A Blockchain-Based Privacy Protection Method Based on Carbon Verification
By introducing a blockchain privacy protection method based on sparse Merkle trees and the MP-SPDZ protocol into carbon verification, the challenges of device identity management and privacy computation in carbon verification are solved, achieving efficient data verification and security protection.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HEBEI UNIV OF TECH
- Filing Date
- 2023-02-22
- Publication Date
- 2026-06-30
AI Technical Summary
Traditional carbon verification suffers from issues such as data tampering, verification equipment authenticity and reliability, and existing blockchain identity management solutions are ill-suited to the diversity of factory equipment and inconsistent computing capabilities. Furthermore, privacy computing cannot guarantee the correctness of data sources.
It adopts a distributed digital identity management and MP-SPDZ privacy computing network based on sparse Merkle trees, and combines blockchain to build a main-side chain structure. It realizes device identity management and privacy computing through smart contracts, uses sparse Merkle trees to optimize data storage and verification, and uses the MP-SPDZ protocol for efficient privacy computing.
It enables efficient management of device identity and privacy-preserving computation, improves data verification speed, reduces latency, ensures data security and privacy, adapts to carbon verification environments, and simplifies regulatory processes.
Smart Images

Figure CN116127516B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of carbon verification data protection technology, and in particular to a blockchain privacy protection method based on carbon verification. Background Technology
[0002] Traditional carbon verification, due to its centralized data management mechanism, is susceptible to data tampering during verification and tracing. Furthermore, the authenticity and reliability of verification equipment, as well as privacy concerns regarding the calculation of multi-party verification data, are also significant issues. Therefore, carbon verification management systems urgently need innovation in the area of data protection.
[0003] Decentralized blockchain technology enables the establishment of trust relationships in a decentralized network environment. Identity management technology is the foundation for information interaction between entities in data management mechanisms. By combining blockchain with identity management technology, the security issues of centralized data management mechanisms can be solved from a technical perspective, effectively improving data security in carbon verification. Currently, many scholars have improved identity management based on blockchain technology and achieved certain results. The article [lee J, BIDaS: Blockchain Based ID As a Service 2019 [C]. IEEE Access, 2018] introduces virtual IDs to identify the digital identities of entities in the blockchain and constructs a blockchain-based digital identity management model by binding IDs with public and private key information. The article [Khan, Secure and accountable TLS certificate management [J]. International Journal of Communication Systems, 2020] constructs a blockchain identity management scheme based on transport layer certificates, enabling certificate issuers and log servers to be accountable to the domain owner.
[0004] However, these schemes focus more on human identity management. In carbon verification, many entities are various pieces of equipment in factories, which not only have different models and interfaces, but also varying computing power in the blockchain network. If the above schemes are directly applied to carbon verification, not only will it be very difficult to create device identities, but the massive number of verification devices will also make the verification process extremely inefficient.
[0005] In the context of multi-party collaborative data privacy, privacy computation is a technology that allows participating parties to perform relevant calculations without disclosing the original data, thus solving the problem of collaborative computation that protects privacy among participating parties. However, privacy computation focuses on the privacy of the computation and cannot determine the correctness of the data source, a problem that blockchain can solve. By combining with blockchain, privacy computation of multi-party data can be achieved while ensuring data correctness. The article [Jiang X, Secure Multi-party Computation Scheme of Shared EnergyStorage Index Based on Blockchain Environment [C] 2021 IEEE Industrial and Commercial Power System Asia, 2021] implements a privacy computation protocol for energy storage node indices based on the hierarchical permissions of a consortium blockchain and homomorphic encryption. The article [Peng Yufei, Research on Blockchain-based Medical Information Privacy Protection Methods, 2021] combines a privacy computation protocol based on the Sharmir cryptographic sharing algorithm with blockchain to achieve secure sharing of medical privacy data. The above articles all combine privacy computation protocols with blockchain based on different security models; however, different security models have their own computation domains, making it difficult to compare computation protocols between different security models. Furthermore, to improve the protocol's scalability, its design should allow for the addition of specific protocols when necessary. The MP-SPDZ protocol is an extended implementation of the SPDZ-2 protocol. It not only includes all commonly used security models but also allows users to add specific protocols according to their needs. Additionally, MP-SPDZ implements command-line tools executed by a virtual machine, which not only reduces the learning curve for using the protocol but also greatly simplifies the instruction operations for performing multi-party computations. Summary of the Invention
[0006] To address privacy concerns in carbon verification scenarios, this invention provides a blockchain-based privacy protection model for carbon verification. This model optimizes both identity management and privacy-preserving computation. For identity management, a distributed digital identity based on a sparse Merkle tree is designed. While achieving autonomous identity for verification devices, the sparse Merkle tree optimizes the credential verification portion of the DID, improving verification speed. For privacy-preserving computation, an MPC network is constructed using MP-SPDZ, and related smart contracts are designed to achieve efficient connections between the blockchain and on-chain devices.
[0007] To solve the above-mentioned technical problems, the technical solution adopted by the present invention is as follows:
[0008] This invention provides a blockchain privacy protection method based on carbon verification, comprising the following steps:
[0009] S1: Establish a blockchain network, which is divided into two parts: a main chain and a side chain. The main chain nodes are composed of carbon verification regulatory departments, and the side chain nodes are composed of enterprises participating in the verification.
[0010] S2: Implement the DID (Decentralized Identifier) module using smart contracts on the sidechain. This module is used by the verification companies to build autonomous identities for devices participating in carbon verification. Its content is a distributed digital identity based on a sparse Merkle tree.
[0011] S3: Set up the MPC (Multi-Party Computation) network, which is responsible for implementing privacy computing tasks issued by the blockchain network. The computing nodes within the network execute the MP-SPDZ privacy computing protocol.
[0012] S4: Create an MPC smart contract on the blockchain network. There are 3 contracts in total. The contract is responsible for connecting the blockchain network and the on-chain devices with the MPC network. The blockchain network issues computing tasks, the MPC network performs privacy-preserving computing and returns the corresponding results.
[0013] Furthermore, in step S1: the blockchain network has a main-sidechain structure, wherein the sidechains are DPOS (Delegated Proof of Stake) sidechains implemented using the PlasmaCash framework; the sidechain nodes are composed of verification enterprises. After dividing the business scenarios of the verification enterprises, enterprises in the same scenario are chained into the same sidechain. Different sidechains are independent of each other and each implements the various functions required within the chain; the main chain nodes are composed of carbon verification regulatory departments. The main chain does not participate in the implementation of various functions, but is only responsible for supervising the activities of each sidechain, and at the same time, acts as a verifier to perform batch verification of the data on each sidechain.
[0014] Furthermore, in step S2: Distributed digital identity based on sparse Merkle tree. Based on distributed digital identity, a sparse Merkle tree is used to store the verifiable claims. After the device identity obtains a verifiable claim, the claim data is arranged in a tree-like hash and hashed. Then, an index is added at each leaf node. Data is stored in the corresponding index according to the calculated hash value. If there is no value at the index position, a null value is inserted. After the storage work is completed, hash calculation is performed sequentially from bottom to top to finally obtain the root hash value for storage. If subsequent stored claims need to be verified, only the index value and hash value need to be provided. A Merkle tree null value proof is performed according to the index position. If data exists, the root hash value is calculated using the provided hash value. If it is consistent with the stored root hash, the verification is successful.
[0015] Furthermore, in step S4: there are three types of smart contracts: node computing contract, device computing contract, and verification contract. The node computing contract is responsible for privacy computing tasks initiated by blockchain nodes. It confirms the computing party and computing data through the contract, and then hands the results over to the MPC network for computing and return. The device computing contract is responsible for privacy computing tasks involving on-chain devices. This contract first reads the identity of the on-chain device, hands it over to the verification contract for verification, and after verification, establishes a connection with the MPC network to read the data uploaded by the device for privacy computing.
[0016] The beneficial effects of adopting the above technical solution are as follows:
[0017] This invention proposes a blockchain privacy protection method based on carbon verification, which improves data protection in carbon verification scenarios from two aspects: identity management and privacy computation. This model not only achieves effective management of device identities, but also significantly improves the speed of the distributed digital identity verification method based on sparse Merkle trees compared to the original method. Simultaneously, the privacy computation network exhibits low latency under various security models, and its corresponding smart contracts enable efficient connection between the privacy computation network and the blockchain network. This effectively solves the data security problems caused by identity management in the carbon verification system and the protection of privacy data in multi-party computations.
[0018] Compared with traditional blockchain privacy protection models:
[0019] (1) The structure of the blockchain was optimized by allocating the regulatory part and the verification enterprises to different chains according to the business logic of carbon verification. This improved the efficiency of blockchain use and simplified the regulatory process, making the blockchain system more adaptable to the carbon verification environment. (2) The distributed digital identity was further optimized by redesigning the storage and verification of verifiable claims using sparse Merkle trees. This significantly improved the verification speed of claims while simplifying the storage structure of claims. (3) A privacy computing network was introduced, and privacy computing tasks were implemented by setting up node computing contracts, device computing contracts, and verification contracts. The contracts can achieve efficient connection between the privacy computing network and the blockchain network, and also realize effective identity verification and data transmission of on-chain devices.
[0020] Experimental testing was conducted on the blockchain privacy protection model proposed in this invention. Through experimental data analysis, the latency of all functions of the distributed digital identity based on sparse Merkle trees is at a low level, and the verification speed is 25% slower than that of traditional methods. The latency reduction is even more significant under large data volumes. The privacy computing network can effectively compute various security models, and the average latency of related smart contracts has remained stable below 1.3 seconds. Attached Figure Description
[0021] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.
[0022] Figure 1 This is the overall architecture of DID in the embodiments of the present invention;
[0023] Figure 2 This is a flowchart of the verification process in an embodiment of the present invention;
[0024] Figure 3 This is the overall architecture for privacy computing in the embodiments of the present invention;
[0025] Figure 4 This is an average latency diagram of the main DID modules in this embodiment of the invention;
[0026] Figure 5 This is a comparison chart of credential verification latency in an embodiment of the present invention;
[0027] Figure 6 This is a latency diagram of the MPC smart contract in an embodiment of the present invention. Detailed Implementation
[0028] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0029] The terms "comprising" and "having," and any variations thereof, used in the embodiments of this invention are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the steps or units listed, but may optionally include other steps or units not listed, or may optionally include other steps or units inherent to such processes, methods, products, or devices.
[0030] The architecture of this invention involves two parts: identity management and privacy computing. The architecture diagram of the identity management part is as follows: Figure 1 As shown, it includes the following steps:
[0031] S1: Establish a blockchain network. The main chain nodes are composed of the higher-level regulatory departments of carbon verification, which are responsible for the execution of regulatory rules and the anchoring of verification data. The side chains are divided into enterprises according to different business scenarios. Enterprises in the same scenario are chained into the same side chain and participate in data storage and verification through consensus mechanism.
[0032] S2: A DID module is implemented on the sidechain using smart contracts. This module, used by the verification enterprises, is used to build autonomous identities for devices participating in carbon verification. These identities are distributed digital identities based on a sparse Merkle tree. When device registration is required, the enterprise node executes the DID registration contract to create a DID identifier for the device. The input device information is stored in a concurrently generated DID document. The DID parser then establishes a one-to-one correspondence between the identifier and the document. After this process is complete, a node initiates verification, issuing a verifiable credential for the identifier, which is used by other nodes to verify the device's trustworthiness. Finally, the DID identifier is stored in the on-chain device, completing the entire registration process.
[0033] Figure 2 This paper demonstrates a distributed digital identity verification process based on a sparse Merkle tree. First, the entity being verified provides the storage index location and the hash value required for verification. The verifier then executes a Merkle tree non-existence proof algorithm based on the index location to verify the validity of the claim. Next, the verifier finds the corresponding leaf node based on the index value, fills in an empty value at that location to perform a Merkle tree null value existence proof, and determines whether the claim is valid. If the claim exists, the verifier calculates the root hash value based on the provided hash value and compares it with the stored value. If they match, the authenticity is proven.
[0034] Figure 3 The overall architecture of the privacy-preserving computation component mainly consists of three parts: the privacy-preserving computation network, MPC contracts, and computation participants. The privacy-preserving computation network comprises third-party nodes responsible for performing privacy-preserving computations according to an agreed-upon security model after receiving computation tasks. The MPC contract acts as a bridge between the computation participants and the privacy-preserving computation network. During task creation, the contract receives computation data from the participants and manages and schedules data from different sources in a unified manner. The contract also ensures the connection between the blockchain and the privacy-preserving computation network, guaranteeing that the network can respond to computation tasks and return results promptly. The computation participants primarily include blockchain nodes and certified devices. When the blockchain needs to store aggregated data from multiple enterprises, enterprise nodes can be used as participants in the privacy-preserving computation, executing MPC contracts to achieve privacy-preserving computation of multi-party data. For data collected directly by devices, when multi-party computation is required, the devices can be verified and used directly as data providers to perform privacy-preserving computations. The computation results are then returned to the respective enterprise nodes to which the devices belong for storage.
[0035] This invention utilizes a blockchain privacy protection model based on carbon verification for experimental verification.
[0036] Experiment 1: DID Performance Test
[0037] To evaluate the overall performance of DID, latency tests were conducted on the main modules of the identity authentication process: DID identifier creation, DID parsing, and DID document update. A series of concurrent experiments with 50, 100, 200, 500, and 800 runs were prepared, and the average latency of each module was recorded by calling its contract interface.
[0038] Experimental results are as follows Figure 4 As shown, DID creation only involves writing data to the blockchain, thus having the lowest average latency. DID parsing requires resolving the DID identifier into a DID document, therefore its latency is slightly higher than that of the DID identifier creation function. DID document updating involves writing new data back to the blockchain after parsing, thus having the highest latency. Overall, the latency of each module remains relatively stable at around 1.15 seconds when facing access requests of varying frequencies. Furthermore, in practical applications of carbon verification, device authentication is initiated by each enterprise node, and there are rarely a large number of requests to the same functional module. Therefore, DID identifiers can meet the various application scenarios of device authentication under carbon verification.
[0039] Experiment 2: Voucher Verification Performance Test
[0040] To further verify the performance improvement of credential verification achieved by sparse Merkle tree-based distributed digital identity, an experiment was designed to use the traditional DID credential verification method as a control group. The experiment first prepared verifiable claim sets with data sizes of 300, 800, 1300, 1800, and 2200. 50% of the data in each set was randomly selected, and both methods were used for credential verification. The average latency of each experimental group was taken as the latency value for that group. Figure 5 The experimental results show that traditional verification methods have lower latency when the data volume is small. However, as the data volume gradually increases, the latency of traditional methods rises rapidly, especially with large data volumes. This is because traditional verification methods are essentially similar to database queries, thus latency increases with larger data volumes. In contrast, the credential verification method based on sparse Merkle tree distributed digital identity uses a sparse Merkle tree algorithm, with the query operation employing sparse Merkle tree proofs, effectively mitigating the latency increase caused by increased data volume. Therefore, the credential verification method based on sparse Merkle tree distributed digital identity can effectively reduce latency and improve the efficiency of identity verification.
[0041] Experiment 3: Security Model Calculation Test
[0042] The MPC module primarily performs performance testing on the MPC network and MPC smart contracts. For the MPC network, since the MP-SPDZ protocol used in this paper is a secure multi-party computation protocol incorporating multiple security models, four common security models were selected for testing to ensure the effectiveness of each model. The experiment performed the same computational tasks on the protocols under all four security models. In addition to basic arithmetic operations, a total of 26 computational tests were conducted, including matrix multiplication, matrix transpose, and XOR operations. Specific protocol information and execution results are shown in Table 1.
[0043] Table 1 Security Model Operation Test
[0044]
[0045]
[0046] The data in the table shows that, when facing both malicious and partial integrity attacks, the computation time is kept within 1 second when the majority of participants in the multi-party computation are trustworthy; even when facing a malicious attack model where the majority of participants are dishonest, the computation time is still kept within 6 seconds. In the case of carbon verification, all participants in the multi-party computation are already linked to the blockchain network, and their trustworthiness is guaranteed by the blockchain. Therefore, when selecting a security model, the majority integrity security model protocol can be used to perform the computation.
[0047] Experiment 4: MPC Smart Contract Latency Test
[0048] MPC smart contracts act as intermediaries for communication between blockchain nodes and the MPC network; therefore, the runtime latency of MPC smart contracts directly determines the speed of multi-party computation in carbon verification. The experiment involved invoking the two main functional interfaces in the contract—writing multi-party computation task information and writing computation data—and initiating 50, 100, 200, 500, and 800 invocation requests to test the contract latency. Experimental data is as follows: Figure 6 As shown, when faced with concurrent requests of different orders of magnitude, the average latency of the two interfaces remains stable at less than 1.3 seconds, demonstrating their ability to connect to the blockchain and MPC network.
[0049] in conclusion:
[0050] This paper addresses data protection issues in carbon verification scenarios by improving both identity management and privacy computation. The proposed model not only achieves effective device identity management but also significantly improves the speed of the distributed digital identity verification method based on sparse Merkle trees compared to traditional methods. Furthermore, the privacy computation network exhibits low latency across various security models, and its corresponding smart contracts enable efficient connections between the privacy computation network and the blockchain network. This effectively solves data security issues caused by identity management in carbon verification systems and protects privacy data during multi-party computations. Experimental data analysis shows that the distributed digital identity based on sparse Merkle trees maintains low latency across all functions, with a 25% reduction in verification speed compared to traditional methods, and a more significant reduction in latency under large data volumes. The privacy computation network can perform efficient computations under various security models, and the average latency of related smart contracts remains consistently below 1.3 seconds, indicating that this model can be used to optimize blockchain privacy protection in carbon verification scenarios.
[0051] Corresponding to the above method, this embodiment of the invention also provides a computer-readable storage medium storing machine-executable instructions. When the machine-executable instructions are invoked and executed by a processor, the machine-executable instructions cause the processor to perform the steps of the above method.
[0052] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0053] Finally, it should be noted that the above-described embodiments are merely specific implementations of the present invention, used to illustrate the technical solutions of the present invention, and not to limit it. The scope of protection of the present invention is not limited thereto. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that any person skilled in the art can still modify or easily conceive of changes to the technical solutions described in the foregoing embodiments within the scope of the technology disclosed in the present invention, or make equivalent substitutions for some of the technical features; and these modifications, changes, or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention. All should be covered within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.
Claims
1. A blockchain privacy protection method based on carbon verification, characterized in that, Includes the following steps: S1: Establish a blockchain network, which is divided into two parts: a main chain and a side chain. The main chain nodes are composed of carbon verification regulatory departments, and the side chain nodes are composed of enterprises participating in the verification. S2: Implement the DID module using smart contracts on the sidechain. This module is used by the verification company to build autonomous identities for devices participating in carbon verification. The content of the DID module is a distributed digital identity based on a sparse Merkle tree. Distributed digital identity based on sparse Merkle trees is based on distributed digital identity. In the verifiable claims section, sparse Merkle trees are used to store the claims. After a device identity obtains a verifiable claim, the claim data is arranged in a tree-like hash structure and hashed. Then, an index is added at each leaf node. Data is stored in the corresponding index according to the calculated hash value. If there is no value at the index position, a null value is inserted. After the storage work is completed, hash calculation is performed from bottom to top to finally obtain the root hash value for storage. If subsequent stored claims need to be verified, only the index value and hash value are provided. Merkle tree null value proof is performed according to the index position. If the data exists, the root hash value is calculated using the provided hash value. If it is consistent with the stored root hash, the verification is successful. S3: Set up the MPC network, which is responsible for implementing the privacy computing tasks issued by the blockchain network. The computing nodes within the network execute the MP-SPDZ privacy computing protocol. S4: Create MPC smart contracts on the blockchain network. There are three contracts in total, responsible for establishing connections between the blockchain network, on-chain devices, and the MPC network. This enables the blockchain network to issue computation tasks, the MPC network to perform privacy-preserving computations, and return the corresponding results. There are three types of smart contracts: node computation contracts, device computation contracts, and verification contracts. The node computation contract is responsible for privacy-preserving computation tasks initiated by blockchain nodes. It confirms the computation parties and computation data through the contract, and then hands the computation results over to the MPC network and returns them. The device computation contract is responsible for privacy-preserving computation tasks involving on-chain devices. This contract first reads the identity of the on-chain device, which is then verified by the verification contract. After successful verification, it establishes a connection with the MPC network to read the data uploaded by the device and perform privacy-preserving computations.
2. The blockchain privacy protection method based on carbon verification according to claim 1, characterized in that, Step S1: The blockchain network has a main-sidechain structure, where the sidechains are DPOS sidechains implemented using the Plasma Cash framework; the sidechain nodes are composed of verification enterprises. After dividing the business scenarios of the verification enterprises, enterprises in the same scenario are chained into the same sidechain. Different sidechains are independent of each other and each implements the various functions required within the chain; the main chain nodes are composed of carbon verification regulatory departments. The main chain does not participate in the implementation of various functions, but is only responsible for supervising the activities of each sidechain, and at the same time, acts as a verifier to perform batch verification of the data on each sidechain.