CN117596060A - Data encryption method, device, equipment and medium - Google Patents
Data encryption method, device, equipment and medium Download PDFInfo
- Publication number
- CN117596060A CN117596060A CN202311659299.7A CN202311659299A CN117596060A CN 117596060 A CN117596060 A CN 117596060A CN 202311659299 A CN202311659299 A CN 202311659299A CN 117596060 A CN117596060 A CN 117596060A
- Authority
- CN
- China
- Prior art keywords
- product
- ciphertext
- signature
- financial
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000002776 aggregation Effects 0.000 claims abstract description 67
- 238000004220 aggregation Methods 0.000 claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 33
- 230000004931 aggregating effect Effects 0.000 claims abstract description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 abstract description 17
- 238000004422 calculation algorithm Methods 0.000 abstract description 14
- 238000004364 calculation method Methods 0.000 abstract description 11
- 238000007405 data analysis Methods 0.000 abstract description 8
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 230000000996 additive effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a data encryption method, a device, equipment and a medium. The method comprises the following steps: acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product; respectively aggregating the first initial ciphertext and the second initial ciphertext corresponding to each financial product to obtain a corresponding first aggregated ciphertext and a corresponding second aggregated ciphertext; and when the object signature verification of the product management object corresponding to the financial product is successful, the first aggregation ciphertext, the second aggregation ciphertext, the object identification of the product management object, the current timestamp and the object identity signature corresponding to the product management object are sent to a decryption server, so that the decryption server decrypts and gathers based on the first aggregation ciphertext, the first aggregation ciphertext and the total value of the blinding factor, and asset total data corresponding to each asset type is obtained. The invention solves the technical problems that the encryption algorithm in the prior art can not meet the requirement of multidimensional data analysis and can not provide addition homomorphism, so that the calculation and communication costs are large.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data encryption method, device, apparatus, and medium.
Background
With the promotion of new regulations of financial management, financial products are subjected to net value management, and daily evaluation and disclosure of products held by financial institutions are performed. Different departments of the same organization manage different financial products, and the product data are usually stored in the same database, and according to the principle of department isolation, the data such as the product warehouse holding data, the asset estimation and the like among the different departments should be subjected to data isolation. The financial department needs to collect all financial product data in the department every day, and performs statistical analysis and report disclosure on all bottom asset valuations.
In the prior art, elGamal homomorphic encryption is adopted for data encryption, but the ElGamal homomorphic encryption has the defect of an encryption algorithm c 2 In =m·s, plaintext m cannot be classified and encrypted according to different data types; therefore, in homomorphism, aggregation of plaintext can only be multiplication of a single dimension, and the requirement of multidimensional data analysis cannot be met. In addition, the ElGamal homomorphic encryption only has multiplication homomorphism, namely, the multiplication result of the plaintext is obtained after decryption through ciphertext multiplication operation. In addition, the method has no addition homomorphism, and the calculation cost and the communication cost of the multiplication are higher than those of the addition, so that the efficiency is lower.
Disclosure of Invention
The invention provides a data encryption method, a device, equipment and a medium, which are used for solving the technical problems that an encryption algorithm in the prior art cannot meet the requirement of multidimensional data analysis and cannot provide addition homomorphism so as to cause larger calculation and communication expenditure.
According to an aspect of the present invention, there is provided a data encryption method applied to an encryption server, including:
acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product; the second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one element in a first set which is generated by a decryption server based on elliptic curves on a finite field and has addition attributes;
when cryptograph signature verification corresponding to the financial products is successful, aggregating the first initial cryptograms corresponding to each financial product to obtain corresponding first aggregate cryptograms, and aggregating the second initial cryptograms corresponding to each financial product to obtain corresponding second aggregate cryptograms;
And when the object signature verification of the product management object corresponding to the financial product is successful, the first aggregation ciphertext, the second aggregation ciphertext, the object identification of the product management object, the current timestamp and the object identity signature corresponding to the product management object are sent to a decryption server, so that the decryption server decrypts and gathers the first aggregation ciphertext and the total value of the blinding factors based on the first aggregation ciphertext, and the total value of the first aggregation ciphertext and the total value of the blinding factors, thereby obtaining asset data corresponding to each asset type.
According to another aspect of the present invention, there is provided a data encryption apparatus applied to an encryption server, comprising:
the first acquisition module is used for acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product; the second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one element in a first set which is generated by a decryption server based on elliptic curves on a finite field and has addition attributes;
the aggregation module is used for aggregating the first initial ciphertext corresponding to each financial product to obtain a corresponding first aggregate ciphertext when the ciphertext signature corresponding to the financial product is successfully verified, and aggregating the second initial ciphertext corresponding to each financial product to obtain a corresponding second aggregate ciphertext;
And the first sending module is used for sending the first aggregation ciphertext, the second aggregation ciphertext, the object identifier of the product management object, the current timestamp and the object identity signature corresponding to the product management object to a decryption server when the object signature verification of the product management object corresponding to the financial product is successful, so that the decryption server decrypts and gathers the first aggregation ciphertext, the first aggregation ciphertext and the total value of the blinding factor based on the first aggregation ciphertext, and the total data of the asset corresponding to each asset type is obtained.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data encryption method according to any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a data encryption method according to any one of the embodiments of the present invention.
According to the technical scheme, the second initial ciphertext is obtained through the generation of the asset data corresponding to each asset type in one financial product and the corresponding first coefficient, the system encryption key, the first element, the current timestamp and the blinding factor, so that the problem that an encryption algorithm in the prior art cannot meet the requirement of multidimensional data analysis is solved, and the requirement of multidimensional data analysis is met; meanwhile, the corresponding first aggregation ciphertext is obtained by aggregating the first initial ciphertext corresponding to each financial product, and the corresponding second aggregation ciphertext is obtained by aggregating the second initial ciphertext corresponding to each financial product, so that the technical problem that calculation and communication expenses are large due to the fact that addition homomorphism cannot be provided in the prior art is solved, aggregation of ciphers by adopting the addition homomorphism is achieved, calculation expenses and communication expenses are reduced, and further data transmission and encryption and decryption efficiency is improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data encryption method provided by an embodiment of the invention;
FIG. 2 is a flow chart of another data encryption method provided by an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The implementation process of the ElGamal homomorphic encryption is as follows:
key generation algorithm: selecting q-order cyclic group G and generator G, selecting private key x epsilon {1, …, q-1}, calculating y=g x Public key { G, q, G, y }.
Encryption algorithm: given plaintext m, selecting random number r E {1, …, q-1}, calculating c 1 =g r ,s=y r ,c 2 =m·s。
Decryption algorithm: given ciphertext (c) 1 ,c 2 ) Calculate t=c 1 x ,m=c 2 ·t -1 。
Homomorphism (multiplication):
the disadvantage of ElGamal homomorphic encryption is the encryption algorithm c 2 In =m·s, the plaintext m cannot be classified and encrypted according to the data type. In homomorphism, aggregation of plaintext can only be multiplication of a single dimension, and the requirement of multidimensional data analysis cannot be met. In addition, the ElGamal homomorphic encryption only has multiplication homomorphism, namely, the multiplication result of the plaintext is obtained after decryption through ciphertext multiplication operation. The method has no addition homomorphism, and the calculation cost and the communication cost of the multiplication are higher than those of the addition, so that the efficiency is lower.
In view of this, the embodiment of the invention provides a method for protecting privacy of classified aggregation of asset data, which uses improved ElGamal homomorphic encryption and super-growth sequence technology to conduct classified aggregation and encryption on a plurality of asset data (i.e. asset valuation data) of different financial product investments, and then the asset data are collected to financial departments in a unified way for calculation and analysis. The method ensures that different financial products are stored in the same database to realize data isolation and privacy protection, and meets the requirements of data summarization and statistical analysis. Wherein homomorphic encryption performs a specific type of computation on ciphertext and generates an encryption result that matches the result of the computation performed on plaintext after decryption.
In an embodiment, fig. 1 is a flowchart of a data encryption method according to an embodiment of the present invention, where the method may be implemented by a data encryption device, and the data encryption device may be implemented in hardware and/or software, and the data encryption device may be configured in an electronic device. The electronic device may be an encryption server, for example. As shown in fig. 1, the method includes:
s110, acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product.
The second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one of the elements in the first set that the decryption server generates based on elliptic curves over the finite field, the element having additive properties.
Illustratively, the financial product may be a financial product. Each financial product may include a plurality of asset types, and each asset type corresponds to one asset data. Assume that a financial product includes n asset types, corresponding to contain n types of asset data. The first coefficient refers to one coefficient configured for each asset data, and the first coefficient corresponding to each asset data is different. It is understood that the number of first coefficients is equivalent to the number of asset types that one financial product contains. The first coefficient may be a super-growing sequence, wherein a sequence Each element, except the first element, is greater than or equal to the sum of its previous elements, i.e. a j ≥a 1 +a 2 +…+a j-1 (2. Ltoreq.j. Ltoreq.n), the sequence is referred to as a super-growth sequence. The decryption server may generate a first set of q-steps based on elliptic curves over the finite field, the first element being a generator of the first set, i.e. one of the elements in the first set. The security of the data obtained by encryption of the encryption server and the decryption complexity of the decryption server can be ensured based on the complexity of the elliptic curve. Wherein the blinding factorRefers to an element randomly selected from a second set, and each financial product corresponds to a blinding factor.
In an embodiment, two initial ciphertexts corresponding to each financial product may be generated in advance, where the two initial ciphertexts are a first initial ciphertext and a second initial ciphertext, and the second initial ciphertext is generated based on asset data corresponding to each asset type and corresponding first coefficients, a system encryption key, a first element, a current timestamp and a blinding factor, where the two initial ciphertexts are included in the financial products, so that repeated transmission in different time periods may be avoided, and replay attacks may be prevented.
And S120, when the cryptograph signature verification corresponding to the financial products is successful, aggregating the first initial cryptograms corresponding to each financial product to obtain corresponding first aggregate cryptograms, and aggregating the second initial cryptograms corresponding to each financial product to obtain corresponding second aggregate cryptograms.
Wherein a successful ciphertext signature verification indicates that the first initial ciphertext and the second initial ciphertext are valid and complete. In an embodiment, each product management object may include a plurality of financial products, and when cryptograph signatures corresponding to the financial products are successfully verified, adding first initial cryptograms corresponding to all the financial products included in the product management object to obtain corresponding first aggregate cryptograms; and adding the second initial ciphertext corresponding to all the financial products contained in the product management object to obtain a corresponding second aggregate ciphertext.
And S130, when the object signature verification of the product management object corresponding to the financial product is successful, the first aggregation ciphertext, the second aggregation ciphertext, the object identification of the product management object, the current time stamp and the object identity signature corresponding to the product management object are sent to a decryption server, so that the decryption server decrypts and gathers based on the first aggregation ciphertext, the first aggregation ciphertext and the total value of the blinding factor, and asset total data corresponding to each asset type is obtained.
The object signature verification success indicates that the first aggregation ciphertext and the second aggregation ciphertext corresponding to each product management object are effective and complete. The decryption server refers to a server for decrypting and recovering asset data. In an embodiment, when verification of an object signature of a product management object corresponding to a financial product is successful, an encryption server sends a first aggregation ciphertext, a second aggregation ciphertext, an object identifier of the product management object, a current timestamp and an object identity signature to a decryption server, so that the decryption server decrypts based on the first aggregation ciphertext, the first aggregation ciphertext and a blinding factor total value to obtain asset data corresponding to each asset type contained in each financial product, and then gathers resource data belonging to the same asset type in a plurality of financial products to obtain asset total data corresponding to the asset type.
According to the technical scheme, the second initial ciphertext is obtained through the generation of the asset data corresponding to each asset type in one financial product and the corresponding first coefficient, the system encryption key, the first element, the current timestamp and the blinding factor, so that the problem that an encryption algorithm in the prior art cannot meet the requirement of multidimensional data analysis is solved, and the requirement of multidimensional data analysis is met; meanwhile, the corresponding first aggregation ciphertext is obtained by aggregating the first initial ciphertext corresponding to each financial product, and the corresponding second aggregation ciphertext is obtained by aggregating the second initial ciphertext corresponding to each financial product, so that the technical problem that calculation and communication expenses are large due to the fact that addition homomorphism cannot be provided in the prior art is solved, aggregation of ciphers by adopting the addition homomorphism is achieved, calculation expenses and communication expenses are reduced, and further data transmission and encryption and decryption efficiency is improved.
In an embodiment, fig. 2 is a flowchart of another data encryption method according to an embodiment of the present invention, where the data encryption process is further described based on the above embodiment. As shown in fig. 2, the method includes:
S210, generating a corresponding product encryption public key according to the first product element and the first element.
Wherein the first product element refers to an element randomly selected from the second set; the product encryption public key refers to a public key that encrypts a financial product. Each financial product corresponds to a product encryption public key. In an embodiment, the product value between the first product element and the first element may be used as a product encryption public key for the corresponding financial product.
S220, generating a corresponding first product authentication signature according to the second product element and the first element.
Wherein the second product element refers to an element randomly selected from the second set; the first product authentication signature refers to a signature that authenticates a financial product. Each financial product includes two product authentication signatures, a first product authentication signature and a second product authentication signature, respectively. In an embodiment, the product value between the second product element and the first element may be used as a first product authentication signature for the corresponding financial product.
S230, generating a corresponding second product authentication signature according to the second product element, the first product element and the fourth hash value.
The fourth hash value is the hash value of the product identifier of the financial product, the product encryption public key and the first product authentication signature. And calculating the hash value of the product identifier of the financial product, the product encryption public key and the first product authentication signature to obtain a corresponding fourth hash value. In an embodiment, the product value of the first product element and the fourth hash value is summed with the second product element as a second product authentication signature for the corresponding financial product.
S240, the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier are sent to the decryption server, so that the decryption server performs product authentication on the financial product according to the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier.
In an embodiment, the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier are sent to the decryption server through the encryption server, so that the decryption server performs product authentication on the financial product according to the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier to determine whether the product authentication signature is valid and complete. Firstly, determining a product value between a second product authentication signature and a first element as a first product value; then determining the product value of the fourth hash value and the product encryption public key as a second product value; and finally, determining whether the difference value between the first product value and the second product value is equal to the first product authentication signature, and if so, indicating that the first product authentication signature and the second product authentication signature are complete and valid.
S250, generating a corresponding object encryption public key according to the first object element and the first element.
Wherein the first object element refers to an element randomly selected from the second set; the object encryption public key refers to a public key that encrypts a product management object. Each product management object corresponds to an object encryption public key. In an embodiment, the product value between the first object element and the first element may be used as an object encryption public key of the corresponding product management object.
And S260, generating a corresponding first object authentication signature according to the second object element and the first element.
Wherein the second object element refers to an element randomly selected from the second set; the first object authentication signature refers to one signature that authenticates a product management object. Each product management object includes two object authentication signatures, a first object authentication signature and a second object authentication signature, respectively. In an embodiment, a product value between the second object element and the first element may be taken as a first object authentication signature of the corresponding product management object.
S270, generating a corresponding second object authentication signature according to the second object element, the first object element and the third hash value.
The third hash value is a hash value of the object identifier of the product management object, the object encryption public key and the first object authentication signature. And calculating the hash value of the object identifier of the product management object, the object encryption public key and the first object authentication signature to obtain a corresponding third hash value. In an embodiment, a sum of the product value of the first object element and the third hash value and the second object element is used as a second object authentication signature of the corresponding product management object.
S280, the first object authentication signature, the second object authentication signature, the object encryption public key and the object identification are sent to the decryption server, so that the decryption server performs identity authentication on the product management object according to the first object authentication signature, the second object authentication signature, the object identification and the object encryption public key.
In an embodiment, the first object authentication signature, the second object authentication signature, the object encryption public key and the object identification are sent to the decryption server through the encryption server, so that the decryption server performs object authentication on the product management object according to the first object authentication signature, the second object authentication signature, the object encryption public key and the object identification to determine whether the object authentication signature is valid and complete. Firstly, determining a product value between a second object authentication signature and a first element as a first product value; then determining a product value of the third hash value and the object encryption public key as a second product value; and finally, determining whether the difference value between the first product value and the second product value is equal to the first object authentication signature, and if so, indicating that the first object authentication signature and the second object authentication signature are complete and valid.
S290, acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product.
The second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one of the elements in the first set that the decryption server generates based on elliptic curves over the finite field, the element having additive properties.
S2100, acquiring a first cryptograph signature and a second cryptograph signature corresponding to each financial product.
Wherein the first ciphertext signature refers to a signature that authenticates the first initial ciphertext and the second initial ciphertext; the second ciphertext signature refers to another signature that authenticates the first initial ciphertext and the second initial ciphertext. In an embodiment, an element may be randomly selected from the second set by the financial product management server as the first ciphertext element; then taking the product value of the first ciphertext element and the first element as a first ciphertext signature; and determining a product value between the first product element and the first hash value, adding the product value and the first ciphertext element to obtain a corresponding second ciphertext signature, and transmitting the first ciphertext signature and the second ciphertext signature to the encryption server.
S2110, determining the cryptograph signature verification condition of the corresponding financial product according to the product value of the second cryptograph signature and the first element, the product value of the first cryptograph signature, the product encryption public key of the corresponding financial product and the first hash value.
The first hash value is a hash value of a product identifier, a product encryption public key, a first ciphertext signature, a first initial ciphertext, a second initial ciphertext and a current timestamp corresponding to the financial product.
The ciphertext signature verification condition is used for representing the integrity and the validity of the first initial ciphertext and the second initial ciphertext. In an embodiment, determining a product value between a product encryption key corresponding to a financial product and a first hash value, and adding the product value and a first ciphertext signature to obtain a corresponding added value; and judging whether the added value is equal to the product value of the second ciphertext signature and the first element, and if so, indicating that the first initial ciphertext and the second initial ciphertext are complete and effective.
In one embodiment, the small-index technique may be used to verify the ciphertext signature verification of all financial products in the product management object in bulk. Illustratively, assuming that a product management object contains a w financial products, the small index θ may be randomly selected 1 ,θ 2 ,…,θ w ∈[1,2 w ]Determining the sum of product values among the product encryption key, the first hash value and the small exponent corresponding to the financial product, and adding the sum value to the product value among the first ciphertext signature and the small exponent to obtain a corresponding added value; then judging the product of the added value and the second ciphertext signature, the first element and the small exponentWhether the sum of the values is equal or not, if the sum of the values is equal, the first initial ciphertext and the second initial ciphertext are complete and effective, so that the integrity and the effectiveness of the initial ciphertext of a plurality of financial products can be verified in batches.
S2120, when cryptograph signature verification corresponding to each financial product is successful, aggregating the first initial cryptograms corresponding to each financial product to obtain corresponding first aggregate cryptograms, and aggregating the second initial cryptograms corresponding to each financial product to obtain corresponding second aggregate cryptograms.
S2130, obtaining a first cryptograph authentication signature and a second cryptograph authentication signature of a product management object corresponding to the financial product.
The first ciphertext authentication signature is a signature for authenticating the first aggregate ciphertext and the second aggregate ciphertext; the second ciphertext authentication signature refers to another signature that authenticates the first and second aggregate ciphertexts. In an embodiment, an element may be randomly selected from the second set by the encryption server as a second ciphertext element; then taking the product value of the second ciphertext element and the first element as a first ciphertext authentication signature; and determining a product value between the first object element and the second hash value, and adding the product value and the second ciphertext element to obtain a corresponding second ciphertext authentication signature.
S2140, determining the verification condition of the object signature of the corresponding product management object according to the product value of the second ciphertext authentication signature and the first element, the first ciphertext authentication signature, the object encryption public key of the corresponding product management object and the product value of the second hash value.
The second hash value is a hash value of an object identifier corresponding to the product management object, an object encryption public key, a first ciphertext authentication signature, a first aggregation ciphertext, a second aggregation ciphertext and a current timestamp.
The object signature verification condition is used for representing the integrity and the validity of the first aggregation ciphertext and the second aggregation ciphertext. In an embodiment, determining a product value between an object encryption key corresponding to a product management object and a second hash value, and adding the product value and a first ciphertext authentication signature to obtain a corresponding added value; and judging whether the added value is equal to the product value of the second ciphertext authentication signature and the first element, and if so, indicating that the first aggregate ciphertext and the second aggregate ciphertext are complete and effective.
S2150, when the object signature verification of the product management object corresponding to the financial product is successful, the first aggregation ciphertext, the second aggregation ciphertext, the object identification of the product management object, the current timestamp and the object identity signature corresponding to the product management object are sent to the decryption server, so that the decryption server decrypts and gathers based on the first aggregation ciphertext, the first aggregation ciphertext and the total value of the blinding factor, and asset total data corresponding to each asset type is obtained.
In one embodiment, a financial product is taken as an example of a financial product, and a process of encrypting and decrypting data is described. The technical scheme is divided into five stages: the system initialization stage, registration stage, data generation stage, data aggregation stage and data reading stage, and the related symbols are shown in a list 1.
Table 1 symbol list
First stage, system initialization stage:
all system parameters are generated by AC and blinding factors are generated by TTP. Let w be the total number of financial products currently running, n be the number of asset types held by each financial product, and d be the maximum value of the asset data.
The AC performs the following steps to generate system parameters:
step 1, AC finite field F-based p The elliptic curve E on the table generates a q-order group G (i.e., the first set of the above embodiments), and the first element P is a generator of the group G, i.e., one element in the group G.
Step 2, AC selectionComputing system encryption public key P pub =xP。
Step 3, AC selects hash function Is the second set.
Step 4, AC selects super-growth sequenceWherein a is 1 ,a 2 ,…,a n Is a large prime number and satisfies
Step 5, AC disclosure System parameters
The TTP performs the following steps to generate the blinding factor:
TTP random selection blinding factorCalculate the total blinding factor value +.>Transmitting k over a secure channel i Financial product FP i (i=1, 2, … w) and sends k to the decryption server.
Second stage, registration stage: at this stage D t And financial product manager FP i The following steps are performed to register at the AC.
Step 1, randomly selecting a first product element x i And a second product element r i All belong toCalculating a product encryption public key X corresponding to each financial product i =x i P and product authentication signature<R i ,s i >Wherein the first product authentication signature R of the financial product i =r i P, second product authentication signature s i =r i +x i H 1 (ID i ,X i ,R i ) Wherein, ID i Refers to the product identification of each financial product, H 1 (ID i ,X i ,R i ) Refers to the fourth hash value. FP (Fabry-Perot) i Transmitting<ID i ,X i ,R i ,s i >To the AC.
Step 2, AC verification equation R i =s i P-H 1 (ID i ,X i ,R i )X i Whether or not it is true, if so, disclose<ID i ,X i ,R i ,s i >。
Step 3, D t Randomly selectCalculating an object encryption public key corresponding to each product management objectAnd subject authentication signature->Wherein the first object authentication signature +_>Second object authentication signature->D t Send->To the AC.
(4) AC verification equationWhether or not it is true, if so, disclose
And a third stage: a data generation stage, at which financial product FP i Summarizing and generating n-type asset data (m i1 ,m i2 ,…,m in ) And send to D t 。
Step 1, FP i Randomly selectAnd (3) calculating: first initial ciphertext C 1,i =t i P, second initial ciphertext C 2,i =t i P pub +[(a 1 m i1 +a 2 m i2 +…+a n m in )+H 2 (T)k i ]P。
Step 2, FP i Randomly selecting a first ciphertext element And (3) calculating: first ciphertext signature L i =l i P is as follows; second ciphertext signature v i =l i +x i H 3 (ID i ,X i ,C 1,i ,C 2,i ,L i T), where T is the current timestamp.
Step 3, FP i Transmitting<C 1,i ,C 2,i ,ID i ,T,L i ,v i >Give D t 。
Fourth stage: data aggregation stage, D t From FP i (i=1, 2, … w) receives w parts of asset data (i.e. w financial products, each part containing n types)<C 1,i ,C 2,i ,ID i ,T,L i ,v i >The following steps are then performed to aggregate the data:
in the step 1, the method comprises the following steps,first checking the timestamp T, calculating and verifying the equation v i P=L i +H 3 (ID i ,X i ,C 1,i ,C 2,i ,L i ,T)X i (i=1, 2, …, w) is true. Wherein H is 3 (ID i ,X i ,C 1,i ,C 2,i ,L i T) refers to the first hash value. D for improving the verification speed t Batch verification using small index technique, D t Randomly selecting small index theta 1 ,θ 2 ,…,θ w ∈[1,2 w ]Validating an equationWhether or not it is.
Step 2, D t After successfully verifying the financial product signature, data aggregation is carried out: first aggregate ciphertextSecond polymeric ciphertext->
Step 3, D t Randomly selecting a second ciphertext elementAnd (3) calculating:wherein the first ciphertext authentication signature is L Dt The second ciphertext authentication signature is v Dt ,H 3 (ID Dt ,X Dt ,C 1 ,C 2 ,L Dt T) refers to the second hash value.
VA transmissionTo the AC.
Fifth stage: data reading stage: AC receptionThe following steps are performed to read the aggregate data:
step 1, the AC first verifies the timestamp T, verifying the equation
Step 2, the AC calculates using the private key x and the total value k of the blinding factor: phi=c 2 -xC 1 -H 2 (T)kP。
Step 3, AC utilization time complexity isPolard's lambda algorithm of (E), solving discrete logarithm calculation of phi +.>The AC recovers the aggregate asset total data (D) for each asset type using the data recovery algorithm in table 2 1 ,D 2 ,…,D n ) Wherein, the total asset data corresponding to one asset type +.>
Table 2 data recovery algorithm
Correctness:
according to the data recovery algorithm, AC calculations are available:
since data values of all data types are smaller than d available
The same principle can be obtained:
the embodiment of the invention supports the classified aggregation of asset data. In the scheme, in the data generation stage, a second initial ciphertext C is generated 2,i =t i P pub +[(a 1 m i1 +a 2 m i2 +…+a n m in )+H 2 (T)k i ]P, where m in Different types of asset data held by the same financial product, therefore the present solution supports the categorical aggregation of asset valuation data. In addition, the scheme improves the ElGamal, and generates a second aggregation ciphertext in the data aggregation stageCompared with the ElGamal homomorphic encryption, the ElGamal homomorphic encryption method has the advantages that the computing cost and the communication cost are lower, and further data encryption and decryption can be more efficiently carried out.
In an embodiment, fig. 3 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: a first acquisition module 310, an aggregation module 320, and a first transmission module 330.
A first obtaining module 310, configured to obtain a first initial ciphertext and a second initial ciphertext corresponding to each financial product; the second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one element in a first set which is generated by a decryption server based on elliptic curves on a finite field and has addition attributes;
the aggregation module 320 is configured to aggregate the first initial ciphertext corresponding to each financial product to obtain a corresponding first aggregate ciphertext, and aggregate the second initial ciphertext corresponding to each financial product to obtain a corresponding second aggregate ciphertext when the ciphertext signature corresponding to the financial product is successfully verified;
the first sending module 330 is configured to send, when the verification of the object signature of the product management object corresponding to the financial product is successful, a first aggregate ciphertext, a second aggregate ciphertext, an object identifier of the product management object, a current timestamp, and an object identity signature corresponding to the product management object to the decryption server, so that the decryption server decrypts and gathers the first aggregate ciphertext, and a total value of the blinding factor, thereby obtaining total asset data corresponding to each asset type.
In an embodiment, the data encryption device further includes:
the second acquisition module is used for acquiring a first ciphertext signature and a second ciphertext signature corresponding to each financial product;
the first determining module is used for determining the cryptograph signature verification condition of the corresponding financial product according to the product value of the second cryptograph signature and the first element, the product value of the first cryptograph signature, the product encryption public key of the corresponding financial product and the first hash value; the first hash value is a hash value of a product identifier, a product encryption public key, a first ciphertext signature, a first initial ciphertext, a second initial ciphertext and a current timestamp corresponding to the financial product.
In an embodiment, the data encryption device further includes:
and the verification module is used for carrying out batch verification on the ciphertext signature verification conditions of all the financial products in the product management object by adopting a small-index technology.
In an embodiment, the data encryption device further includes:
the third acquisition module is used for acquiring a first ciphertext authentication signature and a second ciphertext authentication signature of a product management object corresponding to the financial product;
the second determining module is used for determining the object signature verification condition of the corresponding product management object according to the product value of the second ciphertext authentication signature and the first element, the first ciphertext authentication signature, the object encryption public key of the corresponding product management object and the product value of the second hash value; the second hash value is a hash value of an object identifier corresponding to the product management object, an object encryption public key, a first ciphertext authentication signature, a first aggregation ciphertext, a second aggregation ciphertext and a current timestamp.
In an embodiment, the data encryption device further includes:
the first generation module is used for generating a corresponding object encryption public key according to the first object element and the first element;
the second generation module is used for generating a corresponding first object authentication signature according to the second object element and the first element;
the third generation module is used for generating a corresponding second object authentication signature according to the second object element, the first object element and the third hash value; the third hash value is the hash value of the object identifier of the product management object, the object encryption public key and the first object authentication signature;
and the second sending module is used for sending the first object authentication signature, the second object authentication signature, the object encryption public key and the object identification to the decryption server so that the decryption server can carry out identity authentication on the product management object according to the first object authentication signature, the second object authentication signature, the object identification and the object encryption public key.
In an embodiment, the data encryption device further includes:
the fourth generation module is used for generating a corresponding product encryption public key according to the first product element and the first element;
a fifth generation module for generating a corresponding first product authentication signature according to the second product element and the first element;
A sixth generation module, configured to generate a corresponding second product authentication signature according to the second product element, the first product element, and the fourth hash value; the fourth hash value is the hash value of the product identifier of the financial product, the product encryption public key and the first product authentication signature;
and the third sending module is used for sending the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier to the decryption server so that the decryption server can perform product authentication on the financial product according to the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier.
In an embodiment, the determining method of the total value of the blinding factors includes:
obtaining a blinding factor corresponding to each financial product in a product management object;
a total blinding factor value for the corresponding product management object is determined based on the blinding factor and a total number of financial products contained by the product management object.
The data encryption device provided by the embodiment of the invention can execute the data encryption method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
In one embodiment, fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 4, a schematic diagram of an electronic device 10 that may be used to implement an embodiment of the present invention is shown. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the data encryption method.
In some embodiments, the data encryption method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the data encryption method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the data encryption method in any other suitable way (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. A data encryption method, applied to an encryption server, comprising:
acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product; the second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one element in a first set which is generated by a decryption server based on elliptic curves on a finite field and has addition attributes;
When cryptograph signature verification corresponding to the financial products is successful, aggregating the first initial cryptograms corresponding to each financial product to obtain corresponding first aggregate cryptograms, and aggregating the second initial cryptograms corresponding to each financial product to obtain corresponding second aggregate cryptograms;
and when the object signature verification of the product management object corresponding to the financial product is successful, the first aggregation ciphertext, the second aggregation ciphertext, the object identification of the product management object, the current timestamp and the object identity signature corresponding to the product management object are sent to a decryption server, so that the decryption server decrypts and gathers the first aggregation ciphertext and the total value of the blinding factors based on the first aggregation ciphertext, and the total value of the first aggregation ciphertext and the total value of the blinding factors, thereby obtaining asset data corresponding to each asset type.
2. The method according to claim 1, characterized in that the method further comprises:
acquiring a first ciphertext signature and a second ciphertext signature corresponding to each financial product;
determining the cryptograph signature verification condition of the corresponding financial product according to the product value of the second cryptograph signature and the first element, and the product value of the first cryptograph signature, the product encryption public key of the corresponding financial product and the first hash value; the first hash value is a hash value of a product identifier, a product encryption public key, the first ciphertext signature, the first initial ciphertext, the second initial ciphertext and a current timestamp corresponding to the financial product.
3. The method according to claim 2, characterized in that the method further comprises:
and carrying out batch verification on the ciphertext signature verification conditions of all the financial products in the product management object by adopting a small-exponent technology.
4. The method of claim 1, wherein the object identity signature comprises: a first ciphertext authentication signature and a second ciphertext authentication signature; the method further comprises the steps of:
acquiring a first ciphertext authentication signature and a second ciphertext authentication signature of a product management object corresponding to the financial product;
determining the verification condition of the object signature of the corresponding product management object according to the product value of the second ciphertext authentication signature and the first element, and the product value of the first ciphertext authentication signature, the object encryption public key of the corresponding product management object and the second hash value; the second hash value is a hash value of an object identifier corresponding to the product management object, an object encryption public key, the first ciphertext authentication signature, the first aggregation ciphertext, the second aggregation ciphertext and a current timestamp.
5. The method according to claim 1, characterized in that the method comprises:
Generating a corresponding object encryption public key according to the first object element and the first element;
generating a corresponding first object authentication signature according to the second object element and the first element;
generating a corresponding second object authentication signature according to the second object element, the first object element and the third hash value; the third hash value is a hash value of an object identifier of a product management object, the object encryption public key and the first object authentication signature;
and sending the first object authentication signature, the second object authentication signature, the object encryption public key and the object identification to the decryption server, so that the decryption server performs identity authentication on the product management object according to the first object authentication signature, the second object authentication signature, the object identification and the object encryption public key.
6. The method according to claim 1, characterized in that the method further comprises:
generating a corresponding product encryption public key according to the first product element and the first element;
generating a corresponding first product authentication signature according to the second product element and the first element;
generating a corresponding second product authentication signature according to the second product element, the first product element and the fourth hash value; the fourth hash value is a hash value of a product identifier of the financial product, the product encryption public key and the first product authentication signature;
And sending the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier to the decryption server, so that the decryption server performs product authentication on the financial product according to the first product authentication signature, the second product authentication signature, the product encryption public key and the product identifier.
7. The method according to claim 1, wherein the determining the total value of the blinding factor comprises:
obtaining a blinding factor corresponding to each financial product in a product management object;
and determining the total value of the blinding factors of the corresponding product management objects based on the blinding factors and the total number of the financial products contained in the product management objects.
8. A data encryption apparatus, applied to an encryption server, comprising:
the first acquisition module is used for acquiring a first initial ciphertext and a second initial ciphertext corresponding to each financial product; the second initial ciphertext is generated according to asset data corresponding to each asset type contained in the financial product, a corresponding first coefficient, a system encryption key, a first element, a current time stamp and a blinding factor; the first element is one element in a first set which is generated by a decryption server based on elliptic curves on a finite field and has addition attributes;
The aggregation module is used for aggregating the first initial ciphertext corresponding to each financial product to obtain a corresponding first aggregate ciphertext when the ciphertext signature corresponding to the financial product is successfully verified, and aggregating the second initial ciphertext corresponding to each financial product to obtain a corresponding second aggregate ciphertext;
and the first sending module is used for sending the first aggregation ciphertext, the second aggregation ciphertext, the object identifier of the product management object, the current timestamp and the object identity signature corresponding to the product management object to a decryption server when the object signature verification of the product management object corresponding to the financial product is successful, so that the decryption server decrypts and gathers the first aggregation ciphertext, the first aggregation ciphertext and the total value of the blinding factor based on the first aggregation ciphertext, and the total data of the asset corresponding to each asset type is obtained.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data encryption method of any one of claims 1-7.
10. A computer readable storage medium storing computer instructions for causing a processor to implement the data encryption method of any one of claims 1-7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311659299.7A CN117596060A (en) | 2023-12-05 | 2023-12-05 | Data encryption method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311659299.7A CN117596060A (en) | 2023-12-05 | 2023-12-05 | Data encryption method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596060A true CN117596060A (en) | 2024-02-23 |
Family
ID=89909824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311659299.7A Pending CN117596060A (en) | 2023-12-05 | 2023-12-05 | Data encryption method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596060A (en) |
-
2023
- 2023-12-05 CN CN202311659299.7A patent/CN117596060A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xu et al. | Verifynet: Secure and verifiable federated learning | |
| Liu et al. | Efficient and privacy-preserving outsourced calculation of rational numbers | |
| Wang et al. | Oruta: Privacy-preserving public auditing for shared data in the cloud | |
| Wei et al. | SecCloud: Bridging secure storage and computation in cloud | |
| Wang et al. | Privacy-preserving public auditing for data storage security in cloud computing | |
| US9641340B2 (en) | Certificateless multi-proxy signature method and apparatus | |
| WO2018184407A1 (en) | K-means clustering method and system having privacy protection | |
| US8583932B2 (en) | Signature device, signature verification device, anonymous authetication system, signing method, signature authentication method, and programs therefor | |
| Li et al. | Inspecting edge data integrity with aggregate signature in distributed edge computing environment | |
| US11546348B2 (en) | Data service system | |
| KR20080084500A (en) | Apparatus for batch verification and method using the same | |
| US20200250655A1 (en) | Efficient, environmental and consumer friendly consensus method for cryptographic transactions | |
| CN105515778B (en) | Cloud storage data integrity services signatures method | |
| CN114580029A (en) | Block chain digital asset privacy protection method, device, equipment and storage medium | |
| CN108259506A (en) | SM2 whitepack password implementation methods | |
| Henecka et al. | Privacy-preserving fraud detection across multiple phone record databases | |
| Meng et al. | Fast secure and anonymous key agreement against bad randomness for cloud computing | |
| Zhao et al. | Fuzzy identity-based dynamic auditing of big data on cloud storage | |
| CN113364595B (en) | Power grid private data signature aggregation method and device and computer equipment | |
| CN105812356B (en) | Anonymous query processing method facing cloud service system | |
| Rizwan et al. | Said: Ecc-based secure authentication and incentive distribution mechanism for blockchain-enabled data sharing system | |
| CN116248246A (en) | Intelligent building operation and maintenance data management method, device, computer equipment and storage medium | |
| CN117596060A (en) | Data encryption method, device, equipment and medium | |
| CN113992389A (en) | SGX data integrity auditing method based on dynamic frequency table | |
| CN117035776B (en) | Data sharing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |