CN-122027632-A - Autonomous verification method, system, terminal device, server device and computer program product for data under chain

Abstract

The application relates to the technical field of data security and provides an autonomous verification method, an autonomous verification system, terminal equipment, server equipment and a computer program product for data under a chain. According to the application, through the local processing of the original data, the logarithmic communication overhead and the decentralization trust model based on the blockchain, the technical effects of protecting the original data privacy, reducing the trust dependence on the decentralization server side and improving the order of magnitude of the communication efficiency in the verification process are realized.

Inventors

• LI TAO
• HU XIPING

Assignees

• 广东跃昉科技有限公司

Dates

Publication Date

20260512

Application Date

20260416

Claims (10)

1. 1. An autonomous verification method of data under a chain, characterized by being executed by a verification terminal, comprising: obtaining Merkle path evidence aiming at target data to be verified, wherein the Merkle path evidence at least comprises a brother node hash sequence and a leaf node position index, and the length of the brother node hash sequence and the total data number of a Merkle tree where the target data are located are in a logarithmic relationship; performing standardization processing and hash operation on the target data locally stored by the verification terminal to obtain leaf node hash; Determining a hash splicing direction based on the leaf node hash, the brother node hash sequence and the leaf node position index, and performing iterative calculation layer by layer to reconstruct Merkle root hash according to parity of the leaf node position index; acquiring a Merkle root hash of the on-chain certificate through a trusted blockchain access channel, and comparing the reconstructed Merkle root hash with the Merkle root hash of the on-chain certificate; if the comparison is consistent, judging that the target data exists and is not tampered, and if the comparison is inconsistent, judging that the verification fails.
2. 2. The method according to claim 1, wherein the obtaining the Merkle root hash of the on-chain certificate through the trusted blockchain access channel specifically comprises: synchronizing the block header and verifying the transaction inclusion by running a local blockchain light node; Or (b) And cross-verifying through at least two independent third-party blockchain data services, and when the Merkle root hashes returned by the at least two independent third-party blockchain data services are consistent, confirming that the acquired on-chain Merkle root hashes are valid.
3. 3. The method of claim 1, wherein the normalizing process comprises: sorting the name and the classical order of the JSON format data keys, removing redundant blank symbols, and uniformly adopting UTF-8 character coding; Correspondingly, before the step of comparing the reconstructed Merkle root hash with the Merkle root hash stored on the chain, the method further comprises: Verifying the sequence of the data generation time of the target data, the batch creation time of the batch to which the target data belongs and the block confirmation time of the Merkle root hash stored on the chain, if the sequence of the time is unreasonable, judging that verification fails, wherein if the data generation time is earlier than or equal to the batch creation time and the batch creation time is earlier than or equal to the block confirmation time, the sequence of the time is reasonable, otherwise, judging that the sequence of the time is unreasonable.
4. 4. An autonomous verification method of data under a chain, which is characterized by being executed by a certification server, comprising the following steps: Receiving a proof acquisition request for target data, the request including a data identification and access credentials for identity verification; Verifying the validity of the access credential and performing a rate limiting check on the initiator of the attestation acquisition request; under the condition that the validity of the access credentials is verified to pass, positioning leaf node positions corresponding to target data in a pre-constructed Merkle tree based on the data identification; extracting all brother node hashes on the path from the leaf node to the root node to form an ordered brother node hash sequence; and generating and outputting Merkle path evidence comprising the brother node hash sequence and the leaf node position index, wherein the Merkle path evidence is used for independently verifying target data to be verified, which corresponds to the Merkle path evidence, by the verified terminal under the condition that the verified terminal obtains the Merkle path evidence.
5. 5. The method according to claim 4, wherein the data identification is generated in an unpredictable manner, comprising in particular: And performing keyed hash operation on the unique identifier, the serial number and the timestamp of the device, wherein the evidence obtaining request further comprises a workload evidence, and the step of verifying the validity of the access certificate and performing rate limiting check on the initiator of the evidence obtaining request further comprises verifying the validity of the workload evidence.
6. 6. The method of claim 4, wherein the Merkle path evidence further comprises an acknowledgement status field, wherein the acknowledgement status field is used for indicating whether the target data has obtained a blockchain finalization acknowledgement, wherein the acknowledgement status field is a soft acknowledgement when a lot to which the target data belongs has not yet been uplink, wherein the Merkle path evidence comprises a pre-computed lot root hash, wherein the acknowledgement status field is a hard acknowledgement when a lot to which the target data belongs has been uplink, and wherein the Merkle path evidence comprises on-link transaction information.
7. 7. The autonomous verification system is characterized by comprising a certification server, a verification terminal and a blockchain network, wherein: The forensic server configured to perform the method of any one of claims 4 to 6 to generate Merkle path attestation; The authentication terminal configured to perform the method of any one of claims 1 to 3 to complete autonomous authentication of data; The block chain network is used for storing Merkle root hash of batch data and is used as a public trust anchor point for verification by the verification terminal.
8. 8. A terminal device, characterized by comprising a processor and a memory for storing an execution program for autonomous verification of data under a chain, the processor for executing the execution program for autonomous verification of data under a chain stored in the memory, to cause the terminal device to perform the steps of the method according to any of claims 1-3.
9. 9. A server device comprising a processor and a memory, the memory for storing an execution program for autonomous verification of the data under the chain, the processor for executing the execution program for autonomous verification of the data under the chain stored in the memory, to cause the server device to perform the steps of the method according to any of claims 4-6.
10. 10. A computer program product comprising an execution program for autonomous verification of data under a chain, characterized in that the execution program for autonomous verification of data under a chain, when run by an autonomous verification system, causes the steps of the autonomous verification method of data under a chain as claimed in any of claims 1-6 to be performed.

Description

Autonomous verification method, system, terminal device, server device and computer program product for data under chain Technical Field The application belongs to the technical field of data security, and particularly relates to an autonomous verification method, an autonomous verification system, terminal equipment, server equipment and a computer program product for data under a chain. Background In the scenes of industrial internet of things, smart cities, medical health and the like, an internet of things data storage platform usually adopts a hybrid architecture of 'under-chain storage+on-chain hash'. The architecture stores massive raw data in an under-chain database, and only hashes data or batches of Merkle roots are up-chain to balance the verification cost and the data credibility. When an auditor, a supervision organization or a third party needs to verify whether a specific piece of data is stored and not tampered, the prior art mainly adopts a centralized interactive verification mode or a full download local verification mode. In the centralized interactive verification mode, a user uploads an original data file to be verified to a verification platform server, the server calculates a hash value of uploaded data, compares verification records on a query chain, and returns a verification result to the user. In the full download local verification mode, the user downloads all original data or hash values of the whole batch containing the target data from the server, reconstructs the Merkle tree locally, calculates Merkle roots and compares the Merkle roots with the on-chain records. However, in the verification process, the original data needs to be uploaded to the server from the user control domain, or the whole batch data including the target data needs to be downloaded, so that the verifier cannot independently complete the data integrity and the existence check without exposing the original data and only needing single-round proof acquisition. Disclosure of Invention The embodiment of the application provides an autonomous verification method, an autonomous verification system, terminal equipment, server equipment and a computer program product for data under a chain, which can solve the technical problems of contradiction between privacy protection and verification credibility, contradiction between communication efficiency and verification independence and lack of a lightweight verification mechanism for decentralizing trust in the prior verification process. In a first aspect, an embodiment of the present application provides an autonomous verification method for downlink data, which is executed by a verification terminal, including: The method comprises the steps of obtaining Merkle path evidence aiming at target data to be verified, wherein the Merkle path evidence at least comprises a brother node hash sequence and a leaf node position index, and the length of the brother node hash sequence and the total data number of a Merkle tree where the target data are located are in logarithmic relation; A local calculation step, namely carrying out standardization processing and hash operation on the target data locally stored by the verification terminal to obtain leaf node hash; A path reconstruction step, namely determining a hash splicing direction based on the leaf node hash, the brother node hash sequence and the leaf node position index, and performing iterative calculation layer by layer to reconstruct Merkle root hash according to the parity of the leaf node position index; the anchor point obtaining and verifying step, namely obtaining the Merkle root hash of the on-chain certificate through a trusted blockchain access channel, and comparing the reconstructed Merkle root hash with the Merkle root hash of the on-chain certificate; And judging whether the target data exist or not and are tampered if the comparison is consistent, and judging that verification fails if the comparison is inconsistent. The method has the technical effects that original data is always kept at the local part of the verification terminal, communication overhead is compressed to logarithmic level and the verification process is separated from the dependence of a centralized server side are achieved through the synergistic effect of five steps of obtaining Merkle path evidence, local standardization and hash calculation, path reconstruction based on index parity, multi-source on-chain anchor point acquisition and strict byte level comparison and judgment, wherein the logarithmic relation between the length of a brother node hash sequence and the total data amount ensures light communication, the splicing direction of leaf index parity driving ensures that reconstruction logic is strictly consistent with an original tree structure, a multi-source cross verification mechanism strengthens robustness of on-chain anchor point acquisition, and finally, the scheme enables a verification party to independently and eff