WO2021186754A1 - Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secure computation system, secure computation method, and secure computation program - Google Patents

Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secure computation system, secure computation method, and secure computation program Download PDF

Info

Publication number
WO2021186754A1
WO2021186754A1 PCT/JP2020/024944 JP2020024944W WO2021186754A1 WO 2021186754 A1 WO2021186754 A1 WO 2021186754A1 JP 2020024944 W JP2020024944 W JP 2020024944W WO 2021186754 A1 WO2021186754 A1 WO 2021186754A1
Authority
WO
WIPO (PCT)
Prior art keywords
blockchain
information processing
secret
request
node
Prior art date
Application number
PCT/JP2020/024944
Other languages
French (fr)
Japanese (ja)
Inventor
泰弘 梅本
Original Assignee
株式会社モールサービス
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2020045995A external-priority patent/JP2021148850A/en
Priority claimed from JP2020045996A external-priority patent/JP2021149235A/en
Application filed by 株式会社モールサービス filed Critical 株式会社モールサービス
Publication of WO2021186754A1 publication Critical patent/WO2021186754A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to an information processing system, an information processing method, an information processing program, a secret sharing system, a secret sharing method, a secret sharing program, a secret calculation system, a secret calculation method, and a secret calculation program.
  • Blockchain is being used in a wide range of scenes, not limited to the sending and receiving of tokens with economic value.
  • Patent Document 1 discloses an invention relating to information management based on an organic combination of blockchain and biometric authentication.
  • the information management has an advantage that tamper resistance can be ensured in an offline environment such as a private network.
  • the present invention is a problem to be solved for the realization of new information processing.
  • the present invention is an information processing system including nodes constituting a blockchain network, the nodes having a distribution means and a restoration means, and the distribution means is the node.
  • the restoration is performed by performing secret sharing based on at least the generation of a plurality of shares constituting the data possessed by the data and the storage of some of the shares in the latest undetermined block in the blockchain stored in the blockchain network.
  • the means acquires at least some of the shares from the blockchain and restores the data based on at least some of the shares.
  • the decentralizing means further performs the secret sharing based on the storage of the remaining share outside the blockchain, and the restoring means acquires the remaining share from outside the blockchain. Do more.
  • the decentralizing means further performs the secret sharing based on the storage of the remaining share outside the blockchain network, and the restoring means is the remaining share from outside the blockchain network. Further acquisition of.
  • the node further has an authentication means, and the authentication means acquires the feature data of the operator of the node by performing a sensing process, and the template and the feature data of the node.
  • the distribution means stores a part of the share in the undetermined block, and the restoration means is the result of the authentication process. If is positive, a part of the share is acquired from the blockchain.
  • the feature data is based on face image data.
  • the present invention can securely realize backup / restore of data which is confidential information based on a secure authentication process by biometric authentication.
  • the present invention is an information processing method in which a node constituting a blockchain network executes a distribution step and a restoration step, and the distribution step constitutes data possessed by the node.
  • Secret sharing is performed based on at least the generation of a plurality of shares and the storage of a part of the shares in the latest undetermined block in the blockchain stored in the blockchain network, and the restoration step is performed at least by the above. Acquire some of the shares from the blockchain and restore the data based on at least some of the shares.
  • the present invention is an information processing program that causes a computer to function as a node constituting a blockchain network, and the node has a distribution means and a restoration means, and the distribution means. Creates a plurality of shares that make up the data held by the node, and stores some of the shares in the latest undetermined block in the blockchain stored in the blockchain network, at least based on secret sharing. Then, the restoration means acquires at least a part of the share from the blockchain and restores the data based on at least a part of the share.
  • the present invention is a secret sharing system having means for performing secret sharing of data inside and outside the blockchain. Further, the present invention is a secret sharing method in which a computer is made to perform a step of performing secret sharing of data both inside and outside the blockchain. The present invention is also a secret sharing program that causes a computer to function as a means for secret sharing data inside and outside the blockchain.
  • the present invention is an information processing system including a node constituting a blockchain network, a client outside the blockchain network, and a server outside the blockchain network.
  • the client has requesting means
  • the server has computing means
  • the concealment means corresponds to at least one block in the blockchain stored in the blockchain network.
  • the snapshot is stored in the server, and the requesting means determines a request based on the transaction stored in the block in the blockchain, and the request is determined.
  • the request is transmitted to the server, and the calculation means performs a secret calculation based on the encrypted snapshot with the reception of the request as a turning point, and corresponds to the request based on the result of the secret calculation.
  • the response is determined and the response is returned to the client.
  • the present invention further ensures confidentiality as well as tamper resistance so that a third party can suitably perform calculations based on the transaction history and the like indicated by at least a part of the blocks of the blockchain. It is possible to realize information processing that can be done.
  • the homomorphic encryption is somehat homomorphic encryption.
  • the homomorphic encryption is a level 2 homomorphic encryption.
  • the present invention provides a secret calculation that enables both additive calculation and multiplication calculation while suppressing the calculation cost in an operation based on at least a part of blocks in the blockchain. It can be realized.
  • the homomorphic encryption is a fully homomorphic encryption.
  • the secret calculation is a secret search.
  • the present invention causes a node constituting the blockchain network to execute a secret step, a client outside the blockchain network to execute a request step, and a server outside the blockchain network to perform a calculation step.
  • a snapshot corresponding to at least one block in the blockchain stored in the blockchain network is encrypted based on a quasi-isomorphic cipher, and then the snap is performed.
  • the shot is stored in the server, the request step determines a request based on the transaction stored in the block in the blockchain, sends the request to the server, and the calculation step receives the request.
  • a secret calculation based on the encrypted snapshot is performed, a response corresponding to the request is determined based on the result of the secret calculation, and the response is returned to the client.
  • the present invention includes a computer, a node that constitutes a blockchain network and has a concealing means, a client that has a requesting means outside the blockchain network, or a computing means outside the blockchain network.
  • An information processing program that functions as a server, in which the concealment means encrypts a snapshot corresponding to at least one block in the blockchain stored in the blockchain network based on a quasi-identical cipher.
  • the snapshot is stored in the server, the requesting means determines a request based on a transaction stored in the block in the blockchain, sends the request to the server, and the computing means of the request.
  • a secret calculation is performed based on the encrypted snapshot, a response corresponding to the request is determined based on the result of the secret calculation, and the response is returned to the client.
  • the present invention is a secret calculation system having means for performing secret calculation based on snapshots of at least a part of blocks in a blockchain.
  • the present invention is a secret calculation method in which a computer is made to perform a step of performing a secret calculation based on a snapshot of at least a part of blocks in a blockchain.
  • the present invention is a secret calculation program that causes a computer to function as a means for performing secret calculations based on snapshots of at least a part of blocks in a blockchain.
  • the present invention can realize new information processing.
  • the hardware block diagram which concerns on one Embodiment of this invention is shown.
  • the functional block diagram which concerns on one Embodiment of this invention is shown.
  • An explanatory diagram of secret sharing according to an embodiment of the present invention is shown.
  • An explanatory diagram of secret sharing according to an embodiment of the present invention is shown.
  • the data 110 which is the secret information S which concerns on one Embodiment of this invention is shown.
  • the functional block diagram which concerns on one Embodiment of this invention is shown.
  • the flowchart of the secret calculation which concerns on one Embodiment of this invention is shown.
  • the flowchart of the secret calculation which concerns on one Embodiment of this invention is shown.
  • Each of the information processing system, the information processing method, the information processing program, and the information processing program medium according to the present invention has the same effect.
  • Each means in the information processing system and each step in the information processing method have the same effect.
  • each of the secret sharing system, the secret sharing method, the secret sharing program, and the secret sharing program medium according to the present invention has the same effect.
  • Each means in the secret sharing system and each step in the secret sharing method have the same effect.
  • each of the secret calculation system, the secret calculation method, the secret calculation program, and the secret calculation program medium according to the present invention has the same effect.
  • Each means in the secret calculation system and each step in the secret calculation method have the same effect.
  • the information processing program medium and the secret sharing program medium according to the present invention are non-transient recording media in which the information processing program and the secret sharing program are stored, respectively.
  • information processing system information processing method, information processing program, information processing program medium, secret sharing system, secret sharing method, secret sharing program, secret sharing program medium, secret calculation method, secret calculation program -
  • the secret calculation program medium includes (uses) node 1 which is a known computer.
  • Node 1 has an arithmetic device 11, a main storage device 12, an auxiliary storage device 13, and a bus interface, and is appropriately used in order to realize the effects exhibited by the present invention.
  • the node 1 may include an input device 14, an output device 15, a communication device 16, and a detection device 17.
  • the arithmetic device 11 has a known processor capable of executing an instruction set.
  • the main storage device 12 has a known volatile memory capable of storing an instruction set.
  • the auxiliary storage device 13 has a known recording medium capable of recording a program or the like.
  • the input device 14 is, for example, a known interface capable of inputting intentions.
  • the output device 15 is a known interface that enables, for example, visual notification.
  • the communication device 16 has a known interface based on a wired system or a wireless system for realizing connection / participation to at least a part of a network including a public network / private network.
  • the detection device 17 is a known sensor that enables the sensing process.
  • Each device in node 1 may not be included in one housing. At least a part of each device in the node 1 (for example, the detection device 17) may have a power supply independent of the node 1 and may be able to communicate with the node 1 main body.
  • the information processing system 0 has a node 1.
  • the node 1 constitutes the blockchain network 2 and is a storage destination of the blockchain 20.
  • the number of nodes 1 in the blockchain network 2 is 2 or more.
  • Node 1 preferably has distribution means 101 (corresponding to the distribution step) and restoration means 102 (corresponding to the restoration step). Further, the node 1 may further have an authentication means 103 (corresponding to an authentication step). It can be understood that the node 1 has means (steps) for performing secret sharing of the data 110 inside and outside the blockchain 20 or inside and outside the blockchain network 2.
  • the distribution means 101 generates a plurality of shares 111 constituting the data 110 possessed by the node 1, and stores a part of the shares 111 in the latest undetermined block 21 in the blockchain 20 stored in the blockchain network 2. Perform secret sharing based on.
  • the distribution means 101 may perform secret sharing based on the storage of the remaining share 111 outside the blockchain 20. Further, as illustrated in FIG. 4, the distribution means 101 may perform secret sharing based on the storage of the remaining share 111 outside the blockchain network 2.
  • the data 110 corresponds to the secret information S.
  • the data 110 is a private key possessed by the node 1, and there is no limitation on its type. There is no limit to the number of bits of the private key.
  • one means of node 1 generates a digital signature based on a transaction stored in an undetermined block 21 on the blockchain 20 and the private key.
  • the plaintext in the digital signature is the transaction or the hash value of the transaction.
  • the "blockchain 20 stored in the blockchain network 2" in the description in the present specification corresponds to the blockchain 20 stored in a plurality of nodes 1 constituting the blockchain network 2.
  • “Storing a part of the shares 111 in the undecided block 21" in the description in this specification means, for example, storing a part of the shares 111 as a transaction in the undecided block 21.
  • an electronic signature is generated by the private key of the node 1 which is the secret information S configured by the share 111.
  • the restoring means 102 preferably acquires at least a part of the share 111 from the blockchain 20 and restores the data 110 based on at least a part of the share 111.
  • the restoration means 102 may further acquire the remaining share 111 from outside the blockchain 20.
  • the restoration means 102 may further acquire the remaining share 111 from outside the blockchain network 2.
  • acquisition of a part of the share 111 from the blockchain 20 means, for example, that the restoration means 102 has an electronic signature corresponding to the share 111 as a transaction stored in the block, and a node. It can be understood that the transaction is performed after specifying the partial share 111 on the blockchain 20 based on the public key corresponding to 1.
  • the "public key corresponding to the node 1" is, for example, a public key corresponding to the private key which is the secret information S configured by the share 111.
  • Outside the blockchain 20 in the description in this specification means that any of the blocks in the blockchain 20 is not a storage destination of various data. At this time, among the local storage 1ls of the node 1 and the external storage that does not operate independently of the node 1, the area that does not correspond to any of them corresponds to the outside of the blockchain 20.
  • the “external storage that does not operate independently of the node 1” refers to, for example, a non-volatile memory such as a flash memory connected to the node 1 via a physical interface.
  • Outside the blockchain network 2 in the description in this specification means that the local storage 1ls of the node 1 constituting the blockchain network 2 is not a storage destination of various data. At this time, the area in the external storage that operates independently of the node 1 corresponds to the outside of the blockchain network 2.
  • the “external storage that operates independently of the node 1” is, for example, cloud storage 1cs.
  • the secret sharing in one embodiment of the present invention is a secret sharing based on a known method.
  • the secret sharing divides the secret information S into n shares 111 (corresponding to the distributed information). Confidential information S can be restored based on at least a portion of n shares 111.
  • the restoration of the secret information S may be performed at least based on the share 111 stored in the undecided block 21 on the blockchain 20.
  • the secret sharing method in one embodiment of the present invention includes, for example, Shamir secret sharing, Lamp-Shamir secret sharing, Adaptive Secret Sharing, Repeated Adaptive Secret Sharing, and calculation.
  • Type additive secret sharing Computational Adaptive Secret Sharing, etc., and there are no restrictions on the type.
  • the storage destinations of the plurality of shares 111 in one embodiment of the present invention may be the undecided block 21, the local storage 1 ls, and the cloud storage 1 cs, and may be the undecided block 21 and the local storage 1 ls. It may be undecided block 21 and cloud storage 1cs.
  • the authentication means 103 may perform an authentication process of acquiring the feature data 112 of the operator of the node 1 by performing a sensing process and collating the template 113 and the feature data 112 of the node 1.
  • the distribution means 101 stores a part of the shares 111 in the undecided block 21.
  • the restoration means 102 acquires a part of the share 111 from the blockchain 20.
  • the feature data 112 in one embodiment of the present invention is biological data including the operator's face image data, fingerprint data, palm shape data, retinal data, voice print data, iris data, handwriting data, walking data, vein data, and the like. based on. At this time, it can be understood that the sensing process adopts the optimum method according to the type of feature data 112 / biometric data.
  • the authentication means 103 determines the similarity based on the N-dimensional vector data indicating each of the feature data 112 and the template 113. If the similarity satisfies a predetermined condition, the result of the authentication process is positive (the authentication process succeeds).
  • the similarity is determined, for example, based on the Euclidean distance or cosine similarity indicated by the N-dimensional vector data.
  • the template 113 in one embodiment of the present invention may be stored in the local storage 1ls of the node 1 and may be stored in the block on the blockchain 20.
  • Template 113 corresponds to the public key of node 1 as an example.
  • the "public key of the node 1" is, for example, a public key corresponding to the private key which is the secret information S.
  • the storage / update / change of the template 113 is realized by one means possessed by the node 1.
  • the authentication means 103 may return the public key corresponding to the template 113 to the node 1.
  • the public key is used for the specific use of the share 111 stored in the block on the blockchain 20.
  • the number of dimensions of the vector data of the feature data 112 is preferably 4096 or more, more preferably 2048 or more, more preferably 1024 or more, more preferably 512 or more, and more preferably 256 or more. More preferably, it is 128 or more.
  • the feature data 112 is determined through feature extraction for the detection data acquired by the detection device 17.
  • the authentication means 103 includes, for example, calculation processing of an eigenvector by a principal component analysis model, learning and inference processing by a deep learning model such as a convolutional neural network model, learning and classification processing by a decision tree model such as a support vector machine, and so on.
  • a deep learning model such as a convolutional neural network model
  • learning and classification processing by a decision tree model such as a support vector machine
  • the blockchain network 2 is composed of a plurality of nodes 1 interconnected in a private network.
  • the plurality of nodes 1 have at least a part of the blockchain 20 (at least the latest undecided block 21).
  • the private network is, for example, an on-site network that is an on-site private network that points to "the place" such as inside an event venue.
  • the blockchain 20 may employ a known technique. Further, as one aspect of the blockchain 20, for example, the matters (various chains) described in Japanese Patent No. 6650157 can be adopted. In one embodiment of the present invention, the matters described in Japanese Patent No. 6650157 may be adopted.
  • the node 1 has a means for finalizing including the generation of a hash value by hashing the undecided block 21 in the blockchain 20. Further, the node 1 has a means for generating a new undecided block 21 in the blockchain 20 after the finalization and adding the hash value to the new undecided block 21.
  • the block in the blockchain 20 appropriately has a transaction corresponding to the electronic signature stored in the block.
  • the share 111 in one embodiment of the present invention is associated with the index and can be searched. It is determined whether or not the information restored based on the share 111 is the secret information S based on the secret information S (for example, corresponding to the private key possessed by the node 1) and the corresponding public key (the information is correct). Judge whether or not.)
  • information processing including backup of data 110 (confidential information S) in the blockchain network 2 that is updated in an offline environment can be securely realized based on information-theoretic security.
  • the information processing system 0 includes a node 1 constituting the blockchain network 2, a client 3 outside the blockchain network 2, and a server 4 outside the blockchain network 2.
  • the node 1 constitutes the blockchain network 2 and is a storage destination of the blockchain 20.
  • the number of nodes 1 in the blockchain network 2 is 2 or more.
  • Node 1 has a concealment means 104 (corresponding to a concealment step).
  • the concealment means 104 encrypts the snapshot 20s corresponding to at least one block in the blockchain 20 stored in the blockchain network 2 based on homomorphic encryption, and generates an encrypted snapshot 20se to generate a snapshot. 20se is transmitted to the server 4 and stored in the server 4.
  • the term "at least one block in the blockchain 20" may refer to a block group containing at least the latest undetermined block 21, and may refer to a block group containing a predetermined block that has already been finalized. good.
  • snapshot 20se can be generated by the concealment means 104 and transmitted to the server 4 in real time.
  • the concealment means 104 may be configured to appropriately define the item name and the like based on the user-defined schema in the blockchain 20 when generating the encrypted data (including the snapshot 20se) related to the blockchain 20. ..
  • the homomorphic encryption in one embodiment of the present invention may be somehat homomorphic encryption. Further, the homomorphic encryption may be a level 2 homomorphic encryption (L2 homomorphic encryption). Further, the homomorphic encryption may be a fully homomorphic encryption.
  • the homomorphic encryption preferably refers to a known homomorphic encryption that enables multiplication calculation in addition to addition calculation.
  • the secret calculation in one embodiment of the present invention is, for example, a secret search.
  • the blockchain network 2 is composed of a plurality of nodes 1 interconnected in a private network.
  • the plurality of nodes 1 have at least a part of the blockchain 20 (at least the latest undecided block 21).
  • the private network is, for example, an on-site network that is an on-site private network that points to "the place" such as inside an event venue.
  • the blockchain 20 may employ a known technique. Further, as one aspect of the blockchain 20, for example, the matters (various chains) described in Japanese Patent No. 6650157 can be adopted. In one embodiment of the present invention, the matters described in Japanese Patent No. 6650157 may be adopted.
  • the node 1 has a means for finalizing including the generation of a hash value by hashing the undecided block 21 in the blockchain 20. Further, the node 1 has a means for generating a new undecided block 21 in the blockchain 20 after the finalization and adding the hash value to the new undecided block 21.
  • the block in the blockchain 20 appropriately has a transaction corresponding to the electronic signature stored in the block.
  • the blockchain 20 in one embodiment of the present invention has a block including a transaction between the node 1 and the client 3.
  • Client 3 is a known computer.
  • the client 3 also takes the form of a known computer such as a smartphone, laptop, workstation or the like.
  • the client 3 may have the same hardware configuration as that of the node 1.
  • Client 3 has request means 301 (corresponding to a request step). Each device possessed by the client 3 is appropriately provided to realize the means including the requesting means 301.
  • the request means 301 determines the request 310 based on the transaction stored in the block in the blockchain 20, and transmits the request 310 to the server 4. Further, it can be understood that the request means 301 determines the request 310 based on the transaction between the node 1 and the client 3.
  • the request 310 may have a configuration that appropriately includes a request identifier, a time stamp, and transaction details.
  • the "request 310 based on a transaction stored in a block in the blockchain 20" refers to a request for information disclosure relating to the content of the transaction and / or the calculation result based on the transaction. ..
  • the server 4 is a known computer.
  • the server 4 also takes the form of a known computer such as a smartphone, laptop, or workstation.
  • the server 4 may have the same hardware configuration as that of the node 1.
  • the server 4 has a calculation means 401 (corresponding to a calculation step). Each device included in the server 4 is appropriately provided for realizing means including the calculation means 401.
  • the server 4 has a means (corresponding to a step) for performing a secret calculation based on the snapshot 20se of at least a part of the blocks in the blockchain 20.
  • the calculation means 401 performs a secret calculation based on the snapshot 20se with the reception of the request 310 as a turning point, determines the response 410 corresponding to the request 310 based on the result of the secret calculation, and returns the response 410 to the client 3.
  • ⁇ Secret calculation (Example 1)> As illustrated in FIG. 7, the information processing including the secret calculation in one embodiment of the present invention is performed between the node 1 (at least a part of the nodes 1 in the blockchain network 2), the client 3, and the server 4 as follows. It can be understood that it is executed like this.
  • the concealment means 104 acquires a snapshot 20s of the blockchain 20 based on the blockchain 20. After that, the concealment means 104 generates the snapshot 20se by encrypting the snapshot 20s based on the homomorphic encryption, and transmits the snapshot 20se to the server 4.
  • "when the blockchain 20 is updated" means that a new undecided block 21 is generated in the blockchain 20, or a new transaction is stored in the latest undecided block 21 between the nodes 1. Refers to the case where it is broadcast on.
  • the server 4 transmits the public key 411 corresponding to the private key 413 possessed by the server 4 to the node 1 and / or the client 3.
  • the node 1 receives the public key 411 from the server 4, the node 1 transmits the public key 411 to the client 3.
  • the request means 301 transmits the request 310 to the node 1 and / or the server 4.
  • the node 1 receives the request 310 from the client 3, the node 1 sends the request 310 to the server 4.
  • the request 310 in the first embodiment is, for example, a general request relating to a credit balance that can be calculated based on a transaction stored in a block in the blockchain 20.
  • the request in general is, for example, a comparison between the credit balance and a predetermined value corresponding to the transaction content.
  • the predetermined value is, for example, a settlement amount.
  • the request in general is, for example, determination of the degree of similarity between the feature data and the template, such as the Euclidean distance.
  • the calculation means 401 performs a secret calculation based on the snapshot 20se transmitted by the concealment means 104 and the request 310 transmitted by the request means 301.
  • the calculation means 401 determines the response 410 corresponding to the request 310 transmitted by the request means 301 based on the result of the secret calculation, and returns the response 410 to the client 3 corresponding to the request 310.
  • the response 410 may be, for example, binary data indicating whether or not the transaction is possible, which corresponds to the above transaction content.
  • the calculation means 401 may generate an electronic signature 412 in which the response 410 is in plain text based on the private key 413.
  • the calculation means 401 may further make at least a part of the request 310 corresponding to the response 410 in plain text.
  • the node 1 may determine the response 410 based on the result of the secret calculation by the calculation means 401, and return the response 410 to the client 3. In this case, the node 1 generates an electronic signature in which the response 410 is in plain text based on the private key possessed by the node 1.
  • the client 3 verifies the electronic signature 412 based on the public key 411 sent from the server 4 to confirm the validity of the returned response 410.
  • ⁇ Secret calculation (Example 2)> As illustrated in FIG. 8, the information processing including the secret calculation in one embodiment of the present invention is performed between the node 1 (at least a part of the nodes 1 in the blockchain network 2), the client 3, and the server 4 as follows. It can be understood that it is executed like this.
  • the client 3 transmits the public key 311 corresponding to the private key 313 possessed by the client 3, the selection information 312, and the node 1.
  • the selection information 312 may take the form of a selection-type questionnaire, or may take the form of a candidate name in an election.
  • the node 1 stores the transaction based on the selection information 312 in the latest undecided block 21 in the blockchain 20. At this time, the node 1 preferably stores the transaction in the undetermined block 21 after encrypting the transaction based on the public key 311 transmitted from the client 3.
  • the concealment means 104 acquires a snapshot 20s of the blockchain 20 based on the blockchain 20. After that, the concealment means 104 generates the snapshot 20se by encrypting the snapshot 20s based on the homomorphic encryption, and transmits the snapshot 20se to the server 4.
  • the request means 301 determines the request 310 based on the transaction based on the selection information 312, and transmits the request 310 to the server 4.
  • the request 310 is, for example, all statistical data that can be determined based on the selection information 312.
  • the statistical data for example, refers to information on the candidates and the like having the largest number of votes (selected).
  • the calculation means 401 performs a secret calculation based on the snapshot 20se transmitted by the concealment means 104 and the request 310 transmitted by the request means 301.
  • the calculation means 401 determines the response 410 corresponding to the request 310 transmitted by the request means 301 based on the result of the secret calculation, and returns the response 410 to the client 3 corresponding to the request 310.
  • the response 410 indicates, for example, the candidate with the largest number of votes. Further, at this time, the calculation means 401 may generate an electronic signature 412 in which the response 410 is in plain text based on the private key 413.
  • the client 3 verifies the electronic signature 412 based on the public key 411 transmitted from the server 4, confirms the validity of the returned response 410, and makes the response 410 based on the private key 313. Decrypt.
  • the client 3 side can identify the node 1 that generated the transaction used for the secret calculation based on the verification result of the electronic signature 412. Is.
  • information processing for providing an incentive from the client 3 to the specified node 1 can be realized as an example.

Abstract

The present invention addresses the problem of implementing new information processing. Implemented is an information processing system including a node constituting a block chain network, wherein the node comprises a sharing means and a restoration means, the sharing means performs secret sharing at least based on generation of a plurality of shares constituting data that the node has, and storage of some of the shares in a newest undetermined block in a block chain stored in the block chain network, and the restoration means acquires the some shares at least from the block chain, and restores the data at least on the basis of the some shares.

Description

情報処理システム、情報処理方法、情報処理プログラム、秘密分散システム、秘密分散方法、秘密分散プログラム、秘密計算システム、秘密計算方法、及び、秘密計算プログラムInformation processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secret calculation system, secret calculation method, and secret calculation program
 本発明は、情報処理システム、情報処理方法、情報処理プログラム、秘密分散システム、秘密分散方法、秘密分散プログラム、秘密計算システム、秘密計算方法、及び、秘密計算プログラムに関する。 The present invention relates to an information processing system, an information processing method, an information processing program, a secret sharing system, a secret sharing method, a secret sharing program, a secret calculation system, a secret calculation method, and a secret calculation program.
 近年、情報管理システムにおける改竄耐性を向上するためのソリューションとしてブロックチェーン技術が注目されている。ブロックチェーンは、経済価値を有するトークンの送受に限定されない幅広いシーンで活用されつつある。 In recent years, blockchain technology has been attracting attention as a solution for improving tamper resistance in information management systems. Blockchain is being used in a wide range of scenes, not limited to the sending and receiving of tokens with economic value.
 特許文献1は、ブロックチェーン及び生体認証の有機的な組み合わせに基づくような情報管理についての発明を開示している。当該情報管理は、プライベートネットワークのようなオフライン環境において改竄耐性を担保することができる、という利点を有する。 Patent Document 1 discloses an invention relating to information management based on an organic combination of blockchain and biometric authentication. The information management has an advantage that tamper resistance can be ensured in an offline environment such as a private network.
 上記情報管理は、ブロックチェーンのノードが有するデータのバックアップ等の情報処理を好適に実現する、という観点で改善の余地がある。 There is room for improvement in the above information management from the viewpoint of preferably realizing information processing such as data backup possessed by blockchain nodes.
 上記情報管理は、第三者がブロックチェーンの少なくとも一部のブロックが示す取引履歴等に基づく演算において秘匿性を担保する、という観点において改善の余地がある。 There is room for improvement in the above information management from the viewpoint of ensuring confidentiality in calculations based on transaction history, etc. indicated by at least some blocks of the blockchain by a third party.
特許第6650157号Patent No. 6650157
 上記事情を鑑みて、本発明は、新規な情報処理の実現を解決すべき課題とする。 In view of the above circumstances, the present invention is a problem to be solved for the realization of new information processing.
 上記課題を解決するため、本発明は、ブロックチェーンネットワークを構成するノードを含む情報処理システムであって、前記ノードは、分散手段と、復元手段と、を有し、前記分散手段は、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、前記復元手段は、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する。 In order to solve the above problems, the present invention is an information processing system including nodes constituting a blockchain network, the nodes having a distribution means and a restoration means, and the distribution means is the node. The restoration is performed by performing secret sharing based on at least the generation of a plurality of shares constituting the data possessed by the data and the storage of some of the shares in the latest undetermined block in the blockchain stored in the blockchain network. The means acquires at least some of the shares from the blockchain and restores the data based on at least some of the shares.
 このような構成とすることで、ブロックチェーンをプライベートネットワークのようなオフライン環境において管理する場合においても、ブロックチェーンのノードが有するデータのバックアップを、情報理論的安全性に基づきセキュアに実現することができる。 With such a configuration, even when the blockchain is managed in an offline environment such as a private network, it is possible to securely back up the data possessed by the blockchain nodes based on information-theoretic security. can.
 本発明の好ましい形態では、前記分散手段は、前記ブロックチェーン外への残りの前記シェアの格納にさらに基づく前記秘密分散を行い、前記復元手段は、前記ブロックチェーン外からの残りの前記シェアの取得をさらに行う。 In a preferred embodiment of the invention, the decentralizing means further performs the secret sharing based on the storage of the remaining share outside the blockchain, and the restoring means acquires the remaining share from outside the blockchain. Do more.
 本発明の好ましい形態では、前記分散手段は、前記ブロックチェーンネットワーク外への残りの前記シェアの格納にさらに基づく前記秘密分散を行い、前記復元手段は、前記ブロックチェーンネットワーク外からの残りの前記シェアの取得をさらに行う。 In a preferred embodiment of the invention, the decentralizing means further performs the secret sharing based on the storage of the remaining share outside the blockchain network, and the restoring means is the remaining share from outside the blockchain network. Further acquisition of.
 このような構成とすることで、ブロックチェーンをプライベートネットワークのようなオフライン環境において管理する場合においても、ブロックチェーンのノードが有するデータのバックアップを、冗長性を担保しながら実現することができる。 With such a configuration, even when the blockchain is managed in an offline environment such as a private network, data backup of the blockchain nodes can be realized while ensuring redundancy.
 本発明の好ましい形態では、前記ノードは、認証手段をさらに有し、前記認証手段は、センシング処理を行うことで前記ノードの操作者の特徴データを取得し、前記ノードが有するテンプレート及び前記特徴データを照合する認証処理を行い、前記分散手段は、前記認証処理の結果が正を示す場合、前記未決定ブロックへの一部の前記シェアの格納を行い、前記復元手段は、前記認証処理の結果が正を示す場合、前記ブロックチェーンからの一部の前記シェアの取得を行う。また、本発明の好ましい形態では、前記特徴データは、顔画像データに基づく。 In a preferred embodiment of the present invention, the node further has an authentication means, and the authentication means acquires the feature data of the operator of the node by performing a sensing process, and the template and the feature data of the node. When the result of the authentication process is positive, the distribution means stores a part of the share in the undetermined block, and the restoration means is the result of the authentication process. If is positive, a part of the share is acquired from the blockchain. Further, in a preferred embodiment of the present invention, the feature data is based on face image data.
 このような構成とすることで、本発明は、秘密情報であるデータのバックアップ・リストアを、生体認証によるセキュアな認証処理に基づきセキュアに実現することができる。 With such a configuration, the present invention can securely realize backup / restore of data which is confidential information based on a secure authentication process by biometric authentication.
 上記課題を解決するため、本発明は、ブロックチェーンネットワークを構成するノードに、分散ステップと、復元ステップと、を実行させる情報処理方法であって、前記分散ステップは、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、前記復元ステップは、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する。 In order to solve the above problems, the present invention is an information processing method in which a node constituting a blockchain network executes a distribution step and a restoration step, and the distribution step constitutes data possessed by the node. Secret sharing is performed based on at least the generation of a plurality of shares and the storage of a part of the shares in the latest undetermined block in the blockchain stored in the blockchain network, and the restoration step is performed at least by the above. Acquire some of the shares from the blockchain and restore the data based on at least some of the shares.
 上記課題を解決するため、本発明は、コンピュータを、ブロックチェーンネットワークを構成するノードとして機能させる情報処理プログラムであって、前記ノードは、分散手段と、復元手段と、を有し、前記分散手段は、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、前記復元手段は、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する。 In order to solve the above problems, the present invention is an information processing program that causes a computer to function as a node constituting a blockchain network, and the node has a distribution means and a restoration means, and the distribution means. Creates a plurality of shares that make up the data held by the node, and stores some of the shares in the latest undetermined block in the blockchain stored in the blockchain network, at least based on secret sharing. Then, the restoration means acquires at least a part of the share from the blockchain and restores the data based on at least a part of the share.
 上記課題を解決するため、本発明は、データの秘密分散をブロックチェーン内外に亘り行う手段を有する秘密分散システムである。また、本発明は、データの秘密分散をブロックチェーン内外に亘り行うステップを、コンピュータに実行させる秘密分散方法である。また、本発明は、コンピュータを、データの秘密分散をブロックチェーン内外に亘り行う手段として機能させる秘密分散プログラムである。 In order to solve the above problems, the present invention is a secret sharing system having means for performing secret sharing of data inside and outside the blockchain. Further, the present invention is a secret sharing method in which a computer is made to perform a step of performing secret sharing of data both inside and outside the blockchain. The present invention is also a secret sharing program that causes a computer to function as a means for secret sharing data inside and outside the blockchain.
 上記課題を解決するため、本発明は、ブロックチェーンネットワークを構成するノードと、前記ブロックチェーンネットワーク外のクライアントと、前記ブロックチェーンネットワーク外のサーバと、を含む情報処理システムであって、前記ノードは、秘匿手段を有し、前記クライアントは、要求手段を有し、前記サーバは、計算手段を有し、前記秘匿手段は、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、前記要求手段は、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、前記計算手段は、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する。 In order to solve the above problems, the present invention is an information processing system including a node constituting a blockchain network, a client outside the blockchain network, and a server outside the blockchain network. , The client has requesting means, the server has computing means, and the concealment means corresponds to at least one block in the blockchain stored in the blockchain network. After encrypting the snapshot based on the quasi-isomorphic encryption, the snapshot is stored in the server, and the requesting means determines a request based on the transaction stored in the block in the blockchain, and the request is determined. The request is transmitted to the server, and the calculation means performs a secret calculation based on the encrypted snapshot with the reception of the request as a turning point, and corresponds to the request based on the result of the secret calculation. The response is determined and the response is returned to the client.
 このような構成とすることで、本発明は、第三者がブロックチェーンの少なくとも一部のブロックが示す取引履歴等に基づく演算を好適に行えるような、改竄耐性のみならず秘匿性をさらに担保することができるような、情報処理を実現することができる。 With such a configuration, the present invention further ensures confidentiality as well as tamper resistance so that a third party can suitably perform calculations based on the transaction history and the like indicated by at least a part of the blocks of the blockchain. It is possible to realize information processing that can be done.
 本発明の好ましい形態では、前記準同型暗号は、somewhat準同型暗号である。 In a preferred embodiment of the present invention, the homomorphic encryption is somehat homomorphic encryption.
 本発明の好ましい形態では、前記準同型暗号は、レベル2準同型暗号である。 In a preferred embodiment of the present invention, the homomorphic encryption is a level 2 homomorphic encryption.
 このような構成とすることで、本発明は、ブロックチェーンにおける少なくとも一部のブロックに基づくような演算において、計算コストを抑えながら、加法計算及び乗法計算の双方を可能とするような秘密計算を実現することができる。 With such a configuration, the present invention provides a secret calculation that enables both additive calculation and multiplication calculation while suppressing the calculation cost in an operation based on at least a part of blocks in the blockchain. It can be realized.
 本発明の好ましい形態では、前記準同型暗号は、完全準同型暗号である。 In a preferred embodiment of the present invention, the homomorphic encryption is a fully homomorphic encryption.
 本発明の好ましい形態では、前記秘密計算は、秘匿検索である。 In the preferred embodiment of the present invention, the secret calculation is a secret search.
 上記課題を解決するため、本発明は、ブロックチェーンネットワークを構成するノードに秘匿ステップを実行させ、前記ブロックチェーンネットワーク外のクライアントに要求ステップを実行させ、前記ブロックチェーンネットワーク外のサーバに計算ステップを実行させる情報処理方法であって、前記秘匿ステップは、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、前記要求ステップは、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、前記計算ステップは、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する。 In order to solve the above problems, the present invention causes a node constituting the blockchain network to execute a secret step, a client outside the blockchain network to execute a request step, and a server outside the blockchain network to perform a calculation step. In the information processing method to be executed, in the concealment step, a snapshot corresponding to at least one block in the blockchain stored in the blockchain network is encrypted based on a quasi-isomorphic cipher, and then the snap is performed. The shot is stored in the server, the request step determines a request based on the transaction stored in the block in the blockchain, sends the request to the server, and the calculation step receives the request. As a turning point, a secret calculation based on the encrypted snapshot is performed, a response corresponding to the request is determined based on the result of the secret calculation, and the response is returned to the client.
 上記課題を解決するため、本発明は、コンピュータを、ブロックチェーンネットワークを構成し秘匿手段を有するノード、前記ブロックチェーンネットワーク外の要求手段を有するクライアント、又は、前記ブロックチェーンネットワーク外の計算手段を有するサーバとして機能させる情報処理プログラムであって、前記秘匿手段は、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、前記要求手段は、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、前記計算手段は、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する。 In order to solve the above problems, the present invention includes a computer, a node that constitutes a blockchain network and has a concealing means, a client that has a requesting means outside the blockchain network, or a computing means outside the blockchain network. An information processing program that functions as a server, in which the concealment means encrypts a snapshot corresponding to at least one block in the blockchain stored in the blockchain network based on a quasi-identical cipher. The snapshot is stored in the server, the requesting means determines a request based on a transaction stored in the block in the blockchain, sends the request to the server, and the computing means of the request. With the reception as a turning point, a secret calculation is performed based on the encrypted snapshot, a response corresponding to the request is determined based on the result of the secret calculation, and the response is returned to the client.
 上記課題を解決するため、本発明は、ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行う手段を有する秘密計算システムである。 In order to solve the above problems, the present invention is a secret calculation system having means for performing secret calculation based on snapshots of at least a part of blocks in a blockchain.
 上記課題を解決するため、本発明は、ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行うステップを、コンピュータに実行させる秘密計算方法である。 In order to solve the above problems, the present invention is a secret calculation method in which a computer is made to perform a step of performing a secret calculation based on a snapshot of at least a part of blocks in a blockchain.
 上記課題を解決するため、本発明は、コンピュータを、ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行う手段として機能させる秘密計算プログラムである。 In order to solve the above problems, the present invention is a secret calculation program that causes a computer to function as a means for performing secret calculations based on snapshots of at least a part of blocks in a blockchain.
 本発明は、新規な情報処理を実現することができる。 The present invention can realize new information processing.
本発明の一実施形態に係るハードウェア構成図を示す。The hardware block diagram which concerns on one Embodiment of this invention is shown. 本発明の一実施形態に係る機能ブロック図を示す。The functional block diagram which concerns on one Embodiment of this invention is shown. 本発明の一実施形態に係る秘密分散の説明図を示す。An explanatory diagram of secret sharing according to an embodiment of the present invention is shown. 本発明の一実施形態に係る秘密分散の説明図を示す。An explanatory diagram of secret sharing according to an embodiment of the present invention is shown. 本発明の一実施形態に係る秘密情報Sであるデータ110を示す。The data 110 which is the secret information S which concerns on one Embodiment of this invention is shown. 本発明の一実施形態に係る機能ブロック図を示す。The functional block diagram which concerns on one Embodiment of this invention is shown. 本発明の一実施形態に係る秘密計算のフローチャートを示す。The flowchart of the secret calculation which concerns on one Embodiment of this invention is shown. 本発明の一実施形態に係る秘密計算のフローチャートを示す。The flowchart of the secret calculation which concerns on one Embodiment of this invention is shown.
 本明細書は、本発明の一実施形態に係る構成や作用効果等について、図面を交えて説明する。本発明は、以下の一実施形態に限定されず、様々な構成を採用し得る。また、本発明の一実施形態は、各実施形態のそれぞれにおける構成の一部を、本発明の一実施形態が目的とする作用効果の実現を阻害しない範囲で互いに採用してよい。 This specification describes the configuration, the action and effect, etc. according to the embodiment of the present invention with reference to the drawings. The present invention is not limited to the following embodiment, and various configurations may be adopted. Further, in one embodiment of the present invention, a part of the configuration in each of the respective embodiments may be adopted with each other as long as the realization of the desired action and effect of the one embodiment of the present invention is not hindered.
 本発明に係る情報処理システム、情報処理方法、情報処理プログラム、及び、情報処理プログラム媒体のそれぞれは、同様の作用効果を奏する。情報処理システム等における各手段と、情報処理方法における各ステップと、は同様の作用効果を奏する。 Each of the information processing system, the information processing method, the information processing program, and the information processing program medium according to the present invention has the same effect. Each means in the information processing system and each step in the information processing method have the same effect.
 また、本発明に係る秘密分散システム、秘密分散方法、秘密分散プログラム、及び、秘密分散プログラム媒体のそれぞれは、同様の作用効果を奏する。秘密分散システム等における各手段と、秘密分散方法における各ステップと、は同様の作用効果を奏する。 Further, each of the secret sharing system, the secret sharing method, the secret sharing program, and the secret sharing program medium according to the present invention has the same effect. Each means in the secret sharing system and each step in the secret sharing method have the same effect.
 また、本発明に係る秘密計算システム、秘密計算方法、秘密計算プログラム、及び、秘密計算プログラム媒体のそれぞれは、同様の作用効果を奏する。秘密計算システム等における各手段と、秘密計算方法における各ステップと、は同様の作用効果を奏する。 Further, each of the secret calculation system, the secret calculation method, the secret calculation program, and the secret calculation program medium according to the present invention has the same effect. Each means in the secret calculation system and each step in the secret calculation method have the same effect.
 本発明に係る情報処理システム、情報処理プログラム、情報処理プログラム媒体、秘密分散システム、秘密分散プログラム、秘密分散プログラム媒体、秘密計算システム、秘密計算プログラム、及び、秘密計算プログラム媒体のそれぞれにおける各手段の作用効果は、後述のプロセッサ等の演算デバイスが発揮する、と把握することができる。また、情報処理方法、及び、秘密分散方法の各ステップの作用効果も当該プロセッサ等の演算デバイスにより実現される、と把握することができる。 Each means in each of the information processing system, the information processing program, the information processing program medium, the secret sharing system, the secret sharing program, the secret sharing program medium, the secret calculation system, the secret calculation program, and the secret calculation program medium according to the present invention. It can be understood that the action and effect are exerted by a computing device such as a processor described later. Further, it can be understood that the action and effect of each step of the information processing method and the secret sharing method are also realized by the arithmetic device such as the processor.
 本発明に係る情報処理プログラム媒体及び秘密分散プログラム媒体は、それぞれ、情報処理プログラム及び秘密分散プログラムが格納された非一過性の記録媒体である。 The information processing program medium and the secret sharing program medium according to the present invention are non-transient recording media in which the information processing program and the secret sharing program are stored, respectively.
 〈ハードウェア構成〉
 図1に例示されるように、情報処理システム・情報処理方法・情報処理プログラム・情報処理プログラム媒体・秘密分散システム・秘密分散方法・秘密分散プログラム・秘密分散プログラム媒体・秘密計算方法・秘密計算プログラム・秘密計算プログラム媒体は、既知のコンピュータであるノード1を含む(利用する)。 <Hardware configuration>
As illustrated in FIG. 1, information processing system, information processing method, information processing program, information processing program medium, secret sharing system, secret sharing method, secret sharing program, secret sharing program medium, secret calculation method, secret calculation program -The secret calculation program medium includes (uses) node 1 which is a known computer.
 ノード1は、演算デバイス11、主記憶デバイス12、補助記憶デバイス13、及び、バスインタフェースを有し、本発明が発揮する作用効果を実現する上で適宜、用いられる。なお、ノード1は、上記構成に加えて、入力デバイス14、出力デバイス15、通信デバイス16、及び、検出デバイス17を備える構成でよい。 Node 1 has an arithmetic device 11, a main storage device 12, an auxiliary storage device 13, and a bus interface, and is appropriately used in order to realize the effects exhibited by the present invention. In addition to the above configuration, the node 1 may include an input device 14, an output device 15, a communication device 16, and a detection device 17.
 演算デバイス11は、命令セットを実行可能な既知のプロセッサを有する。
 主記憶デバイス12は、命令セットを記憶可能な既知の揮発性メモリを有する。
 補助記憶デバイス13は、プログラム等を記録可能な既知の記録媒体を有する。
 入力デバイス14は、例えば意思入力が可能な既知のインタフェースである。
 出力デバイス15は、例えば視覚的な報知を可能とする既知のインタフェースである。
 通信デバイス16は、パブリックネットワーク・プライベートネットワークを含むネットワークの少なくとも一部への接続・参加を実現するための有線方式又は無線方式に基づく既知のインタフェースを有する。
 検出デバイス17は、上記センシング処理を可能とする既知のセンサである。 The arithmetic device 11 has a known processor capable of executing an instruction set.
The main storage device 12 has a known volatile memory capable of storing an instruction set.
The auxiliary storage device 13 has a known recording medium capable of recording a program or the like.
The input device 14 is, for example, a known interface capable of inputting intentions.
The output device 15 is a known interface that enables, for example, visual notification.
The communication device 16 has a known interface based on a wired system or a wireless system for realizing connection / participation to at least a part of a network including a public network / private network.
The detection device 17 is a known sensor that enables the sensing process.
 ノード1における各デバイスは、1つの筐体に内包されない場合がある。ノード1における各デバイスの少なくとも一部(例として、検出デバイス17。)は、ノード1から独立した電源を有し、ノード1本体と相互通信可能であってよい。 Each device in node 1 may not be included in one housing. At least a part of each device in the node 1 (for example, the detection device 17) may have a power supply independent of the node 1 and may be able to communicate with the node 1 main body.
 〈機能ブロック〉
 図2に例示されるように、情報処理システム0は、ノード1を有する。ノード1は、ブロックチェーンネットワーク2を構成し、ブロックチェーン20の格納先である。なお、ブロックチェーンネットワーク2におけるノード1の数量は2以上である。 <Functional block>
As illustrated in FIG. 2, the information processing system 0 has a node 1. The node 1 constitutes the blockchain network 2 and is a storage destination of the blockchain 20. The number of nodes 1 in the blockchain network 2 is 2 or more.
 〈ノード1〉
 ノード1は、好ましくは、分散手段101(分散ステップに相当。)と、復元手段102(復元ステップに相当。)と、を有する。また、ノード1は、認証手段103(認証ステップに相当。)をさらに有してよい。なお、ノード1は、データ110の秘密分散をブロックチェーン20内外、又は、ブロックチェーンネットワーク2内外に亘って行う手段(ステップ)を有する、と把握することができる。 <Node 1>
Node 1 preferably has distribution means 101 (corresponding to the distribution step) and restoration means 102 (corresponding to the restoration step). Further, the node 1 may further have an authentication means 103 (corresponding to an authentication step). It can be understood that the node 1 has means (steps) for performing secret sharing of the data 110 inside and outside the blockchain 20 or inside and outside the blockchain network 2.
 〈分散手段101〉
 分散手段101は、ノード1が有するデータ110を構成する複数のシェア111の生成と、ブロックチェーンネットワーク2に格納されるブロックチェーン20における最新の未決定ブロック21への一部のシェア111の格納と、に基づく秘密分散を行う。 <Dispersion means 101>
The distribution means 101 generates a plurality of shares 111 constituting the data 110 possessed by the node 1, and stores a part of the shares 111 in the latest undetermined block 21 in the blockchain 20 stored in the blockchain network 2. Perform secret sharing based on.
 図3に例示されるように、分散手段101は、ブロックチェーン20外への残りのシェア111の格納にさらに基づく秘密分散を行ってよい。また、図4に例示されるように、分散手段101は、ブロックチェーンネットワーク2外への残りのシェア111の格納にさらに基づく秘密分散を行ってよい。 As illustrated in FIG. 3, the distribution means 101 may perform secret sharing based on the storage of the remaining share 111 outside the blockchain 20. Further, as illustrated in FIG. 4, the distribution means 101 may perform secret sharing based on the storage of the remaining share 111 outside the blockchain network 2.
 本発明の一実施形態における秘密分散において、データ110は秘密情報Sに相当する。図5に例示されるように、データ110は、ノード1が有する秘密鍵であり、その種別に制限はない。なお、当該秘密鍵のbit数に制限はない。ノード1の一手段は、例として、ブロックチェーン20上の未決定ブロック21に格納されるトランザクションと、当該秘密鍵と、に基づき電子署名を生成する。当該電子署名における平文は、当該トランザクション又は当該トランザクションのハッシュ値である。 In the secret sharing according to the embodiment of the present invention, the data 110 corresponds to the secret information S. As illustrated in FIG. 5, the data 110 is a private key possessed by the node 1, and there is no limitation on its type. There is no limit to the number of bits of the private key. As an example, one means of node 1 generates a digital signature based on a transaction stored in an undetermined block 21 on the blockchain 20 and the private key. The plaintext in the digital signature is the transaction or the hash value of the transaction.
 本明細書中の説明における「ブロックチェーンネットワーク2に格納されるブロックチェーン20」とは、ブロックチェーンネットワーク2を構成する複数のノード1に格納されるブロックチェーン20に相当する。 The "blockchain 20 stored in the blockchain network 2" in the description in the present specification corresponds to the blockchain 20 stored in a plurality of nodes 1 constituting the blockchain network 2.
 本明細書中の説明における「未決定ブロック21への一部のシェア111の格納」とは、例えば、一部のシェア111をトランザクションとして未決定ブロック21に格納することを指す。当該トランザクションは、例として、シェア111により構成される秘密情報Sであるノード1の秘密鍵により電子署名が生成される。 "Storing a part of the shares 111 in the undecided block 21" in the description in this specification means, for example, storing a part of the shares 111 as a transaction in the undecided block 21. For the transaction, as an example, an electronic signature is generated by the private key of the node 1 which is the secret information S configured by the share 111.
 〈復元手段102〉
 復元手段102は、好ましくは、少なくともブロックチェーン20からの一部のシェア111の取得を行い、一部のシェア111に少なくとも基づきデータ110を復元する。復元手段102は、ブロックチェーン20外から残りのシェア111の取得をさらに行ってよい。復元手段102は、ブロックチェーンネットワーク2外から残りのシェア111の取得をさらに行ってよい。 <Restoration means 102>
The restoring means 102 preferably acquires at least a part of the share 111 from the blockchain 20 and restores the data 110 based on at least a part of the share 111. The restoration means 102 may further acquire the remaining share 111 from outside the blockchain 20. The restoration means 102 may further acquire the remaining share 111 from outside the blockchain network 2.
 本明細書中の説明における「ブロックチェーン20からの一部のシェア111の取得」とは、例として、復元手段102が、ブロックに格納されるトランザクションとしてのシェア111と対応する電子署名と、ノード1と対応する公開鍵と、に基づき、ブロックチェーン20上の当該一部のシェア111の特定をした上で行う、と把握することができる。このとき、「ノード1と対応する公開鍵」とは、例として、シェア111により構成される秘密情報Sである秘密鍵と対応する公開鍵である。 In the description of the present specification, "acquisition of a part of the share 111 from the blockchain 20" means, for example, that the restoration means 102 has an electronic signature corresponding to the share 111 as a transaction stored in the block, and a node. It can be understood that the transaction is performed after specifying the partial share 111 on the blockchain 20 based on the public key corresponding to 1. At this time, the "public key corresponding to the node 1" is, for example, a public key corresponding to the private key which is the secret information S configured by the share 111.
 本明細書中の説明における「ブロックチェーン20外」とは、ブロックチェーン20におけるブロックの何れかが各種データの格納先ではないことを指す。このとき、ノード1のローカルストレージ1lsやノード1と独立に稼働しない外部ストレージの内、当該何れかと対応しない領域は、ブロックチェーン20外に相当する。なお、「ノード1と独立に稼働しない外部ストレージ」とは、例として、ノード1と物理インタフェースを介して接続されるフラッシュメモリ等の不揮発性メモリを指す。 "Outside the blockchain 20" in the description in this specification means that any of the blocks in the blockchain 20 is not a storage destination of various data. At this time, among the local storage 1ls of the node 1 and the external storage that does not operate independently of the node 1, the area that does not correspond to any of them corresponds to the outside of the blockchain 20. The “external storage that does not operate independently of the node 1” refers to, for example, a non-volatile memory such as a flash memory connected to the node 1 via a physical interface.
 本明細書中の説明における「ブロックチェーンネットワーク2外」とは、ブロックチェーンネットワーク2を構成するノード1のローカルストレージ1lsが各種データの格納先ではないことを指す。このとき、ノード1とは独立に稼働する外部ストレージにおける領域は、ブロックチェーンネットワーク2外に相当する。なお、「ノード1とは独立に稼働する外部ストレージ」は、例として、クラウドストレージ1csである。 "Outside the blockchain network 2" in the description in this specification means that the local storage 1ls of the node 1 constituting the blockchain network 2 is not a storage destination of various data. At this time, the area in the external storage that operates independently of the node 1 corresponds to the outside of the blockchain network 2. The "external storage that operates independently of the node 1" is, for example, cloud storage 1cs.
 本発明の一実施形態における秘密分散とは、既知の手法に基づく秘密分散である。当該秘密分散は、例として、秘密情報Sをn個のシェア111(分散情報に相当。)に分割する。秘密情報Sは、n個のシェア111の少なくとも一部に基づき復元され得る。 The secret sharing in one embodiment of the present invention is a secret sharing based on a known method. As an example, the secret sharing divides the secret information S into n shares 111 (corresponding to the distributed information). Confidential information S can be restored based on at least a portion of n shares 111.
 本発明の一実施形態においてシェア111(分散情報)の数量は、例として、n=3である。このとき、秘密情報Sの復元は、ブロックチェーン20上の未決定ブロック21に格納されたシェア111に少なくとも基づき行われる構成であってよい。 In one embodiment of the present invention, the quantity of share 111 (dispersion information) is, for example, n = 3. At this time, the restoration of the secret information S may be performed at least based on the share 111 stored in the undecided block 21 on the blockchain 20.
 本発明の一実施形態における秘密分散の方式は、例として、シャミア秘密分散、ランプ-シャミア秘密分散、加法的秘密分散(Additive Secret Sharing)、複製型加法的秘密分散(Replicated Additive Secret Sharing)及び計算型加法的秘密分散(Computational Additive Secret Sharing)等であり、その種別に制限はない。 The secret sharing method in one embodiment of the present invention includes, for example, Shamir secret sharing, Lamp-Shamir secret sharing, Adaptive Secret Sharing, Repeated Adaptive Secret Sharing, and calculation. Type additive secret sharing (Computational Adaptive Secret Sharing), etc., and there are no restrictions on the type.
 なお、本発明の一実施形態における複数のシェア111のそれぞれの格納先は、未決定ブロック21・ローカルストレージ1ls・クラウドストレージ1csであってよく、未決定ブロック21・ローカルストレージ1lsであってよく、未決定ブロック21・クラウドストレージ1csであってよい。 The storage destinations of the plurality of shares 111 in one embodiment of the present invention may be the undecided block 21, the local storage 1 ls, and the cloud storage 1 cs, and may be the undecided block 21 and the local storage 1 ls. It may be undecided block 21 and cloud storage 1cs.
 〈認証手段103〉
 認証手段103は、センシング処理を行うことでノード1の操作者の特徴データ112を取得し、ノード1が有するテンプレート113及び特徴データ112を照合する認証処理を行ってよい。分散手段101は、当該認証処理の結果が正を示す場合、未決定ブロック21への一部のシェア111の格納を行う。復元手段102は、当該認証処理の結果が正を示す場合、ブロックチェーン20からの一部のシェア111の取得を行う。 <Authentication means 103>
The authentication means 103 may perform an authentication process of acquiring the feature data 112 of the operator of the node 1 by performing a sensing process and collating the template 113 and the feature data 112 of the node 1. When the result of the authentication process is positive, the distribution means 101 stores a part of the shares 111 in the undecided block 21. When the result of the authentication process is positive, the restoration means 102 acquires a part of the share 111 from the blockchain 20.
 本発明の一実施形態における特徴データ112とは、上記操作者の顔画像データ・指紋データ・掌形データ・網膜データ・声紋データ・虹彩データ・筆跡データ・歩行データ・静脈データ等を含む生体データに基づく。このとき、上記センシング処理は、特徴データ112・生体データの種別に応じて最適な手法を採用する、と把握することができる。 The feature data 112 in one embodiment of the present invention is biological data including the operator's face image data, fingerprint data, palm shape data, retinal data, voice print data, iris data, handwriting data, walking data, vein data, and the like. based on. At this time, it can be understood that the sensing process adopts the optimum method according to the type of feature data 112 / biometric data.
 認証手段103は、特徴データ112及びテンプレート113のそれぞれを示すN次元ベクトルデータに基づき類似度を決定する。当該類似度が所定の条件を満たす場合、認証処理の結果は正を示す(認証処理が成功する。)。当該類似度は、例として、当該N次元ベクトルデータが示すユークリッド距離又はコサイン類似度に基づき、決定される。 The authentication means 103 determines the similarity based on the N-dimensional vector data indicating each of the feature data 112 and the template 113. If the similarity satisfies a predetermined condition, the result of the authentication process is positive (the authentication process succeeds). The similarity is determined, for example, based on the Euclidean distance or cosine similarity indicated by the N-dimensional vector data.
 本発明の一実施形態におけるテンプレート113は、ノード1のローカルストレージ1lsに格納されていてよく、ブロックチェーン20上のブロックに格納されてよい。テンプレート113は、例として、ノード1の公開鍵と対応する。「ノード1の公開鍵」とは、例として、秘密情報Sである秘密鍵と対応する公開鍵である。このとき、テンプレート113の格納・更新・変更は、ノード1が有する一手段により実現される。 The template 113 in one embodiment of the present invention may be stored in the local storage 1ls of the node 1 and may be stored in the block on the blockchain 20. Template 113 corresponds to the public key of node 1 as an example. The "public key of the node 1" is, for example, a public key corresponding to the private key which is the secret information S. At this time, the storage / update / change of the template 113 is realized by one means possessed by the node 1.
 このとき、テンプレート113に少なくとも基づく認証処理の結果が正を示す場合、認証手段103は、テンプレート113と対応する公開鍵をノード1に対して返却してよい。当該公開鍵は、ブロックチェーン20上のブロックに格納されたシェア111の特定の用に供される。 At this time, if the result of the authentication process based on the template 113 is at least positive, the authentication means 103 may return the public key corresponding to the template 113 to the node 1. The public key is used for the specific use of the share 111 stored in the block on the blockchain 20.
 特徴データ112のベクトルデータの次元数は、好ましくは4096以上であり、より好ましくは2048以上であり、より好ましくは1024以上であり、より好ましくは512以上であり、より好ましくは256以上であり、より好ましくは128以上である。 The number of dimensions of the vector data of the feature data 112 is preferably 4096 or more, more preferably 2048 or more, more preferably 1024 or more, more preferably 512 or more, and more preferably 256 or more. More preferably, it is 128 or more.
 特徴データ112は、検出デバイス17により取得された検出データに対する特徴抽出を経て決定される。認証手段103は、例として、主成分分析モデルによる固有ベクトルの計算処理と、畳み込みニューラルネットワークモデル等の深層学習モデルによる学習及び推論処理と、サポートベクターマシン等の決定木モデルによる学習及び分類処理と、勾配方向ヒストグラムによる抽出処理と、を含むアルゴリズムの何れかが採用される。 The feature data 112 is determined through feature extraction for the detection data acquired by the detection device 17. The authentication means 103 includes, for example, calculation processing of an eigenvector by a principal component analysis model, learning and inference processing by a deep learning model such as a convolutional neural network model, learning and classification processing by a decision tree model such as a support vector machine, and so on. One of the algorithms including the extraction process by the gradient direction histogram and the one including is adopted.
 〈ブロックチェーンネットワーク2〉
 ブロックチェーンネットワーク2は、プライベートネットワークにおいて相互接続される複数のノード1により構成される。当該複数のノード1は、ブロックチェーン20の少なくとも一部(少なくとも最新の未決定ブロック21)を有する。上記プライベートネットワークは、例として、イベント会場内部等の「その場」を指すオンサイトにおけるプライベートネットワークであるオンサイトネットワークである。 <Blockchain network 2>
The blockchain network 2 is composed of a plurality of nodes 1 interconnected in a private network. The plurality of nodes 1 have at least a part of the blockchain 20 (at least the latest undecided block 21). The private network is, for example, an on-site network that is an on-site private network that points to "the place" such as inside an event venue.
 〈ブロックチェーン20〉
 ブロックチェーン20は、公知技術を採用し得る。また、ブロックチェーン20の一態様は、例えば、特許第6650157号に記載の事項(各種チェーン)を採用し得る。なお、本発明の一実施形態は、特許第6650157号に記載の事項を採用し得る。 <Blockchain 20>
The blockchain 20 may employ a known technique. Further, as one aspect of the blockchain 20, for example, the matters (various chains) described in Japanese Patent No. 6650157 can be adopted. In one embodiment of the present invention, the matters described in Japanese Patent No. 6650157 may be adopted.
 なお、ノード1は、ブロックチェーン20における未決定ブロック21のハッシュ化によるハッシュ値の生成を含むファイナライズを行う手段を有する。また、ノード1は、当該ファイナライズ後にブロックチェーン20における新たな未決定ブロック21を生成し、当該新たな未決定ブロック21に当該ハッシュ値を追加する手段を有する。なお、ブロックチェーン20におけるブロックは、当該ブロックに格納される電子署名と対応するトランザクションを適宜、有する。 Note that the node 1 has a means for finalizing including the generation of a hash value by hashing the undecided block 21 in the blockchain 20. Further, the node 1 has a means for generating a new undecided block 21 in the blockchain 20 after the finalization and adding the hash value to the new undecided block 21. The block in the blockchain 20 appropriately has a transaction corresponding to the electronic signature stored in the block.
 本発明の一実施形態におけるシェア111は、インデックスと紐付けられ検索可能である、と把握することができる。当該シェア111に基づき復元された情報は、秘密情報S(例として、ノード1が有する秘密鍵に相当。)と対応する公開鍵に基づき秘密情報Sであるか否かを判定(当該情報が正か否かを判定。)する。 It can be understood that the share 111 in one embodiment of the present invention is associated with the index and can be searched. It is determined whether or not the information restored based on the share 111 is the secret information S based on the secret information S (for example, corresponding to the private key possessed by the node 1) and the corresponding public key (the information is correct). Judge whether or not.)
 本発明によれば、オフライン環境上で更新されるようなブロックチェーンネットワーク2におけるデータ110(秘密情報S)のバックアップを含む情報処理を、情報理論的安全性に基づきセキュアに実現することができる。 According to the present invention, information processing including backup of data 110 (confidential information S) in the blockchain network 2 that is updated in an offline environment can be securely realized based on information-theoretic security.
 〈機能ブロック〉
 図6に例示されるように、情報処理システム0は、ブロックチェーンネットワーク2を構成するノード1と、ブロックチェーンネットワーク2外のクライアント3と、前記ブロックチェーンネットワーク2外のサーバ4と、を含む。ノード1は、ブロックチェーンネットワーク2を構成し、ブロックチェーン20の格納先である。なお、ブロックチェーンネットワーク2におけるノード1の数量は2以上である。 <Functional block>
As illustrated in FIG. 6, the information processing system 0 includes a node 1 constituting the blockchain network 2, a client 3 outside the blockchain network 2, and a server 4 outside the blockchain network 2. The node 1 constitutes the blockchain network 2 and is a storage destination of the blockchain 20. The number of nodes 1 in the blockchain network 2 is 2 or more.
 〈ノード1〉
 ノード1は、秘匿手段104(秘匿ステップに相当。)を有する。 <Node 1>
Node 1 has a concealment means 104 (corresponding to a concealment step).
 秘匿手段104は、ブロックチェーンネットワーク2に格納されるブロックチェーン20における少なくとも1つのブロックと対応するスナップショット20sに対し準同型暗号に基づく暗号化を行い暗号化されたスナップショット20seを生成しスナップショット20seをサーバ4に送信しサーバ4に格納させる。 The concealment means 104 encrypts the snapshot 20s corresponding to at least one block in the blockchain 20 stored in the blockchain network 2 based on homomorphic encryption, and generates an encrypted snapshot 20se to generate a snapshot. 20se is transmitted to the server 4 and stored in the server 4.
 本明細書中の説明における「ブロックチェーン20における少なくとも1つのブロック」とは、少なくとも最新の未決定ブロック21を含むブロック群を指してよく、既にファイナライズされた所定のブロックを含むブロック群を指してよい。 As used herein, the term "at least one block in the blockchain 20" may refer to a block group containing at least the latest undetermined block 21, and may refer to a block group containing a predetermined block that has already been finalized. good.
 なお、秘匿手段104によるスナップショット20seの生成及びサーバ4への送信は、リアルタイムに行われ得る。 Note that the snapshot 20se can be generated by the concealment means 104 and transmitted to the server 4 in real time.
 なお、秘匿手段104は、ブロックチェーン20に係る暗号化データ(スナップショット20seを含む。)の生成に際して、ブロックチェーン20におけるユーザ定義スキーマに基づき、項目名等を適宜、定義するような構成としてよい。 The concealment means 104 may be configured to appropriately define the item name and the like based on the user-defined schema in the blockchain 20 when generating the encrypted data (including the snapshot 20se) related to the blockchain 20. ..
 本発明の一実施形態における準同型暗号は、somewhat準同型暗号であってよい。また、当該準同型暗号は、レベル2準同型暗号(L2準同型暗号)であってよい。また、当該準同型暗号は、完全準同型暗号であってよい。なお、当該準同型暗号は、好ましくは、加法計算に加えて乗法計算を可能とするような既知の準同型暗号を指す。 The homomorphic encryption in one embodiment of the present invention may be somehat homomorphic encryption. Further, the homomorphic encryption may be a level 2 homomorphic encryption (L2 homomorphic encryption). Further, the homomorphic encryption may be a fully homomorphic encryption. The homomorphic encryption preferably refers to a known homomorphic encryption that enables multiplication calculation in addition to addition calculation.
 本発明の一実施形態における秘密計算は、例として、秘匿検索である。本発明の一実施形態における秘密計算の種別に制限はなく、秘密分散に基づく構成であってもよい。 The secret calculation in one embodiment of the present invention is, for example, a secret search. There is no limitation on the type of secret calculation in one embodiment of the present invention, and the configuration may be based on secret sharing.
 〈ブロックチェーンネットワーク2〉
 ブロックチェーンネットワーク2は、プライベートネットワークにおいて相互接続される複数のノード1により構成される。当該複数のノード1は、ブロックチェーン20の少なくとも一部(少なくとも最新の未決定ブロック21)を有する。上記プライベートネットワークは、例として、イベント会場内部等の「その場」を指すオンサイトにおけるプライベートネットワークであるオンサイトネットワークである。 <Blockchain network 2>
The blockchain network 2 is composed of a plurality of nodes 1 interconnected in a private network. The plurality of nodes 1 have at least a part of the blockchain 20 (at least the latest undecided block 21). The private network is, for example, an on-site network that is an on-site private network that points to "the place" such as inside an event venue.
 〈ブロックチェーン20〉
 ブロックチェーン20は、公知技術を採用し得る。また、ブロックチェーン20の一態様は、例えば、特許第6650157号に記載の事項(各種チェーン)を採用し得る。なお、本発明の一実施形態は、特許第6650157号に記載の事項を採用し得る。 <Blockchain 20>
The blockchain 20 may employ a known technique. Further, as one aspect of the blockchain 20, for example, the matters (various chains) described in Japanese Patent No. 6650157 can be adopted. In one embodiment of the present invention, the matters described in Japanese Patent No. 6650157 may be adopted.
 なお、ノード1は、ブロックチェーン20における未決定ブロック21のハッシュ化によるハッシュ値の生成を含むファイナライズを行う手段を有する。また、ノード1は、当該ファイナライズ後にブロックチェーン20における新たな未決定ブロック21を生成し、当該新たな未決定ブロック21に当該ハッシュ値を追加する手段を有する。なお、ブロックチェーン20におけるブロックは、当該ブロックに格納される電子署名と対応するトランザクションを適宜、有する。 Note that the node 1 has a means for finalizing including the generation of a hash value by hashing the undecided block 21 in the blockchain 20. Further, the node 1 has a means for generating a new undecided block 21 in the blockchain 20 after the finalization and adding the hash value to the new undecided block 21. The block in the blockchain 20 appropriately has a transaction corresponding to the electronic signature stored in the block.
 本発明の一実施形態におけるブロックチェーン20は、ノード1及びクライアント3間のトランザクションを含むブロックを有する、と把握することができる。 It can be understood that the blockchain 20 in one embodiment of the present invention has a block including a transaction between the node 1 and the client 3.
 〈クライアント3〉
 クライアント3は、既知のコンピュータである。また、クライアント3は、スマートフォン・ラップトップ・ワークステーション等の既知のコンピュータの態様をとる。なお、クライアント3は、ノード1の同様のハードウェア構成をとってよい。 <Client 3>
Client 3 is a known computer. The client 3 also takes the form of a known computer such as a smartphone, laptop, workstation or the like. The client 3 may have the same hardware configuration as that of the node 1.
 クライアント3は、要求手段301(要求ステップに相当。)を有する。クライアント3が有する各デバイスは、要求手段301を含む手段の実現に適宜、供される。 Client 3 has request means 301 (corresponding to a request step). Each device possessed by the client 3 is appropriately provided to realize the means including the requesting means 301.
 要求手段301は、ブロックチェーン20におけるブロックに格納されるトランザクションに基づくリクエスト310を決定し、リクエスト310をサーバ4に送信する。また、要求手段301は、ノード1及びクライアント3間のトランザクションに基づくリクエスト310を決定する、と把握することができる。リクエスト310は、リクエスト識別子・タイムスタンプ・取引内容を適宜、含む構成であってよい。 The request means 301 determines the request 310 based on the transaction stored in the block in the blockchain 20, and transmits the request 310 to the server 4. Further, it can be understood that the request means 301 determines the request 310 based on the transaction between the node 1 and the client 3. The request 310 may have a configuration that appropriately includes a request identifier, a time stamp, and transaction details.
 本明細書中の説明における「ブロックチェーン20におけるブロックに格納されるトランザクションに基づくリクエスト310」とは、当該トランザクションの内容、及び/又は、当該トランザクションに基づく計算結果に係る情報公開を求めるリクエストを指す。 In the description of the present specification, the "request 310 based on a transaction stored in a block in the blockchain 20" refers to a request for information disclosure relating to the content of the transaction and / or the calculation result based on the transaction. ..
 〈サーバ4〉
 サーバ4は、既知のコンピュータである。また、サーバ4は、スマートフォン・ラップトップ・ワークステーション等の既知のコンピュータの態様をとる。なお、サーバ4は、ノード1の同様のハードウェア構成をとってよい。 <Server 4>
The server 4 is a known computer. The server 4 also takes the form of a known computer such as a smartphone, laptop, or workstation. The server 4 may have the same hardware configuration as that of the node 1.
 サーバ4は、計算手段401(計算ステップに相当。)を有する。サーバ4が有する各デバイスは、計算手段401を含む手段の実現に適宜、供される。 The server 4 has a calculation means 401 (corresponding to a calculation step). Each device included in the server 4 is appropriately provided for realizing means including the calculation means 401.
 サーバ4は、ブロックチェーン20における少なくとも一部のブロックのスナップショット20seに基づく秘密計算を行う手段(ステップに相当。)を有する、と把握することができる。 It can be understood that the server 4 has a means (corresponding to a step) for performing a secret calculation based on the snapshot 20se of at least a part of the blocks in the blockchain 20.
 計算手段401は、リクエスト310の受信を転機として、スナップショット20seに基づく秘密計算を行い、当該秘密計算の結果に基づきリクエスト310と対応するレスポンス410を決定し、レスポンス410をクライアント3に返却する。 The calculation means 401 performs a secret calculation based on the snapshot 20se with the reception of the request 310 as a turning point, determines the response 410 corresponding to the request 310 based on the result of the secret calculation, and returns the response 410 to the client 3.
 〈秘密計算(実施例1)〉
 図7に例示されるように、本発明の一実施形態における秘密計算を含む情報処理は、ノード1(ブロックチェーンネットワーク2における少なくとも一部のノード1)・クライアント3・サーバ4間において、以下のように実行される、と把握することができる。 <Secret calculation (Example 1)>
As illustrated in FIG. 7, the information processing including the secret calculation in one embodiment of the present invention is performed between the node 1 (at least a part of the nodes 1 in the blockchain network 2), the client 3, and the server 4 as follows. It can be understood that it is executed like this.
 先ず、ブロックチェーン20が更新されている場合、秘匿手段104は、ブロックチェーン20に基づきブロックチェーン20のスナップショット20sを取得する。その後、秘匿手段104は、上記準同型暗号に基づきスナップショット20sを暗号化することでスナップショット20seを生成し、スナップショット20seをサーバ4に送信する。なお、「ブロックチェーン20が更新されている場合」とは、ブロックチェーン20において新たな未決定ブロック21が生成されている場合や、最新の未決定ブロック21に新たなトランザクションが格納されノード1間でブロードキャストされている場合を指す。 First, when the blockchain 20 is updated, the concealment means 104 acquires a snapshot 20s of the blockchain 20 based on the blockchain 20. After that, the concealment means 104 generates the snapshot 20se by encrypting the snapshot 20s based on the homomorphic encryption, and transmits the snapshot 20se to the server 4. In addition, "when the blockchain 20 is updated" means that a new undecided block 21 is generated in the blockchain 20, or a new transaction is stored in the latest undecided block 21 between the nodes 1. Refers to the case where it is broadcast on.
 次に、サーバ4は、サーバ4が有する秘密鍵413と対応する公開鍵411を、ノード1及び/又はクライアント3に送信する。ノード1がサーバ4から公開鍵411を受信した場合、ノード1は、クライアント3に対して公開鍵411を送信する。 Next, the server 4 transmits the public key 411 corresponding to the private key 413 possessed by the server 4 to the node 1 and / or the client 3. When the node 1 receives the public key 411 from the server 4, the node 1 transmits the public key 411 to the client 3.
 次に、要求手段301は、リクエスト310を、ノード1及び/又はサーバ4に送信する。ノード1がクライアント3からリクエスト310を受信した場合、ノード1は、サーバ4に対してリクエスト310を送信する。 Next, the request means 301 transmits the request 310 to the node 1 and / or the server 4. When the node 1 receives the request 310 from the client 3, the node 1 sends the request 310 to the server 4.
 実施例1におけるリクエスト310は、例として、ブロックチェーン20におけるブロックに格納されるトランザクションに基づき計算可能な与信残高に係るリクエスト全般である。当該リクエスト全般は、例として、与信残高と、上記取引内容に相当する所定値との比較である。当該所定値は、例として、決済金額である。また、当該リクエスト全般は、例として、特徴データとテンプレートとのユークリッド距離等の類似度の決定である。 The request 310 in the first embodiment is, for example, a general request relating to a credit balance that can be calculated based on a transaction stored in a block in the blockchain 20. The request in general is, for example, a comparison between the credit balance and a predetermined value corresponding to the transaction content. The predetermined value is, for example, a settlement amount. Further, the request in general is, for example, determination of the degree of similarity between the feature data and the template, such as the Euclidean distance.
 次に、計算手段401は、秘匿手段104により送信されたスナップショット20seと、要求手段301により送信されたリクエスト310と、に基づき秘密計算を行う。計算手段401は、当該秘密計算の結果に基づき要求手段301により送信されたリクエスト310と対応するレスポンス410を決定し、当該リクエスト310と対応するクライアント3にレスポンス410を返却する。 Next, the calculation means 401 performs a secret calculation based on the snapshot 20se transmitted by the concealment means 104 and the request 310 transmitted by the request means 301. The calculation means 401 determines the response 410 corresponding to the request 310 transmitted by the request means 301 based on the result of the secret calculation, and returns the response 410 to the client 3 corresponding to the request 310.
 このとき、レスポンス410は、例として、上記取引内容と対応する取引可否を示す2値データであってよい。また、このとき、計算手段401は、秘密鍵413に基づきレスポンス410を平文とする電子署名412を生成してよい。計算手段401は、当該レスポンス410と対応するリクエスト310の少なくとも一部をさらに平文としてよい。 At this time, the response 410 may be, for example, binary data indicating whether or not the transaction is possible, which corresponds to the above transaction content. Further, at this time, the calculation means 401 may generate an electronic signature 412 in which the response 410 is in plain text based on the private key 413. The calculation means 401 may further make at least a part of the request 310 corresponding to the response 410 in plain text.
 なお、計算手段401に代わって、ノード1が計算手段401による上記秘密計算の結果に基づきレスポンス410を決定し、クライアント3に当該レスポンス410を返却してもよい。この場合、ノード1は、ノード1が有する秘密鍵に基づき当該レスポンス410を平文とする電子署名を生成する。 Note that, instead of the calculation means 401, the node 1 may determine the response 410 based on the result of the secret calculation by the calculation means 401, and return the response 410 to the client 3. In this case, the node 1 generates an electronic signature in which the response 410 is in plain text based on the private key possessed by the node 1.
 最後に、クライアント3は、サーバ4から送信された公開鍵411に基づき電子署名412の検証を行うことで、当該返却されたレスポンス410の妥当性を確認する。 Finally, the client 3 verifies the electronic signature 412 based on the public key 411 sent from the server 4 to confirm the validity of the returned response 410.
 〈秘密計算(実施例2)〉
 図8に例示されるように、本発明の一実施形態における秘密計算を含む情報処理は、ノード1(ブロックチェーンネットワーク2における少なくとも一部のノード1)・クライアント3・サーバ4間において、以下のように実行される、と把握することができる。 <Secret calculation (Example 2)>
As illustrated in FIG. 8, the information processing including the secret calculation in one embodiment of the present invention is performed between the node 1 (at least a part of the nodes 1 in the blockchain network 2), the client 3, and the server 4 as follows. It can be understood that it is executed like this.
 先ず、クライアント3は、クライアント3が有する秘密鍵313と対応する公開鍵311と、選択情報312と、ノード1に送信する。当該選択情報312は、例として、選択形式のアンケートの態様をとってよく、選挙における候補者名の態様をとってよい。 First, the client 3 transmits the public key 311 corresponding to the private key 313 possessed by the client 3, the selection information 312, and the node 1. As an example, the selection information 312 may take the form of a selection-type questionnaire, or may take the form of a candidate name in an election.
 次に、ノード1は、選択情報312に基づくトランザクションをブロックチェーン20における最新の未決定ブロック21に格納する。このとき、ノード1は、好ましくは、クライアント3から送信された公開鍵311に基づき当該トランザクションを暗号化した上で、当該未決定ブロック21に当該トランザクションを格納する。 Next, the node 1 stores the transaction based on the selection information 312 in the latest undecided block 21 in the blockchain 20. At this time, the node 1 preferably stores the transaction in the undetermined block 21 after encrypting the transaction based on the public key 311 transmitted from the client 3.
 秘匿手段104は、ブロックチェーン20に基づきブロックチェーン20のスナップショット20sを取得する。その後、秘匿手段104は、上記準同型暗号に基づきスナップショット20sを暗号化することでスナップショット20seを生成し、スナップショット20seをサーバ4に送信する。 The concealment means 104 acquires a snapshot 20s of the blockchain 20 based on the blockchain 20. After that, the concealment means 104 generates the snapshot 20se by encrypting the snapshot 20s based on the homomorphic encryption, and transmits the snapshot 20se to the server 4.
 次に、要求手段301は、選択情報312に基づくトランザクションに基づきリクエスト310を決定し、当該リクエスト310をサーバ4に送信する。当該リクエスト310は、例として、選択情報312に基づき決定可能な統計データ全般である。当該統計データは、例として、獲得票数(被選択数)が最大である上記候補者等の情報を指す。 Next, the request means 301 determines the request 310 based on the transaction based on the selection information 312, and transmits the request 310 to the server 4. The request 310 is, for example, all statistical data that can be determined based on the selection information 312. The statistical data, for example, refers to information on the candidates and the like having the largest number of votes (selected).
 次に、計算手段401は、秘匿手段104により送信されたスナップショット20seと、要求手段301により送信されたリクエスト310と、に基づき秘密計算を行う。 Next, the calculation means 401 performs a secret calculation based on the snapshot 20se transmitted by the concealment means 104 and the request 310 transmitted by the request means 301.
 計算手段401は、当該秘密計算の結果に基づき要求手段301により送信されたリクエスト310と対応するレスポンス410を決定し、当該リクエスト310と対応するクライアント3にレスポンス410を返却する。 The calculation means 401 determines the response 410 corresponding to the request 310 transmitted by the request means 301 based on the result of the secret calculation, and returns the response 410 to the client 3 corresponding to the request 310.
 このとき、レスポンス410は、例として、獲得票数が最大である上記候補者を示す。また、このとき、計算手段401は、秘密鍵413に基づきレスポンス410を平文とする電子署名412を生成してよい。 At this time, the response 410 indicates, for example, the candidate with the largest number of votes. Further, at this time, the calculation means 401 may generate an electronic signature 412 in which the response 410 is in plain text based on the private key 413.
 最後に、クライアント3は、サーバ4から送信された公開鍵411に基づき電子署名412の検証を行うことで、当該返却されたレスポンス410の妥当性を確認し、当該レスポンス410を秘密鍵313に基づき復号化する。 Finally, the client 3 verifies the electronic signature 412 based on the public key 411 transmitted from the server 4, confirms the validity of the returned response 410, and makes the response 410 based on the private key 313. Decrypt.
 なお、実施例1・実施例2を含む本発明の一実施形態における秘密計算は、クライアント3側が電子署名412の検証結果に基づき、当該秘密計算に用いられたトランザクションを生成したノード1を特定可能である。このとき、特定されたノード1に対して、例として、クライアント3からインセンティブを供与するための情報処理が実現され得る。 In the secret calculation in one embodiment of the present invention including the first and second embodiments, the client 3 side can identify the node 1 that generated the transaction used for the secret calculation based on the verification result of the electronic signature 412. Is. At this time, information processing for providing an incentive from the client 3 to the specified node 1 can be realized as an example.
 本発明によれば、ブロックチェーンの少なくとも一部のブロックに基づく秘密計算/準同型暗号を実現することで、ブロックチェーンに基づく情報処理において、改竄耐性と、秘匿性と、を担保することができる。 According to the present invention, by realizing secret calculation / homomorphic encryption based on at least a part of blocks of the blockchain, it is possible to ensure tamper resistance and confidentiality in information processing based on the blockchain. ..
0   :情報処理システム
1   :ノード
2    :ブロックチェーンネットワーク
3    :クライアント
4    :サーバ
1ls :ローカルストレージ
1cs :クラウドストレージ
2   :ブロックチェーンネットワーク
11  :演算デバイス
12  :主記憶デバイス
13  :補助記憶デバイス
14  :入力デバイス
15  :出力デバイス
16  :通信デバイス
17  :検出デバイス
20  :ブロックチェーン
20s  :スナップショット
20se :スナップショット
21  :未決定ブロック
101 :分散手段
102 :復元手段
103 :認証手段
104  :秘匿手段
110 :データ
111 :シェア
112 :特徴データ
113 :テンプレート
301  :要求手段
310  :リクエスト
311  :公開鍵
312  :選択情報
313  :秘密鍵
401  :計算手段
410  :レスポンス
411  :公開鍵
412  :電子署名
413  :秘密鍵
S   :秘密情報

  0: Information processing system 1: Node 2: Blockchain network 3: Client 4: Server 1ls: Local storage 1cs: Cloud storage 2: Blockchain network 11: Computational device 12: Main storage device 13: Auxiliary storage device 14: Input device 15: Output device 16: Communication device 17: Detection device 20: Blockchain 20s: Snapshot 20se: Snapshot 21: Undecided block 101: Distribution means 102: Restoration means 103: Authentication means 104: Concealment means 110: Data 111: Share 112: Feature data 113: Template 301: Request means 310: Request 311: Public key 312: Selection information 313: Private key 401: Calculation means 410: Response 411: Public key 412: Electronic signature 413: Private key S: Secret information

Claims (20)

  1.  ブロックチェーンネットワークを構成するノードを含む情報処理システムであって、
     前記ノードは、分散手段と、復元手段と、を有し、
     前記分散手段は、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、
     前記復元手段は、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する情報処理システム。     An information processing system that includes the nodes that make up a blockchain network.
    The node has a decentralizing means and a restoring means.
    The distribution means is at least based on the generation of a plurality of shares constituting the data held by the node and the storage of some of the shares in the latest undetermined block in the blockchain stored in the blockchain network. Secret sharing,
    The restoration means is an information processing system that acquires at least a part of the share from the blockchain and restores the data based on at least a part of the share.
  2.  前記分散手段は、前記ブロックチェーン外への残りの前記シェアの格納にさらに基づく前記秘密分散を行い、前記復元手段は、前記ブロックチェーン外からの残りの前記シェアの取得をさらに行う
     請求項1に記載の情報処理システム。     The distribution means further performs the secret sharing based on the storage of the remaining share outside the blockchain, and the restoration means further acquires the remaining share from outside the blockchain. The information processing system described.
  3.  前記分散手段は、前記ブロックチェーンネットワーク外への残りの前記シェアの格納にさらに基づく前記秘密分散を行い、前記復元手段は、前記ブロックチェーンネットワーク外からの残りの前記シェアの取得をさらに行う
     請求項1又は2に記載の情報処理システム。     The distribution means further performs the secret sharing based on the storage of the remaining share outside the blockchain network, and the restoration means further acquires the remaining share from outside the blockchain network. The information processing system according to 1 or 2.
  4.  前記ノードは、認証手段をさらに有し、
     前記認証手段は、センシング処理を行うことで前記ノードの操作者の特徴データを取得し、前記ノードが有するテンプレート及び前記特徴データを照合する認証処理を行い、
     前記分散手段は、前記認証処理の結果が正を示す場合、前記未決定ブロックへの一部の前記シェアの格納を行い、
     前記復元手段は、前記認証処理の結果が正を示す場合、前記ブロックチェーンからの一部の前記シェアの取得を行う
     請求項1~3の何れかに記載の情報処理システム。     The node further has an authentication means
    The authentication means acquires the feature data of the operator of the node by performing a sensing process, and performs an authentication process for collating the template possessed by the node and the feature data.
    When the result of the authentication process is positive, the decentralizing means stores a part of the share in the undecided block.
    The information processing system according to any one of claims 1 to 3, wherein the restoration means acquires a part of the share from the blockchain when the result of the authentication process is positive.
  5.  前記特徴データは、顔画像データに基づく請求項4に記載の情報処理システム。 The information processing system according to claim 4, wherein the feature data is based on face image data.
  6.  ブロックチェーンネットワークを構成するノードに、分散ステップと、復元ステップと、を実行させる情報処理方法であって、
     前記分散ステップは、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、
     前記復元ステップは、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する情報処理方法。     It is an information processing method that causes the nodes that make up the blockchain network to execute the distribution step and the restoration step.
    The distribution step is at least based on the generation of a plurality of shares constituting the data held by the node and the storage of some of the shares in the latest undetermined block in the blockchain stored in the blockchain network. Secret sharing,
    The restoration step is an information processing method that acquires at least a part of the share from the blockchain and restores the data based on at least a part of the share.
  7.  コンピュータを、ブロックチェーンネットワークを構成するノードとして機能させる情報処理プログラムであって、前記ノードは、分散手段と、復元手段と、を有し、
     前記分散手段は、前記ノードが有するデータを構成する複数のシェアの生成と、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける最新の未決定ブロックへの一部の前記シェアの格納と、に少なくとも基づく秘密分散を行い、
     前記復元手段は、少なくとも前記ブロックチェーンからの一部の前記シェアの取得を行い、一部の前記シェアに少なくとも基づき前記データを復元する情報処理プログラム。     An information processing program that causes a computer to function as a node constituting a blockchain network, the node having a distribution means and a restoration means.
    The distribution means is at least based on the generation of a plurality of shares constituting the data held by the node and the storage of some of the shares in the latest undetermined block in the blockchain stored in the blockchain network. Secret sharing,
    The restoration means is an information processing program that acquires at least a part of the share from the blockchain and restores the data based on at least a part of the share.
  8.  データの秘密分散をブロックチェーン内外に亘り行う手段を有する秘密分散システム。 A secret sharing system that has a means to share data secretly inside and outside the blockchain.
  9.  データの秘密分散をブロックチェーン内外に亘り行うステップを、コンピュータに実行させる秘密分散方法。 A secret sharing method that allows a computer to perform the steps of performing data secret sharing both inside and outside the blockchain.
  10.  コンピュータを、データの秘密分散をブロックチェーン内外に亘り行う手段として機能させる秘密分散プログラム。 A secret sharing program that allows a computer to function as a means of secret sharing data both inside and outside the blockchain.
  11.  ブロックチェーンネットワークを構成するノードと、前記ブロックチェーンネットワーク外のクライアントと、前記ブロックチェーンネットワーク外のサーバと、を含む情報処理システムであって、
     前記ノードは、秘匿手段を有し、
     前記クライアントは、要求手段を有し、
     前記サーバは、計算手段を有し、
     前記秘匿手段は、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、
     前記要求手段は、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、
     前記計算手段は、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する
     情報処理システム。     An information processing system including nodes constituting the blockchain network, clients outside the blockchain network, and servers outside the blockchain network.
    The node has a concealment means
    The client has a requesting means
    The server has a calculation means and
    The concealment means encrypts a snapshot corresponding to at least one block in the blockchain stored in the blockchain network based on homomorphic encryption, and then stores the snapshot in the server.
    The request means determines a request based on a transaction stored in the block in the blockchain, sends the request to the server, and receives the request.
    With the reception of the request as a turning point, the calculation means performs a secret calculation based on the encrypted snapshot, determines a response corresponding to the request based on the result of the secret calculation, and obtains the response. An information processing system that returns to the client.
  12.  前記準同型暗号は、somewhat準同型暗号である
     請求項11に記載の情報処理システム。     The information processing system according to claim 11, wherein the homomorphic encryption is a somehat homomorphic encryption.
  13.  前記準同型暗号は、レベル2準同型暗号である請求項11に記載の情報処理システム。 The information processing system according to claim 11, wherein the homomorphic encryption is a level 2 homomorphic encryption.
  14.  前記準同型暗号は、完全準同型暗号である請求項11に記載の情報処理システム。 The information processing system according to claim 11, wherein the homomorphic encryption is a completely homomorphic encryption.
  15.  前記秘密計算は、秘匿検索である請求項11~14の何れかに記載の情報処理システム。 The information processing system according to any one of claims 11 to 14, wherein the secret calculation is a secret search.
  16.  ブロックチェーンネットワークを構成するノードに秘匿ステップを実行させ、前記ブロックチェーンネットワーク外のクライアントに要求ステップを実行させ、前記ブロックチェーンネットワーク外のサーバに計算ステップを実行させる情報処理方法であって、
     前記秘匿ステップは、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、
     前記要求ステップは、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、
     前記計算ステップは、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する
     情報処理方法。     An information processing method in which a node constituting a blockchain network is made to execute a secret step, a client outside the blockchain network is made to execute a request step, and a server outside the blockchain network is made to execute a calculation step.
    In the concealment step, a snapshot corresponding to at least one block in the blockchain stored in the blockchain network is encrypted based on homomorphic encryption, and then the snapshot is stored in the server.
    The request step determines a request based on a transaction stored in the block in the blockchain and sends the request to the server.
    The calculation step uses the reception of the request as a turning point to perform a secret calculation based on the encrypted snapshot, determines a response corresponding to the request based on the result of the secret calculation, and obtains the response. Information processing method to be returned to the client.
  17.  コンピュータを、
     ブロックチェーンネットワークを構成し秘匿手段を有するノード、前記ブロックチェーンネットワーク外の要求手段を有するクライアント、又は、前記ブロックチェーンネットワーク外の計算手段を有するサーバとして機能させる情報処理プログラムであって、
     前記秘匿手段は、前記ブロックチェーンネットワークに格納されるブロックチェーンにおける少なくとも1つのブロックと対応するスナップショットに対し準同型暗号に基づく暗号化を行った上で前記スナップショットを前記サーバに格納し、
     前記要求手段は、前記ブロックチェーンにおける前記ブロックに格納されるトランザクションに基づくリクエストを決定し、前記リクエストを前記サーバに送信し、
     前記計算手段は、前記リクエストの受信を転機として、前記暗号化が行われた前記スナップショットに基づく秘密計算を行い、前記秘密計算の結果に基づき前記リクエストと対応するレスポンスを決定し、前記レスポンスを前記クライアントに返却する
     情報処理プログラム。     Computer,
    An information processing program that functions as a node that constitutes a blockchain network and has concealment means, a client that has request means outside the blockchain network, or a server that has calculation means outside the blockchain network.
    The concealment means encrypts a snapshot corresponding to at least one block in the blockchain stored in the blockchain network based on homomorphic encryption, and then stores the snapshot in the server.
    The request means determines a request based on a transaction stored in the block in the blockchain, sends the request to the server, and receives the request.
    With the reception of the request as a turning point, the calculation means performs a secret calculation based on the encrypted snapshot, determines a response corresponding to the request based on the result of the secret calculation, and obtains the response. An information processing program to be returned to the client.
  18.  ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行う手段を有する秘密計算システム。 A secret calculation system that has a means to perform secret calculation based on snapshots of at least some blocks in the blockchain.
  19.  ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行うステップを、コンピュータに実行させる秘密計算方法。 A secret calculation method that causes a computer to perform a secret calculation step based on a snapshot of at least some blocks in a blockchain.
  20.  コンピュータを、ブロックチェーンにおける少なくとも一部のブロックのスナップショットに基づく秘密計算を行う手段として機能させる秘密計算プログラム。

          A secret calculation program that makes a computer act as a means of performing secret calculations based on snapshots of at least some blocks on the blockchain.
PCT/JP2020/024944 2020-03-17 2020-06-25 Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secure computation system, secure computation method, and secure computation program WO2021186754A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2020-045995 2020-03-17
JP2020045995A JP2021148850A (en) 2020-03-17 2020-03-17 Information processing system, information processing method, information processing program, secure computing system, secure computing method, and secure computing program
JP2020-045996 2020-03-17
JP2020045996A JP2021149235A (en) 2020-03-17 2020-03-17 Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, and secret sharing program

Publications (1)

Publication Number Publication Date
WO2021186754A1 true WO2021186754A1 (en) 2021-09-23

Family

ID=77768168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/024944 WO2021186754A1 (en) 2020-03-17 2020-06-25 Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secure computation system, secure computation method, and secure computation program

Country Status (1)

Country Link
WO (1) WO2021186754A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826564A (en) * 2022-02-28 2022-07-29 南京信息工程大学 Secret image sharing and recovering method based on block chain
US20230195940A1 (en) * 2021-12-16 2023-06-22 Beijing Baidu Netcom Science Technology Co., Ltd. Blockchain-based data processing method and apparatus, device, and storage medium
CN117580032A (en) * 2024-01-16 2024-02-20 国网冀北电力有限公司 Secret sharing-based electric power inspection unmanned aerial vehicle encryption communication method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019054363A (en) * 2017-09-14 2019-04-04 株式会社日立システムズ Server device, secret dispersion management system and secret dispersion management device
WO2019137565A2 (en) * 2019-04-26 2019-07-18 Alibaba Group Holding Limited Distributed key management for trusted execution environments
JP2020021048A (en) * 2018-08-03 2020-02-06 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Data distribution method, authentication server and data structure
JP2020507098A (en) * 2017-12-21 2020-03-05 株式会社BaaSid Lab Japan Authentication system through combination after separation of personal information using blockchain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019054363A (en) * 2017-09-14 2019-04-04 株式会社日立システムズ Server device, secret dispersion management system and secret dispersion management device
JP2020507098A (en) * 2017-12-21 2020-03-05 株式会社BaaSid Lab Japan Authentication system through combination after separation of personal information using blockchain
JP2020021048A (en) * 2018-08-03 2020-02-06 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Data distribution method, authentication server and data structure
WO2019137565A2 (en) * 2019-04-26 2019-07-18 Alibaba Group Holding Limited Distributed key management for trusted execution environments

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230195940A1 (en) * 2021-12-16 2023-06-22 Beijing Baidu Netcom Science Technology Co., Ltd. Blockchain-based data processing method and apparatus, device, and storage medium
US11734455B2 (en) * 2021-12-16 2023-08-22 Beijing Baidu Netcom Science Technology Co., Ltd. Blockchain-based data processing method and apparatus, device, and storage medium
CN114826564A (en) * 2022-02-28 2022-07-29 南京信息工程大学 Secret image sharing and recovering method based on block chain
CN114826564B (en) * 2022-02-28 2023-02-21 南京信息工程大学 Secret image sharing and recovering method based on block chain
CN117580032A (en) * 2024-01-16 2024-02-20 国网冀北电力有限公司 Secret sharing-based electric power inspection unmanned aerial vehicle encryption communication method
CN117580032B (en) * 2024-01-16 2024-04-16 国网冀北电力有限公司 Secret sharing-based electric power inspection unmanned aerial vehicle encryption communication method

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
WO2021186754A1 (en) Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, secret sharing program, secure computation system, secure computation method, and secure computation program
Ma et al. A secure face-verification scheme based on homomorphic encryption and deep neural networks
JP5147673B2 (en) Biometric authentication system and method
JP2022549581A (en) Computing system, method, non-transitory computer-readable medium and computer program product for determining the sequential order of blocks in a DAG-structured blockchain
US20210166247A1 (en) Asset ownership transfer and verification management
EP2579221A1 (en) Template delivery type cancelable biometric authentication system and method therefor
US11354198B2 (en) Snapshot for world state recovery
US20210349988A1 (en) Systems and methods for decentralized recovery of identity attributes
US11860856B2 (en) Managing distributed ledger storage space
US20230059580A1 (en) Blockchain with random committee selection
CN116249999A (en) Consensus service for blockchain networks
WO2021111220A1 (en) Efficient threshold storage of data object
CN111914264A (en) Index creation method and device, and data verification method and device
CN116318617B (en) Medical rescue material charity donation method based on RFID and blockchain
US20230208638A1 (en) Future asset reclamation via blockchain
CN115473703A (en) Identity-based ciphertext equivalence testing method, device, system and medium for authentication
Kaveri et al. Blockchain based reliable electronic voting technology
CN109104449A (en) A kind of more Backup Data property held methods of proof under cloud storage environment
Toli et al. Privacy-preserving multibiometric authentication in cloud with untrusted database providers
KR20220004997A (en) Generate biometric digital signatures for identity verification
JP2021149235A (en) Information processing system, information processing method, information processing program, secret sharing system, secret sharing method, and secret sharing program
CN112491840B (en) Information modification method, device, computer equipment and storage medium
US11658824B2 (en) Plagiarism detection from encrypted documents
De Oliveira Nunes et al. Secure non-interactive user re-enrollment in biometrics-based identification and authentication systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20925734

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/01/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 20925734

Country of ref document: EP

Kind code of ref document: A1