blockchain node are blockchain nodes, but they are not the same blockchain node.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本申请所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It should also be understood that terms such as those defined in the general dictionary should be understood to have meanings consistent with the meanings in the context of the prior art, and unless specifically defined like this, they would not be idealized or overly Formal meaning to explain.
本申请提供的区块链数据保护方法,可以适用于图1所示的通信系统。如图1所示,该通信系统包括:区块链网络、第一区块链节点11和第二区块链节点12,此处只是示意性说明,并不限定区块链节点的具体个数,也不限定区块链节点的类型。区块链节点具体可以是智能手机、平板电脑、膝上型电脑等及其组合。第一区块链节点11用于对待加密数据进行加密并向区块链系统上传计算请求,第二区块链节点12用于获取请求,对请求中所执行的加密密文进行计算。The blockchain data protection method provided in this application can be applied to the communication system shown in FIG. 1. As shown in FIG. 1, the communication system includes: a blockchain network, a first blockchain node 11 and a second blockchain node 12. This is for illustrative purposes only, and does not limit the specific number of blockchain nodes. It also does not limit the types of blockchain nodes. Blockchain nodes can specifically be smartphones, tablets, laptops, etc., and combinations thereof. The first blockchain node 11 is used to encrypt the data to be encrypted and upload a calculation request to the blockchain system, and the second blockchain node 12 is used to obtain the request and calculate the encrypted ciphertext performed in the request.
首先从整个系统的角度出发,对本申请区块链数据保护方法和系统进行详细介绍。First, from the perspective of the entire system, the method and system for protecting blockchain data in this application will be described in detail.
如图2所示,在一个实施例中,一种区块链数据保护方法,包括:As shown in FIG. 2, in one embodiment, a method for protecting blockchain data includes:
S21、第一区块链节点对待加密数据进行同态加密,获得加密密文。S21. The first blockchain node performs homomorphic encryption on the encrypted data to obtain encrypted ciphertext.
区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。所谓共识机制是区块链系统中实现不同节点之间建立信任、获取权益的数学算法。区块链节点,指的是区块链网络中的计算机,包括手机、矿机、台式机和服务器等等,操作一个区块链节点的人可以是普通的钱包用户、矿工和多个人协作等。Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms. The so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system. Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc. The person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
隐私保护在区块链上是一大热门的方向,包括主打隐私的区块链的ZCash(大零币),Monero(门罗币),Dash(达世币),XVG(加密货币Verge)。其中ZCash使用的ZkSnark(zero-knowledge succint non-interactive arguments of knowledge,零知识下简明的非交互知识论证)使用了零知识证明等隐藏交易信息。而目前基于区块链平台应用的开发也越来越注重用户数据的隐私保护,这其中同态加密发挥了重要的作用。Privacy protection is a popular direction on the blockchain, including ZCash (big zero coin), Monero (monero), Dash (dash), and XVG (cryptographic currency Verge). Among them, ZkSnark (zero-knowledge, non-interactive, interactive, and simple knowledge under zero knowledge) used by ZCash uses zero-knowledge proofs and other hidden transaction information. At present, the development of applications based on the blockchain platform also pays more and more attention to the privacy protection of user data, among which homomorphic encryption plays an important role.
同态加密是一种较为特殊的加密,它允许在密文上直接进行计算(加法,乘法),解密之后,得到对应明文计算后的结果。同态加密又分为全同态加密(同时支持加法 和乘法)以及部分同态加密(加或乘),它是目前密码学的一个重要研究方向。尤其是全同态加密方面,它在用户隐私保护方面应用场景非常广泛,如实现可搜索加密,云平台分析用户加密数据等。第一个全同态加密方案基于格密码,由Craig Gentry在2009年提出,并由此引发了此方向的研究热潮。Homomorphic encryption is a special kind of encryption that allows calculations (addition, multiplication) to be performed directly on the ciphertext, and after decryption, the result corresponding to the plaintext calculation is obtained. Homomorphic encryption is divided into full homomorphic encryption (supporting both addition and multiplication) and partial homomorphic encryption (addition or multiplication), which is an important research direction of current cryptography. Especially in terms of full homomorphic encryption, it has a wide range of application scenarios in terms of user privacy protection, such as implementing searchable encryption, and cloud platforms analyzing user encrypted data. The first fully homomorphic encryption scheme was based on lattice ciphers, which was proposed by Craig Gentry in 2009, and has led to a boom in research in this direction.
同态加密可以采用现有技术中已有的加密方式,下面结合两个例子进行说明。Homomorphic encryption can use the existing encryption methods in the prior art, and it will be described below with reference to two examples.
如Nebula Genomics,致力于使用区块链技术来促进基因分析的研究发展。消除基因市场的中间商,使用户能够掌握自己基因数据的买卖,医院和大学等科研机构也能直接从个人购买基因数据。而这个过程中就不可避免地需要用户将基因数据发送给买方,买方再对数据进行计算分析。为了保护用户的隐私,Nebula Genomics使用了Intel Software Guard Extensions(SGX,英特尔软件保护扩展)和部分同态加密(加法),如图3所示。For example, Nebula Genomics is committed to using blockchain technology to promote the research and development of genetic analysis. Eliminate middlemen in the gene market, so that users can control the buying and selling of their own genetic data, and scientific research institutions such as hospitals and universities can also purchase genetic data directly from individuals. In this process, users are inevitably required to send genetic data to the buyer, and the buyer then performs calculation analysis on the data. In order to protect the privacy of users, Nebula Genomics uses Intel Software Guard Extensions (SGX, Intel Software Protection Extensions) and some homomorphic encryption (addition), as shown in Figure 3.
Enigma则提供了一个适用范围更加广泛的隐私保护计算平台。适用安全的多方计算,用户可以将需要处理的数据拆成多份分发给不同的节点进行计算,进一步地提高了计算处理速度。此外,使用SPDZ来防止恶意节点的攻击,以及对密文进行相关的同态加密运算。Enigma provides a more extensive privacy-protected computing platform. Applicable to secure multi-party computing, users can split the data to be processed into multiple copies and distribute them to different nodes for calculation, further improving the calculation processing speed. In addition, SPDZ is used to prevent attacks by malicious nodes and perform related homomorphic encryption operations on ciphertext.
但是,本申请的申请人经研究发现,目前这些应用都受限于同态加密计算的效率问题。比如Nebula就只能先使用加同态加密处理数据,计算繁重的任务则还是放在SGX中解密后进行计算。Enigma中的同态计算也主要是加同态,乘同态需要构造一个三元组<a,b,c>,满足c=ab,那么s=s1*s2可由如下计算:However, the applicant of this application has found through research that these applications are currently limited by the efficiency of homomorphic encryption calculations. For example, Nebula can only use homomorphic encryption to process the data first, and the calculation-intensive tasks are still performed in SGX after decryption. The homomorphism calculation in Enigma also mainly adds homomorphism. Multiplication of homomorphism requires the construction of a triplet <a, b, c> that satisfies c = ab, then s = s1 * s2 can be calculated as follows:
s=c+e*b+f*a+e*fs = c + e * b + f * a + e * f
e=s1-a,f=s2-b。e = s1-a, f = s2-b.
三元组的构造需要大量计算,而且,SPDZ防恶意节点还需要进行数据重拆分,又增加了通信方面的开销。The construction of the triplet requires a lot of calculations, and SPDZ anti-malicious nodes also need to perform data re-splitting, which increases the communication overhead.
因此,要在区块链上支持真正的同态加密计算,保护用户隐私,还需要进一步优化计算效率。为了能够更加方便地支持同态加密在区块链上的使用,选择和设计的同态加密算法需要支持多个运算(加法,乘法)以及计算上的高效率。在一个实施例中,所述第一区块链节点对待加密数据进行同态加密,获得加密密文,包括:第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。多密钥隐私保护外包计算算法支持整数上的加法(SAD),乘法(SMD),甚至除法(SDIV),求解最大公因子(SGCD),最大最小值筛选(SMMS)等等。Therefore, to support true homomorphic encryption computing on the blockchain and protect user privacy, further optimization of computing efficiency is needed. In order to more conveniently support the use of homomorphic encryption on the blockchain, the homomorphic encryption algorithm selected and designed needs to support multiple operations (addition, multiplication) and high computational efficiency. In one embodiment, the first blockchain node performs homomorphic encryption on the encrypted data to obtain encrypted ciphertext, including: the first blockchain node performs homomorphism on the encrypted data through a multi-key privacy protection outsourcing computing algorithm. Encrypt to get encrypted ciphertext. Multi-key privacy protection outsourcing calculation algorithms support addition (SAD), multiplication (SMD), and even division (SDIV) over integers, solving the greatest common factor (SGCD), maximum and minimum filtering (SMMS), and more.
区块链平台整合多密钥隐私保护外包计算算法中的加法,乘法,已经能够满足几乎所有应用要求,如统计员工工资,在用户数据样本上进行机器神经网络学习等等,其他运算可以在这两个运算上推导而来。为了更好理解该算法,以加同态和乘同态进行说明。The blockchain platform integrates the addition and multiplication in the multi-key privacy protection outsourcing calculation algorithm, which can already meet almost all application requirements, such as counting employee salaries, performing machine neural network learning on user data samples, and other operations. Two operations are derived. In order to better understand the algorithm, we will use add homomorphism and multiplication homomorphism for illustration.
在一个实施例中,所述第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:In one embodiment, the first blockchain node performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
S211、第一区块链节点将待加密数据拆分为第一部分和第二部分。S211. The first blockchain node splits the data to be encrypted into a first part and a second part.
将待加密数据拆分成两部分的方式有很多种,例如,按照从前到后的顺序,将待加密数据进行拆分成两部分,又例如,将待加密数据中的各个数据按照属性进行归为两类,每一类为一部分,等等。There are many ways to split the data to be encrypted into two parts. For example, the data to be encrypted is split into two parts in order from front to back. For example, each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
S212、所述第一区块链节点通过设置的第一公钥对所述第一部分和第一随机数 的和进行加密,获得第一加密数据;通过设置的第二公钥对所述第二部分和第二随机数的和进行加密,获得第二加密数据。S212. The first blockchain node encrypts the sum of the first part and the first random number by a set first public key to obtain a first encrypted data; and the second public key sets the second public key. The sum of the partial and second random numbers is encrypted to obtain second encrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X=[x] pka*[r a] pka=[x+r a] pka、Y=[y] pkb*[r b] pkb=[y+r b] pkb X = [x] pka * [r a ] pka = [x + r a ] pka , Y = [y] pkb * [r b ] pkb = [y + r b ] pkb
其中,X为第一加密数据, pka为第一公钥,x为第一部分,r a为第一随机数,[] pka为第一公钥对[]中的数进行加密, pkb为第二公钥,y为第二部分,r b为第二随机数,[] pkb为第二公钥对[]中的数进行加密。 Wherein, X is a first encrypted data, pka of the first public key, x is a first portion, r a is a first random number, [] pka a first public key pair [] is the number of encrypted, pkb second Public key, y is the second part, r b is the second random number, and [] pkb is the second public key to encrypt the number in [].
S213、所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据。S213: The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain the first decrypted data; and using the first decryption algorithm and the The first private key decrypts the second encrypted data to obtain second decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X’=PDO SK (1)(X)、Y’=PDO SK (1)(Y) X '= PDO SK (1) (X), Y' = PDO SK (1) (Y)
其中,X’为第一解密数据,PDO为第一解密算法, SK (1)为第一私钥,Y’为第二解密数据。 Among them, X ′ is the first decrypted data, PDO is the first decrypted algorithm, SK (1) is the first private key, and Y ′ is the second decrypted data.
S214、所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一加密数据和所述第一解密数据进行解密,得到第三解密数据;通过所述第二解密算法和所述第二私钥对所述第二加密数据和所述第二解密数据进行解密,得到第四解密数据。S214. The first blockchain node decrypts the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data. The second decryption algorithm and the second private key decrypt the second encrypted data and the second decrypted data to obtain fourth decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X”=PDT SK (2)(X;X’)、Y”=PDT SK (2)(Y;Y’) X ”= PDT SK (2) (X; X '), Y” = PDT SK (2) (Y; Y')
其中,X”为第三解密数据,Y”为第四解密数据,PDT为第二解密算法, SK (2)为第二私钥。 Among them, X "is the third decrypted data, Y" is the fourth decrypted data, PDT is the second decryption algorithm, and SK (2) is the second private key.
S215、所述第一区块链节点通过第三公钥对第一和值和第二和值的差进行加密,获得所述待加密数据的加密密文;所述第一和值为所述第三解密数据和所述第四解密数据的和,所述第二和值为所述第一随机数和所述第二随机数的和。S215. The first blockchain node encrypts the difference between the first sum value and the second sum value through a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the A sum of the third decrypted data and the fourth decrypted data, and the second sum value is a sum of the first random number and the second random number.
该步骤采用公式表述为:This step is expressed as a formula:
S=X”+Y”,R=r a+r b S = X ”+ Y”, R = r a + r b
那么,[S] pkc·([R] pkc) N-1=[S-R] pkc=[x+y] pkc Then, [S] pkc · ([R] pkc ) N-1 = [SR] pkc = [x + y] pkc
其中,S为第一和值,R为第二和值, pkc为第三公钥,N表示整数域的大小。 Among them, S is the first sum value, R is the second sum value, pkc is the third public key, and N is the size of the integer field.
普通的同态加法加密算法,只支持相同密钥下加密的密文上的计算,而该算法中的SAD,给定不同密钥加密的密文[x]pka、[x]pkb,以及引入随机数r a和r b也可以得到对应明文加法后的密文。 The ordinary homomorphic addition encryption algorithm only supports the calculation on the ciphertext encrypted under the same key, and SAD in this algorithm, given the ciphertext encrypted by different keys, [x] pka, [x] pkb, and the introduction The random numbers r a and r b can also obtain the ciphertext corresponding to the plaintext addition.
在另一个实施例中,所述第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:In another embodiment, the first blockchain node performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
S21a、第一区块链节点将待加密数据拆分为第一部分和第二部分。S21a. The first blockchain node splits the data to be encrypted into a first part and a second part.
将待加密数据拆分成两部分的方式有很多种,例如,按照从前到后的顺序,将待加密数据进行拆分成两部分,又例如,将待加密数据中的各个数据按照属性进行归为两类,每一类为一部分,等等。There are many ways to split the data to be encrypted into two parts. For example, the data to be encrypted is split into two parts in order from front to back. For example, each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
S21b、所述第一区块链节点通过设置的第一公钥分别对所述第一部分和第一随机数进行加密,将加密后得到的两个数值相乘,获得第一加密数据;通过设置的第二公钥分别对所述第二部分和第二随机数进行加密,将加密后得到的两个数值相乘, 获得第二加密数据;通过所述第一公钥对第三随机数与所述第二随机数和所述第一部分乘积的差进行加密,获得第三加密数据;通过所述第二公钥对第四随机数与所述第一随机数和所述第二部分乘积的差进行加密,获得第四加密数据。S21b. The first blockchain node encrypts the first part and the first random number through a set first public key, and multiplies the two values obtained after encryption to obtain the first encrypted data. Encrypts the second part and the second random number with the second public key, and multiplies the two values obtained after encryption to obtain the second encrypted data; Encrypt the difference between the product of the second random number and the first part to obtain third encrypted data; use the second public key to pair the fourth random number with the product of the first random number and the second part The difference is encrypted, and the fourth encrypted data is obtained.
该步骤采用公式表述为:This step is expressed as a formula:
X=[x] pka*[r x] pka、Y=[y] pkb*[r y] pkb X = [x] pka * [r x ] pka , Y = [y] pkb * [r y ] pkb
S=[R x] pka·([x] pka) N-r y=[R x-r y·x] pka S = [R x ] pka · ([x] pka ) Nr y = [R x -r y · x] pka
T=[R y] pkb·([y] pkb) N-r x=[R y-r x·y] pkb T = [R y ] pkb · ([y] pkb ) Nr x = [R y -r x · y] pkb
其中,X为第一加密数据,Y为第二加密数据,S为第三加密数据,T为第四加密数据, pka为第一公钥,[] pka为采用第一公钥对[]中的数据进行加密,x为第一部分,r x为第一随机数,y为第二部分,r y为第二随机数,[] pkb为采用第二公钥对[]中的数据进行加密, pkb为第二公钥,R x为第三随机数,R y为第四随机数。 Among them, X is the first encrypted data, Y is the second encrypted data, S is the third encrypted data, T is the fourth encrypted data, pka is the first public key, and [] pka is the first public key pair []. Data is encrypted, x is the first part, r x is the first random number, y is the second part, r y is the second random number, [] pkb is the data in [] encrypted by the second public key, pkb is the second public key, R x is the third random number, and R y is the fourth random number.
S21c、所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;通过所述第一解密算法和所述第一私钥对所述第三加密数据进行解密,获得第三解密数据;通过所述第一解密算法和所述第一私钥对所述第四加密数据进行解密,获得第四解密数据。S21c. The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data. The first private key decrypts the second encrypted data to obtain second decrypted data; and decrypts the third encrypted data through the first decryption algorithm and the first private key to obtain third decrypted data ; Decrypting the fourth encrypted data by using the first decryption algorithm and the first private key to obtain fourth decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X 1=PDO SK (1)(X)、Y 1=PDO SK (1)(Y)S 1=PDO SK (1)(S)、T 1=PDO SK (1)(T) X 1 = PDO SK (1) (X), Y 1 = PDO SK (1) (Y) S 1 = PDO SK (1) (S), T 1 = PDO SK (1) (T)
其中,PDO为第一解密算法, SK (1)为第一私钥,X 1、Y 1、S 1、T 1依次为第一解密数据、第二解密数据、第三解密数据和第四解密数据。 Among them, PDO is the first decryption algorithm, SK (1) is the first private key, and X 1 , Y 1 , S 1 , and T 1 are the first decrypted data, the second decrypted data, the third decrypted data, and the fourth decrypted in this order. data.
S21d、所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一解密数据和所述第一加密数据进行解密,通过所述第二解密算法和所述第二私钥对所述第二解密数据和所述第一加密数据进行解密,将解密后得到的两个数值相乘,获得第五解密数据;通过所述第二解密算法和所述第二私钥对所述第三解密数据和所述第三加密数据进行解密,获得第六解密数据;通过所述第二解密算法和所述第二私钥对所述第四解密数据和所述第四加密数据进行解密,获得第七解密数据。S21d. The first blockchain node decrypts the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and using the second decryption algorithm and Decrypting the second decrypted data and the first encrypted data by the second private key, and multiplying the two values obtained after the decryption to obtain fifth decrypted data; by the second decryption algorithm and the The second private key decrypts the third decrypted data and the third encrypted data to obtain a sixth decrypted data; the fourth decrypted data and all the encrypted data are obtained through the second decryption algorithm and the second private key. Decrypt the fourth encrypted data to obtain the seventh decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
h=PDT SK (2)(X1;X)·PDT SK (2)(Y1;X), h = PDT SK (2) (X1; X) · PDT SK (2) (Y1; X),
S2=PDT SK (2)(S1;S),T2=PDT SK (2)(T1;T). S2 = PDT SK (2) (S1; S), T2 = PDT SK (2) (T1; T).
其中,h为第五解密数据,PDT为第二解密算法, SK (2)为第二私钥,S2为第六解密数据,T2为第七解密数据。 Among them, h is the fifth decrypted data, PDT is the second decrypted algorithm, SK (2) is the second private key, S2 is the sixth decrypted data, and T2 is the seventh decrypted data.
S21e、所述第一区块链节点通过设置的第三公钥分别对所述第五解密数据、所述第六解密数据和所述第七解密数据进行加密,获得第五加密数据、第六加密数据和第七加密数据;通过所述第三公钥对所述第一随机数和所述第二随机数的乘积进行加密,并计算加密后得到的值的(N-1)次方,获得第八加密数据;通过所述第三公钥对所述第三随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第九加密数据;通过所述第三公钥对所述第四随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第十加密数据;N表示整数域的大小。S21e. The first blockchain node encrypts the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data and the sixth Encrypted data and seventh encrypted data; encrypting a product of the first random number and the second random number with the third public key, and calculating the (N-1) th power of the value obtained after the encryption, Obtain the eighth encrypted data; encrypt the third random number by the third public key, and calculate the (N-1) -th power of the encrypted value to obtain the ninth encrypted data; pass the third The public key encrypts the fourth random number, and calculates the (N-1) -th power of the value obtained after encryption to obtain tenth encrypted data; N represents the size of the integer field.
该步骤采用公式表述为:This step is expressed as a formula:
H=[h] pkc,S3=[S2] pkc,T3=[T2] pkc H = [h] pkc , S3 = [S2] pkc , T3 = [T2] pkc
S4=([r x·r y] pkc) N-1,S5=([Rx] pkc) N-1,S6=([Ry] pkc) N-1, S4 = ([r x · r y ] pkc ) N-1 , S5 = ([Rx] pkc ) N-1 , S6 = ([Ry] pkc ) N-1 ,
其中,H、S3、T3、S4、S5和S6依次为所述第五解密数据、所述第六解密数 据、所述第七解密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据,pkc为第三公钥,N表示整数域的大小。Wherein, H, S3, T3, S4, S5, and S6 are the fifth decrypted data, the sixth decrypted data, the seventh decrypted data, the eighth encrypted data, the ninth encrypted data, and In the tenth encrypted data, pkc is a third public key, and N represents a size of an integer domain.
S21f、所述第一区块链节点将所述第五加密数据、所述第六加密数据、所述第七加密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据相乘,获得所述待加密数据的加密密文。S21f. The first blockchain node sends the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth Multiply the encrypted data to obtain the encrypted ciphertext of the data to be encrypted.
该步骤采用公式表述为:This step is expressed as a formula:
H·T3·S3·S4·S5·S6=[(h+(Rx-ry·x)+(Ry-rx·y)-rx·ry-Rx-Ry)]pkc=[x·y] pkc H · T3 · S3 · S4 · S5 · S6 = [(h + (Rx-ry · x) + (Ry-rx · y) -rx · ry-Rx-Ry)] pkc = [x · y] pkc
上述乘同态(SMD)给定不同密钥加密的密文[x]pka、[x]pkb,随机数rx,ry,也可以得到对应明文乘法后的密文。The multiplication homomorphism (SMD) given the ciphertexts [x] pka, [x] pkb, and random numbers rx, ry encrypted with different keys can also obtain the ciphertext corresponding to the plaintext multiplication.
经测试1024bit(比特)整数,80bit安全级别,8核3.6GHZ(千兆赫兹)的PC(personal computer,个人计算机)上,SAD的时间消耗约为185ms,SMD的效率为480ms,大大提高了区块链数据计算效率。After testing 1024bit (bit) integer, 80bit security level, 8-core 3.6GHZ (gigahertz) PC (personal computer), the time consumption of SAD is about 185ms, and the efficiency of SMD is 480ms, which greatly improves the area. Blockchain data calculation efficiency.
因此,多密钥隐私保护外包计算算法不仅可以实现对待加密数据的加密,而且相较于其他同态加密算法,计算效率较高。待加密数据为需要进行隐私保护的数据,例如交易数据等等。采用多密钥隐私保护外包计算算法对待加密数据进行加密,就可以获得加密密文。Therefore, the multi-key privacy protection outsourced computing algorithm can not only realize the encryption of the data to be encrypted, but also has higher computational efficiency than other homomorphic encryption algorithms. The data to be encrypted is data that needs to be protected, such as transaction data. Using multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data, the encrypted ciphertext can be obtained.
S22、所述第一区块链节点向区块链系统上传计算所述加密密文的请求。S22. The first blockchain node uploads a request for computing the encrypted ciphertext to a blockchain system.
计算加密密文的请求具体可以根据业务要求确定,比如计算加密密文的平均值或者方差等等。第一区块链节点可以通过智能合约或者op_return等上传计算加密密文的请求。智能合约(Smart contract)是一种旨在以信息化方式传播、验证或执行合同的计算机协议,智能合约允许在没有第三方的情况下进行可信交易,这些交易可追踪且不可逆转。OP_RETURN能够实现数据在区块链中的广播和记录,省略了计算的步骤,因此达到了节省时间和算力的目的。The request for calculating the encrypted cipher text may be specifically determined according to service requirements, such as calculating an average value or a variance of the encrypted cipher text. The first blockchain node can upload a request to calculate encrypted ciphertext through a smart contract or op_return. Smart contract is a computer protocol designed to spread, verify or execute contracts in an information-based manner. Smart contracts allow trusted transactions to be performed without a third party. These transactions are traceable and irreversible. OP_RETURN can realize the broadcasting and recording of data in the blockchain, omitting the calculation steps, thus achieving the purpose of saving time and computing power.
在一个实施例中,所述第一区块链节点向区块链系统上传计算所述加密密文的请求,包括:In one embodiment, the uploading, by the first blockchain node to the blockchain system, a request to calculate the encrypted ciphertext includes:
S221、所述第一区块链节点将所述加密密文上传至分布式文件系统,并获取所述加密密文的文件哈希值。S221. The first blockchain node uploads the encrypted ciphertext to a distributed file system, and obtains a file hash value of the encrypted ciphertext.
分布式文件系统(Distributed File System)是指文件系统管理的物理存储资源不一定直接连接在本地节点上,而是通过计算机网络与节点相连。为了更适合区块链应用开发,可选的,分布式文件系统可以为IPFS文件系统(InterPlanetary FileSystem,星际文件系统)。IPFS是一个对等的分布式文件系统,它尝试为所有计算设备(IPFS矿机)连接同一个文件系统。Distributed file system (Distributed File System) refers to the physical storage resources managed by the file system are not necessarily directly connected to the local node, but connected to the node through a computer network. In order to be more suitable for blockchain application development, optionally, the distributed file system may be an IPFS file system (InterPlanetary File System, Interstellar File System). IPFS is a peer-to-peer distributed file system. It attempts to connect the same file system for all computing devices (IPFS miners).
第一区块链节点将加密密文上传到分布式文件系统。文件哈希值(文件hash)可以在上传加密密文之前计算出,也可以上传IPFS的时候返回文件的hash值。The first blockchain node uploads the encrypted ciphertext to the distributed file system. The file hash value (file hash) can be calculated before uploading the encrypted ciphertext, or the hash value of the file can be returned when uploading IPFS.
S222、所述第一区块链节点将所述文件哈希值与所述分布式文件系统中所述加密密文的对应关系存入预先创建的分布式哈希表中。S222. The first blockchain node stores a correspondence between the file hash value and the encrypted cipher text in the distributed file system into a pre-created distributed hash table.
第一区块链节点预先创建distributed hash-table(DHT,分布式哈希表),DHT通过区块链访问(以太坊智能合约或者比特币op_return等)。DHT存储文件哈希索引,其他区块链节点可以通过哈希索引在分布式文件系统中获取具体加密密文。The first blockchain node creates a distributed hash-table (DHT, distributed hash table) in advance, and the DHT is accessed through the blockchain (Ethereum smart contract or Bitcoin op_return, etc.). DHT stores file hash indexes. Other blockchain nodes can obtain specific encrypted cipher text in the distributed file system through hash indexes.
S223、所述第一区块链节点向区块链系统上传计算所述加密密文的请求;所述请求包括所述加密密文的文件哈希值。S223. The first blockchain node uploads a request for calculating the encrypted ciphertext to a blockchain system; the request includes a file hash value of the encrypted ciphertext.
为了便于其它区块链节点查找到所要计算的加密密文,第一区块链节点上传的计算加密密文的请求中可以包括加密密文的文件哈希值。In order to facilitate other blockchain nodes to find the encrypted ciphertext to be calculated, the request for calculating the encrypted ciphertext uploaded by the first blockchain node may include the file hash value of the encrypted ciphertext.
S23、第二区块链节点从所述区块链系统获取所述请求。S23. The second blockchain node obtains the request from the blockchain system.
第一区块链节点向区块链系统上传计算所述加密密文的请求后,第二区块链节点可以从区块链系统中获取该请求。如果请求中包括加密密文的文件哈希值,则第二区块链节点获取到加密密文的文件哈希值。After the first blockchain node uploads a request to calculate the encrypted ciphertext to the blockchain system, the second blockchain node can obtain the request from the blockchain system. If the request includes a file hash value of the encrypted ciphertext, the second blockchain node obtains the file hash value of the encrypted ciphertext.
S24、所述第二区块链节点根据所述请求获取所述加密密文。S24. The second blockchain node obtains the encrypted ciphertext according to the request.
第二区块链节点需要根据请求获取对应的加密密文,以进行计算。在一个实施例中,所述第二区块链节点根据所述请求获取所述加密密文,包括:The second blockchain node needs to obtain the corresponding encrypted ciphertext according to the request for calculation. In one embodiment, the obtaining, by the second blockchain node, the encrypted ciphertext according to the request includes:
S241、所述第二区块链节点通过所述区块链系统访问所述分布式哈希表。S241. The second blockchain node accesses the distributed hash table through the blockchain system.
分布式哈希表中存储有文件哈希值与分布式文件系统中的加密密文的对应关系。第二区块链节点需要通过区块链系统访问该分布式哈希表。The distributed hash table stores the correspondence between the file hash value and the encrypted cipher text in the distributed file system. The second blockchain node needs to access the distributed hash table through the blockchain system.
S242、所述第二区块链节点根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。S242. The second blockchain node searches the distributed file system for the encrypted ciphertext corresponding to the file hash value in the request according to the distributed hash table.
请求中包含文件哈希值,根据分布式哈希表可以确定该文件哈希值对应的分布式文件系统中的加密密文,然后从分布式文件系统中获取该加密密文。The request contains a file hash value. According to the distributed hash table, the encrypted cipher text in the distributed file system corresponding to the file hash value can be determined, and then the encrypted cipher text is obtained from the distributed file system.
S25、所述第二区块链节点对获取的加密密文进行计算,将计算结果上传到所述区块链系统。S25. The second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain system.
获取到加密密文后,第二区块链节点就可以直接在该加密密文上进行计算,例如求平均值或者方差等,得到计算结果,将该计算结果上传到区块链系统中。由于采用了多密钥隐私保护外包计算算法,因此不仅实现了区块链数据的加密,而且还提高了区块链数据计算的效率。After the encrypted ciphertext is obtained, the second blockchain node can directly perform calculations on the encrypted ciphertext, such as averaging or variance, to obtain the calculation result, and upload the calculation result to the blockchain system. Since the multi-key privacy protection outsourcing calculation algorithm is adopted, not only the encryption of the blockchain data is realized, but also the efficiency of the calculation of the blockchain data is improved.
在一个实施例中,所述第二区块链节点对获取的加密密文进行计算,将计算结果上传到所述区块链系统,之后,还包括:所述区块链系统验证所述计算结果有效时,向所述第二区块链节点发放代币奖励。区块链系统验证第二区块链节点上传的计算结果是否准确,如果准确,则向计算准确的第二区块链节点发放代币奖励,例如一定数量的比特币等等,如果不准确,则不向上传计算结果的第二区块链节点发放代币奖励。In one embodiment, the second blockchain node calculates the obtained encrypted ciphertext, uploads the calculation result to the blockchain system, and then further includes: the blockchain system verifies the calculation. When the result is valid, a token reward is issued to the second blockchain node. The blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
基于同一发明构思,本申请还提供一种区块链数据保护系统,包括第一区块链节点41和第二区块链节点42;Based on the same inventive concept, the present application also provides a blockchain data protection system, including a first blockchain node 41 and a second blockchain node 42;
所述第一区块链节点41用于对待加密数据进行同态加密,获得加密密文;向区块链系统上传计算所述加密密文的请求;The first blockchain node 41 is configured to perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext; upload a request for computing the encrypted ciphertext to a blockchain system;
所述第二区块链节点42用于从所述区块链系统获取所述请求;根据所述请求获取所述加密密文;对获取的加密密文进行计算,将计算结果上传到所述区块链系统。The second blockchain node 42 is configured to obtain the request from the blockchain system; obtain the encrypted ciphertext according to the request; perform calculation on the obtained encrypted ciphertext, and upload the calculation result to the Blockchain system.
在一个实施例中,第一区块链节点41通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。In one embodiment, the first blockchain node 41 performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext.
在一个实施例中,第一区块链节点41通过以下操作获得加密密文:In one embodiment, the first blockchain node 41 obtains the encrypted ciphertext through the following operations:
第一区块链节点将待加密数据拆分为第一部分和第二部分;The first blockchain node splits the data to be encrypted into a first part and a second part;
所述第一区块链节点通过设置的第一公钥对所述第一部分和第一随机数的和进行加密,获得第一加密数据;通过设置的第二公钥对所述第二部分和第二随机数 的和进行加密,获得第二加密数据;The first blockchain node encrypts the sum of the first part and the first random number by a set first public key to obtain the first encrypted data; and sets the second part and the second part by a set second public key. Encrypt the sum of the second random number to obtain second encrypted data;
所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypting the second encrypted data to obtain second decrypted data;
所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一加密数据和所述第一解密数据进行解密,得到第三解密数据;通过所述第二解密算法和所述第二私钥对所述第二加密数据和所述第二解密数据进行解密,得到第四解密数据;The first blockchain node decrypts the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data; through the first Two decryption algorithms and the second private key decrypt the second encrypted data and the second decrypted data to obtain fourth decrypted data;
所述第一区块链节点通过第三公钥对第一和值和第二和值的差进行加密,获得所述待加密数据的加密密文;所述第一和值为所述第三解密数据和所述第四解密数据的和,所述第二和值为所述第一随机数和所述第二随机数的和。The first blockchain node encrypts the difference between the first sum value and the second sum value through a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third The sum of the decrypted data and the fourth decrypted data, and the second sum is a sum of the first random number and the second random number.
在另一个实施例中,第一区块链节点41通过以下操作获得加密密文:In another embodiment, the first blockchain node 41 obtains the encrypted ciphertext through the following operations:
第一区块链节点将待加密数据拆分为第一部分和第二部分;The first blockchain node splits the data to be encrypted into a first part and a second part;
所述第一区块链节点通过设置的第一公钥分别对所述第一部分和第一随机数进行加密,将加密后得到的两个数值相乘,获得第一加密数据;通过设置的第二公钥分别对所述第二部分和第二随机数进行加密,将加密后得到的两个数值相乘,获得第二加密数据;通过所述第一公钥对第三随机数与所述第二随机数和所述第一部分乘积的差进行加密,获得第三加密数据;通过所述第二公钥对第四随机数与所述第一随机数和所述第二部分乘积的差进行加密,获得第四加密数据;The first blockchain node encrypts the first part and the first random number respectively through a first public key that is set, and multiplies the two values obtained after encryption to obtain the first encrypted data. Two public keys respectively encrypt the second part and the second random number, and multiply the two values obtained after encryption to obtain the second encrypted data; the third random number and the third random number are obtained by the first public key Encrypt the difference between the second random number and the first partial product to obtain third encrypted data; perform the difference between the fourth random number and the first random number and the second partial product by using the second public key; Encrypt to obtain the fourth encrypted data;
所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;通过所述第一解密算法和所述第一私钥对所述第三加密数据进行解密,获得第三解密数据;通过所述第一解密算法和所述第一私钥对所述第四加密数据进行解密,获得第四解密数据;The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypts the second encrypted data to obtain second decrypted data; decrypts the third encrypted data through the first decryption algorithm and the first private key to obtain third decrypted data; Decrypting the fourth encrypted data by the first decryption algorithm and the first private key to obtain fourth decrypted data;
所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一解密数据和所述第一加密数据进行解密,通过所述第二解密算法和所述第二私钥对所述第二解密数据和所述第一加密数据进行解密,将解密后得到的两个数值相乘,获得第五解密数据;通过所述第二解密算法和所述第二私钥对所述第三解密数据和所述第三加密数据进行解密,获得第六解密数据;通过所述第二解密算法和所述第二私钥对所述第四解密数据和所述第四加密数据进行解密,获得第七解密数据;The first blockchain node decrypts the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and by using the second decryption algorithm and the The second private key decrypts the second decrypted data and the first encrypted data, and multiplies the two values obtained after decryption to obtain a fifth decrypted data; the second decryption algorithm and the second decrypted data are obtained. A private key decrypts the third decrypted data and the third encrypted data to obtain a sixth decrypted data; the fourth decrypted data and the first decrypted data are obtained through the second decryption algorithm and the second private key. Four encrypted data are decrypted to obtain seventh decrypted data;
所述第一区块链节点通过设置的第三公钥分别对所述第五解密数据、所述第六解密数据和所述第七解密数据进行加密,获得第五加密数据、第六加密数据和第七加密数据;通过所述第三公钥对所述第一随机数和所述第二随机数的乘积进行加密,并计算加密后得到的值的(N-1)次方,获得第八加密数据;通过所述第三公钥对所述第三随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第九加密数据;通过所述第三公钥对所述第四随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第十加密数据;N表示整数域的大小;The first blockchain node encrypts the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data and the sixth encrypted data. And the seventh encrypted data; encrypt the product of the first random number and the second random number with the third public key, and calculate the (N-1) -th power of the value obtained after encryption to obtain the first Eight encrypted data; the third random number is encrypted by the third public key, and the (N-1) -th power of the value obtained after the encryption is calculated, to obtain the ninth encrypted data; by the third public key Encrypt the fourth random number, and calculate the (N-1) th power of the value obtained after encryption to obtain tenth encrypted data; N represents the size of the integer field;
所述第一区块链节点将所述第五加密数据、所述第六加密数据、所述第七加密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据相乘,获得所述待加密数据的加密密文。The first blockchain node sends the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data. Multiply to obtain the encrypted ciphertext of the data to be encrypted.
在一个实施例中,所述第一区块链节点41将所述加密密文上传至分布式文件 系统,并获取所述加密密文的文件哈希值;将所述文件哈希值与所述分布式文件系统中所述加密密文的对应关系存入预先创建的分布式哈希表中;向区块链系统上传计算所述加密密文的请求;所述请求包括所述加密密文的文件哈希值。In one embodiment, the first blockchain node 41 uploads the encrypted ciphertext to a distributed file system, and obtains a file hash value of the encrypted ciphertext; The correspondence between the encrypted ciphertext in the distributed file system is stored in a pre-created distributed hash table; a request to calculate the encrypted ciphertext is uploaded to a blockchain system; the request includes the encrypted ciphertext File hash.
在一个实施例中,所述第二区块链节点42通过所述区块链系统访问所述分布式哈希表;根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。In one embodiment, the second blockchain node 42 accesses the distributed hash table through the blockchain system; according to the distributed hash table, looks up all the addresses in the distributed file system. The encrypted ciphertext corresponding to the file hash value in the request.
在一个实施例中,所述区块链系统验证所述计算结果有效时,向所述第二区块链节点发放代币奖励。区块链系统验证第二区块链节点上传的计算结果是否准确,如果准确,则向计算准确的第二区块链节点发放代币奖励,例如一定数量的比特币等等,如果不准确,则不向上传计算结果的第二区块链节点发放代币奖励。In one embodiment, when the blockchain system verifies that the calculation result is valid, a token reward is issued to the second blockchain node. The blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
上述区块链数据保护系统的其它技术特征与上述区块链保护方法的技术特征相同,在此不予赘述。Other technical features of the above-mentioned blockchain data protection system are the same as those of the above-mentioned blockchain protection method, and will not be repeated here.
下面从第一区块链节点的角度出发,对本申请区块链数据保护方法和装置的具体实施方式进行详细介绍。In the following, from the perspective of the first blockchain node, the specific implementations of the blockchain data protection method and device of this application are described in detail.
如图5所示,在一个实施例中,一种区块链数据保护方法,包括:As shown in FIG. 5, in one embodiment, a method for protecting blockchain data includes:
S51、对待加密数据进行同态加密,获得加密密文。S51. Perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext.
区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。所谓共识机制是区块链系统中实现不同节点之间建立信任、获取权益的数学算法。区块链节点,指的是区块链网络中的计算机,包括手机、矿机、台式机和服务器等等,操作一个区块链节点的人可以是普通的钱包用户、矿工和多个人协作等。Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms. The so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system. Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc. The person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
同态加密是一种较为特殊的加密,它允许在密文上直接进行计算(加法,乘法),解密之后,得到对应明文计算后的结果。同态加密又分为全同态加密(同时支持加法和乘法)以及部分同态加密(加或乘),它是目前密码学的一个重要研究方向。尤其是全同态加密方面,它在用户隐私保护方面应用场景非常广泛,如实现可搜索加密,云平台分析用户加密数据等。Homomorphic encryption is a special kind of encryption that allows calculations (addition, multiplication) to be performed directly on the ciphertext, and after decryption, the result corresponding to the plaintext calculation is obtained. Homomorphic encryption is further divided into full homomorphic encryption (supporting both addition and multiplication) and partial homomorphic encryption (addition or multiplication), which is an important research direction of current cryptography. Especially in terms of full homomorphic encryption, it has a wide range of application scenarios in terms of user privacy protection, such as implementing searchable encryption, and cloud platforms analyzing user encrypted data.
但是,普通的同态加密计算存在效率问题。要在区块链上支持真正的同态加密计算,保护用户隐私,还需要进一步优化计算效率。However, there are efficiency problems with ordinary homomorphic encryption calculations. To support true homomorphic encryption computing on the blockchain and protect user privacy, further optimization of computing efficiency is needed.
为了能够更加方便地支持同态加密在区块链上的使用,选择和设计的同态加密算法需要支持多个运算(加法,乘法)以及计算上的高效率。在一个实施例中,对待加密数据进行同态加密,获得加密密文,包括:通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。多密钥隐私保护外包计算算法支持整数上的加法(SAD),乘法(SMD),甚至除法(SDIV),求解最大公因子(SGCD),最大最小值筛选(SMMS)等等。In order to more conveniently support the use of homomorphic encryption on the blockchain, the homomorphic encryption algorithm selected and designed needs to support multiple operations (addition, multiplication) and high computational efficiency. In one embodiment, performing homomorphic encryption on the encrypted data to obtain the encrypted ciphertext includes: performing homomorphic encryption on the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain the encrypted ciphertext. Multi-key privacy protection outsourcing calculation algorithms support addition (SAD), multiplication (SMD), and even division (SDIV) over integers, solving the greatest common factor (SGCD), maximum and minimum filtering (SMMS), and more.
区块链平台将整合多密钥隐私保护外包计算算法中的加法,乘法,这个已经能够满足几乎所有应用要求,如统计员工工资,在用户数据样本上进行机器神经网络学习等等,其他运算可以在这两个运算上推导而来。为了更好理解该算法,以加同态和乘同态进行说明。The blockchain platform will integrate the addition and multiplication in the multi-key privacy protection outsourcing calculation algorithm. This can already meet almost all application requirements, such as counting employee salaries, performing machine neural network learning on user data samples, etc. Other operations can Derived on these two operations. In order to better understand the algorithm, we will use add homomorphism and multiplication homomorphism for illustration.
在一个实施例中,通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:In one embodiment, the encrypted data is homomorphically encrypted by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted cipher text, including:
S511、将待加密数据拆分为第一部分和第二部分。S511. Split the data to be encrypted into a first part and a second part.
将待加密数据拆分成两部分的方式有很多种,例如,按照从前到后的顺序,将待加密数据进行拆分成两部分,又例如,将待加密数据中的各个数据按照属性进行归为两类,每一类为一部分,等等。There are many ways to split the data to be encrypted into two parts. For example, the data to be encrypted is split into two parts in order from front to back. For example, each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
S512、通过设置的第一公钥对所述第一部分和第一随机数的和进行加密,获得第一加密数据;通过设置的第二公钥对所述第二部分和第二随机数的和进行加密,获得第二加密数据。S512. Encrypt the sum of the first part and the first random number by using the set first public key to obtain the first encrypted data; sum the sum of the second part and the second random number by using the set second public key. Encrypt to obtain the second encrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X=[x] pka*[r a] pka=[x+r a] pka、Y=[y] pkb*[r b] pkb=[y+r b] pkb X = [x] pka * [r a ] pka = [x + r a ] pka , Y = [y] pkb * [r b ] pkb = [y + r b ] pkb
其中,X为第一加密数据, pka为第一公钥,x为第一部分,r a为第一随机数,[] pka为第一公钥对[]中的数进行加密, pkb为第二公钥,y为第二部分,r b为第二随机数,[] pkb为第二公钥对[]中的数进行加密。 Wherein, X is a first encrypted data, pka of the first public key, x is a first portion, r a is a first random number, [] pka a first public key pair [] is the number of encrypted, pkb second Public key, y is the second part, r b is the second random number, and [] pkb is the second public key to encrypt the number in [].
S513、通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据。S513. Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the first encrypted data. The second encrypted data is decrypted to obtain the second decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X’=PDO SK (1)(X)、Y’=PDO SK (1)(Y) X '= PDO SK (1) (X), Y' = PDO SK (1) (Y)
其中,X’为第一解密数据,PDO为第一解密算法, SK (1)为第一私钥,Y’为第二解密数据。 Among them, X ′ is the first decrypted data, PDO is the first decrypted algorithm, SK (1) is the first private key, and Y ′ is the second decrypted data.
S514、通过预设的第二解密算法和设置的第二私钥对所述第一加密数据和所述第一解密数据进行解密,得到第三解密数据;通过所述第二解密算法和所述第二私钥对所述第二加密数据和所述第二解密数据进行解密,得到第四解密数据。S514. Decrypt the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data; by using the second decryption algorithm and the The second private key decrypts the second encrypted data and the second decrypted data to obtain fourth decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X”=PDT SK (2)(X;X’)、Y”=PDT SK (2)(Y;Y’) X ”= PDT SK (2) (X; X '), Y” = PDT SK (2) (Y; Y')
其中,X”为第三解密数据,Y”为第四解密数据,PDT为第二解密算法, SK (2)为第二私钥。 Among them, X "is the third decrypted data, Y" is the fourth decrypted data, PDT is the second decryption algorithm, and SK (2) is the second private key.
S515、通过第三公钥对第一和值和第二和值的差进行加密,获得所述待加密数据的加密密文;所述第一和值为所述第三解密数据和所述第四解密数据的和,所述第二和值为所述第一随机数和所述第二随机数的和。S515. Encrypt the difference between the first sum value and the second sum value by using a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third decrypted data and the first Four sums of decrypted data, and the second sum is a sum of the first random number and the second random number.
该步骤采用公式表述为:This step is expressed as a formula:
S=X”+Y”,R=r a+r b S = X ”+ Y”, R = r a + r b
那么,[S] pkc·([R] pkc) N-1=[S-R] pkc=[x+y] pkc Then, [S] pkc · ([R] pkc ) N-1 = [SR] pkc = [x + y] pkc
其中,S为第一和值,R为第二和值, pkc为第三公钥,N为整数域的大小。 Among them, S is the first sum value, R is the second sum value, pkc is the third public key, and N is the size of the integer field.
普通的同态加法加密算法,只支持相同密钥下加密的密文上的计算,而该算法中的SAD,给定不同密钥加密的密文[x]pka、[x]pkb,以及引入随机数r a和r b也可以得到对应明文加法后的密文。 The ordinary homomorphic addition encryption algorithm only supports the calculation on the ciphertext encrypted under the same key, and SAD in this algorithm, given the ciphertext encrypted by different keys, [x] pka, [x] pkb, and the introduction The random numbers r a and r b can also obtain the ciphertext corresponding to the plaintext addition.
在另一个实施例中,通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:In another embodiment, the encrypted data is homomorphically encrypted by using a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, including:
S51a、将待加密数据拆分为第一部分和第二部分。S51a. Split the data to be encrypted into a first part and a second part.
将待加密数据拆分成两部分的方式有很多种,例如,按照从前到后的顺序,将待加密数据进行拆分成两部分,又例如,将待加密数据中的各个数据按照属性进行 归为两类,每一类为一部分,等等。There are many ways to split the data to be encrypted into two parts. For example, the data to be encrypted is split into two parts in order from front to back. For example, each data in the data to be encrypted is classified according to attributes. There are two classes, each class is a part, and so on.
S51b、通过设置的第一公钥分别对所述第一部分和第一随机数进行加密,将加密后得到的两个数值相乘,获得第一加密数据;通过设置的第二公钥分别对所述第二部分和第二随机数进行加密,将加密后得到的两个数值相乘,获得第二加密数据;通过所述第一公钥对第三随机数与所述第二随机数和所述第一部分乘积的差进行加密,获得第三加密数据;通过所述第二公钥对第四随机数与所述第一随机数和所述第二部分乘积的差进行加密,获得第四加密数据。S51b: Encrypt the first part and the first random number respectively by using a set first public key, and multiply the two values obtained by encryption to obtain the first encrypted data; and separately set the second public key to each The second part and the second random number are encrypted, and the two encrypted values are multiplied to obtain the second encrypted data; the third random number and the second random number are summed by the first public key. Encrypt the difference of the first partial product to obtain third encrypted data; encrypt the difference between the fourth random number and the first random number and the second partial product by the second public key to obtain a fourth encryption data.
该步骤采用公式表述为:This step is expressed as a formula:
X=[x] pka*[r x] pka、Y=[y] pkb*[r y] pkb X = [x] pka * [r x ] pka , Y = [y] pkb * [r y ] pkb
S=[R x] pka·([x] pka) N-r y=[R x-r y·x] pka S = [R x ] pka · ([x] pka ) Nr y = [R x -r y · x] pka
T=[R y] pkb·([y] pkb) N-r x=[R y-r x·y] pkb T = [R y ] pkb · ([y] pkb ) Nr x = [R y -r x · y] pkb
其中,X为第一加密数据,Y为第二加密数据,S为第三加密数据,T为第四加密数据, pka为第一公钥,[] pka为采用第一公钥对[]中的数据进行加密,x为第一部分,r x为第一随机数,y为第二部分,r y为第二随机数,[] pkb为采用第二公钥对[]中的数据进行加密, pkb为第二公钥,R x为第三随机数,R y为第四随机数。 Among them, X is the first encrypted data, Y is the second encrypted data, S is the third encrypted data, T is the fourth encrypted data, pka is the first public key, and [] pka is the first public key pair []. Data is encrypted, x is the first part, r x is the first random number, y is the second part, r y is the second random number, [] pkb is the data in [] encrypted by the second public key, pkb is the second public key, R x is the third random number, and R y is the fourth random number.
S51c、通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;通过所述第一解密算法和所述第一私钥对所述第三加密数据进行解密,获得第三解密数据;通过所述第一解密算法和所述第一私钥对所述第四加密数据进行解密,获得第四解密数据。S51c. Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the first encrypted data. Decrypt the second encrypted data to obtain the second decrypted data; decrypt the third encrypted data by the first decryption algorithm and the first private key to obtain third decrypted data; and pass the first decryption algorithm Decrypt the fourth encrypted data with the first private key to obtain fourth decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
X 1=PDO SK (1)(X)、Y 1=PDO SK (1)(Y)S 1=PDO SK (1)(S)、T 1=PDO SK (1)(T) X 1 = PDO SK (1) (X), Y 1 = PDO SK (1) (Y) S 1 = PDO SK (1) (S), T 1 = PDO SK (1) (T)
其中,PDO为第一解密算法, SK (1)为第一私钥,X 1、Y 1、S 1、T 1依次为第一解密数据、第二解密数据、第三解密数据和第四解密数据。 Among them, PDO is the first decryption algorithm, SK (1) is the first private key, and X 1 , Y 1 , S 1 , and T 1 are the first decrypted data, the second decrypted data, the third decrypted data, and the fourth decrypted in this order. data.
S51d、通过预设的第二解密算法和设置的第二私钥对所述第一解密数据和所述第一加密数据进行解密,通过所述第二解密算法和所述第二私钥对所述第二解密数据和所述第一加密数据进行解密,将解密后得到的两个数值相乘,获得第五解密数据;通过所述第二解密算法和所述第二私钥对所述第三解密数据和所述第三加密数据进行解密,获得第六解密数据;通过所述第二解密算法和所述第二私钥对所述第四解密数据和所述第四加密数据进行解密,获得第七解密数据。S51d: Decrypt the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and perform decryption by using the second decryption algorithm and the second private key. The second decrypted data and the first encrypted data are decrypted, and the two values obtained after decryption are multiplied to obtain a fifth decrypted data; the second decrypted algorithm and the second private key are used to pair the first Decrypt the three decrypted data and the third encrypted data to obtain a sixth decrypted data; and decrypt the fourth decrypted data and the fourth encrypted data by using the second decryption algorithm and the second private key, Get the seventh decrypted data.
该步骤采用公式表述为:This step is expressed as a formula:
h=PDT SK (2)(X1;X)·PDT SK (2)(Y1;X), h = PDT SK (2) (X1; X) · PDT SK (2) (Y1; X),
S2=PDT SK (2)(S1;S),T2=PDT SK (2)(T1;T). S2 = PDT SK (2) (S1; S), T2 = PDT SK (2) (T1; T).
其中,h为第五解密数据,PDT为第二解密算法, SK (2)为第二私钥,S2为第六解密数据,T2为第七解密数据。 Among them, h is the fifth decrypted data, PDT is the second decrypted algorithm, SK (2) is the second private key, S2 is the sixth decrypted data, and T2 is the seventh decrypted data.
S51e、通过设置的第三公钥分别对所述第五解密数据、所述第六解密数据和所述第七解密数据进行加密,获得第五加密数据、第六加密数据和第七加密数据;通过所述第三公钥对所述第一随机数和所述第二随机数的乘积进行加密,并计算加密后得到的值的(N-1)次方,获得第八加密数据;通过所述第三公钥对所述第三随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第九加密数据;通过所述第三公钥对所述第四随机数进行加密,并计算加密后得到的值的(N-1)次方, 获得第十加密数据;N表示整数域的大小。S51e. Encrypt the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain fifth encrypted data, sixth encrypted data, and seventh encrypted data; Encrypt the product of the first random number and the second random number with the third public key, and calculate the (N-1) -th power of the value obtained after encryption to obtain the eighth encrypted data; The third public key encrypts the third random number, and calculates the (N-1) th power of the value obtained after the encryption, to obtain ninth encrypted data; the fourth random number is obtained through the third public key. The number is encrypted, and the (N-1) -th power of the value obtained after the encryption is calculated to obtain the tenth encrypted data; N represents the size of the integer field.
该步骤采用公式表述为:This step is expressed as a formula:
H=[h] pkc,S3=[S2] pkc,T3=[T2] pkc H = [h] pkc , S3 = [S2] pkc , T3 = [T2] pkc
S4=([r x·r y] pkc) N-1,S5=([Rx] pkc) N-1,S6=([Ry] pkc) N-1, S4 = ([r x · r y ] pkc ) N-1 , S5 = ([Rx] pkc ) N-1 , S6 = ([Ry] pkc ) N-1 ,
其中,H、S3、T3、S4、S5和S6依次为所述第五解密数据、所述第六解密数据、所述第七解密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据,pkc为第三公钥,N表示整数域的大小。Wherein, H, S3, T3, S4, S5, and S6 are the fifth decrypted data, the sixth decrypted data, the seventh decrypted data, the eighth encrypted data, the ninth encrypted data, and In the tenth encrypted data, pkc is a third public key, and N represents a size of an integer domain.
S51f、将所述第五加密数据、所述第六加密数据、所述第七加密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据相乘,获得所述待加密数据的加密密文。S51f: Multiply the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data to obtain the The encrypted cipher text of the data to be encrypted.
该步骤采用公式表述为:This step is expressed as a formula:
H·T3·S3·S4·S5·S6=[(h+(Rx-ry·x)+(Ry-rx·y)-rx·ry-Rx-Ry)]pkc=[x·y] pkc H · T3 · S3 · S4 · S5 · S6 = [(h + (Rx-ry · x) + (Ry-rx · y) -rx · ry-Rx-Ry)] pkc = [x · y] pkc
上述乘同态(SMD)给定不同密钥加密的密文[x]pka、[x]pkb,随机数rx,ry,也可以得到对应明文乘法后的密文。The multiplication homomorphism (SMD) given the ciphertexts [x] pka, [x] pkb, and random numbers rx, ry encrypted with different keys can also obtain the ciphertext corresponding to the plaintext multiplication.
经测试1024bit(比特)整数,80bit安全级别,8核3.6GHZ(千兆赫兹)的PC(personal computer,个人计算机)上,SAD的时间消耗约为185ms,SMD的效率为480ms,大大提高了区块链数据计算效率。After testing 1024bit (bit) integer, 80bit security level, 8-core 3.6GHZ (gigahertz) PC (personal computer), the time consumption of SAD is about 185ms, and the efficiency of SMD is 480ms, which greatly improves the area. Blockchain data calculation efficiency.
因此,多密钥隐私保护外包计算算法不仅可以实现对待加密数据的加密,而且相较于其他同态加密算法,计算效率较高。待加密数据为需要进行隐私保护的数据,例如交易数据等等。采用多密钥隐私保护外包计算算法对待加密数据进行加密,就可以获得加密密文。Therefore, the multi-key privacy protection outsourced computing algorithm can not only realize the encryption of the data to be encrypted, but also has higher computational efficiency than other homomorphic encryption algorithms. The data to be encrypted is data that needs to be protected, such as transaction data. Using multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data, the encrypted ciphertext can be obtained.
S52、向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区块链节点在接收到所述请求时对所述加密密文进行计算。S52. Upload a request to calculate the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system calculate the encrypted ciphertext when receiving the request.
计算加密密文的请求具体可以根据业务要求确定,比如计算加密密文的平均值或者方差等等。第一区块链节点可以通过智能合约或者op_return等上传计算加密密文的请求。智能合约(Smart contract)是一种旨在以信息化方式传播、验证或执行合同的计算机协议,智能合约允许在没有第三方的情况下进行可信交易,这些交易可追踪且不可逆转。OP_RETURN能够实现数据在区块链中的广播和记录,省略了计算的步骤,因此达到了节省时间和算力的目的。The request for calculating the encrypted cipher text may be specifically determined according to service requirements, such as calculating an average value or a variance of the encrypted cipher text. The first blockchain node can upload a request to calculate encrypted ciphertext through a smart contract or op_return. Smart contract is a computer protocol designed to spread, verify or execute contracts in an information-based manner. Smart contracts allow trusted transactions to be performed without a third party. These transactions are traceable and irreversible. OP_RETURN can realize the broadcasting and recording of data in the blockchain, omitting the calculation steps, thus achieving the purpose of saving time and computing power.
在一个实施例中,所述向区块链系统上传计算所述加密密文的请求,包括:In one embodiment, the uploading a request for computing the encrypted ciphertext to a blockchain system includes:
S521、将所述加密密文上传至分布式文件系统,并获取所述加密密文的文件哈希值。S521. Upload the encrypted ciphertext to a distributed file system, and obtain a file hash value of the encrypted ciphertext.
分布式文件系统(Distributed File System)是指文件系统管理的物理存储资源不一定直接连接在本地节点上,而是通过计算机网络与节点相连。为了更适合区块链应用开发,可选的,分布式文件系统可以为IPFS文件系统(InterPlanetary File System,星际文件系统)。IPFS是一个对等的分布式文件系统,它尝试为所有计算设备(IPFS矿机)连接同一个文件系统。Distributed file system (Distributed File System) refers to the physical storage resources managed by the file system are not necessarily directly connected to the local node, but connected to the node through a computer network. In order to be more suitable for blockchain application development, optionally, the distributed file system may be an IPFS file system (InterPlanetary File System). IPFS is a peer-to-peer distributed file system. It attempts to connect the same file system for all computing devices (IPFS miners).
第一区块链节点将加密密文上传到分布式文件系统。文件哈希值(文件hash)可以在上传加密密文之前计算出,也可以上传IPFS的时候返回文件的hash值。The first blockchain node uploads the encrypted ciphertext to the distributed file system. The file hash value (file hash) can be calculated before uploading the encrypted ciphertext, or the hash value of the file can be returned when uploading IPFS.
S522、将所述文件哈希值与所述分布式文件系统中所述加密密文的对应关系存入预先创建的分布式哈希表中。S522. Store the correspondence between the file hash value and the encrypted cipher text in the distributed file system into a pre-created distributed hash table.
第一区块链节点预先创建distributed hash-table(DHT,分布式哈希表),DHT通过区块链访问(以太坊智能合约或者比特币op_return等)。DHT存储文件哈希索引,其他区块链节点可以通过哈希索引在分布式文件系统中获取具体加密密文。The first blockchain node creates a distributed hash-table (DHT, distributed hash table) in advance, and the DHT is accessed through the blockchain (Ethereum smart contract or Bitcoin op_return, etc.). DHT stores file hash indexes. Other blockchain nodes can obtain specific encrypted cipher text in the distributed file system through hash indexes.
S523、向区块链系统上传计算所述加密密文的请求;所述请求包括所述加密密文的文件哈希值。S523. Upload a request to calculate the encrypted ciphertext to the blockchain system; the request includes a file hash value of the encrypted ciphertext.
为了便于其它区块链节点查找到所要计算的加密密文,第一区块链节点上传的计算加密密文的请求中可以包括加密密文的文件哈希值。In order to facilitate other blockchain nodes to find the encrypted ciphertext to be calculated, the request for calculating the encrypted ciphertext uploaded by the first blockchain node may include the file hash value of the encrypted ciphertext.
第一区块链节点向区块链上传计算所述加密密文的请求后,第二区块链节点可以从区块链中获取该请求,根据所述请求获取所述加密密文,对获取的加密密文进行计算。After the first blockchain node uploads a request to calculate the encrypted ciphertext to the blockchain, the second blockchain node can obtain the request from the blockchain, obtain the encrypted ciphertext according to the request, and obtain the The encrypted ciphertext is calculated.
基于同一发明构思,本申请还提供一种区块链数据保护装置60,如图6所示,包括:Based on the same inventive concept, the present application also provides a blockchain data protection device 60, as shown in FIG. 6, including:
加密模块61,用于对待加密数据进行同态加密,获得加密密文;An encryption module 61, configured to perform homomorphic encryption on the encrypted data to obtain encrypted cipher text;
请求上传模块62,用于向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区块链节点在接收到所述请求时对所述加密密文进行计算。The request uploading module 62 is configured to upload a request for calculating the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system may receive the request for the encrypted ciphertext when receiving the request. Calculation.
在一个实施例中,加密模块61通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。In one embodiment, the encryption module 61 performs homomorphic encryption on the encrypted data by using a multi-key privacy protection outsourcing computing algorithm to obtain the encrypted ciphertext.
在一个实施例中,加密模块61通过以下操作获得加密密文:In one embodiment, the encryption module 61 obtains the encrypted ciphertext through the following operations:
将待加密数据拆分为第一部分和第二部分;Split the data to be encrypted into a first part and a second part;
通过设置的第一公钥对所述第一部分和第一随机数的和进行加密,获得第一加密数据;通过设置的第二公钥对所述第二部分和第二随机数的和进行加密,获得第二加密数据;Encrypt the sum of the first part and the first random number by the set first public key to obtain the first encrypted data; encrypt the sum of the second part and the second random number by the set second public key To obtain the second encrypted data;
通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the second encrypted data Decrypt the encrypted data to obtain the second decrypted data;
通过预设的第二解密算法和设置的第二私钥对所述第一加密数据和所述第一解密数据进行解密,得到第三解密数据;通过所述第二解密算法和所述第二私钥对所述第二加密数据和所述第二解密数据进行解密,得到第四解密数据;Decrypting the first encrypted data and the first decrypted data by a preset second decryption algorithm and a set second private key to obtain third decrypted data; by the second decryption algorithm and the second The private key decrypts the second encrypted data and the second decrypted data to obtain fourth decrypted data;
通过第三公钥对第一和值和第二和值的差进行加密,获得所述待加密数据的加密密文;所述第一和值为所述第三解密数据和所述第四解密数据的和,所述第二和值为所述第一随机数和所述第二随机数的和。The difference between the first sum value and the second sum value is encrypted by a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third decrypted data and the fourth decryption The sum of data, the second sum value is the sum of the first random number and the second random number.
在另一个实施例中,加密模块61通过以下操作获得加密密文:In another embodiment, the encryption module 61 obtains the encrypted ciphertext through the following operations:
将待加密数据拆分为第一部分和第二部分;Split the data to be encrypted into a first part and a second part;
通过设置的第一公钥分别对所述第一部分和第一随机数进行加密,将加密后得到的两个数值相乘,获得第一加密数据;通过设置的第二公钥分别对所述第二部分和第二随机数进行加密,将加密后得到的两个数值相乘,获得第二加密数据;通过所述第一公钥对第三随机数与所述第二随机数和所述第一部分乘积的差进行加密,获得第三加密数据;通过所述第二公钥对第四随机数与所述第一随机数和所述第二部分乘积的差进行加密,获得第四加密数据;The first part and the first random number are respectively encrypted by the set first public key, and the two encrypted values are multiplied to obtain the first encrypted data. The second public key is set to the first public key, respectively. The second part and the second random number are encrypted, and the two values obtained after encryption are multiplied to obtain a second encrypted data; the third random number is paired with the second random number and the first random number through the first public key. Encrypting a difference of a part of the product to obtain third encrypted data; encrypting a difference of the fourth random number with the first random number and the second part of the product by the second public key to obtain fourth encrypted data;
通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行 解密,获得第二解密数据;通过所述第一解密算法和所述第一私钥对所述第三加密数据进行解密,获得第三解密数据;通过所述第一解密算法和所述第一私钥对所述第四加密数据进行解密,获得第四解密数据;Decrypt the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and use the first decryption algorithm and the first private key to decrypt the second encrypted data Decrypt the encrypted data to obtain the second decrypted data; decrypt the third encrypted data by the first decryption algorithm and the first private key to obtain third decrypted data; and use the first decryption algorithm and the Decrypting the fourth encrypted data by the first private key to obtain fourth decrypted data;
通过预设的第二解密算法和设置的第二私钥对所述第一解密数据和所述第一加密数据进行解密,通过所述第二解密算法和所述第二私钥对所述第二解密数据和所述第一加密数据进行解密,将解密后得到的两个数值相乘,获得第五解密数据;通过所述第二解密算法和所述第二私钥对所述第三解密数据和所述第三加密数据进行解密,获得第六解密数据;通过所述第二解密算法和所述第二私钥对所述第四解密数据和所述第四加密数据进行解密,获得第七解密数据;Decrypting the first decrypted data and the first encrypted data by a preset second decryption algorithm and a set second private key, and using the second decryption algorithm and the second private key to decrypt the first decrypted data and the first encrypted data Decrypt the second decrypted data and the first encrypted data, and multiply the two values obtained after decryption to obtain the fifth decrypted data; and decrypt the third by the second decryption algorithm and the second private key Decrypt the data and the third encrypted data to obtain a sixth decrypted data; decrypt the fourth decrypted data and the fourth encrypted data by the second decryption algorithm and the second private key to obtain a first Seven decrypted data;
通过设置的第三公钥分别对所述第五解密数据、所述第六解密数据和所述第七解密数据进行加密,获得第五加密数据、第六加密数据和第七加密数据;通过所述第三公钥对所述第一随机数和所述第二随机数的乘积进行加密,并计算加密后得到的值的(N-1)次方,获得第八加密数据;通过所述第三公钥对所述第三随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第九加密数据;通过所述第三公钥对所述第四随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第十加密数据;N表示整数域的大小;Encrypt the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data, the sixth encrypted data, and the seventh encrypted data; The third public key encrypts a product of the first random number and the second random number, and calculates the (N-1) -th power of the value obtained after encryption to obtain eighth encrypted data; through the first Three public keys encrypt the third random number, and calculate the (N-1) th power of the value obtained after encryption to obtain the ninth encrypted data; the fourth random number is performed by the third public key Encrypt and calculate the (N-1) power of the value obtained after encryption to obtain the tenth encrypted data; N represents the size of the integer field;
将所述第五加密数据、所述第六加密数据、所述第七加密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据相乘,获得所述待加密数据的加密密文。Multiplying the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data to obtain the to-be-encrypted data The encrypted ciphertext of the data.
在一个实施例中,所述请求上传模块62,包括:加密密文上传单元621,用于将所述加密密文上传至分布式文件系统,并获取所述加密密文的文件哈希值;对应关系存储单元622,用于将所述文件哈希值与所述分布式文件系统中所述加密密文的对应关系存入预先创建的分布式哈希表中;请求上传单元623,用于向区块链系统上传计算所述加密密文的请求;所述请求包括所述加密密文的文件哈希值。In one embodiment, the request uploading module 62 includes: an encrypted ciphertext uploading unit 621, configured to upload the encrypted ciphertext to a distributed file system, and obtain a file hash value of the encrypted ciphertext; The correspondence relationship storage unit 622 is configured to store a correspondence relationship between the file hash value and the encrypted cipher text in the distributed file system into a pre-created distributed hash table; and a request upload unit 623, configured to: Upload a request to the blockchain system to calculate the encrypted ciphertext; the request includes a file hash value of the encrypted ciphertext.
上述从第一区块链节点描述的区块链数据保护装置的其它技术特征与上述从第一区块链节点描述的区块链数据保护方法的技术特征相同,在此不予赘述。The other technical features of the above-mentioned blockchain data protection device described from the first blockchain node are the same as those of the above-mentioned blockchain data protection method described from the first blockchain node, and will not be repeated here.
下面从第二区块链节点的角度出发,对本申请区块链数据保护方法和装置的具体实施方式进行详细介绍。In the following, from the perspective of the second blockchain node, the specific implementation methods of the blockchain data protection method and device of this application are described in detail.
如图7所示,在一个实施例中,一种区块链数据保护方法,包括:As shown in FIG. 7, in one embodiment, a method for protecting blockchain data includes:
S71、从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得。S71. Obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted.
区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。所谓共识机制是区块链系统中实现不同节点之间建立信任、获取权益的数学算法。区块链节点,指的是区块链网络中的计算机,包括手机、矿机、台式机和服务器等等,操作一个区块链节点的人可以是普通的钱包用户、矿工和多个人协作等。Blockchain is a new application model of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithms. The so-called consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights between different nodes in a blockchain system. Blockchain nodes refer to computers in the blockchain network, including mobile phones, miners, desktops, servers, etc. The person who operates a blockchain node can be an ordinary wallet user, a miner, and multiple people, etc. .
为了提高计算效率,所述加密密文通过多密钥隐私保护外包计算算法对待加密数据同态加密获得,多密钥隐私保护外包计算算法支持整数上的加法(SAD),乘法(SMD)等多种运算,不仅可以实现对待加密数据的加密,而且相较于其他同态加密算法,计算效率较高。待加密数据为需要进行隐私保护的数据,例如交易数据等等。采用多密钥隐私保护外包计算算法对待加密数据进行加密,就可以获得加密密 文。In order to improve the calculation efficiency, the encrypted ciphertext is obtained through a multi-key privacy protection outsourcing calculation algorithm for homomorphic encryption of encrypted data. The multi-key privacy protection outsourcing calculation algorithm supports addition (SAD), multiplication (SMD), etc. This kind of operation can not only realize the encryption of the data to be encrypted, but also has higher calculation efficiency than other homomorphic encryption algorithms. The data to be encrypted is data that needs to be protected, such as transaction data. Using multi-key privacy protection outsourcing computing algorithm to encrypt the encrypted data, the encrypted ciphertext can be obtained.
所述第一区块链节点向区块链系统上传计算所述加密密文的请求。第二区块链节点从所述区块链系统获取所述请求。如果请求中包括加密密文的文件哈希值,则第二区块链节点获取到加密密文的文件哈希值。The first blockchain node uploads a request for computing the encrypted ciphertext to a blockchain system. The second blockchain node obtains the request from the blockchain system. If the request includes a file hash value of the encrypted ciphertext, the second blockchain node obtains the file hash value of the encrypted ciphertext.
S72、根据所述请求获取所述加密密文。S72. Acquire the encrypted ciphertext according to the request.
第二区块链节点需要根据请求获取对应的加密密文,以进行计算。在一个实施例中,所述加密密文存储在分布式文件系统中;所述请求包括所述加密密文的文件哈希值;所述根据所述请求获取所述加密密文,包括:The second blockchain node needs to obtain the corresponding encrypted ciphertext according to the request for calculation. In one embodiment, the encrypted ciphertext is stored in a distributed file system; the request includes a file hash value of the encrypted ciphertext; and the obtaining the encrypted ciphertext according to the request includes:
S721、通过所述区块链系统访问所述第一区块链节点预先创建的分布式哈希表;所述分布式哈希表存储有所述加密密文的文件哈希值与所述分布式文件系统中所述加密密文的对应关系。S721. Access the distributed hash table created in advance by the first blockchain node through the blockchain system; the distributed hash table stores a file hash value of the encrypted ciphertext and the distribution Corresponding relationship of the encrypted cipher text in the file system.
分布式哈希表中存储有文件哈希值与分布式文件系统中的加密密文的对应关系。第二区块链节点需要通过区块链系统访问该分布式哈希表。The distributed hash table stores the correspondence between the file hash value and the encrypted cipher text in the distributed file system. The second blockchain node needs to access the distributed hash table through the blockchain system.
S722、根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。S722. According to the distributed hash table, look up the encrypted ciphertext corresponding to the file hash value in the request in the distributed file system.
请求中包含文件哈希值,根据分布式哈希表可以确定该文件哈希值对应的分布式文件系统中的加密密文,然后从分布式文件系统中获取该加密密文。The request contains a file hash value. According to the distributed hash table, the encrypted cipher text in the distributed file system corresponding to the file hash value can be determined, and then the encrypted cipher text is obtained from the distributed file system.
S73、对获取的加密密文进行计算。S73. Calculate the obtained encrypted ciphertext.
获取到加密密文后,第二区块链节点就可以直接在该加密密文上进行计算,例如求平均值或者方差等。由于采用了多密钥隐私保护外包计算算法,因此不仅实现了区块链数据的加密,而且还提高了区块链数据计算的效率。After the encrypted ciphertext is obtained, the second blockchain node can directly perform calculations on the encrypted ciphertext, such as averaging or variance. Since the multi-key privacy protection outsourcing calculation algorithm is adopted, not only the encryption of the blockchain data is realized, but also the efficiency of the calculation of the blockchain data is improved.
S74、将计算结果上传到所述区块链系统。S74. Upload the calculation result to the blockchain system.
为了提高区块链节点的工作积极性,第二区块链节点对加密密文计算,得到计算结果,将该计算结果上传到区块链系统中。区块链系统验证第二区块链节点上传的计算结果是否准确,如果准确,则向计算准确的第二区块链节点发放代币奖励,例如一定数量的比特币等等,如果不准确,则不向上传计算结果的第二区块链节点发放代币奖励。In order to improve the enthusiasm of the blockchain node, the second blockchain node calculates the encrypted ciphertext to obtain the calculation result, and uploads the calculation result to the blockchain system. The blockchain system verifies whether the calculation result uploaded by the second blockchain node is accurate. If it is accurate, it will issue token rewards to the second blockchain node that calculates accurately, such as a certain amount of bitcoin, etc. No token reward will be issued to the second blockchain node that uploads the calculation results.
基于同一发明构思,本申请还提供一种区块链数据保护装置,如图8所示,包括:Based on the same inventive concept, this application also provides a blockchain data protection device, as shown in FIG. 8, including:
请求获取模块81,用于从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得;A request obtaining module 81 is configured to obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
加密密文获取模块82,用于根据所述请求获取所述加密密文;An encrypted ciphertext obtaining module 82, configured to obtain the encrypted ciphertext according to the request;
计算模块83,用于对获取的加密密文进行计算;A calculation module 83, configured to calculate the obtained encrypted cipher text;
上传模块84,用于将计算结果上传到所述区块链系统。The uploading module 84 is configured to upload the calculation result to the blockchain system.
在一个实施例中,所述加密密文存储在分布式文件系统中;所述请求包括所述加密密文的文件哈希值;所述加密密文获取模块82用于通过所述区块链系统访问所述第一区块链节点预先创建的分布式哈希表;所述分布式哈希表存储有所述加密密文的文件哈希值与所述分布式文件系统中所述加密密文的对应关系;根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。In one embodiment, the encrypted ciphertext is stored in a distributed file system; the request includes a file hash value of the encrypted ciphertext; the encrypted ciphertext acquisition module 82 is configured to pass the blockchain The system accesses a distributed hash table created in advance by the first blockchain node; the distributed hash table stores a file hash value of the encrypted ciphertext and the encrypted password in the distributed file system Correspondence between texts; according to the distributed hash table, look up the encrypted ciphertext corresponding to the file hash value in the request in the distributed file system.
上述从第二区块链节点描述的区块链数据保护装置的其它技术特征与上述从第二区块链节点描述的区块链数据保护方法的技术特征相同,在此不予赘述。The other technical features of the above-mentioned blockchain data protection device described from the second blockchain node are the same as those of the above-mentioned blockchain data protection method described from the second blockchain node, and are not described herein.
本申请实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述任意一项所述的区块链数据保护方法。其中,所述存储介质包括但不限于任何类型的盘(包括软盘、硬盘、光盘、CD-ROM、和磁光盘)、ROM(Read-Only Memory,只读存储器)、RAM(Random AcceSS Memory,随即存储器)、EPROM(EraSable Programmable Read-Only Memory,可擦写可编程只读存储器)、EEPROM(Electrically EraSable Programmable Read-Only Memory,电可擦可编程只读存储器)、闪存、磁性卡片或光线卡片。也就是,存储介质包括由设备(例如,计算机)以能够读的形式存储或传输信息的任何介质。可以是只读存储器,磁盘或光盘等。An embodiment of the present application further provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the method for protecting a blockchain data according to any one of the foregoing is implemented. The storage medium includes, but is not limited to, any type of disk (including a floppy disk, a hard disk, an optical disk, a CD-ROM, and a magneto-optical disk), a ROM (Read-Only Memory, read-only memory), and a RAM (RandomAcceSS Memory, immediately (Memory), EPROM (EraSable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically EraSable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card. That is, the storage medium includes any medium that stores or transfers information in a readable form by a device (for example, a computer). It can be read-only memory, magnetic disk or optical disk, etc.
图1中的每一个区块链节点(包括第一区块链节点和第二区块链节点)相当于一个服务器。如图9所示,为本申请一实施例提供的服务器的结构示意图,包括处理器92、存储装置93等器件。本领域技术人员可以理解,图9示出的结构器件并不构成对所有服务器的限定,可以包括比图示更多或更少的部件,或者组合某些部件。存储装置93可用于存储应用程序91以及各功能模块,处理器92运行存储在存储装置93的应用程序91,从而执行设备的各种功能应用以及数据处理。存储装置93可以是内存储器或外存储器,或者包括内存储器和外存储器两者。内存储器可以包括只读存储器、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦写可编程ROM(EEPROM)、快闪存储器、或者随机存储器。外存储器可以包括硬盘、软盘、ZIP盘、U盘、磁带等。本申请所公开的存储装置包括但不限于这些类型的存储装置。本申请所公开的存储装置93只作为例子而非作为限定。Each blockchain node (including the first blockchain node and the second blockchain node) in FIG. 1 is equivalent to a server. As shown in FIG. 9, it is a schematic structural diagram of a server according to an embodiment of the present application, including a processor 92 and a storage device 93. Those skilled in the art can understand that the structural device shown in FIG. 9 does not constitute a limitation on all servers, and may include more or fewer components than shown in the figure, or combine some components. The storage device 93 may be used to store an application program 91 and various functional modules. The processor 92 runs the application program 91 stored in the storage device 93 to execute various functional applications and data processing of the device. The storage device 93 may be an internal memory or an external memory, or include both an internal memory and an external memory. The internal memory may include a read-only memory, a programmable ROM (PROM), an electrically programmable ROM (EPROM), an electrically erasable programmable ROM (EEPROM), a flash memory, or a random access memory. External storage may include hard disks, floppy disks, ZIP disks, U disks, magnetic tapes, and so on. The storage devices disclosed in this application include, but are not limited to, these types of storage devices. The storage device 93 disclosed in the present application is only an example and not a limitation.
处理器92是服务器的控制中心,利用各种接口和线路连接整个电脑的各个部分,通过运行或执行存储在存储装置93内的软件程序和/或模块,以及调用存储在存储装置内的数据,执行各种功能和处理数据。如果服务器为第一区块链节点的服务器,则该处理器92通过多密钥隐私保护外包计算算法对待加密数据进行加密,获得加密密文,向区块链系统上传计算所述加密密文的请求。如果服务器为第二区块链节点的服务器,则该处理器92从所述区块链系统获取所述请求,根据所述请求获取所述加密密文,对获取的加密密文进行计算。The processor 92 is a control center of the server, and uses various interfaces and lines to connect various parts of the entire computer. By running or executing software programs and / or modules stored in the storage device 93, and calling data stored in the storage device, Perform various functions and process data. If the server is the server of the first blockchain node, the processor 92 encrypts the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, and uploads the encrypted ciphertext to the blockchain system to calculate the encrypted ciphertext. request. If the server is a server of a second blockchain node, the processor 92 obtains the request from the blockchain system, obtains the encrypted ciphertext according to the request, and calculates the obtained encrypted ciphertext.
应该理解的是,虽然附图的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且,附图的流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,其执行顺序也不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the steps in the flowchart of the drawings are sequentially displayed in accordance with the directions of the arrows, these steps are not necessarily performed in the order indicated by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited, and they can be performed in other orders. Moreover, at least a part of the steps in the flowchart of the drawing may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily performed at the same time, but may be performed at different times. The execution order is also It is not necessarily performed sequentially, but may be performed in turn or alternately with other steps or at least a part of the sub-steps or stages of other steps.
应该理解的是,在本申请各实施例中的各功能单元可集成在一个处理模块中,也可以各个单元单独物理存在,也可以两个或两个以上单元集成于一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。It should be understood that the functional units in the embodiments of the present application may be integrated into one processing module, or each of the units may exist separately physically, or two or more units may be integrated into one module. The above integrated modules may be implemented in the form of hardware or software functional modules.
以上所述仅是本申请的部分实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本申请的保护范围。The above description is only part of the implementation of the present application. It should be noted that, for those of ordinary skill in the art, without departing from the principles of the present application, several improvements and retouches can be made. These improvements and retouches also It should be regarded as the protection scope of this application.

Claims (15)

  1. 一种区块链数据保护方法,其特征在于,包括:A blockchain data protection method is characterized in that it includes:
    第一区块链节点对待加密数据进行同态加密,获得加密密文;The first blockchain node performs homomorphic encryption on the encrypted data to obtain the encrypted ciphertext;
    所述第一区块链节点向区块链系统上传计算所述加密密文的请求;Uploading, by the first blockchain node, a request for computing the encrypted ciphertext to a blockchain system;
    第二区块链节点从所述区块链系统获取所述请求;The second blockchain node obtains the request from the blockchain system;
    所述第二区块链节点根据所述请求获取所述加密密文;Obtaining, by the second blockchain node, the encrypted ciphertext according to the request;
    所述第二区块链节点对获取的加密密文进行计算,将计算结果上传到所述区块链系统。The second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain system.
  2. 根据权利要求1所述的区块链数据保护方法,其特征在于,所述第一区块链节点对待加密数据进行同态加密,获得加密密文,包括:The method for protecting blockchain data according to claim 1, wherein the first blockchain node performs homomorphic encryption on the encrypted data to obtain encrypted ciphertext, comprising:
    第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。The first blockchain node performs homomorphic encryption on encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext.
  3. 根据权利要求2所述的区块链数据保护方法,其特征在于,所述第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:The method for protecting blockchain data according to claim 2, wherein the first blockchain node performs homomorphic encryption on the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, comprising:
    第一区块链节点将待加密数据拆分为第一部分和第二部分;The first blockchain node splits the data to be encrypted into a first part and a second part;
    所述第一区块链节点通过设置的第一公钥对所述第一部分和第一随机数的和进行加密,获得第一加密数据;通过设置的第二公钥对所述第二部分和第二随机数的和进行加密,获得第二加密数据;The first blockchain node encrypts the sum of the first part and the first random number by a set first public key to obtain the first encrypted data; and sets the second part and the second part by a set second public key. Encrypt the sum of the second random number to obtain second encrypted data;
    所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypting the second encrypted data to obtain second decrypted data;
    所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一加密数据和所述第一解密数据进行解密,得到第三解密数据;通过所述第二解密算法和所述第二私钥对所述第二加密数据和所述第二解密数据进行解密,得到第四解密数据;The first blockchain node decrypts the first encrypted data and the first decrypted data by using a preset second decryption algorithm and a set second private key to obtain third decrypted data; through the first Two decryption algorithms and the second private key decrypt the second encrypted data and the second decrypted data to obtain fourth decrypted data;
    所述第一区块链节点通过第三公钥对第一和值和第二和值的差进行加密,获得所述待加密数据的加密密文;所述第一和值为所述第三解密数据和所述第四解密数据的和,所述第二和值为所述第一随机数和所述第二随机数的和。The first blockchain node encrypts the difference between the first sum value and the second sum value through a third public key to obtain an encrypted ciphertext of the data to be encrypted; the first sum value is the third The sum of the decrypted data and the fourth decrypted data, and the second sum is a sum of the first random number and the second random number.
  4. 根据权利要求2所述的区块链数据保护方法,其特征在于,所述第一区块链节点通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文,包括:The method for protecting blockchain data according to claim 2, wherein the first blockchain node performs homomorphic encryption on the encrypted data through a multi-key privacy protection outsourcing computing algorithm to obtain encrypted ciphertext, comprising:
    第一区块链节点将待加密数据拆分为第一部分和第二部分;The first blockchain node splits the data to be encrypted into a first part and a second part;
    所述第一区块链节点通过设置的第一公钥分别对所述第一部分和第一随机数进行加密,将加密后得到的两个数值相乘,获得第一加密数据;通过设置的第二公钥分别对所述第二部分和第二随机数进行加密,将加密后得到的两个数值相乘,获得第二加密数据;通过所述第一公钥对第三随机数与所述第二随机数和所述第一部分乘积的差进行加密,获得第三加密数据;通过所述第二公钥对第四随机数与所述第一随机数和所述第二部分乘积的差进行加密,获得第四加密数据;The first blockchain node encrypts the first part and the first random number respectively through a first public key that is set, and multiplies the two values obtained after encryption to obtain the first encrypted data. Two public keys respectively encrypt the second part and the second random number, and multiply the two values obtained after encryption to obtain the second encrypted data; the third random number and the third random number are obtained by the first public key Encrypt the difference between the second random number and the first partial product to obtain third encrypted data; perform the difference between the fourth random number and the first random number and the second partial product by using the second public key; Encrypt to obtain the fourth encrypted data;
    所述第一区块链节点通过预设的第一解密算法和设置的第一私钥对所述第一 加密数据进行解密,获得第一解密数据;通过所述第一解密算法和所述第一私钥对所述第二加密数据进行解密,获得第二解密数据;通过所述第一解密算法和所述第一私钥对所述第三加密数据进行解密,获得第三解密数据;通过所述第一解密算法和所述第一私钥对所述第四加密数据进行解密,获得第四解密数据;The first blockchain node decrypts the first encrypted data by using a preset first decryption algorithm and a set first private key to obtain first decrypted data; and using the first decryption algorithm and the first A private key decrypts the second encrypted data to obtain second decrypted data; decrypts the third encrypted data through the first decryption algorithm and the first private key to obtain third decrypted data; Decrypting the fourth encrypted data by the first decryption algorithm and the first private key to obtain fourth decrypted data;
    所述第一区块链节点通过预设的第二解密算法和设置的第二私钥对所述第一解密数据和所述第一加密数据进行解密,通过所述第二解密算法和所述第二私钥对所述第二解密数据和所述第一加密数据进行解密,将解密后得到的两个数值相乘,获得第五解密数据;通过所述第二解密算法和所述第二私钥对所述第三解密数据和所述第三加密数据进行解密,获得第六解密数据;通过所述第二解密算法和所述第二私钥对所述第四解密数据和所述第四加密数据进行解密,获得第七解密数据;The first blockchain node decrypts the first decrypted data and the first encrypted data by using a preset second decryption algorithm and a set second private key, and by using the second decryption algorithm and the The second private key decrypts the second decrypted data and the first encrypted data, and multiplies the two values obtained after decryption to obtain a fifth decrypted data; the second decryption algorithm and the second decrypted data are obtained. A private key decrypts the third decrypted data and the third encrypted data to obtain a sixth decrypted data; the fourth decrypted data and the first decrypted data are obtained through the second decryption algorithm and the second private key. Four encrypted data are decrypted to obtain seventh decrypted data;
    所述第一区块链节点通过设置的第三公钥分别对所述第五解密数据、所述第六解密数据和所述第七解密数据进行加密,获得第五加密数据、第六加密数据和第七加密数据;通过所述第三公钥对所述第一随机数和所述第二随机数的乘积进行加密,并计算加密后得到的值的(N-1)次方,获得第八加密数据;通过所述第三公钥对所述第三随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第九加密数据;通过所述第三公钥对所述第四随机数进行加密,并计算加密后得到的值的(N-1)次方,获得第十加密数据;N表示整数域的大小;The first blockchain node encrypts the fifth decrypted data, the sixth decrypted data, and the seventh decrypted data by using a set third public key to obtain the fifth encrypted data and the sixth encrypted data. And the seventh encrypted data; encrypt the product of the first random number and the second random number with the third public key, and calculate the (N-1) -th power of the value obtained after encryption to obtain the first Eight encrypted data; the third random number is encrypted by the third public key, and the (N-1) -th power of the value obtained after the encryption is calculated, to obtain the ninth encrypted data; by the third public key Encrypt the fourth random number, and calculate the (N-1) th power of the value obtained after encryption to obtain tenth encrypted data; N represents the size of the integer field;
    所述第一区块链节点将所述第五加密数据、所述第六加密数据、所述第七加密数据、所述第八加密数据、所述第九加密数据和所述第十加密数据相乘,获得所述待加密数据的加密密文。The first blockchain node sends the fifth encrypted data, the sixth encrypted data, the seventh encrypted data, the eighth encrypted data, the ninth encrypted data, and the tenth encrypted data. Multiply to obtain the encrypted ciphertext of the data to be encrypted.
  5. 根据权利要求1所述的区块链数据保护方法,其特征在于,所述第一区块链节点向区块链系统上传计算所述加密密文的请求,包括:The method for protecting blockchain data according to claim 1, wherein the uploading a request for computing the encrypted ciphertext to the blockchain system by the first blockchain node comprises:
    所述第一区块链节点将所述加密密文上传至分布式文件系统,并获取所述加密密文的文件哈希值;Uploading the encrypted ciphertext to a distributed file system by the first blockchain node, and obtaining a file hash value of the encrypted ciphertext;
    所述第一区块链节点将所述文件哈希值与所述分布式文件系统中所述加密密文的对应关系存入预先创建的分布式哈希表中;Storing, by the first blockchain node, a correspondence between the file hash value and the encrypted ciphertext in the distributed file system into a pre-created distributed hash table;
    所述第一区块链节点向区块链系统上传计算所述加密密文的请求;所述请求包括所述加密密文的文件哈希值。The first blockchain node uploads a request for computing the encrypted ciphertext to a blockchain system; the request includes a file hash value of the encrypted ciphertext.
  6. 根据权利要求5所述的区块链数据保护方法,其特征在于,所述第二区块链节点根据所述请求获取所述加密密文,包括:The method for protecting blockchain data according to claim 5, wherein the obtaining, by the second blockchain node according to the request, the encrypted ciphertext comprises:
    所述第二区块链节点通过所述区块链系统访问所述分布式哈希表;The second blockchain node accesses the distributed hash table through the blockchain system;
    所述第二区块链节点根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。The second blockchain node searches the distributed file system for the encrypted ciphertext corresponding to the file hash value in the request according to the distributed hash table.
  7. 根据权利要求1至6任意一项所述的区块链数据保护方法,其特征在于,所述第二区块链节点对获取的加密密文进行计算,将计算结果上传到所述区块链系统,之后,还包括:The method for protecting blockchain data according to any one of claims 1 to 6, wherein the second blockchain node calculates the obtained encrypted ciphertext, and uploads the calculation result to the blockchain The system, after that, also includes:
    所述区块链系统验证所述计算结果有效时,向所述第二区块链节点发放代币奖励。When the blockchain system verifies that the calculation result is valid, a token reward is issued to the second blockchain node.
  8. 一种区块链数据保护方法,其特征在于,包括:A blockchain data protection method is characterized in that it includes:
    对待加密数据进行同态加密,获得加密密文;Homomorphically encrypt encrypted data to obtain encrypted ciphertext;
    向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区 块链节点在接收到所述请求时对所述加密密文进行计算。Upload a request to calculate the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system calculate the encrypted ciphertext when receiving the request.
  9. 根据权利要求8所述的区块链数据保护方法,其特征在于,所述对待加密数据进行同态加密,获得加密密文,包括:The method for protecting blockchain data according to claim 8, characterized in that the homomorphic encryption of the data to be encrypted to obtain encrypted ciphertext comprises:
    通过多密钥隐私保护外包计算算法对待加密数据进行同态加密,获得加密密文。The encrypted data is homomorphically encrypted by the multi-key privacy protection outsourcing computing algorithm to obtain the encrypted ciphertext.
  10. 一种区块链数据保护方法,其特征在于,包括:A blockchain data protection method is characterized in that it includes:
    从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得;Obtaining a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
    根据所述请求获取所述加密密文;Obtaining the encrypted ciphertext according to the request;
    对获取的加密密文进行计算;Calculate the obtained encrypted ciphertext;
    将计算结果上传到所述区块链系统。The calculation results are uploaded to the blockchain system.
  11. 根据权利要求10所述的区块链数据保护方法,其特征在于,所述加密密文存储在分布式文件系统中;所述请求包括所述加密密文的文件哈希值;The method for protecting blockchain data according to claim 10, wherein the encrypted ciphertext is stored in a distributed file system; and the request includes a file hash value of the encrypted ciphertext;
    所述根据所述请求获取所述加密密文,包括:The obtaining the encrypted ciphertext according to the request includes:
    通过所述区块链系统访问所述第一区块链节点预先创建的分布式哈希表;所述分布式哈希表存储有所述加密密文的文件哈希值与所述分布式文件系统中所述加密密文的对应关系;Accessing a distributed hash table created in advance by the first blockchain node through the blockchain system; the distributed hash table stores a file hash value of the encrypted ciphertext and the distributed file The corresponding relationship of the encrypted cipher text in the system;
    根据所述分布式哈希表,在所述分布式文件系统中查找所述请求中文件哈希值对应的加密密文。According to the distributed hash table, look up the encrypted ciphertext corresponding to the file hash value in the request in the distributed file system.
  12. 一种区块链数据保护系统,其特征在于,包括第一区块链节点和第二区块链节点;A blockchain data protection system, comprising a first blockchain node and a second blockchain node;
    所述第一区块链节点用于对待加密数据进行同态加密,获得加密密文;向区块链系统上传计算所述加密密文的请求;The first blockchain node is configured to perform homomorphic encryption on the encrypted data to obtain an encrypted ciphertext; upload a request for calculating the encrypted ciphertext to a blockchain system;
    所述第二区块链节点用于从所述区块链系统获取所述请求;根据所述请求获取所述加密密文;对获取的加密密文进行计算,将计算结果上传到所述区块链系统。The second blockchain node is configured to obtain the request from the blockchain system; obtain the encrypted ciphertext according to the request; calculate the obtained encrypted ciphertext, and upload the calculation result to the area Blockchain system.
  13. 一种区块链数据保护装置,其特征在于,包括:A blockchain data protection device is characterized in that it includes:
    加密模块,用于对待加密数据进行同态加密,获得加密密文;An encryption module for homomorphically encrypting the encrypted data to obtain encrypted cipher text;
    请求上传模块,用于向区块链系统上传计算所述加密密文的请求,以使所述区块链系统中的其它区块链节点在接收到所述请求时对所述加密密文进行计算。A request uploading module is configured to upload a request for calculating the encrypted ciphertext to a blockchain system, so that other blockchain nodes in the blockchain system perform the encryption ciphertext upon receiving the request. Calculation.
  14. 一种区块链数据保护装置,其特征在于,包括:A blockchain data protection device is characterized in that it includes:
    请求获取模块,用于从区块链系统中获取第一区块链节点上传的计算加密密文的请求;所述加密密文通过对待加密数据同态加密获得;A request obtaining module, configured to obtain a request for calculating an encrypted ciphertext uploaded by a first blockchain node from a blockchain system; the encrypted ciphertext is obtained by homomorphic encryption of data to be encrypted;
    加密密文获取模块,用于根据所述请求获取所述加密密文;An encrypted ciphertext obtaining module, configured to obtain the encrypted ciphertext according to the request;
    计算模块,用于对获取的加密密文进行计算;A calculation module for calculating the obtained encrypted ciphertext;
    上传模块,用于将计算结果上传到所述区块链系统。An uploading module is configured to upload the calculation result to the blockchain system.
  15. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现如权利要求1至11中任意一项所述的区块链数据保护方法。A computer-readable storage medium having stored thereon a computer program, characterized in that when the program is executed by a processor, the method for protecting a blockchain data according to any one of claims 1 to 11 is implemented.
PCT/CN2018/102264 2018-08-24 2018-08-24 Blockchain data protection method, device and system, and computer-readable storage medium WO2020037654A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201880002220.4A CN109690551B (en) 2018-08-24 2018-08-24 Block chain data protection method, device and system and computer readable storage medium
PCT/CN2018/102264 WO2020037654A1 (en) 2018-08-24 2018-08-24 Blockchain data protection method, device and system, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/102264 WO2020037654A1 (en) 2018-08-24 2018-08-24 Blockchain data protection method, device and system, and computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2020037654A1 true WO2020037654A1 (en) 2020-02-27

Family

ID=66191851

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102264 WO2020037654A1 (en) 2018-08-24 2018-08-24 Blockchain data protection method, device and system, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN109690551B (en)
WO (1) WO2020037654A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111683071A (en) * 2020-05-29 2020-09-18 百度在线网络技术(北京)有限公司 Private data processing method, device, equipment and storage medium of block chain
CN112000962A (en) * 2020-07-13 2020-11-27 广发银行股份有限公司 Data encryption processing method, device and system based on block chain
CN112765649A (en) * 2020-12-31 2021-05-07 平安资产管理有限责任公司 Multi-party data analysis method, device, equipment and storage medium based on block chain

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188550A (en) * 2019-05-17 2019-08-30 深圳前海微众银行股份有限公司 A kind of data verification method and device of block chain
CN110197081B (en) * 2019-05-30 2021-01-15 北京理工大学 Cloud data sharing privacy protection method based on block chain
US10778410B2 (en) 2019-06-18 2020-09-15 Alibaba Group Holding Limited Homomorphic data encryption method and apparatus for implementing privacy protection
CN110348231B (en) * 2019-06-18 2020-08-14 阿里巴巴集团控股有限公司 Data homomorphic encryption and decryption method and device for realizing privacy protection
CN110245193A (en) * 2019-06-24 2019-09-17 中云(广州)区块链科技有限公司 The deposit of data distribution formula and data retrieval method based on block chain
CN110445851A (en) * 2019-07-26 2019-11-12 达闼科技成都有限公司 Communication means, device, storage medium and electronic equipment based on distributed network
CN110765473A (en) * 2019-10-11 2020-02-07 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN111373402B (en) * 2019-11-08 2022-03-25 支付宝(杭州)信息技术有限公司 Lightweight decentralized application platform
WO2020035089A2 (en) 2019-11-08 2020-02-20 Alipay (Hangzhou) Information Technology Co., Ltd. System and method for blockchain-based decentralized application development
CN111162912B (en) * 2019-12-30 2021-06-15 深圳前海微众银行股份有限公司 Verification method and device suitable for block chain and storage medium
JP7448191B2 (en) * 2020-02-14 2024-03-12 シスナ株式会社 data management system
CN111538782B (en) * 2020-04-14 2023-08-08 浙江浙燃能源有限公司 Energy big data management system based on block chain
CN111556147A (en) * 2020-04-27 2020-08-18 中国银行股份有限公司 Block chain-based calculation method and device
CN111371544B (en) * 2020-05-27 2020-09-08 支付宝(杭州)信息技术有限公司 Prediction method and device based on homomorphic encryption, electronic equipment and storage medium
CN111885107B (en) * 2020-06-17 2023-07-18 万高信息技术(珠海)有限公司 Trusted pseudo-center storage system based on blockchain
CN111835500B (en) * 2020-07-08 2022-07-26 浙江工商大学 Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN114268437A (en) * 2020-09-15 2022-04-01 中国电信股份有限公司 Data processing method, block chain node, system and computer readable storage medium
CN112328699B (en) * 2020-11-20 2023-07-28 中山大学 Safe wrapping method and system based on fully homomorphic encryption algorithm of blockchain
CN112269790B (en) * 2020-11-26 2024-02-02 阿拉拇 System and method for safely processing big data of block chain
CN112685767B (en) * 2020-12-25 2024-03-26 联想(北京)有限公司 Data processing method and system based on block chain
CN113079162B (en) * 2021-04-02 2022-08-30 浙江永旗区块链科技有限公司 Block chain-based distributed storage network and implementation method thereof
CN113949591B (en) * 2021-12-21 2022-07-05 北京中科金财科技股份有限公司 Data encryption protection method and system based on block chain
CN114900348B (en) * 2022-04-28 2024-01-30 福建福链科技有限公司 Block chain sensor data verification method and terminal
CN115051799B (en) * 2022-06-13 2022-11-25 北京天华星航科技有限公司 Digital information processing system based on block chain
CN116401718A (en) * 2023-06-08 2023-07-07 科大讯飞股份有限公司 Block chain-based data protection method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503994A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Block chain private data access control method based on encryption attribute
CN106549749A (en) * 2016-12-06 2017-03-29 杭州趣链科技有限公司 A kind of block chain method for secret protection encrypted based on additive homomorphism
CN106845960A (en) * 2017-01-24 2017-06-13 上海亿账通区块链科技有限公司 Method for secure transactions and system based on block chain
US20180152513A1 (en) * 2015-05-13 2018-05-31 Universität Mannheim Method for storing data in a cloud and network for carrying out the method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107666388B (en) * 2016-07-28 2019-11-01 郑珂威 Block chain information encryption method based on complete homomorphic cryptography method
CN107294709A (en) * 2017-06-27 2017-10-24 阿里巴巴集团控股有限公司 A kind of block chain data processing method, apparatus and system
CN107342858B (en) * 2017-07-05 2019-09-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107911216B (en) * 2017-10-26 2020-07-14 矩阵元技术(深圳)有限公司 Block chain transaction privacy protection method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180152513A1 (en) * 2015-05-13 2018-05-31 Universität Mannheim Method for storing data in a cloud and network for carrying out the method
CN106503994A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Block chain private data access control method based on encryption attribute
CN106549749A (en) * 2016-12-06 2017-03-29 杭州趣链科技有限公司 A kind of block chain method for secret protection encrypted based on additive homomorphism
CN106845960A (en) * 2017-01-24 2017-06-13 上海亿账通区块链科技有限公司 Method for secure transactions and system based on block chain

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111683071A (en) * 2020-05-29 2020-09-18 百度在线网络技术(北京)有限公司 Private data processing method, device, equipment and storage medium of block chain
EP3916604A1 (en) * 2020-05-29 2021-12-01 Baidu Online Network Technology (Beijing) Co., Ltd Method and apparatus for processing privacy data of block chain, device, storage medium and coputer program product
US20210377038A1 (en) * 2020-05-29 2021-12-02 Baidu Online Network Technology (Beijing) Co., Ltd. Method and apparatus for processing privacy data of block chain, device, and storage medium
KR20210148863A (en) * 2020-05-29 2021-12-08 바이두 온라인 네트웍 테크놀러지 (베이징) 캄파니 리미티드 Method and apparatus for processing privacy data of block chain, device, storage medium
KR102377187B1 (en) 2020-05-29 2022-03-21 바이두 온라인 네트웍 테크놀러지 (베이징) 캄파니 리미티드 Method and apparatus for processing privacy data of block chain, device, storage medium
US11665000B2 (en) 2020-05-29 2023-05-30 Baidu Online Network Technology (Beijing) Co., Ltd. Method and apparatus for processing privacy data of block chain, device, and storage medium
CN112000962A (en) * 2020-07-13 2020-11-27 广发银行股份有限公司 Data encryption processing method, device and system based on block chain
CN112000962B (en) * 2020-07-13 2024-02-27 广发银行股份有限公司 Data encryption processing method, device and system based on block chain
CN112765649A (en) * 2020-12-31 2021-05-07 平安资产管理有限责任公司 Multi-party data analysis method, device, equipment and storage medium based on block chain

Also Published As

Publication number Publication date
CN109690551A (en) 2019-04-26
CN109690551B (en) 2023-11-10

Similar Documents

Publication Publication Date Title
WO2020037654A1 (en) Blockchain data protection method, device and system, and computer-readable storage medium
Pal et al. Key management for blockchain technology
Zhang et al. A novel blockchain-based privacy-preserving framework for online social networks
Hwang et al. A business model for cloud computing based on a separate encryption and decryption service
Thota et al. Big data security framework for distributed cloud data centers
Zheng et al. A blockchain-based trading platform for big data
Wang et al. Security-aware and privacy-preserving personal health record sharing using consortium blockchain
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
Zhang et al. Blockchain-Enabled decentralized Attribute-Based access control with policy hiding for smart healthcare
Chen et al. A privacy protection method based on Key encapsulation mechanism in medical blockchain
Deng et al. BCTC-KSM: A blockchain-assisted threshold cryptography for key security management in power IoT data sharing
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
Reddy et al. Optimal blowfish algorithm-based technique for data security in cloud
Guo et al. IoT data blockchain-based transaction model using zero-knowledge proofs and proxy re-encryption
Zhao et al. A blockchain-based transaction system with payment statistics and supervision
Deshmukh et al. Secure fine-grained data access control over multiple cloud server based healthcare applications
Li et al. A blockchain-based scheme for efficient medical data sharing with attribute-based hierarchical encryption
Qin et al. Attribute-based encryption with outsourced computation for access control in IoTs
Rajeshkumar et al. A novel three-factor authentication and optimal mapreduce frameworks for secure medical big data transmission over the cloud with shaxecc
Banushri et al. Hyperledger Blockchain and Lightweight Bcrypt Symmetric Key Encryption to Boost Cloud Computing Security Effectiveness
Raj et al. A security-attribute-based access control along with user revocation for shared data in multi-owner cloud system
Chaturvedi et al. A review of homomorphic encryption of data in cloud computing
Wang et al. A multi-keyword searchable encryption sensitive data trusted sharing scheme in multi-user scenario
Hombal et al. Secure and Optimized Data Sharing Model Group in Healthcare Cloud Environment
Swathi et al. Enabling secure and effective spatial query processing on the cloud using forward spatial transformation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18931032

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18931032

Country of ref document: EP

Kind code of ref document: A1