CN117094825A - Cross-chain trusted land transaction system and method based on blockchain - Google Patents

Cross-chain trusted land transaction system and method based on blockchain Download PDF

Info

Publication number
CN117094825A
CN117094825A CN202311252849.3A CN202311252849A CN117094825A CN 117094825 A CN117094825 A CN 117094825A CN 202311252849 A CN202311252849 A CN 202311252849A CN 117094825 A CN117094825 A CN 117094825A
Authority
CN
China
Prior art keywords
enterprise
transaction
identity
chain
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311252849.3A
Other languages
Chinese (zh)
Inventor
邰滢滢
乔煜涵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liaoning University
Original Assignee
Liaoning University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liaoning University filed Critical Liaoning University
Priority to CN202311252849.3A priority Critical patent/CN117094825A/en
Publication of CN117094825A publication Critical patent/CN117094825A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/14Travel agencies

Abstract

The application discloses a block chain-based cross-chain trusted land transaction system and a block chain-based cross-chain trusted land transaction method, and belongs to the technical field of big data; the system comprises a KGC management mechanism, a registration request module, an identity authentication module, an asset transfer module, a data encryption module and an intelligent contract module; in the executing process of the transaction method, the method realizes the integrity flow of land transaction by means of identity double authentication, privacy transaction processing and the like, stores the contract record generated by the transaction completion in a chain manner, and provides traceability of data so as to be beneficial to later verification.

Description

Cross-chain trusted land transaction system and method based on blockchain
Technical Field
The application relates to a block chain-based cross-chain trusted land transaction system and method, and belongs to the technical field of data processing.
Background
The following blockchain technique has attracted a wide range of attention and applications worldwide. The technology is considered as a technology with subversion potential, innovation and change of the existing business mode can be realized in multiple fields, but with respect to the fact that different blockchain platforms and standards are used by all enterprises of the currently designed blockchain system, the lack of operability can lead to data isolation and gap between systems, the cooperative operation requirement among blockchains is increasingly strong, and the cross-chain technology is used as one of the hot spots of the current blockchain research, has the function of overcoming independence among blockchains, realizes data circulation and asset transfer among blockchains of different enterprises, and breaks information island. Although reliable asset transfer has been achieved in cross-chain technology, the problem of authentication for different private chains remains a critical issue affecting blockchain system security.
The existing cross-chain identity authentication based on the blockchain mostly has the following defects that firstly, for interaction and communication among a plurality of blockchain networks, the related technology and protocol are complex, so that the blockchain access is difficult and the identity security cannot be effectively ensured. Second, the conventional blockchain network mostly adopts the form of digital certificates, and as registered users increase, the performance of the blockchain system is irreversibly affected. Finally, most authentication schemes are cross-domain identity authentication for the internet of things, and cannot be well adapted to multi-chain structures of blockchains.
Blockchains are widely applied to the fields of finance, agriculture, supply chains, power and the like, but a blockchain system aiming at land transaction is not available, and the characteristics of the blockchain are difficult to integrate with a traditional system, so that the transaction amount is huge, a large amount of sensitive information is needed, and the transaction safety and privacy safety are challenged.
Disclosure of Invention
The application aims to provide a block chain-based cross-chain trusted land transaction system and a block chain-based cross-chain trusted land transaction method, which solve or improve the defects in the technology.
To achieve the above object, the present application provides the following solutions:
a block chain-based cross-chain trusted land transaction system is characterized by comprising a KGC management mechanism, a registration request module, an identity authentication module, an asset transfer module, a data encryption module and an intelligent contract module;
the KGC management mechanism comprises: a trusted mechanism responsible for selecting system parameters, generating a signing master key and generating an enterprise user signing private key;
registration request module: in the blockchain cross-chain network, the enterprise private chain sends a registration request to the alliance chain through the cross-chain gateway so that the request is successfully forwarded to the alliance chain; the alliance chain acquires the registration information of the enterprise private chain from the registration request, the alliance chain link point initiates consensus, whether the registration request passes authentication or not is judged, if so, a unique identity ID in the alliance chain and an enterprise user private key ciphertext are generated and returned, and meanwhile, the information of the enterprise is registered in an identity mapping table;
the identity authentication module is used for signing the enterprise identity mark and the challenge number randomly generated by the alliance chain through a digital signature algorithm before the two parties of the enterprise conduct transaction, transmitting the cross-chain trust through the alliance chain, completing the identity authentication of the challenge/response type mechanism, and using the unique mark of the enterprise identity as a public key to replace the digital certificate issued by the third party;
the asset transfer module is used for completing asset transfer under the specified time and limiting conditions by both parties of the enterprise;
the data encryption module is used for encrypting and storing private or sensitive information after transaction completion;
an intelligent contract module: and the method is used for carrying out uplink storage on the enterprise information which is in compliance and is requested to be registered, and automatically calling a transaction code in the contract to finish transferring the information asset when the identity authentication of both sides is finished and the conditions of both sides are met.
Preferably, the registration request module comprises a registration unit, namely carrying the enterprise social unique identification code to the alliance chain in the forwarding process of the cross-chain gateway, uploading the enterprise main public key to an identity mapping table maintained by the enterprise main public key in the alliance chain, uploading privacy information in an encryption mode, and returning the unique identification generated by the alliance chain for the enterprise main public key.
Preferably, the identity authentication module comprises a step of checking identity information of both parties before the transaction is executed by both parties of the enterprise again, and updating the identity state.
Preferably, the asset transfer module automatically invokes the set intelligent contract to complete asset transfer after authentication of the identity information of both sides is completed.
Preferably, after the identity authentication of the two parties is completed, the data encryption module negotiates the encryption key used in the negotiation channel by the two parties, and encrypts and links the privacy information to be uplink.
The application also comprises a block chain-based cross-chain trusted land transaction method, which comprises the following specific steps:
s1, providing identity related information of enterprises such as unique social identification codes of the enterprises, business licenses of the enterprises and the like before transaction by both an enterprise T of a project acquirer and an enterprise V of a project contractor;
s2, when the private chain enterprise is accessed into the alliance chain, registering the provided identity information material and the enterprise main public key generated by KGC and the enterprise social unique identification code into the alliance chain for verification; after passing verification, the unique identification code is stored in an identity mapping table and is returned to the identity mapping table;
s3, the unique identification code received by the enterprise is used as the unique identification code when the application or the transaction request is made later;
s4, the enterprises after successful registration have bidding rights for system release projects, each enterprise needs to apply for alliance chain nodes for checking and approving for idle land resource use transfer and consensus the idle land resource use transfer to network nodes, and corresponding buying and selling modes are released to transfer land resources;
s5: in the process of land auction, only the highest price of the current bid is displayed, other auction prices and auction parties are displayed in a ciphertext form, and after the expiration time arrives, the parties are informed to complete the transaction as soon as possible;
s6: the alliance chain agent requester T sends a request to a land acquirer at first, and the requester also needs to check the identity of the acquirer again while the identity of the enterprise requester is verified;
s7: if the authentication of the two parties is passed, the enterprise V uses an intelligent contract to realize that the Hash locking technology sets the processing time and the limiting condition of the transaction to complete the transfer among the assets by the enterprise T;
s8: if the asset transfer is successful, contract recording processing is carried out on transaction information and the like of the land, files are stored in the IPFS, the transaction information between the IP returned by the IPFS and the enterprise and the transaction amount are stored in a uplink mode, and the transaction amount is displayed in a ciphertext mode.
Wherein registering the enterprise identity authentication comprises: the method comprises three stages of system initialization, key generation and identity authentication, and comprises the following specific implementation processes:
system initialization phase: generating random number ks, ks E [1, N-1] by KGC]As the main private key of the whole blockchain system is stored, the main public key P of the computing system is calculated pub-s =[ks]P 2 Wherein P is 2 Generating a function identifier hid for a generating element of the cyclic group with the order of N and disclosing a signature private key;
key generation phase: enterprise V and enterprise T use their enterprise society unique identification codes as IDs V ,ID T Requesting KGC to generate a computing enterprise private key ds V ,ds T Generating an enterprise private key:
(1): given a unique social identification code ID of an enterprise i A system master private key ks;
(2): in finite field F N On, calculate t 1 =H 1 (ID i ||hid,N)+ks;
(3): if t 1 =0, then re-requesting KGC to generate a new signature master private key, master public key and update the signature private key of the existing enterprise user;
(4): otherwise, calculate t 2 =ks·t 1 -1 mod N, obtain the enterprise private key ds i =[t 2 ]P 1
Wherein H is 1 (): a cryptographic function derived from the key hash function;
n: circulation groupIs greater than 2 191 Prime numbers of (2);
and (3) hids: generating a function identifier for KGC public and using a signature private key represented by one byte;
k S : a system signs a main private key;
t 1 : part of the private key for user signature, when t 1 =0, possibly resulting in security problems of the signature, and therefore needs to be recalculated;
t 2 : for securing digital signaturesIs safe and effective;
P 1 : group ofIs a generator of (1).
Identity authentication: the project transferee T and the project contractor V use a national secret SM9 signature algorithm by combining a challenge/response type authentication mechanism by using a cross-chain gateway to complete bidirectional identity authentication, and the interaction steps of the two-party identity authentication are as follows:
(1): initiating a challenge by a project contractor V at first, and randomly counting a Nonce by a system V ∈{0,1} lm
(2): after the transferee T receives the challenge, a random challenge Nonce is generated T ∈{0,1} lm The identity ID of the contractor obtained from the alliance chain V With self-generated challenge nonces T Form message M T (Nonce V ,Nonce T ,ID V );
(3): generating random number r t ∈[1,N-1]
(4): computing groupElement g=e (P 1 ,P pub-s );
(5): computing groupElement->Converting the data type of w into a bit string;
(6): calculating the integer h=h 2 (M T ||w,N);
(7): calculate the integer l= (r) t -h) mod n, if l=0, returning to step (1);
(8): computing groupMiddle element s= [ l ]]ds T
(9): signature sigma for generating identity information of transferee T T (h,S);
Identity information M via a cross-link gateway T Signature message sigma T And identity ID T The information is sent to a target enterprise V, authentication is carried out on the information of the transferee T by executing identity verification, and the steps are as follows:
(1): detecting whether h epsilon [1, N-1] is met, if not, failing to verify, and exiting the transaction flow;
(2): detection ofIf not, the verification fails, and the transaction flow is exited;
(3): detecting identity ID T If the identification ID number is the same as the identification ID number registered on the alliance chain, if the identification ID number is different from the identification ID number, the verification fails, and the transaction flow is exited;
(4): computing groupElement g=e (P 1 ,P pub-s );
(5): computing groupElement t=g in (a) h
(6): calculating an integer h 1 =H 1 (ID T ||hid,N);
(7): computing groupThe element p= [ h ] 1 ]P 2 +P pub-s
(8): computing groupElement u=e (S, P);
(9: computing group)The element w '=u·t in (a), converting the data type of w' into a bit string;
(10): calculating an integer h 2 =H 2 (M T ||w', N), detecting h 2 Whether h is true or not, if true, the verification passes, otherwise the verification fails;
if the contractor V verifies successfully, executing the signature algorithm on the contractor V again to generate a message M V And signature message sigma V Identification ID V And sending the identity information to the transferee T, and checking the identity information of the contractor V by executing a signature checking algorithm by the T.
The implementation process of the hash locking algorithm in the S7 is as follows:
(1): the project contractor V generates a random number r, encrypts the bid land project price by using a Paillier public key, adds the encrypted ciphertext and the generated random number to obtain r_Money, calculates the hash H of the encrypted ciphertext, and sends the encrypted ciphertext to generate the generated random number;
(2): calculating a hash H, and forwarding the hash H (r_Money) and H (r) to a project transferee T by using a cross-chain gateway;
(3): the project contractor V sets a longer locking time T1 by using the information of the evidence files such as the land assets which are locked by the project contractor V in the alliance chain, and sets the condition for acquiring the assets: t provides a pre-map of H (r_Money);
(4): the project transferee T locks the same number of account assets moneys into the alliance chain, sets a relatively short locking time T2 (T2 < T1), and sets the acquisition condition of moneys: v provides a random value r;
(5): the project contractor V encrypts the random number r by using a negotiation key K' of both parties and sends a ciphertext to the project transferee T;
(6): decrypting the received ciphertext by the project transferee T by using the negotiation key K to obtain r, and adding the r with the encrypted Money to obtain r_Money;
(7): the project contractor V unlocks the assets of T on the federation chain by a random value r, and the project transferee T uses r_money to unlock the assets of the project contractor V on the federation chain, which will be refunded to the corresponding sender if one of the parties fails to provide the correct hash pre-map within a specified time.
The contract recording and encrypting process in the S8 is as follows:
(1): the method comprises the steps of storing a contract record and an IPFS, uploading a contract file signed by both transaction sides to the IPFS network, and obtaining a unique file identifier CID as position information of the contract file on the IPFS;
(2): encrypting the transaction amount, and encrypting by using a Paillier private key negotiated by both parties, so as to ensure that only authorized people can decrypt and view the amount information;
(3): and (3) the uplink record records the file identifier CID of the IPFS, encrypted transaction amount data, enterprise information participating in the transaction, the type of transaction land and other related metadata in the blockchain.
The application has the beneficial effects that: the application combines the traditional land transaction system with the blockchain cross-chain technology, completes a registration request module on the system, realizes the identity authentication of both transaction sides in the blockchain environment, provides authentication for both sides by maintaining an identity mapping table in a alliance chain, realizes the two-way verifiable identity information, ensures the safety and reliability of both communication sides, designs the transaction of both sides by using a hash time lock technology on the basis, automatically triggers an intelligent contract to complete the transaction of both sides, and then encrypts and stores the privacy information in a uplink through a key pair negotiated by both sides.
Drawings
FIG. 1 is a schematic diagram of a cross-chain trusted transaction system in accordance with an embodiment of the present application.
Fig. 2 is a flow chart of enterprise registration request and two-party authentication.
Detailed Description
The application provides a block chain-based cross-chain trusted land transaction system, which is shown in figure 1 and comprises a KGC management mechanism, a registration request module, an identity authentication module, an asset transfer module, a data encryption module and an intelligent contract module;
wherein, KGC management mechanism: a trusted mechanism responsible for selecting system parameters, generating a signing master key and generating an enterprise user signing private key;
registration request module: in the blockchain cross-chain network, the enterprise private chain sends a registration request to the alliance chain through the cross-chain gateway so that the request is successfully forwarded to the alliance chain; the alliance chain acquires the registration information of the enterprise private chain from the registration request, the alliance chain link point initiates consensus, whether the registration request passes authentication or not is judged, if so, a unique identity ID in the alliance chain and an enterprise user private key ciphertext are generated and returned, and meanwhile, the information of the enterprise is registered in an identity mapping table;
the identity authentication module is used for signing the enterprise identity mark and the challenge number randomly generated by the alliance chain through a digital signature algorithm before the two parties of the enterprise conduct transaction, transmitting the cross-chain trust through the alliance chain, completing the identity authentication of the challenge/response type mechanism, and using the unique mark of the enterprise identity as a public key to replace the digital certificate issued by the third party;
the asset transfer module is used for completing asset transfer under the specified time and limiting conditions by both parties of the enterprise;
the data encryption module is used for encrypting and storing private or sensitive information after transaction completion;
an intelligent contract module: and the method is used for carrying out uplink storage on the enterprise information which is in compliance and is requested to be registered, and automatically calling a transaction code in the contract to finish transferring the information asset when the identity authentication of both sides is finished and the conditions of both sides are met.
The transaction method adopting the transaction system comprises the following steps:
s1, providing identity related information of enterprises before transaction by both a project transferee enterprise T and a project contractor enterprise V;
s2, when the private chain enterprise node is accessed into the alliance chain, verifying the identity information material, the enterprise main public key generated by KGC and the enterprise social unique identification code, storing the verification to the identity mapping table, generating the identification code for the alliance chain, and returning the identification code to a registered enterprise;
s3, after receiving the identification code in the alliance chain, the registered enterprise uses the identification code as an enterprise unique identification code in the process of application or transaction;
s4, the enterprises after successful registration have bidding rights for system release projects, each enterprise needs to apply for alliance chain nodes for checking and approving for idle land resource use transfer and consensus the idle land resource use transfer to network nodes, and corresponding buying and selling modes are released to transfer land resources;
s5, in the process of land auction, only the highest price of the current bid is displayed, other auction prices and auction parties are displayed in a ciphertext form, and after the expiration time arrives, both parties are informed to complete the transaction as soon as possible through a alliance chain;
s6, the alliance chain agent transferee T sends a request to the land contractor at first, and the requester also needs to check the identity of the transferee again while the identity of the enterprise requester is verified;
s7, if the authentication of the two parties is passed, the enterprise V uses an intelligent contract to realize that a hash locking algorithm sets the processing time and the limiting condition of the transaction, and the transaction and the enterprise T finish the transfer of the assets;
and S8, if the asset transfer is successful, contract recording processing is carried out on transaction information and the like of the land, files are stored in the IPFS, the transaction information between the IP returned by the IPFS and the enterprise and the transaction amount are stored in a uplink mode, and the transaction amount is displayed in a ciphertext mode.
Further, the transaction method of the present application provides a blockchain cross-chain registration request processing procedure that can be executed by a coalition chain, comprising the steps of:
(1) The enterprise generates a local public and private key in an identity encryption IBE mode by taking an existing social unique identification code as a unique identity, and an enterprise blockchain uses the unique identity to initiate a registration request to a alliance chain through a cross-chain gateway;
(2) The alliance chain responds to the transmitted registration request, and if the enterprise blockchain does not receive feedback within a specified time, retransmission is carried out;
(3) And responding to the successful registration request, returning the unique identification code of the enterprise blockchain in the alliance chain and enterprise private key information in the alliance chain to the enterprise blockchain in a response body, and storing the public key information into the alliance chain for other blockchain link points to use.
In a cross-chain network of a blockchain, the information of registration applications, including enterprise social unique identification codes, enterprise registration information, business licenses and other materials, is forwarded to a alliance chain through a cross-chain gateway intelligent contract, and after the nodes in the alliance chain are commonly identified, the unique identification codes in the alliance chain are generated for the enterprise and are used as a main key to be written into a maintained identity mapping table.
And sending the generated unique identification code, the enterprise private key and the like to an enterprise private chain through the cross-chain network so as to complete cross-chain identity authentication and interaction between the enterprise and other enterprise chains.
Furthermore, the transaction method of the application adopts a bidirectional identity authentication method based on a blockchain and SM9 signature algorithm to authenticate the identity information of the enterprise, and comprises the following steps: system initialization, key generation and identity authentication.
Initializing a system: generating random numbers ks, ks E [1, N-1] using KGC]As the main private key of the whole blockchain system is stored, the main public key P of the computing system is calculated pub-s =[ks]P 2 (P 2 A generator of a cyclic group of order N) and a signature private key generation function identifier hid is disclosed.
And (3) key generation: enterprise V and enterprise T use their enterprise society unique identification codes as IDs V ,ID T Requesting KGC to generate a computing enterprise private key ds V ,ds T Generating an enterprise private key:
a1: given a unique social identification code ID of an enterprise i A system master private key ks;
a2: in finite field F N On, calculate t 1 =H 1 (ID i ||hid,N)+ks;
A3: if t 1 =0, then re-requesting KGC to generate a new signature master private key, master public key and update the signature private key of the existing enterprise user;
a4: otherwise, calculate t 2 =ks·t 1 -1 mod N, obtain the enterprise private key ds i =[t 2 ]P 1
Wherein H is 1 (): a cryptographic function derived from the key hash function;
n: circulation groupIs a prime number greater than 2191;
h id: generating a function identifier for KGC public and using a signature private key represented by one byte;
ks: a system signs a main private key;
t 1 : part of the private key for user signature, when t 1 =0, possibly resulting in security problems of the signature, and therefore needs to be recalculated;
t 2 : the digital signature security and validity method is used for guaranteeing the security and validity of the digital signature;
P 1 : group ofIs a generator of (1).
The identity authentication module, the project transferee T and the project contractor V use a national secret SM9 signature algorithm by combining a challenge/response authentication mechanism by using a cross-chain gateway to complete two-way identity authentication, and the interaction steps of the two-way identity authentication are as follows:
b1: initiating a challenge by a project contractor V at first, and randomly counting a Nonce by a system V ∈{0,1} lm
B2: after the transferee T receives the challenge, a random challenge Nonce is generated T ∈{0,1} lm The identity ID of the contractor obtained from the alliance chain V With self-generated challenge nonces T Form message M T (Nonce V ,Nonce T ,ID V );
B3: generating random number r t ∈[1,N-1]
B4: computing groupElement g=e (P 1 ,P pub-s );
B5: computing groupElement->Converting the data type of w into a bit string;
b6: calculating the integer h=h 2 (M T ||w,N);
B7: calculate the integer l= (r) t -h) mod n, if l=0, then return to B3;
b8: computing groupMiddle element s= [ l ]]ds T
B9: signature sigma for generating identity information of transferee T T (h,S);
Identity information M via a cross-link gateway T Signature message sigma T And identity ID T The information is sent to a target enterprise V, authentication is carried out on the information of the transferee T by executing identity verification, and the steps are as follows:
c1: detecting whether h epsilon [1, N-1] is met, if not, failing to verify, and exiting the transaction flow;
c2: detection ofIf not, the verification fails, and the transaction flow is exited;
and C3: detecting identity ID T If the identification ID number is the same as the identification ID number registered on the alliance chain, if the identification ID number is different from the identification ID number, the verification fails, and the transaction flow is exited;
and C4: computing groupElement g=e (P 1 ,P pub-s );
C5: computing groupElement t=g in (a) h
C6: calculating an integer h 1 =H 1 (ID T ||hid,N);
C7: computing groupThe element p= [ h ] 1 ]P 2 +P pub-s
And C8: computing groupElement u=e (S, P);
c9: computing groupThe element w '=u·t in (a), converting the data type of w' into a bit string;
c10: calculating an integer h 2 =H 2 (M T ||w', N), detecting h 2 Whether h is true or not, if true, the verification passes, otherwise the verification fails.
If the contractor V verifies successfully, executing the signature algorithm on the contractor V again to generate a message M V And signature message sigma V Identification ID V And sending the identity information to the transferee T, and checking the identity information of the contractor V by executing a signature checking algorithm by the T.
In this embodiment, after all the verifications are successful, the identity authentication of both sides is passed, and the session key negotiation stage is entered, and the privacy information for data uplink is encrypted, where the specific key negotiation stage includes the following steps:
first, a project transferee T enterprise node generates and generates a set of Paillier key pairs, and a brief flow is as follows:
d1: selecting two large prime numbers p and q;
d2: calculating n=p×q as part of the Paillier public key;
d3: calculating λ (n) =lcm (p-1, q-1), lcm representing the least common multiple of p-1 and q-1;
d4: selecting a random number g, wherein g=n+1 is generally taken;
d5: calculation of
D6: a public key (n, g) is generated and a private key (p, q) is generated.
Combining the generated Paillier public and private key pair into a character string with the length of klen, and carrying out the following encapsulation process on the project transferee T:
e1: computing groupElement Q of (B) V =[H 1 (ID V ||hid,N)]P 1 +P pub-s
E2: generating a random number r epsilon [1, N-1];
e3: computing groupElement c= [ r ]]Q V Converting the data type of C into a bit string;
e4: computing groupElement g=e (P pub-s ,P 2 );
E5: computing groupElement w=g in (a) r Converting the data type of w into a bit string;
e6: calculating k=kdf @. C W ID V Klen), if K is an all 0 bit string, then return to B2;
e7: and an output (K, C), where K is the encapsulated key and C is the encapsulated ciphertext.
After receiving the encapsulation ciphertext C, the project contractor V performs the following steps of:
f1: verificationIf not, reporting error and exiting;
f2: computing groupElement w' =e (C, ds) V ) Converting the data types of w' and C into bit strings;
f3: calculate key K '=kdf (c||w' |id V Klen), if K ' is a full 0 bit string, reporting error and exiting, otherwise, obtaining a secret key K ', after obtaining K ', the contractor V sends a confirmation response to the transferee T, and after receiving the confirmation message, the transferee T encrypts and transmits the Paillier secret key pair by using K to complete the subsequent encryption operation.
The third aspect of the application provides a private transaction flow based on a hash time lock, which completes the asset transfer of both parties.
In this embodiment, after the identity information of the enterprise is authenticated by a bidirectional identity authentication method based on a blockchain and SM9 signature algorithm, the two parties mutually obtain the Paillier public and private key, so that the asset transfer of privacy encryption can be performed on the amount of the transaction.
The asset transfer method provided by the embodiment of the application comprises the following steps of:
g1: the project contractor V generates a random number r, encrypts the bid land project price by using a Paillier public key, adds the encrypted ciphertext and the generated random number to obtain r_Money, calculates the hash H of the encrypted ciphertext, and sends the encrypted ciphertext to generate the generated random number;
and G2: calculating a hash H, and forwarding the hash H (r_Money) and H (r) to a project transferee T by using a cross-chain gateway;
and G3: the project contractor V sets a longer locking time T1 by using the information of the evidence files such as the land assets which are locked by the project contractor V in the alliance chain, and sets the condition for acquiring the assets: t provides a pre-map of H (r_Money);
and G4: the project transferee T locks the same number of account assets moneys into the alliance chain, sets a relatively short locking time T2 (T2 < T1), and sets the acquisition condition of moneys: v provides a random value r;
and G5: the project contractor V encrypts the random number r by using a negotiation key K' of both parties and sends a ciphertext to the project transferee T;
g6: decrypting the received ciphertext by the project transferee T by using the negotiation key K to obtain r, and adding the r with the encrypted Money to obtain r_Money;
and G7: the project contractor V unlocks the assets of T on the federation chain by a random value r, and the project transferee T uses r_money to unlock the assets of the project contractor V on the federation chain, which will be refunded to the corresponding sender if one of the parties fails to provide the correct hash pre-map within a specified time.
After the transaction is completed, according to enterprise information of both transaction sides and the type and amount of the land, the following steps are executed to realize the openness and traceability of the land transaction:
h1, storing contract record and IPFS, uploading a contract file signed by both transaction parties to an IPFS network, and obtaining a unique file identifier CID as the position information of the contract file on the IPFS;
h2, encrypting the transaction amount, and encrypting by using a Paillier private key negotiated by both parties, so as to ensure that only authorized people can decrypt and view the amount information;
and H3, uplink recording, namely recording the file identifier CID of the IPFS, encrypted transaction amount data, enterprise information participating in the transaction, type of transaction land and other related metadata in the blockchain.
By recording this information to the blockchain, transparency and openness of the transaction are ensured, any business can verify the contract document, view the metadata of the transaction, and ensure the security of the amount. Meanwhile, the contract file is stored through the IPFS, so that the distributed storage and durability of the file are ensured.

Claims (5)

1. A block chain-based cross-chain trusted land transaction system is characterized by comprising a KGC management mechanism, a registration request module, an identity authentication module, an asset transfer module, a data encryption module and an intelligent contract module;
the KGC management mechanism comprises: a trusted mechanism responsible for selecting system parameters, generating a signing master key and generating an enterprise user signing private key;
registration request module: in the blockchain cross-chain network, the enterprise private chain sends a registration request to the alliance chain through the cross-chain gateway so that the request is successfully forwarded to the alliance chain; the alliance chain acquires the registration information of the enterprise private chain from the registration request, the alliance chain link point initiates consensus, whether the registration request passes authentication or not is judged, if so, a unique identity ID in the alliance chain and an enterprise user private key ciphertext are generated and returned, and meanwhile, the information of the enterprise is registered in an identity mapping table;
the identity authentication module is used for signing the enterprise identity mark and the challenge number randomly generated by the alliance chain through a digital signature algorithm before the two parties of the enterprise conduct transaction, transmitting the cross-chain trust through the alliance chain, completing the identity authentication of the challenge/response type mechanism, and using the unique mark of the enterprise identity as a public key to replace the digital certificate issued by the third party;
the asset transfer module is used for completing asset transfer under the specified time and limiting conditions by both parties of the enterprise;
the data encryption module is used for encrypting and storing private or sensitive information after transaction completion;
an intelligent contract module: and the method is used for carrying out uplink storage on the enterprise information which is in compliance and is requested to be registered, and automatically calling a transaction code in the contract to finish transferring the information asset when the identity authentication of both sides is finished and the conditions of both sides are met.
2. A transaction method employing the transaction system of claim 1, wherein: comprises the following steps:
s1, providing identity related information of enterprises before transaction by both a project transferee enterprise T and a project contractor enterprise V;
s2, when the private chain enterprise node is accessed into the alliance chain, verifying the identity information material, the enterprise main public key generated by KGC and the enterprise social unique identification code, storing the verification to the identity mapping table, generating the identification code for the alliance chain, and returning the identification code to a registered enterprise;
s3, after receiving the identification code in the alliance chain, the registered enterprise uses the identification code as an enterprise unique identification code in the process of application or transaction;
s4, the enterprises after successful registration have bidding rights for system release projects, each enterprise needs to apply for alliance chain nodes for checking and approving for idle land resource use transfer and consensus the idle land resource use transfer to network nodes, and corresponding buying and selling modes are released to transfer land resources;
s5, in the process of land auction, only the highest price of the current bid is displayed, other auction prices and auction parties are displayed in a ciphertext form, and after the expiration time arrives, both parties are informed to complete the transaction as soon as possible through a alliance chain;
s6, the alliance chain agent transferee T sends a request to the land contractor at first, and the requester also needs to check the identity of the transferee again while the identity of the enterprise requester is verified;
s7, if the authentication of the two parties is passed, the enterprise V uses an intelligent contract to realize that a hash locking algorithm sets the processing time and the limiting condition of the transaction, and the transaction and the enterprise T finish the transfer of the assets;
and S8, if the asset transfer is successful, contract recording processing is carried out on transaction information and the like of the land, files are stored in the IPFS, the transaction information between the IP returned by the IPFS and the enterprise and the transaction amount are stored in a uplink mode, and the transaction amount is displayed in a ciphertext mode.
3. The method of claim 2, wherein the authentication of the registered enterprise comprises three stages of system initialization, key generation and authentication, and the specific implementation process is as follows:
system initialization phase: generating random number ks, ks E [1, N-1] by KGC]As the main private key of the whole blockchain system is stored, the main public key P of the computing system is calculated pub-s =[ks]P 2 Wherein P is 2 Generating a function identifier hid for a generating element of the cyclic group with the order of N and disclosing a signature private key;
key generationStage: enterprise V and enterprise T use their enterprise society unique identification codes as IDs V ,ID T Requesting KGC to generate a computing enterprise private key ds V ,ds T Generating an enterprise private key:
(1): given a unique social identification code ID of an enterprise i A system master private key ks;
(2): in finite field F N On, calculate t 1 =H 1 (ID i ||hid,N)+ks;
(3): if t 1 =0, then re-requesting KGC to generate a new signature master private key, master public key and update the signature private key of the existing enterprise user;
(4): otherwise, calculate t 2 =ks·t 1 -1 mod N, obtain the enterprise private key ds i =[t 2 ]P 1
Wherein H is 1 (): a cryptographic function derived from the key hash function;
n: circulation groupIs greater than 2 191 Prime numbers of (2);
and (3) hids: generating a function identifier for KGC public and using a signature private key represented by one byte;
ks: a system signs a main private key;
t 1 : part of the private key for user signature, when t 1 =0, possibly resulting in security problems of the signature, and therefore needs to be recalculated;
t 2 : the digital signature security and validity method is used for guaranteeing the security and validity of the digital signature;
P 1 : group ofIs a generator of (1);
identity authentication: the project transferee T and the project contractor V use a national secret SM9 signature algorithm by combining a challenge/response type authentication mechanism by using a cross-chain gateway to complete bidirectional identity authentication, and the interaction steps of the two-party identity authentication are as follows:
(1): initiating a challenge by a project contractor V at first, and randomly counting a Nonce by a system V ∈{0,1} lm
(2): after the transferee T receives the challenge, a random challenge Nonce is generated T ∈{0,1} lm The identity ID of the contractor obtained from the alliance chain V With self-generated challenge nonces T Form message M T (Nonce V ,Nonce T ,ID V );
(3): generating random number r t ∈[1,N-1]
(4): computing groupElement g=e (P 1 ,P pub-s );
(5): computing groupElement->Converting the data type of w into a bit string;
(6): calculating the integer h=h 2 (M T ||w,N);
(7): calculate the integer l= (r) t -h) mod n, if l=0, returning to step (3);
(8): computing groupMiddle element s= [ l ]]ds T
(9): signature sigma for generating identity information of transferee T T (h,S);
Identity information M via a cross-link gateway T Signature message sigma T And identity ID T The information is sent to a target enterprise V, authentication is carried out on the information of the transferee T by executing identity verification, and the steps are as follows:
(1): detecting whether h epsilon [1, N-1] is met, if not, failing to verify, and exiting the transaction flow;
(2): detection ofIf not, the verification fails, and the transaction flow is exited;
(3): detecting identity ID T If the identification ID number is the same as the identification ID number registered on the alliance chain, if the identification ID number is different from the identification ID number, the verification fails, and the transaction flow is exited;
(4): computing groupElement g=e (P 1 ,P pub-s );
(5): computing groupElement t=g in (a) h
(6): calculating an integer h 1 =H 1 (ID T ||hid,N);
(7): computing groupThe element p= [ h ] 1 ]P 2 +P pub-s
(8): computing groupElement u=e (S, P);
(9): computing groupThe element w '=u·t in (a), converting the data type of w' into a bit string;
(10): calculating an integer h 2 =H 2 (M T ||w', N), detecting h 2 Whether h is true or not, if true, the verification passes, otherwise the verification fails;
if the contractor V verifies successfully, executing againThe signature algorithm of the line on itself will generate a message M V And signature message sigma V Identification ID V And sending the identity information to the transferee T, and checking the identity information of the contractor V by executing a signature checking algorithm by the T.
4. A method according to claim 3, wherein the hash-lock algorithm in S7 is implemented as follows:
(1): the project contractor V generates a random number r, encrypts the bid land project price by using a Paillier public key, adds the encrypted ciphertext and the generated random number to obtain r_Money, calculates the hash H of the encrypted ciphertext, and sends the encrypted ciphertext to generate the generated random number;
(2): calculating a hash H, and forwarding the hash H (r_Money) and H (r) to a project transferee T by using a cross-chain gateway;
(3): the project contractor V sets a longer locking time T1 by using the information of the evidence files such as the land assets which are locked by the project contractor V in the alliance chain, and sets the condition for acquiring the assets: t provides a pre-map of H (r_Money);
(4): the project transferee T locks the same number of account assets moneys into the alliance chain, sets a relatively short locking time T2 (T2 < T1), and sets the acquisition condition of moneys: v provides a random value r;
(5): the project contractor V encrypts the random number r by using a negotiation key K' of both parties and sends a ciphertext to the project transferee T;
(6): decrypting the received ciphertext by the project transferee T by using the negotiation key K to obtain r, and adding the r with the encrypted Money to obtain r_Money;
(7): the project contractor V unlocks the assets of the project contractor V on the alliance chain through the random value r, the project transferee T uses r_Money to unlock the assets of the project contractor V on the alliance chain, and if one party fails to provide a correct hash pre-graph within a specified time, the assets are returned to the corresponding sender;
wherein, r: using a random number generator approved by a national password management authority;
k', which is a session key negotiated by the two parties in the identity authentication stage;
h (r_Money) hash calculation the hash value is obtained by the sha256 algorithm.
5. A method according to claim 3, wherein the contract recording and encryption process in S8 is as follows:
(1): the method comprises the steps of storing a contract record and an IPFS, uploading a contract file signed by both transaction sides to the IPFS network, and obtaining a unique file identifier CID as position information of the contract file on the IPFS;
(2): encrypting the transaction amount, and encrypting by using a Paillier private key negotiated by both parties, so as to ensure that only authorized people can decrypt and view the amount information;
(3): and (3) the uplink record records the file identifier CID of the IPFS, encrypted transaction amount data, enterprise information participating in the transaction, the type of transaction land and other related metadata in the blockchain.
CN202311252849.3A 2023-09-27 2023-09-27 Cross-chain trusted land transaction system and method based on blockchain Pending CN117094825A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311252849.3A CN117094825A (en) 2023-09-27 2023-09-27 Cross-chain trusted land transaction system and method based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311252849.3A CN117094825A (en) 2023-09-27 2023-09-27 Cross-chain trusted land transaction system and method based on blockchain

Publications (1)

Publication Number Publication Date
CN117094825A true CN117094825A (en) 2023-11-21

Family

ID=88771723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311252849.3A Pending CN117094825A (en) 2023-09-27 2023-09-27 Cross-chain trusted land transaction system and method based on blockchain

Country Status (1)

Country Link
CN (1) CN117094825A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117593155A (en) * 2024-01-18 2024-02-23 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) Block chain-based land yielding contract management method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117593155A (en) * 2024-01-18 2024-02-23 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) Block chain-based land yielding contract management method and system
CN117593155B (en) * 2024-01-18 2024-04-12 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) Block chain-based land yielding contract management method and system

Similar Documents

Publication Publication Date Title
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
CN112637278B (en) Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium
US11139951B2 (en) Blockchain system and data processing method for blockchain system
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
CN110959163B (en) Computer-implemented system and method for enabling secure storage of large blockchains on multiple storage nodes
CN109495490B (en) Block chain-based unified identity authentication method
CN113553574A (en) Internet of things trusted data management method based on block chain technology
CN109450843B (en) SSL certificate management method and system based on block chain
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
CN114329529A (en) Asset data management method and system based on block chain
CN113643134B (en) Internet of things blockchain transaction method and system based on multi-key homomorphic encryption
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN116418560A (en) System and method for online quick identity authentication based on blockchain intelligent contract
CN117094825A (en) Cross-chain trusted land transaction system and method based on blockchain
CN107347073B (en) A kind of resource information processing method
JP2001134534A (en) Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device
TW201628370A (en) Network group authentication system and method
Resende et al. PUF-based mutual multifactor entity and transaction authentication for secure banking
JPH10240826A (en) Electronic contracting method
CN116015669A (en) Block chain-based cross-domain collaborative authentication method for Internet of things
Isaac et al. Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices
CN101370012B (en) Equity computation faith mechanism construction method based on proxy
GB2395304A (en) A digital locking system for physical and digital items using a location based indication for unlocking
Ren et al. BIA: A blockchain-based identity authorization mechanism
TWM585941U (en) Account data processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination