Detailed Description
In the technical scheme of the specification, privacy collaboration among members is realized based on a blockchain technology. Each member has a corresponding node device, the node device is provided with a blockchain node corresponding to the member, and the blockchain network to which the blockchain nodes belong comprises a privacy cooperation intelligent contract for realizing privacy cooperation.
The present specification implements a privacy collaboration scheme with a control plane and a data plane separated for implementing privacy collaboration between at least a portion of a plurality of members. From the system architecture, a privacy collaboration system is specifically realized. For example, as shown in FIG. 1, the privacy collaboration system may include a control plane 11 and a data plane 12, where:
the control plane 11 is used for calling a privacy cooperation intelligent contract according to the blockchain transaction submitted to the blockchain network and used for privacy cooperation, and correspondingly generating a resource scheduling instruction aiming at the data plane if an event related to privacy cooperation among members generated after the privacy cooperation intelligent contract is called is monitored;
the data plane 12 is configured to allocate, according to a resource scheduling instruction issued by the control plane, a link resource on a node device corresponding to a member that confirms participation in privacy collaboration, for use in a privacy collaboration process.
As can be seen from fig. 1, the whole process can be divided into on-chain and off-chain, in addition to the division between the control plane 11 and the data plane 12. The control plane 11 relates to both on-chain and off-chain, while the data plane 12 relates to off-chain. The process of the control plane 11 implemented on the chain involves the invocation of the privacy cooperation intelligent contract and the generation of the privacy cooperation related event, and by listening to the event, the corresponding resource scheduling instruction can be generated under the chain. Further, the data plane 12 may acquire and execute resource scheduling instructions under the chain to implement the privacy collaboration process.
The above is based on a description of the system angle. For each node device corresponding to a member, taking the node device 21 corresponding to the member P1 as an example, as shown in fig. 2, the node device 21 may include a blockchain node 211 belonging to the chain and a privacy coordination node 212 belonging to the chain from the angles of on-chain and off-chain, from the angles of a control plane and a data plane, the blockchain node 211 and a scheduling module 212a in the privacy coordination node 212 belong to the control plane, and other modules such as a network module 212b and a computing module 212c included in the privacy coordination node 212 belong to the data plane. Of course, in the specific implementation process, these functional modules necessarily need to depend on specific physical hardware, such as a network card, a processor, a memory, a hard disk, and so on, which are not described herein.
Wherein the blockchain node 211 invokes a privacy collaboration intelligent contract to generate events related to privacy collaboration between members according to blockchain transactions submitted to the blockchain network for privacy collaboration. If the scheduling module 212a monitors an event related to privacy cooperation between members, which is generated after the privacy cooperation intelligent contract is called, a resource scheduling instruction for the data plane is correspondingly generated. The network module 212b and the computing module 212c and the like allocate corresponding resources under the chain according to the resource scheduling instruction, so that processing such as network connection, privacy calculation and the like in the privacy cooperation process is realized.
And back to the system angle. As shown in fig. 3, taking members P1, P2, P3 and P4 as an example, the blockchain node 211 and the privacy cooperative node 212 are disposed on the node device 21 corresponding to the member P1, the blockchain node 221 and the privacy cooperative node 222 are disposed on the node device 22 corresponding to the member P2, the blockchain node 231 and the privacy cooperative node 232 are disposed on the node device 23 corresponding to the member P3, and the blockchain node 241 and the privacy cooperative node 242 are disposed on the node device 24 corresponding to the member P4.
Wherein the blockchain node 211, the blockchain node 221, the blockchain node 231, and the blockchain node 241 belong to the same blockchain network. If there are more members in the privacy collaboration system, the blockchain network may also include more blockchain nodes. In other words, the blockchain nodes included in the blockchain network can be all deployed on node devices corresponding to the members involved in the privacy collaboration system, so that information in the blockchain network can be ensured to be limited in the members, privacy protection is facilitated on the information, and leakage to other irrelevant objects participating in the blockchain network is prevented. For example, the blockchain network may be built by the members based on a federated chain mechanism, i.e., the members are federated chain members.
In some embodiments, other blockchain nodes may be included in the blockchain network, and these blockchain nodes may not belong to the "members" and do not participate in privacy collaboration between the members. For example, the blockchain network may be constructed based on a public chain mechanism, with the members corresponding to only a portion of the blockchain nodes in the blockchain network. For another example, the blockchain network may be built based on a federated chain mechanism, with the members being only part of the federated chain members, corresponding only to part of the blockchain nodes in the blockchain network.
The blockchain network may be a separately constructed blockchain network. Alternatively, the blockchain network may be a blockchain subnetwork that is built based on a blockchain main network that is another blockchain network that is distinct from the blockchain subnetwork. There are a variety of schemes for constructing blockchain subnets based on blockchain main networks in the related art, and all of them can be applied to this specification. Taking member P1 as an example, as shown in FIG. 4, assuming that member P1 originally joined the blockchain master network, a blockchain node 210 belonging to the blockchain master network is deployed on its corresponding node device 21. By initiating a contract call transaction to create a blockchain subnet, such as in the blockchain master network, node device 21 may monitor events generated by the contract call transaction indicating creation of a blockchain subnet, thereby deploying blockchain nodes 211 on the node device 21 that belong to the new blockchain subnet. Compared with a block chain main network, the block chain sub-network can independently maintain a block chain database (or directly called a block chain), independently consensus and the like, keep independence with the block chain main network, realize data isolation between each other, avoid mutual interference, and simultaneously can conveniently realize the management of the block chain sub-network through the block chain main network.
For the block chain nodes deployed on the node devices corresponding to the members, the block chain networks to which the block chain nodes belong store the description information of the data resources which are respectively issued by the members and held by the members. For example, each member may submit a registration information maintenance transaction to the blockchain network, respectively, where the registration information maintenance transaction may carry description information of the data resource held by the corresponding member, so that the description information of the data resource held by the corresponding member is verified by each blockchain link point in the blockchain network by processing the registration information maintenance transaction.
Various forms of the way in which the description information of the data resource is stored may exist. For example, the registration information maintenance transaction is necessarily packaged into a certain block and then added into the blockchain maintained by each block link point, so that the registration information maintenance transaction can be considered to be stored, which means that the description information of the data resource contained in the registration information maintenance transaction also realizes the storage in the blockchain network. For another example, the registration information maintenance transaction may call a privacy cooperation intelligent contract for implementing privacy cooperation in the blockchain network, and the contract account of the privacy cooperation intelligent contract includes a contract state for recording member registration information, so that each blockchain node may call and execute the privacy cooperation intelligent contract when processing the registration information maintenance transaction, thereby recording the description information of the data resource included in the registration information maintenance transaction into the contract state for recording member registration information as the content of the member registration information.
The contract state is stored, so that the contract state can be conveniently added, deleted, checked and the like in a subsequent mode of calling the privacy cooperation intelligent contract, and compared with a direct query block chain, the method has relatively higher efficiency and convenience. For example, under the inquiry scene, each block link point inquires about transaction according to the received registration information and inquires about contract state for recording member registration information, and under the scene of adding and deleting modification, each block link point maintains transaction according to the received registration information and adds new member registration information in the contract state for recording member registration information or modifies or deletes the existing member registration information in the contract state for recording member registration information. The privacy collaborative intelligent contract can support at least one of adding, deleting, modifying and checking the member registration information. The privacy collaboration smart contract may be a precompiled contract (Precompiled Contracts) integrated in the blockchain client program in advance, or may be a common smart contract deployed through blockchain transactions, which is not limited in this specification.
The description information of the data resource may be various information for describing the data resource, which is not limited in this specification. For example, the data resource may be a data set, and the corresponding description information may include fields included in each piece of data in the data set, that is, a schema (schema) of the data included in the data set. For example, when a member is a bank, the data resource held by the member may include an information table of registered users in the bank, and the corresponding description information may include fields of each piece of information in the information table, such as name, age, account number, remaining amount, and the like. As another example, the descriptive information may describe the corresponding data resources from other dimensions, such as data volume size, data entry year, data source, and the like.
In addition to the description information of the data resource, the member registration information may also include other information related to privacy collaboration, which is not limited in this specification. For example, the member registration information may further include a privacy calculation protocol type supported by the corresponding member. Thus, if a member wishes to perform privacy cooperation with other members, the privacy computing protocol types supported by other members can be confirmed based on the member registration information, and then the privacy computing protocol types supported by both parties are selected to promote privacy cooperation. The present description is not limited in terms of privacy calculation protocol types, which may include, for example, PSI (PRIVATE SET Intersection, privacy set intersection), GC (Garbled Circuit ), LR ((Logistic regression, logistic regression), etc., in the context of secure multiparty calculation.
Based on the above description, the privacy collaboration intelligence of the present specification is approximately one exemplary embodiment, and may include, for example, the following:
Res{
P1:Dset1;PSI
P2:Dset2;PSI;GC/LR
P3:Dset3;PSI;GC/LR
P4:Dset4;GC/LR
}
Interface{
Init(Px,Py,Proto)
Commit(Px,Py,Stat)
}
Res { } is used to record member registration information corresponding to each member. For example, in the above embodiment, the member registration information corresponding to each of the members P1 to P4 is specifically recorded. The member registration information corresponding to the member P1 is 'P1: dset1; PSI', wherein P1 is a member ID, dset1 is description information of data resources held by the member P1, and PSI is a privacy calculation protocol type supported by the member P1. The member registration information corresponding to the member P2 is 'P2: dset2; PSI; GC/LR', wherein P2 is a member ID, dset2 is description information of data resources held by the member P2, and PSI and GC/LR are privacy calculation protocol types supported by the member P2. The cases of members P3 and P4 are similar and will not be described again here.
Two interfaces are defined in Interface { }, wherein the Init () Interface is used for a member to initiate a request of privacy collaboration to other members, and the Commit () Interface is used for other members to acknowledge and respond to the request initiated by the member.
From the different stages, the privacy collaboration process can be divided into a negotiation stage and an execution stage.
In the negotiation stage, the blockchain transaction for privacy cooperation received by the control plane is a cooperation request transaction, the privacy cooperation related event generated by the privacy cooperation intelligent contract and related to the privacy cooperation between the members is a privacy cooperation request event, the privacy cooperation request event comprises information of a requester member and a responder member which participate in privacy calculation indicated by the cooperation request transaction, and the data plane is specifically used for initiating notification to the responder member based on a resource scheduling instruction and submitting cooperation confirmation transaction to the blockchain network in response to the confirmation operation of the responder member.
In cooperation with the structures of the node devices shown in fig. 2-3, the negotiation stage may specifically include the following steps shown in fig. 5:
Step 502, each block link point invokes a collaboration request logic in the privacy collaboration intelligent contract according to a collaboration request transaction submitted by a first member, and generates a privacy collaboration request event, wherein the privacy collaboration request event comprises information of a requester member and a responder member which participate in privacy computation indicated by the collaboration request transaction.
The first member may be any one member of the above members, that is, any one member may request, based on its own requirement, that another member perform privacy collaboration with itself. For example, a first member may request a second member, referred to hereinafter, to perform privacy collaboration with itself.
As described above, the blockchain network stores the description information of the data resources held by each member, so that the first member can acquire the description information of the data resources held by other members according to the description information, and select the member who wants to perform privacy collaboration from the description information. Taking the foregoing example of the privacy collaborative intelligent aggregate, it is assumed that the first member is the member P1, the data resource maintained by the member P1 is the dataset Dataset1, the fields of each data in the dataset Dataset include name, age, account number, remaining amount, etc., and the member P1 wishes to exchange the dataset Dataset1 with another dataset containing the same fields for privacy. Then, member P1 may query for the respective published descriptive information Dset2, dset3, and Dset4 of members P2, P3, and P4, corresponding to dataset Dataset maintained by member P2, dataset Dataset maintained by member P3, and dataset Dataset maintained by member P4, respectively, by submitting a registration information query transaction, such as described above, to the blockchain network.
Let Dset2 and Dset3 both meet the requirements of member P1. If the privacy cooperation intelligent contract does not record the privacy calculation protocol type supported by each member, for example, each member defaults to support the same privacy calculation protocol type, the member P1 can select any one or all of the requesting member P2 and the member P3 to perform privacy cooperation only based on the matching condition between the description information of the data resource.
If the privacy coordination intelligent contract records the privacy calculation protocol types supported by each member, the member P1 can further consider the privacy calculation protocol types supported by itself and the members P2 and P3, and select other members consistent with the privacy calculation protocol types supported by itself. In the foregoing example, the member P1 only supports the PSI algorithm, and the members P2 and P3 both support the PSI algorithm, so both satisfy the requirements of the member P1 in terms of description information of the data resources and supported privacy calculation protocol types. However, if the member P3 only supports GC algorithm and does not support PSI algorithm, the member P1 should not select to perform privacy collaboration with the member P3 even if the description information of the data resource of the member P3 meets the requirement of the member P1.
Assuming that member P1 chooses to perform a privacy collaboration with member P2, member P1 may submit a collaboration request transaction into the blockchain network, i.e., a blockchain transaction for requesting member P2 to perform a privacy collaboration with member P1. The collaboration request transaction is performed separately by each block link point in the blockchain network. For example, in the embodiment shown in FIG. 3, blockchain node 211, blockchain node 221, blockchain node 231, and blockchain node 241 may each obtain and execute the collaboration request transaction. The collaboration request transaction invokes collaboration request logic in the privacy collaboration intelligence contract, which refers to a processing logic defined in the privacy collaboration intelligence contract that is used to pass requests from the chain down to the chain that the requesting party member wishes the responding party member to make privacy collaboration with.
The requesting member and the responding member are members with different roles in the privacy collaboration, for example, in the above example, the member P1 wishes to perform privacy collaboration with the member P2, and then the member P1 is the requesting member and the member P2 is the responding member. Of course, the member P1 may request privacy collaboration with a plurality of members at the same time, and the number of the members is not limited in this specification. The collaboration request transaction may be provided as an enroll to the collaboration request logic described above, as information indicating the respondent members participating in the privacy calculation may be carried in a Data field, such as the collaboration request transaction. When information indicating a requesting party member participating in privacy calculations is used in a collaboration request transaction, if the requesting party member is the initiator of the collaboration request transaction, the information of the requesting party member is recorded in a field, such as from, of the collaboration request transaction, and can be provided as an entry to the collaboration request logic without being additionally recorded in a Data field, such as described above. Of course, since the information of the account address, wallet address, etc. of the transaction initiator, which is usually recorded in the from field, can be distinguished from the member ID of the requesting member, in order to avoid the collaboration request logic converting the account address or wallet address, etc. into the corresponding member ID, the information of the requesting member can also be carried in the Data field of the collaboration request transaction, for example, and can be provided as an entry to the collaboration request logic described above.
As previously described, the blockchain network also has its own supported privacy calculation protocol types issued by each member separately. Accordingly, the collaboration request transaction may also include a privacy calculation protocol type or a plurality of alternative privacy calculation protocol types suggested for use by the requesting member and provided as an enrolled reference to the collaboration request logic described above.
With the privacy collaboration intelligence contract example described above, collaboration request transactions may implement the invocation of collaboration request logic by invoking the Init () interface defined in the privacy collaboration intelligence contract. Specifically, the collaboration request transaction may define parameters within the Init () interface, such as defining a requester member px=p1, a responder member py=p2, and a privacy calculation protocol type proco=psi, to indicate that the member P1 is a requester member, the member P2 is a responder member, and the privacy calculation protocol type desired to be adopted is PSI.
Taking collaboration request logic as an example, the manner in which each block link point executes a privacy collaboration smart contract may vary due to the type of privacy collaboration smart contract. For example, when the privacy collaboration smart contract is a precompiled contract, the collaboration request logic is integrated in the client program of the blockchain node, which itself is already compiled machine code, so that each blockchain node can directly execute the collaboration request logic without having to temporarily interpret the execution of the code. When the privacy collaborative intelligent contract is a common intelligent contract, the collaborative request logic is usually an intermediate language such as a byte code compiled by a high-level language such as c++, and the like, so that each block link point needs to interpret and execute the code of the collaborative request logic in the form of the intermediate language. Of course, some common smart contracts may have been previously compiled into machine code in a high-level language such as c++, so that each blockchain node may also directly execute the corresponding collaboration request logic. The execution of other intelligent contract logic such as the collaboration validation logic in this specification is similar, and will not be described in detail.
Each blockchain node generates a corresponding privacy collaboration request event after executing the collaboration request logic. And because the blockchain node and the privacy cooperative node are deployed on each node device at the same time, the privacy cooperative node can screen the privacy cooperative request event by monitoring the contract event generated by the local blockchain node, thereby realizing information transfer from the chain to the chain. This mechanism of information transfer from the chain down through events may be referred to as an event mechanism.
After executing the blockchain transaction to invoke execution of the privacy collaborative smart contract, the blockchain node generates a corresponding receipt (receipt) that includes the event (event) described above. Each event entity will contain several fields like topic and data etc. The privacy coordination node may obtain a receipt generated by the link point of the block and read the topic of each event contained in the receipt. For example, the privacy collaboration request event, the privacy collaboration confirmation event, and the like described above may each correspond to a unique specific topic. Therefore, the privacy coordination node can identify the types of the events generated by the blockchain node based on the topic of the events, so as to accurately judge whether the privacy coordination request event, the privacy coordination confirmation event or other events are monitored. And information of the requesting party member and the responding party member, etc., may be recorded in the data field of the corresponding event.
Therefore, the member registration information of each member is stored by means of the blockchain network, so that each member can accurately and conveniently acquire the description information of the data resources held by other members, the supported privacy algorithm protocol type and the like, and the problems of misunderstanding, unequal information, low efficiency and the like possibly caused by off-line communication are avoided. Meanwhile, the privacy cooperation intelligent contract is called through the cooperation request transaction, so that corresponding records can be left on the blockchain no matter the cooperation request transaction is self or the privacy cooperation request event generated based on the privacy cooperation intelligent contract, each privacy cooperation is made to be found, and follow-up traceability is facilitated.
Step 504, after the privacy coordination node corresponding to the second member monitors the privacy coordination request event, if the second member is confirmed to belong to the responder member, a notification is initiated to the second member, and in response to the confirmation operation of the second member, a coordination confirmation transaction is submitted to the blockchain network.
As described above, the information of the requesting member and the responding member is recorded in the privacy collaboration request event, so after the privacy collaboration node corresponding to each member monitors the privacy collaboration request event, the information of the responding member in the privacy collaboration request event can be compared with the corresponding member, so as to determine whether the corresponding member belongs to the responding member. For example, assuming that the member of the requesting party recorded in the privacy cooperation request event is the member P1 and the member of the responding party is the member P2, as shown in fig. 3, the privacy cooperation node 212 discovers that the member P1 corresponding to itself does not belong to the member of the responding party and does not perform further processing after monitoring the privacy cooperation request event, the privacy cooperation node 222 discovers that the member P2 corresponding to itself belongs to the member of the responding party after monitoring the privacy cooperation request event and initiates notification to the member P2, and specifically, any form such as a short message, a mail, an instant messaging message, a client push message and the like can be adopted, which is not limited in this specification, the privacy cooperation node 232 discovers that the member P3 corresponding to itself does not belong to the member of the responding party and does not perform further processing after monitoring the privacy cooperation request event, and the privacy cooperation node 242 discovers that the member P4 corresponding to itself does not belong to the member of the responding party and does not perform further processing after monitoring the privacy cooperation request event. Thus, eventually only member P2, which is the member of the responder, will be notified, while the other members will not be disturbed.
The notification to the second member may contain information about the requesting member for the second member to confirm whether to accept the request. Of course, the notification may also contain other information for the second member to review to comprehensively determine whether to accept the request. For example, the privacy collaboration request event may include one privacy computing protocol type or multiple alternative privacy computing protocol types suggested for use by the requesting member, and information about the privacy computing protocol type may also be added to the notification to be viewed by the second member, and selected by the second member from among the multiple alternative privacy computing protocol types, if necessary. For another example, if multiple responder members are present at the same time, the notification may also be annotated with information of all of the responder members.
Each member may have multiple independent data resources at the same time and be published in the blockchain. Then the first member needs to note in the collaboration request transaction which data resource or data resources held by the respective participants are required to participate in the privacy collaboration. Accordingly, the privacy collaboration request event may include description information of data resources that the requesting member and the responding member each need to participate in privacy collaboration. The notification provided to the second member may include the description information of the data resource held by the second member and required to participate in the privacy collaboration, or may further include the description information of the data resource held by the first member and required to participate in the privacy collaboration, so as to be checked by the second member to comprehensively determine whether to accept the request.
If the second member confirms participation in the privacy cooperation, the second member may perform a confirmation operation, which may be any operation that is predefined and capable of expressing the confirmation intention of the second member. The privacy coordination node may submit a coordination confirmation transaction to the blockchain network based on the confirmation operation of the second member, that is, a blockchain transaction indicating that the second member confirms privacy coordination with the first member. Then, the two parties can realize the negotiation process based on the blockchain technology without carrying out downlink interaction between the second member and the first member or even knowing the downlink contact way of the other party, wherein the negotiation process comprises the steps of initiating a request of privacy cooperation by the first member and confirming the participation of the second member in the privacy cooperation, and the process is extremely simple and efficient.
In the execution stage, the blockchain transaction for privacy cooperation received by the control plane is a cooperation confirmation transaction, the privacy cooperation confirmation event is a privacy cooperation confirmation event which is correspondingly generated by the privacy cooperation intelligent contract and related to privacy cooperation between members, the privacy cooperation confirmation event comprises information of a requesting party member and a responding party member, and the data plane is specifically used for establishing network connection and participating in privacy calculation by utilizing the link resources on node equipment corresponding to the requesting party member and the responding party member based on a resource scheduling instruction.
In cooperation with the structure of each node device shown in fig. 2-3, the above-mentioned execution stage may specifically include the following steps shown in fig. 6:
Step 602, each block link point invokes a collaboration confirmation logic in a privacy collaboration intelligent contract according to the received collaboration confirmation transaction, and generates a privacy collaboration confirmation event, wherein the privacy collaboration confirmation event comprises information of the requester member and the responder member.
Suppose the first member is member P1 and the second member is member P2. The member P2 may submit a collaboration confirmation transaction to the blockchain network through the privacy collaboration node 222 as shown in fig. 3 to confirm the privacy collaboration proposed by the participating member P1. The collaboration validation transaction invokes collaboration validation logic in the privacy collaboration smart contract, which refers to processing logic defined in the privacy collaboration smart contract for passing the privacy collaboration requested by the participant requestor member about the confirmation of the responder member from the chain down the chain.
Similarly to the privacy collaboration request event, the information of the requesting party member and the responding party member may be contained in the privacy collaboration confirmation event so as to form a difference between different privacy collaboration confirmation events. Specifically, the collaboration confirmation transaction may carry the information of the requesting party member in the Data field. The information of the responder member may be carried in the Data field of the collaboration confirmation transaction as well, or may be characterized by the information of the From field, which is subsequently converted into the member ID of the responder member by the collaboration confirmation logic. In summary, this is similar to the collaboration request transaction described above.
The privacy collaboration validation event may also include a type of privacy computing protocol employed by the second member validation. The privacy collaboration request event may include a type of privacy computation protocol suggested by the requesting member, and the second member, if acknowledged, may carry information of the type of privacy computation protocol in a Data field, for example, in the collaboration acknowledgement transaction, thereby being entered as an entry into the collaboration acknowledgement logic for further delivery to the privacy collaboration acknowledgement event. Or the privacy collaboration request event may include a plurality of alternative privacy computation protocol types suggested by the requesting member, and the second member may select one privacy computation protocol type from the plurality of alternative privacy computation protocol types, and finally pass the privacy computation protocol type to the privacy collaboration confirmation event based on the manner described above by carrying the privacy computation protocol type in the collaboration confirmation transaction. The privacy collaboration request event may also be free of any privacy calculation protocol type suggested for use by the requesting member, and one privacy calculation protocol type may be proactively determined by the second member and ultimately passed to the privacy collaboration confirmation event by being carried in the collaboration confirmation transaction in a manner as previously described. Of course, if the privacy coordination nodes are uniformly configured with the unique and default privacy computing protocol types or uniformly configured with the selection rules for the privacy computing protocol types, the privacy coordination request event and the privacy coordination confirmation event may not include information of the privacy computing protocol types, and each privacy coordination node may automatically select the correct privacy computing protocol type to perform privacy coordination.
With the privacy collaboration intelligence contract example described above, collaboration validation transactions may implement the invocation of collaboration validation logic by invoking the Commit () interface defined in the privacy collaboration intelligence contract. Specifically, the collaboration validation transaction may define parameters within the command () interface, such as defining a requester member px=p1, a responder member py=p2, and a response result stat=true, to indicate that the member P1 is a requester member, the member P2 is a responder member, and the member P2 agrees to participate in privacy collaboration.
Step 604, after the privacy coordination node corresponding to any member monitors the privacy coordination confirmation event, if it is confirmed that any member belongs to the requesting member or the responding member, allocating network resources in the node device to establish network connection with other members participating in privacy calculation, and participating in privacy calculation by using the network connection and computing resources in the node device.
Similar to the privacy cooperation request event, the node equipment corresponding to each member is provided with the blockchain node and the privacy cooperation node at the same time, so that the privacy cooperation node can screen out the privacy cooperation confirmation event based on the event mechanism from the contract event generated by the local blockchain node, thereby realizing information transfer from the chain to the chain.
As described above, the information of the requesting member and the responding member is recorded in the privacy collaboration confirming event, so after the privacy collaboration node corresponding to each member monitors the privacy collaboration confirming event, the information of the responding member in the privacy collaboration confirming event can be compared with the corresponding member, so as to determine whether the corresponding member belongs to the requesting member or the responding member. For example, assuming that the requesting member recorded in the privacy collaboration confirmation event is the member P1 and the responding member is the member P2, as shown in fig. 3, the privacy collaboration node 212 discovers that the member P1 corresponding to itself belongs to the requesting member after hearing the privacy collaboration request event, the privacy collaboration node 222 discovers that the member P2 corresponding to itself belongs to the responding member after hearing the privacy collaboration request event, the privacy collaboration node 232 discovers that the member P3 corresponding to itself does not belong to the requesting member and the responding member after hearing the privacy collaboration request event, and therefore no further processing is performed, and the privacy collaboration node 242 discovers that the member P4 corresponding to itself does not belong to the requesting member and the responding member after hearing the privacy collaboration request event, and therefore no further processing is performed. Thus, the privacy coordination node 212 will allocate resources on the node device 21, the privacy coordination node 222 will allocate resources on the node device 22, thereby establishing a network connection between the privacy coordination node 212 and the privacy coordination node 222, and utilizing the network connection and computing resources in the node devices 21-12 to participate in the privacy calculations.
As described above, the off-chain resources on the node device may include network modules and computing modules. Correspondingly, the data plane is specifically used for scheduling the network module to perform network resource allocation for realizing network communication in the privacy cooperation process when the scheduling target of the resource scheduling instruction comprises network resources, and scheduling the computing module to perform computing resource allocation when the scheduling target of the resource scheduling instruction comprises computing resources, and calling the privacy cooperation algorithm library according to the privacy calculation protocol type indicated in the resource scheduling instruction for realizing privacy calculation in the privacy cooperation process. Taking the node device 21 as shown in fig. 2 as an example, the downlink resource on the node device 21 may include a network module 212b and a computing module 212c, where the computing module 212c is configured with a privacy collaboration algorithm library. The network module 212b is configured to allocate network resources according to the resource scheduling instruction, so as to implement network communication in the privacy collaboration process, such as establishing a network connection and performing data transmission based on the network connection. The computing module 212c is configured to perform computing resource allocation according to the resource scheduling instruction, and call the privacy cooperation algorithm library according to the privacy computing protocol type indicated in the resource scheduling instruction, so as to implement privacy computing.
Further, the coordination process between the scheduling module 212a, the network module 212b and the computing module 212c is described in detail in connection with the scheduling module 212 a. In general, the scheduling module 212a listens for contract events generated by the blockchain node 211, and accordingly schedules the network module 212b and the computing module 212c to utilize the network resources of the network module 212b and the computing resources of the computing module 212c, respectively, for application in a process related to privacy collaboration.
Specifically, if the scheduling module 212a listens to the privacy collaboration request event, it may initiate a notification when the member P1 belongs to the responder member. As previously described, if member P1 is a requestor member, or is not a requestor member nor a responder member, then the dispatch module 212a need not process.
If the scheduling module 212a monitors the privacy collaboration confirming event, it may issue a network resource scheduling instruction to the network module 212b and issue a computing resource scheduling instruction to the computing module 212c when the member P1 belongs to the requesting member or the responding member. Accordingly, the network module 212b is configured to allocate, according to the above-mentioned network resource scheduling instruction, the network resource in the node device 11 to establish network connection with other members participating in privacy computation, for example, when the member P1 is a requesting member and the member P2 is a responding member, the allocated network resource is used to establish network connection between the privacy coordination node 212 and the privacy coordination node 222. The computing module 212c is configured to participate in the privacy computation according to the computing resource scheduling instruction, using the network connection established by the network module 212b and the computing resources in the node device 11.
Therefore, the privacy cooperative node can automatically realize the scheduling of network resources and computing resources based on the privacy cooperative confirmation event, thereby automatically realizing the establishment of network connection and executing privacy computation. That is, besides the convenience and rapidness of communication negotiation can be realized, the technical scheme of the specification can confirm the event through privacy cooperation, so that the privacy cooperation intelligent contract can automatically schedule the resources under the chain of the node equipment based on the chain, and further the privacy cooperation among a plurality of members can be automatically completed, and the whole process is efficient and convenient.
And similar to the privacy cooperation request event, the privacy cooperation intelligent contract is called through the cooperation confirmation transaction, so that corresponding records can be left on the blockchain no matter the cooperation confirmation transaction is self or the privacy cooperation confirmation event generated based on the privacy cooperation intelligent contract, each privacy cooperation is made to be found, and the follow-up tracing is facilitated.
For network resources, the establishment of a network connection between the network resource on the node device 21 and other members participating in privacy calculations may be accomplished in a number of ways.
For example, the IP address of each blockchain node in the blockchain network, i.e., the IP address of the node device in which the blockchain node is located, may be queried from the local blockchain node 211 to thereby establish a network connection.
For another example, since each blockchain node establishes a network connection after joining the blockchain network, the established connection between the blockchain nodes in the blockchain network can be used, if any member belongs to a requesting member or a responding member, for any member, the established connection between the blockchain node on the node device and the blockchain node corresponding to other privacy computing members in the blockchain network can be determined for the node device where the privacy collaboration node corresponding to any member is located, and a new port number for privacy computing can be allocated to the determined established connection.
Take member P1 and member P2 as examples. Assume that a P2P connection is established between the blockchain node 211 corresponding to the member P1 and the blockchain node 221 corresponding to the member P2, the P2P connection is specifically established based on the IP address A1 of the node device 11 and the IP address A2 of the node device 12, and the port number specifically allocated for the blockchain instance is D1. Then, when node device 11 receives a communication message with IP address A1 and port number D1, it can be passed to blockchain node 211 for processing, and similarly, when node device 12 receives a communication message with IP address A2 and port number D1, it can be passed to blockchain node 221 for processing. On this basis, the node device 11 may assign a new port number D2 to the privacy cooperative node 212, where, if fig. 4 is combined, the new port number D2 may also be considered as being assigned to the network module 212b. Similarly, the node device 12 may assign a new port number D2 to the privacy coordination node 222. Then, when the node device 11 receives the communication message with the IP address A1 and the port number D2, the communication message may be forwarded to the privacy cooperative node 212 for processing, and similarly, when the node device 12 receives the communication message with the IP address A2 and the port number D2, the communication message may be forwarded to the privacy cooperative node 222 for processing.
Of course, instead of directly establishing P2P connections between blockchain nodes, connections may be established in other ways in some embodiments. For example, the blockchain nodes may access BTN (Blockchain Transmission Network, blockchain transport network) networks, respectively, with the BTN networks facilitating communication between the blockchain nodes. The BTN network is a special data transmission network, which is formed by combining a plurality of nodes with higher calculation power, higher reliability and higher stability, and is specially used for data transmission of a blockchain so as to ensure the safety and the integrity in the data transmission process. On the basis, network transmission between privacy cooperation nodes can be realized by utilizing network connection constructed by means of a BTN (binary tree network) between the blockchain nodes, so that the efficiency and safety of privacy cooperation can be improved by means of high speed, reliability and stability of the BTN.
For the computing resource, the privacy collaboration algorithm library configured thereon may be a full-scale privacy collaboration algorithm library corresponding to the full-scale privacy collaboration algorithm, or may be a lightweight privacy collaboration algorithm library corresponding to the privacy collaboration algorithm selected by the respective member. In practice, for all members of the whole system, at least one member or at most all member corresponding node devices may be configured with a full amount of privacy collaborative algorithm library, or at least one member or at most all member corresponding node devices may be configured with a light-weight privacy collaborative algorithm library, or a part of member corresponding node devices may be configured with a full amount of privacy collaborative algorithm library, and another part of member corresponding node devices may be configured with a light-weight privacy collaborative algorithm library. The light privacy cooperation algorithm library can only keep the privacy cooperation algorithms required by the corresponding members without configuring other privacy cooperation algorithms, so that the privacy cooperation algorithm library configured by the node equipment of the members is relatively lighter, the on-demand assembly/configuration of the privacy cooperation algorithm library is realized, and the dependence on the corresponding resources is minimized.
See the control plane and data plane architecture schematic as shown in fig. 7.
In the control plane to the left of the dashed line:
The contract event management module is used for registering various events, such as the privacy cooperation request event, the privacy cooperation confirmation event and the like, and the functions similar to the scheduling module are realized by acquiring the information of the events, such as the topic and the like, so as to monitor the events accurately.
The algorithm management module is used for managing the privacy collaborative algorithm library. Thus, after the privacy cooperation algorithm library is configured to each node device, the privacy cooperation system can still dynamically manage the privacy cooperation algorithm library. For example, the control plane (such as the algorithm management module) may be configured to invoke the privacy collaboration intelligent contract according to an algorithm update transaction submitted to the blockchain network, and correspondingly generate an algorithm update instruction for the data plane if an algorithm update event generated after the invocation of the privacy collaboration intelligent contract is monitored, and correspondingly, the data plane may be further configured to update a privacy collaboration algorithm contained in the privacy collaboration algorithm library according to the algorithm update instruction issued by the control plane, so as to add a new privacy collaboration algorithm and/or delete an original privacy collaboration algorithm.
The member management module may be configured to manage the aforementioned member registration information. For example, the related management is achieved by the registration information maintenance transaction described above.
The input/output management module is used to define a standard interface data format to enable interaction between the control plane and the data plane. In particular, it may be implemented in the form of a message queue to ensure that data is capable of asynchronously and reliably implementing interactions.
The network management module may be configured to manage related resources in the network, for example, by generating a resource scheduling instruction related to the network resource, and allocate the related resources in the network, so as to establish a blockchain P2P network in a blockchain scenario, a data interworking network in a privacy collaboration scenario, and so on.
In the data plane to the right of the dashed line:
The privacy cooperation algorithm library is used for realizing specific privacy calculation. Specifically, the privacy cooperation algorithm library can be in butt joint with the control plane through a preconfigured interface, so that a resource scheduling instruction related to the computing resource issued by the control plane is received, the computing resource is further distributed, and privacy calculation is realized based on the distributed computing resource. The related description of the privacy collaborative algorithm library can also refer to the foregoing.
The data interworking network may be a network established for use in a privacy collaboration process under the management of a network management module. As previously described, in some embodiments, the data interworking network may be entirely independent of the blockchain P2P network, while in other embodiments, the data interworking network may be constructed on the basis of the blockchain P2P network.
The interaction scheduler may implement decoupling between the computation and the network. Taking fig. 2 as an example, the interaction scheduler may be used to implement interactions between the network module 212b and the computing module 212c, and may be referred to as an interaction module. The interaction module is configured to create a send message queue for the communication request generated by the calculation module 212c, so that the network module 212b asynchronously forwards the communication request in the send message queue, and create a return message queue for the response message returned by the network module 212b, so that the calculation module 212c asynchronously processes the response message in the return message queue. In summary, by such asynchronous interactive scheduling, the computing module 212c may be shielded from network configuration information, ensuring stable operation of its private computing tasks.
In accordance with the privacy cooperation system with separated control plane and data plane, the present specification also provides a privacy cooperation method with separated control plane and data plane, wherein each member is respectively provided with a blockchain node on the corresponding node device, and the blockchain network to which the blockchain node belongs contains a privacy cooperation intelligent contract for realizing privacy cooperation. Referring to fig. 8, the method is applied to node equipment corresponding to any member, and includes:
Step 802, calling the privacy cooperation intelligent contract according to the blockchain transaction submitted to the blockchain network and used for privacy cooperation in a control plane, and correspondingly generating a resource scheduling instruction for a data plane if an event related to privacy cooperation between members and generated after the privacy cooperation intelligent contract is called is monitored and the event is related to any member;
And step 804, in the data plane, distributing the downlink resources on the node equipment according to the resource scheduling instruction issued by the control plane, so as to be used for the process that any member participates in privacy collaboration.
Optionally, the link resources on the node equipment comprise a network module and a computing module, wherein the computing module is configured with a privacy cooperation algorithm library;
The allocating the downlink resources on the node equipment according to the resource scheduling instruction issued by the control plane comprises the following steps:
When the scheduling target of the resource scheduling instruction comprises network resources, the network module is scheduled to allocate the network resources so as to realize network communication in the privacy cooperation process;
And under the condition that the scheduling target of the resource scheduling instruction comprises computing resources, scheduling the computing module to allocate the computing resources, and calling the privacy cooperation algorithm library according to the privacy computing protocol type indicated in the resource scheduling instruction so as to realize privacy computing in the privacy cooperation process.
Alternatively to this, the method may comprise,
The privacy cooperation algorithm library is a full-quantity privacy cooperation algorithm library and corresponds to the full-quantity privacy cooperation algorithm;
Or alternatively
The privacy cooperation algorithm library is a light privacy cooperation algorithm library and corresponds to the privacy cooperation algorithm selected by any member.
Optionally, the data plane further comprises an interaction module;
The allocating the downlink resources on the node equipment according to the resource scheduling instruction issued by the control plane comprises the following steps:
creating a sending message queue for the communication request generated by the computing module through an interaction module, so that the network module asynchronously forwards the communication request in the sending message queue;
and creating a returned message queue for the response message returned by the network module through the interaction module so that the response message in the returned message queue is asynchronously processed by the calculation module.
Alternatively to this, the method may comprise,
In the case that the blockchain transaction for privacy cooperation is a cooperation request transaction, the event related to privacy cooperation between the members is a privacy cooperation request event, and the privacy cooperation request event contains information of a requester member and a responder member which participate in privacy calculation indicated by the cooperation request transaction; the method for allocating the downlink resources on the node equipment according to the resource scheduling instruction issued by the control plane comprises the steps of initiating notification to any member serving as a member of a response party based on the resource scheduling instruction, and submitting a cooperative confirmation transaction to the blockchain network in response to a confirmation operation of the any member;
And distributing the link-down resources on the node equipment according to the resource scheduling instruction issued by a control plane, wherein the link-down resources on the node equipment are used for establishing network connection and participating in privacy calculation by utilizing the link-down resources on the node equipment under the condition that any member belongs to the requester member or the responder member based on the resource scheduling instruction.
It should be noted that, in this embodiment of the method, the interaction between the control plane and the data plane and the respective execution logic are described, which are consistent with the embodiments shown in fig. 1 to 7 in terms of technical solutions, and reference may be made to the foregoing descriptions about the embodiments shown in fig. 1 to 7, which are not repeated herein.
In summary, in the technical solution provided in the present disclosure, privacy collaboration is implemented through the blockchain network, so that a large number of expansion of the number of members can be supported by utilizing the decentralized characteristic of the blockchain network, and compared with the two-party peer mode, the one-master multi-slave mode and the like in the related art, the method and the device of the present disclosure have no adverse effects on stability, efficiency and other aspects of the existing members or networks, and have no performance bottleneck on the master node, and have extremely strong expandability. Meanwhile, the control plane and the data plane are separated, so that the control logic and the data processing are conveniently isolated and managed respectively, and the method has extremely high safety and flexibility. Particularly, a control plane is realized on a chain based on an intelligent contract technology, a data plane is realized by using the resources under the chain of the node equipment, and interaction between the upper chain and the lower chain is realized through an event mechanism, so that each control link realized by the control plane can carry out evidence reservation and file reservation on a block chain, and subsequent inquiry and tracing are convenient when necessary.
Fig. 9 is a schematic diagram of an electronic device in an exemplary embodiment. Referring to fig. 9, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a nonvolatile memory, and may include other required hardware. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs, and forms a device for hiding the address of the receiver or a device for verifying the attribution of the transaction on a logic level. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present description, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
Corresponding to the foregoing embodiments of the privacy coordination method in which the control plane and the data plane are separated, the present specification also provides embodiments of the privacy coordination device in which the control plane and the data plane are separated.
Referring to fig. 10, each member has a blockchain node disposed on a node device corresponding to each member, and the blockchain network to which the blockchain node belongs includes a privacy collaboration intelligent contract for implementing privacy collaboration, where the apparatus is applied to a node device corresponding to any member, and the apparatus may include:
a resource scheduling unit 1001, configured to cause a control plane to call the privacy collaboration intelligent contract according to a blockchain transaction submitted to the blockchain network for privacy collaboration, and generate a resource scheduling instruction for a data plane if an event related to privacy collaboration between members generated after the privacy collaboration intelligent contract is called is monitored and the event is related to any member;
And a response processing unit 1002, configured to enable the data plane to allocate, according to the resource scheduling instruction issued by the control plane, the downlink resources on the node device to be used in the process that any member participates in privacy collaboration.
Optionally, the link resources on the node equipment comprise a network module and a computing module, wherein the computing module is configured with a privacy cooperation algorithm library;
The response processing unit 1002 is specifically configured to:
When the scheduling target of the resource scheduling instruction comprises network resources, the network module is scheduled to allocate the network resources so as to realize network communication in the privacy cooperation process;
And under the condition that the scheduling target of the resource scheduling instruction comprises computing resources, scheduling the computing module to allocate the computing resources, and calling the privacy cooperation algorithm library according to the privacy computing protocol type indicated in the resource scheduling instruction so as to realize privacy computing in the privacy cooperation process.
Alternatively to this, the method may comprise,
The privacy cooperation algorithm library is a full-quantity privacy cooperation algorithm library and corresponds to the full-quantity privacy cooperation algorithm;
Or alternatively
The privacy cooperation algorithm library is a light privacy cooperation algorithm library and corresponds to the privacy cooperation algorithm selected by any member.
Optionally, the data plane further comprises an interaction module;
The response processing unit 1002 specifically is configured to:
creating a sending message queue for the communication request generated by the computing module through an interaction module, so that the network module asynchronously forwards the communication request in the sending message queue;
and creating a returned message queue for the response message returned by the network module through the interaction module so that the response message in the returned message queue is asynchronously processed by the calculation module.
Alternatively to this, the method may comprise,
In the case that the blockchain transaction for privacy cooperation is a cooperation request transaction, the event related to privacy cooperation between the members is a privacy cooperation request event, and the privacy cooperation request event contains information of a requester member and a responder member which participate in privacy calculation indicated by the cooperation request transaction; the response processing unit 1002 is specifically configured to initiate a notification to the any member that is a member of a responder based on the resource scheduling instruction, and submit a cooperative acknowledgement transaction to the blockchain network in response to an acknowledgement operation of the any member;
In the case that the blockchain transaction for privacy cooperation is a cooperative confirmation transaction, the event related to privacy cooperation between the members is a privacy cooperative confirmation event, wherein the privacy cooperative confirmation event comprises information of the requester member and the responder member, and the response processing unit 1002 is specifically configured to establish network connection and participate in privacy calculation by using a link-down resource on the node device under the condition that any member belongs to the requester member or the responder member based on the resource scheduling instruction.
The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
Based on the same conception as the above method, the present specification also provides an electronic device comprising a processor, a memory for storing executable instructions of the processor, wherein the processor implements the steps of the method according to any of the embodiments described above by executing the executable instructions.
Based on the same conception as the above method, the present specification also provides a computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of the method according to any of the above embodiments.
Based on the same conception as the above method, the present specification also provides a computer program product comprising a computer program/instruction which, when executed by a processor, implements the steps of the method according to any of the embodiments described above.