CH716273A2 - A method of storing computer data on a network, with double distribution over two disjoint sets of network nodes. - Google Patents

Abstract

The invention relates to a method for storing data (15) on a network (1), in which an encrypted first container (22) containing the data (15) and a first decryption key (23) (in the form of fragments) are distributed among a first set (1S) of standard nodes, and in which a second encrypted container (28) containing the same encrypted data (15) and a second decryption key (29) are distributed among a second set (1M) of mirror nodes.

Description

TECHNICAL AREA

The invention relates to the field of computing, and more specifically to the field of secure storage of network computer data.

PRIOR ART

The securing of the network storage of computer data has the dual objective of avoiding the loss of data (that is to say their untimely erasure) and their use (this term including reading as well as partial copying or total data) by unauthorized third parties. In other words, security aims to guarantee the sustainability and confidentiality of data.

[0003] To minimize the risk of data loss (in other words, to maximize the durability of the data), replications are generally carried out, that is to say, the data is distributed among several storage spaces. The data is therefore stored redundantly.

To guarantee (as much as possible) the confidentiality of data stored in the network, two methods are generally used: The first consists in restricting (typically via passwords or electronic certificates) access to a server on which the data is stored, which minimizes the risk of reading or copying; The second is to encrypt the data itself using cryptographic techniques.

[0005] The first method is effective under two main conditions.

[0006] First condition: the risk of loopholes in the restrictions on access to the server must be zero or, at the very least, minimum.

However, experience shows that certain attacks make it possible to circumvent these restrictions, typically by recovering the usernames and passwords of users and by usurping their identity to access their data.

[0008] Second condition: the administrator of the server must himself be trustworthy.

However, experience shows that some online service providers (including social networks), which administer servers on which are stored the personal data of many users, allow themselves to access this data and make it operating on their own account, typically by reselling the data to commercial companies or government agencies, or by analyzing the data themselves.

The second method solves the problems of the first, since unauthorized third parties can not make any use of the data, except to crack the encryption algorithms, which, until now, has proved infeasible for the algorithms most commonly used, such as the RSA algorithm (Rivest, Shamir, Adleman) or the elliptic curves algorithm.

Generally, the data is encrypted locally within a sending terminal (typically a personal computer), then the encrypted data is transmitted to the network to be stored there while a cryptographic key for decryption of the data is stored locally at the network. within the sending terminal.

However, this method presents a risk: the loss of the cryptographic key for decryption of the data, which renders the data permanently unusable (and this by anyone, including their owner), because they cannot be deciphered.

It is conceivable to delegate to the network (typically to a remote proxy server) the task of encrypting the data and administering the cryptographic decryption key.

In this case, the problem again arises of a potential access to the data by the administrator of the proxy server, either that the latter copies them before their encryption, or that he takes the liberty of decrypting them by using the generated cryptographic key. There is also the problem of data recovery after a major failure of the network, which affected a large part of its nodes.

The invention aims to offer an effective solution to these problems.

SUMMARY OF THE INVENTION

There is proposed a method of secure storage of computer data within a peer-to-peer network composed of a plurality of nodes forming a distributed database on which is stored, by replication on each node, a chain of blocks, the nodes being subdivided into two disjoint sets, namely a first set of so-called standard nodes, and a second set of so-called mirror nodes, this method comprising the operations consisting in: <tb> <SEP> - Send, from a sending terminal in which the data is stored, a storage request to the network; <tb> <SEP> - On receipt of the storage request by at least one node of the network, select from among the set of standard nodes, at least one node, called a standard input node, equipped with a processing unit IT in which an execution environment secured by cryptography, called an enclave, is implemented; <tb> <SEP> - Instantiate the enclave of the standard input node; <tb> <SEP> - Load the data, from the transmitting terminal and via a secure communication line, to the enclave of the standard input node; <tb> <SEP> - Enter in a block of the chain of blocks, by one or more nodes of the network, at least one transaction containing a digital fingerprint of the storage request and / or of the loading thus carried out; <tb> <SEP> - In the enclave of the standard input node: <tb><SEP> <SEP> o Encrypt the data to form a first encrypted container, by associating it with a first cryptographic decryption key; <tb><SEP> <SEP> o Fragment the first cryptographic decryption key into a predetermined number of fragments; <tb><SEP> <SEP> o Designate, from among the set of standard nodes, a first group of nodes and distribute the first encrypted container to the standard node or nodes of this first group; <tb><SEP> <SEP> o Designate, among the set of standard nodes, a second group of nodes equal in number to the fragments of the first cryptographic decryption key; <tb><SEP> <SEP> o Distribute each fragment of the first cryptographic decryption key to one or more standard nodes of the second group, each receiving a unique fragment; <tb> <SEP> - Outside the Enclave of the Standard Entry Node: <tb><SEP> <SEP> o Store the first encrypted container within each node of the first group of standard nodes; <tb><SEP> <SEP> o Memorize the fragments of the first cryptographic decryption key within the nodes of the second group of standard nodes; <tb> <SEP> - Designate, from among the set of mirror nodes, a mirror entry node, equipped with a computer processing unit in which an enclave is implemented; <tb> <SEP> - Instantiate the enclave of the mirror entry node; <tb> <SEP> - Establish a secure link between the enclave of the input node and the enclave of the mirror input node; <tb> <SEP> - Relay, via the secure link, the data from the enclave of the input node to the enclave of the mirror input node; <tb> <SEP> - In the mirror entry node enclave: <tb><SEP> <SEP> o Encrypt the data to form a second encrypted container, by associating it with a second cryptographic decryption key, different from the first cryptographic decryption key; <tb><SEP> <SEP> o Fragment the second cryptographic decryption key into a predetermined number of fragments; <tb><SEP> <SEP> o Designate, from among the set of mirror nodes, a first group of nodes and distribute the second encrypted container to the mirror node or nodes of this first group; <tb><SEP> <SEP> o Designate, among the set of mirror nodes, a second group of nodes equal in number to the fragments of the second cryptographic decryption key; <tb><SEP> <SEP> o Distribute each fragment of the second cryptographic decryption key to one or more mirror nodes of the second group, each receiving a unique fragment; <tb> <SEP> - Outside the mirror entry node enclave: <tb><SEP> <SEP> o Store the second encrypted container within each node of the first group of mirror nodes; <tb><SEP> <SEP> o Memorize each fragment of the second cryptographic decryption key on each node of the second group of mirror nodes; <tb> <SEP> - Enter in a block of the chain of blocks, by one or more nodes of the network, at least one transaction containing a digital fingerprint of the memorizations thus carried out.

BRIEF DESCRIPTION OF THE FIGURES

[0017] Other objects and advantages of the invention will become apparent in the light of the description of an embodiment, given below with reference to the accompanying drawings in which: <tb> <SEP> LaFIG.1 is a simplified block diagram illustrating a peer-to-peer network on which a chain of blocks is distributed; <tb> <SEP> LaFIG.2 is a simplified functional diagram illustrating different components of a computer processing unit involved in the creation and operation of a secure execution environment called an enclave; <tb> <SEP> LaFIG.3 is a functional diagram partly illustrating a network architecture, partly the steps of a storage process, and partly the files produced, exchanged or stored within the network for the needs (or application) of this process; <tb> <SEP> LaFIG.4 is a functional diagram illustrating different stages of the storage process.

DETAILED DESCRIPTION OF THE INVENTION

Without being limited thereto, the proposed storage method exploits, by combining them, the functionalities offered by two relatively recent technologies of which it seems useful to make a preliminary description before going into the details of the method, namely: Blockchain technology or, in Anglo-Saxon terminology, blockchain (in what follows, Anglo-Saxon terminology will be preferred, because of its common use in most languages, including French); The technology of the secure execution environment or, in English terminology, of the trusted execution environment (TEE).

[0019] Blockchain technology is organized in layers. She understands : A layer of hardware infrastructure, called a “blockchain network”; A protocol layer called the “blockchain protocol”; An information layer, called the “blockchain register”.

The blockchain network is a decentralized computer network, called a peer-to-peer network (in Peer-to-Peer or P2P terminology), made up of a plurality of computers (in the functional sense of the term: it is a device provided with a programmable computer processing unit, which can be in the form of a smartphone, a tablet, a desktop computer, a workstation, a physical or virtual server, i.e. computing and memory space allocated within a physical server and on which an operating system or operating system emulation runs), called "nodes" with reference to the theory of graphs, capable of communicating with each other (ie exchanging computer data), two by two, by means of wired or wireless links.

A network1blockchain comprising nodes2communicating by links3is illustrated in theFIG.1. For the sake of simplification and conformity with graph theory, on FIG.1, the nodes2 of the network1 are represented by circles; the bonds3, by edges connecting the circles. In order not to overload the drawing with lines, only certain links3 between nodes2 are shown.

[0022] The nodes2 can be scattered over large geographic regions; they can also be grouped into smaller geographic regions.

The blockchain protocol is in the form of a computer program implemented in each node2 of the network1 blockchain, and which includes, in addition to dialogue functions - that is to say exchange of computer data - with the other nodes2 of the network1 , a calculation algorithm which, from input data called "transactions" (which are transcriptions of interactions between one or more transmitting computer terminals and one or more recipient computer terminals): <tb> <SEP> - Builds structured data files4 called "blocks", each block4 including a body4containing digital transaction fingerprints, and a header4Bcontaining: <tb><SEP> <SEP> o A sequence number, or row, or height (height in English), in the form of an integer which designates the position of block4 within a chain in the order growing from an initial block (Genesis block); <tb><SEP> <SEP> o A unique digital fingerprint of body4A data; <tb><SEP> <SEP> o A unique digital fingerprint, called a pointer, of the header of the previous block4, <tb><SEP> <SEP> o A timestamp data; <tb> <SEP> - Implements a mechanism for validating blocks4 by consensus between all or part of the nodes2; <tb> <SEP> - Concatenates validated blocks4 to form a register5 (the blockchain register) in the form of an aggregate in which each block4 is mathematically linked to the previous one by its pointer.

The slightest modification of the data of the body4Aou of the header4B of a bloc4affects the value of its digital fingerprint and consequently breaks the existing link between this bloc4 thus modified and the following bloc4 whose pointer no longer corresponds.

[0025] According to a particular embodiment, the digital fingerprint of each bloc4 is a digest (or hash) of the data of bloc4, that is to say the result of a hash function applied to the data of block4 (including body4A and header4B except for the digital fingerprint itself). The hash function is typically SHA-256.

For a bloc4donné of rank N (N an integer), the pointer ensures with the bloc4précè of rank N-1 an unalterable link. Indeed, any modification of the data of block4 of rank N-1 would lead to the modification of its fingerprint, and therefore to a lack of correspondence between this (modified) fingerprint of block4 of rank N-1 and the pointer stored among the metadata of block4 of rank NOT.

The succession of blocks4 linked together two by two by correspondence of the pointer of a bloc4donné of rank N with the digital fingerprint of the previous block of rank N-1 therefore constitutes the register5blockchain in the form of an aggregate of correlated blocks4, in which the slightest modification of the data of a block4 of rank N-1 results in a breaking of the link with the following block4 of rank N - and therefore the breaking of the blockchain register.

It is this particular structure which gives the data contained in the register5blockchain a reputation for immutability, guaranteed by the fact that the register5blockchain is replicated on all the nodes2 of the network1, forcing any attacker, not only to modify all the blocks4 of rank greater than the modified block4, but to deploy these modifications (even though the register5blockchain continues to be constituted by the nodes2 applying the blockchain protocol) to all the nodes2.

Whatever the type of consensus applied by the block validation mechanism4, most blockchain technologies have the primary function of recording, in their blockchain ledger5, transactions between one or more issuing terminals, and one or more receiving terminals, interchangeably called "users".

Each user is associated with an account, called in a simplified manner "electronic wallet" (in English digital wallet), which contains a memory area and a programmatic interface having interaction functions with the 1blockchain network to submit transactions to it, and synchronization functions with the 5blockchain register to register, in the memory area, the transactions validated by registration in the 5blockchain register.

Unless otherwise specified, and for the sake of simplicity, the simple expression "blockchain" or "blockchain" designates the register5blockchain itself.

Some recent blockchain technologies (Ethereum, typically) add to the three hardware (blockchain network), protocol (blockchain protocol) and informational (blockchain register) layers an application layer which takes the form of a development environment for programming applications, called “smart contracts”, which can be deployed on the ledger5blockchain from nodes2.

We will now briefly describe the technology of smart contracts.

[0034] A smart contract comprises two elements: An account, called a “Contract account”, in the memory area of which is written a source code containing computer instructions implementing the functions assigned to the smart contract; An executable code (in English Executable Bytecode) resulting from a compilation of the source code, this executable code being stored or deployed within the register5blockchain, that is to say inserted as a transaction in a block4 of the register5blockchain.

In the blockchain technology proposed by Ethereum, a smart contract is activated by a call (in English Call) sent by another account, said initiator account (which can be a user account or a contract account), this call is presenting in the form of a transaction containing, on the one hand, a reserve fund to be transferred (i.e. a payment) from the initiating account to the contract account and, on the other hand, initial conditions.

This call is recorded as a transaction in the register5blockchain. It triggers: The transfer of the reserve fund from the initiating account to the contract account; The designation, among the network1blockchain, of an execution node associated with a user account; The activation, in a computer processing unit of the execution node, of an execution environment or virtual machine (called Ethereum Virtual Machine or EVM in the case of Ethereum); The step-by-step execution of the steps for calculating the executable code by the virtual machine from the initial conditions, each step of calculation being accompanied by a transfer of a fraction (called gas in the case of Ethereum) of the reserve fund from the contract account to the user account of the execution node, until the calculation steps are exhausted, at the end of which a result is obtained; The recording (possibly in the form of a digital fingerprint) of this result as a transaction in the register 5 blockchain.

The initiating account retrieves (that is to say, in practice, downloads) the result when it is synchronized with the register5blockchain.

We now briefly introduce secure execution environments.

A secure execution environment (Trusted execution environment or TEE) is, within a computer processing unit provided with a processor or CPU (Central Processing Unit) 7, a temporary space for calculation and data storage. , called (by convention) an enclave, or even cryptographic enclave, which is isolated, by cryptographic means, from any unauthorized action resulting from the execution of an application outside this space, typically the operating system.

[0040] Intel®, for example, from 2013 revised the structure and interfaces of its processors to include enclave functions, under the name Software Guard Extension, better known by the acronym SGX. SGX equips most of the XX86 type processors marketed by Intel® since 2015, and more specifically from the sixth generation incorporating the so-called Skylake microarchitecture. The enclave functions offered by SGX are not automatically accessible: they must be activated via the elementary input / output system (Basic Input Output System or BIOS).

It does not come within the requirements of the present description to detail the architecture of the enclaves, insofar as: Despite its relative youth, this architecture is relatively well documented, in particular by Intel® which has filed numerous patents, cf. e.g., among the most recent, the US patent application US 2019/0058696; Processors making it possible to implement them are available on the market - in particular the aforementioned Intel® processors; Only the functionalities allowed by the enclave are of interest to us here, these functionalities being able to be implemented via specific command lines. As such, those skilled in the art may refer to the guide published in 2016 by Intel®: Software Guard Extensions, Developer Guide.

For a more accessible description of the enclaves, and more particularly of Intel® SGX, those skilled in the art can also refer to A. Adamski, Overview of Intel SGX - Part 1, SGX Internal, or to D. Boneh , Nickaming Schemes, Fast Verification, and Applications to SGX Technology, in Topics in Cryptology, CT - RSA 2017, The Cryptographers' Track at the RSA Conférence 2017, San Francisco, CA, USA, Feb. 14-17, 2017, Proceedings, pp. 149-164, or to K. Severinsen, Secure Programming with Intel SGX and Novel Applications, Thesis submitted for the Degree of Master in Programming and Networks, Dept. Of Informatics, Faculty of Mathematics and Natural Science, University of Oslo, Autumn 2017.

To summarize, with reference to theFIG.2, an enclave8includes, first of all, a secure memory zone9 (called Enclave Page Cache, in English Enclave Page Cache or EPC), which contains code and data relating to the 'enclave itself, and whose content is encrypted and decrypted in real time by a dedicated chip called the Memory Encryption Engine (MEE). The EPC9 is implemented within a part of the dynamic random access memory (DRAM) 10 allocated to the processor7, and to which ordinary applications (in particular the operating system) do not have access.

The enclave8 includes, secondly, native cryptographic keys, which are associated with it and are used to encrypt or sign on the fly the data leaving the EPC9, which enables the enclave8 to be identified (in particular by other enclaves), and the data it generates can be encrypted for storage in unprotected memory areas (i.e. outside of the EPC9). In SGX technology, a native key used to encrypt the data is derived from a cryptographic key implemented in the processor itself, called the Roof Sealing Key (RSK).

In order to be able to use such an enclave8, an application11 must be segmented into, on the one hand, one or more unsecured parts12 (in English untrusted part (s)), and, on the other hand, one or more secure parts13 (in English trusted perf (s)).

Only the processes induced by the secure part (s) 13 of the application11 can access the enclave8. The processes induced by the unsecured part (s) 12 cannot access the enclave8, i.e. they cannot dialogue with the processes induced by the part (s) (s) 13secure (s).

The creation (also called instantiation) of the enclave8 and the flow of processes within it are controlled via a set14d'instructions particular executable by the processor7et called by the part (s) 13secure (s) of the application11.

[0048] Among these instructions: ECREATE commands the creation of an enclave8; EINIT commands the initialization of the enclave8; EADD commands code loading into the enclave8; EENTER commands code execution in the enclave8; ERESUME commands a new execution of code in the enclave8; EEXIT controls the exit of enclave8, typically at the end of a process running in enclave8.

We have, on theFIG.2, functionally represented the enclave 8 in the form of a block (in dotted lines) encompassing the secure part of the application11, the processor7 instruction set14, and the EPC9 . This representation is not realistic; it simply aims to visually group together the elements that make up or exploit the enclave8.

We will explain below how the enclaves are exploited.

There is shown on theFIG.3a network1blockchain within which data15issues of a terminal16emitter must be stored.

The network 1, on which a blockchain 5 is distributed, comprises two disjoint sets of nodes 2, namely a first set 1 S of nodes 2 said standards, and a second set 1 M of nodes 2 said mirrors.

The function of the network 1 is to constitute a distributed storage space for data 15 in encrypted form. As we will see, the data15 is the object of a double distribution (in encrypted form): on the one hand on standard nodes2, on the other hand on mirror nodes.

The traceability of the data15 within the network1 can be achieved by entering, in the register5blockchain, one or more digital fingerprints of the memorizations thus carried out.

The distributed storage of data15est advantageously controlled by a smart contract (FIG.4), activated for example by the transmitter terminal16 which, while transmitting the data15 to be stored to the network1, transmits to the smart contract a call by the procedure described above.

It is proposed here to distribute on the network1not only the data15 (in encrypted form), but also the decryption keys thereof, via enclaves8instantiated on two nodes2E, 2E ', called entry nodes, of the network1 (FIG.3, FIG.4).

To this end, a preliminary operation consists, from the emitter terminal16 in which the data15 is stored, in transmitting a request for the storage of data15 to the network1, typically by activating a smart contract deployed on the blockchain5.

On receipt of the storage request by at least one node2 of the network1, the intelligent contract selects or designates (DES) within the network1 at least: Among the first set1S of standard nodes2, a standard input node2E, equipped with a computer processing unit in which an enclave8 is implemented; Among the second set1M of mirror nodes, a mirror input node2E ', equipped with a computer processing unit in which an enclave8 is implemented.

A first distribution of the data 15 is carried out on the first set 1S of standard nodes.

For this purpose, the enclave8 of the standard input node2E is instantiated in application of the instructions of the smart contract, and the data15y is loaded from the emitting terminal16 and via a secure communication line (eg using the Transport Layer Security protocol or TLS). For this purpose, the enclave8 can be provided, as soon as it is instantiated, with a communication interface 18 emulation supporting the chosen protocol (here TLS) for the exchange of secure data.

The blockchain protocol is advantageously loaded into the enclave8, to form a module19blockchain able to query the register5blockchain and / or to participate in the process of creation and validation of the blocks4.

A transaction20containing a digital imprint of the loading of the data thus carried out is entered in a bloc4de the blockchain5, for the purposes of traceability.

This transaction20 can be transmitted to the module19blockchain by the emitter terminal16, to be registered by one or more nodes2 of the network (by the process described above) in a new block4 of the register5blockchain. As a variant, the module19blockchain itself issues a transaction20for registration in a new block4.

In the standard input enclave8du node2Ed'a process then takes place which comprises the following operations.

A first operation consists in encrypting the data15 by means of a first cryptographic encryption key21 to form an encrypted container22, by associating it with a first decryption key23. To this end, the data15 received from the emitting terminal16 is relayed by the communication interface18 to an encryption module24 implemented in the enclave8 of the standard input node2E.

According to a preferred embodiment, the encryption is symmetrical. In this case, the first encryption key21 and the first decryption key23 are one and the same key.

A second operation consists in fragmenting the first decryption key. More precisely, the first decryption key23 is fragmented into a predetermined number N of fragments23.i, (i an integer, 2≤i≤N).

According to a preferred embodiment, N is such that N> 3 and the fragmentation is carried out in application of Shamir's rules (called Shamir's Secret Sharing, in English Shamir's Secret Sharing), and more precisely of the threshold diagram , where a predetermined integer K (1 <K <N) is chosen such that a number K of fragments23.isont sufficient to reconstitute the first decryption key23.

A third operation consists in designating, from among the first set 1S of standard nodes, a first group of standard nodes 2.

To this end, the enclave8du standard input node2E is advantageously provided with a data distribution module25, to which the encryption module24 communicates the encrypted container22 for distribution to the standard nodes2 of the first group.

A fourth operation consists in designating, among the first set1S of standard nodes, a second group of several standard nodes2B, in number N equal to the number of fragments23.ide the first decryption key23.

The standard nodes 2B of the second group are preferably distinct from the standard nodes 2A of the first group - in other words, the groups of nodes 2A, 2B (shown in dotted lines on FIG. 3) are disjoint.

A fifth operation consists in distributing the first encrypted container22 to the standard node or nodes of the first group.

A sixth operation consists in distributing the fragments23.ide the first decryption key23 to the standard nodes2B of the second group, each standard node2B of the second group receiving a single fragment23.i.

According to a preferred embodiment, the enclave8 is provided with a fragmentation and key distribution module26, to which the encryption module24 communicates the first decryption key23 for fragmentation and distribution to the secondary storage nodes2B.

Outside the standard input enclave8du node2E, the following operations are performed: <tb> <SEP> o The first encrypted container22 is stored within each standard node2A of the first group; <tb> <SEP> o Each fragment23.ide the first cryptographic decryption key23 is stored within each standard node2B of the second group.

To ensure the traceability of these operations, at least one transaction containing a digital imprint of the distributions or memorizations thus carried out is registered in a bloc4de the chain5de blocks, by one or more nodes2 of the network1. This transaction can be initiated by nodes2Aand2Bstandards, but it can also be initiated by the enclave8 itself (and more specifically by the module19blockchain).

To improve the durability of the storage, and to guard against a possible total or partial loss of data on the first set 1S of standard nodes, and as already mentioned, a backup phase is planned by duplication, in the second set 1M of nodes 2 mirrors , of the procedure which has just been described.

To this end, preliminary operations consist in instantiating the enclave8du node2E 'mirror input, and in establishing a secure link between the enclave8du node2Ed'input and the enclave8du node2E' mirror input.

Then, a first operation of the backup phase consists in relaying, via the secure link between the enclave8du node2Ed'input and the enclave8du node2E 'mirror input, the data15from the enclave8du node2Einput to the mirror input node2E 'enclave 8.

A second operation consists, in the enclave8du node2E 'of mirror entry, in encrypting the data15 by means of a second encryption cryptographic key27 (distinct from the first encryption key21) to form a second encrypted container28, by associating a second decryption key29, distinct from the first decryption key23.

According to a preferred embodiment, the encryption is symmetrical. In this case, the second encryption key27 and the second decryption key29 are one and the same key.

A third operation consists in fragmenting the second decryption key. More precisely, the first decryption key29 is fragmented into a predetermined number P of fragments29.j, (j an integer, 2≤j≤P).

According to a preferred embodiment, P is such that P> 3 and the fragmentation is carried out in application of Shamir's rules (known as Shamir's Secret Sharing, in English Shamir's Secret Sharing), and more precisely of the threshold diagram , where a predetermined integer number L (1 <L <P) is chosen such that a number L of fragments29.j are sufficient to reconstitute the second decryption key29.

A fourth operation consists in designating, among the second set 1M of mirror nodes, a first group of nodes 2A'mirrors.

A fifth operation consists in designating, among the second set1M of mirror nodes, a second group of several nodes2B'mirrors, in number P equal to the number of fragments29.jde the second decryption key29.

The nodes 2B 'mirrors of the second group are preferably distinct from the nodes 2A' mirrors of the first group - in other words, the groups of nodes 2A ', 2B' mirrors (shown in dotted lines in FIG. 3) are disjoint.

A sixth operation consists in distributing the second encrypted container28 to the node or nodes2A'mirrors of the first group (FIG.4).

A seventh operation consists in distributing the fragments29.jde the second decryption key29 to the nodes2B'miroirs of the second group, each node2B'miroir of the second group receiving a single fragment29.j.

Out of the mirror entry enclave8du node2E ', the following operations are performed: <tb> <SEP> o The second encrypted container28 is stored within each mirror node2 of the first group; <tb> <SEP> o Each fragment29.j of the second cryptographic decryption key23 is stored within each node2B'mirror of the second group.

A final operation then consists, by one or more nodes of the network1, in registering in a bloc4of the blockchain5, at least one transaction containing a digital imprint of the memorizations thus carried out, in order to maintain traceability.

In normal operation of the first set 1S of standard nodes 2, the data 15 can be recovered from it by the operations (advantageously controlled by a smart contract) consisting of: Load, in an enclave8 of a predefined node2, the first encrypted container22 and K fragments of the first decryption key23; Reconstitute the first decryption key23 from its fragments23.i; Decrypt the data15of the container22 by applying to it the decryption key23 thus reconstituted.

The data can then be retransmitted to a recipient, or used, according to the instructions of the smart contract.

However, in the event of partial or total failure of the public1 network (typically during an attack), the data15 may no longer be able to be recovered from it, either because the encrypted container22 has been lost or corrupted, or because some 23.i fragments (or all 23.i fragments) suffered a similar fate.

In this case, it is possible to redeploy the encrypted container22 and / or the decryption key23 from the set 1M of mirror nodes.

The redeployment of the container22 can be carried out as follows.

A copy of the container22 can be directly transmitted by the nodes2A 'of the first group of mirror nodes to a group of nodes2A of the first group of standard nodes.

The redeployment of the decryption key 23 is carried out from a designated node 2 from among the second set of mirror nodes. From the instantiated enclave8, the key29 is reconstituted from L fragments loaded into the enclave8 from nodes2B 'of the second group of mirror nodes.

Thus obtained, the second decryption key29 can be fragmented according to the same procedure as that carried out in the enclave8du input node and described above. The fragments thus obtained can then be distributed among new nodes2B of the second group of standard nodes.

Claims (1)

1. A method of secure storage of computer data (15) within a peer-to-peer network (1) composed of a plurality of nodes (2) forming a distributed database on which is stored, by replication on each node (2), a chain (5) of blocks (4), the nodes (2) being subdivided into two disjoint sets, namely a first set (1S) of so-called standard nodes (2), and a second set ( 1M) of so-called mirror nodes (2), this method comprising the operations consisting in: - Sending, from a sender terminal (16) in which the data (15) are stored, a storage request to the network (1); - On receipt of the storage request by at least one node (2) of the network (1), select from among the set of standard nodes (2), at least one node (2E), called standard input node, equipped a computer processing unit in which an execution environment secured by cryptography, called an enclave (8) is implemented; - Instantiate the enclave (8) of the standard input node (2E); - Load the data, from the sender terminal (16) and via a secure communication line (18), to the enclave (8) of the standard input node (2E); - Enter in a block (4) of the chain (5) of blocks, by one or more nodes (2) of the network (1), at least one transaction containing a digital fingerprint of the request for storage and / or loading as well carried out; - In the enclave (8) of the standard input node (2E): o Encrypt the data (15) to form a first encrypted container (22), by associating it with a first cryptographic decryption key (23); o Fragment the first cryptographic decryption key (23) into a predetermined number of fragments (23.i); o Designate, from among the set of standard nodes (2), a first group of nodes (2A) and distribute the first encrypted container (22) to the standard node or nodes (2A) of this first group; o Designate, from among the set of standard nodes (2), a second group of nodes (2B) in number equal to the fragments (23.i) of the first cryptographic decryption key (23); o Distribute each fragment (23.i) of the first cryptographic decryption key (23) to one or more standard nodes (2B) of the second group, each receiving a single fragment (23.i); - Outside the enclave (8) of the standard input node (2E): o Store the first encrypted container (23) within each node (2A) of the first group of standard nodes; o Store the fragments (23.i) of the first cryptographic decryption key (23) within the nodes (2B) of the second group of standard nodes; - Designate, from among the set of mirror nodes (2), a mirror input node (2E '), equipped with a computer processing unit in which an enclave (8) is implemented; - Instantiate the enclave (8) of the mirror input node (2E '); - Establish a secure link between the enclave (8) of the standard input node (2E) and the enclave (7) of the mirror input node (2E '); - Relay, via the secure link, the data (15) from the enclave (8) of the standard input node (2E) to the enclave (8) of the mirror input node (2E '); - In the enclave (8) of the mirror input node (2E '): o Encrypt the data (15) to form a second encrypted container (28), by associating it with a second cryptographic decryption key (29), different from the first cryptographic decryption key (23); o Fragment the second cryptographic decryption key (29) into a predetermined number of fragments (29.j); o Designate, among the set of mirror nodes (2), a first group of nodes (2A ') and distribute the second encrypted container (28) to the mirror node (s) (2A') of this first group; o Designate, among the set of mirror nodes (2), a second group of nodes (2B ') in number equal to the fragments (29.j) of the second cryptographic decryption key (29); o Distribute each fragment (29.j) of the second cryptographic decryption key (29) to one or more mirror nodes (2B ') of the second group, each receiving a single fragment (29.j); - Outside the enclave (8) of the mirror entry node (2E '): o Store the second encrypted container (28) within each node (2A ') of the first group of mirror nodes; o Store each fragment (29.j) of the second cryptographic decryption key (29) on each node (2B ') of the second group of mirror nodes; - Enter in a block (4) of the chain (5) of blocks, by one or more nodes (2) of the network (1), at least one transaction containing a digital fingerprint of the memorizations thus carried out.