Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The embodiment of the present disclosure provides a data writing method based on a block chain intelligent contract, and fig. 1 is a schematic flow diagram of the data writing method based on the block chain intelligent contract provided by the embodiment of the present disclosure, as shown in fig. 1, the method includes the following steps:
step S101: encrypting the information to be encrypted of the first block chain account according to a pre-obtained symmetric key to obtain an information ciphertext of the first block chain account;
step S102: encrypting the symmetric secret key according to the public key of the first block chain account to obtain a secret key ciphertext of the first block chain account;
step S103: and writing the information ciphertext of the first block chain account and the key ciphertext of the first block chain account into a block chain where the first block chain account is located through an intelligent contract.
The first blockchain account may be any blockchain account in the blockchain in which the first blockchain account is located. The information to be encrypted for the first blockchain account includes, but is not limited to: private information (e.g., user identity information) of the first blockchain account itself or public information of the first blockchain account itself. Accordingly, the first blockchain account executes the data writing method based on the blockchain intelligent contract provided by the embodiment of the disclosure, and protects the private information of the first blockchain account or the public information of the first blockchain account. Optionally, for the public information of the first blockchain account, since the public information is public information, the first blockchain account directly writes the public information into the blockchain where the first blockchain account is located, so as to accelerate the data processing speed and improve the data processing efficiency.
Optionally, before step S101, the method further includes:
receiving information to be encrypted sent by the terminal equipment outside the block chain;
and determining the received information to be encrypted as the information to be encrypted of the first block chain account.
The information to be encrypted for the first blockchain account may be provided by any terminal, device or system, etc. outside the blockchain. Illustratively, the information to be encrypted is information to be encrypted, which is sent from a terminal device outside the blockchain where the first blockchain account is located. For a terminal device outside a blockchain where a first blockchain account is located, sending information that needs to be encrypted to the first blockchain account, and executing, by the first blockchain account, the data writing method based on the blockchain intelligent contract provided by the embodiment of the present disclosure to protect the information that needs to be encrypted by the terminal device.
The obtaining method of the symmetric key obtained in advance in step S101 includes, but is not limited to, the following two embodiments:
the first embodiment: and before encrypting the information to be encrypted of the first block chain account every time, randomly generating the symmetric key, and acquiring the randomly generated symmetric key.
The second embodiment: and before encrypting the information to be encrypted of the first block chain account for the first time, randomly generating the symmetric key, and acquiring the first randomly generated symmetric key.
With the first implementation manner, before encrypting information to be encrypted each time, the first blockchain account randomly generates a symmetric key, and performs steps S101 to S102 by using the randomly generated symmetric key this time. Since the rule for generating the symmetric key is randomly generated each time, the symmetric key generated by the first blockchain account at each time is different, and thus the symmetric key used by the first blockchain account at each time of performing steps S101 to S102 is different.
With the second implementation manner, before encrypting the information to be encrypted for the first time, the first blockchain account randomly generates a symmetric key, and performs steps S101 to S102 by using the symmetric key generated randomly for the first time. After the first random generation of the symmetric key, the first block chain account uses the first random generated symmetric key every time steps S101-S102 are performed thereafter. That is, as long as the first blockchain account randomly generates the symmetric key before encrypting the information to be encrypted for the first time, the symmetric key generated randomly for the first time is fixed as the symmetric key used by the first blockchain account to perform steps S101 to S102, and thus the symmetric keys used by the first blockchain account to perform steps S101 to S102 are the same.
After the first blockchain account obtains the symmetric key in advance, steps S101 to S102 are performed. Fig. 2 is a schematic flowchart of encryption in a data writing method based on a block chain intelligent contract according to an embodiment of the present disclosure. As shown in fig. 2, on one hand, the first blockchain account encrypts the information to be encrypted of the first blockchain account according to a pre-obtained symmetric key to obtain an information ciphertext of the first blockchain account; on the other hand, the first block chain account encrypts the pre-acquired symmetric key according to the public key of the first block chain account to obtain a key ciphertext of the first block chain account. The information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account form a digital envelope, so that the first blockchain account completes encryption of the information to be encrypted and the pre-acquired symmetric key in the form of the digital envelope.
After the first blockchain account has executed steps S101-S102, step S103 is executed, and the information ciphertext of the first blockchain account obtained by executing step S101 and the key ciphertext of the first blockchain account obtained by executing step S102 are both written into the blockchain where the first blockchain account is located through the smart contract. The information ciphertext of the first block chain account and the key ciphertext of the first block chain account are stored in the block chain, the key ciphertext of the first block chain account can be decrypted only through the private key, and then the information ciphertext of the first block chain account is decrypted to obtain the information to be encrypted of the first block chain account, and the private key of the first block chain account is only known by the private key and is not known to other block chain accounts on the block chain, so that the key ciphertext of the first block chain account cannot be decrypted by other block chain accounts on the block chain, the information ciphertext of the first block chain account cannot be further decrypted, and the information to be encrypted of the first block chain account cannot be obtained. Therefore, the protection of the information to be encrypted of the first block chain account is realized by adopting the method.
Optionally, after step S103, the method further comprises:
establishing a first mapping relation between the first blockchain account and the information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account respectively;
according to the first blockchain account, based on the first mapping relation, reading an information ciphertext of the first blockchain account and a key ciphertext of the first blockchain account from the blockchain;
decrypting the cipher key ciphertext of the first block chain account according to the private key of the first block chain account to obtain the symmetric cipher key;
and decrypting the information ciphertext of the first block chain account according to the symmetric key to obtain the information to be encrypted of the first block chain account.
After the first blockchain account has performed step S103, the information to be encrypted is included in the information ciphertext of the first blockchain account and is stored on the blockchain where the first blockchain account is located. If the information to be encrypted needs to be obtained, firstly, the information ciphertext of the first block chain account and the key ciphertext of the first block chain account need to be read from the block chain where the first block chain account is located. Embodiments of reading include, but are not limited to, the following:
after step S103 is executed, a mapping relationship (i.e., a first mapping relationship) between the first blockchain account and the information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account is first established, so that the information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account are queried from the blockchain where the first blockchain account is located through the first mapping relationship and the first blockchain account, and are read out.
Fig. 3 is a schematic flowchart of decryption in a data writing method based on a block chain smart contract according to an embodiment of the present disclosure. After the information ciphertext of the first block chain account and the key ciphertext of the first block chain account are read, as shown in fig. 3, the first block chain account decrypts the read key ciphertext by using its own private key to obtain a symmetric key, and then decrypts the read information ciphertext by using the symmetric key to obtain the information to be encrypted.
The above embodiment is applicable to the case where the information to be encrypted is only disclosed for the first blockchain account and is kept secret for other blockchain accounts except for the first blockchain account.
Optionally, in another embodiment, the information to be encrypted is disclosed to the first blockchain account and the second blockchain account, and is kept secret from other blockchain accounts except the first blockchain account and the second blockchain account, wherein the number of the second blockchain accounts is one or more. Correspondingly, the information to be encrypted of the first blockchain account is public information of a second blockchain account, and the first blockchain account and the second blockchain account belong to the same blockchain; fig. 4 is another schematic flowchart of a data writing method based on a block chain intelligent contract according to an embodiment of the present disclosure. As shown in fig. 4, the method further includes, in addition to steps S101-S103:
step S104: encrypting the symmetric secret key according to the public key of the second block chain account to obtain a secret key ciphertext of the second block chain account;
step S105: and writing the information ciphertext of the first block chain account and the key ciphertext of the second block chain account into the block chain through an intelligent contract.
Optionally, after step S105, the method further comprises:
establishing a second mapping relation between the second blockchain account and the information ciphertext of the first blockchain account and the key ciphertext of the second blockchain account respectively;
according to the second blockchain account, based on the second mapping relation, reading an information ciphertext of the first blockchain account and a key ciphertext of the second blockchain account from the blockchain;
decrypting the cipher key ciphertext of the second block chain account according to the private key of the second block chain account to obtain the symmetric cipher key;
and decrypting the information ciphertext of the first block chain account according to the symmetric key to obtain the information to be encrypted of the first block chain account.
Wherein steps S104-S105 are similar to steps S102-S103. After the first blockchain account obtains the symmetric key in advance, steps S101 to S102 and step S104 are performed. On one hand, the first block chain account encrypts the information to be encrypted of the first block chain account according to a pre-obtained symmetric key to obtain an information ciphertext of the first block chain account; on the other hand, the first block chain account encrypts the pre-acquired symmetric key according to the public key of the first block chain account to obtain a key ciphertext of the first block chain account, and the first block chain account encrypts the pre-acquired symmetric key according to the public key of the second block chain account to obtain a key ciphertext of the second block chain account. The information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account form a digital envelope, and the information ciphertext of the first blockchain account and the key ciphertext of the second blockchain account form another digital envelope, so that the first blockchain account completes encryption of the information to be encrypted and the pre-acquired symmetric key in the form of two digital envelopes.
After the first blockchain account has performed steps S101-S102 and step S104, step S103 and step S105 are performed. The process of the first blockchain account executing step S105 is: the information ciphertext of the first blockchain account obtained by executing the step S101 and the key ciphertext of the second blockchain account obtained by executing the step S104 are both written into a blockchain where the first blockchain account and the second blockchain account are commonly located through an intelligent contract. Since the information ciphertext of the first blockchain account and the key ciphertext of the second blockchain account are stored in the blockchain, the key ciphertext of the second blockchain account can be decrypted only by the private key of the second blockchain account, or, the private key of the first blockchain account can be used to decrypt the cipher text of the first blockchain account, further decrypting the information ciphertext of the first blockchain account to obtain the information to be encrypted of the first blockchain account, while the private key of the first blockchain account and the private key of the second blockchain account are respectively only known to themselves and not to other blockchain accounts on the blockchain, therefore, other blockchain accounts on the blockchain cannot decrypt the key ciphertext of the first blockchain account and the key ciphertext of the second blockchain account, and cannot further decrypt the information ciphertext of the first blockchain account, so that the to-be-encrypted information of the first blockchain account cannot be obtained. Therefore, only the protection of the information to be encrypted is realized by adopting the method.
After the first blockchain account obtains the symmetric key in advance, steps S101 to S102 are performed. As shown in fig. 2, on one hand, the first blockchain account encrypts the information to be encrypted of the first blockchain account according to a pre-obtained symmetric key to obtain an information ciphertext of the first blockchain account; on the other hand, the first block chain account encrypts the pre-acquired symmetric key according to the public key of the first block chain account to obtain a key ciphertext of the first block chain account. The information ciphertext and the key ciphertext actually form a "digital envelope" such that the first blockchain account completes the encryption of the information to be encrypted and the pre-acquired symmetric key in the form of a "digital envelope".
After the first blockchain account has executed steps S101-S102, step S103 is executed, and the information ciphertext of the first blockchain account obtained by executing step S101 and the key ciphertext of the first blockchain account obtained by executing step S102 are both written into the blockchain where the first blockchain account is located through the smart contract. The information ciphertext and the key ciphertext are stored in the block chain, the key ciphertext can be decrypted only through the private key of the first block chain account, the information ciphertext is decrypted, and the information to be encrypted is obtained. Therefore, the method realizes that the information to be encrypted is only disclosed for the first blockchain account and the second blockchain account.
Fig. 5 is another schematic flowchart of a data writing method based on a block chain intelligent contract according to an embodiment of the present disclosure. The following describes a data writing method based on a block chain intelligent contract according to an embodiment of the present disclosure, with reference to fig. 5, taking the employee information managed by the staff member of the company as an example.
When a personnel specially-assigned person inputs the employee information of a certain employee, only the personnel specially-assigned person and the employee are allowed to check the private information of the employee, such as name, identity card, mailbox, wage and the like, and the private information is kept secret for other persons; and public information such as prize evaluation, evaluation and reimbursement of employees and the like is allowed to be checked by all the employees. Therefore, when the private information is input, a computer (used as a first block chain account) used by a personnel specially-assigned person randomly generates a symmetric key, and the private information is encrypted to form an information ciphertext; then, the public key of the first block chain account and the public key of the computer (as a second block chain account) used by the employee are used for encrypting the symmetric keys respectively to form two key ciphertexts. And then writing the information ciphertext and the two key ciphertexts into a blockchain where the first blockchain account and the second blockchain account are located together through the intelligent contract. For the above disclosure, the information is written directly into the block chain. Fig. 5 illustrates an example of a key ciphertext, where the key ciphertext and the message ciphertext form a digital envelope, and the digital envelope is stored in the block chain via a smart contract.
After the information is input according to the above manner, the private information of the employee can decrypt the corresponding private key ciphertext only through the private key of the employee (i.e., the private key of the second blockchain account) or the private key of the personnel (i.e., the private key of the first blockchain account), and then decrypt the information ciphertext to check the private information of the employee.
Based on the same inventive concept, the embodiment of the present disclosure further provides a data writing device based on the intelligent block chain contract, which is used for executing the data writing method based on the intelligent block chain contract provided by the embodiment of the present disclosure. Fig. 6 is a schematic structural diagram of a data writing apparatus based on a block chain smart contract according to an embodiment of the present disclosure. As shown in fig. 6, the data writing apparatus 600 based on the blockchain intelligent contract includes:
the first encryption module 601 is configured to encrypt information to be encrypted of the first block chain account according to a pre-obtained symmetric key to obtain an information ciphertext of the first block chain account;
a second encryption module 602, configured to encrypt the symmetric key according to the public key of the first block chain account to obtain a key ciphertext of the first block chain account;
a first writing module 603, configured to write the information ciphertext of the first blockchain account and the key ciphertext of the first blockchain account into a blockchain where the first blockchain account is located through an intelligent contract.
Optionally, the apparatus further comprises:
the first establishing module is used for establishing a first mapping relation between the first block chain account and the information ciphertext of the first block chain account and the key ciphertext of the first block chain account;
a first reading module, configured to read, according to the first blockchain account and based on the first mapping relationship, an information ciphertext of the first blockchain account and a key ciphertext of the first blockchain account from the blockchain;
the first decryption module is used for decrypting the cipher key ciphertext of the first block chain account according to the private key of the first block chain account to obtain the symmetric cipher key;
and the second decryption module is used for decrypting the information ciphertext of the first block chain account according to the symmetric key to obtain the information to be encrypted of the first block chain account.
Optionally, the information to be encrypted of the first blockchain account is public information of a second blockchain account, and the first blockchain account and the second blockchain account belong to the same blockchain; the device further comprises:
the third encryption module is configured to encrypt the symmetric key according to the public key of the second block chain account to obtain a key ciphertext of the second block chain account;
and the second writing module is used for writing the information ciphertext of the first block chain account and the key ciphertext of the second block chain account into the block chain through an intelligent contract.
Optionally, the apparatus further comprises:
the second establishing module is used for establishing a second mapping relation between the second block chain account and the information ciphertext of the first block chain account and the key ciphertext of the second block chain account;
a second reading module, configured to read, according to the second blockchain account and based on the second mapping relationship, an information ciphertext of the first blockchain account and a key ciphertext of the second blockchain account from the blockchain where the second blockchain account is located;
the third decryption module is configured to decrypt the key ciphertext of the second block chain account according to the private key of the second block chain account to obtain the symmetric key;
and the fourth decryption module is used for decrypting the information ciphertext of the first block chain account according to the symmetric key to obtain the information to be encrypted of the first block chain account.
Optionally, the apparatus further comprises:
the first obtaining module is used for randomly generating the symmetric secret key before encrypting the information to be encrypted of the first block chain account every time, and obtaining the randomly generated symmetric secret key; or
And the second obtaining module is used for randomly generating the symmetric key before encrypting the information to be encrypted of the first block chain account for the first time, and obtaining the symmetric key randomly generated for the first time.
Optionally, the apparatus further comprises:
the receiving module is used for receiving information to be encrypted sent by the terminal equipment outside the block chain;
the determining module is configured to determine the received information to be encrypted as the information to be encrypted of the first blockchain account.
It should be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the modules of the block generation apparatus described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, the above division of the block generation device composition module is only one logic function division, and there may be another division manner in actual implementation. Moreover, the physical implementation of each module may also be in various ways, which is not limited by the present disclosure.
Based on the same inventive concept, an embodiment of the present disclosure further provides a data writing device based on a block chain intelligent contract, and fig. 7 is a schematic structural diagram of another data writing device based on a block chain intelligent contract according to an embodiment of the present disclosure. As shown in fig. 7, the data writing device 110 based on the block chain intelligent contract includes:
at least one processor unit (such as processor unit 111 shown in fig. 7), a communication interface 112, a memory 113, and a communication bus 114; the at least one processor unit, the communication interface 112 and the memory 113 are in communication with each other via the communication bus 114;
the memory 113 is configured to store program code, and the at least one processor unit is configured to execute the program code to implement the data writing method based on the blockchain intelligent contract provided by the embodiment of the present disclosure, which is specifically described with reference to the above method embodiment.
The disclosed embodiments also provide a non-transitory computer-readable storage medium, such as the memory 113, including instructions executable by a processor of the apparatus 110 to perform the method for writing data based on the blockchain intelligent contract provided by the disclosed embodiments. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.