KR20210041459A - The encrypted data sharing system based on block chain and IPFS(InterPlanetary File System) - Google Patents

Abstract

Provided are an encrypted data sharing system based on a blockchain and an interplanetary file system (IPFS). The encrypted data sharing system based on a blockchain and an IPFS comprises: a blockchain network configured by connecting a plurality of nodes and including a smart contract for storing data in a blockchain or executing an action of downloading the stored data; an IPFS connected to each of the nodes in the blockchain network, recording file information in a block through the action of the smart contract, and uploading and downloading a file and requesting and transmitting a symmetric key through the action of the smart contract; and a file management module generating an arbitrary symmetric key for the file when a data uploader node in the blockchain network uploads the file, encrypting the file to be uploaded with the symmetric key, and uploading the encrypted file to the IPFS. When the encrypted file is uploaded, the IPFS returns an address of the file to the blockchain, and the symmetric key is encrypted with a public key of a blockchain account of a user node in the blockchain network to be stored in the blockchain with the file address. Therefore, data forgery/tamper can be prevented.

Description

The encrypted data sharing system based on block chain and IPFS(InterPlanetary File System)}

The present invention relates to a blockchain and IPFS-based encryption data sharing system. More specifically, it relates to a block chain and IPFS-based encryption data sharing system that can safely share large amounts of data in a digitally trusted system based on a block chain.

Block Chain refers to a data distribution processing technology that distributes and stores all data that are subject to management by all users participating in the network. It is also called'Distributed Ledger Technology (DLT)' or'Public Transaction Ledger' in that the ledger containing transaction information is not owned by the transaction entity or a specific institution, but is shared by all network participants. . Blockchain is a name given as a chain of blocks containing transaction details. This blockchain is a technology to prevent hacking such as forgery of transaction contents, and it sends transaction details to all users participating in the transaction, and uses a method to prevent data forgery by collating it with each transaction.

Blockchain is a core concept of decentralization, which aims for P2P (Peer to Peer) transactions, away from the existing financial system that secures and manages all transactions in financial institutions. P2P refers to a communication network that connects personal computers without a server or client, and each connected computer acts as a server and a client to share information. Multiple nodes share and verify the same data to form a digital trust relationship. This environment makes it possible to realize smart contracts that can conveniently sign and modify contracts through P2P without an intermediary.

In the existing financial system, financial companies have kept transaction records on a central server, whereas in a blockchain based on the P2P method, transaction information is stored in blocks and connected in sequence, which is shared by all participants.

Virtual currency, also known as electronic money or cryptocurrency, refers to currency that is traded online without real money such as bills or coins. Unlike ordinary currencies issued by governments or central banks in each country, virtual currency is valued according to rules set by the person who first devised it. In addition, due to the decentralization feature, the government or central bank does not manage transaction details and distributes based on blockchain technology, so specific institutions such as the government do not guarantee value or payment.

Korean Patent Registration 10-1936758 (announcement date January 11, 2019)

The technical problem to be solved by the present invention is that the data uploader node shares the encrypted data in the blockchain, but when the data downloader node requests access to the file, the symmetric key of the encrypted data is transferred to the block chain of the downloader node. When encrypted with the account's public key and transmitted, the data downloader node decrypts the symmetric key encrypted with its own private key to obtain the symmetric key, and provides a block chain and IPFS-based encrypted data sharing system for viewing the encrypted data. It is to do.

However, the technical problems to be solved by the present invention are not limited to the above problems, and may be variously extended without departing from the spirit and scope of the present invention.

Blockchain and IPFS-based encryption data sharing system according to an embodiment of the present invention to solve the above problem is configured by connecting a plurality of nodes, and executes an action of storing data in the blockchain or downloading the stored data. Blockchain network including a smart contract that is connected to each node in the blockchain network, records file information in a block through the action of the smart contract, and uploads and downloads files and symmetric keys through the smart contract action. When IPFS (InterPlanetary File System) that implements request and transmission, and a data uploader node in the blockchain network upload a file, a random symmetric key is generated for the file, and the file to be uploaded is encrypted with the symmetric key. And a file management module for uploading to the IPFS, wherein the IPFS returns the address of the file to the blockchain when the upload of the encrypted file is completed, and the symmetric key is a block chain of a user node in the blockchain network. It is encrypted with the account's public key and stored in the blockchain along with the file address.

In some embodiments according to the present invention, when a data downloader node in the blockchain network requests transmission of a symmetric key for the encrypted file, the data uploader node encrypts the symmetric key with the public key of the data downloader node. It can be stored in the above blockchain.

In some embodiments according to the present invention, the data downloader node decrypts the encrypted symmetric key with its own private key to obtain an original symmetric key, and decrypts the encrypted file using the original symmetric key to obtain the original file. You can read it.

Other specific details of the present invention are included in the detailed description and drawings.

According to the present invention, it is possible to share files between user nodes by maintaining the closedness and integrity of a data sharing system, and to enhance security by limiting the access range of files on a trusted system, and to prevent data forgery/tampering. do.

However, the effects of the present invention are not limited to the above effects, and may be variously extended without departing from the spirit and scope of the present invention.

1 is a diagram showing a distributed processing system using a block chain to which the technical idea according to the present invention can be applied.
2 and 3 are block diagrams showing the connection of blocks used in a block chain system.
4 is a block diagram showing the configuration of a block chain and IPFS-based encrypted data sharing system according to an embodiment of the present invention.
5 is a diagram for explaining a procedure for decrypting encrypted data in the system of the present invention.
6 is a block diagram of a computing device of a node according to an embodiment of the present invention.

Advantages and features of the present invention, and a method of achieving them will become apparent with reference to the embodiments described below in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but will be implemented in a variety of different forms, only the present embodiments are intended to complete the disclosure of the present invention, and common knowledge in the technical field to which the present invention pertains. It is provided to completely inform the scope of the invention to those who have, and the invention is only defined by the scope of the claims.

The terms used in the present specification are for describing exemplary embodiments, and are not intended to limit the present invention. In this specification, the singular form also includes the plural form unless specifically stated in the phrase. As used herein, "comprises" and/or "comprising" refers to the presence of one or more other components, steps, actions and/or elements in which the recited component, step, operation and/or element is Or does not preclude additions.

Unless otherwise defined, all terms (including technical and scientific terms) used in the present specification may be used with meanings that can be commonly understood by those of ordinary skill in the art to which the present invention belongs. In addition, terms defined in a commonly used dictionary are not interpreted ideally or excessively unless explicitly defined specifically.

Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the accompanying drawings. The same reference numerals are used for the same elements in the drawings, and duplicate descriptions for the same elements are omitted.

In the past, data is transmitted and received over the Internet through a centralized web. At this time, the protocol used for data sharing is the HTTP protocol, which has a structure in which when a client sends a data request to the server, the server responds and sends the data. Therefore, if the power of the server is cut off, the link is cut off, and there is no way to access the content. Or, if data is deleted due to server hacking, it becomes difficult to recover data unless backup is made.

Previously, we did not pay much attention to the efficiency of file transfer because it did not cost a lot to transfer small files, but in the future, files (information, data) shared on the Internet will increase in size. For example, as the quality of the video viewed through the streaming service has increased, the capacity has also increased. In addition, the speed of bandwidth development cannot keep up with other storage speeds. This in turn means that the communication speed is relatively slow.

The present invention described below relates to an encrypted data sharing system based on a block chain and an IPFS (InterPlanetary File System). This proposes a method for safely sharing large amounts of data in a digitally trusted system.

Prior to the description of the present invention, an IPFS system will be described.

IPFS is a distributed P2P file system that connects all computer nodes, and IPFS Web is a new Web that solves and supplements the problems of the existing HTTP Web. As a feature of IPFS, it is a faster, more secure and open network realized through peer-to-peer communication of nodes without a centralized server. Unlike the HTTP Web in the past, which has fatal consequences when a connection to a large server is blocked, in IPFS, the system can be kept stable even if some nodes are disconnected.

In addition, high-capacity files can be delivered quickly and efficiently (BitSwap), and storage can be used efficiently because duplicates of files can be recognized (Merkle DAG, contents-addressed). The names of files uploaded on IPFS are recorded forever, and files that you want to save on IPFS can be semi-permanently saved (pinning). Also, file version control (Git) is possible.

In IPFS, each file consists of several blocks, and each block has a unique name expressed as a hash. IPFS stores the names of all files in the database, excludes duplication of the same file, and tracks version information of each file. Each node keeps only the files that it is interested in in the storage, and you can know who is storing which files through indexing information. To find a file on the network, simply look up the file name and trace the node that has the file. Through IPNS, all file names can be converted into a human-readable form (a concept similar to DNS).

And, hereinafter, a distributed processing system using a block chain to which the concept of the present invention can be applied will be described.

1 is a diagram showing a distributed processing system using a block chain to which the technical idea according to the present invention can be applied.

Referring to FIG. 1, a distributed processing system 100 using a block chain is a distributed network system composed of a plurality of nodes 110-170. The nodes 110 to 170 constituting the distributed network 100 may be electronic devices having computing power, such as a computer, a mobile terminal, and a dedicated electronic device.

In general, the decentralized network 100 may store and refer to information commonly known to all participating nodes within a connection bundle of blocks called a block chain. The nodes 110-170 can communicate with each other and can be divided into a full node that is responsible for storing, managing, and disseminating the block chain, and a light node that can only participate in transactions only. . When a node is referred to in the present specification without further explanation, it is often referred to as a complete node that participates in a distributed network and performs an operation of creating, storing, or verifying a block chain, but is not limited thereto.

Each block connected to the blockchain includes transaction details, that is, transactions within a certain period of time. The nodes can manage transactions by creating, storing, or verifying the blockchain according to their respective roles.

Depending on the embodiment, the transaction may represent various types of transactions. In one embodiment, the transaction may correspond to a financial transaction to indicate the ownership status of virtual currency and its change. In another embodiment, the transaction may correspond to a real transaction for indicating the ownership status of an object and its change. In another embodiment, the transaction may correspond to an information sharing process for indicating recording, storage, and transfer of information. Nodes performing a transaction in the distributed network 100 may have a private key and a public key pair each having a cryptographic relationship.

2 and 3 are block diagrams showing the connection of blocks used in a block chain system.

Referring to FIG. 2, the block chain 200 is a kind of distributed database of one or more blocks 210, 220, 230 connected in sequence. The block chain 200 is used to store and manage transaction details of users in the block chain system, and each node participating in the network of the block chain system creates a block and connects it to the block chain 200. Although a limited number of blocks 210, 220, and 230 are shown in FIG. 2, the number of blocks that can be included in the block chain is not limited thereto.

Each block included in the block chain 200 may be configured to include a block header 211 and a block body 213. The block header 211 may include a hash value of the previous block 220 to indicate a connection relationship between blocks. In the process of verifying whether the block chain 200 is valid, the connection relationship in the block header 211 is used. The block body 213 may include data stored and managed in the block 210, for example, a transaction list or a transaction chain.

Referring to FIG. 3, the block header 211 may include a hash 2112 of a previous block, a hash 2113 of a current block, and a nonce 2114. In addition, the block header 211 may include a root 2115 indicating a header of a transaction list in a block.

As described above, the block chain 200 may include one or more connected blocks. The one or more blocks are connected based on a hash value in the block header 211. The hash value 2112 of the previous block included in the block header 211 is a hash value for the previous block 220 and is the same as the current hash 2213 included in the previous block 220. The one or more blocks are concatenated by a hash value of a previous block in each block header. Nodes participating in the distributed network verify the validity of the block based on the hash value of the previous block included in the one or more blocks, so it is impossible for a single malicious node to forge or alter the contents of an already created block. Do.

The block body 213 may include a transaction list 2131. The transaction list 2131 is a list of blockchain-based transactions. For example, the transaction list 2131 may include records of financial transactions made in the blockchain-based financial system. The transaction list 2131 may be expressed in the form of a tree. For example, the amount transmitted by the user A to the user B is recorded in the form of a list, and the storage length in the block is of the transaction included in the current block. It can be increased or decreased based on the number.

In addition, the block 210 may include other information 2116 other than the information included in the block header 211 and the block body 213.

The nodes participating in the decentralized network have the same blockchain, and the same transaction is stored in the block. Since the block containing the transaction list is shared on the network, all participants can verify it.

Hereinafter, the configuration and operation of the present invention will be described with reference to the drawings.

4 is a block diagram showing the configuration of a block chain and IPFS-based encrypted data sharing system according to an embodiment of the present invention. 5 is a diagram for explaining a procedure for decrypting encrypted data in the system of the present invention.

The amount of data that can be contained in a blockchain is very limited, so it can only contain transaction information or text. In order to solve this problem, the present invention proposes IPFS as a method for sharing photos and videos to a distributed file system.

IPFS divides large files into several pieces through peer-to-peer communication between nodes without a centralized server. In addition, large files can be delivered quickly and efficiently, and storage can be used efficiently because duplicates of files can be recognized.

Unlike general web services, IPFS is very similar to blockchain in that the ecosystem remains stable even if some nodes are stopped. However, due to the transparency characteristic of blockchain and IPFS, participants share all data, so files containing sensitive information are not suitable for IPFS. To compensate for this, the present invention proposes a method of encrypting a file with a symmetric key before uploading the file to IPFS, encrypting the symmetric key with the public key of a blockchain account, and recording it in the blockchain.

First, referring to FIG. 4, a block chain and IPFS-based encrypted data sharing system 300 according to an embodiment of the present invention is composed of a block chain network 310, an IPFS 320, and a file management module 330. .

The blockchain network 310 is configured by connecting a number of nodes including the above-described blockchain structure, and the smart contract in the blockchain is software that implements the meaning of a contract registered and executed in the blockchain. Various actions can be executed in one smart contract, and these actions can create/read/modify/delete data stored in the blockchain.

Information of a file stored in the IPFS 320 may be recorded in a block through an action of a smart contract. Actions are gathered into a transaction, and transactions are gathered into a block.

Since all network participant nodes can query transactions and blocks, all details of the IPFS 320 can be checked through the transaction. In such a smart contract, the IPFS 320 file upload/download and symmetric key request/transfer actions are implemented.

When the data uploader node uploads a file in the data sharing system 300 of the present invention, the file management module 330 generates a random symmetric key (K1) for the file, and a symmetric key ( It is encrypted with K1) and uploaded to the IPFS (320). When the upload of the encrypted file is completed, the IPFS 320 returns the address of the corresponding file.

The symmetric key (K1) created in the file encryption process is encrypted with the public key (K2) of the user node's blockchain account, and is stored in the blockchain along with the IPFS (320) file address.

All network participant nodes can look up the address of the file and can download the file through the address, but without the symmetric key (K1), the contents of the file cannot be known. The symmetric key (K1) is also encrypted with the public key (K2) of the user node's blockchain account, so the participant nodes do not know this.

When downloading a file from a specific user node, any network participant node can access and download the encrypted file, but decryption is impossible because there is no symmetric key (K1).

Therefore, it is necessary to request the file symmetric key (K1) from the data uploader node. Through the blockchain, a transaction requesting a symmetric key (K1) is transmitted to the data uploader node and waits for approval.

If authorization is made, the data uploader node decrypts the encrypted symmetric key K1 with its own private key K3. When decryption is performed, the original symmetric key (K1) is released, and if it is stored in the blockchain immediately, the key can be exposed.

Therefore, the original symmetric key (K1) is encrypted with the public key (K2) of the data downloader node and stored in the blockchain so that only the data downloader node can know the key. As a result, other participant nodes cannot check the file, but the data downloader node can check the file. The data downloader node can obtain the original symmetric key (K1) through its own private key (K3), and finally decrypt the encrypted data to view the file contents.

When explaining the concepts of the above-described symmetric key, asymmetric key, public key, and private key, the symmetric key encryption system means that the same secret key is used for encryption and decryption between the transmitting side and the receiving side, respectively. Therefore, the symmetric key must be transmitted through a secure transmission method such as a secret communication network or direct transmission.

The asymmetric key cryptosystem, also known as a public key cryptosystem, refers to the use of different keys for encryption and decryption. The key used for encryption is called a public key, and it is stored so that it can be easily accessed in a public place. And, the key used for decryption is called a private key, and it must be kept securely.

In addition, there is an RSA encryption algorithm as an encryption algorithm using a public key and a private key, and the RSA encryption system is based on the fact that it is difficult to decompose large numbers into prime factors. The RSA cryptographic algorithm uses two keys, and the key is a constant that opens and locks a message. Each user encrypts and transmits data with a public key for their own data transmission, and decrypts using their own private key to enable secure communication with each other.

Referring to FIG. 5 in order to explain the procedure of decrypting the encrypted data by applying the above-described concepts to the encrypted data sharing system 300 of the present invention, the data uploader node encrypts the original data with a symmetric key (K1). Then, it is uploaded to the IPFS 320.

And, the file address is stored in the blockchain, and if there is a request to download the encrypted data, the symmetric key (K1) is encrypted with the public key (K2) of the data downloader node and the encrypted symmetric key is transmitted as a transaction in the blockchain. do.

The data downloader node extracts the original symmetric key (K1) by decrypting the symmetric key encrypted with its own private key (K3). The data downloader node downloads the encrypted data from the IPFS 320, and decrypts the encrypted data using the symmetric key K1 to extract the original data.

According to this procedure, in the data sharing system 300 according to the present invention, the original data matched with the block chain information is encrypted and recorded in a block, and the data downloader node requests the download for the encrypted data and receives the original data. Encrypted data can be shared and security can be enhanced by allowing the data to be verified.

6 is a configuration diagram of a computing device of a node according to an embodiment of the present invention.

6, a computing device 1000 of a node according to an embodiment of the present invention includes a processor 1100 and a memory 1200, and the processor 1100 includes one or more cores and a graphic processing unit and/ Alternatively, a connection path (eg, a bus, etc.) for transmitting and receiving signals to and from other components may be included.

The processor 1100 according to an exemplary embodiment executes the operation of the data sharing system described with reference to FIGS. 4 to 5 by executing one or more instructions stored in the memory 1200.

For example, the processor 1100 collects information on uploading/downloading data generated in one or more nodes by executing one or more instructions stored in the memory, records the collected information in a block, and writes the collected information in a block. Based on the information, relevant information is provided for at least one node.

Meanwhile, the processor 1100 may further include a random access memory (RAM) and a read-only memory (ROM) that temporarily and/or permanently store a signal (or data) processed internally. . In addition, the processor 1100 may be implemented in the form of a system on chip (SoC) including at least one of a graphic processor, RAM, and ROM.

The memory 1200 may store programs (one or more instructions) for processing and controlling the processor 1100. Programs stored in the memory 1200 may be divided into a plurality of modules according to functions.

The operations of the system described in connection with the embodiment of the present invention may be directly implemented by hardware, implemented by a software module executed by hardware, or implemented by a combination thereof. Software modules include Random Access Memory (RAM), Read Only Memory (ROM), Erasable Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), Flash Memory, hard disk, removable disk, CD-ROM, or It may reside on any type of computer-readable recording medium well known in the art to which the present invention pertains.

Components of the present invention may be implemented as a program (or application) and stored in a medium in order to be executed by being combined with a computer that is hardware. Components of the present invention may be implemented as software programming or software elements, and similarly, embodiments include various algorithms implemented with a combination of data structures, processes, routines or other programming components, including C, C++ , Java, assembler, or the like may be implemented in a programming or scripting language. Functional aspects can be implemented with an algorithm running on one or more processors.

It should be understood that the above-described embodiments are illustrative and non-limiting in all respects, and the scope of the present invention will be indicated by the claims to be described later rather than the detailed description described above. And the meaning and scope of the claims, as well as all changes and modifications derived from the equivalent concept should be construed as being included in the scope of the present invention.

100: distributed network
110-170: nodes
200: Blockchain
210, 220, 230: block
300: data sharing system
310: Blockchain network
320: IPFS
330: file management module

Claims (3)

A blockchain network comprising a smart contract configured by connecting a plurality of nodes and executing an action of storing data in the blockchain or downloading the stored data;
InterPlanetary File (IPFS) that is connected with each node in the blockchain network, records file information in a block through the action of the smart contract, and implements file upload and download, and symmetric key request and transmission through the smart contract action. System); And
When a data uploader node in the blockchain network uploads a file, a file management module generates a random symmetric key for the file, encrypts a file to be uploaded with the symmetric key, and uploads it to the IPFS; and
When the upload of the encrypted file is completed, the IPFS returns the address of the file to the blockchain,
The symmetric key is encrypted with the public key of the block chain account of the user node in the block chain network and stored in the block chain along with the file address. Blockchain and IPFS-based encryption data sharing system. The method of claim 1,
When the data downloader node in the blockchain network requests the transmission of the symmetric key for the encrypted file,
The data uploader node encrypts the symmetric key with the public key of the data downloader node and stores the symmetric key in the blockchain. Blockchain and IPFS-based encryption data sharing system. The method of claim 2,
The data downloader node obtains the original symmetric key by decrypting the encrypted symmetric key with its own private key,
A system for sharing encrypted data based on blockchain and IPFS that decrypts the encrypted file using the original symmetric key to view the original file.

Images