Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for federation chain encryption, so as to solve the problem in the prior art that the security of a federation chain encryption method is low. In order to achieve the purpose, the invention adopts the technical scheme that:
a first aspect of an embodiment of the present invention provides a federation chain encryption method, including:
encrypting a preset character string according to a pre-distributed public key to obtain an encrypted character string; the preset character string is obtained by converting a plurality of state channel parameters of the alliance chain according to the corresponding relation between letters and binary numbers;
adding the encrypted character string and a preset identifier to a preset position of a first plaintext to be encrypted to obtain a second plaintext;
encrypting the second plaintext for a preset number of times according to the public key to obtain a final ciphertext corresponding to the first plaintext; wherein the encrypted object of the first encryption performed on the second plaintext is the second plaintext; the encryption object for the Nth time of encryption of the second plaintext is the second plaintext added with an intermediate ciphertext and a preset identifier at a preset position, the intermediate ciphertext is a ciphertext obtained by performing the N-1 th time of encryption on the second plaintext, N is a positive integer greater than or equal to 2, and N is less than or equal to a preset number of times.
Optionally, before encrypting the preset character string according to the pre-allocated public key, the federation chain encryption method further includes:
acquiring a plurality of state channel parameters of a alliance chain;
and converting the plurality of state channel parameters according to the corresponding relation between the letters and the binary numbers to obtain a preset character string.
Optionally, converting the multiple state channel parameters according to the correspondence between the letters and the binary numbers to obtain a preset character string, including:
converting each letter in the plurality of state channel parameters into a corresponding binary number according to the corresponding relation between the letter and the binary number;
sequentially adding each binary number to a preset matrix according to a preset sequence; the preset sequence is the sequence of the number of letters contained in the state channel parameters from most to less;
and sequentially connecting binary numbers of each row in the preset matrix according to the matrix row number to obtain the preset character string.
Optionally, the federation chain encryption method further includes:
decrypting the final ciphertext according to the pre-distributed private key, the preset position and the preset identification to obtain a first plaintext; the private key corresponds to the public key.
Optionally, the public key is obtained based on an asymmetric encryption algorithm.
A second aspect of an embodiment of the present invention provides a federation chain encryption apparatus, including:
the first encryption module is used for encrypting the preset character string according to the pre-distributed public key to obtain an encrypted character string; the preset character string is obtained by converting a plurality of state channel parameters of the alliance chain according to the corresponding relation between letters and binary numbers;
the adding module is used for adding the encrypted character string and the preset identifier to a preset position of the first plaintext to be encrypted to obtain a second plaintext;
the second encryption module is used for encrypting the second plaintext for preset times according to the public key to obtain a final ciphertext corresponding to the first plaintext;
wherein the encrypted object of the first encryption performed on the second plaintext is the second plaintext; the encryption object for encrypting the second plaintext for the Nth time is the second plaintext added with an intermediate ciphertext and a preset identifier at a preset position, the intermediate ciphertext is a ciphertext obtained by encrypting the second plaintext for the N-1 th time, N is a positive integer greater than or equal to 2, and N is less than or equal to the preset times.
Optionally, the federation chain encryption apparatus further includes an obtaining module, configured to:
acquiring a plurality of state channel parameters of a alliance chain;
and converting the plurality of state channel parameters according to the corresponding relation between the letters and the binary numbers to obtain a preset character string.
Optionally, the obtaining module is further configured to:
converting each letter in the plurality of state channel parameters into a corresponding binary number according to the corresponding relation between the letter and the binary number;
sequentially adding each binary number to a preset matrix according to a preset sequence; the preset sequence is the sequence of the number of letters contained in the state channel parameters from most to least;
and sequentially connecting binary numbers of each row in the preset matrix according to the matrix row number to obtain the preset character string.
Optionally, the federation chain encryption apparatus further includes a decryption module, configured to:
decrypting the final ciphertext according to the pre-distributed private key, the preset position and the preset identification to obtain a first plaintext; the private key corresponds to the public key.
Optionally, the public key is obtained based on an asymmetric encryption algorithm.
A third aspect of an embodiment of the present invention provides a node device, including: a processor and a memory storing a computer program; the processor, when executing the computer program, realizes the steps of the method according to the first aspect.
A fourth aspect of embodiments of the present invention provides a computer-readable storage medium, which stores a computer program that, when executed by a processor, implements the steps of the method according to the first aspect.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
compared with the prior art, in the embodiment of the invention, when node equipment in the alliance chain encrypts the plaintext, the encryption character string and the preset identification can be added to the preset position of the first plaintext to obtain the second plaintext, and then the second plaintext is encrypted for the preset times according to the public key. Because the encrypted character string is obtained by encrypting the preset character string, and the preset character string is obtained by converting the state channel parameters of the alliance chain according to the corresponding relation between the letters and the binary numbers, the specific state channel parameters in the alliance chain are utilized during encryption, and the encryption safety of the alliance chain can be improved. In addition, the second plaintext is encrypted for a preset number of times, and products obtained after the previous encryption are added to the encrypted object from the second encryption, so that the complexity of the ciphertext is increased, and the security of the alliance chain encryption is further improved.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
In order to solve the problem of the prior art, embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for federation chain encryption. The federation chain encryption method provided by the embodiment of the invention is described below.
As shown in fig. 1, a federation chain encryption method provided in an embodiment of the present invention includes the following steps:
s110, encrypting the preset character string according to the pre-distributed public key to obtain an encrypted character string.
The preset character string is obtained by converting a plurality of state channel parameters of the alliance chain according to the corresponding relation between letters and binary numbers. The Algorithm for encrypting the preset character string may be a Data Encryption Algorithm (DEA).
In some embodiments, the federation chain may be built using a back-end as a Service (BaaS) platform. The BaaS platform is an open platform with a block chain frame embedded into a cloud computing platform, can provide a convenient and high-performance block chain ecological environment and supporting services for users by using the deployment and management advantages of cloud service infrastructure, and supports the service expansion and block chain operation of the users, such as equipment access, access control, service monitoring, block chain platforms and the like.
In some embodiments, the execution subject of the federation chain encryption method may be any node in the federation chain, and the node may be a master node or a member node in the federation chain. The node may be a node device such as a personal computer, server, etc.
In some embodiments, the node device needs to obtain the encryption string before encrypting the plaintext to be encrypted. Specifically, the node device may encrypt the preset character string according to the pre-assigned public key to obtain the encrypted character string.
Optionally, the preset character string may be obtained according to the state channel parameter of the alliance chain, and the corresponding processing may be as follows: acquiring a plurality of state channel parameters of a alliance chain; and converting the plurality of state channel parameters according to the corresponding relation between the letters and the binary numbers to obtain a preset character string.
In some embodiments, the correspondence between the letters and the binary numbers may be a correspondence between 26 English letters and binary numbers 0 and 1. For example, the correspondence between the letters and the binary numbers may be configured in a =1 manner, a =2 manner, a 8230a, a =25 manner, and a Z =26 manner, and accordingly, the binary number corresponding to the letter a is 00001, the binary number corresponding to the letter B is 00010, and the binary number corresponding to the letter Z is 11010.
In some embodiments, the node device may obtain multiple status channel parameters of the federation chain, for example, the federation chain has 10 status channels, and the node device may obtain the status channel parameters of the 10 status channels respectively. And then, the node equipment can convert the acquired multiple state channel parameters according to the corresponding relation between the letters and the binary numbers to obtain a preset character string.
Optionally, the preset character string may be obtained in a matrix manner, and the corresponding processing may be as follows: converting each letter in the plurality of state channel parameters into a corresponding binary number according to the corresponding relation between the letter and the binary number; sequentially adding each binary number to a preset matrix according to a preset sequence; and sequentially connecting binary numbers of each row in the preset matrix according to the matrix row number to obtain the preset character string.
In some embodiments, the preset order may be an order of the number of letters included in the status channel parameter from the most to the least. Taking a federation chain with 10 state channels as an example, the state channel parameters of the 10 state channels may be sorted in order of the number of letters contained in the state channel parameters. The predetermined matrix may be a matrix composed of rows and columns.
In some embodiments, after obtaining the plurality of status channel parameters of the federation chain, the node device may convert each letter of the plurality of status channel parameters into a corresponding binary number according to a correspondence between the letter and the binary number, so that a plurality of sets of binary numbers may be obtained, where each set of binary numbers corresponds to one status channel parameter. Thereafter, the node device may sequentially add each binary number to the preset matrix in a preset order. Then, the node device may sequentially connect the binary numbers of each row in the preset matrix according to the matrix row number to obtain the preset character string.
And S120, adding the encryption character string and the preset identifier to a preset position of the first plaintext to be encrypted to obtain a second plaintext.
In some embodiments, the predetermined identifier may be an identifier for distinguishing between the first plaintext and the encrypted string, for example 100010001000. The preset position may be a head or a tail. Taking the preset position as the tail part as an example, the encrypted character string and the preset identifier may be added to the tail part of the first plaintext to obtain the second plaintext.
S130, encrypting the second plaintext for preset times according to the public key to obtain a final ciphertext corresponding to the first plaintext.
In some embodiments, the public key may be derived based on an asymmetric cryptographic algorithm, such as the RSA algorithm.
In some embodiments, the encrypted object of the first encryption of the second plaintext may be the second plaintext.
In some embodiments, the encrypted object of the nth encryption of the second plaintext may be the second plaintext to which an intermediate ciphertext and a preset identifier are added at a preset position, the intermediate ciphertext may be a ciphertext obtained by encrypting the second plaintext for the N-1 th time, N is a positive integer greater than or equal to 2, and N is less than or equal to a preset number of times.
For example, the encryption target of the 2 nd encryption performed on the second plaintext may be the second plaintext to which the ciphertext obtained by the 1 st encryption performed on the second plaintext is added. The encryption target of the 3 rd encryption performed on the second plaintext may be the second plaintext to which the ciphertext obtained by the 2 nd encryption performed on the second plaintext is added.
It should be noted that the intermediate ciphertext is added to the preset position of the second plaintext, and the processing of the obtained second plaintext can be kept consistent, so that the encryption process can be simplified on the premise of ensuring the encryption security.
Optionally, the final ciphertext may be decrypted, and the corresponding processing may be as follows: and decrypting the final ciphertext according to the pre-distributed private key, the preset position and the preset identification to obtain a first plaintext.
In some embodiments, the private key is a key corresponding to the public key.
In some embodiments, the final ciphertext may be decrypted according to an inverse process of the encryption flow described above to obtain the first plaintext. Specifically, the final ciphertext may be decrypted according to a private key corresponding to the public key, and then, data corresponding to a preset position in the decrypted data may be removed to obtain a second plaintext, and then, data corresponding to a preset position in the second plaintext may be removed again to obtain the first plaintext.
In the embodiment of the present invention, when node devices in a federation chain encrypt plaintext, an encryption character string and a preset identifier may be added to a preset position of a first plaintext to obtain a second plaintext, and then the second plaintext may be encrypted for a preset number of times according to a public key. Because the encrypted character string is obtained by encrypting the preset character string, and the preset character string is obtained by converting the plurality of state channel parameters of the alliance chain according to the corresponding relation between the letters and the binary numbers, the encryption method utilizes the specific state channel parameters in the alliance chain, and can improve the encryption safety of the alliance chain. In addition, the second plaintext is encrypted for a preset number of times, and products obtained after the previous encryption are added to the encrypted object from the second encryption, so that the complexity of the ciphertext is increased, and the security of the alliance chain encryption is further improved.
Based on the federation chain encryption method provided by the above embodiment, correspondingly, the present invention also provides a specific implementation manner of a federation chain encryption apparatus applied to the federation chain encryption method. Please see the examples below.
As shown in fig. 2, there is provided a federation chain encryption apparatus including:
the first encryption module 210 is configured to encrypt a preset character string according to a pre-allocated public key to obtain an encrypted character string; the preset character string is obtained by converting a plurality of state channel parameters of the alliance chain according to the corresponding relation between letters and binary numbers;
the adding module 220 is configured to add the encrypted character string and the preset identifier to a preset position of the first plaintext to be encrypted, so as to obtain a second plaintext;
the second encryption module 230 is configured to encrypt the second plaintext for a preset number of times according to the public key, so as to obtain a final ciphertext corresponding to the first plaintext;
wherein the encrypted object of the first encryption performed on the second plaintext is the second plaintext; the encryption object for encrypting the second plaintext for the Nth time is the second plaintext added with an intermediate ciphertext and a preset identifier at a preset position, the intermediate ciphertext is a ciphertext obtained by encrypting the second plaintext for the N-1 th time, N is a positive integer greater than or equal to 2, and N is less than or equal to the preset times.
Optionally, the federation chain encryption apparatus further includes an obtaining module, configured to:
acquiring a plurality of state channel parameters of a alliance chain;
and converting the plurality of state channel parameters according to the corresponding relation between the letters and the binary numbers to obtain a preset character string.
Optionally, the obtaining module is further configured to:
converting each letter in the plurality of state channel parameters into a corresponding binary number according to the corresponding relation between the letter and the binary number;
sequentially adding each binary number to a preset matrix according to a preset sequence; the preset sequence is the sequence of the number of letters contained in the state channel parameters from most to least;
and sequentially connecting binary numbers of each row in the preset matrix according to the matrix row number to obtain the preset character string.
Optionally, the federation chain encryption apparatus further includes a decryption module, configured to:
decrypting the final ciphertext according to the pre-distributed private key, the preset position and the preset identification to obtain a first plaintext; the private key corresponds to the public key.
Optionally, the public key is obtained based on an asymmetric encryption algorithm.
In the embodiment of the present invention, when node devices in a federation chain encrypt a plaintext, an encryption character string and a preset identifier may be added to a preset position of a first plaintext to obtain a second plaintext, and then the second plaintext may be encrypted for a preset number of times according to a public key. Because the encrypted character string is obtained by encrypting the preset character string, and the preset character string is obtained by converting the plurality of state channel parameters of the alliance chain according to the corresponding relation between the letters and the binary numbers, the encryption method utilizes the specific state channel parameters in the alliance chain, and can improve the encryption safety of the alliance chain. In addition, the second plaintext is encrypted for a preset number of times, and products obtained after the previous encryption are added to the encrypted object from the second encryption, so that the complexity of the ciphertext is increased, and the security of the alliance chain encryption is further improved.
Fig. 3 is a schematic diagram of a hardware structure of a node device for implementing various embodiments of the present invention.
The node device may comprise a processor 301 and a memory 302 in which the computer program is stored.
In particular, the processor 301 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 302 may include mass storage for data or instructions. By way of example, and not limitation, memory 302 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 302 may include removable or non-removable (or fixed) media, where appropriate. The memory 302 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 302 is a non-volatile solid-state memory. In a particular embodiment, the memory 302 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.
The processor 301 realizes any one of the above embodiments of the federation chain encryption method by reading and executing a computer program stored in the memory 302.
In one example, the node device may also include a communication interface 303 and a bus 310. As shown in fig. 3, the processor 301, the memory 302, and the communication interface 303 are connected via a bus 310 to complete communication therebetween.
The communication interface 303 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiment of the present invention.
Bus 310 comprises hardware, software, or both to couple the components of the node device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 310 may include one or more buses, where appropriate. Although specific buses have been described and illustrated with respect to embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer storage medium is stored with a computer program; when being executed by a processor, the computer program realizes the processes of the above embodiments of the federation chain encryption method, and can achieve the same technical effect, and is not described herein again in order to avoid repetition.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments can be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include an electronic circuit, a semiconductor memory device, a ROM, a flash memory, an Erasable ROM (EROM), a floppy disk, a CD-ROM, an optical disk, a hard disk, an optical fiber medium, a Radio Frequency (RF) link, and so forth. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed at the same time.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.