[go: up one dir, main page]

CN112272092B - A data editing method applied to blockchain - Google Patents

A data editing method applied to blockchain Download PDF

Info

Publication number
CN112272092B
CN112272092B CN202010891283.9A CN202010891283A CN112272092B CN 112272092 B CN112272092 B CN 112272092B CN 202010891283 A CN202010891283 A CN 202010891283A CN 112272092 B CN112272092 B CN 112272092B
Authority
CN
China
Prior art keywords
hash
record
node
verification
tree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010891283.9A
Other languages
Chinese (zh)
Other versions
CN112272092A (en
Inventor
史先进
韩道军
陈金育
沈夏炯
黄亚博
余建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Internet Service Co ltd
Original Assignee
Henan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University filed Critical Henan University
Priority to CN202010891283.9A priority Critical patent/CN112272092B/en
Publication of CN112272092A publication Critical patent/CN112272092A/en
Application granted granted Critical
Publication of CN112272092B publication Critical patent/CN112272092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5682Policies or rules for updating, deleting or replacing the stored data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种应用于区块链的数据编辑方法,包括以下步骤:A:构建记录验证树;B:若执行记录删除操作进入步骤C;若执行记录修改操作进入步骤F;C:用户、利益相关方想要删除的记录进行签名;D:所有节点对删除请求中的签名信息进行哈希、验证和广播;E:当删除消息验证通过后,将记录删除,并将删除消息插入到请求列表中;F:用户、利益相关方想要修改的记录进行签名;G:所有节点对删除请求中的签名信息进行哈希、验证和广播;H:当修改消息验证通过后,将区块中的记录从区块中删除,将修改消息插入到请求列表中,将新记录插入新记录列表中。本发明能够对区块链上的数据进行编辑,如修改和删除,同时能够对使用者的数据编辑行为进行有效约束。

Figure 202010891283

The invention discloses a data editing method applied to a blockchain, comprising the following steps: A: constructing a record verification tree; B: entering step C if a record deletion operation is performed; entering step F if performing a record modification operation; C: user , Sign the record that stakeholders want to delete; D: All nodes hash, verify and broadcast the signature information in the delete request; E: When the delete message is verified, delete the record and insert the delete message into the In the request list; F: Sign the records that users and stakeholders want to modify; G: All nodes hash, verify and broadcast the signature information in the deletion request; H: After the modification message is verified, the block The records in are removed from the block, the modification message is inserted into the request list, and the new record is inserted into the new records list. The present invention can edit the data on the blockchain, such as modifying and deleting, and can effectively constrain the user's data editing behavior.

Figure 202010891283

Description

一种应用于区块链的数据编辑方法A data editing method applied to blockchain

技术领域technical field

本发明涉及一种数据编辑领域,尤其涉及一种应用于区块链的数据编辑方 法。The invention relates to the field of data editing, in particular to a data editing method applied to a blockchain.

背景技术Background technique

自从区块链的概念被提出后,区块链一直受到社会各界的普遍关注,其应 用也不再局限于虚拟货币,而是被广泛应用于物联网、供应链、医疗等领域中。 在这些领域中区块链主要用来存储交易和数据。对于交易,现有的区块链可基 本满足交易存储的需求;对于数据,区块链与传统的集中式存储相比满足了用 户去中心化、建立信任、数据不可篡改等需求。然而在使用区块链过程中,链 上数据不可编辑给使用者带来诸多不便之处,主要有以下三个方面:第一,错 误的数据无法修改。区块链广泛用于存放证书、健康记录、IoT数据、资产信 息等,这些数据存储在区块链上,保证了数据的真实性和合法性。然而,如果 写入区块链的数据具有只读性,那么记录中错误信息将无法被修正。第二,敏 感的数据难以删除。数据存储是区块链的基本功能,但区块链存储数据的功能 被滥用。第三,失效的数据无法清理。区块链经过一段时间的运行,早期产生 的区块中可能包含大量失效的数据。这些失效的数据会持续占用大量的存储空 间,造成资源的浪费。Since the concept of block chain was proposed, block chain has been widely concerned by all walks of life, and its application is no longer limited to virtual currency, but is widely used in the Internet of Things, supply chain, medical and other fields. In these areas, the blockchain is mainly used to store transactions and data. For transactions, the existing blockchain can basically meet the needs of transaction storage; for data, compared with traditional centralized storage, blockchain meets the needs of user decentralization, building trust, and data immutability. However, in the process of using the blockchain, the uneditable data on the chain brings a lot of inconvenience to users, mainly in the following three aspects: First, wrong data cannot be modified. The blockchain is widely used to store certificates, health records, IoT data, asset information, etc. These data are stored on the blockchain to ensure the authenticity and legality of the data. However, if the data written to the blockchain is read-only, errors in the records cannot be corrected. Second, sensitive data is difficult to delete. Data storage is the basic function of the blockchain, but the function of the blockchain to store data is abused. Third, invalid data cannot be cleaned up. After the blockchain runs for a period of time, the blocks generated in the early stage may contain a large amount of invalid data. These invalid data will continue to occupy a large amount of storage space, resulting in a waste of resources.

针对上述问题,研究者们结合变色龙哈希、多项式等技术,对区块的哈希 验证结构、交易模式等进行了改进,实现了区块记录修改和删除功能。这些方 案大多实现了个人数据的修改和删除,即用户只需通过节点的身份验证就可以 变更区块上的数据,而其他用户对用户的变更操作不能进行干涉。然而,这种 设计在一些场景中是不合适的。例如,在食品供应链中,食品企业的数据需要 上传到区块链上,以供其他合作企业或者政府监管部门查看。一方面,食品企 业需要对错误的数据进行修改,这种需求在现有的可编辑区块链中已经可以满 足。另一方面,如果企业对出现质量问题的相关数据进行修改,以达到逃避处罚的目的,那么会给食品安全的监管带来极大的困难。因此,政府监管部门、 合作企业等利益相关方希望能够对加工企业的数据编辑行为进行约束,使其不 能随意修改上传的数据,以达到保护消费者和企业自身利益的目的。但这种需 求在现有的可编辑区块链方案中很难得到满足。In response to the above problems, researchers combined chameleon hash, polynomial and other technologies to improve the block's hash verification structure and transaction mode, and realized the function of modifying and deleting block records. Most of these schemes realize the modification and deletion of personal data, that is, the user can change the data on the block only through the identity verification of the node, and other users cannot interfere with the user's change operation. However, this design is inappropriate in some scenarios. For example, in the food supply chain, the data of food companies needs to be uploaded to the blockchain for other cooperative companies or government regulators to view. On the one hand, food companies need to modify erroneous data, which can already be met in the existing editable blockchain. On the other hand, if the enterprise modifies the relevant data of quality problems in order to avoid punishment, it will bring great difficulties to the supervision of food safety. Therefore, government regulators, cooperative enterprises and other stakeholders hope to restrict the data editing behavior of processing enterprises, so that they cannot modify the uploaded data at will, so as to achieve the purpose of protecting the interests of consumers and enterprises. But this demand is difficult to meet in the existing editable blockchain scheme.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种应用于区块链的数据编辑方法,能够对区块链上 的数据进行编辑,如修改和删除,同时能够对使用者的数据编辑行为进行有效 约束。The purpose of the present invention is to provide a data editing method applied to the block chain, which can edit, such as modify and delete, the data on the block chain, and at the same time, can effectively restrict the user's data editing behavior.

本发明采用下述技术方案:The present invention adopts following technical scheme:

一种应用于区块链的数据编辑方法,包括以下步骤:A data editing method applied to the blockchain includes the following steps:

A:构建记录验证树;A: Build a record verification tree;

其中,记录验证树为一个二叉和三叉混合树,记录验证树共有n层,从第 1层到第n-2层为结构树,每个结构树都是一颗三叉树,即每个节点有三个叶 子节点,结构树的每个节点代表着阈值门;第n层和第n-1层为信息树,每个 信息树都是一颗二叉树,即每个节点有两个叶子节点;n为正整数;Among them, the record verification tree is a binary and ternary hybrid tree, and the record verification tree has n layers, from the 1st layer to the n-2th layer is a structure tree, each structure tree is a ternary tree, that is, each node There are three leaf nodes, and each node of the structure tree represents a threshold gate; the nth layer and the n-1th layer are information trees, and each information tree is a binary tree, that is, each node has two leaf nodes; n is a positive integer;

B:判断用户是执行记录删除操作还是记录修改操作,若执行记录删除操 作,则进入步骤C;若执行记录修改操作,则进入步骤F;B: determine whether the user performs the record deletion operation or the record modification operation, if the record deletion operation is performed, then enter step C; if the record modification operation is performed, then enter step F;

C:设用户想要删除区块i″上的记录RL1C: Suppose the user wants to delete the record RL 1 on the block i";

首先,用户对记录RL1的哈希hash1=hash(RL1)进行签名Sign(hash1),并生成 删除请求DelInfo′={address,del,Sign(hash1)},其中address为记录地址,del为删 除标记,Sign()表示对任意字符进行签名计算,Sign(hash1)表示hash1的签名;First, the user signs Sign(hash 1 ) for the hash RL 1 hash 1 =hash(RL 1 ), and generates a delete request DelInfo′={address,del,Sign(hash 1 )}, where address is the record address , del is the deletion mark, Sign() means to perform signature calculation on any character, Sign(hash 1 ) means the signature of hash 1 ;

其次,用户将删除请求发送给利益相关方;Second, the user sends a removal request to the stakeholder;

然后,利益相关方对删除请求的哈希hash2=hash(DelInfo′)进行签名并发送给签名收集方;Then, the stakeholder signs the hash 2 =hash(DelInfo') of the deletion request and sends it to the signature collector;

最后,签名收集方收集各方的签名并生成删除消息 DelInfo={address,del,Sign(hash1),MuSign(hash2)},并将删除消息DelInfo广播到区块 链网络中,其中MuSign(hash2)表示对删除请求hash2的多重签名;然后进入步骤 D;Finally, the signature collector collects the signatures of all parties and generates the deletion message DelInfo={address,del,Sign(hash 1 ),MuSign(hash 2 )}, and broadcasts the deletion message DelInfo to the blockchain network, where MuSign( hash 2 ) represents the multi-signature of the deletion request hash 2 ; then proceed to step D;

D:首先,所有节点对删除请求中的签名信息进行哈希,生成签名的哈希 摘要hashsign=hash(Sign(hash1));D: First, all nodes hash the signature information in the deletion request to generate the signature hash digest hash sign =hash(Sign(hash 1 ));

其次,将hashsign和其他记录的哈希集合hashlist一起代入记录验证树验证方 法Verification()进行验证,并解出记录验证树保存的秘密值e(g,g)s,将其与验证 参数哈希进行计算后再进行哈希计算得到秘密值哈希hash3=hash(e(g,g)s·VPHash);Secondly, substitute the hash sign and the hash set hashlist of other records into the record verification tree verification method Verification() for verification, and solve the secret value e(g,g) s stored in the record verification tree, and compare it with the verification parameter After the calculation is performed, the hash calculation is performed to obtain the secret value hash hash 3 =hash(e(g,g) s ·VPHash);

然后进行如下验证:Then verify as follows:

1)将hash3与秘密值哈希SHash进行对比是否一致;1) Compare hash 3 with the secret value hash SHash to see if it is consistent;

2)对多重签名进行验证是否合法;2) Whether the verification of the multi-signature is legal;

如果这两项都通过验证则接受删除行为,否则不接受;If both of these two items are verified, accept the delete behavior, otherwise do not accept;

最后,将验证结果广播到区块链网络中;然后进入步骤E;Finally, broadcast the verification result to the blockchain network; then enter step E;

E:当删除消息被全网半数以上节点的验证通过后,将区块i″中的记录RL1从 区块中删除,并将删除消息插入到请求列表中;E: When the deletion message is verified by more than half of the nodes in the entire network, delete the record RL 1 in the block i" from the block, and insert the deletion message into the request list;

F:设用户想要修改区块i″上的记录RL1F: Suppose the user wants to modify the record RL 1 on the block i";

首先,用户对记录RL1的哈希hash1=hash(RL1)进行签名Sign(hash1),并对新 记录RL′1进行哈希得到hash′1=hash(RL′1),同时对hash′1进行签名Sign(hash′1);First, the user signs the hash RL 1 hash 1 =hash(RL 1 ) Sign(hash 1 ), and hashes the new record RL' 1 to obtain hash' 1 =hash(RL' 1 ), and simultaneously hash' 1 to sign Sign(hash' 1 );

其次,用户生成修改请求 ModifyInfo′={address,mod,Sign(hash1),hash′1,Sign(hash′1)},并将修改请求发送给利益 相关方,其中address为记录地址,mod为修改标记,Sign()表示对任意字符 进行签名计算,Sign(hash1)为hash1的签名,hash′1为RL′1的哈希,Sign(hash′1)为hash′1的签名;Next, the user generates a modification request ModifyInfo'={address,mod,Sign(hash 1 ),hash' 1 ,Sign(hash' 1 )}, and sends the modification request to the stakeholders, where address is the record address and mod is Modify the mark, Sign() means to perform signature calculation on any character, Sign(hash 1 ) is the signature of hash 1 , hash' 1 is the hash of RL' 1 , Sign(hash' 1 ) is the signature of hash'1;

然后利益相关方对修改请求的哈希hash2=hash(ModifyInfo′)进行签名并发送给签名收集方;Then the stakeholder signs the hash hash 2 =hash(ModifyInfo') of the modification request and sends it to the signature collector;

最后签名收集方收集各方签名并生成修改消息 ModifyInfo={address,mod,Sign(hash1),hash′1,Sign(hash′1),MuSign(hash2)},并将重新生成 的记录RL1′一起发送到区块链网络上,其中,MuSign(hash2)表示对修改请求hash2的多重签名;然后进入步骤G;Finally, the signature collector collects the signatures of all parties and generates a modification message ModifyInfo={address,mod,Sign(hash 1 ),hash' 1 ,Sign(hash' 1 ),MuSign(hash 2 )}, and will regenerate the record RL 1 ' is sent to the blockchain network together, where MuSign(hash 2 ) represents the multi-signature of the modification request hash 2 ; then go to step G;

G:首先,所有节点对修改请求中的签名信息进行哈希,生成哈希摘要 hashsign=hash(Sign(hash1));G: First, all nodes hash the signature information in the modification request to generate a hash digest hash sign =hash(Sign(hash 1 ));

其次,将hashsign和其他记录的哈希集合hashlist一起代入记录验证树Verification(),并解出记录验证树保存的秘密值e(g,g)sSecondly, substitute the hash sign and the hash set hashlist of other records into the record verification tree Verification(), and solve the secret value e(g,g) s stored in the record verification tree;

然后,将秘密值e(g,g)s与验证参数哈希进行计算后再进行哈希计算得到秘 密值哈希hash3=hash(e(g,g)s·VPHash),并进行如下验证:Then, calculate the secret value e(g, g) s and the verification parameter hash, and then perform the hash calculation to obtain the secret value hash hash 3 =hash(e(g, g) s · VPHash), and perform the following verification :

1)将hash3与秘密值哈希SHash进行对比是否一致;1) Compare hash 3 with the secret value hash SHash to see if it is consistent;

2)对新生成的记录RL1′进行哈希计算,并将计算得出的记录RL1′的哈希值 与修改消息中的哈希值hash′1进行对比是否一致;2) Perform hash calculation on the newly generated record RL 1 ′, and compare whether the hash value of the calculated record RL 1 ′ is consistent with the hash value hash ′ 1 in the modification message;

3)对多重签名进行验证是否合法;3) Whether the verification of the multi-signature is legal;

如果这三项均通过验证则接受修改行为,否则不接受;If these three items are verified, the modification will be accepted, otherwise it will not be accepted;

最后,将验证结果广播到区块链网络中;然后进入步骤H;Finally, broadcast the verification result to the blockchain network; then enter step H;

H:当修改消息被全网半数以上节点的验证通过后,将区块中的记录RL1从 区块中删除,将修改消息插入到请求列表中,将新记录插入新记录列表中。H: When the modification message is verified by more than half of the nodes in the entire network, the record RL 1 in the block is deleted from the block, the modification message is inserted into the request list, and the new record is inserted into the new record list.

所述的步骤A包括以下步骤:Described step A includes the following steps:

A1:初始化步骤:由授权中心进行初始化,选择一个生成元为g的q阶双 线性群

Figure BDA0002657081650000051
然后生成系统安全参数SP:A1: Initialization step: Initialize by the authorization center, and select a q-order bilinear group whose generator is g
Figure BDA0002657081650000051
Then generate the system security parameter SP:

Figure BDA0002657081650000052
Figure BDA0002657081650000052

其中,

Figure BDA0002657081650000053
是素数阶双线性群,g为生成元,q为双线性群
Figure BDA0002657081650000054
的阶数,e(g,g) 为双线性计算公式;in,
Figure BDA0002657081650000053
is a prime order bilinear group, g is the generator, q is the bilinear group
Figure BDA0002657081650000054
The order of , e(g,g) is the bilinear formula;

A2:生成步骤:Generate(SP,RL),Generate(SP,RL)表示记录验证树的生成, RL表示记录集合,生成步骤由区块链节点运行;A2: Generation step: Generate(SP,RL), Generate(SP,RL) represents the generation of the record verification tree, RL represents the record set, and the generation step is run by the blockchain node;

首先,区块链节点根据记录集合RL和构造规则构造记录验证树

Figure BDA0002657081650000055
First, the blockchain nodes construct the record verification tree according to the record set RL and construction rules
Figure BDA0002657081650000055

其次,为记录验证树

Figure BDA0002657081650000056
的每一个节点
Figure BDA0002657081650000057
选择一个
Figure BDA0002657081650000058
次多项式
Figure BDA0002657081650000059
其中,
Figure BDA00026570816500000510
代表记录验证树的节点,
Figure BDA00026570816500000511
为节点
Figure BDA00026570816500000512
的子节点数的阈值,
Figure BDA00026570816500000513
为节点
Figure BDA00026570816500000514
对应的多 项式;Second, verify the tree for the record
Figure BDA0002657081650000056
every node of
Figure BDA0002657081650000057
choose one
Figure BDA0002657081650000058
degree polynomial
Figure BDA0002657081650000059
in,
Figure BDA00026570816500000510
represents the node of the record validation tree,
Figure BDA00026570816500000511
for the node
Figure BDA00026570816500000512
the threshold for the number of child nodes,
Figure BDA00026570816500000513
for the node
Figure BDA00026570816500000514
the corresponding polynomial;

再次,随机选择秘密参数

Figure BDA00026570816500000515
作为记录验证树
Figure BDA00026570816500000516
保存的秘密值,并将秘密 参数s保存在记录验证树
Figure BDA0002657081650000061
的根节点R中;然后令qR(0)=s,对于其他节点,令
Figure BDA0002657081650000062
Again, the secret parameters are randomly chosen
Figure BDA00026570816500000515
Verification tree as record
Figure BDA00026570816500000516
Save the secret value and save the secret parameter s in the record validation tree
Figure BDA0002657081650000061
in the root node R of ; then let q R (0) = s, for other nodes, let
Figure BDA0002657081650000062

其中,qR(0)=s表示根节点R对应的多项式在自变量为0时的因变量为s,

Figure BDA0002657081650000063
表示模为素数q的有限整数域,
Figure BDA0002657081650000064
表示节点
Figure BDA0002657081650000065
的父节点,
Figure BDA0002657081650000066
表示 节点
Figure BDA0002657081650000067
的索引;Among them, q R (0)=s indicates that the dependent variable of the polynomial corresponding to the root node R is s when the independent variable is 0,
Figure BDA0002657081650000063
represents a finite field of integers modulo prime q,
Figure BDA0002657081650000064
represents a node
Figure BDA0002657081650000065
the parent node of ,
Figure BDA0002657081650000066
represents a node
Figure BDA0002657081650000067
index of;

最后,设Y是记录验证树

Figure BDA0002657081650000068
的所有叶子节点的记录集合,计算验证树参数 VP、验证参数哈希VPHash和秘密值哈希SHash:Finally, let Y be the record validation tree
Figure BDA0002657081650000068
The record set of all leaf nodes of , calculate the verification tree parameter VP, the verification parameter hash VPHash and the secret value hash SHash:

Figure BDA0002657081650000069
Figure BDA0002657081650000069

VPHash=hash(VP) (3)VPHash=hash(VP) (3)

SHash=hash(VPHash·e(g,g)s) (4)SHash=hash(VPHash·e(g,g) s ) (4)

其中,

Figure BDA00026570816500000610
为记录验证树的叶子节点且
Figure BDA00026570816500000611
Figure BDA00026570816500000612
Figure BDA00026570816500000613
为计算验证树参数VP 的组成参数,
Figure BDA00026570816500000614
表示记录
Figure BDA00026570816500000615
对应的多项式的自变量为0时对应因变量的值, 哈希函数H()表示将任意二进制字符映射到双线性群
Figure BDA00026570816500000616
Figure BDA00026570816500000617
表示叶子节点y 相关联记录的哈希摘要,
Figure BDA00026570816500000618
表示将哈希摘要
Figure BDA00026570816500000619
映射到双线性群
Figure BDA00026570816500000620
Figure BDA00026570816500000621
表示对于任意属于属性集Y的属性
Figure BDA00026570816500000622
均可以计 算得到参数
Figure BDA00026570816500000623
Figure BDA00026570816500000624
用于生成验证树参数VP,hash()是一种将任意长度的消息压 缩到某一固定长度的消息摘要的函数;in,
Figure BDA00026570816500000610
is the leaf node of the verification tree for records and
Figure BDA00026570816500000611
Figure BDA00026570816500000612
and
Figure BDA00026570816500000613
To compute the constituent parameters of the validation tree parameter VP,
Figure BDA00026570816500000614
means record
Figure BDA00026570816500000615
When the independent variable of the corresponding polynomial is 0, the value of the dependent variable corresponds to the value of the dependent variable. The hash function H() represents the mapping of any binary character to the bilinear group
Figure BDA00026570816500000616
Figure BDA00026570816500000617
represents the hash digest of the record associated with leaf node y,
Figure BDA00026570816500000618
Indicates that the hash digest will be
Figure BDA00026570816500000619
map to bilinear group
Figure BDA00026570816500000620
Figure BDA00026570816500000621
Represents that for any attribute belonging to attribute set Y
Figure BDA00026570816500000622
parameters can be calculated
Figure BDA00026570816500000623
and
Figure BDA00026570816500000624
Used to generate the verification tree parameter VP, hash() is a function that compresses a message of any length into a message digest of a fixed length;

区块链节点将验证树参数VP、验证参数哈希VPHash、秘密值哈希SHash、 记录集合RL和其他区块信息一起打包生成区块,并向全网广播,区块得到确认 后存储到区块链上,其他区块信息包括时间戳、父区块哈希和版本号;The blockchain nodes package the verification tree parameter VP, the verification parameter hash VPHash, the secret value hash SHash, the record set RL and other block information together to generate a block, and broadcast it to the whole network. After the block is confirmed, it is stored in the block. On the blockchain, other block information includes timestamp, parent block hash and version number;

A3:验证步骤;Verification(RL,VP),Verification(RL,VP)表示记录验证树对记录的验证;验证步骤由区块链节点运行;以区块的记录集合RL和验证树参数VP 作为输入,并输出验证结果;A3: Verification step; Verification(RL, VP), Verification(RL, VP) represents the verification of records by the record verification tree; the verification step is run by the blockchain node; the block record set RL and the verification tree parameter VP are used as input , and output the verification result;

在验证过程中:During verification:

首先,由验证系统执行解密

Figure BDA0002657081650000071
表示解密记录验证树以获取根节点保存的秘密值A;First, decryption is performed by the verification system
Figure BDA0002657081650000071
Represents decrypting the record verification tree to obtain the secret value A stored by the root node;

其次,从记录验证树

Figure BDA0002657081650000072
的叶子节点开始计算节点保存的值,并使用递归计 算上一层节点的值,通过逐层计算直至解出根节点R保存的秘密值;Second, verify the tree from the records
Figure BDA0002657081650000072
The leaf node starts to calculate the value saved by the node, and uses recursion to calculate the value of the node in the previous layer, and calculates layer by layer until the secret value saved by the root node R is solved;

然后,计算记录验证树的根节点R的秘密值A:Then, compute the secret value A of the root node R of the record verification tree:

Figure BDA0002657081650000073
Figure BDA0002657081650000073

其中,qR(0)表示根节点对应的多项式的自变量为0时的因变量的值,z表 示当前节点的子节点;Among them, q R (0) represents the value of the dependent variable when the independent variable of the polynomial corresponding to the root node is 0, and z represents the child node of the current node;

最后,将新计算得出的秘密值哈希Shash′=hash(A·VPHash),对比Shash′是否和原始的秘密值哈希Shash一致,如果一致,说明记录真实有效,如果不一致说 明区块记录被篡改。Finally, compare the newly calculated secret value hash Shash'=hash(A·VPHash), and compare whether Shash' is consistent with the original secret value hash Shash. If it is consistent, it means that the record is true and valid. tampered with.

所述的步骤A1中,e(g,g)为双线性计算公式,满足下述性质:In the described step A1, e(g, g) is a bilinear calculation formula, which satisfies the following properties:

(1)双线性,对于

Figure BDA0002657081650000074
均存在
Figure BDA0002657081650000075
(1) Bilinear, for
Figure BDA0002657081650000074
both exist
Figure BDA0002657081650000075

(2)非退化性,

Figure BDA0002657081650000076
使
Figure BDA0002657081650000077
成立,
Figure BDA0002657081650000078
代表
Figure BDA0002657081650000079
群的单位元;(2) non-degenerate,
Figure BDA0002657081650000076
Make
Figure BDA0002657081650000077
established,
Figure BDA0002657081650000078
represent
Figure BDA0002657081650000079
the unit element of the group;

(3)可计算性,存在有效的算法对

Figure BDA00026570816500000710
计算
Figure BDA00026570816500000711
(3) Computability, there are effective algorithms for
Figure BDA00026570816500000710
calculate
Figure BDA00026570816500000711

其中,

Figure BDA00026570816500000712
Figure BDA00026570816500000713
是素数阶双线性群,
Figure BDA00026570816500000714
表示模为素数q的有限整数域,整 数a属于
Figure BDA00026570816500000715
用于双线性计算中的指数,整数b属于
Figure BDA00026570816500000716
用于双线性计算中的指 数,
Figure BDA00026570816500000717
属于
Figure BDA00026570816500000718
用于双线性计算中的底数,β属于
Figure BDA00026570816500000719
用于双线性计算中的底数。in,
Figure BDA00026570816500000712
and
Figure BDA00026570816500000713
is a bilinear group of prime order,
Figure BDA00026570816500000714
Represents a finite field of integers modulo prime q, where the integer a belongs to
Figure BDA00026570816500000715
used for exponents in bilinear computations, the integer b belongs to
Figure BDA00026570816500000716
for exponents in bilinear calculations,
Figure BDA00026570816500000717
belong
Figure BDA00026570816500000718
Base used in bilinear calculations, β belongs to
Figure BDA00026570816500000719
Base used in bilinear calculations.

所述的步骤A3中,在计算根节点R的秘密值的过程中:In the described step A3, in the process of calculating the secret value of the root node R:

对于叶子节点来说,令t为节点

Figure BDA00026570816500000720
对应的记录值,For leaf nodes, let t be the node
Figure BDA00026570816500000720
the corresponding record value,

如果

Figure BDA00026570816500000721
Figure BDA00026570816500000722
if
Figure BDA00026570816500000721
but
Figure BDA00026570816500000722

如果t∈RL,则If t∈RL, then

Figure BDA0002657081650000081
Figure BDA0002657081650000081

其中,t为节点

Figure BDA0002657081650000082
对应的记录值,
Figure BDA0002657081650000083
表示记录
Figure BDA0002657081650000084
对应的多项式的自变量为 0时对应因变量的值,⊥表示“无效输入”,哈希函数H(t)表示将节点
Figure BDA0002657081650000085
对应的 记录值t映射到双线性群
Figure BDA0002657081650000086
where t is the node
Figure BDA0002657081650000082
the corresponding record value,
Figure BDA0002657081650000083
means record
Figure BDA0002657081650000084
When the independent variable of the corresponding polynomial is 0, it corresponds to the value of the dependent variable, ⊥ represents "invalid input", and the hash function H(t) represents the node
Figure BDA0002657081650000085
The corresponding record value t maps to the bilinear group
Figure BDA0002657081650000086

对于非叶子节点来说,进行从下到上逐层解密操作;对于所有属于节点

Figure BDA00026570816500000821
的 子节点z,调用DecryptNode(VP,z)并输出子节点z对应的秘密值Fz;Sx表示一个 由
Figure BDA0002657081650000087
个Fz≠⊥节点z组成的集合;其中,
Figure BDA0002657081650000088
为节点
Figure BDA0002657081650000089
的子节点数的阈值,z表示 节点x的子节点,Fz表示节点z对应的秘密值;For non-leaf nodes, perform layer-by-layer decryption operations from bottom to top; for all nodes that belong to
Figure BDA00026570816500000821
The child node z of , calls DecryptNode(VP,z) and outputs the secret value F z corresponding to the child node z ; S x represents a
Figure BDA0002657081650000087
A set of F z ≠⊥ nodes z; where,
Figure BDA0002657081650000088
for the node
Figure BDA0002657081650000089
The threshold of the number of child nodes, z represents the child nodes of node x, and F z represents the secret value corresponding to node z;

如果不存在这样的集合,函数返回⊥,如果存在这样的集合,则根据拉格 朗日插值法计算:If no such set exists, the function returns ⊥, and if such a set exists, it is calculated according to Lagrangian interpolation:

Figure BDA00026570816500000810
Figure BDA00026570816500000810

其中,

Figure BDA00026570816500000811
表示节点
Figure BDA00026570816500000812
对应的秘密值,
Figure BDA00026570816500000813
表示节点
Figure BDA00026570816500000814
所有子节点的集合,i′表 示节点z的索引,
Figure BDA00026570816500000815
表示节点
Figure BDA00026570816500000816
对应子节点z索引组成的集合,qz(0)表示节点 z对应的多项式的自变量为0时对应因变量的值,
Figure BDA00026570816500000817
表示索引为i′且集合为
Figure BDA00026570816500000818
时对应的拉格朗日插值法的插值基函数,parent(z)表示节点z的父节点, index(z)表示节点z的索引,qparent(z)(index(z))表示节点z的父节点对应的多项式 在自变量为节点z的索引时的因变量的值,
Figure BDA00026570816500000819
表示节点
Figure BDA00026570816500000820
对应的多项式的自 变量为i′时对应因变量的值。in,
Figure BDA00026570816500000811
represents a node
Figure BDA00026570816500000812
the corresponding secret value,
Figure BDA00026570816500000813
represents a node
Figure BDA00026570816500000814
The set of all child nodes, i' represents the index of node z,
Figure BDA00026570816500000815
represents a node
Figure BDA00026570816500000816
Corresponding to the set of sub-node z indices, q z (0) represents the value of the dependent variable when the independent variable of the polynomial corresponding to node z is 0,
Figure BDA00026570816500000817
means that the index is i' and the set is
Figure BDA00026570816500000818
The corresponding interpolation basis function of Lagrangian interpolation method, parent(z) represents the parent node of node z, index(z) represents the index of node z, q parent(z) (index(z)) represents the The value of the dependent variable of the polynomial corresponding to the parent node when the independent variable is the index of the node z,
Figure BDA00026570816500000819
represents a node
Figure BDA00026570816500000820
The value of the corresponding dependent variable when the independent variable of the corresponding polynomial is i'.

本发明通过构建记录验证树特有的验证方式来实现记录的编辑;然后将多 重签名引入到该发明中,当用户需要编辑记录时,利益相关方进行签名,签名 验证通过后才能执行编辑操作,以此保证记录不能被随意编辑,从而在供应链、 物联网等场景中保护利益相关方的利益。本发明既能够实现对区块链上的数据 进行编辑,如修改和删除,同时还能够对使用者的数据编辑行为进行有效约束。The present invention realizes the editing of records by constructing a unique verification method of the record verification tree; then multi-signature is introduced into the invention, when the user needs to edit the record, the interested parties sign, and the editing operation can be performed only after the signature verification is passed, so as to This assurance record cannot be arbitrarily edited, thereby protecting the interests of stakeholders in scenarios such as supply chain, IoT, etc. The present invention can realize editing, such as modification and deletion, of the data on the blockchain, and at the same time, can effectively constrain the data editing behavior of the user.

附图说明Description of drawings

图1为本发明的流程示意图。FIG. 1 is a schematic flow chart of the present invention.

具体实施方式Detailed ways

以下结合附图和实施例对本发明作以详细的描述:Below in conjunction with accompanying drawing and embodiment, the present invention is described in detail:

如图1所示,本发明所述的应用于区块链的数据编辑方法,包括以下步骤:As shown in Figure 1, the data editing method applied to the blockchain according to the present invention includes the following steps:

A:构建记录验证树;A: Build a record verification tree;

其中,记录验证树为一个二叉和三叉混合树,记录验证树共有n层,从第 1层到第n-2层为结构树,每个结构树都是一颗三叉树,即每个节点有三个叶 子节点,结构树的每个节点代表着阈值门;第n层和第n-1层为信息树,每个 信息树都是一颗二叉树,即每个节点有两个叶子节点;n为正整数;Among them, the record verification tree is a binary and ternary hybrid tree, and the record verification tree has n layers, from the 1st layer to the n-2th layer is a structure tree, each structure tree is a ternary tree, that is, each node There are three leaf nodes, and each node of the structure tree represents a threshold gate; the nth layer and the n-1th layer are information trees, and each information tree is a binary tree, that is, each node has two leaf nodes; n is a positive integer;

区块链系统为区块链中每一个记录构建一颗信息树;信息树中的一个叶子 节点存储着记录的哈希值,用于验证记录的真实性,信息树中的另一个叶子节 点存储着记录签名的哈希值,用于验证数据编辑中修改和删除操作的合法性, 信息树中的父节点存储着或门。The blockchain system builds an information tree for each record in the blockchain; a leaf node in the information tree stores the hash value of the record, which is used to verify the authenticity of the record, and another leaf node in the information tree stores the hash value of the record. It records the hash value of the signature, which is used to verify the legitimacy of modification and deletion operations in data editing, and the parent node in the information tree stores the OR gate.

本发明中,记录验证树不仅要验证原始记录,而且要验证修改或删除操作, 用OR连接两个哈希值,当其中一个哈希值存在时就可以通过记录验证树的验 证,以此来实现记录的修改或删除,能够有效节省频繁修改记录带来的存储空 间占用,满足物联网、供应链场景中用户修改记录的需求。In the present invention, the record verification tree should not only verify the original record, but also verify the modification or deletion operation. Two hash values are connected by OR. When one of the hash values exists, the verification of the record verification tree can be passed. Realizing the modification or deletion of records can effectively save the storage space occupation caused by frequent modification of records, and meet the needs of users to modify records in the Internet of Things and supply chain scenarios.

自底向上,第n-2层,每三颗信息树构成一颗结构树,每个结构树的根节 点代表着与门,从第n-3层开始,每三颗结构树构成一颗复合结构树,每个复 合结构树的根节点代表着与门;重复上一步操作直至只剩下一个节点,完成记 录验证树的构建;如果剩余的信息树或结构树不足三颗时,将剩余的一颗或者 两颗信息树或结构树组成一颗结构树或复合结构树;From the bottom to the top, the n-2th layer, every three information trees constitute a structure tree, the root node of each structure tree represents the AND gate, starting from the n-3th layer, every three structure trees constitute a compound Structure tree, the root node of each composite structure tree represents the AND gate; repeat the previous operation until only one node is left, and complete the construction of the record verification tree; if the remaining information trees or structure trees are less than three, the remaining One or two information trees or structure trees form a structure tree or compound structure tree;

本发明中,使用与门是因为每一颗信息树代表了一个记录,使用与门连接 信息树就可以把区块中所有的记录连接起来形成一个整体,保证记录的安全。 此外,在将记录验证树映射到多项式过程中,一个节点连接信息树越多在解密 时计算量越大。因此,为了降低解密时多项式的计算量,结构树的子节点不超 过三个。In the present invention, the AND gate is used because each information tree represents a record, and by using the AND gate to connect the information tree, all the records in the block can be connected to form a whole to ensure the security of the records. In addition, in the process of mapping the record verification tree to a polynomial, the more nodes connected to the information tree, the greater the computational cost during decryption. Therefore, in order to reduce the computational complexity of the polynomial during decryption, the tree has no more than three child nodes.

本发明中,记录验证树的构建过程包括以下步骤:In the present invention, the construction process of the record verification tree comprises the following steps:

A1:初始化步骤:A1: Initialization steps:

由授权中心进行初始化,选择一个生成元为g的q阶双线性群

Figure BDA0002657081650000101
然后生 成系统安全参数SP:Initialized by the authorization center, select a q-order bilinear group whose generator is g
Figure BDA0002657081650000101
Then generate the system security parameter SP:

Figure BDA0002657081650000102
Figure BDA0002657081650000102

其中,

Figure BDA0002657081650000103
是素数阶双线性群,g为生成元,q为双线性群
Figure BDA0002657081650000104
的阶数,e(g,g) 为双线性计算公式,满足下述公知性质:in,
Figure BDA0002657081650000103
is a prime order bilinear group, g is the generator, q is the bilinear group
Figure BDA0002657081650000104
The order of , e(g,g) is a bilinear calculation formula, which satisfies the following well-known properties:

(1)双线性,对于

Figure BDA0002657081650000105
均存在
Figure BDA0002657081650000106
(1) Bilinear, for
Figure BDA0002657081650000105
both exist
Figure BDA0002657081650000106

(2)非退化性,

Figure BDA0002657081650000107
使
Figure BDA0002657081650000108
成立,
Figure BDA0002657081650000109
代表
Figure BDA00026570816500001010
群的单位元;(2) non-degenerate,
Figure BDA0002657081650000107
Make
Figure BDA0002657081650000108
established,
Figure BDA0002657081650000109
represent
Figure BDA00026570816500001010
the unit element of the group;

(3)可计算性,存在有效的算法对

Figure BDA00026570816500001011
计算
Figure BDA00026570816500001012
(3) Computability, there are effective algorithms for
Figure BDA00026570816500001011
calculate
Figure BDA00026570816500001012

其中,

Figure BDA0002657081650000111
Figure BDA0002657081650000112
是素数阶双线性群,
Figure BDA0002657081650000113
表示模为素数q的有限整数域,整 数a属于
Figure BDA0002657081650000114
用于双线性计算中的指数,整数b属于
Figure BDA0002657081650000115
用于双线性计算中的指 数,
Figure BDA0002657081650000116
属于
Figure BDA0002657081650000117
用于双线性计算中的底数,β属于
Figure BDA0002657081650000118
用于双线性计算中的底数。 上述公知性质为本领域常规技术,在此不再赘述。in,
Figure BDA0002657081650000111
and
Figure BDA0002657081650000112
is a bilinear group of prime order,
Figure BDA0002657081650000113
Represents a finite field of integers modulo prime q, where the integer a belongs to
Figure BDA0002657081650000114
used for exponents in bilinear computations, the integer b belongs to
Figure BDA0002657081650000115
for exponents in bilinear calculations,
Figure BDA0002657081650000116
belong
Figure BDA0002657081650000117
Base used in bilinear calculations, β belongs to
Figure BDA0002657081650000118
Base used in bilinear calculations. The above-mentioned well-known properties are conventional techniques in the art, and will not be repeated here.

A2:生成步骤:A2: Generation steps:

Generate(SP,RL),Generate(SP,RL)表示记录验证树的生成,RL表示记录集合,生成步骤由区块链节点运行。Generate(SP,RL), Generate(SP,RL) represents the generation of the record verification tree, RL represents the record set, and the generation step is run by the blockchain node.

首先,区块链节点根据记录集合RL和构造规则构造记录验证树

Figure BDA0002657081650000119
First, the blockchain nodes construct the record verification tree according to the record set RL and construction rules
Figure BDA0002657081650000119

其次,为记录验证树

Figure BDA00026570816500001110
的每一个节点
Figure BDA00026570816500001111
选择一个
Figure BDA00026570816500001112
次多项式
Figure BDA00026570816500001113
其中,
Figure BDA00026570816500001114
代表记录验证树的节点,
Figure BDA00026570816500001115
为节点
Figure BDA00026570816500001116
的子节点数的阈值,
Figure BDA00026570816500001117
为节点
Figure BDA00026570816500001118
对应的多 项式;Second, verify the tree for the record
Figure BDA00026570816500001110
every node of
Figure BDA00026570816500001111
choose one
Figure BDA00026570816500001112
degree polynomial
Figure BDA00026570816500001113
in,
Figure BDA00026570816500001114
represents the node of the record validation tree,
Figure BDA00026570816500001115
for the node
Figure BDA00026570816500001116
the threshold for the number of child nodes,
Figure BDA00026570816500001117
for the node
Figure BDA00026570816500001118
the corresponding polynomial;

再次,随机选择秘密参数

Figure BDA00026570816500001119
作为记录验证树
Figure BDA00026570816500001120
保存的秘密值,并将秘密 参数s保存在记录验证树
Figure BDA00026570816500001121
的根节点R中;然后令qR(0)=s,对于其他节点,令
Figure BDA00026570816500001122
其中,qR(0)=s表示根节点R对应的多项式在自变量 为0时的因变量为s,
Figure BDA00026570816500001123
表示模为素数q的有限整数域,
Figure BDA00026570816500001124
表示节点
Figure BDA00026570816500001125
的 父节点,
Figure BDA00026570816500001126
表示节点
Figure BDA00026570816500001127
的索引;Again, the secret parameters are randomly chosen
Figure BDA00026570816500001119
Verification tree as record
Figure BDA00026570816500001120
Save the secret value and save the secret parameter s in the record validation tree
Figure BDA00026570816500001121
in the root node R of ; then let q R (0) = s, for other nodes, let
Figure BDA00026570816500001122
Among them, q R (0)=s indicates that the dependent variable of the polynomial corresponding to the root node R is s when the independent variable is 0,
Figure BDA00026570816500001123
represents a finite field of integers modulo prime q,
Figure BDA00026570816500001124
represents a node
Figure BDA00026570816500001125
the parent node of ,
Figure BDA00026570816500001126
represents a node
Figure BDA00026570816500001127
index of;

最后,设Y是记录验证树

Figure BDA00026570816500001128
的所有叶子节点的记录集合,计算验证树参数 VP、验证参数哈希VPHash和秘密值哈希SHash:Finally, let Y be the record validation tree
Figure BDA00026570816500001128
The record set of all leaf nodes of , calculate the verification tree parameter VP, the verification parameter hash VPHash and the secret value hash SHash:

Figure BDA00026570816500001129
Figure BDA00026570816500001129

VPHash=hash(VP) (3)VPHash=hash(VP) (3)

SHash=hash(VPHash·e(g,g)s) (4)SHash=hash(VPHash·e(g,g) s ) (4)

其中,

Figure BDA00026570816500001130
为记录验证树的叶子节点且
Figure BDA00026570816500001131
Figure BDA00026570816500001132
Figure BDA00026570816500001133
为计算验证树参数VP 的组成参数,
Figure BDA0002657081650000121
表示记录
Figure BDA0002657081650000122
对应的多项式的自变量为0时对应因变量的值, 哈希函数H()表示将任意二进制字符映射到双线性群
Figure BDA0002657081650000123
Figure BDA0002657081650000124
表示叶子节点y 相关联记录的哈希摘要,
Figure BDA0002657081650000125
表示将哈希摘要
Figure BDA0002657081650000126
映射到双线性群
Figure BDA0002657081650000127
Figure BDA0002657081650000128
表示对于任意属于属性集Y的属性
Figure BDA0002657081650000129
均可以计 算得到参数
Figure BDA00026570816500001210
Figure BDA00026570816500001211
用于生成验证树参数VP,hash()是一种将任意长度的消息压 缩到某一固定长度的消息摘要的函数;in,
Figure BDA00026570816500001130
is the leaf node of the verification tree for records and
Figure BDA00026570816500001131
Figure BDA00026570816500001132
and
Figure BDA00026570816500001133
To compute the constituent parameters of the validation tree parameter VP,
Figure BDA0002657081650000121
means record
Figure BDA0002657081650000122
When the independent variable of the corresponding polynomial is 0, the value of the dependent variable corresponds to the value of the dependent variable. The hash function H() represents the mapping of any binary character to the bilinear group
Figure BDA0002657081650000123
Figure BDA0002657081650000124
represents the hash digest of the record associated with leaf node y,
Figure BDA0002657081650000125
Indicates that the hash digest will be
Figure BDA0002657081650000126
map to bilinear group
Figure BDA0002657081650000127
Figure BDA0002657081650000128
Represents that for any attribute belonging to attribute set Y
Figure BDA0002657081650000129
parameters can be calculated
Figure BDA00026570816500001210
and
Figure BDA00026570816500001211
Used to generate the verification tree parameter VP, hash() is a function that compresses a message of any length into a message digest of a fixed length;

区块链节点将验证树参数VP、验证参数哈希VPHash、秘密值哈希SHash、 记录集合RL和其他区块信息一起打包生成区块,并向全网广播,区块得到确认 后存储到区块链上。其他区块信息包括时间戳、父区块哈希和版本号,属于本 领域常规技术,在此不再赘述。The blockchain nodes package the verification tree parameter VP, the verification parameter hash VPHash, the secret value hash SHash, the record set RL and other block information together to generate a block, and broadcast it to the whole network. After the block is confirmed, it is stored in the block. on the blockchain. Other block information includes timestamp, parent block hash and version number, which belong to the conventional technology in the art and will not be repeated here.

A3:验证步骤;A3: verification steps;

Verification(RL,VP),Verification(RL,VP)表示记录验证树对记录的验证;验证 步骤由区块链节点运行;以区块的记录集合RL和验证树参数VP作为输入,并 输出验证结果;Verification(RL,VP), Verification(RL,VP) represents the verification of records by the record verification tree; the verification step is run by the blockchain nodes; the block record set RL and verification tree parameters VP are used as input, and the verification result is output ;

在验证过程中:During verification:

首先,由验证系统执行解密

Figure BDA00026570816500001212
Figure BDA00026570816500001213
表示解密 记录验证树以获取根节点保存的秘密值A;First, decryption is performed by the verification system
Figure BDA00026570816500001212
Figure BDA00026570816500001213
Represents decrypting the record verification tree to obtain the secret value A stored by the root node;

其次,从记录验证树

Figure BDA00026570816500001214
的叶子节点开始计算节点保存的值,并使用递归计 算上一层节点的值,通过逐层计算直至解出根节点R保存的秘密值;Second, verify the tree from the records
Figure BDA00026570816500001214
The leaf node starts to calculate the value saved by the node, and uses recursion to calculate the value of the node in the previous layer, and calculates layer by layer until the secret value saved by the root node R is solved;

然后,计算记录验证树的根节点R的秘密值A:Then, compute the secret value A of the root node R of the record verification tree:

Figure BDA00026570816500001215
Figure BDA00026570816500001215

其中,qR(0)表示根节点对应的多项式的自变量为0时的因变量的值,z表 示当前节点(此处为根节点R)的子节点;Among them, q R (0) represents the value of the dependent variable when the independent variable of the polynomial corresponding to the root node is 0, and z represents the child node of the current node (here, the root node R);

最后,将新计算得出的秘密值哈希Shash′=hash(A·VPHash),对比Shash′是否和原始的秘密值哈希Shash一致,如果一致,说明记录真实有效,如果不一致说 明区块记录被篡改。Finally, compare the newly calculated secret value hash Shash'=hash(A·VPHash), and compare whether Shash' is consistent with the original secret value hash Shash. If it is consistent, it means that the record is true and valid. tampered with.

在计算根节点R的秘密值的过程中:In the process of calculating the secret value of the root node R:

对于叶子节点来说,令t为节点

Figure BDA0002657081650000131
对应的记录值,For leaf nodes, let t be the node
Figure BDA0002657081650000131
the corresponding record value,

如果

Figure BDA0002657081650000132
Figure BDA0002657081650000133
if
Figure BDA0002657081650000132
but
Figure BDA0002657081650000133

如果t∈RL,则If t∈RL, then

Figure BDA0002657081650000134
Figure BDA0002657081650000134

其中,t为节点

Figure BDA0002657081650000135
对应的记录值,
Figure BDA0002657081650000136
表示记录
Figure BDA0002657081650000137
对应的多项式的自变量为 0时对应因变量的值,⊥表示“无效输入”,哈希函数H(t)表示将节点
Figure BDA0002657081650000138
对应的 记录值t映射到双线性群
Figure BDA0002657081650000139
where t is the node
Figure BDA0002657081650000135
the corresponding record value,
Figure BDA0002657081650000136
means record
Figure BDA0002657081650000137
When the independent variable of the corresponding polynomial is 0, it corresponds to the value of the dependent variable, ⊥ represents "invalid input", and the hash function H(t) represents the node
Figure BDA0002657081650000138
The corresponding record value t maps to the bilinear group
Figure BDA0002657081650000139

对于非叶子节点来说,进行从下到上逐层解密操作;对于所有属于节点

Figure BDA00026570816500001314
的 子节点z,调用DecryptNode(VP,z)并输出子节点z对应的秘密值Fz;Sx表示一个 由
Figure BDA00026570816500001310
个Fz≠⊥节点z组成的集合;其中,
Figure BDA00026570816500001311
为节点
Figure BDA00026570816500001312
的子节点数的阈值,z表示 节点x的子节点,Fz表示节点z对应的秘密值;For non-leaf nodes, perform layer-by-layer decryption operations from bottom to top; for all nodes that belong to
Figure BDA00026570816500001314
The child node z of , calls DecryptNode(VP,z) and outputs the secret value F z corresponding to the child node z ; S x represents a
Figure BDA00026570816500001310
A set of F z ≠⊥ nodes z; where,
Figure BDA00026570816500001311
for the node
Figure BDA00026570816500001312
The threshold of the number of child nodes, z represents the child nodes of node x, and F z represents the secret value corresponding to node z;

如果不存在这样的集合,函数返回⊥,如果存在这样的集合,则根据拉格 朗日插值法计算:If no such set exists, the function returns ⊥, and if such a set exists, it is calculated according to Lagrangian interpolation:

Figure BDA00026570816500001313
Figure BDA00026570816500001313

其中,

Figure BDA0002657081650000141
表示节点
Figure BDA0002657081650000142
对应的秘密值,
Figure BDA0002657081650000143
表示节点
Figure BDA0002657081650000144
所有子节点的集合,i′表 示节点z的索引,
Figure BDA0002657081650000145
表示节点
Figure BDA0002657081650000146
对应子节点z索引组成的集合,qz(0)表示节点 z对应的多项式的自变量为0时对应因变量的值,
Figure BDA0002657081650000147
表示索引为i′且集合为
Figure BDA0002657081650000148
时对应的拉格朗日插值法的插值基函数,parent(z)表示节点z的父节点, index(z)表示节点z的索引,qparent(z)(index(z))表示节点z的父节点对应的多项式 在自变量为节点z的索引时的因变量的值,
Figure BDA0002657081650000149
表示节点
Figure BDA00026570816500001410
对应的多项式的自 变量为i′时对应因变量的值,拉格朗日插值法的定义如下:in,
Figure BDA0002657081650000141
represents a node
Figure BDA0002657081650000142
the corresponding secret value,
Figure BDA0002657081650000143
represents a node
Figure BDA0002657081650000144
The set of all child nodes, i' represents the index of node z,
Figure BDA0002657081650000145
represents a node
Figure BDA0002657081650000146
Corresponding to the set of sub-node z indices, q z (0) represents the value of the dependent variable when the independent variable of the polynomial corresponding to node z is 0,
Figure BDA0002657081650000147
means that the index is i' and the set is
Figure BDA0002657081650000148
The corresponding interpolation basis function of Lagrangian interpolation method, parent(z) represents the parent node of node z, index(z) represents the index of node z, q parent(z) (index(z)) represents the The value of the dependent variable of the polynomial corresponding to the parent node when the independent variable is the index of the node z,
Figure BDA0002657081650000149
represents a node
Figure BDA00026570816500001410
When the independent variable of the corresponding polynomial is i′, the value of the corresponding dependent variable, the definition of Lagrangian interpolation method is as follows:

对于一个未知的n次多项式,如果已知该多项式的n+1个不同的点在 xi(i=0,1,…,n)处的函数值yi(i=0,1,…,n)(即该函数过(xi,yi)i=0,1,…,n这n+1个点),则 可以唯一确定一个拉格朗日插值多项式

Figure BDA00026570816500001411
其中Δj(x)为插值基函数, 表达式为:For an unknown polynomial of degree n, if the function values y i (i=0,1,...,n) of n+1 different points of the polynomial are known at x i (i=0,1,...,n) n) (that is, the function passes (x i , y i ) i=0,1,...,n these n+1 points), then a Lagrangian interpolation polynomial can be uniquely determined
Figure BDA00026570816500001411
where Δ j (x) is the interpolation basis function, and the expression is:

Figure BDA00026570816500001412
Figure BDA00026570816500001412

其中,n为多项式次方数,i表示点的编号且i=0,1,…,n,xi为点i的横坐标, yi为点i的纵坐标,P(x)表示拉格朗日插值多项式,j表示点的编号且j=0,1,…,n, yj表示编号为j时对应的纵坐标值,Δj(x)为插值基函数,x表示多项式的自变 量,xj为点j的横坐标;Among them, n is the polynomial power number, i is the number of the point and i=0,1,...,n, x i is the abscissa of point i, y i is the ordinate of point i, P (x) is the lager Longian interpolation polynomial, j represents the point number and j=0,1,...,n, y j represents the corresponding ordinate value when the number is j, Δ j (x) is the interpolation basis function, x represents the independent variable of the polynomial , x j is the abscissa of point j;

B:判断用户是执行记录删除操作还是记录修改操作,若执行记录删除操 作,则进入步骤C;若执行记录修改操作,则进入步骤F;B: determine whether the user performs the record deletion operation or the record modification operation, if the record deletion operation is performed, then enter step C; if the record modification operation is performed, then enter step F;

C:设用户想要删除区块i″上的记录RL1C: Suppose the user wants to delete the record RL 1 on the block i";

首先,用户对记录RL1的哈希hash1=hash(RL1)进行签名Sign(hash1),并生成 删除请求DelInfo′={address,del,Sign(hash1)},其中address为记录地址,del为删 除标记,Sign()表示对任意字符进行签名计算,Sign(hash1)表示hash1的签名;First, the user signs Sign(hash 1 ) for the hash RL 1 hash 1 =hash(RL 1 ), and generates a delete request DelInfo′={address,del,Sign(hash 1 )}, where address is the record address , del is the deletion mark, Sign() means to perform signature calculation on any character, Sign(hash 1 ) means the signature of hash 1 ;

其次,用户将删除请求发送给利益相关方;Second, the user sends a removal request to the stakeholder;

然后,利益相关方对删除请求的哈希hash2=hash(DelInfo′)进行签名并发送给签名收集方,利益相关方一般由企业的合作伙伴和政府监管部门等组成;Then, the stakeholder signs the hash 2 =hash(DelInfo') of the deletion request and sends it to the signature collector, and the stakeholder is generally composed of business partners and government regulatory authorities;

最后,签名收集方收集各方的签名并生成删除消息 DelInfo={address,del,Sign(hash1),MuSign(hash2)},并将删除消息DelInfo广播到区块 链网络中,其中MuSign(hash2)表示对删除请求hash2的多重签名;然后进入步骤 D;Finally, the signature collector collects the signatures of all parties and generates the deletion message DelInfo={address,del,Sign(hash 1 ),MuSign(hash 2 )}, and broadcasts the deletion message DelInfo to the blockchain network, where MuSign( hash 2 ) represents the multi-signature of the deletion request hash 2 ; then proceed to step D;

D:首先,所有节点对删除请求中的签名信息进行哈希,生成签名的哈希 摘要hashsign=hash(Sign(hash1));D: First, all nodes hash the signature information in the deletion request to generate the signature hash digest hash sign =hash(Sign(hash 1 ));

其次,将hashsign和其他记录的哈希集合hashlist一起代入记录验证树验证方 法Verification()进行验证,并解出记录验证树保存的秘密值e(g,g)s,将其与验证 参数哈希进行计算后再进行哈希计算得到秘密值哈希hash3=hash(e(g,g)s·VPHash);Secondly, substitute the hash sign and the hash set hashlist of other records into the record verification tree verification method Verification() for verification, and solve the secret value e(g,g) s stored in the record verification tree, and compare it with the verification parameter After the calculation is performed, the hash calculation is performed to obtain the secret value hash hash 3 =hash(e(g,g) s ·VPHash);

然后进行如下验证:Then verify as follows:

1)将hash3与秘密值哈希SHash进行对比是否一致;1) Compare hash 3 with the secret value hash SHash to see if it is consistent;

2)对多重签名进行验证是否合法;2) Whether the verification of the multi-signature is legal;

如果这两项都通过验证则接受删除行为,否则不接受;If both of these two items are verified, accept the delete behavior, otherwise do not accept;

最后,将验证结果广播到区块链网络中;然后进入步骤E;Finally, broadcast the verification result to the blockchain network; then enter step E;

E:当删除消息被全网半数以上节点的验证通过后,将区块i″中的记录RL1从 区块中删除,并将删除消息插入到请求列表中;E: When the deletion message is verified by more than half of the nodes in the entire network, delete the record RL 1 in the block i" from the block, and insert the deletion message into the request list;

F:设用户想要修改区块i″上的记录RL1F: Suppose the user wants to modify the record RL 1 on the block i";

首先,用户对记录RL1的哈希hash1=hash(RL1)进行签名Sign(hash1),并对新 记录RL′1进行哈希得到hash′1=hash(RL′1),同时对hash′1进行签名Sign(hash′1);First, the user signs the hash RL 1 hash 1 =hash(RL 1 ) Sign(hash 1 ), and hashes the new record RL' 1 to obtain hash' 1 =hash(RL' 1 ), and simultaneously hash' 1 to sign Sign(hash' 1 );

其次,用户生成修改请求 ModifyInfo′={address,mod,Sign(hash1),hash′1,Sign(hash′1)},并将修改请求发送给利益 相关方,其中address为记录地址,mod为修改标记,Sign()表示对任意字符 进行签名计算,Sign(hash1)为hash1的签名,hash′1为RL′1的哈希,Sign(hash′1)为hash′1的签名;Next, the user generates a modification request ModifyInfo'={address,mod,Sign(hash 1 ),hash' 1 ,Sign(hash' 1 )}, and sends the modification request to the stakeholders, where address is the record address and mod is Modify the mark, Sign() means to perform signature calculation on any character, Sign(hash 1 ) is the signature of hash 1 , hash' 1 is the hash of RL' 1 , Sign(hash' 1 ) is the signature of hash'1;

然后利益相关方对修改请求的哈希hash2=hash(ModifyInfo′)进行签名并发送给签名收集方;Then the stakeholder signs the hash hash 2 =hash(ModifyInfo') of the modification request and sends it to the signature collector;

最后签名收集方收集各方签名并生成修改消息 ModifyInfo={address,mod,Sign(hash1),hash′1,Sign(hash′1),MuSign(hash2)},并将重新生成 的记录RL1′一起发送到区块链网络上,其中,MuSign(hash2)表示对修改请求hash2的多重签名;然后进入步骤G;Finally, the signature collector collects the signatures of all parties and generates a modification message ModifyInfo={address,mod,Sign(hash 1 ),hash' 1 ,Sign(hash' 1 ),MuSign(hash 2 )}, and will regenerate the record RL 1 ' is sent to the blockchain network together, where MuSign(hash 2 ) represents the multi-signature of the modification request hash 2 ; then go to step G;

G:首先,所有节点对修改请求中的签名信息进行哈希,生成哈希摘要 hashsign=hash(Sign(hash1));G: First, all nodes hash the signature information in the modification request to generate a hash digest hash sign =hash(Sign(hash 1 ));

其次,将hashsign和其他记录的哈希集合hashlist一起代入记录验证树Verification(),并解出记录验证树保存的秘密值e(g,g)sSecondly, substitute the hash sign and the hash set hashlist of other records into the record verification tree Verification(), and solve the secret value e(g,g) s stored in the record verification tree;

然后,将秘密值e(g,g)s与验证参数哈希进行计算后再进行哈希计算得到秘 密值哈希hash3=hash(e(g,g)s·VPHash),并进行如下验证:Then, calculate the secret value e(g, g) s and the verification parameter hash, and then perform the hash calculation to obtain the secret value hash hash 3 =hash(e(g, g) s · VPHash), and perform the following verification :

1)将hash3与秘密值哈希SHash进行对比是否一致;1) Compare hash 3 with the secret value hash SHash to see if it is consistent;

2)对新生成的记录RL1′进行哈希计算,并将计算得出的记录RL1′的哈希值 与修改消息中的哈希值hash′1进行对比是否一致;2) Perform hash calculation on the newly generated record RL 1 ′, and compare whether the hash value of the calculated record RL 1 ′ is consistent with the hash value hash ′ 1 in the modification message;

3)对多重签名进行验证是否合法;3) Whether the verification of the multi-signature is legal;

如果这三项均通过验证则接受修改行为,否则不接受;If these three items are verified, the modification will be accepted, otherwise it will not be accepted;

最后,将验证结果广播到区块链网络中;然后进入步骤H;Finally, broadcast the verification result to the blockchain network; then enter step H;

H:当修改消息被全网半数以上节点的验证通过后,将区块中的记录RL1从 区块中删除,将修改消息插入到请求列表中,将新记录插入新记录列表中。H: When the modification message is verified by more than half of the nodes in the entire network, the record RL 1 in the block is deleted from the block, the modification message is inserted into the request list, and the new record is inserted into the new record list.

Claims (3)

1. A data editing method applied to a block chain is characterized by comprising the following steps:
a: constructing a record verification tree;
the record verification tree is a binary and trigeminal mixed tree, the record verification tree has n layers, the layers from the 1 st layer to the n-2 th layer are structure trees, each structure tree is a ternary tree, namely each node has three leaf nodes, and each node of the structure tree represents a threshold gate; the nth layer and the (n-1) th layer are information trees, and each information tree is a binary tree, namely each node has two leaf nodes; n is a positive integer;
b: judging whether the user executes the record deleting operation or the record modifying operation, and entering the step C if the user executes the record deleting operation; if the record modification operation is executed, entering the step F;
c: suppose the user wants to delete a recording RL on block i ″1
First, the user records RL1Hash of1=hash(RL1) Signature Sign (hash) is carried out1) And generates a delete request DelInfo ═ { address, del, Sign (hash)1) Wherein address is a record address, del is a deletion mark, Sign () represents signature calculation for any character, Sign (hash)1) Representing a hash1The signature of (2);
secondly, the user sends a deletion request to the interest-related party;
the stakeholder's hash of the delete request is then made2Signing the hash (DelInfo') and sending the signature to a signature collector;
finally, the signature collector collects the signatures of the parties and generates a delete message DelInfo ═ address, del, Sign (hash)1),MuSign(hash2) And broadcasts a delete message DelInfo into the blockchain network, where MuSign (hash)2) Representing a request for delete hash2Multiple signatures of (2); however, the device is not suitable for use in a kitchenThen entering the step D;
d: firstly, all nodes hash the signature information in the deletion request to generate a signed hash digest hashsign=hash(Sign(hash1));
Secondly, the hash is carried outsignSubstituting the hash set hashlist of other records into a record Verification tree Verification method Verification () to verify, and solving a secret value e (g, g) stored in the record Verification treesCalculating the hash of the verification parameter with the hash of the verification parameter, and then performing hash calculation to obtain a secret value hash3=hash(e(g,g)s·VPHash);
The following validation was then performed:
1) will hash3Comparing the hash value with the secret value Hash to determine whether the hash value is consistent with the secret value Hash;
2) verifying whether the multiple signatures are legal or not;
accepting a delete action if both items pass verification, otherwise not accepting;
finally, broadcasting the verification result to the block chain network; then entering step E;
e: when the deletion message is verified by more than half of nodes in the whole network, the record RL in the block i ″1Deleting the block and inserting a deletion message into the request list;
f: suppose the user wants to modify the recording RL on block i ″1
First, the user records RL1Hash of1=hash(RL1) Signature Sign (hash) is carried out1) And to newly record RL'1Hash is carried out to obtain hash'1=hash(RL′1) Simultaneously to hash'1Signature Sign (hash) 'is performed'1);
Next, the user generates a modification request ModifyInfo' ═ { address, mod, Sign (hash)1),hash′1,Sign(hash′1) Sending a modification request to a stakeholder, wherein address is a record address, mod is a modification mark, Sign () represents signature calculation on any character, and Sign (hash) represents signature calculation1) Is a hash1Of 'signature, hash'1Is RL'1Hash of (1), Sign (hash)'1) Is hash'1The signature of (2);
the stakeholder's hash of the modification request is then made2Signing the hash (ModifyInfo') and sending the signature to a signature collector;
finally, the signature collector collects the signatures of all parties and generates a modification message ModifyInfo { address, mod, Sign (hash)1),hash′1,Sign(hash′1),MuSign(hash2) And regenerated record RL'1Sent together onto a blockchain network, where MuSign (hash)2) Representing a hash on a modification request2Multiple signatures of (2); then entering step G;
g: firstly, all nodes hash the signature information in the modification request to generate hash abstract hashsign=hash(Sign(hash1));
Secondly, the hash is carried outsignSubstituting the hash set hashlist of other records into the Verification tree Verification () of the record and solving the secret value e (g, g) stored in the Verification tree of the records
Then, the secret value e (g, g)sCalculating with the verification parameter Hash, and then performing Hash calculation to obtain secret value Hash3=hash(e(g,g)sVPHash) and verified as follows:
1) will hash3Comparing the hash value with the secret value Hash to determine whether the hash value is consistent with the secret value Hash;
2) for newly generated record RL1' Hash calculation is performed, and the calculated record RL is recorded1'Hash value of modification message'1Comparing whether the two are consistent;
3) verifying whether the multiple signatures are legal or not;
if the three items are verified, the modification action is accepted, otherwise, the modification action is not accepted;
finally, broadcasting the verification result to the block chain network; then entering step H;
h: when the modification message is verified by more than half of nodes in the whole network, the RL record in the block is recorded1From the blockDeleting, inserting the modification message into the request list, and inserting the new record into the new record list;
wherein, the step A comprises the following steps:
a1: an initialization step: initializing by authorization center, selecting a q-order bilinear group with generator g
Figure FDA0003107676950000031
Then, generating a system security parameter SP:
Figure FDA0003107676950000032
wherein,
Figure FDA0003107676950000033
is a prime order bilinear group, g is a generator, q is a bilinear group
Figure FDA0003107676950000034
E (g, g) is a bilinear calculation formula;
a2: a generation step: generating (SP, RL) which represents the generation of a record verification tree, RL represents a record set, and the generating step is executed by a block link point;
firstly, the block chain link points construct the record verification tree according to the record set RL and the construction rule
Figure FDA0003107676950000041
Second, the tree is validated for records
Figure FDA00031076769500000436
Each node of
Figure FDA0003107676950000042
Select one
Figure FDA0003107676950000043
Polynomial of degree
Figure FDA0003107676950000044
Wherein,
Figure FDA0003107676950000045
represents a node of the log verification tree that records,
Figure FDA0003107676950000046
is a node
Figure FDA0003107676950000047
A threshold value for the number of sub-nodes,
Figure FDA0003107676950000048
is a node
Figure FDA0003107676950000049
A corresponding polynomial;
again, the secret parameters are randomly selected
Figure FDA00031076769500000410
As a log verification tree
Figure FDA00031076769500000411
Storing the secret value and storing the secret parameter s in a log verification tree
Figure FDA00031076769500000412
In the root node R of (2); then let qR(0) For other nodes, let
Figure FDA00031076769500000413
Wherein q isR(0) S denotes that the dependent variable of the polynomial corresponding to the root node R when the independent variable is 0 is s,
Figure FDA00031076769500000414
a finite integer field modulo a prime number q,
Figure FDA00031076769500000415
representing nodes
Figure FDA00031076769500000416
The node of the node (c) is,
Figure FDA00031076769500000417
representing nodes
Figure FDA00031076769500000418
An index of (2);
finally, let Y be the record verification tree
Figure FDA00031076769500000419
Calculating a verification tree parameter VP, a verification parameter Hash VPHash and a secret value Hash SHAsh:
Figure FDA00031076769500000420
VPHash=hash(VP) (3)
SHash=hash(VPHash·e(g,g)s) (4)
wherein,
Figure FDA00031076769500000421
verify leaf nodes of the tree for records and
Figure FDA00031076769500000422
Figure FDA00031076769500000423
and
Figure FDA00031076769500000424
to calculate the composition parameters of the verification tree parameters VP,
Figure FDA00031076769500000425
presentation recording
Figure FDA00031076769500000426
The hash function H () represents the mapping of an arbitrary binary character to a bilinear group
Figure FDA00031076769500000427
Figure FDA00031076769500000428
A hash digest representing the associated record of the leaf node y,
Figure FDA00031076769500000429
representing a hash digest
Figure FDA00031076769500000430
Mapping to bilinear groups
Figure FDA00031076769500000431
Figure FDA00031076769500000432
Representing attributes for any attribute belonging to the attribute set Y
Figure FDA00031076769500000433
Can be calculated to obtain parameters
Figure FDA00031076769500000434
And
Figure FDA00031076769500000435
for generating the verification tree parameter VP, hash () is a kind of arbitrary lengthA function that compresses messages of degree to a message digest of a certain fixed length;
the block chain node packs the verification tree parameter VP, the verification parameter Hash VPHash, the secret value Hash, the record set RL and other block information together to generate a block, the block is broadcasted to the whole network, the block is stored in a block chain after being confirmed, and the other block information comprises a timestamp, a father block Hash and a version number;
a3: a verification step; verification (RL, VP), which represents the Verification of a record by a record Verification tree; the verification step is executed by the block link point; taking a record set RL and a verification tree parameter VP of the block as input, and outputting a verification result;
in the verification process:
first, decryption is performed by the authentication system
Figure FDA0003107676950000051
Representing a decryption record verification tree to obtain a secret value A saved by a root node;
second, the tree is verified from the record
Figure FDA0003107676950000052
The leaf node starts to calculate the value stored by the node, and calculates the value of the node on the upper layer by using recursion until solving the secret value stored by the root node R layer by layer;
then, the secret value a of the root node R of the log verification tree is calculated:
Figure FDA0003107676950000053
wherein q isR(0) Representing the value of a dependent variable when the independent variable of the polynomial corresponding to the root node is 0, and z represents a child node of the current node;
and finally, comparing the newly calculated secret value Hash 'with Hash (A. VPHash), judging whether the Hash' is consistent with the original secret value Hash, if so, indicating that the record is real and effective, and if not, indicating that the block record is tampered.
2. The data editing method applied to the block chain according to claim 1, characterized in that: in the step a1, e (g, g) is a bilinear calculation formula, and satisfies the following properties:
(1) bilinear, for
Figure FDA0003107676950000054
All exist
Figure FDA0003107676950000055
(2) The non-degradable nature of the coating is not degraded,
Figure FDA0003107676950000056
make it
Figure FDA0003107676950000057
It is true that the first and second sensors,
Figure FDA0003107676950000058
represents
Figure FDA0003107676950000059
A unit cell of the group;
(3) computability, there is an efficient algorithm pair
Figure FDA00031076769500000510
Computing
Figure FDA00031076769500000511
Wherein,
Figure FDA0003107676950000061
and
Figure FDA0003107676950000062
is a prime order bilinear group,
Figure FDA0003107676950000063
a finite integer field representing modulus as a prime number q, the integer a belonging to
Figure FDA0003107676950000064
Exponent used in bilinear computations, the integer b belongs to
Figure FDA0003107676950000065
The exponents used in the bilinear computation,
Figure FDA0003107676950000066
belong to
Figure FDA0003107676950000067
Base number used in bilinear computing, beta belonging to
Figure FDA0003107676950000068
Base numbers used in bilinear computations.
3. The data editing method applied to the block chain according to claim 2, wherein: in the step a3, in the process of calculating the secret value of the root node R:
for leaf nodes, let t be the node
Figure FDA0003107676950000069
The corresponding value of the record is recorded,
if it is not
Figure FDA00031076769500000610
Then
Figure FDA00031076769500000611
If t ∈ RL, then
Figure FDA00031076769500000612
Wherein t is a node
Figure FDA00031076769500000613
The corresponding value of the record is recorded,
Figure FDA00031076769500000614
presentation recording
Figure FDA00031076769500000615
When the independent variable of the corresponding polynomial is 0, the value of the dependent variable is corresponded,. quadrature.represents 'invalid input', and the hash function H (t) represents the node
Figure FDA00031076769500000616
Mapping of corresponding record value t to bilinear group
Figure FDA00031076769500000617
For non-leaf nodes, performing layer-by-layer decryption operation from bottom to top; for all belonging nodes
Figure FDA00031076769500000618
The child node z calls DecryptNode (VP, z) and outputs the secret value F corresponding to the child node zz;SxRepresents a group of
Figure FDA00031076769500000619
F iszNot ≠ T node z; wherein,
Figure FDA00031076769500000620
is a node
Figure FDA00031076769500000621
Z represents a child node of node x, FzRepresenting correspondences of node zA secret value;
if no such set exists, the function returns ×, if such a set exists, then it is calculated according to lagrange interpolation:
Figure FDA0003107676950000071
wherein,
Figure FDA0003107676950000072
representing nodes
Figure FDA0003107676950000073
The corresponding value of the secret is used,
Figure FDA0003107676950000074
representing nodes
Figure FDA0003107676950000075
The set of all children nodes, i' represents the index of node z,
Figure FDA0003107676950000076
representing nodes
Figure FDA0003107676950000077
Set of z indices of corresponding child nodes, qz(0) The value of the dependent variable when the argument of the polynomial corresponding to the node z is 0,
Figure FDA0003107676950000078
denotes an index i' and is aggregated
Figure FDA0003107676950000079
The interpolation basis function of the corresponding Lagrange interpolation method, parent (z) represents the father node of the node z, index (z) represents the index of the node z, qparent(z)(index (z)) indicates that the polynomial corresponding to the parent node of node z is automorphicThe quantity is the value of the dependent variable at the index of node z,
Figure FDA00031076769500000710
representing nodes
Figure FDA00031076769500000711
The value of the dependent variable when the independent variable of the corresponding polynomial is i'.
CN202010891283.9A 2020-08-30 2020-08-30 A data editing method applied to blockchain Active CN112272092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010891283.9A CN112272092B (en) 2020-08-30 2020-08-30 A data editing method applied to blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010891283.9A CN112272092B (en) 2020-08-30 2020-08-30 A data editing method applied to blockchain

Publications (2)

Publication Number Publication Date
CN112272092A CN112272092A (en) 2021-01-26
CN112272092B true CN112272092B (en) 2021-07-27

Family

ID=74349657

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010891283.9A Active CN112272092B (en) 2020-08-30 2020-08-30 A data editing method applied to blockchain

Country Status (1)

Country Link
CN (1) CN112272092B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113378213B (en) * 2021-04-20 2022-06-21 华南农业大学 A recordable and traceable blockchain security deletion method
CN113783839B (en) * 2021-08-06 2023-04-07 华润数字科技有限公司 Block chain data updating method and device, computer equipment and storage medium
CN117786756B (en) * 2024-02-23 2024-05-14 四川大学华西医院 Method and system for realizing safe sharing of user patient data based on skin database

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10592873B2 (en) * 2018-05-21 2020-03-17 Microsoft Technology Licensing, Llc Edit transactions for blockchains
CN108830602B (en) * 2018-06-27 2022-03-29 电子科技大学 Permission chain construction and management and control method based on chameleon hash function
CN110061850B (en) * 2019-04-24 2021-04-23 电子科技大学 Collision calculation method of chameleon hash function and editable blockchain construction method
CN110457297B (en) * 2019-07-10 2022-02-15 北京航空航天大学 Editable blockchain system and method based on multi-authority center attribute encryption
CN110474762B (en) * 2019-08-22 2021-05-25 电子科技大学 Method for constructing ring-type editable block chain
CN110489422B (en) * 2019-08-23 2022-04-08 电子科技大学 How to automatically repair the blockchain
CN110730204B (en) * 2019-09-05 2022-09-02 创新先进技术有限公司 Method for deleting nodes in block chain network and block chain system
CN110572254B (en) * 2019-09-12 2020-12-04 中国科学院信息工程研究所 A Lattice-Based Approach to Changeable Blockchains

Also Published As

Publication number Publication date
CN112272092A (en) 2021-01-26

Similar Documents

Publication Publication Date Title
Zheng et al. Fair and dynamic proofs of retrievability
Chepurnoy et al. Edrax: A cryptocurrency with stateless transaction validation
EP2338127B1 (en) Cryptographic accumulators for authenticated hash tables
CN112272092B (en) A data editing method applied to blockchain
Dods et al. Hash based digital signature schemes
JP7381480B2 (en) Blockchain implementation method and system for authentication based on bilinear map accumulator
CN108418783A (en) A method and medium for protecting the privacy of blockchain smart contracts
CN110489422B (en) How to automatically repair the blockchain
CN109525403B (en) Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
CN111526009A (en) A Forward-Secure Editable Blockchain Construction Method for Consortium Chains
CN109272316B (en) A block implementation method and system based on a blockchain network
CN109861829B (en) Cloud data justice auditing system supporting dynamic updating and auditing method thereof
CN112839041B (en) Blockchain-based power grid identity authentication method, device, medium and equipment
CN108123934B (en) Mobile-end-oriented data integrity verification method
CN104978239A (en) Method, device and system for realizing multi-backup-data dynamic updating
CN114239025B (en) Data processing method and device based on blockchain
CN111640018B (en) A method and device for verifying the existence of a blockchain transaction
CN114691669A (en) Electronic certificate storage method and device, electronic equipment and storage medium
CN110958109A (en) A Lightweight Dynamic Data Integrity Audit Method Based on Hierarchical Merkle Hash Tree
CN112800482B (en) Identity-based online/offline security cloud storage auditing method
CN118505250A (en) Block chain-based supply chain financial digital identity zero-knowledge authentication and identity management method and device
Lin et al. Linearly homomorphic signatures from lattices
CN116865972B (en) A blockchain data processing method based on trapdoor hashing operation
CN112671712A (en) Cloud data integrity verification method and system supporting efficient dynamic update

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241230

Address after: Room 606-609, Office Complex Building, No. 757 Dongfeng East Road, Yuexiu District, Guangzhou City, Guangdong Province, 510062

Patentee after: China Southern Power Grid Internet Service Co.,Ltd.

Country or region after: China

Address before: 475001 No.85, Minglun street, Shunhe Hui District, Kaifeng City, Henan Province

Patentee before: Henan University

Country or region before: China