A blockchain data-based secure archiving system and method
By introducing user nodes, leader nodes, data reading nodes, data deletion nodes, and trusted third parties into the blockchain system, and combining verifiable random functions and erasure coding technology, secure archiving and authorized access to blockchain data are achieved. This solves the problems of poor scalability and data privacy protection in blockchain storage, and realizes lightweight storage and data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SOUTHEAST UNIV
- Filing Date
- 2023-02-22
- Publication Date
- 2026-06-19
AI Technical Summary
The ever-increasing amount of data in blockchain systems leads to excessive storage pressure, poor storage scalability, and security risks and privacy protection issues after data archiving.
By employing user nodes, leader nodes, data reading nodes, data deletion nodes, trusted third parties, and cloud storage systems, and through steps such as blockchain historical data archiving, authorized reading of archived data, authorized deletion of archived data, and faulty data repair, combined with verifiable random functions, secret sharing, and erasure coding technologies, secure data archiving and authorized access are achieved.
It reduces the storage pressure on the blockchain system, achieves lightweight storage, ensures the immutability and integrity of data, enables authorized access and privacy protection of archived data, and solves the problem of data bloat in the blockchain system.
Smart Images

Figure CN116432246B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of blockchain data security technology, and mainly relates to a secure archiving system and method based on blockchain data. Background Technology
[0002] Blockchain is a distributed database characterized by decentralization, traceability, and immutability. Due to its strong security, blockchain technology is widely used in numerous data security storage scenarios, including healthcare, communication systems, and the Internet of Things.
[0003] To maintain data traceability and immutability, blockchain systems require on-chain data to be permanently stored, thus the amount of data in the blockchain network increases continuously over time. Simultaneously, blockchain nodes have consistency requirements; data copies across different nodes must remain consistent. Therefore, the amount of data stored on each node increases linearly over time, placing enormous storage pressure on nodes and reducing the efficiency of storage resource utilization. This poor storage scalability of blockchain limits its application in scenarios with large data volumes, becoming a bottleneck restricting the widespread adoption of blockchain applications.
[0004] Blockchain data archiving is currently an effective method to address the scalability issue of blockchain system storage. The main idea is that blockchain nodes reassemble, encrypt, and package inactive data stored on the chain before transferring it to an off-chain storage system. While blockchain data archiving can alleviate storage pressure on blockchain nodes, because archived data is stored in an off-chain database, verification of data integrity is only possible through the blockchain system, potentially leading to new security issues such as lost or leaked archived data. Furthermore, blockchain systems often allow any node to view data, raising privacy concerns. In real-world scenarios, accessing archived data often requires multi-party authorization, making traditional blockchains unsuitable.
[0005] In summary, how to achieve secure archiving of blockchain data and authorized access to archived data are technical problems that need to be solved. Summary of the Invention
[0006] This invention addresses the vulnerabilities in secure archiving and authorized access of blockchain data in existing technologies by providing a secure archiving system and method based on blockchain data. The secure archiving system includes a user node U, a leader node L, a data reading node R, a data deletion node D, a trusted third-party TTP, and a cloud storage system CSS. The secure archiving method includes at least four stages: archiving of historical blockchain data, authorized reading of archived data, authorized deletion of archived data, and recovery of faulty data. While retaining the functionality of the blockchain ledger, it reduces the storage pressure on the blockchain system, achieving lightweight storage and solving the problem of significant performance degradation caused by the continuous growth of ledger data over time. It also addresses the issue of data bloat in blockchain systems while ensuring data is unforgeable and tamper-proof. Furthermore, it enables authorized access to archived data, privacy protection, and faulty data repair.
[0007] To achieve the above objectives, the technical solution adopted by the present invention is: a secure archiving system based on blockchain data, including user node U, leader node L, data reading node R, data deletion node D, trusted third party TTP, and cloud storage system CSS;
[0008] The user node U is a blockchain node without a special identity. Each user corresponds to one node. User node U completes off-chain data archiving through consensus voting and retrieves the archived data after obtaining authorization.
[0009] The leader node L is selected from the user node U through a verifiable random function and is used to lead the system to complete the archiving of block data.
[0010] The data reading node R and the data deletion node D are user nodes U used to read and delete archived data, respectively.
[0011] The trusted third-party TTP interacts with the cloud storage system CSS to complete data archiving, reading, and deletion, and uses erasure coding to solve the problem of centralized database storage failure;
[0012] The cloud storage system CSS is used to archive and store historical blockchain data.
[0013] To achieve the above objectives, the technical solution adopted by this invention is: a secure archiving method based on blockchain data, comprising at least blockchain historical data archiving, authorized reading of archived data, authorized deletion of archived data, and faulty data repair, specifically as follows:
[0014] S1. Blockchain historical data archiving: User node U determines whether to archive the block data off-chain based on the data activity. When the data meets the archiving conditions, the system will select leader node L to start the data archiving process, encrypt the block data B(h) and archive it to the cloud storage system CSS, and share the key (n,k).
[0015] S2, Authorized Reading of Archived Data: Data reading node R needs to obtain authorization from k nodes on the chain through voting consensus to retrieve archived data. After obtaining authorization, data reading node R can download the corresponding data from the cloud storage system CSS and reconstruct the key using the obtained k secret shares to decrypt and read the archived data.
[0016] S3. Authorized Deletion of Archived Data: The data deletion node D deletes archived data by obtaining authorization from k nodes on the chain through voting consensus. After obtaining authorization, the node deletes the corresponding archived data in the cloud storage system CSS.
[0017] S4. Fault Data Repair: If archived data in the cloud storage system CSS is found to be corrupted during the data reading process, the trusted third party TTP will initiate a data repair process to repair the fault data.
[0018] As an improvement to the present invention, the specific steps of the off-chain archiving method for blockchain historical data in step S1 are as follows:
[0019] S11. Leader Node L Selection: The leader node L is selected by the system using a verifiable random function algorithm. It is used to collect system parameters and guide user nodes U to complete the data archiving process. All user nodes U in the system generate their own random numbers v. i and corresponding proof i And broadcast it to all other nodes, user node U receives the v sent by the other nodes. i and proof i Then, verification is performed, and the node with the largest random number is selected as the leader node.
[0020] S12, Data Upload: The leader node L collects information from other user nodes U in the network and uploads data according to v. i Sort all user nodes U in the network, then the leader node L encrypts block data B(h) and requests archived block B(h) from a trusted third party TTP, and sends encrypted data CT. h The trusted third-party TTP generates a verification block using erasure coding algorithms and then uploads the encrypted data block and the verification data block to the cloud storage system CSS.
[0021] S13. Key Sharing: After the trusted third-party TTP uploads the block data, it secretly shares the data key Key (n,k) and distributes secret shares to the corresponding user node U according to the relevant parameters received in step S12. <f(x i ),x i > and data retrieval Index(h), the secret share is encrypted with the public key of the corresponding user node U and sent to the corresponding node;
[0022] S14, Block Data Deletion: User node U receives the corresponding secret share. <f(x i ),x i >After retrieving the data index(h), delete the local block data B(h).
[0023] As an improvement to the present invention, the specific steps for selecting the leader node L in step S11 are as follows:
[0024] S111: All user nodes U in the blockchain i Random numbers v are all calculated using verifiable random functions. i and corresponding proof i : <v i proof i >=VRF(seed,SK i ), and assign a random number v i and corresponding proof i Broadcast to other user nodes U in the blockchain network, where seed is the random number seed and SK i For user node U i The private key;
[0025] S112: The user node receives a U from another user node in the network. i Broadcast <v i proof i First, verify the correctness of the random numbers using a verification function: VRF. verify (PK i ,v i proof i (seed), find the user node v corresponding to the largest number among the verified random numbers. max =Max(v i ), select it as the leader node L and broadcast the message msg← <leadernodeid>If a node is selected by k nodes in the network, it is chosen as the leader node L for this round of data archiving.
[0026] As another improvement of the present invention, the data upload in step S12 specifically includes:
[0027] S121: Leader node L sends a parameter collection request message msg to other nodes in the blockchain network. <parametersrequset>Collect v from each user node i proof i address i PK i , where v i and proof i User node U i The random number generated in step S11 and the proof, address i User node U i Address parameters, PK i User node U i The public key;
[0028] S122: Leader randomly generates encryption key dk h ←{0,1} λ The ciphertext CT is obtained by encrypting block data using a symmetric encryption algorithm. h ←AESEnc(B(h),dk h );
[0029] S123: Leader node L sends a data archiving request to a trusted third party, and simultaneously sends the encrypted data block msg. <DataStorageRequest(h,CT h )>;
[0030] S124: Trusted third party TTP will encrypt the ciphertext CT h Store the data in the cloud storage system CSS, obtain the data storage credential Index(h), and send it to the leader node L.
[0031] As another improvement of the present invention, key sharing in step S13 specifically includes:
[0032] S131: After receiving the parameter set from user node U, leader node L verifies the correctness of the random number using a verification function: VRF verify (PK i ,v i proof i (,seed), will verify the nodes according to v i sort(V) by size;
[0033] S132: Leader node L, acting as the Deader, transmits the data key dk. h The formula for performing secret sharing in (n,k) is as follows:
[0034] f(x) = a0 + a1x + ... + a (k-1) x k-1
[0035] Let a0←dk h Choose any n numbers, x1, x2, ..., xn. i ,…,x n Substitute the polynomials to calculate f(x1),…,f(x) i ),….,f(x n ), obtain n secret shares <f(x i ),x i >;
[0036] S133: Allocate secret shares according to the sorted node order. First, the secret shares are allocated through the corresponding user node U. i Encrypt the public key, then use the user node U i secret share <f(x i ),x i >And send the data cloud storage retrieval index(h) to the corresponding user node U. i .
[0037] As another improvement of the present invention, the specific steps of the archived data authorized reading method based on secret sharing in step S2 are as follows:
[0038] S21: Data reader node R broadcasts a data read request msg to the blockchain network.<DataRequestConsensus(B(h),PK)> ;
[0039] S22: After receiving a data read request from data read node R, user node U determines whether to authorize data read node R to retrieve archived data and sends a vote msg to data read node R. <vote i ∈{0,1}>, where 0 represents disagreement with authorization and 1 represents agreement with authorization; if user node U agrees with authorization, it will release its secret share while completing the vote. <f(x i ),x i >Use the public key PK of data reader node R to encrypt and send it to data reader node R;
[0040] S23: If data reading node R receives voting authorization from at least k user nodes U in the network, it sends a data retrieval request to the trusted third party TTP. msg←<DataRequest(B(h),Index(h))> ;
[0041] S24: After receiving the data retrieval request, the trusted third party TTP downloads the encrypted data CT from the cloud storage system CSS according to Index(h). h ←DownLoad(B(h),Index(h)) is then sent to the data reading node R;
[0042] S25: Data reading node R passes at least k secret shares <f(x i ),x i >Reconstruct data key dk h ←{<f(x1),x1> ,…, <f(x i ),x i >,…, <f(x k ),x k The corresponding formula is as follows:
[0043]
[0044] S26: Data reading node R reads the reconstructed key dk h Decrypt archived block data B(h) ← AESDec(CT) h ,dk h ).
[0045] As a further improvement of the present invention, the specific steps of the archived data authorization deletion method based on secret sharing in step S3 are as follows:
[0046] S31. Data deletion node D broadcasts a data deletion request msg to the blockchain network.<DataDelRequest(B(h),Index(h))> ;
[0047] S32. After receiving the data deletion request, user node U determines whether to authorize the data deletion request and sends a voting message msg← to data deletion node D and trusted third party TTP. <vote i ∈{0,1}>, where 0 represents disagreement with authorization and 1 represents agreement with authorization; if user node U agrees with authorization, it will release its secret share while completing the vote. <f(x i ),x i >Use the public key PK of data deletion node D to encrypt and send it to data deletion node D;
[0048] S33. If data deletion node D receives voting authorization from at least k user nodes U in the network, then it proceeds by using at least k secret shares. <f(x i ),x i >Reconstruct data key dk h ←{<f(x1),x1> ,…, <f(x i ),x i >,…, <f(x k ),x k The corresponding formula is as follows:
[0049]
[0050] Send a data deletion request to a trusted third-party TTP: msg← <DataDelRequest,B(h),Index(h),
[0051] dk h ,hashvalue(B(h))>, where hashvalue(B(h)) is the hash value of block B(h);
[0052] S34. Upon receiving a data deletion request, the trusted third party TTP downloads the archived encrypted data CT from the cloud storage system CSS. h ←Download(B(h),Index(h)) and use the decryption key dk h Decrypt archived block data And verify based on hashvalue(B(h)):
[0053]
[0054] If the verification passes, the data CT in the cloud storage system's CSS will be deleted. h ,P1,…,P m And re-encode:
[0055]
[0056] Save the new encoded block after re-encoding
[0057] As a further improvement of the present invention, the specific steps of the cloud storage scheme based on erasure coding in step S4, fault data repair, are as follows:
[0058] S41. After a trusted third-party TTP archives t blocks consecutively, Reed-Solomon is used to generate m redundant blocks to prevent single point of failure in the cloud storage system's CSS.
[0059] <CT h ,…,CT h+t ,P1,…,P m >←RSCODE(CT h ,…,CT h+t );
[0060] S42. If a block of data is found to be lost or corrupted during the data reading process, the trusted third-party TTP initiates a data repair process to collect data. <CT h ,…,CT h+t ,P1,…,P m Redundant coded block decoding and repair CT h :
[0061] CT h ←RSDECODE(CT h ,…,CT h+t ,P1,…,P m );
[0062] S43, Repairing the CT scan h Then re-upload the CT scan. h Go to the cloud storage system's CSS and obtain the new Index(h). new Send an Index update message msg to all user nodes U in the blockchain ← <Index(h) new >
[0063] Compared with existing technologies, this invention provides a secure archiving system and method for blockchain data, which has the following advantages:
[0064] (1) The blockchain historical data off-chain archiving method designed in this invention can ensure the integrity and immutability of the archived data, while breaking the storage limitations of the blockchain by using outsourced storage.
[0065] (2) The archive data authorized reading / deletion method based on secret sharing designed in this invention can realize authorized access to archive data, thereby protecting the privacy of the data.
[0066] (3) The cloud storage solution based on erasure coding fault tolerance technology designed in this invention can ensure data security by adding redundancy to repair storage faults.
[0067] (4) The method of the present invention can solve the problem of significant performance degradation caused by the continuous growth of ledger data in the blockchain system over time. While retaining the blockchain ledger function, it reduces the storage pressure of the blockchain system and realizes lightweight storage of the blockchain system. Attached Figure Description
[0068] Figure 1 This is a structural diagram of a secure archiving system for blockchain data according to the present invention;
[0069] Figure 2 This is a schematic diagram of the message interaction in step S11 of the secure archiving method for blockchain data according to the present invention, which is a leader node L selection algorithm message interaction diagram.
[0070] Figure 3 This is a schematic diagram of the data archiving process message interaction in steps S12-S14 of the secure archiving method for blockchain data according to the present invention;
[0071] Figure 4 This is a schematic diagram of the data reading process message interaction in step S2 of the secure archiving method based on blockchain data of the present invention. Detailed Implementation
[0072] The present invention will be further illustrated below with reference to the accompanying drawings and specific embodiments. It should be understood that the following specific embodiments are for illustrative purposes only and are not intended to limit the scope of the present invention.
[0073] Example 1
[0074] A secure archiving system based on blockchain data, such as Figure 1 As shown, the system includes user nodes U, leader nodes L, data reading nodes R, data deleting nodes D, a trusted third party TTP, and a cloud storage system CSS. User nodes U are blockchain nodes without special identities; each user corresponds to one node. User nodes U complete off-chain data archiving through consensus voting and can retrieve off-chain data after authorization. Leader nodes L are selected from user nodes U through a verifiable random function and are used to lead the system in completing the archiving and storage of block data. Data reading / deleting nodes are user nodes U that need to read / delete archived data. The cloud storage system CSS is used to implement off-chain archiving of historical blockchain data and uses erasure coding fault tolerance mechanisms to solve the problem of single points of failure in centralized databases.
[0075] A secure archiving method for blockchain-based data includes the following steps:
[0076] Step S1: Archiving Blockchain Historical Data
[0077] S11, Leader Node L Selection
[0078] like Figure 2 As shown, all user nodes Ui in the blockchain calculate a random number v using a verifiable random function. i and corresponding proof i : <v i proof i >=VRF(seed,SK i ), and assign a random number v i and corresponding proof i Broadcast to other user nodes U in the blockchain network, where seed is the random number seed and SK i For user node U i The private key; user nodes will receive broadcasts from other user nodes in the network. <v i proof i First, verify the correctness of the random numbers using a verification function: VRF. verify (PK i ,v i proof i Find the largest number node v among the validated random numbers (seed). max =Max(v i ), select it as the leader node L and broadcast the message msg← <leadernodeid>If a node is selected by k nodes in the network, it is chosen as the leader node L for this round of data archiving.
[0079] S12, Data Upload
[0080] like Figure 3 As shown, the leader node L sends a parameter collection message msg to other nodes in the blockchain network. <parametersrequest>Collect each user node U i v i proof i address i PK i , where v i and proof i It is the random number and proof generated by user node Ui in step S11, address i User node U i Address parameters, PK i User node U i The public key; the leader randomly generates the encryption key dk. h ←{0,1} λ Then, symmetric encryption algorithms such as AES are used to encrypt the block data and write the ciphertext CT. h ←AESEnc(B(h),dk h Then, the leader node L sends a data archiving request to the trusted third party, and simultaneously sends the encrypted data block msg. <DataStorageRequest(h,CT h Trusted third party TTP will encrypt the ciphertext CT. h Store the data in the cloud storage system CSS, obtain the data storage credential Index(h), and send it to the leader node L.
[0081] S13, Key Sharing
[0082] like Figure 3 As shown, after receiving the parameter set from user node U, the leader node L first verifies the correctness of the random number through a verification function: VRF. verify (PK i ,v i proof i (,seed), will verify the nodes according to v i Sort by size sort(V); Leader node L, acting as the Deader, sets the data key dk h The formula for performing secret sharing in (n,k) is as follows:
[0083] f i (x)=a i0 +a i1 x + … + a i(k-1) x k-1
[0084] Let a i0 ←dk h The secret share is allocated according to the sorted node order. First, the secret share is allocated through the corresponding user node U. i Encrypt the public key, then use the user node U i secret share <f(x i ),x i >And send the data cloud storage retrieval index(h) to the corresponding user node U. i ;
[0085] S14, Block Data Deletion
[0086] like Figure 3 As shown, user node U receives the corresponding secret share. <f(x i ),x i After retrieving the data index (h), retain the block header and secret share of block B (h). <f(x i ),x i >And data retrieval index, delete block body of block data B(h).
[0087] Step S2: Authorize access to archived data
[0088] like Figure 4 As shown, a data reading node needs authorization from at least k nodes in the blockchain network to retrieve archived data. The data reading node broadcasts a data reading request to the blockchain network. Other user nodes U, upon receiving the request, determine whether to authorize the data reading node to retrieve the archived data. If the data reading node receives authorization from at least k nodes in the network, it sends a data retrieval request to a trusted third party, TTP. The specific steps are as follows:
[0089] S21, The data reading node broadcasts a data reading request (msg) to the blockchain network.<DataRequestConsensus(B(h),PK)> ;
[0090] S22. After receiving the data read request from the data read node, user node U determines whether to authorize the data read node to retrieve archived data and sends a vote msg to the data read node. <vote i ∈{0,1}>, where 0 represents disagreement with authorization and 1 represents agreement with authorization; if user node U agrees with authorization, it will release its secret share while completing the vote. <f(x i ),x i >Use the public key PK of the data reading node to encrypt and send it to the data reading node;
[0091] S23. If the data reading node receives voting authorization from at least k user nodes U in the network, it sends a data retrieval request to the trusted third party TTP.<DataRequest(B(h),Index(h))> .
[0092] like Figure 4 As shown, after receiving the data retrieval request, the trusted third party TTP downloads the archived encrypted data from the cloud storage system CSS according to Index(h) and sends it to the data reading node. In step S21, after the user node U receives the data reading request from the data reading node, if it determines that authorization is possible, it completes the voting and simultaneously allocates its own secret share. <f(x i ),x i The data is sent to the data reading node, which reconstructs the key based on the received k secret shares and uses the key to decrypt the archived data. The specific steps are as follows:
[0093] S24. After receiving the data retrieval request, the trusted third party TTP downloads the archived encrypted data CT from the cloud storage system CSS according to Index(h). h ←DownLoad(B(h),Index(h)) is then sent to the data reading node;
[0094] S25, Data reading nodes use at least k secret shares <f(x i ),x i >Reconstruct data key dk h ←{<f(x1),x1> ,…, <f(x i ),x i >,…, <f(x k ),x k The corresponding formula is as follows:
[0095]
[0096] S26. The data reading node reads the reconstructed key dk. h Decrypt archived block data B(h) ← AESDec(CT) h ,dk h ).
[0097] Step S3: Authorize the deletion of archived data
[0098] S31, The data deletion node broadcasts a data deletion request (msg) to the blockchain network.<DataDelRequest(B(h),Index(h))> ;
[0099] S32. After receiving the data deletion request, user node U determines whether to authorize the data deletion request and sends a voting message msg← to the data deletion node and the trusted third party TTP. <vote i ∈{0,1}>, where 0 represents disagreement with authorization and 1 represents agreement with authorization; if user node U agrees with authorization, it will release its secret share while completing the vote. <f(x i ),x i >Use the public key PK of the data deletion node to encrypt and send it to the data deletion node D;
[0100] S33. If the data deletion node receives voting authorization from at least k user nodes U in the network, it will then use at least k secret shares. <f(x i ),x i >Reconstruct data key dk h ←{<f(x1),x1> ,…, <f(x i ),x i >,…, <f(x k ),x k The corresponding formula is as follows:
[0101]
[0102] Send a data deletion request to a trusted third-party TTP: msg← <DataDelRequest,B(h),Index(h),dk h ,hashvalue(B(h))>, where hashvalue(B(h)) is the hash value of block B(h).
[0103] S34. Upon receiving a data deletion request, the trusted third party TTP downloads the archived encrypted data CT from the cloud storage system CSS. h ←Download(B(h),Index(h)) Decryption key dk h Decrypt archived block data And verify based on hashvalue(B(h)):
[0104]
[0105] If the verification passes, delete the data CT from the cloud storage system's CSS. h ,P1,…,P m And re-encode:
[0106]
[0107] Save the new encoded block after re-encoding
[0108] Step S4, Fault Data Repair:
[0109] S41. After a trusted third-party TTP archives t blocks consecutively, Reed-Solomon is used to generate m redundant blocks to prevent single point of failure in the cloud storage system's CSS.
[0110] <CT h ,…,CT h+t ,P1,…,P m >←RSCODE(CT h ,…,CT h+t );
[0111] S42. If a block of data is found to be lost or corrupted during the data reading process, the trusted third-party TTP initiates a data repair process to collect data. <CT h ,…,CT h+t ,P1,…,P m Redundant coded block decoding and repair CT h :
[0112] CT h ←RSDECODE(CT h ,…,CT h+t ,P1,…,P m );
[0113] S43, Repairing the CT scan h Then re-upload the CT scan. h Go to the cloud storage system's CSS and obtain the new Index(h). new Send an Index update message msg to all user nodes U in the blockchain ← <Index(h) new >
[0114] As can be seen from the above embodiments, this invention can solve the problem of significant performance degradation in blockchain systems caused by the continuous growth of ledger data over time. The designed blockchain historical data archiving method can solve the problem of data bloat in blockchain systems while ensuring data is unforgeable and tamper-proof; the designed secret-sharing-based key management mechanism can protect data privacy while enabling authorized access to archived data; the designed erasure coding cloud storage solution can repair faulty data, thereby ensuring data security; this solution can effectively alleviate the storage pressure on blockchain nodes while preserving the security of blockchain ledger data, enhancing the privacy of blockchain ledger data, and achieving lightweight storage for blockchain systems.
[0115] It should be noted that the above content merely illustrates the technical concept of the present invention and should not be construed as limiting the scope of protection of the present invention. For those skilled in the art, various improvements and modifications can be made without departing from the principle of the present invention, and all such improvements and modifications fall within the scope of protection of the claims of the present invention.< / parametersrequest> < / leadernodeid> < / parametersrequset> < / leadernodeid>
Claims
1. A method for secure archiving based on blockchain data, characterized in that: It includes at least the archiving of historical blockchain data, authorized reading of archived data, authorized deletion of archived data, and repair of faulty data, specifically: S1, blockchain historical data archiving: the user node U judges whether to archive the block data off-chain according to the data activity, when the data meets the archiving condition, the system will select the leader node L to start the data archiving process, and archive the block data After encryption to the cloud storage system CSS, and share the key ; S11. Leader Node L Selection: The leader node L is selected by the system using a verifiable random function algorithm. It is used to collect system parameters and guide user nodes U to complete the data archiving process. All user nodes U in the system generate their own random numbers. and the corresponding proof And broadcast it to all other nodes, and user node U receives the messages from the other nodes. and Then, verification is performed, and the node with the largest random number is selected as the leader node. S12, Data Upload: The leader node L collects information from other user nodes U in the network and, based on... Sort all user nodes U in the network, then leader node L sorts the block data. After encryption, request archive blocks from a trusted third party, TTP. And send encrypted data The trusted third-party TTP generates a verification block using erasure coding algorithms and then uploads the encrypted data block and the verification data block to the cloud storage system CSS. S13. Key Sharing: After a trusted third-party TTP uploads block data, it shares the data key. Do Secret sharing is performed, and secret shares are distributed to the corresponding user node U according to the relevant parameters received in step S12. and data retrieval The secret share is encrypted using the public key of the corresponding user node U and then sent to the corresponding node. S14, Block Data Deletion: User node U receives the corresponding secret share. and data retrieval Then delete the local block data. ; S2. Authorized Reading of Archived Data: Data reading node R needs to obtain on-chain consensus through voting to retrieve archived data. Once authorized, data reading node R can download the corresponding data from the cloud storage system CSS and use the obtained authorization. The secret share is used to reconstruct the key to decrypt and read the archived data; S3. Authorized Deletion of Archived Data: Data deletion node D deletes archived data through on-chain consensus via voting. Authorize each node, and once authorized, the node will delete the corresponding archived data in the cloud storage system's CSS. S4. Fault Data Repair: If archived data in the cloud storage system CSS is found to be corrupted during the data reading process, the trusted third party TTP will initiate a data repair process to repair the fault data.
2. The secure archiving method for blockchain data as described in claim 1, characterized in that: The specific steps for selecting the leader node L in step S11 are as follows: S111: All user nodes in the blockchain Random numbers are calculated using verifiable random functions. and the corresponding proof : and random number and the corresponding proof Broadcast to other user nodes U in the blockchain network, where As a random number seed, For user nodes The private key; S112: The user node receives a message from other user nodes in the network. Broadcast First, verify the correctness of the random numbers using a verification function: Find the user node corresponding to the largest number among the verified random numbers. It selects it as the leader node L and broadcasts the message to the blockchain network. If a node is in the network If a node is selected, it will be chosen as the leader node L for this round of data archiving.
3. The secure archiving method for blockchain data as described in claim 2, characterized in that: The data upload in step S12 specifically includes: S121: Leader node L sends a parameter collection request message to other nodes in the blockchain network. Collect data from each user node. , , , ,in and User node The random number generated in step S11 and the proof, User node Address parameters, User node The public key; S122: The leader randomly generates the encryption key. Ciphertext is obtained by encrypting block data using a symmetric encryption algorithm. ; S123: Leader node L sends a data archiving request to the trusted third party, and simultaneously sends encrypted data blocks. ; S124: A trusted third party, TTP, will encrypt the ciphertext. Stored in the cloud storage system CSS, data storage credentials obtained. And send it to the leader node L.
4. The secure archiving method for blockchain data as described in claim 3, characterized in that: The key sharing in step S13 specifically includes: S131: After receiving the parameter set from user node U, leader node L verifies the correctness of the random number using a verification function: The nodes that pass verification will be based on Size sorting ; S132: Leader node L, acting as the Deader, will send the data key. Do The formula for secret sharing is as follows: Among them, let ; Take any Number, Substitute polynomial calculation ,get A secret share ; S133: Distribute secret shares according to the sorted node order. First, the secret share is encrypted using the public key of the corresponding user node, and then the user node... secret share and data cloud storage retrieval Send to the corresponding user node .
5. The secure archiving method for blockchain data as described in claim 1, characterized in that: The specific steps of the archived data authorization reading method based on secret sharing in step S2 are as follows: S21: Data reading node R broadcasts a data reading request to the blockchain network. ; S22: After receiving a data read request from data read node R, user node U determines whether to authorize data read node R to retrieve archived data and sends a vote to data read node R. Where 0 indicates disagreement with authorization, and 1 indicates agreement with authorization; If user node U agrees to the authorization, it will release its own secret share at the same time as completing the vote. Read node R's public key using data. The encrypted data is sent to the data reading node R. S23: If data reading node R receives at least [a certain number of data points] from the network... The voting authorization of each user node U sends a data retrieval request to the trusted third party TTP. ; S24: After receiving the data retrieval request, the trusted third party TTP... Download encrypted data from the cloud storage system CSS. Then it is sent to the data reading node R; S25: Data reading node R passes through at least A secret share Reconstructing the data key The corresponding formula is as follows: ; S26: Data reading node R uses the reconstructed key... Decrypt archived block data .
6. The secure archiving method for blockchain data as described in claim 1, characterized in that: The specific steps of the archived data authorization deletion method based on secret sharing in step S3 are as follows: S31. Data deletion node D broadcasts a data deletion request to the blockchain network. ; S32. After receiving the data deletion request, user node U determines whether to authorize the data deletion request and sends a voting message to data deletion node D and trusted third party TTP. Where 0 indicates disagreement with authorization, and 1 indicates agreement with authorization; If user node U agrees to the authorization, it will release its own secret share at the same time as completing the vote. Delete node D's public key using data. The encrypted message is sent to the data deletion node D. S33, If data deletion node D receives at least [number] data from the network... The voting authorization of user node U is achieved through at least A secret share Reconstructing the data key The corresponding formula is as follows: ; And send a data deletion request to a trusted third party, TTP: ,in For blocks The hash value; S34. Upon receiving a data deletion request, the trusted third-party TTP downloads the archived encrypted data from the cloud storage system CSS. Decryption key Decrypt archived block data And according to Verification required: If the verification passes, delete the data in the cloud storage system's CSS. And re-encode: ; Save the new encoded block after re-encoding .
7. The secure archiving method for blockchain data as described in claim 1, characterized in that: The specific steps of the erasure coding-based cloud storage solution in step S4, fault data repair, are as follows: S41, Trusted Third-Party TTP Continuous Archiving After each block, Reed-Solomon is used to generate... A redundant block is used to prevent single points of failure in the cloud storage system's CSS: ; S42. If a block of data is found to be lost or corrupted during the data reading process, the trusted third-party TTP initiates a data repair process to collect data. Redundant code block decoding repair : ; S43, Repair Re-upload Go to the cloud storage system CSS and get the new Send to all user nodes U in the blockchain Update message .
8. A secure archiving system based on blockchain data, implementing the method as described in claim 1, characterized in that: This includes user node U, leader node L, data reading node R, data deletion node D, trusted third party TTP, and cloud storage system CSS; The user node U is a blockchain node without a special identity. Each user corresponds to one node. User node U completes off-chain data archiving through consensus voting and retrieves the archived data after obtaining authorization. The leader node L is selected from the user node U through a verifiable random function and is used to lead the system to complete the archiving of block data. The data reading node R and the data deletion node D are user nodes U used to read and delete archived data, respectively. The trusted third-party TTP interacts with the cloud storage system CSS to complete data archiving, reading, and deletion, and uses erasure coding to solve the problem of centralized database storage failure; The cloud storage system CSS is used to archive and store historical blockchain data.