本說明書一個或多個實施例提供一種區塊鏈資料處理方法、裝置及系統,用以實現在使用區塊鏈技術的同時確保資料的安全性的目的。
為了使本技術領域的人員更好地理解本說明書一個或多個實施例中的技術方案,下面將結合本說明書一個或多個實施例中的圖式,對本說明書一個或多個實施例中的技術方案進行清楚、完整地描述,顯然,所描述的實施例僅僅是本說明書一部分實施例,而不是全部的實施例。基於本說明書一個或多個實施例,本領域普通技術人員在沒有作出創造性勞動前提下所獲得的所有其他實施例,都應當屬於本說明書一個或多個實施例保護的範圍。
圖1是根據本說明書一實施例的一種區塊鏈資料處理方法的示意性流程圖,如圖1所示,該方法包括:
S102,獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料。
S104,按照預設的混淆加密處理方式對多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料。
S106,對至少一個目標雜湊資料進行分段處理。
S108,將分段後的目標雜湊資料分別儲存至第二區塊鏈中。
在一個實施例中,第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料為該第一區塊鏈中記錄的交易的帳本,該帳本可以是僅對第一區塊鏈中的節點可存取。該帳本經過混淆加密處理後儲存至第二區塊鏈,第二區塊鏈中儲存的混淆加密後的帳本可以是對外部用戶可存取。由此,一方面使得外部用戶如公眾可存取到該帳本,以保障資料真實透明,另一方面,由於外部用戶獲取的是混淆加密處理後的帳本,其難以對混淆加密後的帳本進行解析以獲得真實交易量的相關資訊,也保障了交易資訊的安全。
由此,上述技術方案透過混淆多個業務資料所對應的多個雜湊資料,使得最終儲存的目標雜湊資料能被外部用戶存取,但外部用戶很難對其進行分析以獲知交易規模、交易量級等資訊。因此在保障區塊鏈中資料真實透明的同時,還能夠保障資料的安全性,從而有利於用戶在使用區塊鏈時能夠更好地保護自身業務。
應理解,在本申請實施例中,對雜湊資料的混淆加密處理可包括多種方式。
可選地,在一種實現方式中,可將多個雜湊資料組成的內容進行雜湊計算得到一個雜湊資料。
例如,假設區塊鏈的某個區塊中的4個儲存記錄對應的雜湊資料分別為HashA、HashB、HashC和HashD,則混淆加密處理後的雜湊資料HashABCD=Hash(HashA+HashB+ HashC+HashD),其中,函數Hash()表示雜湊計算函數,例如MD5、SHA-1、SHA-256、SHA-384及SHA-512,等等。在比特幣系統中,採用的雜湊演算法為SHA-256。
可選地,在另一種實現方式中,可將任一個雜湊資料分成多個部分的內容再分別進行雜湊計算,得到所述多個部分的內容對應的多個雜湊資料。
例如,假設區塊鏈的某個區塊中的一個儲存記錄對應的雜湊資料為HashA,可將HashA拆分成HashA1和HashA2,然後分別進行雜湊處理,即得到HashA1’= Hash (HashA1),HashA2’= Hash(HashA2),此時的HashA1’和HashA2’即對HashA進行混淆加密處理後得到的雜湊資料。當然,還可將HashA拆分成3個部分、4個部分乃至更多部分,具體拆分成多少個部分,怎麼拆分,是可配置的。
可選地,在另一種實現方式中,可將多個雜湊資料組成的內容再分成多個部分的內容,並對每個部分的內容分別進行雜湊計算,得到所述多個部分的內容對應的多個雜湊資料。
例如,假設區塊鏈的某個區塊中的4個儲存記錄對應的雜湊資料分別為HashA、HashB、HashC和HashD,其組成的內容HashABCD=(HashA+HashB+HashC+HashD);可將HashABCD分成HashABCD1和HashABCD2,再對HashABCD1和HashABCD2分別進行雜湊計算得到Hash(HashABCD1)和Hash(HashABCD2),Hash
(HashABCD1)和Hash(HashABCD2)即為該多個部分的內容對應的多個雜湊資料。
此外,應理解,本申請實施例的混淆方案,還可進行多層混淆加密處理,即將一層混淆加密處理之後的雜湊資料,再進行一層或多層的混淆加密處理。不同層混淆加密處理的演算法,可以相同,也可以不同。
例如,假設區塊鏈的某個區塊中的4個儲存記錄對應的雜湊資料分別為HashA、HashB、HashC和HashD,則第一層混淆加密處理後的雜湊資訊HashABCD=Hash(HashA+ HashB+HashC+HashD);第二層混淆加密處理後的雜湊資料為Hash(HashABCD1)和Hash(HashABCD2),其中HashABCD = HashABCD1+HashABCD2。
可選的,在另一種實現方式中,可對雜湊資料進行一次或多次的分段處理和/或雜湊計算。具體的,可僅對雜湊資料進行分段處理以得到目標雜湊資料,也可將分段處理和雜湊計算的方式結合起來對雜湊資料進行混淆加密以得到目標雜湊資料。
以下列舉一種詳細的混淆加密處理方式。
首先,按照指定分段規則對雜湊資料進行分段處理,得到多個第一資料片段。
其中,指定分段規則包括:按照指定資料長度進行分段的規則;例如,指定資料長度為64KB,則按照每個資料片段大小為64KB的規則對雜湊資料進行分段;或者,按照指定時長進行分段的規則;例如,指定時長為1秒,則按照每秒內儲存的雜湊資料進行分段,如當前1秒內儲存的雜湊資料為一個資料片段,下1秒內儲存的雜湊資料則為下一個資料片段。
其次,分別對各第一資料片段進行雜湊計算,得到多個第二資料片段。
最後,根據多個第二資料片段判定混淆加密後的目標雜湊資料。具體的,可直接判定第二資料片段為目標雜湊資料,還可再次對第二資料片段進行一次或多次的分段處理和/或雜湊計算,最終得到目標雜湊資料。
本實施例中,列舉了首先對雜湊資料進行分段處理、然後對分段後得到的資料片段進行雜湊計算的混淆加密處理方式。顯然,由於混淆加密處理方式的多樣性,經過混淆加密處理後的目標雜湊資料很難被外部用戶獲知,因此可確保目標雜湊資料的安全性。
當然,除上述列舉的混淆加密處理方式之外,還可採用其他多種混淆加密處理方式對雜湊資料進行混淆加密處理,包括多次分段處理和多次雜湊計算相結合的方式,且多次分段處理和多次雜湊計算的順序不受限定。分段處理和/或雜湊計算的次數越多,即混淆加密處理方式越複雜,得到的目標雜湊資料的安全性也就越高。
在一個實施例中,在獲取第一區塊鏈中記錄的業務資料所對應的雜湊資料之前,可先判定第一區塊鏈的資料查看權限為僅對第一指定用戶組可見,如僅對第一區塊鏈中的各節點可見;及,判定第二區塊鏈的資料查看權限為對所有用戶可見,如外部用戶如公眾均可存取該資料。
其中,第一指定用戶組可以是一個用戶或多個用戶。
本實施例中,由於第一區塊鏈僅對第一指定用戶組可見,其他外部用戶不可見,因此第一區塊鏈中區塊儲存的多個業務資料所對應的多個雜湊資料很難被外部用戶獲知,從而確保多個業務資料所對應的多個雜湊資料的安全性;此外,由於第二區塊鏈對所有用戶可見,即所有用戶都能夠獲知第二區塊鏈中儲存的混淆加密後的目標雜湊資料,因此保障了區塊鏈中資料的透明真實性,且即使外部用戶獲知了第二區塊鏈中儲存的混淆加密後的目標雜湊資料,由於不知道目標雜湊資料對應的混淆加密處理方式,因此也無法獲知業務資料的真實資料,從而確保業務資料的安全性,有利於用戶在使用區塊鏈時能夠更好地保護自身業務。
在一個實施例中,將混淆加密後的至少一個目標雜湊資料儲存至第二區塊鏈中時,可先對混淆加密後的至少一個目標雜湊資料進行分段處理,進而將分段後的目標雜湊資料分別儲存至第二區塊鏈中。
本實施例中,分段處理對應的每個分段中所包含的目標雜湊資料不多於預定個數,其中,預定個數個目標雜湊資料的總長度應不大於第二區塊鏈中區塊記錄資料的最大長度。因此,在對混淆加密後的至少一個目標雜湊資料進行分段處理時,可按照每個分段中包含固定數量個目標雜湊資料的方式進行分段,其中,固定數量應不大於預定個數。
本實施例中,對混淆加密後的至少一個目標雜湊資料進行分段處理後,得到多個分段。因此,將分段後的目標雜湊資料分別儲存至第二區塊鏈中時,可將各分段中所包含的目標雜湊資料分別作為一條業務記錄儲存到第二區塊鏈中。
在一個實施例中,可將混淆加密處理方式儲存至第三區塊鏈中,並判定第三區塊鏈的資料查看權限為僅對第二指定用戶組可見。
其中,第二指定用戶組可以是一個用戶或多個用戶。第二指定用戶組可與第一指定用戶組(即針對第一區塊鏈可見的用戶組)相同或不同。第二指定用戶組可以是與第一區塊鏈/第二區塊鏈中所儲存的資料相關的工作人員,如區塊鏈的維護人員,該(些)用戶可對第一區塊鏈/第二區塊鏈中所儲存的雜湊資料進行管理,如儲存、更新等操作;或者,該(些)用戶還可對第三區塊鏈中儲存的混淆加密處理方式進行管理,如儲存、修改等操作。
本實施例中,透過將混淆加密處理方式單獨儲存至第三區塊鏈中,使得第二指定用戶組方便獲知混淆加密處理方式,從而透過獲取混淆加密處理方式來獲取業務資料的真實資料。並且,由於第三區塊鏈僅對第二指定用戶組可見,其他外部用戶不可見,因此外部用戶很難獲知第三區塊鏈中儲存的混淆加密處理方式,從而很難獲知業務資料的真實資料,確保了業務資料的安全性。
在一個實施例中,也可將混淆加密處理方式儲存至第一區塊鏈中,由於第一區塊鏈僅對第一指定用戶組可見,其他外部用戶不可見,因此第一區塊鏈中儲存的混淆加密處理方式很難被外部用戶獲知,從而使外部用戶很難獲知業務資料的真實資料,確保了業務資料的安全性。
本實施例中,將混淆加密處理方式與業務資料對應的雜湊資料一起儲存在第一區域鏈中,不僅能確保業務資料的安全性,還能節省混淆加密處理方式對區塊鏈的佔用。
綜上,已經對本主題的特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作可以按照不同的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序,以實現期望的結果。在某些實施方式中,多工處理和並行處理可以是有利的。
以上為本說明書一個或多個實施例提供的區塊鏈資料處理方法,基於同樣的思路,本說明書一個或多個實施例還提供一種區塊鏈資料處理裝置。
圖2是根據本說明書一實施例的一種區塊鏈資料處理裝置的示意性方塊圖,如圖2所示,區塊鏈資料處理裝置200包括:
獲取模組210,用於獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料;
混淆模組220,用於按照預設的混淆加密處理方式對多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料;
分段模組230,用於對所述至少一個目標雜湊資料進行分段處理;
第一儲存模組240,用於將分段後的目標雜湊資料分別儲存至第二區塊鏈中。
在一個實施例中,混淆模組220包括:
計算單元,用於分別對各雜湊資料進行至少一次的雜湊計算,得到至少一個目標雜湊資料。
在一個實施例中,分段處理對應的每個分段中所包含的目標雜湊資料不多於預定個數。
在一個實施例中,第一儲存模組240包括:
儲存單元,用於將各分段中所包含的目標雜湊資料分別作為一條業務記錄儲存到第二區塊鏈中。
在一個實施例中,裝置200還包括:
第一判定模組,用於在獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料之前,判定第一區塊鏈的資料查看權限為僅對第一指定用戶組可見;及,判定第二區塊鏈的資料查看權限為對所有用戶可見。
在一個實施例中,裝置200還包括:
儲存及判定模組,用於將混淆加密處理方式儲存至第三區塊鏈中;及,判定第三區塊鏈的資料查看權限為僅對第二指定用戶組可見。
採用本說明書一個或多個實施例的裝置,透過獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料,並按照預設的混淆加密處理方式對多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料,以及對該至少一個目標雜湊資料進行分段處理,進而將分段後的目標雜湊資料分別儲存至第二區塊鏈中。可見,該技術方案透過混淆多個業務資料所對應的多個雜湊資料,使得最終儲存的目標雜湊資料能被外部用戶存取,但外部用戶很難對其進行分析以獲知交易規模、交易量級等資訊。因此在保障區塊鏈中資料真實透明的同時,還能夠保障資料的安全性,從而有利於用戶在使用區塊鏈時能夠更好地保護自身業務。
本領域的技術人員應可理解,上述區塊鏈資料處理裝置能夠用來實現前文所述的區塊鏈資料處理方法,其中的細節描述應與前文方法部分描述類似,為避免繁瑣,此處不另贅述。
基於同樣的思路,本說明書一個或多個實施例還提供一種區塊鏈資料處理系統。
圖3是根據本說明書一實施例的一種區塊鏈資料處理系統的示意性方塊圖,如圖3所示,區塊鏈資料處理系統300包括第一區塊鏈310、資料處理節點320及第二區塊鏈330;其中:
第一區塊鏈310,用於記錄多個業務資料所對應的多個雜湊資料;
資料處理節點320,用於獲取第一區塊鏈310中區塊記錄的多個雜湊資料;
資料處理節點320,還用於按照預設的混淆加密處理方式對多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料;對至少一個目標雜湊資料進行分段處理;將分段後的目標雜湊資料分別儲存至第二區塊鏈330中;
第二區塊鏈330,用於儲存分段後的目標雜湊資料。
在一個實施例中,資料處理節點320還用於:
分別對各雜湊資料進行至少一次的雜湊計算,得到至少一個目標雜湊資料。
在一個實施例中,分段處理對應的每個分段中所包含的目標雜湊資料不多於預定個數。
在一個實施例中,資料處理節點320還用於:
將各所述分段中所包含的目標雜湊資料分別作為一條業務記錄儲存到所述第二區塊鏈中。
在一個實施例中,資料處理節點320還用於:
判定第一區塊鏈的資料查看權限為僅對第一指定用戶組可見;及,判定第二區塊鏈的資料查看權限為對所有用戶可見。
在一個實施例中,系統300還包括:
第三區塊鏈,用於儲存混淆加密處理方式;
相應的,資料處理節點320,還用於判定第三區塊鏈資料查看權限為僅對第二指定用戶組可見。
採用本說明書一個或多個實施例的系統,透過獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料,並按照預設的混淆加密處理方式對多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料,以及對該至少一個目標雜湊資料進行分段處理,進而將分段後的目標雜湊資料分別儲存至第二區塊鏈中。可見,該技術方案透過混淆多個業務資料所對應的多個雜湊資料,使得最終儲存的目標雜湊資料能被外部用戶存取,但外部用戶很難對其進行分析以獲知交易規模、交易量級等資訊。因此在保障區塊鏈中資料真實透明的同時,還能夠保障資料的安全性,從而有利於用戶在使用區塊鏈時能夠更好地保護自身業務。
本領域的技術人員應可理解,上述區塊鏈資料處理系統能夠用來實現前文所述的區塊鏈資料處理方法,其中的細節描述應與前文方法部分描述類似,為避免繁瑣,此處不另贅述。
基於同樣的思路,本說明書一個或多個實施例還提供一種區塊鏈資料處理設備,如圖4所示。區塊鏈資料處理設備可因配置或性能不同而產生比較大的差異,可以包括一個或一個以上的處理器401和記憶體402,記憶體402中可以儲存有一個或一個以上儲存應用程式或資料。其中,記憶體402可以是短暫儲存或持久儲存。儲存在記憶體402的應用程式可以包括一個或一個以上模組(圖示未示出),每個模組可以包括對區塊鏈資料處理設備中的一系列電腦可執行指令。更進一步地,處理器401可以設置為與記憶體402通信,在區塊鏈資料處理設備上執行記憶體402中的一系列電腦可執行指令。區塊鏈資料處理設備還可以包括一個或一個以上電源403,一個或一個以上有線或無線網路介面404,一個或一個以上輸入輸出介面405,一個或一個以上鍵盤406。
具體在本實施例中,區塊鏈資料處理設備包括有記憶體,以及一個或一個以上的程式,其中一個或者一個以上程式儲存於記憶體中,且一個或者一個以上程式可以包括一個或一個以上模組,且每個模組可以包括對區塊鏈資料處理設備中的一系列電腦可執行指令,且經配置以由一個或者一個以上處理器執行該一個或者一個以上套裝程式含用於進行以下電腦可執行指令:
獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料;
按照預設的混淆加密處理方式對所述多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料;
對所述至少一個目標雜湊資料進行分段處理;
將所述分段後的目標雜湊資料分別儲存至第二區塊鏈中。
可選地,電腦可執行指令在被執行時,還可以使所述處理器:
分別對各所述雜湊資料進行至少一次的雜湊計算,得到所述至少一個目標雜湊資料。
可選地,所述分段處理對應的每個分段中所包含的目標雜湊資料不多於預定個數。可選地,電腦可執行指令在被執行時,還可以使所述處理器:
將各所述分段中所包含的目標雜湊資料分別作為一條業務記錄儲存到所述第二區塊鏈中。
可選地,電腦可執行指令在被執行時,還可以使所述處理器:
在獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料之前,判定所述第一區塊鏈的資料查看權限為僅對第一指定用戶組可見;及,判定所述第二區塊鏈的資料查看權限為對所有用戶可見。
可選地,電腦可執行指令在被執行時,還可以使所述處理器:
將所述混淆加密處理方式儲存至第三區塊鏈中;及,判定所述第三區塊鏈的資料查看權限為僅對第二指定用戶組可見。
本說明書一個或多個實施例還提出了一種電腦可讀儲存媒體,該電腦可讀儲存媒體儲存一個或多個程式,該一個或多個程式包括指令,該指令當被包括多個應用程式的電子設備執行時,能夠使該電子設備執行上述區塊鏈資料處理方法,並具體用於執行:
獲取第一區塊鏈中區塊記錄的多個業務資料所對應的多個雜湊資料;
按照預設的混淆加密處理方式對所述多個雜湊資料進行混淆加密處理,得到混淆後的至少一個目標雜湊資料;
分段模組,用於對所述至少一個目標雜湊資料進行分段處理;
將所述分段後的目標雜湊資料分別儲存至第二區塊鏈中。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦。具體的,電腦例如可以為個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任何設備的組合。
為了描述的方便,描述以上裝置時以功能分為各種單元分別描述。當然,在實施本說明書一個或多個實施例時可以把各單元的功能在同一個或多個軟體和/或硬體中實現。
本領域內的技術人員應明白,本說明書一個或多個實施例可提供為方法、系統、或電腦程式產品。因此,本說明書一個或多個實施例可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本說明書一個或多個實施例可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。
本說明書一個或多個實施例是參照根據本申請實施例的方法、設備(系統)、和電腦程式產品的流程圖和/或方塊圖來描述的。應理解可由電腦程式指令實現流程圖和/或方塊圖中的每一流程和/或方塊、以及流程圖和/或方塊圖中的流程和/或方塊的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得透過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的裝置。
這些電腦程式指令也可儲存在能引導電腦或其他可程式設計資料處理設備以特定方式工作的電腦可讀記憶體中,使得儲存在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能。
這些電腦程式指令也可裝載到電腦或其他可程式設計資料處理設備上,使得在電腦或其他可程式設計設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式設計設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的步驟。
在一個典型的配置中,計算設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。
記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)和/或非揮發性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。
電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶,磁帶磁片儲存或其他磁性儲存設備或任何其他非傳輸媒體,可用於儲存可以被計算設備存取的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調製的資料信號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。
本說明書一個或多個實施例可以在由電腦執行的電腦可執行指令的一般上下文中描述,例如程式模組。一般地,程式模組包括執行特定任務或實現特定抽象資料類型的常式、程式、物件、元件、資料結構等等。也可以在分散式運算環境中實踐本申請,在這些分散式運算環境中,由透過通信網路而被連接的遠端處理設備來執行任務。在分散式運算環境中,程式模組可以位於包括儲存設備在內的本地和遠端電腦儲存媒體中。
本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。
以上所述僅為本說明書一個或多個實施例而已,並不用於限制本說明書。對於本領域技術人員來說,本說明書一個或多個實施例可以有各種更改和變化。凡在本說明書一個或多個實施例的精神和原理之內所作的任何修改、等同替換、改進等,均應包含在本說明書一個或多個實施例的申請專利範圍範圍之內。One or more embodiments of this specification provide a blockchain data processing method, device, and system, which are used to achieve the purpose of ensuring data security while using blockchain technology.
In order to enable those skilled in the art to better understand the technical solutions in one or more embodiments of this specification, the following will combine the drawings in one or more embodiments of this specification to compare The technical solution is described clearly and completely. Obviously, the described embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on one or more embodiments of this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of one or more embodiments of this specification.
Fig. 1 is a schematic flowchart of a blockchain data processing method according to an embodiment of this specification. As shown in Fig. 1, the method includes:
S102: Obtain multiple hash data corresponding to multiple business data recorded in a block in the first blockchain.
S104: Perform obfuscation encryption processing on a plurality of hash data according to a preset obfuscation encryption processing manner to obtain at least one target hash data after obfuscation.
S106: Perform segment processing on at least one target hash data.
S108: Store the segmented target hash data into the second blockchain respectively.
In one embodiment, the multiple hash data corresponding to the multiple business data recorded in the block in the first blockchain is the ledger of the transactions recorded in the first blockchain, and the ledger may only be the Nodes in a blockchain are accessible. The ledger is obfuscated and encrypted and then stored in the second blockchain, and the obfuscated and encrypted ledger stored in the second blockchain may be accessible to external users. Therefore, on the one hand, external users, such as the public, can access the ledger to ensure the authenticity and transparency of the data. On the other hand, because external users obtain the obfuscated and encrypted ledger, it is difficult for them to compare the obfuscated encrypted account. This analysis is performed to obtain relevant information about the actual transaction volume, and also to ensure the security of transaction information.
As a result, the above technical solution obfuscates multiple hash data corresponding to multiple business data, so that the final stored target hash data can be accessed by external users, but it is difficult for external users to analyze it to obtain transaction scale and transaction volume. Level information. Therefore, while ensuring the authenticity and transparency of the data in the blockchain, it can also ensure the security of the data, so that users can better protect their own business when using the blockchain.
It should be understood that, in the embodiment of the present application, the obfuscated encryption processing for hash data may include multiple methods.
Optionally, in an implementation manner, the content composed of multiple hash data may be hashed to obtain one hash data.
For example, if the hash data corresponding to the 4 storage records in a certain block of the blockchain are HashA, HashB, HashC, and HashD, then the encrypted hash data HashABCD=Hash(HashA+HashB+ HashC+HashD) , Where the function Hash() represents a hash calculation function, such as MD5, SHA-1, SHA-256, SHA-384 and SHA-512, etc. In the Bitcoin system, the hash algorithm used is SHA-256.
Optionally, in another implementation manner, any piece of hash data may be divided into multiple parts of content and then hash calculations are performed respectively to obtain multiple pieces of hash data corresponding to the content of the multiple parts.
For example, assuming that the hash data corresponding to a storage record in a certain block of the blockchain is HashA, HashA can be split into HashA1 and HashA2, and then hashed separately, that is, HashA1' = Hash (HashA1), HashA2 '= Hash(HashA2), at this time HashA1' and HashA2' are hash data obtained after obfuscating and encrypting HashA. Of course, HashA can also be divided into 3 parts, 4 parts or even more parts. How many parts it is divided into, and how to split it is configurable.
Optionally, in another implementation manner, the content composed of multiple hash data can be subdivided into multiple parts of content, and the content of each part is separately hashed to obtain the corresponding content of the multiple parts. Multiple hash data.
For example, suppose that the hash data corresponding to the 4 storage records in a certain block of the blockchain are HashA, HashB, HashC, and HashD, and the content of the composition is HashABCD=(HashA+HashB+HashC+HashD); HashABCD Divide into HashABCD1 and HashABCD2, and then perform hash calculations on HashABCD1 and HashABCD2 to obtain Hash(HashABCD1) and Hash(HashABCD2), Hash
(HashABCD1) and Hash(HashABCD2) are multiple hash data corresponding to the content of the multiple parts.
In addition, it should be understood that the obfuscation scheme of the embodiment of the present application can also perform multi-layer obfuscation encryption processing, that is, the hash data after one layer of obfuscation encryption processing is subjected to one or more layers of obfuscation encryption processing. The algorithms for different layers of obfuscation encryption processing can be the same or different.
For example, assuming that the hash data corresponding to the 4 storage records in a certain block of the blockchain are HashA, HashB, HashC, and HashD, the hash information HashABCD=Hash(HashA+ HashB+HashC) +HashD); The hash data after the second level of obfuscation and encryption is Hash(HashABCD1) and Hash(HashABCD2), where HashABCD = HashABCD1+HashABCD2.
Optionally, in another implementation manner, one or more segmentation processing and/or hash calculations may be performed on the hash data. Specifically, only the hash data can be segmented to obtain the target hash data, or the segment processing and hash calculation methods can be combined to obfuscate and encrypt the hash data to obtain the target hash data.
The following lists a detailed obfuscated encryption processing method.
First, the hash data is segmented according to the specified segmentation rule to obtain multiple first data segments.
Among them, the specified segmentation rules include: segmentation according to the specified data length; for example, if the specified data length is 64KB, the hash data is segmented according to the 64KB rule for each data fragment; or, according to the specified duration Rules for segmentation; for example, if the specified duration is 1 second, the segmentation will be performed according to the hash data stored in each second. For example, the hash data stored in the current 1 second is a data segment, and the hash data stored in the next 1 second It is the next data fragment.
Secondly, the hash calculation is performed on each first data segment to obtain multiple second data segments.
Finally, determine the target hash data after obfuscation and encryption based on a plurality of second data segments. Specifically, the second data segment can be directly determined as the target hash data, and the second data segment can be subjected to one or more segmentation processing and/or hash calculations again to finally obtain the target hash data.
In this embodiment, an obfuscation encryption processing method is listed in which the hash data is first segmented, and then the data fragments obtained after the segmentation are hashed. Obviously, due to the diversity of obfuscation encryption processing methods, the target hash data after obfuscation and encryption processing is difficult to be known by external users, so the security of the target hash data can be ensured.
Of course, in addition to the above-mentioned obfuscation encryption processing methods, a variety of other obfuscation encryption processing methods can also be used to perform obfuscation encryption processing on the hashed data, including a combination of multiple segmentation processing and multiple hash calculations, and multiple divisions. The order of segment processing and multiple hash calculations is not limited. The more the number of segmentation processing and/or hash calculation, that is, the more complicated the obfuscation encryption processing method, the higher the security of the obtained target hash data.
In one embodiment, before obtaining the hash data corresponding to the business data recorded in the first blockchain, it can be determined that the data viewing authority of the first blockchain is only visible to the first designated user group, such as Each node in the first blockchain is visible; and, determining that the data viewing authority of the second blockchain is visible to all users, such as external users such as the public can access the data.
Wherein, the first designated user group may be one user or multiple users.
In this embodiment, since the first blockchain is only visible to the first designated user group, and other external users are not visible, it is difficult for multiple hash data corresponding to multiple business data stored in the blocks in the first blockchain Known by external users to ensure the security of multiple hashed data corresponding to multiple business data; in addition, because the second blockchain is visible to all users, all users can learn about the confusion stored in the second blockchain The encrypted target hash data ensures the transparency and authenticity of the data in the blockchain, and even if the external user knows the obfuscated and encrypted target hash data stored in the second blockchain, they do not know what the target hash data corresponds to. Confusing the encryption processing method, so it is impossible to know the real data of the business data, so as to ensure the security of the business data, and help users to better protect their own business when using the blockchain.
In one embodiment, when storing at least one target hash data after obfuscation and encryption in the second blockchain, the at least one target hash data after obfuscation and encryption may be segmented, and then the segmented target The hash data is separately stored in the second blockchain.
In this embodiment, the target hash data contained in each segment corresponding to the segmentation processing is not more than a predetermined number, and the total length of the predetermined number of target hash data should not be greater than the second block chain. The maximum length of the block record data. Therefore, when performing segmentation processing on at least one target hash data after obfuscation and encryption, the segmentation can be performed in a manner that each segment contains a fixed number of target hash data, wherein the fixed number should not be greater than the predetermined number.
In this embodiment, after segment processing is performed on at least one target hash data after obfuscation and encryption, multiple segments are obtained. Therefore, when the segmented target hash data is separately stored in the second blockchain, the target hash data contained in each segment can be stored as a business record in the second blockchain.
In one embodiment, the obfuscated encryption processing method can be stored in the third blockchain, and it is determined that the data viewing authority of the third blockchain is only visible to the second designated user group.
Wherein, the second designated user group may be one user or multiple users. The second designated user group may be the same as or different from the first designated user group (that is, the user group visible to the first blockchain). The second designated user group may be staff related to the data stored in the first block chain/second block chain, such as the maintainers of the block chain, and these users can have an opinion on the first block chain/ The hash data stored in the second blockchain is managed, such as storage, update, etc.; or, the user(s) can also manage the obfuscated encryption processing methods stored in the third blockchain, such as storage and modification And so on.
In this embodiment, by separately storing the obfuscated encryption processing method in the third blockchain, the second designated user group can easily learn the obfuscated encryption processing method, so that the real data of the business data can be obtained by obtaining the obfuscated encryption processing method. Moreover, since the third blockchain is only visible to the second designated user group and not to other external users, it is difficult for external users to know the obfuscated encryption processing methods stored in the third blockchain, and it is difficult to know the truth of the business data Data to ensure the security of business data.
In one embodiment, the obfuscation encryption processing method can also be stored in the first blockchain. Since the first blockchain is only visible to the first designated user group, and other external users are invisible, the first blockchain The stored obfuscated encryption processing method is difficult to be known by external users, so that it is difficult for external users to know the real information of the business data, and the security of the business data is ensured.
In this embodiment, the obfuscation encryption processing method and the hash data corresponding to the business data are stored in the first regional chain, which not only ensures the security of the business data, but also saves the block chain occupation of the obfuscation encryption processing method.
In summary, specific embodiments of the subject matter have been described. Other embodiments are within the scope of the attached patent application. In some cases, the actions described in the scope of the patent application can be performed in a different order and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired result. In certain embodiments, multiplexing and parallel processing may be advantageous.
The above is the blockchain data processing method provided by one or more embodiments of this specification. Based on the same idea, one or more embodiments of this specification also provide a blockchain data processing device.
Fig. 2 is a schematic block diagram of a block chain data processing device according to an embodiment of the present specification. As shown in Fig. 2, the block chain data processing device 200 includes:
The obtaining module 210 is used to obtain multiple hash data corresponding to multiple business data recorded in a block in the first blockchain;
The obfuscation module 220 is configured to perform obfuscation and encryption processing on multiple hash data according to a preset obfuscation encryption processing method to obtain at least one target hash data after obfuscation;
The segmentation module 230 is configured to perform segmentation processing on the at least one target hash data;
The first storage module 240 is used for separately storing the segmented target hash data in the second blockchain.
In one embodiment, the obfuscation module 220 includes:
The calculation unit is used to perform at least one hash calculation on each hash data to obtain at least one target hash data.
In one embodiment, the target hash data contained in each segment corresponding to the segmentation processing is not more than a predetermined number.
In one embodiment, the first storage module 240 includes:
The storage unit is used to store the target hash data contained in each segment as a business record in the second blockchain.
In an embodiment, the apparatus 200 further includes:
The first determination module is used to determine that the data viewing authority of the first blockchain is only for the first designated user before obtaining the multiple hash data corresponding to the multiple business data recorded in the block in the first blockchain Group is visible; and, it is determined that the data viewing authority of the second blockchain is visible to all users.
In an embodiment, the apparatus 200 further includes:
The storage and determination module is used to store the obfuscated encryption processing method in the third blockchain; and, determine that the data viewing authority of the third blockchain is only visible to the second designated user group.
Using the device of one or more embodiments of this specification, multiple hash data corresponding to multiple business data recorded in the block in the first blockchain are obtained, and the multiple hash data is processed according to the preset obfuscation encryption processing method Perform obfuscation encryption processing to obtain at least one obfuscated target hash data, and perform segment processing on the at least one target hash data, and then separately store the segmented target hash data in the second blockchain. It can be seen that this technical solution makes it possible for external users to access the final stored target hash data by obfuscating multiple hash data corresponding to multiple business data, but it is difficult for external users to analyze it to know the transaction scale and transaction magnitude. And other information. Therefore, while ensuring the authenticity and transparency of the data in the blockchain, it can also ensure the security of the data, so that users can better protect their own business when using the blockchain.
Those skilled in the art should understand that the above-mentioned blockchain data processing device can be used to implement the blockchain data processing method described above, and the detailed description should be similar to the method described above. To avoid cumbersomeness, it is not here. Another repeat.
Based on the same idea, one or more embodiments of this specification also provide a blockchain data processing system.
FIG. 3 is a schematic block diagram of a blockchain data processing system according to an embodiment of this specification. As shown in FIG. 3, the blockchain data processing system 300 includes a first blockchain 310, a data processing node 320, and a second blockchain. Two block chain 330; among them:
The first block chain 310 is used to record multiple hash data corresponding to multiple business data;
The data processing node 320 is used to obtain multiple hash data recorded in the block in the first block chain 310;
The data processing node 320 is also used to perform obfuscation encryption processing on multiple hash data according to a preset obfuscation encryption processing method to obtain at least one target hash data after obfuscation; perform segment processing on at least one target hash data; The subsequent target hash data are respectively stored in the second blockchain 330;
The second block chain 330 is used to store the segmented target hash data.
In an embodiment, the data processing node 320 is also used to:
Perform at least one hash calculation on each hash data to obtain at least one target hash data.
In one embodiment, the target hash data contained in each segment corresponding to the segmentation processing is not more than a predetermined number.
In an embodiment, the data processing node 320 is also used to:
The target hash data contained in each of the segments are respectively stored as a business record in the second blockchain.
In an embodiment, the data processing node 320 is also used to:
It is determined that the data viewing authority of the first blockchain is only visible to the first designated user group; and, the data viewing authority of the second blockchain is determined to be visible to all users.
In one embodiment, the system 300 further includes:
The third blockchain is used to store obfuscated encryption processing methods;
Correspondingly, the data processing node 320 is also used to determine that the third blockchain data viewing authority is only visible to the second designated user group.
Using the system of one or more embodiments of this specification, multiple hash data corresponding to multiple business data recorded in the block in the first blockchain are obtained, and the multiple hash data is processed according to the preset obfuscation encryption processing method Perform obfuscation encryption processing to obtain at least one obfuscated target hash data, and perform segment processing on the at least one target hash data, and then separately store the segmented target hash data in the second blockchain. It can be seen that this technical solution makes it possible for external users to access the final stored target hash data by obfuscating multiple hash data corresponding to multiple business data, but it is difficult for external users to analyze it to know the transaction scale and transaction magnitude. And other information. Therefore, while ensuring the authenticity and transparency of the data in the blockchain, it can also ensure the security of the data, so that users can better protect their own business when using the blockchain.
Those skilled in the art should understand that the above-mentioned blockchain data processing system can be used to implement the blockchain data processing method described above, and the detailed description should be similar to the method part described above. To avoid cumbersomeness, it is not here. Another repeat.
Based on the same idea, one or more embodiments of this specification also provide a blockchain data processing device, as shown in FIG. 4. Blockchain data processing equipment can have relatively large differences due to different configurations or performances. It can include one or more processors 401 and memory 402. The memory 402 can store one or more storage applications or data. . Among them, the memory 402 may be short-term storage or permanent storage. The application program stored in the memory 402 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions in the blockchain data processing device. Furthermore, the processor 401 may be configured to communicate with the memory 402, and execute a series of computer-executable instructions in the memory 402 on the blockchain data processing device. The blockchain data processing device may also include one or more power sources 403, one or more wired or wireless network interfaces 404, one or more input and output interfaces 405, and one or more keyboards 406.
Specifically in this embodiment, the blockchain data processing device includes memory and one or more programs, one or more programs are stored in the memory, and one or more programs may include one or more Modules, and each module may include a series of computer executable instructions for the blockchain data processing equipment, and is configured to be executed by one or more processors to execute the one or more package programs including for performing the following Computer executable instructions:
Obtain multiple hash data corresponding to multiple business data recorded in the block in the first blockchain;
Performing obfuscation and encryption processing on the plurality of hashed data according to a preset obfuscation and encryption processing method to obtain at least one target hashed data after obfuscation;
Performing segment processing on the at least one target hash data;
The segmented target hash data are respectively stored in the second blockchain.
Optionally, when the computer-executable instructions are executed, the processor can also:
Perform at least one hash calculation on each of the hash data to obtain the at least one target hash data.
Optionally, the target hash data contained in each segment corresponding to the segmentation processing is not more than a predetermined number. Optionally, when the computer-executable instructions are executed, the processor can also:
The target hash data contained in each of the segments are respectively stored as a business record in the second blockchain.
Optionally, when the computer-executable instructions are executed, the processor can also:
Before obtaining multiple hash data corresponding to multiple business data recorded in the block in the first blockchain, determine that the data viewing authority of the first blockchain is only visible to the first designated user group; and, determine The data viewing authority of the second blockchain is visible to all users.
Optionally, when the computer-executable instructions are executed, the processor can also:
Storing the obfuscated encryption processing method in a third blockchain; and determining that the data viewing authority of the third blockchain is only visible to the second designated user group.
One or more embodiments of this specification also propose a computer-readable storage medium that stores one or more programs, the one or more programs include instructions, and the instructions include multiple application programs. When the electronic device is executed, the electronic device can execute the above-mentioned blockchain data processing method, and is specifically used to execute:
Obtain multiple hash data corresponding to multiple business data recorded in the block in the first blockchain;
Performing obfuscation and encryption processing on the plurality of hashed data according to a preset obfuscation and encryption processing method to obtain at least one target hashed data after obfuscation;
The segmentation module is used to perform segmentation processing on the at least one target hash data;
The segmented target hash data are respectively stored in the second blockchain.
The systems, devices, modules, or units explained in the above embodiments may be implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable Device or any combination of these devices.
For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing one or more embodiments of this specification, the functions of each unit can be implemented in the same or multiple software and/or hardware.
Those skilled in the art should understand that one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification can be implemented on one or more computer-usable storage media (including but not limited to magnetic disk memory, CD-ROM, optical memory, etc.) containing computer-usable program codes. In the form of a computer program product.
One or more embodiments of this specification are described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to the embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processors of general-purpose computers, dedicated computers, embedded processors, or other programmable data processing equipment to generate a machine that can be executed by the processor of the computer or other programmable data processing equipment A device for realizing the functions specified in one flow or multiple flows in the flowchart and/or one block or multiple blocks in the block diagram is generated.
These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory generate a manufactured product including the instruction device , The instruction device realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so that the computer or other programmable equipment The instructions executed above provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
Memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash). RAM). Memory is an example of computer-readable media.
Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), and other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital multi-function Optical discs (DVD) or other optical storage, magnetic cassette tapes, tape-to-disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
It should also be noted that the terms "including", "including" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This application can also be implemented in a distributed computing environment. In these distributed computing environments, remote processing devices connected through a communication network perform tasks. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the part of the description of the method embodiment.
The above description is only one or more embodiments of this specification, and is not intended to limit this specification. For those skilled in the art, one or more embodiments of this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of this specification shall be included in the scope of patent application of one or more embodiments of this specification.
