Digital resource processing method and apparatus
By encrypting and aggregating digital resource values and associating them with cross-platform identity identifiers for storage, utilizing a secure multi-party computation cluster for collaborative computation in encrypted form, and combining zero-knowledge proofs and blockchain for identity verification, the problems of cross-platform resource interoperability and privacy protection are solved, achieving secure and efficient digital resource aggregation and exchange.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHANGHAI BILIBILI TECH CO LTD
- Filing Date
- 2026-03-17
- Publication Date
- 2026-06-19
AI Technical Summary
The inability of users to share digital resources across different platforms limits their value, and existing cross-platform resource aggregation solutions are prone to privacy leaks and fail to meet data protection regulations.
By encrypting and aggregating digital resource values and associating them with cross-platform identity identifiers for storage, and utilizing a secure multi-party computation cluster for collaborative computation in encrypted form, the aggregation and exchange of cross-platform digital resources are achieved. Zero-knowledge proofs and blockchain are combined for identity verification and data storage to ensure privacy protection.
It has achieved secure aggregation of digital resources across platforms, enhanced resource value, increased user participation in platform activities, met data protection regulations, and optimized system performance.
Smart Images

Figure CN122241733A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data processing technology, and in particular to a digital resource processing method, apparatus, computer equipment, computer-readable storage medium, and computer program product. Background Technology
[0002] Currently, users' digital resources (such as points, tokens, credit scores, etc.) on a certain platform can usually only be used within the platform and cannot be aggregated and used with similar digital resources on other platforms, which limits the value of digital resources.
[0003] Among related technologies, there are solutions for jointly using digital resources from multiple platforms. However, such solutions often require platforms to share users' raw behavioral data or identity information, which can easily lead to user privacy leaks and makes it difficult to meet the requirements of increasingly stringent data protection regulations (such as the GDPR).
[0004] It should be noted that the above content is not necessarily prior art, nor is it intended to limit the scope of patent protection of this application. Summary of the Invention
[0005] This application provides a digital resource processing method, apparatus, computer equipment, computer-readable storage medium, and computer program product to solve or alleviate one or more of the technical problems mentioned above.
[0006] One aspect of this application provides a digital resource processing method, the method comprising:
[0007] Receive the encrypted aggregated digital resource value of the target object, associate and store the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object, the encrypted aggregated digital resource value is generated by the encrypted digital resource value provided by several platforms through the collaborative computation of a secure multi-party computing cluster in ciphertext state; Upon receiving a query request from a requester for the encrypted aggregated digital resource value and confirming that the requester is the holder of the target cross-platform identity, the encrypted aggregated digital resource value is retrieved. The retrieved encrypted aggregated digital resource value is sent to the secure multi-party computing cluster for collaborative decryption, so that the decrypted aggregated digital resource value is returned to the requesting party. In response to the requester's digital resource exchange request, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is performed.
[0008] Optionally, retrieving the encrypted aggregated digital resource value upon receiving a query request from a requester for the encrypted aggregated digital resource value and confirming that the requester is the holder of the target cross-platform identity includes: Upon receiving a query request from a requester for the value of encrypted aggregated digital resources, cross-platform authentication of the requester is triggered. Receive the first zero-knowledge proof submitted by the requester, and verify whether the requester is the holder of the target cross-platform identity based on the first zero-knowledge proof; If the verification is successful, the encrypted aggregated digital resource value is retrieved based on the target cross-platform identity identifier.
[0009] Optionally, receiving the encrypted aggregated digital resource value of the target object and associating and storing the encrypted aggregated digital resource value with the target cross-platform identity of the target object includes: Receive the encrypted aggregated digital resource value of the target object and the second zero-knowledge proof corresponding to the encrypted aggregated digital resource value, wherein the second zero-knowledge proof is used to prove that the encrypted aggregated digital resource value conforms to the rules; If the second zero-knowledge proof is verified, the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity, and a unique transaction hash is generated.
[0010] Another aspect of this application provides a digital resource processing method, the method comprising: A digital resource aggregation operation task is broadcast to several platforms. The digital resource aggregation operation task includes a validity proof of a target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using a homomorphic encryption algorithm. An aggregation operation is performed on the encrypted digital resource value to obtain an encrypted aggregated digital resource value, and a third zero-knowledge proof of the encrypted aggregated digital resource value is generated to prove that the encrypted aggregated digital resource value conforms to the rules. The encrypted aggregated digital resource value and the third zero-knowledge proof are sent to the cloud or blockchain so that the cloud or blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier in the case of the third zero-knowledge proof.
[0011] Optionally, the method further includes: Receive the decryption request of the encrypted aggregated digital resource value, and reconstruct the secure multi-party computation private key of the encrypted aggregated digital resource value through nodes that have reached a threshold. The nodes are nodes of the secure multi-party computation cluster. The encrypted aggregated digital resource value is decrypted and destroyed in a trusted execution environment using the secure multi-party computation private key, thus obtaining the aggregated digital resource value. The aggregated digital resource value is returned via an encrypted communication channel.
[0012] Another aspect of this application provides a digital resource processing method, the method comprising: The digital resource aggregation operation task received by the broadcast includes the validity proof of the target cross-platform identity, the target cross-platform identity belongs to the target object, the target cross-platform identity corresponds to the local encrypted digital resource value of the target object on this platform, and the local encrypted digital resource value is obtained by encrypting it through a homomorphic encryption algorithm; If the validity proof is verified, the local encrypted digital resource value is obtained based on the correspondence. The local encrypted digital resource value is sent to a secure multi-party computing cluster, which then performs encrypted collaborative computation based on the local encrypted digital resource value and encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and records the encrypted aggregated digital resource value to the cloud or blockchain.
[0013] Optionally, the method further includes: Receive a fourth zero-knowledge proof sent by a dedicated client, the fourth zero-knowledge proof being used to prove that the target object is the holder of the target cross-platform identity; If the verification of the fourth zero knowledge is successful, the anonymous ID of the platform is generated based on the target cross-platform identity and the salt value of this platform; Correspondingly, obtaining the local encrypted digital resource value based on the correspondence includes: Based on the validity proof, determine the anonymous ID of the target object on this platform; The local encrypted digital resource value is obtained based on the anonymous ID of this platform.
[0014] Optionally, the method further includes: The local digital resource value of the target object is calculated based on the target object's behavioral data on the platform. A target feature vector is generated based on the behavioral data and the local digital resource values; Obtain a pre-configured privacy budget, and generate a noise vector based on the privacy budget; The noise vector is calculated based on the noise vector and the target feature vector; The local ciphertext data is obtained and stored by encrypting the noise vector using a homomorphic encryption algorithm, and the local ciphertext data includes the local encrypted digital resource value.
[0015] Another aspect of this application provides a data resource processing apparatus, the apparatus comprising: The receiving module is used to receive and store the encrypted aggregated digital resource value of the target object, and associate the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object. The encrypted aggregated digital resource value is generated by the collaborative computation of encrypted digital resource values provided by several platforms in a secure multi-party computing cluster in ciphertext state. The retrieval module is used to retrieve the encrypted aggregated digital resource value when it receives a query request from a requester for the encrypted aggregated digital resource value and the requester is the holder of the target cross-platform identity. The decryption module is used to send the retrieved encrypted aggregated digital resource value to the secure multi-party computing cluster for collaborative decryption, so as to obtain the decrypted aggregated digital resource value and return it to the requesting party. The exchange module is used to respond to the digital resource exchange request from the requester, and to perform the digital resource exchange operation when it is determined that the decrypted aggregated digital resource value meets the exchange conditions.
[0016] Another aspect of this application provides a data resource processing apparatus, the apparatus comprising: The broadcast module is used to broadcast digital resource aggregation operation tasks to several platforms. The digital resource aggregation operation tasks include a validity proof of a target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using a homomorphic encryption algorithm. The aggregation module is used to perform aggregation operations on the encrypted digital resource value to obtain an encrypted aggregated digital resource value, and generate a third zero-knowledge proof of the encrypted aggregated digital resource value to prove that the encrypted aggregated digital resource value conforms to the rules. The sending module is used to send the encrypted aggregated digital resource value and the third zero-knowledge proof to the cloud or the blockchain, so that the cloud or the blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier through the third zero-knowledge proof.
[0017] Another aspect of this application provides a data resource processing apparatus, the apparatus comprising: The receiving module is used to receive broadcast digital resource aggregation operation tasks. The digital resource aggregation operation tasks include the validity proof of the target cross-platform identity, the target cross-platform identity belongs to the target object, the target cross-platform identity corresponds to the local encrypted digital resource value of the target object on this platform, and the local encrypted digital resource value is obtained by encrypting it using a homomorphic encryption algorithm. The acquisition module is used to acquire the local encrypted digital resource value based on the target cross-platform identity and the corresponding relationship, provided that the validity proof has been verified. The sending module is used to send the local encrypted digital resource value to a secure multi-party computing cluster, so that the secure multi-party computing cluster can perform encrypted collaborative computing based on the local encrypted digital resource value and encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and record the encrypted aggregated digital resource value to the cloud or blockchain.
[0018] Another aspect of this application provides a computer device, including: At least one processor; and A memory that is communicatively connected to the at least one processor; Wherein: the memory stores instructions that can be executed by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method as described above.
[0019] Another aspect of this application provides a computer-readable storage medium storing computer instructions that, when executed by a processor, implement the method described above.
[0020] Another aspect of this application provides a computer program product including a computer program that, when executed by a processor, implements the method described above.
[0021] The embodiments of this application employing the above-described technical solution may have the following advantages: By receiving the encrypted aggregated digital resource value of the target object, the encrypted aggregated digital resource is associated with and stored in relation to the target object's cross-platform identity. The encrypted aggregated digital resource value is generated by secure multi-party computation in ciphertext state from encrypted digital resource values provided by several platforms. When a query request for the encrypted aggregated digital resource value is received from a requester who is the holder of the cross-platform identity, the encrypted aggregated digital resource value is retrieved and sent to the secure multi-party computation cluster for collaborative decryption. The decrypted aggregated digital resource value is then returned to the requester. In response to the requester's digital resource exchange request, if it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is executed. This allows the aggregation of the target object's digital resource values across multiple platforms to be completed in ciphertext state, achieving "data usable but invisible." Furthermore, it allows for the querying and exchange of digital resources based on the target object's request, breaking down data silos, enhancing the value of digital resources, and increasing users' enthusiasm for participating in platform activities to obtain more digital resources. Attached Figure Description
[0022] The accompanying drawings exemplify embodiments and form part of the specification, serving together with the textual description to explain exemplary implementations of the embodiments. The illustrated embodiments are for illustrative purposes only and do not limit the scope of the claims. Throughout the drawings, the same reference numerals refer to similar but not necessarily identical elements.
[0023] Figure 1 This diagram schematically illustrates the operating environment of the digital resource processing method according to Embodiment 1 of this application; Figure 2 A flowchart illustrating a digital resource processing method according to Embodiment 1 of this application is shown schematically. Figure 3 Schematic illustration Figure 2 Flowchart of the sub-steps in step S102; Figure 4 Schematic illustration Figure 3 Flowchart of the sub-steps in step S200; Figure 5 A block diagram of a digital resource processing apparatus according to Embodiment 2 of this application is shown schematically; Figure 6 A flowchart illustrating a digital resource processing method according to Embodiment 3 of this application is shown schematically. Figure 7 The illustration schematically shows a new flow in the digital resource processing method according to Embodiment 3 of this application; Figure 8 A block diagram of a digital resource processing apparatus according to Embodiment 4 of this application is schematically shown. Figure 9A flowchart illustrating a digital resource processing method according to Embodiment 5 of this application is shown schematically. Figure 10 The illustration schematically shows a new flow in the digital resource processing method according to Embodiment 5 of this application; Figure 11 Schematic illustration Figure 9 Flowchart of the sub-steps in step S802; Figure 12 This illustration schematically shows another additional process of the digital resource processing method according to Embodiment 5 of this application; Figure 13 A flowchart illustrating a digital resource processing method according to Embodiment 5 of this application is shown schematically. Figure 14 A schematic diagram illustrating the principle of a digital resource processing method according to Embodiment 5 of this application is shown. Figure 15 Schematic illustration Figure 14 Corresponding flowchart example; Figure 16 A block diagram of a digital resource processing apparatus according to Embodiment 2 of this application is schematically shown; and Figure 17 A schematic diagram of the hardware architecture of a computer device according to Embodiment 3 of this application is shown. Detailed Implementation
[0024] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application. All other embodiments obtained by those skilled in the art based on the embodiments in this application without inventive effort are within the scope of protection of this application.
[0025] It should be noted that the descriptions involving "first," "second," etc., in the embodiments of this application are for descriptive purposes only and should not be construed as indicating or implying their relative importance or implicitly specifying the number of technical features indicated. Therefore, a feature defined with "first" or "second" may explicitly or implicitly include at least one of that feature. Furthermore, the technical solutions of the various embodiments can be combined with each other, but this must be based on the ability of those skilled in the art to implement them. If the combination of technical solutions is contradictory or impossible to implement, it should be considered that such a combination of technical solutions does not exist and is not within the scope of protection claimed in this application.
[0026] It should be noted that, in any stage of this application involving the collection, storage, use, transmission, and processing of data, each stage strictly adheres to the laws, regulations, industry standards, and regulatory requirements of the data source, usage location, and relevant countries and regions to ensure the legality and compliance of data activities. In the collection stage, the purpose, method, and scope of collection are clearly communicated to the data subject in a prominent manner. Collection is conducted only after obtaining the data subject's legal authorization, ensuring that the collection process follows the "minimum necessary" principle and does not exceed the scope of data collection. In the storage stage, storage periods are limited, and data is promptly deleted or anonymized / encrypted after the storage purpose is achieved. In the usage stage, a strict data security protection mechanism is implemented, using field-level desensitization technology and processing the original data according to preset desensitization rules. For different types of data, multiple desensitization strategies, such as data generalization, data anonymization, and data encryption, are employed to effectively mitigate the risk of sensitive information leakage and ensure that all data used is securely processed and desensitized, comprehensively protecting the rights and interests of data subjects and data security. In the transmission and processing stages, the confidentiality and security of data are ensured during transmission and processing.
[0027] In the description of this application, it should be understood that the numerical labels before the steps do not indicate the order of the steps, but are only used to facilitate the description of this application and to distinguish each step, and therefore should not be construed as a limitation of this application.
[0028] First, a definition of the terminology used in this application is provided: Decentralized Identifier (DID): A decentralized identity identifier that is not issued or managed by a centralized authority. It is used to anonymously associate user accounts on different platforms. Example format: did:example:user123.
[0029] Secure Multi-Party Computation (MPC) is a cryptographic technique that enables multiple parties to collaboratively perform encrypted computations without the involvement of a trusted third party, aiming to ensure the privacy of each party's input data. It allows multiple parties to jointly compute a predefined function without revealing their individual input data, with the core requirement of "data usable but not visible."
[0030] Homomorphic encryption (HE): A special encryption technique that allows direct computation on encrypted ciphertext, and the decrypted result is consistent with the result of the plaintext computation.
[0031] Differential privacy (DP): By adding carefully designed noise to the original data, attackers cannot distinguish the presence or absence of individual data points, while ensuring that the overall statistical properties of the data remain unchanged.
[0032] Zero-knowledge proof (ZKP): A cryptographic protocol that allows a prover to prove a statement is true without revealing any additional information to the verifier. It is used for user authentication and verification of computational correctness.
[0033] Consortium blockchain: A blockchain network jointly maintained by multiple organizations, possessing the characteristics of immutability and traceability.
[0034] Secondly, to facilitate understanding of the technical solutions provided in the embodiments of this application by those skilled in the art, the relevant technologies are described below: Currently, there are generally two ways for users to use digital resources on the platform: 1. Used within the platform and not combined with digital resources from other platforms.
[0035] 2. Combine digital resources from multiple platforms for use, but require user authorization to share all behavioral data.
[0036] However, the above solution has the following problems: The problem of data silos is prominent: digital resources obtained by users on different platforms cannot be shared, the value of digital resources is limited to a single platform, and users' enthusiasm for participating in platform activities to obtain digital resources is reduced.
[0037] High risk of privacy leaks: Centralized models store plaintext behavioral data, making the platform an easy target for attacks; cross-platform binding models require sharing raw data, which increases the probability of exposing sensitive user information and poses a risk of data misuse internally.
[0038] Insufficient computational credibility: Centralized computation is a "black box operation," and the rules for computing digital resources are not transparent, making them susceptible to tampering.
[0039] Compliance is difficult to meet: Data protection regulations such as the General Data Protection Regulation (GDPR) require "data minimization" and "purpose limitation". Related technologies, which need to collect or share all data, are prone to violating relevant regulations, increasing the platform's compliance costs. System performance bottleneck: In a centralized model, the computation and storage of large-scale user data rely on a single server, which is prone to single points of failure and computational delays. Especially during peak advertising periods, the untimely updates of digital resources (such as points) affect the user experience.
[0040] Therefore, this application provides a digital resource processing technical solution. In this technical solution: 1. Break down data silos: Achieve cross-platform digital resource aggregation through encrypted computing, enhance the value of digital resources, and increase users' enthusiasm for participating in platform activities to obtain digital resources.
[0041] 2. Enhance privacy protection: Achieve "data usable but not visible", each platform only knows the user's behavior data on its own platform, and cannot obtain data from other platforms or the user's real identity.
[0042] 3. Verifiable calculation process and immutable results: Through the dual protection of blockchain and zero-knowledge proof, the calculation process is ensured to be transparent and trustworthy, and the problem of tampering with digital resources is eliminated.
[0043] 4. Improved compliance: The built-in privacy design complies with the "data minimization" principle of the General Data Protection Regulation (GDPR), reducing the cost of platform compliance transformation.
[0044] 5. System performance optimization: The distributed parallel computing architecture solves single-point bottlenecks, supports large-scale concurrent access by users, and improves the timeliness of digital resource updates.
[0045] See below for details.
[0046] Finally, for ease of understanding, an exemplary operating environment is provided below.
[0047] like Figure 1 As shown in the diagram, the operating environment includes: a dedicated client, a blockchain, a secure multi-party computation cluster, several platforms, and several platform clients. Users generate behavioral data (such as watching ads and videos) through the platform clients. The platforms calculate the user's digital resource value (such as points) based on this data. This digital resource value is stored in association with the platform account, and a mapping relationship exists between the platform account and the user's cross-platform identity, with the mapping relationship stored encrypted. Each platform encrypts its digital resource value using a homomorphic encryption algorithm and sends it to the secure multi-party computation cluster. The secure multi-party computation cluster performs homomorphic aggregation operations on the encrypted digital resource values from each platform in their encrypted state to obtain the user's encrypted aggregated digital resource value, which is then stored in the blockchain. Users can send query requests to the blockchain through the dedicated client. After the blockchain verifies the user's cross-platform identity, it notifies the secure multi-party computation cluster to decrypt the encrypted aggregated digital resource value and return it to the dedicated client. Users can also initiate exchange requests through the dedicated client. The blockchain's smart contract verifies whether the aggregated digital resource value meets the exchange conditions. If the conditions are met, the exchange operation is executed and recorded on the blockchain.
[0048] The technical solutions of this application are described below through several embodiments. It should be understood that these embodiments can be implemented in many different forms and should not be construed as being limited to the embodiments set forth herein.
[0049] Example 1 Figure 2 A flowchart illustrating a digital resource processing method according to Embodiment 1 of this application is shown schematically.
[0050] like Figure 2 As shown, the digital resource processing method may include steps S100 to S106, wherein: Step S100: Receive the encrypted aggregated digital resource value of the target object, associate and store the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object, and generate the encrypted aggregated digital resource value by collaborative computation in ciphertext state by a secure multi-party computing cluster, which is composed of encrypted digital resource values provided by several platforms.
[0051] Step S102: Upon receiving a query request from the requester for the encrypted aggregated digital resource value and in the case that the requester is the holder of the target cross-platform identity, the encrypted aggregated digital resource value is retrieved.
[0052] Step S104: The retrieved encrypted aggregated digital resource value is sent to a secure multi-party computing cluster for collaborative decryption, so as to obtain the decrypted aggregated digital resource value and return it to the requester.
[0053] Step S106: In response to the requester's digital resource exchange request, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is performed.
[0054] The digital resource processing method provided in this embodiment receives the encrypted aggregated digital resource value of a target object and stores it in association with the target object's cross-platform identity. The encrypted aggregated digital resource value is generated by secure multi-party computation in ciphertext state from encrypted digital resource values provided by several platforms. When a query request for the encrypted aggregated digital resource value is received from a requester who is the holder of the target cross-platform identity, the encrypted aggregated digital resource value is retrieved and sent to a secure multi-party computation cluster for collaborative decryption. The decrypted aggregated digital resource value is then returned to the requester. In response to the requester's digital resource exchange request, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is executed. This method can aggregate the target object's digital resource values across multiple platforms in ciphertext state, achieving "data usable but invisible." It can also complete the query and exchange of digital resources according to the target object's request, breaking down data silos, enhancing the value of digital resources, and increasing users' enthusiasm for participating in platform activities to obtain more digital resources.
[0055] The following combination Figure 2 The steps in steps S100 to S106 and other optional steps are described in detail.
[0056] Step S100It receives the encrypted aggregated digital resource value of the target object, associates and stores the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object, and generates the encrypted aggregated digital resource value by collaborative computation in ciphertext state by a secure multi-party computing cluster, which provides encrypted digital resource values from several platforms.
[0057] The digital resource processing method of this application embodiment can be implemented by a blockchain; optionally, the digital resource processing method is applied to a consortium blockchain. In some other embodiments, the method can also be applied to the cloud. The following description uses a blockchain as an example.
[0058] Blockchain can trigger the aggregation of digital resource values for a target cross-platform identity based on preset conditions, such as a change in the digital resource value on a particular platform. After triggering, the blockchain can broadcast the computation task for the target cross-platform identity to various platforms, enabling each platform to send its encrypted digital resource value to a secure multi-party computation cluster for computation, resulting in the encrypted aggregated digital resource value of the target object. The secure multi-party computation cluster then sends the encrypted aggregated digital resource value back to the blockchain. Upon receiving the encrypted aggregated digital resource value, the blockchain associates and stores it with the target cross-platform identity. Each platform can use homomorphic encryption algorithms to encrypt its own digital resource value, allowing the secure multi-party computation cluster to compute the encrypted digital resource value provided by each platform in ciphertext, directly obtaining the encrypted aggregated digital resource value. The secure multi-party computation cluster can consist of several nodes, which can be independent of the consortium blockchain and the data provider.
[0059] The process of generating a target cross-platform identity can be as follows: A user generates a public-private key pair using a dedicated client with @did / ethr or a similar specification, based on elliptic curve cryptography (such as secp256k1). The hash of the public key (or a derived identifier based on it) is its globally unique DID, for example, did:privads:0xabc123..., where the private key is securely stored by the user.
[0060] Step S102 When a request for a query of the encrypted aggregated digital resource value is received from a requester and the requester is the holder of the target cross-platform identity, the encrypted aggregated digital resource value is retrieved.
[0061] The requester can be a dedicated client, through which users can initiate query requests for encrypted aggregated digital resources to the consortium blockchain. Upon receiving the query request, the consortium blockchain's smart contract can initiate verification of the requester's cross-platform identity to determine if the requester is the holder of the target cross-platform identity. If the requester is confirmed to be the holder of the target cross-platform identity, the encrypted aggregated digital resource value can be retrieved using the target cross-platform identity.
[0062] In optional embodiments, such as Figure 3 As shown, step S102 may further include: Step S200: Upon receiving a query request from the requester for the encrypted aggregated digital resource value, cross-platform authentication of the requester is triggered.
[0063] Step S202: Receive the first zero-knowledge proof submitted by the requester, and verify whether the requester is the holder of the target cross-platform identity based on the first zero-knowledge proof.
[0064] Step S204: If the verification is successful, retrieve the encrypted aggregated digital resource value based on the target cross-platform identity identifier.
[0065] Specifically, upon receiving a query request for a cryptographically aggregated digital resource value initiated by a requester through a dedicated client, the blockchain immediately triggers a cross-platform identity verification process to verify whether the requester is the legitimate holder of the target cross-platform identity. The dedicated client can generate a zero-knowledge proof about the target cross-platform identity and send the generated zero-knowledge proof to the blockchain. The process is as follows: a user initiates a query through the dedicated client, inputting their DID (i.e., the target cross-platform identity). The system (or smart contract) returns a random challenge. The dedicated client uses the private key bound to the DID to sign the challenge, generating a zero-knowledge proof ZKP_Owner, proving "I possess the private key corresponding to this DID" without revealing the private key. After receiving the zero-knowledge proof sent by the dedicated client, the blockchain verifies the validity of the zero-knowledge proof according to preset zero-knowledge proof verification rules to determine whether the requester is the holder of the target cross-platform identity. If the zero-knowledge proof verification passes, confirming the requester as the legitimate holder of the target cross-platform identity, the blockchain retrieves the corresponding cryptographically aggregated digital resource value based on the target cross-platform identity.
[0066] In this embodiment, cross-platform identity verification is performed on the requester before retrieving encrypted digital resource values, and zero-knowledge proof is used to complete the legality verification. This enables authorized access control of encrypted aggregated digital resource values without disclosing any user privacy information. This ensures that only legitimate holders can retrieve the corresponding data, improving system security, and is consistent with the overall privacy protection architecture, achieving dual protection of data security and identity privacy.
[0067] Step S104 The retrieved encrypted aggregated digital resource value is sent to a secure multi-party computing cluster for collaborative decryption, so that the decrypted aggregated digital resource value is returned to the requester.
[0068] The blockchain can send the retrieved encrypted aggregated digital resource value to a secure multi-party computation cluster. Nodes in the cluster that have reached a preset threshold collaboratively reconstruct the decryption private key. The encrypted aggregated digital resource value is then securely decrypted in a trusted execution environment, yielding the plaintext aggregated digital resource value, which is then returned to the requester. Optionally, the plaintext aggregated digital resource value can be returned to the requester via an encrypted communication channel. Furthermore, the temporarily reconstructed private key and the plaintext copy are immediately destroyed after decryption.
[0069] Step S106 In response to a request for digital resource exchange, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is performed.
[0070] In response to a digital resource exchange request, the blockchain obtains the decrypted aggregated digital resource value from the requester and the target resource value required for the exchange. It then determines whether the decrypted aggregated digital resource value is not less than the target resource value. If the exchange conditions are met, the blockchain's smart contract automatically executes the digital resource exchange operation. The exchange record is then linked to the requester's cross-platform identity and stored on the blockchain as evidence, ensuring the exchange process is traceable and tamper-proof. Upon receiving a digital resource exchange request, the blockchain can trigger a second decryption of the aggregated digital resource value to obtain the decrypted aggregated digital resource value, which is then compared with the target resource value to determine if the exchange conditions are met.
[0071] After the exchange, when deducting digital resources from various data providers, the deduction can be made in equal amounts or according to an agreed ratio. The specific settings can be made according to the actual situation, and there are no restrictions here.
[0072] In an optional embodiment, in step S200, the encrypted aggregated digital resource value of the target object is received, and the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity of the target object, such as... Figure 4 As shown, it may include: Step S300: Receive the encrypted aggregated digital resource value of the target object and the second zero-knowledge proof corresponding to the encrypted aggregated digital resource value. The second zero-knowledge proof is used to prove that the encrypted aggregated digital resource value conforms to the rules.
[0073] In step S302, if the second zero-knowledge proof is verified, the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity identifier, and a unique transaction hash is generated.
[0074] Specifically, after obtaining the encrypted aggregated digital resource value, the secure multi-party computation cluster can generate a second zero-knowledge proof for the computation process of the encrypted aggregated digital resource value. This proof demonstrates that the encrypted aggregated digital resource value was calculated from encrypted data resource values that conform to the rules. The secure multi-party computation cluster can then send the encrypted aggregated digital resource value and the second zero-knowledge proof to the blockchain. The blockchain can verify the received second zero-knowledge proof. If the verification is successful, the encrypted aggregated digital resource value and the target cross-platform identity identifier are written into a new block, and a unique transaction hash is generated. This transaction hash can serve as a globally trusted receipt for this aggregated computation.
[0075] In this embodiment, by receiving the encrypted aggregated digital resource value of the target object and the second zero-knowledge proof corresponding to the encrypted aggregated digital resource value, and if the second zero-knowledge proof is verified, the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity identifier, and a unique transaction hash is generated. The correctness of the aggregation calculation can be proved through the zero-knowledge proof, and a verifiable transaction hash can be generated to facilitate post-audit.
[0076] In some other possible embodiments, the blockchain employs a hybrid consensus mechanism combining authorization proof and practical Byzantine fault tolerance. Authorization proof is used to authorize access nodes to the secure multi-party computation cluster, while practical Byzantine fault tolerance is used for transaction confirmation. That is, the blockchain uses a hybrid consensus mechanism combining authorization proof and practical Byzantine fault tolerance. The authorization proof mechanism manages access authorization for nodes in the secure multi-party computation cluster, ensuring that only authorized nodes can participate in the blockchain's interaction and collaborative computation process, thus achieving trusted control over the computing nodes. The practical Byzantine fault tolerance mechanism completes transaction confirmation, data storage, and consensus verification on the blockchain, improving transaction processing efficiency and fault tolerance while ensuring the consistency of distributed nodes. The combination of these two mechanisms gives the blockchain advantages in both trusted node access and efficient transaction confirmation.
[0077] Example 2 Figure 5The diagram schematically illustrates a digital resource processing apparatus according to Embodiment 2 of this application. This apparatus can be divided into one or more program modules. One or more program modules are stored in a storage medium and executed by one or more processors to complete the embodiments of this application. The program module referred to in the embodiments of this application refers to a series of computer program instruction segments capable of performing a specific function. The following description will specifically introduce the functions of each program module in this embodiment. For example... Figure 5 As shown, the device 400 may include a receiving module 410, a retrieving module 420, a decryption module 430, and a redemption module 440, wherein: The receiving module 410 is used to receive and store the encrypted aggregated digital resource value of the target object, and associates and stores the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object. The encrypted aggregated digital resource value is generated by a secure multi-party computing cluster in ciphertext state through encrypted digital resource values provided by several platforms. The retrieval module 420 is used to retrieve the encrypted aggregated digital resource value when it receives a query request from a requester for the encrypted aggregated digital resource value and the requester is the holder of the target cross-platform identity. The decryption module 430 is used to send the retrieved encrypted aggregated digital resource value to the secure multi-party computing cluster for collaborative decryption, so as to obtain the decrypted aggregated digital resource value and return it to the requesting party. The exchange module 440 is used to respond to the digital resource exchange request from the requester and, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, execute the digital resource exchange operation.
[0078] In an optional embodiment, the retrieval module 420 is further configured to: Upon receiving a query request from a requester for the value of encrypted aggregated digital resources, cross-platform authentication of the requester is triggered. Receive the first zero-knowledge proof submitted by the requester, and verify whether the requester is the holder of the target cross-platform identity based on the first zero-knowledge proof; If the verification is successful, the encrypted aggregated digital resource value is retrieved based on the target cross-platform identity identifier.
[0079] In an optional embodiment, the receiving module 410 is further configured to: Receive the encrypted aggregated digital resource value of the target object and the second zero-knowledge proof corresponding to the encrypted aggregated digital resource value, wherein the second zero-knowledge proof is used to prove that the encrypted aggregated digital resource value conforms to the rules; If the second zero-knowledge proof is verified, the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity, and a unique transaction hash is generated.
[0080] Example 3 Figure 6 A flowchart illustrating a digital resource processing method according to Embodiment 3 of this application is shown schematically.
[0081] like Figure 6 As shown, the digital resource processing method may include steps S500 to S504, wherein: Step S500: Broadcast digital resource aggregation operation task to several platforms. The digital resource aggregation operation task includes the validity proof of the target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using homomorphic encryption algorithm.
[0082] The execution subject of the digital resource processing method in this application embodiment can be a secure multi-party computation cluster, wherein the secure multi-party computation cluster can be composed of several nodes, and the nodes can be nodes independent of the blockchain, the cloud and the data provider.
[0083] Secure multi-party computation clusters can broadcast digital resource aggregation tasks to platforms participating in the aggregation. Simultaneously, they can attach proof of the target cross-platform identity's validity. After verification, the platform returns an encrypted digital resource value corresponding to the target cross-platform identity. To enable the secure multi-party computation cluster to aggregate digital resource values in encrypted form, the encrypted digital resource values are obtained using a homomorphic encryption algorithm.
[0084] Step S502: Perform aggregation operation on the encrypted digital resource value to obtain the encrypted aggregated digital resource value, and generate a third zero-knowledge proof of the encrypted aggregated digital resource value to prove that the encrypted aggregated digital resource value conforms to the rules.
[0085] After receiving encrypted digital resource values submitted by multiple data providers, the secure multi-party computation cluster directly performs homomorphic addition operations in the ciphertext state. Without decryption or obtaining any plaintext digital resource values, it completes the ciphertext aggregation of encrypted digital resource values from multiple platforms, obtaining the corresponding encrypted aggregated digital resource value. This ensures that plaintext data is never exposed during the aggregation process. Simultaneously, the secure multi-party computation cluster generates a third-party zero-knowledge proof of the obtained encrypted aggregated digital resource value to demonstrate that its acquisition complies with relevant rules.
[0086] Step S504: Send the encrypted aggregated digital resource value and the third zero-knowledge proof to the cloud or blockchain so that the cloud or blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier in the case of the third zero-knowledge proof.
[0087] The secure multi-party computation cluster sends the generated encrypted aggregated digital resource value and third-party zero-knowledge proof to the cloud server or consortium blockchain. The cloud server or consortium blockchain, upon verification of the third-party zero-knowledge proof, associates and stores the encrypted aggregated digital resource value with a cross-platform identity identifier.
[0088] The digital resource processing method provided in this application broadcasts a digital resource aggregation operation task to several platforms. After the platform verifies the validity of the target cross-platform identity, it returns the encrypted digital resource value corresponding to the target cross-platform identity. The encrypted digital resource value is obtained using a homomorphic encryption algorithm. An encrypted aggregated digital resource value is obtained by aggregating the encrypted digital resource value, and a corresponding zero-knowledge proof is generated to prove that the encrypted aggregation conforms to the rules. The encrypted aggregated digital resource value and the zero-knowledge proof are sent to the cloud or blockchain. The cloud or blockchain can then associate and store the encrypted aggregated digital resource value and the target cross-platform identity if the zero-knowledge proof is verified. This method can achieve secure aggregation and trusted storage of cross-platform digital resources without decryption or exposure of plaintext data throughout the entire process. It not only ensures user privacy and data security, but also provides an immutable and traceable data foundation for subsequent query, verification, and exchange processes.
[0089] In optional embodiments, such as Figure 7 As shown, the digital resource processing method in this application embodiment may further include: Step S600: Receive the decryption request for the encrypted aggregated digital resource value, and reconstruct the secure multi-party computation private key of the encrypted aggregated digital resource value through nodes that have reached the threshold. The nodes are nodes of the secure multi-party computation cluster.
[0090] Step S602: Decrypt the encrypted aggregated digital resource value and destroy the secure multi-party computation private key in a trusted execution environment using the secure multi-party computation private key to obtain the aggregated digital resource value.
[0091] Step S604: Return the aggregated digital resource value through the encrypted communication channel.
[0092] Upon receiving a decryption request for an encrypted aggregated digital resource value, trusted nodes in the secure multi-party computation cluster that have reached a certain number threshold collaboratively reconstruct the secure multi-party computation private key for the corresponding encrypted aggregated digital resource value. Then, the secure multi-party computation private key is used to complete the decryption process of the encrypted aggregated digital resource value within a trusted execution environment. After decryption, the temporarily reconstructed secure multi-party computation private key is immediately destroyed, and the aggregated digital resource value in plaintext form is obtained. The aggregated digital resource value is then returned to the requester through an encrypted communication channel.
[0093] Understandably, the above scenario uses the MPC protocol. In scenarios involving a small number of nodes, the MPC protocol can be replaced by the obfuscated circuit protocol.
[0094] In this embodiment, by having qualified nodes in a secure multi-party computation cluster collaboratively reconstruct the private key and complete the decryption in a trusted execution environment, and by immediately destroying the private key after decryption, the leakage of the private key and the theft of plaintext data can be effectively prevented. Combined with the results returned by the encrypted channel, the controllable decryption of encrypted aggregated digital resource values can be achieved while ensuring the security and trustworthiness of the decryption process, thereby further improving the system's data privacy and operational security.
[0095] Example 4 Figure 8 The diagram schematically illustrates a block diagram of a digital resource processing apparatus according to Embodiment 4 of this application. This apparatus can be divided into one or more program modules. One or more program modules are stored in a storage medium and executed by one or more processors to complete the embodiments of this application. The program module referred to in the embodiments of this application refers to a series of computer program instruction segments capable of performing a specific function. The following description will specifically introduce the functions of each program module in this embodiment. For example... Figure 8 As shown, the device 700 may include a broadcast module 710, an aggregation module 720, and a transmission module 730, wherein: The receiving module 710 is used to broadcast a digital resource aggregation operation task to several platforms. The digital resource aggregation operation task includes a validity proof of a target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using a homomorphic encryption algorithm. The aggregation module 720 is used to perform aggregation operations based on the encrypted digital resource value to obtain an encrypted aggregated digital resource value, and generate a third zero-knowledge proof of the encrypted aggregated digital resource value to prove that the encrypted aggregated digital resource value conforms to the rules. The sending module 730 is used to send the encrypted aggregated digital resource value and the third zero-knowledge proof to the cloud or the blockchain, so that the cloud or the blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier through the third zero-knowledge proof.
[0096] In an optional embodiment, the device 700 is further used for: Receive the decryption request of the encrypted aggregated digital resource value, and reconstruct the secure multi-party computation private key of the encrypted aggregated digital resource value through nodes that have reached a threshold. The nodes are nodes of the secure multi-party computation cluster. The encrypted aggregated digital resource value is decrypted and destroyed in a trusted execution environment using the secure multi-party computation private key, thus obtaining the aggregated digital resource value. The aggregated digital resource value is returned via an encrypted communication channel.
[0097] Example 5 Figure 9 A flowchart illustrating a digital resource processing method according to Embodiment 3 of this application is shown schematically.
[0098] like Figure 9 As shown, the digital resource processing method may include steps S800~S804, wherein: Step S800: Receive the broadcast digital resource aggregation operation task. The digital resource aggregation operation task includes the validity proof of the target cross-platform identity, the target cross-platform identity belonging to the target object, the correspondence between the target cross-platform identity and the target object's local encrypted digital resource value on this platform, and the local encrypted digital resource value being obtained by encrypting it using a homomorphic encryption algorithm.
[0099] The entity executing the digital resource processing method in this application embodiment can be a platform.
[0100] The platform can receive digital resource aggregation computing tasks broadcast by a secure multi-party computing cluster, along with proof of the validity of the target cross-platform identity.
[0101] Step S802: If the validity proof is verified, obtain the local encrypted digital resource value based on the correspondence.
[0102] The platform can verify the validity of the proof. If the verification is successful, the platform can obtain the local encrypted digital resource value of the target queue on the platform based on the correspondence between the target cross-platform identity and the target object's local encrypted digital resource value on the platform.
[0103] Step S804: Send the local encrypted digital resource value to the secure multi-party computing cluster, so that the secure multi-party computing cluster can perform encrypted collaborative computing based on the local encrypted digital resource value and the encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and record the encrypted aggregated digital resource value to the cloud or blockchain.
[0104] After obtaining the local encrypted digital resource value of the target object, the platform sends it to a secure multi-party computing cluster. The secure multi-party computing cluster performs encrypted collaborative computation on the encrypted digital resource values provided by multiple platforms, and aggregates them without decryption to obtain the encrypted aggregated digital resource value of the target object. The encrypted aggregated digital resource value is then recorded in the cloud or on the blockchain.
[0105] The digital resource processing method provided in this application receives a broadcast digital resource aggregation operation task. After verifying the validity of the target cross-platform identity, it obtains the local encrypted digital resource value and sends it to a secure multi-party computing cluster to aggregate encrypted digital resource values provided by other platforms. After aggregation, the value is recorded in the blockchain or cloud. Homomorphic encryption algorithms can be used to achieve the aggregation of digital resource values without decryption, thereby effectively protecting the data privacy of the target object while realizing cross-platform aggregation of digital resources.
[0106] In optional embodiments, such as Figure 10 As shown, the digital resource processing method in this application embodiment may further include: Step S900: Receive the fourth zero-knowledge proof sent by the dedicated client. The fourth zero-knowledge proof is used to prove that the target object is the holder of the target cross-platform identity.
[0107] Step S902: If the verification of the fourth zero knowledge is successful, generate a platform anonymous ID based on the target cross-platform identity.
[0108] Correspondingly, in step S802, the local encrypted digital resource value is obtained based on this correspondence, such as... Figure 11 As shown, it may include: Step S1000: Determine the anonymous ID of the target object on this platform based on the validity proof.
[0109] Step S1002: Obtain the local encrypted digital resource value based on the anonymous ID of this platform.
[0110] The platform first receives a fourth zero-knowledge proof sent by a dedicated client. This proof serves as the core evidence for the target object to claim ownership of the target cross-platform identity (DID). The platform will verify the validity of this proof according to the system's pre-defined zero-knowledge proof verification rules. If the verification passes, the platform will combine this proof with its own salt value and perform an irreversible hash operation on the target cross-platform identity associated with the fourth zero-knowledge proof to generate a unique, corresponding anonymous platform ID. This completes the mapping between the target object's cross-platform anonymous identity and its local platform identifier. For example, PID_A = Hash(DID||“Platform_A_Salt”), where PID_A is the anonymous ID of platform A, and Platform_A_Salt represents the exclusive salt value of platform A.
[0111] After the system initiates the cross-platform encrypted digital resource value aggregation calculation task, the platform receives a validity certificate issued by the coordinator. This certificate contains a compliant target cross-platform identity identifier and the issuance signature of a trusted node on the chain. The platform first verifies the validity certificate to confirm the legality and validity of the target cross-platform identity identifier. Then, following the same algorithm rules as the platform's anonymous ID generation, the platform performs a hash operation on the target cross-platform identity identifier in the certificate and the platform's exclusive salt value to generate a platform anonymous ID that matches the target object, thereby determining the platform anonymous ID.
[0112] Based on the identified target object's anonymous ID, the platform will use this as a search keyword to access the platform's local encrypted behavior data storage module, initiate a targeted search request, and extract the local encrypted digital resource value associated with the platform's anonymous ID from the local encrypted storage repository.
[0113] In this embodiment, when the target object is proven to be the holder of the target cross-platform identity through zero-knowledge proof, a platform anonymous ID is generated based on the target cross-platform identity identifier and the local platform salt value. When obtaining the local encrypted digital resource value, the local platform anonymous ID of the target object is determined based on the validity proof. The local encrypted digital resource value is obtained based on the local platform anonymous ID. By verifying the validity proof issued by the trusted chain and using the unified algorithm rules to generate a matching local platform anonymous ID, the compliance of the target cross-platform identity identifier is verified from the source of identity, and the consistency and uniqueness of the generated local platform anonymous ID are guaranteed. This achieves accurate and secure determination of the target object's local platform anonymous ID under the aggregation computing task, while avoiding the leakage and parsing of the target cross-platform identity identifier.
[0114] In optional embodiments, such as Figure 12 As shown, the digital resource processing method in this application embodiment may further include: Step S1100: Calculate the local digital resource value of the target object based on the target object's behavior data on the platform.
[0115] Step S1102: Generate a target feature vector based on behavioral data and local digital resource values.
[0116] Step S1104: Obtain the pre-configured privacy budget and generate a noise vector based on the privacy budget.
[0117] Step S1106: Calculate the noise vector based on the noise vector and the target feature vector.
[0118] Step S1108: Encrypt the local ciphertext data using a homomorphic encryption algorithm based on the noise vector, and store the local ciphertext data, which includes the local encrypted digital resource value.
[0119] The platform first performs quantitative calculations based on the target object's behavioral data such as ad clicks and views generated on the platform, according to the system's preset digital resource conversion rules, to obtain the local digital resource value corresponding to the target object, and then combines the behavioral data to generate a structured target feature vector.
[0120] The platform then retrieves the privacy budget parameters pre-configured for the target object. These parameters can be set by the user and stored locally on the platform. Based on this privacy budget, the platform uses a Laplace noise model and a preset algorithm to generate a noise vector that matches the dimension of the target feature vector. The noise vector is then added to the target feature vector along with the target feature vector in the corresponding dimension to calculate the noisy feature vector. In some other possible embodiments, Laplace noise can be replaced with Gaussian noise.
[0121] Finally, based on the generated noisy vector, the platform performs encryption using a homomorphic encryption algorithm to generate corresponding local ciphertext data. This ciphertext data contains the encrypted local digital resource value. The platform uniquely associates the encrypted local ciphertext data with the target object's anonymous ID on the platform and stores it in the platform's local encrypted behavior data storage module. The homomorphic encryption algorithm can be either Paillier or ElGamal. Paillier can be used for addition scenarios, while ElGamal can be used for multiplication scenarios.
[0122] In the case of using the Paillier homomorphic encryption algorithm, the system also includes dynamic adjustment of the privacy budget used by the Paillier homomorphic encryption algorithm. Dynamic privacy budget adjustment includes both static and dynamic privacy budget modes. During system initialization, either static (which can be the default) or dynamic privacy budget mode can be selected; these two modes are mutually exclusive. In static privacy budget mode, the privacy budget ε value (ε_user∈[0.1,10]) set by the user upon initial authorization is valid for one year, and historical data does not change with ε adjustment. In dynamic privacy budget mode, the user can reset the ε value before each query; higher privacy requirements correspond to smaller ε values with greater noise, while lower privacy requirements correspond to larger ε values with higher integration accuracy. Each data provider needs to recalibrate the original behavioral data using a weighted noise compensation algorithm. This recalibration only applies to newly generated ciphertext data and is suitable for scenarios prioritizing privacy flexibility.
[0123] In this embodiment, a local digital resource value is calculated based on the target object's behavioral data on the platform to generate a feature vector. A noise vector is generated based on a privacy budget. A noisy vector is generated based on the noise vector and the feature vector. The noisy vector is then encrypted using a homomorphic encryption algorithm to obtain and store local ciphertext data. This achieves full-process local processing from target object behavioral data to local ciphertext data. It not only completes the standardized feature transformation of behavioral data, but also achieves privacy protection of the data source through differential privacy noise addition and homomorphic encryption. At the same time, the ciphertext data is associated with the anonymous ID of this platform to ensure that the original plaintext data is not exposed to the outside world throughout the process. This provides compliant, secure and uniformly formatted ciphertext input data for subsequent multi-party collaborative encrypted calculations.
[0124] To make this application easier to understand, the following uses digital resources as points and behavioral data as ad-viewing behavior as an example, combined with... Figure 13 , 14 Example illustrations are provided for 15.
[0125] like Figure 13 As shown, the digital resource processing method in this application embodiment may include the following: 1. Users engage in advertising activities across multiple platforms; 2. Points are calculated and encrypted locally on each platform; 3. Users can submit cross-platform points query requests through the APP (dedicated APP); 4. The app generates a zero-knowledge proof of a cross-platform identity identifier (DID) to prove that the user owns a certain DID; 5. The system verifies the validity of the proof; 6. If the verification is successful, retrieve the total encrypted points from the blockchain; 7. Decrypt the total score locally using a secure multi-party computation cluster, and return the decrypted total score to the APP; 8. User initiates points redemption; 9. The smart contract verifies whether the user's points balance is sufficient; 10. If there is sufficient balance, complete the points redemption and record it on the blockchain.
[0126] like Figure 14 As shown, digital resource processing methods can include an application layer, a protocol layer, a computing layer, and a storage layer: 1. Application Layer: Points Redemption Management Platform: Provides points redemption management functions, allowing users to redeem points through the platform.
[0127] Advertising Platform Points Client SDK: A software development kit for advertising platforms, facilitating the integration of points-related functions, such as points distribution, into the advertising platform.
[0128] User Points Inquiry Terminal APP: A mobile application used by users to check their points information.
[0129] 2. Computation Layer (closely related to the protocol layer): MPC (Secure Multi-Party Computation) compute node cluster: A cluster of multiple compute nodes used to perform secure multi-party computation tasks, ensuring that computation is completed without the disclosure of private data by the participating parties.
[0130] Zero-knowledge proof generator: Responsible for generating zero-knowledge proofs to verify the correctness of data without revealing the specific data content.
[0131] Homomorphic encryption service: Provides homomorphic encryption-related services, allowing computation on encrypted data without prior decryption.
[0132] 3. Protocol layer: Blockchain Evidence Storage Protocol: Used to store records of points-related operations on the blockchain to ensure that the data is immutable and traceable.
[0133] MPC Integral Calculation Protocol: Defines how to perform integral calculations using secure multi-party computation techniques to ensure the security and privacy of the calculation process.
[0134] Cross-platform DID (Decentralized Identity) protocol: Enables decentralized identity identification and management across platforms, ensuring consistency of user identity across different platforms.
[0135] 4. Storage layer: Consortium Blockchain Network: As the underlying storage infrastructure, it is used to store transaction records and evidence information related to points, ensuring the transparency and immutability of the data.
[0136] Encrypted behavioral data storage: Stores encrypted behavioral data to protect user privacy.
[0137] Zero-knowledge proof library: Stores the generated zero-knowledge proofs for subsequent verification operations.
[0138] like Figure 15 As shown, digital resource processing methods can generally include several major components: identity anonymization and association, local encryption of behavioral data, secure multi-party computation aggregation, blockchain-based evidence storage and verification, and privacy-preserving points-based querying. 1. Identity anonymization association: The system will anonymize the user's real identity information, generating an identifier that is related to the user's identity but cannot be directly traced back to the real identity (such as the anonymous ID mentioned earlier on this platform). In this way, the user's real identity is protected in subsequent points management and data processing, ensuring that user privacy is not leaked.
[0139] 2. Local encryption of behavioral data: After completing the identity anonymization and association, the system performs local encryption on the user's behavioral data. Behavioral data may include various user operation records, transaction information, etc. Local encryption means that the data is encrypted at its source of generation or collection; only authorized systems or processes with the corresponding decryption keys can decrypt and view the data content, further ensuring data security during transmission and storage.
[0140] 3. Secure multi-party computation aggregation: Encrypted behavioral data participates in secure multi-party computation (MPC). Secure MPC allows multiple participants to collaboratively complete a computational task without revealing their private data. In a points management system, multiple platforms or data sources may jointly aggregate and calculate encrypted behavioral data, such as calculating a user's total points or summarizing points across platforms, while ensuring that each participant's data privacy is not accessed by other parties.
[0141] 4. Blockchain-based evidence storage and verification: Calculation results and related operation records are stored on the blockchain for evidence preservation. The immutability and traceability of the blockchain ensure a high degree of trustworthiness for this data. Simultaneously, the system can perform verification operations to ensure the authenticity and integrity of the stored data. For example, it can verify the accuracy of the score calculation and confirm that the data has not been tampered with.
[0142] 5. Privacy Protection Points Inquiry: Users can securely query their points information while protecting their privacy. The system ensures that sensitive user information is not leaked during the query process through previously established anonymization mechanisms, encryption technology, and blockchain notarization.
[0143] Example 6 Figure 16 The diagram schematically illustrates a digital resource processing apparatus according to Embodiment Six of this application. This apparatus can be divided into one or more program modules. One or more program modules are stored in a storage medium and executed by one or more processors to complete the embodiments of this application. The program module referred to in the embodiments of this application refers to a series of computer program instruction segments capable of performing a specific function. The following description will specifically introduce the functions of each program module in this embodiment. For example... Figure 16 As shown, the device 1200 may include a receiving module 1210, an acquiring module 1220, and a transmitting module 1230, wherein: The receiving module 1210 is used to receive a broadcast digital resource aggregation operation task. The digital resource aggregation operation task includes a validity proof of a target cross-platform identity. The target cross-platform identity belongs to a target object. The target cross-platform identity corresponds to the target object's local encrypted digital resource value on this platform. The local encrypted digital resource value is obtained by encrypting it using a homomorphic encryption algorithm. The acquisition module 1220 is used to acquire the local encrypted digital resource value based on the target cross-platform identity and the corresponding relationship, provided that the validity proof has been verified. The sending module 1230 is used to send the local encrypted digital resource value to a secure multi-party computing cluster, so that the secure multi-party computing cluster can perform encrypted collaborative computing based on the local encrypted digital resource value and encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and record the encrypted aggregated digital resource value to the cloud or blockchain.
[0144] In an optional embodiment, the device 1200 is further used for: Receive a fourth zero-knowledge proof sent by a dedicated client, the fourth zero-knowledge proof being used to prove that the target object is the holder of the target cross-platform identity; If the verification of the fourth zero knowledge is successful, the anonymous ID of the platform is generated based on the target cross-platform identity and the salt value of this platform; Correspondingly, the acquisition module 1220 is also used for: Based on the validity proof, determine the anonymous ID of the target object on this platform; The local encrypted digital resource value is obtained based on the anonymous ID of this platform.
[0145] In an optional embodiment, the device 1200 is further used for: The local digital resource value of the target object is calculated based on the target object's behavioral data on the platform. A target feature vector is generated based on the behavioral data and the local digital resource values; Obtain a pre-configured privacy budget, and generate a noise vector based on the privacy budget; The noise vector is calculated based on the noise vector and the target feature vector; The local ciphertext data is obtained and stored by encrypting the noise vector using a homomorphic encryption algorithm, and the local ciphertext data includes the local encrypted digital resource value.
[0146] Example 7 Figure 17 This illustration schematically depicts the hardware architecture of a computer device 10000 suitable for implementing a digital resource processing method according to Embodiment 3 of this application. In some embodiments, the computer device 10000 may be a terminal device such as a smartphone, wearable device, tablet computer, personal computer, in-vehicle terminal, game console, virtual device, workbench, digital assistant, set-top box, or robot. In other embodiments, the computer device 10000 may be a rack server, blade server, tower server, or cabinet server (including standalone servers or server clusters composed of multiple servers), etc. Figure 17 As shown, the computer device 10000 includes, but is not limited to: a memory 10010, a processor 10020, and a network interface 10030 that can communicate and be linked with each other via a system bus. Wherein: The memory 10010 includes at least one type of computer-readable storage medium, including flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the memory 10010 may be an internal storage module of a computer device 10000, such as the hard disk or memory of the computer device 10000. In other embodiments, the memory 10010 may also be an external storage device of the computer device 10000, such as a plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, etc., equipped on the computer device 10000. Of course, the memory 10010 may also include both the internal storage module and the external storage device of the computer device 10000. In this embodiment, the memory 10010 is typically used to store the operating system and various application software installed on the computer device 10000, such as program code for digital resource processing methods. Furthermore, the memory 10010 can also be used to temporarily store various types of data that have already been output or will be output.
[0147] In some embodiments, processor 10020 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other chip. Processor 10020 is typically used to control the overall operation of computer device 10000, such as performing control and processing related to data interaction or communication with computer device 10000. In this embodiment, processor 10020 is used to run program code stored in memory 10010 or process data.
[0148] Network interface 10030 may include a wireless network interface or a wired network interface, which is typically used to establish a communication link between computer device 10000 and other computer devices. For example, network interface 10030 is used to connect computer device 10000 to an external terminal via a network, establishing a data transmission channel and communication link between computer device 10000 and the external terminal. The network may be an intranet, the Internet, Global System for Mobile Communication (GSM), Wideband Code Division Multiple Access (WCDMA), 4G network, 5G network, Bluetooth, Wi-Fi, or other wireless or wired networks.
[0149] It should be pointed out that, Figure 17 Only computer devices with components 10010-10030 are shown; however, it should be understood that it is not required to implement all of the shown components, and more or fewer components may be implemented instead.
[0150] In this embodiment, the digital resource processing method stored in memory 10010 can also be divided into one or more program modules and executed by one or more processors (such as processor 10020) to complete the embodiments of this application.
[0151] Example 8 This application also provides a computer-readable storage medium storing a computer program thereon, wherein the computer program, when executed by a processor, implements the steps of the digital resource processing method in the embodiments.
[0152] In this embodiment, the computer-readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the computer-readable storage medium may be an internal storage unit of a computer device, such as the hard disk or memory of the computer device. In other embodiments, the computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, etc., equipped on the computer device. Of course, the computer-readable storage medium may include both the internal storage unit and the external storage device of the computer device. In this embodiment, the computer-readable storage medium is typically used to store the operating system and various application software installed on the computer device, such as the program code of the digital resource processing method in the embodiment. In addition, the computer-readable storage medium can also be used to temporarily store various types of data that have been output or will be output.
[0153] Example 9 This application also provides a computer program product, including a computer program that, when executed by a processor, implements the methods described in the above embodiments.
[0154] Obviously, those skilled in the art should understand that the modules or steps of the embodiments of this application described above can be implemented using general-purpose computer devices. They can be centralized on a single computer device or distributed across a network of multiple computer devices. Optionally, they can be implemented using computer-executable program code, thereby storing them in a storage device for execution by a computer device. In some cases, the steps shown or described can be performed in a different order than those presented here, or they can be fabricated as separate integrated circuit modules, or multiple modules or steps can be fabricated as a single integrated circuit module. Thus, the embodiments of this application are not limited to any particular combination of hardware and software.
[0155] It should be noted that the above are merely preferred embodiments of this application and do not limit the scope of patent protection of this application. Any equivalent structural or procedural changes made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the scope of patent protection of this application.
Claims
1. A digital resource processing method, characterized in that, The method includes: Receive the encrypted aggregated digital resource value of the target object, associate and store the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object, the encrypted aggregated digital resource value is generated by the encrypted digital resource value provided by several platforms through the collaborative computation of a secure multi-party computing cluster in ciphertext state; Upon receiving a query request from a requester for the encrypted aggregated digital resource value and confirming that the requester is the holder of the target cross-platform identity, the encrypted aggregated digital resource value is retrieved. The retrieved encrypted aggregated digital resource value is sent to the secure multi-party computing cluster for collaborative decryption, so that the decrypted aggregated digital resource value is returned to the requesting party. In response to the requester's digital resource exchange request, when it is determined that the decrypted aggregated digital resource value meets the exchange conditions, the digital resource exchange operation is performed.
2. The method according to claim 1, characterized in that, The step of retrieving the encrypted aggregated digital resource value upon receiving a query request from a requester for the encrypted aggregated digital resource value and confirming that the requester is the holder of the target cross-platform identity is included: Upon receiving a query request from a requester for the value of encrypted aggregated digital resources, cross-platform authentication of the requester is triggered. Receive the first zero-knowledge proof submitted by the requester, and verify whether the requester is the holder of the target cross-platform identity based on the first zero-knowledge proof; If the verification is successful, the encrypted aggregated digital resource value is retrieved based on the target cross-platform identity identifier.
3. The method according to claim 2, characterized in that, The step of receiving the encrypted aggregated digital resource value of the target object and associating and storing the encrypted aggregated digital resource value with the target cross-platform identity of the target object includes: Receive the encrypted aggregated digital resource value of the target object and the second zero-knowledge proof corresponding to the encrypted aggregated digital resource value, wherein the second zero-knowledge proof is used to prove that the encrypted aggregated digital resource value conforms to the rules; If the second zero-knowledge proof is verified, the encrypted aggregated digital resource value is associated with and stored with the target cross-platform identity, and a unique transaction hash is generated.
4. A digital resource processing method, characterized in that, The method includes: A digital resource aggregation operation task is broadcast to several platforms. The digital resource aggregation operation task includes a validity proof of a target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using a homomorphic encryption algorithm. An aggregation operation is performed on the encrypted digital resource value to obtain an encrypted aggregated digital resource value, and a third zero-knowledge proof of the encrypted aggregated digital resource value is generated to prove that the encrypted aggregated digital resource value conforms to the rules. The encrypted aggregated digital resource value and the third zero-knowledge proof are sent to the cloud or blockchain so that the cloud or blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier in the case of the third zero-knowledge proof.
5. The method according to claim 4, characterized in that, The method further includes: Receive the decryption request of the encrypted aggregated digital resource value, and reconstruct the secure multi-party computation private key of the encrypted aggregated digital resource value through nodes that have reached a threshold. The nodes are nodes of the secure multi-party computation cluster. The encrypted aggregated digital resource value is decrypted and destroyed in a trusted execution environment using the secure multi-party computation private key, thus obtaining the aggregated digital resource value. The aggregated digital resource value is returned via an encrypted communication channel.
6. A digital resource processing method, characterized in that, The method includes: The digital resource aggregation operation task received by the broadcast includes the validity proof of the target cross-platform identity, the target cross-platform identity belongs to the target object, the target cross-platform identity corresponds to the local encrypted digital resource value of the target object on this platform, and the local encrypted digital resource value is obtained by encrypting it through a homomorphic encryption algorithm; If the validity proof is verified, the local encrypted digital resource value is obtained based on the correspondence. The local encrypted digital resource value is sent to a secure multi-party computing cluster, which then performs encrypted collaborative computation based on the local encrypted digital resource value and encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and records the encrypted aggregated digital resource value to the cloud or blockchain.
7. The method according to claim 6, characterized in that, The method further includes: Receive a fourth zero-knowledge proof sent by a dedicated client, the fourth zero-knowledge proof being used to prove that the target object is the holder of the target cross-platform identity; If the verification of the fourth zero knowledge is successful, the anonymous ID of the platform is generated based on the target cross-platform identity and the salt value of this platform; Correspondingly, obtaining the local encrypted digital resource value based on the correspondence includes: Based on the validity proof, determine the anonymous ID of the target object on this platform; The local encrypted digital resource value is obtained based on the anonymous ID of this platform.
8. The method according to claim 7, characterized in that, The method further includes: The local digital resource value of the target object is calculated based on the target object's behavioral data on the platform. A target feature vector is generated based on the behavioral data and the local digital resource values; Obtain a pre-configured privacy budget, and generate a noise vector based on the privacy budget; The noise vector is calculated based on the noise vector and the target feature vector; The local ciphertext data is obtained and stored by encrypting the noise vector using a homomorphic encryption algorithm, and the local ciphertext data includes the local encrypted digital resource value.
9. A digital resource processing device, characterized in that, include: The receiving module is used to receive and store the encrypted aggregated digital resource value of the target object, and associate the encrypted aggregated digital resource value with the target cross-platform identity identifier of the target object. The encrypted aggregated digital resource value is generated by the collaborative computation of encrypted digital resource values provided by several platforms in a secure multi-party computing cluster in ciphertext state. The retrieval module is used to retrieve the encrypted aggregated digital resource value when it receives a query request from a requester for the encrypted aggregated digital resource value and the requester is the holder of the target cross-platform identity. The decryption module is used to send the retrieved encrypted aggregated digital resource value to the secure multi-party computing cluster for collaborative decryption, so as to obtain the decrypted aggregated digital resource value and return it to the requesting party. The exchange module is used to respond to the digital resource exchange request from the requester, and to perform the digital resource exchange operation when it is determined that the decrypted aggregated digital resource value meets the exchange conditions.
10. A digital resource processing device, characterized in that, include: The broadcast module is used to broadcast digital resource aggregation operation tasks to several platforms. The digital resource aggregation operation tasks include a validity proof of a target cross-platform identity, so that the platform can return the encrypted digital resource value corresponding to the target cross-platform identity after verifying the validity proof. The encrypted digital resource value is ciphertext data obtained by using a homomorphic encryption algorithm. The aggregation module is used to perform aggregation operations on the encrypted digital resource value to obtain an encrypted aggregated digital resource value, and generate a third zero-knowledge proof of the encrypted aggregated digital resource value to prove that the encrypted aggregated digital resource value conforms to the rules. The sending module is used to send the encrypted aggregated digital resource value and the third zero-knowledge proof to the cloud or the blockchain, so that the cloud or the blockchain can associate and store the encrypted aggregated digital resource value and the target cross-platform identity identifier through the third zero-knowledge proof.
11. A digital resource processing device, characterized in that, include: The receiving module is used to receive broadcast digital resource aggregation operation tasks. The digital resource aggregation operation tasks include the validity proof of the target cross-platform identity, the target cross-platform identity belongs to the target object, the target cross-platform identity corresponds to the local encrypted digital resource value of the target object on this platform, and the local encrypted digital resource value is obtained by encrypting it using a homomorphic encryption algorithm. The acquisition module is used to acquire the local encrypted digital resource value based on the target cross-platform identity and the corresponding relationship, provided that the validity proof has been verified. The sending module is used to send the local encrypted digital resource value to a secure multi-party computing cluster, so that the secure multi-party computing cluster can perform encrypted collaborative computing based on the local encrypted digital resource value and encrypted digital resource values provided by other platforms to obtain the encrypted aggregated digital resource value of the target object, and record the encrypted aggregated digital resource value to the cloud or blockchain.
12. A computer device, characterized in that, include: At least one processor; and A memory communicatively connected to the at least one processor; wherein: The memory stores instructions that can be executed by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 8.
13. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that, when executed by a processor, implement the method as described in any one of claims 1 to 8.
14. A computer program product, comprising a computer program, characterized in that, When executed by a processor, the computer program implements the steps of the method according to any one of claims 1 to 8.