WO2020189846A1 - Procédé d'analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé - Google Patents

Procédé d'analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé Download PDF

Info

Publication number
WO2020189846A1
WO2020189846A1 PCT/KR2019/006498 KR2019006498W WO2020189846A1 WO 2020189846 A1 WO2020189846 A1 WO 2020189846A1 KR 2019006498 W KR2019006498 W KR 2019006498W WO 2020189846 A1 WO2020189846 A1 WO 2020189846A1
Authority
WO
WIPO (PCT)
Prior art keywords
data analysis
distributed
privacy
data
ledger
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2019/006498
Other languages
English (en)
Korean (ko)
Inventor
서창호
김현일
성열욱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industry Academic Cooperation Foundation of Kongju National University
Original Assignee
Industry Academic Cooperation Foundation of Kongju National University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industry Academic Cooperation Foundation of Kongju National University filed Critical Industry Academic Cooperation Foundation of Kongju National University
Publication of WO2020189846A1 publication Critical patent/WO2020189846A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2452Query translation
    • G06F16/24526Internal representations for queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • G06F16/24534Query rewriting; Transformation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present invention relates to a privacy-preserving data analysis method in a permissioned blockchain system, and more particularly, a value in which noise is added to the response of the secret distributed ledger to a query when performing specific data analysis in a blockchain-based system. It relates to a privacy-preserving data analysis method on a permission-type blockchain system that enables data analysis to be performed in a state where personal privacy is preserved.
  • Blockchain technology is a widely known technology for cryptocurrency, and it is not a traditional centralized database, but a distributed database-based system in which all participants participating in the network have a shared database to perform secure and efficient data sharing. It is a technique for.
  • Non-Patent Literature 1 The cryptocurrency technology proposed by Non-Patent Literature 1 and the blockchain systems based on it can participate in the network, and all members (nodes) participating have a distributed ledger corresponding to the database.
  • This is usually referred to as a permissionless blockchain system, and it is also commonly referred to as a public blockchain.
  • a permissioned blockchain a system in which only a set of institutions with a specific purpose or only a specific organization can participate in the network is called a permissioned blockchain, which is a private blockchain or a consortium block depending on the degree of centralization. It is also called the Consortium Blockchain.
  • Unauthorized blockchain proposed by Non-Patent Document 1 usually has scalability of scale that anyone can participate through complete decentralization rather than efficiency in processing and storage of transactions and secure distributed ledgers for them in the network. It is aimed at.
  • permissioned blockchains are less scalable than permissionless blockchains in which anyone can participate, but they are very fast in transaction execution and processing and storage of secure distributed ledgers compared to unlicensed blockchains. In addition to system performance, it is a system that can be applied to financial transactions, supply chains between manufacturers, distribution networks between manufacturers and consumers, disease history sharing between hospitals and other related companies in the medical field, and information sharing in the public sector led by the government.
  • Permitted blockchain has been intensively researched by Hyperledger, a permissioned blockchain open source project established by the Linux Foundation, and currently representative permissioned blockchain technologies are Hyperledger Indy (Hyperledger Sawtooth, Hyperledger Fabric). ), and Samsung SDS's Nexledger in Korea.
  • differential privacy is one of the above non-identification techniques, and by adding noise based on mathematical probability when responding to a query for information performed by a data analyst, the analyst can easily access personal information. It is a technique that makes it impossible to infer.
  • Differential privacy mathematically defines the degree of privacy based on how much difference probabilistically between the outputs of the two databases for any query for two databases according to the presence or absence of specific personal data.
  • the personal data is a disease history including personal information on a patient in medical data, and may include personal information on a specific product and data including characteristics and transaction details of the product on the transaction data.
  • the data analysis method applied with differential privacy adds noise with randomness calculated based on the query to the response value, even if a specific attack target is actually a lung cancer patient, even if multiple queries are received in the same manner as the above query. It will respond with a different value.
  • the differential privacy in the above example cannot be easily determined whether the attacker has lung cancer, even though the malicious analyst knows the prior knowledge of the attacker, since the difference between the analysis before and after the analysis cannot be known.
  • This differential privacy method is designed based on a randomized algorithm. This means adding random noise to the sensitive attribute values of each data column in the database. However, in order not to damage the usefulness of data analysis from the standpoint of data analysts, appropriate noise is added to the extent that it does not reveal the properties of sensitive information, and the degree of this is determined by the measure within the differential privacy definition under the system administrator or the data administrator. Can be decided.
  • Non-Patent Documents 3, 4, and 5 exist as techniques for performing analysis without leaking information of secret data.
  • the techniques proposed by the non-patent documents 3, 4, and 5 can obtain a value desired by an accessor without exposing privacy from data shared only by a specific member through Secure Multiparty Computation.
  • the technologies proposed by the non-patent documents 3, 4, and 5 are very inefficient in calculation complexity when the number of secret data required for calculation increases, and specific value calculations such as performing an auction without revealing the buyer's bid price are performed. Because it is mainly used for technology for data analysis, it is not suitable for data analysis and processing techniques to determine the probability distribution of data.
  • non-patent documents 6, 7 and 8 exist as technologies capable of performing transactions without leaking information of secret data.
  • the technologies proposed by the non-patent documents 6, 7 and 8 can prove a correct transaction without showing transaction information to a third party other than the transaction party through Zero Knowledge Proof.
  • the technologies proposed by the non-patent documents 6, 7 and 8 are mainly used for technologies that guarantee confidentiality of transactions, and are therefore not suitable for data analysis and processing technologies to determine the probability distribution of data.
  • non-patent documents 9 and 10 propose a decentralized distributed analysis technique based on a permissionless blockchain.
  • the techniques proposed by the non-patent documents 9 and 10 are a method of generating a result value from each round as one block during distributed learning, recording it in the ledger, and then proceeding to the next round based on this.
  • the technologies proposed by the above non-patent documents 9 and 10 solve problems that cannot be simply applied to a number of fields, such as the financial field, the supply chain between manufacturers, the distribution network between manufacturers and consumers, and the medical field using the existing licensed blockchain. Have.
  • Patent Documents 1 and 2 Other examples of introducing blockchain technology for safe and efficient data de-identification include the technologies proposed by Patent Documents 1 and 2.
  • the technologies proposed by Patent Documents 1 and 2 correspond to technologies applied when introducing differential privacy in a distributed data environment composed of a plurality of data owners.
  • Patent Documents 1 and 2 above are technologies that introduce a blockchain to solve factors that may occur in the aspect of safety and efficiency of the differential privacy algorithm when differential privacy is introduced in a distributed data environment. It is not suitable for data analysis and processing techniques trying to determine the enemy distribution.
  • Patent Document 1 US 2018-0307854 A1 "Tracking privacy budget with distributed ledger”
  • Patent Document 2 US 2018-0173894 A1 "Differential privacy and outlier detection within a non-interactive model"
  • Non-Patent Document 1 S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system"
  • Non-Patent Document 2 L. Sweeney, "k-anonymity: A model for protecting privacy” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no.5, pp.557-570, 2002
  • Non-Patent Document 3 F.Benhamouda et al., "Supporting Private Data on Hyperledger Fabric with Secure Multiparty Computation” Cloud Engineering (IC2E), IEEE International Conference on, IEEE, pp.357-363, 2018
  • Non-Patent Document 4 G.Zyskind et al., "Decentralizing privacy: Using blockchain to protect personal data” IEEE Security and Privacy Workshops, IEEE, pp.180-184, 2015.
  • Non-Patent Document 5 G.Zyskind et al., "Enigma: Decentralized computation platform with guaranteed privacy” arXiv preprint arXiv:1506.03471, 2015.
  • Non-Patent Document 6 Zcash-all coins are created equal. https://z.cash/. Accesed Dec 2017.
  • Non-Patent Document 7 A. van Wirdum, ""Confidential assets” brings privacy to all blockchain assets: Blockstream” Bitcoin Magazine, April 2017, https://bitcoinmagazine.com/articles/confidential-assets-brings-privacy-all -blockchain-assets-blockstream/.
  • Non-Patent Document 8 E.Cecchetti et al., "Solidus: Confidential distributed ledger transactions via PVORM” Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2017.
  • Non-Patent Document 9 T. T. Kuo et al., "Modelchain: Decentralized Privacy-preserving Healthcare Predictive Modeling Framework on Private Blockchain Networks” arXiv preprint arXiv: 1802.01746, 2018.
  • Non-Patent Document 10 X.Chen et al., "Distributed Machine Learning Meets Blockchain: A Decentralized, Secure, and Privacy-preserving Realization” IEEE International Conference on Big Data (IEEE Big Data'18), pp. 1177-1186, 2018.
  • the present invention is a permission-type block that allows data analysis to be performed while personal privacy is preserved by returning a value added with noise to the response of the secret distributed ledger to a query when performing specific data analysis in a blockchain-based system. Its purpose is to provide a privacy-preserving data analysis method on a chain system.
  • the present invention is a privacy-preserving data analysis method on a permission-type blockchain system, wherein the permission-type blockchain system allows a node that is a system participant to access the permission-type blockchain system.
  • Client application Distributed ledger in which transactions on the blockchain network are recorded;
  • a distributed database including a personal database owned only by the distributed ledger and individual nodes;
  • a smart contract for controlling access to the distributed database.
  • the distributed ledger Including, the distributed ledger, a public distributed ledger shared by all members of the permission type blockchain system; A data public distribution ledger for storing transactions made in the permission type blockchain system, wherein the public distribution ledger includes one or more secret distributed ledgers shared only by a specific member of the permission type blockchain system; And a distributed learning model shared ledger storing a result of learning for each round and a final distributed learning model, wherein the data analysis method includes: a query calling step in which a client application calls a data analysis query function to a smart contract; A query response request step of performing, by the smart contract, a response request for the data analysis query function to the distributed database based on the data analysis query function; A query-response return step of returning a response value to the data analysis query function by applying differential privacy by the distributed database; And an analysis result return step of the smart contract analyzing and returning the response value.
  • the data analysis query function is stored in the smart contract, and the data analysis query function may cause the distributed database to return a response value by applying differential privacy.
  • the data public distributed ledger returns a response value to the data analysis query function
  • the secret distributed ledger and the personal database respond to the data analysis query function by adding noise based on differential privacy A value may be returned
  • the distributed learning model shared ledger stores and holds a privacy-preserving distributed learning model for the distributed learning model storage step.
  • the question-and-answer request step includes: a public distributed data response request step of requesting a response value for a data analysis query function from the data public distribution ledger; And a secret distributed data response request step of requesting a response value to a data analysis query function to which differential privacy is applied to the secret distributed ledger and the personal database. It may include.
  • the two or more secret distributed ledgers may independently return response values to which differential privacy-based noise is added to the data analysis query function.
  • the analysis result return step may return an analysis result by performing an analysis based on a data analysis query function by integrating the response value returned by the data public distribution ledger, the secret distribution ledger, and the personal database. have.
  • the storing of the distributed learning model and the error log for error-based auditing may store a distributed learning model and an error log calculated based on the response value returned by the distributed database.
  • any participant who can perform data analysis may access the client and receive an error log value at any time, and the client This can be used to perform an error-based audit.
  • a network configuration can be easily maintained by not adding a physical component to protect secret data.
  • each member has a smart contract and a distributed database, thereby preventing a single point of failure. Can exert.
  • FIG. 1 is a diagram schematically showing the configuration of a permission type blockchain system according to an embodiment of the present invention.
  • FIG. 2 is a diagram schematically showing the configuration of a smart contract according to an embodiment of the present invention.
  • FIG. 3 is a diagram schematically showing the configuration of a query function according to an embodiment of the present invention.
  • FIG. 4 is a diagram schematically showing the configuration of a distributed database according to an embodiment of the present invention.
  • FIG. 5 is a diagram schematically showing the configuration of a distributed ledger according to an embodiment of the present invention.
  • FIG. 6 is a diagram schematically showing the configuration of a public distributed ledger according to an embodiment of the present invention.
  • FIG. 7 is a diagram schematically showing the configuration of two nodes according to an embodiment of the present invention.
  • FIG. 8 is a flowchart of a data processing process of a permission type blockchain system.
  • FIG. 9 is a request and response flow diagram of an analysis method in which a database to which privacy guard is applied performs a response by applying differential privacy.
  • FIG. 10 is a request and response flow diagram of a privacy-preserving data analysis method of a permission-type blockchain system according to an embodiment of the present invention.
  • FIG. 11 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permission type blockchain system to which differential privacy is applied according to an embodiment of the present invention.
  • FIG. 12 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.
  • an embodiment As used herein, “an embodiment,” “example,” “aspect,” “example,” and the like may not be construed as having any aspect or design described as being better or advantageous than other aspects or designs.
  • the terms' ⁇ part','component','module','system', and'interface' used below generally mean a computer-related entity, for example, hardware, hardware It can mean a combination of software and software, or software.
  • first and second may be used to describe various elements, but the elements are not limited by the terms. These terms are used only for the purpose of distinguishing one component from another component.
  • a first element may be referred to as a second element, and similarly, a second element may be referred to as a first element.
  • the term and/or includes a combination of a plurality of related listed items or any of a plurality of related listed items.
  • FIG. 1 is a diagram schematically showing the configuration of a permission type blockchain system according to an embodiment of the present invention.
  • the permissioned blockchain system described in this specification is defined based on Hyperledger Fabric.
  • a permission type blockchain system includes one or more nodes 10; A client application 40 for a node that is a system participant to access the permission type blockchain system; A membership service provider 50 providing the client's credentials; And an orderer 60 for arranging transactions into blocks. Includes.
  • the node 10 is also called a peer and constitutes a blockchain network.
  • the node 10 serves to maintain a blockchain network in which transaction information (transaction) is stored.
  • transaction transaction information
  • FIG. 1 a plurality of nodes 10 may exist in the blockchain network to form a network. Some of these nodes 10 may perform the role of endorsers (endors).
  • the guarantee peer plays a role of executing the chaincode and guaranteeing the result according to the request of the application 40. The guarantee of such a guarantee peer may be performed based on a guarantee policy linked to the chaincode.
  • the application 40 may request the guarantee of the transaction by generating a transaction by the client and submitting it to the guarantee peer that guarantees the transaction.
  • Such an application 40 is not managed by a specific individual, but is performed by an administrator or institution of the corresponding blockchain network.
  • the membership service provider 50 verifies the credentials of the client using the application 40 so that the peer can participate in the blockchain network.
  • the client authenticates the transaction using the credentials of the membership service provider 50, and the peer authenticates the processing result of the transaction using the credentials. Only clients authorized through the membership service provider 50 can participate in the blockchain network.
  • the orderer 60 is a set of nodes that arrange transactions into blocks.
  • the orderer 60 exists independently of the general node 10, and orders and sorts the transactions proposed from the application 40 according to a consensus algorithm.
  • the orderer 60 generates the arranged transaction as a block and delivers it to the node 10 on the blockchain network.
  • the node 10 that has received such a block may operate as a definite peer (committer) to confirm a transaction.
  • the node 10 includes a distributed database 200 including a personal database in which transactions on the blockchain network are recorded and held only by individuals; And a smart contract 100 for controlling access to the distributed database 200. It may include.
  • the distributed database 200 is a block chain and transactions are recorded.
  • the distributed database 200 includes a distributed ledger in which transactions on a blockchain network are recorded; And a personal database 220 owned only by the individual node 10.
  • the smart contract 100 is written in a chain code and is called by the application 40 when the application 40 needs to interact with the distributed database 200.
  • the smart contract 100 stores various functions for accessing the distributed database 200, so that the data of the distributed database 200 can be updated or necessary information can be extracted from the data. have.
  • FIG. 2 is a diagram schematically showing the configuration of a smart contract according to an embodiment of the present invention.
  • a query function 110 and a distribution function 120 are stored in the smart contract 100 according to an embodiment of the present invention.
  • the query function 110 is a function for inquiring data of the distributed database 200
  • the distribution function 120 is a function for writing data to the distributed database 200.
  • the query function 110 may search for a block in order to inquire the data of the distributed database 200, or the size of the data in the distributed database 200, and the execution result of the query function 110 Is not recorded in the distributed database 200.
  • the distribution function 120 is a function for recording data in the distributed database 200, and the distribution function 120 executes the chain code of the smart contract 100 or registers a new chain code. The operation can be executed. Data may be recorded in the distributed database 200 according to the execution of the distribution function 120.
  • various functions may be stored in the smart contract 100 in an embodiment of the present invention.
  • FIG. 3 is a diagram schematically showing the configuration of a query function according to an embodiment of the present invention.
  • the query function 110 may include a general query function 111 and a data analysis query function 112.
  • the general query function 111 is a function that performs a general query that cannot perform individual data analysis on the data stored in the distributed database 200, and the data analysis query function 112 is capable of performing data analysis. This is a function that executes a query.
  • the data analysis query function 112 since the data analysis query function 112 is stored in the smart contract 100, it is possible to perform data analysis on the distributed database 200.
  • the data analysis query function 112 may cause the distributed database 200 to return a response value by applying differential privacy in order to maintain the privacy of the distributed database 200.
  • FIG. 4 is a diagram schematically showing the configuration of a distributed database according to an embodiment of the present invention.
  • a distributed database 200 includes a distributed ledger 210 shared by the permission type blockchain system; And a personal database 220 held by the nodes in the permission type blockchain system. It may include.
  • FIG. 5 is a diagram schematically showing the configuration of a distributed ledger according to an embodiment of the present invention.
  • a distributed ledger 210 includes a public distributed ledger 211 shared by all members of the permission type blockchain system; And at least one secret distributed ledger 212 shared only by a specific member of the permission type blockchain system. It may include. 5 shows a distributed ledger 210 including n secret distributed ledgers 212. The number of such secret distributed ledgers 212 may be different for each node of the same blockchain system.
  • FIG. 6 is a diagram schematically showing the configuration of a public distributed ledger according to an embodiment of the present invention.
  • a public distributed ledger 211 includes a data public distributed ledger 211.1 for storing transactions made in the permission type blockchain system; And a distributed learning model sharing ledger (211.2) for storing a result of learning for each round and a final distributed learning model in the permissioned blockchain system. It may include.
  • the public distributed ledger 211 according to an embodiment of the present invention can be shared by all members of the permission-type blockchain system.
  • FIG. 7 is a diagram schematically showing the configuration of two nodes according to an embodiment of the present invention.
  • Node A 10 and Node B 20 shown in FIG. 7 are nodes constituting the blockchain network. Both the node A 10 and the node B 20 include a smart contract 100 and a distributed database 200.
  • the distributed database 200 includes a distributed ledger 210 and a personal database 220.
  • the distributed ledger 210 includes a public distributed ledger 211 and a secret distributed ledger 212.
  • the public distributed ledger 211 includes a data public distributed ledger 211.1 and a distributed learning model. It includes a shared ledger (211.2).
  • both the node A 10 and the node B 20 include secret distributed ledger #1 (212.1).
  • the secret distributed ledger #1 (212.1) is a secret distributed ledger shared by the node A 10 and the node B 20 among nodes of the blockchain network.
  • the secret distributed ledger #1 (212.1) may be included in other nodes in addition to the node A (10) and the node B (20).
  • Secret Distributed Ledger #2 (212.2) is included in Node A 10, but not included in Node B 20.
  • the secret distributed ledger #2 (212.2) may be included in nodes other than the node A (10). However, since it is not included in the node B 20, the smart contract 100 of the node B 20 cannot access the data stored in the secret distributed ledger #2 212.2.
  • secret distributed ledger #3 (212.3) is included in the node B 20, but not included in the node A 10.
  • the secret distributed ledger #3 (212.3) may be included in nodes other than the node B (20). However, since it is not included in the node A 10, the smart contract 100 of the node A 10 cannot access the data stored in the secret distributed ledger #3 212.3.
  • FIG. 8 is a flowchart of a data processing process of a permission type blockchain system.
  • the requester 70 is a node of a blockchain network that tries to analyze data stored in the distributed database 200.
  • the requestor 70 may access the smart contract 100 through the application 40.
  • the smart contract 100 may access one public distributed ledger 211, two secret distributed ledgers 212 and one personal database 220.
  • the data analysis method includes a query calling step (S100) in which the client application 40 calls the data analysis query function 112 to the smart contract 100; A query response request step (S200) in which the smart contract 100 performs a response request for the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112; A query response return step (S300) in which the distributed database 200 returns a response value for the data analysis query function 112 by applying differential privacy; An analysis result return step (S400) in which the smart contract 100 analyzes and returns the response value; And performing an error-based auditing step (S500) of preventing a malicious attacker's attack behavior in advance based on the error log. Includes.
  • FIG. 9 is a request and response flow diagram of an analysis method in which a database to which privacy guard is applied performs a response by applying differential privacy.
  • FIG. 9 a method of adding noise using differential privacy is illustrated.
  • a privacy guard 80 exists between a requestor 70 for data analysis and a distributed database 90 for managing a query function related to analysis and calculating a response value to which noise is added.
  • the distributed database 90 is shown in FIG. 9, the privacy guard 80 can operate in the same manner in a general database.
  • the requestor 70 In order to apply differential privacy in the distributed database 90 to which the privacy guard 80 is applied as described above, the requestor 70 first requests a query to obtain specific information from the privacy guard 80 (S10). Performed.
  • a step (S20) of analyzing the query requested by the privacy guard 80 according to a preset policy is performed.
  • the privacy guard 80 may evaluate the degree of privacy impact of the query according to a preset policy.
  • a step (S30) of transmitting the query from the privacy guard 80 to the distributed database 90 is performed.
  • the distributed database 90 returns a response value based on the undistorted data to the privacy guard 80 (S40).
  • step (S50) of adding an appropriate amount of noise is performed by the privacy guard 80 based on the degree of privacy influence of the query evaluated in step S20.
  • the privacy guard 80 generates a result value in which noise is added to the response value to protect the confidentiality of information in the distributed database 90, and a result value in which noise is added to the requestor 70 Performs a step (S60) of returning.
  • the requestor 70 can not know specific data due to noise while receiving information on the requested query, so that the privacy of the distributed database 90 can be maintained.
  • FIG. 10 is a request and response flow diagram of a privacy-preserving data analysis method of a permission-type blockchain system according to an embodiment of the present invention.
  • the smart contract 100 including the data analysis query function performs the same role as the privacy guard 80 in FIG. 9.
  • the method of implementing differential privacy is not a form that is physically and singly divided like the privacy guard 80 of FIG. 9, but a form of an automatic function added to the inside of the smart contract 100 You get drunk.
  • a physical entity is not added but is logically added to the blockchain network, thereby reducing the burden on the network configuration, and all members share the same public distributed ledger 211, and each individual database 220 ), and some members based on the Secret Distributed Ledger 212 have the smart contract 100 including the same data analysis query function 112, so that the existing privacy guard 80-based differential privacy implementation method Compared to that, it can exhibit the effect of preventing a single point of failure.
  • the requestor 70 performs a query calling step S100 of calling the data analysis query function 112 to the smart contract 100 through the application 40.
  • the query response request step (S200) of the smart contract 100 performing a response request to the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112 Is performed.
  • the question-and-answer request step (S200) includes a public distributed data response request step (S210) of requesting a response value for the data analysis query function 112 from the data public distributed ledger 211.1; And a secret data response request step (S220) of requesting a response value for the data analysis query function 112 applying differential privacy to the secret distributed ledger 212 and the personal database 220. It may include.
  • the secret data response request step (S220) is performed after the public distributed data response request step (S210) is performed, but in the present invention, the public distributed data response request step (S210) and the secret data response The request step (S220) may be performed at the same time, or the secret data response request step (S220) may be performed first. That is, it is preferable that the open distributed data response request step (S210) and the secret data response request step (S220) are independently performed.
  • the data disclosure and distribution ledger 211.1 returns a response value to the data analysis query function 112 (S310), and the secret distribution ledger 212 and the personal database 220 A response value to which noise based on differential privacy is added to the analysis query function 112 is returned (S320).
  • the secret distributed ledger 212 and the personal database 220 return a response value to which noise based on differential privacy was added, so that the requestor 70 could find out the probability distribution characteristic of the distributed ledger 210.
  • individual information stored in the secret distribution ledger 212 and the personal database 220 cannot be found, it is possible to protect the privacy of the data of the secret distribution ledger 212 and the personal database 220. .
  • the two or more secret distributed ledgers 212 or the personal database 220 independently analyze the data. Response values to which noise based on differential privacy is added to the query function 112 may be returned, respectively.
  • the analysis result return step (S400) in which the smart contract 100 analyzes and returns the response value is performed.
  • the public distributed ledger, the secret distributed ledger, and the response value returned by the personal database 220 are integrated to perform an analysis based on a data analysis query function, and the analysis result Can be returned.
  • the smart contract performs an analysis by integrating the response values of the public distributed ledger 211, the secret distributed ledger 212 and the personal database 220 (S410 ), and returning the analysis result to the requestor 70 through the application 40 (S420).
  • the error-based audit execution step S500 may be performed to prevent an attack behavior of a malicious attacker who returns an incorrect response value.
  • the application 40 of the requestor 70 is shown to be independently executed through the smart contract 100, but in the present invention, the smart contract 100 is a logical entity taking the form of an automatic function.
  • the error-based audit performance step (S500) according to an embodiment of the present invention, any participant in the permission-type blockchain accesses the smart contract 100 through the application 40 at any time to perform an error-based audit (S500). Can run.
  • the analysis result return step (S400) uses the distributed learning model calculated by the smart contract 100 analyzing the response value.
  • the smart contract 1000 stores the distributed learning model derived by performing analysis in the distributed learning model sharing ledger 211.2, and the error In the log storage step S440, an error log for error-based audit may be stored.
  • the error-based audit performing step (S500) performed afterwards includes an error log request step (S510) in which the client requests the error log stored for future error-based auditing; An error log return step (S520) in which the distributed learning model disclosure ledger returns a response value to the error log request; And an audit performance step (S530) in which the client performs an error-based audit based on the response value of the error log return step.
  • FIG. 11 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permission type blockchain system to which differential privacy is applied according to an embodiment of the present invention.
  • FIG. 11 is a physical flow diagram of a request and flow chart of a privacy-preserving data analysis method of a permission type blockchain system according to an embodiment of the present invention made in FIG. 10 for easier understanding of the error-based audit execution step (S500) Represents.
  • S500 error-based audit execution step
  • FIG. 11 when data analysis on specific data is performed, all nodes owning the distributed database 200 store a calculated model and an error value thereof for each round.
  • FIG. 11 to show an example of this, an embodiment including only the node A 10 and the node B 20 is shown, and this may be from a few to a large number depending on the size of the network.
  • node A 10 and node B 20 perform a total of n rounds (i is 1 or more and n or less).
  • the node A 10 and the node B 20 make a storage request (S441) for the _round result value and store it in the distributed learning model open ledger 211.2 (S442).
  • the node A performs a storage request (S441.1A) for the result value of the first round in the first round, and the distributed learning model disclosure ledger 211.2 stores it (S442.1A).
  • the node B performs a storage request (S441.1B) for the result value of the first round in the first round, and the distributed learning model disclosure ledger 211.2 stores it (S442.1B).
  • the distributed learning model storage step (S430) and the error log storage step (S440) may be performed.
  • the requestor 70 driven by a specific node that wants to perform the error-based audit requests an error log value stored for the error-based audit (S510).
  • the error log value return step (S520) of returning the stored error log value for error-based auditing the previously stored error values of the model for Node A 10 and Node B 20 are returned. Thereafter, the requestor 70 can easily identify a node having a high error by performing an error-based audit (S530).
  • the error-based audit performing step (S500) in the error-based audit performing step (S500), specific nodes having high error values may be selected through the above process.
  • the error-based audit performance step (S500) in the privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention is performed to manage the node as an object of future audit through the corresponding error value.
  • This can be set flexibly according to the network policy. For example, in a network that represents an error value as a number from 0 to 1, it is possible to perform audit and management on nodes with an average error of 0.7 or more.
  • FIG. 12 is a flowchart illustrating an operation of a privacy-preserving data analysis method of a permissioned blockchain system to which differential privacy is applied according to an embodiment of the present invention.
  • Data on vehicles is stored in the blockchain network shown in FIG. 12.
  • the data type stored in the blockchain network is ⁇ key value; manufacturer; Model; color; Borrower; Purchase cost; Installment payment (months) ⁇ , and are stored in the public distributed ledger 211, at least one secret distributed ledger 212, and the personal database 220, respectively.
  • the smart contract 100 is a distribution function 120 capable of performing operations such as writing, modification, and deletion on the distributed ledger 210, and reading basic information of the distributed database 200. It includes a general query function 111 and a data analysis query function 112 for performing data analysis. These functions are pre-designed and included before the blockchain network is started.
  • the requestor 70 performs a query calling step S100 of calling the data analysis query function 112 to the smart contract 100 through the application 40.
  • the query response request step (S200) of the smart contract 100 performing a response request to the data analysis query function 112 to the distributed database 200 based on the data analysis query function 112 Is performed.
  • the data analysis query function 112 may include a function such as searching for a higher manufacturer or higher model of the distributed database 200, searching for color distribution of stored vehicle data, or predicting and analyzing a future fashion model.
  • the question-and-answer request step (S200) includes a public distributed data response request step (S210) of requesting a response value for a data analysis query function from the public distributed ledger 211; And a secret data response request step (S220) of requesting a response value for a data analysis query function to which differential privacy is applied to the secret distributed ledger 212 and the personal database 220.
  • the public distributed ledger 211 requests a response value for the data analysis query function 112
  • the secret distributed ledger 212 and the personal database 220 request a response value to which differential privacy is applied.
  • the public distributed ledger 211 returns a response value to the data analysis query function 112 (S310), and the secret distributed ledger 212 and the personal database 220, the data analysis query A response value to which noise based on differential privacy is added is returned to the function 112 (S320).
  • the smart contract 100 performs an analysis based on a data analysis query function by integrating the response values returned by the public distributed ledger 211, the secret distributed ledger 212 and the personal database 220.
  • the analysis result return step (S400) of returning the analysis result to the requestor 70 through the application 40 is performed.
  • the data analysis can be performed without exposing the value of secret data owned by only a specific member.
  • a network configuration can be easily maintained by not adding a physical component to protect secret data.
  • the privacy-preserving data analysis method may be performed in advance to prevent an attack behavior of a malicious attacker who returns an incorrect response value through the error-based audit execution step (S500). This can be done at any time by any participant in the permissioned blockchain network, and it is easy to determine whether a specific participant returned a correct value or incorrect value before.
  • each member has a smart contract and a distributed database, thereby preventing a single point of failure. Can exert.
  • Methods according to an embodiment of the present invention may be implemented in the form of program instructions that can be executed through various computing devices and recorded in a computer-readable medium.
  • the program according to the present embodiment may be composed of a PC-based program or an application dedicated to a mobile terminal.
  • An application to which the present invention is applied may be installed on a user terminal through a file provided by the file distribution system.
  • the file distribution system may include a file transmission unit (not shown) that transmits the file according to the request of the user terminal.
  • the apparatus described above may be implemented as a hardware component, a software component, and/or a combination of a hardware component and a software component.
  • the devices and components described in the embodiments are, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA). , A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions, such as one or more general purpose computers or special purpose computers.
  • the processing device may execute an operating system (OS) and one or more software applications executed on the operating system.
  • OS operating system
  • the processing device may access, store, manipulate, process, and generate data in response to the execution of software.
  • the processing device is a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that it may include.
  • the processing device may include a plurality of processors or one processor and one controller.
  • other processing configurations are possible, such as a parallel processor.
  • the software may include a computer program, code, instructions, or a combination of one or more of these, configuring the processing unit to operate as desired or processed independently or collectively. You can command the device.
  • Software and/or data may be interpreted by a processing device or to provide instructions or data to a processing device, of any type of machine, component, physical device, virtual equipment, computer storage medium or device. , Or may be permanently or temporarily embodyed in a transmitted signal wave.
  • the software may be distributed over networked computing devices and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.
  • the method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium.
  • the computer-readable medium may include program instructions, data files, data structures, and the like alone or in combination.
  • the program instructions recorded on the medium may be specially designed and configured for the embodiment, or may be known and usable to those skilled in computer software.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks.
  • -A hardware device specially configured to store and execute program instructions such as magneto-optical media, and ROM, RAM, flash memory, and the like.
  • Examples of the program instructions include not only machine language codes such as those produced by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like.
  • the hardware device described above may be configured to operate as one or more software modules to perform the operation of the embodiment, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computational Linguistics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un procédé d'analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé et, plus spécifiquement, un procédé d'une analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé. Lorsqu'une analyse de données spécifique est effectuée dans un système basé sur une chaîne de blocs, une valeur qui est obtenue en ajoutant un bruit à une réponse d'un registre distribué secret par rapport à une interrogation est renvoyée de façon à permettre l'exécution d'une analyse de données tout en préservant la confidentialité personnelle.
PCT/KR2019/006498 2018-12-20 2019-05-30 Procédé d'analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé Ceased WO2020189846A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
KR20180165936 2018-12-20
KR10-2019-0032442 2019-03-21
KR1020190032442A KR102149900B1 (ko) 2018-12-20 2019-03-21 허가형 블록체인 시스템 상에서의 프라이버시 보존형 데이터 분석 방법

Publications (1)

Publication Number Publication Date
WO2020189846A1 true WO2020189846A1 (fr) 2020-09-24

Family

ID=71121360

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/006498 Ceased WO2020189846A1 (fr) 2018-12-20 2019-05-30 Procédé d'analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé

Country Status (2)

Country Link
KR (1) KR102149900B1 (fr)
WO (1) WO2020189846A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113112354A (zh) * 2021-03-04 2021-07-13 卓尔智联(武汉)研究院有限公司 一种区块链网络的交易处理方法、区块链网络及存储介质
WO2024103394A1 (fr) * 2022-11-18 2024-05-23 Ge Yang Théorie de jetons financiers et de jetons web3
CN120930168A (zh) * 2025-08-27 2025-11-11 重庆大学 面向干扰数据的动态自适应交易方法

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022010297A1 (fr) * 2020-07-10 2022-01-13 주식회사 미디움 Procédé pour transmettre, par un terminal homologue, des données de bloc à un terminal client dans une structure hyperledger fabric
CN112699413B (zh) * 2021-01-20 2022-07-01 泉州华中科技大学智能制造研究院 一种可保护数据安全的区块链系统及其数据处理方法
WO2022195860A1 (fr) 2021-03-19 2022-09-22 日本電気株式会社 Système de vote et procédé de vote
WO2022260501A1 (fr) * 2021-06-11 2022-12-15 삼성전자 주식회사 Dispositif électronique comprenant un registre partiel dans un réseau de chaîne de blocs et son procédé de fonctionnement
WO2023106608A1 (fr) 2021-12-06 2023-06-15 삼성전자 주식회사 Dispositif d'analyse de mégadonnées pour la prévention d'une violation d'informations personnelles, son procédé de fonctionnement, et support de stockage non transitoire lisible par ordinateur
KR102486447B1 (ko) 2021-12-07 2023-01-09 서울과학기술대학교 산학협력단 차분 프라이버시를 이용한 데이터 난독화 시스템 및 방법
CN114531243B (zh) * 2022-01-04 2024-02-09 北京理工大学 基于标签加密与零知识证明的联盟链交易隐私保护方法
KR102541464B1 (ko) * 2022-03-28 2023-06-13 주식회사 소금광산 타겟 마케팅에 필요한 개인 데이터의 열람 및 열람에 대한 보상 방법 및 시스템
KR102480890B1 (ko) 2022-06-03 2022-12-22 가천대학교 산학협력단 허가형 블록체인 기술을 이용한 건강정보관리방법
KR102913019B1 (ko) * 2023-12-11 2026-01-15 주식회사 리드포인트시스템 앵커링 기술 기반의 블록체인 데이터 원본성 증명 방법 및 시스템

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143289A1 (en) * 2005-12-16 2007-06-21 Microsoft Corporation Differential data privacy
US20160335455A1 (en) * 2013-12-20 2016-11-17 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for managing access to a database
KR20180095896A (ko) * 2015-12-23 2018-08-28 소니 주식회사 인가된 액세스를 위한 클라이언트 장치, 서버 장치 및 액세스 제어 시스템
KR101946196B1 (ko) * 2018-03-26 2019-02-08 그래프 블록체인 리미티드 프라이빗 블록체인 기반 시스템을 관제하는 관제시스템 및 관제방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143289A1 (en) * 2005-12-16 2007-06-21 Microsoft Corporation Differential data privacy
US20160335455A1 (en) * 2013-12-20 2016-11-17 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for managing access to a database
KR20180095896A (ko) * 2015-12-23 2018-08-28 소니 주식회사 인가된 액세스를 위한 클라이언트 장치, 서버 장치 및 액세스 제어 시스템
KR101946196B1 (ko) * 2018-03-26 2019-02-08 그래프 블록체인 리미티드 프라이빗 블록체인 기반 시스템을 관제하는 관제시스템 및 관제방법

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
E-FINANCE AND FINANCIAL SECURITY, 26 April 2017 (2017-04-26), ISSN: 2671-7093, Retrieved from the Internet <URL:http://www.fsec.or.kr/user/bbs/tsec/146/313/bbsDataView/792.do?pag> *
JUNG, KANGSOO ET AL.: "Research on Deidentification Technique Based on Differential Privacy", REVIEW OF KIISC, vol. 28, no. 2, April 2018 (2018-04-01), pages 61 - 77, Retrieved from the Internet <URL:https://www.dbpia.co.kr/joumal/articleDetail?nodeId=NODE07424024&language=ko_KR> *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113112354A (zh) * 2021-03-04 2021-07-13 卓尔智联(武汉)研究院有限公司 一种区块链网络的交易处理方法、区块链网络及存储介质
WO2024103394A1 (fr) * 2022-11-18 2024-05-23 Ge Yang Théorie de jetons financiers et de jetons web3
CN120930168A (zh) * 2025-08-27 2025-11-11 重庆大学 面向干扰数据的动态自适应交易方法

Also Published As

Publication number Publication date
KR20200077366A (ko) 2020-06-30
KR102149900B1 (ko) 2020-08-31

Similar Documents

Publication Publication Date Title
WO2020189846A1 (fr) Procédé d&#39;analyse de données préservant la confidentialité dans un système de chaîne de blocs autorisé
US11204919B2 (en) Optimizing queries and other retrieve operations in a blockchain
US20200119904A1 (en) Tamper-proof privileged user access system logs
WO2020189926A1 (fr) Procédé et serveur permettant de gérer une identité d&#39;utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d&#39;authentification d&#39;utilisateur utilisant l&#39;identité d&#39;utilisateur basée sur un réseau à chaîne de blocs
WO2020130331A1 (fr) Procédé de partage et de vérification de blocs et de documents électroniques entre des nœuds dans une chaîne de blocs
WO2020189927A1 (fr) Procédé et serveur de gestion de l&#39;identité d&#39;un utilisateur à l&#39;aide d&#39;un réseau de chaîne de blocs, et procédé et terminal d&#39;authentification d&#39;utilisateur à l&#39;aide d&#39;une identité d&#39;utilisateur sur la base d&#39;un réseau de chaîne de blocs
WO2020175753A1 (fr) Procédé et système permettant de gérer, sur la base de mégadonnées, des résultats de projet créés par un expert
CN114422197A (zh) 一种基于策略管理的权限访问控制方法及系统
WO2020189800A1 (fr) Procédé et système d&#39;authentification de données générées dans une chaîne de blocs
JP5948472B1 (ja) 情報管理システムおよび業務システム
Pawar et al. BlockAudit 2.0: PoA blockchain based solution for secure Audit logs
WO2020189993A1 (fr) Procédé et système de prévention de perte de cryptomonnaie
US7761419B2 (en) Protected data replication
US11658996B2 (en) Historic data breach detection
WO2019125081A1 (fr) Système d&#39;octroi de droits d&#39;accès à usage unique à l&#39;aide d&#39;une chaîne de blocs
WO2020189801A1 (fr) Procédé et système d&#39;authentification de données générées dans une chaîne de blocs à l&#39;aide d&#39;un contrat pouvant être signé
Gawande et al. Analysis of data confidentiality techniques in cloud computing
WO2019160167A1 (fr) Procédé de fourniture de données de bio-informations basé sur une pluralité de chaînes de blocs, procédé de stockage de données de bio-informations et système de transmission de données de bio-informations
WO2008080765A1 (fr) Procédé et système pour un accès chiffré sur la base d&#39;un contenu, à une base de données
US20220350900A1 (en) Secure distribution of embedded policy
Zhuravka et al. Increasing of Information Systems Security by Methods of System Analysis
WO2021015463A2 (fr) Procédé de service de prêt basé sur une chaîne de blocs et dispositif utilisant ce procédé
US11582248B2 (en) Data breach protection
AHMED et al. Minimization of security issues in cloud computing
CN115296901B (zh) 基于人工智能的权限管理方法及相关设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19919911

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19919911

Country of ref document: EP

Kind code of ref document: A1