CN116633522A

CN116633522A - Two-party privacy intersection method and system based on blockchain

Info

Publication number: CN116633522A
Application number: CN202310629369.8A
Authority: CN
Inventors: 王战山; 马小峰
Original assignee: Tongji University
Current assignee: Tongji University
Priority date: 2023-05-30
Filing date: 2023-05-30
Publication date: 2023-08-22

Abstract

The application relates to a block chain-based two-party privacy intersection method and a system, wherein the method comprises the following steps: the server encrypts the own data by using a private key, and uploads the public key and the encrypted data to the blockchain so as to be convenient for sharing; the service side initiates an intelligent contract and signs an intelligent contract with the inquiring side and the arbitrating side; performing intersection calculation between the inquiring party and the service party, performing Hash calculation on the intermediate calculation result, and uploading the intermediate calculation result to a blockchain for certification; the inquiring party verifies the final calculation result, and confirms or applies arbitration to the arbitrating party according to whether the result is correct or not; the arbitrator verifies according to the certificate on the chain, judges whether the inquirer has fraudulent behaviors or not, and makes corresponding decisions; the inquiring party or the arbitrating party invokes the signed intelligent contract to carry out signature confirmation, thereby giving rewards to the service party or punishing the service party. Compared with the prior art, the application has the advantage of high safety.

Description

A blockchain-based two-party privacy seeking intersection method and system

技术领域technical field

本发明涉及区块链与隐私计算领域，尤其是涉及一种基于区块链的两方隐私求交方法及系统。The present invention relates to the fields of block chain and privacy computing, in particular to a method and system for seeking intersection of privacy between two parties based on block chain.

背景技术Background technique

在当今的数据共享领域，一方面数据持有方不愿共享数据，因为数据在使用前需要和相关机构签订各种合同，不仅经营成本较高，而且在发生纠纷时很难对恶意参与方的不良行为进行追溯；另一方面限于当下的数据安全法规，数据持有方对数据在使用过程中的安全性无法确信，因此不敢轻易共享数据。In today's data sharing field, on the one hand, data holders are reluctant to share data, because the data needs to sign various contracts with relevant institutions before using the data, which not only has high operating costs, but also makes it difficult to sue malicious parties in the event of disputes. On the other hand, due to the current data security regulations, data holders are not sure about the security of the data during use, so they dare not share data easily.

而目前的安全求交协议主要是使用云服务器作为第三方对双方加密之后的集合进行求交，这样做虽然提高了效率，但其安全性严重依赖于第三方服务器的可信度，当第三方服务器与其中一个参与方合谋时，其他参与方的信息便很容易泄露。同时当第三方服务器受到DDoS攻击时，整个系统可能会瘫痪，可靠性不高。However, the current security negotiation protocol mainly uses the cloud server as the third party to perform the negotiation on the encrypted sets of both parties. Although this improves the efficiency, its security depends heavily on the credibility of the third-party server. When the third-party When the server colludes with one of the parties, the information of the other parties can be easily leaked. At the same time, when the third-party server is attacked by DDoS, the entire system may be paralyzed, and the reliability is not high.

发明内容Contents of the invention

本发明的目的就是为了克服上述现有技术存在的缺陷而提供了一种安全性高的基于区块链的两方隐私求交方法及系统。The purpose of the present invention is to provide a highly secure block chain-based two-party privacy interrogation method and system in order to overcome the above-mentioned defects in the prior art.

本发明的目的可以通过以下技术方案来实现：The purpose of the present invention can be achieved through the following technical solutions:

根据本发明的第二方面，提供了一种基于区块链的两方隐私求交方法，该方法包括：According to a second aspect of the present invention, there is provided a blockchain-based two-party privacy seeking intersection method, the method comprising:

服务方将自己的数据用私钥进行加密，并将公钥和加密数据上传至区块链以便于共享；The service party encrypts its own data with a private key, and uploads the public key and encrypted data to the blockchain for easy sharing;

服务方发起智能合约，并和查询方以及仲裁方三方签订智能合约；The service party initiates a smart contract and signs a smart contract with the query party and the arbitrator;

查询方和服务方之间执行求交计算，并将中间计算结果进行哈希计算后上传至区块链进行存证；Intersection calculations are performed between the querying party and the server, and the intermediate calculation results are hashed and uploaded to the blockchain for storage;

查询方验证最终的计算结果，根据结果正确与否进行确认或向仲裁方申请仲裁；The inquiring party verifies the final calculation result, confirms whether the result is correct or applies to the arbitrator for arbitration;

仲裁方根据链上的存证进行核实，判定查询方是否存在欺诈行为，并做出相应的裁决；The arbitrator conducts verification based on the evidence stored on the chain, determines whether the inquiring party has committed fraud, and makes a corresponding ruling;

查询方或仲裁方调用签订的智能合约，进行签名确认，从而给予服务方奖励或对服务方进行惩罚。The inquiring party or the arbitrator invokes the signed smart contract for signature confirmation, thus rewarding or punishing the service party.

优选地，所述服务方将自己的数据用私钥进行加密，并将公钥和加密数据上传至区块链以便于共享，包括：Preferably, the service party encrypts its own data with a private key, and uploads the public key and encrypted data to the blockchain for easy sharing, including:

采用加密算法生成密钥对(E,D,N)；Generate a key pair (E, D, N) using an encryption algorithm;

采用私钥(D,N)对明文进行加密得到密文C1；Use the private key (D, N) to encrypt the plaintext to obtain the ciphertext C1;

将公钥(E,N)和密文C1上传至区块链进行公开。Upload the public key (E, N) and ciphertext C1 to the blockchain for disclosure.

优选地，所述加密算法为RSA加密算法。Preferably, the encryption algorithm is RSA encryption algorithm.

优选地，所述服务方发起智能合约，并和查询方以及仲裁方三方签订智能合约，包括：Preferably, the service party initiates a smart contract and signs a smart contract with the query party and the arbitrator, including:

服务方向区块链发起请求，并发布智能合约到区块链；The service initiates a request to the blockchain and publishes a smart contract to the blockchain;

仲裁方接收区块链通知，确认合约合法后用进行签名；The arbitrator receives the blockchain notification and signs it after confirming that the contract is legal;

查询方接收区块链通知，验证合约已经经过仲裁方签名后若接受该智能合约所规定的奖惩机制，则在智能合约上进行签名。The inquiring party receives the block chain notification, and after verifying that the contract has been signed by the arbitrator, if it accepts the reward and punishment mechanism stipulated in the smart contract, it will sign on the smart contract.

优选地，所述查询方和服务方之间执行求交计算，并将中间计算结果进行哈希计算后上传至区块链进行存证，包括：Preferably, the intersecting calculation is performed between the querying party and the service party, and the intermediate calculation result is hash calculated and then uploaded to the block chain for depositing evidence, including:

查询方为自己数据集合内的每个元素都随机挑选一个随机数，将此随机数用服务方的公钥(E,N)进行加密，然后再与对应元素的哈希值相乘得到加盲数据C_Enc，然后将加盲后的数据发送给服务方，并将加盲数据进行哈希计算后上传至区块链平台进行存证；The query party randomly selects a random number for each element in its own data set, encrypts the random number with the public key (E, N) of the server, and then multiplies it with the hash value of the corresponding element to obtain the blinded Data C_Enc, and then send the blinded data to the service party, and upload the blinded data to the blockchain platform for deposit after hash calculation;

服务方接收查询方发送的加盲数据，用自己的私钥(D,N)进行解密得到解密数据C_Dec，然后将解密数据发送给查询方，并将解密数据进行哈希计算后上传至区块链平台进行存证；The service party receives the blinded data sent by the query party, decrypts it with its own private key (D, N) to obtain the decrypted data C_Dec, then sends the decrypted data to the query party, and uploads the decrypted data to the block after hash calculation Chain platform for deposit certificate;

查询方接收服务方发送的解密数据，除以自己加盲过程中挑选的随机数，便可得到解盲数据C2；The inquiring party receives the decrypted data sent by the service party and divides it by the random number selected during the blinding process to obtain the unblinded data C2;

查询方从区块链平台下载服务方的加密数据，将服务方提供的加密数据与解盲后的数据进行计算便可得到双方的交集。The query party downloads the encrypted data of the service party from the blockchain platform, and calculates the encrypted data provided by the service party and the unblinded data to obtain the intersection of the two parties.

优选地，所述查询方验证最终的计算结果，根据结果正确与否进行确认或向仲裁方申请仲裁，包括：Preferably, the inquiring party verifies the final calculation result, confirms whether the result is correct or applies to the arbitrator for arbitration, including:

查询方可将服务方解密过的数据再次使用服务方的公钥进行加密，便能得到服务方解密前的数据，对这些数据进行哈希计算，并和之前已在区块链平台上存证的查询方加盲数据哈希值进行比对，便可判别服务方是否如实按照协议进行计算；The query party can encrypt the data decrypted by the service party again with the public key of the service party to obtain the data before the decryption by the service party, perform hash calculation on these data, and store the certificate with the previous one on the blockchain platform The inquiring party adds the blind data hash value to compare, and then it can be judged whether the server is calculating according to the agreement;

若服务方没有存在欺诈行为，则在智能合约上进行签名，按照合约上的规定对服务方给予相应的奖励；If the service party does not have fraudulent behavior, it will sign on the smart contract, and give corresponding rewards to the service party according to the provisions of the contract;

若发现服务方存在欺诈行为，则向仲裁方申请仲裁，并拒绝在智能合约上签名。If the service provider is found to be fraudulent, it will apply to the arbitrator for arbitration and refuse to sign on the smart contract.

优选地，所述仲裁方根据链上的存证进行核实，判定查询方是否存在欺诈行为，并作出相应的裁决，包括：Preferably, the arbitrator conducts verification based on the evidence stored on the chain, determines whether the inquiring party has fraudulent behavior, and makes a corresponding ruling, including:

对区块链上服务方和查询方在计算过程中链上的存证进行比对：Compare the storage certificates on the blockchain during the calculation process of the service party and the query party on the blockchain:

若服务方确实存在欺诈行为，则在智能合约上签名确认，按照事先签订的智能合约对服务方进行一定的惩罚，仲裁方还可选择将服务方的恶意行为向全网公开；If the service party does have fraudulent behavior, it will sign and confirm on the smart contract, and the service party will be punished according to the pre-signed smart contract, and the arbitrator can also choose to disclose the malicious behavior of the service party to the entire network;

若服务方没有存在欺诈行为，则在智能合约上签名，按照智能合约的规定对服务方进行相应的奖励。If there is no fraudulent behavior by the service party, the smart contract will be signed, and the service party will be rewarded accordingly according to the provisions of the smart contract.

根据本发明的第二方面，提供了一种基于区块链的两方隐私求交系统，其特征在于，包括服务方、查询方、仲裁方和区块链模块，采用上述的方法进行两方隐私求交。According to the second aspect of the present invention, a two-party privacy interrogation system based on blockchain is provided, which is characterized in that it includes a server, an inquiring party, an arbitrator, and a blockchain module. Ask for privacy.

根据本发明的第三方面，提供了一种电子设备，包括存储器和处理器，所述存储器上存储有计算机程序，所述处理器执行所述程序时实现任一项所述的方法。According to a third aspect of the present invention, an electronic device is provided, including a memory and a processor, the memory stores a computer program, and the processor implements any one of the methods when executing the program.

根据本发明的第四方面，提供了一种计算机可读存储介质，其上存储有计算机程序，所述程序被处理器执行时实现任一项所述的方法。According to a fourth aspect of the present invention, there is provided a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, any one of the methods described in the present invention is implemented.

与现有技术相比，本发明具有以下优点：Compared with the prior art, the present invention has the following advantages:

1)对于查询方来讲，在服务方加密的过程中，由于是采用服务方自己的私钥对集合进行加密，而查询方只知晓服务方的公钥，由于不可能从公钥中逆推出私钥，因此查询方无法得到服务方的原始数据。1) For the inquiring party, in the process of encrypting the server, since the set is encrypted with the server’s own private key, and the inquiring party only knows the public key of the server, since it is impossible to deduce from the public key Private key, so the query party cannot get the original data of the service party.

2)对于服务方来讲，在查询方加盲的过程中，虽然是采用服务方的公钥进行加密，但由于查询方为每个元素都乘上了一个随机数，因此即使服务方可以用私钥进行解密，得到的数据中也会含有查询方随机生成的随机数，因此服务方也无法得知查询方的原始数据。2) For the server, in the process of blinding the query, although the public key of the server is used for encryption, since the query multiplies a random number for each element, even if the server can use The private key is used to decrypt, and the obtained data will also contain random numbers randomly generated by the querying party, so the server cannot know the original data of the querying party.

3)如果服务方不遵守协议的执行，查询方可以通过比对发现，同时可向仲裁方申请仲裁，仲裁方可通过对链上存证进行追溯，核实出服务方是否存在恶意破坏协议的行为，从而保证服务方得到相应的奖励或受到相应的惩罚。3) If the service party does not abide by the implementation of the agreement, the query party can find out through comparison, and at the same time apply to the arbitrator for arbitration, and the arbitrator can trace back the evidence stored on the chain to verify whether the service party has maliciously violated the agreement , so as to ensure that the service party is rewarded or punished accordingly.

附图说明Description of drawings

图1为实施例中的系统结构示意图；Fig. 1 is the system structure schematic diagram in the embodiment;

图2为实施例提供的一种基于区块链的双方隐私求交系统总流程示意图；Fig. 2 is a schematic diagram of the overall flow of a blockchain-based two-party privacy interrogation system provided by the embodiment;

图3为实施例提供的一种基于区块链的双方隐私求交系统求交计算部分流程示意图；Fig. 3 is a schematic flow diagram of a part of the intersection calculation process of a blockchain-based two-party privacy seeking intersection system provided by the embodiment;

图4为实施例提供的一种基于区块链的双方隐私求交系统求交计算部分流程示意图；FIG. 4 is a schematic flow diagram of a part of the intersection calculation process of a blockchain-based two-party privacy seeking intersection system provided by the embodiment;

图5为实施例提供的一种基于区块链的双方隐私求交系统求交计算部分流程示意图。Fig. 5 is a schematic flow diagram of a partial intersection calculation process of a blockchain-based two-party privacy seeking intersection system provided by an embodiment.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明的一部分实施例，而不是全部实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例，都应属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

实施例Example

为更好的理解本发明，以下先对本发明实施例提供的基于区块链的双方隐私求交系统的结构示意图进行介绍：In order to better understand the present invention, the following first introduces the schematic structural diagram of the blockchain-based two-party privacy interrogation system provided by the embodiment of the present invention:

图1是本发明一实施例提供的一种基于区块链的双方隐私求交系统结构示意图，如图1所示，在区块链网络结构中节点分为三种，包括服务方节点、查询方节点和仲裁方节点。服务方节点为提供数据集的节点，查询方节点为有需求进行数据查询的节点，仲裁方节点为处理服务方与查询方纠纷的节点。Fig. 1 is a schematic structural diagram of a blockchain-based two-party privacy seeking intersection system provided by an embodiment of the present invention. As shown in Fig. 1, nodes in the blockchain network structure are divided into three types, including server nodes, query party node and arbitrator node. The server node is the node that provides the data set, the query node is the node that needs to perform data query, and the arbitrator node is the node that handles the dispute between the server and the query party.

服务方和查询方之间可进行求交计算，并将计算过程中的关键数据上链存证。Intersection calculations can be performed between the service party and the query party, and the key data in the calculation process can be stored on the chain.

当发生纠纷时，仲裁方可根据链上存证进行溯源，确保服务方的欺诈行为受到惩罚，从而保证整个系统的稳定。When a dispute occurs, the arbitrator can trace the source according to the evidence stored on the chain to ensure that the fraudulent behavior of the service provider is punished, thereby ensuring the stability of the entire system.

图2是本发明一实施例提供的一种基于区块链的双方隐私求交系统总流程示意图，如图2所示，本发明实施例提供的一种基于区块链的双方隐私求交系统，包括：Fig. 2 is a schematic diagram of the general flow of a blockchain-based two-party privacy seeking system provided by an embodiment of the present invention. As shown in Fig. 2, a blockchain-based two-party privacy seeking system provided by an embodiment of the present invention ,include:

加密阶段，服务方将自己的数据用私钥进行加密，并将公钥和加密数据上传至区块链以便于共享。In the encryption phase, the service party encrypts its own data with a private key, and uploads the public key and encrypted data to the blockchain for easy sharing.

签署智能合约阶段，服务方发起智能合约，并和查询方以及仲裁方三方签订智能合约。In the stage of signing the smart contract, the service party initiates the smart contract and signs the smart contract with the query party and the arbitrator.

求交计算阶段，查询方和服务方之间执行求交计算，并将中间计算结果进行Hash计算后上传至区块链进行存证。In the intersection calculation stage, the intersection calculation is performed between the querying party and the server, and the intermediate calculation results are Hash calculated and uploaded to the blockchain for storage.

结果验证阶段，查询方验证最终的计算结果，根据结果正确与否进行确认或向仲裁方申请仲裁。In the result verification stage, the inquiring party verifies the final calculation result, confirms whether the result is correct or applies to the arbitrator for arbitration.

仲裁核实阶段，仲裁方根据链上的存证进行核实，判定查询方是否存在欺诈行为，并作出相应的裁决。In the arbitration verification stage, the arbitrator verifies according to the evidence stored on the chain, determines whether the inquiring party has fraudulent behavior, and makes a corresponding ruling.

确认阶段，查询方或仲裁方调用签订的智能合约，进行签名确认，从而给予服务方奖励或对服务方进行惩罚。In the confirmation stage, the inquiring party or the arbitrator invokes the signed smart contract to confirm the signature, thereby rewarding or punishing the service party.

由上述实施例可知，本申请采用了区块链和RSA加密的技术手段，为服务方和参与方进行隐私求交提供了便利的平台，同时解决了传统的第三方服务器隐私求交方法中，第三方可能联合参与方作恶、容易遭到DDos攻击的问题。本发明可以解决传统第三方服务器隐私求交方法的弊端，简化了合同签订的管理成本，同时加大了服务方作恶的成本。It can be seen from the above embodiments that this application adopts blockchain and RSA encryption technical means, which provides a convenient platform for the service party and participants to conduct privacy disclosure, and at the same time solves the problem of the traditional third-party server privacy disclosure method. The third party may cooperate with the participants to do evil and be vulnerable to DDos attacks. The invention can solve the disadvantages of the traditional third-party server privacy seeking method, simplifies the management cost of contract signing, and increases the cost of the service party doing evil.

在加密阶段，服务方将自己的数据用私钥进行加密，并将公钥和加密数据上传至区块链以便于共享；该阶段可以包含以下子步骤：In the encryption phase, the service party encrypts its own data with a private key, and uploads the public key and encrypted data to the blockchain for easy sharing; this phase can include the following sub-steps:

采用RSA加密算法生成密钥对(E,D,N)。具体地，该步骤可以包含以下子步骤Generate a key pair (E, D, N) using the RSA encryption algorithm. Specifically, this step may include the following sub-steps

求N，首先产生两个随机的质数p和q，这两个质数需要互质，且不能太小，然后将p乘以q便得到了N，并记p-1和q-1的最小公倍数为L。To find N, first generate two random prime numbers p and q, these two prime numbers need to be relatively prime and not too small, then multiply p by q to get N, and record the least common multiple of p-1 and q-1 for L.

求E，其中E需要满足两个条件，一是比1大比L小，二是E和L互质。Find E, where E needs to meet two conditions, one is greater than 1 and smaller than L, and the other is that E and L are mutually prime.

求D，其中D首先要足够大，且必须满足大于1小于L，E和D的乘积对L的模值为1。Find D, where D must first be large enough, and must be greater than 1 and less than L, and the modulus of the product of E and D to L is 1.

采用私钥(D,N)对明文进行加密得到密文C1。Use the private key (D, N) to encrypt the plaintext to obtain the ciphertext C1.

具体地，如图4所示，服务方首先使用Hash函数对原始数据一一进行hash计算，然后采用私钥(D,N)对每个个hash值进行加密，得到秘文C＝M^D mod N，然后对密文再次进行hash计算得到C1。Specifically, as shown in Figure 4, the server first uses the Hash function to perform hash calculations on the original data one by one, and then uses the private key (D, N) to encrypt each hash value to obtain the secret C = M ^D mod N , and then perform hash calculation on the ciphertext again to obtain C1.

具体地，服务方将公钥(E,N)发布到区块链进行公开，同时将密文C1也上传到区块链进行存储，方便查询方进行下载。Specifically, the service party publishes the public key (E, N) to the blockchain for disclosure, and at the same time uploads the ciphertext C1 to the blockchain for storage, which is convenient for the querying party to download.

在签署智能合约阶段，服务方发起智能合约，并和查询方以及仲裁方三方签订智能合约；该阶段可以包含以下子步骤：In the phase of signing the smart contract, the service party initiates the smart contract and signs the smart contract with the query party and the arbitrator; this phase can include the following sub-steps:

服务方向区块链发起请求，并发布智能合约到区块链。The service initiates a request to the blockchain and publishes a smart contract to the blockchain.

具体地，服务方可根据自己的数据价值进行定价，同时通过设计合适的惩罚机制向查询方进行证明，并以智能合约的形式发布到区块链平台。Specifically, the service party can set prices according to its own data value, and at the same time prove to the query party by designing an appropriate penalty mechanism, and publish it to the blockchain platform in the form of a smart contract.

仲裁方接收区块链通知，确认合约合法后用进行签名。The arbitrator receives the blockchain notification and signs it after confirming that the contract is legal.

具体地，仲裁方可对服务方发布的智能合约进行审核，确保其定价合理且惩罚机制满足要求时。用私钥对智能合约进行签名。Specifically, the arbitrator can review the smart contract issued by the service provider to ensure that the price is reasonable and the penalty mechanism meets the requirements. Sign the smart contract with the private key.

具体地，查询方可从区块链平台下载服务方和仲裁方的公钥，验证智能合约的发布主体无误且经过权威的仲裁方签名后，若接收其中的定价及惩罚机制，则在合约上进行签名。Specifically, the inquiring party can download the public keys of the service party and the arbitrator from the blockchain platform, verify that the issuing body of the smart contract is correct and signed by the authoritative arbitrator, and if the pricing and penalty mechanism is received, the contract will be to sign.

在求交计算阶段，查询方和服务方之间执行求交计算，并将中间计算结果进行Hash计算后上传至区块链进行存证；该阶段如图3所示，可以包含以下子步骤：In the intersecting calculation phase, the intersecting calculation is performed between the querying party and the server, and the intermediate calculation results are Hash calculated and uploaded to the blockchain for storage; this phase, as shown in Figure 3, can include the following sub-steps:

查询方为自己数据集合内的每个元素都随机挑选一个随机数，将此随机数用服务方的公钥(E,N)进行加密，然后再与对应元素的hash值相乘得到加盲数据C_Enc，然后将加盲后的数据发送给服务方。The query party randomly selects a random number for each element in its own data set, encrypts the random number with the public key (E, N) of the server, and then multiplies it with the hash value of the corresponding element to obtain the blinded data C _Enc , and then send the blinded data to the server.

具体地，如图5所示，首先对自己集合内的每个数据进行Hash计算，然后为每个元素生成一个随机数，并用服务方的公钥(E,N)进行加密，得到加密后的随机数R_Enc＝R^E modN，接着将元素的hash值与R_Enc对应相乘得到加盲数据C_Enc，最后加盲后的数据发送给服务方，并将这些数据统一进行Hash计算后上传到区块链平台进行存证。Specifically, as shown in Figure 5, first perform Hash calculation on each data in its own collection, then generate a random number for each element, and encrypt it with the public key (E, N) of the server to obtain the encrypted Random number R _Enc = R ^E modN, then multiply the hash value of the element with R _Enc to get the blinded data C _Enc , and finally send the blinded data to the server, and upload the data to Blockchain platform for depositing certificates.

服务方接收查询方发送的加盲数据，用自己的私钥(D,N)进行解密得到解密数据C_Dec，并将解密数据发送给查询方。The service party receives the blinded data sent by the query party, decrypts it with its own private key (D, N) to obtain the decrypted data C _Dec , and sends the decrypted data to the query party.

具体地，服务方收到查询方的加盲数据后，首先验证接收到的数据hash值是否与链上查询方存证的hash值相同，若相同则用自己的私钥(D,N)进行解密，即C_Dec＝C_Enc ^DmodN，然后将解密数据C_Dec发送给查询方，并将这些数据进行Hash计算后上传到区块链平台进行存证，否则拒绝执行计算。Specifically, after receiving the blinded data from the querying party, the service party first verifies whether the hash value of the received data is the same as the hash value of the querying party's certificate stored on the chain, and if they are the same, it uses its own private key (D, N) to Decryption, that is, C _Dec = C _Enc ^D modN, and then send the decrypted data C _Dec to the querying party, perform Hash calculation on the data and upload it to the blockchain platform for deposit, otherwise refuse to execute the calculation.

查询方接收服务方发送的解密数据，除以自己加盲过程中挑选的随机数，便可得到解盲数据C2。The inquiring party receives the decrypted data sent by the service party and divides it by the random number selected during the blinding process to obtain the unblinded data C2.

具体地，查询方收到服务方发来的解密数据C_Dec＝C1^D*Rmod N后，首先验证这些数据的hash值与链上服务方存证的hash值是否相同，若相同则将接收到的每个数据除以自己加盲过程中挑选的对应随机数R，便能得到用服务方私钥加密后的数据C2＝C1^Dmod N，若不相同则不执行计算。Specifically, after receiving the decrypted data C _Dec = C1 ^D * Rmod N sent by the server, the inquiring party first verifies whether the hash value of these data is the same as the hash value stored by the server on the chain. If they are the same, they will receive Divide each data of the data by the corresponding random number R selected in the process of blinding, and then the data encrypted with the private key of the server can be obtained C2=C1 ^D mod N, if not the same, the calculation will not be performed.

具体地，查询方从区块链平台下载服务方的加密数据，然后再用和服务方相同的哈希函数计算hash值C3＝Hash(C2)，将服务方提供的加密数据解盲后的数据C3进行比较便可得到双方的交集。Specifically, the query party downloads the encrypted data of the service party from the blockchain platform, and then uses the same hash function as the service party to calculate the hash value C3=Hash(C2), and the encrypted data provided by the service party is unblinded. The intersection of both parties can be obtained by comparing C3.

在结果验证阶段，查询方验证最终的计算结果，根据结果正确与否进行签名确认或向仲裁方申请仲裁；该阶段可以包含以下子步骤：In the result verification stage, the inquiring party verifies the final calculation result, confirms the signature or applies to the arbitrator for arbitration according to whether the result is correct or not; this stage may include the following sub-steps:

查询方可将服务方解密过的数据再次使用服务方的公钥进行加密，便能得到服务方解密前的数据。对这些数据进行Hash计算，并和之前已在区块链平台上存证的查询方加盲数据hash值进行比对，便可判别服务方是否如实按照协议进行计算。The query party can encrypt the data decrypted by the server party again using the public key of the server party to obtain the data before decryption by the server party. Hash calculation is performed on these data, and compared with the hash value of the query party’s blinded data that has been deposited on the blockchain platform before, it can be judged whether the service party has faithfully calculated according to the agreement.

具体地，查询方可将服务方解密过的数据C_Dec使用服务方的公钥再次进行加密，便可得到查询方加盲后的数据，对这些数据进行hash计算，并和区块链平台上已经存证的查询方hash值进行比较，便可判断服务方是否如实执行计算。Specifically, the query party can encrypt the data C _Dec decrypted by the server party again using the public key of the server party to obtain the blinded data of the query party, perform hash calculation on these data, and compare them with the data on the blockchain platform Comparing the hash value of the inquiring party that has already stored the certificate, it can be judged whether the server has performed the calculation truthfully.

若服务方没有存在欺诈行为，则在智能合约上进行签名，按照合约上的规定对服务方给予相应的奖励。If the service party does not have fraudulent behavior, it will sign on the smart contract, and give corresponding rewards to the service party according to the provisions of the contract.

具体地，查询方经过比对后若发现接收到的数据hash值与链上存证的查询方hash值相同，则判定查询方如实按照协议执行计算，可在智能合约上进行签名。Specifically, if the inquiring party finds that the received data hash value is the same as the inquiring party’s hash value stored on the chain after comparison, it will be determined that the inquiring party has faithfully performed calculations according to the agreement and can sign on the smart contract.

具体地，查询方经过比对后若发现接收到的数据hash值与链上存证的查询方hash值不同，则判定查询方没有如实按照协议执行计算，可拒绝在智能合约上进行签名，同时可向仲裁方申请仲裁。Specifically, if the inquiring party finds that the hash value of the received data is different from the inquiring party’s hash value stored on the chain after comparison, it will be determined that the inquiring party has not faithfully performed calculations according to the agreement, and can refuse to sign on the smart contract, and at the same time An application for arbitration may be made to the arbitrator.

在仲裁核实验证阶段，仲裁方根据链上的存证进行核实，判定查询方是否存在欺诈行为，并做出相应的裁决；该阶段可以包含以下子步骤：In the arbitration verification verification phase, the arbitrator verifies based on the evidence stored on the chain, determines whether the inquiring party has fraudulent behavior, and makes a corresponding ruling; this phase may include the following sub-steps:

对区块链上服务方和查询方在计算过程中链上的存证进行比对。Compare the storage certificates on the blockchain during the calculation process of the service party and the query party on the blockchain.

具体地，仲裁方可从区块链平台下载查询方和服务方的hash存证，同时要求查询方和服务方提供中间计算结果，中间结果的正确性可通过计算hash值进行比对，若中间计算结果正确，则使用服务方的公钥对服务方发送给查询方的解密数据进行重加密，并和链上查询方的hash存证进行比对，便可核实服务方是否存在欺诈行为。Specifically, the arbitrator can download the hash certificates of the querying party and the server from the blockchain platform, and at the same time require the querying party and the server to provide intermediate calculation results. The correctness of the intermediate results can be compared by calculating the hash value. If the calculation result is correct, use the public key of the service party to re-encrypt the decrypted data sent by the service party to the query party, and compare it with the hash certificate of the query party on the chain to verify whether the service party has fraudulent behavior.

若服务方确实存在欺诈行为，则在智能合约上签名确认，按照事先签订的智能合约对服务方进行一定的惩罚，仲裁方还可选择将服务方的恶意行为向全网公开。If the service party does have fraudulent behavior, it will sign and confirm on the smart contract, and the service party will be punished according to the pre-signed smart contract. The arbitrator can also choose to disclose the malicious behavior of the service party to the entire network.

具体地，仲裁方通过链上溯源核实发现服务方确实存在欺诈行为，则在合约上的惩罚机制处进行签名，按照事先签署好的合约对服务方进行惩罚，仲裁方还可将服务方的恶意行为记录到链上，从而为其他查询方提供参考。Specifically, if the arbitrator finds that the service party has fraudulent behavior through on-chain traceability verification, it will sign at the penalty mechanism on the contract and punish the service party according to the pre-signed contract. Behavior is recorded on the chain to provide reference for other querying parties.

具体地，仲裁方通过链上溯源核实发现服务方确实并不存在欺诈行为，则在合约上的奖励机制处进行签名，此时即使合约上没有查询方的签名，也可按照事先签署好的合约对服务方进行奖励。Specifically, the arbitrator finds that the service party does not have fraudulent behavior through on-chain traceability verification, and then signs at the reward mechanism on the contract. At this time, even if there is no signature of the querying party on the contract, the pre-signed contract Reward the service party.

基于区块链的双方隐私求交系统有效性分析：Effectiveness analysis of the two-party privacy seeking intersection system based on blockchain:

服务方对本地的集合使用私钥进行加密，加密得到的数据为：S2＝H′(S1^d modn)，其中S1＝H(S)。The server encrypts the local set with a private key, and the encrypted data is: S2=H'(S1 ^d modn), where S1=H(S).

查询方对本地集合中的每个元素，生成对应的随机数并用服务方的公钥进行加密，加密得到的数据为：C_Enc＝C1*R^e mod n，其中C1＝H(C)。The query side generates a corresponding random number for each element in the local collection and encrypts it with the public key of the server side. The encrypted data is: C _Enc =C1*R ^e mod n, where C1=H(C).

服务方接收到查询方的加密数据C2后，采用自己的私钥进行解密，所以After the service party receives the encrypted data C2 from the query party, it decrypts it with its own private key, so

C_Dec＝C_Enc ^d mod nC _Dec = C _Enc ^d mod n

＝(C1*R^e mod n)^d mod n＝(C1*R ^e mod n) ^d mod n

＝(C1*(R^e mod n))^d mod n＝(C1*(R ^e mod n)) ^d mod n

＝(C1^d*(R^e mod n)^d)mod n＝(C1 ^d *(R ^e mod n) ^d )mod n

＝(C1^d mod n)*((R^e mod n)^d)mod n＝(C1 ^d mod n)*((R ^e mod n) ^d ) mod n

＝(C1^d mod n)*((R^e mod n)^d)mod n＝(C1 ^d mod n)*((R ^e mod n) ^d )mod n

＝((C1^d mod n)*R)mod n#＝((C1 ^d mod n)*R)mod n#

查询方收到服务方解密后的数据C_Dec后，由于其中的随机数是自己挑选的，所以只需将其中的随机数除去，便可进行解盲。After the query party receives the decrypted data C _Dec from the service party, since the random number in it is selected by itself, it only needs to remove the random number to unblind it.

C2＝H′((C_Dec*(R^Φ(n)-1mod n))mod n)C2=H'((C _Dec *(R ^Φ(n)-1 mod n))mod n)

＝H′(((((C1^d mod n)*R)mod n)*(R^Φ(n)-1mod n))mod n)=H'(((((C1 ^d mod n)*R)mod n)*(R ^Φ(n)-1 mod n))mod n)

＝H′((((C1^d mod n)*R)*(R^Φ(n)-1))mod n)=H'((((C1 ^d mod n)*R)*(R ^Φ(n)-1 ))mod n)

＝H′(((C1^d mod n)*(R*(R^Φ(n)-1)))mod n)=H'(((C1 ^d mod n)*(R*(R ^Φ(n)-1 )))mod n)

＝H′((C1^d mod n mod n)*(R*(R^Φ(n)-1)mod n)mod n)=H'((C1 ^d mod n mod n)*(R*(R ^Φ(n)-1 )mod n)mod n)

＝H′(C1^d mod n)#＝H'(C1 ^d mod n)#

所以，最终查询方得到了服务方的加密数据S2＝H′(S1^d mod N)，以及解盲后的数据C2＝H′(C1^d mod n)，由于S1＝H(S)，C1＝H(C)，所以S2＝H′(S1^d mod N)＝H′(H(S)^d modN)，C2＝H′(C1^d mod n)＝H′(H(C)^d mod n，因此只要服务方的元素S_i，i∈[0，n)和客户端的元素C_j，j∈[0，m)相等，则S2_i＝C2_j，i∈[0，n)且C_j，j∈[0，m)。所以，只需要判断S2与C2的关系，便可以正确地求得交集。Therefore, in the end, the query party obtains the encrypted data S2=H'(S1 ^d mod N) of the service party, and the unblinded data C2=H'(C1 ^d mod n), since S1=H(S), C1= H(C), so S2=H'(S1 ^d mod N)=H'(H(S) ^d mod N), C2=H'(C1 ^d mod n)=H'(H(C) ^d mod n, Therefore, as long as the element S _i , i∈[0,n) of the server is equal to the element C _j , j∈[0,m) of the client, then S2 _i =C2 _j , i∈[0,n) and C _j , j ∈ [0, m). Therefore, it is only necessary to judge the relationship between S2 and C2, and then the intersection can be obtained correctly.

与前述的基于区块链的双方隐私求交系统的实施例相对应，本申请还提供了基于区块链的双方隐私求交方法的实施例，该方法包括：Corresponding to the aforementioned embodiment of a blockchain-based mutual privacy interrogation system, this application also provides an embodiment of a blockchain-based mutual privacy interrogation method, which includes:

服务方将自己的数据用私钥进行加密，并将公钥和加密数据上传至区块链以便于共享。The service party encrypts its own data with a private key, and uploads the public key and encrypted data to the blockchain for easy sharing.

服务方发起智能合约，并和查询方以及仲裁方三方签订智能合约。The service party initiates a smart contract and signs a smart contract with the query party and the arbitrator.

查询方和服务方之间执行求交计算，并将中间计算结果进行Hash计算后上传至区块链进行存证。Intersection calculations are performed between the querying party and the service party, and the intermediate calculation results are Hash calculated and uploaded to the blockchain for storage.

查询方验证最终的计算结果，根据结果正确与否进行确认或向仲裁方申请仲裁。The inquiring party verifies the final calculation result, confirms whether the result is correct or applies to the arbitrator for arbitration.

仲裁方根据链上的存证进行核实，判定查询方是否存在欺诈行为，并做出相应的裁决。The arbitrator verifies based on the evidence stored on the chain, determines whether the inquiring party has fraudulent behavior, and makes a corresponding ruling.

本发明电子设备包括中央处理单元(CPU)，其可以根据存储在只读存储器(ROM)中的计算机程序指令或者从存储单元加载到随机访问存储器(RAM)中的计算机程序指令，来执行各种适当的动作和处理。在RAM中，还可以存储设备操作所需的各种程序和数据。CPU、ROM以及RAM通过总线彼此相连。输入/输出(I/O)接口也连接至总线。The electronic device of the present invention includes a central processing unit (CPU), which can execute various Appropriate action and handling. In RAM, various programs and data necessary for device operation can also be stored. The CPU, ROM, and RAM are connected to each other through a bus. Input/output (I/O) interfaces are also connected to the bus.

设备中的多个部件连接至I/O接口，包括：输入单元，例如键盘、鼠标等；输出单元，例如各种类型的显示器、扬声器等；存储单元，例如磁盘、光盘等；以及通信单元，例如网卡、调制解调器、无线通信收发机等。通信单元允许设备通过诸如因特网的计算机网络和/或各种电信网络与其他设备交换信息/数据。Multiple components in the device are connected to the I/O interface, including: input units, such as keyboards, mice, etc.; output units, such as various types of displays, speakers, etc.; storage units, such as magnetic disks, optical discs, etc.; and communication units, Such as network card, modem, wireless communication transceiver, etc. The communication unit allows the device to exchange information/data with other devices over a computer network such as the Internet and/or various telecommunication networks.

处理单元执行上文所描述的各个方法和处理，例如方法S101～S107、S201～S202。例如，在一些实施例中，方法S101～S107、S201～S202可被实现为计算机软件程序，其被有形地包含于机器可读介质，例如存储单元。在一些实施例中，计算机程序的部分或者全部可以经由ROM和/或通信单元而被载入和/或安装到设备上。当计算机程序加载到RAM并由CPU执行时，可以执行上文描述的方法S101～S107、S201～S202的一个或多个步骤。备选地，在其他实施例中，CPU可以通过其他任何适当的方式(例如，借助于固件)而被配置为执行方法S101～S107、S201～S202。The processing unit executes various methods and processes described above, such as methods S101-S107, S201-S202. For example, in some embodiments, the methods S101-S107, S201-S202 can be implemented as computer software programs, which are tangibly contained in machine-readable media, such as storage units. In some embodiments, part or all of the computer program may be loaded and/or installed on the device via a ROM and/or a communication unit. When the computer program is loaded into the RAM and executed by the CPU, one or more steps of the methods S101-S107, S201-S202 described above may be performed. Alternatively, in other embodiments, the CPU may be configured to execute methods S101-S107, S201-S202 in any other appropriate manner (eg, by means of firmware).

本文中以上描述的功能可以至少部分地由一个或多个硬件逻辑部件来执行。例如，非限制性地，可以使用的示范类型的硬件逻辑部件包括：场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、芯片上系统的系统(SOC)、负载可编程逻辑设备(CPLD)等等。The functions described herein above may be performed at least in part by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field programmable gate array (FPGA), application specific integrated circuit (ASIC), application specific standard product (ASSP), system on a chip (SOC), load programmable logic device (CPLD), etc.

用于实施本发明的方法的程序代码可以采用一个或多个编程语言的任何组合来编写。这些程序代码可以提供给通用计算机、专用计算机或其他可编程数据处理装置的处理器或控制器，使得程序代码当由处理器或控制器执行时使流程图和/或框图中所规定的功能/操作被实施。程序代码可以完全在机器上执行、部分地在机器上执行，作为独立软件包部分地在机器上执行且部分地在远程机器上执行或完全在远程机器或服务器上执行。Program codes for implementing the methods of the present invention may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general-purpose computer, a special purpose computer, or other programmable data processing devices, so that the program codes, when executed by the processor or controller, make the functions/functions specified in the flow diagrams and/or block diagrams Action is implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.

在本发明的上下文中，机器可读介质可以是有形的介质，其可以包含或存储以供指令执行系统、装置或设备使用或与指令执行系统、装置或设备结合地使用的程序。机器可读介质可以是机器可读信号介质或机器可读储存介质。机器可读介质可以包括但不限于电子的、磁性的、光学的、电磁的、红外的、或半导体系统、装置或设备，或者上述内容的任何合适组合。机器可读存储介质的更具体示例会包括基于一个或多个线的电气连接、便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM或快闪存储器)、光纤、便捷式紧凑盘只读存储器(CD-ROM)、光学储存设备、磁储存设备、或上述内容的任何合适组合。In the context of the present invention, a machine-readable medium may be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, portable computer discs, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, compact disk read only memory (CD-ROM), optical storage, magnetic storage, or any suitable combination of the foregoing.

以上所述，仅为本发明的具体实施方式，但本发明的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，可轻易想到各种等效的修改或替换，这些修改或替换都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can easily think of various equivalents within the technical scope disclosed in the present invention. Modifications or replacements shall all fall within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims

1. A block chain-based two-party privacy intersection method is characterized by comprising the following steps:

the server encrypts the own data by using a private key, and uploads the public key and the encrypted data to the blockchain so as to be convenient for sharing;

the service side initiates an intelligent contract and signs an intelligent contract with the inquiring side and the arbitrating side;

performing intersection calculation between the inquiring party and the service party, carrying out hash calculation on the intermediate calculation result, and uploading the intermediate calculation result to a blockchain for certification;

the inquiring party verifies the final calculation result, and confirms or applies arbitration to the arbitrating party according to whether the result is correct or not;

the arbitrator verifies according to the certificate on the chain, judges whether the inquirer has fraudulent behaviors or not, and makes corresponding decisions;

the inquiring party or the arbitrating party invokes the signed intelligent contract to carry out signature confirmation, thereby giving rewards to the service party or punishing the service party.

2. The blockchain-based two-party privacy interaction method of claim 1, wherein the server encrypts its own data with a private key and uploads the public key and the encrypted data to the blockchain for sharing, comprising:

generating a key pair by adopting an encryption algorithm;

encrypting the plaintext by adopting a private key to obtain a ciphertext;

and uploading the public key and the ciphertext to the blockchain for disclosure.

3. The blockchain-based two-party privacy intersection method of claim 2, wherein the encryption algorithm is an RSA encryption algorithm.

4. The two-party privacy interaction method based on blockchain as in claim 1, wherein the server initiates an intelligent contract and makes an intelligent contract with the querying party and the arbitrating party, comprising:

the service initiates a request to the blockchain and issues an intelligent contract to the blockchain;

the secondary side receives the block chain notification, and signs after confirming that the contract is legal;

the inquiring party receives the block chain notification, verifies that the contract is signed by the arbitrator, and signs the contract if the rewarding and punishment mechanism specified by the intelligent contract is accepted.

5. The two-party privacy intersection method based on the blockchain as in claim 1, wherein the performing intersection calculation between the inquiring party and the serving party, and uploading the intermediate calculation result to the blockchain for certification after performing hash calculation, includes:

the inquiring party randomly selects a random number for each element in the data set, encrypts the random number by using a public key of the service party, multiplies the random number by a hash value of the corresponding element to obtain blinded data, sends the blinded data to the service party, hashes the blinded data and uploads the blinded data to the blockchain platform for verification;

the server receives the blind data sent by the inquiring party, decrypts the blind data by using the private key of the server to obtain decrypted data, then sends the decrypted data to the inquiring party, and uploads the decrypted data to the blockchain platform for verification after hash calculation;

the inquiring party receives the decryption data sent by the service party and divides the decryption data by the random number selected in the self-blinding process to obtain the blinding data;

the inquirer downloads the encrypted data of the server from the blockchain platform, and calculates the encrypted data provided by the server and the blinded data to obtain the intersection of the two parties.

6. The two-party privacy solving method based on blockchain as in claim 1, wherein the inquiring party verifies the final calculation result, confirms or applies arbitration to the arbitrating party according to whether the result is correct or not, and comprises the following steps:

the inquiring party can encrypt the data decrypted by the service party by using the public key of the service party again, so that the data before decryption by the service party can be obtained, hash calculation is carried out on the data, and the data is compared with the hash value of the blind data added by the inquiring party which is stored on the blockchain platform before, so that whether the service party carries out calculation according to a protocol can be judged;

if the service side does not have fraudulent conduct, signing is conducted on the intelligent contract, and corresponding rewards are given to the service side according to regulations on the contract;

if the service side is found to have fraudulent activity, the arbitrator is applied for arbitration, and signing on the intelligent contract is refused.

7. The blockchain-based two-party privacy interaction method of claim 1, wherein the arbitrator verifies based on the credentials on the chain, determines if the inquirer is fraudulent, and makes a corresponding decision, comprising:

comparing the certificates stored in the chain by the service party and the inquiring party in the calculating process:

if the service side does have fraudulent activity, signing and confirming on the intelligent contract, and punishing the service side according to the intelligent contract signed in advance, wherein the arbitrator can also select to disclose the malicious activity of the service side to the whole network;

if the service side does not have fraudulent conduct, signing on the intelligent contract, and carrying out corresponding rewarding on the service side according to the rule of the intelligent contract.

8. Two-party privacy intersection system based on block chain is characterized by comprising a server, a query party, a secondary party and a block chain module, wherein the two-party privacy intersection is performed by adopting the method of any one of claims 1-7.

9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that the processor, when executing the program, implements the method according to any of claims 1-7.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1-7.