CN116432213A - A data privacy protection method for grain supply chain based on multi-chain blockchain - Google Patents

A data privacy protection method for grain supply chain based on multi-chain blockchain Download PDF

Info

Publication number
CN116432213A
CN116432213A CN202211090528.3A CN202211090528A CN116432213A CN 116432213 A CN116432213 A CN 116432213A CN 202211090528 A CN202211090528 A CN 202211090528A CN 116432213 A CN116432213 A CN 116432213A
Authority
CN
China
Prior art keywords
chain
information
sup
data
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211090528.3A
Other languages
Chinese (zh)
Inventor
许继平
张新
张博洋
于重重
赵峙尧
于家斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Technology and Business University
Original Assignee
Beijing Technology and Business University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Technology and Business University filed Critical Beijing Technology and Business University
Priority to CN202211090528.3A priority Critical patent/CN116432213A/en
Publication of CN116432213A publication Critical patent/CN116432213A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/02Agriculture; Fishing; Forestry; Mining
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Mining & Mineral Resources (AREA)
  • Economics (AREA)
  • Agronomy & Crop Science (AREA)
  • Animal Husbandry (AREA)
  • Marine Sciences & Fisheries (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a grain supply chain data privacy protection method based on a multi-chain blockchain, belonging to the fields of blockchain, privacy encryption and the like; firstly, dividing a supply chain into six main links according to the information transfer characteristics of a grain supply chain, constructing key information according to categories, and outputting privacy data authority classification; dividing a supply chain into a common chain and four service chains by combining an actual service scene, constructing a grain supply chain multi-chain network model, and constructing a privacy data hierarchical encryption and storage model by analyzing privacy information characteristics of each level and adopting a hierarchical encryption mode by combining a cryptography algorithm. Based on the inter-link communication of the relay link, the trusted stream of the data is ensured; and finally, designing and improving a consensus algorithm CPBFT to ensure the efficient consensus of the data information. The invention effectively solves the data storage burden of the single-chain type block chain structure, overcomes the defect that private data information cannot be differentially shared, and realizes the effective protection of the grain supply chain data privacy in a multi-chain scene.

Description

Grain supply chain data privacy protection method based on multi-chain block chain
Technical Field
The invention relates to the technical fields of blockchain, privacy encryption and the like, in particular to a grain supply chain data privacy protection method based on a multi-chain blockchain.
Background
The grain crops mainly comprise wheat, rice, corn, millet, sorghum and the like, wherein the wheat, the rice and the corn occupy more than half of the world, the rice is the main ration of the people in China, and the grain safety is closely related to the life health of the people.
In the face of frequent food quality safety problems, the grain supply chain has the characteristics of long service life cycle, numerous enterprise participation nodes, complicated service data, difficult definition of privacy data and the like, each link of the grain supply chain relates to a wide region, risk factors of each link are numerous, the conventional centralized database can cause the problems that enterprise data are tampered and the like, a plurality of students have conducted researches on combining a block chain technology with a supply chain system, but a network model is constructed based on a single-chain block chain structure, the problems of data information island and the like are solved, and the problems of data storage, data redundancy, consensus efficiency and the like are also caused in the face of complex characteristics of the grain supply chain.
Blockchain technology is a distributed computing paradigm of a decentralised architecture that has grown popular with the advent of digital cryptocurrency such as bitcoin. The method is mainly applied to the financial field initially, is widely applied to grain supply chain systems by students in recent years, is mainly embodied in aspects of information tracing, information supervision, danger prevention and control early warning and the like in the grain and oil industry, establishes researches such as the grain and oil supply chain tracing system, an information supervision model, information management and control of single grain crop types and the like, and provides support for information tracing, supervision and trusted management and control of grain supply chain systems.
All nodes of the single-chain structure commonly maintain one account book, which can cause the difficult problem that data cannot be differentially shared and data are redundant, and the problems can be effectively avoided by adopting the block chain multi-chain structure. The multi-chain technology is originally initiated by Fabric1.0, is a channel technology based on alliance chains, each chain is used as an independent channel to carry out node communication in networking, and the capacity expansion storage and the privacy information differentiated management of data information can be effectively realized by virtue of the natural isolation performance of the channel technology, and service data interaction is carried out through a cross-chain technology.
The cryptography algorithm is a basic stone for guaranteeing the safety of data information and mainly comprises a hash function, symmetric encryption and asymmetric encryption.
The hash function SHA-2 has safety and wide applicability, is also a hash algorithm adopted by the bit coin, is used for obtaining the abstract of the plaintext data information, and can effectively ensure the information integrity. The AES algorithm is a mainstream symmetric encryption algorithm at present, can be used for rapidly encrypting a large amount of data information, is mixed with an ECC elliptic curve algorithm, and can effectively ensure the security of an AES key and further improve the security of the algorithm through dot multiplication operation of an elliptic curve. The homomorphic encryption algorithm is proposed by 1978 for the first time, the algorithm idea is to operate the ciphertext and operate the homomorphic to the plaintext, so that the encrypted ciphertext can be directly operated without decryption, and the privacy and the security of data are ensured. The Paillier homomorphic algorithm is an asymmetric encryption scheme with mixed homomorphism of addition and multiplication, and the security is difficult to decompose based on large prime numbers; ELGamal homomorphic algorithm is an internationally recognized public key cryptosystem, and its security is based on the difficulty of discrete logarithm over a finite field. RSA is one of the most widely applied asymmetric encryption algorithms, has high security and is easy to realize, but lower running efficiency limits the scene which can only be applied to a small amount of data, partial scholars also improve the algorithm from a principle layer, and the combination of the Chinese remainder theorem and the multiple prime numbers is a safe and efficient solution.
Disclosure of Invention
Aiming at the problems that a traditional single-chain network structure is adopted in a grain supply chain, data information storage redundancy, information cannot be differentially managed and privacy information is protected in a grading mode, typical link key information of the grain full supply chain is abstracted, each type of key information is classified in a grading mode according to privacy authorities, and a grain supply chain data privacy protection method based on a multi-chain block chain is established by adopting a block chain multi-chain technology, a cryptography algorithm, a cross-chain technology and a consensus algorithm. The invention effectively realizes the data isolation of each business link by relying on a block chain multi-link structure, ensures the data information safety by a cryptography algorithm, solves the problems of redundant data storage, incapability of differentially sharing information and the like of a single-chain structure, and realizes the safe and efficient protection of the information of the grain full supply chain and the network topology storage.
The grain supply chain data privacy protection method based on the multi-chain block chain comprises the following specific steps:
step one, analyzing key information of each typical link of a grain full supply chain;
typical links include planting, storing, processing, storing, transporting and selling; the storage link comprises two sub-links of acquisition and storage, and the storage link comprises two sub-links of packaging and storage.
The key information comprises basic information, environment information, hazard information and transaction information of each sub-link.
Step two, combining with an actual service scene, dividing the grain full-supply chain link into a common-knowledge chain and four service chains: a planting chain, a processing chain, a storage and transportation chain and a sales chain are used for constructing a multi-chain network model of a full grain supply chain;
the processing chain comprises four types of nodes, namely acquisition, storage, processing and packaging, and covers the whole process from storage to packaging of grains;
the storage and transportation chain comprises two types of nodes, namely storage and transportation, and covers the process before the sales link of finished grains.
The service chains and the consensus chains are communicated with each other through the relay chains, and the chains reach consensus through the optimized CPBFT algorithm.
Thirdly, carrying out authority classification on the private data on the key information, and encrypting and storing the key information into a multi-link network model
Dividing the key information into class I privacy information, class II privacy information, class III privacy information, public information and supervision information according to the authority;
the I-level privacy information is data which can be accessed by the highest authority in the enterprise, the II-level privacy information is data which can be accessed by other staff in the enterprise, the III-level privacy information is data which can be accessed by the upstream and downstream production enterprises, the public information is tracing information for consumers, and the supervision information is key information for supervising the safety of the production links of the upstream and downstream enterprises in real time by a supervision department.
The privacy information main body is stored in each service chain; the public information is mapped between the under-chain database and the service chain in a summary form, and a consumer finishes the process of tracing the public information through inquiring the service chain; the government regulatory authorities supervise the regulatory information.
The private data information transmits ciphertext through a relay chain by a corresponding private encryption algorithm, and the encryption transmission process is completed by a data relay intelligent contract and a private encryption intelligent contract running on the relay chain.
The specific encryption process is as follows:
(1) The I-level privacy information adopts an AES and ECC mixed encryption mode; comprises the following steps:
1) Hybrid encryption
Firstly, encrypting plaintext data of privacy information by adopting an AES encryption algorithm ECB mode;
the encryption process formula is:
c =Enc AES (m ,k A )
wherein m is K is the plaintext of the privacy information A C is a symmetric encryption key Is the privacy information ciphertext.
Then, for finite field F p E is based on F p G is the base point of E, and the receiver calculates the public key K from the elliptic curve E And transmits to the symmetric key sender.
K =k *G
k Is a random large prime number;
the sender then encrypts the symmetric encryptionKey k A The point M is obtained by encoding the BCH onto the elliptic curve, and a point less than n is randomly selected Is an integer of r, n Is finite field F p And encrypts the transmitted point M:
C 1 =M+rK ,C 2 =rG
finally, the sender will C 1 ,C 2 Symmetric encryption information ciphertext c Together with the transmission to the receiving party.
2) Decryption process
Receiving C at the receiver 1 ,C 2 Ciphertext c Using private key k Calculation C 1 -k C 2 The decryption process is as follows:
C 1 -k C 2 =M+rK -k (rG)=M
decoding the point M to obtain an AES symmetric encryption key k A Decrypting the private data ciphertext using the key: m is m =D(c ,k A ) Obtaining the private data plaintext.
(2) Class II privacy information is encrypted in a Paillier homomorphic manner; comprises the following steps:
1) Generating a key: (n) G) is a public key, (lambda, mu) is a private key.
Randomly selecting two different large prime numbers p 、q Let n =p ·q ,λ=lcm(p -1,q -1) (lcm represents the least common multiple), ensuring gcd (p) q ,(p -1)(q -1)) =1 (gcd represents the greatest common divisor);
randomly selecting a positive integer
Figure SMS_1
g is less than->
Figure SMS_2
And is in charge of>
Figure SMS_3
Mutual mass, definition
Figure SMS_4
Presence of
Figure SMS_5
2) Encryption process
Private data plaintext m To privacy data m Cut into k segments, and the data after cutting is m Ⅱ1 ,...,m Ⅱk ,0≤m Ⅱi <n (i=1, 2..k), randomly selecting an integer
Figure SMS_6
And r is i <n Using public key (n G) encrypting the plaintext to obtain encrypted data c Ⅱ1 ,...,c Ⅱk
Figure SMS_7
3) Decryption process
For data ciphertext c Decrypting by using a private key, wherein the decrypting process is as follows:
Figure SMS_8
obtaining a plaintext data segment m Ⅱ1 ,...,m Ⅱk Plaintext->
Figure SMS_9
Similarly, further due to the homomorphic characteristic of addition, after encrypting the segmented plaintext after cutting, multiplying the segmented ciphertext and then decrypting the segmented ciphertext, and the obtained result is the same as the result of directly adding the segmented plaintext;
Figure SMS_10
Thus, ciphertext of the private data may be obtained without knowing the plaintext fragment of the private data.
(3) Class III privacy information adopts ELGamal homomorphic encryption; comprises the following steps:
1) Key generation
Is provided with
Figure SMS_11
Is finite field Z p Randomly generates a large prime number p And selecting the generator g
Figure SMS_12
Randomly select k ∈[1,p -1]Is a private key and calculates a public key (y, g ,p );
Figure SMS_13
Finally, public key is disclosed, and private key k is saved
2) Encryption process
The private data sender selects a random number r ∈[1,p -1]Private data m using system parameters and public key y Encryption and calculation are carried out
Figure SMS_14
And->
Figure SMS_15
Obtaining ciphertext c =E(m )=(C 3 ,C 4 )
3) Decryption process
The receiving party receives the ciphertext c Thereafter, the private key k is utilized Decrypting the ciphertext data:
calculation of
Figure SMS_16
Namely, the data plaintext is obtained.
(4) The supervision information adopts an RSA encryption mode; comprises the following steps:
1) Generating a key
(1) Randomly generating four large primes p sup ,q sup ,r sup ,s sup
(2) Calculating n sup =p sup q sup r sup s sup And has phi (n) sup )=(p sup -1)(q sup -1)(r sup -1)(s sup -1)
(3) Randomly selecting a positive integer e to satisfy 1 < e < phi (n) sup ) So that gcd (e, phi (n sup ))=1
(4) Calculating to obtain d sup =e -1 modφ(n sup ) Calculate x sup For replacing parameter n sup The method comprises the following steps:
if p sup >q sup Then define x sup :(n sup -p sup )<x sup <n sup ,gcd(x sup ,n sup )=1
If p sup <q sup Then define x sup :(n sup -q sup )<x sup <n sup ,gcd(x sup ,n sup )=1
Thus, a key pair is obtained, the public key being (x sup E), the private key is (x sup ,d sup ) The public key is distributed to the sender to encrypt the private information, and the private key is distributed to the receiver to decrypt.
2) Encryption process
Using public key (x sup E) encrypting the private data plaintext, wherein the encryption process comprises the following steps:
Figure SMS_17
m sup the method is characterized in that the method is a plaintext of private data;
3) Decryption process
Calculating the remainder of the plaintext:
Figure SMS_18
wherein: c (C) p =c sup mod p sup ,C q =c sup mod q sup ,C r =c sup mod r sup ,C s =c sup mod s sup ;d p =d sup mod(p sup -1),d q =d sup mod(q sup -1),d r =d sup mod(r sup -1),d s =d sup mod(s sup -1)。
According to the chinese remainder theorem:
Figure SMS_19
resolvable data plaintext m sup
Figure SMS_20
(5) The public information adopts SHA256 to abstract the information main body;
for public information, the information body is stored in an under-chain database, and the public information is recorded on and among chains in a data abstract form.
The plaintext of the message is m pub H is calculated by a Hash function sha256=hash (x) m =Hash(m pub ) Obtaining the public information data abstract H m
Step four, designing a link-crossing communication mode based on a relay link, and enabling a sender service link A to issue data information needing to execute link-crossing operation on the relay link after checking by a verifier of the relay link, and transmitting the data information to a target service link B or a common identification link by the relay link to realize the link-crossing operation.
The data relay intelligent contract and the privacy encryption intelligent contract are operated on the relay chain, and the data information consensus is achieved through an optimized CPBFT algorithm, and the specific process is as follows:
when two chains need to carry out cross-chain communication interaction, the data relay intelligent contract monitors a cross-chain request, when a service chain A sends a request to a relay contract, the contract verifies the request and forwards the request to a corresponding receiving chain B;
Authentication includes sender, receiver identity, and cross-chain sequence, etc.
After verification, a communication channel of a service chain A-relay chain-service chain B/consensus chain is created.
When the request passes the verification, the Schnorr signature protocol is adopted to carry out digital signature on the data plaintext to be transmitted, and the service chain A sends the signature value and the data plaintext to the data relay intelligent contract.
After receiving the signature, the relay contract performs a verification process:
first, R 'is calculated' sig =z sig *G-c sig * pk, judging c sig =Hash(m,R' sig ) If so, confirming that the message is not tampered in the transmission process to encrypt the hierarchical authority, otherwise, terminating the cross-link information transmission process.
Wherein c sig ,z sig For signature value, pk is public key, m is the plaintext of the verified message, R' sig To verify the signature value;
after the information data integrity is judged, judging the authority level of the transmitted data plaintext:
if the inter-link interaction of III-level privacy information between the business links of the upstream and downstream enterprises is performed, calling a privacy encryption intelligent contract to encrypt by adopting an ELGamal encryption algorithm, and sending a ciphertext and a private key to a relay link; the relay chain achieves the consensus of business interaction data between the upstream enterprise chain and the downstream enterprise chain through an optimized CPBFT consensus algorithm, the relay chain achieves the consensus between business chains, and the relay contract sends the shared data and the private key to a business chain receiver.
If the data interaction is between the service chain and the consensus chain, judging the plaintext data privacy class in the data packet by calling the privacy encryption intelligent contract, adopting different classes of encryption modes according to different authorities, transmitting the encrypted ciphertext to the consensus chain, and completing the consensus process of the CPBFT multi-chain cross-chain privacy information ciphertext based on optimization by the consensus chain.
And fifthly, optimizing a traditional PBFT consensus mechanism, reducing the communication quantity among nodes by introducing a credit value evaluation mechanism, and improving the consensus efficiency of the system, so that the CPBFT is more suitable for a plurality of scenes of grain business data.
Compared with the prior art, the invention has the following advantages:
(1) According to the grain supply chain data privacy protection method based on the multi-chain block chain, the information transfer characteristics of the grain supply chain are analyzed, each typical link of the full supply chain is abstracted, and key information classification of each link is completed in the forms of document reading and enterprise investigation; in addition, the data privacy authority of the outputted key information of each link is divided into five-level data information, the five-level data information comprises three-level privacy information, supervision information and public information, the division form accords with the actual service scene, and a foundation is laid for subsequent work.
(2) The grain supply chain data privacy protection method based on the multi-chain block chain adopts the multi-chain channel technology to isolate different service chains, provides a natural barrier for service data, and provides an effective way for differentiated sharing and management of privacy data.
(3) According to the grain supply chain data privacy protection method based on the multi-chain block chain, key information privacy authorities are classified, data information quantity and privacy degrees thereof are comprehensively considered, and different encryption algorithms are adopted to conduct classified encryption on different-level data information, so that data privacy safety is guaranteed, and data encryption efficiency is guaranteed.
(4) According to the grain supply chain data privacy protection method based on the multi-chain block chain, a communication mode based on a relay chain is designed, data cross-chain interaction between different service chains and common chains among communication channels is effectively achieved, and safety and high usability are achieved.
(5) According to the grain supply chain data privacy protection method based on the multi-chain block chain, the credit value evaluation mechanism is introduced, so that the algorithm failure rate is effectively reduced, the consistency protocol is simplified, the communication traffic among system nodes is reduced, and the system consensus efficiency is further improved.
(6) The invention discloses a grain supply chain data privacy protection method based on a multi-chain block chain, and provides a universal data privacy protection scheme in various fields.
Drawings
FIG. 1 is a flow chart of a method for protecting the privacy of grain supply chain data based on a multi-chain blockchain;
FIG. 2 is a schematic illustration of a grain supply chain flow scheme under investigation in the present invention;
FIG. 3 is a diagram of a grain supply chain multi-chain network architecture designed in accordance with the present invention;
FIG. 4 is a schematic diagram of a hierarchical encryption and storage mode of private data according to the present invention;
FIG. 5 is a schematic diagram of a multi-link cross-link communication mode of the present invention;
FIG. 6 is a schematic diagram of a PBFT consensus algorithm coherence protocol under investigation in the present invention;
FIG. 7 is a schematic diagram of a credit evaluation mechanism of a CPBFT consensus node according to the present invention;
figure 8 is a schematic diagram of a coherency protocol of the improved CPBFT consensus algorithm of the present invention.
Detailed Description
In order to facilitate an understanding and practice of the present invention by those of ordinary skill in the art, the present invention is further described in detail and in depth in connection with the examples of a full grain supply chain, by which the rest of the industry may operate.
The invention discloses a grain supply chain data privacy protection method based on a multi-chain block chain, which is illustrated in the following five steps as shown in fig. 1.
Step one, analyzing and grading the key information of each typical link of the grain full supply chain;
the grain full supply chain has the characteristics of complex participation links, long life cycle, numerous enterprises and the like, the process relates to planting enterprises, storage enterprises, processing enterprises, transportation enterprises and sales enterprises, different authority information which can be checked by different function authority personnel exists in each enterprise, specific business information interaction exists between each upstream enterprise and each downstream enterprise, meanwhile, a consumer has a tracing requirement on grain tracing information, and a supervision department has a supervision requirement on specific supervision information.
Therefore, the invention analyzes the characteristics of various information in different links according to the category, summarizes the specific content of various information in each link, classifies the authority of the key information according to the authority, and provides support for solving the problem of differential management and sharing of the key information by enterprises.
The grain full-supply chain comprises six typical links of planting, collecting and storing, processing, storing, transporting and selling, wherein the collecting and storing link comprises two sub links of purchasing and storing, and the storing link comprises two sub links of packaging and storing.
And outputting key information classification of each typical link, wherein the key information comprises basic information, environment information, hazard information and transaction information of each sub-link. After confirming key information of each link and classification thereof, classifying the key information according to privacy authorities by analyzing privacy degrees of various key information to obtain a privacy information authority classification table.
Step two, combining with an actual service scene, dividing the grain full-supply chain link into a common-knowledge chain and four service chains: a planting chain, a processing chain, a storage and transportation chain and a sales chain are used for constructing a multi-chain network model of a full grain supply chain;
the consensus chain is responsible for completing the consensus of the whole network service data and reducing the data burden of each service chain; each service chain is responsible for storing privacy information main bodies of corresponding links; the public information body is stored in an under-chain database, and the data abstract is stored on the chain; and isolating the data information of each link between each link through a multi-link channel technology.
The processing chain comprises four types of nodes, namely acquisition, storage, processing and packaging, and covers the whole process from storage to packaging of grains;
the storage and transportation chain comprises two types of nodes, namely storage and transportation, and covers the process before the sales link of finished grains.
Each service chain and each consensus chain are communicated with each other through a relay chain, and each chain achieves consensus through an optimized CPBFT algorithm (Credit Practical Byzantine Fault Tolerant consensus algorithm).
The consumer can trace the public information, and the supervision department can complete enterprise information supervision work through supervision information.
The relay chain is a chain formed by relay nodes and is responsible for finishing data interaction among the chains, the optimized CPBFT algorithm is operated on the chain as well, the relay chain does not store service interaction data and consensus data, and the risk of data leakage is reduced.
Thirdly, carrying out authority classification on the private data on the key information, and encrypting and storing the key information into a multi-link network model
Dividing the key information into class I privacy information, class II privacy information, class III privacy information, public information and supervision information according to the authority; the public information is the public traceability information which can be accessed by all rights.
The I-level privacy information is data which can be accessed by the highest authority in the enterprise, the II-level privacy information is data which can be accessed by other staff in the enterprise, the III-level privacy information is data which can be accessed by the upstream and downstream production enterprises, and the public information is tracing information for consumers; the supervision information is key information for supervision departments to supervise the safety of upstream and downstream enterprises in real time in the production link.
The privacy information main body is stored in each service chain; the public information is mapped between the under-chain database and the service chain in a summary form, and a consumer finishes the process of tracing the public information through inquiring the service chain; the government regulatory authorities supervise the regulatory information. The supervision information is information which is directed and supervised by government supervision authorities aiming at enterprises in all links and overlaps with each level of privacy information, so that the supervision information authority is independent of each level of privacy information authority.
The private data information of the division hierarchy is transmitted through the corresponding private encryption algorithm by the aid of the relay chain, and the encryption transmission process is completed by the data relay intelligent contract and the private encryption intelligent contract running on the relay chain.
According to privacy information authority classification, the privacy information characteristics of each level are analyzed, and the specific encryption process is as follows:
(1) The I-level privacy information adopts an AES and ECC mixed encryption mode; AES encrypts the data plaintext, ECC encrypts the symmetric encryption key; the symmetric encryption and decryption uses the same secret key, and the characteristic of rapid encryption and decryption is suitable for the scene with more data, but once the secret key is leaked in the channel transmission process, the secret key is at risk of being cracked and tampered with by disclosure, so that the symmetric encryption algorithm AES secret key is encrypted by adopting the asymmetric encryption algorithm ECC, and the security in the secret key and secret key transmission process is ensured. The hybrid encryption algorithm comprises the following processes:
1) Hybrid encryption
Firstly, encrypting plaintext data of privacy information by adopting an AES encryption algorithm ECB mode;
the encryption process formula is:
c =Enc AES (m ,k A )
wherein m is K is the plaintext of the privacy information A C is a symmetric encryption key Is the privacy information ciphertext.
Then, for finite field F p ,p Is domain F p And p is as follows Is a safe large prime number. E is based on F p Is the base point of E, n Is F p Is a step of (a).
The receiver selects a random large prime number k As a private key (k) <n ) Calculating public key K through elliptic curve E And base G, public key K To the symmetric key sender.
K =k *G
The sender then encrypts the symmetric encryption key k A Randomly selecting a value smaller than n by encoding the BCH to a point M on the elliptic curve Is an integer of r, n Is finite field F p And encrypts the transmitted point M:
C 1 =M+rK ,C 2 =rG
finally, the sender will C 1 ,C 2 Symmetric encryption information ciphertext c Together with the transmission to the receiving party.
2) Decryption process
Receiving C at the receiver 1 ,C 2 Ciphertext c Using private key k Calculation C 1 -k C 2 The decryption process is as follows:
C 1 -k C 2 =M+rK -k (rG)=M+r(k G)-k (rG)=M
decoding the point M to obtain an AES symmetric encryption key k A Decrypting the private data ciphertext using the key: m is m =D(c ,k A ) Obtaining the private data plaintext.
Because the main operation in the ECC encryption process is elliptic curve scalar multiplication, the scalar multiplication occupies most of the time of the algorithm, so that the elliptic curve scalar multiplication is optimized and improved, and the efficiency of the hybrid encryption algorithm can be further improved.
The scalar multiplication operation optimization process is as follows:
(1) NAF encoding an integer r, where r j The encoded value of r is encoded, j is the bit length of r after encoding, s i As the leading coefficient, i E [0, j]
Figure SMS_21
(2) The window size w is AND-computed, INT (Eb) is an integer for Eb, eb being the average of the bases {2,3,5,7 }.
Figure SMS_22
Figure SMS_23
(3) Window size r calculated according to the previous steps j Divided into windows of R j Wherein r is a combination of j NAF coding value of integer r, j is code length, d=j/w;
Figure SMS_24
r represents j I window of->
Figure SMS_25
Indicating the w-1 bit of the I-th window.
Figure SMS_26
Figure SMS_27
(4) Window for calculating integer r using {2,3,5,7} as basis
Figure SMS_28
In the calculation, firstly, judging the result in a table T constructed in advance by the system, if x exists The P result set is carried out the next step; if not, all ++are introduced>
Figure SMS_29
The base in the range and the result of point P are presented in table T. The length of the converted base chain number is then pre-calculated. The pre-calculation of the maximum chain length of the converted radix chain is as follows, where s is the maximum chain length of the converted radix chain.
Figure SMS_30
(5) Searching the calculated radix chain using a greedy algorithm and calculating a window according to the following model
Figure SMS_31
Is an optimal multi-radix chain of (1), where s i E {1, -1}, n is the actual calculated radix chain length, n E [1, s ] ],b i 、c i 、d i 、e i Is the index coefficient corresponding to the substrate {2,3,5,7}, N b 、N c 、N d 、N e B is respectively i 、c i 、d i 、e i The number of 0 in i.epsilon.1, n]。
Figure SMS_32
Figure SMS_33
(6) Finally through
Figure SMS_34
To calculate rK and rG.
Figure SMS_35
Figure SMS_36
In the transmission process, the privacy information is transmitted in the form of ciphertext, the symmetric encryption key is encrypted by an ECC encryption algorithm, and even if C is intercepted in the transmission process 1 ,C 2 Or point K G, but the private key k of the receiver cannot be deduced due to the discrete logarithm problem of the elliptic curve The symmetric encryption key k cannot be deduced A Thereby ensuring the safety of the data transmission process; in addition, the scalar multiplication of the elliptic curve is improved and optimized, the encryption efficiency of the algorithm is improved, and the instantaneity of data is ensured.
(2) The II-level privacy information adopts Paillier homomorphic encryption, cuts and processes a plurality of II-level privacy data information, and performs encryption and decryption operation by using the full homomorphic characteristic of an algorithm; comprises the following steps:
1) Generating a key: (n) G) is a public key, (lambda, mu) is a private key.
Randomly selecting two different large prime numbers p 、q Let n =p ·q ,λ=lcm(p -1,q -1) (lcm represents the least common multiple), ensuring gcd (p) q ,(p -1)(q -1)) =1 (gcd represents the greatest common divisor);
randomly selecting a positive integer
Figure SMS_37
g is less than->
Figure SMS_38
And is in charge of>
Figure SMS_39
Mutual mass, definition->
Figure SMS_40
Presence of
Figure SMS_41
2) Encryption process
Private data plaintext m To privacy data m Cut into k segments, and the data after cutting is m Ⅱ1 ,...,m Ⅱk ,0≤m Ⅱi <n (i=1, 2..k), randomly selecting an integer
Figure SMS_42
And r is i <n Using public key (n G) encrypting the plaintext to obtain encrypted data c Ⅱ1 ,...,c Ⅱk
Figure SMS_43
3) Decryption process
For data ciphertext c Decrypting by using a private key, wherein the decrypting process is as follows:
Figure SMS_44
obtaining a plaintext data segment m Ⅱ1 ,...,m Ⅱk Plaintext->
Figure SMS_45
Similarly, further due to the homomorphic characteristic of addition, after encrypting the segmented plaintext after cutting, multiplying the segmented ciphertext and then decrypting the segmented ciphertext, and the obtained result is the same as the result of directly adding the segmented plaintext;
Figure SMS_46
thus, ciphertext of the private data may be obtained without knowing the plaintext fragment of the private data.
(3) The III-level privacy information adopts ELGamal homomorphic encryption, and the discrete logarithm problem effectively ensures the safety of interaction data;
EIGamal is a public key cryptosystem based on discrete logarithm problem on finite field, its security basis is the difficulty of discrete logarithm solution, its operation speed is influenced by key length, is applicable to III level privacy information scene that has not high requirement on data real-time. Comprises the following steps:
1) Key generation
Is provided with
Figure SMS_47
Is finite field Z p Randomly generates a large prime number p And selecting the generator g
Figure SMS_48
Randomly select k ∈[1,p -1]Is a private key and calculates a public key (y, g ,p );
Figure SMS_49
Finally, public key is disclosed, and private key k is saved
2) Encryption process
The private data sender selects a random number r ∈[1,p -1]Private data m using system parameters and public key y Encryption and calculation are carried out
Figure SMS_50
And->
Figure SMS_51
Obtaining ciphertext c =E(m )=(C 3 ,C 4 )
3) Decryption process
The receiving party receives the ciphertext c Thereafter, the private key k is utilized Solving ciphertext dataAnd (3) sealing:
calculation of
Figure SMS_52
Namely, the data plaintext is obtained.
In the EIGamal cryptosystem, the encryption operation is random, and the ciphertext depends on the plaintext m Again dependent on a random private key k So there may be p for the same plaintext -1 possible ciphertext.
(4) The supervision information adopts an RSA encryption mode, so that the algorithm is applicable to supervision scenes with larger data volume while ensuring the safety;
the supervision information authority is independent of each level of privacy information, and higher security is required, but the traditional RSA algorithm is low in efficiency when generating system parameters, so that timeliness supervision of supervision information by supervision departments is difficult to meet, and therefore the invention improves the algorithm to improve the algorithm efficiency. Comprises the following steps:
1) Generating a key
(1) Randomly generating four large primes p sup ,q sup ,r sup ,s sup
(2) Calculating n sup =p sup q sup r sup s sup And has phi (n) sup )=(p sup -1)(q sup -1)(r sup -1)(s sup -1)
(3) Randomly selecting a positive integer e to satisfy 1 < e < phi (n) sup ) So that gcd (e, phi (n sup ))=1
(4) Calculating to obtain d sup =e -1 modφ(n sup ) Calculate x sup For replacing parameter n sup The method comprises the following steps:
if p sup >q sup Then define x sup :(n sup -p sup )<x sup <n sup ,gcd(x sup ,n sup )=1
If p sup <q sup Then define x sup :(n sup -q sup )<x sup <n sup ,gcd(x sup ,n sup )=1
Thus, a key pair is obtained, the public key being (x sup E), the private key is (x sup ,d sup ) The public key is distributed to the sender to encrypt the private information, and the private key is distributed to the receiver to decrypt.
2) Encryption process
Using public key (x sup E) encrypting the private data plaintext, wherein the encryption process comprises the following steps:
Figure SMS_53
m sup the method is characterized in that the method is a plaintext of private data;
3) Decryption process
Calculating the remainder of the plaintext:
Figure SMS_54
wherein: c (C) p =c sup mod p sup ,C q =c sup mod q sup ,C r =c sup mod r sup ,C s =c sup mod s sup ;d p =d sup mod(p sup -1),d q =d sup mod(q sup -1),d r =d sup mod(r sup -1),d s =d sup mod(s sup -1)。
According to the chinese remainder theorem:
Figure SMS_55
resolvable data plaintext m sup
Figure SMS_56
By introducing four prime numbers, the encryption and decryption time and the key strength are balanced, and simultaneously, the Chinese remainder theorem is introduced to optimize the decryption process, so that the decryption process is reducedIs a complex and the amount of computation of (2); and introducing new ginseng x sup Substitution n sup Making it difficult for an attacker to make n sup Performing cracking attack; the improved RSA asymmetric encryption algorithm ensures the security and the efficiency is obviously improved.
(5) The public information is abstracted by adopting an SHA256 hash algorithm, the public information body is stored in a database under a chain, and the public information is recorded in the form of data abstracts on the chain and between the chains. The SHA256 of SHA-2 group compresses and abstracts the plaintext of the public information data, reduces the data quantity and ensures the safety of the data in the transmission process.
The plaintext of the message is m pub H is calculated by a Hash function sha256=hash (x) m =Hash(m pub ) Obtaining the public information data abstract H m
All links of the supply chain comprise that consumers and administrative departments have access rights to the public information, and whether the public information is tampered can be verified through the data abstract.
Step four, designing a link-crossing communication mode based on a relay link, and enabling a sender service link A to issue data information needing to execute link-crossing operation on the relay link after checking by a verifier of the relay link, and transmitting the data information to a target service link B or a common identification link by the relay link to realize the link-crossing operation.
In order to solve various defects existing in the traditional single-chain block chain, the grain full-supply chain multi-chain network model constructed by the invention effectively solves the problems of single-chain defects, data storage, redundancy and information differentiation authority management; the multi-link channel technology isolates each service link from the common identification links, the enterprise links with service association are not connected with each other, a seat of 'information island' is formed, information interaction blocking is caused, an effective interaction mechanism is needed between the links to realize data transmission across the links, the problems of data communication across the links and credible communication are solved, a certain calculation force sharing is provided for a main chain, and inter-link interoperability is improved.
Therefore, the invention designs a cross-link communication mode based on a relay link, the data relay intelligent contract and the privacy encryption intelligent contract are operated on the relay link, and the consensus of data information is achieved through an optimized CPBFT algorithm.
The specific process is as follows:
when two chains need to carry out cross-chain communication interaction, the data relay intelligent contract monitors a cross-chain request, when a service chain A sends a request to a relay contract, the contract verifies the request and forwards the request to a corresponding receiving chain B;
authentication includes sender, receiver identity, and cross-chain sequence, etc.
After verification, a communication channel of a service chain A-relay chain-service chain B/consensus chain is created. This process only occurs when cross-link information interaction is required, and when two links successfully establish communication through the relay link, any request information for link data interaction will return an exception report.
When the request passes the verification, the Schnorr signature protocol is adopted to carry out digital signature on the data plaintext to be transmitted, and the service chain A sends the signature value and the data plaintext to the data relay intelligent contract.
An elliptic curve E and G which are the same as the I-level privacy information and are subjected to mixed encryption are adopted as base points on the curve, and a prime number sk=k is randomly selected sig As a private key, then the public key pk=k sig * G, distributing the public key pk to the data relay intelligent contract for subsequent verification; selecting a random number r sig Service chaining side calculates R sig =r sig * G, calculating signature value c sig =Hash(m,R sig ) And z sig =r sig +c sig * sk, the service chaining side signs the value (c sig ,z sig ) And the data is transmitted to the data relay intelligent contract together with the data plaintext m.
After receiving the signature, the relay contract performs a verification process: first, R 'is calculated' sig =z sig *G-c sig * pk, judging c sig =Hash(m,R' sig ) If so, confirming that the message is not tampered in the transmission process to encrypt the hierarchical authority, otherwise, terminating the cross-link information transmission process.
Wherein c sig ,z sig For signature value, G is the base point on the curve, pk is the public key, m is the plaintext of the verified message, R' sig To verify the signature value.
After the information data integrity is judged, judging the authority level of the transmitted data plaintext:
if the inter-link interaction of III-level privacy information between the business links of the upstream and downstream enterprises is performed, calling a privacy encryption intelligent contract to encrypt by adopting an ELGamal encryption algorithm, and sending a ciphertext and a private key to a relay link; the relay chain achieves the consensus of business interaction data between the upstream enterprise chain and the downstream enterprise chain through an optimized CPBFT consensus algorithm, the relay chain achieves the consensus between business chains, and the relay contract sends the shared data and the private key to a business chain receiver.
If the data interaction is between the service chain and the consensus chain, judging the plaintext data privacy class in the data packet by calling the privacy encryption intelligent contract, adopting different classes of encryption modes according to different authorities, transmitting the encrypted ciphertext to the consensus chain, and completing the consensus process of the CPBFT multi-chain cross-chain privacy information ciphertext based on optimization by the consensus chain.
And fifthly, optimizing a traditional PBFT consensus mechanism, reducing the communication quantity among nodes by introducing a credit value evaluation mechanism, and improving the consensus efficiency of the system, so that the CPBFT is more suitable for a plurality of scenes of grain business data.
In order to ensure the data information security of the grain supply chain data privacy protection model based on the multi-chain block chain and efficiently achieve consensus, the invention optimizes the traditional PBFT, effectively reduces the possibility of a fault node round value main node by introducing a credit value evaluation mechanism, simplifies the consensus algorithm consistency protocol, greatly reduces the communication quantity among nodes, further improves the system consensus efficiency, and is more suitable for various scenes of grain service data.
Examples:
step one, analyzing key information and privacy authority classification of each typical link of a grain full supply chain.
(1) Analyzing key information of typical links of a grain full supply chain;
as shown in fig. 2, the grain full-supply link node is summarized as six links of planting, storing, processing, storing, transporting and selling, the business process of each link and the characteristics of participating enterprises are comprehensively analyzed, and key information of eight sub-links of the six links is divided into four sub-categories, which are respectively basic information, environment information, hazard information and transaction information, as shown in table 1.
The basic information mainly comprises operation information, time information, product information, quality information and the like of the corresponding links; the environmental information comprises the relevant environmental conditions of the raw grain, the semi-finished product and the finished product; the hazard information comprises relevant information of fungi, pesticide residues, heavy metals, plant diseases and insect pests and quality fission related to raw grains, semi-finished products and finished products; the transaction information mainly relates to product related price information and cost information.
The privacy information with different degrees is contained in various information, the information is not suitable for being fully disclosed, the authority classification is carried out on the key information, and a foundation is established for the classified encryption of the privacy information and the construction of a multi-link network architecture.
TABLE 1
Figure SMS_57
Figure SMS_58
(2) Dividing privacy authority levels of key information of all links of a grain full supply chain;
In order to better process data information in a differentiated mode, analyzing key information of each link of a grain supply chain, and dividing the key information into class I privacy information, class II privacy information, class III privacy information, public information and supervision information according to authority;
the privacy authorities of all levels are downward compatible, and as the supervision authorities exist independently of enterprises and the supervision information is crossed with the privacy information and the public information, the supervision authorities authority are independent of the privacy information authority, and the key information privacy authority class classification table is output according to the method, as shown in table 2.
TABLE 2
Figure SMS_59
And step two, constructing a grain full-supply chain multi-chain network model.
As shown in fig. 3, in order to solve the problem that the conventional single-chain structure service data cannot be differentially shared and stored and the service burden caused by service growth, the invention constructs a grain full-supply chain multi-chain network model and a multi-chain network structure model according to the flow information transfer characteristics of the grain full-supply chain and the service logic of enterprises in each link by combining a block chain multi-chain, a cross-chain mechanism, a cryptography algorithm and a consensus mechanism.
In the embodiment, six links of the grain supply chain are divided into four service chains, namely a planting chain, a processing chain, a storage and transportation chain and a sales chain, and a consensus chain for completing the cross-chain consensus of all the links of the supply chain is also provided;
And when the encrypted data of the service chain is uploaded to the consensus chain, the consensus chain completes the full supply chain link cross-chain consensus.
The private information body is stored in the block structure of the service chain, the public information body is stored in the under-chain database, and the data abstract is stored on the chain. Consumers can query the corresponding public traceability information through a query service chain and verify whether the consumer is tampered, and the supervision department can conduct real-time supervision on enterprises.
Step three, designing a hierarchical encryption and storage mode of the private data.
Based on a multi-chain network model, each service chain stores respective service data through a block chain self structure, but data interaction, communication and consensus among chains bring new risk challenges to private data, so that encryption of the private data is very critical.
The hierarchical encryption storage mode of the private data is shown in fig. 4, wherein the data volume of the public information main body is complicated and is stored in the under-chain database, and the abstract is taken and then uploaded to the service chain for storage; the privacy information plaintext main body is stored on the service chain through the hash tree structure of the block chain, so that the data security is ensured.
The service chain, the service chain and the consensus chain complete the data interaction and encryption process through the relay chain, a hierarchical encryption mode is adopted according to different privacy classes, and the relay chain is used as an information transmission medium and does not store any information body.
Aiming at the I-level privacy information, adopting an AES and ECC mixed encryption mode, encrypting the data plaintext by the AES, and encrypting the symmetric encryption key by the ECC; the II-level privacy information adopts Paillier homomorphic encryption, cuts and processes a plurality of II-level privacy data information, and performs encryption and decryption operation by using the full homomorphic characteristic of an algorithm; the III-level privacy information is encrypted in the homomorphic mode by adopting ELGamal, and the discrete logarithm problem effectively ensures the safety of interaction data; the supervision information adopts an optimized RSA algorithm, so that the algorithm is applicable to a supervision scene with larger data quantity while the safety is ensured; the public information is abstracted through SHA256 hash algorithm, the main body of the public information is stored under the chain, and the data abstract is stored on the chain.
Step four, designing a cross-link communication mode;
as shown in fig. 5, the relay chain acts as a combination of side chains and notary mechanisms, with access to key information that requires and validates both chains for interoperability, and transfers the information across both chains, an off-centered notary mechanism. In the relay mechanism, the service chain is connected with the relay chain by adhering to protocol specifications, when the service chain needs to initiate the chain crossing operation, the service chain issues data information needing to execute the chain crossing operation on the relay chain after checking by a verifier of the relay chain, and the relay chain transmits the information to a target service chain or a common identification chain to realize the chain crossing operation.
It should be noted that if the consensus process fails, the relay process is interrupted; and designing a time lock T in the relay contract, and when the target chain (service chain B/common identification chain) exceeds 51% of nodes receive the data packet or the private key sent by the relay chain, recognizing that the relay chain finishes the transmission of the data across the chains, and destroying the storage of the data ciphertext in the time T (the relay chain only maintains the common identification data account book).
And step five, optimizing and improving a traditional PBFT consensus mechanism.
The PBFT algorithm is originally proposed by Castro et al and mainly comprises a consistency protocol, a view conversion protocol and a check point protocol. The consistency protocol completes consistency check of the messages through a voting mechanism, the view conversion protocol is responsible for replacing a main node with a fault, and the check point protocol is used for clearing useless log messages and relieving the system storage pressure.
The view comprises a series of configurations, one master node and a plurality of slave nodes are arranged in one view, each node in different views is alternately used as the master node, the view can be regarded as the tenure of the master node, and the view numbers continuously increase along with the replacement of the views.
As shown in fig. 6, the consistency protocol of the PBFT algorithm mainly includes five execution processes of request, pre-prepare, prepare, commit and reply, where a client first initiates a request consensus request to a master node, and after the master node Primary receives the request, each request is assigned a unique number and a pre-preparation message is broadcast to each slave node reply. And the slave node receives the message for verification and broadcasts the message to other nodes, and enters a commit stage after receiving at least 2f+1 preparation messages. Mutual authentication is carried out among nodes, after receiving not less than 2f+1 commit messages, reply messages are broadcast to clients, and not less than f+1 replies are received to achieve consensus. Wherein f is the number of error nodes, n is the total number of nodes of the system, and f is less than or equal to (n-1)/3.
The PBFT algorithm provides the Bayesian fault tolerance of one third of the total nodes of the system, but under the application scene of the grain full supply chain, the probability of the Bayesian nodes is increased, and when the master node acts as a disfiguring behavior, the reelect of all the nodes is needed for view replacement, so that the consensus efficiency of the system is low. The wrongly generated node influences the algorithm efficiency from multiple dimensions, and in order to reduce the influence of the wrongly generated node on the algorithm, the embodiment designs the credit practical Bayesian fault-tolerant CPBFT applicable to the full grain supply chain scene:
firstly, a node credit value evaluation mechanism is introduced, credit evaluation is carried out on nodes in a system, the nodes in the system are divided into a main node, candidate nodes, a common node and a fault node according to a trust threshold value, honest nodes are rewarded through trust points, fault nodes are punished, meanwhile, a main node candidate queue is set, and the probability that the fault node is taken as the main node to participate in election is reduced. Secondly, in order to reduce the communication complexity among the nodes, the consistency protocol of the PBFT algorithm is simplified, and the consensus efficiency is further improved. The method comprises the following specific steps:
(1) Node credit evaluation mechanism
The node credit evaluation mechanism is shown in fig. 7, and the 7-node credit evaluation mechanism mainly comprises the following two parts:
(a) Initial credit setting
Aiming at the situation that a plurality of participation nodes exist in a grain supply chain, the probability of the existence of fault nodes is increased, in the embodiment, the aspects of participation enterprise scale, social reputation and the like are considered actually, the reputation of each participation enterprise is ranked quantitatively, the top n/3 nodes are taken as candidate nodes, and S is carried out i Representing the credit value of the node i, randomly assigning credit values to the nodes, wherein the credit value assignment interval of the first n/3 nodes is 8 < S i The value of the credit value assignment interval of the last 2n/3 nodes is less than or equal to 10 and is less than S i And less than or equal to 8, and the credit value is accurate to the last two decimal places.
The nodes with the credit values between 8 and 10 are candidate nodes, the candidate node with the highest credit value is selected to bear the master node when the view is changed, and when a plurality of iterations are performed and the plurality of nodes are the highest credit values, one node is randomly extracted to be used as the master node to host the next round of consensus. When credit value is 0 < S i And when the node is less than or equal to 8, the node is taken as a common node to participate in the system consensus process. When credit value S i And when the node is=0, indicating that the node is a malicious node with multiple faults, and listing the malicious node into a lost node list to reject the consensus network.
(b) Credit value rewarding and punishing mechanism
First, several rounds of PBFT consensus processes are performed, excluding failed nodes or nodes that send messages inconsistent with most nodes that exist in the several rounds of consensus processes. In order to encourage each node to participate in consensus in honest, and resist the fault node, the embodiment designs a node credit value rewarding and punishing mechanism. When a round of consensus is completed, the checkpoint protocol updates the credit information of each node through the log to avoid malicious transmission, and attempts to disturb the consensus process.
The credit rewarding mechanism evaluates credit by evaluating the number of successful communications when a node participates in a process, wherein S i ' is the updated credit value. T (T) v Adjusting parameters for prize value, w con Indicating the number of times that participation in consensus is expected, a con The credit rewarding mechanism is as follows, which represents the number of actual participation in consensus:
Figure SMS_60
when the candidate node successfully completes one consensus, a con And w is equal to con The ratio of (2) is 1, T is adjusted by setting v1 >T v2 Encouraging each node to complete the consensus process in honest, more credit rewards enable the common node to have a better chance to join the candidate node queue, and become the host view of the host node.
The credit value punishment mechanism is mainly used for regulating and controlling the credit value of the fault node, namely, the node does not successfully communicate in the consensus process, and a con =0, penalty mechanism is as follows:
Figure SMS_61
for penalty mechanism, P v Adjusting parameters for penalty values by setting up adjustment P v1 <P v2 The malicious attacker is prevented from implementing the attack by means of the credit shell of the candidate node for many times. For the main node to fail in the consensus process, the credit value is directly deducted by 5 points, and the failed main node is removed from the candidate queue to become a common node, so that the possibility of multiple failure main selection in a longer time is avoided. When the situation that the same node bears the master node repeatedly occurs, the credit value of the node needs to be reset, and the assignment interval is 0 < S i Less than or equal to 8 to avoid excessive systemHeart-turning.
By dynamically adjusting rewards, penalty values T v P v The candidate queue can be regulated and controlled as a whole to avoid the situation that the candidate queue is too much or too little. Meanwhile, due to the arrangement of the candidate node queues, honest nodes with higher credit values have the opportunity of preferentially acting as the main nodes, the possibility of the main nodes with the round values of the fault nodes is greatly reduced, and the main nodes are selected from the candidate queues with higher credit values, so that the view switching times are greatly reduced. In order to ensure the normal operation of the consensus process, the situation that no alternative candidate node exists when the master node fails is avoided, and the sequencing of the candidate queues and the consensus process need to be synchronously performed.
(2) Consistency protocol simplification
The traditional PBFT consensus mechanism requires two times of complexity O (N 2 ) Is a communication process of (1); in the grain scene, the number of nodes is large, and if the main node is a Bayesian node, the communication overhead of the main node is reelected, so that the consensus efficiency is greatly affected.
Therefore, the embodiment simplifies the consistency protocol of the PBFT mechanism while introducing the node credit value evaluation mechanism, effectively reduces the communication complexity between the nodes to the O (N) level, and further improves the consensus efficiency, so as to be suitable for a plurality of scenes of the grain supply chain nodes.
The simplified consistency protocol is shown in fig. 8, and the specific steps are as follows:
step 1: firstly, a master node is selected through a node credit value evaluation mechanism, and is responsible for hosting the round view and mainly responsible for message verification and generation of a new block after consensus.
Step 2: the client sends a request < request, o, t, c >, to the master node, where o is the request state executor, t is the time slice, and c is the client number.
Step 3: the master node broadcasts broadcast, v, n, d, > m, s >, where v is the view number, n is the message number, d is the message digest, m is the client request information, and s is the credit value of each node. If each slave node approves the certificate content, then Reply to the master node that the approval information is less than feedback, a i >, wherein a i The approval information for node number i.
Step 4: and if the master node receives not less than 2f pieces of approval information, packaging and transmitting the approval information < feedback, wherein a > is the packaged approval information of each node, and the slave node authenticates whether the approval information of other slave nodes is correct or not and enters a confirmation state after verification.
Step 5: when the client receives not less than 2f+1 pieces of confirmation information, the client determines that consensus is achieved, and a new block link is created by the master node to be connected into the block chain.
The simplified consistency protocol is combined with the node credit value evaluation mechanism, so that the nodes are encouraged to participate in the consensus process in honest, the possibility that the fault node becomes a master node is effectively reduced, meanwhile, the communication complexity is reduced at the communication level of each node, the consensus efficiency of the system is obviously improved from two aspects, and the traditional PBFT algorithm is more suitable for complex scenes of grain industry by the optimized CPBFT algorithm.
Analysis of results
The invention will analyze from both the point of view of correctness and consensus performance.
1) Correctness analysis
The traditional single-chain block chain structure is faced with the problems of complex participation links, long life cycle, and related to the full supply chain of numerous grains of enterprises, and along with the continuous increase of the whole business scale, the problems of privacy data management, data storage and consensus efficiency are also followed. According to the invention, key information of each link is analyzed through investigation, the key information is classified according to privacy authority, and a feasibility thought is provided for hierarchical encryption management of privacy data; secondly, by designing a grain multi-chain block chain network structure, the problem of data redundancy of the traditional single-chain structure is effectively solved, and the network storage burden is reduced; in addition, aiming at the key information privacy grading work, the characteristics of privacy information of each grade are analyzed, and different encryption algorithms are adopted to construct a privacy information grading encryption scheme, so that reliable guarantee is provided for the security protection of privacy data; different from the traditional single-chain network structure, the service chains become mutually independent and cannot perform data interaction among services, and the invention designs a multi-chain cross-chain interaction mechanism based on the relay chain, thereby ensuring the safe interaction of data among the service chains.
The traditional PBFT has the advantages that the probability of selecting the main node is high, the probability of selecting the fault node is high, the credit value scoring-based PBFT algorithm optimization scheme CPBFT is provided for numerous scenes of grain nodes, the probability of selecting the fault node as the main node is greatly reduced, the view switching efficiency is effectively improved through the design of a candidate queue, the consensus consistency protocol is simplified, the communication quantity among the nodes is effectively reduced, the consensus efficiency is further improved, and the consensus algorithm is more suitable for the grain scenes.
Different from the traditional single-chain structure, the grain multi-chain block chain network structure designed by the invention divides each main business link into a planting chain, a processing chain, a storage and transportation chain and a sales chain, and the processing of each business link on data can be performed cooperatively without waiting for business processing like the single-chain structure, thereby causing business accumulation; meanwhile, a common identification chain is additionally designed and is responsible for the whole common identification process of the whole business process, the account book storage burden of each business chain is shared, and the problem of redundancy of irrelevant business data is effectively solved by dividing the business chains. By analyzing key information of each link of a full supply chain, dividing privacy classes according to the privacy degree of the key information, analyzing the privacy information characteristics of each class, comprehensively considering factors such as the security level, the data quantity and the like of data of each link, and encrypting different classes by adopting an encryption algorithm suitable for the privacy characteristics of the key information; the cryptography algorithm is one of the core technologies of the block chain, the safety of the information plaintext is ensured in each service chain through the hash structure of the service chain, and the safety and the transmission efficiency of private data are ensured among the service chains through the cryptography algorithm.
The PBFT algorithm is a consensus mechanism based on voting, and consists of a client, a master node and slave nodes, wherein a round of consensus process requires O (N) between the nodes twice 2 ) The mutual communication of the stages achieves consensus that a Bayesian fault tolerance of 1/3 can be provided, but the communication complexity is high. If the current view elects to be faulty nodeAs a master node, the master node needs to be selected again to switch views, so that the consensus efficiency is greatly affected, and the number of participating nodes in a grain scene is increased, so that the communication complexity is also increased.
Aiming at a grain full supply chain scene, the invention designs a credit value scoring mechanism suitable for the grain scene, encourages nodes to participate in the consensus process in a honest way and penalizes the unsuccessful consensus process, takes the slave node with the high credit value of the first 1/3 as a candidate queue, selects the node with the highest credit value as a master node, greatly reduces the possibility of selecting the fault node as the master node, and ensures the dynamic property of the candidate queue while improving the consensus efficiency; when a node takes the role of a master node for multiple rounds, a decentralization protection mechanism is designed to reduce the decentralization risk. In addition, the consistency protocol of the CPBFT algorithm is simplified, the approval feedback information is packaged, and the slave node authenticates the approval information of other nodes through the packaging information, so that the inter-node traffic is reduced to the O (N) level, and the CPBFT algorithm is more suitable for a plurality of scenes of nodes in the grain industry.
2) Consensus performance analysis
For the optimized CPBFT consensus algorithm, analysis and comparison are performed from three dimensions of decentralization, security and consensus efficiency with the traditional PBFT algorithm, as shown in Table 3.
The number of nodes participating in the consensus process, the selection mode of the master node and the weight of each slave node participating in the consensus influence the decentralization degree of the consensus algorithm; the number of the participating nodes in the grain scene is large, and the more the rights of each node are dispersed, the higher the decentralization degree of the consensus algorithm is; the main node selection mode comprises two aspects of traditional voting and credit value accumulation; the consensus node weight refers to the probability that each slave node becomes the master node in a round of consensus process.
The security mainly comprises fault tolerance, node controllability, attack diversity, attack cost and security recovery; fault tolerance refers to the acceptance degree of a round of consensus process to the Bayesian node successfully completed by the consensus algorithm; node controllability refers to the ability of a node to take part in consensus to troubleshoot a node; the attack diversity refers to the type and degree of attack which can be born by the consensus process, and the attack cost is the calculation cost required by the malicious node to break the consensus process; security recovery refers to the ability of a system to recover data to pre-attack integrity and authenticity after an attack.
The consensus efficiency mainly comprises three indexes of transaction delay, throughput and communication complexity; delay only the time required to complete a round of consensus, i.e., the time required to generate a block; throughput refers to the number of transactions processed in a unit time, and the higher the throughput, the stronger the consensus performance; the communication complexity refers to the number of times and cost of the mutual communication between the nodes.
TABLE 3 Table 3
Figure SMS_62
(a) Decentralization
The CPBFT consensus algorithm introduces a node credit value evaluation mechanism, a master node candidate queue is formed by slave nodes with the front 1/3 of the credit value, and the node with the highest credit value is used as the master node, and although the consensus weight conversion of each slave node is not equal any more for credit value evaluation, the credit value represents the credit accumulation of the node, so that the hidden danger of view switching caused by a fault node is effectively eliminated, and the honest completion of consensus of each slave node is encouraged; meanwhile, in order to avoid the problem that the power is too concentrated because the node with the highest credit value acts as the master node for multiple rounds, a threshold that the master node cannot host multiple rounds of consensus is set, and the decentralization capability of an algorithm is effectively improved.
(b) Safety of
The CPBFT algorithm is based on the improved optimization of the PBFT algorithm, inherits the Bayesian-family fault tolerance of the PBFT algorithm, and can tolerate 1/3 Bayesian nodes under the condition of successfully completing one round of consensus. Meanwhile, the credit value evaluation mechanism effectively screens out known malicious or fault nodes, and avoids the possibility of subsequent transmission of the malicious nodes by means of a candidate node high credit value shell according to the bad situation; the credit value evaluation mechanism avoids the threat of the fault node to the system to a greater extent, and effectively improves the safety of the system.
(c) Consensus efficiency
For grain full supply chain scenes with numerous participating nodes, complex service association and increasing data volume, the traditional PBFT algorithm is difficult to cope with the scenes with such traffic volume. The invention adopts CPBFT algorithm, simplifies the traditional consistency protocol in the consensus level, greatly reduces the communication times among all slave nodes, and changes the communication complexity from O (N) 2 ) The level is reduced to the O (N) level, the consensus efficiency is obviously improved, and indexes such as the block outlet speed, the transaction throughput and the like are also enhanced. And the credit value evaluation mechanism is designed, so that the situation that the fault node acts as a master node is effectively avoided, the system overhead is reduced, and even if the view switching situation occurs, the candidate queue also enables the candidate node with the highest credit value to be selected at the first time to host the next round of view, and the system efficiency is improved.

Claims (5)

1. A grain supply chain data privacy protection method based on a multi-chain block chain is characterized by comprising the following specific steps:
step one, abstracting a grain full supply chain into six typical links including planting, collecting, storing, processing, storing, transporting and selling, and outputting key information of each link for analysis;
the key information comprises basic information, environment information, hazard information and transaction information of each sub-link;
Step two, combining with an actual service scene, dividing the grain full-supply chain link into a common identification chain and four service chains: a planting chain, a processing chain, a storage and transportation chain and a sales chain are used for constructing a multi-chain network model of a full grain supply chain;
data information of each link is isolated between each service chain and each consensus chain through a multi-chain channel technology, the links are communicated with each other through a relay chain, and the consensus of each chain is achieved through an optimized CPBFT algorithm;
thirdly, carrying out authority classification on the private data on the key information, and encrypting and storing the key information into a multi-link network model;
the key information is divided into class I privacy information, class II privacy information, class III privacy information, public information and supervision information according to the authority;
the I-level privacy information is data which can be accessed by the highest authority in the enterprise, the II-level privacy information is data which can be accessed by other staff in the enterprise, the III-level privacy information is data which can be accessed by the upstream and downstream production enterprises, the public information is tracing information for consumers, and the supervision information is key information for supervising the safety of the production links of the upstream and downstream enterprises in real time by a supervision department;
the designed privacy data hierarchical encryption and storage mode is implemented by a privacy encryption intelligent contract running on a relay chain, and a hierarchical encryption mode is adopted according to the characteristic analysis of each level of privacy authority data information, wherein the hierarchical encryption mode comprises the following steps: aiming at the I-level privacy information, adopting an AES and ECC mixed encryption mode, encrypting the data plaintext by the AES, and encrypting the symmetric encryption key by the ECC; the II-level privacy information adopts Paillier homomorphic encryption, cuts and processes a plurality of II-level privacy data information, and performs encryption and decryption operation by using the full homomorphic characteristic of an algorithm; class III privacy information is encrypted in a homomorphic way by ELGamal; the supervision information adopts an optimized RSA algorithm; the privacy information plaintext of each level is stored in a service chain through the structure of the block chain, hierarchical encryption is completed through a privacy encryption intelligent contract operated by a relay chain, and the privacy information ciphertext and an encryption key are transmitted to a receiver; the public information is abstracted through SHA256 hash algorithm, the main body of the public information is stored in the database under the chain, and the data abstract is stored in the service chain;
Step four, designing a link-crossing communication mode based on a relay link, and enabling a sender service link A to issue data information needing to execute a link-crossing operation on the relay link after checking by a verifier of the relay link, and transmitting the data information to a target service link B or a common identification link by the relay link to realize the link-crossing operation;
the data relay intelligent contract and the privacy encryption intelligent contract are operated on the relay chain, the Schnorr digital signature protocol is adopted to confirm the integrity of the data information, and the data information consensus is achieved through an optimized CPBFT algorithm, and the specific process is as follows:
when two chains need to carry out cross-chain communication interaction, the data relay intelligent contract monitors a cross-chain request, when a service chain A sends a request to a relay contract, the contract verifies the request and forwards the request to a corresponding receiving chain B;
after verification, a communication channel of a service chain A-relay chain-service chain B/consensus chain is established;
when the request passes the verification, a Schnorr signature protocol is adopted to digitally sign the data plaintext to be transmitted, and a service chain A sends the signature value and the data plaintext to a data relay intelligent contract;
after receiving the signature, the relay contract performs a verification process:
first, R 'is calculated' sig =z sig *G-c sig * pk, judging c sig =Hash(m,R' sig ) If so, confirming that the message is not tampered in the transmission process to carry out hierarchical authority encryption, otherwise, terminating the cross-link information transmission process;
Wherein c sig ,z sig For signature value, G is the base point of elliptic curve based on finite field, pk is public key, m is verified message plaintext, R' sig To verify the signature value;
after the information data integrity is judged, judging the authority level of the transmitted data plaintext:
if the inter-link interaction of III-level privacy information between the business links of the upstream and downstream enterprises is performed, calling a privacy encryption intelligent contract to encrypt by adopting an ELGamal encryption algorithm, and sending a ciphertext and a private key to a relay link; the relay chain achieves the consensus of business interaction data between the upstream enterprise chain and the downstream enterprise chain through an optimized CPBFT consensus algorithm, and a relay contract sends shared data and a private key to a business chain receiver;
if the data interaction is between the service chain and the consensus chain, judging the plaintext data privacy class in the data packet by calling a privacy encryption intelligent contract, adopting different classes of encryption modes according to different authorities, transmitting encrypted ciphertext to the consensus chain, and completing the consensus process of the CPBFT multi-chain cross-chain privacy information ciphertext based on optimization by the consensus chain;
and fifthly, optimizing a traditional PBFT consensus mechanism, simplifying a consensus algorithm consistency protocol by introducing a credit value evaluation mechanism, reducing the communication quantity among nodes, improving the consensus efficiency of the system, and enabling the CPBFT to be more suitable for scenes with numerous grain service data.
2. The method of claim 1, wherein the step one comprises two sub-steps of purchasing and storing, and the step one comprises two sub-steps of packaging and storing.
3. The method according to claim 1, wherein the processing chain in the second step comprises four types of nodes of acquisition, storage, processing and packaging, and covers the whole process from storage to packaging of grains;
the storage and transportation chain comprises two types of nodes, namely storage and transportation, and covers the process before the sales link of the finished product grain;
the grain supply chain multi-chain network model is based on super ledger Fabric multi-chain channel technology, and data information is isolated among service chains through natural isolation of channels.
4. The method according to claim 1, wherein in the third step, the privacy information body is stored in each service chain; the public information is mapped between the under-chain database and the service chain in a summary form, and a consumer finishes the process of tracing the public information through inquiring the service chain; the government supervision department carries out supervision on the supervision information;
the private data information transmits ciphertext through a relay chain by a corresponding private encryption algorithm, and the encryption transmission process is completed by a data relay intelligent contract and a private encryption intelligent contract running on the relay chain.
5. The method according to claim 1, wherein in the third step, a specific encryption process is as follows:
(1) The I-level privacy information adopts an AES and ECC mixed encryption mode; comprises the following steps:
1) Hybrid encryption
Firstly, encrypting plaintext data of privacy information by adopting an AES encryption algorithm ECB mode;
the encryption process formula is:
c =Enc AES (m ,k A )
wherein m is K is the plaintext of the privacy information A C is a symmetric encryption key The privacy information ciphertext;
then, for finite field F p E is based on F p G is the base point of E, and the receiver calculates the public key K from the elliptic curve E And sending the symmetric key to a symmetric key sender;
K =k *G
k is a random large prime number;
the sender then encrypts the symmetric encryption key k A The point M is obtained by encoding the BCH onto the elliptic curve, and a point less than n is randomly selected Is an integer of r, n Is finite field F p And encrypts the transmitted point M:
C 1 =M+rK ,C 2 =rG
finally, the sender will C 1 ,C 2 Symmetric encryption information ciphertext c Together to the receiver;
2) Decryption process
Receiving C at the receiver 1 ,C 2 Ciphertext c Using private key k Calculation C 1 -k C 2 The decryption process is as follows:
C 1 -k C 2 =M+rK -k (rG)=M
decoding the point M to obtain an AES symmetric encryption key k A Decrypting the private data ciphertext using the key: m is m =D(c ,k A ) Obtaining a private data plaintext;
(2) Class II privacy information is encrypted in a Paillier homomorphic manner; comprises the following steps:
1) Generating a key: (n) G) is a public key, (lambda, mu) is a private key;
randomly selecting two different large prime numbers p 、q Let n =p ·q ,λ=lcm(p -1,q -1) (lcm represents the least common multiple), ensuring gcd (p) q ,(p -1)(q -1)) = 1, gcd represents the greatest common divisor;
randomly selecting a positive integer
Figure FDA0003836814560000041
g is less than->
Figure FDA0003836814560000042
And is in charge of>
Figure FDA0003836814560000043
Mutual mass, definition->
Figure FDA0003836814560000044
Presence of
Figure FDA0003836814560000045
2) Encryption process
Private data plaintext m To privacy data m Cut into k segments, and the data after cutting is m Ⅱ1 ,...,m Ⅱk ,0≤m Ⅱi <n (i=1, 2..k), randomly selecting an integer
Figure FDA0003836814560000046
And r is i <n Using public key (n G) encrypting the plaintext to obtain encrypted data c Ⅱ1 ,...,c Ⅱk
Figure FDA0003836814560000047
3) Decryption process
For data ciphertext c Decryption using private key, solutionThe process of the sealing:
Figure FDA0003836814560000048
obtaining a plaintext data segment m Ⅱ1 ,...,m Ⅱk Plaintext->
Figure FDA0003836814560000049
Similarly, further due to the homomorphic characteristic of addition, after encrypting the segmented plaintext after cutting, multiplying the segmented ciphertext and then decrypting the segmented ciphertext, and the obtained result is the same as the result of directly adding the segmented plaintext;
i.e.
Figure FDA00038368145600000410
(3) Class III privacy information adopts ELGamal homomorphic encryption; comprises the following steps:
1) Key generation
Is provided with
Figure FDA00038368145600000411
Is finite field Z p Randomly generates a large prime number p And selecting the generator g
Figure FDA00038368145600000412
Randomly select k ∈[1,p -1]Is a private key and calculates a public key (y, g ,p );
Figure FDA00038368145600000413
Finally, public key is disclosed, and private key k is saved
2) Encryption process
The private data sender selects a random number r ∈[1,p -1]Private data m using system parameters and public key y Encryption and calculation are carried out
Figure FDA00038368145600000414
And->
Figure FDA00038368145600000415
Obtaining ciphertext c =E(m )=(C 3 ,C 4 )
3) Decryption process
The receiving party receives the ciphertext c Thereafter, the private key k is utilized Decrypting the ciphertext data:
calculation of
Figure FDA0003836814560000051
Namely, the data plaintext is the data plaintext;
(4) The supervision information adopts an RSA encryption mode; comprises the following steps:
1) Generating a key
(1) Randomly generating four large primes p sup ,q sup ,r sup ,s sup
(2) Calculating n sup =p sup q sup r sup s sup And has phi (n) sup )=(p sup -1)(q sup -1)(r sup -1)(s sup -1)
(3) Randomly selecting a positive integer e to satisfy 1 < e < phi (n) sup ) So that gcd (e, phi (n sup ))=1
(4) Calculating to obtain d sup =e -1 modφ(n sup ) Calculate x sup For replacing parameter n sup The method comprises the following steps:
if p sup >q sup Then define x sup :(n sup -p sup )<x sup <n sup ,gcd(x sup ,n sup )=1
If p sup <q sup Then define x sup :(n sup -q sup )<x sup <n sup ,gcd(x sup ,n sup )=1
Thus, a key pair is obtained, the public key being (x sup E), the private key is (x sup ,d sup ) The public key is distributed to the sender to encrypt the private information, and the private key is distributed to the receiver to decrypt;
2) Encryption process
Using public key (x sup E) encrypting the private data plaintext, wherein the encryption process comprises the following steps:
Figure FDA0003836814560000052
m sup the method is characterized in that the method is a plaintext of private data;
3) Decryption process
Calculating the remainder of the plaintext:
Figure FDA0003836814560000053
wherein: c (C) p =c sup modp sup ,C q =c sup modq sup ,C r =c sup modr sup ,C s =c sup mods sup ;d p =d sup mod(p sup -1),d q =d sup mod(q sup -1),d r =d sup mod(r sup -1),d s =d sup mod(s sup -1);
According to the chinese remainder theorem:
Figure FDA0003836814560000061
Resolvable data plaintext m sup
Figure FDA0003836814560000062
(5) The public information adopts SHA256 to abstract the information main body;
aiming at the public information, the information body is stored in a database under a chain, and the public information is recorded on the chain and among the chains in a data abstract form;
the plaintext of the message is m pub H is calculated by a Hash function sha256=hash (x) m =Hash(m pub ) Obtaining the public information data abstract H m
CN202211090528.3A 2022-09-07 2022-09-07 A data privacy protection method for grain supply chain based on multi-chain blockchain Pending CN116432213A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211090528.3A CN116432213A (en) 2022-09-07 2022-09-07 A data privacy protection method for grain supply chain based on multi-chain blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211090528.3A CN116432213A (en) 2022-09-07 2022-09-07 A data privacy protection method for grain supply chain based on multi-chain blockchain

Publications (1)

Publication Number Publication Date
CN116432213A true CN116432213A (en) 2023-07-14

Family

ID=87084268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211090528.3A Pending CN116432213A (en) 2022-09-07 2022-09-07 A data privacy protection method for grain supply chain based on multi-chain blockchain

Country Status (1)

Country Link
CN (1) CN116432213A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116823068A (en) * 2023-08-29 2023-09-29 四川集鲜数智供应链科技有限公司 Restaurant food supply chain management system
CN117333088A (en) * 2023-09-20 2024-01-02 上海朗晖慧科技术有限公司 A zero-trust consistency processing method for sending and receiving goods
CN117914859A (en) * 2023-12-14 2024-04-19 天翼云科技有限公司 A distributed consensus master node selection method and system based on PBFT algorithm
CN118018322A (en) * 2024-04-03 2024-05-10 湖南天河国云科技有限公司 Block chain privacy data processing method, device, computer equipment and medium
CN119046962A (en) * 2024-08-07 2024-11-29 深圳市赛凌伟业科技有限公司 Information encryption method and system in big data environment
CN119719033A (en) * 2025-02-28 2025-03-28 江苏智城慧宁交通科技有限公司 A traffic data file storage method and system based on blockchain
CN119966628A (en) * 2025-04-09 2025-05-09 深圳市纬亚森科技有限公司 A privacy protection method and system in multimedia data transmission
CN120320939A (en) * 2025-04-27 2025-07-15 金网络(北京)数字科技有限公司 A supply chain data management method based on privacy computing
CN121333803A (en) * 2025-11-28 2026-01-13 邯黄铁路有限责任公司 A method for secure encryption of railway freight data based on distributed storage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112967074A (en) * 2021-03-29 2021-06-15 北京工商大学 Block chain driven rice supply chain information supervision model construction method
CN113595735A (en) * 2021-07-12 2021-11-02 中债金科信息技术有限公司 Supervised privacy protection block chain crossing system based on CP-ABE
CN113643045A (en) * 2021-08-13 2021-11-12 北京工商大学 A method for dynamic supervision of rice supply chain information based on smart contracts
CN114897486A (en) * 2022-04-18 2022-08-12 北京工商大学 Rice full-supply chain information control method based on multi-chain cooperation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112967074A (en) * 2021-03-29 2021-06-15 北京工商大学 Block chain driven rice supply chain information supervision model construction method
CN113595735A (en) * 2021-07-12 2021-11-02 中债金科信息技术有限公司 Supervised privacy protection block chain crossing system based on CP-ABE
CN113643045A (en) * 2021-08-13 2021-11-12 北京工商大学 A method for dynamic supervision of rice supply chain information based on smart contracts
CN114897486A (en) * 2022-04-18 2022-08-12 北京工商大学 Rice full-supply chain information control method based on multi-chain cooperation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐治理 等: "一种基于信用的改进PBFT高效共识机制", 计算机应用研究, 30 September 2019 (2019-09-30), pages 1 - 3 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116823068A (en) * 2023-08-29 2023-09-29 四川集鲜数智供应链科技有限公司 Restaurant food supply chain management system
CN116823068B (en) * 2023-08-29 2023-11-07 四川集鲜数智供应链科技有限公司 Restaurant food supply chain management system
CN117333088A (en) * 2023-09-20 2024-01-02 上海朗晖慧科技术有限公司 A zero-trust consistency processing method for sending and receiving goods
CN117914859A (en) * 2023-12-14 2024-04-19 天翼云科技有限公司 A distributed consensus master node selection method and system based on PBFT algorithm
CN118018322A (en) * 2024-04-03 2024-05-10 湖南天河国云科技有限公司 Block chain privacy data processing method, device, computer equipment and medium
CN119046962A (en) * 2024-08-07 2024-11-29 深圳市赛凌伟业科技有限公司 Information encryption method and system in big data environment
CN119719033A (en) * 2025-02-28 2025-03-28 江苏智城慧宁交通科技有限公司 A traffic data file storage method and system based on blockchain
CN119966628A (en) * 2025-04-09 2025-05-09 深圳市纬亚森科技有限公司 A privacy protection method and system in multimedia data transmission
CN120320939A (en) * 2025-04-27 2025-07-15 金网络(北京)数字科技有限公司 A supply chain data management method based on privacy computing
CN120320939B (en) * 2025-04-27 2025-09-23 金网络(北京)数字科技有限公司 A supply chain data management method based on privacy computing
CN121333803A (en) * 2025-11-28 2026-01-13 邯黄铁路有限责任公司 A method for secure encryption of railway freight data based on distributed storage

Similar Documents

Publication Publication Date Title
CN116432213A (en) A data privacy protection method for grain supply chain based on multi-chain blockchain
CN107395403B (en) Credit-based block chain consensus method suitable for large-scale electronic commerce
CN113271204B (en) Byzantine fault-tolerant consensus method based on quantum key distribution
CN114881648B (en) Oracle-based blockchain interconnection method and device for cross-chain asset swap scenarios
WO2021220278A1 (en) System and method for fast, post-quantum blockchain concensus generation and smart contracts execution
CN115270145B (en) A method and system for detecting user electricity theft based on consortium blockchain and federated learning
Xu et al. Detrust-fl: Privacy-preserving federated learning in decentralized trust setting
CN110351067A (en) For the block chain common recognition mechanism of principal and subordinate&#39;s multichain
Zhao et al. Privacy-preserving electricity theft detection based on blockchain
CN110474892B (en) A defense method of fake data injection attack based on blockchain technology
CN110599163B (en) Transaction record outsourcing method facing block chain transaction supervision
CN114338040B (en) Block chain node grouping multi-chain three-time consensus method
Wang et al. TEBChain: A trusted and efficient blockchain-based data sharing scheme in UAV-assisted IoV for disaster rescue
CN106161440A (en) Based on D S evidence and the multi-area optical network trust model of theory of games
CN116055579A (en) Multi-alliance chain crossing method
CN111865595A (en) A consensus method and device for blockchain
Zhu et al. An efficient identity-based signature protocol over lattices for the smart grid
CN119276514A (en) A method and system for verifying data security on a chain
Liang et al. XPull: A relay-based blockchain intercommunication framework achieving cross-chain state pulling
Gramoli et al. AOAB: optimal and fair ordering of financial transactions
CN120710675B (en) Data sharing exchange method and system based on privacy calculation and big data technology
CN112583598A (en) Complex Internet of things alliance chain system communication mechanism
CN121030772A (en) A blockchain-based method and system for power data management
CN120856297A (en) Blockchain-based network message security transmission verification method and system
Cheng et al. Ocean data sharing based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination