CN114490551A - File security outsourcing and sharing method based on alliance chain - Google Patents

File security outsourcing and sharing method based on alliance chain Download PDF

Info

Publication number
CN114490551A
CN114490551A CN202210100817.0A CN202210100817A CN114490551A CN 114490551 A CN114490551 A CN 114490551A CN 202210100817 A CN202210100817 A CN 202210100817A CN 114490551 A CN114490551 A CN 114490551A
Authority
CN
China
Prior art keywords
file
encryption
address
sharing
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210100817.0A
Other languages
Chinese (zh)
Inventor
孙国梓
尤旋
周长松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN202210100817.0A priority Critical patent/CN114490551A/en
Publication of CN114490551A publication Critical patent/CN114490551A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The file security outsourcing and sharing method based on the alliance chain uses HyperLegend Fabric and an interplanetary file system IPFS as a storage engine at the bottom layer, and solves the security and audit problems of cloud storage while keeping the block chain decentralized; a dynamic mixed encryption scheme based on symmetric and asymmetric encryption algorithms is adopted, and a proper symmetric algorithm is dynamically selected by an AHP (advanced high-performance packet) weight analytic hierarchy process to cope with large files with low security requirements, so that the overall encryption effect is more efficient; meanwhile, the invention integrates the proxy re-encryption PRE based on the intelligent contract, and ensures the security of file sharing.

Description

File security outsourcing and sharing method based on alliance chain
Technical Field
The invention relates to the technical field of block chains and the field of information security, in particular to a file security outsourcing and sharing method based on an alliance chain.
Background
At present, with the rapid development of information technology, most individuals and organizations are constantly reading and writing interacting with various files, the security of the files is more and more important, and particularly for enterprise organizations, various sensitive data or commercial confidential files play a key role in enterprises. However, a part of users are subjected to the principle of efficiency, so that the phenomenon of file leakage often occurs in enterprises, and unnecessary benefit loss is caused. With the increasing development of cloud computing, enterprises and users using cloud storage services are greatly increased. Therefore, there is a large amount of data stored in the cloud platform in the company. However, this way of outsourcing files faces significant security threats and privacy disclosure problems.
For the problems of the cloud platform, the block chain technology is an ideal solution. The block chain has the characteristics of traceability, decentralization, non-tampering and the like, and can effectively solve the problems of insufficient safety and audit of the cloud platform. The block chain of the alliance is controlled by a plurality of organizations, and the block chain managed by the organizations has higher throughput and lower delay, so that the overall performance of the required system can be improved. HyperLegendric fabric (fabric) is an open-source enterprise-level licensing distributed ledger technology platform, which is designed for use in an enterprise environment. Compared with other alliance chains, the Fabric has a highly modular and configurable architecture, and can provide innovation and versatility for various industries.
An effective method for solving the problem of the security of the cloud storage file is to perform encryption processing before the file is subjected to cloud storage, and an effective encryption algorithm is used for ensuring the security of the file. When files are encrypted to share, the files are encrypted and then shared by using a public key of a receiver in the traditional method, but the plaintext of the files is exposed again in the sharing process, so that the risk of file leakage is increased.
Disclosure of Invention
Aiming at the defects of the traditional file outsourcing and sharing method, the invention provides a file security outsourcing and sharing method based on a federation chain, which is a dynamic mixed encryption scheme based on the combination of symmetric and asymmetric encryption algorithms, protects the fine granularity of a single file, and dynamically selects the encryption algorithm through an AHP (analytic hierarchy process), thereby reducing the whole consumption of large file encryption. Meanwhile, a sharing scheme of the agent re-encrypted file based on the intelligent contract is provided, and the safe sharing of the file in the untrusted server by the file in a ciphertext mode among different users is realized. Finally, a prototype system for file security outsourcing and sharing based on Fabric and IPFS is designed and implemented, and the prototype system consists of a DPP and a chain management system.
A file security outsourcing and sharing method based on a alliance chain is characterized in that: the method comprises the following steps:
step 1, system initialization: a sender and a receiver acquire a public and private key pair of a user through a built-in key distribution module of a client, and then convert a public key into a 272-bit address as a unique legal address through an address conversion algorithm;
step 2, uploading the file: a sender initiates a request for uploading and sharing a file, an offline encryption module of a client generates a file block from the file by adopting a dynamic hybrid encryption algorithm, and the file block is stored in a distributed IPFS network and a Fabric Block Link network as a ciphertext;
step 3, file sharing: the intelligent contract in the Fabric network automatically judges whether the file uploading address is the receiver address, if so, the intelligent legal will automatically execute the proxy re-encryption module to share the ciphertext to the corresponding receiver address; if the address of the receiver is not the address of the receiver, the intelligent dating adopts an event callback mode to inform the file sender and automatically cancels the sharing process;
and 4, downloading the file: the receiver calls an intelligent contract to obtain the information of the file, downloads the file stream ciphertext through the Hash of the file and the IPFS network, decrypts the original file through a dynamic mixed decryption algorithm, finally checks the validity period and the correctness of the file, downloads and stores the file in a local disk, and completes outsourcing and sharing of the file.
Further, in step 2, the dynamic hybrid encryption and decryption algorithm includes the following sub-steps:
step 2.1, acquiring file attributes including file size, file type and file authority;
2.2, dividing the weights of different file attributes, wherein 1 represents that the importance is the same, the larger the numerical value is, the higher the importance is, and otherwise, the reciprocal is taken;
step 2.3, generating a judgment matrix by using an AHP (advanced high-performance packet protocol) hierarchical method, obtaining a weight set of different attributes influencing the file security, and selecting an AES (advanced encryption Standard) symmetric encryption algorithm without the key length according to the weight set; the set is divided into three parts with the same length, wherein the smaller part is AES-128, the higher part is AES-256, and the middle part is AES-192;
step 2.4, using a mixed encryption module to encrypt: and encrypting according to the symmetric encryption algorithm selected in the step, and in addition, performing asymmetric encryption by using an elliptic curve encryption algorithm ECC.
Further, in step 2, the file block is divided into a file stream ciphertext and a file digest ciphertext, which are stored in the IPFS network and the block chain address, respectively.
Further, the file sharing and downloading in steps 3 to 4, specifically, the method includes the following specific steps that the user Alice uploads and shares the file to the user Bob through the third-party server:
step 3.1, after Bob requests a required file from Alice, the file uploading sharing process starts, at this time, Alice first encrypts the file f in a dynamic hybrid encryption module DEncrypt and then uploads a file ciphertext Cf to an IPFS server, a file digest ciphertext fd and a file hash are obtained, wherein the fd contains relevant parameters for decrypting the file, and the hash is a string of characters for downloading the Cf generated by the IPFS server;
3.2, both Alice and Bob use the client to generate a private and public key pair (sk, pk) based on a P256 curve, wherein pk is uploaded to a user management module through an intelligent contract;
Alice:skA,pkA
Bob:skB,pkB
step 3.3, when Alice shares the file, the encryption RENCrypt (fd, pk) is firstly executedA) Generating fdencAnd capsule; wherein fdencAES (fd, K), K by pkAObtaining; capsule ═ E, V, s, E, V, s are the parameters generated in-between;
Figure BDA0003492255370000041
E=ge,V=gv
s=v+r·H2(E||V),
Figure BDA0003492255370000042
fdenc=AES(fd,K),capsule=(E,V,s)
step 3.4, the transformation key generation algorithm ReKeyGen (sk) is executedA,pkB) Generating rk, XA(ii) a Then capsule, fdenc、rk、XAUploading the intelligent contract to a chain and binding the intelligent contract with file information;
Figure BDA0003492255370000043
Figure BDA0003492255370000044
rk=pkAd-1
step 3.5, the intelligent contract executes a re-encryption algorithm ReEncryption (rk, capsule) to generate a new newCapsule, and the newCapsule and the X are processedA、fdencSending the address to an address corresponding to Bob;
capsule=(E,V,s)
E′=Erk,V′=Vrk
newCapsule=(E′,V′,s)
step 3.6, after Bob receives the file, it executes the re-key algorithm, RecreateKey (sk)B,capsule,fdenc) Obtaining a parameter K;
Figure BDA0003492255370000051
Figure BDA0003492255370000052
step 3.7, Bob decrypts to obtain file digest RDecrypt (fd)encK), yielding fd:
Figure BDA0003492255370000053
and 3.8, after downloading the specified file stream ciphertext Cf through the hash, Bob decrypts the file f by using fd.
Further, in step 4, the mixed decryption module is used for decryption, the decryption process is the inverse operation of the encryption process, firstly, the symmetric encryption algorithm and the secret key which are adopted are decrypted by using the ECC, and then, the original file is encrypted by using the symmetric encryption.
The invention achieves the following beneficial effects: a file security outsourcing and sharing method based on a union link is designed and realized, Hyperhedge Fabric (Fabric) and an interplanetary file system (IPFS) are used as a storage engine of a bottom layer, and the security and audit problems of cloud storage are solved while the block chain is kept to be decentralized; a dynamic mixed encryption scheme based on symmetric and asymmetric encryption algorithms is adopted, and a proper symmetric algorithm is dynamically selected by an AHP (advanced high-performance packet) weight analytic hierarchy process to cope with large files with low security requirements, so that the overall encryption effect is more efficient; meanwhile, the invention integrates proxy re-encryption (PRE) based on the intelligent contract, and ensures the security of file sharing.
Drawings
Fig. 1 is a diagram of a prototype system architecture for secure outsourcing and sharing of files in an embodiment of the present invention.
Fig. 2 is a general flowchart of a file security outsourcing and sharing method according to an embodiment of the present invention.
Fig. 3 is a flow chart of dynamic hybrid encryption according to an embodiment of the present invention.
Fig. 4 is a flow chart of proxy re-encryption in an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the drawings in the specification.
The prototype system for file security outsourcing and sharing of Fabric and IPFS is composed of a DPP and a link management system, and the architecture is mainly divided into the following three layers as shown in fig. 1:
and (3) a user layer: the user layer is an interface for interaction between a user and the secure file sharing system, and provides a cross-platform client for the user to use, and the user performs specific functions through the client. The dynamic algorithm selection module and the hybrid encryption module execute corresponding operations at the layer, and the Fabric-SDK mainly interacts with a Fabric network in an RPC mode to call an intelligent contract. The file uploading and downloading are realized by calling an IPFS network through the IPFS-SDK. When the client is started for the first time, the corresponding public and private keys and the user address can be automatically generated, the public key and the user address can be uploaded to the Fabric network through the SDK, and the private key can be stored in the designated position of the computer of the user.
Intelligent contract layer: the smart contracts are deployed in the Fabric network, are management centers of the whole system, and have functions of user management, address management and key management. The file management function manages all file information in the system, and the file information corresponds to address information of address management one to one. In addition, the agent re-encryption is also integrated in the intelligent contract, so that the safety of the file sharing and verification process is ensured, and the problem of information leakage caused by human intervention is avoided.
A persistent layer: the system takes a block chain network formed by Fabric as a center and combines a distributed IPFS network to form a persistence function. The Fabric network uses the LevelDB as a storage engine to store user-generated data. The IPFS network realizes the functions of content addressing, tampering resistance and de-duplication of files through Merkle and DAG (directed acyclic graph).
The invention designs a file outsourcing and sharing method based on a alliance chain, which allows a data owner to upload or share a file to an address existing on any block chain, and a file receiver can safely download the file in the address of the file receiver. The overall flow is shown in fig. 2:
step 1.1 system initialization: the sender and the receiver obtain the public and private key pair of the user through a built-in key distribution module of the client software, and then convert the public key into a 272-bit address as a unique legal address of the user through an address conversion algorithm. The address generation mode of the bitcoin used by the address conversion algorithm calculates SHA-256 and RIPEMD-160 hash values of the public key in sequence, then takes the first four bytes of the SHA-256 and the RIPEMD-160 hash values to carry out character string splicing, and then adopts the Base58 algorithm to convert the address character string into an address character string;
step 1.2, uploading a file: in the file sharing process, a sender initiates a file uploading and sharing request, an offline encryption module of a client generates a file block (namely, the following steps 2.1-2.4) by using a dynamic hybrid encryption algorithm for a file, and the file block exists in the whole network as a ciphertext. The file block is divided into a file stream ciphertext and a file summary ciphertext, and the file stream ciphertext and the file summary ciphertext are respectively stored in the IPFS network and the block chain address.
Step 1.3, file sharing: the intelligent contract automatically judges whether the file uploading address is the address of the receiver, and if the file uploading address is the address of the receiver, the intelligent legal system automatically executes the proxy re-encryption module to share the ciphertext to the corresponding address of the receiver. If the address of the receiver is not the address of the receiver, the intelligent dating adopts an event callback mode to inform the file sender and automatically cancels the sharing process.
Step 1.4 downloading the file: the receiver calls an intelligent contract to obtain the information of the file, downloads the file stream ciphertext through the Hash of the file and the IPFS network, decrypts the original file through a dynamic mixed decryption algorithm (namely, the step 2.5 part in the following description), finally checks the validity period and the correctness of the file, downloads and stores the file in a local disk, and therefore the whole process of outsourcing the file and sharing the model is completed.
The dynamic hybrid encryption part is shown in fig. 3:
step 2.1, file attributes are obtained: the file attributes used include file size, file type, and file permissions.
Step 2.2 dividing the weights of different file attributes: 1 indicates the same importance, the larger the value is, the greater the importance is, otherwise, the reciprocal is taken.
And 2.3, generating a judgment matrix by using an AHP (advanced high-performance packet protocol) hierarchical method, obtaining a weight set of different attributes influencing the file security, and selecting an AES (advanced encryption Standard) symmetric encryption algorithm without the key length according to the weight set. The set is divided into three parts of the same length, the smaller part being AES-128, the higher part being AES-256 and the middle part being AES-192.
Step 2.4 uses the hybrid encryption module to encrypt: and carrying out a symmetric encryption algorithm according to the symmetric encryption algorithm dynamically selected according to the file attribute in the previous step, and simultaneously carrying out asymmetric encryption by using an elliptic curve encryption algorithm (ECC). Generally, symmetric encryption is faster than asymmetric encryption algorithm, but the security is low, so they are often used in combination, the symmetric encryption algorithm is used to encrypt real data, and the asymmetric encryption algorithm encrypts parameters such as a key of the symmetric encryption algorithm, so that the encryption efficiency is higher and the key is easier to manage.
And 2.5, decrypting by using a mixed decryption module: the decryption process is the inverse operation of the encryption process, firstly, the adopted symmetric encryption algorithm and the key are decrypted by using the ECC, and then, the original file is encrypted by using the symmetric encryption.
The file sharing section is shown in fig. 4, assuming that there are two users: alice and Bob, Alice wants to upload and share files to Bob through a third party server. However, Alice does not want a third party server to obtain the plaintext file, and the specific steps will be described in detail below.
Step 3.1, after the Bob requests the required file from Alice, the file uploading sharing process starts, at this time, Alice uploads the file ciphertext Cf to the IPFS server after encrypting the file f in the dynamic hybrid encryption module DEncrypt first, and obtains a file digest ciphertext fd and a file hash, where fd contains relevant parameters for decrypting the file, and the hash is a string of characters generated by the IPFS server for downloading Cf.
Step 3.2 assumes that both Alice and Bob have generated their own public-private key pair (sk, pk) based on the P256 curve using the client, where pk is uploaded into the user management module via the smart contract.
Alice:skA,pkA
Bob:skB,pkB
Step 3.3 Alice executes first when sharing filesLine encryption RENCrypt (fd, pk)A) Generating fdencAnd capsules. Wherein fdencAES (fd, K), K is by pkAAnd (4) obtaining the product. capsule ═ E, V, S, E, V, S are parameters generated in-between.
Figure BDA0003492255370000091
E=ge,V=gv
s=v+r·H2(E||V),
Figure BDA0003492255370000101
fdenc=AES(fd,K),capsule=(E,V,s)
Step 3.4 the conversion key generation algorithm ReKeyGen (sk) is performed belowA,pkB) Generation of rk, XA. Then capsule, fdenc、rk、XAAnd the hash is uploaded to the chain through the intelligent contract and is bound with the file information.
Figure BDA0003492255370000102
Figure BDA0003492255370000103
rk=pkAd-1
Step 3.5, executing a re-encryption algorithm ReEncryption (rk, capsule) to generate a new newCapsule, and adding the newCapsule and X to the new CapsuleA、fdencAnd sending the address to the address corresponding to Bob.
capsule=(E,X,s)
E′=Erk,X′=Vrk
newCapsule=(E′,V′,s)
Step 3.6 after Bob receives the file, execute the ReCreateKey (sk) Re-Key AlgorithmB,capsule,fdenc) And obtaining the parameter K.
Figure BDA0003492255370000104
Figure BDA0003492255370000105
Step 3.7 Bob decrypts to obtain file digest RDecrypt (m)encK), yielding fd:
Figure BDA0003492255370000106
and 3.8, after downloading the specified file stream ciphertext Cf by the Bob through the hash, decrypting by using fd to obtain the file f.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.

Claims (5)

1. A file security outsourcing and sharing method based on a alliance chain is characterized in that: the method comprises the following steps:
step 1, system initialization: a sender and a receiver acquire a public and private key pair of a user through a built-in key distribution module of a client, and then convert a public key into a 272-bit address as a unique legal address through an address conversion algorithm;
step 2, uploading the file: a sender initiates a request for uploading and sharing a file, an offline encryption module of a client generates a file block from the file by adopting a dynamic hybrid encryption algorithm, and the file block is stored in a distributed IPFS network and a Fabric Block Link network as a ciphertext;
step 3, file sharing: the intelligent contract in the Fabric network automatically judges whether the file uploading address is the receiver address, if so, the intelligent legal will automatically execute the proxy re-encryption module to share the ciphertext to the corresponding receiver address; if the address of the receiver is not the address of the receiver, the intelligent dating adopts an event callback mode to inform the file sender and automatically cancels the sharing process;
and 4, downloading the file: the receiver calls an intelligent contract to obtain the information of the file, downloads the file stream ciphertext through the Hash of the file and the IPFS network, decrypts the original file through a dynamic mixed decryption algorithm, finally checks the validity period and the correctness of the file, downloads and stores the file in a local disk, and completes the outsourcing and sharing of the file.
2. A federation chain-based file security outsourcing and sharing method as claimed in claim 1, wherein: in step 2, the dynamic hybrid encryption and decryption algorithm comprises the following sub-steps:
step 2.1, acquiring file attributes including file size, file type and file authority;
2.2, dividing the weights of different file attributes, wherein 1 represents that the importance is the same, the larger the numerical value is, the higher the importance is, and otherwise, the reciprocal is taken;
step 2.3, generating a judgment matrix by using an AHP (advanced high-performance packet protocol) hierarchical method, obtaining a weight set of different attributes influencing the file security, and selecting an AES (advanced encryption Standard) symmetric encryption algorithm without the key length according to the weight set; the set is divided into three parts with the same length, wherein the smaller part is AES-128, the higher part is AES-256, and the middle part is AES-192;
and 2.4, encrypting by using a mixed encryption module: and encrypting according to the symmetrical encryption algorithm selected in the previous step, and in addition, performing asymmetric encryption by using an elliptic curve encryption algorithm ECC.
3. A federation chain-based file security outsourcing and sharing method as claimed in claim 1, wherein: in step 2, the file block is divided into a file stream ciphertext and a file summary ciphertext, which are respectively stored in the IPFS network and the block chain address.
4. A federation chain-based file security outsourcing and sharing method as claimed in claim 1, wherein: the file sharing and downloading of the steps 3 to 4, specifically, the method includes that a user Alice uploads and shares files to a user Bob through a third-party server, and the method includes the following specific steps:
step 3.1, after Bob requests a required file from Alice, the file uploading sharing process starts, at this time, Alice first encrypts the file f in a dynamic hybrid encryption module DEncrypt and then uploads a file ciphertext Cf to an IPFS server, a file digest ciphertext fd and a file hash are obtained, wherein the fd contains relevant parameters for decrypting the file, and the hash is a string of characters for downloading the Cf generated by the IPFS server;
3.2, both Alice and Bob use the client to generate a private and public key pair (sk, pk) based on a P256 curve, wherein pk is uploaded to a user management module through an intelligent contract;
Alice:skA,pkA
Bob:skB,pkB
step 3.3, when Alice shares the file, firstly, the encryption RENCrypt (fd, pk) is executedA) Generating fdencAnd capsule; wherein fdencAES (fd, K), K by pkAObtaining; capsule ═ E, V, s, E, V, s are the parameters generated in-between;
Figure FDA0003492255360000031
E=ge,V=gv
s=v+r·H2(E||V),
Figure FDA0003492255360000036
fdenc=AES(fd,K),capsule=(E,V,s)
step 3.4, the transformation Key Generation Algorithm, ReKeyGen (Sk), is executedA,pkB) Generation of rk, XA(ii) a Then capsule, fdenc、rk、XAUpload through intelligent contractsBinding the link with file information;
Figure FDA0003492255360000032
Figure FDA0003492255360000033
rk=pkAd-1
step 3.5, the intelligent contract executes a re-encryption algorithm ReEncryption (rk, capsule) to generate a new newCapsule, and the newCapsule and the X are processedA、fdencSending the address to an address corresponding to Bob;
capsule=(E,V,s)
E′=Erk,V′=Vrk
newCapsule=(E′,V′,s)
step 3.6, after Bob receives the file, it executes the re-key algorithm, RecreateKey (sk)B,capsule,fdenc) Obtaining a parameter K;
Figure FDA0003492255360000034
Figure FDA0003492255360000035
step 3.7, Bob decrypts to obtain file digest RDecrypt (fd)encK), yielding fd:
Figure FDA0003492255360000041
and 3.8, after downloading the specified file stream ciphertext Cf through the hash, Bob decrypts the file f by using fd.
5. A federation chain-based file security outsourcing and sharing method as claimed in claim 1, wherein: and 4, decrypting by using the mixed decryption module, wherein the decryption process is the inverse operation of the encryption process, firstly decrypting by using the ECC to obtain the adopted symmetric encryption algorithm and the key, and then obtaining the encrypted original file by using symmetric encryption.
CN202210100817.0A 2022-01-27 2022-01-27 File security outsourcing and sharing method based on alliance chain Pending CN114490551A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210100817.0A CN114490551A (en) 2022-01-27 2022-01-27 File security outsourcing and sharing method based on alliance chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210100817.0A CN114490551A (en) 2022-01-27 2022-01-27 File security outsourcing and sharing method based on alliance chain

Publications (1)

Publication Number Publication Date
CN114490551A true CN114490551A (en) 2022-05-13

Family

ID=81477006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210100817.0A Pending CN114490551A (en) 2022-01-27 2022-01-27 File security outsourcing and sharing method based on alliance chain

Country Status (1)

Country Link
CN (1) CN114490551A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366283A (en) * 2023-02-07 2023-06-30 南京模砾半导体有限责任公司 File secure transmission method based on symmetric encryption

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366283A (en) * 2023-02-07 2023-06-30 南京模砾半导体有限责任公司 File secure transmission method based on symmetric encryption
CN116366283B (en) * 2023-02-07 2023-08-18 南京模砾半导体有限责任公司 File secure transmission method based on symmetric encryption

Similar Documents

Publication Publication Date Title
CN109144961B (en) Authorization file sharing method and device
CN108259169B (en) File secure sharing method and system based on block chain cloud storage
Zhao et al. Trusted data sharing over untrusted cloud storage providers
Wang et al. Sieve: Cryptographically enforced access control for user data in untrusted clouds
Yan et al. Heterogeneous data storage management with deduplication in cloud computing
CN104901942B (en) A kind of distributed access control method based on encryption attribute
Kumar et al. Secure storage and access of data in cloud computing
US9626527B2 (en) Server and method for secure and economical sharing of data
CN102655508A (en) Method for protecting privacy data of users in cloud environment
CN104158880B (en) User-end cloud data sharing solution
CN104735070B (en) A kind of data sharing method between general isomery encryption cloud
CN105933345B (en) It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing
CN107113314B (en) Method and device for heterogeneous data storage management in cloud computing
CN106254342A (en) The secure cloud storage method of file encryption is supported under Android platform
Kaaniche et al. Cloudasec: A novel public-key based framework to handle data sharing security in clouds
Zhang et al. A dynamic cryptographic access control scheme in cloud storage services
Wise et al. Cloud docs: secure scalable document sharing on public clouds
Nabeel et al. Privacy-Preserving Fine-Grained Access Control in Public Clouds.
CN114490551A (en) File security outsourcing and sharing method based on alliance chain
Zaman et al. Distributed multi cloud storage system to improve data security with hybrid encryption
Wu et al. A trusted and efficient cloud computing service with personal health record
CN110391901B (en) Proxy re-encryption method supporting complex access control element description
Bacis et al. Mix&slice for Efficient Access Revocation on Outsourced Data
Thushara et al. A Flexible and Adaptive Hybrid Algorithm for Secure Data Sharing in Cloud Computing
Contiu Applied Cryptographic Access Control for Untrusted Cloud Storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination