CN115589303B - SM9 algorithm and cross-link technology based data sharing and privacy protection method - Google Patents

SM9 algorithm and cross-link technology based data sharing and privacy protection method Download PDF

Info

Publication number
CN115589303B
CN115589303B CN202210812867.1A CN202210812867A CN115589303B CN 115589303 B CN115589303 B CN 115589303B CN 202210812867 A CN202210812867 A CN 202210812867A CN 115589303 B CN115589303 B CN 115589303B
Authority
CN
China
Prior art keywords
kgc
chain
alice
identity
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210812867.1A
Other languages
Chinese (zh)
Other versions
CN115589303A (en
Inventor
冯勇
王华杰
李英娜
张晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kunming University of Science and Technology
Original Assignee
Kunming University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kunming University of Science and Technology filed Critical Kunming University of Science and Technology
Priority to CN202210812867.1A priority Critical patent/CN115589303B/en
Publication of CN115589303A publication Critical patent/CN115589303A/en
Application granted granted Critical
Publication of CN115589303B publication Critical patent/CN115589303B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a data sharing and privacy protection method based on SM9 algorithm and cross-chain technology, which comprises a mechanism chain, a certificate store chain, a Key Generation Center (KGC) and a Cloud Service Provider (CSP) module operation mode; the SM9 identification cipher algorithm is used to generate the public and private key pairs of the user, including digital signature algorithm, key exchange algorithm and public key encryption algorithm, so as to raise the safety of cipher protection, i.e. raise the safety of data sharing and privacy protection.

Description

SM9 algorithm and cross-link technology based data sharing and privacy protection method
Technical Field
The invention belongs to the technical field of data sharing and privacy protection, and particularly relates to a data sharing and privacy protection method based on an SM9 algorithm and a cross-link technology.
Background
The blockchain technology has the characteristics of decentralization, decrustation and the like, so that information can be transferred with other nodes under the condition of no trusted third party, the information interaction efficiency is effectively improved, the interaction cost is reduced, and the blockchain technology has a relatively broad prospect in the fields of industrial Internet of things, finance and the like. However, in the present case, the blockchain industry is isolated by many different platforms and protocols, forming various blockchain islands. Limitations regarding data transfer between different blockchains reduce the effectiveness and comfort of data sharing between different blockchain users and prevent new developments within the blockchain ecosystem. Interoperability must be a new direction of development for blockchain technology. Meanwhile, in order to achieve the purposes of node consensus and the like, part of information in the blockchain must keep transparency or openness for the nodes of the whole network, but this definitely increases the risk of privacy disclosure among users, so that the protection of user identity privacy and transaction data privacy in the transaction process needs to be focused.
Li Fang et al summarize the currently mainstream cross-chain technology in the "blockchain cross-chain technology progression study" published 2019, and the cross-chain technology can be divided into three categories: notary mechanism, hash lock, side chain/relay. The hash locking is the simplest from the realization difficulty, but the method is only used for the interaction of the cross-chain asset, the notary mechanism theory is applicable to the interaction of all block chains, the problem of credibility of notary needs to be solved, and the side chain/relay mechanism has great potential, but the realization difficulty is very great.
Identity-based cryptography (IBC) was proposed by Shamir et al in 1984, but definition of identity-based cryptosystem (IBE) was formally given by Boneh and Franklin et al in 2001. IBC is a type of public key cryptography in which an identifier representing the identity of an entity is used as a public key. In IBC systems, a trusted party named Key Generation Center (KGC) is responsible for creating a private key based on the identity of an entity. In fact, most existing authentication mechanisms build on Public Key Infrastructure (PKI) systems, where one trusted third party, named Certificate Authority (CA), is involved to provide a root of trust for all PKI certificates. The traditional PKI system does not accord with the characteristics of block chain 'decentralization' and 'distrustation' because of the overlarge weight of a trusted center, and besides, the certificate is used for verifying the identities of individuals, equipment and other entities, but high management cost can be brought, the CA is easy to be potentially attacked, and operation errors are easy to occur.
"Identity-based mutual device authentication schemes for PLC system" published by heo et al in 2008 proposes an Identity-based interactive device authentication scheme for Power Line Communication (PLC). Since public key certificates are not used, the possibility of attack of the CA is avoided, and the operation complexity of deploying and managing identities is effectively reduced.
"Identity-based authentication for cloud computing" published by Li et al in 2009 proposes an Identity-based cloud computing authentication scheme that is considered more efficient than the SSL authentication protocol. However, since the authenticator is a cloud server and a device user, mutual authentication of the peer devices is not considered.
However, the existing cross-chain technology has higher limitation, such as being capable of only supporting exchange of tokens, but not realizing data sharing, and lacks privacy protection for both interaction parties, and has the potential of realizing more functions, but still is still immature, and cannot effectively realize data sharing among mechanism users maintaining different blockchains. Secondly, for the strategy of realizing privacy protection by using the cryptography technology based on the identity, although the cryptography system based on the identity is widely researched so far, most of researches are developed around the cryptographic algorithm proposed abroad, and the strategic requirements of the information security technology including the cryptographic technology and the autonomous advanced security and controllability of products in China are not met.
Accordingly, there is a need for a data sharing and privacy preserving method that overcomes the above-described deficiencies.
Disclosure of Invention
In order to solve the technical problems, the invention provides a data sharing and privacy protection method based on an SM9 algorithm and a cross-chain technology.
In order to achieve the technical effect of solving the technical problems, the invention is realized by the following technical scheme: the data sharing and privacy protection method based on the SM9 algorithm and the cross-chain technology is characterized by comprising the following steps of:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization a, organization B and certification chain, wherein KGC A 、KGC B And KGC Root Respectively represent the key generating centers, N in the organization A, the organization B and the certificate authority system A 、N B And N Root The factors of elliptic curve orders used by a mechanism A, a mechanism B and a certification chain system in the SM9 identification password algorithm are respectively represented;
step2: the system main public keys of the mechanism A, the mechanism B and the certificate storing chain are respectively as follows:
and->Wherein-> And->Respectively represent the loop groups used by the mechanism A, the mechanism B and the certification chain system in the SM9 identification password algorithmAnd->The system main public key is disclosed to the whole network,
the system main private key is stored by each KGC;
Step3: mechanism A, mechanism B and forensic chain systems through KGC A 、KGC B And KGC Root Calculating public and private key pairs for nodes on the mechanism chain A, the mechanism chain B and the certificate storage chain;
step4: alice first generates its anonymous identityThen will->Self pair->Is sent to KGC A Application for anonymous identity signature private key dA Alice
Step5:KGC A After receiving the request of Alice, verifying the signature of Alice, if the verification is not passed, rejecting the request of Alice, if the verification is passed, based on the anonymous identity of AliceGenerating anonymous identity signing key dA for Alice Alice Encrypting the corresponding relation between Alice and its anonymous identity and storing in KGC A In the local storage list, and the anonymous identity of Alice +.>Sent to KGC Root ,KGC Root Record it in the local storage list;
step6: alice generates a data sharing request message m, signs the message m using an anonymous identity signature private key, and signs it to KGC A Current value primary node B of request mechanism chain B 2 Public keys in the authentication chain; alice obtains primary node B 2 After the public key of (B), bob, primary node B, respectively 2 Primary node a 2 Three layers of encryption are carried out on the public key of the A-type encryption system and then the three layers of encryption system are sent to the A 2
Wherein Enc x (m) represents encrypting the message m using the public key of the user x, sig x (m) means signing the message m using the private key of the user x,signing message m using user x's anonymous identity signature private key, A 2 Decrypting after receiving, and verifying the true identity signature of Alice;
if it passes, it is identified by the mechanism chain unique identifier ID ChainB Further sending the message to B 2
B 2 After receiving, decrypting, first inquiring KGC Root Whether or not to contain the anonymous identityIf it does not include the primary node A 1 Sending a data update request, the primary node A 1 Updating the latest anonymous identity on mechanism chain A to KGC Root If the updated latest data still does not contain +.>The transaction fails; if KGC Root If the identity is included, the identity is used to verify the anonymous identity signature, and if the anonymous identity signature passes, the anonymous identity signature is verified according to the identity identifier ID of Bob Bob Sending the message to Bob;
step7: after Bob receives the message, it decrypts the private key of Bob, verifies the true identity signature and anonymous identity signature of Alice again, and after verification, bob generates its anonymous identityAnd to KGC B Signature private key dA for applying anonymous identity Bob KGC after successful generation B Will->Save to local storage list, primary node B 1 To KGC Root And sending the updated anonymous identity information. Bob generates a data sharing response message m containing shared data index information And to KGC B The current value primary node A of the chain of request mechanisms A 2 Public keys in the certification chain. Obtaining a primary node A 2 After the public key of (2), the message is similarly three-layer encrypted:
similarly, B 2 Decrypting after receiving the message, verifying the true identity signature of Bob, and after verification, verifying the anonymous identity of Alice, the anonymous identity signature and B 2 The signature of the self-signed message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain B is set to be a pre-submitting state; b (B) 2 According to ID ChainA Further send the message to A 2
A 2 Decrypting and verifying the anonymous identity signature of Bob, and after verification, carrying out authentication on the anonymous identity, the anonymous identity signature and A of Bob 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain A is also set to be a pre-submitting state, and the message is sent to Alice;
step8: after receiving the message, alice decrypts and verifies again, and after passing, uses the shared data index and the true identity signature of Bob to apply for accessing the CSP. After verifying that the data index, the anonymous identity signature of Alice and the true identity signature of Bob pass, the CSP manager allows Alice to acquire complete data, sends the operation, the operation time stamp and the signature of Alice on the data to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction determination intelligent contract, the contract generates transaction information to be written into the block:
broadcast in the certification chain, after other nodes in the certification chain pass the verification, the transaction is written into the certification chain block, A 2 、B 2 Synchronizing transaction information into institution chain a and institution chain B; when disputes occur in the transaction, the secondary node can send an application to KGC, and trace the source of the transaction process;
further, in Step1, the mechanism A and the mechanism B maintain the mechanism chain A and the mechanism chain B respectively, and the KGC is used for the mechanism chain A and the mechanism chain B A And KGC B Managing and generating keys of users in organizations A and B, respectively, and respectively electing a principal node A by an organization chain A and an organization chain B 1 、A 2 And B 1 、B 2 As representative in the access mechanism chain, where the primary node A 1 、B 1 Responsible for updating subscriber identity information in institutions a and B to KGC Root In the middle, the main node A 2 、B 2 The secondary node is used as a common user to initiate a cross-link data sharing request;
further, in Step2, the system master public key discloses to the whole network that a user in any organization can query the system master public key of another organization through KGCs in the organization, and the system master private key is stored by each KGC to indicate that the private key cannot be leaked;
further, in Step3, the public-private key pair calculation method of the node is as follows:
let the identity identifier of user X in organization X be ID x ,KGC X First in the finite field used by mechanism XUpper calculation
t 1 =H 1 (ID x ||hid x ,N x )+ks x
Wherein his is X Key generation function identifier, N, representing SM9 identity cryptographic algorithm used in institution X X A prime factor, ks, representing the order of the elliptic curve used by mechanism X in SM9 identity cryptography algorithm X Is the system master private key of organization X; if t 1 If 0, the system primary private key and the primary public key need to be recalculated, and the existing user private key is updated, if t 1 Not equal to 0, calculate
Wherein the method comprises the steps ofTo this end, the private key of user x can be calculated as
Any user can calculate and obtain the public key of the user x according to the following formula
Wherein H is 1 () Is a cryptographic hash function used by the SM9 algorithm, in whichThe system master public key representing the organization X, the public-private key pair of the user X calculated as described above can be expressed as (pk x ,d x );
Further, in Step4, the method for generating the anonymous identity is as follows:
let the identity identifier of user X in organization X be ID x Anonymous identity of user xCan be expressed as
Wherein H is 1 () Is a cryptographic hash function used by SM9 algorithm, nonce is a random number chosen by user x and nonce e 1, n X -1]Timestamp represents the current Timestamp;
further, KGC in Step5 A The method for generating the public and private key pair of the Alice anonymous identity is the same as the method for generating the public and private key pair of the node in Step 3; anonymous identity of AliceThrough the main node A 1 Sent to KGC Root
Further, in Step6, KGC A Through the main node A 1 Acquisition of KGC Root Bob, B stored in (B) 2 Public key information of (a) and sending the public key information to Alice;
further, in Step7, the anonymous identity generation process of Bob is as followsThe generation mode of the public and private key pair of the anonymous identity of Bob is the same as that of the node public and private key pair in Step 3; KGC (KGC) B By primary node B 1 Acquisition of KGC Root Alice, B stored in (a) 2 Public key information of (a) and sending the public key information to Bob;
further, in Step7, the transaction determination smart contract is used to generate transaction information only when the primary node A 2 、B 2 And CSP administrators set transaction states as pre-submitted, and the transaction information TX is generated after signature verification submitted by the transaction judgment intelligent contract on the CSP administrators is passed;
further, in Step9, the user in the mechanism chain A and the mechanism chain B can connect the main node A 1 、B 1 Synchronizing to KGC A 、KGC B Transaction information in (a) and primary node a 2 、B 2 The issued transaction information is compared with the consistency of the verified transaction information, the validity of the transaction can be checked by verifying the signature contained in the transaction information, and when the user disputes the transaction information, the data in each KGC and in a certification chain can be called to trace or trace the source or the responsibility of the disputed transaction;
the beneficial effects of the invention are as follows:
the method provided by the invention comprises a mechanism chain, a certificate authority chain, a key generation center (key generation center, KGC for short) and a cloud service provider (cloud service provider, CSP for short) module operation mode; the mechanism chain is contained in a block chain system maintained by each mechanism respectively and is mainly used for storing related transaction information related to data held by the mechanism and data abstract and index information held by the mechanism, and the authenticity of the data is verified by comparing the data abstract stored on the chain with a recalculated hash value on an actual file; the complete data maintained by the user in the organization is stored in the CSP pointed by the index on the chain, and the user in the organization can acquire the complete data from the CSP according to the index so as to avoid storing a large amount of data on the blockchain, thereby improving the operation efficiency of the system. Meanwhile, the invention applies the SM9 identification password algorithm, can use the identity of the user to generate the public and private key pairs of the user, and comprises three parts of a digital signature algorithm, a key exchange algorithm and a public key encryption algorithm, thereby improving the security of password protection, namely improving the security of data sharing and privacy protection.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a cross-chain data sharing framework model of the present invention;
FIG. 2 is a schematic diagram of a node configuration of the present invention;
FIG. 3 is a flow chart of cross-chain data sharing according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
Referring to fig. 1 and fig. 3, the data sharing and privacy protection method based on SM9 algorithm and cross-link technology is characterized by comprising the following steps:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization a, organization B and certification chain, wherein KGC A 、KGC B And KGC Root Respectively represent the key generating centers, N in the organization A, the organization B and the certificate authority system A 、N B And N Root The factors of elliptic curve orders used by a mechanism A, a mechanism B and a certification chain system in the SM9 identification password algorithm are respectively represented;
step2: the system main public keys of the mechanism A, the mechanism B and the certificate storing chain are respectively as follows:
and->Wherein-> And->Respectively represent the loop groups used by the mechanism A, the mechanism B and the certification chain system in the SM9 identification password algorithmAnd->The system main public key is disclosed to the whole network,
the system main private key is stored by each KGC;
step3: mechanism A, mechanism B and forensic chain systems through KGC A 、KGC B And KGC Root Calculating public and private key pairs for nodes on the mechanism chain A, the mechanism chain B and the certificate storage chain;
step4: alice first generates its anonymous identityThen will->Self pair->Is sent to KGC A Application for anonymous identity signature private key dA Alice
Step5:KGC A After receiving the request of Alice, verifying the signature of Alice, if the verification is not passed, rejecting the request of Alice, if the verification is passed, based on the anonymous identity of AliceGenerating anonymous identity signing key dA for Alice Alice Encrypting the corresponding relation between Alice and its anonymous identity and storing in KGC A In the local storage list, and the anonymous identity of Alice +.>Sent to KGC Root ,KGC Root Record it in the local storage list;
step6: alice generates a data sharing request message m, signs the message m using an anonymous identity signature private key, and signs it to KGC A Current value primary node B of request mechanism chain B 2 Public keys in the certification chain. Alice obtains primary node B 2 After the public key of (B), bob, primary node B, respectively 2 Primary node a 2 Three layers of encryption are carried out on the public key of the A-type encryption system and then the three layers of encryption system are sent to the A 2
Wherein En isc x (m) represents encrypting the message m using the public key of the user x, sig x (m) means signing the message m using the private key of the user x,signing message m using user x's anonymous identity signature private key, A 2 Decrypting after receiving, and verifying the true identity signature of Alice;
if it passes, it is identified by the mechanism chain unique identifier ID ChainB Further sending the message to B 2
B 2 After receiving, decrypting, first inquiring KGC Root Whether or not to contain the anonymous identityIf it does not include the primary node A 1 Sending a data update request, the primary node A 1 Updating the latest anonymous identity on mechanism chain A to KGC Root If the updated latest data still does not contain +.>The transaction fails. If KGC Root If the identity is included, the identity is used to verify the anonymous identity signature, and if the anonymous identity signature passes, the anonymous identity signature is verified according to the identity identifier ID of Bob Bob Sending the message to Bob;
step7: after Bob receives the message, it decrypts the private key of Bob, verifies the true identity signature and anonymous identity signature of Alice again, and after verification, bob generates its anonymous identityAnd to KGC B Signature private key dA for applying anonymous identity Bob KGC after successful generation B Will->Save to local storage list, primary node B 1 To KGC Root And sending the updated anonymous identity information. Bob generates a data sharing response message M containing shared data index information And to KGC B The current value primary node A of the chain of request mechanisms A 2 Public keys in the certification chain. Obtaining a primary node A 2 After the public key of (2), the message is similarly three-layer encrypted:
similarly, B 2 Decrypting after receiving the message, verifying the true identity signature of Bob, and after verification, verifying the anonymous identity of Alice, the anonymous identity signature and B 2 The signature of the self-signed message is uploaded to the transaction determination intelligent contract, and the transaction state of the institution chain B is set to be a pre-submitting state. B (B) 2 According to ID ChainA Further send the message to A 2
A 2 Decrypting and verifying the anonymous identity signature of Bob, and after verification, carrying out authentication on the anonymous identity, the anonymous identity signature and A of Bob 2 Self-signed upload of message toIn the transaction judgment intelligent contract, the transaction state of the mechanism chain A is also set to be a pre-submitting state, and a message is sent to Alice;
step8: after receiving the message, alice decrypts and verifies again, and after passing, uses the shared data index and the true identity signature of Bob to apply for accessing the CSP. After verifying that the data index, the anonymous identity signature of Alice and the true identity signature of Bob pass, the CSP manager allows Alice to acquire complete data, sends the operation, the operation time stamp and the signature of Alice on the data to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction determination intelligent contract, the contract generates transaction information to be written into the block:
broadcast in the certification chain, after other nodes in the certification chain pass the verification, the transaction is written into the certification chain block, A 2 、B 2 The transaction information is synchronized into institution chain a and institution chain B. When disputes occur in the transaction, the secondary node can send an application to KGC, and trace the source of the transaction process;
in Step1, the mechanism A and the mechanism B maintain the mechanism chain A and the mechanism chain B respectively, and the KGC is used for detecting the position of the mechanism chain A and the mechanism chain B A And KGC B Managing and generating keys of users in organizations A and B, respectively, and respectively electing a principal node A by an organization chain A and an organization chain B 1 、A 2 And B 1 、B 2 As representative in the access mechanism chain, where the primary node A 1 、B 1 Responsible for updating subscriber identity information in institutions a and B to KGC Root In the middle, the main node A 2 、B 2 Takes charge of transmitting cross-link information as a middleman, and a secondary node can initiate as a common userA cross-chain data sharing request;
in Step2, the system master public key discloses to the whole network that a user in any organization can inquire the system master public key of another organization through KGCs in the organization, and the system master private key is stored by each KGC to indicate that the private key cannot be leaked;
in Step3, the public-private key pair calculation method of the node is as follows:
let the identity identifier of user X in organization X be ID x ,KGC x First in the finite field used by mechanism XUpper calculation
t 1 =H 1 (ID x ||hid X ,N X )+ks X
Wherein his is X Key generation function identifier, N, representing SM9 identity cryptographic algorithm used in institution X X A prime factor, ks, representing the order of the elliptic curve used by mechanism X in SM9 identity cryptography algorithm X Is the system master private key of institution X. If t 1 If 0, the system primary private key and the primary public key need to be recalculated, and the existing user private key is updated, if t 1 Not equal to 0, calculate
Wherein the method comprises the steps ofTo this end, the private key of user x can be calculated as
Any user can calculate and obtain the public key of the user x according to the following formula
Wherein the method comprises the steps ofThe system master public key representing the organization X, the public-private key pair of the user X calculated as described above can be expressed as (pk x ,d x );
In Step4, the method for generating the anonymous identity is as follows:
let the identity identifier of user X in organization X be ID x Anonymous identity of user xCan be expressed as
Wherein H is 1 () Is a cryptographic hash function used by SM9 algorithm, nonce is a random number chosen by user x and nonce e 1, n X -1]Timestamp represents the current Timestamp;
further, KGC in Step5 A The method for generating the public and private key pair of the Alice anonymous identity is the same as the method for generating the public and private key pair of the node in Step 3. Anonymous identity of AliceThrough the main node A 1 Sent to KGC Root
KGC in Step6 A Through the main node A 1 Acquisition of KGC Root Bob, B stored in (B) 2 Public key information of (a) and sending the public key information to Alice;
the anonymous identity generation process of Bob in Step7 is thatThe generation mode of the public and private key pair of the anonymous identity of Bob is the same as that of the node public and private key pair in Step 3. KGC (KGC) B By primary node B 1 Acquisition of KGC Root Alice, B stored in (a) 2 Public key information of (a) and sending the public key information to Bob;
in Step7, the transaction determination smart contract is used to generate transaction information only when the primary node A 2 、B 2 And CSP administrators set transaction states as pre-submitted, and the transaction information TX is generated after signature verification submitted by the transaction judgment intelligent contract on the CSP administrators is passed;
in Step9, the user in the mechanism chain A and the mechanism chain B can make the main node A 1 、B 1 Synchronizing to KGC A 、KGC B Transaction information in (a) and primary node a 2 、B 2 The issued transaction information is compared with the consistency of the verified transaction information, the validity of the transaction can be checked by verifying the signature contained in the transaction information, and when the user disputes the transaction information, the data in each KGC and in a certification chain can be called to trace or overtake the disputed transaction.
In summary, the method provided by the present invention includes a mechanism chain, a certificate authority chain, a key generation center (key generation center, abbreviated as KGC) and a cloud service provider (cloud service provider, abbreviated as CSP) module operation mode; the mechanism chain is contained in a block chain system maintained by each mechanism respectively and is mainly used for storing related transaction information related to data held by the mechanism and data abstract and index information held by the mechanism, and the authenticity of the data is verified by comparing the data abstract stored on the chain with a recalculated hash value on an actual file; the complete data maintained by the user in the organization is stored in the CSP pointed by the index on the chain, and the user in the organization can acquire the complete data from the CSP according to the index so as to avoid storing a large amount of data on the blockchain, thereby improving the operation efficiency of the system. Meanwhile, the invention applies the SM9 identification password algorithm, can use the identity of the user to generate the public and private key pairs of the user, and comprises three parts of a digital signature algorithm, a key exchange algorithm and a public key encryption algorithm, thereby improving the security of password protection, namely improving the security of data sharing and privacy protection.
In the description of the present specification, the descriptions of the terms "one embodiment," "example," "specific example," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.

Claims (9)

1. The data sharing and privacy protection method based on the SM9 algorithm and the cross-chain technology is characterized by comprising the following steps of:
Step1:KGC A 、KGC B and KGC Root Respectively selecting random numbers ks A ∈[1,N A -1]、ks B ∈[1,N B -1]And ks Root ∈[1,N Root -1]System master private key as organization a, organization B and certification chain, wherein KGC A 、KGC B And KGC Root Respectively represent the key generating centers, N in the organization A, the organization B and the certificate authority system A 、N B And N Root The factors of elliptic curve orders used by a mechanism A, a mechanism B and a certification chain system in the SM9 identification password algorithm are respectively represented;
step2: the system main public keys of the mechanism A, the mechanism B and the certificate storing chain are respectively as follows:and->Wherein-> Andrespectively represent the loop group used by the mechanism A, the mechanism B and the certification chain system in the SM9 identification password algorithm>Andthe system main public key is disclosed to the whole network, and the system main private key is stored by each KGC;
step3: mechanism A, mechanism B and forensic chain systems through KGC A 、KGC B And KGC Root Calculating public and private key pairs for nodes on the mechanism chain A, the mechanism chain B and the certificate storage chain; the public-private key pair calculation method of the node is as follows:
let the identity identifier of user X in organization X be ID x ,KGC X First in the finite field used by mechanism XUpper calculation
t 1 =H 1 (ID x ||hid X ,N X )+ks X
Wherein his is X Key generation function identifier, N, representing SM9 identity cryptographic algorithm used in institution X X A prime factor, ks, representing the order of the elliptic curve used by mechanism X in SM9 identity cryptography algorithm X Is the system master private key of organization X; if t 1 If 0, the system primary private key and the primary public key need to be recalculated, and the existing user private key is updated, if t 1 Not equal to 0, calculate
Wherein the method comprises the steps ofTo this end, the private key of user x can be calculated as
Any user can calculate and obtain the public key of the user x according to the following formula
Wherein H is 1 () Is the cryptographic hash function used by the SM9 algorithm,the system master public key representing the organization X, the public-private key pair of the user X calculated as described above can be expressed as (pk x ,d x );
Step4: alice first generates its anonymous identityThen will->Self pair->Is sent to KGC A Application for anonymous identity signature private key dA Alice
Step5:KGC A After receiving the request of Alice, verifying the signature of Alice, if the verification is not passed, rejecting the request of Alice, if the verification is passed, anonymizing the person based on AliceParts by weightGenerating anonymous identity signing key dA for Alice Alice Encrypting the corresponding relation between Alice and its anonymous identity and storing in KGC A In the local storage list, and the anonymous identity of Alice +.>Sent to KGC Root ,KGC Root Record it in the local storage list;
step6: alice generates a data sharing request message m, signs the message m using an anonymous identity signature private key, and signs it to KGC A Current value primary node B of request mechanism chain B 2 Public keys in the authentication chain; alice obtains primary node B 2 After the public key of (B), bob, primary node B, respectively 2 Primary node a 2 Three layers of encryption are carried out on the public key of the A-type encryption system and then the three layers of encryption system are sent to the A 2
Wherein Enc x (m) represents encrypting the message m using the public key of the user x, sig x (m) means signing the message m using the private key of the user x,signing message m using user x's anonymous identity signature private key, A 2 Decrypting after receiving, and verifying the true identity signature of Alice;
if it passes, it is identified by the mechanism chain unique identifier ID ChainB Further sending the message to B 2 :
B 2 After receiving, decrypting, first inquiring KGC Root Whether or not to contain the anonymous identityIf it does not include the primary node A 1 Sending a data update request, the primary node A 1 Updating the latest anonymous identity on mechanism chain A to KGC Root If the updated latest data still does not contain +.>The transaction fails; if KGC Root If the identity is included, the identity is used to verify the anonymous identity signature, and if the anonymous identity signature passes, the anonymous identity signature is verified according to the identity identifier ID of Bob Bob Sending the message to Bob;
step7: after Bob receives the message, it decrypts the private key of Bob, verifies the true identity signature and anonymous identity signature of Alice again, and after verification, bob generates its anonymous identityAnd to KGC B Signature private key dA for applying anonymous identity Bob KGC after successful generation B Will->Save to local storage list, primary node B 1 To KGC Root Transmitting the updated anonymous identity information; bob generates a data sharing response message m' containing the shared data index information and sends it to KGC B The current value primary node A of the chain of request mechanisms A 2 Public keys in the authentication chain; obtaining a primary node A 2 After the public key of (2), the message is similarly three-layer encrypted:
B 2 decrypting after receiving the message, verifying the true identity signature of Bob, and after verification, verifying the anonymous identity of Alice, the anonymous identity signature and B 2 The signature of the self-signed message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain B is set to be a pre-submitting state; b (B) 2 According to ID ChainA Further send the message to A 2
A 2 Decrypting and verifying the anonymous identity signature of Bob, and after verification, carrying out authentication on the anonymous identity, the anonymous identity signature and A of Bob 2 The signature of the self to the message is uploaded to a transaction judgment intelligent contract, and the transaction state of the mechanism chain A is also set to be a pre-submitting state, and the message is sent to Alice;
step8: after Alice receives the message, decrypting and re-verifying, and after passing, applying for accessing CSP by using the shared data index and the true identity signature of Bob; after verifying that the data index, the anonymous identity signature of Alice and the true identity signature of Bob pass, the CSP manager allows Alice to acquire complete data, sends the operation, the operation time stamp and the signature of Alice on the data to a transaction judgment intelligent contract, and sets the transaction state as pre-submission;
step9: when the transaction passes the verification of the transaction determination intelligent contract, the contract generates transaction information to be written into the block:
broadcast in the certification chain, after other nodes in the certification chain pass the verification, the transaction is written into the certification chain block, A 2 、B 2 Synchronizing transaction information into institution chain a and institution chain B; when disputes occur in the transaction, the secondary node can send an application to the KGC to trace the source of the transaction process.
2. The method for sharing and protecting privacy of data based on SM9 algorithm and cross-chain technique according to claim 1, wherein in Step1, mechanism A and mechanism B maintain mechanism chain A and mechanism chain B, respectively, by KGC A And KGC B Managing and generating keys of users in organizations A and B, respectively, and respectively electing a principal node A by an organization chain A and an organization chain B 1 、A 2 And B 1 、B 2 As representative in the access mechanism chain, where the primary node A 1 、B 1 Responsible for updating subscriber identity information in institutions a and B to KGC Root In the middle, the main node A 2 、B 2 The secondary node is used as a common user to initiate a cross-link data sharing request.
3. The method for data sharing and privacy protection based on SM9 algorithm and cross-chain technology according to claim 1, wherein in Step2, the system master public key discloses to the whole network that a user in any organization can query the system master public key of another organization through KGCs in the organization, and the system master private key is kept by KGCs to indicate that the private key cannot be revealed.
4. The method for data sharing and privacy protection based on SM9 algorithm and cross-chain technology according to claim 1, wherein in Step4, the method for generating anonymous identity is as follows:
let the identity identifier of user X in organization X be ID x Anonymous identity of user xCan be expressed as
Wherein H is 1 () Is a cryptographic hash function used by SM9 algorithm, nonce is a random number chosen by user x and nonce e 1, n X -1]Timestamp represents the current Timestamp.
5. The method for sharing and protecting privacy of data based on SM9 algorithm and cross-chain technology according to claim 1, wherein KGC in Step5 A The method for generating the public and private key pair of the Alice anonymous identity is the same as the method for generating the public and private key pair of the node in Step 3; anonymous identity of AliceThrough the main node A 1 Sent to KGC Root
6. The method for sharing and protecting privacy of data based on SM9 algorithm and cross-chain technology according to claim 1, wherein KGC in Step6 A Through the main node A 1 Acquisition of KGC Root Bob, B stored in (B) 2 And sends to Alice the public key information of (a).
7. The method for sharing and protecting privacy of data based on SM9 algorithm and cross-chain technology according to claim 1, wherein in Step7, the anonymous identity generation process of Bob is as followsThe generation mode of the public and private key pair of the anonymous identity of Bob is the same as that of the node public and private key pair in Step 3; KGC (KGC) B By primary node B 1 Acquisition of KGC Root Alice, B stored in (a) 2 And sends to Bob the public key information of (c).
8. The method for data sharing and privacy protection based on SM9 algorithm and cross-chain technology as claimed in claim 1, wherein in Step7, the transaction decision smart contract is used to generate transaction information only when the primary node a 2 、B 2 And CSP administrators set the transaction status to pre-commit and the transaction determination smart contracts pass signature verification of their commitments before generating transaction information TX.
9. The method for data sharing and privacy protection based on SM9 algorithm and cross-chain technology according to claim 1, wherein in Step9, users in mechanism chain A and mechanism chain B can make the main node A 1 、B 1 Synchronizing to KGC A 、KGC B Transaction information in (a) and primary node a 2 、B 2 The issued transaction information is compared with the consistency of the verified transaction information, the validity of the transaction can be checked by verifying the signature contained in the transaction information, and when the user disputes the transaction information, the data in each KGC and in a certification chain can be called to trace or overtake the disputed transaction.
CN202210812867.1A 2022-07-11 2022-07-11 SM9 algorithm and cross-link technology based data sharing and privacy protection method Active CN115589303B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210812867.1A CN115589303B (en) 2022-07-11 2022-07-11 SM9 algorithm and cross-link technology based data sharing and privacy protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210812867.1A CN115589303B (en) 2022-07-11 2022-07-11 SM9 algorithm and cross-link technology based data sharing and privacy protection method

Publications (2)

Publication Number Publication Date
CN115589303A CN115589303A (en) 2023-01-10
CN115589303B true CN115589303B (en) 2024-02-27

Family

ID=84771130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210812867.1A Active CN115589303B (en) 2022-07-11 2022-07-11 SM9 algorithm and cross-link technology based data sharing and privacy protection method

Country Status (1)

Country Link
CN (1) CN115589303B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768607A (en) * 2018-05-14 2018-11-06 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of voting method, device, equipment and medium based on block chain
CN109409884A (en) * 2018-10-25 2019-03-01 北京安如山文化科技有限公司 A kind of block chain secret protection scheme and system based on SM9 algorithm
CN112261078A (en) * 2020-09-11 2021-01-22 山东师范大学 Block chain-based road rescue privacy protection system and method in fog computing environment
WO2021120615A1 (en) * 2019-12-19 2021-06-24 肖光昱 Encryption apparatus, encryption system and data encryption method
CN113468570A (en) * 2021-07-15 2021-10-01 湖北央中巨石信息技术有限公司 Private data sharing method based on intelligent contract
CN113596777A (en) * 2021-07-26 2021-11-02 一汽奔腾轿车有限公司 Intelligent networking automobile anonymous identity authentication system and method based on block chain
CN113783836A (en) * 2021-08-02 2021-12-10 南京邮电大学 Internet of things data access control method and system based on block chain and IBE algorithm
CN113824563A (en) * 2021-09-07 2021-12-21 电子科技大学 Cross-domain identity authentication method based on block chain certificate
CN114358772A (en) * 2021-12-22 2022-04-15 江苏众享金联科技有限公司 Block chain-based interconnection system
WO2022089237A1 (en) * 2020-10-29 2022-05-05 深圳壹账通智能科技有限公司 Blockchain-based value verification method and apparatus, computer device and medium
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN114615095A (en) * 2022-05-12 2022-06-10 北京邮电大学 Block chain cross-chain data processing method, relay chain, application chain and cross-chain network
CN114629720A (en) * 2022-04-12 2022-06-14 浙江工业大学 Industrial Internet cross-domain authentication method based on block chain and Handle identification

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768607A (en) * 2018-05-14 2018-11-06 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of voting method, device, equipment and medium based on block chain
CN109409884A (en) * 2018-10-25 2019-03-01 北京安如山文化科技有限公司 A kind of block chain secret protection scheme and system based on SM9 algorithm
WO2021120615A1 (en) * 2019-12-19 2021-06-24 肖光昱 Encryption apparatus, encryption system and data encryption method
CN112261078A (en) * 2020-09-11 2021-01-22 山东师范大学 Block chain-based road rescue privacy protection system and method in fog computing environment
WO2022089237A1 (en) * 2020-10-29 2022-05-05 深圳壹账通智能科技有限公司 Blockchain-based value verification method and apparatus, computer device and medium
CN113468570A (en) * 2021-07-15 2021-10-01 湖北央中巨石信息技术有限公司 Private data sharing method based on intelligent contract
CN113596777A (en) * 2021-07-26 2021-11-02 一汽奔腾轿车有限公司 Intelligent networking automobile anonymous identity authentication system and method based on block chain
CN113783836A (en) * 2021-08-02 2021-12-10 南京邮电大学 Internet of things data access control method and system based on block chain and IBE algorithm
CN113824563A (en) * 2021-09-07 2021-12-21 电子科技大学 Cross-domain identity authentication method based on block chain certificate
CN114358772A (en) * 2021-12-22 2022-04-15 江苏众享金联科技有限公司 Block chain-based interconnection system
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN114629720A (en) * 2022-04-12 2022-06-14 浙江工业大学 Industrial Internet cross-domain authentication method based on block chain and Handle identification
CN114615095A (en) * 2022-05-12 2022-06-10 北京邮电大学 Block chain cross-chain data processing method, relay chain, application chain and cross-chain network

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Shichang Xuan,Haibo Xiao,Dapeng Man,Wei Wang,and Wu Yang.A Cross-Domain authentication optimization scheme between heterogeneous IOT application.《Hindawi》.2021,全文. *
Wang Huajie, Gan Jin,Feng Yong,Li Yingna,Fu xiaodong.A privacy enhancement scheme based on blockchain and blind signature of Internet of vehicles.《Springer》.2022,全文. *
基于SM9算法可证明安全的区块链隐私保护方案;杨亚涛;蔡居良;张筱薇;袁征;;软件学报;20190327(06);全文 *
基于区块链技术的跨域认证方案;马晓婷;马文平;刘小雪;;电子学报;20181115(11);全文 *

Also Published As

Publication number Publication date
CN115589303A (en) 2023-01-10

Similar Documents

Publication Publication Date Title
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
US10903991B1 (en) Systems and methods for generating signatures
CN1980123B (en) Realizing method for PKI system based on IBE and key management apparatus
US20060215837A1 (en) Method and apparatus for generating an identifier-based public/private key pair
CN103354498A (en) Identity-based file encryption transmission method
US20210152370A1 (en) Digital signature method, device, and system
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN114884698B (en) Kerberos and IBC security domain cross-domain authentication method based on alliance chain
CN105610773A (en) Communication encryption method of electric energy meter remote meter reading
CN113872760A (en) SM9 key infrastructure and security system
GB2421410A (en) Generating and Identifier-Based Public / Private key Pair from a Multi-Component Signature
CN113434875A (en) Lightweight access method and system based on block chain
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN116340331A (en) Large instrument experimental result evidence-storing method and system based on blockchain
CN115589303B (en) SM9 algorithm and cross-link technology based data sharing and privacy protection method
CN116389111A (en) Identity authentication mode of alliance chain under strong authority control mode based on identification
Cho et al. Big data cloud deduplication based on verifiable hash convergent group signcryption
Zhang et al. New application of partitioning methodology: identity‐based dual receiver encryption
CN115001673A (en) Key processing method, device and system based on unified multi-domain identifier
Hassouna et al. A New Level 3 Trust Hierarchal Certificateless Public Key Cryptography Scheme in the Random Oracle Model.
Bai Comparative research on two kinds of certification systems of the public key infrastructure (PKI) and the identity based encryption (IBE)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant