CN113904854A - Block chain data encryption method and device based on quotient secret algorithm - Google Patents
Block chain data encryption method and device based on quotient secret algorithm Download PDFInfo
- Publication number
- CN113904854A CN113904854A CN202111192428.7A CN202111192428A CN113904854A CN 113904854 A CN113904854 A CN 113904854A CN 202111192428 A CN202111192428 A CN 202111192428A CN 113904854 A CN113904854 A CN 113904854A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- signature
- data management
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000013523 data management Methods 0.000 claims abstract description 123
- 238000004364 calculation method Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 40
- 238000007726 management method Methods 0.000 claims abstract description 30
- 238000013524 data verification Methods 0.000 claims description 19
- 230000008520 organization Effects 0.000 claims description 6
- 230000004807 localization Effects 0.000 abstract description 3
- 230000008878 coupling Effects 0.000 abstract description 2
- 238000010168 coupling process Methods 0.000 abstract description 2
- 238000005859 coupling reaction Methods 0.000 abstract description 2
- 238000012423 maintenance Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
The invention relates to the technical field of block chains, and particularly discloses a block chain data encryption method and device based on a quotient and cipher algorithm, wherein the device comprises chain data management, node data management, block data management, contract data management, transaction data management and signature management, the chain data management carries out Hash calculation and Hash value verification on chain basic configuration information and consensus characteristic information, the node data management carries out Hash calculation, Hash value verification, digital signature and signature verification on node identity information and configuration information, the block data management carries out Hash calculation, Hash value verification, digital signature and signature verification on block information, the contract data management carries out Hash calculation and Hash value verification on contract information, the transaction data management carries out Hash calculation, Hash value verification, digital signature and signature verification on transaction information, and the signature management provides a randomly generated asymmetric key pair, Interfaces such as digital signature and signature verification and Hash calculation; according to the invention, firstly, the localization digital abstract and the digital signature of the block chain data can be realized from the bottom layer of the block chain system, the constraint of foreign encryption algorithm is eliminated, the safety, the reliability and the controllability of the block chain system data are improved, and secondly, the functional module exists in the form of an independent plug-in, an additional library or an independent service, the coupling of each module of the block chain system is reduced, and the system maintenance and upgrading cost is reduced.
Description
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method and an apparatus for encrypting blockchain data based on a quotient secret algorithm.
Background
The block chain system is a distributed data production, transmission and storage system, and the data mainly comprises system-level chain data, node data, block data, consensus data, service support-level intelligent contract data, account and key data, transaction data and the like.
In order to ensure the characteristics of data, such as non-tamper property, transmission security, transaction traceability and identity authenticity, a hash algorithm and an asymmetric encryption algorithm are introduced to perform digital digest and digital signature on related data.
Currently, the mainstream block chain technical framework mainly adopts the international existing encryption standard, wherein the hash algorithm mainly adopts Ripemd160, SHA256 and SHA512, the asymmetric encryption algorithm mainly adopts ECC-Secp256K1 and ECC-Secp256R1, and the block chain technical framework does not support the China's cryptographic algorithm such as SM3 and SM2.
In order to ensure the reliability and controllability of a bottom platform of the block chain system, a quotient and password algorithm needs to be introduced, so that the dependence of the bottom platform of the system on foreign algorithms is fundamentally eliminated, and an autonomous and controllable block chain data encryption system is realized.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a block chain data encryption method and device based on a cryptographic algorithm, which are used for reconstructing a data encryption system from the bottom layer of a system, implementing the cryptographic algorithm on chain data, node data, block data, consensus data, intelligent contract data, account and key data, transaction data and the like, improving the safety and controllability of data, and providing interfaces such as a digital abstract, asymmetric key generation, digital signature, signature verification and the like required by the butt joint of an upper-layer service system through related devices.
The purpose of the invention and the technical problem to be solved are realized by adopting the following technical scheme:
a block chain data encryption method based on a cryptographic algorithm is realized in the flow including chain data management, node data management, block data management, contract data management, transaction data management and signature management, and is characterized in that the data encryption method comprises the following steps: the method comprises the steps of carrying out digital abstract and data verification on chain basic information and consensus characteristic information through chain data management, carrying out digital abstract, digital signature and data verification on node identity information and node configuration information through node data management, carrying out digital abstract, digital signature and data verification on block basic information and block dynamic information through block data management, carrying out digital abstract and data verification on an intelligent contract through contract data management, carrying out digital abstract and data verification on transaction data through transaction data management, and carrying out digital signature and data verification on the module in the steps of signature management.
Preferably, the chain data management manages chain basic configuration information and chain consensus characteristic information, the node data management manages node identity information and node configuration information, the block data management manages block basic configuration information and real-time dynamic information, the contract data management manages contract methods, contract parameters and contract logics, the transaction data management manages transaction basic information and transaction dynamic information, and the signature management manages asymmetric encryption public and private keys and a signature method; the chain data management carries out digital signature and data verification on chain basic configuration information and chain consensus characteristic information to ensure the uniqueness and non-tamper property of data; the node data management carries out digital abstract, data verification, digital signature and signature verification on the node identity information and the node configuration information; the block data management carries out digital abstract, data verification, digital signature and signature verification on the block basic configuration information and the real-time dynamic information; the contract data management performs digital summary and data check on contract methods, contract parameters and contract logic; the transaction data management carries out digital abstract, data verification, digital signature and signature verification on the transaction basic information and the transaction dynamic information; the signature management is used for reliably storing, safely inputting and outputting the asymmetric encryption public and private keys and the signature method.
Preferably, the chain data includes chain basic configuration information and consensus characteristic information, where the chain basic configuration information includes chain start time, a chain initial public key, a single block cpu use upper limit, a single block memory use upper limit, a single block bandwidth use upper limit, and the like, and the consensus characteristic information includes a block account list, whether to verify a node network identity, whether to allow a block list to be vacated, and the like; the node data comprises node identity information and node configuration information, wherein the node identity information comprises node organization information, an organization identity public key, an organization network name and the like, and the node configuration information comprises a node block output account number, a node block output public key, a node service address, a node allowed single transaction maximum cpu use upper limit and the like; the block information comprises block basic configuration information and real-time dynamic information, wherein the basic configuration information comprises a block cpu use upper limit, a block bandwidth use upper limit and the like, and the real-time dynamic information comprises a block number, a block hash value, a block transaction set, a block outgoing account number, a block signature and the like; the contract information comprises a contract method set, contract method parameters, contract method logic, contract abstract information and the like; the transaction information comprises transaction basic information and transaction dynamic information, wherein the transaction basic information comprises a single transaction bandwidth use upper limit, a single transaction CPU use upper limit, a single transaction memory use upper limit and the like, and the transaction dynamic information comprises a transaction number, a transaction hash value, a transaction state and the like; the signature management data includes an asymmetric public-private key pair for the user.
Preferably, the chain data management performs hash calculation on the chain data through an SM3 algorithm, and the obtained unique hash value is used for identifying the uniqueness of the chain; all block chain link points determine that the two parties belong to the same block chain network through the same configuration and the same hash value, that is, the unique id of the block chain is equal to SM3.hash (chain _ config _ params), wherein the chain _ config _ params represents a data set of all the chains, and the SM3.hash represents hash calculation of the chain.
Preferably, the node data management identifies the node identity uniqueness by using an SM2 public key, hash calculation is performed on an SM2 public key and other readable node identity information and node configuration information by using an SM3 algorithm, and then the aforementioned information is asymmetrically signed by using an SM2 private key which does not need to be transmitted in the network, so that other nodes can perform identity verification, that is, a node id is equal to an sm2.sign (sm3. hash) (push _ key, other _ params)), wherein the push _ key represents the SM2 public key, the other _ params represents other data, the sm3.hash represents hash calculation, and the sm2.sign represents that the sm3.hash result is signed by using an SM2 private key.
Preferably, the block data management performs hash calculation on the block data through an SM3 algorithm, and the obtained unique hash value is used as a unique identifier of the block and is used as a retrieval index value of the block together with the block number, that is, the block id is equal to sm3.hash (block _ number, other _ params), where block _ number represents the block number (such as 1, 2, 3, … …), other _ params represents other data, and sm3.hash represents hash calculation on the aforementioned data.
Preferably, the contract data management performs hash calculation on the contract information through an SM3 algorithm, and the obtained unique hash value is used as a unique identifier of the contract, namely, the contract id is equal to sm3.hash (contract _ params), wherein the contract _ params represents the contract information, and the sm3.hash represents the hash calculation on the information.
Preferably, the transaction data management performs hash calculation on the transaction data through an SM3 algorithm to obtain a unique hash value as a unique identifier of the transaction, that is, a transaction id is equal to sm3.hash (txn _ params, txn _ sig), where txn _ params represents the transaction data, txn _ sig represents a signature of a transaction participant on the transaction through an SM2 private key, and sm3.hash represents hash calculation on the foregoing information.
Preferably, the signature management supports generation of an SM2 public-private key pair by means of a random SM3 hash value or a user-specified seed, wherein the private key is encoded by base58 as a wallet password for securing wallets; the method supports the generation of SM2 public-private key pairs by means of random SM3 hash values or user-specified seeds, wherein the private key is stored in the wallet and can be used after the wallet is opened through the wallet password, and the public key is opened for the use of a blockchain network through an interface; in order to ensure readability and security of the public and private keys and signatures thereof, check codes, base58 codes and prefixes are added to the public and private keys and the signatures, wherein the private key format is PVT _ S2_ base58(PVT _ key, checksum), "PVT" represents that the private key is a private key, "S2" represents that the private key is an SM2 type private key, PVT _ key represents an SM2 private key, and the checksum represents a private key check code, the value of which is sm3.hash _ hash _4(PVT _ key), namely, the private key is subjected to two hash calculations, the first 4 bytes of the result are taken, and base58 represents that the private key and the private key check code are subjected to base58 codes; the public key format is PUB _ S2_ base58(PUB _ key, checksum), "PUB" denotes that it is a public key, "S2" denotes that it is a SM2 type public key, PUB _ key denotes an SM2 public key, checksum denotes a public key check code, the value of which is sm3.hash _ hash _4(PUB _ key), i.e., the public key is subjected to hash calculation twice, and the first 4 bytes of the result are taken, and base58 denotes that the public key and the public key check code are subjected to base58 encoding; the signature format is SIG _ S2_ base58(SIG, checksum), "SIG" denotes that it is a digital signature, "S2" denotes that it is an SM2 type signature, "SIG" denotes a signature entity, checksum denotes a signature check code, and its value is sm3.hash _ hash _4(SIG), i.e., two hash calculations are performed on the signature entity and the first 4 bytes of the result are taken, and base58 denotes that base58 encoding is performed on the signature entity and the signature check code.
In order to achieve the object, according to a second aspect of the present invention, there is provided a block chain data encryption apparatus based on a quotient secret algorithm, including: the system comprises a chain data management module, a node data management module, a block data management module, a contract data management module, a transaction data management module and a signature management module; the chain data management module performs Hash calculation and Hash value verification on chain data, the node data management module performs Hash calculation, Hash value verification, identity information signature and identity information verification on node data, the block data management module performs Hash calculation, Hash value verification, block signature and block signature verification on block data, the contract data management module performs Hash calculation and Hash value verification on contract data, the transaction data management module performs transaction signature, signature verification, Hash calculation and Hash value verification on transaction data, and the signature management module provides two asymmetric key generation, storage and signature methods of random or designated seeds.
Preferably, the chain data management module performs hash calculation on the chain data by calling an SM3 algorithm, and an obtained unique hash value is used as a unique identifier of the chain; the node data management module calls SM3 algorithm to perform hash calculation on the node data, the obtained unique hash value is used as the unique identifier of the node, the SM2 algorithm is called to perform asymmetric signature on the data, the data are attached to a node data list and broadcast in a block link network, and therefore authenticity, uniqueness, non-tamper property and verifiability of the node identity are guaranteed; the block data management module carries out hash calculation on block data, an obtained unique hash value is used as a unique identifier of a block, an SM2 algorithm is called to carry out asymmetric signature on the block data, the block data is attached to a block data list and is broadcasted in a block link network, and therefore authenticity, uniqueness, non-tamper property and verifiability of the block are guaranteed; the contract management module calls SM3 algorithm to perform hash calculation on the contract information, and the obtained unique hash value is used as the unique identifier of the contract; the transaction data management module carries out hash calculation on the transaction data through an SM3 algorithm and carries out asymmetric signature on the transaction data through an SM2 algorithm, and the information is broadcasted in a block link network so as to ensure the authenticity, uniqueness, non-tamper property and verifiability of the transaction; the signature management module provides standard interfaces of SM2 and SM3 for SM2 key pair generation, digital signature, signature verification, and SM3 hashing algorithms.
Preferably, the module provides multiple programming language implementation modes, the chain data management module, the node data management module, the block data management module, the contract data management module and the transaction data management module are used as a part of the underlying block chain system in a plug-in mode, and the signature management module is used as a module independent of the underlying block chain system and is provided for the business system in a calling library or independent service mode.
The block chain data encryption method and device based on the quotient secret algorithm have the following advantages that: the block chain bottom layer is completely separated from the constraint of foreign encryption algorithm, the domestic commercial encryption algorithm is used for reconstruction, the reliability and controllability of the system are ensured, each functional module exists in an independent plug-in mode, the coupling is reduced, the operation efficiency is improved, the subsequent upgrade is convenient, a multi-language development butt joint mode is provided, the upper-layer service system calling is convenient, and the use threshold of service developers is reduced.
Drawings
Fig. 1 is a schematic topology diagram of a block chain data encryption device based on a quotient-secret algorithm according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a block chain data encryption device based on a quotient-secret algorithm according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of a block chain data encryption apparatus based on a quotient-secret algorithm according to an embodiment of the present invention.
Detailed Description
To further illustrate the technical means and effects of the present invention adopted to achieve the predetermined object, the following detailed description will be given to a block chain data encryption method and apparatus based on a quotient secret algorithm, and the specific implementation, structure, features and effects thereof according to the present invention, with reference to the accompanying drawings and preferred embodiments. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic diagram of a block chain data encryption device topology based on a quotient-secret algorithm according to an embodiment of the present invention.
As shown in fig. 1, the blockchain network is composed of a plurality of nodes, including a participant a blockchain network node 107, a participant B blockchain network node 108, etc., which are connected by a blockchain P2P network 109; the participating block chain network node services comprise a chain data management module 101, a node data management module 102, a block data management module 103, a contract data management module 104 and a transaction data management module 105, and a signature management module 106 exists in the form of an independent library or service.
In this embodiment, the number of running instances of the all-chain data management module 101, the node data management module 102, the block data management module 103, the contract data management module 104, the transaction data management module 105, and the signature management module 106 is not fixed, and is adjusted according to actual needs.
In this embodiment, all the chain data management module 101, the node data management module 102, the block data management module 103, the contract data management module 104, the transaction data management module 105, and the signature management module 106 are functionally independent services or independent plug-ins, and may or may not be on the same physical node.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a block chain data encryption device based on a quotient secret algorithm according to an embodiment of the present invention, and fig. 1 is also referred to.
As shown in fig. 2, a block chain data encryption apparatus based on a cryptographic algorithm includes a chain data management module 101, a node data management module 102, a block data management module 103, a contract data management module 104, a transaction data management module 105, and a signature management module 106.
In this embodiment, the chain data management module 101 performs hash value calculation based on the SM3 on the chain basic configuration information and the consensus characteristic information, and the obtained unique hash value is used as the unique identifier of the chain.
In this embodiment, the node data management module 102 performs hash value calculation based on SM3 on the node identity information and the configuration information, and the obtained unique hash value is used as a unique identifier of the node, and performs asymmetric encryption signature on the hash value through an SM2 algorithm, where the above information is broadcast as a whole in a block chain network, and is used by a receiving party to perform node identity verification and node configuration information identification.
In this embodiment, the block data management module 103 performs hash value calculation based on SM3 on the block basic information and the dynamic information, and the obtained unique hash value is used as a unique identifier of the block, and performs asymmetric encryption signature on the hash value through an SM2 algorithm, where the above information is broadcast as a whole in a block chain network, and is used by a receiving side to perform block synchronization and validity check.
In this embodiment, the contract data management module 104 performs hash value calculation based on the SM3 on the contract information, and the obtained unique hash value is used as a unique identifier of the contract.
In this embodiment, the transaction data management module 105 performs hash value calculation based on SM3 on the transaction information, and the obtained unique hash value is used as a unique identifier of the transaction, and performs asymmetric encryption signature on the hash value through an SM2 algorithm, where the above information is broadcast as a whole in a blockchain network, and is used by a receiving party to perform transaction synchronization and validity check.
In this embodiment, the signature management module 106 provides SM3 hash functions, SM2 asymmetric key pair generation, digital signature and signature verification functions based on random numbers or a specified seed, for business system calls in the form of an additional library or independent service.
Referring to fig. 3, fig. 3 is a flowchart illustrating a block chain data encryption method based on a quotient-secret algorithm according to an embodiment of the present invention.
As shown in fig. 3, a block chain data encryption method based on a quotient secret algorithm includes the following steps:
step S210: the participator A creates a block chain, configures chain basic information and consensus characteristic information, and calculates a chain unique hash value through an SM3 algorithm;
step S220: the participator A configures node information, calculates the unique hash value of the node through SM3 algorithm, and signs the node information through SM2 private key;
step S230: the participant B executes S220 in the same way, and sends the node information and the chain information of the participant B to the node of the participant A;
step S240: the participant A checks the chain information and the node information sent by the participant B, if the chain information is matched and the node information is valid, the participant agrees to establish connection, and replies the node information of the participant A;
step S250: the participant B checks the node identity information of the participant A, and if the information is valid, connection is established;
step S260: the participant A initiates an intelligent contract deployment transaction, and the participant B signs a transaction verification SM2 to verify summary information of the intelligent contract SM 3;
step S270: the participator A or B calls the intelligent contract interface to initiate the business transaction, calls the signature management module to carry out digital abstract and digital signature on the transaction, and the counterpart checks the digital abstract and digital signature after receiving the transaction;
step S280: party a or B accounts, generates tiles, and signs the tiles and tile information SM3 digital digest using its own SM2 private key.
The basic idea of the invention is to start from the bottom layer of a block chain system, realize the data encryption system of the block chain by using a commercial cipher algorithm so as to completely get rid of the constraint of foreign encryption algorithms, and realize the reliability, controllability and safety of the data of the block chain system from the algorithm level, specifically, to use SM3 hash algorithm to replace Ripemd160 and SHA256 hash algorithm, and use SM2 asymmetric encryption algorithm to replace ECC-Secp256K1 and ECC-Secp256R1 asymmetric encryption algorithm.
The blockchain network and data encryption apparatus of the present embodiment are suitable for deployment on a plurality of servers including general purpose computer hardware structures such as processors, memory, and network devices; the processor may be a stand-alone microprocessor or a collection of one or more microprocessors; the storage comprises a memory, a disk and the like, and can be one or more sets; the network device comprises a network card, a driver and the like, and can be a set of one or more; in addition, the server should also include a series of computer software, including an operating system, a tool library, and the like.
The invention can enable the bottom system of the block chain to completely realize localization of the encryption algorithm, and the upper business system also carries out digital abstract and digital signature on the transaction by a localization encryption method, thereby improving the data security, reliability and controllability of ecological application of the block chain.
In the description of the present specification, unless explicitly stated or limited otherwise, terms such as "record," "data," "information," and the like are to be understood in a broad sense, and for example, data may be a table of data, a table entry, or a data field. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the description of the present specification, unless explicitly stated or limited otherwise, terms such as "node", "module", "engine", "system", and the like are used for describing the functions thereof, and do not limit the specific existence form thereof, and may be a stand-alone computer program, a logic sub-module of a computer program, or a service set composed of a plurality of computer programs. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (12)
1. A block chain data encryption method based on a cryptographic algorithm is realized in the flow including chain data management, node data management, block data management, contract data management, transaction data management and signature management, and is characterized in that the data encryption method comprises the following steps: the method comprises the steps of carrying out digital abstract and data verification on chain basic information and consensus characteristic information through chain data management, carrying out digital abstract, digital signature and data verification on node identity information and node configuration information through node data management, carrying out digital abstract, digital signature and data verification on block basic information and block dynamic information through block data management, carrying out digital abstract and data verification on an intelligent contract through contract data management, carrying out digital abstract and data verification on transaction data through transaction data management, and carrying out digital signature and signature verification on the module needing signature through signature management.
2. The method for efficient retrieval of blockchain data according to claim 1, wherein the chain data management manages chain basic configuration information and chain consensus characteristic information, the node data management manages node identity information and node configuration information, the block data management manages block basic configuration information and real-time dynamic information, the contract data management manages contract methods, contract parameters and contract logic, the transaction data management manages transaction basic information and transaction dynamic information, and the signature management manages asymmetric encryption public and private keys and signature methods; the chain data management carries out digital signature and data verification on chain basic configuration information and chain consensus characteristic information to ensure the uniqueness and non-tamper property of data; the node data management carries out digital abstract, data verification, digital signature and signature verification on the node identity information and the node configuration information; the block data management carries out digital abstract, data verification, digital signature and signature verification on the block basic configuration information and the real-time dynamic information; the contract data management performs digital summary and data check on contract methods, contract parameters and contract logic; the transaction data management carries out digital abstract, data verification, digital signature and signature verification on the transaction basic information and the transaction dynamic information; the signature management is used for reliably storing, safely inputting and outputting the asymmetric encryption public and private keys and the signature method.
3. The method according to claim 1, wherein the chain data includes chain basic configuration information and consensus characteristic information, wherein the chain basic configuration information includes chain start time, a chain initial public key, an upper limit of single-block cpu usage, an upper limit of single-block memory usage, an upper limit of single-block bandwidth usage, and the like, and the consensus characteristic information includes a block account list, whether to verify a node network identity, whether to allow a block list to be vacated, and the like; the node data comprises node identity information and node configuration information, wherein the node identity information comprises node organization information, an organization identity public key, an organization network name and the like, and the node configuration information comprises a node block output account number, a node block output public key, a node service address, a node allowed single transaction maximum cpu use upper limit and the like; the block information comprises block basic configuration information and real-time dynamic information, wherein the basic configuration information comprises a block cpu use upper limit, a block bandwidth use upper limit and the like, and the real-time dynamic information comprises a block number, a block hash value, a block transaction set, a block outgoing account number, a block signature and the like; the contract information comprises a contract method set, contract method parameters, contract method logic, contract abstract information and the like; the transaction information comprises transaction basic information and transaction dynamic information, wherein the transaction basic information comprises a single transaction bandwidth use upper limit, a single transaction CPU use upper limit, a single transaction memory use upper limit and the like, and the transaction dynamic information comprises a transaction number, a transaction hash value, a transaction state and the like; the signature management data includes an asymmetric public-private key pair for the user.
4. The method for efficient retrieval of blockchain data according to claim 1, wherein the chain data management performs hash calculation on the chain data through SM3 algorithm, and the obtained unique hash value is used to identify the uniqueness of the chain; all block chain link points determine that the two parties belong to the same block chain network through the same configuration and the same hash value, that is, the unique id of the block chain is equal to SM3.hash (chain _ config _ params), wherein the chain _ config _ params represents a data set of all the chains, and the SM3.hash represents hash calculation of the chain.
5. The method for efficient retrieval of blockchain data according to claim 1, wherein the node data management identifies the node identity uniqueness by SM2 public key, hash the SM2 public key and other readable node identity information and node configuration information by SM3 algorithm, and asymmetrically sign the information by SM2 private key that does not need to be transmitted in the network for identity verification by other nodes, that is, node id is equal to sm2.sign (sm3. hash), where pub _ key represents SM2 public key, other _ params represents other data, sm3.hash represents hash calculation, and sm2.sign represents signature of sm3.hash result by SM2 private key.
6. The method as claimed in claim 1, wherein the block data management uses SM3 algorithm to hash the block data, and the obtained unique hash value is used as the unique identifier of the block and is used together with the block number as the index value of the block, i.e. the block id is equal to sm3.hash (block _ number, other _ params), where block _ number represents the block number (e.g. 1, 2, 3, … …), other _ params represents other data, and sm3.hash represents the hash of the aforementioned data.
7. The method for efficient retrieval of blockchain data according to claim 1, wherein the contract data management hashes the contract information through SM3 algorithm, and the obtained unique hash value is used as a unique identifier of the contract, namely, the contract id is equal to sm3.hash (contract _ params), wherein the contract _ params represents the contract information, and the sm3.hash represents the hash of the information.
8. The method for efficient retrieval of blockchain data according to claim 1, wherein the transaction data management performs hash calculation on the transaction data through SM3 algorithm to obtain a unique hash value as a unique identifier of the transaction, i.e. the transaction id is equal to sm3.hash (txn _ params, txn _ sig), where txn _ params represents the transaction data, txn _ sig represents the signature of the transaction participant on the transaction through SM2 private key, and sm3.hash represents the hash calculation on the aforementioned information.
9. A method for efficient retrieval of blockchain data according to claim 1, wherein said signature management supports generation of SM2 public-private key pairs by way of random SM3 hash values or user-specified seeds, wherein the private key is base58 encoded as a wallet password for securing wallets; the method supports the generation of SM2 public-private key pairs by means of random SM3 hash values or user-specified seeds, wherein the private key is stored in the wallet and can be used after the wallet is opened through the wallet password, and the public key is opened for the use of a blockchain network through an interface; in order to ensure readability and security of the public and private keys and signatures thereof, check codes, base58 codes and prefixes are added to the public and private keys and the signatures, wherein the private key format is PVT _ S2_ base58(PVT _ key, checksum), "PVT" represents that the private key is a private key, "S2" represents that the private key is an SM2 type private key, PVT _ key represents an SM2 private key, and the checksum represents a private key check code, the value of which is sm3.hash _ hash _4(PVT _ key), namely, the private key is subjected to two hash calculations, the first 4 bytes of the result are taken, and base58 represents that the private key and the private key check code are subjected to base58 codes; the public key format is PUB _ S2_ base58(PUB _ key, checksum), "PUB" denotes that it is a public key, "S2" denotes that it is a SM2 type public key, PUB _ key denotes an SM2 public key, checksum denotes a public key check code, the value of which is sm3.hash _ hash _4(PUB _ key), i.e., the public key is subjected to hash calculation twice, and the first 4 bytes of the result are taken, and base58 denotes that the public key and the public key check code are subjected to base58 encoding; the signature format is SIG _ S2_ base58(SIG, checksum), "SIG" denotes that it is a digital signature, "S2" denotes that it is an SM2 type signature, "SIG" denotes a signature entity, checksum denotes a signature check code, and its value is sm3.hash _ hash _4(SIG), i.e., two hash calculations are performed on the signature entity and the first 4 bytes of the result are taken, and base58 denotes that base58 encoding is performed on the signature entity and the signature check code.
10. A device for encrypting blockchain data based on a quotient secret algorithm, comprising: the system comprises a chain data management module, a node data management module, a block data management module, a contract data management module, a transaction data management module and a signature management module; the chain data management module performs Hash calculation and Hash value verification on chain data, the node data management module performs Hash calculation, Hash value verification, identity information signature and identity information verification on node data, the block data management module performs Hash calculation, Hash value verification, block signature and block signature verification on block data, the contract data management module performs Hash calculation and Hash value verification on contract data, the transaction data management module performs transaction signature, signature verification, Hash calculation and Hash value verification on transaction data, and the signature management module provides two asymmetric key generation, storage and signature methods of random or designated seeds.
11. The apparatus for efficient retrieval of blockchain data according to claim 10, wherein the chain data management module performs hash calculation on the chain data call SM3 algorithm, and the obtained unique hash value is used as the unique identifier of the chain; the node data management module calls SM3 algorithm to perform hash calculation on the node data, the obtained unique hash value is used as the unique identifier of the node, the SM2 algorithm is called to perform asymmetric signature on the data, the data are attached to a node data list and broadcast in a block link network, and therefore authenticity, uniqueness, non-tamper property and verifiability of the node identity are guaranteed; the block data management module carries out hash calculation on block data, an obtained unique hash value is used as a unique identifier of a block, an SM2 algorithm is called to carry out asymmetric signature on the block data, the block data is attached to a block data list and is broadcasted in a block link network, and therefore authenticity, uniqueness, non-tamper property and verifiability of the block are guaranteed; the contract management module calls SM3 algorithm to perform hash calculation on the contract information, and the obtained unique hash value is used as the unique identifier of the contract; the transaction data management module carries out hash calculation on the transaction data through an SM3 algorithm and carries out asymmetric signature on the transaction data through an SM2 algorithm, and the information is broadcasted in a block link network so as to ensure the authenticity, uniqueness, non-tamper property and verifiability of the transaction; the signature management module provides standard interfaces of SM2 and SM3 for SM2 key pair generation, digital signature, signature verification, and SM3 hashing algorithms.
12. The apparatus for efficient retrieval of blockchain data according to claim 10, wherein the modules provide multiple programming language implementations, the chain data management module, the node data management module, the blockchain data management module, the contract data management module and the transaction data management module are used as a plug-in as part of the underlying blockchain system, and the signature management module is used as a module independent from the underlying blockchain system and provided to the business system in the form of a call library or an independent service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111192428.7A CN113904854B (en) | 2021-10-13 | 2021-10-13 | Block chain data encryption method and device based on quotient algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111192428.7A CN113904854B (en) | 2021-10-13 | 2021-10-13 | Block chain data encryption method and device based on quotient algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113904854A true CN113904854A (en) | 2022-01-07 |
| CN113904854B CN113904854B (en) | 2024-01-02 |
Family
ID=79191810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111192428.7A Active CN113904854B (en) | 2021-10-13 | 2021-10-13 | Block chain data encryption method and device based on quotient algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113904854B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114614991A (en) * | 2022-03-11 | 2022-06-10 | 国网浙江省电力有限公司电力科学研究院 | Block chain automatic settlement method and system suitable for small micro load aggregation response |
| CN115150150A (en) * | 2022-06-28 | 2022-10-04 | 北京送好运信息技术有限公司 | Information recording method based on block chain technology |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN109767220A (en) * | 2019-01-15 | 2019-05-17 | 中国联合网络通信集团有限公司 | Method of commerce based on block chain and the transaction system based on block chain |
| WO2019101240A2 (en) * | 2019-03-15 | 2019-05-31 | Alibaba Group Holding Limited | Authentication based on a recoverd public key |
| CN110247757A (en) * | 2019-04-19 | 2019-09-17 | 中国工商银行股份有限公司 | Block chain processing method based on national secret algorithm, apparatus and system |
| CN110933045A (en) * | 2019-11-08 | 2020-03-27 | 中国电子科技网络信息安全有限公司 | Block chain digital asset privacy protection method based on commitment |
| CN111147245A (en) * | 2020-01-08 | 2020-05-12 | 江苏恒为信息科技有限公司 | Algorithm for encrypting by using national password in block chain |
| WO2020140931A1 (en) * | 2019-01-03 | 2020-07-09 | 菜鸟智能物流控股有限公司 | Blockchain access control method and apparatus, and electronic device |
| CN111628868A (en) * | 2020-05-26 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Digital signature generation method and device, computer equipment and storage medium |
| WO2020232800A1 (en) * | 2019-05-17 | 2020-11-26 | 深圳市网心科技有限公司 | Data processing method and system in block chain network and related device |
| CN112637278A (en) * | 2020-12-09 | 2021-04-09 | 云南财经大学 | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium |
| CN112968778A (en) * | 2021-02-04 | 2021-06-15 | 西安电子科技大学 | Block chain state encryption algorithm conversion method and system, computer equipment and application |
-
2021
- 2021-10-13 CN CN202111192428.7A patent/CN113904854B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| WO2020140931A1 (en) * | 2019-01-03 | 2020-07-09 | 菜鸟智能物流控股有限公司 | Blockchain access control method and apparatus, and electronic device |
| CN109767220A (en) * | 2019-01-15 | 2019-05-17 | 中国联合网络通信集团有限公司 | Method of commerce based on block chain and the transaction system based on block chain |
| WO2019101240A2 (en) * | 2019-03-15 | 2019-05-31 | Alibaba Group Holding Limited | Authentication based on a recoverd public key |
| CN110247757A (en) * | 2019-04-19 | 2019-09-17 | 中国工商银行股份有限公司 | Block chain processing method based on national secret algorithm, apparatus and system |
| WO2020232800A1 (en) * | 2019-05-17 | 2020-11-26 | 深圳市网心科技有限公司 | Data processing method and system in block chain network and related device |
| CN110933045A (en) * | 2019-11-08 | 2020-03-27 | 中国电子科技网络信息安全有限公司 | Block chain digital asset privacy protection method based on commitment |
| CN111147245A (en) * | 2020-01-08 | 2020-05-12 | 江苏恒为信息科技有限公司 | Algorithm for encrypting by using national password in block chain |
| CN111628868A (en) * | 2020-05-26 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Digital signature generation method and device, computer equipment and storage medium |
| CN112637278A (en) * | 2020-12-09 | 2021-04-09 | 云南财经大学 | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium |
| CN112968778A (en) * | 2021-02-04 | 2021-06-15 | 西安电子科技大学 | Block chain state encryption algorithm conversion method and system, computer equipment and application |
Non-Patent Citations (2)
| Title |
|---|
| LINLIN ZHANG; YUNHAN GE: "Identity Authentication Based on Domestic Commercial Cryptography with Blockchain in the Heterogeneous Alliance Network", 《2021 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS AND COMPUTER ENGINEERING (ICCECE)》, pages 191 - 195 * |
| 郑东;范秦铭;郭瑞;杨耿: "区块链电子拍卖中基于身份的盲签名方案", 《西安邮电大学学报》, vol. 26, no. 4, pages 46 - 52 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114614991A (en) * | 2022-03-11 | 2022-06-10 | 国网浙江省电力有限公司电力科学研究院 | Block chain automatic settlement method and system suitable for small micro load aggregation response |
| CN114614991B (en) * | 2022-03-11 | 2023-12-26 | 国网浙江省电力有限公司电力科学研究院 | Block chain automatic settlement method and system suitable for small micro-load aggregate response |
| CN115150150A (en) * | 2022-06-28 | 2022-10-04 | 北京送好运信息技术有限公司 | Information recording method based on block chain technology |
| CN115150150B (en) * | 2022-06-28 | 2024-01-26 | 北京送好运信息技术有限公司 | Information recording method based on block chain technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113904854B (en) | 2024-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109936457B (en) | Block chain multi-party witness method, device, equipment and computer readable storage medium | |
| CN107888562B (en) | Data verification and transceiving method, node and system for parallel link access to interconnection chain | |
| CN112926982B (en) | Transaction data processing method, device, equipment and storage medium | |
| CN107862216B (en) | Privacy protection method, device and storage medium for anonymous cross-link transaction | |
| CN110958110B (en) | Block chain private data management method and system based on zero knowledge proof | |
| CN110581854B (en) | Intelligent terminal safety communication method based on block chain | |
| CN111625593B (en) | Block chain-based data processing method and device and computer equipment | |
| CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
| CN113421097B (en) | Data processing method and device, computer equipment and storage medium | |
| CN111786812B (en) | Node management method, device, computer equipment and storage medium | |
| CN112968883B (en) | Block chain heterogeneous consensus method with high safety and terminal | |
| CN113328997B (en) | Alliance chain crossing system and method | |
| CN111371905A (en) | Block chain layered consensus proving system structure and method based on cloud computing | |
| CN113904854A (en) | Block chain data encryption method and device based on quotient secret algorithm | |
| CN110930153B (en) | Block chain privacy data management method and system based on hidden third party account | |
| CN113067707B (en) | Data processing method, device and equipment based on block chain and readable storage medium | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| KR20200081533A (en) | Blockchain Consensus Method based Improved Dynamic Blind Voting for Internet of Things Environment | |
| CN111125781A (en) | File signature method and device and file signature verification method and device | |
| CN111683090A (en) | Block chain digital signature method and device based on distributed storage | |
| He et al. | A novel cryptocurrency wallet management scheme based on decentralized multi-constrained derangement | |
| CN113922971A (en) | Cross-chain interaction method and device | |
| CN111340485A (en) | Configuration method of digital certificate for alliance block chain, terminal and root certificate server | |
| CN111401888A (en) | Method and device for generating multiple signature wallets | |
| CN110851804A (en) | Alliance chain identity authentication method based on electronic contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |