CN117097526A - Block chain-based data security sharing method and device - Google Patents
Block chain-based data security sharing method and device Download PDFInfo
- Publication number
- CN117097526A CN117097526A CN202311052942.XA CN202311052942A CN117097526A CN 117097526 A CN117097526 A CN 117097526A CN 202311052942 A CN202311052942 A CN 202311052942A CN 117097526 A CN117097526 A CN 117097526A
- Authority
- CN
- China
- Prior art keywords
- encrypted data
- blockchain
- data information
- index
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012795 verification Methods 0.000 claims abstract description 25
- 238000012550 audit Methods 0.000 claims abstract description 14
- 238000010845 search algorithm Methods 0.000 claims abstract description 9
- 230000008569 process Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data security sharing method and device based on a block chain, comprising the steps of obtaining encrypted data information and uploading the encrypted data information to at least one node; performing repeatability verification on the encrypted data information through the blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not; if the data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to a block chain after index checking; when a user accesses the blockchain, executing a trapdoor generation algorithm to generate an indexed trapdoor; then executing a search algorithm to obtain an indexed set of file information; and obtaining a storage address of the encrypted data information on the IPFS, the user obtaining the encrypted data information based on the storage address. The application is oriented to a data security deduplication scene under a distributed storage scene, realizes data integrity audit based on a block chain, completes audit sharing based on the block chain, introduces a double-server structure, prevents single-point faults, and judges data repetition through a block label.
Description
Technical Field
The application relates to the field of data security sharing, in particular to a data security sharing method and device based on a blockchain.
Background
With the development of the Internet and big data, the data plays an irreplaceable role in the social life and scientific research of people, and the data sharing is gradually an important means for promoting the social and scientific development, but the existing data sharing system is difficult to ensure the data security due to the limitations of technology and the like. The traditional data sharing system adopts a centralized server and centralized storage, and has the following defects. 1) In the case of centralized management, the authority of the administrator is high, and data leakage may occur from inside; 2) The centralized server is easy to cause hacking, single-point faults are caused, and once the server is down, the whole system is not available any more; 3) The centralized service may terminate operation due to improper operation, so that the data of the user is lost completely, and the data security is not guaranteed. In summary, under the traditional data sharing architecture, users can only choose to trust third party platforms, which is extremely unsafe and unsecured.
The essence of the blockchain is a distributed shared database, the data structure of the database is a chain structure, each block is divided into a block head and a block body, the blocks are formed in series through hash pointers, and the block data structure is shown in fig. 1. The realization of the blockchain public account book is based on the technologies of cryptography, distributed consistency protocols, peer-to-peer networks, intelligent contracts and the like, and has the characteristics of decentralization, non-falsification, traceability, disclosure transparency and the like. The block chain technology and the data sharing and distribution are combined, so that the defects of common single-point faults and the like of centralized data sharing can be effectively overcome.
The prior China patent proposes a data security and privacy protection method and device, wherein encrypted data is uploaded to a node, the node performs secondary encryption on the encrypted data, the node verifies a terminal when receiving a data acquisition request, if the verification is successful, the data between the nodes is issued to the terminal, if a blockchain judges that the node is not trusted, the blockchain discards the node and transfers the data and logs stored in the node. The method can effectively protect single data from an individual level, thereby further ensuring the safety of the blockchain for keeping enterprise information. The requirement of multi-party data sharing can be met, and unauthorized access and exposure of other information of the data owner can be avoided to a certain extent. But this approach stores all of the data on the blockchain, potentially resulting in blockchain overload and a significant amount of data redundancy.
Disclosure of Invention
The application provides a data security sharing method based on a block chain, which aims to overcome the defects.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a method for securely sharing data based on a blockchain, including:
acquiring encrypted data information and uploading the encrypted data information to at least one node;
performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
based on the trapdoor of the index, executing a search algorithm to obtain a set of file information of the index;
and obtaining a storage address of the encrypted data information on the IPFS, wherein the user obtains the encrypted data information based on the storage address so as to complete data security sharing.
Preferably, before the encrypted data information is uploaded to at least one node, initializing the system includes:
step1: dividing each file in the block chain into blocks, generating a corresponding index and a corresponding public-private key pair by each block, and using a first file tag index as a public key;
step2: determining that the first file is valid, and the next file is based on the previous file;
step3: generating ciphertext blocks for each block based on the index, all blocks generating keys of the ciphertext based on the private key;
step4: generating corresponding labels for ciphertext blocks corresponding to each block, and generating second labels for all ciphertext block labels to form a next file;
step5: when any file does not exist, uploading the current file, verifying the identity based on a private key, and performing signature verification on a ciphertext block in the current file;
step6: when any file exists, signature verification is carried out on any ciphertext block.
Preferably, the signature verification process includes:
according to bilinear mapping formula e (g sk ,H(m))=e(g,H(m) sk ) Where e represents an exponent, m is a ciphertext block, sk is a private key, g sk Is a public key, called H (m) sk Is the signature for ciphertext block m.
Preferably, the process of uploading the encrypted data information to the node comprises the following steps:
generating a random symmetric key for the encrypted data information;
encrypting the encrypted data information by adopting a searchable encryption algorithm to obtain ciphertext and an index;
uploading the generated ciphertext and the index to a node, and uploading the ciphertext to an IPFS for storage;
and returns the address of the ciphertext in the IPFS to the user.
Preferably, the method further comprises:
when any node makes an audit request, selecting any n pieces of encrypted data of other nodes except the node making the audit request, re-signing the any n pieces of encrypted data, and performing secondary authentication again, wherein if authentication is successful, the encrypted data can be uploaded again, otherwise, the encrypted data cannot be uploaded.
In a second aspect, the present application provides a blockchain-based data security sharer apparatus, comprising:
the acquisition module is used for: acquiring encrypted data information and uploading the encrypted data information to at least one node;
and (3) a verification module: performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
and an uploading module: if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
and an access module: executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
and a search module: based on the trapdoor of the index, executing a search algorithm to obtain a set of file information of the index;
and a sharing module: and obtaining a storage address of the encrypted data information on the IPFS, wherein the user obtains the encrypted data information based on the storage address so as to complete data security sharing.
Preferably, the uploading module includes:
a first encryption unit: generating a random symmetric key for the encrypted data information;
a second encryption unit: encrypting the encrypted data information by adopting a searchable encryption algorithm to obtain ciphertext and an index;
and a storage unit: uploading the generated ciphertext and the index to a node, and uploading the ciphertext to an IPFS for storage;
a return unit: and returns the address of the ciphertext in the IPFS to the user.
Preferably, the method further comprises:
and an auditing module: when any node makes an audit request, selecting any n pieces of encrypted data of other nodes except the node making the audit request, re-signing the any n pieces of encrypted data, and performing secondary authentication again, wherein if authentication is successful, the encrypted data can be uploaded again, otherwise, the encrypted data cannot be uploaded.
In a third aspect, the present application provides an electronic device comprising a memory and a processor, the memory configured to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor to perform a blockchain-based data security sharing method as described above.
In a fourth aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a computer implements a blockchain-based data security sharing method as described above.
The application has the following beneficial effects:
the application provides a data security sharing method based on a block chain, which has redundancy, namely repeated data, when data uploading is carried out on a cloud architecture, the repeated data is deleted, and a security data integrity auditing process is carried out under the condition of deleting.
The cloud architecture is divided into a plurality of uploading and a single uploading, and a repeated process of data exists during the plurality of uploading. However, because there is centralization in a single node, there are essentially two nodes, then two nodes are always selected from the two nodes, one is used as an audit node, and one is used as an audited node, roles can be exchanged, then two states are divided in this case, one state is the initial uploading of data and the multiple uploading of one data, then a repeatability check is firstly performed after the initial uploading of the data, in the blockchain, only hash indexes of the data are stored in the blockchain, then if the data are found to be absent, the data of the two nodes are uploaded, the simultaneous uploading is not required, an index check is performed again after the uploading, the data are returned to the blockchain for storage, and then when the data are repeatedly uploaded, namely the data are already stored in the blockchain, the data are directly rewritten. It is also an audit that when any node makes an audit request during the audit process, that is, if you upload the data, the data is repeated, then the data is considered to be common to the owners, because the node is in possession of the data encryption data, then any n are chosen from the encrypted data, then the uploaded data set is subject to a re-signature, then a secondary authentication is made, if the authentication is successful in this case, it is the owner of the data that is indeed the one that can be re-uploaded, otherwise it cannot be uploaded, like the pow consensus mechanism. Although the secondary signature of this signature is meaningless, a replay attack can be effectively prevented.
Drawings
FIG. 1 is a prior art block data structure;
FIG. 2 is a block diagram of a method for securely sharing data based on a blockchain in accordance with an embodiment of the present application;
FIG. 3 is a flowchart of an embodiment of a method for securely sharing data based on a blockchain in accordance with an embodiment of the present application;
FIG. 4 is a schematic diagram of a bilinear certification in a blockchain-based data security sharing method according to an embodiment of the present application;
FIG. 5 is a block chain based data security sharing device architecture diagram according to an embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device implementing a blockchain-based data security sharing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments, and all other embodiments obtained by those skilled in the art without making creative efforts based on the embodiments of the present application are included in the protection scope of the present application.
The terms "first," "second," and the like in the claims and the description of the application, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order, and it is to be understood that the terms so used may be interchanged, if appropriate, merely to describe the manner in which objects of the same nature are distinguished in the embodiments of the application by the description, and furthermore, the terms "comprise" and "have" and any variations thereof are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of elements is not necessarily limited to those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs, and the terms used herein in this description of the application are for the purpose of describing particular embodiments only and are not intended to be limiting of the application.
First, the interplanetary file system (IPFS) is an open-source distributed file system. Unlike traditional centralized file systems which only rely on servers to download files, IPFS operates on P2P networks, avoiding the problems of single point failure and vulnerability of traditional centralized networks. Meanwhile, as the file is transmitted between users, the speed limit of the central server is avoided, and the file transmission efficiency is greatly improved. In addition, because the traditional addressing mode based on the position easily causes the loss of resources, the IPFS defines a distribution protocol based on the content addressing, and each file has a unique hash value corresponding to the unique hash value, so that the system has a tamper-proof function, can prevent a large amount of repeated data from being uploaded, and improves the network efficiency.
The searchable encryption technique allows the encrypted data to be searched without revealing any information to the untrusted server. The method comprises the following steps: 1) The untrusted server cannot obtain any information about the plaintext only through the ciphertext; 2) The untrusted server can only search under the authentication of a legal user; 3) When a user initiates a search request about a keyword to a server, the specific meaning of the keyword does not need to be indicated to the server; 4) The untrusted server cannot obtain any information about the plaintext of the query results. The server can return the ciphertext file according to the query request of the legal user while the personal privacy data of the user cannot be obtained by the searchable encryption, so that the safety and privacy of the user data are ensured, and the query efficiency is not excessively reduced.
Fig. 2 is a block diagram of an embodiment of the present application, and fig. 3 is a flowchart of a data security sharing method based on a blockchain according to an embodiment of the present application. As shown in fig. 3, a data security sharing method based on a blockchain includes the following steps:
s110, acquiring encrypted data information and uploading the encrypted data information to at least one node;
before the encrypted data information is uploaded to at least one node, a system is initialized, wherein the system initialization process comprises the following steps:
step1: dividing each file in the block chain into blocks, generating a corresponding index and a corresponding public-private key pair by each block, and using a first file tag index as a public key;
step2: determining that the first file is valid, and the next file is based on the previous file;
step3: generating ciphertext blocks for each block based on the index, all blocks generating keys of the ciphertext based on the private key;
step4: generating corresponding labels for ciphertext blocks corresponding to each block, and generating second labels for all ciphertext block labels to form a next file;
step5: when any file does not exist, uploading the current file, verifying the identity based on a private key, and performing signature verification on a ciphertext block in the current file;
step6: when any file exists, signature verification is carried out on any ciphertext block.
Wherein the signature verification process comprises: according to bilinear mapping formula e (g sk ,H(m))=e(g,H(m) sk ) Where e represents an exponent, m is a ciphertext block, sk is a private key, g sk Is a public key, called H (m) sk Is the signature for ciphertext block m. The simple signature under bilinear mapping uses bilinear features to transfer exponentially to verify the mapping process. As shown in fig. 4.
S120, performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
s130, if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
generating a random symmetric key for the encrypted data information; encrypting the encrypted data information by adopting a searchable encryption algorithm to obtain ciphertext and an index; uploading the generated ciphertext and the index to a node, and uploading the ciphertext to an IPFS for storage; and returns the address of the ciphertext in the IPFS to the user. The user completes the encryption uploading process of the data through the data decentralization storage function. Firstly, a user generates a random symmetric key, and adopts a searchable encryption algorithm to encrypt data to be shared to obtain ciphertext and an index. Then, the user uploads the generated ciphertext and index to a block chain based data secure sharing and controlled distribution platform, and the platform automatically uploads the ciphertext to the IPFS for storage and returns the address of the ciphertext in the IPFS to the user. Meanwhile, the platform can upload information such as ciphertext indexes and the like to the blockchain for certification.
S160, executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
the user participating in data sharing and data distribution needs to perform identity authentication, and the identity authentication and management module realizes the functions of user identity registration, certificate management, public key management, identity authentication and the like by using a blockchain technology. The public key infrastructure adopts a consensus mechanism to replace the traditional PKI for key management, and uses blockchain transactions to complete the functions of certificate issuing verification and the like, so that the security problems of single-point faults, easiness in attack, malpractice and the like of the traditional public key infrastructure can be well solved. The blockchain system is combined with the identity management module, so that anyone can check the user certificate issuing process and inquire the user certificate state, and the problems of single-point failure and opaqueness of the traditional identity authentication are avoided. The specific functions are implemented as follows.
1) Identity registration: the user generates identity information and issues the identity information to the whole network, other nodes verify the identity information after receiving the information, if the verification is passed, the block chain link point calls a key distribution intelligent contract, a public and private key pair and a certificate are generated for the user, and the user identity information is written into the block to indicate that the registration is successful; otherwise, the registration fails.
2) Public key querying: and traversing the blockchain to obtain public key information of the user.
3) Certificate inquiry: traversing the blockchain to obtain credential information for the user.
4) And (3) identity authentication: user authentication logic is completed through an authentication intelligent contract of a blockchain, and if the certificate is not expired and the identity is legal, authentication is passed; otherwise, the verification fails.
5) Updating the identity: if the user needs to update the identity information of the user, broadcasting the identity information of the user and the digital signature to the blockchain network for verification, and if the verification is passed, calling an identity update intelligent contract for modification; otherwise, the modification fails.
S150, executing a search algorithm based on the trapdoor of the index to obtain a set of file information of the index;
s160, obtaining a storage address of the encrypted data information on the IPFS, and obtaining the encrypted data information by a user based on the storage address so as to complete data security sharing.
The data visitor obtains the related data information from the data safety sharing and controlled distributing platform based on the block chain, inputs the attribute of the data visitor to decrypt the symmetric key, and can obtain the decryption key if the user has the corresponding access right. After the data visitor successfully obtains the secret key, a trapdoor generation algorithm is executed at the client to generate a trapdoor of the keyword, then a search algorithm is executed through a data security sharing and controlled distribution platform based on the block chain to obtain a set of file information containing the keyword, and a storage address of the ciphertext on the IPFS is obtained. And finally, the data visitor accesses the address to obtain the ciphertext, and further decrypts the ciphertext to obtain the data. In the process of applying for and executing searching by a data visitor, the data safety sharing and controlled distribution platform based on the blockchain can record user behaviors to the blockchain, so that the user behaviors can be traced back and supervised conveniently. The data sharing also comprises data controlled differentiation, and the data distribution algorithm is suitable for a scene that a data visitor needs to communicate with a data owner. When the data visitor does not have the right to decrypt but still wants to obtain the data, the data visitor can apply for the data owner, the data owner can decide whether to approve the application or not by himself, if so, related information can be sent to the data visitor through the data distribution platform, and the whole process also records the uplink for certification.
The main algorithm flow of the data security sharing is as follows:
1) The data visitor DU acquires Enc (K) from the blockchain, a decryption algorithm is executed, the secret key K is decrypted to obtain K=Decrypt (Enc (K)), and if the user has corresponding access authority, the K can be decrypted; if the user does not have the corresponding authority, decryption is impossible.
2) Executing trap algorithm by data visitor DU, inputting symmetric key K and keyword W to be queried, generating Trapdoor T of keyword W W Trapdor (K, W), anybody from Trapdoor T W The keyword W cannot be back-deduced.
3) Data visitor DU uses its own private key SK DU For own identity information ID DU Public key PK DU Trapdoor T of keyword to be queried W Signing and sending to the right control intelligent contract. The specific operation is as follows: generating a transaction tx=sign SKDU (ID DU ,PK DU ,T W ) And transmitting the broadcast data to a blockchain network for broadcasting.
4) The smart contract first detects the legitimacy of the identity of the data visitor. If the identity information is legal, a Search algorithm Search is executed, and an index I and a keyword trapdoor T are input W Outputting a file information set D (W) =search (I, T) containing a keyword W W )。
5) The data visitor obtains the storage address IPFS of the ciphertext on the IPFS according to the content of D (W) add And according to IPFS add Accessing the corresponding IPFS address, resulting in an encrypted file c=ipfs (IPFS) add )。
6) After obtaining ciphertext C from IPFS, the data visitor performs a decryption function, inputs symmetric key K and ciphertext file C, and obtains decrypted file D' =decrypt (K, C).
7) After obtaining the decrypted file, the data visitor can perform Hash operation on the file, calculate Hash (D'), and then compare the Hash with the file Ha Xizuo stored in the blockchain to see whether the file is tampered. If the result is correct, hash should be used file =Hash(D')。
Fig. 5 is a block chain-based data security sharing device according to an embodiment of the present application. As shown in fig. 5, the present application further provides a data security sharing device based on a blockchain, including:
the acquisition module 50: acquiring encrypted data information and uploading the encrypted data information to at least one node;
the verification module 51: performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
the upload module 52: if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
access module 53: executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
search module 54: based on the trapdoor of the index, executing a search algorithm to obtain a set of file information of the index;
sharing module 55: and obtaining a storage address of the encrypted data information on the IPFS, wherein the user obtains the encrypted data information based on the storage address so as to complete data security sharing.
Fig. 6 is a block chain-based data security sharing device structure diagram according to an embodiment of the present application, as shown in fig. 6, a block chain-based data security sharing device includes:
a memory 60 for storing a computer program;
a processor 61 for implementing the steps of the blockchain-based data secure sharing method as mentioned in the above embodiments when executing a computer program.
The blockchain-based data security sharing device provided in the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Processor 61 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 61 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 61 may also include a main processor, which is a processor for processing data in an awake state, also referred to as a central processor (Central Processing Unit, CPU), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 61 may be integrated with an image processor (Graphics Processing Unit, GPU) for taking care of rendering and rendering of the content that the display screen is required to display. In some embodiments, the processor 61 may also include an artificial intelligence (Artificial Intelligence, AI) processor for processing computing operations related to machine learning.
Memory 60 may include one or more computer-readable storage media, which may be non-transitory. Memory 60 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 60 is at least used for storing a computer program, where the computer program, when loaded and executed by the processor 61, can implement the relevant steps of the blockchain-based data security sharing method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 60 may also include an operating system, data, etc., and the storage manner may be transient storage or permanent storage. The operating system may include Windows, unix, linux, among others. The data may include, but is not limited to, blockchain-based data secure sharing methods, and the like.
In some embodiments, the blockchain-based data secure sharing device may further include a display screen, an input-output interface, a communication interface, a power supply, and a communication bus.
Those skilled in the art will appreciate that the architecture shown in FIG. 3 is not limiting of a blockchain-based data security sharing device and may include more or fewer components than illustrated.
The data security sharing device based on the blockchain provided by the embodiment of the application comprises a memory 60 and a processor 61, wherein the processor 61 can realize the data security sharing method based on the blockchain when executing a program stored in the memory 60.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps as described in the method embodiments above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium for performing all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The data security sharing method, device, equipment and medium based on the blockchain provided by the application are described in detail. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the application can be made without departing from the principles of the application and these modifications and adaptations are intended to be within the scope of the application as defined in the following claims.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A blockchain-based data security sharing method, comprising:
acquiring encrypted data information and uploading the encrypted data information to at least one node;
performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
based on the trapdoor of the index, executing a search algorithm to obtain a set of file information of the index;
and obtaining a storage address of the encrypted data information on the IPFS, wherein the user obtains the encrypted data information based on the storage address so as to complete data security sharing.
2. The blockchain-based data secure sharing method of claim 1, wherein initializing the system prior to uploading the encrypted data information to at least one node comprises:
step1: dividing each file in the block chain into blocks, generating a corresponding index and a corresponding public-private key pair by each block, and using a first file tag index as a public key;
step2: determining that the first file is valid, and the next file is based on the previous file;
step3: generating ciphertext blocks for each block based on the index, all blocks generating keys of the ciphertext based on the private key;
step4: generating corresponding labels for ciphertext blocks corresponding to each block, and generating second labels for all ciphertext block labels to form a next file;
step5: when any file does not exist, uploading the current file, verifying the identity based on a private key, and performing signature verification on a ciphertext block in the current file;
step6: when any file exists, signature verification is carried out on any ciphertext block.
3. The blockchain-based data secure sharing method of claim 2, wherein the signature verification process includes:
according to bilinear mapping formula e (g sk ,H(m))=e(g,H(m) sk ) Where e represents an exponent, m is a ciphertext block, sk is a private key, g sk Is a public key, called H (m) sk Is the signature for ciphertext block m.
4. The blockchain-based data secure sharing method of claim 1, wherein the process of encrypting the data information uploading node includes:
generating a random symmetric key for the encrypted data information;
encrypting the encrypted data information by adopting a searchable encryption algorithm to obtain ciphertext and an index;
uploading the generated ciphertext and the index to a node, and uploading the ciphertext to an IPFS for storage;
and returns the address of the ciphertext in the IPFS to the user.
5. The blockchain-based data secure sharing method of claim 1, further comprising:
when any node makes an audit request, selecting any n pieces of encrypted data of other nodes except the node making the audit request, re-signing the any n pieces of encrypted data, and performing secondary authentication again, wherein if authentication is successful, the encrypted data can be uploaded again, otherwise, the encrypted data cannot be uploaded.
6. A blockchain-based data security sharing apparatus, comprising:
the acquisition module is used for: acquiring encrypted data information and uploading the encrypted data information to at least one node;
and (3) a verification module: performing repeatability verification on the encrypted data information through a blockchain, and judging whether a hash index of the encrypted data information exists in the blockchain or not;
and an uploading module: if the encrypted data information does not exist, uploading the encrypted data information to at least two nodes, and feeding back to the blockchain after index checking;
and an access module: executing a trapdoor generation algorithm when a user accesses the blockchain to generate the trapdoor of the index;
and a search module: based on the trapdoor of the index, executing a search algorithm to obtain a set of file information of the index;
and a sharing module: and obtaining a storage address of the encrypted data information on the IPFS, wherein the user obtains the encrypted data information based on the storage address so as to complete data security sharing.
7. The blockchain-based data security sharing device of claim 6, wherein the upload module includes:
a first encryption unit: generating a random symmetric key for the encrypted data information;
a second encryption unit: encrypting the encrypted data information by adopting a searchable encryption algorithm to obtain ciphertext and an index;
and a storage unit: uploading the generated ciphertext and the index to a node, and uploading the ciphertext to an IPFS for storage;
a return unit: and returns the address of the ciphertext in the IPFS to the user.
8. The blockchain-based data secure sharing device of claim 6, further comprising:
and an auditing module: when any node makes an audit request, selecting any n pieces of encrypted data of other nodes except the node making the audit request, re-signing the any n pieces of encrypted data, and performing secondary authentication again, wherein if authentication is successful, the encrypted data can be uploaded again, otherwise, the encrypted data cannot be uploaded.
9. An electronic device comprising a memory and a processor, the memory to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor to implement a blockchain-based data secure sharing method as in any of claims 1-5.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a computer implements a blockchain-based data security sharing method as claimed in any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311052942.XA CN117097526A (en) | 2023-08-21 | 2023-08-21 | Block chain-based data security sharing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311052942.XA CN117097526A (en) | 2023-08-21 | 2023-08-21 | Block chain-based data security sharing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117097526A true CN117097526A (en) | 2023-11-21 |
Family
ID=88779308
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311052942.XA Pending CN117097526A (en) | 2023-08-21 | 2023-08-21 | Block chain-based data security sharing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117097526A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117834303A (en) * | 2024-03-05 | 2024-04-05 | 南开大学 | Data auditing method for decentralised storage |
| CN117834303B (en) * | 2024-03-05 | 2024-05-28 | 南开大学 | Data auditing method for decentralised storage |
-
2023
- 2023-08-21 CN CN202311052942.XA patent/CN117097526A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117834303A (en) * | 2024-03-05 | 2024-04-05 | 南开大学 | Data auditing method for decentralised storage |
| CN117834303B (en) * | 2024-03-05 | 2024-05-28 | 南开大学 | Data auditing method for decentralised storage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4120114A1 (en) | Data processing method and apparatus, smart device and storage medium | |
| US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| De Oliveira et al. | Towards a blockchain-based secure electronic medical record for healthcare applications | |
| CN116112274B (en) | Blockchain, management group rights and integration of access in an enterprise environment | |
| EP3404891B1 (en) | Method and system for distributing digital content in peer-to-peer network | |
| KR102467596B1 (en) | Blockchain implementation method and system | |
| US11115418B2 (en) | Registration and authorization method device and system | |
| CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
| US20200084027A1 (en) | Systems and methods for encryption of data on a blockchain | |
| WO2018071244A1 (en) | Method and system for secure data storage and retrieval | |
| CN112131316A (en) | Data processing method and device applied to block chain system | |
| CN110445840B (en) | File storage and reading method based on block chain technology | |
| CN111212026A (en) | Data processing method and device based on block chain and computer equipment | |
| CN108846671B (en) | Online secure transaction method and system based on block chain | |
| CN117043772A (en) | Block chain data separation | |
| Yang et al. | Protecting personal sensitive data security in the cloud with blockchain | |
| GB2599398A (en) | Physically unclonable functions | |
| Piechotta et al. | A secure dynamic collaboration environment in a cloud context | |
| CN117097526A (en) | Block chain-based data security sharing method and device | |
| WO2022069137A1 (en) | Challenge-response protocol based on physically unclonable functions | |
| CN116561820B (en) | Trusted data processing method and related device | |
| CN117675383A (en) | Data transmission architecture and data transmission method for networked collaborative design | |
| Na et al. | Fusion Chain: A Decentralized Lightweight Blockchain for IoT Security and Privacy. Electronics 2021, 10, 391 | |
| GB2604104A (en) | Digital security systems and methods | |
| Tamboli et al. | An analysis of access control mechanism with authentication of anonymous user and deduplication of data in decentralized clouds |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |