1. Introduction to Blockchain Privacy Computing
Blockchain privacy computing is a technology that protects user privacy and ensures data security and confidentiality. It realizes data security sharing and privacy protection among users through blockchain technology and cryptographic algorithms.
In traditional blockchain technology, data is open and transparent, and all data will be recorded on the blockchain and accessible to all nodes. Therefore, if the information recorded in the blockchain involves sensitive information such as personal privacy or business secrets, there is a risk of being acquired, tampered with, or leaked by others. In order to make up for this shortcoming, blockchain privacy computing technology came into being.
Blockchain privacy computing technologies include Homomorphic Encryption, Zero-Knowledge Proof, Secure Multiparty Computation (SMC), Trusted Computing, and Differential Privacy And other technical means, they can realize data sharing and computing without exposing sensitive data.
1.1. Homomorphic encryption
Homomorphic Encryption (Homomorphic Encryption) is a special encryption technology that allows calculations on ciphertext without decryption, and the final result is the same as that obtained by the same calculation on plaintext.
A simple homomorphic encryption is the RSA encryption scheme. Like RSA, homomorphic encryption is also based on the large number factorization problem and the discrete logarithm problem. The basic principle of homomorphic encryption is: for two integers x and y, let the ciphertexts of x and y be c(x) and c(y) respectively, then the sum of these two ciphertexts can be expressed as:
c(x+y) = E(x) + E(y),
where E is the homomorphic encryption function. Similarly, for the product of two ciphertexts:
c(x*y) = E(x)*E(y)。
The following are some common homomorphic encryption algorithms:
-
Fully Homomorphic Encryption (FHE): FHE can perform arbitrary depth calculation operations on encrypted data.
-
Partially Homomorphic Encryption (PHE): PHE can perform some specific addition/multiplication operations.
-
Homomorphic Encryption Scheme for Arithmetic Circuit Evaluation (HE-SCA): HE-SCA uses a new method to realize the calculation of homomorphic encryption. In the calculation process, the circuit needs to be written first, and then the All operations are homomorphically encrypted.
For example, suppose Alice wants to send Bob the sum of two numbers a and b, but she doesn't want Bob to know the exact values of a and b. Then in order to achieve this goal, Alice can use homomorphic encryption technology to encrypt a and b, and then send the encrypted ciphertext to Bob. After Bob receives the ciphertext, he uses homomorphic encryption technology to calculate the ciphertext and sends the calculation result to Alice. Alice uses the homomorphic encryption technology to decrypt the calculation result again, so as to obtain the sum of a and b.
The above is the working principle and classification of homomorphic encryption. The specific method of its implementation needs to be deeply understood from different homomorphic encryption algorithms.
1.2. Zero-knowledge proof
Zero-Knowledge Proof (Zero-Knowledge Proof) technology is a commonly used technology in cryptography. It can prove to others that you have certain information or know certain information without revealing any relevant proof content. . It is a widely used protocol in computer cryptography, which can help users prove their identity, qualifications and rights without revealing sensitive information.
The working principle of zero-knowledge proof is to generate a credible proof (the correctness of the proof can be verified) and verify its correctness by using a series of encryption algorithms, including hashing, public key encryption, mathematical calculation, etc., but Without revealing any specific information about the content of the proof. Specifically, the zero-knowledge proof technology will not disclose any specific information about the content of the proof, it will only ensure that when the proof is verified, the verifier knows that the verified event has indeed occurred, but cannot know how it happened.
This technology mainly has the following elements:
- Knowledge: The prover must know certain information.
- Concealment: The prover must prove that this knowledge exists, but cannot reveal it.
- Verifiability: Anyone can verify the authenticity of the proof, i.e. the proof is correct.
Here is a practical example to illustrate the application of zero-knowledge proof technology: Suppose there are two people, Alice and Bob, who do not trust each other but need to prove their authenticity. For example, Alice wants to prove to Bob that she is a customer of a certain bank and has a certain deposit balance. At this time, Alice can use zero-knowledge proof technology to prove her identity and balance to Bob, but does not need to disclose any other information about the account, such as account number or password.
In short, zero-knowledge proof technology can provide effective security solutions for data privacy protection, identity authentication, information exchange and other fields, and has been widely used.
1.3. Secure multi-party computation
Secure Multiparty Computation (SMC) technology is a protocol in cryptography designed to allow interoperability between multiple parties while ensuring data security and privacy protection. In the SMC protocol, multiple participants can jointly perform a computing task without mutual trust, without revealing the information owned by each participant. Multiple participants share computing and storage tasks and results through the SMC protocol, and do not need to communicate with each other. All data flows and computing results are completed in secure encryption.
The core principle of SMC is to use cryptographic algorithms, such as using private computers (to encrypt and decrypt data) to control access rights, encrypt data context, identity verification, operation control and encryption key management to achieve secure multi-party computing. On average, the SMC agreement contains the following basic elements:
- Security protocol: In the interactive communication process, cryptographic protocols are used to control information transmission and ensure the security of the communication process.
- Data isolation: The data is distributed and stored among multiple computer nodes. After the operation, each participant obtains a subset of the calculation results, and it is impossible to know the data owned by other servers.
- Encryption and Decryption: Participants protect sensitive data with transposition and obfuscation to ensure data security during processing and transmission.
For example, suppose there are three people, Alice, Bob, and Charlie, who need to add a certain number, but each has the same addend plus their own data. In the case of using SMC, the data of three people can be added together to get the correct result, but the respective data is only known to oneself and cannot know the data of other people, so SMC can guarantee data security and privacy.
In short, SMC technology is an effective means to protect computing data privacy, it can help participants to perform calculations without mutual trust, thus ensuring the data privacy, integrity and confidentiality of multi-party computing.
1.4. Trusted Computing
Trusted Computing (Trusted Computing) technology is a secure computing infrastructure designed to ensure the credibility of computing devices and systems, minimize the risk of computer attacks, and protect user data on computing devices to prevent data from being tampered with or stolen. take, steal, etc.
Its technical principles include the following parts:
-
Secure Boot (Secure Boot)
secure boot is to verify that all firmware and software on the computer are trusted when the computer is started, and to ensure that there is no interference from malicious software during the startup process. Secure boot uses digital signature technology to ensure that the initial boot code and firmware of the computer system are legal and trusted. -
Trusted Platform Module (TPM)
Trusted Platform Module is a key component in trusted computing technology. It is an embedded security chip installed on the motherboard to store keys, certificates and various cryptographic parameters. . TPM provides functions such as credential verification, credibility verification, and software and data integrity verification of the security model to ensure that attacks on computer systems are effectively controlled. -
Measurement Chain
Measurement Chain is a technique for recording and verifying the integrity of computer systems. It starts running after the computer is started, records and stores computer system operation information from hardware, firmware, operating system and application programs, and generates digital signatures. This information contains all the details of the computer system, such as the model of the computer, hardware composition, operating system version, and so on. Every recorded measurement will be digitally signed to guarantee its integrity and authenticity. -
Isolation Techniques
Trusted Computing Technology also uses isolation techniques to ensure security. It is mainly manifested in virtualization technology, containerization technology, firewall technology, etc. Isolation technology can isolate the data between different applications in the computer system, form a relatively isolated space, and provide a secure access control mechanism to ensure that data between different applications do not interfere with each other, thereby ensuring the integrity of the system as a whole. Safety.
To sum up, trusted computing technology is a technology that guarantees the security and credibility of computing equipment and systems, realizes security and confidentiality in an open environment, and improves the security and stability of computer systems.
1.5. Differential privacy
Differential Privacy (Differential Privacy) is a technology for protecting private information, which aims to protect the privacy of data in scenarios such as data mining and ensure that sensitive data will not be leaked. The basic principle of this technology is to protect the privacy of data by adding noise to make individual information in the data indistinguishable.
Its technical principle includes the following key elements:
- Randomization
Differential privacy technology makes the individual information in the original data indistinguishable by randomizing the original data, thereby protecting individual privacy and ensuring that privacy is not leaked. Randomization technology can be implemented by hash function, scrambling method and other technologies, and can be performed before data release or during query. - Adding Noise
In order to protect privacy, differential privacy technology can add a certain degree of noise on the basis of randomization operations. The purpose of adding noise is to ensure the availability of data while preserving privacy. The added noise should conform to the Gaussian distribution or Laplace distribution, and the size of the noise needs to be strictly calculated and controlled to ensure the effect of protecting data privacy. - Shared-undisclosed model
Differential privacy technology uses a shared-undisclosed model for privacy protection. The model divides the data into two parts: one part is private information, which needs to be processed by randomization and adding noise; the other part is non-private information, which can be shared and used as much as possible under the premise of protecting privacy. - Differential privacy parameters ε and δ
Differential privacy techniques use parameters ε and δ to control the size of the noise and the degree of randomization. Among them, ε represents the privacy protection level of the data. The smaller the ε, the higher the privacy protection degree of the data and the more noise is added; There is less noise, but the degree of privacy protection of the data is relatively low.
To sum up, differential privacy technology protects individual privacy while ensuring data availability and deduplication accuracy through operations such as randomization and adding noise. This technology has been widely used in data mining, search recommendation, machine learning and other fields, and it is one of the effective methods to protect personal privacy.
2. Examples of business scenarios
In financial scenarios, homomorphic encryption technology allows financial institutions to assess and manage customer risks without exposing customer data. This can be achieved with the following steps:
-
Encrypted data: When customers provide financial data to financial institutions, financial institutions can use homomorphic encryption technology to encrypt the data and convert the data into ciphertext. During this process, the privacy and security of customers are guaranteed.
-
Use homomorphic properties to calculate data: For encrypted data, financial institutions can use homomorphic properties to calculate data, such as addition, subtraction, multiplication, etc. With homomorphic encryption, financial institutions can perform computations on customer data without decrypting it.
-
Get the result and decrypt it: After the calculation is complete, the financial institution gets the result in ciphertext. At this time, financial institutions can use homomorphic encryption technology to decrypt the results into plain text, and then assess and manage risks based on this.
It should be noted that during this process, financial institutions never decrypt customer data, so as to avoid leaking customer privacy. At the same time, financial institutions do not need to save the original plaintext data, which is also conducive to the protection of data privacy.
In specific applications, homomorphic encryption technology can be used in many data processing aspects, such as credit evaluation, risk control, fraud detection, investment decisions, etc. The use of homomorphic encryption technology to process data can fundamentally protect the commercial secrets of financial institutions and the privacy of customer data.
| technology | technical features | application | technology maturity |
|---|---|---|---|
| Multi-party Secure Computing | Under the premise of not disclosing their own data, use multi-party data collaborative calculation, and only output the result | Multi-party data circulation cooperation | There are mature business cases for two-party data cooperation, and the application scenarios of multi-party data cooperation are constantly expanding |
| homomorphic encryption | Calculate the data in the ciphertext state, and finally decrypt the ciphertext of the calculation result | Multi-party data circulation cooperation, outsourcing computing | The performance of full homomorphism is still low, and semi-homomorphism is mature |
| zero-knowledge proof | On the premise of not disclosing the secret information, prove that the secret information that meets the disclosure constraints is known | Credible Proof of Calculation Results | Complex zero-knowledge proof performance needs to be improved |
| differential privacy | Make it impossible to recover sensitive information about a single sample from one or more data processing results by adding noise | External output of unilateral data processing results | Ready for commercial use |
| trusted computing | Prevent attacks through a trusted execution environment to ensure the privacy and integrity of data and code | Credible proof of multi-party data circulation cooperation and calculation results | Commercial products have been launched, security needs to be improved |