A method and system for preventing context poisoning based on multi-agent cooperation

Abstract

This invention relates to the field of multi-agent system technology, specifically to a method for preventing context poisoning based on multi-agent collaboration. The method includes: an agent service provider creating an AgentCard and initiating a first blockchain transaction, recording relevant information of the AgentCard on the first blockchain; the agent service provider uploading the AgentCard to a decentralized file system and returning a first content identifier; the client's knowledge base owner preprocessing the original text to generate a set of text blocks, generating a Merkle path proof corresponding to each text block based on a Merkle tree; the first agent using a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block, sending the verification result to a second agent, and cross-validating the verification result. This invention innovatively provides a complete technical path for defending against context poisoning attacks, providing a key technical foundation for realizing a large-scale, open, and trustworthy distributed agent collaborative network.

Description

Technical Field

[0001] This invention relates to the field of multi-agent collaboration technology, and specifically to a method and system for preventing contextual poisoning based on multi-agent collaboration. Background Technology

[0002] In the field of distributed artificial intelligence and multi-agent systems, trusted communication and collaboration among agents are crucial for achieving complex tasks. Although interoperability frameworks such as Agent2Agent (A2A) protocols have solved the basic discovery and identity assertion problems of agents by introducing agent card mechanisms and user decentralized identifiers (DIDs), after agent discovery and authentication, business data collaboration among agents becomes the core. However, existing technologies almost entirely focus on security at the agent identity level, while seriously neglecting security threats at the data content level. Current multi-agent communication protocols lack mechanisms to guarantee the authenticity, integrity, and trustworthiness of the data content itself flowing between agents.

[0003] Specifically, when agent A retrieves information from a knowledge base and transmits it to agent B, or when agent C provides decision-making support to agent D, existing technologies cannot solve the following problems: 1) Context poisoning attack: Malicious agents or contaminated knowledge bases can provide seemingly legitimate but false data, such as incorrect security guidelines or forged financial information, thereby systematically misleading the decisions and behaviors of downstream agents; 2) Data tracing and integrity verification: The receiving agent cannot verify whether the data it receives actually comes from its claimed, credible source, and cannot confirm whether the data has been tampered with by any intermediary during transmission or caching; 3) Malicious behavior tracing and containment: Once a data poisoning attack occurs, the system lacks an effective mechanism to quickly and accurately locate the malicious data source and cannot form effective isolation at the network level, leading to the continuous spread of the attack's impact.

[0004] The invention patent with publication number CN121309000A discloses a method and system for generating and distributing batch digital certificates associated with marketing activities, which realizes efficient generation, trusted distribution and privacy-protected verification of batch certificates. The invention patent with publication number CN120729600A discloses a method and system for secure sharing of privacy data based on blockchain. This technical solution can effectively realize dynamic and fine-grained control of privacy data access permissions while maintaining the essential advantage of the immutability of blockchain. Therefore, the above two existing technologies mainly consider the privacy and access issues of data, but still cannot solve the problem that the data content itself may have problems that cannot be detected when data is transmitted between intelligent agents. Summary of the Invention

[0005] Purpose of the invention: In order to overcome the shortcomings of the prior art, the present invention provides a method for preventing context poisoning based on multi-agent cooperation, which solves the technical problems pointed out in the background art. The present invention also provides a system for preventing context poisoning based on multi-agent cooperation.

[0006] Technical solution: According to a first aspect of the present invention, a method for preventing context poisoning based on multi-agent cooperation is provided, the method comprising: The intelligent agent service provider creates an AgentCard and initiates a first blockchain transaction, recording the relevant information of the AgentCard on the first blockchain. The intelligent agent service provider then uploads the AgentCard to a decentralized file system and returns a first content identifier. The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, verify the authenticity of the obtained AgentCard, and if successful, the client connects with the current intelligent agent. The knowledge base owner of the client preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the text block set, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

[0007] Furthermore, including: The intelligent agent service provider creates an AgentCard and initiates the first blockchain transaction, including: The agent service provider generates a public-private key pair in asymmetric cryptography, wherein the private key is kept by the agent service provider and the public key is used to generate a unique blockchain address for the first blockchain; and calculates the cryptographic hash value of the AgentCard; The registration method in the agent registration smart contract deployed on the first blockchain is invoked to bind the generated blockchain address with the cryptographic hash value and record it on the first blockchain.

[0008] Furthermore, including: The process of obtaining the corresponding AgentCard and verifying the authenticity of the obtained AgentCard includes: The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard; The client uses the blockchain address to query the query method in the agent registration smart contract and obtains the official registration hash value corresponding to the blockchain address from the first blockchain. The client obtains the AgentCard from the decentralized file system or its public gateway, calculates the cryptographic hash value of the AgentCard, and compares the official registration hash value with the calculated hash value. If the two hash values ​​are completely identical, the verification is successful, proving that the AgentCard is authentic. The client then establishes a trusted connection with the corresponding agent based on the information in the card. If the two hash values ​​are inconsistent, the verification fails, and the client terminates the connection and issues an alarm.

[0009] Furthermore, including: The process of constructing a Merkle tree from the hash set generated based on the text block set, and generating a Merkle path proof corresponding to each text block based on the Merkle tree, includes: The preprocessed text block set is uploaded to the decentralized file system to generate a second content identifier, which represents the storage address of the entire text block set on the decentralized file system. Calculate the corresponding cryptographic hash value for each text block, denoted as the first text hash value, and construct a Merkle tree using the formed hash set, where the first text hash value in the hash set serves as the leaf node of the Merkle tree, and generate the corresponding first Merkle path proof for each text block based on the Merkle tree.

[0010] Furthermore, including: Before the first agent that has successfully connected with the client verifies the validity of the Merkel path proof corresponding to each text block using a retrieval-enhanced generation system, on-chain registration is also included, specifically: The knowledge base owner initiates a second blockchain transaction, registering the root hash, second content identifier, and registration timestamp corresponding to the Merkle tree on the second blockchain, and storing the verification value of the association information between the Merkle path proof corresponding to each text block and the text block itself on the second blockchain. If the verification value is one, it means that the Merkle path proof is associated with the text block itself; otherwise, if the verification value is zero, it means that the Merkle path proof is not associated with the text block itself.

[0011] Furthermore, including: The first agent, which has successfully connected with the client, uses a retrieval-enhanced generation system to verify the validity of the Merkel path proof corresponding to each text block, and sends the verification result to the second agent, including: The first intelligent agent initiates a text query to the local retrieval enhancement generation system and obtains the results of several text blocks; The results returned by the local retrieval enhancement generation system include: the text content of each text block, the second text hash value, the second Merkel path proof, and the tag of the knowledge base in which it is located; The first agent verifies the validity of the second Merkel path proof for each text block, generates a structured result, digitally signs the structured result using a private key, and sends the structured result and digital signature to the second agent.

[0012] Furthermore, including: The second agent performs cross-validation on the verification results, including: Signature verification: The second agent uses the public key of the first agent to verify the authenticity of the digital signature; Merkel verification: Merkel verification is performed on each text block in the structured result, that is, the Merkel root hash of the corresponding text is obtained from the second blockchain, and the root hash is calculated again locally using the second text hash value and the verified second Merkel path proof, and the consistency of the calculated root hash result with the root hash result on the second blockchain is verified, wherein the root hash result on the second blockchain is calculated based on the text block corresponding to the verification value of one; Text block verification: Calculate the cryptographic hash value corresponding to the text content of each text block in the structured result, and compare it with the cryptographic hash value of the corresponding text content in the second blockchain; If one or more of the signature verification, Merkel verification, or text block verification fails, the official raw data is retrieved from the decentralized file system based on the tags in the knowledge base for arbitration, and the verification is marked as failed. Otherwise, the current text block verification is successful, and the text data is accepted until all text blocks are verified. Otherwise, it is marked as a poisoning attack.

[0013] Furthermore, including: The method also includes: If the verification fails, the sending smart agent submits evidence of poisoning to the complaining smart contract. The evidence of poisoning includes: a malicious data source address, a set of locally calculated second text hash values, and an event timestamp. The smart contract counts the number of complaints against the current smart agent. If the number exceeds a set threshold, the address is automatically marked as untrusted. In the future, when smart agents exchange information, multiple smart agents will first check each other's reputation status to actively isolate high-risk nodes.

[0014] On the other hand, the present invention also provides a context-protected poisoning prevention system based on multi-agent cooperation, the system comprising: First transaction module: The intelligent agent service provider creates an AgentCard and initiates the first blockchain transaction, records the relevant information of the AgentCard on the first blockchain, uploads the AgentCard to the decentralized file system, and returns the first content identifier; AgentCard verification module: The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, and verifies the authenticity of the obtained AgentCard. If successful, the client connects with the current intelligent agent. Judgment Module: The knowledge base owner of the client preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the set of text blocks, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

[0015] Thirdly, the present invention also provides an electronic device, comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the aforementioned multi-agent cooperative method for preventing contextual poisoning.

[0016] Beneficial effects: Compared with the prior art, the present invention has the following advantages: This invention constructs a complete trust system encompassing identity authentication and knowledge traceability. Through a layered cryptographic protection mechanism, it achieves comprehensive security protection from agent identity to interactive data. First, during agent identity registration, the agent registers the cryptographic hash of its AgentCard file along with its public key address on the blockchain. Leveraging the blockchain's immutability, the agent's identity information is verified, fulfilling the prerequisite for subsequent multi-agent interaction. Second, during agent interaction, the contextual knowledge blocks exchanged between agents are bound to the on-chain root hash via Merkle Proof; any tampering will result in verification failure. This application achieves trusted management of the data lifecycle by constructing a three-layer protection architecture of identity authentication, knowledge storage, and result verification. Specifically: (1) Identity Registration on the Blockchain: The agent registers the cryptographic hash (as its digital fingerprint) of its AgentCard file along with its public key address on the blockchain. Utilizing the immutability of the blockchain, this binding relationship serves as a globally consistent identity trust anchor. This step solves the problem of verifying the authenticity and integrity of AgentCard information; (2) Trusted storage of knowledge base: In response to the poisoning threat faced by the intelligent agent knowledge base, this invention designs a knowledge base storage verification mechanism based on Merkle tree. After the knowledge base owner divides the original document into blocks, he constructs a Merkle tree and registers the root hash to the blockchain, realizing an economical storage solution that can be verified by all members with one registration. This mechanism ensures the integrity of the knowledge base content and the authenticity of the source, providing a trustworthy foundation for subsequent data verification. (3) Data storage network: The agent stores the complete AgentCard file and the original knowledge base data in the decentralized file system IPFS and obtains a unique content identifier CID. By utilizing the content addressing and distributed storage characteristics of IPFS, the agent ensures the high availability and durability of the data and avoids single points of failure. (4) Poisoning verification mechanism: The public key address and official AgentCard hash of the target intelligent agent are obtained by querying the blockchain, and the AgentCard file is obtained from the IPFS network through CID. The identity verification is completed by comparing the file hash with the hash recorded on the chain. During the data interaction process, the receiver verifies the authenticity of the knowledge block through Merkle Proof. Any tampering with the knowledge block will lead to verification failure, which fundamentally blocks the propagation path of polluting knowledge. (5) Trusted collaboration among intelligent agents: For multi-agent collaboration scenarios, this invention designs a result verification mechanism based on digital signatures. The intelligent agent generates a structured certificate containing metadata such as query context and timestamp for the verified knowledge block and performs digital signature. The receiver verifies the signature and knowledge source to ensure end-to-end trust in the collaboration process. Therefore, through the above scheme, this application not only solves the centralized defects of identity authentication, but also innovatively provides a complete technical path to defend against context poisoning attacks, providing a key technical foundation for realizing large-scale, open, and trustworthy distributed intelligent agent collaborative networks. Attached Figure Description

[0017] Figure 1 This is a flowchart of the anti-context poisoning method based on multi-agent cooperation as described in an embodiment of the present invention; Figure 2 This is a flowchart of the registration process and discovery verification process method described in an embodiment of the present invention; Figure 3This is a flowchart of the secure communication and authentication method against context poisoning as described in an embodiment of the present invention; Figure 4 This is a flowchart of the receiver verification and poisoning defense method according to an embodiment of the present invention. Detailed Implementation

[0018] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0019] Example 1: This invention provides a method for preventing contextual poisoning based on multi-agent collaboration. The method includes a registration process and a discovery and verification process, core stages of trusted knowledge base storage, anti-poisoning verification, and poisoning tracing. The system architecture includes a blockchain network, a decentralized storage network (taking IPFS as an example), a knowledge base provider agent, and methods for using the agent. Figure 1 As shown, the method includes the following steps: The S1 agent service provider creates an AgentCard and initiates a first blockchain transaction, recording the relevant information of the AgentCard on the first blockchain. The agent service provider then uploads the AgentCard to a decentralized file system and returns a first content identifier. The S2 client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, verify the authenticity of the obtained AgentCard, and after success, the client connects with the current intelligent agent. The knowledge base owner of the client in S3 preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the text block set, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

[0020] Specifically, this embodiment constructs a full-link trusted verification system, achieving effective immunity to context poisoning attacks: by constructing a three-layer protection architecture of identity authentication, knowledge storage, and result verification, this embodiment systematically solves the novel security threat of context poisoning for the first time in a multi-agent system. Each knowledge block is bound to the on-chain root hash via Merkle Proof. Any tampering, including attacks such as content pollution, instruction injection, and context overflow, will lead to verification failure, ensuring the absolute trustworthiness of the context data entering the agent's decision-making process. This embodiment establishes a decentralized data traceability mechanism, achieving precise traceability of knowledge sources: the batch registration scheme based on Merkle trees achieves storage economy while ensuring cryptographic security. A single knowledge base only needs one on-chain transaction to complete the trusted storage of all data, and through lightweight Merkle Proof verification, any agent can quickly verify the authenticity of the source of a single knowledge block locally, without relying on any centralized authority, achieving true decentralized trust. This embodiment also designs an efficient multi-agent experience true protocol to ensure the security and reliability of the collaboration process: through the dual verification mechanism of digital signature and Merkle Proof, the RAG results transmitted between agents have both identity authenticity and content credibility. The receiver ensures that the data has not been tampered with during transmission through cross-verification, and the sender cannot deny it, thus establishing a reliable security foundation for multi-agent collaboration in an open environment.

[0021] Phase 1: Registration and Discovery Verification Process, such as Figure 2 As shown, among them: Step 1: Agent registration and information upload to the blockchain, including: S101: The Agent service provider generates a public-private key pair in asymmetric cryptography, wherein the private key is securely kept by the provider and the public key is used to generate a unique blockchain address.

[0022] S102: The Agent service provider creates a structured document, namely the AgentCard, which includes, but is not limited to, a description of the Agent's capabilities, service endpoints, version numbers, and communication protocols. This AgentCard assigns a unique numerical identifier to each agent, thereby ensuring the distinctiveness of each agent within the overall system and providing information support for interactions between agents.

[0023] S103: Calculate the cryptographic hash value of AgentCard as an immutable digital fingerprint of the document.

[0024] In this embodiment, SHA-256 is used to calculate the AgentCard hash value. First, the AgentCard version number and server endpoint information are concatenated to form a unique and complete set of input data. The input data is checked to see if it contains non-ASCII characters. If so, it is converted to a standard encoding format, such as UTF-8, to avoid hash value differences due to encoding inconsistencies. Then, a random value is added to the end of the concatenated data, and the SHA-256 algorithm is used to calculate the preprocessed data to generate a fixed-length hash value.

[0025] S104: The Agent service provider initiates a blockchain transaction, calling the registration method in the agent registration smart contract deployed on the blockchain, such as registerAgent(bytes32 agentCardHash), to bind the blockchain address generated in step S101 with the AgentCard hash calculated in step S103 and permanently record it on the blockchain.

[0026] S105: At the same time, the Agent service provider uploads the complete AgentCard to the decentralized file system IPFS network. The decentralized file system IPFS network returns a content identifier (CID) generated based on the content, which is a unique identifier for each AgentCard.

[0027] Step Two: Trustworthy Discovery and Verification S201: The client obtains the blockchain address and IPFS Content Identifier (CID) of the Agent to be connected through public channels. These two together constitute the discovery credential. In this embodiment, public channels may refer to blockchain explorers, IPFS public gateways, decentralized search engines, official announcements and documents, digital wallet applications, etc.

[0028] S202: The client uses the Content Identifier (CID) to initiate a request to the IPFS network or its public gateway to obtain the document content corresponding to the AgentCard. In this embodiment, in the IPFS network, a public gateway refers to a public HTTP network address provided by the community, organization, or service provider that allows users to access content in the IPFS network via the HTTP / HTTPS protocol. Therefore, the client can also initiate a request to obtain the AgentCard through the public gateway corresponding to the IPFS network.

[0029] S203: The client uses the blockchain address to query the query method in the agent registration smart contract, such as getAgentCardHash(address agentAddress), to obtain the official registration hash corresponding to the address from the blockchain.

[0030] S204: The client calculates the cryptographic hash of the AgentCard document obtained from IPFS. The hash calculation method here must be the same as the method used by the agent service provider to calculate the corresponding hash value.

[0031] S205: The client compares the hash value calculated in step S204 with the official hash value obtained from the chain in step S203.

[0032] S206: If the two hash values ​​are completely identical, the verification is successful, proving that the AgentCard is genuine and the client can establish a trusted connection with the Agent based on the information in the card.

[0033] S207: If the two hash values ​​do not match, the verification fails, indicating that the AgentCard may have been tampered with during transmission or storage. The client terminates the connection and issues an alarm.

[0034] Phase Two: Secure Communication and Authentication Against Context Poisoning, such as Figure 3 As shown.

[0035] Step 3: Knowledge Base Preprocessing and Batch Registration S301: Data Partitioning and Vectorization The knowledge base owner processes the original documents, such as PDFs and TXTs, using an intelligent chunking algorithm to generate a set of text blocks. In this embodiment, the intelligent chunking algorithm can employ a semantically based or fixed-size sliding window, or an AST intelligent chunking method. This method targets code or text, leveraging the tree-like structure of the Abstract Syntax Tree (AST), using a tree-sitter tool to traverse the AST, and merging sibling nodes based on token constraints to form semantically complete fragments.

[0036] The text blocks are converted into vectors and stored in a vector database, while preserving the mapping relationship between the vectors and the source text blocks. The corresponding set of text blocks is represented as follows: .

[0037] S302: Digital fingerprint generation and preprocessing For each text block Calculate its cryptographic hash value This hash will serve as a unique and immutable digital fingerprint for this text block.

[0038] Complete collection of text blocks Uploaded to the IPFS network. The IPFS network returns a Content Identifier (CID)_chunks_list, which represents the storage address of the entire collection of text chunks on IPFS.

[0039] S303: Constructing a Merkle Tree Use the hash set generated in the previous step Construct a Merkle Tree using the leaf nodes.

[0040] Calculate and obtain the root hash of the Merkle tree. This root hash is a guarantee of the integrity of the entire knowledge base data; any change to a single text block will result in a change to the root hash.

[0041] In this embodiment, the root hash is the identifier of the Merkle tree. Its core is to aggregate data blocks step by step through hash calculation to generate a unique root hash. The Merkle tree is usually a binary tree, that is, each node has at most two child nodes. Starting from the leaf node, the hash value of the parent node is calculated layer by layer until the root node is reached. The root hash is the unique summary of the entire hash set. Any change in the leaf node will cause the root hash to change.

[0042] Generate a corresponding Merkle Proof for each text block, which is used for subsequent efficient verification of whether a single text block belongs to the entire knowledge base.

[0043] In this embodiment, Merkle path proof provides the hash values ​​of all sibling nodes along the path from the target text block to the root node, enabling the verifier to recalculate the root hash using only this information, thereby confirming whether the text block belongs to the original Merkle tree. Here, the Merkle path refers to the list of hash values ​​of all sibling nodes along the path from the target text block to the root node. That is, the path from the leaf node to the root node is first determined according to the Merkle tree. The basic order is leaf node to non-leaf node and finally to root node. Since the nodes in this embodiment are already the hash values ​​of text blocks, it is possible to directly verify whether each leaf node belongs to the original Merkle tree. In one implementation, a temporary value is first obtained by using the sibling node of the current leaf node. This temporary value is obtained by concatenating two leaf nodes. It is then concatenated with the temporary values ​​obtained from the other two leaf nodes to obtain another temporary value. The two temporary values ​​must be concatenated until the temporary values ​​of all leaf nodes are concatenated to obtain the temporary value of the root node. If the temporary value is the same as the root node, it is determined that the current leaf node belongs to the original Merkle tree. Otherwise, it is determined that the current leaf node has been tampered with or does not belong to the original tree.

[0044] S304: On-chain registration The knowledge base owner initiates a blockchain transaction by calling the registerKnowledgeBase method in the KnowledgeBaseRegistry smart contract.

[0045] In this embodiment, the KnowledgeBaseRegistry smart contract can be understood as an automated digital protocol based on blockchain technology for managing knowledge base registration and access permissions. Its core function is to define rules through code and execute them automatically, ensuring that operations such as knowledge base creation, updating, and access are completed transparently and securely without third-party intervention. It is usually deployed on a blockchain network.

[0046] Register the following information in batches to the blockchain: publisher_address: The blockchain address (identity) of the knowledge base owner.

[0047] knowledge_base_id: A unique identifier for the knowledge base (which can be generated through hash calculation).

[0048] root_merkle_hash: The Merkle root hash generated in S303. This is the core data on-chain.

[0049] ipfs_cid_list: The IPFS Content Identifier CID_chunks_list obtained in S302, which stores a set of text chunks.

[0050] timestamp: Registration timestamp.

[0051] S305: Store verification data The Merkle Proof corresponding to each text block is stored in association with the text block itself.

[0052] Step 4: Transfer and Validation of RAG Results from the Inter-Agent Retrieval Enhancement Generation System S401: Agent A initiates a query to the local retrieval enhancement generation system (RAG) to obtain the top K relevant results; In this embodiment, the vector similarity search module FAISS of the retrieval enhancement generation system is used to perform inner product search, and the vectors of the Top K document blocks and their corresponding metadata are returned. The metadata includes information such as the unique identifier of the text block and the block position.

[0053] The Retrieval-augmented Generation (RAG) system is one of the most popular and cutting-edge technologies for large-scale models.

[0054] Retrieval-enhanced generative models combine language modeling and information retrieval techniques. Specifically, when the model needs to generate text or answer questions, it first retrieves relevant information from a large collection of documents, and then uses this retrieved information to guide text generation, thereby improving the quality and accuracy of predictions.

[0055] S402: The RAG system returns each text block in the relevant results: {text content chunk_text, hash value chunk_hash, Merkle proof, knowledge base ID source_kb_id}; S403: Agent A verifies the validity of the Merkle Proof for each text chunk; S404: Generate a structured result credential, represented as: { "rag_results": [ { "chunk_text": "text content", "chunk_hash": "hash value", "merkle_proof": "Merkle's proof", "source_kb_id": "Knowledge Base ID" } ], "query_context": "query content hash", "timestamp": "timestamp", "agent_a_address": "Agent address", "knowledge_sources": ["List of knowledge bases"] }

[0056] S405: Use the private key to perform an ECDSA digital signature on the result_credential; In this embodiment, ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curve cryptography (ECC) used to verify data integrity, authentication, and non-repudiation.

[0057] In this embodiment, the private key can be selected as 1 ≤ private key d ≤ n -1 random integer,n The random number must be of prime order and generated by a secure random number generator. Then, the content of `result_credential` must be explicitly defined, ensuring its integrity and explicitness. A cryptographic hash of `result_credential` is performed to generate a fixed-length hash digest, and a random number is selected. k And satisfying 1 ≤ k ≤ n -1, Each signature must be unique, which needs to be guaranteed. k Firstly, to ensure confidentiality, secondly, to store the hash digest, private key, and random access code. k Combined, calculation results .in, for k mold n The multiplicative inverse of is given by , where x is an elliptic curve parameter that guarantees the validity of the random number. If s If the value is not zero, the signature is valid, and the final signature can be a tuple (...). x,s ).

[0058] S406: Send {structured result_credential, digital signature} to agent B.

[0059] Step 5: Recipient Verification and Poisoning Prevention like Figure 4 As shown, after receiving the data packet, agent B performs verification and poisoning defense. The verification method is cross-verification. The following steps S501, S502 and S503 are verifications from different angles.

[0060] S501: Agent B uses Agent A's public key to verify the authenticity of the digital signature; In a preferred embodiment of this invention, the signature value to be verified is ( x , s First, check x and s Does it satisfy 1≤ x , s ≤ n -1, if any value is outside the range, the signature is directly deemed invalid, and then, calculation is performed. s Inverse: in the model n Calculation and definition : hash digest h Combined with the inverse, it is associated with signature verification and is defined. :Will x This is related to the combination with inverses and the randomness of signature generation; secondly, it involves performing elliptic curve scalar multiplication and combination operations. This allows us to deduce the temporary point used in signature generation using the public key Q and the base point G, thus verifying the mathematical consistency of the signature again. We then check whether the x-coordinate of the calculated point R is equal to that in the signature. x If they are equal, it means the signature parameters and data digest are correctly bound. If all the above verifications pass, it means the signature ( x, s If the signature is confirmed as a genuine signature of agent A using the corresponding private key on result_credential, then the signature is invalid if any step fails. Possible reasons include data tampering or signature forgery.

[0061] S502: Perform Merkle validation on each text chunk in the structured result_credential: Obtain the Merkle root hash root_merkle_hash of the corresponding text from the second blockchain, and use the hash value chunk_hash of the text block and the Merkle path proof merkle_proof verified in step S403 to calculate the root hash again locally, and verify the consistency of the calculation result with the root_merkle_hash on the second blockchain.

[0062] The Merkle verification process for each text chunk is similar to step S303 above, and will not be repeated here.

[0063] S503: For each text block in the structured result_credential, recalculate the SHA-256 hash value of its text content chunk_text and compare it with the declared chunk_hash. The declared text hash value is also the hash value obtained in step S302. In this embodiment, since there is only one item, text content, in the text block, the hash value of the text content should be the hash value of the corresponding text block.

[0064] If any one or more of the above three verification methods are inconsistent, the official raw data obtained from IPFS based on the knowledge base ID, i.e., source_kb_id, will be used for arbitration to determine whether the sending agent A tampered with the data or an error occurred during the transmission process.

[0065] S504: If all verifications pass, accept the data; otherwise, mark it as a poisoning attack and proceed with the complaint process.

[0066] Step Six: Malicious Behavior Containment Mechanism S601: The sending smart agent whose verification failed submits evidence of poisoning to the complaining smart contract: malicious_publisher: Malicious data source address claim_cid: Claimed CID computed_hash: The actual hash computed locally. timestamp: Event timestamp S602: The smart contract counts the number of complaints, and automatically marks the address as untrusted if the number exceeds a threshold; S603: The intelligent agent queries the reputation status and proactively isolates high-risk nodes; S604: Enables rapid containment of network-level malicious behavior through event listening.

[0067] Example 2: This invention also provides a context-sensitive poisoning prevention system based on multi-agent cooperation, the system comprising: First transaction module: The intelligent agent service provider creates an AgentCard and initiates the first blockchain transaction, records the relevant information of the AgentCard on the first blockchain, uploads the AgentCard to the decentralized file system, and returns the first content identifier; AgentCard verification module: The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, and verifies the authenticity of the obtained AgentCard. If successful, the client connects with the current intelligent agent. Judgment Module: The knowledge base owner of the client preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the set of text blocks, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

[0068] Other technical features of the anti-context poisoning system based on multi-agent cooperation in this embodiment are similar to those of the corresponding anti-context poisoning method based on multi-agent cooperation, and will not be repeated here.

[0069] This embodiment also provides a computer system, including a memory, a processor, and a computer program stored in the memory, wherein the processor executes the computer program to implement the steps of the electric vehicle charging coordinated control method described above.

[0070] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0071] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0072] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0073] Although preferred embodiments of the invention have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including both the preferred embodiments and all changes and modifications falling within the scope of the invention.

[0074] Obviously, those skilled in the art can make various modifications and variations to the embodiments of the present invention without departing from the spirit and scope of the embodiments of the present invention. Thus, if these modifications and variations to the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention also intends to include these modifications and variations.

Claims

1. A method for preventing context-based poisoning based on multi-agent cooperation, characterized in that, The method includes: The intelligent agent service provider creates an AgentCard and initiates a first blockchain transaction, recording the relevant information of the AgentCard on the first blockchain. The intelligent agent service provider then uploads the AgentCard to a decentralized file system and returns a first content identifier. The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, verify the authenticity of the obtained AgentCard, and if successful, the client connects with the current intelligent agent. The knowledge base owner of the client preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the text block set, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

2. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 1, characterized in that, The intelligent agent service provider creates an AgentCard and initiates the first blockchain transaction, including: The agent service provider generates a public-private key pair in asymmetric cryptography, wherein the private key is kept by the agent service provider and the public key is used to generate a unique blockchain address for the first blockchain; and calculates the cryptographic hash value of the AgentCard; The registration method in the agent registration smart contract deployed on the first blockchain is invoked to bind the generated blockchain address with the cryptographic hash value and record it on the first blockchain.

3. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 2, characterized in that, The process of obtaining the corresponding AgentCard and verifying the authenticity of the obtained AgentCard includes: The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard; The client uses the blockchain address to query the query method in the agent registration smart contract and obtains the official registration hash value corresponding to the blockchain address from the first blockchain. The client obtains the AgentCard from the decentralized file system or its public gateway, calculates the cryptographic hash value of the AgentCard, and compares the official registration hash value with the calculated hash value. If the two hash values ​​are completely identical, the verification is successful, proving that the AgentCard is authentic. The client then establishes a trusted connection with the corresponding agent based on the information in the card. If the two hash values ​​are inconsistent, the verification fails, and the client terminates the connection and issues an alarm.

4. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 1, characterized in that, The process of constructing a Merkle tree from the hash set generated based on the text block set, and generating a Merkle path proof corresponding to each text block based on the Merkle tree, includes: The preprocessed text block set is uploaded to the decentralized file system to generate a second content identifier, which represents the storage address of the entire text block set on the decentralized file system. Calculate the corresponding cryptographic hash value for each text block, denoted as the first text hash value, and construct a Merkle tree using the formed hash set, where the first text hash value in the hash set serves as the leaf node of the Merkle tree, and generate the corresponding first Merkle path proof for each text block based on the Merkle tree.

5. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 4, characterized in that, Before the first agent that has successfully connected with the client verifies the validity of the Merkel path proof corresponding to each text block using a retrieval-enhanced generation system, on-chain registration is also included, specifically: The knowledge base owner initiates a second blockchain transaction, registering the root hash, second content identifier, and registration timestamp corresponding to the Merkle tree on the second blockchain, and storing the verification value of the association information between the Merkle path proof corresponding to each text block and the text block itself on the second blockchain. If the verification value is one, it means that the Merkle path proof is associated with the text block itself; otherwise, if the verification value is zero, it means that the Merkle path proof is not associated with the text block itself.

6. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 5, characterized in that, The first agent, which has successfully connected with the client, uses a retrieval-enhanced generation system to verify the validity of the Merkel path proof corresponding to each text block, and sends the verification result to the second agent, including: The first intelligent agent initiates a text query to the local retrieval enhancement generation system and obtains the results of several text blocks; The results returned by the local retrieval enhancement generation system include: the text content of each text block, the second text hash value, the second Merkel path proof, and the tag of the knowledge base in which it is located; The first agent verifies the validity of the second Merkel path proof for each text block, generates a structured result, digitally signs the structured result using a private key, and sends the structured result and digital signature to the second agent.

7. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 6, characterized in that, The second agent performs cross-validation on the validation results, including: Signature verification: The second agent uses the public key of the first agent to verify the authenticity of the digital signature; Merkel verification: Merkel verification is performed on each text block in the structured result, that is, the Merkel root hash of the corresponding text is obtained from the second blockchain, and the root hash is calculated again locally using the second text hash value and the verified second Merkel path proof, and the consistency of the calculated root hash result with the root hash result on the second blockchain is verified, wherein the root hash result on the second blockchain is calculated based on the text block corresponding to the verification value of one; Text block verification: Calculate the cryptographic hash value corresponding to the text content of each text block in the structured result, and compare it with the cryptographic hash value of the corresponding text content in the second blockchain; If one or more of the signature verification, Merkel verification, or text block verification fails, the official raw data is retrieved from the decentralized file system based on the tags in the knowledge base for arbitration, and the verification is marked as failed. Otherwise, the current text block verification is successful, and the text data is accepted until all text blocks are verified. Otherwise, it is marked as a poisoning attack.

8. The method for preventing context-based poisoning based on multi-agent cooperation according to claim 1, characterized in that, The method also includes: If the verification fails, the sending smart agent submits evidence of poisoning to the complaining smart contract. The evidence of poisoning includes: a malicious data source address, a set of locally calculated second text hash values, and an event timestamp. The smart contract counts the number of complaints against the current smart agent. If the number exceeds a set threshold, the address is automatically marked as untrusted. In the future, when smart agents exchange information, multiple smart agents will first check each other's reputation status to actively isolate high-risk nodes.

9. A context-sensitive poisoning prevention system based on multi-agent cooperation, characterized in that, The system includes: First transaction module: The intelligent agent service provider creates an AgentCard and initiates the first blockchain transaction, records the relevant information of the AgentCard on the first blockchain, uploads the AgentCard to the decentralized file system, and returns the first content identifier; AgentCard verification module: The client uses the first content identifier to send a request to the decentralized file system or its public gateway to obtain the corresponding AgentCard, and verifies the authenticity of the obtained AgentCard. If successful, the client connects with the current intelligent agent. Judgment Module: The knowledge base owner of the client preprocesses the original text to generate a set of text blocks, constructs a Merkle tree based on the hash set generated from the set of text blocks, and generates a Merkle path proof corresponding to each text block based on the Merkle tree. The first agent that has successfully connected to the client uses a retrieval-enhanced generation system to verify the validity of the Merkle path proof corresponding to each text block and sends the verification result to the second agent. The second agent performs cross-validation on the verification result. If all text blocks pass the verification, the current text data is accepted; otherwise, it is marked as a poisoning attack.

10. An electronic device, characterized in that, include: A memory, a processor, and a computer program stored in the memory and executable on the processor, the processor executing the program to implement the multi-agent cooperative anti-context poisoning method as described in any one of claims 1-8.

Images