A blockchain-based network information security processing method and system
By adopting HotStuff consensus, KZG commitment, and BLS aggregate signature technology in network information security processing, the problem of lack of distributed consistent confirmation and on-chain record correspondence in network information security processing is solved, realizing credible confirmation and field-level verification of security processing results, and improving processing efficiency and audit accuracy.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- YANGZHOU SHUANGHUI TECHNOLOGY CO LTD
- Filing Date
- 2026-04-22
- Publication Date
- 2026-06-05
Smart Images

Figure CN122160036A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network information security technology, and in particular to a network information security processing method and system based on blockchain. Background Technology
[0002] With the rapid development of government platforms, industrial internet, cloud-edge collaborative systems, and multi-entity data sharing networks, network information security processing has gradually shifted from traditional single-point protection to a collaborative protection model involving cross-nodes, cross-regions, and cross-systems. Current technologies typically utilize security gateways, log servers, intrusion detection devices, access control platforms, and auditing systems to collect, analyze, store, and output access requests, risk assessment results, access control results, and anomaly handling results within the network environment, thereby enabling the monitoring, handling, and tracing of network information security incidents.
[0003] However, existing technologies still have significant shortcomings: the risk assessment results, access control results, and anomaly handling results in traditional network information security processing are usually generated and stored directly by centralized nodes. Even when blockchain evidence storage is used, it often remains at the "results written to the chain" level, lacking a distributed and consistent confirmation mechanism for the security processing results themselves. This makes it difficult for different nodes to form a unified and credible basis for handling the same network information security event. Secondly, in existing solutions, there is often a lack of close correspondence between the on-chain recorded content and the original off-chain processed content. Especially when multi-field security processing information is involved, conventional summary evidence storage cannot simultaneously take into account field-level verification capabilities and sensitive data protection capabilities, which can easily lead to the problem that records are traceable but difficult to verify accurately.
[0004] Therefore, how to provide a blockchain-based network information security processing method and system is a problem that urgently needs to be solved by those skilled in the art. Summary of the Invention
[0005] One objective of this invention is to propose a network information security processing method and system based on blockchain. This invention constructs the network information security processing results into a security state object that can participate in the HotStuff consensus, and combines KZG commitments and BLS aggregate signatures for proposal encapsulation and legal certificate generation. This improves the credible confirmation capability, anti-tampering capability, audit traceability capability, and multi-node collaborative processing efficiency of risk assessment, access control, and anomaly handling results.
[0006] A network information security processing method based on blockchain according to an embodiment of the present invention includes the following steps: Collect and parse security event source data in the network environment to generate security processing summary information corresponding to a single network information security processing process; The security processing summary information is encoded into a security status vector according to a preset field order; Generate KZG commitments for the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. Encapsulate the commitment value and the opening proof together as a HotStuff candidate proposal. The consensus master node sends HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates a signature vote based on the security processing digest information. The consensus master node receives signature votes returned by different verification nodes, and performs BLS aggregate signature processing on the signature votes that meet the statutory number requirements to generate an aggregated statutory certificate; Based on the aggregation of legal certificates, the HotStuff candidate proposal is submitted and confirmed, and the security processing summary information is written into the blockchain ledger to form an on-chain security processing record. Upon receiving an audit request for a target network information security incident, the system reads the on-chain security processing records from the blockchain ledger, verifies the target fields, and outputs the security processing results corresponding to the target network information security incident.
[0007] Optionally, the generation of the security processing summary information specifically includes: Collect security event source data in the network environment, perform data standardization on the security event source data, and obtain standardized security event source data; Perform event correlation processing on standardized security event source data, sort, match, and merge according to the correlation identification information to obtain the event data set corresponding to a single network information security processing process; The event data set is digested, digest information components are generated based on the processing field information, and the digest information components are associated and encapsulated to generate security processing digest information.
[0008] Optionally, obtaining the security state vector specifically includes: Read the security processing summary information, identify the content of each field in the security processing summary information one by one, extract the content of each field according to the order of appearance of the fields, and write the extracted content of each field into the encoding buffer area; In the buffer to be encoded, the contents of each field are rearranged according to the preset field order, the corresponding field number is written to each rearranged field content, and then converted into a unified encoding format to obtain an ordered field sequence. Write the contents of each field in the ordered field sequence into the vector interval according to the position corresponding to the field number, write boundary markers between adjacent field contents, and perform padding or truncation according to the standard length of the field contents to obtain the vector encoding sequence. The concatenation vector encodes all field contents and checks whether the field positions, field boundaries, and field lengths after concatenation are consistent with the preset field order. If the check results meet the consistency requirements, a security state vector is output.
[0009] Optionally, obtaining the HotStuff candidate proposals specifically includes: Read the security state vector, scan segment by segment from the starting position according to the field boundaries, extract the content of each complete field, and write the extracted field content into the commitment input area in segments according to the formation order of the network information security processing, to obtain the commitment input body; Starting from the beginning of the commitment input body, retrieve the content of each field segment in sequence, write a position description and a stage description for each field segment in sequence, and arrange the field content with the written position description and stage description in the order of retrieval to obtain the commitment calculation body; KZG commitment calculation is performed on the commitment input body. Starting from the beginning of the commitment input body, each commitment calculation unit is read sequentially. The field content, position description information, and stage description information in each commitment calculation unit are combined into the corresponding commitment item in the same writing order. The remaining commitment items are written in the same way until all commitment items are written in position, resulting in a position expansion sequence. Commitment mapping is performed on each commitment item in the position expansion sequence according to the calculation position order, mapping the commitment item at each calculation position to the commitment calculation result at the corresponding position. All commitment calculation results are combined into a commitment calculation base sequence according to the calculation position order. Commitment value generation is performed on the commitment calculation base sequence based on KZG commitment parameters to obtain the commitment value corresponding to the commitment input body, and the commitment value is written into the commitment result area. Locate the write segment corresponding to the target field in the commitment computation body, extract the content of the write segment corresponding to the target field, and perform KZG opening proof calculation on the extracted write segment content according to the continuous calculation position corresponding to the target field to obtain the directional opening proof; Read the commitment value from the commitment result area, write the commitment value into the proposal encapsulation area, write the directional opening proof into the storage location after the commitment value, and write the proposal organization information simultaneously to complete the proposal encapsulation and obtain the HotStuff candidate proposal.
[0010] Optionally, obtaining the signature vote specifically includes: After the consensus master node sends the HotStuff candidate proposal to different verification nodes according to the HotStuff consensus algorithm, each verification node receives the corresponding HotStuff candidate proposal and performs splitting and aggregation processing on the proposal elements in the HotStuff candidate proposal. It then performs combination matching processing on the locally pre-stored proposal verification elements and the proposal elements according to the field correspondence to form the basic data for consistency verification. Each verification node performs commitment consistency verification on HotStuff candidate proposals based on the commitment verification items in the consistency verification base data. The commitment value, the directed opening proof, the position variable value corresponding to the target field, the target field value, and the verification public key are used as commitment verification input items to perform KZG verification processing. It is determined whether the target field value is correctly opened from the commitment value through the directed opening proof. If the target field value is correctly opened from the commitment value through the directed opening proof, a commitment verification pass result is generated; otherwise, a commitment verification failure result is generated and written into the commitment verification result area. Under the condition that the commitment verification result is valid, each verification node performs state transition description construction processing on the HotStuff candidate proposal. This involves writing each digest component of the security processing digest information into its corresponding state segment according to the network information security processing stage corresponding to the state number, embedding the proposal organization information into the connection position between adjacent state segments to form an initial state transition description body. Based on the proposal verification elements, segment projection processing is performed on the initial state transition description body, projecting the digest components in each state segment to their corresponding stage coordinate positions. Simultaneously, cross-segment connection processing is performed, generating connection fragments by connecting the end content of the previous state segment to the beginning content of the next state segment according to the stage progression direction. Each connecting segment is inserted into the corresponding stage boundary position to form an extended state transition description body that explicitly represents the state advancement path. At the same time, sequential folding processing is performed on the extended state transition description body to compress and combine the connecting segments between adjacent state regions with the corresponding state region content into a continuously arranged state transition description sequence. Summary generation processing is performed on the state transition description sequence to obtain a summary combination verification value. Simultaneously, the stage connection relationship in the state transition description sequence is extracted to form a state connection result. When the summary combination verification value corresponds to the security processing summary information and the state connection result connects with the previous state, a summary order joint verification result is generated; otherwise, a summary order joint failure result is generated.
[0011] Each verification node performs a comprehensive consensus determination on HotStuff candidate proposals based on the commitment verification result and the digest order joint verification result. When the commitment verification result is passed and the digest order joint verification result is passed, a proposal consensus pass result is generated, and a voting message to be signed is generated based on the voting organization item in the consensus verification basic data. When the commitment verification result is failed or the digest order joint verification result is failed, a proposal consensus failure result is generated and the voting generation process of the current HotStuff candidate proposal is terminated. The system performs signature processing on the signed voting message, generates the corresponding signed vote, and sends the signed vote to the consensus master node.
[0012] Optionally, obtaining the aggregated legal certificate specifically includes: The consensus master node receives voting return messages sent by different verification nodes, and merges and organizes the voting return messages according to the proposal identifier and status sequence number to form a candidate aggregated voting set corresponding to the same HotStuff candidate proposal; The consensus master node performs statutory voting screening on the candidate aggregated voting set to generate a statutory voting set. Semantic binding of the statutory voting set is performed at each stage. The network information security processing stage corresponding to the current HotStuff candidate proposal is determined based on the state sequence number. The execution order of each signature vote in the statutory voting set is arranged and processed to form an original signature sequence. The stage positioning content and proposal-related content are extracted from the vote return identifier information corresponding to the original signature sequence. The stage positioning content and proposal-related content are then embedded item by item into the back position of the corresponding signature vote to form a stage semantic binding sequence. The verification public keys corresponding to each verification node are arranged in the same order as the phase semantic binding sequence to form an aggregated public key sequence. The phase semantic binding sequence, the aggregated public key sequence, and the voting message to be signed are organized together into the aggregated signature basic data. The consensus master node performs BLS aggregate signature processing based on the aggregate signature basic data, mapping each signature vote in the stage semantic binding sequence to the BLS operation group in the order of arrangement, and performing continuous group multiplication and accumulation processing on each mapped signature vote to generate a single aggregate signature result. At the same time, sequential compression processing is performed on the stage positioning content and proposal-related content in the stage semantic binding sequence to form a certificate semantic index corresponding to the aggregate signature result. The aggregated public key sequence is processed to generate an aggregated public key. Based on the aggregated signature result, the aggregated public key sequence, the voting message to be signed, and the certificate semantic index, BLS aggregated verification is performed. The voting message to be signed is processed to obtain a message mapping result. The aggregated signature result is compared with the generator in the BLS verification group to perform a first bilinear mapping operation. The message mapping result is compared with the aggregated public key sequence to perform a second bilinear mapping operation. The results of the first and second bilinear mapping operations are compared for consistency. If the consistency comparison result is consistent, an aggregated legal certificate is generated.
[0013] Optionally, the formation of the on-chain security processing record specifically includes: The consensus master node aggregates the statutory certificates and HotStuff candidate proposals, extracts security processing summary information, proposal organization information and certificate semantic index, and forms a submission confirmation object. Based on the submitted confirmation object, an on-chain record is constructed, and the security processing summary information is written into the record content area. At the same time, the aggregated legal certificate and certificate semantic index are sequentially written into the record append area to form the record body to be uploaded to the chain and the obtained on-chain record identifier. Based on the record body to be added to the chain and the on-chain record identifier, the submission confirmation is performed. The on-chain record identifier is written to the index position, the record body to be added to the chain is written to the record position of the corresponding block in the blockchain ledger, and the association information of the previous block is written to the header of the current block. The on-chain submission is completed and an on-chain security processing record is generated.
[0014] Optionally, the output of the security processing result specifically includes: Upon receiving an audit request for a target network information security incident, the system performs a retrieval and location process on the on-chain security processing records in the blockchain ledger based on the audit location information to obtain the target audit record and extract audit verification elements from it. Based on the audit verification elements, the target audit record is expanded and verified to form the target field audit content. The target field audit content is then compared with the corresponding fields of the audit request content to generate the target field verification result. If the target field verification result is passed, legal confirmation is performed on the audit content of the target field based on the aggregated legal certificate and certificate semantic index, and the security processing result corresponding to the target network information security event is output.
[0015] A blockchain-based network information security processing system according to an embodiment of the present invention includes: The security event acquisition module is used to collect and parse security event source data in the network environment, and generate security processing summary information corresponding to a single network information security processing process. The security state vector construction module is used to encode security processing summary information into a security state vector according to a preset field order; The HotStuff candidate proposal generation module is used to generate KZG commitments from the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. The commitment value and the opening proof are then encapsulated together as a HotStuff candidate proposal. The proposal verification and signature voting module is used by the consensus master node to send HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates signature votes based on the security processing digest information. The aggregated legal certificate generation module is used by the consensus master node to receive signature votes returned by different verification nodes, and to perform BLS aggregated signature processing on the signature votes that meet the legal quantity requirements to generate aggregated legal certificates. The on-chain security processing record generation module is used to execute submission confirmation of HotStuff candidate proposals based on aggregated legal certificates, write security processing summary information into the blockchain ledger, and form an on-chain security processing record. The audit verification and result output module is used to read the on-chain security processing records in the blockchain ledger when an audit request for a target network information security event is received, verify the target fields, and output the security processing result corresponding to the target network information security event.
[0016] The beneficial effects of this invention are: This invention parses security event source data in the network environment into security processing summary information and further encodes it into a security state vector. Combined with KZG commitments to generate commitment values and open proofs, the risk assessment results, access control results, and anomaly handling results in the network information security processing process no longer participate in on-chain processing directly in plaintext. Instead, they enter the HotStuff candidate proposal in a verifiable and associative commitment form. This improves the structured expression and subsequent verification capabilities of network information security processing content while ensuring the protection of sensitive data.
[0017] This invention utilizes the HotStuff consensus process specifically for confirming network information security processing results. This enables different verification nodes to generate signature votes around the security processing digest information and combine them with BLS aggregated signatures to generate aggregated legal certificates. As a result, the risk assessment results, access control results, and anomaly handling results corresponding to network information security events can be consistently confirmed in a multi-node environment. This avoids the problems of insufficient credibility, easy tampering of results, and inconsistent conclusions across nodes caused by the centralized nodes generating and storing processing results alone in the prior art. This improves the credible confirmation capability and distributed collaborative processing capability of network information security processing results.
[0018] This invention performs submission confirmation on HotStuff candidate proposals based on aggregated legal certificates and writes the security processing summary information into the blockchain ledger to form an on-chain security processing record. When an audit request for a target network information security event is received, the target fields in the on-chain security processing record are verified and the corresponding security processing result is output. This enables the network information security processing process to have a complete closed loop from proposal generation, consensus confirmation, on-chain solidification to audit verification. This not only improves the tamper-proof capability, integrity, and traceability of the on-chain security processing record, but also enhances the accuracy and reliability of post-event auditing, responsibility identification, and processing result review of target network information security events. Attached Figure Description
[0019] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used in conjunction with embodiments of the invention to explain the invention and do not constitute a limitation thereof. In the drawings: Fig. 1 This is a flowchart of a blockchain-based network information security processing method proposed in this invention; Fig. 2 This diagram illustrates the core consensus processing method based on KZG commitments and BLS aggregated signatures, which is proposed in this invention for a blockchain-based network information security processing method. Detailed Implementation
[0020] The present invention will now be described in further detail with reference to the accompanying drawings. These drawings are simplified schematic diagrams, illustrating only the basic structure of the invention, and therefore only show the components relevant to the invention.
[0021] refer to Figs. 1-2 A blockchain-based network information security processing method includes the following steps: Collect and parse security event source data in the network environment to generate security processing summary information corresponding to a single network information security processing process; The security processing summary information is encoded into a security status vector according to a preset field order; Generate KZG commitments for the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. Encapsulate the commitment value and the opening proof together as a HotStuff candidate proposal. The consensus master node sends HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates a signature vote based on the security processing digest information. The consensus master node receives signature votes returned by different verification nodes, and performs BLS aggregate signature processing on the signature votes that meet the statutory number requirements to generate an aggregated statutory certificate; Based on the aggregation of legal certificates, the HotStuff candidate proposal is submitted and confirmed, and the security processing summary information is written into the blockchain ledger to form an on-chain security processing record. Upon receiving an audit request for a target network information security incident, the system reads the on-chain security processing records from the blockchain ledger, verifies the target fields, and outputs the security processing results corresponding to the target network information security incident.
[0022] In this embodiment, the generation of security processing summary information specifically includes: The system collects security event source data from the network environment and performs data standardization on the security event source data to obtain standardized security event source data. Data standardization includes time alignment processing, field format unification processing, field name mapping processing, missing field completion processing, and abnormal field removal processing. Time alignment processing is used to unify the collection time in the security event source data to the same time base. Field format unification processing is used to convert the data types, field lengths, and field encoding methods in security event source data from different sources into a unified format. Field name mapping processing is used to convert the different names of fields in security event source data from different sources into unified field names. Missing field completion processing is used to complete the missing fields in the security event source data according to preset field rules. Abnormal field removal processing is used to delete redundant fields, duplicate fields, and erroneous fields that are not related to a single network information security processing process. Standardized security event source data is processed for event association. The data is sorted, matched, and merged according to the association identification information to obtain the event data set corresponding to a single network information security processing process. The association identification information includes the access subject identifier, access object identifier, session identifier, node identifier, and timestamp. The event data set is digested, and digest information components are generated based on the processing field information. The digest information components are then associated and encapsulated to generate security processing digest information. The processing field information includes fields related to access requests, fields related to risk assessment, fields related to access control, and fields related to exception handling. The digest information components include access request digest, risk assessment digest, access control result digest, and exception handling result digest.
[0023] In this embodiment, obtaining the security state vector specifically includes: Read the security processing summary information, identify the content of each field in the security processing summary information one by one, extract the content of each field according to the order of appearance of the fields, and write the extracted content of each field into the encoding buffer area; In the buffer to be encoded, the contents of each field are rearranged according to the preset field order, the corresponding field number is written to each rearranged field content, and then converted into a unified encoding format to obtain an ordered field sequence. The contents of each field in the ordered field sequence are written into the vector interval according to the position corresponding to the field number. Boundary markers are written between adjacent field contents. Based on the field contents, padding or truncation is performed according to the standard length of the field to obtain the vector encoding sequence. The standard length of the field is determined according to the storage bit width of the field in the security state vector. The concatenation vector encodes all field contents and checks whether the field positions, field boundaries, and field lengths after concatenation are consistent with the preset field order. If the check results meet the consistency requirements, a security state vector is output.
[0024] In this embodiment, obtaining HotStuff candidate proposals specifically includes: Read the security state vector, scan segment by segment from the starting position according to the field boundaries, extract the content of each complete field, and write the extracted field content into the commitment input area in segments according to the formation order of the network information security processing, to obtain the commitment input body; Starting from the beginning of the commitment input body, the content of each field segment is retrieved sequentially. For each field segment, a position description and a stage description are written sequentially. The field content with the position description and stage description written is arranged continuously according to the retrieval order to obtain the commitment calculation body. The position description is used to represent the arrangement position of the field content in the security state vector, and the stage description is used to represent the network information security processing stage to which the field content belongs. KZG commitment computation is performed on the commitment input. Starting from the beginning of the commitment input, each commitment computation unit is read sequentially. The field content, position description information, and stage description information in each commitment computation unit are combined into the corresponding commitment item in the same writing order. The remaining commitment items are written in the same way until all commitment items are written in position, resulting in a position expansion sequence. Commitment mapping is performed on each commitment item in the position expansion sequence according to the order of computation position, mapping the commitment item at each computation position to the commitment computation result at the corresponding position. All commitment computation results are combined into a commitment computation base sequence according to the order of computation position. Commitment value generation is performed on the commitment computation base sequence based on KZG commitment parameters to obtain the commitment value corresponding to the commitment input and write the commitment value into the commitment result area. The commitment computation unit includes field content, position description, and stage description. The KZG commitment parameters include commitment public key, verification public key, computation base point, and position variable value rules. Locate the write segment corresponding to the target field in the commitment computation body, extract the content of the write segment corresponding to the target field, and perform KZG opening proof calculation on the extracted write segment content according to the continuous calculation position corresponding to the target field to obtain the directional opening proof; Read the commitment value from the commitment result area, write the commitment value into the proposal encapsulation area, and simultaneously write the directional opening proof into the storage location after the commitment value, and write the proposal organization information at the same time to complete the proposal encapsulation and obtain the HotStuff candidate proposal. The proposal organization information includes the proposal identifier and the status sequence number. The status sequence number is determined according to the order of the request status area, the decision status area, the control status area, and the disposal status area.
[0025] This invention introduces position and phase descriptions into the field content of the security state vector, and combines KZG commitment calculation and directional opening proof generation processing, so that HotStuff candidate proposals can not only carry structured state information in the network information security process, but also realize verifiable expression and phase association expression of target fields, thereby improving the content organization capability, sensitive data protection capability and field-level verification capability of candidate proposals.
[0026] In this embodiment, obtaining the signature vote specifically includes: After the consensus master node sends HotStuff candidate proposals to different verification nodes according to the HotStuff consensus algorithm, each verification node receives the corresponding HotStuff candidate proposal and performs splitting and aggregation processing on the proposal elements in the HotStuff candidate proposal. It performs combination matching processing on the locally pre-stored proposal verification elements and proposal elements according to the field correspondence to form the basic data for consistency verification. The proposal verification elements include the verification public key, the position variable value corresponding to the target field, the target field value, and network information security processing rules. The consensus master node is the node responsible for proposal driving and consensus advancement in the HotStuff consensus algorithm. It is used to organize the current HotStuff candidate proposal based on the preceding legal certificate digest, initiate the current round of proposal broadcast, and aggregate the signature votes returned by different verification nodes. The verification node is the node responsible for proposal verification and voting response in the HotStuff consensus algorithm. It is used to process the current HotStuff candidate proposal based on the advancement relationship between the preceding legal certificate digest and the current HotStuff candidate proposal. Each verification node performs commitment consistency verification on HotStuff candidate proposals based on the commitment verification items in the consistency verification base data. The commitment value, the directed opening proof, the position variable value corresponding to the target field, the target field value, and the verification public key are used as commitment verification input items to perform KZG verification processing. It is determined whether the target field value is correctly opened from the commitment value through the directed opening proof. If the target field value is correctly opened from the commitment value through the directed opening proof, a commitment verification pass result is generated; otherwise, a commitment verification failure result is generated and written into the commitment verification result area. Under the condition that the commitment verification result is valid, each verification node performs state transition description construction processing on the HotStuff candidate proposal. This involves writing each digest component of the security processing digest information into the corresponding state segment according to the network information security processing stage corresponding to the state number, embedding the proposal organization information into the connection position between adjacent state segments to form an initial state transition description body. Based on the proposal verification elements, segment projection processing is performed on the initial state transition description body, projecting the digest components in each state segment to the corresponding stage coordinate position. Simultaneously, cross-segment connection processing is performed, generating connection fragments between the end content of the previous state segment and the beginning content of the next state segment according to the stage advancement direction. These connection fragments are inserted into the corresponding stage boundary positions to form an extended state transition description body that explicitly represents the state advancement path. Simultaneously, sequential folding processing is performed on the extended state transition description body, compressing and combining the connection segments between adjacent state areas with the corresponding state area content into a continuously arranged state transition description sequence. Summary generation processing is performed on the state transition description sequence to obtain a summary combination verification value, and the stage connection relationship in the state transition description sequence is extracted at the same time to form a state connection result. When the summary combination verification value corresponds to the security processing summary information and the state connection result is connected with the previous state, a summary sequence joint verification result is generated; otherwise, a summary sequence joint failure result is generated. The summary sequence joint failure result is directly generated when the summary combination verification value does not correspond to the security processing summary information or the state connection result is not connected with the previous state. The state segments include the request state area, the decision state area, the control state area, and the disposal state area.
[0027] Each verification node performs a comprehensive consensus determination on HotStuff candidate proposals based on the commitment verification result and the digest order joint verification result. When the commitment verification result and the digest order joint verification result are both passed, a proposal consensus pass result is generated, and a vote message to be signed is generated based on the vote organization item in the consensus verification basic data. When the commitment verification result or the digest order joint verification result is failed, a proposal consensus failure result is generated, and the voting generation process of the current HotStuff candidate proposal is terminated. The vote organization item includes the commitment value, each digest component, the proposal identifier, and the status sequence number. The system performs signature processing on the signed voting message, generates the corresponding signed vote, and sends the signed vote to the consensus master node.
[0028] This invention combines the consensus processing of HotStuff candidate proposals, KZG commitment verification, state transition description construction, and signature voting generation process, so that the signature votes output by the verification nodes can not only represent the confirmation result of the current proposal, but also represent the state progression relationship under the corresponding network information security processing stage. This improves the credible voting capability of network information security processing results, the accuracy of proposal verification, and the multi-node collaborative confirmation capability.
[0029] In this embodiment, obtaining aggregated legal certificates specifically includes: The consensus master node receives voting return messages sent by different verification nodes, and merges and organizes the voting return messages according to the proposal identifier and status sequence number to form a candidate aggregated voting set corresponding to the same HotStuff candidate proposal; The consensus master node performs statutory voting screening on the candidate aggregated voting set. The statutory voting screening process performs deduplication and consolidation processing on the signature votes according to the node identifier, and counts the number of valid signature votes corresponding to the same proposal identifier and the same state sequence number. When the number of valid signature votes meets the preset statutory number requirement, a statutory voting set is generated. Semantic binding of the statutory voting set is performed at each stage. The network information security processing stage corresponding to the current HotStuff candidate proposal is determined based on the state sequence number. The execution order of each signature vote in the statutory voting set is arranged and processed to form an original signature sequence. The stage positioning content and proposal association content are extracted from the vote return identifier information corresponding to the original signature sequence. The stage positioning content and proposal association content are embedded one by one into the back position of the corresponding signature vote to form a stage semantic binding sequence. The stage positioning content is used to represent the network information security processing stage to which the signature vote belongs, and the proposal association content is used to represent the HotStuff candidate proposal to which the signature vote belongs. The verification public keys corresponding to each verification node are arranged in the same order as the phase semantic binding sequence to form an aggregated public key sequence. The phase semantic binding sequence, the aggregated public key sequence, and the voting message to be signed are organized together into the aggregated signature basic data. The consensus master node performs BLS aggregate signature processing based on the aggregate signature basic data. It maps each signature vote in the stage semantic binding sequence to the BLS operation group in the order of arrangement, and performs continuous group multiplication and accumulation processing on each mapped signature vote to generate a single aggregate signature result. At the same time, it performs sequential compression processing on the stage positioning content and proposal association content in the stage semantic binding sequence to form a certificate semantic index corresponding to the aggregate signature result. The certificate semantic index is used to characterize the network information security processing stage and HotStuff candidate proposal affiliation relationship corresponding to the aggregate signature result. The aggregated public key sequence is processed to generate an aggregated public key. Based on the aggregated signature result, the aggregated public key sequence, the voting message to be signed, and the certificate semantic index, BLS aggregated verification is performed. The voting message to be signed is processed to obtain a message mapping result. The aggregated signature result is compared with the generator in the BLS verification group to perform a first bilinear mapping operation. The message mapping result is compared with the aggregated public key sequence to perform a second bilinear mapping operation. The results of the first and second bilinear mapping operations are compared for consistency. If the consistency comparison result is consistent, an aggregated legal certificate is generated.
[0030] This invention improves the distributed consistency confirmation capability of network information security processing results, aggregated verification efficiency, certificate semantic traceability capability, and the accuracy and reliability of on-chain auditing by semantically binding the signature voting execution phase that meets the statutory quantity requirements, BLS aggregated signature, and certificate semantic index generation processing. This is achieved by semantically binding the signature voting execution phase that meets the statutory quantity requirements, BLS aggregated signature, and certificate semantic traceability.
[0031] In this embodiment, the formation of the on-chain security processing record specifically includes: The consensus master node aggregates the statutory certificates and HotStuff candidate proposals, extracts security processing summary information, proposal organization information and certificate semantic index, and forms a submission confirmation object. Based on the submitted confirmation object, the on-chain record is constructed, the security processing summary information is written into the record content area, and the aggregated legal certificate and certificate semantic index are sequentially written into the record append area to form the record body to be added to the chain and the on-chain record identifier. Based on the record body to be added to the chain and the on-chain record identifier, the submission confirmation is performed. The on-chain record identifier is written to the index position, the record body to be added to the chain is written to the record position of the corresponding block in the blockchain ledger, and the association information of the previous block is written to the header of the current block. The on-chain submission is completed and an on-chain security processing record is generated.
[0032] In this embodiment, the output of the security processing result specifically includes: Upon receiving an audit request for a target network information security incident, the system performs a retrieval and location process on the on-chain security processing records in the blockchain ledger based on the audit location information to obtain the target audit record and extract audit verification elements from it. The audit location information includes the on-chain security processing record identifier, proposal identifier, and status sequence number. The audit verification elements include security processing summary information, aggregated legal certificate, certificate semantic index, and target field location information. Based on the audit verification elements, the target audit record is expanded and verified by field expansion and field verification. Field expansion and field verification extract the field content corresponding to the target field from the security processing summary information according to the target field location information. Based on the proposal identifier, status sequence number and certificate semantic index, the field content is mapped to the corresponding network information security processing stage to form the target field audit content. The target field audit content is then compared with the corresponding field of the audit request content to generate the target field verification result. If the target field verification result is passed, the audit content of the target field is subject to statutory confirmation based on the aggregated statutory certificate and certificate semantic index, and the security processing result corresponding to the target network information security event is output. The security processing result includes the risk assessment result, access control result, anomaly handling result and audit confirmation result generated for the target network information security event.
[0033] A blockchain-based network information security processing system includes: The security event acquisition module is used to collect and parse security event source data in the network environment, and generate security processing summary information corresponding to a single network information security processing process. The security state vector construction module is used to encode security processing summary information into a security state vector according to a preset field order; The HotStuff candidate proposal generation module is used to generate KZG commitments from the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. The commitment value and the opening proof are then encapsulated together as a HotStuff candidate proposal. The proposal verification and signature voting module is used by the consensus master node to send HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates signature votes based on the security processing digest information. The aggregated legal certificate generation module is used by the consensus master node to receive signature votes returned by different verification nodes, and to perform BLS aggregated signature processing on the signature votes that meet the legal quantity requirements to generate aggregated legal certificates. The on-chain security processing record generation module is used to execute submission confirmation of HotStuff candidate proposals based on aggregated legal certificates, write security processing summary information into the blockchain ledger, and form an on-chain security processing record. The audit verification and result output module is used to read the on-chain security processing records in the blockchain ledger when an audit request for a target network information security event is received, verify the target fields, and output the security processing result corresponding to the target network information security event.
[0034] Example 1: To verify the feasibility of this invention in implementation, it was applied to a multi-organization collaborative data sharing network security processing scenario. This scenario includes a business access gateway, identity authentication nodes, access control nodes, security audit nodes, and multiple blockchain verification nodes. Each organization accesses shared business resources through a unified access platform, which continuously generates access request logs, identity authentication logs, risk assessment logs, access control logs, and anomaly handling logs. Existing technologies generally have several prominent problems in this type of scenario: First, network information security events are often judged and recorded separately by a centralized security platform, making it difficult for different nodes to reach a unified and credible conclusion on the same event. Second, security processing results are mostly stored in ordinary log format, which, although able to record the processing process, makes it difficult to guarantee the chain correspondence between risk assessment results, access control results, and anomaly handling results. Third, during auditing, it is usually only possible to review the overall logs, making it difficult to perform precise verification on a specific field, resulting in long audit cycles and high cross-verification costs.
[0035] In this scenario, the platform connects to multiple business systems and terminal nodes. During business operation, it continuously receives external access requests, internal interface call requests, and requests to read highly sensitive resources. The system first collects security event source data, parses the access subject, access object, session identifier, node identifier, and risk handling related content, and generates access request digests, risk judgment digests, access control result digests, and anomaly handling result digests. These digest information is then encoded into a security state vector. Subsequently, the system generates KZG commitment values and directed opening proofs based on field positions and processing stages. The commitment value, directed opening proof, and proposal organization information are jointly encapsulated into a HotStuff candidate proposal. The consensus master node broadcasts this candidate proposal to multiple verification nodes. The certificate node no longer passively receives ordinary logs or messages, but performs processing based on commitment values, open proofs, security processing summary information, and prior sequence relationships, and then generates signature votes based on the processing results. Afterwards, the consensus master node performs phase semantic binding and BLS aggregate signature processing on the signature votes that meet the statutory quantity requirements, forming an aggregated statutory certificate, and writes the security processing summary information, aggregated statutory certificate, and certificate semantic index together into the blockchain ledger to form an on-chain security processing record. In the audit phase, after receiving an audit request for a target network information security event, the system can directly perform verification based on the target field location information in the on-chain security processing record, and output risk assessment results, access control results, anomaly handling results, and audit confirmation results.
[0036] To demonstrate the beneficial effects of this invention, it is compared with centralized network information security processing solutions and ordinary blockchain on-chain processing solutions. The centralized network information security processing solution refers to a processing solution where a central security platform performs risk assessment, access control, anomaly handling, and audit record management, and stores the relevant processing results in a centralized log database. The ordinary blockchain on-chain processing solution refers to a processing solution where network information security processing results are written into the blockchain ledger in the form of ordinary log summaries or ordinary event records. Specific comparative data is shown in Table 1. Table 1 Performance Comparison Analysis of Network Information Security Processing Solutions
[0037] As shown in Table 1, the solution of this invention exhibits superior performance compared to centralized processing solutions and ordinary blockchain on-chain solutions. Specifically, the average event processing time is reduced to 8.1 seconds, the average audit time for a single event is reduced to 21 seconds, the field-level verification success rate is increased to 98.7%, the consistency confirmation rate of abnormal events is increased to 99.2%, the consistency verification success rate between on-chain records and original digests is increased to 99.5%, the chain correspondence accuracy of processing results is increased to 99.61%, the audit throughput is increased to 182 records / minute, and the direct verification success rate of target fields is increased to 98.9%. This demonstrates that the present invention has significant advantages in processing efficiency, result consistency, field-level verification capability, on-chain record reliability, and audit automation level.
[0038] The above are merely preferred embodiments of the present invention, but the scope of protection of the present invention is not limited thereto. Any equivalent substitutions or modifications made by those skilled in the art within the scope of the technology disclosed in the present invention, based on the technical solution and inventive concept of the present invention, should be covered within the scope of protection of the present invention.
Claims
1. A network information security processing method and system based on blockchain, characterized in that, Includes the following steps: Collect and parse security event source data in the network environment to generate security processing summary information corresponding to a single network information security processing process; The security processing summary information is encoded into a security status vector according to a preset field order; Generate KZG commitments for the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. Encapsulate the commitment value and the opening proof together as a HotStuff candidate proposal. The consensus master node sends HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates a signature vote based on the security processing digest information. The consensus master node receives signature votes returned by different verification nodes, and performs BLS aggregate signature processing on the signature votes that meet the statutory number requirements to generate an aggregated statutory certificate; Based on the aggregation of legal certificates, the HotStuff candidate proposal is submitted and confirmed, and the security processing summary information is written into the blockchain ledger to form an on-chain security processing record. Upon receiving an audit request for a target network information security incident, the system reads the on-chain security processing records from the blockchain ledger, verifies the target fields, and outputs the security processing results corresponding to the target network information security incident.
2. The network information security processing method based on blockchain according to claim 1, characterized in that, The generation of the security processing summary information specifically includes: Collect security event source data in the network environment, perform data standardization on the security event source data, and obtain standardized security event source data; Perform event correlation processing on standardized security event source data, sort, match, and merge according to the correlation identification information to obtain the event data set corresponding to a single network information security processing process; The event data set is digested, digest information components are generated based on the processing field information, and the digest information components are associated and encapsulated to generate security processing digest information.
3. The network information security processing method based on blockchain according to claim 1, characterized in that, The specific steps involved in obtaining the security state vector are as follows: Read the security processing summary information, identify the content of each field in the security processing summary information one by one, extract the content of each field according to the order of appearance of the fields, and write the extracted content of each field into the encoding buffer area; In the buffer to be encoded, the contents of each field are rearranged according to the preset field order, the corresponding field number is written to each rearranged field content, and then converted into a unified encoding format to obtain an ordered field sequence. Write the contents of each field in the ordered field sequence into the vector interval according to the position corresponding to the field number, write boundary markers between adjacent field contents, and perform padding or truncation according to the standard length of the field contents to obtain the vector encoding sequence. The concatenation vector encodes all field contents and checks whether the field positions, field boundaries, and field lengths after concatenation are consistent with the preset field order. If the check results meet the consistency requirements, a security state vector is output.
4. The network information security processing method based on blockchain according to claim 1, characterized in that, The acquisition of the HotStuff candidate proposals specifically includes: Read the security state vector, scan segment by segment from the starting position according to the field boundaries, extract the content of each complete field, and write the extracted field content into the commitment input area in segments according to the formation order of the network information security processing, to obtain the commitment input body; Starting from the beginning of the commitment input body, retrieve the content of each field segment in sequence, write a position description and a stage description for each field segment in sequence, and arrange the field content with the written position description and stage description in the order of retrieval to obtain the commitment calculation body; KZG commitment calculation is performed on the commitment input body. Starting from the beginning of the commitment input body, each commitment calculation unit is read sequentially. The field content, position description information, and stage description information in each commitment calculation unit are combined into the corresponding commitment item in the same writing order. The remaining commitment items are written in the same way until all commitment items are written in position, resulting in a position expansion sequence. Commitment mapping is performed on each commitment item in the position expansion sequence according to the calculation position order, mapping the commitment item at each calculation position to the commitment calculation result at the corresponding position. All commitment calculation results are combined into a commitment calculation base sequence according to the calculation position order. Commitment value generation is performed on the commitment calculation base sequence based on KZG commitment parameters to obtain the commitment value corresponding to the commitment input body, and the commitment value is written into the commitment result area. Locate the write segment corresponding to the target field in the commitment computation body, extract the content of the write segment corresponding to the target field, and perform KZG opening proof calculation on the extracted write segment content according to the continuous calculation position corresponding to the target field to obtain the directional opening proof; Read the commitment value from the commitment result area, write the commitment value into the proposal encapsulation area, write the directional opening proof into the storage location after the commitment value, and write the proposal organization information simultaneously to complete the proposal encapsulation and obtain the HotStuff candidate proposal.
5. A network information security processing method based on blockchain according to claim 1, characterized in that, The acquisition of the signature vote specifically includes: After the consensus master node sends the HotStuff candidate proposal to different verification nodes according to the HotStuff consensus algorithm, each verification node receives the corresponding HotStuff candidate proposal and performs splitting and aggregation processing on the proposal elements in the HotStuff candidate proposal. It then performs combination matching processing on the locally pre-stored proposal verification elements and the proposal elements according to the field correspondence to form the basic data for consistency verification. Each verification node performs commitment consistency verification on HotStuff candidate proposals based on the commitment verification items in the consistency verification base data. The commitment value, the directed opening proof, the position variable value corresponding to the target field, the target field value, and the verification public key are used as commitment verification input items to perform KZG verification processing. It is determined whether the target field value is correctly opened from the commitment value through the directed opening proof. If the target field value is correctly opened from the commitment value through the directed opening proof, a commitment verification pass result is generated; otherwise, a commitment verification failure result is generated and written into the commitment verification result area. Under the condition that the commitment verification result is valid, each verification node performs state transition description construction processing on the HotStuff candidate proposal. This involves writing each digest component of the security processing digest information into its corresponding state segment according to the network information security processing stage corresponding to the state number, embedding the proposal organization information into the connection position between adjacent state segments to form an initial state transition description body. Based on the proposal verification elements, segment projection processing is performed on the initial state transition description body, projecting the digest components in each state segment to their corresponding stage coordinate positions. Simultaneously, cross-segment connection processing is performed, generating connection fragments by connecting the end content of the previous state segment to the beginning content of the next state segment according to the stage progression direction. Each connecting segment is inserted into the corresponding stage boundary position to form an extended state transition description body that explicitly represents the state advancement path. At the same time, sequential folding processing is performed on the extended state transition description body to compress and combine the connecting segments between adjacent state regions with the corresponding state region content into a continuously arranged state transition description sequence. Summary generation processing is performed on the state transition description sequence to obtain a summary combination verification value. Simultaneously, the stage connection relationship in the state transition description sequence is extracted to form a state connection result. When the summary combination verification value corresponds to the security processing summary information and the state connection result connects with the previous state, a summary order joint verification result is generated; otherwise, a summary order joint failure result is generated.
6. Each verification node performs a comprehensive consensus determination on HotStuff candidate proposals based on the commitment verification result and the digest order joint verification result. When the commitment verification result is passed and the digest order joint verification result is passed, a proposal consensus pass result is generated, and a voting message to be signed is generated based on the voting organization item in the consensus verification basic data. When the commitment verification result is failed or the digest order joint verification result is failed, a proposal consensus failure result is generated and the voting generation process of the current HotStuff candidate proposal is terminated. The system performs signature processing on the signed voting message, generates the corresponding signed vote, and sends the signed vote to the consensus master node.
7. A network information security processing method based on blockchain according to claim 1, characterized in that, The acquisition of the aggregated legal certificate specifically includes: The consensus master node receives voting return messages sent by different verification nodes, and merges and organizes the voting return messages according to the proposal identifier and status sequence number to form a candidate aggregated voting set corresponding to the same HotStuff candidate proposal; The consensus master node performs statutory voting screening on the candidate aggregated vote set to generate a statutory vote set. Semantic binding of the statutory voting set is performed at each stage. The network information security processing stage corresponding to the current HotStuff candidate proposal is determined based on the state sequence number. The execution order of each signature vote in the statutory voting set is arranged and processed to form an original signature sequence. The stage positioning content and proposal-related content are extracted from the vote return identifier information corresponding to the original signature sequence. The stage positioning content and proposal-related content are then embedded item by item into the back position of the corresponding signature vote to form a stage semantic binding sequence. The verification public keys corresponding to each verification node are arranged in the same order as the phase semantic binding sequence to form an aggregated public key sequence. The phase semantic binding sequence, the aggregated public key sequence, and the voting message to be signed are organized together into the aggregated signature basic data. The consensus master node performs BLS aggregate signature processing based on the aggregate signature basic data, mapping each signature vote in the stage semantic binding sequence to the BLS operation group in the order of arrangement, and performing continuous group multiplication and accumulation processing on each mapped signature vote to generate a single aggregate signature result. At the same time, sequential compression processing is performed on the stage positioning content and proposal-related content in the stage semantic binding sequence to form a certificate semantic index corresponding to the aggregate signature result. The aggregated public key sequence is processed to generate an aggregated public key. Based on the aggregated signature result, the aggregated public key sequence, the voting message to be signed, and the certificate semantic index, BLS aggregated verification is performed. The voting message to be signed is processed to obtain a message mapping result. The aggregated signature result is compared with the generator in the BLS verification group to perform a first bilinear mapping operation. The message mapping result is compared with the aggregated public key sequence to perform a second bilinear mapping operation. The results of the first and second bilinear mapping operations are compared for consistency. If the consistency comparison result is consistent, an aggregated legal certificate is generated.
8. A network information security processing method based on blockchain according to claim 1, characterized in that, The formation of the on-chain security processing record specifically includes: The consensus master node aggregates the statutory certificates and HotStuff candidate proposals, extracts security processing summary information, proposal organization information and certificate semantic index, and forms a submission confirmation object. Based on the submitted confirmation object, an on-chain record is constructed, and the security processing summary information is written into the record content area. At the same time, the aggregated legal certificate and certificate semantic index are sequentially written into the record append area to form the record body to be uploaded to the chain and the obtained on-chain record identifier. Based on the record body to be added to the chain and the on-chain record identifier, the submission confirmation is performed. The on-chain record identifier is written to the index position, the record body to be added to the chain is written to the record position of the corresponding block in the blockchain ledger, and the association information of the previous block is written to the header of the current block. The on-chain submission is completed and an on-chain security processing record is generated.
9. A network information security processing method based on blockchain according to claim 1, characterized in that, The output of the security processing result specifically includes: Upon receiving an audit request for a target network information security incident, the system performs a retrieval and location process on the on-chain security processing records in the blockchain ledger based on the audit location information to obtain the target audit record and extract audit verification elements from it. Based on the audit verification elements, the target audit record is expanded and verified to form the target field audit content. The target field audit content is then compared with the corresponding fields of the audit request content to generate the target field verification result. If the target field verification result is passed, legal confirmation is performed on the audit content of the target field based on the aggregated legal certificate and certificate semantic index, and the security processing result corresponding to the target network information security event is output.
10. A blockchain-based network information security processing system, executing the blockchain-based network information security processing method according to any one of claims 1 to 8, characterized in that, include: The security event acquisition module is used to collect and parse security event source data in the network environment, and generate security processing summary information corresponding to a single network information security processing process. The security state vector construction module is used to encode security processing summary information into a security state vector according to a preset field order; The HotStuff candidate proposal generation module is used to generate KZG commitments from the security state vector, obtain the commitment value corresponding to the security state vector, and generate the corresponding opening proof. The commitment value and the opening proof are then encapsulated together as a HotStuff candidate proposal. The proposal verification and signature voting module is used by the consensus master node to send HotStuff candidate proposals to different verification nodes. Each verification node performs consistency verification on the HotStuff candidate proposals based on the proposal verification elements and generates signature votes based on the security processing digest information. The aggregated legal certificate generation module is used by the consensus master node to receive signature votes returned by different verification nodes, and to perform BLS aggregated signature processing on the signature votes that meet the legal quantity requirements to generate aggregated legal certificates. The on-chain security processing record generation module is used to execute submission confirmation of HotStuff candidate proposals based on aggregated legal certificates, write security processing summary information into the blockchain ledger, and form an on-chain security processing record. The audit verification and result output module is used to read the on-chain security processing records in the blockchain ledger when an audit request for a target network information security event is received, verify the target fields, and output the security processing result corresponding to the target network information security event.