CN115174184A - Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device - Google Patents
Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device Download PDFInfo
- Publication number
- CN115174184A CN115174184A CN202210756819.5A CN202210756819A CN115174184A CN 115174184 A CN115174184 A CN 115174184A CN 202210756819 A CN202210756819 A CN 202210756819A CN 115174184 A CN115174184 A CN 115174184A
- Authority
- CN
- China
- Prior art keywords
- transaction
- user
- attribute
- port
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Abstract
The invention discloses an attribute-based encrypted transaction object identity anonymous traceable method, network equipment and storage equipment. Private keys of the audit port and the supervision port are generated in the registry. The user side sends a registration application to the registry, and the registry verifies and broadcasts the application of the user side to the block chain to complete user identity registration and upload encrypted user data to the block chain network. The method comprises the steps that a user A sends a transaction request to a user B, the user B receives the request, broadcasts the transaction on a block chain, audits the transaction through an audit port, tracks the transaction if illegal or illegal, and uploads the transaction to a block chain network if legal. The invention combines attribute-based encryption and block chain storage, and ensures that the user privacy, the communication safety, the data tamper resistance and the transaction traceability are included in the remote transaction process.
Description
Technical Field
The invention belongs to the technical field of anonymous tracking security of block chain transaction, and relates to a transaction object tracking method based on attribute-based encryption, network equipment and storage equipment. The method is suitable for remote trusted communication, and anonymous protection of user identity and remote traceability of transaction information and user information are required.
Background
The blockchain can record transaction behaviors, store data and exchange values in a distributed ledger, and the whole process is not controlled by any centralized organization but maintained by computers distributed all over the world. With the development of blockchain applications, the problem of blockchain exposure is also reflected, and the supervision of blockchain transactions is also increasingly important, and the advantages of blockchain are decentralized, anonymous and trusted mechanisms. The blockchain anonymous transaction is an important component of blockchain transaction supervision, and transaction contents on the blockchain, including user addresses, user identity information and the like, are public and transparent, so that all participating nodes can verify and record the transaction. The transparent public characteristic of the block chain facilitates the verification of the node on the transaction, but brings the privacy protection problem of the user. For many de-anonymization schemes in recent years, the privacy of the user is protected, and meanwhile, the user tracking is troubled. On this basis, supervisory systems also face significant challenges.
The current block chain user privacy protection mainly comprises the following three schemes: (1) based on hybrid technology; (2) based on signature technique; (3) proof based on zero knowledge; the three schemes take privacy protection of user information into consideration, and can not take user identity supervision and other aspects into consideration. For the aspect of transaction tracking, although an auditable and traceable transaction scheme is proposed, the privacy protection of the user is not considered.
Disclosure of Invention
Aiming at the problems, the invention provides an attribute-based encrypted transaction object identity anonymity traceable method, network equipment and storage equipment, which not only protects the transaction between users prevented from being interfered by a third party, but also can trace illegal transactions, and protects the privacy of the users and the legality of the transaction, and the method comprises the following steps:
(1) The user side uploads self information to a registration center RC for registration;
(2) The registration center registers the user and uploads the user to the block chain network;
(3) When the transaction occurs between the users, the audit port checks the transaction between the users;
(4) Uploading to a block chain network and broadcasting for legal transactions;
(5) For illegal transactions, reporting to a supervision port and requesting tracking;
(6) The supervision port tracks the illegal transaction and finds out the anonymous user of the illegal transaction from the block chain network;
further, the implementation of step 1 above includes:
step 1.1, the block chain server calls a Setup () function by calling an intelligent contract to generate a public parameter PK and a master key MK, and sends the PK and the MK to a registration center RC.
The Setup algorithm inputs the secret security parameters and outputs the public parameter PK and the master key MK, which are expressed as formula (1):
PK=(g,e(g,g) α ,g a )MK=g a (1)
wherein G is G 1 Generator of (1), G 1 Is a p-order bilinear group with prime number in order, and randomly selects alpha and a to make alpha and a belong to p-order integer, namely alpha, a belongs to Z p ,Z p Is an integer part of a bilinear group of order p. e (g, g) is bilinear mapping between g and g.
Step 1.2 Audit port and supervision port respectively set their own attribute groups S 1 And S 2 Sent to the registration center RC.
Step 1.3 generating audit port private key SK 1 Generating a secret key SK by an algorithm KenGen () algorithm 1 I.e. SK 1 =KenGen(PK,SK,S 1 ) The algorithm collects S with the attributes of the audit port 1 The main key MK and the public parameter PK are used as input, and the private key SK of the audit port is output 1 . The expression is shown in formula (2):
selecting random number beta belongs to Z p ,r∈Z p ,r j ∈Z p J is subscriber S 1 I.e., j ∈ S 1 . H (j) hashing attribute string j into G 1 Element (2), D j 、D' i Is an intermediate variable.
Step 1.4 generating supervision port private key SK 2 By algorithm KenGen (PK, MK, S) 2 ) Generating a secret key SK 2 I.e. SK 2 =KenGen(PK,SK,S 2 ) The algorithm collects S with the attributes of the supervision ports 2 The master key MK and the public parameter PK are used as input, and the private key SK of the supervision port is output 2 . The expression is shown as formula (3):
selecting a random number gamma ∈ Z p ,γ j ∈Z p J is S 2 I.e., j ∈ S 2 。
Step 1.5 registration center RC assigns private key SK 1 And SK 2 Respectively sent to an audit port and a supervision port.
Step 1.6 Audit port and supervision port obtain private key SK from registration center 1 And SK 2 。
Further, the implementation of step 2 above includes:
step 2.1 the user requests to register the application to the registration center RC.
Step 2.2 user A sends its own attribute group S to registration center RC 3 And registration information M 1 。
Step 2.3 registration center RC obtains attribute group S of user A 3 The registration center RC generates the public key PK of the user 3 And a private key SK 3 Calling KenGen () function to generate user's private key SK 3 。
Step 2.4 the registration center RC sends the public key PK to the user a by registering the transaction address x 3 And a private key SK 3 。
Step 2.5, the registration center RC calls the Encrypt (PK, M, Γ) algorithm, i.e. inputs the public parameter PK, the plaintext message M (referring to the registration information M) 1 ) Structure a (a = Γ) is accessed, and ciphertext C is output T I.e. C T = Encrypt (PK, M, Γ), ciphertext C T Is represented by the formula (4):
wherein random numbers are selected
Y is a set of leaf nodes of the access control tree T, any Y is epsilon Y, att (Y) represents an attribute character string corresponding to the leaf node Y, H (att (Y)) hashes att (Y) to G 0 Γ is the access control structure of the access control tree T. q. q of y (0) In the form of a constant term for a child node,
C、C y 、C' y for intermediate variables, var h = g β 。
I.e. registration information M of user a 1 Performing encryption operation to generate ciphertext message M 1 '. Namely M 1 ’=Encrypt(PK,SK 3 Γ), Γ is the access control structure of the access control tree T. Attribute group S containing user A 3 And supervision port attribute group S 2 。
Step 2.6 registration center RC encrypted ciphertext message M 1 ' upload to blockchain port in transaction broadcast.
Further, in step 2.1, the specific operations are as follows:
step 2.1.1 the user requests to submit a registration request to the registration center RC.
Step 2.1.2 the registry RC passes the audit of the registry and sends a register transaction request to the blockchain network.
And 2.1.3, receiving the transaction request by the blockchain network, broadcasting the registration transaction, and sending the registration transaction to the address x of the user to finish registration.
In step 2.6, further description is made:
namely, the data of the user A encrypted by the attribute base is anonymous on the chain, and if only the supervision port and the user know the information of the user A, the supervision port is convenient to track. Further anonymity is explained for this: the user registers in transaction mode, and the user registration center RC registers the user information M 1 And (4) carrying out attribute-based encryption, wherein the constructed access control tree can be decrypted if and only if the user per se and a supervisor can decrypt the access control tree. The user registration center RC encrypts the user information through the attribute base to obtain the information M 1 ' information is uploaded to the block chain network, so that the privacy of the user is protected.
Further, the implementation of step 3 above includes:
step 3.1 user a sends a transaction request to user B.
Step 3.2 if user B accepts user A' S transaction request, user B sets its own attribute set S 4 Carrying out encryption operation to obtain an encryption attribute group S 4 ' and performs a signing operation on it to obtain a digital signature delta 1 。
Step 3.3 user B will { δ 1 、S 4 ' } to user A.
Step 3.4 user A vs. delta 1 Signature verification is performed and verification does not pass through a jump to step 3.3. The verification passes to step 3.5.
Step 3.5 user A pairs encryption Attribute group S 4 ' decrypt to get the Attribute groupS 4 。
And 3.6, constructing a transaction scheme m by the user A, signing the transaction scheme m to obtain a signature sigma and an attribute base encryption, and sending the signature sigma and the attribute base encryption to the user B.
Step 3.7 user B accepts message PK from user A 3 M', σ }. And then carrying out decryption operation on the ciphertext transaction m' and carrying out signature verification.
And 3.8, receiving the transaction scheme m by the user B, and signing the transaction scheme if the user B agrees to the transaction scheme to obtain a signature sigma'. The transaction is sent out in the form of a broadcast, denoted as (PK) 3 ,PK 4 M ', σ, σ'). Including public keys PK for user a and user B 3 And PK 4 Ciphertext transaction m ', and the signatures σ and σ' of user a and user B.
Further, in step 3.2, the specific operations are as follows:
step 3.2.1 the user port obtains the attribute set S of user B 4 And encrypts it.
Step 3.2.2 user B pairs the encryption Attribute set S 4 ' signing to obtain a digital signature delta 1 . And (3) signature processing: inputting a file and a private key, and outputting a character string. I.e. entering the property group S of the user B 4 And private key SK of user B 4 Outputting a digital signature delta 1 。
Further, in step 3.4, the specific operations are as follows:
step 3.4.1 user A receives { delta } from user B 1 、S 4 ’}。
And 3.4.2, inputting the file, the digital signature and the public key through a verification algorithm, outputting verification success or verification failure, and jumping to the step 3.3 if the verification fails. The verification passes to step 3.5.
Further, in step 3.6, the specific operations are as follows:
step 3.6.1 user a constructs a transaction scheme m, and digitally signs it to obtain signature σ.
And 3.6.2, the user A carries out attribute-based encryption operation on the transaction scheme m, and calls an Encrypt () function to Encrypt the transaction scheme m to generate a ciphertext transaction m'. Namely m'=Encrypt(PK,SK 3 Γ), Γ is the access control structure of the access control tree T, containing the attribute set S of the user A 3 Attribute group S of user B 4 Audit Port Attribute group S 1 And supervision Port Attribute group S 2 。
Step 3.6.3 UserA will { PK 3 M', σ is sent to user B.
Further, in step 3.7, the specific operations are as follows:
step 3.7.1 user B accepts message PK from user A 3 、m’、σ}。
Step 3.7.2, the ciphertext transaction m 'is decrypted, the Decryption () algorithm is called to decrypt the ciphertext transaction m', the Decryption algorithm is used, and the expression of the message m obtained by Decryption is shown in the formula (5):
inputting public parameters PK, ciphertext C containing access structure A T And a private key SK, namely inputting a public parameter PK, a ciphertext m' and a private key SK of a user B 4 And decrypting to obtain the transaction scheme m.
And 3.7.2, signature verification is carried out on the message m, the output verification is successful or fails, and the step 3.6 is carried out if the verification fails. The verification passes to step 3.8.
In step 3.8, further description is made:
the anonymity of the transaction is embodied by constructing a transaction scheme m for encryption, and a generated ciphertext transaction m' is only visible after decryption by both transaction parties and a supervisor, but not visible by a third party, so that the anonymity of the transaction is protected.
Further, the implementation of step 4 above includes:
step 4.1 Audit Port receives transaction information (PK) 3 ,PK 4 M ', σ, σ'), and audits it. And if the audit is passed and the transaction belongs to a legal transaction, uploading the transaction to the blockchain server.
And 4.2, if the transaction has illegal behaviors or the signature verification fails, the audit is not passed, and the transaction is reported to a supervision port to track the transaction.
Further, in step 4.1, the specific operations are as follows:
and 4.1.1, signature auditing is carried out on the transaction, the ciphertext transaction m 'is decrypted, and a Decryption () algorithm is called to decrypt the ciphertext transaction m' to obtain a transaction scheme m. And (5) performing signature verification on the signature, wherein the verification does not pass and jumps to the step 4.2.
Step 4.1.2, auditing the transaction scheme, wherein the method can be implemented by manual auditing or block chain intelligent contract auditing or the two methods, the information legality is screened by overflowing transaction amount, and if the transaction information (PK) passes through the information legality screening, the transaction information (PK) is checked 3 ,PK 4 M ', σ, σ') are broadcast on the blockchain server and uploaded to the blockchain network. If not by jumping to step 4.2.
Further, the implementation of step 5 above includes:
step 5.1 supervision Port receives illegal anonymous transaction (PK) 3 ,PK 4 M ', σ, σ'), obtaining the public key PK of the transaction sender user a 3 And the public key PK of the transaction receiver user B 4 。
Step 5.2 calling Decryption () algorithm to encrypt information { M } of user 1 ’、M 2 ’……M n ' } carrying out decryption operation to obtain the registration information (M) of the user 1 、M 2 ……M n Find the matched public key PK 3 And PK 4 。
Is recorded as a message M 1 、M 2 。
Step 5.3 by message M 1 、M 2 And acquiring a registered transaction address x of the user A and a registered transaction address y of the user B, and acquiring all information of the user A and the user B by accessing the addresses.
In step 5, further explanation is made:
the supervisor can obtain the public key of the user by decrypting the ciphertext transaction M' and obtain the public key of the user from the user information M x Extracting the users meeting the conditions, then obtaining the addresses of the users and accessing the addressesThereby acquiring information of the user.
The invention also provides a network device or a storage device, wherein the network device operates according to the designed method, and the storage device stores the program code of the method.
The invention has the beneficial effects that:
1. for anonymization of the blockchain transaction, supervision on the transaction is realized.
2. Aiming at the transaction between users, the identity information of the users is protected from the interference of a third party, and the transaction can be tracked.
3. An audit port is added to judge the validity of the transaction.
4. An attribute-based encryption-based anonymous traceable transaction object identity method is provided, which can protect the identity of a transaction object and realize supervision of transaction
Drawings
FIG. 1 is a diagram of an access control tree structure;
FIG. 2 is a diagram of an example access control tree;
FIG. 3 is a system framework diagram;
FIG. 4 is a flow chart of user transaction tracking.
Detailed Description
The invention relates to the technical field of anonymity of transaction object identities and supervisor tracking by using mechanisms such as encryption and decryption of block chains, intelligent contracts and the like, and discloses a scheme for anonymously tracking a feasible transaction object. The method comprises the following steps: the public parameter PK and the master key MK are first generated by the blockchain server and dispatched to the registry RC. Private keys for audit and supervisory ports are generated at the registry RC. And secondly, sending a registration application to the registration center RC by the user terminal. And then the registration center RC verifies and broadcasts the received application from the user terminal to the block chain, then completes the user identity registration and uploads the encrypted user data to the block chain network. When a transaction m is carried out between users, one user sends a transaction request to the other user, the other user broadcasts the transaction on the block chain after receiving the transaction request, the transaction is audited through an audit port, if illegal or illegal operation occurs, the transaction is tracked, and if the transaction is legal, the transaction is uploaded to the block chain network. The invention adopts a method of combining attribute-based encryption and block chain storage, and ensures the protection and anonymity of user privacy, the safety of communication and the safety of data, the non-falsification and the traceability of transaction in the remote transaction process.
The invention will be further explained with reference to the drawings.
Description figure 1 is a structure of an access control tree of the present invention, including leaf nodes and non-leaf nodes. The leaf node is used as an attribute value and a secret value transmitted to the node by a father node, and the secret value of the node can be decrypted only when a data visitor owns the attribute; the non-leaf node is a threshold node, and the data visitor needs to satisfy the minimum value of the threshold to decrypt the secret value of the node. For node "x/n", when at least x leaf nodes in n leaf nodes satisfy the condition, decryption can be performed. Similarly, for node "y 1 /m 1 When it is m 1 In a leaf node, at least y 1 Each leaf node satisfies the condition to be decipherable. When some attributes of the visitor are satisfied, the secret value of the leaf node of the visitor can be decrypted, as shown in equation (6):
when the attribute is not satisfied, it is recorded as
For the supervision port, to enable the supervision port to decrypt any message, an or gate is added to the access structure number, so that the access control tree can decrypt the message when the access structure of the user is met or the supervision party can decrypt the message, and the supervision port can track the user. The improved access control tree is shown in the attached figure 2 of the specification, wherein when the leaf node is a supervisor, the node x/n is not considered, and as the head node is 1/2, the leaf node can meet one of the conditions, and the leaf node can be used as a supervision port to directly carry out message processingDecryption is performed.
When the ciphertext transaction m' is decrypted in the step 3.7.2, the specific operation is to call the Decryption () algorithm to decrypt, input the public parameter PK and the ciphertext C containing the access structure T And private key SK, call Decryption (PK, C) T ,SK 4 ) Inputting public parameters PK, ciphertext m' and private key SK of user B of doctor 4 . If and only if user B, user a or the supervisor party can decrypt the ciphertext transaction m'.
Description of the drawings fig. 3 is a system framework diagram of the present invention, and the transaction object identity anonymity traceable protocol based on attribute-based encryption has three ports: a user side, an audit side and a supervision side; a blockchain server; a registration center RC.
A user side: the originator or recipient of the blockchain transaction.
And (4) an audit end: and auditing the transaction on the chain to judge whether an illegal transaction exists.
Monitoring: and tracking the existence of illegal transactions and finding out the information of the transaction initiator.
A block chain server: and storing the user information anonymously and storing the transaction.
The registration center RC: user information is registered and encrypted to be uploaded to the block chain in a transaction initiating mode.
The system framework is mainly divided into 5 stages
(1) An initial stage: initializing a block chain server, a user port, an audit port and a supervision port.
(2) A user registration stage: the user registers through the registration center RC, and the registration information is encrypted. In block chains
(3) A message sending stage: anonymous user a sends a transaction to anonymous user B.
(4) And a message verification stage: the audit port verifies the validity of the transaction.
(5) A user tracking stage: if the transaction is illegal, the monitoring party tracks the transaction.
With reference to the attached figure 3 of the specification, firstly, a user side uploads self information to a registration center RC for registration, secondly, the registration center uploads the information to a block chain network after registering a user, when a transaction occurs between users, an audit port checks the transaction between the two parties of the user, and uploads the information to the block chain network for broadcasting for a legal transaction; for illegal transactions, reporting to a supervision port, requesting to track the illegal transactions, tracking the illegal transactions by the supervision port, and finding anonymous users of the illegal transactions from the block chain network.
Early preparation work: the block chain server calls a Setup () function by calling an intelligent contract to generate a public parameter PK and a master key MK, and sends the PK and the MK to the registration center RC. Audit port and supervision port group own attribute S 1 And S 2 Sending the data to a registration center RC, and generating an audit port private key SK through an algorithm KenGen () algorithm 1 And supervision port private key SK 2 . And sends it to the audit port and the administration port.
(1) User registration phase
(1-1) the user requests to register and apply to the registration center RC.
(1-2) user A sends its own attribute group S to the registration center RC 3 And registration information M 1 。
(1-3) the registration center RC obtains the attribute group S of the user A 3 The registration center RC generates the public key PK of the user 3 And a private key SK 3 In which a KenGen () function is called to generate the user's private key SK 3 。
(1-4) the registration center RC sends the public key PK to the user A through the registration transaction address x 3 And a private key SK 3 。
(1-5) registration center RC calls Encrypt (PK, M, gamma) algorithm to register information M of user A 1 Carrying out encryption operation to generate a ciphertext message M 1 '. Namely M 1 ’=Encrypt(PK,SK 3 Γ), which is the access control structure of the access control tree T. Attribute group S containing user A 3 And supervision Port Attribute group S 2 。
(1-6) the registration center RC encrypts the ciphertext message M 1 ' upload to blockchain port in the form of transaction broadcast.
(2) Sending message phase
(2-1) user A sends a transaction request to user B.
(2-2) if the user B accepts the transaction request of the user A, the user B sets the attribute group S for the user B 4 Performing encryption operation to obtain an encryption attribute group S 4 ' and performs signature manipulation to obtain a digital signature delta 1 。
(2-3) user B will { δ 1 、S 4 ' } to user a.
And (2-4) the user A performs signature verification on the user A, and the verification does not pass the jump to (2-3). The verification passes to (2-5).
(2-5) user A pairs the encryption attribute group S 4 ' decryption is performed to obtain the attribute set S 4 。
And (2-6) constructing a transaction scheme m by the user A, signing the transaction scheme m, obtaining a signature sigma and an attribute base encryption, and sending the signature sigma and the attribute base encryption to the user B.
(2-7) user B accepts message { PK from user A 3 、m’、σ}。
(2-8) decrypting the ciphertext transaction m ', calling a Decryption () algorithm to decrypt the ciphertext transaction m' and inputting a public parameter PK, wherein the ciphertext C comprises an access structure A T And a private key SK, namely, the input public parameter PK, the ciphertext m' and the private key SK of the user B 4 And decrypting to obtain the transaction scheme m.
(2-9) signature verification is carried out on the message m, verification success or verification failure is output, and verification does not pass to the step (2-6). The verification pass goes to (2-10).
(2-10) the user B receives the transaction scheme m, and if the transaction scheme m is agreed, the user B signs the transaction scheme to obtain a signature sigma'. The transaction is sent out in the form of a broadcast, denoted as (PK) 3 ,PK 4 M ', σ, σ'). Including public keys PK for user a and user B 3 And PK 4 Ciphertext transaction m ', and the signatures σ and σ' of user a and user B.
(3) Message authentication phase
(3-1) transaction information (PK) received by audit port 3 ,PK 4 M ', σ, σ'), and audits it. If the audit is passed, the method belongs to legal deliveryAnd if so, uploading the transaction to the blockchain server.
And (3-2) signature auditing is carried out, the ciphertext transaction m 'is decrypted, and a Decryption () algorithm is called to decrypt the ciphertext transaction m' to obtain a transaction scheme m. And performing signature verification on the signature, wherein the verification does not pass the jump to (3-4).
(3-3) auditing the transaction scheme, wherein the method can be realized by manual auditing or by auditing a block chain intelligent contract, or by combining the two, the legality of the information is discriminated by overflowing the transaction amount, and if the transaction information (PK) passes the information, the transaction information (PK) is checked 3 ,PK 4 M ', σ, σ') are broadcast on the blockchain server and uploaded to the blockchain network. If not by jumping to (3-4).
And (3-4) if the transaction has illegal behaviors or the signature verification fails, the audit is failed, and the transaction is reported to a supervision port to track the transaction.
(4) User tracking phase
(4-1) supervision port receives illegal anonymous transaction (PK) 3 ,PK 4 M ', σ, σ'), obtaining the public key PK of the transaction sending user A 3 And the public key PK of the user B of the transaction receiver 4 。
(4-1) calling Decryption () algorithm to encrypt information { M } of the user 1 ’、M 2 ’……M n ' } carrying out decryption operation to obtain the registration information (M) of the user 1 、M 2 ……M n Find out the matched public key PK 3 And PK 4 。
Is recorded as a message M 1 、M 2 。
(4-2) by message M 1 、M 2 And acquiring a registered transaction address x of the user A and a registered transaction address y of the user B, and acquiring all information of the user A and the user B by accessing the addresses.
Fig. 4 is a flowchart of a user transaction tracking process according to the present invention, in which an audit port determines the validity of a transaction between users, and if the validity of the transaction passes, the transaction is broadcasted and uploaded to a blockchain network. If the transaction has illegal behaviors and the audit does not pass, tracking the transaction. The supervision port receives the transaction information, then decrypts the user registration information on the block chain network, then performs matching operation with the transaction information, and if the matching fails, acquires the information of the next user and performs matching operation with the next user; and if the matching is successful, acquiring the address of the user of the current transaction, accessing the information of the user through the address, and finishing the tracking.
The embodiment of the present invention further includes a network device or a storage device, where the network device operates according to the above designed method, and the storage device stores therein a program code of the above method.
The above-listed series of detailed descriptions are merely specific illustrations of possible embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent means or modifications that do not depart from the technical spirit of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. An attribute-based encryption-based transaction object identity anonymous traceable method is characterized by comprising the following steps:
s1, a user side uploads self information to a registration center RC for registration;
s2, the registration center registers the user and uploads the user to the block chain network;
s3, when the transaction occurs between the users, the auditing port checks the transaction of both the users;
s4, uploading the legal transaction to a block chain network and broadcasting;
s5, reporting to a supervision port for illegal transactions, and requesting tracking;
s6, the supervision port tracks the illegal transaction and finds out the anonymous user of the illegal transaction from the block chain network.
2. The anonymous traceable method of transaction object identity based on attribute-based encryption as claimed in claim 1, wherein the implementation of S1 comprises:
s1.1, a block chain server calls a Setup () function by calling an intelligent contract to generate a public parameter PK and a master key MK, and sends the PK and the MK to a registration center RC;
the Setup algorithm inputs the secret security parameters and outputs the public parameter PK and the master key MK, which are expressed as formula (1):
PK=(g,e(g,g) α ,g a )MK=g a (1)
wherein G is G 1 Generator of (1), G 1 Is a p-order bilinear group with prime number as an order, and randomly selects alpha and a to ensure that the alpha and the a belong to p-order integers, namely alpha, a belongs to Z p ,Z p Is an integer part of a p-order bilinear group, and e (g, g) is g and g for bilinear mapping;
s1.2 Audit Port and supervision Port groups their attributes S 1 And S 2 Sending the information to a registration center RC;
s1.3 generating audit port private key SK 1 (ii) a Generating a secret key SK by an algorithm KenGen () algorithm 1 I.e. SK 1 =KenGen(PK,SK,S 1 ) The algorithm collects S with the attributes of the audit port 1 The main key MK and the public parameter PK are used as input, and the private key SK of the audit port is output 1 (ii) a The expression is shown as formula (2):
selecting random number beta belongs to Z p ,r∈Z p ,r j ∈Z p J is subscriber S 1 I.e., j ∈ S 1 H (j) hashes the attribute string j to G 1 Element (2), D j 、D′ i Is an intermediate variable;
s1.4 generating supervision Port private Key SK 2 (ii) a By algorithm KenGen (PK, MK, S) 2 ) Generating a secret key SK 2 I.e. SK 2 =KenGen(PK,SK,S 2 ) The algorithm collects S with the attributes of the supervision ports 2 The main key MK and the public parameter PK are used as input, and the private key SK of the supervision port is output 2 The expression is shown as formula (3):
selecting a random number gamma belongs to Z p ,γ j ∈Z p J is S 2 I.e., j ∈ S 2 ;
S1.5 registration center RC uses private key SK 1 And SK 2 Respectively sending the data to an audit port and a supervision port;
1.6 Audit port and supervision port respectively obtain private key SK from registration center 1 And SK 2 。
3. The anonymous traceable method of transaction object identity based on attribute-based encryption as claimed in claim 1, wherein the implementation of S2 comprises:
s2.1, a user requests to register and apply to a registration center RC;
s2.2 user sends his own attribute group S to registration center RC 3 And registration information M 1 ;
S2.3 registration center RC obtains attribute group S of user 3 The registration center RC generates the public key PK of the user 3 And a private key SK 3 Calling KenGen () function to generate user's private key SK 3 ;
S2.4 the registration center RC sends the public key PK to the user through the registration transaction address x 3 And a private key SK 3 ;
S2.5 the registration center RC calls the Encrypt (PK, M, gamma) algorithm, namely inputs the public parameter PK, the plaintext message M, accesses the structure A and outputs the ciphertext C T I.e. C T = Encrypt (PK, M, Γ), ciphertext C T Is represented by the formula (4):
wherein random numbers are selected
Y is a set of leaf nodes of the access control tree T, any Y is equal to Y, att (Y) represents an attribute character string corresponding to the leaf node Y, H (att (Y)) hashes the attribute character string att (Y) into G 0 R is the access control structure of the access control tree T, q y (0) In the form of a constant term for a child node,
C、C y 、C′ y for intermediate variables, var h = g β ;
I.e. the registration information M of the user 1 Performing encryption operation to generate ciphertext message M 1 ', i.e. M 1 ’=Encrypt(PK,SK 3 Γ), Γ is the access control structure of the access control tree T, containing the attribute set S of the user A 3 And supervision Port Attribute group S 2 ;
S2.6 the registration center RC encrypts the ciphertext message M 1 ' upload to blockchain port in transaction broadcast.
4. The anonymous traceable method of transaction object identity based on attribute-based encryption as claimed in claim 3, wherein the implementation of S2.1 comprises:
in step 2.1, the specific operations are as follows:
step 2.1.1 user requests to provide registration application to registration center RC;
step 2.1.2 the registration center RC sends a registration transaction request to the block chain network through the examination of the registration center;
and 2.1.3, receiving the transaction request by the blockchain network, broadcasting the registration transaction, and sending the registration transaction to the address x of the user to finish registration.
5. The anonymous traceable method of transaction object identity based on attribute-based encryption, according to claim 1, wherein the implementation of S3 comprises:
s3.1, the user A sends a transaction request to the user B;
s3.2 if the user B accepts the transaction request of the user ATo find out, the user B is to the own attribute group S 4 Carrying out encryption operation to obtain an encryption attribute group S 4 ' and performs signature manipulation on the data to obtain a digital signature delta 1 ;
S3.3 user B will { δ 1 、S 4 ' } sending to user A;
s3.4 user A vs. delta 1 Carrying out signature verification, wherein the verification is not passed to the step 3.3, and the verification is passed to the step 3.5;
s3.5 user A pairs the encryption Attribute set S 4 ' decrypt to get the Attribute set S 4 ;
S3.6, the user A constructs a transaction scheme m, signs the transaction scheme m to obtain a signature sigma and an attribute base encryption and sends the signature sigma and the attribute base encryption to the user B;
s3.7 user B accepts message from user A PK 3 M 'and sigma, then carrying out decryption operation on the ciphertext transaction m' and carrying out signature verification;
s3.8 user B receives the transaction scheme m, signs its transaction scheme to get a signature σ' if he agrees to it, sends out the transaction in the form of broadcast, denoted as (PK) 3 ,PK 4 M ', σ, σ'), including public keys PK for user a and user B 3 And PK 4 Ciphertext transaction m ', and the signatures σ and σ' of user a and user B.
6. The anonymous traceable method of transaction object identity based on attribute-based encryption according to claim 5, wherein step S3.2 specifically operates as follows:
s3.2.1 user port obtains attribute set S of user B 4 And encrypting it;
s3.2.2 user B pairs encryption Attribute set S 4 ' sign to get a digital signature delta 1 And performing signature processing: inputting a file and a private key, outputting a string, i.e. inputting the property group S of the user B 4 And private key SK of user B 4 Outputting a digital signature delta 1 ;
Step S3.4 specifically operates as follows:
s3.4.1 user A receives { delta } from user B 1 、S 4 ’};
S3.4.2, verifying, inputting the file, the digital signature and the public key, outputting verification success or verification failure, jumping to the step 3.3 when the verification is not passed, and switching to the step 3.5 when the verification is passed;
step S3.6 specifically operates as follows:
s3.6.1, constructing a transaction scheme m by a user A, and carrying out digital signature on the transaction scheme m to obtain a signature sigma;
s3.6.2 the user A encrypts the transaction scheme m by using the attribute base encryption operation and calls an Encrypt () function to Encrypt the transaction scheme m to generate a ciphertext transaction m ', namely m' = Encrypt (PK, SK) 3 Γ), Γ is the access control structure of the access control tree T, containing the user a' S attribute group S 3 User B attribute group S 4 Audit port attribute set S 1 And supervision Port Attribute group S 2 ;
S3.6.3 user A will { PK 3 M', σ } to user B;
step S3.7 specifically operates as follows:
s3.7.1 user B accepts message from user A PK 3 、m’、σ};
S3.7.2, the ciphertext transaction m 'is decrypted, a Decryption () algorithm is called to decrypt the ciphertext transaction m', the Decryption algorithm is used for decrypting to obtain the expression of the message m, and the expression is shown in a formula (5):
inputting public parameters PK, ciphertext C containing access structure A T And a private key SK, namely inputting a public parameter PK, a ciphertext m' and a private key SK of a user B 4 Decrypting to obtain a transaction scheme m;
s3.7.3, signature verification is carried out on the message m, verification success or verification failure is output, the step 3.6 is carried out when verification is not passed, and the step 3.8 is carried out when verification is passed;
and (4) encrypting the transaction scheme m constructed in the step (S3.8) to generate a ciphertext transaction m ', wherein the generated ciphertext transaction m' is visible only after the two transaction parties and the supervisor decrypt the ciphertext transaction, and the third party is invisible, so that the anonymity of the transaction is protected.
7. The anonymous traceable method of transaction object identity based on attribute-based encryption as claimed in claim 1, wherein the step S4 is implemented by:
s4.1 Audit Port receives transaction information (PK) 3 ,PK 4 M ', sigma'), and auditing the transaction, if the audit is passed and the transaction belongs to a legal transaction, uploading the transaction to a block chain server;
and S4.2, if the transaction has illegal behaviors or the signature verification fails, the audit is not passed, and the transaction is reported to a supervision port to track the transaction.
8. The method according to claim 7, wherein step S4.1 specifically operates as follows:
s4.1.1, signature auditing is carried out on the transaction, ciphertext transaction m 'is decrypted, a Decryption () algorithm is called to decrypt the ciphertext transaction m' to obtain a transaction scheme m, signature verification is carried out on the transaction scheme m, and the verification does not pass through the step 4.3;
s4.1.2, auditing the transaction scheme, wherein the method can be realized by manual auditing or by block chain intelligent contract auditing or by the combination of the two, the legality of the information is discriminated by overflowing the transaction amount, and if the transaction information (PK) passes the information, the transaction information (PK) is checked 3 ,PK 4 M ', σ, σ') are broadcast on the blockchain server and uploaded to the blockchain network. If not by jumping to step 4.3.
9. The anonymous traceable method of transaction object identity based on attribute-based encryption as claimed in claim 1, wherein the step S5 is implemented by:
s5.1 supervision Port receives illegal anonymous transaction (PK) 3 ,PK 4 M ', σ, σ'), obtaining the public key PK of the user a of the sender of the transaction 3 And the public key PK of the user B of the transaction receiver 4 ;
S5.2 calling Decryption () algorithm to encrypt userInformation { M 1 ’、M 2 ’……M n ' } carrying out decryption operation to obtain the registration information (M) of the user 1 、M 2 ……M n Find out the matched public key PK 3 And PK 4 Is recorded as a message M 1 、M 2 ;
S5.3 Via message M 1 、M 2 And acquiring a registered transaction address x of the user A and a registered transaction address y of the user B, and acquiring all information of the user A and the user B by accessing the addresses.
10. A network device or a storage device, wherein the network device operates according to the method of any of claims 1 to 9, and wherein the storage device stores program code for the method of any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210756819.5A CN115174184A (en) | 2022-06-30 | 2022-06-30 | Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210756819.5A CN115174184A (en) | 2022-06-30 | 2022-06-30 | Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115174184A true CN115174184A (en) | 2022-10-11 |
Family
ID=83488842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210756819.5A Pending CN115174184A (en) | 2022-06-30 | 2022-06-30 | Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174184A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116308841A (en) * | 2023-01-30 | 2023-06-23 | 成都红云鼎科技有限公司 | Financial supervision method based on RPA and blockchain |
| CN116720839A (en) * | 2023-08-07 | 2023-09-08 | 成都创一博通科技有限公司 | Financial information management method based on blockchain technology and supervision system thereof |
-
2022
- 2022-06-30 CN CN202210756819.5A patent/CN115174184A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116308841A (en) * | 2023-01-30 | 2023-06-23 | 成都红云鼎科技有限公司 | Financial supervision method based on RPA and blockchain |
| CN116308841B (en) * | 2023-01-30 | 2024-02-06 | 成都红云鼎科技有限公司 | Financial supervision method based on RPA and blockchain |
| CN116720839A (en) * | 2023-08-07 | 2023-09-08 | 成都创一博通科技有限公司 | Financial information management method based on blockchain technology and supervision system thereof |
| CN116720839B (en) * | 2023-08-07 | 2023-10-17 | 成都创一博通科技有限公司 | Financial information management method based on blockchain technology and supervision system thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fu et al. | NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users | |
| Ning et al. | CryptCloud $^+ $+: secure and expressive data access control for cloud storage | |
| CN109145612B (en) | Block chain-based cloud data sharing method for preventing data tampering and user collusion | |
| JP4639084B2 (en) | Encryption method and encryption apparatus for secure authentication | |
| CN101807991B (en) | Ciphertext policy attribute-based encryption system and method | |
| JP2023500570A (en) | Digital signature generation using cold wallet | |
| CN115174184A (en) | Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device | |
| Xu et al. | Server-aided bilateral access control for secure data sharing with dynamic user groups | |
| Isobe et al. | Security analysis of end-to-end encryption for zoom meetings | |
| Sun et al. | Verifiable, fair and privacy-preserving broadcast authorization for flexible data sharing in clouds | |
| Kroll et al. | Secure protocols for accountable warrant execution | |
| Deng et al. | Policy-based broadcast access authorization for flexible data sharing in clouds | |
| Shin et al. | A Survey of Public Provable Data Possession Schemes with Batch Verification in Cloud Storage. | |
| Tiwari et al. | A novel secure cloud storage architecture combining proof of retrievability and revocation | |
| CN115883102B (en) | Cross-domain identity authentication method and system based on identity credibility and electronic equipment | |
| Zhang et al. | Data security in cloud storage | |
| Kaaniche et al. | Id-based user-centric data usage auditing scheme for distributed environments | |
| CN114417419A (en) | Outsourcing cloud storage medical data aggregation method with security authorization and privacy protection | |
| Aljahdali et al. | Efficient and Secure Access Control for IoT-based Environmental Monitoring | |
| Wu et al. | Verified CSAC-based CP-ABE access control of cloud storage in SWIM | |
| Kamalam et al. | Secure and efficient privacy preserving public auditing scheme for cloud storage | |
| CN115604030B (en) | Data sharing method, device, electronic equipment and storage medium | |
| Madhushree et al. | Analysis of Key Policy-Attribute Based Encryption Scheme | |
| CN116566745B (en) | Block chain-based data sharing and monitoring system and method | |
| US20230396418A1 (en) | Identity and privacy preservation in asynchronous communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |