CN114417389A - Method for storing user asset limit through addition homomorphic encryption in block chain - Google Patents
Method for storing user asset limit through addition homomorphic encryption in block chain Download PDFInfo
- Publication number
- CN114417389A CN114417389A CN202210308436.1A CN202210308436A CN114417389A CN 114417389 A CN114417389 A CN 114417389A CN 202210308436 A CN202210308436 A CN 202210308436A CN 114417389 A CN114417389 A CN 114417389A
- Authority
- CN
- China
- Prior art keywords
- client
- asset limit
- deposit
- block chain
- financial institution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
Abstract
The invention relates to the technical field of a block chain, and provides a storage method for an addition homomorphic encryption user asset limit in the block chain, which comprises the following steps: the financial institution examines account deposit data of a client, encrypts the account deposit data of the client to generate a first asset limit and sends the first asset limit to the client; and the client encrypts the first asset limit to generate a second asset limit. And the client initiates a client deposit storage transaction from any one block link point, and if the transaction is verified to be passed according with the preset block link point, the client deposit storage transaction is automatically executed through an intelligent contract. The client can also initiate a client deposit information reading request through the block chain nodes, and each node sends client deposit storage information after verification. According to the method and the device, privacy encryption processing of the deposit amount of the client in the financial institution is realized based on a cryptology homomorphic adding algorithm, and the safety and the privacy of deposit related data are ensured by combining the non-tampering property of the block chain and automatically executing chain linking based on an intelligent contract.
Description
Technical Field
The application relates to the technical field of block chains, in particular to a storage method for an addition homomorphic encryption user asset limit in a block chain.
Background
The asset certificate refers to the certificate material of the assets such as vehicles, houses and deposits, has no value, cannot be used as a mortgage and is used for just proving how much funds the owner of the assets has. The asset certificate can be used for the situations of going abroad, study reservation, enterprise bidding and bidding, engineering company bidding engineering, financing guarantee company financing, traveling needs and the like.
The financial institution masters the personal important information of the client such as name, identification number, transaction record, asset limit, etc. The national legislation has definite protection on the client information of the financial institution, and the financial institution refuses the inquiry, freezing and deduction of deposit information of individuals or units except for other regulations of the division law. In addition, in order to strengthen specific protection of personal information, financial institutions in various places have some internal protection systems and measures for customer information.
Therefore, the existing asset certification mode is complicated, the individual deposit sensitive data is generally only stored in each deposit institution, each financial institution is a centralized management mode, and if an individual wants to perform asset certification to an enterprise, the individual asset information certification is generally required to be inquired by each financial institution deposit institution; if the individual deposits, the individual also needs to go to the corresponding deposit institution for storage, and if the number of the deposit institutions to be deposited is multiple, the individual needs to go to multiple places for storage. The problems of complex operation flow, lack of trust in the process and the like exist. This approach is inefficient and lacks protection for data security and privacy.
Disclosure of Invention
The invention mainly generates homomorphic public and private keys for each client through a block chain technology and a cryptology homomorphic adding algorithm, the public keys are published outwards, the private keys are reserved in the client, the amount of each deposit institution is added, encrypted, stored and linked, the safety and the privacy of personal assets are ensured, the consensus algorithm of the block chain ensures that the data is credible, the chain storage cannot be falsified, and the automatic link technology of the intelligent contract improves the operation efficiency.
The application provides a storage method for an addition homomorphic encryption user asset limit in a block chain, which is applied to a block chain cluster consisting of a client, a financial institution and a plurality of nodes, and is characterized by comprising the following steps:
a client generates a client public key and a client private key by using a homomorphic encryption algorithm, and links the client public key;
the financial institution terminal generates an identity certificate and a financial institution private key by using an asymmetric algorithm, and links the identity certificate;
the client or the financial institution terminal encrypts the client deposit data homomorphically through a homomorphic encryption algorithm and stores the client deposit data after homomorphic encryption in a chain way in an intelligent contract;
the client sends a reading request from any node on the block chain, the reading request carries the client public key, the random number and the client signature, the financial institution receives the reading request, verifies the client public key, the random number and the client signature, and after the verification is passed, calls the client deposit data on the intelligent contract to generate a client asset limit;
the financial institution end encrypts the client asset limit in a homomorphic way to generate a first asset limit and sends the first asset limit to the client end;
after receiving the first asset limit, the client side encrypts the first asset limit in a homomorphic way to generate a second asset limit, and the first asset limit and the second asset limit are linked and stored in an intelligent contract way;
when the client initiates a client deposit storage transaction from any one block chain node in the cluster, wherein the client deposit storage transaction comprises a node transaction signature of the block chain node, the financial institution terminals on the other block chain nodes in the cluster verify the node transaction signature, and whether the client deposit storage transaction is received or not is selected according to a verification result;
if the number of the nodes for receiving the deposit transaction of the client meets the number required by the consensus rule, the deposit transaction is successfully agreed;
and the financial institution end on the chain link points of the rest blocks in the cluster checks the first asset limit and the second asset limit on the chain, and after the first asset limit and the second asset limit pass the checking, the deposit storage transaction of the client is automatically executed through an intelligent contract according to the current account information of the client.
Preferably, the customer deposit data includes: the amount of the customer deposit, the customer identity, the random number and the customer signature.
Preferably, the step of generating the first asset limit by the financial institution terminal includes:
after the financial institution terminal generates the client asset limit, the client asset limit is encrypted homomorphically by using the client public key;
and the financial institution signs the client asset limit subjected to homomorphic encryption and additional information to obtain the first asset limit, wherein the additional information comprises the identity certificate and a timestamp.
Preferably, the step of generating the second asset limit by the client includes:
after the client receives the first asset limit, the client signs the first asset limit and the client additional information by using the client private key to generate a second asset limit, and the client additional information comprises the client public key and a random number.
Preferably, the step of executing the customer deposit storage transaction by the smart contract comprises:
calling intelligent contracts by other block chain nodes in the cluster, judging whether the client deposit data exists on the nodes or not in the intelligent contracts, and if so, accumulating deposit limits in the client deposit data by using homomorphic addition and storing related information on the nodes;
and if the records of the customer accounts do not exist on the other blockchain nodes in the cluster, creating a new customer account and storing the deposit data of the customer.
Preferably, the client can obtain the client asset limit through the blockchain, and the steps include:
the client side sends out a client asset limit reading request from any block link node in the cluster, wherein the client asset limit reading request comprises a signature of any block link node in the cluster;
the rest of the block chain nodes in the cluster receive the client asset limit reading request, verify the signature of any block chain node in the cluster, and send the client asset limit to any block chain node in the cluster after the verification is passed;
and the client acquires the client asset limit from any block chain node in the cluster, and uses the client private key to homomorphically decrypt the client asset limit to acquire the client asset limit.
Preferably, the homomorphic encryption and the homomorphic decryption steps include:
homomorphic encryption: using a public key to perform homomorphic encryption calculation on each original data, performing homomorphic addition after the data are encrypted, and performing homomorphic encryption calculation again on the result after the addition to obtain encrypted data;
homomorphic decryption: using a private key to perform homomorphic decryption calculation on the encrypted data to obtain the original data before encryption, wherein the homomorphic decryption calculation and homomorphic decryption calculation operations are as follows:
C1=Encrypt(m1,pk)
C2=Encrypt(m2,pk)
C3=Homf(C1,C2,pk)
Decrypt(C3,sk)=f(m1,m2)
where Encrypt is an encryption operation, Decrypt is a decryption operation, f () is a calculation function, Homf() Is a high-order computation function, f () and Homf() All satisfy the addition operation, and are homomorphic, m1Is the first original data, m2Is the second original data, C1Is the first encrypted data, C2Is the second encrypted data, C3Is the third encrypted data, sk is the private key.
Preferably, the asymmetric algorithm is a cryptographic SM2 algorithm.
Preferably, if the number of the financial institution sides is more than 1, accumulating the asset limit, and storing the information of the financial institution sides. The method comprises the following steps: the financial institution examines account deposit information of a client, encrypts the account deposit information of the client to generate first deposit information and sends the first deposit information to the client; and the client encrypts the first deposit information to generate second deposit information. And the client initiates the client deposit information storage transaction from any block link point, and if the transaction is verified to be passed according with the preset block link point, the client deposit information storage transaction is automatically executed through an intelligent contract. The client can also initiate a client deposit information reading request through the block chain nodes, and each node sends client deposit storage information after verification. The invention discloses a storage method for encrypting the user asset limit in an adding homomorphic way in a coalition chain, which solves the centralization and the tamper resistance of data storage by using a block chain technology, forms a consensus record on the block chain in a trading way to finish the storage of the client deposit total limit ciphertext, and is realized by an adding homomorphic encryption algorithm, thereby improving the data security and the privacy and improving the operation efficiency.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the embodiments of the invention and, together with the description, serve to explain the principles of the embodiments of the invention. It is obvious that the drawings in the following description are only some of the embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a schematic diagram of the relationship between each node of a blockchain cluster and a user terminal and a financial institution terminal;
FIG. 2 is a flow chart illustrating a method for storing the asset limit of the add-on homomorphic encryption user in the blockchain;
FIG. 3 is a schematic diagram illustrating a process of generating a first asset limit at the financial institution;
FIG. 4 is a schematic diagram of a process for generating a second asset limit at a client;
FIG. 5 is a schematic flow chart of a smart contract performing a customer deposit store transaction;
FIG. 6 is a schematic diagram of a process for a client to query the asset limit of a client.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, steps, and so forth. In other instances, well-known techniques have not been shown or described in detail to avoid obscuring aspects of embodiments of the invention.
The application mainly aims to provide a storage method for the asset limit of an addition homomorphic encryption user in a block chain. The method aims to solve the decentralization and the tamper resistance of data storage by using a block chain technology, realizes the privacy encryption processing of the deposit amount of a client in a financial institution based on a cryptology homomorphic algorithm, combines the non-tampering property of the block chain, automatically executes chain linking based on an intelligent contract, and ensures the safety and the privacy of deposit related data. The consensus records are formed in a transaction mode and are stored on the block chain to finish the client deposit total amount ciphertext, and the addition homomorphic encryption algorithm is used for realizing the consensus records, so that the data security and the privacy are improved, and the operation efficiency is improved.
Exemplary embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, a federation blockchain cluster is provided in the present application, where a federation chain only specifies a plurality of preselected nodes as bookkeepers for members of a certain group and limited third parties, the generation of each block is determined by all preselected nodes, other access nodes can participate in transactions, but not ask about the billing process, and the third parties can perform a limited query through an API opened by the blockchain. To achieve better performance, the federation chain places certain requirements on the configuration and network environment of the consensus or authentication node. The admission mechanism is arranged, so that the transaction performance can be improved more easily, some problems caused by uneven participants are avoided, the block chain is high in safety, and the problem of mutual trust of a plurality of participants is solved. The client side can send a request from any node, the financial institution side can receive the request at any node, and when the client side and the financial institution side are more, the plurality of nodes can work simultaneously or alternatively, so that the transaction efficiency is improved.
As shown in fig. 2, the present invention provides a method for storing an addition homomorphic encrypted user asset limit in a blockchain, which comprises:
s010: the client generates a client public key and a client private key by using a homomorphic encryption algorithm, and links the client public key.
In step S010, the client private key and the client public key are both stored in the client, and the client public key is used as a client unique identifier.
The Homomorphic Encryption (Homomorphic Encryption) is a special Encryption method, and allows the ciphertext to be processed to obtain a result which is still encrypted, that is, the ciphertext is directly processed and the result is the same as the result obtained by processing and encrypting the plaintext. From an algebraic point of view, homomorphism. Homomorphic encryption is a public key encryption (although it may have a symmetric key in some cases), meaning that it uses two separate keys to encrypt and decrypt a data set (a public key). Homomorphic encryption algorithms are classified into addition homomorphs, multiplication homomorphs, and full homomorphs.
If f (a) + f (B) = f (a + B), we call this cryptographic function additive homomorphism; if f (a) × f (B) = f (a × B) is satisfied, we call this encryption function multiplication homomorphism; if an encryption function f only satisfies the addition homomorphism, only addition and subtraction operation can be carried out; if an encryption function f only satisfies the multiplication homomorphism, only multiplication and division operation can be carried out; if an encryption function satisfies both additive and multiplicative homologies, it is called fully homomorphic encryption. Then the encryption function is used to perform various encrypted operations (add, subtract, multiply, divide, polynomial evaluation, exponential, logarithmic, trigonometric functions). As used in this application, is additive homomorphism.
In step S010, homomorphic generation of the client public key and the client private key by using addition may be implemented by the following codes (the codes are merely exemplary descriptions):
{
public String generateKeyPair(String value){
KeyPair keypair = PaillierKeyPair . generateGoodKeyPair ();
RSAPublicKey pubKey =(RSAPublicKey) keypair.getPublic (0;
RSAPrivateCrtKey priKey =(RSAPrivateCrtKey) keypair.getPrivate ();
String publicKeyStr = PaillierKeyPair.publicKeyToPem(pubKey);
String privateKeyStr = PaillierKeyPair.privateKeyToPem(priKey);
// System.out.printLn(" public key :"+publickeyStr");
// Systen.out.printLn(" private key :"+pnivatekeyStr"):
JSONObject value0bject= new JSONObject();
value0bject.put("PublicKey.pem"publicKeyStr);
valueObject.put("PrivateKey.pem"privatekeystr);
return valueObject.toJsONString ( );
}
}
wherein, public Key is the customer public key; the PrivateKey is the client private key. In the method, the client can generate a pair of public and private keys, the private key is kept by the client, and the public key is linked up and disclosed, so that any node can obtain the public key and encrypt the plaintext data without knowing the content of the plaintext data, and the client can decrypt the plaintext data only by using the private key under authorization, thereby improving the security of the client asset related data.
S020: the financial institution terminal uses an asymmetric algorithm to generate an identity certificate and a financial institution private key, and links the identity certificate.
In this embodiment, the financial institution may be a bank, a credit company, or other institution having a deposit function.
Further, in this embodiment, the asymmetric algorithm is a cryptographic SM2 algorithm.
The SM2 cryptographic algorithm is a public key cryptographic algorithm independently designed in China, is independently researched, developed and designed on the basis of an international standard ECC elliptic curve cryptographic theory based on a safer and more advanced elliptic curve cryptographic mechanism, has the performance characteristics of the ECC algorithm and realizes optimization and improvement. The mathematical theory of the ECC algorithm is very esoteric and complex, and is difficult to realize in engineering application, but the unit safety intensity of the ECC algorithm is relatively high. Its decoding or solving difficulty is substantially exponential. Therefore, the unit security strength of the ECC algorithm is far higher than that of the RSA algorithm, the unit security strength can be higher than that of the RSA algorithm with less computing power, and the required key length is far lower than that of the RSA algorithm. At present, the length of 256-bit key is commonly adopted by the ECC-based SM2 certificate, and the encryption strength is equivalent to 3072-bit RSA certificate, which is much higher than the 2048-bit RSA certificate commonly adopted in the industry. In addition, in order to increase the security strength, the key length of the ECC algorithm must be increased continuously, which is slow (e.g., 256-.
The method uses a national secret SM2 algorithm to obtain a private key of the financial institution, stores the private key in the financial institution, and generates an identity certificate at the same time, wherein the identity certificate corresponds to a client, enters an intelligent contract and serves as a unique identifier of the client in the financial institution, and when the client requests for transaction, the client can be verified through the identity certificate to ensure that the client identity is correct.
S030: and the client or the financial institution encrypts the client deposit data through a homomorphic encryption algorithm, and links and stores the encrypted client deposit data in an intelligent contract mode.
Further, the customer deposit data includes: the amount of the customer deposit, the customer identity, the random number and the customer signature.
In step S030, the smart contract is also called a smart contract, is event-driven, has a program that is stateful, obtains multiple-side approval, runs on a blockchain, and can automatically process assets according to preset conditions, and the smart contract has the greatest advantage of using a program algorithm instead of human arbitration and contract execution. Essentially, an intelligent contract is also a program, which is different from a traditional IT system in a word, and the intelligent contract inherits three characteristics of a block chain: data is transparent, non-falsifiable and permanently operated. In the embodiment, various data are stored in an intelligent contract mode, so that the safety of the data is improved.
S040: the client sends a reading request from any node on the block chain, the reading request carries the client public key, the random number and the client signature, the financial institution receives the reading request, verifies the client public key, the random number and the client signature, and after the verification is passed, calls the client deposit data on the intelligent contract to generate a client asset limit;
in step S040, after the client sends out a request at any node on the blockchain, the financial institution can verify the identity of the client and obtain the information of the user' S asset limit through the intelligent contract.
S050: and the financial institution end encrypts the client asset limit to generate a first asset limit and sends the first asset limit to the client.
Further, as shown in fig. 3, the step of generating the first asset limit by the financial institution terminal includes:
s051: after the financial institution terminal generates the client asset limit, the client asset limit is encrypted homomorphically by using the client public key;
s052: and the financial institution signs the client asset limit subjected to homomorphic encryption and additional information to obtain the first asset limit, wherein the additional information comprises the identity certificate and a timestamp.
Further, in step S050, if the number of the financial institution terminals is greater than 1, accumulating the asset limit and storing information of the financial institution.
In step S050, the financial institutions use the client public keys stored in the chain to encrypt the asset limit, and then attach identity certificates and time stamps, so that the transaction time can be traced conveniently in the future, the identity certificates correspond to the clients and the financial institutions, and when the number of the financial institutions is more than 1, the identity certificates can also distinguish the financial institutions. The financial institution can superpose the encrypted data on other nodes on the chain, and the data content of the financial institution end is kept secret at other financial institution ends, so that the data content cannot be leaked in the process. And the client can also obtain all original contents through private key decryption of the data after superposition.
S060: and after receiving the first asset limit, the client side encrypts the first asset limit in a homomorphic way to generate a second asset limit, and links and stores the first asset limit and the second asset limit in an intelligent contract way.
Further, as shown in fig. 4, the step of generating the second asset limit by the client includes:
s061: after the client receives the first asset limit, the client signs the first asset limit and the client additional information by using the client private key to generate a second asset limit, and the client additional information comprises the client public key and a random number.
In step S060, the client attaches information such as the public key and the random number to the first asset limit, and may encrypt the information to generate a second asset limit, where all the information includes and is encrypted for the verification at each financial institution end when the asset certification or the storage transaction occurs.
S070: when the client initiates a client deposit storage transaction from any one block chain node in the cluster, wherein the client deposit storage transaction comprises a node transaction signature of the block chain node, the financial institution terminals on the other block chain nodes in the cluster verify the node transaction signature, and whether the client deposit storage transaction is received or not is selected according to a verification result;
s080: if the number of the nodes for receiving the deposit transaction of the client meets the number required by the consensus rule, the deposit transaction is successfully agreed;
s090: and the financial institution end on the chain link points of the rest blocks in the cluster checks the first asset limit and the second asset limit on the chain, and after the first asset limit and the second asset limit pass the checking, the deposit storage transaction of the client is automatically executed through an intelligent contract according to the current account information of the client.
In the embodiment of the application, the alliance chain is in the cluster, and all nodes in the cluster operate user deposit information transaction and the like. In the consensus process of the block chain nodes in the cluster, the rest of the block chain nodes in the cluster check the node signature in the loan transaction, and whether to receive the transaction can be selected according to the check result. The check criteria and the check rules to be followed may be preset, and in this embodiment, the check criteria and rules are set such that when a preset number of nodes receive a deposit transaction, and therefore, when there are a number of nodes that meet the requirement of the consensus rule to select to receive the transaction, the deposit transaction is successfully agreed and executed by all nodes.
Further, as shown in FIG. 5, the step of executing a customer deposit storage transaction by the smart contract comprises:
s091: calling intelligent contracts by other block chain nodes in the cluster, judging whether the client deposit data exists on the nodes or not in the intelligent contracts, and if so, accumulating deposit limits in the client deposit data by using homomorphic addition and storing related information on the nodes;
in this embodiment, the uplink storage is performed based on an intelligent contract, which is a computer protocol intended to propagate, verify, or execute contracts in an informational manner, that allows trusted transactions to be conducted without a third party, which are traceable and irreversible, thereby ensuring the trustworthiness of the loan information storage.
S092: and if the records of the customer accounts do not exist on the other blockchain nodes in the cluster, creating a new customer account and storing the deposit data of the customer.
In this embodiment, if the deposit transaction is for a new financial institution end without a customer account, a new customer account may be directly generated through the verification, and the deposit data of the customer may be automatically saved.
In step S090 of the present application, the transaction of the customer storing the personal asset may be implemented by the following codes (the codes are merely exemplary illustrations):
{
pub1ic void accountWrite(String Value) {
1f (isEmpty(value)) {
throw new NewSpiralException(NewSpiralErrorEnum , TNVALID _PARAM ,"the parameter cannot be null");
}
JSONObject valueObject = JSONObject.parseObject(value);
checkLoanWriteParams (valueObject);
String existValue = this . businessQuerySc(valueobject . getString (key:"account"));
JSONObject companyValue = valueObject.getJSONObject("blank");
String companySign=companyValue.getString(key:"blanksign");
CompanyValue.put("blanksign",nul1);
// signature verification action
byte [ ] valueHashByte = PaillierCipher.calHash(companyValue);
companyValue.put("blankSign",companySign);
try {
byte [ ] signByte=Hex.decodeHex (companySign);
PublicKey pubKey1 = PaillierCipher.getPublicKey (companyValue.getString (key"blankKey));
V/financial institution signature verification action
if (!Pail1ierCipher.verifyByGM(pubKey1,valueHashByte,signByte )) {
throw new NewspiralException ( HewSpiralErrorEnum . INALTD _ PARAN , "Financial institution information verification failure") ;
}
}catch ( Exception e ) {
throw new NewspiralException ( NewSpiralErrorEnum . INVALTD _ PARAN ,"Financial institution information verification failure"
}
String accountSien = valueObiect.getStrinet(key"accountSign");
valueObject . put ("accountSign",nul1);
byte [ ] accountHashByte= Pai1lierCipher. calHash ( valueObject );
valueObject . put ("accountsign", accountSign );
byte [ ] accountSignByte="".getBytes();
try {
accountSignByte=Hex . decodeHex (accountSign);
} catch ( Exception e ) {
throw new NeWSpira1Exception( NewSpiralErrorEnum.INVALID-PARAM , accountSign"Byte rotation failure");
Pub1icKey accountPubKey =Pai1lierKeyPair.penToPub1icKey(valueObject.getString ( Key"account"));
//Financial institution signature verification action
If (!Pai11ierCipher.verifyByRSA(accountPubKey,accountHashByte,accountSignByte)){
throw new NewSpiralException( NewSpiralErrorEnum , INVALID_PARAM ,"Account information verification failure");
}
JSONObject existValueJSON;
if ( isEmpty ( existValue )) {
existValueJSON = new JSONbject();
}
In another embodiment of the present application, the client can obtain the client asset limit through the blockchain, as shown in fig. 6, the steps include:
s100: any block chain node in the cluster sends out a client asset limit reading request, wherein the client asset limit reading request comprises a signature of the block chain node;
s200: the other block chain nodes in the cluster receive the client asset limit reading request, verify the signature of the block chain node, and send the client asset limit to the block chain node after the verification is passed;
s300: and the client acquires the client asset limit from the block chain node, and decrypts the client asset limit by using the client private key to acquire the client asset limit.
When a client needs asset certification or other situations needing to show assets, a read request can be initiated from any node, such as a node B, the request contains the signature of the node B, after the verification of each node is passed, the asset information of the client can be encrypted and then sent to the client, the client can decrypt ciphertext content by using a client private key or authorize other people to check the asset information of the client, and the client can also send the decrypted asset information to an enterprise as asset certification.
In this embodiment, querying the client's asset limit may be accomplished by the following code (the code is merely illustrative):
{
public String accountQuery ( String jsonObject ){
if ( isEmpty ( jonObject )){
throm new NewSpira1ExCeption(NewSpiralErrorEnun, IALID PARA ,“the parameter cannot be null”)
JSONObjectvalueObject=JSONObject . parseooOject(jsonObject);
checkLoanQueryParams(ValueO6ject):
String accountSign = ValueObject . getString ( key" accountSign ");
valueObject . put (" accountsign ”,nul1);
byte [ ] accountHashByte =Pai1lierCipher. calHash ( valueObject );
ValueObject . put (" accountsign ", accountSign );
byte [ ] accountSignByte ="".getBytes ( );
try {
accountSignByte = Hex , decodeHex ( accountSign );
} catch ( Exception e ){
throw new NewspiralException ( NewSpiralErrorEnum . INVALID _ PARAN , "accountSign Byte rotation failure");
}
PublicKey accountPubKey.PaillierKeyPair . pemToPublicKey ( valueobject getString ( koy “ account "》;
//Financial institution signature verification action
if (!PaillierCipher.verifyByRSA (accountPubKey,accountHash8yte,accountSignbyte )){
throw new HiewspiralException ( NeaSpiralErrorEnum .INAL1D_ PARA ,“Ledger-paper Failure of user information signature verification”);
}
String existValue=this . businessQuerySC(valueObject.getString(key:”account”));
If (isempty(existValue)){
Throw new NewspiralException(NewSpiralErrorEnum.INVAD_PARAM,”The account is not Exist of”);
//JSONbject existValueJSON=JSONbject.parseobject(existValue);
Return existaLue;
}
Further, in the above two embodiments, the homomorphic encryption and the homomorphic decryption step includes:
homomorphic encryption: using a public key to perform homomorphic encryption calculation on each original data, performing homomorphic addition after the data are encrypted, and performing homomorphic encryption calculation again on the result after the addition to obtain encrypted data;
homomorphic decryption: using a private key to perform homomorphic decryption calculation on the encrypted data to obtain the original data before encryption, wherein the homomorphic decryption calculation and homomorphic decryption calculation operations are as follows:
C1=Encrypt(m1,pk)
C2=Encrypt(m2,pk)
C3=Homf(C1,C2,pk)
Decrypt(C3,sk)=f(m1,m2)
where Encrypt is an encryption operation, Decrypt is a decryption operation, f () is a calculation function, Homf() Is a high-order computation function, f () and Homf() The addition operation is satisfied, and the addition homomorphism is realized.
Wherein, the encryption and decryption of the homomorphic encryption algorithm can be realized by the following codes (the codes are only an exemplary illustration):
homomorphic encryption:
@param value
@return
/
private static String encrypt ( Integer value ){
BigInteger i1= BigInteger . valueof ( value );
RSAPublicKeypubKey1=(RSAPublicKey)PaillierKeyPair.pemToPublicKey(ttOnePubli-cKey);
String c1= PaillierCipher . encrypt (i1,pubKey1);
return c1;
}
homomorphic decryption:
@param value
@return
/
private static String decrypt ( String value ){
RSAPrivateKeypriKey1=(RSAPrivateKey)Pai11ierKeyPair.pemToPrivateKey(ttOnePriva-teKey );
BigInteger o1=Pai11ierCipher. decrypt ( value ,priKey1);
return o1+“";
}
the invention mainly generates homomorphic public and private keys for each client through a block chain technology and a cryptology homomorphic adding algorithm, the public keys are published outwards, the private keys are reserved in the client, the amount of each deposit institution is added, encrypted, stored and linked, the safety and the privacy of personal assets are ensured, the consensus algorithm of the block chain ensures that the data is credible, the chain storage cannot be falsified, and the automatic link technology of the intelligent contract improves the operation efficiency.
According to the technical solution, a first embodiment of the present application provides a method for storing an asset quota of an addition homomorphic encryption user in a blockchain, including: the client side uses a homomorphic encryption algorithm to generate a client public key and a client private key, and the financial institution side uses an asymmetric algorithm to generate an identity certificate and a financial institution private key. And when the client side obtains the asset certification from the block chain, the financial institution side audits the account information of the client and generates the asset limit of the client according to the audit result. The financial institution end encrypts the client asset limit to generate a first asset limit and sends the first asset limit to the client. After receiving the first asset limit, the client encrypts the first asset limit to generate a second asset limit; the financial institution end receives any one block chain node in the cluster to initiate a client deposit information storage transaction, the client deposit storage transaction comprises a node transaction signature of the block chain node, and the node transaction signature comprises a first asset limit and a second asset limit. The remaining block link points in the cluster are checked. And (4) node transaction signature, and selecting whether to receive or not according to the verification result. The customer deposits a storage transaction. When the block chain nodes execute the client deposit storage transaction, if the number of the nodes for receiving the client deposit transaction meets the number required by the consensus rule, the deposit transaction is successfully agreed, and the client deposit storage transaction is automatically executed through an intelligent contract.
A second embodiment of the present application provides a method for querying an asset limit of an addition homomorphic encryption user in a blockchain, comprising: and sending a client asset limit reading request by any block chain node in the cluster, wherein the reading request comprises a block chain link point signature. Receiving the reading request by other block chain nodes in the cluster, verifying the signature of the block chain link point, and sending the client asset limit to the block chain link point after the verification is passed; the client side obtains the client asset limit from the block chain node, and decrypts the client asset limit by using the client private key to obtain the client asset limit.
The block chain technology solves the centralization and the tamper resistance of data storage, forms consensus records in a transaction mode, completes the storage of the total credit limit ciphertext of a client on the block chain, and is realized by an addition homomorphic encryption algorithm, so that the data security and the privacy are improved, and the operation efficiency is improved. The whole storage process of the client deposit information is uploaded to the block chain data in a transaction mode, so that the integrity of the recorded data in the whole process can be ensured; and the cluster nodes are ensured to have uniform node credibility through a cluster consensus algorithm.
Claims (10)
1. A storage method for encrypting user asset limit in a block chain in an adding homomorphic way is applied to a block chain cluster formed by a client, a financial institution end and a plurality of nodes, and is characterized by comprising the following steps:
a client generates a client public key and a client private key by using a homomorphic encryption algorithm, and links the client public key;
the financial institution terminal generates an identity certificate and a financial institution private key by using an asymmetric algorithm, and links the identity certificate;
the client or the financial institution terminal encrypts the client deposit data homomorphically through a homomorphic encryption algorithm and stores the client deposit data after homomorphic encryption in a chain way in an intelligent contract;
the client sends a reading request from any node on the block chain, the reading request carries the client public key, the random number and the client signature, the financial institution receives the reading request, verifies the client public key, the random number and the client signature, and after the verification is passed, calls the client deposit data on the intelligent contract to generate a client asset limit;
the financial institution end encrypts the client asset limit in a homomorphic way to generate a first asset limit and sends the first asset limit to the client end;
after receiving the first asset limit, the client side encrypts the first asset limit in a homomorphic way to generate a second asset limit, and the first asset limit and the second asset limit are linked and stored in an intelligent contract way;
when the client initiates a client deposit storage transaction from any one block chain node in the cluster, wherein the client deposit storage transaction comprises a node transaction signature of the block chain node, the financial institution terminals on the other block chain nodes in the cluster verify the node transaction signature, and whether the client deposit storage transaction is received or not is selected according to a verification result;
if the number of the nodes for receiving the deposit transaction of the client meets the number required by the consensus rule, the deposit transaction is successfully agreed;
and the financial institution end on the chain link points of the rest blocks in the cluster checks the first asset limit and the second asset limit on the chain, and after the first asset limit and the second asset limit pass the checking, the deposit storage transaction of the client is automatically executed through an intelligent contract according to the current account information of the client.
2. The method as claimed in claim 1, wherein the client credit data comprises: the amount of the customer deposit, the customer identity, the random number and the customer signature.
3. The method as claimed in claim 1, wherein the step of generating the first asset limit by the financial institution side comprises:
after the financial institution terminal generates the client asset limit, the client asset limit is encrypted homomorphically by using the client public key;
and the financial institution signs the client asset limit subjected to homomorphic encryption and additional information to obtain the first asset limit, wherein the additional information comprises the identity certificate and a timestamp.
4. The method as claimed in claim 1, wherein the step of the client generating the second asset limit comprises:
after the client receives the first asset limit, the client signs the first asset limit and the client additional information by using the client private key to generate a second asset limit, and the client additional information comprises the client public key and a random number.
5. The method as claimed in claim 1, wherein the step of executing the client deposit storage transaction by the intelligent contract comprises:
calling intelligent contracts by other block chain nodes in the cluster, judging whether the client deposit data exists on the nodes or not in the intelligent contracts, and if so, accumulating deposit limits in the client deposit data by using homomorphic addition and storing related information on the nodes;
and if the records of the customer accounts do not exist on the other blockchain nodes in the cluster, creating a new customer account and storing the deposit data of the customer.
6. The method as claimed in claim 1, wherein the client end can obtain the client asset limit through the blockchain, the step includes:
the client side sends out a client asset limit reading request from any block link node in the cluster, wherein the client asset limit reading request comprises a signature of any block link node in the cluster;
the rest of the block chain nodes in the cluster receive the client asset limit reading request, verify the signature of any block chain node in the cluster, and send the client asset limit to any block chain node in the cluster after the verification is passed;
and the client acquires the client asset limit from any block chain node in the cluster, and uses the client private key to homomorphically decrypt the client asset limit to acquire the client asset limit.
7. The method as claimed in claim 1, wherein the step of homomorphic encryption comprises:
homomorphic encryption: using a public key to perform homomorphic encryption calculation on each original data, performing homomorphic addition after the data are encrypted, and performing homomorphic encryption calculation again on the result after the addition to obtain encrypted data, wherein the calculation operation is as follows:
C1=Encrypt(m1,pk)
C2=Encrypt(m2,pk)
C3=Homf(C1,C2,pk)
where Encrypt is an encryption operation, m1Is the first original data, m2Is the second original data, C1Is the first encrypted data, C2Is the second encrypted data, C3Is the third encrypted data, pk is the public key, Homf() Is a high-order computing function, Homf() The addition operation is satisfied, and the addition homomorphism is realized.
8. The method as claimed in claim 6, wherein the step of homomorphic decryption comprises:
homomorphic decryption: carrying out same-station decryption calculation on the encrypted data by using a private key to obtain the original data before encryption, wherein the calculation operation is as follows:
Decrypt(C3,sk)=f(m1,m2)
where Decrypt is the decryption operation, f () is the computation function, f () satisfies the addition operation, is the addition homomorphism, sk is the private key, C3Is the third encrypted data, m1Is the first original data, m2Is the second original data.
9. The method as claimed in claim 1, wherein the asymmetric algorithm is a cryptographic SM2 algorithm.
10. The method as claimed in claim 1, wherein if the number of the financial institution sides is greater than 1, the asset limit is accumulated and the information of the financial institution sides is stored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210308436.1A CN114417389A (en) | 2022-03-28 | 2022-03-28 | Method for storing user asset limit through addition homomorphic encryption in block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210308436.1A CN114417389A (en) | 2022-03-28 | 2022-03-28 | Method for storing user asset limit through addition homomorphic encryption in block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114417389A true CN114417389A (en) | 2022-04-29 |
Family
ID=81262724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210308436.1A Pending CN114417389A (en) | 2022-03-28 | 2022-03-28 | Method for storing user asset limit through addition homomorphic encryption in block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114417389A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115375464A (en) * | 2022-10-26 | 2022-11-22 | 江西信惠链科技有限公司 | Financing authorization method, system, computer device and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549749A (en) * | 2016-12-06 | 2017-03-29 | 杭州趣链科技有限公司 | A kind of block chain method for secret protection encrypted based on additive homomorphism |
| CN112632594A (en) * | 2021-03-10 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Asset data verification and sending method and device based on privacy protection |
| CN113347008A (en) * | 2021-08-05 | 2021-09-03 | 南京可信区块链与算法经济研究院有限公司 | Loan information storage method adopting addition homomorphic encryption |
| CN113486368A (en) * | 2021-06-15 | 2021-10-08 | 北京市大数据中心 | Input data credibility verification method and device based on block chain technology |
-
2022
- 2022-03-28 CN CN202210308436.1A patent/CN114417389A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549749A (en) * | 2016-12-06 | 2017-03-29 | 杭州趣链科技有限公司 | A kind of block chain method for secret protection encrypted based on additive homomorphism |
| CN112632594A (en) * | 2021-03-10 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Asset data verification and sending method and device based on privacy protection |
| CN113486368A (en) * | 2021-06-15 | 2021-10-08 | 北京市大数据中心 | Input data credibility verification method and device based on block chain technology |
| CN113347008A (en) * | 2021-08-05 | 2021-09-03 | 南京可信区块链与算法经济研究院有限公司 | Loan information storage method adopting addition homomorphic encryption |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115375464A (en) * | 2022-10-26 | 2022-11-22 | 江西信惠链科技有限公司 | Financing authorization method, system, computer device and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109687963B (en) | Anti-quantum computing alliance chain transaction method and system based on public key pool | |
| CN109889504B (en) | Decentralized data access right transaction method and system | |
| CN112950367B (en) | Method and device for generating and executing intelligent contract transaction | |
| CN110086626B (en) | Quantum secret communication alliance chain transaction method and system based on asymmetric key pool pair | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| CN108768652A (en) | It is a kind of can the attack of anti-quantum alliance's block chain bottom encryption method | |
| Li et al. | A decentralized and secure blockchain platform for open fair data trading | |
| CN113347008B (en) | Loan information storage method adopting addition homomorphic encryption | |
| CN115345618B (en) | Block chain transaction verification method and system based on mixed quantum digital signature | |
| CN114580029A (en) | Block chain digital asset privacy protection method, device, equipment and storage medium | |
| CN112801778A (en) | Federated bad asset blockchain | |
| CN115147224A (en) | Transaction data sharing method and device based on alliance chain | |
| CN111932259A (en) | Transaction block system with high security | |
| CN114417389A (en) | Method for storing user asset limit through addition homomorphic encryption in block chain | |
| Huang et al. | zkChain: A privacy‐preserving model based on zk‐SNARKs and hash chain for efficient transfer of assets | |
| Wu et al. | The survey on the development of secure multi-party computing in the blockchain | |
| CN114514550A (en) | Partitioning requests into blockchains | |
| CN116996229A (en) | Digital certificate generation method and related device | |
| CN114866289B (en) | Privacy credit data security protection method based on alliance chain | |
| Liu et al. | A blockchain-based auto insurance data sharing scheme | |
| Park et al. | Blockchain-Based Secure and Fair IoT Data Trading System with Bilateral Authorization. | |
| CN114565382A (en) | Transaction account anonymous payment method and system | |
| CN112837064A (en) | Signature method, signature verification method and device of alliance chain | |
| Hu et al. | Verifying privacy-preserving financing orders on a consortium blockchain based on zk-snarks | |
| CN113706261A (en) | Block chain-based power transaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220429 |