Data authorization sharing method and system based on blockchain and multi-party secure calculation
By leveraging blockchain and multi-party secure computation in the Industrial Internet of Things (IIoT) to dynamically generate polynomial fragments and compress and transmit data, the vulnerability of data sharing processes in existing technologies to attacks is solved, achieving data sharing with high security and low communication load.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HUITOU HLDG (ANHUI) GRP CO LTD
- Filing Date
- 2026-04-21
- Publication Date
- 2026-06-05
AI Technical Summary
In industrial IoT and cross-organizational data collaboration scenarios, existing technologies cannot effectively defend against the risk that attackers can reverse-engineer the original information by intercepting multiple rounds of transmitted data for comparative analysis. In particular, fixed polynomial coefficients or static secret sharing fragments are easily cracked by replay attacks and known-plaintext attacks.
By extracting the difference in the changes of each component in multiple consecutive acquisitions, calculating the dynamic offset vector and perturbing the randomly generated coefficients bit by bit, combining blockchain and multi-party secure computation, a dynamic polynomial fragment is generated, and a transformation matrix is generated using frequency statistics and linear feedback shift for data compression and transmission.
It effectively resists replay attacks and known-plaintext attacks, reduces the amount of data transmitted, and improves the security and anti-analysis capabilities of the data authorization and sharing process, making it suitable for bandwidth-constrained industrial IoT environments.
Smart Images

Figure CN122160035A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data security technology, specifically to a data authorization and sharing method and system based on blockchain and multi-party secure computation. Background Technology
[0002] In scenarios such as the Industrial Internet of Things (IIoT) and cross-organizational data collaboration, multiple participants wish to jointly utilize their respective data (such as device sensor readings and transaction records) for statistical analysis or modeling. However, due to the involvement of trade secrets or user privacy, they cannot directly share the original data. Existing technologies employ secure multi-party computation schemes based on secret sharing. By breaking down data into fragments and distributing them to each collaborating party, operations such as addition and multiplication are performed within the fragment domains, achieving data usability without visibility.
[0003] In continuous multi-round data sharing, how can we ensure that the numerical fragments generated by the same original value in different transmission rounds change dynamically and are uncorrelated with each other, thereby effectively resisting the risk of attackers reconstructing the original information by intercepting and comparing the transmitted data from multiple rounds? Existing technologies typically use fixed polynomial coefficients or static secret shared fragments, resulting in the same input always producing the same output, making them vulnerable to replay attacks and known-plaintext attacks. This invention extracts the difference in changes of each component in multiple consecutive acquisitions, calculates a dynamic offset vector, and perturbs the randomly generated coefficients bit by bit. This ensures that even the same fixed-length integer generates completely different polynomial value fragments at different time points. Attackers cannot reconstruct the original data by comparing the fragment sets from multiple rounds of transmission, significantly improving the anti-analysis capability of the sharing process. Summary of the Invention
[0004] The purpose of this invention is to provide a data authorization and sharing method and system based on blockchain and multi-party secure computation to solve the problems mentioned above.
[0005] The objective of this invention can be achieved through the following technical solutions:
[0006] A data authorization and sharing method based on blockchain and multi-party secure computation includes the following steps:
[0007] S1: Collect the numerical sequence generated by local operation, extract the components with dominant absolute values from the numerical sequence, and form a set of numerical values to be shared;
[0008] S2: Calculate the fluctuation range of each component in the set of values to be shared in the historical records, allocate the bit width of the value storage independently for each component according to the size of the fluctuation range, and convert each component value into a fixed-length integer according to the allocated bit width as the data to be decomposed.
[0009] S3: Treat each fixed-length integer as a constant term of the polynomial, and calculate the dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. Then, use the dynamic offset vector to perturb the remaining randomly generated coefficients bit by bit. Finally, calculate the values of the polynomial at several preset points, with each value as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer.
[0010] S4: Count the frequency of occurrence of all numerical fragments, assign a substitution code of different length to each fragment according to the frequency, and generate a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions. Rearrange the positions of the current substitution code to obtain the compressed data unit; initiate authorization verification to the blockchain, and after obtaining on-chain permission, transmit the compressed data unit to each collaborating party respectively.
[0011] S5: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches the threshold, restores each fixed-length integer through polynomial interpolation, and then sums them to obtain the sum of each component, which is used to refresh the locally maintained parameters.
[0012] As a further aspect of the present invention: S1 specifically includes:
[0013] A component is randomly selected from the numerical sequence as a reference benchmark. The absolute value of each component is compared with the reference benchmark, and the component whose absolute value is greater than the benchmark is retained.
[0014] Calculate the median of the absolute values of the retained components. Using the median as a new reference benchmark, repeat the comparison and retention operation until the number of retained components falls within the preset target range. Then, use all the retained components at this point as the set of values to be shared.
[0015] As a further aspect of the present invention: S2 specifically includes:
[0016] Retrieve the most recent collection values of each component in the historical data set to be shared, and calculate the difference between its maximum and minimum values as the fluctuation range of the corresponding component.
[0017] The fluctuation range of each component is compared with multiple preset threshold intervals. The larger the interval into which the fluctuation range falls, the larger the bit width value is assigned to the corresponding component.
[0018] Based on the median value of each component in the historical records, calculate the offset between the current value and the median, and based on the proportion of the offset to the fluctuation range, linearly map the current value to the integer value range corresponding to the allocated bit width.
[0019] Output the integers after mapping all components as the data to be decomposed.
[0020] As a further aspect of the present invention: S3 specifically includes:
[0021] Extract the numerical difference between each component in the set of values to be shared from the two most recent consecutive acquisitions, and copy each difference cyclically according to the length of the randomly generated coefficient to obtain the basic offset vector;
[0022] After adding each offset value in the basic offset vector to the coefficient at its corresponding position, and then taking the remainder after dividing by a preset prime number, the initial perturbation coefficient is obtained.
[0023] The initial perturbation coefficients are rearranged according to their parity, with odd-numbered positions interchanged with even-numbered positions, to obtain the final perturbation coefficient sequence, which is used for subsequent polynomial value calculations.
[0024] As a further aspect of the present invention: the process of obtaining the coefficients is as follows:
[0025] For each component in the set of values to be shared, retrieve the values from the most recent collections, calculate the sum of the absolute values of the differences between two adjacent values, and use this as the cumulative change of the corresponding component.
[0026] Arrange the cumulative changes of all components in ascending order, assign an incrementing index to each component, and perform a modulo operation between the corresponding index and a preset prime number to obtain the initial coefficients;
[0027] The initial coefficients are rearranged according to the original order of each component, and each initial coefficient is XORed with the value of its corresponding component in the current acquisition to obtain randomly generated coefficients, which are used in the subsequent perturbation process.
[0028] As a further aspect of the present invention: S4 specifically includes:
[0029] Extract the correspondence between the substitution code and the numerical segment used in the previous transmission to form the first mapping sequence, and extract the correspondence between the substitution code allocated in this transmission and the same numerical segment to form the second mapping sequence;
[0030] The substitution codes at corresponding positions in the first mapping sequence and the second mapping sequence are subjected to a difference operation. The resulting difference sequence is then fed into a shift loop consisting of multiple storage units and feedback taps. Each time a difference is fed in, the shift loop outputs a transformation coefficient. All transformation coefficients are arranged in order to form a square matrix.
[0031] The current substitution code sequence is swapped row by row with the square matrix, so that each substitution code is moved to the column position specified by the transformation coefficient of the corresponding row in the square matrix, and the compressed data unit after position rearrangement is obtained.
[0032] As a further aspect of the present invention: all the transformation coefficients are arranged in order to form a square matrix, specifically including:
[0033] The total number of transformation coefficients is counted, the square root of the transformation coefficients is taken and rounded down to obtain the order of the square matrix, and the coefficients that are equal to the square of the order are taken from the transformation coefficient sequence as the coefficients to be filled.
[0034] Arrange the coefficients to be filled in ascending order of their numerical values, assign each coefficient a number starting from zero, and calculate the remainder of the number divided by the order as the target column number and the quotient of the number divided by the order as the target row number.
[0035] Each coefficient is filled into the position in the square matrix determined by the target row number and the target column number. If multiple coefficients are mapped to the same position, the coefficients at the corresponding positions are summed and the remainder is taken when divided by a preset prime number to obtain the final square matrix.
[0036] As a further aspect of the present invention: S5 specifically includes:
[0037] Each received numerical fragment is paired with its corresponding preset point coordinates to form a data pair, and the arithmetic mean of the numerical fragments in all data pairs is calculated.
[0038] Remove data pairs whose numerical segments deviate from the arithmetic mean by more than a preset deviation multiple, sort the remaining data pairs in ascending order of numerical segment size, and select data pairs from them in turn, with the number of pairs equal to the threshold.
[0039] Using the selected data pairs, the constant term of the polynomial is solved by successive elimination. The solved constant term is used as the recovered fixed-length integer for subsequent accumulation.
[0040] A data authorization and sharing system based on blockchain and multi-party secure computation includes:
[0041] Numerical acquisition and filtering module: Acquires numerical sequences generated locally, extracts several components with dominant absolute values from the numerical sequences, and forms a set of numerical data to be shared;
[0042] Dynamic bit width allocation module: Calculates the fluctuation range of each component in the set of values to be shared in the historical records, allocates a bit width for storing the value to each component independently according to the size of the fluctuation range, and converts each component value into an integer of fixed length according to the allocated bit width as the data to be decomposed;
[0043] The perturbation segment generation module treats each fixed-length integer as a constant term of a polynomial. At the same time, it calculates a dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. The dynamic offset vector is used to perturb the remaining randomly generated coefficients bit by bit. Then, the values of the polynomial at several preset points are calculated, and each value is taken as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer.
[0044] The compressed authorization transmission module counts the frequency of occurrence of all numerical fragments, assigns a substitution code of different length to each fragment according to the frequency, generates a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions, rearranges the positions of the current substitution code, and obtains the compressed data unit; it initiates authorization verification to the blockchain, and after obtaining on-chain permission, transmits the compressed data unit to each collaborating party respectively.
[0045] Recovery and Cumulative Update Module: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches a threshold, it restores each fixed-length integer through polynomial interpolation, and then accumulates them to obtain the sum of each component, which is used to refresh the locally maintained parameters.
[0046] The beneficial effects of this invention are:
[0047] (1) By adaptively allocating storage bit width according to the historical fluctuation range of each component, and combining frequency statistics and substitution code compression, the communication load in the data sharing process is effectively reduced. Each component only needs to transmit the non-zero value after sparsification screening, and the substitution code length matches its occurrence frequency. At the same time, the transformation matrix generated by linear feedback shift is used to rearrange the position of the substitution code, further eliminating redundant patterns in the data and reducing the amount of data transmitted. It is suitable for bandwidth-constrained environments in the Industrial Internet of Things.
[0048] (2) By embedding fixed-length integers into the polynomial constant term and using the variation difference generated during continuous acquisition to generate a dynamic offset vector to perturb the polynomial coefficients bit by bit, the numerical segments transmitted each time change dynamically with the changes in historical data. Even the segments generated from the same original data at different times are not the same. At the same time, the generation of the transformation matrix depends on the substitution code mapping relationship between two adjacent transmissions. Attackers cannot deduce the original integers by intercepting data segments of a single transmission batch, effectively resisting replay attacks and known-plaintext attacks, and improving the security of the data authorization and sharing process. Attached Figure Description
[0049] The invention will now be further described with reference to the accompanying drawings.
[0050] Figure 1 This is a flowchart of the method of the present invention;
[0051] Figure 2 This is a flowchart of the system in this invention. Detailed Implementation
[0052] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0053] Please see Figure 1 As shown, this invention is a data authorization and sharing method based on blockchain and multi-party secure computation, comprising the following steps:
[0054] S1: Collect the numerical sequence generated by local operation, extract the components with dominant absolute values from the numerical sequence, and form a set of numerical values to be shared;
[0055] S2: Calculate the fluctuation range of each component in the set of values to be shared in the historical records, allocate the bit width of the value storage independently for each component according to the size of the fluctuation range, and convert each component value into a fixed-length integer according to the allocated bit width as the data to be decomposed.
[0056] S3: Treat each fixed-length integer as a constant term of the polynomial, and calculate the dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. Then, use the dynamic offset vector to perturb the remaining randomly generated coefficients bit by bit. Finally, calculate the values of the polynomial at several preset points, with each value as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer.
[0057] S4: Count the frequency of occurrence of all numerical fragments, assign a substitution code of different length to each fragment according to the frequency, and generate a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions. Rearrange the positions of the current substitution code to obtain the compressed data unit; initiate authorization verification to the blockchain, and after obtaining on-chain permission, transmit the compressed data unit to each collaborating party respectively.
[0058] S5: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches the threshold, restores each fixed-length integer through polynomial interpolation, and then sums them to obtain the sum of each component, which is used to refresh the locally maintained parameters.
[0059] In S1, a numerical sequence generated locally is collected, and several components with dominant absolute values are extracted from the numerical sequence to form a set of numerical values to be shared, specifically including:
[0060] The numerical sequences generated locally originate from multiple sensors installed on industrial equipment, such as temperature, vibration, and pressure sensors. Each sensor acquires a current value at a fixed sampling period, for example, every 100 milliseconds, and records the acquisition time and value in pairs, forming a raw numerical sequence arranged over time. Assuming a single acquisition yields 1000 values, corresponding to readings from different sensors at different times, each value is marked with a positive or negative sign.
[0061] To select the components that contribute significantly to subsequent calculations from this numerical sequence, the following steps are performed: First, randomly select a value from the 1000 values as a reference. Random selection can be done by obtaining the current system time in milliseconds, dividing that number by 1000, taking the remainder, and using the value corresponding to that number as the reference. Then, compare the absolute value of each value in the numerical sequence with the absolute value of the reference. Keep all values whose absolute value is greater than the reference's absolute value, and discard the rest. After the first comparison, assume 600 values are retained.
[0062] Next, calculate the median of the absolute values of the 600 retained values. The median is calculated as follows: arrange the 600 absolute values in ascending order, take the 300th and 301st values, and calculate their arithmetic mean. This mean is the median. Using the calculated median as a new reference, perform the comparison operation again on the previously retained 600 values: keep the values whose absolute value is greater than the new reference, and discard the rest. Assume that 400 values are retained after the second comparison.
[0063] Repeat the process described above: "Calculate the median of the absolute values of the retained values, use this median as the new benchmark, and then compare the retained values whose absolute values are greater than the benchmark." With each repetition, the number of retained values will gradually decrease. A target range is pre-defined, for example, a lower limit of 80 and an upper limit of 120. When the number of retained values falls between 80 and 120 (inclusive) after a certain repetition, the repetition stops. For example, if after the fourth repetition the number of retained values is 95, then the process should not continue.
[0064] The 95 values retained at the end are used as the set of values to be shared. Each value in this set retains its original sign and magnitude, and they are the components with relatively large absolute values in the original sequence, representing the most significant or strongest characteristic data within the current acquisition period, used for subsequent bit width allocation and secret sharing processes. If the number of retained values in the repetition process never falls into the target interval, the result closest to the interval is taken as the set of values to be shared. The entire selection process does not rely on any external model, but is completed solely through numerical comparison and median iteration.
[0065] In S2, the fluctuation range of each component in the set of values to be shared is calculated in the historical records. Based on the magnitude of the fluctuation range, a bit width for storing the value is independently allocated to each component. Each component value is then converted into a fixed-length integer according to the allocated bit width, serving as the data to be decomposed. Specifically, this includes:
[0066] The set of values to be shared contains 95 components selected from the original numerical sequence, each corresponding to a sensor reading at a specific moment. To determine the required storage bit width for each component, the most recent several data acquisitions for each component are retrieved from the historical data. The historical data is stored locally in a circular queue, with each component retaining its most recent 10 data acquisitions. For example, for the first component in the set, its past 10 data acquisitions are retrieved, the maximum and minimum values are found, and the difference between the maximum and minimum values represents the fluctuation range of that component. This process is repeated for each of the 95 components in the set, resulting in 95 fluctuation range values.
[0067] Next, a storage bit width is assigned to each component. Four threshold intervals are pre-defined: the first interval has a fluctuation range less than 10; the second interval has a fluctuation range greater than or equal to 10 and less than 100; the third interval has a fluctuation range greater than or equal to 100 and less than 1000; and the fourth interval has a fluctuation range greater than or equal to 1000. Each interval corresponds to a bit width value: the first interval corresponds to a bit width of 8, the second interval to a bit width of 16, the third interval to a bit width of 24, and the fourth interval to a bit width of 32. The fluctuation range of each component is compared with the above threshold intervals. The bit width value is assigned to the interval in which the fluctuation range falls. For example, if the fluctuation range of a component is 50, it falls into the second interval, so a bit width of 16 is assigned; if the fluctuation range of another component is 1200, it falls into the fourth interval, so a bit width of 32 is assigned. The larger the fluctuation range, the larger the bit width is assigned to ensure that data with large fluctuations can be accurately represented.
[0068] Then, the current value of each component is converted into a fixed-length integer corresponding to the allocated bit width. The conversion process is as follows: First, the median of the last 10 values of this component in the historical record is calculated. The median is calculated by arranging the 10 values in ascending order, taking the 5th and 6th values, and calculating the arithmetic mean of these two values. Then, the offset between the current value and the median is calculated by subtracting the median from the current value to obtain the offset value (which can be positive or negative). Next, the integer value range corresponding to the allocated bit width of this component is determined: when the bit width is 8, the integer value range is from -128 to +127; when the bit width is 16, the value range is from -32768 to +32767; when the bit width is 24, the value range is from -8388608 to +8388607; when the bit width is 32, the value range is from -2147483648 to +2147483647. The proportion of the offset to the fluctuation range is calculated by dividing the absolute value of the offset by the fluctuation range, resulting in a decimal between 0 and 1. This decimal is then multiplied by half the total length of the integer value range (for signed integers, the total range length is a power of 2 corresponding to the bit width; for example, with a bit width of 16, the total length is 65536, and half of that is 32768), yielding the mapped offset value. Finally, depending on the sign of the offset, the mapped offset value is added to 0 (positive offset) or subtracted from 0 (negative offset) to obtain the final mapped integer. If the fluctuation range is zero, the current value is directly mapped to 0. This transformation is performed on each of the 95 components in the shared value set, resulting in 95 fixed-length integers. These integers are then arranged in their original order and output as the data to be decomposed.
[0069] In S3, each fixed-length integer is treated as a constant term of a polynomial. Simultaneously, based on the differences in the changes of each component across multiple consecutive acquisitions, a dynamic offset vector is calculated. This dynamic offset vector is then used to perturb the remaining randomly generated coefficients bit by bit. Finally, the values of the polynomial at several preset points are calculated, with each value representing a numerical segment. This ensures that any number of numerical segments less than a threshold cannot be used to deduce the original integer. Specifically, this includes:
[0070] First, each fixed-length integer in the data to be decomposed is treated as a constant term in a polynomial. The degree of the polynomial is determined by a preset threshold, which represents the minimum number of numerical fragments required to recover the constant term. For example, if the threshold is set to 5, the degree of the polynomial is 4. The remaining coefficients of the polynomial need to be randomly generated, and each coefficient corresponds to a polynomial term. To generate these random coefficients, the following steps are performed: For each component in the set of values to be shared, retrieve its five most recent collected values, calculate the absolute value of the difference between two adjacent collected values, and add these four absolute values to obtain the cumulative change of that component. For example, if the five most recent collected values of a component are 100, 105, 98, 110, and 102, then the absolute values of the adjacent differences are 5, 7, 12, and 8, and the cumulative change is 32. Calculate the cumulative change for each of the 95 components in the set of values to be shared, resulting in 95 values. Arrange these 95 cumulative changes in ascending order, assigning each component an increasing index, with the smallest cumulative change indexed as 1, the second smallest as 2, and so on, up to the largest as 95. Pre-determine a prime number, for example, 97. Perform a modulo operation between the index of each component and 97, i.e., divide the index by 97 and take the remainder. If the remainder is 0, it is considered 97, yielding the initial coefficient. Thus, each component obtains an initial coefficient between 1 and 97. Then, rearrange these initial coefficients according to the order of each component in the original set of values to be shared. For each component, perform an XOR operation between its currently collected value (i.e., the current value of the component) and the initial coefficient: convert both to binary representation, compare bit by bit, taking 0 for identical bits and 1 for different bits, and use the result as a randomly generated coefficient. For example, if the current value is 102 and the initial coefficient is 15, the XOR operation yields 105. At this point, each component has a corresponding randomly generated coefficient, used for subsequent polynomial construction.
[0071] Next, based on the differences in the changes of each component over multiple consecutive acquisitions, a dynamic offset vector is calculated. The numerical differences between the two most recent consecutive acquisitions of each component in the set of values to be shared are extracted; that is, the difference is obtained by subtracting the previously acquired value from the current acquisition value, and the difference can be positive or negative. For 95 components, 95 differences are obtained. The randomly generated coefficients for each component have a certain length, which is determined by the degree of the polynomial. For example, when the degree is 4, 4 coefficients are needed, and the length of the coefficients refers to the total number of these 4 coefficients, i.e., 4. The difference of each component is cyclically copied according to this coefficient length: for example, if the difference of a component is 3 and the coefficient length is 4, then it is copied to obtain four 3s, i.e., the basic offset vector is [3,3,3,3]; if the difference is -2, then it is copied to obtain [-2,-2,-2,-2]. This process is performed on all components, resulting in 95 basic offset vectors, each containing the same number of offset values as the degree of the polynomial.
[0072] Then, for each component's base offset vector, each offset value is added to the corresponding randomly generated coefficient. There are four randomly generated coefficients (corresponding to four iterations), denoted as the first coefficient, second coefficient, third coefficient, and fourth coefficient. The first offset value in the offset vector is added to the first coefficient, the second offset value is added to the second coefficient, and so on. After the addition, four sums are obtained. Then, the modulus of each sum is taken, using a preset prime number, for example, 97. That is, each sum is divided by 97, and the remainder is taken. If the remainder is 0, it is considered 97, thus obtaining the preliminary perturbation coefficients. This yields four preliminary perturbation coefficients. Finally, the preliminary perturbation coefficients are rearranged according to their parity: the parity of each preliminary perturbation coefficient is checked; if it is odd, it is considered an odd position, and if it is even, it is considered an even position. The coefficients in odd-numbered positions are interchanged with those in even-numbered positions; that is, the odd coefficient originally in position 1 is swapped with the even coefficient in position 2, and the odd coefficient in position 3 is swapped with the even coefficient in position 4. If a position does not have a corresponding coefficient, it remains in its original position. After the interchange, the final perturbed coefficient sequence is obtained, which contains 4 coefficients and is used to construct the polynomial.
[0073] Each fixed-length integer is treated as a constant term, which, together with the final perturbed coefficient sequence, forms a polynomial: the constant term is the fixed-length integer, the coefficient of the first-order term is the first coefficient in the sequence, the coefficient of the second-order term is the second coefficient, the coefficient of the third-order term is the third coefficient, and the coefficient of the fourth-order term is the fourth coefficient. Several points are preset, for example, integer points 1, 2, 3, 4, 5, and 6, and the values of the polynomial at these points are calculated. Each value is a numerical segment. Since the degree of the polynomial is 4, fewer than 5 numerical segments cannot uniquely determine all the coefficients of the polynomial, and therefore, the constant term, i.e., the original fixed-length integer, cannot be deduced. Each component, after the above processing, generates the same number of numerical segments as the preset number of points; these segments are used for subsequent compression and transmission.
[0074] In S4, the frequency of occurrence of all numerical fragments is counted, and each fragment is assigned a substitution code of different length according to its frequency. The mapping relationship between substitution codes in two adjacent transmissions is used to generate a transformation matrix through linear feedback shift. The positions of the current substitution code are rearranged to obtain the compressed data unit. Authorization verification is initiated to the blockchain. After obtaining on-chain permission, the compressed data unit is transmitted to each collaborating party, specifically including:
[0075] First, frequency statistics are performed on all numerical segments generated in step S3. The total number of numerical segments equals the number of components in the set of numerical values to be shared multiplied by the number of preset points. For example, if the set of numerical values to be shared contains 95 components, each taking values at 6 preset points, a total of 570 numerical segments are generated. The frequency of each different value is counted. Numerical segments that appear more frequently are assigned shorter substitution codes, while those that appear less frequently are assigned longer substitution codes. The specific allocation method is as follows: all numerical segments are sorted from highest to lowest frequency. The segment with the highest frequency is assigned a 2-bit substitution code, the second highest is assigned a 3-bit code, and so on. Each substitution code is a unique binary sequence that satisfies the prefix encoding rule (i.e., no substitution code is a prefix of any other substitution code) to ensure unambiguity during subsequent decoding. After allocation, the correspondence between the substitution codes and numerical segments transmitted is obtained, which is called the second mapping sequence.
[0076] Simultaneously, the correspondence between the substitution codes and numerical fragments recorded during the previous transmission is retrieved from local storage; this is called the first mapping sequence. If there is no previous transmission (i.e., the first transmission), the first mapping sequence is initialized to empty, and all substitution codes from this transmission are directly used as the base sequence for compressed data units, skipping the subsequent transformation matrix generation step. If it is not the first transmission, the following operations are performed:
[0077] Extract the substitution codes at corresponding positions in the first and second mapping sequences, and perform a difference operation. Since the two sequences may have different lengths, the shorter sequence is used, and the redundant parts of the longer sequence are ignored. For each corresponding position, treat the substitution code in the first mapping sequence as a binary value, and the substitution code in the second mapping sequence as a binary value. Subtract the first value from the second value to obtain the difference. If the difference is negative, add a preset large number (e.g., 2 to the power of 16) to make it positive. Arrange all differences in positional order to obtain the difference sequence.
[0078] The difference sequence is sequentially fed into a shift loop consisting of multiple storage units and feedback taps. The shift loop contains 8 storage units, each initially set to 0. The feedback taps are fixed at storage units 1, 4, and 8. Each time a difference is fed in, the shift loop performs the following operations: shifts all storage unit values one position to the right, discarding the value from the rightmost storage unit; places the newly fed difference into the leftmost storage unit; and then calculates the feedback value using the following formula:
[0079] ;
[0080] in, , , These represent the values currently stored in memory cells 1, 4, and 8, respectively. , , The preset weighting coefficients are 3, 5, and 7, respectively. The preset prime number is 97. The calculated feedback value... The transformation coefficients are output as the values corresponding to the currently input difference. Each input difference is followed by an output transformation coefficient. Once all differences in the difference sequence have been input, a set of transformation coefficients is obtained, with the number of coefficients being the same as the length of the difference sequence.
[0081] Next, arrange all these transformation coefficients into a square matrix in order. The specific method is as follows: count the total number of transformation coefficients, denoted as . .calculate The square root of the matrix, rounded down, gives the order of the matrix. ,Right now Take the first... from the transform coefficient sequence Select one coefficient as the coefficient to be filled, and discard the rest. The coefficients to be filled are arranged in ascending order of their numerical values. Each coefficient is assigned a serial number starting from 0, meaning the smallest coefficient is numbered 0, the second smallest is numbered 1, and so on, with the largest coefficient numbered 0. For the serial number is The coefficient is calculated to the target row number. Divide by The quotient (integer division), the target column number is Divide by The remainder. Fill each coefficient into the position in the square matrix determined by the target row number and target column number. For example, index 0 corresponds to row number 0 and column number 0; index 1 corresponds to row number 0 and column number 1; index... The corresponding row number is 1, column number is 0, and so on. If multiple coefficients are mapped to the same location (i.e., have the same row and column numbers), these coefficients are summed and the result is applied to a preset prime number. Take the remainder to get the final value at that position. The remainder calculation is as follows:
[0082] ;
[0083] in, The number of coefficients mapped to the same location. For the first One coefficient, After the above filling, we get a A square matrix is called a transformation matrix.
[0084] Then, The current substitution code sequence refers to the sequence formed by arranging all substitution codes in the second mapping sequence in the original order of their numerical segments. This sequence can be viewed as a row vector of length [length missing]. ( (equal to the total number of numerical segments). Apply the transformation matrix to the row vector: for the th row vector... One substitution code ( Starting from 0), take its row number as... Divide by The quotient (integer division), column number is Divide by The remainder is used to extract the value at that row and column position from the transformation matrix, denoted as . Then the first The substitution code is moved to a new position, the row number of the new position remains the same as the original row number, but the column number changes. (Needs to be correct) Modulo operation is used to ensure that the column number is between 0 and 1. (Within the range). After processing line by line, a sequence of replacement codes with rearranged positions is obtained. These replacement codes are then re-associated with their corresponding numerical segments in the new order to form compressed data units. The compressed data units contain each numerical segment and its rearranged replacement code.
[0085] Finally, an authorization verification is initiated to the blockchain. Specifically, the data unit digest of this transmission (e.g., the hash values of all substitution codes), along with information such as the user's identity, computation type, and preset thresholds, is assembled into an authorization request and sent to the smart contract on the blockchain. The smart contract verifies the authorization according to pre-deployed authorization rules (e.g., usage not exceeding 10 times, computation type being gradient aggregation, and participants being on a whitelist). Upon successful verification, the blockchain returns a permission credential. After obtaining on-chain permission, the compressed data unit is transmitted to each collaborating party. Each collaborating party, upon receiving the data unit, can recover the original numerical fragment based on the inverse transformation matrix (i.e., the inverse permutation of the transformation matrix) and substitution code restoration rules.
[0086] Please see Figure 2 As shown, a data authorization and sharing system based on blockchain and multi-party secure computation includes:
[0087] Numerical acquisition and filtering module: Acquires numerical sequences generated locally, extracts several components with dominant absolute values from the numerical sequences, and forms a set of numerical data to be shared;
[0088] Dynamic bit width allocation module: Calculates the fluctuation range of each component in the set of values to be shared in the historical records, allocates a bit width for storing the value to each component independently according to the size of the fluctuation range, and converts each component value into an integer of fixed length according to the allocated bit width as the data to be decomposed;
[0089] The perturbation segment generation module treats each fixed-length integer as a constant term of a polynomial. At the same time, it calculates a dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. The dynamic offset vector is used to perturb the remaining randomly generated coefficients bit by bit. Then, the values of the polynomial at several preset points are calculated, and each value is taken as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer.
[0090] The compressed authorization transmission module counts the frequency of occurrence of all numerical fragments, assigns a substitution code of different length to each fragment according to the frequency, generates a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions, rearranges the positions of the current substitution code, and obtains the compressed data unit; it initiates authorization verification to the blockchain, and after obtaining on-chain permission, transmits the compressed data unit to each collaborating party respectively.
[0091] Recovery and Cumulative Update Module: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches a threshold, it restores each fixed-length integer through polynomial interpolation, and then accumulates them to obtain the sum of each component, which is used to refresh the locally maintained parameters.
[0092] The working principle of this invention is as follows: First, a numerical sequence generated locally is collected. Through iterative comparison and median filtering, components with dominant absolute values are extracted to form a set of numerical values to be shared. Then, the fluctuation range of each component in historical records is statistically analyzed. Different storage bit widths are allocated to each component based on the magnitude of the fluctuation range, and each component value is converted into a fixed-length integer according to the allocated bit width as data to be decomposed. Next, each fixed-length integer is treated as a constant term of a polynomial. A dynamic offset vector is calculated based on the difference in changes of each component in multiple consecutive acquisitions. The remaining randomly generated coefficients are perturbed bit by bit, and the values of the polynomial at multiple preset points are calculated as numerical segments, ensuring that any number less than a threshold is used to decompose the data. The original integer cannot be deduced from the fragments; then, the frequency of occurrence of all numerical fragments is counted, and substitution codes of different lengths are assigned according to the frequency. A transformation matrix is generated by using the linear feedback shift of the mapping relationship between substitution codes in two adjacent transmissions. The positions of the current substitution codes are rearranged to form compressed data units, which are then transmitted to each collaborating party after being authorized and verified by the blockchain. Finally, the compressed data units from the collaborating parties are received, and the numerical fragments are recovered according to the substitution code restoration rules and the inverse transformation matrix. When the number of collected fragments reaches a threshold, each fixed-length integer is recovered through polynomial interpolation. The sum of each component is accumulated and used to refresh the parameters maintained locally, thereby achieving secure sharing of data that is available but not visible.
[0093] The foregoing has provided a detailed description of one embodiment of the present invention, but this description is merely a preferred embodiment and should not be construed as limiting the scope of the invention. All equivalent variations and modifications made within the scope of the claims of this invention should still fall within the patent coverage of this invention.
Claims
1. A data authorization and sharing method based on blockchain and multi-party secure computation, characterized in that, Includes the following steps: S1: Collect the numerical sequence generated by local operation, extract the components with dominant absolute values from the numerical sequence, and form a set of numerical values to be shared; S2: Calculate the fluctuation range of each component in the set of values to be shared in the historical records, allocate the bit width of the value storage independently for each component according to the size of the fluctuation range, and convert each component value into a fixed-length integer according to the allocated bit width as the data to be decomposed. S3: Treat each fixed-length integer as a constant term of the polynomial, and calculate the dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. Then, use the dynamic offset vector to perturb the remaining randomly generated coefficients bit by bit. Finally, calculate the values of the polynomial at several preset points, with each value as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer. S4: Count the frequency of occurrence of all numerical fragments, assign a substitution code of different length to each fragment according to the frequency, and generate a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions. Rearrange the positions of the current substitution code to obtain the compressed data unit; initiate authorization verification to the blockchain, and after obtaining on-chain permission, transmit the compressed data unit to each collaborating party respectively. S5: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches the threshold, restores each fixed-length integer through polynomial interpolation, and then sums them to obtain the sum of each component, which is used to refresh the locally maintained parameters.
2. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 1, characterized in that, S1 specifically includes: A component is randomly selected from the numerical sequence as a reference benchmark. The absolute value of each component is compared with the reference benchmark, and the component with the absolute value greater than the benchmark is retained. Calculate the median of the absolute values of the retained components. Using the median as a new reference benchmark, repeat the comparison and retention operation until the number of retained components falls within the preset target range. Then, use all the retained components at this point as the set of values to be shared.
3. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 1, characterized in that, S2 specifically includes: Retrieve the most recent collection values of each component in the historical record from the set of values to be shared, and calculate the difference between its maximum and minimum values as the fluctuation range of the corresponding component. The fluctuation range of each component is compared with multiple preset threshold intervals. The larger the interval into which the fluctuation range falls, the larger the bit width value is assigned to the corresponding component. Based on the median value of each component in the historical records, calculate the offset between the current value and the median, and based on the proportion of the offset to the fluctuation range, linearly map the current value to the integer value range corresponding to the allocated bit width. Output the integers after mapping all components as the data to be decomposed.
4. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 1, characterized in that, S3 specifically includes: Extract the numerical difference of each component in the set of values to be shared from the two most recent consecutive acquisitions, and copy each difference cyclically according to the length of the randomly generated coefficient to obtain the basic offset vector; After adding each offset value in the basic offset vector to its corresponding coefficient, and then taking the remainder after dividing by a preset prime number, the initial perturbation coefficient is obtained. The initial perturbation coefficients are rearranged according to their parity, with odd-numbered positions interchanged with even-numbered positions, to obtain the final perturbation coefficient sequence, which is used for subsequent polynomial value calculations.
5. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 4, characterized in that, The process of obtaining the coefficients is as follows: For each component in the set of values to be shared, retrieve the values from the most recent collections, calculate the sum of the absolute values of the differences between two adjacent values, and use this as the cumulative change of the corresponding component. Arrange the cumulative changes of all components in ascending order, assign an incrementing index to each component, and perform a modulo operation between the corresponding index and a preset prime number to obtain the initial coefficients; The initial coefficients are rearranged according to the original order of each component, and each initial coefficient is XORed with the value of its corresponding component in the current acquisition to obtain randomly generated coefficients, which are used in the subsequent perturbation process.
6. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 1, characterized in that, S4 specifically includes: Extract the correspondence between the substitution code and the numerical segment used in the previous transmission to form the first mapping sequence, and extract the correspondence between the substitution code allocated in this transmission and the same numerical segment to form the second mapping sequence; The substitution codes at corresponding positions in the first mapping sequence and the second mapping sequence are subjected to a difference operation. The resulting difference sequence is then fed into a shift loop consisting of multiple storage units and feedback taps. Each time a difference is fed in, the shift loop outputs a transformation coefficient. All transformation coefficients are arranged in order to form a square matrix. The current substitution code sequence is swapped row by row with the square matrix, so that each substitution code is moved to the column position specified by the transformation coefficient of the corresponding row in the square matrix, and the compressed data unit after position rearrangement is obtained.
7. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 6, characterized in that, All the transformation coefficients are arranged in order to form a square matrix, specifically including: The total number of transformation coefficients is counted, the square root of the transformation coefficients is taken and rounded down to obtain the order of the square matrix, and the coefficients that are equal to the square of the order are taken from the transformation coefficient sequence as the coefficients to be filled. Arrange the coefficients to be filled in ascending order of their numerical values, assign each coefficient a number starting from zero, and calculate the remainder of the number divided by the order as the target column number and the quotient of the number divided by the order as the target row number. Each coefficient is filled into the position in the square matrix determined by the target row number and the target column number. If multiple coefficients are mapped to the same position, the coefficients at the corresponding positions are summed and the remainder is taken when divided by a preset prime number to obtain the final square matrix.
8. The data authorization and sharing method based on blockchain and multi-party secure computation according to claim 1, characterized in that, S5 specifically includes: Each received numerical fragment is paired with its corresponding preset point coordinates to form a data pair, and the arithmetic mean of the numerical fragments in all data pairs is calculated. Remove data pairs whose numerical segments deviate from the arithmetic mean by more than a preset deviation multiple, sort the remaining data pairs in ascending order of numerical segment size, and select data pairs from them in turn, with the number of pairs equal to the threshold. Using the selected data pairs, the constant term of the polynomial is solved by successive elimination. The solved constant term is used as the recovered fixed-length integer for subsequent accumulation.
9. A data authorization and sharing system based on blockchain and multi-party secure computation, characterized in that, The method for implementing the data authorization and sharing method based on blockchain and multi-party secure computation as described in any one of claims 1-8 includes: Numerical acquisition and filtering module: Acquires numerical sequences generated locally, extracts several components with dominant absolute values from the numerical sequences, and forms a set of numerical data to be shared; Dynamic bit width allocation module: Calculates the fluctuation range of each component in the set of values to be shared in the historical records, allocates a bit width for storing the value to each component independently according to the size of the fluctuation range, and converts each component value into an integer of fixed length according to the allocated bit width as the data to be decomposed; The perturbation segment generation module treats each fixed-length integer as a constant term of a polynomial. At the same time, it calculates a dynamic offset vector based on the difference in the changes of each component in multiple consecutive acquisitions. The dynamic offset vector is used to perturb the remaining randomly generated coefficients bit by bit. Then, the values of the polynomial at several preset points are calculated, and each value is taken as a numerical segment, so that any numerical segment less than the threshold number cannot be used to deduce the original integer. The compressed authorization transmission module counts the frequency of occurrence of all numerical fragments, assigns a substitution code of different length to each fragment according to the frequency, generates a transformation matrix by linear feedback shifting the mapping relationship of substitution codes in two adjacent transmissions, rearranges the positions of the current substitution code, and obtains the compressed data unit; it initiates authorization verification to the blockchain, and after obtaining on-chain permission, transmits the compressed data unit to each collaborating party respectively. Recovery and Cumulative Update Module: Receives compressed data units from each collaborator, restores numerical fragments according to substitution code restoration rules and inverse transformation matrix. When the number of collected fragments reaches a threshold, it restores each fixed-length integer through polynomial interpolation, and then accumulates them to obtain the sum of each component, which is used to refresh the locally maintained parameters.