CN110245117A - The credible delet method of data and system on a kind of cloud based on block chain - Google Patents

The credible delet method of data and system on a kind of cloud based on block chain Download PDF

Info

Publication number
CN110245117A
CN110245117A CN201910508543.7A CN201910508543A CN110245117A CN 110245117 A CN110245117 A CN 110245117A CN 201910508543 A CN201910508543 A CN 201910508543A CN 110245117 A CN110245117 A CN 110245117A
Authority
CN
China
Prior art keywords
file
key
data
contract
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910508543.7A
Other languages
Chinese (zh)
Inventor
刘晓光
杨颖�
王刚
阎萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nankai University
Original Assignee
Nankai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nankai University filed Critical Nankai University
Priority to CN201910508543.7A priority Critical patent/CN110245117A/en
Publication of CN110245117A publication Critical patent/CN110245117A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/162Delete operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The credible delet method of data and system on a kind of cloud based on block chain.Include: 1. uploads: client uses symmetric key encryption file, uses the public key encryption file key of unsymmetrical key centering;File cipher text is uploaded to cloud storage service device, key ciphertext gives file corresponding intelligent contract, and asymmetric key pair locally retains in client.2. downloading: client obtains file cipher text from cloud storage service device, obtains key ciphertext from contract;Using the private key decruption key ciphertext locally saved, file cipher text is decrypted using obtained file key, obtains original.3. deleting: client requirements cloud storage service device deletes file cipher text, calls the key ciphertext in intelligent contract covering contract, and trigger contract self-destruction;It is performed to contract calling, delete operation is completed.4. verifying: the corresponding contract of client call file proves that file key ciphertext therein can not be obtained, that is, has been deleted if contract can not be called.

Description

The credible delet method of data and system on a kind of cloud based on block chain
[technical field]
The invention belongs to technical field of the block chain in conjunction with cloud computing, in particular to a kind of credible deletion side of cloud data Method.
[background technique]
Cloud storage is a kind of storage mode by data outsourcing on-line storage, and the data of outsourcing are generally placed upon cloud service offer In the storage server that quotient provides, by cloud service provider come organization and management data, correspondingly, user only need to be storage branch Payment is used, and can be greatlyd save the cost of maintenance management server, be conveniently realized multiple terminals data sharing.
But when user need outsourcing data it is more secret when, it is higher right just to propose to cloud service service provider The requirement of customer privacy data protection.But the manager as data, cloud service provider are had ready conditions the number of client's outsourcing According to takeing forcible possession of.For example, on the one hand cloud service provider may peep the confidential data of client's upload, it on the other hand may be in visitor Family requires still to retain initial data after deleting data.Moreover, in current cloud storage technology, it is that data are deleted as a result, often only It is to be returned with the result of success or failure, cloud service provider proves that data have been deleted really on cloud without normal direction client.
In this case, there is a kind of credible deletion mode based on trusted third party.This technology is using encryption Technology will need the data encryption of outsourcing, and encryption key is then applied to trusted third party, and it is close that trusted third party plays encryption The distributor of key and manager's identity, realize believable deletion by making third party abrogate encryption key, by the task of deletion from Cloud storage service device is transferred to key management third party.This mode, which is breached, deletes the inefficient of big file by data cover, It ensure that deletion data are irrecoverable simultaneously.But, since the safety of scheme depends critically upon third-party credible, third party Honest degree by the safety of restricted version, once there is malicious act in the third party of distribution and management key, file can Letter is deleted and is difficult to guarantee.
Block chain is a kind of distributed database, has decentralization, can not distort and the characteristics such as credibility.It is all to add The information of entire chain can be possessed by entering the node in block chain network, and miner's node can participate in knowing together on chain, to determine chain State, common recognition mechanism guarantee chain on data be finally reached correct stable state, it ensure that the implementing result of contract pass through miner Common recognition, it is believed that be to meet the result for executing logic.Once data become in block chain database admitted one by cochain Point, this partial data is difficult to be modified again, unless attacker possesses the calculation power of the whole network 51%, for using ether mill as representative It supports to scheme for the block platform chain of clever completeness, it is meant that the contract code disposed is almost impossible to be modified.Therefore, chain On the operation of intelligent contract can be considered complete believable operation.The data stored in contract can only by contract code access, therefore, Different from the data outsourcing in conventional cloud memory technology, although the data being stored in inside the contract of client's creation are by client's outsourcing It goes out, but as long as the calling to contract limits slightly, these outer controls for contracting out the data being stored in inside contract are practical Also in client's hand, it is difficult to be obtained by other people.
[summary of the invention]
The problem of present invention aim to address the protection of cloud storage data and credible deletions.In view of block chain technology itself It is credible with can not tamper the characteristics of, cloud service provider can be not necessarily to block chain technical application into cloud storage It is established between client under conditions of trusting completely and realizes the protection of client's confidential data and the credible deletion of data.
The present invention proposes the credible delet method of data on a kind of cloud based on block chain, comprising:
1) contract is disposed: client disposes an intelligent contract corresponding with file, intelligence first before file is uploaded It can include one piece of memory space and one group of data management function in contract;Data management function includes that function, number is written in data Function is deleted according to function reading and data.Block link network is just no longer monitored in the transaction that client initiates to create intelligent contract later Implementation procedure in network is only locally remaining with transaction Hash, and corresponding with filename;It then needs to access intelligent contract every time When, it all uses respective file name as index, finds the Hash of corresponding transaction first, then find corresponding intelligence using transaction Hash The address of energy contract, reuses the call by location intelligence contract of intelligent contract;The intelligent contract is using ether mill as representative Block chain technology in executable contract;Memory space includes the address type of 160bits for remembering in intelligent contract Byte32 [8] type of the deployer address and 256bytes of recording the contract is close by the file after public key encryption for saving Key;
2) file upload procedure, client locally possess asymmetric key pair;For the file generated symmetric key to be uploaded, File cipher text is obtained using the symmetric key encryption file of generation;Key is obtained using the public key encryption file key locally possessed Ciphertext;The data write-in function in the corresponding intelligent contract of file is called to deposit key ciphertext using key ciphertext as input data It stores up in intelligent contract;File cipher text is uploaded to cloud storage service device;The symmetric key encryption algorithm used is AES-256; The asymmetric-key encryption algorithm used is RSA-2048;
It is contracted out to cloud again after local encrypts confidential data using file key, cloud is prevented to obtain the secret letter of client Breath will be stored in intelligent contract after file key encryption, save local storage space, reduce the possibility of file key damage Property, while key ciphertext administrative power remains in client's hand;
3) file download process, client are downloaded to obtain file cipher text from cloud storage service device, call the corresponding intelligence of file The Data Read Function of energy contract obtains file key ciphertext;Client uses the private key decryption file key ciphertext locally saved File key is obtained, obtains plaintext document, i.e. original using obtained file key decryption file cipher text;
4) file deletes process, and client initiates file deletion requests to cloud storage service device, it is desirable that deletes cloud storage clothes The respective file ciphertext possessed in business device;The data in the intelligent contract of respective file are called to delete function, it is desirable that intelligent contract Delete the file key ciphertext wherein possessed;When data in the intelligent contract of respective file delete function execution, first by intelligence The space covering of storage file ciphertext, then calls self-destruction function, contract self-destruction in energy contract, and memory space is released, file Key is difficult to restore, then is difficult to be cracked using the file that file key encrypts, is considered as file and has been deleted;
5) verification process is deleted, client calls the intelligent contract of respective file again, if contract can not be called, Prove that the file key ciphertext of respective file cannot be acquired, it is believed that plaintext document has been unable to get, i.e., file has been It is deleted.
Present invention also provides the credible deletion systems of data on a kind of cloud based on block chain, including client part and intelligence Energy Contract Design realizes part:
Client part: the main file upload for completing client's control, deletes and deletes the function of verifying at downloading, including Crypto module, communication module, management module and top layer realization module is locally stored in data encoding and decoder module;
The data encoding and decoder module, the JSON formatted data construction and solution needed when for being communicated with ether mill Analysis, and the ABI said shank construction of parameter and parsing when calling intelligence contract function;
The crypto module, for the generation of file key, the encryption of file key and decryption, the encryption of classified papers with Decryption;
The communication module, for carrying out telecommunication with ether mill and being communicated with long-distance cloud storage server, It sends and requests and obtain response, which calls data encoding and decoder module, constructs request message when sending request, is connecing Decoding obtains response results after being responded;
It is described that management module is locally stored, for managing the classified papers being locally stored and filename and Hash of trading The management of respective file;
The top layer realizes that module, the module call crypto module, ether mill communication module and management mould are locally stored Block, for completing contract deployment, file uploads, downloading, delete, the logical AND function of verifying is realized.
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including function, number is written in data Storage and management of the file key ciphertext in contract is realized in the design and realization that function is deleted according to function reading, data, and The deletion and contract self-destruction of file key ciphertext, and simple access control is provided.
The advantages and benefits of the present invention are:
It prevents cloud service provider from obtaining client's classified papers original text, reduces cloud service provider and illegally use client's confidential data A possibility that;It using intelligent contract storage file key ciphertext, prevents from being tampered, prevents file key ciphertext from damaging, avoid removing Client except contract deployer calls contract, and file key ciphertext is protected not to be stolen;It is saved and is managed using intelligent contract File key ciphertext, the control of this partial data return in client's hand, since data need to use this part of key on cloud Decryption is equivalent to and the control of data on cloud is given back client again, realizes the unification of data owner and data manager.
[Detailed description of the invention]
Attached drawing is only used for helping to understand scheme and system design in the present invention, can't cause improperly to limit to the present invention It is fixed.
Fig. 1 is the flow chart of client operation of the invention;
Fig. 2 is the relational graph between client in the present invention, block chain and cloud;
Fig. 3 is the implementation procedure figure that file is uploaded, downloaded in the present invention;
Fig. 4 is the composition figure of system in the present invention;
Fig. 5 is the transmission time figure that system realizes under the test of different file sizes in the present invention, wherein (a) is file It uploads, (b) is file download.
[specific embodiment]
Embodiment 1, a kind of credible delet method of cloud storage data based on block chain technology
Method more specifically to introduce the credible deletion of data on the cloud proposed in the present invention with reference to the accompanying drawing.Following Schematical embodiment is only used for helping to understand the scheme and design cycle in the present invention, does not cause improperly to limit to the present invention It is fixed.
In embodiment, client distrusts cloud service provider to return the result oneself confidential data deletion, cloud service Provider be it is curious, will not malicious sabotage customer data it is likely that checking client's confidential data.
As shown in Figure 1, life cycle and operational flowchart for classified papers in the present invention.As shown in figure 3, for this The implementation procedure that file uploads and downloads in invention.
Step 101: intelligent contract deployment: assuming that user USER has the demand of the protection credible deletion of data, needing to create first Build one and the protected file F of needssecretCorresponding intelligence and about CFIf file FsecretThe entitled F of filename.Client The transaction T of construction creation contract firstFdeploy, important field can be as shown in Table 1 in transaction.Client fills necessary transaction Field calls ether mill remote function call eth_ using it as parameter by data organization in table 1 at JSON format sendTransaction.After calling successfully, contract creation transaction is submitted.Function returns to transaction Hash H immediatelyFdeploy, Corresponding relationship [F is locally storedname, HFdeploy].Trade TFdeployAfter being packaged and executed by miner, intelligence and about CFIt is created, Address CFaddressIn the presence of transaction TFdeployReceipt among.
Optionally, simple corresponding relationship is realized using corresponding one intelligent contract of a file in the present embodiment;It is optional Ground chooses ether mill in the present embodiment as block chain technology and realizes platform, and field shown in table 1 also uses in the transaction of ether mill Method of Data Organization.
The intelligent contract creation transaction construction of table 1
Field Explanation
from The address of transaction initiator, serial data and the contract founder address for being 160bit
data Contract creates bytecode, obtains after the success of contract code compilation
nonce The serial number that transaction is initiated by transaction initiator allows covering to be not carried out transaction
Step 102: file uploads: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain In network.In order to complete file upload operation, client need respectively with cloud storage service device and and about CFInteraction.Wherein, With with about CFInteraction is exactly to call the disclosed data in the contract that function Func is writtenFset.In order to call FuncFset, need structure It makes contract and calls transaction.Important field is as shown in table 2 in transaction.Client obtains F by search local filenameIt is corresponding Trade Hash HFdeploy.Remote function call eth_getTransactionReceipt is called, with HFdeployAs parameter, return Include CFContract address CFaddressJSON string, parsing JSON data obtain contract address CFaddress.Then, symmetrical text is generated Part key KF, use KFEncryption file obtains file cipher textUsing generated, locally possess Public key pk in asymmetric key pair (pk, sk) encrypts file key KFObtain key ciphertext EncK=Encpk(KF);Client will File cipher text EncFIt is uploaded to cloud storage service device.JSON data needed for trading then are constructed according to 2 field of table, wherein data word The ABI of the signified function of section is encoded to data write-in function FuncFsetCoded data and supplemental characteristic.It is obtained with construction JSON serial data is that parameter calls eth_sendTransaction function, issues transaction.During transaction executes, FuncFsetIt is held Row, by incoming parameters distribution in the memory space of specified byte32 [8], after being finished, key ciphertext EncKIt is placed In intelligence and about CFInternal storage space in.
Table 2 calls contract transaction construction
Field Explanation
from The address of transaction initiator, serial data and the contract caller address for being 160bit
to Called contract address is the serial data namely C of 160bitFaqdress
data The ABI coding of called function and the ABI coding of parameter
nonce The serial number that transaction is initiated by transaction initiator allows covering to be not carried out transaction
Since the present embodiment medium cloud is curious, and user USER wishes that the data of outsourcing are secret, therefore in order to The confidential data of USER is prevented to be leaked as far as possible, file FsecretEncryption and file key KFEncryption is all in visitor Family machine locally carries out.Encryption Algorithm can be generally divided into two kinds, and one is encryption key symmetric cryptographies identical with decruption key Algorithm, another kind are the encryption key asymmetric key algorithms or public key algorithm different from decruption key.The former encrypts Time is short, but is easy under attack, and the latter's encryption times are long, but safety is higher.It is encrypted the safety of file in order to balance The method of public key encryption file key is then used using symmetric key encryption classified papers are used first with encryption efficiency.
Client generates file key, illustratively, generates symmetrical file key K using AES-256 cryptographic algorithmF, add Ciphertext part.The generation of unsymmetrical key (pk, sk) uses RSA-2048.
Due to EncFVolume is larger, it is contracted out to cloud service provider, gives cloud storage service device and carrys out organization and management. It, can not be from Enc even odd cloud very well but due to having already passed through encryptionFIn obtain useful information.EncKBody Product is smaller, and is EncFIt is able to be restored to plaintext FsecretImportant tie, therefore be contracted out to access control, only permit Perhaps the intelligence and about C that deployer callsF.So CFThe storage location of middle file key ciphertext just can only be by CFOneself access, And CFThen can only be by USER access control, therefore actually EncKControl be still held in USER hand, it is directly right by USER It is managed.
Further optionally, the public private key pair substitution of local account can be used in asymmetric key pair (pk, sk).In this way, can To reduce the case where classified papers caused by due to local asymmetric key pair is lost are lost to a certain extent.
Optionally, it needs to upload classified papers F againsecretWhen, it can choose and do not regenerate file key, still use KF, or regenerate file key KF′.If regenerating file key KF', then it needs to re-call intelligent contract, according to Preceding method is to CFNew file key ciphertext Enc is writtenK'=Encpk(KF'), but more new key can also increase file FsecretSafety.
Step 103: file download: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain In network, file cipher text EncFIt is already present in cloud storage service device, key ciphertext EncFIt is already present on CFIt deposits inside It stores up in space.Client is downloaded to obtain file cipher text Enc from cloud storage service deviceF, from intelligence and about CFIn obtain key ciphertext EncK.In order to from CFMiddle acquisition key ciphertext EncK, it needs to construct contract calling and trades, important field such as 2 institute of table in transaction Show.Client obtains F by search local filenameCorresponding transaction Hash HFdeploy.Call remote function call eth_ GetTransactionReceipt, with HFdeployAs parameter, returning includes CFContract address CFaddressJSON string, solution It analyses JSON data and obtains contract address CFaddress.JSON data needed for being traded according to 2 field of table construction, wherein data field is signified The ABI of function is encoded to data write-in function FuncFgetCoded data.It is called using constructing obtained JSON serial data as parameter Eth_sendTransaction function issues transaction.During transaction executes, FuncFgetIt is performed, only allows contract founder USER obtains key ciphertext EncF.Client obtains file key K using the private key sk decruption key ciphertext locally savedF= Decsk(EncK)=Decsk(Encpk(KF)), original is obtained in plain text using file key decryption file cipher text
In order to bring back classified papers Fsecret, client needs to collect neat three necessary conditions: successfully taking the close of classified papers Literary EncF, successfully take the ciphertext Enc of file keyK, successfully take encryption file key unsymmetrical key centering private key sk.Lack any one, all cannot successfully give F for changesecret
In the present embodiment, intelligence and about CFNon- USER user is not allowed to call FuncFgetRead file key ciphertext EncK, and CFThen fully according in contract code logic execute execution, therefore be it is believable, non-USER user is difficult to from CF? To EncK;USER is uploaded to the confidential data Enc of cloudFClient is needed to select suitable access control mechanisms on cloud, in addition to cloud Attacker be difficult to obtain EncF;Private key sk for decrypting file key be stored in client it is local unless USER oneself leakage or Storage medium is lost, and sk cannot be obtained by attacker.As shown in Fig. 2, cloud can not be with CFGeneration relationship, even cloud, due to nothing Method obtains CFIn file key ciphertext EncK, it is even more impossible to decrypt EncKObtain file key KF, therefore can not also see client computer The plaintext F of ciphertext datasecret
Step 104: file is deleted: still with file FsecretFor, its corresponding intelligence and about CFIt is already present on block chain In network, file cipher text EncFIt is already present in cloud storage service device, key ciphertext EncFIt is already present on CFIt deposits inside It stores up in space.Client sends request to cloud storage service device and requires to delete the Enc in cloud storageF, call CFIt is required that covering EncK The simultaneously self-destruction of the memory space at place.In order to delete CFMiddle key ciphertext EncK, it needs to construct contract calling and trades, it is important in transaction Field it is as shown in table 2.With described in step 102, C is obtainedFAddress CFaddress.JSON number needed for being traded according to 2 field of table construction According to wherein the ABI of data field meaning function is encoded to data and deletes function FuncFdelCoded data.It is obtained with construction JSON serial data is that parameter calls eth_sendTransaction function, issues transaction.During transaction executes, only contract is allowed to create The person of building USER calls FuncFdel.When USER is called, FuncFdelIt is performed, first storage EncKSpace covered by extraneous data, Then triggering contract self-destruction function, C after the completion of contract executesFSelf-destruction takes up space and is released, CFIt can not be called again, EncKIt can not be acquired.
In the present embodiment, as long as EncF、FncKOr in the private key sk of client local any one be deleted and can not be extensive It is multiple, the classified papers plaintext F of USERsecretCan not just it restore.Specifically, due to public private key pair a pair of of in the present invention correspond to it is multiple File, therefore cannot achieve the purpose that credible deletion by deleting private key, and cloud service provider does not obtain the letter of client Appoint, and Enc can not be providedFDeleted evidence, therefore can not be EncFIt deletes as the credible standard deleted and completed, therefore, In the present embodiment, being stored in CFIn EncKDeletion as it is credible delete completion standard.On the one hand, CFIn data only By USER, that is, data owner's control, trust problem is not present;Another aspect CFExecution fully according to pre-set code logic, it is difficult To distort implementing result;Finally, CFIt just can not be called again after self-destruction, be stored in CFIn EncKAlso it cannot be accessed again ?.
Specifically, client requires cloud storage service device to delete Enc respectivelyF, call CFIn function FuncFdel, covering deposits In CFIn EncK, then call CFSelf-destruction program.Client can not mind the implementing result of cloud storage service device at this time, Because of CFIn EncKAfter being deleted, FsecretIt can not just be acquired again.
Step 105: file deletes verifying: still with file FsecretFor, it is contemplated that in, its corresponding intelligence and about CF? It can not be called.In order to call CF, need to construct contract calling and trade, important field is as shown in table 2 in transaction.Same step Described in 102, C is obtainedFAddress CFaddress.JSON data needed for trading are constructed according to 2 field of table, wherein data field meaning function ABI coding can be FuncFget、FuncFset、FuncFdel.Eth_ is called as parameter to construct obtained JSON serial data SendTransaction function issues transaction.If CFIt can not be called, effective key ciphertext Enc can not be readK, then demonstrate,prove Bright deletion work has been completed, and otherwise, then proves CFThe operation of middle deletion is not yet completed, FsecretStill in accessiable state.
In the present embodiment, FsecretDeletion be equal to encryption FsecretKey ciphertext EncKDeletion, i.e. CFMiddle EncK Covering and CFSelf-destruction.C after self-destructionF, which is characterized in that the Enc of storageKSpace can not be accessed again, CFIn all letter Number can not be called again.The verifying that distinct feature is deleted to data brings great convenience.
It in the present embodiment, is not in that contract can due to the certainty of intelligent contract code implementing result and credibility Call the situation that still file key ciphertext has been capped.Therefore verification result is only possible to there are two types of happening: CFCertainly It ruins, can not call or CFDeletion calling be not yet completed, call normal.In view of the situation, it is alternatively possible to select CF In any function come verify data delete the case where, in the case that believable data delete, any one be directed to CFIn any letter Number FuncFget、FuncFset、FuncFdelCalling all should be to call in vain.
The credible deletion system of data in embodiment 2, a kind of cloud based on block chain
On the other hand, as shown in figure 4, the invention also provides a kind of credible deletion system of the data based on block chain, packet It includes client part and intelligent Contract Design realizes part.
According to the construction module of system, client part is divided into data encoding and decoder module, crypto module, communicates mould Management module and top layer realization module is locally stored in block.Wherein:
Data encoding and decoder module: the coding of the JSON formatted data for being interacted with ether mill and decryption, and adjust ABI said shank and decoding with parameter when intelligent contract.The module needs to be called in communication module, needs whenever having to trade When to be constructed, parameter needed for which receives the transaction building such as table 1 or table 2 transmitted by communication module and transaction class Type.Type transactions are created for contract shown in table 1, which obtains data field data, from Field Count from communication module According to, nonce field data, JSON serial data is constructed, and returns to communication module;Contract call type shown in table 2 is handed over Easily, which obtains data field data, parameter information, nonce data and contract address from communication module, first by parameter It is encoded into ABI format, these data organizations are then returned into communication module at JSON serial data form.Specifically, to each The file F of a determinationsecretWith corresponding operation OP, such as file upload operation, above-mentioned field is replaced by specific number respectively According to.For example, contract address is replaced with CFaddress, data field data is replaced with into function FuncFgetABI coding.
Crypto module: encryption and decryption for Various types of data.The module is realized in module in top layer and is called, for giving birth to At file key, the encryption and decryption of file encryption decryption and file key.For example, to file FsecretFor, need generation pair The file key K answeredF, encrypt file and obtain file cipher textIt is close that encryption file key obtains key Literary EncK=Encpk(KF);Decruption key ciphertext is needed to obtain key KF=Decsk(EncK)=Decsk(Encpk(KF)), decryption File cipher text obtains plaintext document Optionally, the present embodiment It is middle to use AES-256 as the cryptographic algorithm for generating file key, encrypting file, use RSA-2048 asymmetric close as generating Key pair, the algorithm of encrypting and decrypting file key.
Communication module: the module completes the interaction with ether mill, cloud.Long-range adjust is sent to ether mill by construction http packet With request, and the http packet in ether mill is obtained as responding.The module needs to call data coding module, to construct and ether mill Interactive JSON formatted data simultaneously parses the JSON formatted data that ether mill returns.The module realizes that module is called by top layer, tool Body, the interaction with ether mill mainly include that transaction is initiated: create the transaction of intelligent contract, call transaction of intelligent contract etc. with And account list acquisition etc..It is called using the JSONAPI that ether mill is reserved.Specifically, to specific file Fsecret, should Module function mode is as described in step 101,102,103,104.The access that the module uses client to be arranged in cloud service provider Storage service SDK that key and cloud service provider provide accesses the file in cloud storage service device.
Management module is locally stored: completing the management of local file, reading and preservation including classified papers, and it is local The maintenance etc. of the respective file of the filename and transaction Hash of storage.Specifically, to specific file Fsecret, filename and transaction Hash corresponding relationship is obtained as described in step 101, after obtaining the corresponding relationship, this module new new-added item in relationship safeguard file [Fname, HFdeploy].When file updates, since contract address is constant, there is no need to be update behaviour to the item in relationship safeguard file Make.When file is deleted, need to delete item [F in relationship safeguard filename, HFdeploy].When judging specific file Fsecret' whether It, can also be by whether there is item [F in inquiry relationship safeguard file when being outsourcedname', HFdeploy'] Lai Shixian.
Top layer realizes that module calls the communication module of crypto module and ether mill, management module is locally stored to realize top Layer function: contract deployment, file upload, file download, file are deleted and delete five parts of verifying.Contract disposes functional module It is main to complete content described in step 101;File upload is partially completed content described in step 102, the i.e. outsourcing of client data;Text Part download part completes content described in step 103, i.e. document text restores;File deletion is partially completed content described in step 104, Delete the file cipher text on file key ciphertext and cloud;The deletion verifying of step 105 is completed by deletion verification portion, this part Each function of corresponding contract is called respectively, and ether mill returns to call error then checking success.
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including function, number is written in data Storage and management of the file key ciphertext in contract is realized in the design and realization that function is deleted according to function reading, data, and The deletion and contract self-destruction of file key ciphertext, and simple access control is provided.Specifically, for about CF, wherein including Data management function FuncFget、FuncFset、FuncFdel.To FuncFget, when function is called, use incoming parameters distribution Original parameter present in byte32 [8] space.To FuncFset, return to the data Enc in byte32 [8]K.To FuncFdel, first Using original data present in independent parameter covering byte32 [8] space, contract self-destruction function is then triggered.To above-mentioned each A function, all addition access control function require, judge whether contract caller address address is equal to conjunction before execution About founder address msg.sender, only the two are identical, just allow function call.
The application also tests the credible deletion system of data on cloud provided herein under experimental situation, such as Fig. 5 institute Show, is that file of this system under private chain uploads and downloads time-tendency graph.It can be seen that conventional cloud storage mode is compared, this Embodiment ensure that the credible deletion of data on cloud, but not influence file transmission performance substantially.

Claims (9)

1. the credible delet method of data, the steps include: on a kind of cloud based on block chain
1) contract is disposed: client disposes an intelligent contract corresponding with file first before file is uploaded, and intelligence is closed It include one piece of memory space and one group of data management function in about;Data management function includes that function is written in data, data are read Function and data is taken to delete function;Record transaction Hash after the transaction of the intelligent contract of creation is submitted;
2) file uploads: client locally possesses asymmetric key pair;For the file generated symmetric key to be uploaded, generation is used Symmetric key encryption file obtain file cipher text;Key ciphertext is obtained using the public key encryption file key locally possessed;It adjusts Function is written with the data in the corresponding intelligent contract of file, using key ciphertext as input data, by key ciphertext storage to intelligence In energy contract;File cipher text is uploaded to cloud storage service device;
3) file download: client is downloaded to obtain file cipher text from cloud storage service device, calls the corresponding intelligent contract of file Data Read Function obtains file key ciphertext;Client obtains file using the private key decryption file key ciphertext locally saved Key obtains plaintext document, i.e. original using obtained file key decryption file cipher text;
4) file is deleted: client initiates file deletion requests to cloud storage service device, it is desirable that deletes and protects in cloud storage service device Some respective file ciphertexts;The data in the intelligent contract of respective file are called to delete function, it is desirable that intelligent contract is deleted wherein The file key ciphertext possessed;
5) delete verifying: client calls the intelligent contract of respective file again, if contract can not be called, proves to correspond to The file key ciphertext of file cannot be acquired, it is believed that plaintext document has been unable to get, i.e., file is deleted.
2. the method as described in claim 1, which is characterized in that wherein the intelligent contract is using ether mill as the area of representative Executable contract in block chain technology.
3. the method as described in claim 1, which is characterized in that each document entity being uploaded has corresponding intelligence to close About entity, and the ciphertext for encrypting the file key of file is stored in the internal storage space of corresponding intelligent contract.
4. the method as described in claim 1, which is characterized in that the symmetric key encryption algorithm used is AES-256;It uses Asymmetric-key encryption algorithm is RSA-2048.
5. the method as described in claim 1, which is characterized in that memory space includes 160bits's in intelligent contract Address type be used for record the contract deployer address and 256bytes byte32 [8] type for save it is public The encrypted file key of key.
6. the method as described in claim 1, which is characterized in that require that access control language is added in each data management function Sentence only allows the deployer of intelligent contract to call these three disclosed functions.
7. method as claimed in claim 1 or 3, which is characterized in that client is initiated just no longer to monitor block chain after transaction Implementation procedure in network is only locally remaining with transaction Hash, and corresponding with filename;It then needs to access intelligence every time and close When about, all uses respective file name as index, find the Hash of corresponding transaction first, then find correspondence using transaction Hash The address of intelligent contract reuses the call by location intelligence contract of intelligent contract.
8. the credible deletion system of data on a cloud based on block chain technology, which is characterized in that system specifically includes that
Client part: the main file upload for completing client's control, deletes and deletes the function of verifying, including data at downloading Crypto module, communication module, management module and top layer realization module is locally stored in coding and decoder module;
Intelligent Contract Design realizes part: main intelligence contract internal logic of completing is arranged, including data write-in function, data are read Function, data is taken to delete the design and realization of function.
9. the credible deletion system of data on the cloud according to claim 8 based on block chain technology, which is characterized in that
The data encoding and decoder module, the JSON formatted data construction needed when for being communicated with ether mill and parsing, with And the ABI said shank construction of parameter and parsing when calling intelligent contract function;
The crypto module, for the generation of file key, the encryption of file key and decryption, the encryption of classified papers and solution It is close;
The communication module is sent for carrying out telecommunication with ether mill and being communicated with long-distance cloud storage server Response is requested and obtains, which calls data encoding and decoder module, constructs request message when sending request, is receiving sound Should after decode acquisition response results;
It is described that management module is locally stored, for managing the classified papers being locally stored and filename and the corresponding of Hash of trading The management of file;
The top layer realizes that module, the module call crypto module, ether mill communication module and management module are locally stored, use In completing, contract is disposed, file uploads, downloading, is deleted, the realization of the logical AND function of verifying.
CN201910508543.7A 2019-06-13 2019-06-13 The credible delet method of data and system on a kind of cloud based on block chain Pending CN110245117A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910508543.7A CN110245117A (en) 2019-06-13 2019-06-13 The credible delet method of data and system on a kind of cloud based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910508543.7A CN110245117A (en) 2019-06-13 2019-06-13 The credible delet method of data and system on a kind of cloud based on block chain

Publications (1)

Publication Number Publication Date
CN110245117A true CN110245117A (en) 2019-09-17

Family

ID=67886763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910508543.7A Pending CN110245117A (en) 2019-06-13 2019-06-13 The credible delet method of data and system on a kind of cloud based on block chain

Country Status (1)

Country Link
CN (1) CN110245117A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111127021A (en) * 2019-12-31 2020-05-08 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111400743A (en) * 2020-04-07 2020-07-10 百度国际科技(深圳)有限公司 Transaction processing method and device based on block chain network, electronic equipment and medium
CN111600701A (en) * 2020-04-28 2020-08-28 广州华工中云信息技术有限公司 Private key storage method and device based on block chain and storage medium
CN112187767A (en) * 2020-09-23 2021-01-05 上海万向区块链股份公司 Multi-party contract consensus system, method and medium based on block chain
CN113592639A (en) * 2021-05-21 2021-11-02 上海佩俪信息科技有限公司 Block chain transaction deletion method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109493017A (en) * 2018-11-05 2019-03-19 江苏大学 Credible outsourcing storage method based on block chain
CN109615372A (en) * 2018-11-08 2019-04-12 立旃(上海)科技有限公司 Block chain data mask method and device based on intelligent contract
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN109857724A (en) * 2019-02-12 2019-06-07 众安信息技术服务有限公司 The method and apparatus for supporting multitype database is realized based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109493017A (en) * 2018-11-05 2019-03-19 江苏大学 Credible outsourcing storage method based on block chain
CN109615372A (en) * 2018-11-08 2019-04-12 立旃(上海)科技有限公司 Block chain data mask method and device based on intelligent contract
CN109857724A (en) * 2019-02-12 2019-06-07 众安信息技术服务有限公司 The method and apparatus for supporting multitype database is realized based on block chain
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111127021A (en) * 2019-12-31 2020-05-08 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111127021B (en) * 2019-12-31 2020-10-30 蚂蚁区块链科技(上海)有限公司 Service request method and device based on block chain
CN111400743A (en) * 2020-04-07 2020-07-10 百度国际科技(深圳)有限公司 Transaction processing method and device based on block chain network, electronic equipment and medium
CN111400743B (en) * 2020-04-07 2023-08-15 百度国际科技(深圳)有限公司 Transaction processing method, device, electronic equipment and medium based on blockchain network
CN111600701A (en) * 2020-04-28 2020-08-28 广州华工中云信息技术有限公司 Private key storage method and device based on block chain and storage medium
CN111600701B (en) * 2020-04-28 2023-06-27 广州华工信元通信技术有限公司 Private key storage method, device and storage medium based on blockchain
CN112187767A (en) * 2020-09-23 2021-01-05 上海万向区块链股份公司 Multi-party contract consensus system, method and medium based on block chain
CN113592639A (en) * 2021-05-21 2021-11-02 上海佩俪信息科技有限公司 Block chain transaction deletion method and system
CN113592639B (en) * 2021-05-21 2023-10-13 上海简苏网络科技有限公司 Block chain transaction deleting method and system

Similar Documents

Publication Publication Date Title
CN111191286B (en) HyperLegger Fabric block chain private data storage and access system and method thereof
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN110245117A (en) The credible delet method of data and system on a kind of cloud based on block chain
CN105426775B (en) A kind of method and system for protecting smart mobile phone information security
CN111523133A (en) Block chain and cloud data collaborative sharing method
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
Kim et al. Puf based iot device authentication scheme
CN109274837B (en) Telephone source traceable method and device based on block chain technology
CN113420319A (en) Data privacy protection method and system based on block chain and permission contract
CN105022966A (en) Database data encryption and decryption method and system
CN109245894A (en) A kind of distributed cloud storage system based on intelligent contract
CN104484628B (en) It is a kind of that there is the multi-application smart card of encrypting and decrypting
CN114826703B (en) Block chain-based data search fine granularity access control method and system
CN110489996A (en) A kind of database data method for managing security and system
WO2022206453A1 (en) Method and apparatus for providing cross-chain private data
US11323489B1 (en) Scalable auditability of monitoring process using public ledgers
Kim et al. Client‐Side Deduplication to Enhance Security and Reduce Communication Costs
CN113609221A (en) Data storage method, data access device and storage medium
CN110442654A (en) Promise breaking information query method, device, computer equipment and storage medium
Tang Towards blockchain-enabled searchable encryption
Qin et al. A privacy-preserving blockchain-based tracing model for virus-infected people in cloud
CN105208017B (en) A kind of memorizer information acquisition methods
CN100561913C (en) A kind of method of access code equipment
CN115514470A (en) Storage method and system for community correction data security
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190917