CN114143080A - Block chain data privacy protection and sharing method based on zero knowledge proof - Google Patents
Block chain data privacy protection and sharing method based on zero knowledge proof Download PDFInfo
- Publication number
- CN114143080A CN114143080A CN202111438060.8A CN202111438060A CN114143080A CN 114143080 A CN114143080 A CN 114143080A CN 202111438060 A CN202111438060 A CN 202111438060A CN 114143080 A CN114143080 A CN 114143080A
- Authority
- CN
- China
- Prior art keywords
- data
- cloud service
- key
- knowledge proof
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Abstract
A data owner generates data into an encrypted ciphertext according to a requirement keyword generated by a cloud service provider and sends the encrypted ciphertext to a trusted cloud server, Hash with a signature is recorded in a block chain, meanwhile, a zero knowledge proof pi generated by private data, and a calculation result R and a Hash value h are sent to an intelligent contract for automatic comparison. Zero-proof-of-knowledge verification informs the data owner to use the public key PK of the cloud service organizationdPerforming a re-encryption algorithm to generate a re-encryption key PKu→dAnd passing it throughThe public key encryption of the cloud service provider is sent to the semi-trusted agent cloud server, and the re-encryption algorithm is executed to obtain the ciphertextConversion to intermediate ciphertextThe intermediate ciphertext is sent to the cloud service provider, using the private key SKdAnd executing a decryption algorithm to obtain required privacy data and verifying the privacy data according to the information on the blockchain. And submitting the transaction of the data sharing information to a verification node through the post intelligent contract, and issuing the transaction on the block chain after verification by using an RBFT consensus algorithm.
Description
Technical Field
The invention relates to the technical field of block chain data privacy protection safety.
Background
The block chain is an effective method for solving the problems of transaction verifiability and traceability due to the characteristics of decentralization, non-tamper property, traceability, executable intelligent contracts and the like. Due to the characteristics of the distributed data account book, the method is widely applied to a plurality of scenes such as virtual currency, electronic bidding, industrial Internet of things and the like. In addressing data privacy, blockchains may incorporate a variety of cryptographic means. Such as: and the protection of data privacy and identity privacy on a block chain is realized by combining attribute encryption, homomorphic encryption, searchable encryption and proxy re-encryption.
The proxy re-encryption is a key conversion mechanism for converting a key of a ciphertext into a key which can be decrypted by an authorized person, the proxy re-encryption utilizes the storage capacity of the cloud platform, a data owner can encrypt data by using a symmetric key, the obtained ciphertext is stored in the cloud end, and the obtained ciphertext is uploaded and stored to the cloud end by using a public key of the data owner to encrypt the symmetric key. When the data owner Alice wants to share data with Bob, the data owner Alice generates a re-encryption key according to the decryption key and the encryption key of Bob, and sends the re-encryption key to the cloud. And the cloud server performs re-encryption operation and stores the obtained ciphertext in the cloud. And then Bob downloads the key from the cloud server and decrypts the key by using the private key of the Bob to obtain the symmetric key, and then the symmetric key decrypts the key to obtain the original plaintext. Therefore, the aim of ciphertext sharing is achieved, and the secret key of Alice is not disclosed in the whole process.
Zero-knowledge proof is a cryptographic technique that enables a prover to convince a verifier that some assertion is correct without providing the verifier with any valuable information. Zero knowledge concise non-interactive knowledge proof (zk-SNARKs, zero knowledge summary definitions of knowledge) is one of generating tools of zero knowledge proof, and is applied to Zcah, ZETH and other cryptocurrencies in a platform of block chain transaction for hiding privacy information such as transaction sender and receiver addresses and transaction amount. In data sharing between a cloud service provider and a data owner, the data availability verification between data transactions of two parties can be realized by combining an intelligent contract technology, and effective data information is guaranteed to be provided. .
Disclosure of Invention
The invention aims to provide a block chain data privacy protection and sharing method based on zero knowledge proof.
The invention relates to a block chain data privacy protection and sharing method based on zero knowledge proof, which comprises a data encryption and decryption algorithm, a zero knowledge proof generation algorithm and a zero knowledge proof verification algorithm, and comprises the following steps:
transaction entities participating in the blockchain, including data transaction institutions such as data owners and cloud service providers, need to be registered in the blockchain network. Then, automatically distributing a block chain address of a participating entity by the block chain network, and registering corresponding authority according to different role identities of participating users;
the cloud service provider generates a zero-knowledge proof containing some attribute requirements of zk-SNARKs, calculates the result and records in the intelligent contract of the hash value, and simultaneously issues some keywords of data requirements;
after generating private data, the data owner uploads the encryption to a semi-trusted agent cloud server for storage, attaches a digital signature of the data owner, verifies the transaction by a verification node and records the transaction into a block chain;
the data owner submits a zero knowledge proof to the smart contract. Then the intelligent contract automatically verifies whether the zero-knowledge proof meets the requirements of the cloud service provider;
after the verification is passed, the data owner generates a conversion key by using a public key provided by a cloud service mechanism;
and after receiving the intermediate ciphertext acquired from the proxy cloud server, the cloud service provider decrypts the ciphertext through the private key of the proxy cloud server. The semi-trusted agent cloud server cannot acquire any plaintext related information in the data sharing process. And the cloud service provider decrypts the intermediate ciphertext by using the private key to obtain the private data.
Compared with the prior art, the method has the advantages that:
(1) and the proxy re-encryption technology is adopted to ensure the sharing of data between the cloud service provider and the data owner. Data sharing traceability and verifiable between multiple entities is achieved based on block chain characteristics. .
(2) And a method combining zero-knowledge proof and an intelligent contract is provided, so that a data owner can prove that data meets the requirements of a cloud service mechanism on the premise of not revealing any data privacy. The consistency and the availability of the data in the sharing process are realized, and the benefits of both parties are protected.
(3) Two-stage mechanism is adopted to meet the environmental characteristics of adapting to the industrial Internet of things. The nodes are grouped, and a Raft consensus mechanism with supervision nodes is adopted in the group, so that the fault tolerance is higher. And the leadership committee elected by the Raft consensus mechanism employs the PBFT consensus mechanism. The time delay is reduced, the throughput is improved, and the safety is higher. .
Drawings
Fig. 1 is a block chain data privacy protection and sharing scheme based on zero knowledge proof.
Detailed Description
The invention relates to a block chain data privacy protection and sharing method based on zero knowledge proof, which comprises a data encryption and decryption algorithm, a zero knowledge proof generation algorithm and a zero knowledge proof verification algorithm, and comprises the following steps:
transaction entities participating in the blockchain, including data transaction institutions such as data owners and cloud service providers, need to be registered in the blockchain network. Then, automatically distributing a block chain address of a participating entity by the block chain network, and registering corresponding authority according to different role identities of participating users;
the cloud service provider generates a zero-knowledge proof containing some attribute requirements of zk-SNARKs, calculates the result and records in the intelligent contract of the hash value, and simultaneously issues some keywords of data requirements;
after generating private data, the data owner uploads the encryption to a semi-trusted agent cloud server for storage, attaches a digital signature of the data owner, verifies the transaction by a verification node and records the transaction into a block chain;
the data owner submits a zero knowledge proof to the smart contract. Then the intelligent contract automatically verifies whether the zero-knowledge proof meets the requirements of the cloud service provider;
after the verification is passed, the data owner generates a conversion key by using a public key provided by a cloud service mechanism;
and after receiving the intermediate ciphertext acquired from the proxy cloud server, the cloud service provider decrypts the ciphertext through the private key of the proxy cloud server. The semi-trusted agent cloud server cannot acquire any plaintext related information in the data sharing process. And the cloud service provider decrypts the intermediate ciphertext by using the private key to obtain the private data.
As shown in fig. 1, the method for protecting block chain data privacy based on zero knowledge proof includes the following stages:
firstly, after each entity is registered in a block chain, a private key generation center distributes a common private key pair for a user, a cloud service provider generates a zero knowledge proof pi ' of required data through zk-SNARK, and a calculation result R ' and a hash value h ' are sent to an intelligent contract, and required keywords are recorded and issued in the block chain.
Secondly, the data owner generates an encrypted ciphertext according to the requirement of the cloud service provider and sends the encrypted ciphertext to the semi-trusted cloud server, and records the hash with the signature in the block chain. Meanwhile, the zero knowledge proof pi generated by the private data, the calculation result R and the hash value h are sent to the intelligent contract for automatic comparison.
Then, the zero proof of knowledge verifies and notifies the data owner to use the public key PK of the cloud service organization after passingdPerforming a re-encryption algorithm to generate a re-encryption key PKu→dAnd sends it to the semi-trusted agent cloud server through public key encryption of the cloud service provider. Semi-trusted agent cloud server executes re-encryption algorithm to encrypt ciphertextConversion to intermediate ciphertextAnd the later intermediate ciphertext is sent to the cloud service provider.
Finally, the cloud service provider uses the private key SKdAnd executing a decryption algorithm to obtain required privacy data and verifying the privacy data according to the information on the blockchain. And submitting the transaction of the data sharing information to a verification node through the post intelligent contract, and issuing the transaction on the block chain after verification by using an RBFT consensus algorithm. :
the block chain data privacy protection method based on zero knowledge proof includes a network adding stage, a data initialization stage, an intelligent contract issuing stage, an encryption stage, a zero knowledge proof generating stage, a re-encryption stage, a decryption stage and a consensus stage, and specifically includes:
the step (1) of adding the network stage comprises the following steps:
step (1-1) registering; transaction entities participating in the blockchain, including data transaction institutions such as data owners and cloud service providers, need to be registered in the blockchain network;
step (1-2) authority distribution; automatically allocating a block chain address of a participating entity in a block chain network, and registering corresponding authority according to different role identities of participating users;
the data initialization phase flow in the step (2) is as follows:
initializing parameters in the step (2-1); firstly, a PKG selects and inputs a safety parameter lambda, selects a prime number p and generates a multiplication cycle G1And G2Selecting four hash function groups H1,H2,H3,H4In which H is1:{0,1}*→{0,1}k,H2:{0,1}*→G1,H3:G2→{0,1}k,H4:
Step (2-2) defining bilinear mapping; system definition bilinear mapping e G1×G2→G2. PKG random selectiong,h∈G1Is G1Two different generators. Generating a common parameter and a master key Setup (1)λ) → (PK, MSK), where PK ═ p, G1,G2,e,g,h,H1,H2,H3H4),MSK=(a,b,c);
Calculating parameters in the step (2-3); PKG uses its identification ID provided by the data owneruAnd a public and private key pair KeyGen (MSK, PK, ID) generated by the public and private parameters and the master keyu)→(PKu,SKu) The cloud service provider obtains the key pair in the same way. The data owner private key is randomly selected by the PKG to be t, x, y,calculating the following parameters D1=hx D2=hyD3=hz. Wherein (A)1,A2,A3) For recovering the ciphertext, (B)1,B2,B3,D1,D2,D3) For generating a re-encryption key.
Step (3), intelligent contract issuing stage:
the cloud service provider generates a zero knowledge proof pi ' containing some attribute requirements through zk-SNARKs, calculates a result R ', records a hash value h ' in an intelligent contract, and simultaneously issues some keywords of data requirements. Wherein the generation process of the zero-knowledge proof will be described in the following in the perspective of the data owner, and the zero-knowledge proof process of the cloud service organization is similar;
the encryption stage process in the step (4) is as follows:
after the data owner generates private data, the private data is encryptedIts private data D ═<d1,d2,K,dn>WhereinR is randomly selected by the PKG,calculating parameters
The procedure of the data recording uplink stage in step (5) is as follows:
the data owner will store the hash value and digital signature of the data record on the blockchain platform and the private data will be stored encrypted on the proxy cloud server. The data owner will submit his private data D ═<d1,d2,L,dn>And attaches its own digital signature σ theretoa=Authsign(SKu,H(<d1,d2,L,dn>)). When the transaction is verified by the verification node, it is recorded into the blockchain.
The procedure of the data recording uplink stage in step (6) is as follows:
when the private data of the data owner meets the keyword requirement provided by the cloud service provider, the data owner attaches the digital signature and the local time information of the data owner to the private data, and submits the private data to zk-SNARKs to generate a zero knowledge proof pi of the data owner. The construction process is as follows:
step (6-1) according to the ID of the data owneruPrivate data D ═<d1,d2,L,dn>And a local time T, generating the auxiliary information delta ═ D, T, IDu);
Step (6-2) selects random number r and side information δ ═ D, T, IDu) After the hash value H (delta, r) is calculated and generated, a digital signature sigma is generated with the private key of the data ownera=Authsign(SKp,H(δ,r));
Step (6-3) data owner configuration circuit C: Fn×Fh→Fl. Circuit C inputs common parameters<PK1,PK2,L,PKn>Private data D ═<d1,d2,L,dn,r>Data owner identification information<IDu,T>Where T and r are a time stamp and a random number, respectively. The output result R and the hash value h verify the authenticity and the availability of the data;
step (6-4) inputting security parameter lambda and calculating key pair (EK) of circuit C in calculation taskC,VKC) In which EKCFor generating zero knowledge proof, VKCTo verify zero knowledge proof;
step (6-5) prove that the algorithm generates the key EK proved by zero knowledgeCThe private data D of the data owner and the calculation result (R, h) in the third step generate a zero knowledge proof pi;
the flow of the zero knowledge proof verification stage in the step (7) is as follows:
the smart contract verifies its signature using the data owner's public key and then verifies the zero knowledge proof using the zk-SNARKs verification key. After the verification is passed, the intelligent contract automatically compares the zero knowledge proof pi of the data owner, the calculation result R, the hash value h and the zero knowledge proof pi ' of the cloud service mechanism, the calculation result R ' and the hash value h ' respectively. And after the verification is finished, if the verification is correct, outputting 1, otherwise, outputting 0.
The process of the re-encryption stage in the step (8) is as follows:
step (8-1) after the verification is passed, the data owner generates a conversion key ReKeyGen (PK, SK) by using a public key provided by a cloud service organizationu,PKd)→RKu→d. PKG random selection parameter k1,Computing a transformation key RKu→d=(rk1,rk2). Wherein, rk1=(k1B3+B1)+(k2B3+B2)*IDu,
And (8-2) the semi-trusted agent cloud server converts the ciphertext into an intermediate ciphertext which can be decrypted by the cloud service organization after receiving the conversion key encrypted by the public key of the data owner. Proxy cloud server sends intermediate ciphertext to cloud service mechanismWherein the content of the first and second substances,
the decryption stage flow in the step (9) is as follows:
and after receiving the intermediate ciphertext acquired from the proxy cloud server, the cloud service provider decrypts the ciphertext through the private key of the proxy cloud server. The semi-trusted agent cloud server cannot acquire any plaintext related information in the data sharing process. The cloud service provider decrypts the intermediate ciphertext by using the private key to obtain the private dataWherein the content of the first and second substances,
(10) the process of the consensus stage comprises the following steps:
the characteristics of PBFT and Raft are combined, and a two-stage mechanism is adopted to meet the environmental characteristics of adapting to the industrial Internet of things. The nodes are grouped, and a Raft consensus mechanism with supervision nodes is adopted in the group, so that the fault tolerance is higher. And the leadership committee elected by the Raft consensus mechanism employs the PBFT consensus mechanism. The time delay is reduced, the throughput is improved, and the safety is higher. The consensus process is as follows;
and (10-1) after receiving the request of the client C, the Main node Main sorts and signs the transaction, and broadcasts the packaged pre-preparation message.
And (10-2) after the secondary node Replica receives more than 2f messages and verifies that the information such as the signature is valid, broadcasting a prepared message with the identity verification message.
And (10-3) after the secondary node Replica receives more than 2f +1 messages, judging whether the preparation stage is finished or not, and entering a Raft consensus stage.
And (10-4) broadcasting the message by the Leader in the step of Raft.
And (10-5) carrying out verification feedback after the follower nodes receive the message.
And (10-6) judging whether the Leader node meets the consensus or not according to the feedback result, and submitting the log.
And (10-7) after the consensus is completed, returning a consensus result to the intelligent contract, and writing the block chain account book.
Claims (2)
1. A block chain data privacy protection and sharing method based on zero knowledge proof comprises a data encryption and decryption algorithm, a zero knowledge proof generation algorithm and a zero knowledge proof verification algorithm, and is characterized by comprising the following steps:
transaction entities participating in the blockchain, including data transaction institutions such as data owners and cloud service providers, need to be registered in the blockchain network. Then, automatically distributing a block chain address of a participating entity by the block chain network, and registering corresponding authority according to different role identities of participating users;
the cloud service provider generates a zero-knowledge proof containing some attribute requirements of zk-SNARKs, calculates the result and records in the intelligent contract of the hash value, and simultaneously issues some keywords of data requirements;
after generating private data, the data owner uploads the encryption to a semi-trusted agent cloud server for storage, attaches a digital signature of the data owner, verifies the transaction by a verification node and records the transaction into a block chain;
the data owner submits a zero knowledge proof to the smart contract. Then the intelligent contract automatically verifies whether the zero-knowledge proof meets the requirements of the cloud service provider;
after the verification is passed, the data owner generates a conversion key by using a public key provided by a cloud service mechanism;
and after receiving the intermediate ciphertext acquired from the proxy cloud server, the cloud service provider decrypts the ciphertext through the private key of the proxy cloud server. The semi-trusted agent cloud server cannot acquire any plaintext related information in the data sharing process. And the cloud service provider decrypts the intermediate ciphertext by using the private key to obtain the private data.
2. The method of claim 1, wherein the method for protecting and sharing blockchain data privacy based on zero knowledge proof comprises:
the stage of adding the network in the step (1) is as follows:
step (1-1) registering; transaction entities participating in the blockchain, including data transaction institutions such as data owners and cloud service providers, need to be registered in the blockchain network;
step (1-2) authority distribution; automatically allocating a block chain address of a participating entity in a block chain network, and registering corresponding authority according to different role identities of participating users;
the data initialization phase flow in the step (2) is as follows:
initializing parameters in the step (2-1); firstly, a PKG selects and inputs a safety parameter lambda, selects a prime number p and generates a multiplication cycle G1And G2Selecting four hash function groups H1,H2,H3,H4In which H is1:{0,1}*→{0,1}k,H2:{0,1}*→G1,H3:G2→{0,1}k,H4:
Step (2-2) defining bilinear mapping; system definition bilinear mapping e G1×G2→G2. The PKG randomly selects the location of a, b,g,h∈G1is G1Two different generators of (2); generating a common parameter and a master key Setup (1)λ) → (PK, MSK), wherein PK ═<p,G1,G2,e,g,h,H1,H2,H3H4),MSK=(a,b,c);
Calculating parameters in the step (2-3); PKG uses its identification ID provided by the data owneruAnd a public and private key pair KeyGen (MSK, PK, ID) generated by the public and private parameters and the master keyu)→(PKu,SKu) The cloud service provider obtains the key pair in the same way; the data owner private key is randomly selected by the PKG to be t, x, y,calculating the following parameters D1=hxD2=hyD3=hz. Wherein (A)1,A2,A3) For recovering the ciphertext, (B)1,B2,B3,D1,D2,D3) For generating a re-encryption key;
step (3), intelligent contract issuing stage:
the cloud service provider generates a zero knowledge proof pi ' containing some attribute requirements of the zk-SNARKs through the zk-SNARKs, the calculation result R ' and the hash value h ' are recorded in the intelligent contract, and keywords of some data requirements are issued at the same time; wherein the generation process of the zero-knowledge proof will be described in the following in the perspective of the data owner, and the zero-knowledge proof process of the cloud service organization is similar;
the encryption stage process in the step (4) is as follows:
after the data owner generates private data, the private data is encryptedIts private data D ═<d1,d2,K,dn>WhereinR is randomly selected by the PKG,calculating parameters
The procedure of the data recording uplink stage in step (5) is as follows:
the data owner stores the hash value and the digital signature of the data record on the block chain platform, and the private data is stored on the proxy cloud server in an encrypted manner; the data owner will submit his private data D ═<d1,d2,L,dnHas a hash value of (1) and attaches its digital signature σ theretoa=Authsign(SKu,H(<d1,d2,L,dn>)). When the transaction is verified by the verification node, recording the transaction into the block chain;
the procedure of the data recording uplink stage in step (6) is as follows:
when the private data of the data owner meets the keyword requirement provided by the cloud service provider, the data owner attaches the digital signature and the local time information of the data owner to the private data, and submits the private data to zk-SNARKs to generate a zero knowledge proof pi of the data owner. The construction process is as follows:
step (6-1) according to the ID of the data owneruPrivate data D ═<d1,d2,L,dnAnd local time T, generating side information δ ═ D, T, IDu);
Step (6-2) selects random number r and side information δ ═ D, T, IDu) Computing the resulting hash value H: (δ, r) is followed by the generation of a digital signature σ from the private key of the data ownera=Authsign(SKp,H(δ,r));
Step (6-3) data owner configuration circuit C: Fn×Fh→Fl. Circuit C inputs common parameters<PK1,PK2,L,PKnPrivate data D ═<d1,d2,L,dnR, data owner identification Information (ID)u,T>Where T and r are a time stamp and a random number, respectively. The output result R and the hash value h verify the authenticity and the availability of the data;
step (6-4) inputting security parameter lambda and calculating key pair (EK) of circuit C in calculation taskC,VKC) In which EKCFor generating zero knowledge proof, VKCTo verify zero knowledge proof;
step (6-5) prove that the algorithm generates the key EK proved by zero knowledgeCThe private data D of the data owner and the calculation result (R, h) in the third step generate a zero knowledge proof pi;
the flow of the zero knowledge proof verification stage in the step (7) is as follows:
the intelligent contract firstly uses the public key of the data owner to verify the signature of the data owner, and then uses the verification key of zk-SNARKs to verify the zero knowledge proof; after the verification is passed, the intelligent contract automatically and respectively compares the zero knowledge proof pi of the data owner, the calculation result R, the hash value h and the zero knowledge proof pi ' of the cloud service mechanism, the calculation result R ' and the hash value h '; after the verification is finished, if the verification is correct, outputting 1, otherwise, outputting 0;
the process of the re-encryption stage in the step (8) is as follows:
step (8-1) after the verification is passed, the data owner generates a conversion key ReKeyGen (PK, SK) by using a public key provided by a cloud service organizationu,PKd)→RKu→d(ii) a PKG random selection parameter k1,Computing a transformation key RKu→d=(rk1,rk2) Wherein, rk1=(k1B3+B1)+(k2B3+B2)*IDu,
Step (8-2), the semi-trusted agent cloud server receives a conversion key encrypted by the public key of the data owner and converts the ciphertext into an intermediate ciphertext which can be decrypted by a cloud service organization; proxy cloud server sends intermediate ciphertext to cloud service mechanismWherein the content of the first and second substances,
the decryption stage flow in the step (9) is as follows:
after receiving the intermediate ciphertext obtained from the proxy cloud server, the cloud service provider decrypts the ciphertext through a private key of the proxy cloud server; the semi-trusted agent cloud server cannot acquire any plaintext related information in the data sharing process; the cloud service provider decrypts the intermediate ciphertext by using the private key to obtain the private dataWherein the content of the first and second substances,
the flow of the consensus stage in the step (10) is as follows:
the characteristics of PBFT and Raft are combined, and a two-stage mechanism is adopted to meet the environmental characteristics of adapting to the industrial Internet of things. The nodes are grouped, and a Raft consensus mechanism with supervision nodes is adopted in the group, so that the fault tolerance is higher; the leadership committee elected by the Raft consensus mechanism adopts the PBFT consensus mechanism; the time delay is reduced, the throughput is improved, and the safety is higher; the consensus process is as follows;
step (10-1), after receiving the request of the client C, the Main node Main sorts and signs the transaction, and broadcasts the packaged pre-preparation message;
step (10-2) after the secondary node Replica receives more than 2f messages and verifies that the information such as the signature is valid, broadcasting a prepared message with an identity verification message;
after the secondary node Replica receives more than 2f +1 messages, judging whether the preparation stage is finished or not, and entering a Raft consensus stage;
the Leader in the step (10-4) Raft broadcasts messages;
step (10-5), the follower nodes carry out verification feedback after receiving the message;
step (10-6), the Leader node Leader judges whether to achieve consensus according to the feedback result, and submits the log;
and (10-7) after the consensus is completed, returning a consensus result to the intelligent contract, and writing the block chain account book.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111438060.8A CN114143080A (en) | 2021-11-30 | 2021-11-30 | Block chain data privacy protection and sharing method based on zero knowledge proof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111438060.8A CN114143080A (en) | 2021-11-30 | 2021-11-30 | Block chain data privacy protection and sharing method based on zero knowledge proof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114143080A true CN114143080A (en) | 2022-03-04 |
Family
ID=80389554
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111438060.8A Withdrawn CN114143080A (en) | 2021-11-30 | 2021-11-30 | Block chain data privacy protection and sharing method based on zero knowledge proof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114143080A (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114499900A (en) * | 2022-04-18 | 2022-05-13 | 杭州费尔斯通科技有限公司 | Block chain private data sharing method based on zero knowledge proof |
CN114726535A (en) * | 2022-03-30 | 2022-07-08 | 北京理工大学 | Privacy protection anti-counterfeiting automobile supply chain method based on block chain |
CN114760067A (en) * | 2022-03-30 | 2022-07-15 | 西安电子科技大学 | Block chain group intelligent perception system privacy security protection method using zero knowledge certification |
CN114785516A (en) * | 2022-03-31 | 2022-07-22 | 浙江数秦科技有限公司 | Time-limited encryption and decryption system based on block chain |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN114841701A (en) * | 2022-07-04 | 2022-08-02 | 浙江大学 | Digital artwork anti-theft credible transaction method and device based on NFT |
CN114866323A (en) * | 2022-04-29 | 2022-08-05 | 华中科技大学 | User-controllable private data authorization sharing system and method |
CN114884747A (en) * | 2022-06-16 | 2022-08-09 | 华北电力大学(保定) | Energy transaction data sharing system and method based on cloud chain fusion |
CN114938310A (en) * | 2022-06-28 | 2022-08-23 | 湖南大学 | Medicine similarity calculation method based on privacy protection |
CN114944954A (en) * | 2022-05-23 | 2022-08-26 | 天津理工大学 | Privacy security data sharing method based on function encryption |
CN115314225A (en) * | 2022-08-08 | 2022-11-08 | 西南石油大学 | Electronic medical record sharing and verifiable system based on block chain |
CN115348054A (en) * | 2022-06-30 | 2022-11-15 | 海南大学 | Block chain data proxy re-encryption model based on IPFS |
CN115378600A (en) * | 2022-07-27 | 2022-11-22 | 浪潮云信息技术股份公司 | Verifiable chameleon Hash verification method based on discrete logarithm |
CN115499193A (en) * | 2022-09-14 | 2022-12-20 | 西南石油大学 | Rural tourism passenger privacy protection system and method based on block chain |
CN115580431A (en) * | 2022-09-01 | 2023-01-06 | 广州大学 | Private data access control method based on alliance chain intelligent contract |
CN115801288A (en) * | 2023-01-10 | 2023-03-14 | 南方科技大学 | Verification method, system and equipment based on block chain and zero knowledge proof |
CN115811402A (en) * | 2022-11-14 | 2023-03-17 | 吉林大学 | Privacy protection federal learning-based medical data analysis method and storage medium |
CN115865364A (en) * | 2022-11-24 | 2023-03-28 | 杭州微毅科技有限公司 | Block chain transaction security evaluation method and system |
CN116684091A (en) * | 2023-07-24 | 2023-09-01 | 安徽省大数据中心 | Relay multi-level data blockchain sharing method and system based on quantum key distribution |
CN117034213A (en) * | 2023-10-08 | 2023-11-10 | 广州市悦智计算机有限公司 | Method for encryption protection of NFT (network File transfer) of digital work |
CN117319521A (en) * | 2023-09-21 | 2023-12-29 | 江西省数盾信息技术网络安全研究院有限公司 | Data transmission method and system based on privacy computing network |
CN117726421A (en) * | 2024-02-07 | 2024-03-19 | 湖南三湘银行股份有限公司 | Rights management method applied to bank |
-
2021
- 2021-11-30 CN CN202111438060.8A patent/CN114143080A/en not_active Withdrawn
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114726535A (en) * | 2022-03-30 | 2022-07-08 | 北京理工大学 | Privacy protection anti-counterfeiting automobile supply chain method based on block chain |
CN114760067A (en) * | 2022-03-30 | 2022-07-15 | 西安电子科技大学 | Block chain group intelligent perception system privacy security protection method using zero knowledge certification |
CN114760067B (en) * | 2022-03-30 | 2023-09-12 | 西安电子科技大学 | Privacy security protection method for blockchain crowd sensing system by using zero knowledge proof |
CN114726535B (en) * | 2022-03-30 | 2023-10-20 | 北京理工大学 | Privacy protection anti-fake automobile supply chain method based on blockchain |
CN114785516A (en) * | 2022-03-31 | 2022-07-22 | 浙江数秦科技有限公司 | Time-limited encryption and decryption system based on block chain |
CN114785516B (en) * | 2022-03-31 | 2024-04-05 | 浙江数秦科技有限公司 | Time-limited encryption and decryption system based on block chain |
CN114499900A (en) * | 2022-04-18 | 2022-05-13 | 杭州费尔斯通科技有限公司 | Block chain private data sharing method based on zero knowledge proof |
CN114866323A (en) * | 2022-04-29 | 2022-08-05 | 华中科技大学 | User-controllable private data authorization sharing system and method |
CN114944954A (en) * | 2022-05-23 | 2022-08-26 | 天津理工大学 | Privacy security data sharing method based on function encryption |
CN114944954B (en) * | 2022-05-23 | 2023-08-25 | 天津理工大学 | Privacy security data sharing method based on function encryption |
CN114884747A (en) * | 2022-06-16 | 2022-08-09 | 华北电力大学(保定) | Energy transaction data sharing system and method based on cloud chain fusion |
CN114827212B (en) * | 2022-06-27 | 2022-09-16 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN114938310A (en) * | 2022-06-28 | 2022-08-23 | 湖南大学 | Medicine similarity calculation method based on privacy protection |
CN115348054A (en) * | 2022-06-30 | 2022-11-15 | 海南大学 | Block chain data proxy re-encryption model based on IPFS |
CN114841701A (en) * | 2022-07-04 | 2022-08-02 | 浙江大学 | Digital artwork anti-theft credible transaction method and device based on NFT |
CN115378600A (en) * | 2022-07-27 | 2022-11-22 | 浪潮云信息技术股份公司 | Verifiable chameleon Hash verification method based on discrete logarithm |
CN115314225A (en) * | 2022-08-08 | 2022-11-08 | 西南石油大学 | Electronic medical record sharing and verifiable system based on block chain |
CN115580431A (en) * | 2022-09-01 | 2023-01-06 | 广州大学 | Private data access control method based on alliance chain intelligent contract |
CN115499193B (en) * | 2022-09-14 | 2024-02-13 | 西南石油大学 | Country travel passenger privacy protection system and method based on blockchain |
CN115499193A (en) * | 2022-09-14 | 2022-12-20 | 西南石油大学 | Rural tourism passenger privacy protection system and method based on block chain |
CN115811402A (en) * | 2022-11-14 | 2023-03-17 | 吉林大学 | Privacy protection federal learning-based medical data analysis method and storage medium |
CN115811402B (en) * | 2022-11-14 | 2023-05-30 | 吉林大学 | Medical data analysis method based on privacy protection federal learning and storage medium |
CN115865364A (en) * | 2022-11-24 | 2023-03-28 | 杭州微毅科技有限公司 | Block chain transaction security evaluation method and system |
CN115865364B (en) * | 2022-11-24 | 2023-11-17 | 杭州微毅科技有限公司 | Block chain transaction security assessment method and system |
CN115801288B (en) * | 2023-01-10 | 2023-04-18 | 南方科技大学 | Verification method, system and equipment based on block chain and zero knowledge proof |
CN115801288A (en) * | 2023-01-10 | 2023-03-14 | 南方科技大学 | Verification method, system and equipment based on block chain and zero knowledge proof |
CN116684091A (en) * | 2023-07-24 | 2023-09-01 | 安徽省大数据中心 | Relay multi-level data blockchain sharing method and system based on quantum key distribution |
CN116684091B (en) * | 2023-07-24 | 2023-10-31 | 安徽省大数据中心 | Relay multi-level data blockchain sharing method and system based on quantum key distribution |
CN117319521A (en) * | 2023-09-21 | 2023-12-29 | 江西省数盾信息技术网络安全研究院有限公司 | Data transmission method and system based on privacy computing network |
CN117319521B (en) * | 2023-09-21 | 2024-04-05 | 江西省数盾信息技术网络安全研究院有限公司 | Data transmission method and system based on privacy computing network |
CN117034213A (en) * | 2023-10-08 | 2023-11-10 | 广州市悦智计算机有限公司 | Method for encryption protection of NFT (network File transfer) of digital work |
CN117726421A (en) * | 2024-02-07 | 2024-03-19 | 湖南三湘银行股份有限公司 | Rights management method applied to bank |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114143080A (en) | Block chain data privacy protection and sharing method based on zero knowledge proof | |
Zhang et al. | Outsourcing service fair payment based on blockchain and its applications in cloud computing | |
CN113364600B (en) | Certificateless public auditing method for integrity of cloud storage data | |
CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
US8744077B2 (en) | Cryptographic encoding and decoding of secret data | |
CN111064734B (en) | Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device | |
CN110971390A (en) | Fully homomorphic encryption method for intelligent contract privacy protection | |
CN109450843B (en) | SSL certificate management method and system based on block chain | |
GB2490407A (en) | Joint encryption using base groups, bilinear maps and consistency components | |
CN109936455A (en) | A kind of methods, devices and systems of digital signature | |
WO2022089237A1 (en) | Blockchain-based value verification method and apparatus, computer device and medium | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN114255034A (en) | Electronic voting method capable of verifying fairness based on block chain | |
CN110728576A (en) | Decentralized anonymous data transaction method based on zero knowledge proof | |
Liu et al. | Decentralized anonymous authentication with fair billing for space-ground integrated networks | |
CN111783136A (en) | Data protection method, device, equipment and storage medium | |
CN109902508A (en) | A kind of method for authenticating entities and system of the anonymity of voucher label originator | |
Damgård et al. | Stronger security and constructions of multi-designated verifier signatures | |
CN113554436A (en) | User identity anonymization method, tracking method and system for block chain system | |
CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
Win et al. | A privacy preserving content distribution mechanism for DRM without trusted third parties | |
Emura et al. | Group signatures with message-dependent opening: Formal definitions and constructions | |
Huynh et al. | A reliability guaranteed solution for data storing and sharing | |
Deng et al. | Designated-verifier anonymous credential for identity management in decentralized systems | |
CN116308355A (en) | Block chain-based carbon emission transaction and audit method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220304 |