Nothing Special   »   [go: up one dir, main page]

WO2020211073A1 - 基于区块链和多方安全计算的交易方法、装置及存储介质 - Google Patents

基于区块链和多方安全计算的交易方法、装置及存储介质 Download PDF

Info

Publication number
WO2020211073A1
WO2020211073A1 PCT/CN2019/083424 CN2019083424W WO2020211073A1 WO 2020211073 A1 WO2020211073 A1 WO 2020211073A1 CN 2019083424 W CN2019083424 W CN 2019083424W WO 2020211073 A1 WO2020211073 A1 WO 2020211073A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
node
transaction
contract
computing
Prior art date
Application number
PCT/CN2019/083424
Other languages
English (en)
French (fr)
Inventor
黄高峰
李升林
晏意林
谢翔
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/083424 priority Critical patent/WO2020211073A1/zh
Publication of WO2020211073A1 publication Critical patent/WO2020211073A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof

Definitions

  • This specification relates to the field of data transaction technology, and in particular to a transaction method, device and storage medium based on blockchain and multi-party secure computing.
  • the purpose of the embodiments of this specification is to provide a transaction method, device and storage medium based on blockchain and multi-party secure computing to improve the security of private data transactions.
  • the embodiments of this specification provide a transaction method based on blockchain and multi-party secure computing, which is applied to any blockchain node in the blockchain network, and the blockchain node At least one privacy contract is pre-deployed, and the method includes:
  • the data transaction request carries a contract identifier, a calculation method identifier, a pledged transaction amount, and the public key of the data demander;
  • the ciphertext calculation result is encrypted with the public key
  • the embodiment of this specification provides a blockchain node, at least one privacy contract is pre-deployed on the blockchain node, and the blockchain node includes:
  • the transaction request receiving module is used to receive the data transaction request initiated by the data demander;
  • the data transaction request carries the contract identifier, the calculation method identifier, the pledged transaction amount, and the public key of the data demander;
  • the privacy contract loading module is used to load the target privacy contract corresponding to the contract identifier
  • a transaction notification sending module configured to send data transaction notifications to multiple computing nodes agreed in the target privacy contract, so as to coordinate the multiple computing nodes to perform multi-party secure computing according to the computing method identifier;
  • a calculation result receiving module configured to receive a ciphertext calculation result returned by one of the multiple computing nodes; the ciphertext calculation result is encrypted with the public key;
  • a calculation result storage module configured to save the ciphertext calculation result in the target privacy contract
  • the data transaction settlement module is used for transaction settlement based on the charging rules configured in the target privacy contract and the transaction amount; the ciphertext calculation result is encrypted with the public key.
  • the embodiment of this specification provides a computer storage medium on which a computer program is stored, and the computer program is applied to any blockchain node in the blockchain network, and the At least one privacy contract is deployed, and when the computer program is executed by the processor, the following steps are implemented:
  • the data transaction request carries a contract identifier, a calculation method identifier, a pledged transaction amount, and the public key of the data demander;
  • the ciphertext calculation result is encrypted with the public key
  • the embodiment of this specification provides another transaction method based on blockchain and multi-party secure computing, the method includes:
  • the data transaction notification carries the contract identifier, the calculation method identifier, and the public key of the data requester, and the privacy contract corresponding to the contract identifier is pre-deployed on the blockchain node ;
  • an embodiment of this specification provides a computing node, and the computing node includes:
  • the transaction notification receiving module is used to receive the data transaction notification provided by the blockchain node; the data transaction notification carries the contract identifier, the calculation method identifier and the public key of the data requester, and the privacy contract corresponding to the contract identifier is pre-deployed in On the blockchain node;
  • a private data acquisition module which is used to acquire private data from a local data node in response to the data transaction notification
  • the multi-party secure calculation module is used to perform multi-party secure calculations with other computing nodes agreed in the privacy contract based on the privacy data and the calculation method to obtain the calculation results; so that one of the computing nodes agreed in the privacy contract 1. Encrypt the calculation result with the public key, and upload the ciphertext calculation result to the blockchain node.
  • the embodiments of the present specification provide another computer storage medium on which a computer program is stored, and the computer program implements the following steps when executed by a processor:
  • the data transaction notification carries the contract identifier, the calculation method identifier, and the public key of the data requester, and the privacy contract corresponding to the contract identifier is pre-deployed on the blockchain node ;
  • the privacy data required by each computing node in the calculation of the embodiments of this specification is kept locally on the data provider and not leaked to other data providers, thus ensuring data privacy Sex and safety.
  • the blockchain node triggers the computing node agreed in the privacy contract to perform multi-party secure calculations, and the calculation result of the multi-party secure calculation is one of the computing nodes agreed in the privacy contract (specifically, it can be in the privacy contract (In agreement), after encrypting with the public key of the data requester, it will be uploaded to the blockchain node. Therefore, the entire multi-party secure computing process does not need to rely on any trusted third party, and has better decentralization, non-tampering, and non-repudiation characteristics, thereby improving the security of private data transactions.
  • Figure 1 is a schematic diagram of the system architecture of a data transaction system based on blockchain and multi-party secure computing in some embodiments of this specification;
  • Figure 2 is a schematic diagram of interaction of a data transaction system based on blockchain and multi-party secure computing in some embodiments of this specification;
  • FIG. 3 is a schematic diagram of interaction of a data transaction system based on blockchain and multi-party secure computing in some embodiments of this specification;
  • Fig. 4 is a structural block diagram of an MPC node in some embodiments of this specification.
  • Figure 5 is a block diagram of the block chain node in some embodiments of this specification.
  • Fig. 6 is a flowchart of a transaction method based on blockchain and multi-party secure computing on the MPC node side in some embodiments of this specification;
  • FIG. 7 is a flowchart of a transaction method based on blockchain and multi-party secure computing on the side of the blockchain node in some embodiments of this specification.
  • MPC technology plays an important role in scenarios such as joint user credit investigation and joint data analysis by research institutions.
  • existing multi-party secure computing solutions generally have a centralized management module (such as a key management center or a node information configuration management module, etc.).
  • the existence of these centralized management modules may easily lead to problems such as low security, cumbersome transaction processes, and resource consuming.
  • some embodiments of this manual provide a data transaction system based on blockchain and multi-party secure computing as shown in Figure 1.
  • the system can include MPC computing group and blockchain network.
  • the MPC computing group can be a distributed network, which can include multiple MPC nodes, each MPC node corresponds to a data provider, and each MPC node is connected to a blockchain node in the blockchain network .
  • the multiple MPC nodes may jointly participate in multi-party security calculations based on the private data obtained separately (that is, the multiple MPC nodes may perform multi-party security calculations based on the private data obtained separately).
  • the MPC node can be used to receive the data transaction notification provided by the blockchain node in the blockchain network; the data transaction notification can carry the contract ID, the calculation method ID and the public key of the data requester, and the contract ID corresponds to A privacy contract is pre-deployed on the blockchain node; in response to the data transaction notification, private data is obtained from a local data node; based on the privacy data and the calculation method, and other calculations agreed in the privacy contract
  • the node performs multi-party security calculations to obtain the calculation results; so that one of the calculation nodes agreed in the privacy contract encrypts the calculation results with the public key, and uploads the ciphertext calculation results to the blockchain node .
  • Blockchain nodes in the blockchain network can be used to receive data transaction requests initiated by the data demander; the data transaction request carries the contract identifier, the calculation method identifier, and the pledged transaction amount (that is, the transaction amount pledged by the data demander ) And the public key of the data requester; load the target privacy contract corresponding to the contract identification; send data transaction notifications to multiple computing nodes agreed in the target privacy contract to coordinate the multiple computing nodes according to The calculation method identifies the multi-party secure calculation; receives the ciphertext calculation result returned by one of the multiple calculation nodes; saves the ciphertext calculation result in the target privacy contract, and based on the target privacy contract
  • the configured charging rules and the transaction amount are used for transaction settlement.
  • the data requester can temporarily generate a pair of public and private keys before initiating a data transaction request, the private key is retained by itself, and the public key is sent to the blockchain network along with the data transaction request.
  • the private data required for each MPC node's calculation is kept locally on the data provider, and is not leaked to other data providers, thus ensuring Data privacy and security.
  • the blockchain node triggers the MPC node agreed in the privacy contract to perform multi-party security calculations, and the settlement result of the multi-party security calculation is one of the MPC nodes agreed in the privacy contract (specifically, it can be specified in the privacy contract (In agreement), after being encrypted with the public key of the data requester, it will be uploaded to the blockchain network. Therefore, the entire multi-party secure computing process does not need to rely on any trusted third party, and has better decentralization, non-tampering, and non-repudiation characteristics, thereby improving the security, consistency, and fairness of private data transactions.
  • each MPC node may correspond to one or more data nodes as needed.
  • the data provider can configure different data nodes for different privacy contracts.
  • This kind of privacy data isolation can help improve the privacy data security of the data provider.
  • the data node needs to register with the local MPC node in advance to wait to participate in the calculation.
  • the privacy contract is executed, the data node is responsible for providing the locally stored private data to the local MPC node. Before the MPC node performs multi-party security calculations, it needs to obtain the calculation method specified in the privacy contract in order to perform calculations according to the calculation method.
  • the MPC node can match the corresponding privacy contract from the blockchain node through the contract identifier carried in the data transaction notification, and then match it from the privacy contract according to the calculation method identifier carried in the data transaction notification The corresponding calculation method.
  • the MPC node may also obtain the calculation method specified in the privacy contract in other ways, which is not limited in this specification, and an appropriate method can be selected according to actual needs.
  • both the MPC node and the data node may be deployed locally on the data provider, so as to further improve the privacy data security of the data provider.
  • each MPC node may be preloaded with a multi-party secure computing virtual machine (Virtual Machine, VM for short) to provide a runtime environment corresponding to the multi-party secure computing method in the privacy contract.
  • VM Virtual Machine
  • the MPC node can be configured with N corresponding virtual machines.
  • the multi-party secure computing virtual machine may be, for example, a Low Level Virtual Machine (LLVM for short), which can execute LLVM IR bytecode.
  • LLVM Low Level Virtual Machine
  • the developer (or data provider) entrusted by the data provider can use the MPC calculation function written in high-level language and compile it into LLVM IR bytecode (that is, compile high-level language programs into bytes Code file), and then set parameters in combination with calculation participants (ie MPC nodes), charging rules, etc., and finally can be compiled into a blockchain smart contract (ie, the aforementioned privacy contract).
  • the calculation method stored in the privacy contract can be a bytecode file.
  • the MPC node when it performs multi-party security calculations, it can call the Just In Time Compilation (JIT compiler for short) of the virtual machine to convert the bytecode file containing the multi-party security calculation method into executable code.
  • JIT compiler Just In Time Compilation
  • the circuit file is extremely large and it is difficult to customize the algorithm (ie, the calculation method), and therefore is not suitable for the distributed application (Decentralized Application, DAPP) development scenario.
  • DAPP distributed Application
  • the MPC node may request the local data node for private data corresponding to the specified calculation parameter according to the specified calculation parameter carried in the data transaction notification.
  • the specified calculation parameter indicates the result demand of the data demander. Therefore, the specified calculation parameter can be a result parameter or data index value.
  • the designated calculation parameter specified by the data demander may be the average value of the asset-liability ratio of enterprises above designated size in 2018.
  • the specified calculation parameter specified by the data demander may be the health index of the target population, and so on.
  • the designated calculation parameter can be carried in the data transaction initiated by the data demander.
  • the privacy contract generally stipulates that there are multiple MPC nodes participating in the calculation. Therefore, for any one of the MPC nodes, it can be performed together with other computing nodes agreed in the privacy contract. Multi-party secure calculation, so as to jointly complete a multi-party secure calculation. In order to prevent the repeated submission of calculation results, one of the MPC nodes may be appointed as the calculation result submission node in the privacy contract, and each MPC node may perform point-to-point communication to facilitate multi-party secure calculations.
  • the calculation result submission node After the calculation result submission node obtains the calculation result, it can first encrypt the calculation result with the public key of the data requester to obtain the ciphertext calculation result; then construct a blockchain transaction to upload the ciphertext calculation result to the chain through the transaction To the blockchain node so that the blockchain node can save it in the corresponding privacy contract.
  • the data demander can view one or more privacy contracts provided on the blockchain node, and select a privacy contract from them as needed. According to the content provided by the selected privacy contract (such as contract identification, calculation method, billing rules, service scope, etc.), the data demander can determine the specified calculation parameters (such as the above-mentioned average asset-liability ratio of enterprises above designated size, Health index, etc.), and the transaction amount required to pledge to initiate a data transaction request, etc. Thus, data transaction requests can be initiated accordingly. It can be seen that, based on the embodiments of this specification, online data transactions can be quickly realized.
  • the specified calculation parameters such as the above-mentioned average asset-liability ratio of enterprises above designated size, Health index, etc.
  • each blockchain node in the blockchain network when each blockchain node in the blockchain network discovers a data transaction request, it can load the corresponding privacy contract according to the contract identifier carried in the data transaction request, and check the locally connected MPC Whether the node is a computing participant of the privacy contract; if the locally connected MPC node is a computing participant of the privacy contract, a corresponding data transaction notification is generated and provided to the locally connected MPC node to trigger the locally connected MPC node to participate in multiple parties Safe calculation.
  • any block chain node in the block chain network receives the ciphertext calculation result returned for the data transaction notification, it can be synchronized to all block chain nodes in the block chain network.
  • the data requester can send a calculation result query request to any blockchain node in the blockchain network through a visual operation terminal (such as a smart phone, a computer, etc.).
  • a visual operation terminal such as a smart phone, a computer, etc.
  • the data requester can decrypt the ciphertext calculation result provided by the blockchain node based on the private key (corresponding to the public key), thereby obtaining the plaintext calculation result.
  • the interaction between various nodes may be as shown in FIG. 2.
  • each MPC node participating in the multi-party secure calculation can also submit the MPC node signature to the locally connected blockchain node after the intermediate calculation result (or called the sub-result) obtained by the calculation.
  • the intermediate calculation result of the ciphertext calculation result can be verified by the blockchain node.
  • the blockchain node receives the intermediate calculation result of the ciphertext, it can be based on the intermediate calculation result of the ciphertext and
  • the verification method configured in the target privacy contract verifies the ciphertext calculation result; if the ciphertext calculation result passes the verification, the transaction settlement is triggered; otherwise, the transaction amount can be returned and the data can be notified transaction failed.
  • the interaction between various nodes may be as shown in FIG. 3 when the verification of the calculation result is included.
  • the data demander since the data demander has a private key (corresponding to the public key), the data demander can also initiate a calculation result verification transaction, so that the MPC node participating in the multi-party secure calculation can re-execute the calculation and obtain another calculation result. Then use the public key of the data requester to encrypt the other calculation result; if the encrypted ciphertext is the same as the ciphertext calculation result that has already been chained before, the result verification is passed, otherwise the verification fails (for example, any of the There is a problem with the intermediate results provided by the MPC node, etc.). If the verification fails, the blockchain node can return the transaction amount pledged by the data demander and notify the data transaction failure. If the verification is successful, the blockchain node can perform transaction settlement based on the charging rules configured in the privacy contract and the transaction amount.
  • the MPC node may include a transaction notification receiving module 41, a privacy data acquisition module 42, and a multi-party secure computing module 43. among them:
  • the transaction notification receiving module 41 can be used to receive the data transaction notification provided by the blockchain node; the data transaction notification carries the contract identifier, the calculation method identifier and the public key of the data requester, and the privacy contract corresponding to the contract identifier Deployed on the blockchain node;
  • the private data obtaining module 42 may be used to obtain private data from a local data node in response to the data transaction notification;
  • the multi-party secure calculation module 43 can be used to perform multi-party secure calculations with other computing nodes agreed in the privacy contract based on the privacy data and the calculation method to obtain the calculation result; so that the calculation agreed in the privacy contract One of the nodes encrypts the calculation result with the public key, and uploads the ciphertext calculation result to the blockchain node.
  • the MPC node may further include a virtual machine loading module 40.
  • the virtual machine loading module 40 may be used to pre-load the target virtual machine to provide a runtime environment of the computing method.
  • a blockchain node may include a data transaction request receiving module 51, a privacy contract loading module 52, a transaction notification sending module 53, a calculation result receiving module 54, and a calculation result saving module 55 And data transaction settlement module 56. among them:
  • the transaction request receiving module 51 may be used to receive a data transaction request initiated by the data requester; the data transaction request carries the contract identifier, the calculation method identifier, the pledged transaction amount, and the public key of the data requester;
  • the privacy contract loading module 52 can be used to load the target privacy contract corresponding to the contract identifier
  • the transaction notification sending module 53 may be used to send data transaction notifications to multiple computing nodes agreed in the target privacy contract, so as to coordinate the multiple computing nodes to perform multi-party secure computing according to the computing method identifier;
  • the calculation result receiving module 54 may be configured to receive a ciphertext calculation result returned by one of the multiple computing nodes; the ciphertext calculation result is encrypted with the public key;
  • the calculation result storage module 55 can be used to save the ciphertext calculation result in the target privacy contract
  • the data transaction settlement module 56 can be used for transaction settlement based on the charging rules configured in the target privacy contract and the transaction amount; the ciphertext calculation result is encrypted with the public key.
  • the blockchain node may further include a calculation result verification module 57.
  • the calculation result verification module 57 may be used to, when receiving the ciphertext intermediate calculation result returned by the multiple computing nodes, verify the ciphertext according to the ciphertext intermediate calculation result and the verification method configured in the target privacy contract. The text calculation result is verified; if the cipher text calculation result passes the verification, the data transaction settlement module 56 is triggered.
  • the blockchain node may further include a calculation result providing module 58.
  • the calculation result providing module 58 may be configured to provide the ciphertext calculation result to the data demander when receiving a calculation result obtaining request from the data demander.
  • the aforementioned nodes may be desktop computers, tablet computers, notebook computers, smart phones, digital assistants, smart wearable devices, and so on.
  • smart wearable devices may include smart bracelets, smart watches, smart glasses, smart helmets, and so on.
  • the node is not limited to the aforementioned electronic device with a certain entity, and it can also be software running in the aforementioned electronic device.
  • the transaction method based on blockchain and multi-party secure computing on the MPC node side may include the following steps:
  • the transaction method based on blockchain and multi-party secure computing on the side of the blockchain node may include the following steps:
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and any method or technology can be used to store information.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • this specification can be provided as methods, systems or computer program products. Therefore, this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • This specification can also be practiced in distributed computing environments, in which tasks are performed by remote processing devices connected through a communication network.
  • program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

一种基于区块链和多方安全计算的交易方法、装置及存储介质,该方法应用于区块链网络的任一区块链节点上,区块链节点部署有隐私合约,方法包括:接收数据需求方发起的数据交易请求;数据交易请求中携带合约标识、计算方法标识、质押的交易金额及数据需求方的公钥(S701);加载与合约标识对应的隐私合约(S702);向隐私合约中约定的多个计算节点发送数据交易通知,以协调多个计算节点根据计算方法标识进行多方安全计算(S703);接收多个计算节点之一返回的密文计算结果;密文计算结果用公钥加密(S704);将密文计算结果保存至隐私合约中,并基于隐私合约中配置的计费规则及交易金额进行交易结算(S705)。可提高隐私数据交易的安全性。

Description

基于区块链和多方安全计算的交易方法、装置及存储介质 技术领域
本说明书涉及数据交易技术领域,尤其是涉及一种基于区块链和多方安全计算的交易方法、装置及存储介质。
背景技术
随着大数据技术的发展,人们越来越认识到数据的价值,但是数据一般分散在不同的机构中,且各机构持有的数据维度往往比较有限,因此,单独基于某一机构的数据难于充分挖掘出数据的价值。为此,将分散在不同的机构的数据进行联合挖掘,是人们所普遍期望的。
如果要要进行数据联合挖掘,则需要将数据给付到对方,或双方将数据给付至一个共同的中间平台。在此过程中,如何保证数据提供方的数据不被泄露,特别是有关自有客户隐私类的数据不被恶意应用,是首当其冲的问题。此外,现有的数据交易方案大都依赖第三方支付平台,且由于数据和资金的交割是两个不同的事务,因而容易发生欺诈和纠纷,难以保证交易安全。因此,如何保证隐私数据交易的安全性已成为目前亟待解决的技术问题。
发明内容
本说明书实施例的目的在于提供一种基于区块链和多方安全计算的交易方法、装置及存储介质,以提高隐私数据交易的安全性。
为达到上述目的,一方面,本说明书实施例提供了一种基于区块链和多方安全计算的交易方法,应用于区块链网络的任意一个区块链节点上,所述区块链节点上预先部署有至少一个隐私合约,所述方法包括:
接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
加载与所述合约标识对应的目标隐私合约;
向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加 密;
将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算。
另一方面,本说明书实施例提供了一种区块链节点,所述区块链节点上预先部署有至少一个隐私合约,所述区块链节点包括:
交易请求接收模块,用于接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
隐私合约加载模块,用于加载与所述合约标识对应的目标隐私合约;
交易通知发送模块,用于向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
计算结果接收模块,用于接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
计算结果保存模块,用于将所述密文计算结果保存至所述目标隐私合约中;
数据交易结算模块,用于基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算;所述密文计算结果用所述公钥加密。
另一方面,本说明书实施例提供了一种计算机存储介质,其上存储有计算机程序,所述计算机程序应用于区块链网络的任意一个区块链节点上,所述区块链节点上预先部署有至少一个隐私合约,所述计算机程序被处理器执行时实现以下步骤:
接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
加载与所述合约标识对应的目标隐私合约;
向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算。
另一方面,本说明书实施例提供了另一种基于区块链和多方安全计算的交易方法,所述方法包括:
接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方 法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
响应于所述数据交易通知,从本地数据节点获取隐私数据;
基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
另一方面,本说明书实施例提供了一种计算节点,所述计算节点包括:
交易通知接收模块,用于接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
隐私数据获取模块,用于响应于所述数据交易通知,从本地数据节点获取隐私数据;
多方安全计算模块,用于基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
另一方面,本说明书实施例提供了另一种计算机存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现以下步骤:
接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
响应于所述数据交易通知,从本地数据节点获取隐私数据;
基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
由以上本说明书实施例提供的技术方案可见,本说明书实施例中每个计算节点计算时所需的隐私数据都保持在数据提供方本地,没有泄露给其他数据提供方,因此保证了数据的隐私性及安全性。同时,在隐私合约执行时,由区块链节点触发隐私合约中约定的计算节点进行多方安全计算,且多方安全计算的计算结果是由隐私合约中约定的计算节点之一(具体可以在隐私合约中约定),在用数据需求方的公钥加密后上链至区块链节点的。因此,整个多方安全计算过程不需要依赖任何可信第三方,具备较佳的去中心化、不可篡改、不可抵赖特性,从而提高了隐私数据交易的安全性。
附图说明
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。在附图中:
图1为本说明书一些实施例中的基于区块链和多方安全计算的数据交易系统的系统架构示意图;
图2为本说明书一些实施例中的基于区块链和多方安全计算的数据交易系统的交互示意图;
图3为本说明书一些实施例中的基于区块链和多方安全计算的数据交易系统的交互示意图;
图4为本说明书一些实施例中MPC节点的结构框图;
图5为本说明书一些实施例中区块链节点的结构框图;
图6为本说明书一些实施例中MPC节点侧的基于区块链和多方安全计算的交易方法流程图;
图7为本说明书一些实施例中区块链节点侧的基于区块链和多方安全计算的交易方法流程图。
具体实施方式
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。
目前MPC技术在用户征信联合调查、研究机构联合数据分析等场景中有着重要的作用。然而,针对多方安全计算的数据隐私问题,现有的多方安全计算方案一般都存在中心化管理模块(例如key管理中心或节点的信息配置管理模块等)。这些中心化管理模块的存在可能容易导致安全性较低、交易过程繁琐和耗费资源等问题。
为降低或消除多方安全计算对中心化的依赖,提高隐私数据交易的安全性,本说明 书一些实施例中提供了如图1所示的基于区块链和多方安全计算的数据交易系统。该系统可包括MPC计算群和区块链网络。
MPC计算群可以为一个分布式网络,该分布式网络中可以包括多个MPC节点,每个MPC节点对应一个数据提供方,每个MPC节点连接到区块链网络中的一个区块链节点上。所述多个MPC节点可以基于各自获取的隐私数据,共同参与多方安全计算(即所述多个MPC节点可以基于各自获取的隐私数据进行多方安全计算)。MPC节点可以用于接收区块链网络中的区块链节点提供的数据交易通知;所述数据交易通知中可以携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;响应于所述数据交易通知,从本地数据节点获取隐私数据;基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
区块链网络中的区块链节点可以用于接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额(即数据需求方质押的交易金额)及所述数据需求方的公钥;加载与所述合约标识对应的目标隐私合约;向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;接收所述多个计算节点之一返回的密文计算结果;将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算。其中,为了提高数据安全,数据需求方在发起数据交易请求前,可以临时生成一对公私钥,私钥自己保留,公钥随数据交易请求发到区块链网络上。
由此可见,在上述基于区块链和多方安全计算的数据交易系统中,每个MPC节点计算时所需的隐私数据都保持在数据提供方本地,没有泄露给其他数据提供方,因此保证了数据的隐私性及安全性。同时,在隐私合约执行时,由区块链节点触发隐私合约中约定的MPC节点进行多方安全计算,且多方安全计算的结算结果是由隐私合约中约定的MPC节点之一(具体可以在隐私合约中约定),在用数据需求方的公钥加密后上链至区块链网络的。因此,整个多方安全计算过程不需要依赖任何可信第三方,具备较佳的去中心化、不可篡改、不可抵赖特性,从而提高了隐私数据交易的安全性、一致性和公平性。
在本说明书一些实施例中,根据需要,每个MPC节点可以对应有一个或多个数据节 点。例如,当同一数据提供方签约了不同的隐私合约时,该数据提供方可以针对不同的隐私合约配置不同的数据节点,如此通过这种隐私数据隔离,可利于提高数据提供方的隐私数据安全。其中,数据节点需要预先向本地MPC节点注册,以等待参与计算。在隐私合约执行时,数据节点负责将本地保存的隐私数据提供给本地MPC节点。MPC节点在进行多方安全计算前,需要获得隐私合约中指定的计算方法,以便于按照计算方法进行计算。在一些实施例中,MPC节点可以通过数据交易通知中携带的合约标识,从区块链节点上匹配到对应的隐私合约,然后根据数据交易通知中携带的计算方法标识,从隐私合约中匹配到对应的计算方法。在另一些实施例中,MPC节点也可以通过其他方式获得隐私合约中指定的计算方法,本说明书对此不作限制,具体可以根据需要选择合适的方式。
需要指出的是,本说明书提及的隐私合约是指隐私智能合约,即进行了隐私保护的智能合约,以免敏感信息被暴露。在本说明书一些实施例中,MPC节点和数据节点均可以部署于数据提供方本地,以利于进一步提高数据提供方的隐私数据安全。
在本说明书一些实施例中,每个MPC节点可以预先加载有多方安全计算虚拟机(Virtual Machine,简称VM),以提供对应隐私合约中多方安全计算方法的运行时环境。当一个MPC节点所对应的数据提供方同时签约有N个私智能合约时,该MPC节点可以配置有N个对应的虚拟机。在一些示例性实施例中,所述多方安全计算虚拟机例如可以是底层虚拟机(Low Level Virtual Machine,简称LLVM),其可以执行LLVM IR字节码。在隐私合约上链前,受数据提供方委托的开发者(或数据提供方)可以用高级语言编写的MPC计算函数,并将其编译成LLVM IR字节码(即将高级语言程序编译成字节码文件),然后结合计算参与方(即MPC节点)、计费规则等设置参数,最终可以编译成区块链的智能合约(即上述的隐私合约)。由此可见,隐私合约中保存的计算方法可以为字节码文件。相应的,MPC节点在进行多方安全计算时,可以调用虚拟机的即时编译器(Just In Time Compilation,简称JIT编译器),以将包含多方安全计算方法的字节码文件转换成可执行代码。
由于现有多方安全计算技术使用MPC BOOL电路作为计算脚本,导致电路文件极大,难定制算法(即计算方法),因而不适合分布式应用(Decentralized Application,简称DAPP)开发场景。而在本说明书实施例中,不再需要编写复杂的MPC电路,而是采用高级语言编写MPC计算函数,并编译成LLVM IR字节码;且MPC节点可以调用预先配置的虚拟机的JIT编译器,将包含MPC计算函数的字节码文件转换成可执行代码。 因此,在本说明书实施例中,通过高级语言编程可以方便地定制计算方法,从而可以更好的丰富DAPP开发场景。
在本说明书一些实施例中,MPC节点可以根据所述数据交易通知中携带的指定计算参数,向所述本地数据节点请求与所述指定计算参数对应的隐私数据。其中,指定计算参数指示了数据需求方的结果需求。因此,指定计算参数可以为一个结果参数或数据索引值。例如,在一示例性场景下,数据需求方指定的指定计算参数可以为2018年规模以上企业的资产负债率均值。再如,在另一示例性场景下,数据需求方指定的指定计算参数可以为目标人群的健康指数,等等。相应的,在数据需求方发起的数据交易中可以携带该指定计算参数。
在本说明书一些实施例中,隐私合约中一般会约定有多个参与计算的MPC节点,因此,对于其中的任何一个MPC节点而言,其可以与所述隐私合约中约定的其他计算节点一起进行多方安全计算,从而共同完成一个多方安全计算。为了防止计算结果重复提交,所述隐私合约中可以约定其中的一个MPC节点作为计算结果提交节点,各个MPC节点之间可以进行点对点通信,以便于进行多方安全计算。计算结果提交节点在得到计算结果后,可以先用数据请求方的公钥对计算结果进行加密,获得密文计算结果;然后构造一个区块链交易,以通过该交易把密文计算结果上链至所述区块链节点,以便于所述区块链节点可以将其保存至对应的隐私合约中。
在本说明书一些实施例中,数据需求方可以查看区块链节点上提供的一个或多个隐私合约,并根据需要从中选择一个隐私合约。根据选择的隐私合约所提供的内容(例如合约标识、计算方法、计费规则、服务范围等),数据需求方可以确定指定计算参数(例如上述的规模以上企业的资产负债率均值、目标人群的健康指数,等等),以及发起数据交易请求所需要质押的交易金额等等。从而可以据此发起数据交易请求。由此可见,基于本说明书实施例可以快速实现数据线上交易。
在本说明书一些实施例中,区块链网络中的每个区块链节点在发现数据交易请求时,可以根据数据交易请求中携带的合约标识,加载相应的隐私合约,并检查本地连接的MPC节点是否为该隐私合约的计算参与方;如果本地连接的MPC节点是该隐私合约的计算参与方,则生成相应的数据交易通知提供给本地连接的MPC节点,以触发本地连接的MPC节点参与多方安全计算。当区块链网络中的任意一个区块链节点在收到针对所述数据交易通知返回的密文计算结果后,可同步至区块链网络中所有区块链节点。相应的,数据需求方可以通过可视化操作终端(例如智能手机、电脑等)向区块链网络中的任意 一个区块链节点发送计算结果查询请求。在获得密文计算结果后,数据需求方可以基于私钥(与所述公钥对应),解密区块链节点提供的密文计算结果,从而可以获得明文计算结果。
在本说明书一些实施例中,上述基于区块链和多方安全计算的数据交易系统中,各个节点之间的交互可以如图2所示。
在本说明书一些实施例中,参与多方安全计算的每个MPC节点在计算得到的中间计算结果(或者称为子结果)后,还可以各自向本地连接的区块链节点提交携带有MPC节点签名的中间计算结果,以便于区块链节点可以对密文计算结果进行验证。因此,在基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算之前,当区块链节点接收所述密文中间计算结果时,可以根据所述密文中间计算结果及所述目标隐私合约中配置的验证方法,对所述密文计算结果进行验证;如果所述密文计算结果通过验证,则触发所述交易结算;否则可以退回所述交易金额,并可告知数据交易失败。在本说明书一些实施例中,在包含计算结果验证的情况下,基于区块链和多方安全计算的数据交易系统中,各个节点之间的交互可以如图3所示。
此外,由于数据需求方具有私钥(与所述公钥对应),因此数据需求方也可以发起计算结果验证交易,以使参与多方安全计算的MPC节点可重新执行计算并得到另一计算结果,然后使用数据需求方的公钥对该另一计算结果进行加密;如果加密后的密文和此前已经上链的密文计算结果相同,则通过结果验证,否则验证失败(例如参与计算的任何一个MPC节点提供的中间结果有问题,等等)。如果验证失败,则区块链节点可以退回数据需求方质押的交易金额并告知数据交易失败。如果验证成功,则区块链节点可以基于隐私合约中配置的计费规则及所述交易金额进行交易结算。
结合图4所示,在本说明书一些实施例中,MPC节点可以包括交易通知接收模块41、隐私数据获取模块42和多方安全计算模块43。其中:
交易通知接收模块41,可以用于接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
隐私数据获取模块42,可以用于响应于所述数据交易通知,从本地数据节点获取隐私数据;
多方安全计算模块43,可以用于基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定 的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
在本说明书另一些实施例中,所述MPC节点还可以包括虚拟机加载模块40。该虚拟机加载模块40可以用于预先加载目标虚拟机,以提供所述计算方法的运行时环境。
结合图5所示,在本说明书一些实施例中,区块链节点可以包括数据交易请求接收模块51、隐私合约加载模块52、交易通知发送模块53、计算结果接收模块54、计算结果保存模块55和数据交易结算模块56。其中:
交易请求接收模块51,可以用于接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
隐私合约加载模块52,可以用于加载与所述合约标识对应的目标隐私合约;
交易通知发送模块53,可以用于向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
计算结果接收模块54,可以用于接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
计算结果保存模块55,可以用于将所述密文计算结果保存至所述目标隐私合约中;
数据交易结算模块56,可以用于基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算;所述密文计算结果用所述公钥加密。
在本说明书另一些实施例中,所述区块链节点还可以包括计算结果验证模块57。该计算结果验证模块57可以用于在接收所述多个计算节点返回的密文中间计算结果时,根据所述密文中间计算结果及所述目标隐私合约中配置的验证方法,对所述密文计算结果进行验证;如果所述密文计算结果通过验证,则触发所述数据交易结算模块56。
在本说明书另一些实施例中,所述区块链节点还可以包括计算结果提供模块58。该计算结果提供模块58可以用于在收到所述数据需求方的计算结果获取请求时,向所述数据需求方提供所述密文计算结果。
在本说明书一些实施例中,上述各节点可以为台式电脑、平板电脑、笔记本电脑、智能手机、数字助理、智能可穿戴设备等。其中,智能可穿戴设备可以包括智能手环、智能手表、智能眼镜、智能头盔等。当然,所述节点并不限于上述具有一定实体的电子设备,其还可以为运行于上述电子设备中的软体。
为了描述的方便,描述以上节点时以功能分为各种单元分别描述。当然,在实施本说明书时可以把各单元的功能在同一个或多个软件和/或硬件中实现。
参考图6所示,MPC节点侧的基于区块链和多方安全计算的交易方法可以包括以下步骤:
S601、接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上。
S602、响应于所述数据交易通知,从本地数据节点获取隐私数据。
S603、基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
参考图7所示,区块链节点侧的基于区块链和多方安全计算的交易方法可以包括以下步骤:
S701、接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥。
S702、加载与所述合约标识对应的目标隐私合约。
S703、向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算。
S704、接收所述多个计算节点之一返回的密文计算结果。
S705、将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算;所述密文计算结果用所述公钥加密。
虽然上文描述的过程流程包括以特定顺序出现的多个操作,但是,应当清楚了解,这些过程可以包括更多或更少的操作,这些操作可以顺序执行或并行执行(例如使用并行处理器或多线程环境)。
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方 式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以使任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法或者设备中还存在另外的相同要素。
本领域技术人员应明白,本说明书的实施例可提供为方法、系统或计算机程序产品。因此,本说明书可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算 机程序产品的形式。
本说明书可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于方法实施例而言,由于其基本相似于系统实施例,所以描述的比较简单,相关之处参见系统实施例的部分说明即可。
以上所述仅为本说明书的实施例而已,并不用于限制本说明书。对于本领域技术人员来说,本说明书可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书的权利要求范围之内。

Claims (24)

  1. 一种基于区块链和多方安全计算的交易方法,其特征在于,应用于区块链网络的任意一个区块链节点上,所述区块链节点上预先部署有至少一个隐私合约,所述方法包括:
    接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
    加载与所述合约标识对应的目标隐私合约;
    向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
    接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
    将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算。
  2. 如权利要求1所述的基于区块链和多方安全计算的交易方法,其特征在于,在基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算之前,还包括:
    接收所述多个计算节点返回的密文中间计算结果;
    根据所述密文中间计算结果及所述目标隐私合约中配置的验证方法,对所述密文计算结果进行验证;
    如果所述密文计算结果通过验证,则触发所述交易结算。
  3. 如权利要求1或2所述的基于区块链和多方安全计算的交易方法,其特征在于,还包括:
    在收到所述数据需求方的计算结果获取请求时,向所述数据需求方提供所述密文计算结果。
  4. 如权利要求1所述的基于区块链和多方安全计算的交易方法,其特征在于,所述计算节点预先加载有目标虚拟机,以提供所述多方安全计算的运行时环境。
  5. 如权利要求4所述的基于区块链和多方安全计算的交易方法,其特征在于,所述计算节点的计算方法为字节码文件,且所述字节码文件对应的源代码为高级语言程序;
    相应的,在进行多方安全计算时,所述计算节点调用所述目标虚拟机的即时编译器,以将所述计算方法转换成可执行代码。
  6. 一种区块链节点,其特征在于,所述区块链节点上预先部署有至少一个隐私合约,所述区块链节点包括:
    交易请求接收模块,用于接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
    隐私合约加载模块,用于加载与所述合约标识对应的目标隐私合约;
    交易通知发送模块,用于向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
    计算结果接收模块,用于接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
    计算结果保存模块,用于将所述密文计算结果保存至所述目标隐私合约中;
    数据交易结算模块,用于基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算;所述密文计算结果用所述公钥加密。
  7. 如权利要求6所述的区块链节点,其特征在于,所述区块链节点还包括:
    计算结果验证模块,用于在接收所述多个计算节点返回的密文中间计算结果时,根据所述密文中间计算结果及所述目标隐私合约中配置的验证方法,对所述密文计算结果进行验证;如果所述密文计算结果通过验证,则触发所述数据交易结算模块。
  8. 如权利要求6所述的区块链节点,其特征在于,所述区块链节点还包括:
    计算结果提供模块,用于在收到所述数据需求方的计算结果获取请求时,向所述数据需求方提供所述密文计算结果。
  9. 如权利要求6所述的区块链节点,其特征在于,所述计算节点预先加载有目标虚拟机,以提供所述多方安全计算的运行时环境。
  10. 如权利要求9所述的区块链节点,其特征在于,所述计算节点的计算方法为字节码文件,且所述字节码文件对应的源代码为高级语言程序;
    相应的,在进行多方安全计算时,所述计算节点调用所述目标虚拟机的即时编译器,以将所述计算方法转换成可执行代码。
  11. 一种计算机存储介质,其上存储有计算机程序,其特征在于,所述计算机程序应用于区块链网络的任意一个区块链节点上,所述区块链节点上预先部署有至少一个隐私合约,所述计算机程序被处理器执行时实现以下步骤:
    接收数据需求方发起的数据交易请求;所述数据交易请求中携带合约标识、计算方法标识、质押的交易金额及所述数据需求方的公钥;
    加载与所述合约标识对应的目标隐私合约;
    向所述目标隐私合约中约定的多个计算节点发送数据交易通知,以协调所述多个计算节点根据所述计算方法标识进行多方安全计算;
    接收所述多个计算节点之一返回的密文计算结果;所述密文计算结果用所述公钥加密;
    将所述密文计算结果保存至所述目标隐私合约中,并基于所述目标隐私合约中配置的计费规则及所述交易金额进行交易结算。
  12. 一种基于区块链和多方安全计算的交易方法,其特征在于,所述方法包括:
    接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
    响应于所述数据交易通知,从本地数据节点获取隐私数据;
    基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
  13. 如权利要求12所述的基于区块链和多方安全计算的交易方法,其特征在于,所述数据交易通知由所述区块链节点依据收到的数据交易请求生成,所述数据交易请求由所述数据需求方发起。
  14. 如权利要求12所述的基于区块链和多方安全计算的交易方法,其特征在于,所述从本地数据节点获取隐私数据,包括:
    根据所述数据交易通知中携带的指定计算参数,向所述本地数据节点请求与所述指定计算参数对应的隐私数据。
  15. 如权利要求12所述的基于区块链和多方安全计算的交易方法,其特征在于,所述本地数据节点为预先注册的本地数据节点。
  16. 如权利要求12所述的基于区块链和多方安全计算的交易方法,其特征在于,还包括:
    预先加载目标虚拟机,以提供所述计算方法的运行时环境。
  17. 如权利要求16所述的基于区块链和多方安全计算的交易方法,其特征在于,所述计算方法为字节码文件,且所述字节码文件对应的源代码为高级语言程序;
    相应的,在进行多方安全计算时,调用所述目标虚拟机的即时编译器,以将所述计 算方法转换成可执行代码。
  18. 一种计算节点,其特征在于,所述计算节点包括:
    交易通知接收模块,用于接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
    隐私数据获取模块,用于响应于所述数据交易通知,从本地数据节点获取隐私数据;
    多方安全计算模块,用于基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
  19. 如权利要求18所述的计算节点,其特征在于,所述数据交易通知由所述区块链节点依据收到的数据交易请求生成,所述数据交易请求由所述数据需求方发起。
  20. 如权利要求18所述的计算节点,其特征在于,所述从本地数据节点获取隐私数据,包括:
    根据所述数据交易通知中携带的指定计算参数,向所述本地数据节点请求与所述指定计算参数对应的隐私数据。
  21. 如权利要求18所述的计算节点,其特征在于,所述本地数据节点为预先注册的本地数据节点。
  22. 如权利要求18所述的计算节点,其特征在于,还包括:
    虚拟机加载模块,用于预先加载目标虚拟机,以提供所述计算方法的运行时环境。
  23. 如权利要求22所述的计算节点,其特征在于,所述计算方法为字节码文件,且所述字节码文件对应的源代码为高级语言程序;
    相应的,所述多方多方安全计算模块在进行多方安全计算时,调用所述目标虚拟机的即时编译器,以将所述计算方法转换成可执行代码。
  24. 一种计算机存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现以下步骤:
    接收区块链节点提供的数据交易通知;所述数据交易通知中携带合约标识、计算方法标识及数据需求方的公钥,所述合约标识对应的隐私合约预先部署于所述区块链节点上;
    响应于所述数据交易通知,从本地数据节点获取隐私数据;
    基于所述隐私数据及所述计算方法,与所述隐私合约中约定的其他计算节点进行多 方安全计算,获得计算结果;以使所述隐私合约中约定的计算节点之一,用所述公钥加密所述计算结果,并将密文计算结果上链至所述区块链节点。
PCT/CN2019/083424 2019-04-19 2019-04-19 基于区块链和多方安全计算的交易方法、装置及存储介质 WO2020211073A1 (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/083424 WO2020211073A1 (zh) 2019-04-19 2019-04-19 基于区块链和多方安全计算的交易方法、装置及存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/083424 WO2020211073A1 (zh) 2019-04-19 2019-04-19 基于区块链和多方安全计算的交易方法、装置及存储介质

Publications (1)

Publication Number Publication Date
WO2020211073A1 true WO2020211073A1 (zh) 2020-10-22

Family

ID=72837974

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/083424 WO2020211073A1 (zh) 2019-04-19 2019-04-19 基于区块链和多方安全计算的交易方法、装置及存储介质

Country Status (1)

Country Link
WO (1) WO2020211073A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150084A (zh) * 2022-09-05 2022-10-04 翼方健数(北京)信息科技有限公司 一种安全多方计算方法、系统和计算机可读存储介质
US20230246824A1 (en) * 2022-02-02 2023-08-03 Nomura Research Institute, Ltd. Secret calculation system, secret calculation method, and secret calculation program

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107659429A (zh) * 2017-08-11 2018-02-02 四川大学 基于区块链的数据共享方法
WO2018137316A1 (zh) * 2017-01-24 2018-08-02 上海亿账通区块链科技有限公司 基于区块链的安全交易方法、电子装置、系统及存储介质
CN108519981A (zh) * 2018-02-01 2018-09-11 四川大学 一种高效安全的去中心化数据共享方法
CN108647966A (zh) * 2018-05-09 2018-10-12 深圳市融讯科技有限公司 一种基于区块链的数据交互方法及装置
CN108681898A (zh) * 2018-05-15 2018-10-19 广东工业大学 一种基于区块链的数据交易方法及系统
CN109389500A (zh) * 2018-09-29 2019-02-26 重庆邮电大学 基于以太坊的数据交易平台

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018137316A1 (zh) * 2017-01-24 2018-08-02 上海亿账通区块链科技有限公司 基于区块链的安全交易方法、电子装置、系统及存储介质
CN107659429A (zh) * 2017-08-11 2018-02-02 四川大学 基于区块链的数据共享方法
CN108519981A (zh) * 2018-02-01 2018-09-11 四川大学 一种高效安全的去中心化数据共享方法
CN108647966A (zh) * 2018-05-09 2018-10-12 深圳市融讯科技有限公司 一种基于区块链的数据交互方法及装置
CN108681898A (zh) * 2018-05-15 2018-10-19 广东工业大学 一种基于区块链的数据交易方法及系统
CN109389500A (zh) * 2018-09-29 2019-02-26 重庆邮电大学 基于以太坊的数据交易平台

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230246824A1 (en) * 2022-02-02 2023-08-03 Nomura Research Institute, Ltd. Secret calculation system, secret calculation method, and secret calculation program
CN115150084A (zh) * 2022-09-05 2022-10-04 翼方健数(北京)信息科技有限公司 一种安全多方计算方法、系统和计算机可读存储介质

Similar Documents

Publication Publication Date Title
JP6892513B2 (ja) 信頼できる実行環境に基づいたオフチェーンスマートコントラクトサービス
KR102215773B1 (ko) 영-지식 증명을 갖는 계정 노트 모델에 기초한 블록체인 데이터 보호
RU2731417C1 (ru) Параллельное выполнение транзакций в сети цепочек блоков на основе белых списков смарт-контрактов
TWI695613B (zh) 使用同態加密的區塊鏈資料保護
CA3052997C (en) Blockchain data protection based on generic account model and homomorphic encryption
KR102316858B1 (ko) 블록체인 시스템을 위한 암호화 애플리케이션
CA3058227C (en) Preventing misrepresentation of input data by participants in a secure multi-party computation
AU2019378253B2 (en) Distributed ledger systems, methods and devices
TW202013929A (zh) 基於區塊鏈的交易方法、裝置和匯出方設備
US10313353B2 (en) Method, device, terminal, and server for verifying security of service operation
KR20200054129A (ko) 동형 암호화를 이용한 블록체인 데이터 보호
CN110162551B (zh) 数据处理方法、装置和电子设备
CN111047443B (zh) 用户评分方法及装置、电子设备、计算机可读存储介质
TW202014950A (zh) 基於區塊鏈的交易方法、裝置和匯出方設備
TW201822033A (zh) 資源處理方法及裝置
US11263632B2 (en) Information sharing methods, apparatuses, and devices
KR102599873B1 (ko) 서로 다른 블록체인에 기반하는 암호화폐의 거래 서비스를 제공하는 방법 및 장치
TW202018644A (zh) 基於區塊鏈的資料處理方法、裝置和伺服器
CN111767556A (zh) 区块链中实现隐私保护的方法及节点、存储介质
CN114331437A (zh) 一种基于区块链的数字印章使用方法及装置
WO2020211073A1 (zh) 基于区块链和多方安全计算的交易方法、装置及存储介质
WO2020211075A1 (zh) 去中心化多方安全数据处理方法、装置及存储介质
JP2020140695A (ja) 暗号通貨を避難するための装置、方法及びそのためのプログラム
US20230169204A1 (en) Secure sharing of personal data in distributed computing zones
CN113011941B (zh) 虚拟资源的处理方法、装置、设备及计算机可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19925422

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19925422

Country of ref document: EP

Kind code of ref document: A1